aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-10-24tests: ptimer: Add tests for "no counter round down" policyDmitry Osipenko
PTIMER_POLICY_NO_COUNTER_ROUND_DOWN makes ptimer_get_count() return the actual counter value and not the one less. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: 0082889309b3dc66c03c8de00b8c1ef40c1e3955.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/ptimer: Add "no counter round down" policyDmitry Osipenko
For most of the timers counter starts to decrement after first period expires. Due to rounding down performed by the ptimer_get_count, it returns counter - 1 for the running timer, so that for the ptimer user it looks like counter gets decremented immediately after running the timer. Add "no counter round down" policy that provides correct behaviour for those timers. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: ef39622d0ebfdc32a0877e59ffdf6910dc3db688.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24tests: ptimer: Add tests for "no immediate reload" policyDmitry Osipenko
PTIMER_POLICY_NO_IMMEDIATE_RELOAD makes ptimer to not to re-load counter on setting counter value to "0" or starting to run with "0". Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: a7acf805e447cc7f637ecacbd45cca34ea3bf425.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/ptimer: Add "no immediate reload" policyDmitry Osipenko
Immediate counter re-load on setting (or on starting to run with) counter = 0 is a wrong behaviour for some of the timers. Add "no immediate reload" policy that provides correct behaviour for such timers. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: bf9385cd2550ca451d564fa46007688cee3f3d9d.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24tests: ptimer: Add tests for "no immediate trigger" policyDmitry Osipenko
PTIMER_POLICY_NO_IMMEDIATE_TRIGGER makes ptimer to not to trigger on starting to run with / setting counter to "0". Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: 12b1e745f90fe2ca3d59197166bc3d379260f912.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/ptimer: Add "no immediate trigger" policyDmitry Osipenko
Performing trigger on setting (or starting to run with) counter = 0 could be a wrong behaviour for some of the timers, provide "no immediate trigger" policy to maintain correct behaviour for such timers. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: 72c0319cf2ec599f22397b7da280c06c34dc40dd.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24tests: ptimer: Add tests for "continuous trigger" policyDmitry Osipenko
PTIMER_POLICY_CONTINUOUS_TRIGGER makes periodic ptimer to re-trigger every period in case of load = delta = 0. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: 7a908ab38b902d521eb959941f9efe2df8ce4297.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/ptimer: Add "continuous trigger" policyDmitry Osipenko
Currently, periodic timer that has load = delta = 0 performs trigger on timer reload and stops, printing a "period zero" error message. Introduce new policy that makes periodic timer to continuously trigger with a period interval in case of load = 0. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: 632b23dd11055d9bd5e338d66b38fac0bd51462e.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24tests: ptimer: Add tests for "wraparound after one period" policyDmitry Osipenko
PTIMER_POLICY_WRAP_AFTER_ONE_PERIOD changes ptimer behaviour in a such way, that it would wrap around after one period instead of doing it immediately. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: ce27bb84ed9f2b64300dd4e90f3eff235a7dcedf.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/ptimer: Add "wraparound after one period" policyDmitry Osipenko
Currently, periodic counter wraps around immediately once counter reaches "0", this is wrong behaviour for some of the timers, resulting in one period being lost. Add new ptimer policy that provides correct behaviour for such timers, so that counter stays with "0" for a one period before wrapping around. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: f22a670cf1f4be298b31640cb5f4be1df0f20ab6.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/arm/virt: Set minimum_page_bits to 12Peter Maydell
Since the virt board model will never create a CPU which is pre-ARMv7, we know that our minimum page size is 4K and can set minimum_page_bits accordingly, for improved performance. Note that this is a migration compatibility break, so we introduce it only for the virt-2.8 machine and onward; virt-2.7 continues using the old 1K pages. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-10-24target-arm: Make page size a runtime settingPeter Maydell
Rather than defining TARGET_PAGE_BITS to always be 10, switch to using a value picked at runtime. This allows us to use 4K pages for modern ARM CPUs (and in particular all 64-bit CPUs) without having to drop support for the old ARMv5 CPUs which had 1K pages. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-10-24migration/savevm.c: migrate non-default page sizePeter Maydell
Add a subsection to vmstate_configuration which is present only if the guest is using a target page size which is different from the default. This allows us to helpfully diagnose attempts to migrate between machines which are using different target page sizes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-10-24cpu: Support a target CPU having a variable page sizePeter Maydell
Support target CPUs having a page size which isn't knownn at compile time. To use this, the CPU implementation should: * define TARGET_PAGE_BITS_VARY * not define TARGET_PAGE_BITS * define TARGET_PAGE_BITS_MIN to the smallest value it might possibly want for TARGET_PAGE_BITS * call set_preferred_target_page_bits() in its realize function to indicate the actual preferred target page size for the CPU (and report any error from it) In CONFIG_USER_ONLY, the CPU implementation should continue to define TARGET_PAGE_BITS appropriately for the guest OS page size. Machines which want to take advantage of having the page size something larger than TARGET_PAGE_BITS_MIN must set the MachineClass minimum_page_bits field to a value which they guarantee will be no greater than the preferred page size for any CPU they create. Note that changing the target page size by setting minimum_page_bits is a migration compatibility break for that machine. For debugging purposes, attempts to use TARGET_PAGE_SIZE before it has been finally confirmed will assert. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-10-24translate-all.c: Compute L1 page table properties at runtimeVijaya Kumar K
Remove L1 page mapping table properties computing statically using macros which is dependent on TARGET_PAGE_BITS. Drop macros V_L1_SIZE, V_L1_SHIFT, V_L1_BITS macros and replace with variables which are computed at early stage of VM boot. Removing dependency can help to make TARGET_PAGE_BITS dynamic. Signed-off-by: Vijaya Kumar K <vijayak@cavium.com> Message-id: 1465808915-4887-4-git-send-email-vijayak@caviumnetworks.com [PMM: assert(v_l1_shift % V_L2_BITS == 0) cache v_l2_levels initialize from page_init() rather than vl.c minor code style fixes put v_l1_size into a local where used as a loop limit] Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24exec.c: Remove static allocation of sub_section of sub_pageVijaya Kumar K
Allocate sub_section dynamically. Remove dependency on TARGET_PAGE_SIZE to make run-time page size detection for arm platforms. Signed-off-by: Vijaya Kumar K <vijayak@cavium.com> Message-id: 1465808915-4887-3-git-send-email-vijayak@caviumnetworks.com [PMM: use flexible array member rather than separate malloc so we don't need an extra pointer deref when using it] Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24migration: Remove static allocation of xzblre cache bufferVijaya Kumar K
Allocate xzblre zero page cache buffer dynamically. Remove dependency on TARGET_PAGE_SIZE to make run-time page size detection for arm platforms. Signed-off-by: Vijaya Kumar K <vijayak@cavium.com> Message-id: 1465808915-4887-2-git-send-email-vijayak@caviumnetworks.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* KVM run_on_cpu fix (Alex) * atomic usage fixes (Emilio, me) * hugetlbfs alignment fix (Haozhong) * CharBackend refactoring (Marc-André) * test-i386 fixes (me) * MemoryListener optimizations (me) * Miscellaneous bugfixes (me) * iSER support (Roy) * --version formatting (Thomas) # gpg: Signature made Mon 24 Oct 2016 14:46:19 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (50 commits) exec.c: workaround regression caused by alignment change in d2f39ad char: remove explicit_be_open from CharDriverState char: use common error path in qmp_chardev_add char: replace avail_connections char: remove unused qemu_chr_fe_event char: use an enum for CHR_EVENT char: remove unused CHR_EVENT_FOCUS char: move fe_open in CharBackend char: remove explicit_fe_open, use a set_handlers argument char: rename chr_close/chr_free char: move front end handlers in CharBackend tests: start chardev unit tests char: make some qemu_chr_fe skip if no driver char: replace qemu_chr_claim/release with qemu_chr_fe_init/deinit vhost-user: only initialize queue 0 CharBackend char: fold qemu_chr_set_handlers in qemu_chr_fe_set_handlers char: use qemu_chr_fe* functions with CharBackend argument colo: claim in find_and_check_chardev char: rename some frontend functions char: remaining switch to CharBackend in frontend ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24exec.c: workaround regression caused by alignment change in d2f39adHaozhong Zhang
Commit d2f39ad "exec.c: Ensure right alignment also for file backed ram" added an additional alignment requirement on the size of backend file besides the previous page size. On x86, the alignment is changed from 4KB in QEMU 2.6 to 2MB in QEMU 2.7. This change breaks certain usages in QEMU 2.7 on x86, e.g. -object memory-backend-file,id=mem1,mem-path=/tmp/,size=$SZ -device pc-dimm,id=dimm1,memdev=mem1 where $SZ is multiple of 4KB but not 2MB (e.g. 1023M). QEMU 2.7 reports the following error message and aborts: qemu-system-x86_64: -device pc-dimm,memdev=mem1,id=nv1: backend memory size must be multiple of 0x200000 The same regression may also happen in other platforms as indicated by Igor Mammedov. This change is however necessary for s390 according to the commit message of d2f39ad, so we workaround the regression by taking the change only on s390. Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com> Reported-by: "Xu, Anthony" <anthony.xu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove explicit_be_open from CharDriverStateMarc-André Lureau
It's only used in qmp_chardev_add(), so use a create() argument instead. Also switched to typedef functions for CharDriverParse/CharDriverCreate. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-7-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: use common error path in qmp_chardev_addMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-6-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: replace avail_connectionsMarc-André Lureau
No need to count the users of a CharDriverState, it can rely on the fact of whether there is a CharBackend associated or if there is enough space in the muxer. Simplify and fold chr_mux_new_fe() in qemu_chr_fe_init() since there is a single user now. Also switch from fprintf to raising error instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-5-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove unused qemu_chr_fe_eventMarc-André Lureau
I introduced this function in d61b0c9a2f7f, but it isn't used. Furthermore, it was incomplete, as it would need to translate QEMU chr events to Spice port events. (presumably it was used in the follow-up NBD-spice series that was not completed: http://lists.gnu.org/archive/html/qemu-devel/2013-11/msg02024.html) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-4-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: use an enum for CHR_EVENTMarc-André Lureau
This may help to catch unhandled cases, and avoid having to maintain numbering. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-3-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove unused CHR_EVENT_FOCUSMarc-André Lureau
Usage has long been removed, since commit f220174de8d9. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-2-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: move fe_open in CharBackendMarc-André Lureau
The fe_open state belongs to front end. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-1-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove explicit_fe_open, use a set_handlers argumentMarc-André Lureau
No need to keep explicit_fe_open around if it affects only a qemu_chr_fe_set_handlers(). Use an additional argument instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-24-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: rename chr_close/chr_freeMarc-André Lureau
The function is used to free the backend opaque pointer, let's name it accordingly. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-23-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: move front end handlers in CharBackendMarc-André Lureau
Since the hanlders are associated with a CharBackend, rather than the CharDriverState, it is more appropriate to store in CharBackend. This avoids the handler copy dance in qemu_chr_fe_set_handlers() then mux_chr_update_read_handler(), by storing the CharBackend pointer directly. Also a mux CharDriver should go through mux->backends[focused], since chr->be will stay NULL. Before that, it was possible to call chr->handler by mistake with surprising results, for ex through qemu_chr_be_can_write(), which would result in calling the last set handler front end, not the one with focus. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-22-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24tests: start chardev unit testsMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-21-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: make some qemu_chr_fe skip if no driverMarc-André Lureau
In most cases, front ends do not care about the side effect of CharBackend, so we can simply skip the checks and call the qemu_chr_fe functions even without associated CharDriver. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-20-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: replace qemu_chr_claim/release with qemu_chr_fe_init/deinitMarc-André Lureau
Now that all front end use qemu_chr_fe_init(), we can move chardev claiming in init(), and add a function deinit() to release the chardev and cleanup handlers. The qemu_chr_fe_claim_no_fail() for property are gone, since the property will raise an error instead. In other cases, where there is already an error path, an error is raised instead. Finally, other cases are handled by &error_abort in qemu_chr_fe_init(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-19-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24vhost-user: only initialize queue 0 CharBackendMarc-André Lureau
All the queues share the same chardev. Initialize only the first queue CharBackend, and pass it to other queues. This will allow to claim the chardev only once in a later change. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-18-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: fold qemu_chr_set_handlers in qemu_chr_fe_set_handlersMarc-André Lureau
qemu_chr_add_handlers*() have been removed in previous change, so the common qemu_chr_set_handlers() is no longer needed. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-17-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: use qemu_chr_fe* functions with CharBackend argumentMarc-André Lureau
This also switches from qemu_chr_add_handlers() to qemu_chr_fe_set_handlers(). Note that qemu_chr_fe_set_handlers() now takes the focus when fe_open (qemu_chr_add_handlers() did take the focus) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-16-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24colo: claim in find_and_check_chardevMarc-André Lureau
This factors out claiming of chardev, and changes the call to non-fatal to return an error like the rest of the chardev checks. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-15-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: rename some frontend functionsMarc-André Lureau
qemu_chr_accept_input() and qemu_chr_disconnect() are only used by frontend, so use qemu_chr_fe prefix. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-14-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remaining switch to CharBackend in frontendMarc-André Lureau
Similar to previous change, for the remaining CharDriverState front ends users. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-13-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: replace PROP_CHR with CharBackendMarc-André Lureau
Store the property in a CharBackend instead of CharDriverState*. This also replace systematically chr by chr.chr to access the CharDriverState*. The following patches will replace it with calls to qemu_chr_fe CharBackend functions. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-12-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: start converting mux driver to use CharBackendMarc-André Lureau
Start using qemu_chr_fe* CharBackend functions: initialize a CharBackend and use qemu_chr_fe_set_handlers(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-11-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: introduce CharBackendMarc-André Lureau
This new structure is meant to keep the details associated with a char driver usage. On initialization, it gets a tag from the mux backend. It can change its handlers thanks to qemu_chr_fe_set_handlers(). This structure is introduced so that all frontend will be moved to hold and use a CharBackend. This will allow to better track char usage and allocation, and help prevent some memory leaks or corruption. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-10-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24mux: split mux_chr_update_read_handler()Marc-André Lureau
Make qemu_chr_add_handlers_full() aware of mux handling. This allows introduction of a tag associated with the fe handlers and a qemu_chr_set_handlers() function to set the handler for a particular tag. That will allow to get rid of qemu_chr_add_handlers*() in later changes, in favor of qemu_chr_fe_set_handler(). To this end, chr_update_read_handler callback is enhanced with a tag argument, and mux_chr_update_read_handler() is splitted in new functions: mux_chr_new_handler_tag(), mux_chr_set_handlers(), mux_set_focus(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-9-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24xilinx: fix buffer overflow on realizePaolo Bonzini
ASAN complains about buffer overflow when running: aarch64-softmmu/qemu-system-aarch64 -machine xilinx-zynq-a9 ==476==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000035e38 at pc 0x000000f75253 bp 0x7ffc597e0ec0 sp 0x7ffc597e0eb0 READ of size 8 at 0x602000035e38 thread T0 #0 0xf75252 in xilinx_spips_realize hw/ssi/xilinx_spips.c:623 #1 0xb9ef6c in device_set_realized hw/core/qdev.c:918 #2 0x129ae01 in property_set_bool qom/object.c:1854 #3 0x1296e70 in object_property_set qom/object.c:1088 #4 0x129dd1b in object_property_set_qobject qom/qom-qobject.c:27 #5 0x1297168 in object_property_set_bool qom/object.c:1157 #6 0xb9aeac in qdev_init_nofail hw/core/qdev.c:358 #7 0x78a5bf in zynq_init_spi_flashes /home/elmarco/src/qemu/hw/arm/xilinx_zynq.c:125 #8 0x78af60 in zynq_init /home/elmarco/src/qemu/hw/arm/xilinx_zynq.c:238 #9 0x998eac in main /home/elmarco/src/qemu/vl.c:4534 #10 0x7f96ed692730 in __libc_start_main (/lib64/libc.so.6+0x20730) #11 0x41d0a8 in _start (/home/elmarco/src/qemu/aarch64-softmmu/qemu-system-aarch64+0x41d0a8) 0x602000035e38 is located 0 bytes to the right of 8-byte region [0x602000035e30,0x602000035e38) allocated by thread T0 here: #0 0x7f970b014e60 in malloc (/lib64/libasan.so.3+0xc6e60) #1 0x7f96f15b0e18 in g_malloc (/lib64/libglib-2.0.so.0+0x4ee18) #2 0xb9ef6c in device_set_realized hw/core/qdev.c:918 #3 0x129ae01 in property_set_bool qom/object.c:1854 #4 0x1296e70 in object_property_set qom/object.c:1088 #5 0x129dd1b in object_property_set_qobject qom/qom-qobject.c:27 #6 0x1297168 in object_property_set_bool qom/object.c:1157 #7 0xb9aeac in qdev_init_nofail hw/core/qdev.c:358 #8 0x78a5bf in zynq_init_spi_flashes /home/elmarco/src/qemu/hw/arm/xilinx_zynq.c:125 #9 0x78af60 in zynq_init /home/elmarco/src/qemu/hw/arm/xilinx_zynq.c:238 #10 0x998eac in main /home/elmarco/src/qemu/vl.c:4534 #11 0x7f96ed692730 in __libc_start_main (/lib64/libc.so.6+0x20730) s->spi is allocated with the size of num_busses which may be 1 (by default). Change to use a loop up to s->num_busses also for the call to ssi_auto_connect_slaves(). Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove init callbackMarc-André Lureau
The CharDriverState.init() callback is no longer set since commit a61ae7f88ce and thus unused. The only user, the malta FGPA display has been converted to use an event "opened" callback instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-7-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24malta: replace chr init by CHR_EVENT_OPENED handlerMarc-André Lureau
The CharDriverState.init() callback was introduced in commit ceecf1d158. It is only called from text_console_do_init(), but it is no longer set since commit a61ae7f88 (init assignment has been removed by accident). It seems correct to use an event callback instead and print the console text on CHR_EVENT_OPENED. That way we can remove the single user of CharDriverState init(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-6-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24sun4uv: fix serial initialization regressionMarc-André Lureau
Since commit b6607a1a204d, serial_hds_isa_init() was introduced to factor out serial_isa_init() loops. However, sun4uv shouldn't start from 0 when there is a mm serial on 0 already. Add a "from" argument to serial_hds_isa_init(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-5-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24ringbuf: fix chr_write return valueMarc-André Lureau
It should return the number of written bytes. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-4-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove use-after-free on win-stdioMarc-André Lureau
Found by reviewing the code, win_stdio_close() is called by qemu_chr_free() which then call qemu_chr_free_common() taking care of freeing CharDriverState*. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-3-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24rng: remove unused included headerMarc-André Lureau
DEFINE_PROP_CHR is not used (rng is not of TYPE_DEVICE) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-2-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char.h: misc doc fixMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161011152012.3228-1-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>