aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-03-13hw/fmopl: Fix buffer access out-of-bounds errorsStefan Weil
Index 75 is one too large for AR_TABLE[75], DR_TABLE[75]. This error was reported by cppcheck. hw/fmopl.c:600: error: Buffer access out-of-bounds: OPL.AR_TABLE hw/fmopl.c:601: error: Buffer access out-of-bounds: OPL.DR_TABLE Fix this by limiting the access to the allowed range. MultiArcadeMachineEmulator has newer versions of fmopl, but using these requires more efforts. Cc: Blue Swirl <blauwirbel@gmail.com> Reviewed-by: malc <av1474@comtv.ru> Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-03-13moving eeprom initializationWilliam Dauchy
The initialization should not be only on reset but also when initializing the device. It resolves a bug when hot plugging a pci network device: the mac address was always null. Signed-off-by: William Dauchy <wdauchy@gmail.com> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-03-12pc: fix wrong CMOS values for floppy drivesBlue Swirl
Before commit 63ffb564dca94f8bda01ed6d209784104630a4d2, states for floppy drives were calculated in fdc.c:fd_revalidate(). There it is also considered whether a disk is inserted or not. The commit didn't copy the logic completely to pc.c, which caused a regression. Fix by adding the same check also to pc.c. Reported-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Tested-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-03-11microblaze: Add PVR for writeback cache, endiansMichal Simek
Specify PVR for writeback cache, endians and others. Signed-off-by: Michal Simek <monstr@monstr.eu> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@petalogix.com>
2011-03-11microblaze: Fix PetaLogix company nameMichal Simek
trivial fix. Signed-off-by: Michal Simek <monstr@monstr.eu> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@petalogix.com>
2011-03-11Merge remote branch 'stefanha/tracing' into stagingAnthony Liguori
2011-03-10vmstate: move timers to use test instead of versionJuan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10vmstate: be able to store/save a pci device from a pointerJuan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10vmstate: Add a way to send a partial arrayJuan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10vmstate: add VMSTATE_STRUCT_VARRAY_UINT32Juan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10vmstate: add VMSTATE_INT64_ARRAYJuan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10vmstate: add VMSTATE_STRUCT_VARRAY_INT32Juan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10vmstate: add UINT32 VARRAYSJuan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10vmstate: Fix varrays with uint8 indexesJuan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10vmstate: add VMSTATE_UINT32_EQUALJuan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10vnc: Fix stack corruption and other bitmap related bugsStefan Weil
Commit bc2429b9174ac2d3c56b7fd35884b0d89ec7fb02 introduced a severe bug (stack corruption). bitmap_clear was called with a wrong argument which caused out-of-bound writes to the local variable width_mask. This bug was detected with QEMU running on windows. It also occurs with wine: *** stack smashing detected ***: terminated wine: Unhandled illegal instruction at address 0x6115c7 (thread 0009), starting debugger... The bug is not windows specific! Instead of fixing the wrong parameter value, bitmap_clear(), bitmap_set and width_mask were removed, and bitmap_intersect() was replaced by !bitmap_empty(). The new operation is much shorter and equivalent to the old operations. The declarations of the dirty bitmaps in vnc.h were also wrong for 64 bit hosts because of a rounding effect: for these hosts, VNC_MAX_WIDTH is no longer a multiple of (16 * BITS_PER_LONG), so the rounded value of VNC_DIRTY_WORDS was too small. Fix both declarations by using the macro which is designed for this purpose. Cc: Corentin Chary <corentincj@iksaif.net> Cc: Wen Congyang <wency@cn.fujitsu.com> Cc: Gerhard Wiesinger <lists@wiesinger.com> Cc: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10hmp-commands.hx: fix badly merged client_migrate_info commandJes Sorensen
client_migrate_info was merged badly, placing it between the command and the documentation for another command. In addition it did not respect the general rule of hmp-commands.hx, of having command definition before the documentation. Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10Fix performance regression in qemu_get_ram_ptrVincent Palatin
When the commit f471a17e9d869df3c6573f7ec02c4725676d6f3a converted the ram_blocks structure to QLIST, it also removed the conditional check before switching the current block at the beginning of the list. In the common use case where ram_blocks has a few blocks with only one frequently accessed (the main RAM), this has a performance impact as it performs the useless list operations on each call (which are on a really hot path). On my machine emulation (ARM on amd64), this patch reduces the percentage of CPU time spent in qemu_get_ram_ptr from 6.3% to 2.1% in the profiling of a full boot. Signed-off-by: Vincent Palatin <vpalatin@chromium.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10xilinx-ethlite: Simplify byteswapping to/from bramsEdgar E. Iglesias
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@petalogix.com>
2011-03-10mainstone: PCMCIA supportDmitry Eremin-Solenikov
Extend mst_fpga and mainstone with logic to support PCMCIA attachment (IRQs, status regs). Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2011-03-10mainstone: use gpio 0 for connection of FPGA instead of hooking into PIC ↵Dmitry Eremin-Solenikov
directly Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2011-03-10pxa2xx_timer: Get rid of .level in PXA2xxTimer0.Andrzej Zaborowski
2011-03-10pxa2xx_pic: fixup initialisationAndrzej Zaborowski
This is based on Dmitry Eremin-Solenikov's patch but simplified.
2011-03-10pxa2xx_timer: separate irq for pxa27x handlingDmitry Eremin-Solenikov
First, sysbus_init_irq shan't be called on on-stack variables. Indeed, it only stores a passed pointer in qdev and the stored irq is later populated, so we get a nice write-to-stack bug. Second, irq for pxa27x should probably be handled in a more gentler way, as we should check if we have events to raise this irq. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2011-03-07trace: Trace posix-aio-compat.c completion and cancellationStefan Hajnoczi
This patch adds paio_complete() and paio_cancel() trace events to complement the paio_submit() event. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-03-07trace: Trace bdrv_aio_flush()Stefan Hajnoczi
Add a trace event for bdrv_aio_flush() to complement the existing bdrv_aio_readv() and bdrv_aio_writev() events. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-03-07simpletrace: Thread-safe tracingStefan Hajnoczi
Trace events outside the global mutex cannot be used with the simple trace backend since it is not thread-safe. There is no check to prevent them being enabled so people sometimes learn this the hard way. This patch restructures the simple trace backend with a ring buffer suitable for multiple concurrent writers. A writeout thread empties the trace buffer when threshold fill levels are reached. Should the writeout thread be unable to keep up with trace generation, records will simply be dropped. Each time events are dropped a special record is written to the trace file indicating how many events were dropped. The event ID is 0xfffffffffffffffe and its signature is dropped(uint32_t count). Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-03-07MAINTAINERS: add LatticeMico32 maintainerMichael Walle
Add me as the lm32-target and machines maintainer. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07Add lm32 target to configureMichael Walle
Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: opcode testsuiteMichael Walle
This patch creates tests/lm32 directory and adds tests for every LatticeMico32 opcode. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: todo and documentationMichael Walle
This patch adds general target documentation and a todo list. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: EVR32 and uclinux BSPMichael Walle
This patch adds support for the following two BSPs: - LM32 EVR32 BSP (as used by RTEMS) - uclinux BSP by Theobroma Systems Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: support for creating device treeMichael Walle
This patch adds helper functions to create a ROM, which contains a hardware description of a board. This is used in Theobromas LM32 Linux port. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: system control modelMichael Walle
This patch add support for a system control block. It is supposed to act as helper for the emulated program. E.g. shutting down the VM or printing test results. This model is intended for testing purposes only and doesn't fit to any real hardware. Therefore, it is not added to any board by default. Instead a user has to add it explicitly with the '-device' commandline parameter. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: uart modelMichael Walle
This patch add support for the LatticeMico32 UART. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: timer modelMichael Walle
This patch adds support for the LatticeMico32 system timer. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: pic and juart helper functionsMichael Walle
This patch adds init functions for the PIC and JTAG UART commonly used in the board initialization. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: juart modelMichael Walle
This patch adds the JTAG UART model. It is accessed through special control registers and opcodes. Therefore the translation uses callbacks to this model. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: interrupt controller modelMichael Walle
This patch adds the interrupt controller of the lm32. Because the PIC is accessed through special control registers and opcodes, there are callbacks from the lm32 translation code to this model. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: gdbstub supportMichael Walle
This patch adds lm32 support to the gdbstub. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: machine state loading/savingMichael Walle
This patch adds support for saving and loading the processor state. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: translation code helperMichael Walle
This patch adds translation helper functions. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07lm32: translation routinesMichael Walle
This patch adds the main translation routine. All opcodes of the LatticeMico32 processor are supported and translated to TCG ops. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07LatticeMico32 target supportMichael Walle
This patch adds support for the LatticeMico32 softcore processor by Lattice Semiconductor. Signed-off-by: Michael Walle <michael@walle.cc> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-03-07target-arm: Implement a minimal set of cp14 debug registersPeter Maydell
Newer ARM kernels try to probe for whether the CPU has hardware breakpoint support. For this to work QEMU has to implement a minimal set of the cp14 debug registers. The architecture requires v7 cores to implement debug and so there is no defined way to report its absence; however in practice returning a zero DBGDIDR (ie with a reserved value for "debug architecture version") should cause well-written hw debug users to do the right thing. We also implement DBGDRAR and DBGDSAR as RAZ, indicating no memory mapped debug components. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-03-07target-arm: Use TCG temporary leak debugging facilitiesPeter Maydell
Use the new TCG temporary leak debugging facilities to check that each ARM instruction does not leak temporaries. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-03-07target-arm: Remove ad-hoc leak checking codePeter Maydell
This commit removes the ad-hoc resource leak checking code from target-arm. This includes replacing all uses of new_tmp() with tcg_temp_new_i32() and all uses of dead_tmp() with tcg_temp_free_i32(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-03-07tcg: Add support for debugging leakage of temporariesPeter Maydell
Add support (if CONFIG_DEBUG_TCG is defined) for debugging leakage of temporary variables. Generally any temporaries created by a target while it is translating an instruction should be freed by the end of that instruction; otherwise carefully crafted guest code could cause TCG to run out of temporaries and assert. By calling tcg_check_temp_count() after each instruction we can check that we are not leaking temporaries in this way. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-03-06target-arm: Integrate secondary CPU reset in arm_bootAdam Lackorzynski
Integrate secondary CPU reset into arm_boot, removing it from realview.c. On non-Linux systems secondary CPUs start with the same entry as the boot CPU. Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-03-06target-arm: Implement cp15 VA->PA translationAdam Lackorzynski
Implement VA->PA translations by cp15-c7 that went through unchanged previously. Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>