aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-06-09target-arm: A64: Implement CRC instructionsPeter Maydell
Implement the optional A64 CRC instructions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401458125-27977-6-git-send-email-peter.maydell@linaro.org
2014-06-09target-arm: VFPv4 implies half-precision extensionPeter Maydell
VFPv4 implies the presence of the half-precision floating point extension (which is optional in VFPv3). Add this implied rule to arm_cpu_realizefn() and remove some no-longer-needed explicit setting of the bit in initfns. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401458125-27977-5-git-send-email-peter.maydell@linaro.org
2014-06-09target-arm: Clean up handling of ARMv8 optional feature bitsPeter Maydell
CRC and crypto are both optional v8 extensions, so FEATURE_V8 should not imply them. Instead we should set these bits in the initfns for the 32-bit and 64-bit "cpu any" and for the Cortex-A57. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401458125-27977-4-git-send-email-peter.maydell@linaro.org
2014-06-09target-arm: Remove unnecessary setting of feature bitsPeter Maydell
FEATURE_V8 implies both FEATURE_V7MP and FEATURE_ARM_DIV, so we don't need to set them explicitly in initfns which set the V8 feature bit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401458125-27977-3-git-send-email-peter.maydell@linaro.org
2014-06-09target-arm: arm_any_initfn() should never set ARM_FEATURE_AARCH64Peter Maydell
The arm_any_initfn() is used only for the 32-bit linux-user "cpu any", so it only gets called in builds where TARGET_AARCH64 is not defined. Remove the unreachable line which sets ARM_FEATURE_AARCH64. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401458125-27977-2-git-send-email-peter.maydell@linaro.org
2014-06-09target-arm: A64: Use PMULL feature bit for PMULLPeter Maydell
Now that we have a separate ARM_FEATURE_V8_PMULL bit, use it for the A64 PMULL, not the AES feature bit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-09target-arm: add support for v8 VMULL.P64 instructionPeter Maydell
Add support for the VMULL.P64 polynomial 64x64 to 128 bit multiplication instruction in the A32/T32 instruction sets; this is part of the v8 Crypto Extensions. To do this we have to move the neon_pmull_64_{lo,hi} helpers from helper-a64.c into neon_helper.c so they can be used by the AArch32 translator. Inspired-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401386724-26529-4-git-send-email-peter.maydell@linaro.org
2014-06-09target-arm: Allow 3reg_wide undefreq to encode more bad size optionsPeter Maydell
The current undefreq field in the neon_3reg_wide handling allows us to encode "UNDEF if size != 0" and "UNDEF if size == 0". This is no longer sufficient with the advent of 64-bit polynomial VMULL, which means we want to UNDEF if size == 1. Change the undefreq encoding to use separate bits for all of "UNDEF if size == 0", "UNDEF if size == 1" and "UNDEF if size == 2". Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401386724-26529-3-git-send-email-peter.maydell@linaro.org
2014-06-09target-arm: add support for v8 SHA1 and SHA256 instructionsArd Biesheuvel
This adds support for the SHA1 and SHA256 instructions that are available on some v8 implementations of Aarch32. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1401386724-26529-2-git-send-email-peter.maydell@linaro.org [PMM: * rebase * fix bad indent * add a missing UNDEF check for Q!=1 in the 3-reg SHA1/SHA256 case * use g_assert_not_reached() * don't re-extract bit 6 for the 2-reg-misc encodings * set the ELF HWCAP2 bits for the new features ] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-09target-arm: Correct handling of UXN bit in ARMv8 LPAE page tablesIan Campbell
In v8 page tables bit 54 in the PTE is UXN in the EL0/EL1 translation regimes and XN elsewhere. In v7 the bit is always XN. Since we only emulate EL0/EL1 we can just treat this bit as UXN whenever we are in v8 mode. Also correctly extract the upper attributes from the PTE entry, the v8 version tried to avoid extracting the CONTIG bit and ended up with the upper bits being off-by-one. Instead behave the same as v7 and extract (but ignore) the CONTIG bit. This fixes "Bad mode in Synchronous Abort handler detected, code 0x8400000f" seen when modprobing modules under Linux. Signed-off-by: Ian Campbell <ijc@hellion.org.uk> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Claudio Fontana <claudio.fontana@huawei.com> Cc: Rob Herring <robherring2@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-09target-arm: Prepare cpreg writefns/readfns for EL3/SecExtFabian Aggeler
This patch changes some readfns/writefns to use raw_write and raw_read functions, which use the fieldoffset specified in ARMCPRegInfo instead of directly accessing the field. This will simplify patches for EL3 & Security Extensions. Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Message-id: 1401962428-14749-1-git-send-email-aggelerf@ethz.ch Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-09target-arm/cpu64.c: Actually register Cortex-A57 impdef registersPeter Maydell
cpu64.c contains a reginfo list for the impdef registers on the Cortex-A57; however we forgot to actually call define_arm_cp_regs(), so it was sitting there doing nothing. Remedy this omission. Message-id: 1401226259-23121-1-git-send-email-peter.maydell@linaro.org Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Tested-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-09vexpress: Add support for the -bios flag to provide firmwareGrant Likely
Right now to run firmware inside the QEMU VExpress model requires padding out the firmware image to the size of the virtual flash and passing it in via the -pflash argument. If the firmware image is passed without padding, then QEMU will fail. Also, when passed as a -pflash argument, QEMU treats the file as persistent storage and will modify the file. The -bios flag provides the semantics that we want for providing a firmware image. This patch maps the contents of the -bios file into the address space at the boot flash location. Tested with the vexpress-a15 model and the Tianocore port. Signed-off-by: Grant Likely <grant.likely@linaro.org> Tested-by: Roy Franz <roy.franz@linaro.org> [PMM: folded long line, removed stray \n from error message, use correct variable for printing image name, exit(1) rather than 0] Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-09Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into ↵Peter Maydell
staging Net patches # gpg: Signature made Mon 09 Jun 2014 14:41:34 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/net-pull-request: e1000: remove broken support for 82573L tests: e1000: test additional device IDs e1000: allow command-line selection of card model vmxnet3: fix msix vectors unuse net: xilinx_ethlite: Fix Rx-pong interrupt Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-09e1000: remove broken support for 82573LGabriel L. Somlo
Currently, e1000 support is based on the manual for the 8254xx model series. 82573x models are documented in a separate manual (see http://www.intel.com/content/dam/www/public/us/en/documents/manuals/pcie-gbe-controllers-open-source-manual.pdf) and the 82573L device ID no longer works correctly on either Linux (3.14.*) or Windows 7. This patch removes stale code claiming to support 82573L, cleaning up the code base for the remaining 8254xx model series. Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-09tests: e1000: test additional device IDsGabriel L. Somlo
Update e1000-test.c to check all currently supported devices. Suggested-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-09e1000: allow command-line selection of card modelGabriel L. Somlo
Allow selection of different card models from the qemu command line, to better accomodate a wider range of guests. Signed-off-by: Romain Dolbeau <romain@dolbeau.org> Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-09vmxnet3: fix msix vectors unuseJiri Pirko
In vmxnet3_cleanup_msix(), there is called msix_vector_unuse() with VMXNET3_MAX_INTRS. That is not correct since vector of value VMXNET3_MAX_INTRS was never used. Also all the used vectors are not un-used. So call vmxnet3_unuse_msix_vectors() instead which does the correct job. Signed-off-by: Jiri Pirko <jiri@resnulli.us> Acked-by: Dmitry Fleytman <dmitry@daynix.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-09net: xilinx_ethlite: Fix Rx-pong interruptPeter Crosthwaite
There is no CTRL_I bit in the pong buffer control register. The CTRL_I bit from the ping buffer masks both ping and pong buffers. Fix. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-09Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging Block pull request # gpg: Signature made Fri 06 Jun 2014 17:08:50 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: (42 commits) qapi: Extract qapi/block.json definitions qapi: Extract qapi/block-core.json definitions qapi: create two block related json modules qapi: Extract qapi/common.json definitions sheepdog: reload only header in a case of live snapshot sheepdog: fix vdi object update after live snapshot rbd: Fix leaks in rbd_start_aio() error path qemu-img: Document check exit codes block: fix wrong order in live block migration setup blockdev: acquire AioContext in block_set_io_throttle throttle: add detach/attach test case throttle: add throttle_detach/attach_aio_context() dataplane: Support VIRTIO_BLK_T_SCSI_CMD virtio-blk: Factor out virtio_blk_handle_scsi_req from virtio_blk_handle_scsi virtio-blk: Allow config-wce in dataplane block: Move declaration of bdrv_get_aio_context to block.h raw-posix: drop raw_get_aio_fd() since it is no longer used dataplane: implement async flush dataplane: delete IOQueue since it is no longer used dataplane: use the QEMU block layer for I/O ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-09slirp/arp: do not special-case bogus IP addressesSamuel Thibault
Do not special-case addresses with zero host part, as we do not necessarily know how big it is, and the guest can fake them anyway. Silently avoid having 0.0.0.0 as a destination, however. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> [Edgar: Minor change to subject] Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-06-09target-cris/translate.c: Remove _t_gen_mov_TN_env and _t_gen_mov_env_TNPeter Maydell
The wrapper functions _t_gen_mov_TN_env and _t_gen_mov_env_TN are only used via their accompanying non-underscore macros. The check they add on offset is thus pointless, since the compiler will complain if the struct field passed to the macro is not part of the struct. Remove the functions and make the macros directly expand to the appropriate tcg_gen_{ld,st}_tl calls. This conveniently avoids a warning due to _t_gen_mov_TN_env() being unused. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2014-06-09target-cris/translate.c: Remove t_gen_mov_TN_reg and t_gen_mov_reg_TNPeter Maydell
Remove the t_gen_mov_TN_reg and t_gen_mov_reg_TN wrappers: the latter is completely unused, and the former only used in a few places (which are thus inconsistent with the rest of the decoder which directly accesses cpu_R[]). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2014-06-09intc: xilinx_uartlite: Convert SBD::init -> instance_initPeter Crosthwaite
SysBusDevice::init is depracated. Convert to Object::init as prescribed by QOM conventions. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2014-06-09char: xilinx_uartlite: Convert to realize()Peter Crosthwaite
SysBusDevice::init is depracated. Convert to Object::init and Device::realize as prescribed by QOM conventions. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2014-06-09char: xilinx_uartlite: Don't reset from initPeter Crosthwaite
This refresh of the device state is intended to be a reset side effect. Move it to a proper reset handler rather than do it at init time. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2014-06-09net: xilinx_ethlite: Convert to realize()Peter Crosthwaite
SysBusDevice::init is depracated. Convert to Object::init and Device::realize as prescribed by QOM conventions. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2014-06-09net: xilinx_ethlite: Don't reset from initPeter Crosthwaite
This zeroing-out of the rxbuf variable (ping pong state) is a reset side effect. Extract into a proper reset. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2014-06-09timer: xilinx_timer: Convert to realize()Peter Crosthwaite
SysBusDevice::init is depracated. Convert to Object::init and Device::realize as prescribed by QOM conventions. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2014-06-06qapi: Extract qapi/block.json definitionsBenoît Canet
Signed-off-by: Benoit Canet <benoit@irqsave.net> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-06qapi: Extract qapi/block-core.json definitionsBenoît Canet
Signed-off-by: Benoit Canet <benoit@irqsave.net Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-06qapi: create two block related json modulesBenoît Canet
qapi/block-core.json contains block definitions unrelated to emulation. qapi/block.json is a superset of the previous and contains definitions related to emulation. The purpose of these extractions is to be able to hook qapi/block-core.json generated code on qemu-nbd. Signed-off-by: Benoit Canet <benoit@irqsave.net> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-06qapi: Extract qapi/common.json definitionsBenoît Canet
Signed-off-by: Benoit Canet <benoit@irqsave.net> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-06sheepdog: reload only header in a case of live snapshotHitoshi Mitake
sheepdog driver doesn't need to read data_vdi_id[] when a live snapshot is created. Cc: Kevin Wolf <kwolf@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Cc: Liu Yuan <namei.unix@gmail.com> Cc: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp> Signed-off-by: Hitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-06sheepdog: fix vdi object update after live snapshotHitoshi Mitake
sheepdog driver should decide a write request is COW or not based on inode object which is active when the write request is issued. Example of wrong inode update path in the previous driver: 1. drier issues an ordinal write request to an existing object 2. user creates a snapshot of the VDI before the write request is completed 3. the respones for the request is RDONLY, because the VDI is already a snapshot 4. the driver reload an inode object of the new active VDI, then issues a write request again 5. the second write request can be completed 6. driver decide the request is COW or not with the below conditional branch: if (s->inode.data_vdi_id[idx] != s->inode.vdi_id) { 7. the ID of the written object and VID of the new active VDI is different, so the driver updates data_vdi_id[idx] and writes inode object 8. the existing object cannot be seen by the new active VDI, it results object leaking Cc: Kevin Wolf <kwolf@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Cc: Liu Yuan <namei.unix@gmail.com> Cc: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp> Signed-off-by: Hitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-06rbd: Fix leaks in rbd_start_aio() error pathKevin Wolf
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Reviewed-by: Josh Durgin <josh.durgin@inktank.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-05Merge remote-tracking branch 'remotes/mcayland/qemu-sparc' into stagingPeter Maydell
* remotes/mcayland/qemu-sparc: apb: implement IOMMU translation for PCI host bridge apb: handle reading/writing of IOMMU control registers apb: fix IOMMU register sizes apb: Move IOMMU registers into a separate IOMMUState struct tcx: move initialisation from realizefn to initfn tcx: move initialisation from SysBusDevice class to TCX class realizefn cg3: add extra check to prevent CG3 register array overflow cg3: move initialisation from realizefn to initfn Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05Merge remote-tracking branch 'remotes/mdroth/qga-pull-2014-06-05' into stagingPeter Maydell
* remotes/mdroth/qga-pull-2014-06-05: qga: Fix handle fd leak in acquire_privilege() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc,pci,virtio,qdev fixes, tests new tests for SMBIOS SMBIOS fixes pc, pci fixes qdev patches stayed on list for a month with no review, as I told people on KVM forum I'm merging stuch patches if they look fine. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> * remotes/mst/tags/for_upstream: qdev: Add test of qdev_prop_check_global qdev: Display warning about unused -global tests: add smbios testing tests: rename acpi-test to bios-tables-test virtio-balloon: return empty data when no stats are available pcie_host: Turn pcie_host_init() into an instance_init SMBIOS: Fix type 17 field sizes SMBIOS: Update Type 0 struct generator for machines >= 2.1 SMBIOS: Fix endian-ness when populating multi-byte fields serial-pci: Set prog interface field of pci config to 16550 compatible Conflicts: include/hw/i386/pc.h [PMM: fixed trivial conflict in pc.h] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05Merge remote-tracking branch 'remotes/bonzini/softmmu-smap' into stagingPeter Maydell
* remotes/bonzini/softmmu-smap: (33 commits) target-i386: cleanup x86_cpu_get_phys_page_debug target-i386: fix protection bits in the TLB for SMEP target-i386: support long addresses for 4MB pages (PSE-36) target-i386: raise page fault for reserved bits in large pages target-i386: unify reserved bits and NX bit check target-i386: simplify pte/vaddr calculation target-i386: raise page fault for reserved physical address bits target-i386: test reserved PS bit on PML4Es target-i386: set correct error code for reserved bit access target-i386: introduce support for 1 GB pages target-i386: introduce do_check_protect label target-i386: tweak handling of PG_NX_MASK target-i386: commonize checks for PAE and non-PAE target-i386: commonize checks for 4MB and 4KB pages target-i386: commonize checks for 2MB and 4KB pages target-i386: fix coding standards in x86_cpu_handle_mmu_fault target-i386: simplify SMAP handling in MMU_KSMAP_IDX target-i386: fix kernel accesses with SMAP and CPL = 3 target-i386: move check_io helpers to seg_helper.c target-i386: rename KSMAP to KNOSMAP ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05apb: implement IOMMU translation for PCI host bridgeMark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-06-05apb: handle reading/writing of IOMMU control registersMark Cave-Ayland
While the registers are documented as being 64-bit, Linux seems to access them in two halves as 2 x 32-bit accesses. Make sure that we can correctly handle this case. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-06-05apb: fix IOMMU register sizesMark Cave-Ayland
According to the referenced documentation, the IOMMU has 3 64-bit registers consisting of a control register, base register and flush register. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-06-05apb: Move IOMMU registers into a separate IOMMUState structMark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-06-05tcx: move initialisation from realizefn to initfnMark Cave-Ayland
Initialisation cleanup as suggested by Andreas. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> CC: Andreas Färber <afaerber@suse.de>
2014-06-05tcx: move initialisation from SysBusDevice class to TCX class realizefnMark Cave-Ayland
This is an intermediate step to bring TCX in line with CG3. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> CC: Andreas Färber <afaerber@suse.de>
2014-06-05cg3: add extra check to prevent CG3 register array overflowMark Cave-Ayland
The case statements in the CG3 read and write register routines have a maximum value of CG3_REG_SIZE, so if a value were written to this offset then it would overflow the register array. Currently this cannot be exploited since the MemoryRegion restricts accesses to the range 0 ... CG3_REG_SIZE - 1, but it seems worth clarifying this for future review and/or static analysis. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> CC: Paolo Bonzini <pbonzini@redhat.com>
2014-06-05cg3: move initialisation from realizefn to initfnMark Cave-Ayland
Initialisation cleanup as suggested by Andreas. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> CC: Andreas Färber <afaerber@suse.de>
2014-06-05Merge remote-tracking branch 'remotes/rth/tcg-next' into stagingPeter Maydell
* remotes/rth/tcg-next: TCG: Fix tcg_gen_extr_i64_tl for 32bit tcg: Remove TCG_TARGET_HAS_new_ldst tci: Convert to new ldst opcodes tcg-i386: Fix win64 qemu store Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05Merge remote-tracking branch 'remotes/kvm/uq/master' into stagingPeter Maydell
* remotes/kvm/uq/master: kvm: Fix eax for cpuid leaf 0x40000000 kvmclock: Ensure proper env->tsc value for kvmclock_current_nsec calculation kvm: Enable -cpu option to hide KVM kvm: Ensure negative return value on kvm_init() error handling path target-i386: set CC_OP to CC_OP_EFLAGS in cpu_load_eflags target-i386: get CPL from SS.DPL target-i386: rework CPL checks during task switch, preparing for next patch target-i386: fix segment flags for SMM and VM86 mode target-i386: Fix vm86 mode regression introduced in fd460606fd6f. kvm_stat: allow choosing between tracepoints and old stats kvmclock: Ensure time in migration never goes backward Signed-off-by: Peter Maydell <peter.maydell@linaro.org>