aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-11-19loader: Fix read_targphys() to behave when read() failsMarkus Armbruster
Happily passes (size_t)-1 to rom_add_blob_fixed(), which promptly dies attempting to malloc that much. Spotted by Coverity. Bonus fix for ROMs larger than INT_MAX bytes: return ssize_t instead of int. Bug can't bite, because the only user load_aout() limits ROM size to an int value. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-11-19Improve "ta 0" shutdownFabien Chouteau
This patch replace the previous implementation with this simplified and more complete version (no shutdown when psret == 1). Signed-off-by: Fabien Chouteau <chouteau@adacore.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-11-19gdbstub: Fix memory leakStefan Weil
cppcheck report: gdbstub.c:1781: error: Memory leak: s Rearranging of the code avoids the leak. v2: Replace the g_malloc0() by g_new0() (suggested by Stuart Brady). Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-11-19tcg-sparc: Fix set-but-not used warnings.Richard Henderson
In both cases, val is computed, but then not used in the subsequent line, which then re-computes the quantity in a different type (int32_t vs unsigned long). Keep the computation type that's been working so far. Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-11-19Merge branch 's390-1.0' of git://repo.or.cz/qemu/agrafBlue Swirl
* 's390-1.0' of git://repo.or.cz/qemu/agraf: s390x: initialize virtio dev region tcg: Use TCGReg for standard tcg-target entry points. tcg: Standardize on TCGReg as the enum for hard registers s390x: Add shutdown for TCG s390-virtio machine s390: Fix cpu shutdown for KVM s390: fix short kernel command lines s390: fix reset hypercall to reset the status s390x: implement SIGP restart and shutdown s390x: implement rrbe instruction properly s390x: update R and C bits in storage key s390x: make ipte 31-bit aware s390x: add ldeb instruction
2011-11-19Merge branch 'ppc-1.0' of git://repo.or.cz/qemu/agrafBlue Swirl
* 'ppc-1.0' of git://repo.or.cz/qemu/agraf: pseries: Fix qdev.id handling in the VIO bus code pseries: Allow kernel's early debug output to work pseries: Default reg for vty should be SPAPR_VTY_BASE_ADDRESS pseries: Check we have a chardev in spapr_vty_init() pseries: Fix buggy spapr_vio_find_by_reg() pseries: Correct RAM size check for SLOF PPC: Fix for the gdb single step problem on an rfi instruction tcg-ppc64: Fix compile errors for userspace only builds with gcc 4.6 pseries: Fix initialization of sPAPREnvironment structure
2011-11-18fmodaudio: Remove unused variable 'bits16' (reported by cppcheck)Stefan Weil
The variable is assigned a value which is never used, so remove variable and assignment. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: malc <av1474@comtv.ru>
2011-11-18pseries: Fix qdev.id handling in the VIO bus codeMichael Ellerman
When the user creates a device on the command line with -device, they can specify the id, using id=foo. Currently the VIO bus code overwrites this id with it's own value. We should only set qdev.id if it is not already set by the user. The device tree code uses qdev.id for the device tree node name, however we can't rely on the user specifiying the id using proper device tree syntax, ie. device@reg. So separate the device tree node name from the qdev.id, but use the same syntax, so they will match by default. Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-18pseries: Allow kernel's early debug output to workDavid Gibson
The PAPR specification defines a virtual TTY/console interface for guest OSes to use via the H_PUT_TERM_CHAR and H_GET_TERM_CHAR hypercalls. There can be multiple virtual ttys, so these take a "termno" parameter. This encodes which vty to use as the 'reg' property on the device tree node associated with that vty. However, with the early debug options enabled, the Linux kernel will attempt debugging output through the vty very early, before it has read the device tree. In this case it always uses a termno of 0. This works on the existing PowerVM hypervisor, so we assume there must be a hack / feature in there which interprets termno==0 to mean the default primary console. To help with debugging kernels, including existing distribution kernels, this patch implements a similar feature / hack in qemu. If termno==0 is supplied to H_{GET,PUT}_TERM_CHAR, they use the first available vty device instead. We need to be careful in the case that the user has manually created an spapr-vty at address 0. So first we search for the specified reg and only if that doesn't match do we fall back. Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-18pseries: Default reg for vty should be SPAPR_VTY_BASE_ADDRESSMichael Ellerman
In commit b4a78527359a4540d84d4cdf629d01cbb262f698 ("Place pseries vty devices at addresses more similar to existing machines"), we changed the default reg for the vty to 0x30000000, however we didn't update the default value for a user specified vty device. Fix that. Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-18pseries: Check we have a chardev in spapr_vty_init()Michael Ellerman
If qemu is run like: qemu-system-ppc64 -nodefaults -device spapr-vty We end up in spapr_vty_init() with dev->chardev == NULL. Currently that leads to a segfault because we unconditionally call qemu_chr_add_handlers(). Although we could make that call conditional, I think a spapr-vty without a chardev is basically useless so fail the init. This is similar to what the serial code does for example. Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-18pseries: Fix buggy spapr_vio_find_by_reg()David Gibson
The spapr_vio_find_by_reg() function in hw/spapr_vio.c is supposed to find the device structure for a PAPR virtual IO device with the given reg value, and return NULL if none exists. It does the first ok, but if no device with that reg exists, it just returns the last device traversed in the list. This patch fixes it. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-18pseries: Correct RAM size check for SLOFDavid Gibson
The SLOF firmware used on the pseries machine needs a reasonable amount of (guest) RAM in order to run, so we have a check in the machine init function to check that this is available. However, SLOF runs in real mode (MMU off) which means it can only actually access the RMA (Real Mode Area), not all of RAM. In many cases the RMA is the same as all RAM, but when running with Book3S HV KVM on PowerPC 970, the RMA must be especially allocated to be (host) physically contiguous. In this case, the RMA size is determined by what the host admin allocated at boot time, and will usually be less than the whole guest RAM size. This patch corrects the test to see if SLOF has enough memory for this case. In addition, more recent versions of SLOF that were committed earlier don't need quite as much memory as earlier versions. Therefore, this patch also reduces the amount of RAM we require to run SLOF. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14Update version to 1.0-rc2v1.0-rc2Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-14pc_piix: set qxl revision to 2 for pc-0.14Alon Levy
The default is still 3, and I didn't change older machine types. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-14hw/omap_gpio: Fix infinite recursion when doing 8/16 bit readsPeter Maydell
Fix a long-standing bug which meant that any attempt to do an 8 or 16 bit read from the OMAP GPIO module would cause qemu to crash due to an infinite recursion. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-14Revert bugfix e7852674d5 until tested or until after the release.Andrzej Zaborowski
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2011-11-14s390x: initialize virtio dev regionAlexander Graf
When running the s390x virtio machine we can potentially use uninitialized memory for the virtio device backing ram. That can lead to weird breakge. So let's better initialize it to 0 properly. Reported-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de> --- v1 -> v2: - use target_phys_addr_t
2011-11-14tcg: Use TCGReg for standard tcg-target entry points.Richard Henderson
Including tcg_out_ld, tcg_out_st, tcg_out_mov, tcg_out_movi. Signed-off-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14tcg: Standardize on TCGReg as the enum for hard registersRichard Henderson
Most targets did not name the enum; tci used TCGRegister. Signed-off-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14s390x: Add shutdown for TCG s390-virtio machineAlexander Graf
Now that we have code in place to do refcounting of online CPUs, we can drag the TCG code along and implement shutdown for that one too, so it doesn't feel left out by its KVM counterpart. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14s390: Fix cpu shutdown for KVMChristian Borntraeger
On s390 a shutdown is the state of all CPUs being either stopped or disabled (for interrupts) waiting. We have to track the overall number of running CPUs to call the shutdown sequence accordingly. This patch implements the counting and shutdown handling for the kvm path in qemu. Lets also wrap changes to env->halted and env->exception_index. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14s390: fix short kernel command linesChristian Borntraeger
The default kernel command line for s390 is "root=/dev/ram0 ro" When overriding this line, we have to ensure to also copy the \0 to avoid false lines, for example, -append "root=/dev/vda" will result in "root=/dev/vda0 ro" with the current code. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14s390: fix reset hypercall to reset the statusChristian Borntraeger
This patch fixes the reset hypercall which is supposed to also reset the device status in device memory. This fixes the following bug: [root@localhost driver]# echo virtio0 > unbind [ 35.056966] ------------[ cut here ]------------ [ 35.057054] kernel BUG at drivers/virtio/virtio.c:157! [ 35.057113] illegal operation: 0001 [#1] SMP [ 35.057181] Modules linked in: [ 35.057243] CPU: 0 Not tainted 3.0.0-rc1-00180-g0792644-dirty #51 [ 35.057323] Process bash (pid: 497, task: 000000003e58c538, ksp: 000000003ef43978) [ 35.057409] Krnl PSW : 0704100180000000 00000000003d46f8 (virtio_check_driver_offered_feature+0x0/0x38) [ 35.057528] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:1 PM:0 EA:3 [ 35.057616] Krnl GPRS: 0000000000000000 0000000040000000 0000000000000007 0000000000000000 [ 35.057716] 00000000003b3be4 0000000000000001 000000003ef4d380 000000003f1cff00 [ 35.057805] 000000003ef43f18 00000000005ca620 0000000000000008 0000000000838e88 [ 35.057919] 000000000083c860 000000003f7c2e00 00000000003d46b0 000000003ef43d10 [ 35.058027] Krnl Code: 00000000003d46e8: f0b00004ebcf srp 4(12,%r0),3023(%r14),0 [ 35.058115] 00000000003d46ee: f0a0000407f4 srp 4(11,%r0),2036,0 [ 35.058207] 00000000003d46f4: a7f40001 brc 15,3d46f6 [ 35.058295] >00000000003d46f8: e31020900004 lg %r1,144(%r2) [ 35.058383] 00000000003d46fe: bf2f1080 icm %r2,15,128(%r1) [ 35.058470] 00000000003d4702: a784000d brc 8,3d471c [ 35.058557] 00000000003d4706: e32010780004 lg %r2,120(%r1) [ 35.058645] 00000000003d470c: 59302000 c %r3,0(%r2) [ 35.058748] Call Trace: [ 35.058777] ([<00000000003d469e>] virtio_dev_remove+0x36/0x90) [ 35.058852] [<00000000003f3a40>] __device_release_driver+0x7c/0xec [ 35.058936] [<00000000003f3ae8>] device_release_driver+0x38/0x48 [ 35.059023] [<00000000003f2a98>] driver_unbind+0xa4/0xc4 [ 35.059111] [<00000000002acb70>] sysfs_write_file+0xe8/0x19c [ 35.059226] [<000000000022e7a4>] vfs_write+0xb0/0x18c [ 35.059317] [<000000000022eb18>] SyS_write+0x58/0xb4 [ 35.059398] [<000000000057e674>] sysc_noemu+0x16/0x1c [ 35.059475] [<000003fffd44b6c0>] 0x3fffd44b6c0 [ 35.059531] Last Breaking-Event-Address: [ 35.059576] [<00000000003d46f4>] virtio_dev_remove+0x8c/0x90 [ 35.059646] [ 35.059661] ---[ end trace 9b1959188f21ee11 ]--- Signed-off-by: Christian Borntraeger<borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14s390x: implement SIGP restart and shutdownAlexander Graf
An s390x OS does reboot and shutdown triggers through hypercalls that we didn't implement on the TCG backend yet. That means that so far we couldn't shut down virtual machines for example, having them hang on shutdown when not using KVM. With this patch, this restriction is gone. We can now shut down and reboot s390x virtual machines even when using the TCG backend. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14s390x: implement rrbe instruction properlyAlexander Graf
The rrbe instruction resets the reference bit in the given storage key. So far, we merely made it a nop and also returned an invalid CC value, so that the kernel never knew if a page actually got accessed. This patch implements it properly, flushing the R bit and returning the correct CC value. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14s390x: update R and C bits in storage keyAlexander Graf
When the s390x maps a page or writes happen to a page, the R and C bits get updated. The easiest way to implement this in qemu is to simply update them whenever we map a TLB translation and act according to the permissions. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14s390x: make ipte 31-bit awareAlexander Graf
When running 31-bit code we can potentially map the same virtual address twice - once as 0x0yyyyyyy and once as 0x8yyyyyyy, because the upper bit gets ignored. This also should be reflected in the tlb invalidation path, so we really invalidate also the transparently created tlb entries. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14s390x: add ldeb instructionAlexander Graf
While running perl, we encountered the ldeb instruction to be used, so we implement it :). Signed-off-by: Alexander Graf <agraf@suse.de>
2011-11-14hw/onenand: reject read-only drivesJuha Riihimäki
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2011-11-14hw/nand: reject read-only drivesJuha Riihimäki
also gracefully fail on nand_device_init() for unsupported block size instead of aborting. Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2011-11-14hw/arm_sysctl: Fix RESETCTL for realview-pb-a8 and -pbx-a9Jean-Christophe DUBOIS
Depending on the considered baseboard the bit used to reset the platform is different. Here is the list of considered Realview/Versatile platforms: Realview/Versatile AB for ARM926EJ-S: BOARD_ID = 0x100 = BOARD_ID_PB9 http://infocenter.arm.com/help/topic/com.arm.doc.dui0225d/CACCIFGI.html RealView Emulation Baseboard: BOARD_ID = 0x140 = BOARD_ID_EB No reset register RealView PB for Cortex-A8: BOARD_ID = 0x178 = BOARD_ID_PBA8 http://infocenter.arm.com/help/topic/com.arm.doc.dui0417d/BBACIGAD.html RealView PB for Cortex-A9: BOARD_ID = 0x182 = BOARD_ID_PBX http://infocenter.arm.com/help/topic/com.arm.doc.dui0440b/CACCHBFB.html Motherboard Express =C2=B5ATX: BOARD_ID = 0x190 = BOARD_ID_VEXPRESS No reset register Signed-off-by: Jean-Christophe DUBOIS <jcd@tribudubois.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2011-11-14hw/pxa2xx.c: Fix handling of RW bits in PMCRPeter Maydell
Fix an error in commit afd4a6522 which meant that writing a zero to the RW bits in the PMCR wouldn't actually clear them. (Error spotted by Andrzej Zaborowski.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2011-11-14hw/usb-net.c: Fix precedence bug when checking rndis_statePeter Maydell
"!X == 2" is always false (spotted by Coverity), so the checks for whether rndis is in the correct state would never fire. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2011-11-13memory: fix 'info mtree' segfaultsAvi Kivity
'info mtree' accesses invalid memory in two cases, both due to incorrect (and unsafe) usage of QTAILQ_FOREACH_SAFE(). Reported-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Avi Kivity <avi@redhat.com>
2011-11-11Merge remote-tracking branch 'kwolf/block-stable' into stagingAnthony Liguori
2011-11-11vl.c: prohibit simultaneous use of -icount with kvm or xenMax Filippov
With -icount, The vm_clock is updated with help from TCG (it counts instructions at 2^ICOUNT ns/instructions). With KVM, the instruction count is not available so KVM cannot provide this help. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11hw/arm_timer.c: Fix bounds check for Integrator timer accessesPeter Maydell
There are only three counter/timers on the integrator board: correct the bounds check to avoid an array overrun. (Spotted by Coverity, see bug 887883). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11hw/pxa2xx.c: Fix handling of R/WC bits in PMCRPeter Maydell
Fix a bug in handling the write-one-to-clear bits in the PMCR which meant that we would always clear the bit even if the value written was a zero. Spotted by Coverity (see bug 887883). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11hw/pl061: Remove pointless comparison of array to nullPeter Maydell
Remove a pointless comparison of an array to null. (There is no need to check whether s->out[i] is non-null as qemu_set_irq will do that for us.) Spotted by Coverity (see bug 887883). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11hw/tc58128.c: Remove unnecessary check for g_malloc failurePeter Maydell
Remove a check for g_malloc failing: this never happens. Also use g_malloc rather than g_malloc0 as we immediately memset the entire region and so zero-initialising it is pointless. Spotted by Coverity (see bug 887883). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11linux-user/elfload.c: Don't memset(NULL..) if malloc() failedPeter Maydell
If a malloc() in copy_elf_strings() failed we would call memset() before the "did malloc fail?" check. Fix this by moving to the glib alloc/free routines for this memory so we can use g_try_malloc0 rather than having a separate memset(). Spotted by Coverity (see bug 887883). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11hw/omap_intc.c: Avoid crash on access to nonexistent banked registersPeter Maydell
Avoid a crash due to null pointer dereference if a guest attempts to access banked registers for a nonexistent bank. Spotted by Coverity (see bug 887883). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11os-posix: Plug fd leak in qemu_create_pidfile()Markus Armbruster
Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11posix-aio-compat: Plug memory leak on paio_init() error pathMarkus Armbruster
Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11qemu-sockets: Plug fd leak on unix_connect_opts() error pathMarkus Armbruster
Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11ui: Plug memory leaks on parse_keyboard_layout() error pathMarkus Armbruster
Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11qemu-char: Plug memory leak on qemu_chr_open_pty() error pathMarkus Armbruster
Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11migration: fix detached migration with fdJuan Quintela
Migration with fd uses s->mon to pass the fd. But we only assign the s->mon for !detached migration. Fix it. Once there add a comment indicating that s->mon has two uses. Bug reported by: Wen Congyang <wency@cn.fujitsu.com> Signed-off-by: Juan Quintela <quintela@redhat.com> CC: Wen Congyang <wency@cn.fujitsu.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11configure: Do not use 'sed -i'Pavel Borzenkov
'sed -i' is not defined in POSIX. It doesn't work on Mac OS X the way it's used in configure (without suffix argument). This patch implements Peter Maydell's idea of xattr.h detection. Cc: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>