aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-03-19spice: set spice uuid and nameMarc-André Lureau
This allows a Spice client to identify a VM Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-18tcg: fix sparc host for AREG0 free operationBlue Swirl
e141ab52d2ea5d0bc6ad3b1ad32841127ca04adc didn't handle the other memory access helper case, fix. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-18Sparc: avoid AREG0 wrappers for memory access helpersBlue Swirl
Adjust generation of load and store templates so that the functions take a parameter for CPUState instead of relying on global env. Remove wrappers. Move remaining memory helpers to ldst_helper.c. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-18Sparc: avoid AREG0 for memory access helpersBlue Swirl
Make memory access helpers take a parameter for CPUState instead of relying on global env. Introduce wrappers for load and store ops. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-18TCG: add 5 arg helpers to def-helper.hBlue Swirl
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-18softmmu templates: optionally pass CPUState to memory access functionsBlue Swirl
Optionally, make memory access helpers take a parameter for CPUState instead of relying on global env. On most targets, perform simple moves to reorder registers. On i386, switch from regparm(3) calling convention to standard stack-based version. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-18i386: Remove REGPARMBlue Swirl
Use stack based calling convention (GCC default) for interfacing with generated code instead of register based convention (regparm(3)). Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-17sparc64: implement PCI and ISA irqsBlue Swirl
Generate correct trap for external interrupts. Map PCI and ISA IRQs to RIC/UltraSPARC-IIi interrupt vectors. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-17sparc: reset CPU state on resetBlue Swirl
Not strictly accurate for Sparc64 but avoid confusing Valgrind. Reported-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-17apb: use normal PCI device header for PBM deviceBlue Swirl
PBM has a normal PCI device header, fix. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-17Merge branch 'arm-devs.for-upstream' of ↵Blue Swirl
git://git.linaro.org/people/pmaydell/qemu-arm * 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm: hw/pxa2xx.c: Fix handling of pxa2xx_i2c variable offset within region hw/pxa2xx_lcd.c: drop target_phys_addr_t usage in device state hw/pxa2xx_dma.c: drop target_phys_addr_t usage in device state ARM: Remove unnecessary subpage workarounds hw/omap_i2c: Convert to qdev
2012-03-17w64: Fix data type of next_tb and tcg_qemu_tb_execStefan Weil
next_tb is the numeric value of a tcg target (= QEMU host) address. Using tcg_target_ulong instead of unsigned long shows this and makes the code portable for hosts with an unusual size of long (w64). The type cast '(long)(next_tb & ~3)' was not needed (casting unsigned long to long does not change the bits, and nor does casting long to pointer for most (= all non w64) hosts. It is removed here. Macro or function tcg_qemu_tb_exec is used to set next_tb. The function also returns next_tb. Therefore tcg_qemu_tb_exec must return a tcg_target_ulong. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-17softfloat: fix for C99Avi Kivity
C99 appears to consider compound literals as non-constants, and complains when they are used in static initializers. Switch to ordinary initializer syntax. Signed-off-by: Avi Kivity <avi@redhat.com> Acked-by: Andreas Färber <afaerber@suse.de> Reported-by: Andreas Färber <andreas.faerber@web.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-17Merge branch 'target-arm.for-upstream' of ↵Blue Swirl
git://git.linaro.org/people/pmaydell/qemu-arm * 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm: target-arm: Decode SETEND correctly in Thumb target-arm: Clear IT bits when taking exceptions in v7M target-arm: Fix typo in ARM946 cp15 c5 handling
2012-03-17Merge branch 'malta' of git://qemu.weilnetz.de/qemuBlue Swirl
* 'malta' of git://qemu.weilnetz.de/qemu: malta: Fix display for LED array malta: Use symbolic hardware addresses malta: Always allocate flash memory malta: Clean allocation of bios region alias
2012-03-17Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agrafBlue Swirl
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf: PPC: Fix openpic with relative memregions pseries: Configure PCI bridge using properties PPC: KVM: Synchronize regs on CPU dump kvm: Comparison with ioctl number macros needs to be unsigned ppc: Correctly define POWERPC_INSNS2_DEFAULT pseries: Add support for level interrupts to XICS PPC: Fix large page support in TCG PPC: Add PIR register to POWER7 CPU pseries: Remove PCI device from PCI host bridge code pseries: Remove unused constant from PCI code pseries: Update SLOF firmware image PPC64: Add support for ldbrx and stdbrx instructions pseries: Don't try to munmap() a malloc()ed TCE table ppc: Add missing 'static' to spin_rw_ops PPC: 405: Fix ppc405ep initialization Bad zero comparison for sas_ss_flags on powerpc
2012-03-17vmstate: fix varrays with uint32_t indexesAmos Kong
VMSTATE_VARRAY_UINT32() is used in hw/ds1225y.c, and we checked VMS_VARRAY_UINT32 bit of field->flags in vmstate_load_state(), but we don't check this bit in vmstate_save_state(). Signed-off-by: Amos Kong <akong@redhat.com> Acked-by: Juan Quintela <quintela@redhat.com> Acked-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-17Fix large memory chunks allocation with tcg_malloc.Kirill Batuzov
An attempt to allocate a large memory chunk after a small one resulted in circular links in list of pools. It caused the same memory being allocated twice for different arrays. Now pools for large memory chunks are kept in separate list and are freed during pool reset because current allocator can not reuse them. Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-16hw/pxa2xx.c: Fix handling of pxa2xx_i2c variable offset within regionPeter Maydell
The pxa2xx I2C controller can have its registers at an arbitrary offset within the MemoryRegion it creates. We use this to create two controllers, one which covers a region of size 0x10000 with registers starting at an offset 0x1600 into that region, and a second one which covers a region of size just 0x100 with the registers starting at the base of the region. The implementation of this offsetting uses two qdev properties, "offset" (which sets the offset which must be subtracted from the address to get the offset into the actual register bank) and "size", which is the size of the MemoryRegion. We were actually using "offset" for two purposes: firstly the required one of handling the registers not being at the base of the MemoryRegion, and secondly as a workaround for a deficiency of QEMU. Until commit 5312bd8b3, if a MemoryRegion was mapped at a non-page boundary, the address passed into the read and write functions would be the offset from the start of the page, not the offset from the start of the MemoryRegion. So when calculating the value to set the "offset" qdev property we included a rounding to a page boundary. Following commit 5312bd8b3 MemoryRegion read/write functions are now correctly passed the offset from the base of the region, and our workaround now means we're subtracting too much from addresses, resulting in warnings like "pxa2xx_i2c_read: Bad register 0xffffff90". The fix for this is simply to remove the rounding to a page boundary; this allows us to slightly simplify the expression since base - (base & (~region_size)) == base & region_size The qdev property "offset" itself must remain because it is still performing its primary job of handling register banks not being at the base of the MemoryRegion. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Andreas Färber <afaerber@suse.de>
2012-03-16hw/pxa2xx_lcd.c: drop target_phys_addr_t usage in device stateMitsyanko Igor
Pxa2xx LCD controller is intended to work with 32-bit bus and it has no knowledge of system's physical address size, so it should not use target_phys_addr_t in it's state. Convert three variables in DMAChannel state from target_phys_addr_t to uint32_t, use VMSTATE_UINT32 instead of VMSTATE_UINTTL for these variables. We can do this safely because: 1) pxa2xx has 32-bit physical address; 2) rest of the code in file never assumes converted variables to have any size different from uint32_t; 3) we shouldn't have used VMSTATE_UINTTL in the first place because this macro is for target_ulong type (which can be different from target_phys_addr_t). Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-03-16hw/pxa2xx_dma.c: drop target_phys_addr_t usage in device stateMitsyanko Igor
Pxa2xx DMA controller is a 32-bit device and it has no knowledge of system's physical address size, so it should not use target_phys_addr_t in it's state. Convert variables descr, src and dest from type target_phys_addr_t to uint32_t, use VMSTATE_UINT32 instead of VMSTATE_UINTTL for these variables. We can do this safely because: 1) pxa2xx actually has 32-bit physical address size; 2) rest of the code in file never assumes descr, src and dest variables to have size different from uint32_t; 3) we shouldn't have used VMSTATE_UINTTL in the first place because this macro is for target_ulong type (which can be different from target_phys_addr_t). Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-03-16ARM: Remove unnecessary subpage workaroundsPeter Maydell
In the ARM per-CPU peripherals (GIC, private timers, SCU, etc), remove workarounds for subpage memory region read/write functions being passed offsets from the start of the page rather than the start of the region. Following commit 5312bd8b3 the masking off of high bits of the address offset is now harmless but unnecessary. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Andreas Färber <afaerber@suse.de>
2012-03-15malta: Fix display for LED arrayStefan Weil
The 8-LED array was already implemented in the first commit to Malta, but this implementation was incomplete. Signed-off-by: Stefan Weil <sw@weilnetz.de>
2012-03-15malta: Use symbolic hardware addressesStefan Weil
The patch adds definitions of some hardware addresses and uses these definitions. It also replaces the type of all addresses from signed to unsigned values. This is only a cosmetic change because addresses are unsigned values, the functions called also expect unsigned values, and we need no sign extension here. Signed-off-by: Stefan Weil <sw@weilnetz.de>
2012-03-15malta: Always allocate flash memoryStefan Weil
There is no reason why there should not be a flash memory when the Malta emulation is started with a Linux kernel. When flash memory is always available, the code is simpler, and it can be better tested. Signed-off-by: Stefan Weil <sw@weilnetz.de>
2012-03-15malta: Clean allocation of bios region aliasStefan Weil
It is sufficient to define the region alias once for all code branches. Signed-off-by: Stefan Weil <sw@weilnetz.de>
2012-03-15target-arm: Decode SETEND correctly in ThumbPeter Maydell
Decode the SETEND instruction correctly in Thumb mode, rather than accidentally treating it like CPS. We don't support BE8 mode, but this change brings the Thumb mode in to line with behaviour in ARM mode: 'SETEND BE' is not supported and will provoke an UNDEF exception, but 'SETEND LE' is correctly handled as a no-op. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reported-by: Daniel Forsgren <daniel.forsgren@enea.com> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
2012-03-15target-arm: Clear IT bits when taking exceptions in v7MPeter Maydell
When taking an exception for an M profile core, we must clear the IT bits. Since the IT bits are cached in env->condexec_bits we must clear them there: writing the bits in env->uncached_cpsr has no effect. (Reported as LP:944645.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-03-15target-arm: Fix typo in ARM946 cp15 c5 handlingPeter Maydell
Fix a typo in handling of the ARM946 cp15 c5 c0 0 1 handling (instruction access permission bits) that meant it would return the data access permission bits by mistake. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-03-15hw/omap_i2c: Convert to qdevJuha Riihimäki
Convert the omap_i2c device to qdev. Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com> [Riku Voipio: Fixes and restructuring patchset] Signed-off-by: Riku Voipio <riku.voipio@iki.fi> [Peter Maydell: More fixes and cleanups for upstream submission] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-03-15PPC: Fix openpic with relative memregionsAlexander Graf
After commit 5312bd8b3152 we got memory region relative offsets into our mmio callbacks instead of page boundary based offsets. This broke the OpenPIC emulation which expected offsets to be on page boundary and substracted its region offset manually. This patch gets rid of that manual substraction and lets the memory api do its magic instead. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15pseries: Configure PCI bridge using propertiesDavid Gibson
Currently, the function spapr_create_phb() uses its parameters to initialize the correct memory windows for the new PCI Host Bridge (PHB). This is not the way things are supposed to be done with qdevs, and means you can't create extra PHBs easily using -device. Since pSeries machines can and do have many PHBs with various configurations, this is a real limitation, not just a theoretical. This patch, therefore, alters the PHB initialization code to use qdev properties to set these parameters of the new bridge, moving most of the code from spapr_create_phb() to spapr_phb_init(). While we're at it, we change the naming of each PCI bus and its associated memory regions to be less arbitrary and make it easier to relate the guest and qemu views of memory to each other. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15PPC: KVM: Synchronize regs on CPU dumpAlexander Graf
When we dump the CPU registers, there's a certain chance they haven't been synchronized with KVM yet, so we have to manually trigger that. This aligns the code with x86 and fixes a bug where the register state was bogus on invalid/unknown kvm exit reasons. Reported-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15kvm: Comparison with ioctl number macros needs to be unsignedDavid Gibson
In kvm-all.c we store an ioctl cmd number in the irqchip_inject_ioctl field of KVMState, which has type 'int'. This seems to make sense since the ioctl() man page says that the cmd parameter has type int. However, the kernel treats ioctl numbers as unsigned - sys_ioctl() takes an unsigned int, and the macros which generate ioctl numbers expand to unsigned expressions. Furthermore, some ioctls (IOC_READ ioctls on x86 and IOC_WRITE ioctls on powerpc) have bit 31 set, and so would be negative if interpreted as an int. This has the surprising and compile-breaking consequence that in kvm_irqchip_set_irq() where we do: return (s->irqchip_inject_ioctl == KVM_IRQ_LINE) ? 1 : event.status; We will get a "comparison is always false due to limited range of data type" warning from gcc if KVM_IRQ_LINE is one of the bit-31-set ioctls, which it is on powerpc. So, despite the fact that the man page and posix say ioctl numbers are signed, they're actually unsigned. The kernel uses unsigned, the glibc header uses unsigned long, and FreeBSD, NetBSD and OSX also use unsigned long ioctl numbers in the code. Therefore, this patch changes the variable to be unsigned, fixing the compile. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15ppc: Correctly define POWERPC_INSNS2_DEFAULTMeador Inge
'POWERPC_INSNS2_DEFAULT' was defined incorrectly which was causing the opcode table creation code to erroneously register 'eieio' and 'mbar' for the "default" processor: ** ERROR: opcode 1a already assigned in opcode table 16 *** ERROR: unable to insert opcode [1f-16-1a] *** ERROR initializing PowerPC instruction 0x1f 0x16 0x1a Signed-off-by: Meador Inge <meadori@codesourcery.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15pseries: Add support for level interrupts to XICSDavid Gibson
The pseries "xics" interrupt controller, like most interrupt controllers can support both message (i.e. edge sensitive) interrupts and level sensitive interrupts, but it needs to know which are which. When I implemented the xics emulation for qemu, the only devices we supported were the PAPR virtual IO devices. These devices only use message interrupts, so they were the only ones I implemented in xics. Since then, however, we have added support for PCI devices, which use level sensitive interrupts. It turns out the message interrupt logic still actually works most of the time for these, but there are circumstances where we can lost interrupts due to the incorrect interrupt logic. This patch, therefore, implements the correct xics level-sensitive interrupt logic. The type of the interrupt is set when a device allocates a new xics interrupt. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15PPC: Fix large page support in TCGNathan Whitehorn
Fix large page support in TCG. The old code would overwrite the large page table entry with the fake 4 KB one generated here whenever the ref/change bits were updated, causing it to point to the wrong area of memory. Signed-off-by: Nathan Whitehorn <nwhitehorn@freebsd.org> Acked-by: David Gibson <david@gibson.drobpear.id.au> [agraf: fix whitespace, braces] Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15PPC: Add PIR register to POWER7 CPUNathan Whitehorn
The POWER7 emulation is missing the Processor Identification Register, mandatory in recent POWER CPUs, that is required for SMP on at least some operating systems (e.g. FreeBSD) to function properly. This patch copies the existing PIR code from the other CPUs that implement it. Signed-off-by: Nathan Whitehorn <nwhitehorn@freebsd.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15pseries: Remove PCI device from PCI host bridge codeAlexey Kardashevskiy
The sPAPR PCI code defines a PCI device "spapr-pci-host-bridge-pci" which is never used. This came over from the earlier bridge driver we used as a template. Some other bridges appear on their own PCI bus as a device, but that is not true of pSeries bridges, which are pure host to PCI with no visible presence on the PCI side. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15pseries: Remove unused constant from PCI codeDavid Gibson
The 'bars' constant array was used in experimental device allocation code which is no longer necessary now that we always run the SLOF firmware. This patch removes the now redundant variable. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15pseries: Update SLOF firmware imageDavid Gibson
This patch updates the SLOF firmware image used on the pseries machine. The new version adds support for Cirrus VGA and virtfs, as well as including a number of bugfixes. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15PPC64: Add support for ldbrx and stdbrx instructionsThomas Huth
These instructions for loading and storing byte-swapped 64-bit values have been introduced in PowerISA 2.06. Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15pseries: Don't try to munmap() a malloc()ed TCE tableDavid Gibson
For the pseries machine, TCE (IOMMU) tables can either be directly malloc()ed in qemu or, when running on a KVM which supports it, mmap()ed from a KVM ioctl. The latter option is used when available, because it allows the (frequent bottlenext) H_PUT_TCE hypercall to be KVM accelerated. However, even when KVM is persent, TCE acceleration is not always possible. Only KVM HV supports this ioctl(), not KVM PR, or the kernel could run out of contiguous memory to allocate the new table. In this case we need to fall back on the malloc()ed table. When a device is removed, and we need to remove the TCE table, we need to either munmap() or free() the table as appropriate for how it was allocated. The code is supposed to do that, but we buggily fail to initialize the tcet->fd variable in the malloc() case, which is used as a flag to determine which is the right choice. This patch fixes the bug, and cleans up error messages relating to this path while we're at it. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15ppc: Add missing 'static' to spin_rw_opsStefan Weil
spin_rw_ops is only used in hw/ppce500_spin.c. Signed-off-by: Stefan Weil <sw@weilnetz.de> Acked-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15PPC: 405: Fix ppc405ep initializationAlexander Graf
When trying to run a ppc405 guest, it segfaults quite quickly, trying to access timers that weren't initialized. Initialize them properly instead. Reported-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-15Bad zero comparison for sas_ss_flags on powerpcAlex Barcelo
All architectures work the same way, and all check for sas_ss_flags == 0. The powerpc lines are wrong, and do the check the other way round (it's a qemu internal check, which is done wrong only for this architecture, it's more a typo than a bug). It's NOT ppc specific, it's POSIX standard (sigaltstack) and qemu internal. I have a test source that I will send in a follow-up (it's longer than I would have wished, I'm sure that a better test case can be written if needed) Signed-off-by: Alex Barcelo <abarcelo@ac.upc.edu> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-14target-lm32/microblaze: Drop second CPU{LM32, MB}State typedefAndreas Färber
Commit 9b9a970a23625de4ae6b7461906a9a0d98d3ca95 (target-lm32/microblaze: Typedef struct CPU{MB,LM32}State) introduced necessary typedefs for cpu_mmu_index() and mmu.h respectively. On some GCC versions this leads to "error: redefinition of typedef". Drop the original typedef to hopefully fix the build. Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-03-14Merge remote-tracking branch 'afaerber/qom-cpu.v5' into stagingAnthony Liguori
* afaerber/qom-cpu.v5: (43 commits) qom: Introduce CPU class Rename CPUState -> CPUArchState xtensa hw/: Don't use CPUState sparc hw/: Don't use CPUState sh4 hw/: Don't use CPUState s390x hw/: Don't use CPUState ppc hw/: Don't use CPUState mips hw/: Don't use CPUState microblaze hw/: Don't use CPUState m68k hw/: Don't use CPUState lm32 hw/: Don't use CPUState i386 hw/: Don't use CPUState cris hw/: Don't use CPUState arm hw/: Don't use CPUState alpha hw/: Don't use CPUState xtensa-semi: Don't use CPUState m68k-semi: Don't use CPUState arm-semi: Don't use CPUState target-xtensa: Don't overuse CPUState target-unicore32: Don't overuse CPUState ...
2012-03-14vnc: Limit r/w access to size of allocated memoryStefan Weil
This fixes memory reads and writes which exceeded the upper limit of allocated memory vd->guest.ds->data and vd->server->data. Cc: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-03-14vnc: don't mess up with iohandlers in the vnc threadCorentin Chary
The threaded VNC servers messed up with QEMU fd handlers without any kind of locking, and that can cause some nasty race conditions. Using qemu_mutex_lock_iothread() won't work because vnc_dpy_cpy(), which will wait for the current job queue to finish, can be called with the iothread lock held. Instead, we now store the data in a temporary buffer, and use a bottom half to notify the main thread that new data is available. vnc_[un]lock_ouput() is still needed to access VncState members like abort, csock or jobs_buffer. Signed-off-by: Corentin Chary <corentin.chary@gmail.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>