| Age | Commit message (Collapse) | Author |
|---|
|
Replace qemu_allocate_irqs(foo, bar, 1)[0]
with qemu_allocate_irq(foo, bar, 0).
This avoids leaking the dereferenced qemu_irq *.
Cc: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
[PC Changes:
* Applied change to instance in sh4/sh7750.c
]
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Kirill Batuzov <batuzovk@ispras.ru>
[AF: Fix IRQ index in sh4/sh7750.c]
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit f3c7d0389fe8a2792fd4c1cf151b885de03c8f62)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
CVE-2013-4533
s->rx_level is read from the wire and used to determine how many bytes
to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
length of s->rx_fifo[] the buffer can be overrun with arbitrary data
from the wire.
Fix this by validating rx_level against the size of s->rx_fifo.
Cc: Don Koch <dkoch@verizon.com>
Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Don Koch <dkoch@verizon.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit caa881abe0e01f9931125a0977ec33c5343e4aa7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The ethernet device in the musicpal only has two tx queues,
but we modelled it with four CTDP registers, presumably a
cut and paste from the rx queue registers. Since the tx_queue[]
array is only 2 entries long this allowed a guest to overrun
this buffer. Remove the nonexistent registers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1392737293-10073-1-git-send-email-peter.maydell@linaro.org
Acked-by: Jan Kiszka <jan.kiszka@web.de>
Cc: qemu-stable@nongnu.org
(cherry picked from commit cf143ad35018c5fc1da6365b45acda2b34aba90a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
cgcc reported a duplicate initialisation. Mainstone includes a matrix
keyboard where two different positions map to 'space'.
QEMU uses the reversed mapping and does not map 'space' to two different
matrix positions.
Some other keys are either missing or might be mapped wrongly (cf. Linux
kernel code). Don't fix these until someone can test them with real
hardware, but add TODO comments.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 7dbc1158bc63fdbad849d21409eeeb53f5230445)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Adopt error_report().
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Simply skip flash setup for now.
Also drop useless debug output.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Commit 9b8c69243 (since reverted) broke the ability to boot the kernel
as the value returned by unassigned_mem_read returned non-zero and left
the kernel looping forever waiting for it to change (see
integrator_led_set in the kernel code).
Relying on a varying implementation detail is incorrect anyway so this
introduces a basic stub of a memory region for the debug/LED section
on the integrator board.
Signed-off-by: Alex Bennée <alex@bennee.com>
Message-id: 1382451366-9539-1-git-send-email-alex.bennee@linaro.org
[PMM: removed three unused fields from struct IntegratorDebugState]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Now that arm_load_kernel doesn't insist on a kernel filename
being present, we can remove some unnecessary conditionals
in board models.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1379980897-21277-3-git-send-email-peter.maydell@linaro.org
|
|
Typically ARM boards will have some kind of flash which might contain
a boot ROM; it's therefore a valid use case to provide only an
image for the boot ROM and not require QEMU's internal boot loader
at all. Remove the fatal error if -kernel isn't specified.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1379980897-21277-2-git-send-email-peter.maydell@linaro.org
|
|
QOM CPUState refactorings / X86CPU
* Conversion of global CPU list to QTAILQ - preparing for CPU hot-unplug
* Document X86CPU magic numbers for CPUID cache info
# gpg: Signature made Tue 03 Sep 2013 10:59:22 AM CDT using RSA key ID 3E7E013F
# gpg: Can't check signature: public key not found
# By Andreas Färber (3) and Eduardo Habkost (1)
# Via Andreas Färber
* afaerber/tags/qom-cpu-for-anthony:
target-i386: Use #defines instead of magic numbers for CPUID cache info
cpu: Replace qemu_for_each_cpu()
cpu: Use QTAILQ for CPU list
a15mpcore: Use qemu_get_cpu() for generic timers
|
|
pc,pci,virtio fixes and cleanups
This includes pc and pci cleanups and enhancements,
and a virtio bugfix for level interrupts.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Sun 01 Sep 2013 03:15:36 AM CDT using RSA key ID D28D5469
# gpg: Can't check signature: public key not found
# By Michael S. Tsirkin (3) and others
# Via Michael S. Tsirkin
* mst/tags/for_anthony:
virtio_pci: fix level interrupts with irqfd
pc: reduce duplication, fix PIIX descriptions
hw: Clean up bogus default boot order
pci: add config space access traces
pc: fix regression for 64 bit PCI memory
pci: Introduce helper to retrieve a PCI device's DMA address space
Message-id: 1378023590-11109-1-git-send-email-mst@redhat.com
Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
|
|
Introduce CPU_FOREACH(), CPU_FOREACH_SAFE() and CPU_NEXT() shorthand
macros.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
We set default boot order "cad" in every single machine definition
except "pseries" and "moxiesim", even though very few boards actually
care for boot order, and "cad" makes sense for even fewer.
Machines that care:
* pc and its variants
Accept up to three letters 'a', 'b' (undocumented alias for 'a'),
'c', 'd' and 'n'. Reject all others (fatal with -boot).
* nseries (n800, n810)
Check whether order starts with 'n'. Silently ignored otherwise.
* prep, g3beige, mac99
Extract the first character the machine understands (subset of
'a'..'f'). Silently ignored otherwise.
* spapr
Accept an arbitrary string (vl.c restricts it to contain only
'a'..'p', no duplicates).
* sun4[mdc]
Use the first character. Silently ignored otherwise.
Strip characters these machines ignore from their default boot order.
For all other machines, remove the unused default boot order
alltogether.
Note that my rename of QEMUMachine member boot_order to
default_boot_order and QEMUMachineInitArgs member boot_device to
boot_order has a welcome side effect: it makes every use of boot
orders visible in this patch, for easy review.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
This is an autogenerated patch using scripts/switch-timer-api.
Switch the entire code base to using the new timer API.
Note this patch may introduce some line length issues.
Signed-off-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Convert rtc_clock to be a QEMUClockType
Move rtc_clock users to use the new API
Signed-off-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Now all the boards have been converted arm_pic_init_cpu()
is unused and can just be deleted.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-15-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-14-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-13-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-12-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-11-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-10-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-9-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-8-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-7-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-6-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-5-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-4-git-send-email-peter.maydell@linaro.org
|
|
Drop the now-deprecated arm_pic_init_cpu() in favour of directly
getting the IRQ line from the ARMCPU object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-3-git-send-email-peter.maydell@linaro.org
|
|
Now that ARMCPU is a subclass of DeviceState, we can make the
CPU's inbound IRQ and FIQ lines be simply gpio lines, which
means we can remove the odd arm_pic shim.
We retain the arm_pic_init_cpu() function as a backwards
compatibility shim layer so we can convert the board models
to get the IRQ and FIQ lines directly from the ARMCPU
object one at a time.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1375977856-25046-2-git-send-email-peter.maydell@linaro.org
|
|
pxa2xx_i2c_init() creates a pxa2xx-i2c-slave device on a second i2c-bus,
which has a NULL parent device. This causes an assertion in
object_get_canonical_path() when accessing pxa2xx-i2c-slave's
"parent_bus" link<bus> property in tosa and likely other PXA2xx machines.
Fix this by using the pxa2xx_i2c device, created just before, as parent.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1375621501-5564-1-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts and rename the parent field.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts and rename the parent field.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts and rename the parent field.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Introduce a type constant, use QOM casts, rename the parent field and
prepare for QOM realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
