| Age | Commit message (Collapse) | Author |
|---|
|
Coverity reports the 'size' may be used uninitialized, but that can't happen,
because the caller has checked "if (binfo->dtb_filename || binfo->get_dtb)"
before call 'load_dtb'.
Here we simply remove the 'if (binfo->get_dtb)' to satisfy coverity.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Message-id: 1416826240-12368-1-git-send-email-zhang.zhanghailiang@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Variable 'ram_lo' is allocated unconditionally, but used only in some cases.
When it is unused pointer will be lost at function exit, resulting in a
memory leak. Allocate memory for 'ram_lo' only if it is needed.
Valgrind output:
==16879== 240 bytes in 1 blocks are definitely lost in loss record 6,033 of 7,018
==16879== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16879== by 0x33D2CE: malloc_and_trace (vl.c:2804)
==16879== by 0x509E610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==16879== by 0x288836: realview_init (realview.c:55)
==16879== by 0x28988C: realview_pb_a8_init (realview.c:375)
==16879== by 0x341426: main (vl.c:4413)
Signed-off-by: Nikita Belov <zodiac@ispras.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
DACR has a secure and a non-secure instance. Adds definition for DACR32_EL2.
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-19-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Adds secure and non-secure bank register suport for TTBR0 and TTBR1.
Changes include adding secure and non-secure instances of ttbr0 and ttbr1 as
well as a CP register definition for TTBR0_EL3. Added a union containing
both EL based array fields and secure and non-secure fields mapped to them.
Updated accesses to use A32_BANKED_CURRENT_REG_GET macro.
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-17-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Implements SCTLR_EL3 and uses secure/non-secure instance when
needed.
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-14-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
ePAPR 1.1 defines the stdout-path property, making the os-specific
linux,stdout-path property redundant. Change the DT setup for ARM virt
to use the generic property - supported by Linux since 3.15.
The old QEMU behaviour was not present in any released version of
QEMU, and was only added to QEMU after the kernel changed, so
this should not break any existing setups.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
[PMM: add note to commit about the old behaviour never hving been
in a released version of QEMU]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Such address translation is needed when load address recorded in uImage
is a virtual address. When the actual load address is requested, return
untranslated address: user that needs the translated address can always
apply translation function to it and those that need it untranslated
don't need to do the inverse translation.
Add translation function pointer and its parameter to uimage_load
prototype. Update all existing users.
No user-visible functional changes.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
|
|
Now that we have PSCI emulation, enable it for the virt platform.
This simplifies the virt machine a bit now that PSCI no longer
needs to be a KVM only feature.
Signed-off-by: Rob Herring <rob.herring@linaro.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1412865028-17725-8-git-send-email-peter.maydell@linaro.org
|
|
Move the registering of CPU reset handlers to before the point where
we leave the function in the -bios (not -kernel) case, so CPU reset
works correctly with -bios as well.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
check if the first cpu is an armv8 cpu, and if so, put
arm,armv8-timer in the compatible string list.
Note that due to this check, this patch moves the creation
of the timer fdt node to after the cpu creation loop.
Signed-off-by: Claudio Fontana <claudio.fontana@huawei.com>
Message-id: 1411736960-24206-1-git-send-email-hw.claudio@gmail.com
[PMM: updated to list arm,armv8-timer first]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Device models should access their block backends only through the
block-backend.h API. Convert them, and drop direct includes of
inappropriate headers.
Just four uses of BlockDriverState are left:
* The Xen paravirtual block device backend (xen_disk.c) opens images
itself when set up via xenbus, bypassing blockdev.c. I figure it
should go through qmp_blockdev_add() instead.
* Device model "usb-storage" prompts for keys. No other device model
does, and this one probably shouldn't do it, either.
* ide_issue_trim_cb() uses bdrv_aio_discard() instead of
blk_aio_discard() because it fishes its backend out of a BlockAIOCB,
which has only the BlockDriverState.
* PC87312State has an unused BlockDriverState[] member.
The next two commits take care of the latter two.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
The patch is big, but all it really does is replacing
dinfo->bdrv
by
blk_bs(blk_by_legacy_dinfo(dinfo))
The replacement is repetitive, but the conversion of device models to
BlockBackend is imminent, and will shorten it to just
blk_legacy_dinfo(dinfo).
Line wrapping muddies the waters a bit. I also omit tests whether
dinfo->bdrv is null, because it never is.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
- Memory: improve error reporting and avoid crashes on hotplug
- Build: fixing block/iscsi.so and ranlib warnings on Mac OS X
- Migration fixes for x86
- The odd KVM patch.
# gpg: Signature made Thu 11 Sep 2014 11:21:10 BST using RSA key ID 9B4D86F2
# gpg: Good signature from "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: aka "Paolo Bonzini <bonzini@gnu.org>"
* remotes/bonzini/tags/for-upstream: (21 commits)
gdbstub: init mon_chr through qemu_chr_alloc
pckbd: adding new fields to vmstate
mc146818rtc: add missed field to vmstate
piix: do not set irq while loading vmstate
serial: fixing vmstate for save/restore
parallel: adding vmstate for save/restore
fdc: adding vmstate for save/restore
cpu: init vmstate for ticks and clock offset
apic_common: vapic_paddr synchronization fix
vl: use QLIST_FOREACH_SAFE to visit change state handlers
exec: add parameter errp to gethugepagesize
exec: report error when memory < hpagesize
hostmem-ram: don't exit qemu if size of memory-backend-ram is way too big
memory: add parameter errp to memory_region_init_rom_device
memory: add parameter errp to memory_region_init_ram
exec: add parameter errp to qemu_ram_alloc and qemu_ram_alloc_from_ptr
rules.mak: Fix DSO build by pulling in archive symbols
util: Don't link host-utils.o if it's empty
util: Move general qemu_getauxval to util/getauxval.c
trace: Only link generated-tracers.o with "simple" backend
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Add support for loading DTB images when booting ELF images using
-kernel. If there are no conflicts with the placement of the ELF
segments, the DTB image is loaded at the base of RAM.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-id: 1410453915-9344-5-git-send-email-ard.biesheuvel@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
If we are running the 'virt' machine, we may have a device tree blob but no
kernel to supply it to if no -kernel option was passed. In that case, copy it
to the base of RAM where it can be picked up by a bootloader.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-id: 1410453915-9344-4-git-send-email-ard.biesheuvel@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Add an address limit input parameter to load_dtb() so that we can
tell load_dtb() how much memory the dtb is allowed to consume. If
the dtb doesn't fit, return 0, otherwise return the actual size of
the loaded dtb.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-id: 1410453915-9344-3-git-send-email-ard.biesheuvel@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
In order to make the device tree blob (DTB) available in memory not only at
first boot, but also after system reset, use rom_blob_add_fixed() to install
it into memory.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-id: 1410453915-9344-2-git-send-email-ard.biesheuvel@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
The pl011 and pl031 devices both use level triggered interrupts,
but the device tree we construct was incorrectly telling the
kernel to configure the GIC to treat them as edge triggered.
This meant that output from the pl011 would hang after a while.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1410274423-9461-1-git-send-email-peter.maydell@linaro.org
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Cc: qemu-stable@nongnu.org
|
|
Add two flash devices to the virt board, so that it can be used for
running guests which want a bootrom image such as UEFI. We provide
two flash devices to make it more convenient to provide both a
read-only UEFI image and a read-write place to store guest-set
UEFI config variables. The '-bios' command line option is set up
to provide an image for the first of the two flash devices.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1409930126-28449-2-git-send-email-ard.biesheuvel@linaro.org
|
|
Add a property "linux,stdout-path" to the /chosen DT node and make
it point to the emulated UART. This allows users such as the Linux
kernel to produce console output without the need to pass console=
or earlycon=pl011,0x... command line arguments.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-id: 1409317439-29349-1-git-send-email-ard.biesheuvel@linaro.org
Reviewed-by: Rob Herring <rob.herring@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Add parameter errp to memory_region_init_ram and update all call sites
to pass in &error_abort.
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
I'm running on a system with 8 cpus and it would be nice to have qemu
support all of them. The attached patch does that and has been tested.
That said, I'm not sure if 8 is enough or if we want to bump this even higher
now before systems with many more cpus come along. 255 anyone?
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Joel Schopp <joel.schopp@amd.com>
Message-id: 20140819213304.19537.2834.stgit@joelaarch64.amd.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
It's a MemoryRegion and not an AddressSpace. But since it's single use,
just inline the get_system_memory() call to the only usage to remove it.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: d6914047e10b956514cfaa5f391ef56c7d851b34.1408347860.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
This argument is a MemoryRegion and not an AddressSpace.
"Address space" means something quite different to "memory region"
in QEMU parlance so rename the variable to reduce confusion.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: f666cf7f2318d9b461b1e320a45bf0d82da9b7dd.1408347860.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
On aarch64 it is the bootloader's job to uncompress the kernel. UEFI
and u-boot bootloaders do this automatically when the kernel is
gzip-compressed.
However the qemu -kernel option does not do this. The following
command does not work:
qemu-system-aarch64 [...] -kernel /boot/vmlinuz
because it tries to execute the gzip-compressed data.
This commit lets gzip-compressed kernels be uncompressed
transparently.
Currently this is only done when emulating aarch64.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1407831259-2115-3-git-send-email-rjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
The current code supplies the PSCI v0.1 function IDs in the DT even when
KVM uses PSCI v0.2.
This will break guest kernels that only support PSCI v0.1 as they will
use the IDs provided in the DT. Guest kernels with PSCI v0.2 support
are not affected by this patch, because they ignore the function IDs in
the device tree and rely on the architecture definition.
Define QEMU versions of the constants and check that they correspond to
the Linux defines on Linux build hosts. After this patch, both guest
kernels with PSCI v0.1 support and guest kernels with PSCI v0.2 should
work.
Tested on TC2 for 32-bit and APM Mustang for 64-bit (aarch64 guest
only). Both cases tested with 3.14 and linus/master and verified I
could bring up 2 cpus with both guest kernels. Also tested 32-bit with
a 3.14 host kernel with only PSCI v0.1 and both guests booted here as
well.
Cc: qemu-stable@nongnu.org
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
The function IDs for PSCI v0.1 are exported by KVM and defined as
KVM_PSCI_FN_<something>. To build using these defines in non-KVM code,
QEMU defines these IDs locally and check their correctness against the
KVM headers when those are available.
However, the naming scheme used for QEMU (almost) clashes with the PSCI
v0.2 definitions from Linux so to avoid unfortunate naming when we
introduce local PSCI v0.2 defines, rename the current local defines with
QEMU_ prependend and clearly identify the PSCI version as v0.1 in the
defines.
Cc: qemu-stable@nongnu.org
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Add some spacing and zeros to make it easier to read and
modify the map. This patch has no functional changes. The
review looks ugly, but it's actually pretty easy to confirm
all the addresses are as they should be - thanks to the new
formatting ;-)
Signed-off-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
The code in do_cpu_reset() correctly handled AArch64 CPUs
when running Linux kernels, but was missing code in the
branch of the if() that deals with loading ELF files.
Correctly jump to the ELF entry point on reset rather than
leaving the reset PC at zero.
Reported-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Christopher Covington <cov@codeaurora.org>
Cc: qemu-stable@nongnu.org
|
|
pl031's base address should be 0x9010000, not 0x90010000, otherwise
it sits in ram when configuring a guest with greater than 1G.
Signed-off-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Make the vexpress-a9 board alias the first NOR flash region at
address zero, like vexpress-a15. This makes "-bios" actually usable
on this board.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1404310070-3561-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
|
|
Replace qemu_allocate_irqs(foo, bar, 1)[0]
with qemu_allocate_irq(foo, bar, 0).
This avoids leaking the dereferenced qemu_irq *.
Cc: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
[PC Changes:
* Applied change to instance in sh4/sh7750.c
]
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Kirill Batuzov <batuzovk@ispras.ru>
[AF: Fix IRQ index in sh4/sh7750.c]
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
The pxa2xx-gpio device has a VMStateDescription, but it was accidentally
never actually registered, and it wasn't quite correct. Remove the
'lines' field (this is a device property, not mutable state), add the
missing 'prev_level' field, and set dc->vmsd so it actually gets used.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
|
|
The PXA2xx GPIO GPSR and GPCR registers are write-only, with reads being
undefined behaviour. Instead of having GPCR return 31337 and GPSR return
the value last written, make both log the guest error and return 0.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
|
|
The VMStateDescription structs for the GPIO and PPC devices were
accidentally never wired up. Add missing state fields and register
them via dc->vmsd.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
|
|
The StrongARM GPIO GPSR and GPCR registers are write-only, with reads being
undefined behaviour. Instead of having GPCR return 31337 and GPSR return
the value last written, make both log the guest error and return 0.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
|
|
UEFI mandates that the platform must include an RTC, so provide
one in 'virt', using the PL031. This is also useful for directly
booting Linux kernels which would otherwise have to run ntpdate.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
If we have PSCI v0.2 emulation available for KVM ARM/ARM64 or TCG then
we need to provide PSCI v0.2 compatible string via generated DTB.
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
Signed-off-by: Anup Patel <anup.patel@linaro.org>
Reviewed-by: Rob Herring <rob.herring@linaro.org>
Message-id: 1402901605-24551-9-git-send-email-pranavkumar@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Detect attempts by the user to specify the contents of the first flash
device via both -bios and -drive if=pflash... simultaneously and
print a helpful error message.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1402419834-25982-1-git-send-email-peter.maydell@linaro.org
|
|
The Windows headers provided by MinGW define MOD_SHIFT. Avoid
it by using SPITZ_MOD_* for our constants here.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Right now to run firmware inside the QEMU VExpress model requires
padding out the firmware image to the size of the virtual flash and
passing it in via the -pflash argument. If the firmware image is passed
without padding, then QEMU will fail. Also, when passed as a -pflash
argument, QEMU treats the file as persistent storage and will modify the
file.
The -bios flag provides the semantics that we want for providing a
firmware image. This patch maps the contents of the -bios file into the
address space at the boot flash location.
Tested with the vexpress-a15 model and the Tianocore port.
Signed-off-by: Grant Likely <grant.likely@linaro.org>
Tested-by: Roy Franz <roy.franz@linaro.org>
[PMM: folded long line, removed stray \n from error message,
use correct variable for printing image name, exit(1) rather than 0]
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
The ld_raw and st_raw definitions are only needed in code that
must compile for both user-mode and softmmu emulation. Device
models can use the equivalent ld_p/st_p which are simple
pointer accessors.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
To get it out of the default GPIO list. This allows child devices to
use the un-named GPIO namespace without having to be SSI aware. That
is, there is no more need for machines to know about the obscure
policy where GPIO 0 is the SSI chip-select and GPIO 1..N are the
concrete class GPIOs (defined locally as 0..N-1).
This is most notable in stellaris, which uses a device which has both
SSI and concrete level GPIOs.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Total removal of QEMUMachineInitArgs struct. QEMUMachineInitArgs's fields
are copied into MachineState. Removed duplicated fields from MachineState.
All the other changes are only mechanical refactoring, no semantic changes.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> (s390)
Reviewed-by: Michael S. Tsirkin <mst@redhat.com> (PC)
[AF: Renamed ms -> machine, use MACHINE_GET_CLASS()]
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
We don't implement very much of the GPTM TAR register, and what we
do is wrong. The "are we in RT mode?" field is in s->config, not
s->control. Correct this, use LOG_UNIMP rather than hw_error()
for the cases we don't support, and avoid an unlabelled fallthrough
that makes Coverity complain.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
|
|
When writing to the YEARS_REG register, if the year value is
99 then the multiplication by 31536000 will overflow into
the sign bit of a 32 bit value and then be erroneously
sign-extended if time_t is 64 bits. Add a cast to avoid this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
|
|
After commit 767adce2d, they are redundant. This way we don't assign them
except when needed. Once there, there were lots of cases where the ".fields"
indentation was wrong:
.fields = (VMStateField []) {
and
.fields = (VMStateField []) {
Change all the combinations to:
.fields = (VMStateField[]){
The biggest problem (apart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM: fixed minor conflict, corrected commit message typos]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
CVE-2013-4533
s->rx_level is read from the wire and used to determine how many bytes
to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
length of s->rx_fifo[] the buffer can be overrun with arbitrary data
from the wire.
Fix this by validating rx_level against the size of s->rx_fifo.
Cc: Don Koch <dkoch@verizon.com>
Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Don Koch <dkoch@verizon.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
|
Support the Cortex-A57 in the virt machine model.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1398362083-17737-4-git-send-email-peter.maydell@linaro.org
|
