aboutsummaryrefslogtreecommitdiff
path: root/hw/misc
AgeCommit message (Collapse)Author
2015-10-16misc: zynq_slcr: Fix MMIO writesPeter Crosthwaite
The /4 for offset calculation in MMIO writes was happening twice giving wrong write offsets. Fix. While touching the code, change the if-else to be a short returning if and convert the debug message to a GUEST_ERROR, which is more accurate for this condition. Cc: qemu-stable@nongnu.org Cc: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-09macio: move DBDMA_init from instance_init to realizePaolo Bonzini
DBDMA_init is not idempotent, and calling it from instance_init breaks a simple object_new/object_unref pair. Work around this, pending qdev-ification of DBDMA, by moving the call to realize. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1443689999-12182-4-git-send-email-armbru@redhat.com>
2015-10-09hw: do not pass NULL to memory_region_init from instance_initPaolo Bonzini
This causes the region to outlive the object, because it attaches the region to /machine. This is not nice for the "realize" method, but much worse for "instance_init" because it can cause dangling pointers after a simple object_new/object_unref pair. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1443689999-12182-3-git-send-email-armbru@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
2015-09-20mac_dbdma: always clear FLUSH bit once DBDMA channel flush is completeMark Cave-Ayland
The code to flush the DBDMA channel was effectively duplicated in dbdma_control_write(), except for the fact that the copy executed outside of a RUN bit transition was broken by not clearing the FLUSH bit once the flush was complete. Newer PPC Linux kernels would timeout waiting for the FLUSH bit to clear again after submitting a FLUSH command. Fix this by always clearing the FLUSH bit once the channel flush is complete and removing the repeated code. Reported-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-09-14Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* Support for jemalloc * qemu_mutex_lock_iothread "No such process" fix * cutils: qemu_strto* wrappers * iohandler.c simplification * Many other fixes and misc patches. And some MTTCG work (with Emilio's fixes squashed): * Signal-free TCG kick * Removing spinlock in favor of QemuMutex * User-mode emulation multi-threading fixes/docs # gpg: Signature made Thu 10 Sep 2015 09:03:07 BST using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" * remotes/bonzini/tags/for-upstream: (44 commits) cutils: work around platform differences in strto{l,ul,ll,ull} cpu-exec: fix lock hierarchy for user-mode emulation exec: make mmap_lock/mmap_unlock globally available tcg: comment on which functions have to be called with mmap_lock held tcg: add memory barriers in page_find_alloc accesses remove unused spinlock. replace spinlock by QemuMutex. cpus: remove tcg_halt_cond and tcg_cpu_thread globals cpus: protect work list with work_mutex scripts/dump-guest-memory.py: fix after RAMBlock change configure: Add support for jemalloc add macro file for coccinelle configure: factor out adding disas configure vhost-scsi: fix wrong vhost-scsi firmware path checkpatch: remove tests that are not relevant outside the kernel checkpatch: adapt some tests to QEMU CODING_STYLE: update mixed declaration rules qmp: Add example usage of strto*l() qemu wrapper cutils: Add qemu_strtoull() wrapper cutils: Add qemu_strtoll() wrapper ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-07Added generic panic handler qemu_system_guest_panicked()Andrey Smetanin
There are pieces of guest panic handling code that can be shared in one generic function. These code replaced by call qemu_system_guest_panicked(). Signed-off-by: Andrey Smetanin <asmetanin@virtuozzo.com> Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Andreas Färber <afaerber@suse.de> Message-Id: <1435924905-8926-10-git-send-email-den@openvz.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-07arm: Use g_new() & friends where that makes obvious senseMarkus Armbruster
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Coccinelle semantic patch: @@ type T; @@ -g_malloc(sizeof(T)) +g_new(T, 1) @@ type T; @@ -g_try_malloc(sizeof(T)) +g_try_new(T, 1) @@ type T; @@ -g_malloc0(sizeof(T)) +g_new0(T, 1) @@ type T; @@ -g_try_malloc0(sizeof(T)) +g_try_new0(T, 1) @@ type T; expression n; @@ -g_malloc(sizeof(T) * (n)) +g_new(T, n) @@ type T; expression n; @@ -g_try_malloc(sizeof(T) * (n)) +g_try_new(T, n) @@ type T; expression n; @@ -g_malloc0(sizeof(T) * (n)) +g_new0(T, n) @@ type T; expression n; @@ -g_try_malloc0(sizeof(T) * (n)) +g_try_new0(T, n) @@ type T; expression p, n; @@ -g_realloc(p, sizeof(T) * (n)) +g_renew(T, p, n) @@ type T; expression p, n; @@ -g_try_realloc(p, sizeof(T) * (n)) +g_try_renew(T, p, n) @@ type T; expression n; @@ -(T *)g_new(T, n) +g_new(T, n) @@ type T; expression n; @@ -(T *)g_new0(T, n) +g_new0(T, n) @@ type T; expression p, n; @@ -(T *)g_renew(T, p, n) +g_renew(T, p, n) Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 1440524394-15640-1-git-send-email-armbru@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-13i.MX: Fix Coding style for CCM emulatorJean-Christophe Dubois
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: ff0b6720b1c55204e663f07be47c0203f6871084.1437080501.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-13i.MX: Split CCM emulator in a header file and a source fileJean-Christophe Dubois
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: b1d6f990229b2608bbaba24f4ff359571c0b07da.1437080501.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-07macio: remove nonexistent interrupt on pin 1Cormac O'Brien
The current macio implementation declares an interrupt that doesn't appear to exist in the hardware or any other emulator implementation. OpenBIOS detects this interrupt and generates an 'interrupts' property in the macio device tree entry. Mac OS 9 halts boot when it detects this interrupt, so it has been removed to permit further progress in the boot process. Signed-off-by: Cormac O'Brien <i.am.cormac.obrien@gmail.com> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-22Include qapi/qmp/qerror.h exactly where neededMarkus Armbruster
In particular, don't include it into headers. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-22qerror: Move #include out of qerror.hMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-19Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
virtio, pci fixes, enhancements Most notably this includes virtio cross-endian patches. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Fri Jun 19 11:18:05 2015 BST using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: vhost: enable vhost without without MSI-X pci: Don't register a specialized 'config_write' if default behavior is intended hw/core: rebase sysbus_get_fw_dev_path() to g_strdup_printf() vhost_net: re-enable when cross endian vhost-net: tell tap backend about the vnet endianness tap: fix non-linux build tap: add VNET_LE/VNET_BE operations vhost: set vring endianness for legacy virtio virtio: introduce virtio_legacy_is_cross_endian() linux-headers: sync vhost.h vhost-user: part of virtio Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-19pci: Don't register a specialized 'config_write' if default behavior is intendedShmulik Ladkani
Few devices have their specialized 'config_write' methods which simply call 'pci_default_write_config' followed by a 'msix_write_config' or 'msi_write_config' calls, using exact same arguments. This is unnecessary as 'pci_default_write_config' already invokes 'msi_write_config' and 'msix_write_config'. Also, since 'pci_default_write_config' is the default 'config_write' handler, we can simply avoid the registration of these specialized versions. Cc: Leonid Shatz <leonid.shatz@ravellosystems.com> Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-03macio: Convert to realize()Markus Armbruster
Convert device models "macio-oldworld" and "macio-newworld". Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-04-30misc: Fix new collection of typosStefan Weil
All of them were reported by codespell. Most typos are in comments, one is in an error message. Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-27sun4m: fix slavio sysctrl and led register sizesMark Cave-Ayland
These were being incorrectly declared as MISC_SIZE (1 byte) rather than 4 bytes and 2 bytes respectively. As a result accesses clamped to the real register size would unexpectedly fail. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> CC: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1427987370-15897-1-git-send-email-mark.cave-ayland@ilande.co.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-19omap: Fix warnings from SparseStefan Weil
Sparse report: arm/omap1.c:1015:9: warning: returning void-valued expression arm/omap1.c:1084:9: warning: returning void-valued expression arm/omap1.c:1178:9: warning: returning void-valued expression arm/omap1.c:1287:9: warning: returning void-valued expression arm/omap1.c:1382:9: warning: returning void-valued expression arm/omap1.c:1650:9: warning: returning void-valued expression arm/omap1.c:1778:9: warning: returning void-valued expression arm/omap1.c:1985:9: warning: returning void-valued expression arm/omap1.c:210:9: warning: returning void-valued expression arm/omap1.c:2213:9: warning: returning void-valued expression arm/omap1.c:2352:9: warning: returning void-valued expression arm/omap1.c:2447:9: warning: returning void-valued expression arm/omap1.c:2640:9: warning: returning void-valued expression arm/omap1.c:317:9: warning: returning void-valued expression arm/omap1.c:3413:13: warning: returning void-valued expression arm/omap1.c:3414:13: warning: returning void-valued expression arm/omap1.c:3415:14: warning: returning void-valued expression arm/omap1.c:3589:9: warning: returning void-valued expression arm/omap1.c:443:9: warning: returning void-valued expression arm/omap1.c:588:9: warning: returning void-valued expression arm/omap1.c:860:9: warning: returning void-valued expression arm/omap2.c:1362:9: warning: returning void-valued expression arm/omap2.c:450:9: warning: returning void-valued expression arm/omap2.c:695:9: warning: returning void-valued expression arm/omap2.c:760:9: warning: returning void-valued expression hw/char/omap_uart.c:115:9: warning: returning void-valued expression hw/display/omap_dss.c:1019:9: warning: returning void-valued expression hw/display/omap_dss.c:215:9: warning: returning void-valued expression hw/display/omap_dss.c:380:9: warning: returning void-valued expression hw/display/omap_dss.c:739:9: warning: returning void-valued expression hw/display/omap_dss.c:931:9: warning: returning void-valued expression hw/dma/omap_dma.c:139:5: warning: returning void-valued expression hw/dma/omap_dma.c:1505:9: warning: returning void-valued expression hw/dma/omap_dma.c:1860:9: warning: returning void-valued expression hw/gpio/omap_gpio.c:116:9: warning: returning void-valued expression hw/misc/omap_gpmc.c:627:9: warning: returning void-valued expression hw/misc/omap_l4.c:85:9: warning: returning void-valued expression hw/misc/omap_sdrc.c:95:9: warning: returning void-valued expression hw/misc/omap_tap.c:98:9: warning: returning void-valued expression hw/sd/omap_mmc.c:409:9: warning: returning void-valued expression hw/ssi/omap_spi.c:229:9: warning: returning void-valued expression hw/timer/omap_gptimer.c:447:9: warning: returning void-valued expression Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-03-11stm32f2xx_SYSCFG: Add the stm32f2xx SYSCFGAlistair Francis
This patch adds the stm32f2xx System Configuration Controller. This is used to configure what memory is mapped at address 0 (although that is not supported) as well as configure how the EXTI interrupts work (also not supported at the moment). This device is not required for basic examples, but more complex systems will require it (as well as the EXTI device) Signed-off-by: Alistair Francis <alistair@alistair23.me> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 5d499d7b60b61d5d6dcb310b2e55411b1f53794e.1424175342.git.alistair@alistair23.me Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-10milkymist-pfpu: fix GCC 5.0.0 aggressive-loop-optimizations warningRadim Krčmář
man gcc: Warn if in a loop with constant number of iterations the compiler detects undefined behavior in some statement during one or more of the iterations. Milkymist pfpu has no jump instructions, so checking for MICROCODE_WORDS instructions should have kept us in bounds of s->microcode, but i++ allowed one loop too many, hw/misc/milkymist-pfpu.c: In function ‘pfpu_write’: hw/misc/milkymist-pfpu.c:365:20: error: loop exit may only be reached after undefined behavior [-Werror=aggressive-loop-optimizations] if (i++ >= MICROCODE_WORDS) { ^ hw/misc/milkymist-pfpu.c:167:14: note: possible undefined statement is here uint32_t insn = s->microcode[pc]; ^ The code can still access out of bounds, because it presumes that PC register always begins at 0, and we allow writing to it. Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> Acked-by: Michael Walle <michael@walle.cc> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-03-10macio: fix possible memory leakGonglei
If ret = macio_initfn_ide() is less than 0, the timer_memory will leak the memory it points to. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-03-09cuda.c: include adb_poll_timer in VMStateDescriptionMark Cave-Ayland
Make sure that we include the adb_poll_timer when saving the VM state for client OSs that use it, e.g. Darwin. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-03-09macio.c: include parent PCIDevice state in VMStateDescriptionMark Cave-Ayland
This ensures that the macio PCI device is correctly configured when restoring from a VM snapshot. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-03-09Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pci, pc, virtio fixes and cleanups A bunch of fixes all over the place. All of ACPI refactoring has been merged. Legacy pci commands have been dropped. virtio header cleanup initial patches from virtio-1.0 branch Signed-off-by: Michael S. Tsirkin <mst@redhat.com> * remotes/mst/tags/for_upstream: (130 commits) acpi: drop unused code aml-build: comment fix acpi-build: fix typo in comment acpi: update generated files vhost user:support vhost user nic for non msi guests aml-build: fix build for glib < 2.22 acpi: update generated files Makefile.target: binary depends on config-devices acpi-test-data: update after pci rewrite acpi, mem-hotplug: use PC_DIMM_SLOT_PROP in acpi_memory_plug_cb(). pci-hotplug-old: Has been dead for five major releases, bury pci: Give a few helpers internal linkage acpi: make build_*() routines static to aml-build.c pc: acpi: remove not used anymore ssdt-[misc|pcihp].hex.generated blobs pc: acpi-build: drop template patching and create PCI bus tree dynamically tests: ACPI: update pc/SSDT.bridge due to new alg of PCI tree creation pc: acpi-build: simplify PCI bus tree generation tests: add ACPI blobs for qemu with bridge cases tests: bios-tables-test: add support for testing bridges tests: ACPI test blobs update due to PCI0._CRS changes ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Conflicts: hw/pci/pci-hotplug-old.c
2015-03-01pc: export applesmc IO port/lenIgor Mammedov
IO port and length will be used in following patch to correctly generate SMC ACPI device in SSDT. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-02-27Give ivshmem its own config optionDavid Gibson
Currently the ivshmem device is built whenever both PCI and KVM support are included. This patch gives it its own config option to allow easier customization of whether to include it. It's enabled by default in the same circumstances as now - when both PCI and KVM are available. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-Id: <1425017077-18487-4-git-send-email-david@gibson.dropbear.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-26pci: Trivial device model conversions to realizeMarkus Armbruster
Convert the device models where initialization obviously can't fail. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
2015-01-26hw: misc, add educational driverJiri Slaby
I am using qemu for teaching the Linux kernel at our university. I wrote a simple PCI device that can answer to writes/reads, generate interrupts and perform DMA. As I am dragging it locally over 2 years, I am sending it to you now. Signed-off-by: Jiri Slaby <jslaby@suse.cz> [Fix 32-bit compilation. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-26vmstate: accept QEMUTimer in VMSTATE_TIMER*, add VMSTATE_TIMER_PTR*Paolo Bonzini
Old users of VMSTATE_TIMER* are mechanically changed to VMSTATE_TIMER_PTR variants. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-19vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfioKim Phillips
This is done in preparation for the addition of VFIO platform device support. Signed-off-by: Kim Phillips <kim.phillips@linaro.org> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-19vfio: fix adding memory listener to the right address spaceFrank Blaschka
Depending on the device, container->space->as contains the valid AddressSpace. Using address_space_memory breaks devices sitting behind an iommu (and using a separate address space). Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-19vfio: migration to trace pointsEric Auger
This patch removes all DPRINTF and replace them by trace points. A few DPRINTF used in error cases were transformed into error_report. Signed-off-by: Eric Auger <eric.auger@linaro.org> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-15vfio: use kvm_resamplefds_enabled()Eric Auger
Use the kvm_resamplefds_enabled function Signed-off-by: Eric Auger <eric.auger@linaro.org> Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-31ivshmem: use error_reportAndrew Jones
Replace all the fprintf(stderr, ...) calls with error_report. Also make sure exit() consistently uses the error code 1. A few calls used -1. While at it cleanup some indentation in the printf argument lists. Signed-off-by: Andrew Jones <drjones@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-31ivshmem: Fix fd leak on errorAndreas Färber
Reported-by: Stefan Hajnoczi <stefanha@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-31ivshmem: Fix potential OOB r/w accessSebastian Krahmer
Fix OOB access via malformed incoming_posn parameters and check that requested memory is actually alloc'ed. Signed-off-by: Sebastian Krahmer <krahmer@suse.de> [AF: Rebased, cleanups, avoid fd leak] Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-31ivshmem: validate incoming_posn value from serverStefan Hajnoczi
Check incoming_posn to avoid out-of-bounds array accesses if the ivshmem server on the host sends invalid values. Cc: Cam Macdonell <cam@cs.ualberta.ca> Reported-by: Sebastian Krahmer <krahmer@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> [AF: Tighten upper bound check for posn in close_guest_eventfds()] Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-31ivshmem: Check ivshmem_read() size argumentStefan Hajnoczi
The third argument to the fd_read() callback implemented by ivshmem_read() is the number of bytes, not a flags field. Fix this and check we received enough bytes before accessing the buffer pointer. Cc: Cam Macdonell <cam@cs.ualberta.ca> Reported-by: Sebastian Krahmer <krahmer@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> [AF: Handle partial reads via FIFO] Reported-by: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-31Add skip_dump flag to ignore memory region during dumpNikunj A Dadhania
The PCI MMIO might be disabled or the device in the reset state. Make sure we do not dump these memory regions. Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> CC: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24omap_gpmc.c: Remove duplicate assignmentDr. David Alan Gilbert
This looks like an old merge error and should have no effect. (Build tested only) Found by Coccinelle using Julia Lawall's script: https://lkml.org/lkml/2014/8/23/128 Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1414055855-6688-1-git-send-email-dgilbert@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-10-15bootindex: move calling add_boot_device_patch to bootindex setter functionGonglei
On this way, we can assure the new bootindex take effect during vm rebooting. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-15vfio: remove bootindex property from qdev to qomGonglei
Remove bootindex form qdev property to qom, things will continue to work just fine, and we can use qom features which are not supported by qdev property. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-22vfio: make rom read endian sensitiveNikunj A Dadhania
All memory regions used by VFIO are LITTLE_ENDIAN and they already take care of endiannes when accessing real device BARs except ROM - it was broken on BE hosts. This fixes endiannes for ROM BARs the same way as it is done for other BARs. This has been tested on PPC64 BE/LE host/guest in all possible combinations including TCG. Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> [aik: added commit log] Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-09-22Revert "vfio: Make BARs native endian"Alexey Kardashevskiy
This reverts commit c40708176a6b52b73bec14796b7c71b882ceb102. The resulting code wrongly assumed target and host endianness are the same which is not always the case for PPC64. [aw: or potentially any host supporting VFIO and TCG] Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-09-08PPC: Cuda: Use cuda timer to expose tbfreq to guestAlexander Graf
Mac OS X calibrates a number of frequencies on bootup based on reading tb values on bootup and comparing them to via cuda timer values. The only variable we can really steer well (thanks to KVM) is the cuda frequency. So let's use that one to fake Mac OS X into believing the bus frequency is tbfreq * 4. That way Mac OS X will automatically calculate the correct timebase frequency. With this patch and the patch set I posted earlier I can successfully run Mac OS X 10.2, 10.3 and 10.4 guests with -M mac99 on TCG and KVM. Suggested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-09-08PPC: mac99: Fix core99 timer frequencyAlexander Graf
There is a special timer in the mac99 machine that we recently started to emulate. Unfortunately we emulated it in the wrong frequency. This patch adapts the frequency Mac OS X uses to evaluate results from this timer, making calculations it bases off of it work. Signed-off-by: Alexander Graf <agraf@suse.de>
2014-08-25vfio: Enable NVIDIA 88000 region quirk regardless of VGAAlex Williamson
If we make use of OVMF for the BIOS then we can use GPUs without VGA space access, but we still need this quirk. Disassociate it from the x-vga option and enable it on all NVIDIA VGA display class devices. Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-08-19Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
SCSI changes that enable sending vendor-specific commands via virtio-scsi. Memory changes for QOMification and automatic tracking of MR lifetime. # gpg: Signature made Mon 18 Aug 2014 13:03:09 BST using RSA key ID 9B4D86F2 # gpg: Good signature from "Paolo Bonzini <pbonzini@redhat.com>" # gpg: aka "Paolo Bonzini <bonzini@gnu.org>" * remotes/bonzini/tags/for-upstream: mtree: remove write-only field memory: Use canonical path component as the name memory: Use memory_region_name for name access memory: constify memory_region_name exec: Abstract away ref to memory region names loader: Abstract away ref to memory region names tpm_tis: remove instance_finalize callback memory: remove memory_region_destroy memory: convert memory_region_destroy to object_unparent ioport: split deletion and destruction nic: do not destroy memory regions in cleanup functions vga: do not dynamically allocate chain4_alias sysbus: remove unused function sysbus_del_io qom: object: move unparenting to the child property's release callback qom: object: delete properties before calling instance_finalize virtio-scsi: implement parse_cdb scsi-block, scsi-generic: implement parse_cdb scsi-block: extract scsi_block_is_passthrough scsi-bus: introduce parse_cdb in SCSIDeviceClass and SCSIBusInfo scsi-bus: prepare scsi_req_new for introduction of parse_cdb Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-08-18memory: remove memory_region_destroyPaolo Bonzini
The function is empty after the previous patch, so remove it. Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-18memory: convert memory_region_destroy to object_unparentPaolo Bonzini
Explicitly call object_unparent in the few places where we will re-create the memory region. If the memory region is simply being destroyed as part of device teardown, let QOM handle it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>