aboutsummaryrefslogtreecommitdiff
path: root/hw/timer
AgeCommit message (Collapse)Author
2016-04-08hw/timer: Revert "hpet: inverse polarity when pin above ISA_NUM_IRQS"Bill Paul
This reverts commit 0d63b2dd31464cfccc80bbeedc24e3863fe4c895. This change was originally intended to correct the HPET behavior in conjunction with Linux, however the behavior that it actually creates is not compatible with the ioapic.c implementation; it used to be compatible with KVM's own IOAPIC but it is not anymore. Signed-off-by: Bill Paul <wpaul@windriver.com> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Richard Henderson <rth@twiddle.net> CC: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <201604051558.20070.wpaul@windriver.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22util: move declarations out of qemu-common.hVeronia Bahaa
Move declarations out of qemu-common.h for functions declared in utils/ files: e.g. include/qemu/path.h for utils/path.c. Move inline functions out of qemu-common.h and into new files (e.g. include/qemu/bcd.h) Signed-off-by: Veronia Bahaa <veroniabahaa@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22Replaced get_tick_per_sec() by NANOSECONDS_PER_SECONDRutuja Shah
This patch replaces get_ticks_per_sec() calls with the macro NANOSECONDS_PER_SECOND. Also, as there are no callers, get_ticks_per_sec() is then removed. This replacement improves the readability and understandability of code. For example, timer_mod(fdctrl->result_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + (get_ticks_per_sec() / 50)); NANOSECONDS_PER_SECOND makes it obvious that qemu_clock_get_ns matches the unit of the expression on the right side of the plus. Signed-off-by: Rutuja Shah <rutu.shah.26@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22hw: explicitly include qemu-common.h and cpu.hPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22include/qemu/osdep.h: Don't include qapi/error.hMarkus Armbruster
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the Error typedef. Since then, we've moved to include qemu/osdep.h everywhere. Its file comment explains: "To avoid getting into possible circular include dependencies, this file should not include any other QEMU headers, with the exceptions of config-host.h, compiler.h, os-posix.h and os-win32.h, all of which are doing a similar job to this file and are under similar constraints." qapi/error.h doesn't do a similar job, and it doesn't adhere to similar constraints: it includes qapi-types.h. That's in excess of 100KiB of crap most .c files don't actually need. Add the typedef to qemu/typedefs.h, and include that instead of qapi/error.h. Include qapi/error.h in .c files that need it and don't get it now. Include qapi-types.h in qom/object.h for uint16List. Update scripts/clean-includes accordingly. Update it further to match reality: replace config.h by config-target.h, add sysemu/os-posix.h, sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h comment quoted above similarly. This reduces the number of objects depending on qapi/error.h from "all of them" to less than a third. Unfortunately, the number depending on qapi-types.h shrinks only a little. More work is needed for that one. Signed-off-by: Markus Armbruster <armbru@redhat.com> [Fix compilation without the spice devel packages. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-16hw/timer: Add ASPEED timer device modelAndrew Jeffery
Implement basic ASPEED timer functionality for the AST2400 SoC[1]: Up to 8 timers can independently be configured, enabled, reset and disabled. Some hardware features are not implemented, namely clock value matching and pulse generation, but the implementation is enough to boot the Linux kernel configured with aspeed_defconfig. [1] http://www.aspeedtech.com/products.php?fPath=20&rId=376 Signed-off-by: Andrew Jeffery <andrew@aj.id.au> Message-id: 1458096317-25223-2-git-send-email-andrew@aj.id.au Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-16i.MX: Add the CLK_IPG_HIGH clockJean-Christophe Dubois
EPIT, GPT and other i.MX timers are using "abstract" clocks among which a CLK_IPG_HIGH clock. On i.MX25 and i.MX31 CLK_IPG and CLK_IPG_HIGH are mapped to the same clock but on other SOC like i.MX6 they are mapped to distinct clocks. This patch add the CLK_IPG_HIGH to prepare for SOC where these 2 clocks are different. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: 224bf650194760284cb40630e985867e1373276a.1456868959.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-16i.MX: Rename CCM NOCLK to CLK_NONE for naming consistency.Jean-Christophe Dubois
This way all CCM clock defines/enums are named CLK_XXX Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: 8537df765c1713625c7a8b9aca4c7ca60b42e0c0.1456868959.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-16i.MX: Allow GPT timer to rollover.Jean-Christophe Dubois
GPT timer need to rollover when it reaches 0xffffffff. It also need to reset to 0 when in "restart mode" and crossing the compare 1 register. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: 6e2b36117a249a78bf822dd59a390368f407136e.1456868959.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-23tusb6010: move from hw/timer to hw/usbPeter Maydell
The TUSB6010 is a USB controller (as the name suggests). Move it from hw/timer (where it was accidentally filed in 2013 when we moved everything out of hw/) to hw/usb. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1455883404-10976-1-git-send-email-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-18hw/timer: QOM'ify pxa2xx_timerxiaoqiang.zhao
* split the old SysBus init function into an instance_init and a Device realize function * use DeviceClass::realize instead of SysBusDeviceClass::init Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-18hw/timer: QOM'ify pl031xiaoqiang.zhao
assign pl031_init to pl031_info.instance_init and drop the SysBusDeviceClass::init Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-18hw/timer: QOM'ify exynos4210_rtcxiaoqiang.zhao
assign exynos4210_rtc_init to exynos4210_rtc_info.instance_init and drop the SysBusDeviceClass::init Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-18hw/timer: QOM'ify exynos4210_pwmxiaoqiang.zhao
assign exynos4210_pwm_init to exynos4210_pwm_info.instance_init and drop the SysBusDeviceClass::init Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-18hw/timer: QOM'ify exynos4210_mctxiaoqiang.zhao
assign exynos4210_mct_init to exynos4210_mct_info.instance_init and drop the SysBusDeviceClass::init Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-18hw/timer: QOM'ify arm_timer (pass 2)xiaoqiang.zhao
assign DeviceClass::vmsd instead of using vmstate_register function Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-18hw/timer: QOM'ify arm_timer (pass 1)xiaoqiang.zhao
* assign icp_pit_init to icp_pit_info.instance_init * split the old SysBus init function into an instance_init and a Device realize function * use DeviceClass::realize instead of SysBusDeviceClass::init Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03log: do not unnecessarily include qom/cpu.hPaolo Bonzini
Split the bits that require it to exec/log.h. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-id: 1452174932-28657-8-git-send-email-den@openvz.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-01-29hw/timer: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-26-git-send-email-peter.maydell@linaro.org
2016-01-29arm: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-13-git-send-email-peter.maydell@linaro.org
2016-01-29x86: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-11-git-send-email-peter.maydell@linaro.org
2016-01-29unicore: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-9-git-send-email-peter.maydell@linaro.org
2016-01-29sparc: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-7-git-send-email-peter.maydell@linaro.org
2016-01-29lm32: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-5-git-send-email-peter.maydell@linaro.org
2016-01-13arm_mptimer: Don't use hw_error() in realize() methodMarkus Armbruster
Device realize() methods aren't supposed to call hw_error(), they should set an error and fail cleanly. Do that. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <1450370121-5768-4-git-send-email-armbru@redhat.com>
2016-01-09pc: acpi: move HPET from DSDT to SSDTIgor Mammedov
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-17i.MX: rename i.MX CCM get_clock() function and CLK ID enum namesJean-Christophe Dubois
This is to prepare for CCM code refactoring. This is just a bit of function and enum values renaming. We also remove some useless intermediate variables. Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 53c4d9b9611988a5f56f178f285e04490747925e.1449528242.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-09hw/timer/hpet.c: Avoid signed integer overflow which results in bugs on OSXPeter Maydell
Signed integer overflow in C is undefined behaviour, and the compiler is at liberty to assume it can never happen and optimize accordingly. In particular, the subtractions in hpet_time_after() and hpet_time_after64() were causing OSX clang to optimize the code such that it was prone to hangs and complaints about the main loop stalling (presumably because we were spending all our time trying to service very high frequency HPET timer callbacks). The clang sanitizer confirms the UB: hw/timer/hpet.c:119:26: runtime error: signed integer overflow: -2146967296 - 2147003978 cannot be represented in type 'int' Fix this by doing the subtraction as an unsigned operation and then converting to signed for the comparison. Reported-by: Aaron Elkins <threcius@yahoo.com> Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1447080991-24995-1-git-send-email-peter.maydell@linaro.org
2015-10-27i.MX: Standardize i.MX GPT debugJean-Christophe Dubois
The goal is to have debug code always compiled during build. We standardize all debug output on the following format: [QOM_TYPE_NAME]reporting_function: debug message We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output is following the same format as the above debug. Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: b7ce7e98a051479453744aded122789531d80a44.1445781957.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-27i.MX: Standardize i.MX EPIT debugJean-Christophe Dubois
The goal is to have debug code always compiled during build. We standardize all debug output on the following format: [QOM_TYPE_NAME]reporting_function: debug message We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output is following the same format as the above debug. Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: 5bbad71517ca728d8865f7b9f998baa0df022794.1445781957.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-08hw: timer: Remove unnecessary variableShraddha Barke
Compress lines and remove the variable. Signed-off-by: Shraddha Barke <shraddha.6596@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-25hpet: remove muldiv64()Laurent Vivier
hpet defines a clock period in femtoseconds but then converts it to nanoseconds to use the internal timers. We can define the period in nanoseconds and use it directly, this allows to remove muldiv64(). We only need to convert the period to femtoseconds to put it in internal hpet capability register. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-07i.MX: KZM: use standalone i.MX31 SOC supportJean-Christophe Dubois
Convert the KZM board to use the i.MX31 SoC defintition instead of redefining the entire SoC on the machine level. Major rewrite of the machine init code. While touching the memory map comment de-indent to the correct level of indentation. This obsoletes the legacy i.MX device device creation helpers which are removed. Tested by booting a minimal Linux system on the emulated platform Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 5e783561f092e1c939562fdff001f1ab1194b07f.1441057361.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-07arm: Use g_new() & friends where that makes obvious senseMarkus Armbruster
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Coccinelle semantic patch: @@ type T; @@ -g_malloc(sizeof(T)) +g_new(T, 1) @@ type T; @@ -g_try_malloc(sizeof(T)) +g_try_new(T, 1) @@ type T; @@ -g_malloc0(sizeof(T)) +g_new0(T, 1) @@ type T; @@ -g_try_malloc0(sizeof(T)) +g_try_new0(T, 1) @@ type T; expression n; @@ -g_malloc(sizeof(T) * (n)) +g_new(T, n) @@ type T; expression n; @@ -g_try_malloc(sizeof(T) * (n)) +g_try_new(T, n) @@ type T; expression n; @@ -g_malloc0(sizeof(T) * (n)) +g_new0(T, n) @@ type T; expression n; @@ -g_try_malloc0(sizeof(T) * (n)) +g_try_new0(T, n) @@ type T; expression p, n; @@ -g_realloc(p, sizeof(T) * (n)) +g_renew(T, p, n) @@ type T; expression p, n; @@ -g_try_realloc(p, sizeof(T) * (n)) +g_try_renew(T, p, n) @@ type T; expression n; @@ -(T *)g_new(T, n) +g_new(T, n) @@ type T; expression n; @@ -(T *)g_new0(T, n) +g_new0(T, n) @@ type T; expression p, n; @@ -(T *)g_renew(T, p, n) +g_renew(T, p, n) Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 1440524394-15640-1-git-send-email-armbru@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-13i.MX: Fix Coding style for GPT emulatorJean-Christophe Dubois
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: cc7d1589e774e87c346b75a6c25e07957f436ced.1437080501.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-13i.MX: Split GPT emulator in a header file and a source fileJean-Christophe Dubois
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: e32fba56b9dae3cc7c83726550514b2d0c890ae0.1437080501.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-13i.MX: Fix Coding style for EPIT emulatorJean-Christophe Dubois
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: d8d70683c6a48ac318c1635595619cfb0eb31681.1437080501.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-13i.MX: Split EPIT emulator in a header file and a source fileJean-Christophe Dubois
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 948927cab0c85da9a753c5f6d5501323d5604c8e.1437080501.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-20timer: rename NSEC_PER_SEC due to Mac OS X header clashStefan Hajnoczi
Commit e0cf11f31c24cfb17f44ed46c254d84c78e7f6e9 ("timer: Use a single definition of NSEC_PER_SEC for the whole codebase") renamed NANOSECONDS_PER_SECOND to NSEC_PER_SEC. On Mac OS X there is a <dispatch/time.h> system header which also defines NSEC_PER_SEC. This causes compiler warnings. Let's use the old name instead. It's longer but it doesn't clash. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1436364609-7929-1-git-send-email-stefanha@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-06arm_mptimer: Respect IT bit stateDmitry Osipenko
The timer should fire the interrupt only if the IT (interrupt enable) bit state of the control register is enabled. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-06arm_mptimer: Fix timer shutdown and mode changeDmitry Osipenko
The running timer can't be stopped because timer control code just doesn't handle disabling the timer. Fix it by deleting the timer if the enable bit is cleared. The timer won't start periodic ticking if a ONE-SHOT -> PERIODIC mode change happens after a one-shot tick was completed. Fix it by re-starting ticking if the timer isn't ticking right now. To avoid code churning, these two fixes are squashed in one commit. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-06Fix interval interrupt of cadence ttc when timer is in decrement modeJohannes Schlatow
The interval interrupt is not set if the timer is in decrement mode. This is because x >=0 and x < interval after leaving the while-loop. Signed-off-by: Johannes Schlatow <schlatow@ida.ing.tu-bs.de> Message-id: 20150630135821.51f3b4fd@johanness-latitude Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-02timer: Use a single definition of NSEC_PER_SEC for the whole codebaseAlberto Garcia
Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: c6e55468856ba0b8f95913c4da111cc0ef266541.1434113783.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-22qerror: Move #include out of qerror.hMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-19mc146818rtc: Reset the periodic timer on loadPaul Donohue
When loading a VM from a snapshot or migration, clock changes can cause the periodic timer to stall or loop rapidly. qemu-timer has a reset notifier mechanism that is used to avoid timer stalls or loops if the host clock changes while the VM is running when using QEMU_CLOCK_HOST. However, when loading a snapshot or migration, qemu-timer is initialized and fires the reset notifier before mc146818rtc is initialized and has registered its reset handler. In addition, this mechanism isn't used when using QEMU_CLOCK_REALTIME, which might also change when loading a snapshot or migration. To correct that problem, this commit resets the periodic timer after loading from a snapshot or migration if the clock has either jumped backward or has jumped forward by more than the clock jump limit that is used by the reset notifier code in qemu-timer. Signed-off-by: Paul Donohue <qemu-git@PaulSD.com> Message-Id: <20150612141013.GE2749@TopQuark.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17i8254: fix out-of-bounds memory access in pit_ioport_read()Petr Matousek
Due converting PIO to the new memory read/write api we no longer provide separate I/O region lenghts for read and write operations. As a result, reading from PIT Mode/Command register will end with accessing pit->channels with invalid index. Fix this by ignoring read from the Mode/Command register. This is CVE-2015-3214. Reported-by: Matt Tait <matttait@google.com> Fixes: 0505bcdec8228d8de39ab1a02644e71999e7c052 Cc: qemu-stable@nongnu.org Signed-off-by: Petr Matousek <pmatouse@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-12migration: Use normal VMStateDescriptions for SubsectionsJuan Quintela
We create optional sections with this patch. But we already have optional subsections. Instead of having two mechanism that do the same, we can just generalize it. For subsections we just change: - Add a needed function to VMStateDescription - Remove VMStateSubsection (after removal of the needed function it is just a VMStateDescription) - Adjust the whole tree, moving the needed function to the corresponding VMStateDescription Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-06-03hw/timer/arm_timer.c: Fix misusing qemu_allocate_irqs for single irqShannon Zhao
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-26Switch non-CPU callers from ld/st*_phys to address_space_ld/st*Peter Maydell
Switch all the uses of ld/st*_phys to address_space_ld/st*, except for those cases where the address space is the CPU's (ie cs->as). This was done with the following script which generates a Coccinelle patch. A few over-80-columns lines in the result were rewrapped by hand where Coccinelle failed to do the wrapping automatically, as well as one location where it didn't put a line-continuation '\' when wrapping lines on a change made to a match inside a macro definition. ===begin=== #!/bin/sh -e # Usage: # ./ldst-phys.spatch.sh > ldst-phys.spatch # spatch -sp_file ldst-phys.spatch -dir . | sed -e '/^+/s/\t/ /g' > out.patch # patch -p1 < out.patch for FN in ub uw_le uw_be l_le l_be q_le q_be uw l q; do cat <<EOF @ cpu_matches_ld_${FN} @ expression E1,E2; identifier as; @@ ld${FN}_phys(E1->as,E2) @ other_matches_ld_${FN} depends on !cpu_matches_ld_${FN} @ expression E1,E2; @@ -ld${FN}_phys(E1,E2) +address_space_ld${FN}(E1,E2, MEMTXATTRS_UNSPECIFIED, NULL) EOF done for FN in b w_le w_be l_le l_be q_le q_be w l q; do cat <<EOF @ cpu_matches_st_${FN} @ expression E1,E2,E3; identifier as; @@ st${FN}_phys(E1->as,E2,E3) @ other_matches_st_${FN} depends on !cpu_matches_st_${FN} @ expression E1,E2,E3; @@ -st${FN}_phys(E1,E2,E3) +address_space_st${FN}(E1,E2,E3, MEMTXATTRS_UNSPECIFIED, NULL) EOF done ===endit=== Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2015-03-19Fix remaining warnings from Sparse (void return)Stefan Weil
Sparse report: hw/display/vga.c:2000:5: warning: returning void-valued expression hw/intc/arm_gic.c:707:9: warning: returning void-valued expression hw/intc/etraxfs_pic.c:138:9: warning: returning void-valued expression hw/nvram/fw_cfg.c:475:5: warning: returning void-valued expression hw/timer/a9gtimer.c:124:5: warning: returning void-valued expression hw/tpm/tpm_tis.c:794:5: warning: returning void-valued expression hw/usb/hcd-musb.c:558:9: warning: returning void-valued expression hw/usb/hcd-musb.c:776:13: warning: returning void-valued expression hw/usb/hcd-musb.c:867:5: warning: returning void-valued expression hw/usb/hcd-musb.c:932:5: warning: returning void-valued expression include/qom/cpu.h:584:5: warning: returning void-valued expression monitor.c:4686:13: warning: returning void-valued expression monitor.c:4690:13: warning: returning void-valued expression Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Andreas Färber <afaerber@suse.de> Cc: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>