aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2012-06-27qdev: fix use-after-free in the error path of qdev_init_nofailAnthony Liguori
From Markus: Before: $ qemu-system-x86_64 -display none -drive if=ide qemu-system-x86_64: Device needs media, but drive is empty qemu-system-x86_64: Initialization of device ide-hd failed [Exit 1 ] After: $ qemu-system-x86_64 -display none -drive if=ide qemu-system-x86_64: Device needs media, but drive is empty Segmentation fault (core dumped) [Exit 139 (SIGSEGV)] This error always existed as qdev_init() frees the object. But QOM goes a bit further and purposefully sets the class pointer to NULL to help find use-after-free. It worked :-) Cc: Andreas Faerber <afaerber@suse.de> Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-26Merge remote-tracking branch 'stefanha/trivial-patches' into stagingAnthony Liguori
* stefanha/trivial-patches: tci: Support INDEX_op_bswap64_i64 target-i386: Use QEMU instead of Qemu Makefile.hw: avoid overly large 'make clean' rm command configure: Fix typo arm_gic: Send dbg msgs to stderr not stdout checkpatch: Add QEMU specific rule qemu-config: Use QEMU instead of Qemu libqtest: Fix socket_accept() to pass address_len Makefile.user: Define CONFIG_USER_ONLY for libuser/ Makefile: Remove macro qapi-dir Makefile: Remove BUILD_DIR from qapi-dir Install 'bepo' keymap already included in Qemu source
2012-06-26Merge remote-tracking branch 'spice/spice.v58' into stagingAnthony Liguori
* spice/spice.v58: vga: raise default vgamem size add pc-1.2 qxl: add vgamem_size_mb and vgamem_size vga: make vram size configurable vga: raise xres+yres limits qxl: reset current_async on qxl_soft_reset hw/qxl: ignore guest from guestbug until reset qxl: stop dirty loging when not in vga mode hw/qxl: s/qxl_guest_bug/qxl_set_guest_bug/ ui/spice-display.c: add missing initialization for valgrind
2012-06-26Merge remote-tracking branch 'sstabellini/compile-xs' into stagingAnthony Liguori
* sstabellini/compile-xs: xenstore: Use <xenstore.h> xen: Reorganize includes of Xen headers.
2012-06-26Merge remote-tracking branch 'sstabellini/xen-pt' into stagingAnthony Liguori
* sstabellini/xen-pt: Introduce Xen PCI Passthrough, MSI Introduce apic-msidef.h Introduce Xen PCI Passthrough, PCI config space helpers Introduce Xen PCI Passthrough, qdevice qdev-properties: Introduce pci-host-devaddr. pci.c: Add opaque argument to pci_for_each_device. Introduce XenHostPCIDevice to access a pci device on the host. configure: Introduce --enable-xen-pci-passthrough. pci_ids: Add INTEL_82599_SFP_VF id.
2012-06-26Merge remote-tracking branch 'kraxel/usb.54' into stagingAnthony Liguori
* kraxel/usb.54: uhci: fix uhci_async_cancel_all usb-host: live migration support usb-host: attach only to running guest ehci: tracing improvements usb: restore USBDevice->attached on vmload ehci: add live migration support
2012-06-24Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agrafBlue Swirl
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf: (72 commits) PPC: BookE206: Bump MAS2 to 64bit PPC: BookE: Support 32 and 64 bit wide MAS2 PPC: Extract SPR dump generation into its own function PPC: Add e5500 CPU target PPC: BookE: Make ivpr selectable by CPU type PPC: BookE: Implement EPR SPR PPC: Add support for MSR_CM PPC: Add some booke SPR defines uImage: increase the gzip load size PPC: e500: allow users to set the /compatible property via -machine dt: make setprop argument static PPC: e500: Refactor serial dt generation dt: Add global option to set phandle start offset PPC: e500: Extend address/size of / to 64bit PPC: e500: Define addresses as always 64bit PPC: e500: Use new SOC dt format PPC: e500: Use new MPIC dt format Revert "dt: temporarily disable subtree creation failure check" PPC: e500: enable manual loading of dtb blob PPC: e500: dt: use target_phys_addr_t for ramsize ...
2012-06-24Merge branch 'target-arm.for-upstream' of ↵Blue Swirl
git://git.linaro.org/people/pmaydell/qemu-arm * 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm: (33 commits) target-arm: Remove ARM_CPUID_* macros target-arm: Remove remaining old cp15 infrastructure target-arm: Move block cache ops to new cp15 framework target-arm: Remove c0_cachetype CPUARMState field target-arm: Convert final ID registers target-arm: Convert MPIDR target-arm: Convert cp15 cache ID registers target-arm: Convert cp15 crn=0 crm={1,2} feature registers target-arm: Convert cp15 crn=1 registers target-arm: Convert cp15 crn=9 registers target-arm: Convert cp15 crn=6 registers target-arm: convert cp15 crn=7 registers target-arm: Convert cp15 VA-PA translation registers target-arm: Convert cp15 MMU TLB control target-arm: Convert cp15 crn=15 registers target-arm: Convert cp15 crn=10 registers target-arm: Convert cp15 crn=13 registers target-arm: Convert cp15 crn=2 registers target-arm: Convert MMU fault status cp15 registers target-arm: Convert cp15 c3 register ...
2012-06-24Merge branch 's390-for-upstream' of git://repo.or.cz/qemu/agrafBlue Swirl
* 's390-for-upstream' of git://repo.or.cz/qemu/agraf: s390: stop target cpu on sigp initial reset s390: make kvm_stat work on s390 kvm: Update kernel headers s390x: fix s390 virtio aliases
2012-06-24Merge branch 'arm-devs.for-upstream' of ↵Blue Swirl
git://git.linaro.org/people/pmaydell/qemu-arm * 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm: arm_boot: Conditionalised DTB command line update cadence_ttc: changed master clock frequency cadence_gem: avoid stack-writing buffer-overrun hw/a9mpcore: Fix compilation failure if physaddrs are 64 bit hw/omap.h: Drop broken MEM_VERBOSE tracing hw/armv7m_nvic: Make the NVIC a freestanding class hw/arm_gic: Move CPU interface memory region setup into arm_gic_init hw/arm_gic.c: Make NVIC interrupt numbering a runtime setting hw/arm_gic: Make CPU target registers RAZ/WI on uniprocessor hw/arm_gic: Add qdev property for GIC revision hw/armv7m_nvic: Use MemoryRegions for NVIC specific registers hw/arm_gic: Move NVIC specific reset to armv7m_nvic_reset hw/arm_gic: Remove the special casing of NCPU for the NVIC hw/arm_gic: Remove NVIC ifdefs from gic_state struct arm_boot: Fix typos in comment ARM: Exynos4210 IRQ: Introduce new IRQ gate functionality.
2012-06-24PPC: BookE: Implement EPR SPRAlexander Graf
On the e500 series, accessing SPR_EPR magically turns into an access at that CPU's IACK register on the MPIC. Implement that logic to get kernels that make use of that feature work. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24uImage: increase the gzip load sizeAlexander Graf
Recent u-boot has different defines for its gzip extract buffer, but the common ground seems to be 64MB. So let's bump it up to that, enabling me to load my test image again ;). Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: allow users to set the /compatible property via -machineAlexander Graf
Device trees usually have a node /compatible, which indicate which machine type we're looking at. For quick prototyping, it can be very useful to change the contents of that node via the command line. Thus, introduce a new option to -machine called dt_compatible, which when set changes the /compatible contents to its value. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: Refactor serial dt generationAlexander Graf
When generating serial port device tree nodes, we duplicate quite a bit of code, because there are 2 of them in the mpc8544ds board we emulate. Shove the generating code into a function, so we duplicate less code. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: Extend address/size of / to 64bitAlexander Graf
We want to be able to support >= 4GB of RAM. To do so, we need to be able to tell the guest OS how much RAM it has. However, that information today is capped to 32bit. So let's extend the offset and size fields to 64bit, so we can fit in big addresses and even one day - if we wish to do so - map devices above 32bit. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: Define addresses as always 64bitAlexander Graf
Every time we use an address constant, it needs to potentially fit into a 64bit physical address space. So let's define things accordingly. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: Use new SOC dt formatAlexander Graf
Due to popular demand, let's clean up the soc node a bit and use more recent dt notions. Requested-by: Scott Wood <scottwood@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: Use new MPIC dt formatAlexander Graf
Due to popular demand, we're updating the way we generate the MPIC node and interrupt lines based on what the current state of art is. Requested-by: Scott Wood <scottwood@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: enable manual loading of dtb blobAlexander Graf
We want to be able to override the automatically created device tree by using the -dtb option. Implement this for the mpc8544ds machine. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: use target_phys_addr_t for ramsizeAlexander Graf
We're passing the ram size as uint32_t, capping it to 32 bits atm. Change to target_phys_addr_t (uint64_t) to make sure we have all the bits. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: use 64bit cell helperAlexander Graf
We have a nice 64bit helper to ease the device tree generation and make the code more readable when creating 64bit 2-cell parameters. Use it when generating the device tree. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24dt: Add -machine dumpdtb option to dump the current dtbAlexander Graf
Now that we are dynamically creating the dtb, it's really useful to be able to dump the created blob for debugging. This patch implements a -machine dumpdtb=<file> option for e500 that dumps the dtb exactly in the form the guest would get it to disk. It can then be analyzed by dtc to get information about the guest configuration. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: start with empty device treeAlexander Graf
Now that all of the device tree bits are generated during runtime, we can get rid of the device tree blob and instead start from scratch with an empty device tree. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: create pci node dynamicallyAlexander Graf
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: create global-utils node dynamicallyAlexander Graf
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: create mpic node dynamicallyAlexander Graf
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: create serial nodes dynamicallyAlexander Graf
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: create /soc8544 node dynamicallyAlexander Graf
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: create /chosen node dynamicallyAlexander Graf
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: create / node dynamicallyAlexander Graf
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: create /hypervisor node dynamicallyAlexander Graf
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: create /cpus node dynamicallyAlexander Graf
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: dt: create memory node dynamicallyAlexander Graf
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: e500: require libfdtAlexander Graf
Now that we're moving all of the device tree generation from an external pre-execution generated blob to runtime generation using libfdt, we absolutely must have libfdt around. This requirement was there before already, as the only way to not require libfdt with e500 was to not use -kernel, which was the only way to boot the mpc8544ds machine. This patch only manifests said requirement in the build system. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24spapr: Add "memop" hypercallBenjamin Herrenschmidt
This adds a qemu-specific hypervisor call to the pseries machine which allows to do what amounts to memmove, memcpy and xor over regions of physical memory such as the framebuffer. This is the simplest way to get usable framebuffer speed from SLOF since the framebuffer isn't mapped in the VRMA and so would otherwise require an hcall per 8 bytes access. The performance is still not great but usable, and can be improved with a more complex implementation of the hcall itself if needed. This also adds some documentation for the qemu-specific hypercalls that we add to PAPR along with a new qemu,hypertas-functions property that mirrors ibm,hypertas-functions and provides some discoverability for the new calls. Note: I chose note to advertise H_RTAS to the guest via that mechanism. This is done on purpose, the guest uses the normal RTAS interfaces provided by qemu (including SLOF) which internally calls H_RTAS. We might in the future implement part (or even all) of RTAS inside the guest like IBM's firmware does and replace H_RTAS with some finer grained set of private hypercalls. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24spapr_vscsi: Error handling fixesBenjamin Herrenschmidt
We were incorrectly g_free'ing an object that isn't allocated in one error path and failed to release it completely in another This fixes qemu crashes with some cases of IO errors. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24pseries: Correctly create ibm,segment-page-sizes propertyBenjamin Herrenschmidt
The core tcg/kvm code for ppc64 now has at least the outline capability to support pagesizes beyond the standard 4k and 16MB. The CPUState is initialized with information advertising the available pagesizes and their correct encodings, and under the right KVM setup this will be populated with page sizes beyond the standard. Obviously guests can't use the extra page sizes unless they know they're present. For the pseries machine, at least, there is a defined method for conveying exactly this information, the "ibm-segment-page-sizes" property in the guest device tree. This patch generates this property using the supported page size information that's already in the CPUState. Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-24PPC: mpc8544ds: Span initial TLB entry over as much RAM as we needAlexander Graf
The initial TLB entry is supposed to help us run the guest -kernel payload. This means the guest needs to be able to access its own memory, the initrd memory and the device tree. So far we only statically reserved a TLB entry from [0;256M[. This patch fixes it to span from [0;dt_end[, allowing the guest payload to access everything initially. Reported-by: Stuart Yoder <stuart.yoder@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-06-22vga: raise default vgamem sizeGerd Hoffmann
Old size: 8 MB (traditional upstream qemu value). New size: 16 MB (traditional qemu-kvm value). Also adds compat properties so old machine types keep the old default values. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-22add pc-1.2Gerd Hoffmann
2012-06-22qxl: add vgamem_size_mb and vgamem_sizeAlon Levy
In preperation for supporting a larger framebuffer for multiple monitors on a single card, add a property to qxl vgamem_size_mb, and corresponding byte sized vgamem_size, and use instead of VGA_RAM_SIZE. [ kraxel: simplify property handling, add sanity checks ] [ kraxel: fix mode copying ] Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-22vga: make vram size configurableGerd Hoffmann
Zap the global VGA_RAM_SIZE #define, make the vga ram size configurable for standard vga and vmware vga. cirrus and qxl are left with a fixed size (and private VGA_RAM_SIZE #define) for now. qxl needs some non-trivial adjustments in the mode list handling deal with a runtime-configurable size, which calls for a separate qxl patch. cirrus emulates cards which have 2 MB (isa) and 4 MB (pci), so I guess it would make sense to use these sizes. That change would break migration though, so I left it fixed at 8 MB size. Making it configurabls is pretty pointless for cirrus as we have to match real hardware. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-22vga: raise xres+yres limitsGerd Hoffmann
The vgabios will check whenever any given video mode will fit into the given video memory before adding it to the list of available modes, so there is no need to keep xmax * ymax * 32bpp lower than VGA_RAM_SIZE. Lets raise the limits a bit. Should be good for a few years, display sizes are not growing that fast. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-22qxl: reset current_async on qxl_soft_resetAlon Levy
Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-22hw/qxl: ignore guest from guestbug until resetAlon Levy
soft_reset is called from any of: * QXL_IO_RESET * vga io * pci reset handler Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-22qxl: stop dirty loging when not in vga modeAlon Levy
Tested with linux guest. Not sure how to check actual performance affect of this. Checked with the previously send traceevent that the kvm ioctl to start/stop dirty logging is being called. (KVM_SET_USER_MEMORY_REGION). Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-22hw/qxl: s/qxl_guest_bug/qxl_set_guest_bug/Alon Levy
Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-22arm_gic: Send dbg msgs to stderr not stdoutPeter A. G. Crosthwaite
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-06-21fdc: use LOG_UNIMP loggingBlue Swirl
Convert uses of FLOPPY_ERROR to either FLOPPY_DPRINTF (for implemented cases) or to use LOG_UNIMP (unimplemented). Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-06-21Introduce Xen PCI Passthrough, MSIJiang Yunhong
A more complete history can be found here: git://xenbits.xensource.com/qemu-xen-unstable.git Signed-off-by: Jiang Yunhong <yunhong.jiang@intel.com> Signed-off-by: Shan Haitao <haitao.shan@intel.com> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>