aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2017-12-18misc: remove old i386 dependencyPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18amd_iommu: avoid needless includes in header filePhilippe Mathieu-Daudé
instead move them to the source file Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18hw/ssi/aspeed_smc: remove unused #includePhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18hw/misc/pvpanic: remove unused #includePhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18hw/input/vmmouse: remove unused #includePhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18misc: avoid "include/" in include pathPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18nios2: remove duplicated includes (in code commented out)Philippe Mathieu-Daudé
applied using ./scripts/clean-includes Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18ppc: remove duplicated includesPhilippe Mathieu-Daudé
applied using ./scripts/clean-includes not needed since 7ebaf795560 Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18misc: remove duplicated includesPhilippe Mathieu-Daudé
exec: housekeeping (funny since 02d0e095031) applied using ./scripts/clean-includes Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18misc: remove headers implicitly includedPhilippe Mathieu-Daudé
applied using ./scripts/clean-includes Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Ben Warren <ben@skyportsystems.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18hw: use "qemu/osdep.h" as first #include in source filesPhilippe Mathieu-Daudé
applied using ./scripts/clean-includes Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18hw/input/hid: Add support for several keys.Tao Wu
Add support for these keys: audiomute volumedown volumeup power. Tested with "sendkey" command in monitor and verify the behavior in guest OS. Signed-off-by: Tao Wu <lepton@google.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18mmap(2) returns MAP_FAILED, not NULL, on failureMichael McConville
Signed-off-by: Michael McConville <mmcco@mykolab.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18Remove empty statementsLadi Prosek
Thanks to Laszlo Ersek for spotting the double semicolon in target/i386/kvm.c I have trivially grepped the tree for ';;' in C files. Suggested-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Ladi Prosek <lprosek@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-17Merge remote-tracking branch ↵Peter Maydell
'remotes/stefanberger/tags/pull-tpm-2017-12-15-1' into staging Merge tpm 2017/12/15 v1 # gpg: Signature made Fri 15 Dec 2017 04:44:15 GMT # gpg: using RSA key 0x75AD65802A0B4211 # gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211 * remotes/stefanberger/tags/pull-tpm-2017-12-15-1: (32 commits) tpm: tpm_passthrough: Fail startup if FE buffer size < BE buffer size tpm: tpm_emulator: get and set buffer size of device tpm: tpm_passthrough: Read the buffer size from the host device tpm: pull tpm_util_request() out of tpm_util_test() tpm: Move getting TPM buffer size to backends tpm: remove tpm_register_model() tpm-tis: use DEFINE_PROP_TPMBE qdev: add DEFINE_PROP_TPMBE tpm-tis: check that at most one TPM device exists tpm-tis: remove redundant 'tpm_tis:' in error messages tpm-emulator: add a FIXME comment about blocking cancel acpi: change TPM TIS data conditions tpm: add tpm_cmd_get_size() to tpm_util tpm: add TPM interface to lookup TPM version tpm: lookup the the TPM interface instead of TIS device tpm: rename qemu_find_tpm() -> qemu_find_tpm_be() tpm-tis: simplify header inclusion tpm-passthrough: workaround a possible race tpm-passthrough: simplify create() tpm-passthrough: make it safer to destroy after creation ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-15Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20171215-v2' into ↵Peter Maydell
staging s390x changes for 2.12: - Lots of tcg improvements: ccw hotplug is now working and we can run a Linux kernel built for z12 under tcg - zPCI improvements to get virtio-pci working - get rid of the cssid restrictions for virtual and non-virtual channel devices - we now support 8TB+ systems - 2.12 compat machine - fixes and cleanups # gpg: Signature made Fri 15 Dec 2017 10:57:01 GMT # gpg: using RSA key 0xDECF6B93C6F02FAF # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" # gpg: aka "Cornelia Huck <cohuck@kernel.org>" # gpg: aka "Cornelia Huck <cohuck@redhat.com>" # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20171215-v2: (46 commits) s390-ccw-virtio: allow for systems larger that 7.999TB s390x: change the QEMU cpu model to a stripped down z12 s390x/tcg: we already implement the Set-Program-Parameter facility s390x/tcg: implement extract-CPU-time facility s390x/tcg: Implement SIGNAL ADAPTER instruction s390x/tcg: Implement STORE CHANNEL PATH STATUS s390x/tcg: wire up SET CHANNEL MONITOR s390x/tcg: wire up SET ADDRESS LIMIT s390x/tcg: implement Interlocked-Access Facility 2 s390x/tcg: ASI/ASGI/ALSI/ALSGI are atomic with Interlocked-acccess facility 1 s390x/tcg: wire up STORE CHANNEL REPORT WORD s390x/tcg: indicate value of TODPR in STCKE s390x/tcg: implement SET CLOCK PROGRAMMABLE FIELD s390x/tcg: fix and cleanup mcck injection s390x/kvm: factor out build_channel_report_mcic() into cpu.h s390x/css: attach css bridge s390x: deprecate s390-squash-mcss machine prop s390x/css: unrestrict cssids s390x/pci: search for subregion inside the BARs s390x/pci: move the memory region write from pcistg ... # Conflicts: # include/hw/compat.h Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-15Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.12-20171215' ↵Peter Maydell
into staging ppc patch queue 2017-12-15 First pull request for qemu-2.12. This has quite a bit of stuff accumulated while 2.11 was finalizing. Highlights are: * Some preliminary work towards implementing the "XIVE" POWER9 interrupt controller * Some fixes for problems during reboot with MTTCG * A substantial TCG performance improvement via tcg_get_lookup_and_goto_ptr * Numerous assorted cleanups and bugfixes that weren't urgent enough for 2.11 # gpg: Signature made Fri 15 Dec 2017 03:14:12 GMT # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.12-20171215: (24 commits) spapr: don't initialize PATB entry if max-cpu-compat < power9 spapr: Assume msi_nonbroken spapr: Rename machine init functions for clarity target/ppc: introduce the PPC_BIT() macro spapr_events: drop bogus cell from "interrupt-ranges" property spapr: fix LSI interrupt specifiers in the device tree spapr: replace numa_get_node() with lookup in pc-dimm list spapr: introduce a spapr_qirq() helper spapr: introduce a spapr_irq_set_lsi() helper spapr: move the IRQ allocation routines under the machine ppc/xics: assign of the CPU 'intc' pointer under the core ppc/xics: introduce an icp_create() helper spapr/rtas: do not reset the MSR in stop-self command spapr/rtas: fix reboot of a a SMP TCG guest spapr/rtas: disable the decrementer interrupt when a CPU is unplugged e500: fix pci host bridge class/type openpic: debug w/ info_report() pcc: define the Power-saving mode Exit Cause Enable bits in PowerPCCPUClass nvram: add AT24Cx i2c eeprom e500: name openpic and pci host bridge ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-15s390-ccw-virtio: allow for systems larger that 7.999TBChristian Borntraeger
KVM does not allow memory regions > KVM_MEM_MAX_NR_PAGES, basically limiting the memory per slot to 8TB-4k. As memory slots on s390/kvm must be a multiple of 1MB we need start a new memory region if we cross 8TB-1M. With that (and optimistic overcommitment in the kernel) I was able to start a 24TB guest on a 1TB system. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20171211122146.162430-1-borntraeger@de.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> [CH: 1UL -> 1ULL in KVM_MEM_MAX_NR_PAGES; build fix on 32 bit hosts] Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-15Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20171214-tag' ↵Peter Maydell
into staging Xen 2017/12/14 # gpg: Signature made Fri 15 Dec 2017 00:26:26 GMT # gpg: using RSA key 0x894F8F4870E1AE90 # gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>" # gpg: aka "Stefano Stabellini <sstabellini@kernel.org>" # Primary key fingerprint: D04E 33AB A51F 67BA 07D3 0AEA 894F 8F48 70E1 AE90 * remotes/sstabellini/tags/xen-20171214-tag: xen/pt: Set is_express to avoid out-of-bounds write xenfb: activate input handlers for raw pointer devices xenfb: Add [feature|request]-raw-pointer xenfb: Use Input Handlers directly ui: generate qcode to linux mappings xen-disk: use an IOThread per instance Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-14tpm: tpm_passthrough: Fail startup if FE buffer size < BE buffer sizeStefan Berger
If the requested buffer size of the frontend is smaller than the fixed buffer size of the host's TPM, fail the startup_tpm() interface function, which will make the device unusable. We fail it because the backend TPM could produce larger packets than what the frontend could pass to the OS. The current combination of TIS frontend and either passthrough or emulator backend will not lead to this case since the TIS can support any size of buffer. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-12-14tpm: tpm_emulator: get and set buffer size of deviceStefan Berger
Convert the tpm_emulator backend to get the current buffer size of the external device and set it to the buffer size that the frontend (TIS) requests. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-12-14tpm: tpm_passthrough: Read the buffer size from the host deviceStefan Berger
Rather than hard coding the buffer size in the tpm_passthrough backend read the TPM I/O buffer size from the host device. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-12-14tpm: pull tpm_util_request() out of tpm_util_test()Stefan Berger
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-12-14tpm: Move getting TPM buffer size to backendsStefan Berger
Rather than setting the size of the TPM buffer in the front-end, query the backend for the size of the buffer. In this patch we just move the hard-coded buffer size of 4096 to the backends. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-12-14tpm: remove tpm_register_model()Marc-André Lureau
Query object classes that implements TPMIf instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-tis: use DEFINE_PROP_TPMBEMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14qdev: add DEFINE_PROP_TPMBEMarc-André Lureau
A property to lookup a tpm backend. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-tis: check that at most one TPM device existsMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-tis: remove redundant 'tpm_tis:' in error messagesMarc-André Lureau
The reported error message is already prefixed with the -device name & arguments. Before: qemu-system-x86_64: -device tpm-tis,id=foo,tpmdev=foo,irq=21: tpm_tis: IRQ 21 is outside valid range of 0 to 15 After: qemu-system-x86_64: -device tpm-tis,id=foo,tpmdev=foo,irq=21: IRQ 21 is outside valid range of 0 to 15 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-emulator: add a FIXME comment about blocking cancelMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14acpi: change TPM TIS data conditionsMarc-André Lureau
The device should be exposed if present. It shouldn't have an undefined version (or else backend init failed, and device should fail too). Finally, make the fields specific to TIS device model. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm: add tpm_cmd_get_size() to tpm_utilMarc-André Lureau
The function is generally useful and used in the following patches. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm: add TPM interface to lookup TPM versionMarc-André Lureau
Do not hardcode TPM device model to lookup version, use an interface instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm: lookup the the TPM interface instead of TIS deviceMarc-André Lureau
This will allow to introduce new devices implementing TPM. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm: rename qemu_find_tpm() -> qemu_find_tpm_be()Marc-André Lureau
find_tpm() will be introduced to lookup the TPM device. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-tis: simplify header inclusionMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-passthrough: workaround a possible raceMarc-André Lureau
The TPM backend processing thread has common shared variable race issues. (they should not be so easy to reach since guest interaction with the device is slow compared to host emulation) An obvious one is setting op_cancelled from device thread after calling write(cancel_fd). The backend thread may return before the device thread has set the variable. Instead set it before cancellation. Even if the write() failed, the end result is command get possibly cancelled (even if cancellation came from external sources it doesn't matter much). It's worth to consider removing the backend processing thread for now. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-passthrough: simplify create()Marc-André Lureau
Use a similar code as tpm_emulator_create(), call handle_opts() and handle failure cleanup with object_unref() in create(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-passthrough: make it safer to destroy after creationMarc-André Lureau
Check fds values before closing, to avoid close(-1). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-backend: move set 'id' to common codeMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-passthrough: pass TPMPassthruState to handle_device_optsMarc-André Lureau
It doesn't need TPMBackend. Also reorder arguments for consistency. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-passthrough: don't save guessed cancel_path in optionsMarc-André Lureau
The value is later unneeded, and may leak if the free visitor doesn't consider it since has_cancel_path is false. And for consistency with "path" it shouldn't be returned in get_tpm_options(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-be: ask model to the TPM interfaceMarc-André Lureau
No need to store the mode in the backend, or to let the frontend set it itself. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-be: report error instead of front-endMarc-André Lureau
Backend can give more accurate error description, and lift out the job from the frontend. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-be: call request_completed() out of threadMarc-André Lureau
Lift from the backend implementation the responsability to call the request_completed() callback outside of thread context. This also simplify frontend/interface work, as they no longer need to care whether the callback is called from a different thread. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-tis: no longer expose TPMStateMarc-André Lureau
Now that there is an interface instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-backend: store TPMIf interface, improve backend_init()Marc-André Lureau
Store the TPM interface, the actual object may be different from TPMState. Keep a reference on the interface, and check the backend wasn't already initialized. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm: move TpmIf in include/sysemu/tpm.hMarc-André Lureau
This is a better location than hw/tpm, since we are going to use the interface from outside hw/tpm. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14tpm-tis: remove unused locty_numberMarc-André Lureau
This field slipped in commit 5086bf9784. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-12-14xen/pt: Set is_express to avoid out-of-bounds writeSimon Gaiser
The passed-through device might be an express device. In this case the old code allocated a too small emulated config space in pci_config_alloc() since pci_config_size() returned the size for a non-express device. This leads to an out-of-bound write in xen_pt_config_reg_init(), which sometimes results in crashes. So set is_express as already done for KVM in vfio-pci. Shortened ASan report: ==17512==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000041648 at pc 0x55e0fdac51ff bp 0x7ffe4af07410 sp 0x7ffe4af07408 WRITE of size 2 at 0x611000041648 thread T0 #0 0x55e0fdac51fe in memcpy /usr/include/x86_64-linux-gnu/bits/string3.h:53 #1 0x55e0fdac51fe in stw_he_p include/qemu/bswap.h:330 #2 0x55e0fdac51fe in stw_le_p include/qemu/bswap.h:379 #3 0x55e0fdac51fe in pci_set_word include/hw/pci/pci.h:490 #4 0x55e0fdac51fe in xen_pt_config_reg_init hw/xen/xen_pt_config_init.c:1991 #5 0x55e0fdac51fe in xen_pt_config_init hw/xen/xen_pt_config_init.c:2067 #6 0x55e0fdabcf4d in xen_pt_realize hw/xen/xen_pt.c:830 #7 0x55e0fdf59666 in pci_qdev_realize hw/pci/pci.c:2034 #8 0x55e0fdda7d3d in device_set_realized hw/core/qdev.c:914 [...] 0x611000041648 is located 8 bytes to the right of 256-byte region [0x611000041540,0x611000041640) allocated by thread T0 here: #0 0x7ff596a94bb8 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd9bb8) #1 0x7ff57da66580 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x50580) #2 0x55e0fdda7d3d in device_set_realized hw/core/qdev.c:914 [...] Signed-off-by: Simon Gaiser <hw42@ipsumj.de> Acked-by: Stefano Stabellini <sstabellini@kernel.org> Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>