| Age | Commit message (Collapse) | Author |
|---|
|
pci, pc, virtio bug fixes
This reverts PCI master abort support - we'll want it
eventually but it exposes too many core bugs to be safe for 1.7.
This also reverts a recent exec.c change that was an
attempt to work-around some of these core bugs.
Also included are small fixes in pc and virtio,
and a core loader fix for PPC bamboo.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Sun 10 Nov 2013 05:13:22 AM PST using RSA key ID D28D5469
# gpg: Can't check signature: public key not found
# By Michael S. Tsirkin (3) and others
# Via Michael S. Tsirkin
* mst/tags/for_anthony:
Revert "exec: limit system memory size"
Revert "hw/pci: partially handle pci master abort"
loader: drop return value for rom_add_blob_fixed
acpi-build: disable with -no-acpi
virtio-net: only delete bh that existed
Fix pc migration from qemu <= 1.5
Message-id: 1384159176-31662-1-git-send-email-mst@redhat.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
This reverts commit a53ae8e934cd54686875b5bcfc2f434244ee55d6.
The patch being reverted introduced a low-priority memory region
covering all 64 bit pci address space. This exposed the following bugs
elsewhere in the code:
1. Some memory regions have INT64_MAX size, where the
intent was all 64 bit address space.
This results in a sub-page region, should be UINT64_MAX.
2. page table rendering in exec.c ignores physical address bits
above TARGET_PHYS_ADDR_SPACE_BITS.
Access outside this range (e.g. from device DMA, or gdb stub)
ends up with a wrong region. Registering a region outside this
range leads to page table corruption.
3. Some regions overlap PCI hole and have same priority.
This only works as long as no device uses the overlapping address.
It doesn't look like we can resolve all issues in time for 1.7.
Let's fix the bugs first and apply afterwards for 1.8.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
rom_add_blob never fails, and neither does rom_add_blob_fixed,
so there's no need to return value from it.
In fact, rom_add_blob_fixed was erroneously returning -1 unconditionally
which made the only system that checked the return value -M bamboo fail
to start.
Drop the return value and drop checks from ppc440_bamboo to
fix this failure.
Reported-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
QEMU will currently crash if started with -no-acpi flag
since acpi build code probes the PM device which isn't present
in this configuration.
To fix, don't expose ACPI tables to guest when acpi has been
disabled from command line.
Fixes LP# 1248854
https://bugs.launchpad.net/qemu/+bug/1248854
Reported-by: chao zhou <chao.zhou@intel.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
We delete without check whether it existed during exit. This will lead NULL
pointer deference since it was created conditionally depends on guest driver
status and features. So add a check of existence before trying to delete it.
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
The following commit introduced a migration incompatibility:
commit 568f0690fd9aa4d39d84b04c1a5dbb53a915c3fe
Author: David Gibson <david@gibson.dropbear.id.au>
Date: Thu Jun 6 18:48:49 2013 +1000
pci: Replace pci_find_domain() with more general pci_root_bus_path()
The issue is that i440fx savevm idstr went from 0000:00:00.0/I440FX to
0000:00.0/I440FX. Unfortunately we are stuck with the breakage for
1.6 machine types.
Add a compat property to maintain the busted idstr for the 1.6 machine
types, but revert to the old style format for 1.7+, and <= 1.5.
Tested with migration from qemu 1.5, qemu 1.6, and qemu.git.
Cc: qemu-stable@nongnu.org
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Upon processing of VIRTIO_NET_CTRL_MAC_TABLE_SET command
multicast list overwrites unicast list in mac_table.
This leads to broken logic for both unicast and multicast RX filtering.
Signed-off-by: Dmitry Fleytman <dfleytma@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
We currently just update the HMP NIC info when the last bit of macaddr
is written. This assumes that guest driver will write all the macaddr
from bit 0 to bit 5 when it changes the macaddr, this is the current
behavior of linux driver (e1000/rtl8139cp), but we can't do this
assumption.
The macaddr that is used for rx-filter will be updated when every bit
is changed. This patch updates the e1000/rtl8139 nic to update HMP NIC
info when every bit is changed. It will be same as virtio-net.
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Message-id: 1383650238-16015-1-git-send-email-akong@redhat.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
We delete without check whether it existed during exit. This will lead NULL
pointer deference since it was created conditionally depends on guest driver
status and features. So add a check of existence before trying to delete it.
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383728288-28469-1-git-send-email-jasowang@redhat.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
This was once introduced by commit 100d9891d6 but was never used in-tree
and then got broken by commit 32e0c8260d. Time to clean up.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-id: 520B6A27.4040207@siemens.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
After calling dpy_gfx_replace_surface(s->con, surface), the outer
surface is invalid.
==5370== Invalid read of size 4
==5370== at 0x460229: surface_bits_per_pixel (console.h:250)
==5370== by 0x466A81: get_depth_index (vga.c:1173)
==5370== by 0x467EC2: vga_draw_graphic (vga.c:1718)
==5370== by 0x4687A5: vga_update_display (vga.c:1914)
==5370== by 0x2A782E: qxl_hw_update (qxl.c:1766)
==5370== by 0x3EB83B: graphic_hw_update (console.c:254)
==5370== by 0x3FBE31: qemu_spice_display_refresh (spice-display.c:418)
==5370== by 0x2A7D01: display_refresh (qxl.c:1886)
==5370== by 0x3EEE1C: dpy_refresh (console.c:1436)
==5370== by 0x3EB543: gui_update (console.c:192)
==5370== by 0x3C43B3: timerlist_run_timers (qemu-timer.c:488)
==5370== by 0x3C4416: qemu_clock_run_timers (qemu-timer.c:499)
==5370== Address 0x22ffb1e0 is 0 bytes inside a block of size 56 free'd
==5370== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5370== by 0x4245FC: free_and_trace (vl.c:2771)
==5370== by 0x50899AE: g_free (gmem.c:252)
==5370== by 0x3EE8D3: qemu_free_displaysurface (console.c:1332)
==5370== by 0x3EEDB7: dpy_gfx_replace_surface (console.c:1427)
==5370== by 0x467EB6: vga_draw_graphic (vga.c:1714)
==5370== by 0x4687A5: vga_update_display (vga.c:1914)
==5370== by 0x2A782E: qxl_hw_update (qxl.c:1766)
==5370== by 0x3EB83B: graphic_hw_update (console.c:254)
==5370== by 0x3FBE31: qemu_spice_display_refresh (spice-display.c:418)
==5370== by 0x2A7D01: display_refresh (qxl.c:1886)
==5370== by 0x3EEE1C: dpy_refresh (console.c:1436)
Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1383664554-15248-1-git-send-email-marcandre.lureau@gmail.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
Replace the legacy cpu_to_32wu() with stl_p().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383669517-25598-10-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
Replace the legacy cpu_to_be32wu() with stl_be_p().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383669517-25598-8-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
Replace the legacy cpu_to_be16wu() with stw_be_p().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383669517-25598-7-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
Replace the legacy be32_to_cpupu() with ldl_be_p().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383669517-25598-6-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
Replace the legacy le32_to_cpupu() with ldl_le_p().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383669517-25598-5-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
Replace the legacy le16_to_cpupu() with lduw_le_p().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383669517-25598-4-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
Replace the legacy cpu_to_le32wu() with stl_le_p().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383669517-25598-3-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
Replace the legacy cpu_to_le16wu() with stw_le_p().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383669517-25598-2-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
|
|
staging
QOM device refactorings
* QTest coverage for all machines
* QOM realize for Milkymist UART
* QOM realize for ARM MPCore
* device_add bug fixes and cleanups
* QOM for PCMCIA/MicroDrive (last legacy IDE device)
# gpg: Signature made Tue 05 Nov 2013 09:07:03 AM PST using RSA key ID 3E7E013F
# gpg: Can't check signature: public key not found
# By Andreas Färber (49) and others
# Via Andreas Färber
* afaerber/tags/qom-devices-for-anthony: (54 commits)
pcmcia/pxa2xx: QOM'ify PXA2xxPCMCIAState
ide: Drop ide_init2_with_non_qdev_drives()
microdrive: Coding Style cleanups
pcmcia: QOM'ify PCMCIACardState and MicroDriveState
pxa: Fix typo "dettach"
qom: Fix pointer to int property helpers' documentation
qdev-monitor: Inline qdev_init() for device_add
qdev-monitor: Avoid qdev as variable name
qdev: Drop misleading qdev_free() function
qdev-monitor: Unref device when device_add fails
qdev-monitor: Fix crash when device_add is called with abstract driver
qdev-monitor: Clean up qdev_device_add() variable naming
arm11mpcore: Split off RealView MPCore
arm11mpcore: Prepare for QOM embedding
arm11mpcore: Convert mpcore_rirq_state to QOM realize
realview_gic: Prepare for QOM embedding
realview_gic: Convert to QOM realize
arm11mpcore: Convert ARM11MPCorePriveState to QOM realize
arm11mpcore: Split off SCU device
arm11mpcore: Create container MemoryRegion in instance_init
...
|
|
Turn it into a SysBusDevice and use a container MemoryRegion.
Add a link<pcmcia-card> property to the PCMCIACardState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
All its users have finally been converted.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Add missing braces.
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Turn PCMCIACardState into a device.
Move callbacks to new PCMCIACardClass.
Derive TYPE_MICRODRIVE from TYPE_PCMCIA_CARD.
Replace ide_init2_with_non_qdev_drives().
Signed-off-by: Othmar Pasteka <pasteka@kabsi.at>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
The qdev_free() function name is misleading since all the function does
is unlink the device from its parent. The device is not necessarily
freed.
The device will be freed when its QObject refcount reaches zero. It is
usual for the parent (bus) to hold the final reference but there are
cases where something else holds a reference so "free" is a misleading
name.
Call object_unparent(obj) directly instead of having a qdev wrapper
function.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Move state struct, type constant and cast macro to a new header.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Embed ARM11MPCorePriveState and RealViewGICState and replace SysBus
initfn with realizefn.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Move state struct, type constant and cast macro to a new header.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Embed GICState and replace SysBus initfn with realizefn.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Embed child devices and replace SysBus initfn with realizefn.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Inspired by a9scu.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
This allows to map the region directly after object initialization.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
"mpcode" -> "mpcore"
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
It does not have a target or ARMCPU dependency.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
|
Turn SysBusDevice initfn into a QOM realizefn.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
|
This covers both emulated and KVM GIC.
Prepares for QOM realize.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
|
Prepares for QOM realize.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
|
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
|
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
|
Prepares for QOM realize.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
|
Split the SysBusDevice initfn into instance_init and realizefn.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
|
Prepares for QOM realize.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
|
Rename A9SCUState::busdev field to parent_obj and turn realizefn into an
instance_init function to allow early MMIO mapping.
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
|
Prepares for conversion to QOM realize.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
|
Rename NCPU to GIC_NCPU and move GICState away from gic_internal.h.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
Prepares for QOM realize.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
|
