qemu.git
5 years agosysbus: Correct SYSTEM_BUS(obj) defines
Gonglei [Tue, 11 Nov 2014 09:37:59 +0000 (17:37 +0800)] 
sysbus: Correct SYSTEM_BUS(obj) defines

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agotarget-i386: cpu: keeping function parameters alignment on new line
Chen Fan [Wed, 5 Nov 2014 08:40:33 +0000 (16:40 +0800)] 
target-i386: cpu: keeping function parameters alignment on new line

Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agoxen-hvm: Remove redundant variable 'xstate'
Chen Gang [Tue, 11 Nov 2014 09:23:40 +0000 (17:23 +0800)] 
xen-hvm: Remove redundant variable 'xstate'

In xen_hvm_change_state_handler(), we can pass 'opaque' with type cast
to xen_main_loop_prepare() directly, there's no need to use additional
variable for it.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agocoroutine-sigaltstack: Change jmp_buf to sigjmp_buf
Willem Pinckaers [Sat, 8 Nov 2014 03:51:59 +0000 (19:51 -0800)] 
coroutine-sigaltstack: Change jmp_buf to sigjmp_buf

This is a simple patch to change the type of old_env from jmp_buf
to sigjmp_buf.  old_env is used by sigsetjmp and as such should be
a sigjmp_buf.

This fixes a stack_chk fail in a OSX 32bit build. Since at least on
OSX sigjmp_buf is four bytes larger then a jmpbuf, resulting in an
overflow in sigsetjmp. Due to variable reordering this overwrites
the stack cookie.

Signed-off-by: Willem Pinckaers <willem_qemu@lekkertech.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Peter: I think I must have missed this one when I converted
       all the jmp_buf to sigjmp_buf in commit 6ab7e546.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agopc-bios: petalogix-s3adsp1800.dtb: Use 'xlnx, xps-ethernetlite-2.00.a' instead of...
Chen Gang [Mon, 3 Nov 2014 09:26:30 +0000 (17:26 +0800)] 
pc-bios: petalogix-s3adsp1800.dtb: Use 'xlnx, xps-ethernetlite-2.00.a' instead of 'xlnx, xps-ethernetlite-2.00.b'

For Linux upstream kernel (e.g. 3.17-rc7), the related compatible string
'xlnx,xps-ethernetlite-2.00.a' is supported, but 'b' is not supported,
so change qemu dtb file to match kernel driver.

The related operation for qemu (after this patch):

   yum install libvirt
   yum install tunctl
   tunctl -b
   ip link set tap0 up
   brctl addif virbr0 tap0

   ./configure
   make
   ./microblaze-softmmu/qemu-system-microblaze -M petalogix-s3adsp1800 \
     -kernel ../linux-stable.microblaze/arch/microblaze/boot/linux.bin \
     -no-reboot -append "console=ttyUL0,115200 doreboot" -nographic \
     -net nic,vlan=0,model=xlnx.xps-ethernetlite,macaddr=00:16:35:AF:94:00 \
     -net tap,vlan=0,ifname=tap0,script=no,downscript=no

   in microblaze qemu bash (guest machine):

     ifconfig eth0 add 192.168.122.2 netmask 255.255.255.0
     ifconfig eth0 up

   Then can telnet 192.168.122.2 directly without password from the host
   machine.

The related operation for generating new dtb:

   building Linux kernel firstly, then get dts tool "./scripts/dts/dts".
   "./scripts/dtc/dtc -I dtb -O dts  -o ../work.dts ../qemu/petalogix-s3adsp1800.dtb"
   edit work.dts (replace 'xlnx,xps-ethernetlite-2.00.b')
   "./scripts/dtc/dtc -I dts -O dtb  -o ..qemu/petalogix-s3adsp1800.dtb ../work.dts"

(Since I am not quite sure whether can read this patch or not, I put the
related dtb file in attachment, please check, thanks).

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agogdbstub: Add a missing case of signal number translation in gdbstub
Martin Simmons [Wed, 5 Nov 2014 14:47:39 +0000 (14:47 +0000)] 
gdbstub: Add a missing case of signal number translation in gdbstub

While using qemu with gdb "target remote" to debug an application that uses
fork and exec, the qemu process receives SIGSTOP every time the forked process
terminates (sending SIGCHLD).

This is caused by a missing call to gdb_signal_to_target in gdbstub.c, which
is fixed by this patch:

Signed-off-by: Martin Simmons <martin@lispworks.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agonuma: make 'info numa' take into account hotplugged memory
zhanghailiang [Tue, 4 Nov 2014 11:49:30 +0000 (19:49 +0800)] 
numa: make 'info numa' take into account hotplugged memory

When do memory hotplug, if there is numa node, we should add
the memory size to the corresponding node memory size.

It affects the result of hmp command "info numa".

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agoslirp/smbd: modify/set several parameters in generated smbd.conf
Peter Wu [Mon, 3 Nov 2014 10:52:10 +0000 (11:52 +0100)] 
slirp/smbd: modify/set several parameters in generated smbd.conf

The file sharing module should not handle printers, so disable it.
The options 'load printers' and 'printing' have been available since the
beginning (May 1996, commit 0e8fd3398771da2f016d72830179507f3edda51b).
Option 'disable spoolss' is available since Samba 2.0.4, commit
de5f42c9d9172592779fa2504d44544e3b6b1c0d).

Next, "socket address" was reported as deprecated, use a combination of
"interfaces" and "bind interfaces only" instead (available since October
1997, commit 79f4fb52c1ed56fd843f81b4eb0cdd2991d4d0f4).

Override cache directory to avoid writing to a global directory. Option
available since Samba 3.4.0, Jan 2009, commit
19a05bf2f485023b11b41dfae3f6459847d55ef7.

Set "usershare max shared=0" to prevent a global directory from being
used. Option available since Samba 3.0.23, February 2006, commit
5831715049f2d460ce42299963a5defdc160891b.

The last option was introduced with Samba 3.4.0, but previously
"state directory" was already added which exists in Samba 3.4.0. As
unknown parameters are ignored (while printing a warning), it should be
safe to add another option.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agoqemu-doc.texi: fix typos in x509 examples
Gonglei [Mon, 3 Nov 2014 12:48:30 +0000 (20:48 +0800)] 
qemu-doc.texi: fix typos in x509 examples

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agoicc_bus: fix typo ICC_BRIGDE -> ICC_BRIDGE
Zhu Guihua [Mon, 3 Nov 2014 05:51:34 +0000 (13:51 +0800)] 
icc_bus: fix typo ICC_BRIGDE -> ICC_BRIDGE

Rename ICC_BRIGDE for better readability.

Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agoMerge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2014-11-02' into...
Peter Maydell [Mon, 3 Nov 2014 14:55:17 +0000 (14:55 +0000)] 
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2014-11-02' into staging

trivial patches for 2014-11-02

# gpg: Signature made Sun 02 Nov 2014 11:54:43 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"

* remotes/mjt/tags/pull-trivial-patches-2014-11-02: (23 commits)
  vdi: wrapped uuid_unparse() in #ifdef
  tap: fix possible fd leak in net_init_tap
  tap: do not close(fd) in net_init_tap_one
  target-i386: Remove unused model_features_t struct
  tap_int.h: remove repeating NETWORK_SCRIPT defines
  os-posix: reorder parent notification for -daemonize
  pidfile: stop making pidfile error a special case
  os-posix: replace goto again with a proper loop
  os-posix: use global daemon_pipe instead of cryptic fds[1]
  dump: Fix dump-guest-memory termination and use-after-close
  virtio-9p-proxy: improve error messages in connect_namedsocket()
  virtio-9p-proxy: fix error return in proxy_init()
  virtio-9p-proxy: Fix sockfd leak
  target-tricore: check return value before using it
  net/slirp: specify logbase for smbd
  Revert "os-posix: report error message when lock file failed"
  util: Improve os_mem_prealloc error message
  sparse: fix build
  target-arm: A64: remove redundant store
  target-xtensa: mark XtensaConfig structs as unused
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMerge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Peter Maydell [Mon, 3 Nov 2014 12:31:07 +0000 (12:31 +0000)] 
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

The last round of patches for soft freeze.  Includes ivshmem bugfixes,
megasas 2108 emulation, and other small patches here and there.

# gpg: Signature made Fri 31 Oct 2014 17:17:54 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (35 commits)
  virtio-scsi: fix dataplane
  ivshmem: use error_report
  ivshmem: Fix fd leak on error
  ivshmem: Fix potential OOB r/w access
  ivshmem: validate incoming_posn value from server
  ivshmem: Check ivshmem_read() size argument
  i386: fix breakpoints handling in icount mode
  kvm_stat: Add powerpc support
  kvm_stat: Abstract ioctl numbers
  kvm_stat: Rework platform detection
  kvm_stat: Fix the non-x86 exit reasons
  kvm_stat: Only consider online cpus
  virtio-scsi: Fix num_queue input validation
  scsi: devirtualize unrealize of SCSI devices
  virtio-scsi: Fix memory leak when realize failed
  iscsi: Refuse to open as writable if the LUN is write protected
  kvmvapic: patch_instruction fix
  vl.c: Fix Coverity complaining for vmstate_dump_file
  Add skip_dump flag to ignore memory region during dump
  -machine vmport=off: Allow disabling of VMWare ioport emulation
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agotcg/mips: fix store softmmu slow path
Aurelien Jarno [Mon, 27 Oct 2014 14:53:35 +0000 (15:53 +0100)] 
tcg/mips: fix store softmmu slow path

Commit 9d8bf2d1 moved the softmmu slow path out of line and introduce a
regression at the same time by always calling tcg_out_tlb_load with
is_load=1. This makes impossible to run any significant code under
qemu-system-mips*.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
5 years agovdi: wrapped uuid_unparse() in #ifdef
SeokYeon Hwang [Fri, 31 Oct 2014 08:02:05 +0000 (17:02 +0900)] 
vdi: wrapped uuid_unparse() in #ifdef

Wrapped uuid_unparse() in #ifdef to avoid "-Wunused-function"
on clang 3.4 or later.

Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agotap: fix possible fd leak in net_init_tap
Gonglei [Sun, 2 Nov 2014 05:37:17 +0000 (13:37 +0800)] 
tap: fix possible fd leak in net_init_tap

In hotplugging scenario, taking those true branch, the file
handler do not be closed. Let's close them before return.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agotap: do not close(fd) in net_init_tap_one
Gonglei [Fri, 31 Oct 2014 06:11:00 +0000 (14:11 +0800)] 
tap: do not close(fd) in net_init_tap_one

commit 5193e5fb (tap: factor out common tap initialization)
introduce net_init_tap_one(). But it's inappropriate that
we close fd in net_init_tap_one(), we should lay it in the
caller, becuase some callers needn't to close it if we get
the fd by monitor_handle_fd_param().

On the other hand, in other exceptional branches fd isn't
closed, so that's incomplete anyway.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agotarget-i386: Remove unused model_features_t struct
Eduardo Habkost [Thu, 30 Oct 2014 19:12:33 +0000 (17:12 -0200)] 
target-i386: Remove unused model_features_t struct

The struct is not used anymore and can be removed.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agotap_int.h: remove repeating NETWORK_SCRIPT defines
Gonglei [Fri, 31 Oct 2014 02:53:30 +0000 (10:53 +0800)] 
tap_int.h: remove repeating NETWORK_SCRIPT defines

DEFAULT_NETWORK_SCRIPT and DEFAULT_NETWORK_DOWN_SCRIPT
have been defined in net/net.h included in
tap.c, which is the only C file that using those two macro.
Let's remove the repeating macroinstruction.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agoos-posix: reorder parent notification for -daemonize
Michael Tokarev [Thu, 30 Oct 2014 14:47:46 +0000 (17:47 +0300)] 
os-posix: reorder parent notification for -daemonize

Put "success" parent reporting in os_setup_post() to after
all other initializers which may also fail, to the very end,
so more possible failure cases are reported properly to the
calling process.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
5 years agopidfile: stop making pidfile error a special case
Michael Tokarev [Thu, 30 Oct 2014 14:40:48 +0000 (17:40 +0300)] 
pidfile: stop making pidfile error a special case

In case of -daemonize, we write non-zero to the daemon
pipe only if pidfile creation failed, so the parent will
report error about pidfile problem.  There's no need to
make special case for this, since all other errors are
reported by the child just fine.  Let the parent report
error and simplify logic in os_daemonize().

This way, we don't need os_pidfile_error() function, since
it only prints error now, so put the error reporting printf
into the only place where qemu_create_pidfile() is called,
in vl.c.

While at it, fix wrong indentation in os_daemonize().

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agoos-posix: replace goto again with a proper loop
Michael Tokarev [Thu, 30 Oct 2014 14:37:16 +0000 (17:37 +0300)] 
os-posix: replace goto again with a proper loop

Eliminiate two fullwrite implementations with goto replacing them with
a proper do..while loop.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
5 years agoos-posix: use global daemon_pipe instead of cryptic fds[1]
Michael Tokarev [Thu, 30 Oct 2014 14:30:51 +0000 (17:30 +0300)] 
os-posix: use global daemon_pipe instead of cryptic fds[1]

When asked to -daemonize, we fork a child and setup a pipe between
it and parent to pass exit status.  os-posix.c used global fds[2]
array for that, but actually only the writing side of the pipe is
needed to be global, and this name is really too generic.  Use
just one interger for the writing side of the pipe, and name it
daemon_pipe to be more understandable than cryptic fds[1].

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
5 years agodump: Fix dump-guest-memory termination and use-after-close
Gonglei [Thu, 30 Oct 2014 06:01:17 +0000 (14:01 +0800)] 
dump: Fix dump-guest-memory termination and use-after-close

dump_iterate() dumps blocks in a loop.  Eventually, get_next_block()
returns "no more".  We then call dump_completed().  But we neglect to
break the loop!  Broken in commit 4c7e251a.

Because of that, we dump the last block again.  This attempts to write
to s->fd, which fails if we're lucky.  The error makes dump_iterate()
return failure.  It's the only way it can ever return.

Theoretical: if we're not so lucky, something else has opened something
for writing and got the same fd.  dump_iterate() then keeps looping,
messing up the something else's output, until a write fails, or the
process mercifully terminates.

The obvious fix is to restore the return lost in commit 4c7e251a.  But
the root cause of the bug is needlessly opaque loop control.  Replace it
by a clean do ... while loop.

This makes the badly chosen return values of get_next_block() more
visible.  Cleaning that up is outside the scope of this bug fix.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agovirtio-9p-proxy: improve error messages in connect_namedsocket()
Michael Tokarev [Thu, 30 Oct 2014 08:05:13 +0000 (11:05 +0300)] 
virtio-9p-proxy: improve error messages in connect_namedsocket()

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
5 years agovirtio-9p-proxy: fix error return in proxy_init()
Michael Tokarev [Thu, 30 Oct 2014 08:00:01 +0000 (11:00 +0300)] 
virtio-9p-proxy: fix error return in proxy_init()

proxy_init() does not check the return value of connect_namedsocket(),
fix this by rearranging code a little bit.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agovirtio-9p-proxy: Fix sockfd leak
Michael Tokarev [Thu, 30 Oct 2014 07:53:02 +0000 (10:53 +0300)] 
virtio-9p-proxy: Fix sockfd leak

If connect() in connect_namedsocket() return false, the sockfd will leak.
Plug it.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
5 years agotarget-tricore: check return value before using it
zhanghailiang [Thu, 30 Oct 2014 02:03:28 +0000 (10:03 +0800)] 
target-tricore: check return value before using it

We reference the return value of cpu before checking whether it is NULL,
The checking code is after that which violates code style.

It makes no difference if the cpu is NULL, qemu process will terminate.
But one will be 'Segmentation fault' and the other will report a error
which is what we want.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agonet/slirp: specify logbase for smbd
Michael Tokarev [Fri, 24 Oct 2014 20:29:50 +0000 (00:29 +0400)] 
net/slirp: specify logbase for smbd

It looks like smbd always logs to /var/log/samba/log.$progname
even if config file specifies different logfile -- when it needs
to log something before completing reading the config file.  But
if it can't open it for writing, it fails and exits.  Tell smbd
to use our temp dir as logbase (-l option) to avoid that.

The same option is used by samba3 and samba4, so there should
be no incompatible changes.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Jan Kiszka <jan.kiszka@siemens.com>
5 years agoRevert "os-posix: report error message when lock file failed"
Michael Tokarev [Fri, 24 Oct 2014 07:33:00 +0000 (11:33 +0400)] 
Revert "os-posix: report error message when lock file failed"

This reverts commit e5048d15ce6addae869f23514b2a1f0d4466418a.

qemu_create_pidfile() is only created from main(), and there,
if that function returns failure, os_pidfile_error() function
is called, to, guess that, report error (which is done differently
whenever we're daemonizing or not).

qemu_create_pidfile() function has several error returns, this
lockf() failure is one of them, there are others (another shown
in the patch context too).

So this patch makes whole thing inconsistent at least.

If we need to show error message when we're daemonizing, it
looks like we should modify os_pidfile_error() routine to always
report error and only after that check for daemon mode.  This way
all errors will be reported the same way.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agoutil: Improve os_mem_prealloc error message
Michal Privoznik [Thu, 16 Oct 2014 13:13:32 +0000 (15:13 +0200)] 
util: Improve os_mem_prealloc error message

Currently, when the preallocating guest memory process fails, a not
so helpful error message is printed out:

    # virsh start migt10
    error: Failed to start domain migt10
    error: internal error: process exited while connecting to monitor:
    os_mem_prealloc: failed to preallocate pages

From the error message it's not clear at the first glance where the
problem lies. However, changing the error message might give users a
clue.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agosparse: fix build
Gerd Hoffmann [Wed, 15 Oct 2014 09:51:09 +0000 (11:51 +0200)] 
sparse: fix build

c++ compiler isn't wrapped with cgcc, resulting in gcc complaining about
the sparse compiler flags which it doesn't know in case qemu is built
with --enable-sparse.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agotarget-arm: A64: remove redundant store
Alex Bennée [Wed, 15 Oct 2014 07:16:31 +0000 (08:16 +0100)] 
target-arm: A64: remove redundant store

There is not much point storing the same value twice in a row.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agotarget-xtensa: mark XtensaConfig structs as unused
Peter Maydell [Sun, 14 Sep 2014 19:36:33 +0000 (20:36 +0100)] 
target-xtensa: mark XtensaConfig structs as unused

The XtensaConfig structs will be defined but not used if they are
for the opposite endianness from that of the binary being built;
keep the compiler from complaining about this by marking them
with the 'unused' attribute.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agobitmap.h: Don't include qemu-common.h
Eduardo Habkost [Fri, 26 Sep 2014 19:46:04 +0000 (16:46 -0300)] 
bitmap.h: Don't include qemu-common.h

This will avoid unexpected circular header dependencies in the future.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agobitops.h: Don't include qemu-common.h
Eduardo Habkost [Fri, 26 Sep 2014 19:46:03 +0000 (16:46 -0300)] 
bitops.h: Don't include qemu-common.h

This removes the following circular dependency:

bitops.h -> qemu-common.h -> target-i386/cpu.h -> target-i386/cpu-qom.h ->
qom/cpu.h -> qdev-core.h -> bitmap.h -> bitops.h.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agotests: Add missing include to test-bitops.c
Eduardo Habkost [Fri, 26 Sep 2014 19:46:02 +0000 (16:46 -0300)] 
tests: Add missing include to test-bitops.c

The test code needs osdep.h for the ARRAY_SIZE macro.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
5 years agovirtio-scsi: fix dataplane
Paolo Bonzini [Fri, 31 Oct 2014 16:38:04 +0000 (17:38 +0100)] 
virtio-scsi: fix dataplane

Commit 361dcc7 (virtio-scsi: dataplane: fail setup gracefully, 2014-10-15)
actually broke successful dataplane setup in a not-so-graceful manner:

    qemu-system-x86_64: .../util/rfifolock.c:71: rfifolock_unlock: Assertion `r->nesting > 0' failed.

due to a missing return statement.

Fixes: 361dcc790db8c87b2e46ab610739191ced894c44
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoivshmem: use error_report
Andrew Jones [Tue, 7 Oct 2014 11:24:02 +0000 (13:24 +0200)] 
ivshmem: use error_report

Replace all the fprintf(stderr, ...) calls with error_report.
Also make sure exit() consistently uses the error code 1. A few calls
used -1. While at it cleanup some indentation in the printf argument
lists.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoivshmem: Fix fd leak on error
Andreas Färber [Mon, 15 Sep 2014 16:40:08 +0000 (18:40 +0200)] 
ivshmem: Fix fd leak on error

Reported-by: Stefan Hajnoczi <stefanha@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoivshmem: Fix potential OOB r/w access
Sebastian Krahmer [Mon, 15 Sep 2014 16:40:07 +0000 (18:40 +0200)] 
ivshmem: Fix potential OOB r/w access

Fix OOB access via malformed incoming_posn parameters
and check that requested memory is actually alloc'ed.

Signed-off-by: Sebastian Krahmer <krahmer@suse.de>
[AF: Rebased, cleanups, avoid fd leak]
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoivshmem: validate incoming_posn value from server
Stefan Hajnoczi [Mon, 15 Sep 2014 16:40:06 +0000 (18:40 +0200)] 
ivshmem: validate incoming_posn value from server

Check incoming_posn to avoid out-of-bounds array accesses if the ivshmem
server on the host sends invalid values.

Cc: Cam Macdonell <cam@cs.ualberta.ca>
Reported-by: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[AF: Tighten upper bound check for posn in close_guest_eventfds()]
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoivshmem: Check ivshmem_read() size argument
Stefan Hajnoczi [Mon, 15 Sep 2014 16:40:05 +0000 (18:40 +0200)] 
ivshmem: Check ivshmem_read() size argument

The third argument to the fd_read() callback implemented by
ivshmem_read() is the number of bytes, not a flags field.  Fix this and
check we received enough bytes before accessing the buffer pointer.

Cc: Cam Macdonell <cam@cs.ualberta.ca>
Reported-by: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[AF: Handle partial reads via FIFO]
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoi386: fix breakpoints handling in icount mode
Pavel Dovgalyuk [Wed, 22 Oct 2014 11:38:31 +0000 (15:38 +0400)] 
i386: fix breakpoints handling in icount mode

This patch fixes instructions counting when execution is stopped on
breakpoint (e.g. set from gdb). Without a patch extra instruction is translated
and icount is incremented by invalid value (which equals to number of
executed instructions + 1).

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
5 years agokvm_stat: Add powerpc support
Michael Ellerman [Tue, 17 Jun 2014 07:54:35 +0000 (17:54 +1000)] 
kvm_stat: Add powerpc support

Add support for powerpc platforms. We use uname -m, which allows us to
detect ppc, ppc64 and ppc64le/el.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agokvm_stat: Abstract ioctl numbers
Michael Ellerman [Tue, 17 Jun 2014 07:54:34 +0000 (17:54 +1000)] 
kvm_stat: Abstract ioctl numbers

Unfortunately ioctl numbers are platform specific, so abstract them out
of the code so they can be overridden. As it happens x86 and s390 share
the same values, so nothing needs to change yet.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agokvm_stat: Rework platform detection
Michael Ellerman [Tue, 17 Jun 2014 07:54:32 +0000 (17:54 +1000)] 
kvm_stat: Rework platform detection

The current platform detection is a little bit messy. We look for lines
in /proc/cpuinfo starting with 'flags' OR 'vendor-id', and scan both
for values we know will only occur in one or the other. We also keep
scanning once we've found a value, which could be a feature, but isn't
in this case.

We'd also like to add another platform, powerpc, which will just make it
worse. So clean it up in preparation.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agokvm_stat: Fix the non-x86 exit reasons
Michael Ellerman [Tue, 17 Jun 2014 07:54:31 +0000 (17:54 +1000)] 
kvm_stat: Fix the non-x86 exit reasons

In kvm_stat we have a dictionary of exit reasons for s390. Firstly these
are not s390 specific, they are the generic exit reasons. So rename the
dictionary to reflect that, and add it separately to filters[].

Secondly, the values are defined using hex, but in the kernel header
they are decimal. That means values above 9 in kvm_stat are incorrect.

While we're there, fix the whitespace to match the rest of the file.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agokvm_stat: Only consider online cpus
Michael Ellerman [Tue, 17 Jun 2014 07:54:30 +0000 (17:54 +1000)] 
kvm_stat: Only consider online cpus

In kvm_stat we grovel through /sys to find out how many cpus are in the
system. However if a cpu is offline it will still be present in /sys,
and the perf_event_open() will fail.

Modify the logic to only return online cpus. We need to be careful on
systems which don't support cpu hotplug, the online file will not be
present at all.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agovirtio-scsi: Fix num_queue input validation
Fam Zheng [Fri, 31 Oct 2014 03:04:31 +0000 (11:04 +0800)] 
virtio-scsi: Fix num_queue input validation

We need to count the ctrlq and eventq, and also cleanup before
returning. Besides, the format string should be unsigned.

The number could never be less than zero.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoscsi: devirtualize unrealize of SCSI devices
Paolo Bonzini [Tue, 17 Sep 2013 13:09:15 +0000 (15:09 +0200)] 
scsi: devirtualize unrealize of SCSI devices

All implementations are the same.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agovirtio-scsi: Fix memory leak when realize failed
Fam Zheng [Thu, 30 Oct 2014 11:50:26 +0000 (19:50 +0800)] 
virtio-scsi: Fix memory leak when realize failed

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoiscsi: Refuse to open as writable if the LUN is write protected
Fam Zheng [Thu, 30 Oct 2014 11:23:46 +0000 (19:23 +0800)] 
iscsi: Refuse to open as writable if the LUN is write protected

Before, when a write protected iSCSI target is attached as scsi-disk
with BDRV_O_RDWR, we report it as writable, while in fact all writes
will fail.

One way to improve this is to report write protect flag as true to
guest, but a even better way is to refuse using a write protected LUN to
guest.

Target write protect flag is checked with a mode sense query.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agokvmvapic: patch_instruction fix
Pavel Dovgalyuk [Thu, 30 Oct 2014 09:31:00 +0000 (12:31 +0300)] 
kvmvapic: patch_instruction fix

When QEMU works in icount mode cpu_restore_state function performs two actions:
restoring the program counter and updating icount to the correct value.
kvmvapic's patch_instruction function is called by cpu_report_tpr_access
function which also invokes cpu_restore_state. It results to calling
cpu_restore_state twice - in cpu_report_tpr_access and in patch_instruction.
When icount is disabled second call is safe. But when icount is enabled,
cpu_restore_state modifies instructions counter twice, which leads to incorrect
behavior. This patch removes useless cpu_restore_state call from kvmvapic.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
5 years agovl.c: Fix Coverity complaining for vmstate_dump_file
Gonglei [Wed, 29 Oct 2014 12:49:43 +0000 (20:49 +0800)] 
vl.c: Fix Coverity complaining for vmstate_dump_file

commit abfd9ce3(migration: dump vmstate info as a json
file for static analysis) introduce a new command,
'-dump-vmstate', that takes a filename
as an argument.  When executed, QEMU will dump the vmstate information
for the machine type it's invoked with to the file, and quit.

However, only one instance of the -dump-vmstate option is supported.
If more were given, the vmstate_dump_file variable would be overwritten.

This fix also helps silence a Coverity error.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoAdd skip_dump flag to ignore memory region during dump
Nikunj A Dadhania [Mon, 15 Sep 2014 03:58:23 +0000 (09:28 +0530)] 
Add skip_dump flag to ignore memory region during dump

The PCI MMIO might be disabled or the device in the reset state.
Make sure we do not dump these memory regions.

Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years ago-machine vmport=off: Allow disabling of VMWare ioport emulation
Dr. David Alan Gilbert [Fri, 3 Oct 2014 21:33:37 +0000 (17:33 -0400)] 
-machine vmport=off: Allow disabling of VMWare ioport emulation

This is a pc & q35 only machine opt.

VMWare apparently doesn't like running under QEMU due to our
incomplete emulation of it's special IO Port.  This adds a
pc & q35 property to allow it to be turned off.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Don Slutz <dslutz@verizon.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: Fixup MSI-X handling
Hannes Reinecke [Wed, 29 Oct 2014 12:00:16 +0000 (13:00 +0100)] 
megasas: Fixup MSI-X handling

MSI-X works slightly different than INTx; the doorbell
registers are not necessarily used as MSI-X interrupts
are directed anyway. So the head pointer on the
reply queue needs to be updated as soon as a frame
is completed, and we can set the doorbell only
when in INTx mode.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: Rework frame queueing algorithm
Hannes Reinecke [Wed, 29 Oct 2014 12:00:15 +0000 (13:00 +0100)] 
megasas: Rework frame queueing algorithm

Windows requires the frames to be unmapped, otherwise we run
into a race condition where the updated frame data is not
visible to the guest.
With that we can simplify the queue algorithm and use a bitmap
for tracking free frames.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: Update queue logging
Hannes Reinecke [Wed, 29 Oct 2014 12:00:14 +0000 (13:00 +0100)] 
megasas: Update queue logging

Improve queue logging by displaying head and tail pointer
of the completion queue.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: Implement DCMD_CLUSTER_RESET_LD
Hannes Reinecke [Wed, 29 Oct 2014 12:00:13 +0000 (13:00 +0100)] 
megasas: Implement DCMD_CLUSTER_RESET_LD

Some implementations use DCMD_CLUSTER_RESET_LD to simulate
a device reset.

Signed-off-by: Hannes Reinecke <hare@suse.de>
[Compare against id, not lun. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: Ignore duplicate init_firmware commands
Hannes Reinecke [Wed, 29 Oct 2014 12:00:12 +0000 (13:00 +0100)] 
megasas: Ignore duplicate init_firmware commands

The windows driver is sending several init_firmware commands
when in MSI-X mode. It is, however, using only the first
queue. So disregard any additional init_firmware commands
until the HBA is reset.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: Clear unit attention on initial reset
Hannes Reinecke [Wed, 29 Oct 2014 12:00:11 +0000 (13:00 +0100)] 
megasas: Clear unit attention on initial reset

The EFI firmware doesn't handle unit attentions properly,
so we need to clear the Power On/Reset unit attention upon
initial reset.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: Decode register names
Hannes Reinecke [Wed, 29 Oct 2014 12:00:10 +0000 (13:00 +0100)] 
megasas: Decode register names

To ease debugging we should be decoding
the register names.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: Fix typo in megasas_dcmd_ld_get_list()
Hannes Reinecke [Wed, 29 Oct 2014 12:00:09 +0000 (13:00 +0100)] 
megasas: Fix typo in megasas_dcmd_ld_get_list()

The check for a valid command buffer size was inverted.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: add MegaRAID SAS 2108 emulation
Hannes Reinecke [Wed, 29 Oct 2014 12:00:08 +0000 (13:00 +0100)] 
megasas: add MegaRAID SAS 2108 emulation

The 2108 chip supports MSI and MSI-X, so update the emulation
to support both chips.

Signed-off-by: Hannes Reinecke <hare@suse.de>
[Make VMStateDescription const. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: fixup device mapping
Hannes Reinecke [Wed, 29 Oct 2014 12:00:07 +0000 (13:00 +0100)] 
megasas: fixup device mapping

Logical drives can only be addressed with the 'target_id' number;
LUN numbers cannot be selected.
Physical drives can be selected with both, target and LUN id.

So we should disallow LUN numbers not equal to 0 when in
RAID mode.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: simplify trace event messages
Hannes Reinecke [Wed, 29 Oct 2014 12:00:06 +0000 (13:00 +0100)] 
megasas: simplify trace event messages

The trace events already contain the function name, so the actual
message doesn't need to contain any of these informations.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agomegasas: fixup MFI_DCMD_LD_LIST_QUERY
Hannes Reinecke [Wed, 29 Oct 2014 12:00:05 +0000 (13:00 +0100)] 
megasas: fixup MFI_DCMD_LD_LIST_QUERY

The MFI_DCMD_LD_LIST_QUERY function is using a different format than
MFI_DCMD_LD_LIST, so we need to implement it differently.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoscsi: Rename scsi_*_length() to scsi_*_xfer(), add scsi_cdb_length()
Hannes Reinecke [Wed, 29 Oct 2014 12:00:04 +0000 (13:00 +0100)] 
scsi: Rename scsi_*_length() to scsi_*_xfer(), add scsi_cdb_length()

scsi_cdb_length() does not return the length of the cdb, but
the transfersize encoded in the cdb. So rename it to scsi_cdb_xfer()
and also rename all other related functions to end with _xfer.

We can then add a new scsi_cdb_length() which actually does return the
length of the cdb.  With that DEBUG_SCSI can now display the correct
CDB buffer.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoui: Use the new ".mo-cflags" rule syntax for SDL_CFLAGS
Fam Zheng [Tue, 28 Oct 2014 08:47:55 +0000 (16:47 +0800)] 
ui: Use the new ".mo-cflags" rule syntax for SDL_CFLAGS

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agorules.mak: Allow .mo-objs and .mo-cflags in -y variables
Fam Zheng [Tue, 28 Oct 2014 08:47:54 +0000 (16:47 +0800)] 
rules.mak: Allow .mo-objs and .mo-cflags in -y variables

Expand %.mo-objs in -y nested objects, so that we can write combined
object -cflags rules like what will be done in the coming patch.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoMerge remote-tracking branch 'remotes/sstabellini/xen-2014-10-30' into staging
Peter Maydell [Thu, 30 Oct 2014 20:28:09 +0000 (20:28 +0000)] 
Merge remote-tracking branch 'remotes/sstabellini/xen-2014-10-30' into staging

* remotes/sstabellini/xen-2014-10-30:
  fix off-by-one error in pci_piix3_xen_ide_unplug
  xen-hvm.c: Add support for Xen access to vmport

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-cve-2014-3689-20141029-1'...
Peter Maydell [Thu, 30 Oct 2014 19:11:24 +0000 (19:11 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-cve-2014-3689-20141029-1' into staging

vmware-vga: add rectangle verification (CVE-2014-3689)

# gpg: Signature made Wed 29 Oct 2014 11:45:29 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-cve-2014-3689-20141029-1:
  vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
  vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
  vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
  vmware-vga: add vmsvga_verify_rect
  vmware-vga: CVE-2014-3689: turn off hw accel

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20141028-1' into staging
Peter Maydell [Thu, 30 Oct 2014 18:21:25 +0000 (18:21 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20141028-1' into staging

vnc: return directly if no vnc client connected
vnc: sanitize bits_per_pixel from the client (CVE-2014-7815)

# gpg: Signature made Tue 28 Oct 2014 10:52:31 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vnc-20141028-1:
  vnc: return directly if no vnc client connected
  vnc: sanitize bits_per_pixel from the client

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20141028-1' into staging
Peter Maydell [Thu, 30 Oct 2014 17:04:29 +0000 (17:04 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20141028-1' into staging

Fixes for libcacard (usb smartcard emulation), xhci and uhci.

# gpg: Signature made Tue 28 Oct 2014 10:39:52 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-usb-20141028-1:
  uhci: remove useless DEBUG
  xhci: add property to turn on/off streams support
  libcacard: don't free sign buffer while sign op is pending
  libcacard: Lock NSS cert db when selecting an applet on an emulated card
  libcacard: introduce new vcard_emul_logout

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-20141028-1' into staging
Peter Maydell [Thu, 30 Oct 2014 14:45:53 +0000 (14:45 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-20141028-1' into staging

gtk: fix two warnings with gtk 3.14+

# gpg: Signature made Tue 28 Oct 2014 10:25:52 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-gtk-20141028-1:
  gtk: avoid gd_widget_reparent with gtk 3.14+
  gtk: drop gtk_widget_set_double_buffered call

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agofix off-by-one error in pci_piix3_xen_ide_unplug
James Harper [Thu, 30 Oct 2014 10:08:28 +0000 (10:08 +0000)] 
fix off-by-one error in pci_piix3_xen_ide_unplug

Fix off-by-one error when unplugging disks, which would otherwise leave the last ATA disk plugged, with obvious consequences. Also rewrite loop to be more readable.

Signed-off-by: James Harper <james.harper@ejbdigital.com.au>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
5 years agoxen-hvm.c: Add support for Xen access to vmport
Don Slutz [Mon, 20 Oct 2014 19:49:12 +0000 (15:49 -0400)] 
xen-hvm.c: Add support for Xen access to vmport

This adds synchronisation of the 6 vcpu registers (only 32bits of
them) that vmport.c needs between Xen and QEMU.

This is to avoid a 2nd and 3rd exchange between QEMU and Xen to
fetch and put these 6 vcpu registers used by the code in vmport.c
and vmmouse.c

The registers are passed in the new shared page provided by
HVM_PARAM_VMPORT_REGS_PFN.

Add new array to XenIOState that allows selection of current_cpu by
vcpu id.

Now pass XenIOState to handle_ioreq().

Add new routines regs_to_cpu(), regs_from_cpu(), and
handle_vmport_ioreq().

Signed-off-by: Don Slutz <dslutz@verizon.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
5 years agoMerge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Peter Maydell [Thu, 30 Oct 2014 13:35:12 +0000 (13:35 +0000)] 
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

virtio-scsi fixes, the first part of dynamic sysbus devices,
MAINTAINERS updates, and AVX512 support.

# gpg: Signature made Mon 27 Oct 2014 15:12:13 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (28 commits)
  aio / timers: De-document -clock
  hw/scsi/virtio-scsi.c: fix the "type" use error in virtio_scsi_handle_ctrl
  virtio-scsi: sense in virtio_scsi_command_complete
  target-i386: add Intel AVX-512 support
  get_maintainer.pl: restrict cases where it falls back to --git
  get_maintainer.pl: move git loop under "if ($email) {"
  qtest: fix qtest log fd should be initialized before qtest chardev
  MAINTAINERS: avoid M entries that point to mailing lists
  MAINTAINERS: add some tests directories
  MAINTAINERS: Add more TCG files
  MAINTAINERS: add myself for X86
  MAINTAINERS: add Samuel Thibault as usb-serial.c and baum.c maintainer
  MAINTAINERS: grab more files from Anthony's pile
  target-i386: warns users when CPU threads>1 for non-Intel CPUs
  sysbus: Use TYPE_DEVICE GPIO functionality
  qdev: gpio: Define qdev_pass_gpios()
  qdev: gpio: Remove qdev_init_gpio_out x1 restriction
  qdev: gpio: delete NamedGPIOList::out
  irq: Remove qemu_irq_intercept_out
  qtest/irq: Rework IRQ interception
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agovirtio: link the rng backend through an alias property
Paolo Bonzini [Wed, 29 Oct 2014 10:17:19 +0000 (11:17 +0100)] 
virtio: link the rng backend through an alias property

The virtio-rng backend is currently linked twice, once in the proxy
device (e.g. virtio-rng-pci) and once in virtio-rng-device.  This causes
a double unref of the backend when the parent device is unplugged.

To fix this, make the proxy device use an alias, similar to what is
already being done for the iothread link.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Message-id: 1414577839-18695-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agovmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
Gerd Hoffmann [Mon, 6 Oct 2014 09:59:51 +0000 (11:59 +0200)] 
vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect

Add verification to vmsvga_fill_rect, re-enable HW_FILL_ACCEL.

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
5 years agovmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
Gerd Hoffmann [Mon, 6 Oct 2014 09:58:51 +0000 (11:58 +0200)] 
vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect

Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL.

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
5 years agovnc: return directly if no vnc client connected
ChenLiang [Mon, 29 Sep 2014 07:00:40 +0000 (15:00 +0800)] 
vnc: return directly if no vnc client connected

graphic_hw_update and vnc_refresh_server_surface aren't
need to do when no vnc client connected. It can reduce
lock contention, because vnc_refresh will hold global big
lock two millisecond every three seconds.

Signed-off-by: ChenLiang <chenliang88@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5 years agovnc: sanitize bits_per_pixel from the client
Petr Matousek [Mon, 27 Oct 2014 11:41:44 +0000 (12:41 +0100)] 
vnc: sanitize bits_per_pixel from the client

bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.

To fix this check that bits_per_pixel from the client is one of the
values that the rfb protocol specification allows.

This is CVE-2014-7815.

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
[ kraxel: apply codestyle fix ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5 years agouhci: remove useless DEBUG
Gonglei [Mon, 27 Oct 2014 10:20:17 +0000 (18:20 +0800)] 
uhci: remove useless DEBUG

commit 50dcc0f8 (uhci: tracing support) had removed
DPRINTF, the DEBUG marco is useless now, remove it.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5 years agoxhci: add property to turn on/off streams support
Gerd Hoffmann [Tue, 21 Oct 2014 10:29:33 +0000 (12:29 +0200)] 
xhci: add property to turn on/off streams support

streams support in usb-redir and usb-host works only with recent enough
versions of the support libraries (libusbredir and libusbx).  Failure
mode is rather unelegant:  Any stream usb transfers will throw stall
errors.  Turning off support for streams in the xhci host controller
will work better as the guest can figure beforehand that streams are
not going to work.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
5 years agolibcacard: don't free sign buffer while sign op is pending
Ray Strode [Sun, 19 Oct 2014 02:12:49 +0000 (22:12 -0400)] 
libcacard: don't free sign buffer while sign op is pending

commit 57f97834efe0c208ffadc9d2959f3d3d55580e52 cleaned up
the cac_applet_pki_process_apdu function to have a single
exit point. Unfortunately, that commit introduced a bug
where the sign buffer can get free'd and nullified while
it's still being used.

This commit corrects the bug by introducing a boolean to
track whether or not the sign buffer should be freed in
the function exit path.

Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-by: Alon Levy <alon@pobox.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5 years agolibcacard: Lock NSS cert db when selecting an applet on an emulated card
Ray Strode [Sun, 19 Oct 2014 02:12:48 +0000 (22:12 -0400)] 
libcacard: Lock NSS cert db when selecting an applet on an emulated card

When a process in a guest uses an emulated smartcard, libcacard running
on the host passes the PIN from the guest to the PK11_Authenticate NSS
function. The first time PK11_Authenticate is called the passed in PIN
is used to unlock the certificate database. Subsequent calls to
PK11_Authenticate will transparently succeed, regardless of the passed in
PIN. This is a convenience for applications provided by NSS.

Of course, the guest may have many applications using the one emulated
smart card all driven from the same host QEMU process.  That means if a
user enters the right PIN in one program in the guest, and then enters the
wrong PIN in another program in the guest, the wrong PIN will still
successfully unlock the virtual smartcard.

This commit forces the NSS certificate database to be locked anytime an
applet is selected on an emulated smartcard by calling vcard_emul_logout.

Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-By: Robert Relyea <rrelyea@redhat.com>
Reviewed-By: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5 years agolibcacard: introduce new vcard_emul_logout
Ray Strode [Sun, 19 Oct 2014 02:12:47 +0000 (22:12 -0400)] 
libcacard: introduce new vcard_emul_logout

vcard_emul_reset currently only logs NSS out, but there is a TODO
for potentially sending insertion/removal events when powering down
or powering up.

For clarity, this commit moves the current guts of vcard_emul_reset to
a new vcard_emul_logout function which will never send insertion/removal
events. The vcard_emul_reset function now just calls vcard_emul_logout,
but also retains its TODO for watching power state transitions and sending
insertion/removal events.

Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-By: Robert Relyea <rrelyea@redhat.com>
Reviewed-By: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5 years agogtk: avoid gd_widget_reparent with gtk 3.14+
Gerd Hoffmann [Thu, 23 Oct 2014 15:21:00 +0000 (17:21 +0200)] 
gtk: avoid gd_widget_reparent with gtk 3.14+

gtk_widget_reparent is depricated in gtk 3.14, stop using it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5 years agogtk: drop gtk_widget_set_double_buffered call
Gerd Hoffmann [Thu, 23 Oct 2014 13:29:37 +0000 (15:29 +0200)] 
gtk: drop gtk_widget_set_double_buffered call

Dunno why it is here.  Removing it seems to have no ill side effects.
It is depricated in 3.14+.  In some cases it has no effect since 3.10
according to the docs:

https://developer.gnome.org/gtk3/stable/GtkWidget.html#gtk-widget-set-double-buffered

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5 years agovmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
Gerd Hoffmann [Mon, 6 Oct 2014 09:58:22 +0000 (11:58 +0200)] 
vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect

Switch vmsvga_update_rect over to use vmsvga_verify_rect.  Slight change
in behavior:  We don't try to automatically fixup rectangles any more.
In case we find invalid update requests we'll do a full-screen update
instead.

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
5 years agovmware-vga: add vmsvga_verify_rect
Gerd Hoffmann [Mon, 6 Oct 2014 09:51:54 +0000 (11:51 +0200)] 
vmware-vga: add vmsvga_verify_rect

Add verification function for rectangles, returning
true if verification passes and false otherwise.

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
5 years agovmware-vga: CVE-2014-3689: turn off hw accel
Gerd Hoffmann [Mon, 6 Oct 2014 09:42:34 +0000 (11:42 +0200)] 
vmware-vga: CVE-2014-3689: turn off hw accel

Quick & easy stopgap for CVE-2014-3689:  We just compile out the
hardware acceleration functions which lack sanity checks.  Thankfully
we have capability bits for them (SVGA_CAP_RECT_COPY and
SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.

Subsequent patches will add the missing checks and re-enable the
hardware acceleration emulation.

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
5 years agoaio / timers: De-document -clock
Markus Armbruster [Mon, 6 Oct 2014 14:19:07 +0000 (16:19 +0200)] 
aio / timers: De-document -clock

Commit 6d32717 "aio / timers: Remove alarm timers" has issues:

1. It silently ignores -clock for backward compatibility.
Incompatible change: -clock help no longer terminates the program.
Tolerable.

2. Failed to update option documentation.  In particular, -help still
advises users to try -clock help for available timers.  Drop all
documentation on -clock.

3. The 'query-alarm-clock' example in docs/writing-commands.txt no
longer works, and needs to be redone.  Can't do that right now, so I
just stick in a FIXME.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agohw/scsi/virtio-scsi.c: fix the "type" use error in virtio_scsi_handle_ctrl
Bin Wu [Sat, 25 Oct 2014 02:43:44 +0000 (02:43 +0000)] 
hw/scsi/virtio-scsi.c: fix the "type" use error in virtio_scsi_handle_ctrl

The local variable "type" in virtio_scsi_handle_ctl represents the tmf
command type from the guest and it has the same meaning as the
req->req.tmf.type. However, before the invoking of virtio_scsi_parse_req
the req->req.tmf.type doesn't has the correct value(just initialized to
zero). Therefore, we need to use the "type" variable to judge the case.

Cc: qemu-stable@nongnu.org
Signed-off-by: Bin Wu <wu.wubin@huawei.com>
[Actually make it compile, "type" must be uint32_t in order to pass
 it to virtio_tswap32s. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agovirtio-scsi: sense in virtio_scsi_command_complete
Ting Wang [Mon, 27 Oct 2014 08:51:41 +0000 (16:51 +0800)] 
virtio-scsi: sense in virtio_scsi_command_complete

If req->resp.cmd.status is not GOOD, the address of sense for
qemu_iovec_from_buf should be modified from &req->resp to sense.

Cc: qemu-stable@nongnu.org
Signed-off-by: Ting Wang <kathy.wangting@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoRevert "main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously"
Jan Kiszka [Mon, 27 Oct 2014 14:13:02 +0000 (14:13 +0000)] 
Revert "main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously"

This reverts commit 15124e142034d21341ec9f1a304a1dc5a6c25681. It breaks
debuggability of qemu and is no longer needed as the problem has
now been addressed in a different way.

Instead we provide a comment about why these signals must be
handled asynchronously.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
[PMM: added comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMake qemu_shutdown_requested signal-safe
Jan Kiszka [Mon, 27 Oct 2014 14:05:10 +0000 (14:05 +0000)] 
Make qemu_shutdown_requested signal-safe

qemu_shutdown_requested may be interrupted by qemu_system_killed. If the
latter sets shutdown_requested after qemu_shutdown_requested has read it
but before it was cleared, the shutdown event is lost. Fix this by using
atomic_xchg.

This provides a different fix for the problem which commit 15124e142
attempts to deal with. That commit breaks use of ^C to drop into gdb,
and so this approach is better (and 15124e142 can be reverted).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
[PMM: commit message tweak]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agotarget-i386: add Intel AVX-512 support
Chao Peng [Thu, 23 Oct 2014 03:02:43 +0000 (11:02 +0800)] 
target-i386: add Intel AVX-512 support

Add AVX512 feature bits, register definition and corresponding
xsave/vmstate support.

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>