Commit Graph

121 Commits

Author SHA1 Message Date
Peter Maydell
50809c8b92 Merge remote-tracking branch 'remotes/mcayland/qemu-sparc' into staging
* remotes/mcayland/qemu-sparc:
  apb: implement IOMMU translation for PCI host bridge
  apb: handle reading/writing of IOMMU control registers
  apb: fix IOMMU register sizes
  apb: Move IOMMU registers into a separate IOMMUState struct
  tcx: move initialisation from realizefn to initfn
  tcx: move initialisation from SysBusDevice class to TCX class realizefn
  cg3: add extra check to prevent CG3 register array overflow
  cg3: move initialisation from realizefn to initfn

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05 23:05:07 +01:00
Mark Cave-Ayland
01b91ac2be tcx: move initialisation from realizefn to initfn
Initialisation cleanup as suggested by Andreas.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Andreas Färber <afaerber@suse.de>
2014-06-05 20:51:57 +01:00
Mark Cave-Ayland
d4ad9dec14 tcx: move initialisation from SysBusDevice class to TCX class realizefn
This is an intermediate step to bring TCX in line with CG3.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Andreas Färber <afaerber@suse.de>
2014-06-05 20:51:45 +01:00
Mark Cave-Ayland
366d4f7e00 cg3: add extra check to prevent CG3 register array overflow
The case statements in the CG3 read and write register routines have a maximum
value of CG3_REG_SIZE, so if a value were written to this offset then it
would overflow the register array.

Currently this cannot be exploited since the MemoryRegion restricts accesses
to the range 0 ... CG3_REG_SIZE - 1, but it seems worth clarifying this for
future review and/or static analysis.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Paolo Bonzini <pbonzini@redhat.com>
2014-06-05 20:51:30 +01:00
Mark Cave-Ayland
e09c49f40d cg3: move initialisation from realizefn to initfn
Initialisation cleanup as suggested by Andreas.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Andreas Färber <afaerber@suse.de>
2014-06-05 20:51:19 +01:00
Paolo Bonzini
0983979b3a hw: use ld_p/st_p instead of ld_raw/st_raw
The ld_raw and st_raw definitions are only needed in code that
must compile for both user-mode and softmmu emulation.  Device
models can use the equivalent ld_p/st_p which are simple
pointer accessors.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-06-05 16:04:17 +02:00
Peter Maydell
052367ba85 target-arm:
* Preliminary restructuring for EL2/EL3 support
  * improve CPACR handling
  * fix pxa2xx_lcd palette formats
  * update highbank/midway maintainer
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABCAAGBQJThLyzAAoJEDwlJe0UNgze9JMP/3Lh+Y9nv78cBgyJJkvv2i/q
 H536WftDQarcBEHFf7aFqIMWWkDiDPAwMrB8SCn7zpLW/yBEAulo5e2mO4QLOUm6
 JZMflGqDM1l0nz2XgJPW8y9ySPjxbmZISA+DB1QrNeG6n1HMRiBPCnnYTWIh9ju7
 QiBRUW50GWQpWzWUyVQl4cWfHmHfjZCt+1GBUX2znsZplTzK7CvMot2qIxata+jn
 8PaXbkE/GQp+0tmPgQ8lF4j2OEhVqRbIqzCM0R23aQVl9SLi4ZyudPsBFEtStj82
 gezCF3Xv9zHvCy72+h+u///Wu+uh/PtMCxPUlTATLDF0W8jjJvFf/6n1G09Qo6Qa
 qIsFm9gJ1aW9iqE/H96HzGKK3f1k8dOTw1XDHyC7Xr4E8RAVeBOQVKC41PjZ/GKE
 BTDNeD6jJkyBvZsePIz8C+Km3XZYkndn6EAR13itwOls1yKHzV0IzG/NLHAQNxoj
 4UbsvaED4H9Hn925y8DrQqhfrkj0+KjwF+Ggi0AT8rOJnmDKJCEc3oz6+A1yiIEt
 BcHW4HJ13uyKz8bbOk4ikxNUysiMwLfXwxFLw3kpbjtS33QmYauO56Q/ju/vogC+
 Aali9VtrUmirpVVJi3ZmSjj4y8LyoaHOzzbsVFjuzajstxK1fy51SmNg4NIBcMnK
 1DUOZBmoktKhaobawWtA
 =oYff
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140527' into staging

target-arm:
 * Preliminary restructuring for EL2/EL3 support
 * improve CPACR handling
 * fix pxa2xx_lcd palette formats
 * update highbank/midway maintainer

# gpg: Signature made Tue 27 May 2014 17:26:27 BST using RSA key ID 14360CDE
# gpg: Can't check signature: public key not found

* remotes/pmaydell/tags/pull-target-arm-20140527: (26 commits)
  target-arm: A64: Register VBAR_EL3
  target-arm: A64: Register VBAR_EL2
  target-arm: Make vbar_write writeback to any CPREG
  target-arm: A64: Generalize update_spsel for the various ELs
  target-arm: A64: Generalize ERET to various ELs
  target-arm: A64: Trap ERET from EL0 at translation time
  target-arm: A64: Forbid ERET to higher or unimplemented ELs
  target-arm: Register EL3 versions of ELR and SPSR
  target-arm: Register EL2 versions of ELR and SPSR
  target-arm: Add a feature flag for EL3
  target-arm: Add a feature flag for EL2
  target-arm: A64: Introduce aarch64_banked_spsr_index()
  target-arm: Add SPSR entries for EL2/HYP and EL3/MON
  target-arm: A64: Add ELR entries for EL2 and 3
  target-arm: A64: Add SP entries for EL2 and 3
  target-arm: c12_vbar -> vbar_el[]
  target-arm: Make esr_el1 an array
  target-arm: Make elr_el1 an array
  target-arm: Use a 1:1 mapping between EL and MMU index
  target-arm: A32: Use get_mem_index for load/stores
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-28 15:00:33 +01:00
Peter Maydell
fc37b7a0b0 hw/display/pxa2xx_lcd: Fix 16bpp+alpha and 18bpp+alpha palette formats
The pxa2xx palette entry "16bpp plus transparency" format is
xxxxxxxTRRRRR000GGGGGG00BBBBB000, and "18bpp plus transparency" is
xxxxxxxTRRRRRR00GGGGGG00BBBBBB00.

Correct errors in the code for reading these and converting
them to the internal format. In particular, the buggy code
was attempting to mask out bit 24 of a uint16_t, which
Coverity spotted as an error.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1400233901-31785-1-git-send-email-peter.maydell@linaro.org
2014-05-27 17:09:49 +01:00
Saravanakumar
e35f29ded3 jazz_led: Add missing break in switch case
Signed-off-by: Saravanakumar <saravanakumar.punith@gmail.com>
Reviewed-by: Paolo Bonizni <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-24 00:07:56 +04:00
Peter Maydell
895527eea5 migration/next for 20140515
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJTdBkpAAoJEPSH7xhYctcj5jAQAJKiJ/43TBk0S0wlpoPjw1yA
 WSC/oJ2yvf+i6EndJPdnxIA/3K3s7suRFBJVYwLVnGJTUZ6gwGcI7cc/EX/iK0vf
 1Ffv/RAuh3nkohFw1ZMLQGqACFskSer0K1wZgQg+YjiJRPzzpVOpaAVm3+c04LRN
 AjO9LTqudi2pFaDHfGQMFES3j/5+h2srdad7YLMu4h/17SLtcowO7Yf7GT+GHRyD
 c3OHcL6vNoCKkIJQULC8X5czh6zapQZG3SRZ/nLt58yjEyVuq4L2cNRA/614K+5b
 1YLz4dX6slj8y17tg8On60emU0Sdu4mOws9HtYSytfmEu045iuF+Wr4kNjO74UGd
 NnnjD1pdnuF7356pz87PiVBf7qer5yrv+Bog1KRUwn3ETFqpSOMiKJo0JAGBMKdN
 w6Mbkg9C7IR62OfmM5157Mj2Xd681GImNiYzerBMfuFAWk5XsMxuz9Xh03I7WpzS
 ASow6SCBIr7bsiKENV7twuz1mIQclsYWXaVt8ldH8bMsTCqiefVeDs4o6A3Na+WC
 LztUHzlhVLZU92uJDiIsyQnwmsw032RjhKY9sV/NMa5HLAhF/zZLcn1OfXshrv8t
 mVnWngGbY185kml0GmLu9TSnSCBSD8lcwZlRA9JVyxfusxElJUOrQzKzvu69Rn6U
 XBWPBwppnDQ0MjOgSZD+
 =gg8m
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140515' into staging

migration/next for 20140515

# gpg: Signature made Thu 15 May 2014 02:32:25 BST using RSA key ID 5872D723
# gpg: Can't check signature: public key not found

* remotes/juanquintela/tags/migration/20140515:
  usb: fix up post load checks
  migration: show average throughput when migration finishes
  savevm: Remove all the unneeded version_minimum_id_old (rest)
  savevm: Remove all the unneeded version_minimum_id_old (usb)
  Split ram_save_block
  arch_init: Simplify code for load_xbzrle()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-15 17:29:03 +01:00
Juan Quintela
35d08458a9 savevm: Remove all the unneeded version_minimum_id_old (rest)
After previous Peter patch, they are redundant.  This way we don't
assign them except when needed.  Once there, there were lots of case
where the ".fields" indentation was wrong:

     .fields = (VMStateField []) {
and
     .fields =      (VMStateField []) {

Change all the combinations to:

     .fields = (VMStateField[]){

The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-14 15:24:51 +02:00
Juan Quintela
8f1e884b38 savevm: Remove all the unneeded version_minimum_id_old (arm)
After commit 767adce2d, they are redundant.  This way we don't assign them
except when needed.  Once there, there were lots of cases where the ".fields"
indentation was wrong:

     .fields = (VMStateField []) {
and
     .fields =      (VMStateField []) {

Change all the combinations to:

     .fields = (VMStateField[]){

The biggest problem (apart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.

Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM: fixed minor conflict, corrected commit message typos]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-13 16:09:35 +01:00
Peter Maydell
c9541f67df migration/next for 20140505
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJTZ/QsAAoJEPSH7xhYctcjJ4wP/31lNMpPLxdRpxpUoTPK39L0
 zEoBTUH5dzG2FG34p8/znNH0Lbmc3GALqP9UzyM0sL3QU0EDwqAP0idLJ/8zHrYN
 ZNJnNH6wexlpEypAsyQiayAFYAq6bc3hYtnEurN56dQgPVgb6jCicuOAt26JafLg
 xuGIuencgaEFZaIb8iobxloqDX9raoq0+JfnoV8r02+ES+PG+HHfZsAlbDiWpj/Z
 o06WBq9Xvf8X/zvuGHb9PCLGK36+kxPJ2G2531TJGZ6BjjewDExF2xlQH+PQ8pQB
 d2OKCP0In66JfyLu6JBz21APrks7DJxsuenvoqPhxhtlIcBSm+grZElNLbccDMLQ
 3fteWOCcri5WSwKNAkZ138D5SzIArZFBlqD9qW0GQsiaj3tCxfy162JAmzRPa94i
 R5OJCTDclwjCH6JvRsOs8NrQyYcXHcEl2rfeymfr68YOH5XBMeRPhcR91tVr03ow
 ZVgvwC/TJHntKnW+qtGIOa9Wfq4KghjddD37ayPAqKM/GQ0TV2sAPEr2htDaBZ0l
 5O/YGsAZPKax72OnMR2ObqoIMokympeanQLxG3Q8VKQSU2c+aU3rGVQrG1juiVYw
 NiC/nzarFzFWU8UYToXIu2QBDTde2vuRLX/myzL7L4OLavOcv8EXZBp60DP/bktE
 Pd+jdeLMh9kWu1tFrE8F
 =VoYL
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140505' into staging

migration/next for 20140505

# gpg: Signature made Mon 05 May 2014 21:27:24 BST using RSA key ID 5872D723
# gpg: Can't check signature: public key not found

* remotes/juanquintela/tags/migration/20140505: (36 commits)
  migration: expose xbzrle cache miss rate
  migration: expose the bitmap_sync_count to the end
  migration: Add counts of updating the dirty bitmap
  XBZRLE: Fix one XBZRLE corruption issues
  migration: remove duplicate code
  Coverity: Fix failure path for qemu_accept in migration
  Init the XBZRLE.lock in ram_mig_init
  Provide init function for ram migration
  Count used RAMBlock pages for migration_dirty_pages
  Make qemu_peek_buffer loop until it gets it's data
  Disallow outward migration while awaiting incoming migration
  virtio: validate config_len on load
  virtio-net: out-of-bounds buffer write on load
  openpic: avoid buffer overrun on incoming migration
  ssi-sd: fix buffer overrun on invalid state load
  savevm: Ignore minimum_version_id_old if there is no load_state_old
  usb: sanity check setup_index+setup_len in post_load
  vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/
  virtio-scsi: fix buffer overrun on invalid state load
  zaurus: fix buffer overrun on invalid state load
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-07 14:51:21 +01:00
Michael S. Tsirkin
ead7a57df3 ssd0323: fix buffer overun on invalid state load
CVE-2013-4538

s->cmd_len used as index in ssd0323_transfer() to store 32-bit field.
Possible this field might then be supplied by guest to overwrite a
return addr somewhere. Same for row/col fields, which are indicies into
framebuffer array.

To fix validate after load.

Additionally, validate that the row/col_start/end are within bounds;
otherwise the guest can provoke an overrun by either setting the _end
field so large that the row++ increments just walk off the end of the
array, or by setting the _start value to something bogus and then
letting the "we hit end of row" logic reset row to row_start.

For completeness, validate mode as well.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
Kirill Batuzov
848696bf35 PortioList: Store PortioList in device state
PortioList is an abstraction used for construction of MemoryRegionPortioList
from MemoryRegionPortio. It can be used later to unmap created memory regions.
It also requires proper cleanup because some of the memory inside is allocated
dynamically.

By moving PortioList ot device state we make it possible to cleanup later and
avoid leaking memory.

This change spans several target platforms.  The following testcases cover all
changed lines:
  qemu-system-ppc -M prep
  qemu-system-i386 -vga qxl
  qemu-system-i386 -M isapc -soundhw adlib -device ib700,id=watchdog0,bus=isa.0

Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-05 20:58:33 +02:00
Gerd Hoffmann
63e3e24db2 vga: add secondary stdvga variant
Add a standard vga variant which doesn't occupy any legacy
resources and thus can easily be used as secondary (or legacy-free)
graphics adapter.  Programming must be done using the MMIO bar.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-28 11:03:32 +02:00
Gerd Hoffmann
e2bbfc8ee2 vga: allow non-global vmstate
Need a way to opt-out from vga.vram being global vmstate, for
secondary vga cards.  Add a bool parameter to vga_common_init
to support this.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-28 10:21:55 +02:00
Peter Lieven
2f487a3d40 ui/vnc: fix vmware VGA incompatiblities
this fixes invalid rectangle updates observed after commit 12b316d
with the vmware VGA driver. The issues occured because the server
and client surface update seems to be out of sync at some points
and the max width of the surface is not dividable by
VNC_DIRTY_BITS_PER_PIXEL (16).

Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-18 08:21:24 +01:00
Peter Crosthwaite
1a7d9ee6dd ssi: Convert legacy SSI_SLAVE -> DEVICE casts
Convert legacy ->qdev style casts from TYPE_SSI_SLAVE to TYPE_DEVICE.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Introduce local DeviceState variable for transition to QOM realize]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Andreas Färber
80aaa0741f xenfb: Fix graphic_console_init() build failure
In commit 5643706a09 (console: add head
to index to qemu consoles.) graphic_console_init() was extended to take
an additional argument, but xenfb was not updated accordingly. Fix it.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Don Slutz <dslutz@verizon.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1394228528-31625-1-git-send-email-afaerber@suse.de
2014-03-08 11:27:00 +00:00
Gerd Hoffmann
5643706a09 console: add head to index to qemu consoles.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-05 09:52:04 +01:00
Mark Cave-Ayland
9eb08a435a sun4m: Add Sun CG3 framebuffer and corresponding OpenBIOS FCode ROM
The CG3 framebuffer is a simple 8-bit framebuffer for use with operating
systems such as early Solaris that do not have drivers for TCX.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Blue Swirl <blauwirbel@gmail.com>
CC: Anthony Liguori <aliguori@amazon.com>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Bob Breuer <breuerr@mc.net>
CC: Artyom Tarasenko <atar4qemu@gmail.com>
2014-02-27 10:01:41 +00:00
Gerd Hoffmann
9c70434f82 qxl: add sanity check
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2014-02-24 13:00:52 +01:00
Peter Maydell
61e8a92364 QOM infrastructure fixes and device conversions
* QTest cleanups and test cases for PCI NICs
 * NAND fix for "info qtree"
 * Cleanup and extension of QOM machine tests
 * IndustryPack test cases and conversion to QOM realize
 * I2C cleanups
 * Cleanups of legacy qdev properties
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTAooJAAoJEPou0S0+fgE/SuQQALW3zvra4ZLRAQV0e8kFoyj1
 vVtmLkDhnCe4cYfxxfOX91NA0rH1ts2EO1+UcnaCHJlptNWfA+8qJW69XgYpHE3c
 DKQlKPL/9pV5ywY5uUw/t1UJHg2BfrLBDDM4lP+vrpwiQYq4kp24JffnhfY3l9MA
 9qdkXu1HrlWoLRVGnMyGDXI8cb+5bTL+FEc6UuHl3P89/gj5BV+LDWn0QOFbAkxq
 4wk+Xh6sHKcfOdq6vMCNGlTjlJnpbY43D1a8+q6hFGG8JBlpne7Oer7bse9k4uTK
 q/CzyNzC0lnjjcULpa4ptRlycH0ruD9DPY7Lco9XqYd3l/c9742PmTEqN5TZseKD
 XD7+hwT1tk7W8rihm8KETCP6sKlXz4w8tJiWe6IT3zwRzvXIolxxK93heQuaX73Z
 HFDmvTPVLUiWF8ftKTyWZM3w+jsbSH0QSrMCIHKJrPTRWTKphx0DUP74lWjNsvGs
 FFBjpAgrflLihxiuRrcLmekGn0xCTjhQWIo2GoiWTgLSEHNQQQUNO+15/kcU/vlI
 hh3DJpiBKeSnUapHHL0OEK6ryeHoG95akiRjImwWVthNLk4KEuWtlhFPYBtulO5A
 PA02trE4Ah769effX0ZYdNl23KbW4VxpZ8VZv+kp7RTrDKxw551HoEFJ5ja0nkvB
 O1CfsE7x0GH/Rbi/Hxhu
 =KRcc
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging

QOM infrastructure fixes and device conversions

* QTest cleanups and test cases for PCI NICs
* NAND fix for "info qtree"
* Cleanup and extension of QOM machine tests
* IndustryPack test cases and conversion to QOM realize
* I2C cleanups
* Cleanups of legacy qdev properties

# gpg: Signature made Mon 17 Feb 2014 22:15:37 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-peter: (49 commits)
  qtest: Include system headers before user headers
  qapi: Refine human printing of sizes
  qdev: Use QAPI type names for properties
  qdev: Add enum property types to QAPI schema
  block: Handle "rechs" and "large" translation options
  qdev: Remove hex8/32/64 property types
  qdev: Remove most legacy printers
  qdev: Use human mode in "info qtree"
  qapi: Add human mode to StringOutputVisitor
  qdev: Inline qdev_prop_parse()
  qdev: Legacy properties are just strings
  qdev: Legacy properties are now read-only
  qdev: Remove legacy parsers for hex8/32/64
  qdev: Sizes are now parsed by StringInputVisitor
  qapi: Add size parser to StringInputVisitor
  qtest: Don't segfault with invalid -qtest option
  ipack: Move IndustryPack out of hw/char/
  ipoctal232: QOM parent field cleanup
  ipack: QOM parent field cleanup for IPackDevice
  ipack: QOM parent field cleanup for IPackBus
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-20 13:05:48 +00:00
Paolo Bonzini
c7bcc85d66 qdev: Remove hex8/32/64 property types
Replace them with uint8/32/64.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-02-14 21:12:04 +01:00
Andreas Färber
b1be45153e ssd0303: QOM'ify
Replace usages of FROM_I2C_SLAVE() with QOM cast macro.
Rename parent field.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-02-14 16:22:32 +01:00
Peter Maydell
0888a29caa acpi,pc,pci fixes and enhancements
Most changes here are hotplug related:
 
 This merges hotplug infrastructure changes by Igor,
 some acpi related fixes, and PC fixes.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJS+Jg2AAoJECgfDbjSjVRp2hIH/3PezOqYAJlp1LzHPYgTII5R
 ZWdlHWJODB5QKGuDnJ0rKTZn+9n4f27Q7ynwqrodrLNtzglfmPUwtjTb52vbd1yh
 qJ7BtvGIewUEjTPVs2feipb75jFZFhvIU46F1jPJAiaNKG0nl6zwVHn5XfFqesv2
 4TlHAoqYvpUUuFcG7Qu+hREUrjb/tdxwP8EYM4qDPOSxguS2R2+3/17BVlPDQGia
 bKl6j5EmnmmbQ0h8Sepy3YKh9d1rZnKFsolMFrL8ITjzEzzyKjpE284GNe/5eY25
 HR25dY5eYTb0d3QPeH2O5sOrZgOFpTZc8WOo9Kxi0OTjWxFoZstZ1AOM3A2DAoY=
 =EtLZ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

acpi,pc,pci fixes and enhancements

Most changes here are hotplug related:

This merges hotplug infrastructure changes by Igor,
some acpi related fixes, and PC fixes.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 10 Feb 2014 09:13:26 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  ACPI: Remove commented-out code from HPET._CRS
  hw/pci: switch to a generic hotplug handling for PCIDevice
  pci/pcie: convert PCIE hotplug to use hotplug-handler API
  pci/shpc: convert SHPC hotplug to use hotplug-handler API
  acpi/piix4pm: convert ACPI PCI hotplug to use hotplug-handler API
  qdev:pci: refactor PCIDevice to use generic "hotpluggable" property
  hw/acpi: move typeinfo to the file end
  qdev: add "hotpluggable" property to Device
  qdev: add to BusState "hotplug-handler" link
  define hotplug interface
  loader: document that errno is set
  pc.c: better error message on initrd sizing failure
  pc_piix: enable legacy hotplug for Xen
  qtest: don't report signals if qtest driver enabled
  hw:piix4:acpi: reuse pcihp code for legacy PCI hotplug
  pcihp: remove unused AcpiPciHpPciStatus.device_present field
  pcihp: make pci_read() mmio calback compatible with legacy ACPI hotplug
  pcihp: make PCI hotplug mmio handlers indifferent to PCI_HOTPLUG_ADDR
  pcihp: replace enable|disable_device() with oneliners
  pcihp: reduce number of device check events

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-13 15:02:04 +00:00
Edgar E. Iglesias
2c17449b30 exec: Make ldq/ldub_*_phys input an AddressSpace
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-11 22:57:00 +10:00
Igor Mammedov
2897ae0267 qdev:pci: refactor PCIDevice to use generic "hotpluggable" property
Get rid of PCIDevice specific PCIDeviceClass.no_hotplug and use
generic DeviceClass.hotpluggable field instead.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-02-10 10:26:56 +02:00
Peter Maydell
1f6b12f75f target-lm32: fixes
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iEYEABECAAYFAlLxNdwACgkQEdFA3D+Yo3h0MQCgkqd4o4LdamOYxQqP0CgD+ET8
 QFgAn19l7zj69bPiYEsl1kPxinIduZnd
 =ff/s
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mwalle/tags/lm32-fixes/20140204' into staging

target-lm32: fixes

# gpg: Signature made Tue 04 Feb 2014 18:47:56 GMT using DSA key ID 3F98A378
# gpg: Can't check signature: public key not found

* remotes/mwalle/tags/lm32-fixes/20140204:
  hw/lm32: print error if cpu model is not found
  target-lm32: stop VM on illegal or unknown instruction
  lm32_sys: dump cpu state if test case fails
  lm32_sys: print test result on stderr
  target-lm32: add breakpoint/watchpoint support
  target-lm32: move model features to LM32CPU
  target-lm32: kill cpu_abort() calls
  milkymist-vgafb: swap pixel data in source buffer
  lm32_uart/lm32_juart: use qemu_chr_fe_write_all()
  milkymist-uart: use qemu_chr_fe_write_all() instead of qemu_chr_fe_write()
  tests: lm32: new rule for single test cases
  lm32_sys: increase test case name length limit

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-08 15:57:51 +00:00
Michael Walle
2f45356427 milkymist-vgafb: swap pixel data in source buffer
In commit fc97bb5ba3 the lduw_raw() call was
eliminated. But we are reading from the target buffer a 16-bit value, which
is in big-endian format. Therefore, use lduw_be_p() to read the value.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Walle <michael@walle.cc>
2014-02-04 19:34:30 +01:00
Alon Levy
3761abb167 hw/display/qxl: fix signed to unsigned comparison
Several small signedness / overflow corrections to qxl_create_guest_primary:
1. use 64 bit unsigned for size to avoid overflow possible from two 32
bit multiplicants.
2. correct sign for requested_height
3. add a more verbose error message when setting guest bug state (which
causes a complete guess blackout until reset, so it helps if it is
verbose).

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-02-03 11:05:15 +01:00
Alon Levy
f06b85218a qxl: clear irq on reset
Without this we occasionally trigger an assert at
hw/pci/pci.c:pcibus_reset that asserts the irq_count is zero on reset.

This has become a problem with the new drm driver for linux, since doing
a reboot from console causes a race between console updates that set the
irq and the reset assertion that the irq is clear.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-02-03 11:05:15 +01:00
Paolo Bonzini
2cdaca90dd display: avoid multi-statement macro
For blizzard, pl110 and tc6393xb this is harmless, but for pxa2xx
Coverity noticed that it is used inside an "if" statement.
Fix it because it's the file with the highest number of defects
in the whole QEMU tree!  Use "do...while (0)", or just remove the
semicolon if there's a single statement in the macro.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-01-31 14:47:33 +00:00
Stefano Stabellini
0193c62c94 xenfb: map framebuffer read-only and handle unmap errors
The framebuffer is needlessly mapped (PROT_READ | PROT_WRITE), map it
PROT_READ instead.

The framebuffer is unmapped by replacing the framebuffer pages with
anonymous shared memory, calling mmap. Check for return errors and print
a warning.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2014-01-17 15:28:18 +00:00
Markus Armbruster
837d37167d sysbus: Set cannot_instantiate_with_device_add_yet
device_add plugs devices into suitable bus.  For "real" buses, that
actually connects the device.  For sysbus, the connections need to be
made separately, and device_add can't do that.  The device would be
left unconnected, and could not possibly work.

Quite a few, but not all sysbus devices already set
cannot_instantiate_with_device_add_yet in their class init function.

Set it in their abstract base's class init function
sysbus_device_class_init(), and remove the now redundant assignments
from device class init functions.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-12-23 00:27:22 +01:00
Markus Armbruster
efec3dd631 qdev: Replace no_user by cannot_instantiate_with_device_add_yet
In an ideal world, machines can be built by wiring devices together
with configuration, not code.  Unfortunately, that's not the world we
live in right now.  We still have quite a few devices that need to be
wired up by code.  If you try to device_add such a device, it'll fail
in sometimes mysterious ways.  If you're lucky, you get an
unmysterious immediate crash.

To protect users from such badness, DeviceClass member no_user used to
make device models unavailable with -device / device_add, but that
regressed in commit 18b6dad.  The device model is still omitted from
help, but is available anyway.

Attempts to fix the regression have been rejected with the argument
that the purpose of no_user isn't clear, and it's prone to misuse.

This commit clarifies no_user's purpose.  Anthony suggested to rename
it cannot_instantiate_with_device_add_yet_due_to_internal_bugs, which
I shorten somewhat to keep checkpatch happy.  While there, make it
bool.

Every use of cannot_instantiate_with_device_add_yet gets a FIXME
comment asking for rationale.  The next few commits will clean them
all up, either by providing a rationale, or by getting rid of the use.

With that done, the regression fix is hopefully acceptable.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-12-23 00:27:22 +01:00
Gerd Hoffmann
75c70e37bc spice: stop server for qxl hard reset
Hard reset can happen at any time.  We should be able to put qxl into a
known-good state no matter what.  Stop spice server thread for reset so
it can't be confused by fetching stale commands lingering around in the
rings while we reset is ongoing.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-12-16 10:12:20 +01:00
Stefan Weil
b1829cdebe qxl: Add missing trace.h (fix broken build)
Commit ac86048bcd removed trace.h from
console.h and ignored the fact that qxl-render.c needs this file
(it includes qxl.h which includes console.h which included trace.h).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-12-07 22:26:07 +04:00
Stefan Weil
ac86048bcd trace: Remove trace.h from console.h (less dependencies)
This reduces the dependencies on trace.h.
Only two source files which need console.h also need trace.h.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-12-02 21:02:00 +04:00
Mark Cave-Ayland
da87dd7bd7 sun4m: Add FCode ROM for TCX framebuffer
Upstream OpenBIOS now implements SBus probing in order to determine the
contents of a physical bus slot, which is required to allow OpenBIOS to
identify the framebuffer without help from the fw_cfg interface.

SBus probing works by detecting the presence of an FCode program
(effectively tokenised Forth) at the base address of each slot, and if
present executes it so that it creates its own device node in the
OpenBIOS device tree.

The FCode ROM is generated as part of the OpenBIOS build and should
generally be updated at the same time.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Blue Swirl <blauwirbel@gmail.com>
CC: Bob Breuer <breuerr@mc.net>
CC: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-11-21 17:38:52 +01:00
Marc-André Lureau
2c8ebac7cc vga: fix invalid read after free
After calling dpy_gfx_replace_surface(s->con, surface), the outer
surface is invalid.

==5370== Invalid read of size 4
==5370==    at 0x460229: surface_bits_per_pixel (console.h:250)
==5370==    by 0x466A81: get_depth_index (vga.c:1173)
==5370==    by 0x467EC2: vga_draw_graphic (vga.c:1718)
==5370==    by 0x4687A5: vga_update_display (vga.c:1914)
==5370==    by 0x2A782E: qxl_hw_update (qxl.c:1766)
==5370==    by 0x3EB83B: graphic_hw_update (console.c:254)
==5370==    by 0x3FBE31: qemu_spice_display_refresh (spice-display.c:418)
==5370==    by 0x2A7D01: display_refresh (qxl.c:1886)
==5370==    by 0x3EEE1C: dpy_refresh (console.c:1436)
==5370==    by 0x3EB543: gui_update (console.c:192)
==5370==    by 0x3C43B3: timerlist_run_timers (qemu-timer.c:488)
==5370==    by 0x3C4416: qemu_clock_run_timers (qemu-timer.c:499)
==5370==  Address 0x22ffb1e0 is 0 bytes inside a block of size 56 free'd
==5370==    at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5370==    by 0x4245FC: free_and_trace (vl.c:2771)
==5370==    by 0x50899AE: g_free (gmem.c:252)
==5370==    by 0x3EE8D3: qemu_free_displaysurface (console.c:1332)
==5370==    by 0x3EEDB7: dpy_gfx_replace_surface (console.c:1427)
==5370==    by 0x467EB6: vga_draw_graphic (vga.c:1714)
==5370==    by 0x4687A5: vga_update_display (vga.c:1914)
==5370==    by 0x2A782E: qxl_hw_update (qxl.c:1766)
==5370==    by 0x3EB83B: graphic_hw_update (console.c:254)
==5370==    by 0x3FBE31: qemu_spice_display_refresh (spice-display.c:418)
==5370==    by 0x2A7D01: display_refresh (qxl.c:1886)
==5370==    by 0x3EEE1C: dpy_refresh (console.c:1436)

Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1383664554-15248-1-git-send-email-marcandre.lureau@gmail.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
2013-11-05 20:01:11 -08:00
Peter Maydell
7d579514a5 bswap.h: Remove cpu_to_32wu()
Replace the legacy cpu_to_32wu() with stl_p().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383669517-25598-10-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
2013-11-05 19:57:47 -08:00
Gerd Hoffmann
4a46c99c81 qxl: replace pipe signaling with bottom half
qxl creates a pipe, then writes something to it to wake up the iothread
from the spice server thread to raise an irq.  These days qemu bottom
halves can be scheduled from threads and signals, so there is no reason
to do this any more.  Time to clean it up.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-11-04 12:31:42 +01:00
Anthony Liguori
b0eb759fb2 pci, pc, acpi fixes, enhancements
This includes some pretty big changes:
 - pci master abort support by Marcel
 - pci IRQ API rework by Marcel
 - acpi generation support by myself
 
 Everything has gone through several revisions, latest versions have been on
 list for a while without any more comments, tested by several
 people.
 
 Please pull for 1.7.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.15 (GNU/Linux)
 
 iQEcBAABAgAGBQJSXNO8AAoJECgfDbjSjVRp7VAH/0B73mCOiyVACGx7fazK3SGK
 X8TxZWVtG5A77ISqKyrtjLAhK9DCQjEzQTbMNhXHM3Ar6crwo7nJZnQvH2Gh1X2p
 34BOQSVc4rtXz5pwDIr48dBLrxeslwXub79chUs+IK1/4RSn3h3nuS3k6JVkmLJN
 rcHMj4ljJmi4Hd9vOpmS1jo/a61usi36hhU7CMgcrsXzStZycBBzCozOB3VW8p1X
 /iwyf91YjmNPkn9gA3/aViGjszu8jE91dkA0C+ljwvcGbs2yEl3LCWEJfsMvoh5P
 2M+k0XXbHwq/P9PFMa/2/lWOo4EO4Oxa+G/6QvovJrteYnktr+E9DqjU8pCT7yI=
 =CVfs
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'mst/tags/for_anthony' into staging

pci, pc, acpi fixes, enhancements

This includes some pretty big changes:
- pci master abort support by Marcel
- pci IRQ API rework by Marcel
- acpi generation support by myself

Everything has gone through several revisions, latest versions have been on
list for a while without any more comments, tested by several
people.

Please pull for 1.7.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 15 Oct 2013 07:33:48 AM CEST using RSA key ID D28D5469
# gpg: Can't check signature: public key not found

* mst/tags/for_anthony: (39 commits)
  ssdt-proc: update generated file
  ssdt: fix PBLK length
  i386: ACPI table generation code from seabios
  pc: use new api to add builtin tables
  acpi: add interface to access user-installed tables
  hpet: add API to find it
  pvpanic: add API to access io port
  ich9: APIs for pc guest info
  piix: APIs for pc guest info
  acpi/piix: add macros for acpi property names
  i386: define pc guest info
  loader: allow adding ROMs in done callbacks
  i386: add bios linker/loader
  loader: use file path size from fw_cfg.h
  acpi: ssdt pcihp: updat generated file
  acpi: pre-compiled ASL files
  acpi: add rules to compile ASL source
  i386: add ACPI table files from seabios
  q35: expose mmcfg size as a property
  q35: use macro for MCFG property name
  ...

Message-id: 1381818560-18367-1-git-send-email-mst@redhat.com
Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
2013-10-31 16:58:32 +01:00
Anthony Liguori
989644915c Merge remote-tracking branch 'bonzini/iommu-for-anthony' into staging
# By Paolo Bonzini (10) and others
# Via Paolo Bonzini
* bonzini/iommu-for-anthony:
  exec: remove qemu_safe_ram_ptr
  icount: make it thread-safe
  icount: document (future) locking rules for icount
  icount: prepare the code for future races in calling qemu_clock_warp
  icount: reorganize icount_warp_rt
  icount: use cpu_get_icount() directly
  timer: add timer_mod_anticipate and timer_mod_anticipate_ns
  timer: extract timer_mod_ns_locked and timerlist_rearm
  timer: make qemu_clock_enable sync between disable and timer's cb
  qemu-thread: add QemuEvent
  timer: protect timers_state's clock with seqlock
  seqlock: introduce read-write seqlock
  vga: Mark relevant portio lists regions as coalesced MMIO flushing
  cirrus: Mark vga io region as coalesced MMIO flushing
  portio: Allow to mark portio lists as coalesced MMIO flushing
  compatfd: switch to QemuThread
  memory: fix 128 arithmetic in info mtree

Message-id: 1382024935-28297-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
2013-10-18 10:01:49 -07:00
Jan Kiszka
c46860ea53 vga: Mark relevant portio lists regions as coalesced MMIO flushing
This allows to remove the explicit qemu_flush_coalesced_mmio_buffer
calls.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-10-17 17:24:15 +02:00
Jan Kiszka
eb25a1d9d4 cirrus: Mark vga io region as coalesced MMIO flushing
This allows to remove the explicit qemu_flush_coalesced_mmio_buffer
calls - the memory core will invoke them now.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-10-17 17:24:15 +02:00
Gerd Hoffmann
9fa032866d spice: fix multihead support
This patch fixes spice display initialization to handle
multihead properly.

spice-core now keeps track of which QemuConsole has a spice
display channel attached to it and which has not.  It also
manages display channel ids.

spice-display looks at all QemuConsoles and will pick up any
graphic console not yet bound to a spice channel (which in practice
are all non-qxl graphic devices).

Result is that
 (a) you'll get a spice client window for each graphical device
     now (first only without this patch), and
 (b) mixing qxl and non-qxl vga cards works properly.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-17 12:42:54 +02:00
Marc-André Lureau
26defe81f6 spice: replace use of deprecated API
hose API are deprecated since 0.11, and qemu depends on 0.12 already.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-17 12:25:25 +02:00