The PAPR specification defines a virtual TTY/console interface for guest
OSes to use via the H_PUT_TERM_CHAR and H_GET_TERM_CHAR hypercalls. There
can be multiple virtual ttys, so these take a "termno" parameter. This
encodes which vty to use as the 'reg' property on the device tree node
associated with that vty.
However, with the early debug options enabled, the Linux kernel will
attempt debugging output through the vty very early, before it has read
the device tree. In this case it always uses a termno of 0. This works
on the existing PowerVM hypervisor, so we assume there must be a hack /
feature in there which interprets termno==0 to mean the default primary
console.
To help with debugging kernels, including existing distribution kernels,
this patch implements a similar feature / hack in qemu. If termno==0
is supplied to H_{GET,PUT}_TERM_CHAR, they use the first available vty
device instead.
We need to be careful in the case that the user has manually created
an spapr-vty at address 0. So first we search for the specified reg and
only if that doesn't match do we fall back.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
In commit b4a7852735 ("Place pseries vty
devices at addresses more similar to existing machines"), we changed the
default reg for the vty to 0x30000000, however we didn't update the default
value for a user specified vty device. Fix that.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
If qemu is run like:
qemu-system-ppc64 -nodefaults -device spapr-vty
We end up in spapr_vty_init() with dev->chardev == NULL. Currently
that leads to a segfault because we unconditionally call
qemu_chr_add_handlers().
Although we could make that call conditional, I think a spapr-vty
without a chardev is basically useless so fail the init. This is
similar to what the serial code does for example.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The spapr_vio_find_by_reg() function in hw/spapr_vio.c is supposed to find
the device structure for a PAPR virtual IO device with the given reg value,
and return NULL if none exists.
It does the first ok, but if no device with that reg exists, it just
returns the last device traversed in the list. This patch fixes it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The SLOF firmware used on the pseries machine needs a reasonable amount of
(guest) RAM in order to run, so we have a check in the machine init
function to check that this is available. However, SLOF runs in real mode
(MMU off) which means it can only actually access the RMA (Real Mode Area),
not all of RAM. In many cases the RMA is the same as all RAM, but when
running with Book3S HV KVM on PowerPC 970, the RMA must be especially
allocated to be (host) physically contiguous. In this case, the RMA size
is determined by what the host admin allocated at boot time, and will
usually be less than the whole guest RAM size.
This patch corrects the test to see if SLOF has enough memory for this
case.
In addition, more recent versions of SLOF that were committed earlier don't
need quite as much memory as earlier versions. Therefore, this patch also
reduces the amount of RAM we require to run SLOF.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
When using gdb to single step a ppc interrupt routine, the execution
flow passes the rfi instruction without actually returning from the
interrupt.
The patch fixes this by avoiding to update the nip when the debug
exception is raised and a previous POWERPC_EXCP_SYNC was set.
The latter is the case only, if code for rfi or a related instruction
was generated.
Signed-off-by: Sebastian Bauer <mail@sebastianbauer.info>
Signed-off-by: Alexander Graf <agraf@suse.de>
tcg/ppc64/tcg-target.c has a couple of places where variables are set
unconditionally, but otherwise used only for softmmu builds, not
userspace only builds. This causes compiler warnings (which are fatal
by default) when compiling for a ppc64 host with gcc 4.6. This patch
fixes the problem by moving the code which defines and sets the
variables into the CONFIG_SOFTMMU guarded regions.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Since we added PCI support to the pseries machine, we include a qlist of
PCI host bridges in the sPAPREnvironment structure. However this list
was never properly initialized it. Somehow we got away with this until
some other recent change broke it, and we now segfault immediately on
startup.
This patch adds the required QLIST_INIT(), and while we're at it makes sure
we initialize the rest of the sPAPREnvironment structure to 0, to avoid
future nasty surprises.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Add a missing 'break' statement to fix a buffer overrun when
executing the EEPROM write-all command. Spotted by Coverity
(see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
To reproduce the leak, put two name options into the same [cpudef]
section of target-x86_64.conf.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Fixes protocol_client_auth_sasl_mechname() not to crash when malloc()
fails. Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Update the document since the default code cache size is 32 MB now.
Signed-off-by: chenwj <chenwj@cs.nctu.edu.tw>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
hpet_timer timer callback rearms itself based on difference between
current HPET tick counter and comparator value. Difference calculated by
the hpet_calculate_diff function is limited to non-negative values.
cur_tick is calculated via hpet_get_ticks that uses qemu_get_clock_ns(vm_clock).
With -icount enabled vm_clock doesn't advance during qemu_run_timers
loop thus once difference is zero, qemu_run_timers loops forever
handling hpet_timer.
Limit hpet_calculate_diff results to positive only values to avoid that
infinite loop.
This fixes the following qemu-system-x86_64 hang when it reaches
timer_irq_works() in the linux bootup:
[ 0.000000] Fast TSC calibration using PIT
[ 0.000000] Detected 1000.054 MHz processor.
[ 0.000031] Calibrating delay loop (skipped), value calculated using timer frequency.. 2000.10 BogoMIPS (lpj=10000540)
[ 0.000404] pid_max: default: 32768 minimum: 301
[ 0.001138] Mount-cache hash table entries: 256
[ 0.003883] Initializing cgroup subsys ns
[ 0.004035] Initializing cgroup subsys cpuacct
[ 0.004280] Initializing cgroup subsys freezer
[ 0.004790] Performance Events: AMD PMU driver.
[ 0.004985] ... version: 0
[ 0.005134] ... bit width: 48
[ 0.005285] ... generic registers: 4
[ 0.005437] ... value mask: 0000ffffffffffff
[ 0.005625] ... max period: 00007fffffffffff
[ 0.005807] ... fixed-purpose events: 0
[ 0.005957] ... event mask: 000000000000000f
[ 0.006275] SMP alternatives: switching to UP code
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add missing 'break' statements which would have meant that writing
to an 8 bit NAND device was broken. Spotted by Coverity (see bug
887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Fix a bug revealed by a coverity scan (see bug 887883) which meant
that we would never print the warning about unpredictable behaviour
if a nonexistent overlay is enabled.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The fact that a host cpu supports a feature doesn't mean that QEMU and KVM
will also support it, yet -cpuid host brings host features wholesale.
We need to whitelist each feature separately to make sure we support it.
This patch adds KVM whitelisting (by simply using KVM_GET_SUPPORTED_CPUID
instead of the CPUID instruction).
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Modern distributions place xattr.h in /usr/include/sys, and fold
libattr.so into libc. They also don't have an ENOATTR.
Make configure detect this, and add a qemu-xattr.h file that
directs the #include to the right place.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
g_strdup() can't fail, remove assertion. Assert its argument can't be
null, because that's not obvious (add_boot_device_path() ensures it).
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The function that writes pidfile for win32 uses WriteFileEx which is an
asynchronous IO function. The arguments given to WriteFileEx are allocated on
the stack and one of them is "in out". When the IO operation is actually
executed the calling function has already returned, so the arguments are no
longer allocated or allocated to another frame.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The non-dynticks timer variations are broken, so they can be
removed.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
vga_putcharxy()'s underline code sets font_data to 0xffff instead of
0xff. vga_putcharxy() then reads dmask16[0xffff >> 4] and
dmask4[0xffff >> 6]. In practice, these out-of-bounds subscripts
"only" put a few crap bits into the display surface.
For 32 bit pixels, there's no array access. font_data's extra bits go
straight into the display surface.
Broken when commit 6d6f7c28 implemented underline.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The caller of qemu_timedate_diff() does not expect that tm it passes to
the function will be modified, but mktime() is destructive and modifies
its argument. Pass a copy of tm to it and set tm_isdst so that mktime()
will not rely on it since its value may be outdated.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We disable vm_clock when pausing all vcpus, but we forget to
reenable it when resuming all vcpus. It will cause that the
guest can not be rebooted.
Tested-by: Zhi Yong Wu <zwu.kernel@gmai.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 0a039dc700 broke vga modes for
qxl-vga by loosing vga_ioport_read windup. qxl needs to hook into
vga port writes only and used to realize that by letting vga_init() do
the work for both reads and writes, then overwrite the write function.
That little detail was missed while doing the conversion ...
This patch fixes it. It also switch qxl vga ioport registration to
portio lists while being at it.
Cc: Hans de Goede <hdegoede@redhat.com>
Acked-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch removes the code lines which set the subsystem id for the
emulated ac97 card to 8086:0000. Due to the device id being zero the
subsystem id isn't vaild anyway. With the patch applied the sound card
gets the default qemu subsystem id (1af4:1100) instead.
[ v2: old & broken id is maintained for -M pc-$oldqemuversion ]
Cc: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
sgabios hasn't gotten a lot of coverage since it was not shipped. For 1.0,
let's disable the automatic loading of the option ROM in -nographic
mode. We can put it back for 1.1.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The rom was not added together with the sgabios device and is
not installed.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Somehow, the read/write functions handle an offset that does not exist anymore.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
readline_hist_add() moves the history entry to the end of history. It
uses memmove() to move rs->history[idx + 1..] to rs->history[idx..].
However, its size argument is off by two array elements, so it writes
one element beyond rs->history[], and reads two.
On my system, this clobbers rs->hist_entry and the hole right after
it. Since the function assigns to rs->hist_entry in time, the bug has
no ill effects for me.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Before the next patches, fix coding style of the affected functions.
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
The first enable set/clear register (which controls the PPIs and SGIs)
is supposed to be banked for each processor. Currently it is just
handled globally and this prevents recent SMP Linux kernels from
booting, because CPU0 stops receiving localtimer interrupts when CPU1
disables them locally.
To fix this, allow the enable bits to be enabled per-cpu. For SPIs,
always enable/disable ALL_CPU_MASK.
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
First determine FAT12/16/32, then compute geometry from that for both
FDD and HDD. For 1.44MB floppies, and 2.88MB floppies using FAT16,
change to 1 sector/cluster. The default remains 2.88MB with FAT12
and 2 sectors/cluster. Both DOS and mkdosfs by default format a 2.88MB
floppy as FAT12.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The sector count is stored in the partition and hence must not include the
sectors before its start. At the same time, remove the useless special
casing for 1.44 MB floppies. This fixes fsck on VVFAT hard disks,
which otherwise tries to seek past the end of the disk.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This is consistent with what "real" floppies have, so file(1)
now actually recognizes the VVFAT image as a 1.44 MB floppy.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If the number of "faked sectors" + the number of sectors that are
part of a cluster does not sum up to the total number of sectors,
qemu-img convert fails. Read these spare sectors as all zeros.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When reading the address of the first free entry, you cannot
use array_get without first marking all entries as occupied.
This is visible if you change the sectors per cluster on a
floppy from 2 to 1.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fix mismatching allocation and deallocation: g_free should be used to pair with
g_malloc.
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed_by: Ray Wang <raywang@linux.vnet.ibm.com>
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fix coding style in block/cloop.c.
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed_by: Ray Wang <raywang@linux.vnet.ibm.com>
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
