Commit Graph

45566 Commits

Author SHA1 Message Date
Eric Blake adfb264c9e qapi: Document visitor interfaces, add assertions
The visitor interface for mapping between QObject/QemuOpts/string
and QAPI is scandalously under-documented, making changes to visitor
core, individual visitors, and users of visitors difficult to
coordinate.  Among other questions: when is it safe to pass NULL,
vs. when a string must be provided; which visitors implement which
callbacks; the difference between concrete and virtual visits.

Correct this by retrofitting proper contracts, and document where some
of the interface warts remain (for example, we may want to modify
visit_end_* to require the same 'obj' as the visit_start counterpart,
so the dealloc visitor can be simplified).  Later patches in this
series will tackle some, but not all, of these warts.

Add assertions to (partially) enforce the contract.  Some of these
were only made possible by recent cleanup commits.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-13-git-send-email-eblake@redhat.com>
[Doc fix from Eric squashed in]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Eric Blake fcf3cb2178 qmp-input: Refactor when list is advanced
In the QMP input visitor, visiting a list traverses two objects:
the QAPI GenericList of the caller (which gets advanced in
visit_next_list() regardless of this patch), and the QList input
that we are converting to QAPI.  For consistency with QDict
visits, we want to consume elements from the input QList during
the visit_type_FOO() for the list element; that is, we want ALL
the code for consuming an input to live in qmp_input_get_object(),
rather than having it split according to whether we are visiting
a dict or a list.  Making qmp_input_get_object() the common point
of consumption will make it easier for a later patch to refactor
visit_start_list() to cover the GenericList * head of a QAPI list,
and in turn will get rid of the 'first' flag (which lived in
qmp_input_next_list() pre-patch, and is hoisted to StackObject
by this patch).

This patch is therefore altering the post-condition use of 'entry',
while keeping what gets visited unchanged, from:

        start_list next_list type_ELT ... next_list type_ELT next_list end_list
 visits                      1st elt                last elt
 entry  NULL       1st elt   1st elt      last elt  last elt NULL      gone

where type_ELT() returns (entry ? entry : 1st elt) and next_list() steps
entry

to this usage:

        start_list next_list type_ELT ... next_list type_ELT next_list end_list
 visits                      1st elt                last elt
 entry  1st elt    1nd elt   2nd elt      last elt  NULL     NULL      gone

where type_ELT() steps entry and returns the old entry, and next_list()
leaves entry alone.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-12-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Eric Blake ce140b1769 qmp-input: Require struct push to visit members of top dict
Don't embed the root of the visit into the stack of current
containers being visited.  That way, we no longer get confused
on whether the first visit of a dictionary is to the dictionary
itself or to one of the members of the dictionary, based on
whether the caller passed name=NULL; and makes the QMP Input
visitor like other visitors where the value of 'name' is now
ignored on the root visit.  (We may someday want to revisit
the rules on what 'name' should be on a top-level visit,
rather than just ignoring it; but that would be the topic of
another patch).

An audit of all qmp_input_visitor_new() call sites shows that
there were only two places where callers had previously been
visiting to a QDict with a non-NULL name to bypass a call to
visit_start_struct(), and those were fixed in prior patches.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-11-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Eric Blake ad739706bb qom: Wrap prop visit in visit_start_struct
The qmp-input visitor was allowing callers to play rather fast
and loose: when visiting a QDict, you could grab members of the
root dictionary without first pushing into the dict; the final
such culprit was the QOM code for converting to and from object
properties.  But we are about to tighten the input visitor, at
which point user_creatable_add_type() as called with a QMP input
visitor via qmp_object_add() MUST follow the same paradigms as
everyone else, of pushing into the struct before grabbing its
keys.

The use of 'err ? NULL : &err' is temporary; a later patch will
clean that up when it splits visit_end_struct().

Furthermore, note that both callers always pass qdict, so we can
convert the conditional into an assert and reduce indentation.

The change has no impact to the testsuite now, but is required to
avoid a failure in tests/test-netfilter once qmp-input is made
stricter to detect inconsistent 'name' arguments on the root visit.

Since user_creatable_add_type() is also called with OptsVisitor
through user_creatable_add_opts(), we must also check that there
is no negative impact there; both pre- and post-patch, we see:

$ ./x86_64-softmmu/qemu-system-x86_64 -nographic -nodefaults -qmp stdio -object secret,id=sec0,data=letmein,format=raw,foo=bar
qemu-system-x86_64: -object secret,id=sec0,data=letmein,format=raw,foo=bar: Property '.foo' not found

That is, the only new checking that the new visit_end_struct() can
perform is for excess input, but we already catch excess input
earlier in object_property_set().

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-10-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Eric Blake ed84153519 qapi-commands: Wrap argument visit in visit_start_struct
The qmp-input visitor was allowing callers to play rather fast
and loose: when visiting a QDict, you could grab members of the
root dictionary without first pushing into the dict; among the
culprit callers was the generated marshal code on the 'arguments'
dictionary of a QMP command.  But we are about to tighten the
input visitor, at which point the generated marshal code MUST
follow the same paradigms as everyone else, of pushing into the
struct before grabbing its keys.

Generated code grows as follows:

|@@ -515,7 +641,12 @@ void qmp_marshal_blockdev_backup(QDict *
|     BlockdevBackup arg = {0};
|
|     v = qmp_input_get_visitor(qiv);
|+    visit_start_struct(v, NULL, NULL, 0, &err);
|+    if (err) {
|+        goto out;
|+    }
|     visit_type_BlockdevBackup_members(v, &arg, &err);
|+    visit_end_struct(v, err ? NULL : &err);
|     if (err) {
|         goto out;
|     }
|@@ -527,7 +715,9 @@ out:
|     qmp_input_visitor_cleanup(qiv);
|     qdv = qapi_dealloc_visitor_new();
|     v = qapi_dealloc_get_visitor(qdv);
|+    visit_start_struct(v, NULL, NULL, 0, NULL);
|     visit_type_BlockdevBackup_members(v, &arg, NULL);
|+    visit_end_struct(v, NULL);
|     qapi_dealloc_visitor_cleanup(qdv);
| }

The use of 'err ? NULL : &err' is temporary; a later patch will
clean that up when it splits visit_end_struct().

Prior to this patch, the fact that there was no final
visit_end_struct() meant that even though we are using a strict
input visit, the marshalling code was not detecting excess input
at the top level (only in nested levels).  Fortunately, we have
code in monitor.c:qmp_check_client_args() that also checks for
no excess arguments at the top level.  But as the generated code
is more compact than the manual check, a later patch will clean
up monitor.c to drop the redundancy added here.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-9-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Eric Blake e5826a2fd7 qmp-input: Don't consume input when checking has_member
Commit e8316d7 mistakenly passed consume=true within
qmp_input_optional() when checking if an optional member was
present, but the mistake was silently ignored since the code
happily let us extract a member more than once.  Fix
qmp_input_optional() to not consume anything, then tighten up
the input visitor to ensure that a member is consumed exactly
once (all generated code follows this pattern; and the new
assert will catch any hand-written code that tries to visit
the same key more than once).

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-8-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Eric Blake 240f64b6dc qapi: Use strict QMP input visitor in more places
The following uses of a QMP input visitor should be strict
(that is, excess keys in QDict input should be flagged if not
converted to QAPI):

- Testsuite code unrelated to explicitly testing non-strict
mode (test-qmp-commands, test-visitor-serialization); since
we want more code to be strict by default, having more tests
of strict mode doesn't hurt

- Code used for cloning QAPI objects (replay-input.c,
qemu-sockets.c); we are reparsing a QObject just barely
produced by the qmp output visitor and which therefore should
not have any garbage, so while it is extra work to be strict,
it validates that our clone is correct [note that a later patch
series will simplify these two uses by creating an actual
clone visitor that is much more efficient than a
generate/reparse cycle]

- qmp_object_add(), which calls into user_creatable_add_type().
Since command line parsing for '-object' uses the same
user_creatable_add_type() through the OptsVisitor, and that is
always strict, we want to ensure that any nested dictionaries
would be treated the same in QMP and from the command line (I
don't actually know if such nested dictionaries exist).  Note
that on this code change, strictness only matters for nested
dictionaries (if even possible), since we already flag excess
input at the top level during an earlier object_property_set()
on an unknown key, whether from QemuOpts:

$ ./x86_64-softmmu/qemu-system-x86_64 -nographic -nodefaults -qmp stdio -object secret,id=sec0,data=letmein,format=raw,foo=bar
qemu-system-x86_64: -object secret,id=sec0,data=letmein,format=raw,foo=bar: Property '.foo' not found

or from QMP:

$ ./x86_64-softmmu/qemu-system-x86_64 -nographic -nodefaults -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 93, "minor": 5, "major": 2}, "package": ""}, "capabilities": []}}
{"execute":"qmp_capabilities"}
{"return": {}}
{"execute":"object-add","arguments":{"qom-type":"secret","id":"sec0","props":{"format":"raw","data":"letmein","foo":"bar"}}}
{"error": {"class": "GenericError", "desc": "Property '.foo' not found"}}

The only remaining uses of non-strict input visits are:

- QMP 'qom-set' (which eventually executes
object_property_set_qobject()) - mark it as something to revisit
in the future (I didn't want to spend any more time on this patch
auditing if we have any QOM dictionary properties that might be
impacted, and couldn't easily prove whether this code path is
shared with anything else).

- test-qmp-input-visitor: explicit tests of non-strict mode. If
we later get rid of users that don't need strictness, then this
test should be merged with test-qmp-input-strict

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-7-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Eric Blake fc471c18d5 qapi: Consolidate QMP input visitor creation
Rather than having two separate ways to create a QMP input
visitor, where the safer approach has the more verbose name,
it is better to consolidate things into a single function
where the caller must explicitly choose whether to be strict
or to ignore excess input.  This patch is the strictly
mechanical conversion; the next patch will then audit which
uses can be made stricter.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-6-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Eric Blake b471d012e5 qmp-input: Clean up stack handling
Management of the top of stack was a bit verbose; creating a
temporary variable and adding some comments makes the existing
code more legible before the next few patches improve things.
No semantic changes other than asserting that we are always
visiting a QObject, and not a NULL value.  In particular, the
check for 'name && qobject_type(qobj) == QTYPE_QDICT)' is a
bit overkill (a dict visit should always have a name); a later
patch revisits that, while this patch is only changing one
layer of indentation due to dropping 'if (qobj)'.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-5-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Eric Blake 42a502a7a6 qmp: Drop dead command->type
Ever since QMP was first added back in commit 43c20a43, we have
never had any QmpCommandType other than QCT_NORMAL.  It's
pointless to carry around the cruft.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-4-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Eric Blake e58d695e6c qapi: Guarantee NULL obj on input visitor callback error
Our existing input visitors were not very consistent on errors in a
function taking 'TYPE **obj'.  These are start_struct(),
start_alternate(), type_str(), and type_any().  next_list() is
similar, but can't fail (see commit 08f9541).  While all of them set
'*obj' to allocated storage on success, it was not obvious whether
'*obj' was guaranteed safe on failure, or whether it was left
uninitialized.  But a future patch wants to guarantee that
visit_type_FOO() does not leak a partially-constructed obj back to
the caller; it is easier to implement this if we can reliably state
that input visitors assign '*obj' regardless of success or failure,
and that on failure *obj is NULL.  Add assertions to enforce
consistency in the final setting of err vs. *obj.

The opts-visitor start_struct() doesn't set an error, but it
also was doing a weird check for 0 size; all callers pass in
non-zero size if obj is non-NULL.

The testsuite has at least one spot where we no longer need
to pre-initialize a variable prior to a visit; valgrind confirms
that the test is still fine with the cleanup.

A later patch will document the design constraint implemented
here.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-3-git-send-email-eblake@redhat.com>
[visit_start_alternate()'s assertion tightened, commit message tweaked]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Eric Blake 983f52d4b3 qapi-visit: Add visitor.type classification
We have three classes of QAPI visitors: input, output, and dealloc.
Currently, all implementations of these visitors have one thing in
common based on their visitor type: the implementation used for the
visit_type_enum() callback.  But since we plan to add more such
common behavior, in relation to documenting and further refining
the semantics, it makes more sense to have the visitor
implementations advertise which class they belong to, so the common
qapi-visit-core code can use that information in multiple places.

A later patch will better document the types of visitors directly
in visitor.h.

For this patch, knowing the class of a visitor implementation lets
us make input_type_enum() and output_type_enum() become static
functions, by replacing the callback function Visitor.type_enum()
with the simpler enum member Visitor.type.  Share a common
assertion in qapi-visit-core as part of the refactoring.

Move comments in opts-visitor.c to match the refactored layout.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-2-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-05-12 09:47:54 +02:00
Peter Maydell bfc766d38e Update version for v2.6.0 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-05-11 16:44:26 +01:00
Stefan Weil a277c3e094 usb: Support compilation without poll.h
This is a hack to support compilation with Mingw-w64 which provides
a libusb-1.0 package, but no poll.h.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1458630800-10088-1-git-send-email-sw@weilnetz.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 10:37:39 +02:00
Isaac Lozano 1f66fe5778 usb-mtp: fix usb_mtp_get_device_info so that libmtp on the guest doesn't complain
If an application uses libmtp on the guest system,
it will complain with the warning message:
LIBMTP WARNING: VendorExtensionID: ffffffff
LIBMTP WARNING: VendorExtensionDesc: (null)
LIBMTP WARNING: this typically means the device is PTP (i.e. a camera) but
not a MTP device at all. Trying to continue anyway.

This is because libmtp expects a MTP Vendor Extension ID of 0x00000006 and a
MTP Version of 0x0064. These numbers are taken from Microsoft's MTP Vendor
Extension Identification Message page and are what most physical devices
show.

Signed-off-by: Isaac Lozano <109lozanoi@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1460892593-5908-1-git-send-email-109lozanoi@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 10:33:49 +02:00
Roman Kagan 491d68d938 usb:xhci: no DMA on HC reset
This patch is a rough fix to a memory corruption we are observing when
running VMs with xhci USB controller and OVMF firmware.

Specifically, on the following call chain

xhci_reset
  xhci_disable_slot
    xhci_disable_ep
      xhci_set_ep_state

QEMU overwrites guest memory using stale guest addresses.

This doesn't happen when the guest (firmware) driver sets up xhci for
the first time as there are no slots configured yet.  However when the
firmware hands over the control to the OS some slots and endpoints are
already set up with their context in the guest RAM.  Now the OS' driver
resets the controller again and xhci_set_ep_state then reads and writes
that memory which is now owned by the OS.

As a quick fix, skip calling xhci_set_ep_state in xhci_disable_ep if the
device context base address array pointer is zero (indicating we're in
the HC reset and no DMA is possible).

Cc: qemu-stable@nongnu.org
Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-id: 1462384435-1034-1-git-send-email-rkagan@virtuozzo.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 10:29:28 +02:00
Cole Robinson bb732ee78c ui: gtk: Fix some deprecation warnings
All device manager APIs are deprecated now. Much of our usage is
just to get the current pointer, so centralize that logic and use
the new seat APIs

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: d6dec24220a4e1449a0172119c10c48e145c0f6f.1462557436.git.crobinso@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 08:02:41 +02:00
Cole Robinson 84e2dc4bf3 ui: gtk: Fix a runtime warning on vte >= 0.37
inner-border was dropped in vte API 2.91, in favor of the standard
padding style

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: 60a6cdc337d611d902f53907e66a8f37ea374d65.1462557436.git.crobinso@redhat.com

[ kraxel: Fix warning with old vte version. ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 08:02:41 +02:00
Cole Robinson c6feff9e09 configure: support vte-2.91
vte >= 0.37 expores API version 2.91, which is where all the active
development is. qemu builds and runs fine with that version, so use it
if it's available.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: b4f0375647f7b368d3dbd3834aee58cb0253566a.1462557436.git.crobinso@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 08:02:40 +02:00
Cole Robinson d6a6dba359 configure: report SDL version
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: 98e4a3b98dc824bfaff96db43b172272c780c15f.1462557436.git.crobinso@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 08:02:40 +02:00
Cole Robinson f2a4e54828 configure: report GTK version
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: 4c464e20d69fdcf21927ceed31a8d749b4af0c49.1462557436.git.crobinso@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 08:02:40 +02:00
Cole Robinson 02d34f62fd configure: add echo_version helper
Simplifies printing library versions, dependent on if the library
was even found

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: 3c9ab16123e06bb4109771ef6ee8acd82d449ba0.1462557436.git.crobinso@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 08:02:40 +02:00
Cole Robinson e07047cfd7 configure: error on unknown --with-sdlabi value
I accidentally tried --with-sdlabi="1.0", and it failed much later in
a weird way. Instead, throw an error if the value isn't in our
whitelist.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: 60e4822e17697d257a914df03bdb9fff4b4c0490.1462557436.git.crobinso@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 08:02:40 +02:00
Cole Robinson ee8466d0ea configure: build SDL if only SDL2 available
Right now if SDL2 is installed but not SDL1, default configure will
entirely disable SDL. Check upfront for SDL2 using pkg-config, but
still prefer SDL1 if both versions are installed.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: c9e570b5964d128a3595efe3170129a3da459776.1462557436.git.crobinso@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 08:02:40 +02:00
Cole Robinson 56f289f383 ui: sdl2: Release grab before opening console window
sdl 2.0.4 currently has a bug which causes our UI shortcuts to fire
rapidly in succession:

  https://bugzilla.libsdl.org/show_bug.cgi?id=3287

It's a toss up whether ctrl+alt+f or ctrl+alt+2 will fire an
odd or even number of times, thus determining whether the action
succeeds or fails.

Opening monitor/serial windows is doubly broken, since it will often
lock the UI trying to grab the pointer:

  0x00007fffef3720a5 in SDL_Delay_REAL () at /lib64/libSDL2-2.0.so.0
  0x00007fffef3688ba in X11_SetWindowGrab () at /lib64/libSDL2-2.0.so.0
  0x00007fffef2f2da7 in SDL_SendWindowEvent () at /lib64/libSDL2-2.0.so.0
  0x00007fffef2f080b in SDL_SetKeyboardFocus () at /lib64/libSDL2-2.0.so.0
  0x00007fffef35d784 in X11_DispatchFocusIn.isra.8 () at /lib64/libSDL2-2.0.so.0
  0x00007fffef35dbce in X11_DispatchEvent () at /lib64/libSDL2-2.0.so.0
  0x00007fffef35ee4a in X11_PumpEvents () at /lib64/libSDL2-2.0.so.0
  0x00007fffef2eea6a in SDL_PumpEvents_REAL () at /lib64/libSDL2-2.0.so.0
  0x00007fffef2eeab5 in SDL_WaitEventTimeout_REAL () at /lib64/libSDL2-2.0.so.0
  0x000055555597eed0 in sdl2_poll_events (scon=0x55555876f928) at ui/sdl2.c:593

We can work around that hang by ungrabbing the pointer before launching
a new window. This roughly matches what our sdl1 code does

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: 31c9ab6540b031f7a614c59edcecea9877685612.1462557436.git.crobinso@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 08:02:40 +02:00
Cole Robinson 4fd811a6bd ui: gtk: fix crash when terminal inner-border is NULL
VTE terminal inner-border can be NULL. The vte-0.36 (API 2.90)
code checks for the condition too so I assume it's not just a bug

Fixes a crash on Fedora 24 with gtk 3.20

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: 2b2e85d403e8760ea53afd735a170500d5c17716.1462557436.git.crobinso@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 08:02:40 +02:00
Peter Maydell 860a3b3485 Update version for v2.6.0-rc5 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-05-09 14:08:12 +01:00
Peter Maydell 53db932604 vga security fixes (CVE-2016-3710, CVE-2016-3712)
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXMIUCAAoJEEy22O7T6HE4uacP/1IwxsNr7oAc8Mb1x95r3aLe
 Q7KAh8Nei9VMcNLvUMweAaRSNgrrM+ic84oTNqWTGL5fgbV3oa4JlbTnGlWs174W
 acCH6tMSG21SqukxnMdO79X/Ldi7IhQEVMHvAm0bq7jwHYYLjdwAhIBOXs5G5oJX
 5UcosiGJenrT5USICv5Cr5sMvPgy3wS9qvJVbdGzxZzJ3I7274teS4Y8JjlMrxj0
 JIIQ2dDMFI2twlzJbmpXqMlZ3l+RhB4AXA47T8SZW2MSgBv+zI2BZEBuEIS7bQqj
 debIWA9Rl2lbsroJUHsjqgxyLD89jyKaunt2rhyEo0F6e12jzfuXfP9qdqKSaz9T
 5PZ98PDTWD+1K7pAq88TvuQApwawoIIfIyGaNYjktmWiDRZ/607uxtILp7MI8M0v
 K04K0SBbqM/0whUyAVcjrZkbd7p7hGcN6vn2m2i6vWcqcNkiP3S8kz+coV1fCpXu
 YSzo1yg8+e6UZMpLxz/VgCdRpwEtRgiLq0CkI6gdhu88gSjldWml5qa/MibuAwYJ
 NWmtDmaqM1TBburDTHI2EbQ7UGDDPH3NbHBfH21fd73YONJ3PFqnDdTTytdKoXd0
 /kinn6YN9au3NcQHLJojCcXKIiGsCfQwIPuXl9aF/oT46f8TweHZJ9WyeMyP35Kh
 Yg3itPanlsN4PrrGmyMO
 =v5wH
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160509-1' into staging

vga security fixes (CVE-2016-3710, CVE-2016-3712)

# gpg: Signature made Mon 09 May 2016 13:39:30 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vga-20160509-1:
  vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).
  vga: update vga register setup on vbe changes
  vga: factor out vga register setup
  vga: add vbe_enabled() helper
  vga: fix banked access bounds checking (CVE-2016-3710)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-05-09 13:42:25 +01:00
Peter Maydell 975eb6a547 Update version for v2.6.0-rc4 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-05-02 17:27:01 +01:00
Gerd Hoffmann 1beb99f787 Revert "acpi: mark PMTIMER as unlocked"
This reverts commit 7070e085d4.

Commit message claims locking is not needed, but that appears
to not be true, seabios ehci driver runs into timekeeping problems
with this, see
	https://bugzilla.redhat.com/show_bug.cgi?id=1322713

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1460702609-25971-1-git-send-email-kraxel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-05-02 17:19:13 +01:00
Gerd Hoffmann fd3c136b3e vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).
Call vbe_update_vgaregs() when the guest touches GFX, SEQ or CRT
registers, to make sure the vga registers will always have the
values needed by vbe mode.  This makes sure the sanity checks
applied by vbe_fixup_regs() are effective.

Without this guests can muck with shift_control, can turn on planar
vga modes or text mode emulation while VBE is active, making qemu
take code paths meant for CGA compatibility, but with the very
large display widths and heigts settable using VBE registers.

Which is good for one or another buffer overflow.  Not that
critical as they typically read overflows happening somewhere
in the display code.  So guests can DoS by crashing qemu with a
segfault, but it is probably not possible to break out of the VM.

Fixes: CVE-2016-3712
Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>
Reported-by: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-02 16:02:59 +02:00
Gerd Hoffmann 2068192dcc vga: update vga register setup on vbe changes
Call the new vbe_update_vgaregs() function on vbe configuration
changes, to make sure vga registers are up-to-date.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-02 16:02:59 +02:00
Gerd Hoffmann 7fa5c2c5dc vga: factor out vga register setup
When enabling vbe mode qemu will setup a bunch of vga registers to make
sure the vga emulation operates in correct mode for a linear
framebuffer.  Move that code to a separate function so we can call it
from other places too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-02 16:02:59 +02:00
Gerd Hoffmann bfa0f151a5 vga: add vbe_enabled() helper
Makes code a bit easier to read.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-02 16:02:59 +02:00
Gerd Hoffmann 3bf1817079 vga: fix banked access bounds checking (CVE-2016-3710)
vga allows banked access to video memory using the window at 0xa00000
and it supports a different access modes with different address
calculations.

The VBE bochs extentions support banked access too, using the
VBE_DISPI_INDEX_BANK register.  The code tries to take the different
address calculations into account and applies different limits to
VBE_DISPI_INDEX_BANK depending on the current access mode.

Which is probably effective in stopping misprogramming by accident.
But from a security point of view completely useless as an attacker
can easily change access modes after setting the bank register.

Drop the bogus check, add range checks to vga_mem_{readb,writeb}
instead.

Fixes: CVE-2016-3710
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-02 16:02:59 +02:00
Jan Vesely 277abf15a6 configure: Check if struct fsxattr is available from linux header
Fixes build failure with --enable-xfsctl and
new linux headers (>=4.5) and older xfsprogs(<4.5):
In file included from /usr/include/xfs/xfs.h:38:0,
                 from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:97:
/usr/include/xfs/xfs_fs.h:42:8: error: redefinition of ‘struct fsxattr’
 struct fsxattr {
        ^
In file included from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:60:0:
/usr/include/linux/fs.h:155:8: note: originally defined here
 struct fsxattr {

This is really a bug in the system headers, but we can work around it
by defining HAVE_FSXATTR in the QEMU headers if linux/fs.h provides
the struct, so that xfs_fs.h doesn't try to define it as well.

CC: qemu-trivial@nongnu.org
CC: Markus Armbruster <armbru@redhat.com>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Stefan Weil <sw@weilnetz.de>
Tested-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Jan Vesely <jano.vesely@gmail.com>
[PMM: adjusted commit message, comments]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-05-02 13:04:26 +01:00
Peter Maydell 20b0f5fef6 acpi: last minute fix for 2.6
Minor, obvious fix only affecting BE hosts.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXJfnwAAoJECgfDbjSjVRpUqgH/jzhrMSe4r6JizzltOPoQ1ET
 5kLv8tsnmJS6VbtEboz2e/4UJZgOKAAkqZ1LV6C9mzxiSmffJWe5gXwCmMrrxdcD
 PFyAJwvnEY6chLF7B4/GxzdP8w6qxBhdSh6QGbGrSPodl5VkuceC4ks3E7Te2p+r
 6SBSBFeVPusaGz/n0F7AktrPgjS9Yyr2fFVpydC52mamwQXIYrSVHmPR6Ch6GTNt
 Z+NbaLq1cId+F8w3CDcDRox8we6UcTMnngg49UZ8XJbv9T19ea3+L1V3fyb7tJ4T
 15M4lOxwNsgKvoa66VUNLAitbiar1bioKNP48i/kdG2GP8P30KKXyMazWAJYJ1o=
 =Jsvf
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

acpi: last minute fix for 2.6

Minor, obvious fix only affecting BE hosts.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Sun 01 May 2016 13:43:28 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  acpi: fix bios linker loadder COMMAND_ALLOCATE on bigendian host

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-05-01 22:52:47 +01:00
Igor Mammedov 1dbfd7892b acpi: fix bios linker loadder COMMAND_ALLOCATE on bigendian host
'make check' fails with:

ERROR:tests/bios-tables-test.c:493:load_expected_aml:
   assertion failed: (g_file_test(aml_file, G_FILE_TEST_EXISTS))

since commit:
caf50c7166
tests: pc: acpi: drop not needed 'expected SSDT' blobs

Assert happens because qemu-system-x86_64 generates
SSDT table and test looks for a corresponding expected
table to compare with.

However there is no expected SSDT blob anymore, since
QEMU souldn't generate one. As it happens BIOS is not
able to read ACPI tables from QEMU and fallbacks to
embeded legacy ACPI codepath, which generates SSDT.
That happens due to wrongly sized endiannes conversion
which makes
 uint8_t BiosLinkerLoaderEntry.alloc.zone
end up with 0 due to truncation of 32 bit integer
which on host is 1 or 2.

Fix it by dropping invalid cpu_to_le32() as uint8_t
doesn't require any conversion.

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1330174

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2016-05-01 15:42:13 +03:00
Peter Maydell 47dac82d8b vvfat fixes for 2.6.0-rc4
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXIy7NAAoJEH8JsnLIjy/WZX0QAKPfirckacYwr2IJWgFQBru+
 BNtZ1ZZLSzCmoLGv3XcU85/UtIlJhROi2cHcu3gtCOsR8MbRXL3gBX2z1Eiox0ew
 n3qODYpDE7rkJjIKg408Mk0kOYHilrXWQIQ0KSVLqFlQ5QtyEeH2fKCgVLqEOWzY
 n8zpRnt52OLgSIGMmBOAA/ZhMQflj/xN8gG6/nGdjAYtCNBJ+I1Ya+OKkMi45buC
 q25sslRiNr7cn6uDNYnd3V8ho6NFCiIa0UdIXdk4S+jabho14A/8jwjLyARQVdqG
 +iShd3m3LmMqPfV/Rf6bRhEptv0cDaWJF+xtUxcIhRn+4UWj3hNYPNuDyiNBY6eY
 F1QEI+2biEfEVSFCPNNeEkMpIweVxtijhirpI7SqK6XUtZluyoskWwOTiBqcO8lu
 qaquksaXoaVIdcq6J5hU1l2PBFKgVXTxHsFIJTZ9Ea2ZuF0JfrbYpWhdmtthEogG
 95J1H5m7aHNK7TZMDGk9nXrtDSJ8KPpV8SDzhXIRe9huJE7Ur1bmeKNWaQ/zAcvs
 E9WeDh5xo0u8F/eTlIEh+aPvSmI30su0+mZROm3yUp2QVlwgya0zGI/F/yH9vqTs
 4ZKyQVd2FC8T04YQBhqiBHqn3TaUKk67NsDoCY49av4Xr6OIZH5S7UFufH1bY33a
 aVUKQqBLOtShKmT4/Hw5
 =m3pG
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

vvfat fixes for 2.6.0-rc4

# gpg: Signature made Fri 29 Apr 2016 10:52:13 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  vvfat: Fix default volume label
  vvfat: Fix volume name assertion

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-29 12:12:33 +01:00
Peter Maydell 849880978e QAPI patches for 2016-04-29
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXIyWkAAoJEDhwtADrkYZTdDYP/3ToM6BdYewLgPihaEVX5gVy
 lSzLnoVGyk+C04m/B233pu+2qJ1AujDfYnIwztYwobEWLnUendvZ+Kedo2j9ptoQ
 /resKHk4EuiZCaKnqNbVugmAH92yPX+yg/fiHhFwMWPUuVxqUDBqoeJNcCJT7Ck4
 V+gLYIP6R9Klx2xMTHCOCm3/daRIFU2D0hqHoq44BOGsba7+WCveOrBH0i+vxZP3
 nqoAzVee13E+0feHguFtJNm450/5JW2kT7cXYv7lqdJonvPO0qqhIhamxife5xSi
 fqGffRYdH5AKcv/05uKekMGdLbYfIQg1elM8DbdGCUFDYmSuCCihFPs+0Hsm/T/W
 P1ThYK8X+jiqYTtHm+abOlltFRyUDGL6pTaNaqTjhHo1mqwpnAu38KWj2cGrh0Ap
 462PBM6mkU0FUJCu04+TRL0AdiFyM+kjJCFqDkSE7l84CNwf9zcHOC+2yTxcCo3w
 xDEY3yDWKNFbRbRGGlJwbpsf2VG/rW0W8it+Ar8BigLRd1gnztkkhsvZrxgszyEc
 ZssiCXiP6aPSiEGE0oZ3VoKJRQsj9iAx+ieFNF7stYgctT6AUZcllPXsfvCxnBMS
 FsK9v8V0vz7cyX9U1I1E6PBNk2JUwPdmoBn/SuCpToeL9pC6EXqgQAGSQehQ4w2j
 iFJ6BsGJB3v1sk7R8I5z
 =yCcb
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-04-29' into staging

QAPI patches for 2016-04-29

# gpg: Signature made Fri 29 Apr 2016 10:13:08 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-qapi-2016-04-29:
  qapi: Don't pass NULL to printf in string input visitor

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-29 11:26:10 +01:00
Kevin Wolf d208c50d9d vvfat: Fix default volume label
Commit d5941dd documented that it leaves the default volume name as it
was ("QEMU VVFAT"), but it doesn't actually implement this. You get an
empty name (eleven space characters) instead.

This fixes the implementation to apply the advertised default.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-04-29 11:14:13 +02:00
Kevin Wolf ebb72c9f06 vvfat: Fix volume name assertion
Commit d5941dd made the volume name configurable, but it didn't consider
that the rw code compares the volume name string to assert that the
first directory entry is the volume name. This made vvfat crash in rw
mode.

This fixes the assertion to compare with the configured volume name
instead of a literal string.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-04-29 11:14:08 +02:00
Eric Blake 0a40bdab0d qapi: Don't pass NULL to printf in string input visitor
Make sure the error message for visit_type_uint64() gracefully
handles a NULL 'name' when called from the top level or a list
context, as not all the world behaves like glibc in allowing
NULL through a printf-family %s.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1461879932-9020-21-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-04-29 11:11:36 +02:00
Samuel Thibault 0d48dfedc5 slirp: fix guest network access with darwin host
On Darwin, connect, sendto and friends want the exact size of the sockaddr,
not more (and in particular, not sizeof(struct sockaddr_storaget))

This commit adds the sockaddr_size helper to be used when passing a sockaddr
size to such function, and makes use of it int sendto and connect calls.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: John Arbuckle <programmingkidx@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-28 18:12:08 +01:00
Peter Maydell 8c4bf97580 MIPS patches 2016-04-28
Changes:
 * fixed RDHWR exception host PC
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJXIdO2AAoJEFIRjjwLKdprFXEH/1vHbu5dCQjnv1khqa9N11+a
 3g2q+KEJuV8r7ZQ2HvlV2Z5iGw1jYDma8vO6xsWhHC7j01NO1nkbDAluPjY6N2Aw
 zdY6NixDd1xNcbc+rg0dYSrS6i42g6Emkaqkb2MzfMj+SjE6dvDWFjqn2gF5VKWy
 oweXoZsn5UhAKDiV8dTRquRH/cF08WFBo+p4Eo4lq5b+m3n/NjESE7n8bm+JjeII
 +1POlZiR+n4uBSEWfLKxR5/kfQMIq9TSXv57izjRX/dz1SwRNrOlOhQ3Sq+BUfQE
 mqIZRFLKHPuePp6ti7zBo5+33McEYAJQR7g2aZYvegB3VW4BqdI/zwHgruPK7ns=
 =m8Gv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/lalrae/tags/mips-20160428' into staging

MIPS patches 2016-04-28

Changes:
* fixed RDHWR exception host PC

# gpg: Signature made Thu 28 Apr 2016 10:11:18 BST using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"

* remotes/lalrae/tags/mips-20160428:
  target-mips: Fix RDHWR exception host PC

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-28 11:48:12 +01:00
Peter Maydell 736f85d5db Fix dangling pointers and error message regressions
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXIazvAAoJEDhwtADrkYZTMpUP/RpYwMtmGaREIpNxlfGIWwiH
 sYW/QY/cEVloozc6X9HkJzZ/EQgb2fA01dvVOL/UA8kshvCpZHdvIpblCzhuv0ZL
 Zj1zm7a6OYDCQZyNwNVAALxd+kVxJF+CGu15JczHiz3L1asVqejufoeOnq9bZPf1
 /zowlMiNXj5oTdP3YkAcC+YXwJHeSwLDSDurwCQOYfvIdGRhbdUY1RhkcDvx8ch8
 h9OtcZy9wIUcYxv3LdGizp6kTCd025VDwHTYNKRQqR0Ge3V7dhoZSK9Z89vi+5FG
 Tj5E2vLeAcWH4Ha+omIQ8Xll5E0FdIbWktri4KVEPyr2/tC3T0XQSGIrZLGnaK/p
 AEwDLQCgpeVOCIgn02fYrPFhH2vjYl0qOigkyGIgjaNxLtfBCuIqZgsEKXOco4IX
 3akKM8sy2FFYLVjfMm2EmpFRrPiiAFChdgyTUdvFHJvlmmk8/PBVMiTNC1p1BNFa
 qml9VitI3BfWE671YHjUXjX8lVAA/noRYpxruWJ+7Q0UrCH5N4zOrlgh7NdWla+I
 6eJEYKBvcFwDTxHm2F5xpgqwJBPQ6DI6A5iPONAtXWL3XoT76IDyEDQC/ZLDc0P1
 02itvuRVNdawj5vUR/Y0UKjnKz2rPGPeeYubTLeVTqwZsbD+iAcldJTQ/YWRIgCY
 Zks5CHUaz0DPkqKrXhZU
 =0UFQ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2016-04-28' into staging

Fix dangling pointers and error message regressions

# gpg: Signature made Thu 28 Apr 2016 07:25:51 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-error-2016-04-28:
  qom: -object error messages lost location, restore it
  replay: Fix dangling location bug in replay_configure()
  QemuOpts: Fix qemu_opts_foreach() dangling location regression

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-28 11:05:37 +01:00
Peter Maydell 61861eff69 ppc patch queue for 2016-04-26 (last minute qemu-2.6 fix)
This just has one, last-minute, fix for a serious regression of memory
 hotplug.
 
 Patch author's comment:
     Really sorry for the way last-minute fix, but without this memory
     hotplug is totally broken :( Hoping to get this in for Wednesday's
     RC4, which I think will be the final before release.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXHtfkAAoJEGw4ysog2bOSt/AP/jfZJvt4zjGAZ4BqVpyISLhM
 n/hPZNglmcvg+YmjOrH/5G7PeX+r6Bf2gyrBjL06sWDSff1FdiBySiJQec6RlEwo
 hq+EBaUWMeWS7Fg/C3evNvg2WGvSDs8KjRKWA76pm8pu+110cxnrRUybIRbbHqaI
 3vxR5Gdewmbvp5VYQgr5e/BSMac7wTT+Us6/Cjr2n5q56e2jjLryM8zMiyqMtP+S
 7XdCqcowXv4dQsaqwLxS0Ata8f2ykrjtp9qADErbULZtEf8cAf8zvTR3ElXtnywq
 pEgxbKJeYQwGScudWb9lzwGRRGTMpM2zLbIuBKjQE2E77yQK0+hsq3FkH6OdipgT
 T8K5gU3p3AFuksZ5/+COVACC364Hry4OrYjTvGDXvsXXfWablrlETqoNtaj5A7Uz
 cvjcNEpja88B+dDxT/bt8Ab8p5pTuo58uUUgT4gLIduzSJlgaJ2qzMvwF4cfIGcB
 5wsKr36GY4jyw3UD0MbXAwDhwvKP9t1FUmhST4qLF0WvNjfM62jGgh1E2DaXKuwF
 +ndVkoaus9yxYgMKyuuI/hXH/M4qk6yuUeNj+E1qM1823XpXQgFW1hnvnPZkbf0f
 nqT1as59kltGhFrv7DVLd3ovYLSjK5XtLAq8NfhTjjEe8nQlzHhql9RRkXedPpLO
 GVwp6DA608M2krlS5TxK
 =zSL+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160426' into staging

ppc patch queue for 2016-04-26 (last minute qemu-2.6 fix)

This just has one, last-minute, fix for a serious regression of memory
hotplug.

Patch author's comment:
    Really sorry for the way last-minute fix, but without this memory
    hotplug is totally broken :( Hoping to get this in for Wednesday's
    RC4, which I think will be the final before release.

# gpg: Signature made Tue 26 Apr 2016 03:52:20 BST using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.6-20160426:
  spapr_drc: fix aborts during DRC-count based hotplug

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-28 10:25:26 +01:00
James Hogan d96391c1ff target-mips: Fix RDHWR exception host PC
Commit b00c72180c ("target-mips: add PC, XNP reg numbers to RDHWR")
changed the rdhwr helpers to use check_hwrena() to check the register
being accessed is enabled in CP0_HWREna when used from user mode. If
that check fails an EXCP_RI exception is raised at the host PC
calculated with GETPC().

However check_hwrena() may not be fully inlined as the
do_raise_exception() part of it is common regardless of the arguments.
This causes GETPC() to calculate the address in the call in the helper
instead of the generated code calling the helper. No TB will be found
and the EPC reported with the resulting guest RI exception points to the
beginning of the TB instead of the RDHWR instruction.

We can't reliably force check_hwrena() to be inlined, and converting it
to a macro would be ugly, so instead pass the host PC in as an argument,
with each rdhwr helper passing GETPC(). This should avoid any dependence
on compiler behaviour, and in practice seems to ensure the full inlining
of check_hwrena() on x86_64.

This issue causes failures when running a MIPS KVM (trap & emulate)
guest in a MIPS QEMU TCG guest, as the inner guest kernel will do a
RDHWR of counter, which is disabled in the outer guest's CP0_HWREna by
KVM so it can emulate the inner guest's counter. The emulation fails and
the RI exception is passed to the inner guest.

Fixes: b00c72180c ("target-mips: add PC, XNP reg numbers to RDHWR")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2016-04-28 10:03:24 +01:00
Markus Armbruster 51b9b478cc qom: -object error messages lost location, restore it
qemu_opts_foreach() runs its callback with the error location set to
the option's location.  Any errors the callback reports use the
option's location automatically.

Commit 90998d5 moved the actual error reporting from "inside"
qemu_opts_foreach() to after it.  Here's a typical hunk:

	 if (qemu_opts_foreach(qemu_find_opts("object"),
    -                          object_create,
    -                          object_create_initial, NULL)) {
    +                          user_creatable_add_opts_foreach,
    +                          object_create_initial, &err)) {
    +        error_report_err(err);
	     exit(1);
	 }

Before, object_create() reports from within qemu_opts_foreach(), using
the option's location.  Afterwards, we do it after
qemu_opts_foreach(), using whatever location happens to be current
there.  Commonly a "none" location.

This is because Error objects don't have location information.
Problematic.

Reproducer:

    $ qemu-system-x86_64 -nodefaults -display none -object secret,id=foo,foo=bar
    qemu-system-x86_64: Property '.foo' not found

Note no location.  This commit restores it:

    qemu-system-x86_64: -object secret,id=foo,foo=bar: Property '.foo' not found

Note that the qemu_opts_foreach() bug just fixed could mask the bug
here: if the location it leaves dangling hasn't been clobbered, yet,
it's the correct one.

Reported-by: Eric Blake <eblake@redhat.com>
Cc: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1461767349-15329-4-git-send-email-armbru@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[Paragraph on Error added to commit message]
2016-04-28 08:19:36 +02:00
Markus Armbruster d9d3aaea0b replay: Fix dangling location bug in replay_configure()
replay_configure() pushes and pops a Location with automatic storage
duration.  Except it fails to pop when -icount parameter "rr" isn't
given.  cur_loc then points to unused stack space, and will most
likely get clobbered in short order.

Clobbered cur_loc can make loc_pop() and error_print_loc() crash or
report bogus locations.

Broken in commit 890ad55.

I didn't take the time to find a reproducer.

Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1461767349-15329-3-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
2016-04-28 08:19:20 +02:00