Age | Commit message (Collapse) | Author | Files | Lines |
|
Commit de024815e3b523addf58f1f79846b7fe74643678 (target-i386: QOM'ify
CPU init) moved mce_init() call from helper.c:cpu_x86_init() into
X86CPU's cpu.c:x86_cpu_initfn().
mce_init() checks for a family >= 6 though, so we could end up with a
sequence such as for -cpu somecpu,family=6:
x86_cpu_initfn => X86CPU::family == 5
mce_init => no-op
cpu_x86_register => X86CPU::family = 6
=> MCE unexpectedly not init'ed
or for -cpu someothercpu,family=5:
x86_cpu_initfn => X86CPU::family == 6
mce_init => init'ed
cpu_x86_register => X86CPU::family = 5
=> MCE unexpectedly init'ed
Therefore partially revert the above commit. To avoid moving
mce_init() back into helper.c, foresightedly move it into a
new x86_cpu_realize() function and, in lack of ObjectClass::realize,
call it directly from cpu_x86_init().
While at it, move the qemu_init_vcpu() call that used to follow
mce_init() in cpu_x86_init() into the new realizefn as well.
Reported-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Document the possible NULL return value]
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
There is no function cpu_mips_get_clock(), so drop it.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Stefan Weil <sw@weilnetz.de>
|
|
Implement registers for clearing OBIO and PCI interrupts
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Similarly to PCI interrupt mappings, the OBIO ones have to be initialized.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Fix UltraSPARC/JPS1/UA2007 VIS block load instructions broken in
30038fd81808f7c3bca92be2369e74c8ca7b3d69.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
[blauwirbel@gmail.com: trimmed unwanted part of patch]
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
According to UltraSPARC - IIi User's manual:
14.1.11 Address Masking (Impdep #125)
When PSTATE.AM=1, the CALL, JMPL, and RDPC instructions and all traps
transmit zero in the high-order 32-bits of the PC to their specified
destination registers.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
This is a partial revert of commits a369da5 (vga: improve VGA logic,
committed 2012-01-22) and c5bd4f3 (vga: fix -nodefaults -device VGA,
2012-01-24) which broke command-line option parsing in different ways.
Since commit a369da5 it has become impossible to specify a VGA device
entirely with QemuOpts-enabled options, i.e. without needing an explicit
"-vga none".
In addition, until commit c5bd4f3 -nodefaults would not disable the device
you specified with the legacy "-vga" option, independent of the order.
Since commit c5bd4f3 QEMU -nodefaults will override a previous -vga
option.
I did not reintroduce machine->no_vga. Boards can simply ignore the
vga_interface_type variable, and most will indeed do so.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Cleanup commit e554861766d9ae84dd5720baa4869f4ed711506f have changed
code_address calculation in the tlb_set_page function in case of access
to a page with a watchpoint. This caused QEMU segfault in the xtensa
test_break unit test. Fix it by moving code_address assignment above
memory_region_section_get_iotlb call.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
The macro definition of cpu_init meant that if cpu_arm_init()
returned NULL this wouldn't result in cpu_init() itself returning
NULL. This had the effect that "-cpu foo" for some unknown CPU
name 'foo' would cause ARM targets to segfault rather than
generating a useful error message. Fix this by making cpu_init
a simple inline function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Andreas Färber <afaerber@suse.de>
|
|
This patch fixes a bug affecting a variety of Neon instructions, such as
VQADD.
Signed-off-by: Matt Craighead <mjcraighead@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Adjust the tcg_out_qemu_{ld,st}() slow paths to pass AREG0 in r3,
based on patches by malc.
Also adjust the registers clobbered, based on patch by Alex.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Alexander Graf <agraf@suse.de>
[AF: Do not hardcode r3 for AREG0, requested by Alex]
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
This accounts for the additional addr_reg2 register.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Also assure i64 alignment where necessary.
Alignment code optimization suggested by malc.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
For targets where TARGET_LONG_BITS != 32, i.e. 64-bit guests,
addr_reg is moved to r4. For hosts without TCG_TARGET_CALL_ALIGN_ARGS
either data_reg2 or data_reg or a masked version thereof would overwrite
r4. Place it in r5 instead, matching TCG_TARGET_CALL_ALIGN_ARGS hosts.
This fixes immediate crashes of 64-bit guests observed on Darwin/ppc but
not on Darwin/ppc64.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Acked-by: malc <av1474@comtv.ru>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
* qmp/queue/qmp:
hmp: fix bad value conversion for M type
hmp: expr_unary(): check for overflow in strtoul()/strtoull()
vl: drop is_suspended variable
runstate: introduce suspended state
qapi-schema.json: fix RunState enums alphabetical order
wakeup on migration
|
|
The M type converts from megabytes to bytes. However, the value can be
negative before the conversion, which will lead to a flawed conversion.
For example, this:
(qemu) balloon -1000000000000011
(qemu)
Just "works", but the value passed by the balloon command will be
something else.
This patch fixes this problem by requering a positive value before
converting. There's really no reason to accept a negative value for
the M type.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
It's not checked currently, so something like:
(qemu) balloon -100000000000001111114334234
(qemu)
Will just "work" (in this case the balloon command will get a random
value).
Fix it by checking if strtoul()/strtoull() overflowed.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Check for the RUN_STATE_SUSPENDED state instead.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
|
|
QEMU enters in this state when the guest suspends to ram (S3).
This is important so that HMP users and QMP clients can know that
the guest is suspended. QMP also has an event for this, but events
are not reliable and are limited (ie. a client can connect to QEMU
after the event has been emitted).
Having a different state for S3 brings a new issue, though. Every
device that doesn't run when the VM is stopped but wants to run
when the VM is suspended has to check for RUN_STATE_SUSPENDED
explicitly. This is the case for the keyboard and mouse devices,
for example.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
|
|
Wakeup the guest when the live part of the migation is finished.
This avoids being in suspended state on migration, so we don't
have to save the is_suspended bit.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
|
|
h2g() will assert if passed an address that's not a valid guest address,
so handle_cpu_signal() needs to check before passing "data address
which caused a segfault" to it, since for a misbehaving guest
that could be anything. If the address isn't a valid guest address
then we can simply skip the attempt to unprotect a guest page
which was made read-only to catch self-modifying code.
This assertion probably fires more readily now than it used to
do because of recent changes to default to reserving guest address
space.
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
The script is organized as a sequence of binfmt registrations, with a
check whether the to be registered architecture matches the host.
Add a missing fi for the SuperH section.
Reported-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
State struct CPU had been renamed to CPUState, former CPUState to
CPUArchState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
When auto-detecting VirtFS support, virtfs="". Set it to "no" after
checking whether it was explicitly requested through --enable-virtfs.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Avoid tab-indention and fit in with the surrounding code.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Code which is compiled with CONFIG_TCG_DEBUG (set by configure option
--enable-debug-tcg) should not disable the assert macro by
defining NDEBUG.
With the wrong macro name CONFIG_TCG_DEBUG, all assertions in tci.c
were completely useless because NDEBUG was always defined.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
sys/param.h is needed for __FreeBSD_version.
Pointed out by Juergen, thanks.
Signed-off-by: Andreas Faerber <andreas.faerber@web.de>
Cc: Juergen Lock <nox@jelal.kn-bremen.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
* mst/tags/for_anthony:
rtl8139: fix regression in TxStatus/TxAddr read
|
|
* kwolf/for-anthony:
fdc: simplify media change handling
qcow2: lock on prealloc
block: make bdrv_create adopt coroutine
qcow2: Limit COW to where it's needed
sheepdog: switch to writethrough mode if cluster doesn't support flush
|
|
* bonzini/scsi-next:
scsi: Add assertion for use-after-free errors
scsi: remove useless debug messages
scsi: set VALID bit to 0 in fixed format sense data
scsi: do not require a minimum allocation length for REQUEST SENSE
scsi: do not require a minimum allocation length for INQUIRY
scsi: parse 16-byte tape CDBs
scsi: do not report bogus overruns for commands in the 0x00-0x1F range
scsi-disk: add dpofua property
scsi: change "removable" field to host many features
scsi: Specify the xfer direction for UNMAP and ATA_PASSTHROUGH commands
scsi: fix WRITE SAME transfer length and direction
scsi: fix refcounting for reads
scsi: prevent data transfer overflow
ISCSI: Add support for thin-provisioning via discard/UNMAP and bigger LUNs
|
|
* riku/linux-user-for-upstream:
linux-user: fix emulation of /proc/self/maps
linux-user: Clean up interim solution for exit syscall
|
|
* spice/spice.v54:
qxl: don't assert on guest create_guest_primary
qxl: ioport_write: remove guest trigerrable abort
qxl: qxl_add_memslot: remove guest trigerrable panics
qxl: interface_notify_update: remove guest trigerrable abort
qxl: cleanup s/__FUNCTION__/__func__/
qxl: don't abort on guest trigerrable ring indices mismatch
qxl: fix > 80 chars line
qxl: replace panic with guest bug in qxl_track_command
qxl: check for NULL return from qxl_phys2virt
hw/qxl.c: qxl_phys2virt: replace panics with guest_bug
spice_info: add mouse_mode
spice: require spice-protocol >= 0.8.1
|
|
* sweil/fixes:
qemu-timer: Fix limits for w32 mmtimer
qom: Fix memory leak in function container_get
hw/pc_sysfw: Fix memory leak
qdev: Fix memory leak in function set_pci_devfn
arm-semi: Rename SYS_XXX macros to TARGET_SYS_XXX (fixes compiler warning)
target-mips: Remove unused inline function
|
|
Commit afe0a595356192 added byte reads for TxStatus/TxAddr, but
broke 32-bit reads; the mask generation
(1 << (8 * size)) - 1
is unspecified in C for size >= sizeof(int), and in fact returns 0
on x86.
Fix by using a larger type.
Fixes (at least) Fedora 9 i386 with -machine kernel_irqchip=on. I
didn't see it with the qemu APIC implementation; may be due to timing
or (more likely) a tester error.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
This also (partly) fixes IBM OS/2 Warp 4.0 floppy installation, where
not all floppies have the same format (2x80x18 for the first ones,
2x80x23 for the next ones).
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
preallocate() will be locked. This is required because
qcow2_alloc_cluster_link_l2() assumes that it runs under a lock that it
can drop while COW is being performed.
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
The current qemu.git introduces failure with preallocation and some
sizes:
qemu-img create -f qcow2 new.img 976563K -o preallocation=metadata
qemu-img: qemu-coroutine-lock.c:111: qemu_co_mutex_unlock: Assertion
`mutex->locked == 1' failed.
And lock needs to work in coroutine context. So to fix this issue, we
need to make bdrv_create adopt coroutine at first.
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
This fixes a regression introduced in commit 250196f1. The bug leads to
data corruption, found during an Autotest run with a Fedora 8 guest.
Consider a write request whose first part is covered by an already
allocated cluster, but additional clusters need to be newly allocated.
When counting the number of clusters to allocate, the qcow2 code would
decide to do COW for all remaining clusters of the write request, even
if some of them are already allocated.
If during this COW operation another write request is issued that touches
the same cluster, it will still refer to the old cluster. When the COW
completes, the first request will update the L2 table and the second
write request will be lost. Note that the requests need not overlap, it's
enough for them to touch the same cluster.
This patch ensures that only clusters that really require COW are
considered for allocation. In this case any other request writing to the
same cluster will be an allocating write and gets serialised.
Reported-by: Marcelo Tosatti <mtosatti@redhat.com>
Tested-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
This is necessary for qemu to work with the older version of Sheepdog
which doesn't support SD_OP_FLUSH_VDI.
Signed-off-by: MORITA Kazutaka <morita.kazutaka@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
The Linux AC97 driver tests this bit to decide wether or not to show
an External amplifier toggle control.
This patch was also tested with a Windows XP guest without any issues.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
|
|
The Linux ac97 drivers does a number of register read/write tests to
see how much resolution a volume control actually has.
This patch takes this into account by masking out any bits written to
a volume control reg which should not be there according to the spec.
After this the Linux ac97 driver correctly uses a range of 0 - 0x1f for
the PCM out volume, as stated in the spec, and we can fix the FIXME
in update_combined_volume_out().
This patch was also tested with a Windows XP guest without any issues.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
|
|
After commit 19677a380a70348134ed7650b294522617eb03fc:
"hw/ac97: add support for volume control"
We are (correctly) using AC97_Record_Gain_Mute and not AC97_Line_In_Volume_Mute
for recording volume, but various places in hw/ac97 were still assumimg that
we are using AC97_Line_In_Volume_Mute for record volume control, this patch
fixes this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
|
|
The Linux ac97 driver tries to see if optional things like video input
volume control are available in 2 ways:
1) See if the mute bit is set after reset, if it is no further tests are done
2) If the mute bit is not set it does a write/read test of the mute bit
This patch changes our ac97 to conform to what the Linux driver expects, it
initializes registers for things which we don't emulate to 0 (so the mute bit
is not set) and makes them read only.
This causes Linux to now longer show the following (functionless)
controls in alsamixer:
Master Mono vol + mute
3d Control toggle
PCM out pre / post 3d select
Surround toggle
CD vol + mute
Mic vol + mute
Mic boost toggle
Mic mic1 / mic2 select
Video vol + mute
Phone vol + mute
Beep mono vol + mute
Aux vol + mute
Mono "output mic" / "mix" select
Sigmatel 4 speaker stereo toggle
Sigmatel ADC 6Db att toggle
Sigmatel DAC 6Db att toggle
This patch was also tested with a Windows XP guest and there it also makes
a number of functionless mixer controls go away.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
|
|
Fix a small copy and paste error in logging.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
|
|
The QEMU emulation which is currently used with Raspberry PI images
(qemu-system-arm -M versatilepb ...) accesses memory which was freed.
Valgrind output (extract):
==17857== Invalid write of size 4
==17857== at 0x24EB06: scsi_req_unref (scsi-bus.c:1273)
==17857== by 0x24FFAE: scsi_read_complete (scsi-disk.c:277)
==17857== by 0x152ACC: bdrv_co_em_bh (block.c:3363)
==17857== by 0x13D49C: qemu_bh_poll (async.c:71)
==17857== by 0x211A8C: main_loop_wait (main-loop.c:503)
==17857== by 0x207954: main_loop (vl.c:1555)
==17857== by 0x20E9C9: main (vl.c:3653)
==17857== Address 0x1c54383c is 12 bytes inside a block of size 260 free'd
==17857== at 0x4824B3A: free (vg_replace_malloc.c:366)
==17857== by 0x20ADFA: free_and_trace (vl.c:2250)
==17857== by 0x4899FC5: g_free (in /lib/libglib-2.0.so.0.2400.1)
==17857== by 0x24EB3B: scsi_req_unref (scsi-bus.c:1277)
==17857== by 0x24F003: scsi_req_complete (scsi-bus.c:1383)
==17857== by 0x25022A: scsi_read_data (scsi-disk.c:334)
==17857== by 0x24EB9F: scsi_req_continue (scsi-bus.c:1289)
==17857== by 0x1C7787: lsi_do_dma (lsi53c895a.c:575)
==17857== by 0x1C8CDA: lsi_execute_script (lsi53c895a.c:1147)
==17857== by 0x1C74EA: lsi_resume_script (lsi53c895a.c:510)
==17857== by 0x1C7ECD: lsi_transfer_data (lsi53c895a.c:746)
==17857== by 0x24EC90: scsi_req_data (scsi-bus.c:1307)
(There are some more similar messages.)
This patch adds an assertion which also detects those errors:
Calling scsi_req_unref is not allowed when the previous call
of that function has decremented refcount to 0, because in this
case req was freed.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Optional inquiry information is declared obsolete in the latest versions
of the standard; invalid CDBs or unsupported VPD pages are supported
can be diagnosed with trace_scsi_inquiry.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
The INFORMATION field (bytes 3..6) is never set by QEMU, so the VALID
bit must be 0.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|