Commit Graph

16113 Commits

Author SHA1 Message Date
Igor Mammedov 0e9b9edae7 acpi: convert linker from GArray to BIOSLinker structure
Patch just changes type of of linker variables to
a structure, there aren't any functional changes.

Converting linker to a structure will allow to extend
it functionality in follow up patch adding sanity blob
checks.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov 0058c08238 pc: use AcpiDeviceIfClass.send_event to issue GPE events
it reduces number of args passed in handlers by 1 and
a number of used proxy wrappers saving ~20LOC.
Also it allows to make cpu/mem hotplug code more
universal as it would allow ARM to reuse it without
rewrite by providing its own send_event callback
to trigger events usiong GPIO instead of GPE
as fixed hadrware ACPI model doen't have GPE at all.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov eaf23bf794 acpi: extend ACPI interface to provide send_event hook
send_event() hook will allow to send ACPI event in
a target specific way (GPE or GPIO based impl.)
it will also simplify proxy wrappers in piix4pm/ich9
that access ACPI regs and SCI which are part of
piix4pm/lcp_ich9 devices and call acpi_foo() API directly.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2016-06-07 15:36:54 +03:00
Corey Minyard 6d42eefad8 pc: Postpone SMBIOS table installation to post machine init
This is the same place that the ACPI SSDT table gets added, so that
devices can add themselves to the SMBIOS table.

Signed-off-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-06-07 15:36:54 +03:00
Corey Minyard 15139b8ef0 ipmi: rework the fwinfo to be fetched from the interface
Instead of scanning IPMI devices from a fwinfo list, allow
the fwinfo to be fetched from the IPMI interface class.
Then the code looking for IPMI fwinfo can scan devices on a
bus and look for ones that implement the IPMI class.

This will let the ACPI scope be defined by the calling
code so the IPMI code doesn't have to know the scope.

Signed-off-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov 76bdd24ec0 pc: acpi: cpuhp-legacy: switch ProcessorID to possible_cpus idx
In legacy cpu-hotplug ProcessorID == APIC ID is used
in MADT and cpu-hotplug AML. It was fine as both
are 8bit and unique. Spec depricated Processor()
with corresponding ProcessorID and advises to use
Device() and UID instead of it.

However UID is just 32bit and it can't fit ARM's
arch_id(MPIDR) which is 64bit. Also in case of
sparse arch_id() distribution, managment/lookup
of maps by arch_id(APIC ID/MPIDR) becomes complex
and expensive.

In preparation to common CPU hotplug with ARM
and to simplify lookup in possible_cpus[] map
switch ProcessorID to possible_cpus index in
MADT.

Legacy cpu-hotplug considerations:
HW interface of it is APIC ID based bitmask so
it's impossible to change, also CPON package in
AML also APIC ID based as well all the methods.

To avoid massive rewrite of AML keep is so and
just break assumption that ProcessorID == APIC ID,
ammending CPU_MAT_METHOD to accept APIC ID and
possible_cpus index, it needs them both to patch
MADT entry template. Also switch to possible_cpus
index Processor(ProcessorID) AML.
That way changes to MADT/AML are minimal and kept
inside AML/MADT not affecting external interfaces.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov ebd8ea8244 pc: acpi: simplify build_legacy_cpu_hotplug_aml() signature
since IO block used by CPU hotplug is fixed size and
initialized it the same file as build_legacy_cpu_hotplug_aml()
just use ACPI_GPE_PROC_LEN directly instead of passing
it around in several files.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov 672a287227 pc: acpi: consolidate legacy CPU hotplug in one file
Since AML part of CPU hotplug is tightly coupled with
its hardware part (IO port layout/protocol), move
build_legacy_cpu_hotplug_aml() to cpu_hotplug.c
and remove empty cpu_hotplug_acpi_table.c

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov 96e3e12bff pc: acpi: mark current CPU hotplug functions as legacy
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov a630bb314c pc: acpi: cpu-hotplug: make AML CPU_foo defines local to cpu_hotplug_acpi_table.c
now as those defines are used only locally inside of
cpu_hotplug_acpi_table.c, move them out of header file.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov 8edf77e497 pc: acpi: consolidate \GPE._E02 with the rest of CPU hotplug AML
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov 7c2991fa11 pc: acpi: consolidate CPU hotplug AML
move the former SSDT part of CPU hoplug close to DSDT part.
AML is only moved but there isn't any functional change.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov 86958d2ddd pc: acpi: remove AML for empty/not used GPE handlers
ACPI spec requires GPE handlers only for GPE events
that hardware implements.
So remove AML for not supported by QEMU device model
events.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov 7bc6fd2464 acpi: add aml_refof()
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2016-06-07 15:36:54 +03:00
Igor Mammedov e8977414a2 acpi: add aml_debug()
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2016-06-07 15:36:54 +03:00
Alistair Francis 0c18c6c67e zynqmp: Add the ZCU102 board
Most Zynq UltraScale+ users will be targetting and using the ZCU102
board instead of the development focused EP108. To make our QEMU machine
names clearer add a ZCU102 machine model.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: cc82eec026b2febfca252d73362bb7084616c1ad.1464213234.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:32 +01:00
xiaoqiang zhao 1b6d0781c2 hw/char: QOM'ify xilinx_uartlite model
* drop qemu_char_get_next_serial and use chardev prop
* create xilinx_uartlite_create wrapper function to create
  xilinx_uartlite device
* change affected board code to use the new way

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465028065-5855-6-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:32 +01:00
xiaoqiang zhao 7bd43519da hw/char: QOM'ify stm32f2xx_usart model
* drop qemu_char_get_next_serial and use chardev prop
* change affected board code to use the new way

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465028065-5855-5-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:32 +01:00
xiaoqiang zhao 746c3b3eba hw/char: QOM'ify digic-uart model
* drop qemu_char_get_next_serial and use chardev prop
* change affected board code to use the new way

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465028065-5855-4-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:31 +01:00
xiaoqiang zhao 4be12ea09a hw/char: QOM'ify cadence_uart model
* drop qemu_char_get_next_serial and use chardev prop
* create cadence_uart_create wrapper function to create
  cadence_uart_device
* change affected board code to use the new way

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465028065-5855-3-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:31 +01:00
xiaoqiang zhao f0d1d2c115 hw/char: QOM'ify pl011 model
* drop qemu_char_get_next_serial and use chardev prop
* add pl011_create wrapper function to create pl011 uart device
* change affected board code to use the new way

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465028065-5855-2-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:31 +01:00
Dmitry Osipenko 578c4b2f23 hw/ptimer: Introduce ptimer_get_limit
Currently ptimer users are used to store copy of the limit value, because
ptimer doesn't provide facility to retrieve the limit. Let's provide it.

Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 8f1fa9f90d8dbf8086fb02f3b4835eaeb4089cf6.1464367869.git.digetx@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:31 +01:00
Dmitry Osipenko 869e92b5c3 hw/ptimer: Support "on the fly" timer mode switch
Allow switching between periodic <-> oneshot modes while timer is running.

Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: f030be6e28fbd219e1e8d22297aee367bd9af5bb.1464367869.git.digetx@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:31 +01:00
Dmitry Osipenko 7ef6e3cf8d hw/ptimer: Update .delta on period/freq change
Delta value must be updated on period/freq change, otherwise running timer
would be restarted (counter reloaded with old delta). Only m68k/mcf520x
and arm/arm_timer devices are currently doing freq change correctly, i.e.
stopping the timer. Perform delta update to fix affected devices and
eliminate potential further mistakes.

Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 4987ef5fdc128bb9a744fd794d3f609135c6a39c.1464367869.git.digetx@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:30 +01:00
Dmitry Osipenko 5a50307b48 hw/ptimer: Perform counter wrap around if timer already expired
ptimer_get_count() might be called while QEMU timer already been expired.
In that case ptimer would return counter = 0, which might be undesirable
in case of polled timer. Do counter wrap around for periodic timer to keep
it distributed. In order to achieve more accurate emulation behaviour of
certain hardware, don't perform wrap around when in icount mode and return
counter = 0 in that case (that doesn't affect polled counter distribution).

Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 4ce381c7d24d85d165ff251d2875d16a4b6a5c04.1464367869.git.digetx@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:30 +01:00
Dmitry Osipenko e91171e302 hw/ptimer: Fix issues caused by the adjusted timer limit value
Multiple issues here related to the timer with a adjusted .limit value:

1) ptimer_get_count() returns incorrect counter value for the disabled
timer after loading the counter with a small value, because adjusted limit
value is used instead of the original.

For instance:
    1) ptimer_stop(t)
    2) ptimer_set_period(t, 1)
    3) ptimer_set_limit(t, 0, 1)
    4) ptimer_get_count(t) <-- would return 10000 instead of 0

2) ptimer_get_count() might return incorrect value for the timer running
with a adjusted limit value.

For instance:
    1) ptimer_stop(t)
    2) ptimer_set_period(t, 1)
    3) ptimer_set_limit(t, 10, 1)
    4) ptimer_run(t)
    5) ptimer_get_count(t) <-- might return value > 10

3) Neither ptimer_set_period() nor ptimer_set_freq() are adjusting the
limit value, so it is still possible to make timer timeout value
arbitrary small.

For instance:
    1) ptimer_set_period(t, 10000)
    2) ptimer_set_limit(t, 1, 0)
    3) ptimer_set_period(t, 1) <-- bypass limit correction

Fix all of the above issues by adjusting timer period instead of the limit.
Perform the adjustment for periodic timer only. Use the delta value instead
of the limit to make decision whether adjustment is required, as limit could
be altered while timer is running, resulting in incorrect value returned by
ptimer_get_count.

Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: cd141f74f5737480ec586b9c7d18cce1d69884e2.1464367869.git.digetx@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:30 +01:00
Edgar E. Iglesias 2a0ee672c9 xlnx-zynqmp: Use the in kernel GIC model for KVM runs
Use the in kernel GIC model when running with KVM enabled.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1464173555-12800-5-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:30 +01:00
Edgar E. Iglesias 0776d9679d xlnx-zynqmp: Delay realization of GIC until post CPU realization
Delay the realization of the GIC until after CPUs are
realized. This is needed for KVM as the in-kernel GIC
model will fail if it is realized with no available CPUs.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1464173555-12800-4-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:30 +01:00
Edgar E. Iglesias 6ed92b14f6 xlnx-zynqmp: Make the RPU subsystem optional
The way we currently model the RPU subsystem is of quite
limited use. In addition to that, it causes problems for
KVM and for GDB debugging.

Make the RPU optional by adding a has_rpu property and
default to having it disabled.

This changes the default setup from having the RPU to not
longer having it.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1464173555-12800-3-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:29 +01:00
Edgar E. Iglesias 37d42473d1 xlnx-zynqmp: Add a secure prop to en/disable ARM Security Extensions
Add a secure prop to en/disable ARM Security Extensions.
This is particularly useful for KVM runs.

Default to disabled to match the behavior of KVM.

This changes the default setup from having the ARM Security
Extensions to not longer having them.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1464173555-12800-2-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:29 +01:00
Cole Robinson 0bf8039dca hw/arm/virt: Reject gic-version=host for non-KVM
If you try to gic-version=host with TCG on a KVM aarch64 host,
qemu segfaults, since host requires KVM APIs.

Explicitly reject gic-version=host if KVM is not enabled

https://bugzilla.redhat.com/show_bug.cgi?id=1339977
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: b1b3b0dd143b7995a7f4062966b80a2cf3e3c71e.1464273085.git.crobinso@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:29 +01:00
Cédric Le Goater 1602001195 i2c: add aspeed i2c controller
The Aspeed AST2400 integrates a set of 14 I2C/SMBus bus controllers
directly connected to the APB bus. They can be programmed as master or
slave but the propopsed model only supports the master mode.

On the TODO list, we also have :

 - improve and harden the state machine.
 - bus recovery support (used by the Linux driver).
 - transfer mode state machine bits. this is not strictly necessary as
   it is mostly used for debug. The bus busy bit is deducted from the
   I2C core engine of qemu.
 - support of the pool buffer: 2048 bytes of internal SRAM (not used
   by the Linux driver).

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1464704307-25178-1-git-send-email-clg@kaod.org
[PMM: removed unused functions aspeed_i2c_bus_get_state() and
 aspeed_i2c_bus_set_state()]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:29 +01:00
Jens Wiklander fea8a08e16 hw/intc/gic: RAZ/WI non-sec access to sec interrupts
Treat non-secure accesses to registers and bits in registers of secure
interrupts as RAZ/WI.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Message-id: 1464273945-2055-1-git-send-email-jens.wiklander@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:29 +01:00
Ard Biesheuvel e40c3d2e7f hw/arm/virt: fix limit of 64-bit ACPI/ECAM PCI MMIO range
Set the MMIO range limit field to 'base + size - 1' as required.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org>
Message-id: 1463856217-17969-1-git-send-email-ard.biesheuvel@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 16:59:28 +01:00
Peter Maydell 280b2358cd readdir_r() to readdir() conversion, various minor cleanups
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iEYEABECAAYFAldVR/QACgkQAvw66wEB28JwVQCgiTy4bpShd9GiFgJ+eoSgJnt5
 lLcAn3rnv44g0SpW5M7aK4I8RzyEig0X
 =vbbR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging

readdir_r() to readdir() conversion, various minor cleanups

# gpg: Signature made Mon 06 Jun 2016 10:52:52 BST
# gpg:                using DSA key 0x02FC3AEB0101DBC2
# gpg: Good signature from "Greg Kurz <gkurz@fr.ibm.com>"
# gpg:                 aka "Greg Kurz <groug@free.fr>"
# gpg:                 aka "Greg Kurz <gkurz@linux.vnet.ibm.com>"
# gpg:                 aka "Gregory Kurz (Groug) <groug@free.fr>"
# gpg:                 aka "Gregory Kurz (Cimai Technology) <gkurz@cimai.com>"
# gpg:                 aka "Gregory Kurz (Meiosys Technology) <gkurz@meiosys.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2BD4 3B44 535E C0A7 9894  DBA2 02FC 3AEB 0101 DBC2

* remotes/gkurz/tags/for-upstream:
  9p: switch back to readdir()
  9p: add locking to V9fsDir
  9p: introduce the V9fsDir type
  9p: drop useless out: label
  9p: drop useless inclusion of hw/i386/pc.h
  9p/fsdev: remove obsolete references to virtio
  9p: some more cleanup in #include directives

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 15:17:52 +01:00
Peter Maydell e854d0cf78 virtio-gpu: scanout fix, live migration support
vmsvga: security fixes
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXVSCcAAoJEEy22O7T6HE4Zf4P/35npT1VyXPpT7of/4fF/2+k
 zD1mGkB6cd4Zv45A9XkiT9RtaJJdOVnjVNftPp2J7t063lccGUOqbzEohh5At6Bl
 dbtjjbl/WBl+gDRRGGsPT+vHSYkzUBXWaNUeAnph7bgqTaRAm6U18sEnZmdHo6+9
 /Sdtb+hVcoPPrq9g9qspd3DU7anMdbjTMrPepkFVKozK0fHn+LRCDxS5RWFz51C2
 bcQAgPqT1TBYzrrcz8oFCBuDnaxCqHrSiawB/oh6uZwtcG9GGJqYJiDOmvGzJbDN
 RIwWZeOLcOBF2BRNI2AY6abMJkMTcMztEn8iNU8lZmSswgJ6cS+4YBjCsQfCxrcR
 aipbzI405D03oWJGSZed08Ud7Prp+tRHnOk/IU6zX5uT84U/0PVKTgUB9/xwq7L7
 LSKKQUgG6AwCwg5XNneoj2O6H8CgbQGdZ2BVAiN66bYF/6TDG6msXkVotyWttjfK
 Y8DbkHiwcNrbI8vcKed/VGSUEoidk/NljiGeflzgwPoVlB2dbr6LPov2HNHFW/0/
 /3rRatJhLgucjSeIdDU63ze/4If119YYwtj9EykN/Yhizmjsx0+st6BCsgyTjJXj
 HQ/hAk9wGCc/vhILHVoGQ5NOUqcfS05plyBXKF+GREugN7t/RE/kdtob54NeSqmP
 Jr0v3GmCn1zfKS6sw/iu
 =pera
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160606-1' into staging

virtio-gpu: scanout fix, live migration support
vmsvga: security fixes

# gpg: Signature made Mon 06 Jun 2016 08:05:00 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vga-20160606-1:
  virtio-gpu: add live migration support
  vmsvga: don't process more than 1024 fifo commands at once
  vmsvga: shadow fifo registers
  vmsvga: add more fifo checks
  vmsvga: move fifo sanity checks to vmsvga_fifo_length
  virtio-gpu: fix scanout rectangles

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 13:58:24 +01:00
Mark Cave-Ayland 890e48d7fc scsi-disk: fix reads from scsi-disk devices
Commit fcaafb1001 accidentally broke reads from
scsi-disk devices when being updated from its original form to use the new
byte-based block functions. Add the extra missing sector to offset conversion
in order to restore read functionality.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1464931021-25117-1-git-send-email-mark.cave-ayland@ilande.co.uk
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 13:23:41 +01:00
Peter Maydell 8625c3ffc8 audio: pa volume fix, some qomifying.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXVR/BAAoJEEy22O7T6HE4QqkQAMZ4lAbBvJGVQg473Q1nGc1i
 DpRD5uy0tWcDzYw5FnJ1zw78scpp2w4UzMl5w/SBi/G6B3aJnOKLELpEqaTXI9lv
 FnXrfgThol4un+/GmXsUTYhvG5aPK43y2iWNJzNJttg17NNjROAxSd9pP8K0u/lp
 8jGzjc+XPUnAZcy5q9ticV++LmgGyKIhNowgA2BlcoVHSyK6BkgJrXjThPrTbBLk
 hK38BhW0RMxAmuiR2dbfwZKDY9taoAftaNp2UeamDDc15M36CDCFoMHL5Ztqmitb
 SKz+7hMKQUFILhpSQdoZJbJNLe9L+4ThLAHN9dbvOkPW1Fdk5WUKJRnpDXnoyVQX
 pPHFTQiAobWzAYxUrK8qIGcafqaqcmAKN0VHdqE7VUkGIZW4bRrAG/RQ6o1PHsL3
 xtMTn9ChSSMXq86PNkRT5Z2Mr0A0WcBUhKLf5zdvCgESs2GYS+J+GF8vUMr8SnNI
 Qr6wuXow7U+su3fSBbBdimRDkAcM5BxaZjopbjOfI1Ydso+YglTxPxT7JbULuEn2
 etCZaffiTTtc+5u7Gac0OxlcV2lhVHuWaenvdpODJLjjHSBE1XFkLIbJlvwGr6LK
 eV25w3q/YHLkcvlrN5Hy13hmX6gVjZtOabSsnxB78dM+xUPSn62RoepxWSbj2Z9j
 I4J/D3H+SBpeJ/iV+2y/
 =FQbx
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-20160606-1' into staging

audio: pa volume fix, some qomifying.

# gpg: Signature made Mon 06 Jun 2016 08:01:21 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-audio-20160606-1:
  hw/audio: QOM'ify milkymist-ac97.c
  hw/audio: QOM'ify intel-hda
  hw/audio: QOM cleanup for intel-hda
  hw/audio: QOM'ify cs4231.c
  audio: pa: Set volume of recording stream instead of recording device

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 12:47:37 +01:00
Greg Kurz 635324e83e 9p: switch back to readdir()
This patch changes the 9p code to use readdir() again instead of
readdir_r(), which is deprecated in glibc 2.24.

All the locking was put in place by a previous patch.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-06-06 11:52:34 +02:00
Greg Kurz 7cde47d4a8 9p: add locking to V9fsDir
If several threads concurrently call readdir() with the same directory
stream pointer, it is possible that they all get a pointer to the same
dirent structure, whose content is overwritten each time readdir() is
called.

We must thus serialize accesses to the dirent structure.

This may be achieved with a mutex like below:

lock_mutex();

readdir();

// work with the dirent

unlock_mutex();

This patch adds all the locking, to prepare the switch to readdir().

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-06-06 11:52:34 +02:00
Greg Kurz f314ea4e30 9p: introduce the V9fsDir type
If we are to switch back to readdir(), we need a more complex type than
DIR * to be able to serialize concurrent accesses to the directory stream.

This patch introduces a placeholder type and fixes all users.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-06-06 11:52:34 +02:00
Greg Kurz 8762a46d36 9p: drop useless out: label
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-06-06 11:52:34 +02:00
Greg Kurz beff62e683 9p: drop useless inclusion of hw/i386/pc.h
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-06-06 11:52:34 +02:00
Greg Kurz af8b38b0d1 9p/fsdev: remove obsolete references to virtio
Most of the 9p code is now virtio agnostic. This patch does a final cleanup:
- drop references to Virtio from the header comments
- fix includes

Also drop a couple of leading empty lines while here.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-06-06 11:52:34 +02:00
Greg Kurz aae91ad9ae 9p: some more cleanup in #include directives
The "9p-attr.h" header isn't needed by 9p synth and virtio 9p.

While here, also drop last references to virtio from 9p synth since it is
now transport agnostic code.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-06-06 11:52:34 +02:00
Dmitry Fleytman de5dca1b79 e1000e: Fix build with gcc 4.6.3 and ust tracing
This patch fixes used-uninitialized false
positive while compiling with ust tracing
backend plus gcc 4.6.3:

hw/net/e1000e.c: In function ‘e1000e_io_write’:
hw/net/e1000e.c:170:39: error: ‘idx’ may be used uninitialized in this function [-Werror=uninitialized]
hw/net/e1000e.c: In function ‘e1000e_io_read’:
hw/net/e1000e.c:145:35: error: ‘idx’ may be used uninitialized in this function [-Werror=uninitialized]
cc1: all warnings being treated as errors
make: *** [hw/net/e1000e.o] Error 1

Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-id: 1465023763-10773-1-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06 09:42:54 +01:00
Gerd Hoffmann 0c244e50ee virtio-gpu: add live migration support
Store some additional state for cursor and resource backing storage,
so we can write out and reload things.  Implement vmsave+vmload for
2d mode.  Continue blocking live migration in 3d/virgl mode.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464009727-7753-1-git-send-email-kraxel@redhat.com
2016-06-06 09:04:34 +02:00
Gerd Hoffmann 4e68a0ee17 vmsvga: don't process more than 1024 fifo commands at once
vmsvga_fifo_run is called in regular intervals (on each display update)
and will resume where it left off.  So we can simply exit the loop,
without having to worry about how processing will continue.

Fixes: CVE-2016-4453
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464592161-18348-5-git-send-email-kraxel@redhat.com
2016-06-06 09:04:29 +02:00
Gerd Hoffmann 7e486f7577 vmsvga: shadow fifo registers
The fifo is normal ram.  So kvm vcpu threads and qemu iothread can
access the fifo in parallel without syncronization.  Which in turn
implies we can't use the fifo pointers in-place because the guest
can try changing them underneath us.  So add shadows for them, to
make sure the guest can't modify them after we've applied sanity
checks.

Fixes: CVE-2016-4454
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464592161-18348-4-git-send-email-kraxel@redhat.com
2016-06-06 09:04:24 +02:00
Gerd Hoffmann c2e3c54d39 vmsvga: add more fifo checks
Make sure all fifo ptrs are within range.

Fixes: CVE-2016-4454
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464592161-18348-3-git-send-email-kraxel@redhat.com
2016-06-06 09:04:19 +02:00