Commit Graph

38507 Commits

Author SHA1 Message Date
Stefan Hajnoczi c9d9331851 sd: convert sd_normal_command() ffs(3) call to ctz32()
ffs() cannot be replaced with ctz32() when the argument might be zero,
because ffs(0) returns 0 while ctz32(0) returns 32.

The ffs(3) call in sd_normal_command() is a special case though.  It can
be converted to ctz32() + 1 because the argument is never zero:

  if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
      ~~~~~~~~~~~~~~~
            ^--------------- req.arg cannot be zero

Cc: Markus Armbruster <armbru@redhat.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-7-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Stefan Hajnoczi bd2a88840e Convert ffs() != 0 callers to ctz32()
There are a number of ffs(3) callers that do roughly:

  bit = ffs(val);
  if (bit) {
      do_something(bit - 1);
  }

This pattern can be converted to ctz32() like this:

  zeroes = ctz32(val);
  if (zeroes != 32) {
      do_something(zeroes);
  }

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-6-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Stefan Hajnoczi 786a4ea82e Convert (ffs(val) - 1) to ctz32(val)
This commit was generated mechanically by coccinelle from the following
semantic patch:

@@
expression val;
@@
- (ffs(val) - 1)
+ ctz32(val)

The call sites have been audited to ensure the ffs(0) - 1 == -1 case
never occurs (due to input validation, asserts, etc).  Therefore we
don't need to worry about the fact that ctz32(0) == 32.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-5-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Stefan Hajnoczi 5863d374a3 uninorth: convert ffs(3) to ctz32()
It is not clear from the code how a 0 parameter should be handled by the
hardware.  Keep the same behavior as ffs(0) - 1 == -1.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-4-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Stefan Hajnoczi ad5f5fdca8 hw/arm/nseries: convert ffs(3) to ctz32()
It is not clear from the code how a 0 parameter should be handled by the
hardware.  Keep the same behavior as ffs(0) - 1 == -1.

Cc: Andrzej Zaborowski <balrog@zabor.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-3-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Stefan Hajnoczi 588ef9d411 bt-sdp: fix broken uuids power-of-2 calculation
The binary search in sdp_uuid_match() only works when the number of
elements to search is a power of two.

  lo = record->uuid;
  hi = record->uuids;
  while (hi >>= 1)
      if (lo[hi] <= val)
          lo += hi;

  return *lo == val;

I noticed that the record->uuids calculation in
sdp_service_record_build() was suspect:

  record->uuids = 1 << ffs(record->uuids - 1);

Unlike most ffs(val) - 1 users, the expression is ffs(val - 1)!

Actually ffs() is the wrong function to use for power-of-2.  Use
pow2ceil() to achieve the correct effect.  Now the record->uuid[] array
is sized correctly and the binary search in sdp_uuid_match() should
work.

I'm not sure how to run/test this code.

Cc: Andrzej Zaborowski <balrog@zabor.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-2-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Alberto Garcia ecdda9e03d MAINTAINERS: Add myself as the maintainer of the Quorum driver
Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-id: 1426522925-14444-1-git-send-email-berto@igalia.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Yi Wang 407bc15033 savevm: create snapshot failed when id_str already exists
The command "virsh create" will fail in such condition: vm has two
disks: vda and vdb. vda has snapshot s1 with id "1", vdb doesn't have
s1 but has snapshot s2 with id "1".  When we want to run command "virsh
create s1", del_existing_snapshots() only deletes s1 in vda, and
bdrv_snapshot_create() tries to create vdb's snapshot s1 with id "1",
but id "1" alreay exists in vdb with name "s2"!

The simplest way is call find_new_snapshot_id() unconditionally.

Signed-off-by: Yi Wang <up2wing@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Peter Maydell 84cbd63f87 X86 queue, 2015-04-27 (v2)
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJVPoMfAAoJECgHk2+YTcWmzuQQAIOf4o/0t/lV87uR1/smP+E/
 mvdWm9FiaRXkc0SYrIdpNoPyyMfNnzwDocywIaMcMNEzxMe1oP/objm3yWuOpeeH
 Q26oMt/phXsPBRl5vxhAQ29LxuCagDivRFyTUxa7E8/D9GKmVFE6/orwHeMfwUEs
 frILNM5lCLiXk4dgeQPW9xWb8iAm/RVRWFRIya5HVh51PjjsN/iLQDtSLM5Ivvvn
 Pn5+cspcjD6bjM3tGiXYJZtUdoKh/7Dc8QLHhOOGd0XGysnfEbsmNQbk5Kl62PL/
 3Ug0yQWpecM5IrmPWi/Omh2YJNdTbrjsOMaLWZv2LtWl/o8mD51rPJeK9Pfym/26
 dsQgcYK/0GowEOxb/PUkWoX7eNziUyKryksgtdLxyrcllO5QKhrkTibDh8UOKYwI
 X6qEqrhCJ8pN6GhFJYK/2ieMajOoa3TE7WE5CenEPFyEmDqQkKWrjUyc0YZjcZ98
 cHJESCyXxaetzpwt17WT+vaEwpKyj7RBBS55fuV7S6+QRpWewyvxsKcEe7nfHDPe
 k7VOkG7YD0LX9dnoFGLvHbxms/QUji5K2rprvZYdA5PNywTwRsyW58XR/G1jOU2Q
 oDkLL+B52A3+cBUz4n7yrP4GumvxTR9mfOGbvdKXRYHyJka74aoGecPblAVz3ew4
 UTgqXmdlJzA5SzyPObcq
 =t4Wd
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging

X86 queue, 2015-04-27 (v2)

# gpg: Signature made Mon Apr 27 19:42:39 2015 BST using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-pull-request:
  target-i386: Remove AMD feature flag aliases from CPU model table
  target-i386: X86CPU::xlevel2 QOM property
  target-i386: Make "level" and "xlevel" properties static
  qemu-config: Accept empty option values
  MAINTAINERS: Change status of X86 to Maintained
  MAINTAINERS: Add myself to X86

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-28 12:22:20 +01:00
Peter Maydell 54965ee61d NUMA queue, 2015-04-27
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJVPnmrAAoJECgHk2+YTcWm9fkQALwhU06fh1C3zOqW162cYnPi
 omkrj89606UzbpC9/NxP1XsjJcXysjD2Dn+yZ5F4WKwHOuqRcoj9wdp/PdE1+lUt
 +Dwl3+c0waVmRm91fBA71EgkENGpd1+d0BmddAKhCcoM/R1qtH/RJBVmmojHnt7g
 43uAVunV2PLpnW00nug4fJZnjS/MN3d5MDyJLw0AbaLLGDojG7r9sI6UMbOK8I2l
 zjCX+RUDAzf4QPPszwvwD+2JsZOSUoqNRts42FxGe1AOMvH4REBnIJZzbFoZ58lr
 tqL+1vJYx6HHvvZu0/gWSD4tmQenWelhlfVIig1L02srJKLq2Zw6oq18D9QOJXdd
 7a/lkM+RRCFYwBQR/74ZIFEvS5VxtJzQbxpuHAf0A5tjHzV7E97Nz7SwvuSAAdCv
 aKQSKqMa5aQFxCaUK6sl7u5X08Av9o6cNg2z7Ri+hFFVXQu1JIKoNFxPH9As/gDZ
 YtGSrsVDBEYHxLF70iLXWEMdxM5j5Aec1HIBYWGXA930hSXDxZYRSFnbRhiPe7HI
 wArOPvk81w/DrD0Pqy+4r9emxPsiDbAn/U03VYHVoSZXl6BbHN8gMnyF+X0sZT3f
 kaLQEFihzTHron7b3nzfrFsktkbrRWnxCeqVhhMn0yPCZwJV6I/MD01FcDdTe7y0
 f16IYLpvqMDTDT+HUt/d
 =P+kR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into staging

NUMA queue, 2015-04-27

# gpg: Signature made Mon Apr 27 19:02:19 2015 BST using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/numa-pull-request:
  MAINTAINERS: Add myself as NUMA code maintainer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-28 11:33:47 +01:00
Peter Maydell da378d014d target-arm queue:
* memory system updates to support transaction attributes
  * set user-mode and secure attributes for accesses made by ARM CPUs
  * rename c1_coproc to cpacr_el1
  * adjust id_aa64pfr0 when has_el3 CPU property disabled
  * allow ARMv8 SCR.SMD updates
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJVPlJWAAoJEDwlJe0UNgzeX6wP/3VRL+vFcgTugqLtG5MNpWl1
 FOjWikAKY6NNjddduK4e7gusy3a9NVnLJnqEfBL+9PYsWyMkDPJKgVzy+4gBl6Yy
 M5kGlemzLF1Fnx0ORXRLN4MHXDnrr7JIKtscKVMIZHG4YyqkWpd/iVWu+IlB+F2e
 S10QT+Djv3eAR/hu64CbdgQ+d2EzP5z84t+qIB/BMSklZ+wv/MFctotUb2LY+6xT
 9Sj1s1820BJGK1prFg9yb4NKsGcmwbn490bVb5Q6t5otqwns4O1LHlVLRpN5HAXB
 XReCuyaTBif1sD/iRlBTZGBdbM9p4UEPFwFDA8CEToZlRQemm7y+YZxkNgVLSVX3
 SeCUuYz81kklRmC4egKeMs1l4jKmNCKvHhoO/XpEVAwlIcf/Aap/Bm31G1hB5moI
 Ao0yEd9PXOinOxUSNUtmdM0CfVx7Rmja98Li4/7+GcgsyqOVO2M+dOp5dR5JUumf
 YbnYxegoxAGCSvXtmGqwPOnFcIpXJ/0a4mjVx40govnYC1KEc97KA+//pFQIy8s8
 cDKFYSVdpZ6VJ5M1V2fr4uUPa7phTZQDw8k7UoxzcjfL/ABQErkQG7ABcx+Q1txZ
 K7pA8LtCxInn+Ah03VPya2BRpb1eC+7ycr7ezb0Vlc7XtxgRqWGesvcWAr9z+Jtm
 eyr8k+QtnO9ic7Pgpt8M
 =hDRI
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150427' into staging

target-arm queue:
 * memory system updates to support transaction attributes
 * set user-mode and secure attributes for accesses made by ARM CPUs
 * rename c1_coproc to cpacr_el1
 * adjust id_aa64pfr0 when has_el3 CPU property disabled
 * allow ARMv8 SCR.SMD updates

# gpg: Signature made Mon Apr 27 16:14:30 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20150427:
  Allow ARMv8 SCR.SMD updates
  target-arm: Adjust id_aa64pfr0 when has_el3 CPU property disabled
  target-arm: rename c1_coproc to cpacr_el1
  target-arm: Check watchpoints against CPU security state
  target-arm: Use attribute info to handle user-only watchpoints
  target-arm: Add user-mode transaction attribute
  target-arm: Use correct memory attributes for page table walks
  target-arm: Honour NS bits in page tables
  Switch non-CPU callers from ld/st*_phys to address_space_ld/st*
  exec.c: Capture the memory attributes for a watchpoint hit
  exec.c: Add new address_space_ld*/st* functions
  exec.c: Make address_space_rw take transaction attributes
  exec.c: Convert subpage memory ops to _with_attrs
  Add MemTxAttrs to the IOTLB
  Make CPU iotlb a structure rather than a plain hwaddr
  memory: Replace io_mem_read/write with memory_region_dispatch_read/write
  memory: Define API for MemoryRegionOps to take attrs and return status

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-28 10:31:03 +01:00
Peter Maydell 3d27b09cf6 spice: misc fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJVPhd0AAoJEEy22O7T6HE4sMkQAK9TcUjMKvKf7k20WsFBDgkc
 RS/NHEHNrrscnWz+n845NDueFvYAa7DfAKok0ayzD5XSK2RC3AkcGsQ/PF21kg5t
 +9B0y7YIdJoAt+9w+SulwF6hcK9wWBx0NOUWJomoZWntZcawAv5pTOTvcLR2TJhN
 eGHuI1lw/Hnsqr0vYXqkFdNNB66zA24oZiaryxsy/TMpd6vlGX3JIvDaLcTden1W
 u0Fmta5JEDlPCiPIBVxau88U21pDeg6PHEHmWhkeLo45Tsr+R+dB72Ugbguihr1x
 LRpzQtZoq8gqyqY2+r1lOS5cHNvCkqZhtDK80Aeo2UPxlg88YPMFvonTuvY8Y8Jm
 6Mq1gepyI48LdoKwoL8S2ja5W8++unS6kd1oP1fxqalWqFI8mwIB1v4W75a4ejxq
 drbVWY4jnJDkNiz8BKmg9GLE4mEConei0Ip/lbgflESbjJ9g0Y7IGoc91cjsCXCv
 1MuAphNrkwLSckJpNxooKzO7MMhYFw9PGNX26RWE64iRnwMFCsqOxE1KC7rzdnZY
 Y09fVV+GC1h5XyH25M5cyMCV5r/S/eM1Y6GEhq/OS8xmunGp2WKB7rmaoLMlioMs
 SiPExlwTaqiZldBHfB71h2E41C7awcmcmY+NsORSxIEg6eTyT4/jljQQXGiwm0JA
 IcfrFHJHvmmWPL6CLwS0
 =Vi97
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20150427-1' into staging

spice: misc fixes.

# gpg: Signature made Mon Apr 27 12:03:16 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/spice/tags/pull-spice-20150427-1:
  spice: learn to hide cursor
  spice: set pointer position on hotspot
  spice: fix mouse cursor position
  spice: fix simple display on bigendian hosts
  monitor: Make client_migrate_info synchronous

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-27 20:00:57 +01:00
Eduardo Habkost 726a8ff686 target-i386: Remove AMD feature flag aliases from CPU model table
When CPU vendor is AMD, the AMD feature alias bits on
CPUID[0x80000001].EDX are already automatically copied from CPUID[1].EDX
on x86_cpu_realizefn(). When CPU vendor is Intel, those bits are
reserved and should be zero. On either case, those bits shouldn't be set
in the CPU model table.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-04-27 15:41:03 -03:00
Eduardo Habkost 01431f3ce0 target-i386: X86CPU::xlevel2 QOM property
We already have "level" and "xlevel", only "xlevel2" is missing.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-04-27 15:41:03 -03:00
Eduardo Habkost b9472b76d2 target-i386: Make "level" and "xlevel" properties static
Static properties require only 1 line of code, much simpler than the
existing code that requires writing new getters/setters.

As a nice side-effect, this fixes an existing bug where the setters were
incorrectly allowing the properties to be changed after the CPU was
already realized.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-04-27 15:40:22 -03:00
Eduardo Habkost d9f7e29ee5 qemu-config: Accept empty option values
Currently it is impossible to set an option in a config file to an empty
string, because the parser matches only lines containing non-empty
strings between double-quotes.

As sscanf() "[" conversion specifier only matches non-empty strings, add
a special case for empty strings.

Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-04-27 15:38:13 -03:00
Eduardo Habkost b203a4ba93 MAINTAINERS: Change status of X86 to Maintained
"Odd Fixes" doesn't reflect the current status of target-i386. We have
people looking after it, now.

Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-04-27 15:38:13 -03:00
Eduardo Habkost e1a0433956 MAINTAINERS: Add myself to X86
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-04-27 15:38:13 -03:00
Peter Maydell 3f9d69ba12 gtk: support text consoles without vte, bugfixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJVPjrXAAoJEEy22O7T6HE4jj0P+wU5ukafTUnb0uONmi90QCnK
 Z9QUSWJKCQjOIZ8rOkFBxHoPbhqNQt73fXEFO4D0J4VodUjZlxhrq0edjJxgm9mi
 TcJC7y6tqyJWS7ei73vJuq2uzJvTsMq6PR73V2QhmL+uNQru0kWDadjwfWtXDII3
 lGz13gOjWD8iMH7Nyx8WMd8+L1Gjl1pllLXyuO/PLCTigrAngpeb/MQlTj0NDbe6
 AaGNCXiFzHR8S7SPTMrsphmoNRFDKImpqVzl5xlFQKReYVzLgeOKFn0AIb0JBKuZ
 kIE3+XJfXmGhliDphcaDwsXD7Qbbtch7Ew73nNPwgPKKP8IkBnqi/zVyq5tAXB8B
 BuUX+ggoPPog19DZg4q9V+fL5YYbusTUOt+VH69kKZhRxK6ntumDkgdj0tAjCQpT
 tSF4MeZnMLQ5mUhpmzgLBaDgrKz1vZSW8SzM2CaaghICrrncDTFKnGkUYTHBnNV9
 RJUfbggvg+BpqXsj0hFaURU/81wsL8RlSLbS//mLfhB2UK5x3XsUS8Jxq5Nn/Nzs
 OBB/U7BaRV+PeXj8NNkqIBvgETP1tyfPdTwkRqY4W8pHNwQa66q2nr25+pRHJ/pX
 HWQazhPjUM5vLh1ozvUsD99mk1lWcjvbttIOHIbUKqNx4gHfOja7F+q7+5qMwP3U
 jmX6NLhTguUpWt4hPk+n
 =pn75
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-20150427-1' into staging

gtk: support text consoles without vte, bugfixes.

# gpg: Signature made Mon Apr 27 14:34:15 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-gtk-20150427-1:
  gtk: Avoid accel key leakage into guest on console switch
  gtk: Fix VTE focus grabbing
  console/gtk: add qemu_console_get_label
  gtk: bind to text terminal consoles too
  gtk: handle switch_surface(NULL) properly

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-27 19:06:08 +01:00
Eduardo Habkost 2f54eb98c3 MAINTAINERS: Add myself as NUMA code maintainer
The "srat" and "numa" keywords will help get_maintainer.pl catch
NUMA-related code in other files too.

Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-04-27 14:59:03 -03:00
Peter Maydell 0d81cdddaa Four little fixes
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVOpHzAAoJEDu+7JDiTtWnKLEP/ilhLzPwMwGm6vYYwMwVy/1g
 X8PtQJFkgdcNPG1q05NpJH22Ntrq5lsl5t4H+J0WbevMoJ9RJY2LpRogvDFvsvrZ
 T31tPvagiiiub3ABCyFWbVmJurzPgW403xi1RDCGIRyfeRNy31vkTnEEJFzE0Kzo
 /w7lPpN3xFDj31hHjpNCzDRnPDu5Qj9DzYiEt+oZ0HMwpDnHIYo/VCbh/PpV+1XT
 gPUOusbOBg2wBDNwhevH74YNNKddsBf6c5X3E9rPJ649DPc36Qj5K2WGVF6fJWW7
 sCDjDMo9kJ5rh4E7NhB0GR/3Jaxc68zGvDL2f/DjYbPnPdLaWOeXyzoH64JDaVZH
 CqkBPG3n3ysW9cQDDKupRmO1VYetMyzdHxnYo/scfTiEqqgb+WsOBp19hdOQW/lL
 22rg3IqONP01QBDQI9lUMb//jq3HtwyP3j9ROSxpgpIeaXLMIYLU8IUVnVJQ9bhf
 3FwZwRNdsJOjI2shR8DognRVkIPRUNck9Uw+VibfWKwCPU1+LaJ/7asbsOsf1eyA
 5YPs9RotaUxXF6YH8F/e6qeDw99Tb5efH9Irozmj6Sb89z0ForbKgFoBGuwMoiHN
 wS5gZit0f+IV9Xl9LK4Mv9iknuiJMw7c6NsUKznsYWd15iz9QrLn/9j6vvQeHrgI
 aWLDW1i+JoovRqiDxE36
 =WFLx
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/qmp-unstable/tags/for-upstream' into staging

Four little fixes

# gpg: Signature made Fri Apr 24 19:56:51 2015 BST using RSA key ID E24ED5A7
# gpg: Good signature from "Luiz Capitulino <lcapitulino@gmail.com>"

* remotes/qmp-unstable/tags/for-upstream:
  qmp: Give saner messages related to qmp_capabilities misuse
  qmp-commands: fix incorrect uses of ":O" specifier
  qapi: Drop dead genlist parameter
  balloon: improve error msg when adding second device

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-27 17:28:41 +01:00
Peter Crosthwaite 23820dbfc7 exec: Respect as_translate_internal length clamp
address_space_translate_internal will clamp the *plen length argument
based on the size of the memory region being queried. The iommu walker
logic in addresss_space_translate was ignoring this by discarding the
post fn call value of *plen. Fix by just always using *plen as the
length argument throughout the fn, removing the len local variable.

This fixes a bootloader bug when a single elf section spans multiple
QEMU memory regions.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1426570554-15940-1-git-send-email-peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:19 +02:00
Paolo Bonzini 4080a13c11 ioport: reserve the whole range of an I/O port in the AddressSpace
When an I/O port is more than 1 byte long, ioport.c is currently
creating "short" regions, for example 0x1ce-0x1ce for the 16-bit
Bochs index port.  When I/O ports are memory mapped, and thus
accessed via a subpage_ops memory region, subpage_accepts gets
confused because it finds a hole at 0x1cf and rejects the access.

In order to fix this, modify registration of the region to cover
the whole size of the I/O port.  Attempts to access an invalid
port will be blocked by find_portio returning NULL.

This only affects the VBE DISPI regions.  For all other cases,
the MemoryRegionPortio entries for 2- or 4-byte accesses overlap
an entry for 1-byte accesses, thus the size of the memory region
is not affected.

Reported-by: Zoltan Balaton <balaton@eik.bme.hu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:19 +02:00
Paolo Bonzini 147ed37983 ioport: loosen assertions on emulation of 16-bit ports
Right now, ioport.c assumes that the entire range specified with
MemoryRegionPortio includes a region with size == 1.  This however
is not true for the VBE DISPI ports, which are 16-bit only.  The
next patch will make these regions' length equal to two, which can
cause the assertions to trigger.  Replace them with simple conditionals.

Also, ioport.c will emulate a 16-bit ioport with two distinct reads
or writes, even if one of the two accesses is out of the bounds given
by the MemoryRegionPortio array.  Do not do this anymore, instead
discard writes to the incorrect register and read it as all-ones.
This ensures that the mrp->read and mrp->write callbacks get an
in-range ioport number.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:19 +02:00
Paolo Bonzini 30476b2282 ioport: remove wrong comment
ioport.c has not been using an alias since commit b40acf9 (ioport:
Switch dispatching to memory core layer, 2013-06-24).  Remove the
obsolete comment.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:19 +02:00
Paolo Bonzini e477317cce ide: there is only one data port
IDE PIO data must be written, for example, at 0x1f0.  You cannot
do word or dword writes to 0x1f1..0x1f3 to access the data register.
Adjust the ide_portio_list accordingly.

Cc: John Snow <jsnow@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:19 +02:00
Paolo Bonzini 54da54e543 gus: clean up MemoryRegionPortio
Remove 16-bit reads/writes, since ioport.c is able to synthesize them.
Remove the two MIDI registers (0x300 and 0x301) from gus_portio_list1,
and add the second MIDI register (0x301) to gus_portio_list2.

Tested with Second Reality.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:18 +02:00
Paolo Bonzini 3337d0b279 sb16: remove useless mixer_write_indexw
ioport.c is already able to split a 16-bit access into two 8-bit
accesses to consecutive ports.  Tested with Epic Pinball.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:18 +02:00
Mark Cave-Ayland 0e1cd6576c sun4m: fix slavio sysctrl and led register sizes
These were being incorrectly declared as MISC_SIZE (1 byte) rather than
4 bytes and 2 bytes respectively. As a result accesses clamped to the
real register size would unexpectedly fail.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1427987370-15897-1-git-send-email-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:18 +02:00
Paolo Bonzini 339240b5cd acpi-build: remove dependency from ram_addr.h
ram_addr_t is an internal interface, everyone should go through
MemoryRegion.  Clean it up by making rom_add_blob return a
MemoryRegion* and using the new qemu_ram_resize infrastructure.

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:18 +02:00
Paolo Bonzini 37d7c08413 memory: add memory_region_ram_resize
This is a simple MemoryRegion wrapper for qemu_ram_resize.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:18 +02:00
Fam Zheng e95205e1f9 dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel
If DMA's owning thread cancels the IO while the bounce buffer's owning thread
is notifying the "cpu client list", a use-after-free happens:

     continue_after_map_failure               dma_aio_cancel
     ------------------------------------------------------------------
     aio_bh_new
                                              qemu_bh_delete
     qemu_bh_schedule (use after free)

Also, the old code doesn't run the bh in the right AioContext.

Fix both problems by passing a QEMUBH to cpu_register_map_client.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1426496617-10702-6-git-send-email-famz@redhat.com>
[Remove unnecessary forward declaration. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:18 +02:00
Fam Zheng 33b6c2edf6 exec: Notify cpu_register_map_client caller if the bounce buffer is available
The caller's workflow is like

    if (!address_space_map()) {
        ...
        cpu_register_map_client();
    }

If bounce buffer became available after address_space_map() but before
cpu_register_map_client(), the caller could miss it and has to wait for the
next bounce buffer notify, which may never happen in the worse case.

Just notify the list in cpu_register_map_client().

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-5-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:18 +02:00
Fam Zheng 38e047b50d exec: Protect map_client_list with mutex
So that accesses from multiple threads are safe.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-4-git-send-email-famz@redhat.com>
[Remove #if from cpu_exec_init_all. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:17 +02:00
Fam Zheng 02f4035c47 linux-user, bsd-user: Remove two calls to cpu_exec_init_all
The function is a nop for user mode, so just remove them.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-3-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:17 +02:00
Fam Zheng c2cba0ffe4 exec: Atomic access to bounce buffer
There could be a race condition when two processes call
address_space_map concurrently and both want to use the bounce buffer.

Add an in_use flag in BounceBuffer to sync it.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-2-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:17 +02:00
Emilio G. Cota e3a0abfda7 translate-all: use glib for all page descriptor allocations
Since commit

  b7b5233a "bsd-user/mmap.c: Don't try to override g_malloc/g_free"

the exception we make here for usermode has been unnecessary.
Get rid of it.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1428610053-26148-1-git-send-email-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:17 +02:00
Marc-André Lureau 700cd855de spice: learn to hide cursor
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:04 +02:00
Marc-André Lureau dc8dceee64 spice: set pointer position on hotspot
The Spice protocol uses cursor position on hotspot: the client is
applying hotspot offset when drawing the cursor.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:04 +02:00
Marc-André Lureau d0df04a156 spice: fix mouse cursor position
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:04 +02:00
Gerd Hoffmann c1d37cd353 spice: fix simple display on bigendian hosts
Denis Kirjanov is busy getting spice run on ppc64 and trapped into this
one.  Spice wire format is little endian, so we have to explicitly say
we want little endian when letting pixman convert the data for us.

Reported-by: Denis Kirjanov <kirjanov@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:03 +02:00
Markus Armbruster 3b5704b2f8 monitor: Make client_migrate_info synchronous
Live migration with spice works like this today:

  (1) client_migrate_info monitor cmd
  (2) spice server notifies client, client connects to target host.
  (3) qemu waits until spice client connect is finished.
  (4) send over vmstate (i.e. main part of live migration).
  (5) spice handover to target host.

(3) is implemented by making client_migrate_info a async monitor
command.  This is the only async monitor command we have.

The original reason to implement this dance was that qemu did not accept
new tcp connections while the incoming migration was running, so (2) and
(4) could not be done in parallel.  That issue was fixed long ago though.
Qemu version 1.3.0 (released Dec 2012) and newer happily accept tcp
connects while the incoming migration runs.

Time to drop step (3).  This patch does exactly that, by making the
monitor command synchronous and removing the code needed to handle the
async monitor command in ui/spice-core.c

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:46:57 +02:00
Jan Kiszka 1a01716a30 gtk: Avoid accel key leakage into guest on console switch
GTK2 sends the accel key to the guest when switching to the graphic
console via that shortcut. Resolve this by ignoring any keys until the
next key-release event. However, do not ignore keys when switching via
the menu or when on GTK3.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 11:00:43 +02:00
Jan Kiszka 9d677e1c2f gtk: Fix VTE focus grabbing
At least on GTK2, the VTE terminal has to be specified as target of
gtk_widget_grab_focus. Otherwise, switching from one VTE terminal to
another causes the focus to get lost.

CC: John Snow <jsnow@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

[ kraxel: fixed build with CONFIG_VTE=n ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 11:00:07 +02:00
Greg Bellows 4eb2764083 Allow ARMv8 SCR.SMD updates
Updated scr_write to always allow updates to the SCR.SMD bit on ARMv8
regardless of whether virtualization (EL2) is enabled or not.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1429888797-4378-1-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-26 16:49:26 +01:00
Sergey Fedorov 3d5c84ff21 target-arm: Adjust id_aa64pfr0 when has_el3 CPU property disabled
Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1429669112-29835-1-git-send-email-serge.fdrv@gmail.com
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-26 16:49:26 +01:00
Sergey Fedorov 7ebd5f2e03 target-arm: rename c1_coproc to cpacr_el1
Rename the field holding CPACR_EL1 system register state in AArch64
naming style.

Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
[PMM: also fixed a couple of missed occurrences in cpu.c]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-26 16:49:25 +01:00
Peter Maydell ef7bab8d73 target-arm: Check watchpoints against CPU security state
Fix a TODO in bp_wp_matches() now that we have a function for
testing whether the CPU is currently in Secure mode or not.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2015-04-26 16:49:25 +01:00
Peter Maydell 9e1fc5bdfd target-arm: Use attribute info to handle user-only watchpoints
Now that we have memory access attribute information in the watchpoint
checking code, we can correctly implement handling of watchpoints
which should match only on userspace accesses, where LDRT/STRT/LDT/STT
from EL1 are treated as userspace accesses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2015-04-26 16:49:25 +01:00
Peter Maydell 0995bf8cd9 target-arm: Add user-mode transaction attribute
Add a transaction attribute indicating that a memory access is being
done from user-mode (unprivileged). This corresponds to an equivalent
signal in ARM AMBA buses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2015-04-26 16:49:25 +01:00