Commit Graph

40395 Commits

Author SHA1 Message Date
Eduardo Habkost 4458fb3a79 pc: Eliminate pc_default_machine_options()
The only PC machines that didn't call pc_default_machine_options() were
isaps and xenfv. Both were already overwriting max_cpus, and only isapc
was not overwriting hot_add_cpu.

After making isapc set hot_add_cpu to NULL, we can move the
pc_default_machine_options() code the PC common class_init.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-08-13 14:08:27 +03:00
Eduardo Habkost 41742767bf pc: Eliminate pc_common_machine_options()
All TYPE_PC_MACHINE subclasses call pc_common_machine_options().
TYPE_PC_MACHINE can simply initialize the common options on class_init
directly.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-08-13 14:08:26 +03:00
Eduardo Habkost 8170dfa077 pc: Move PCMachineClass, PCMachineState to qemu/typedefs.h
They will be used inside hw/xen/xen.h, which doesn't include
hw/i386/pc.h.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-08-13 14:08:26 +03:00
Eduardo Habkost ec68007a29 pc: Rename pc_machine variables to pcms
Make the code use the same variable name everywhere. "pcms" is already
being used in existing code and it's shorter.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-08-13 14:08:26 +03:00
Eduardo Habkost dda65c7c4b pc: Use error_abort when registering properties
No errors should happen when registering the properties, but we
shouldn't silently ignore them if they happen.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-08-13 14:08:26 +03:00
Eduardo Habkost e8963e5cec target-i386: Remove x86_cpu_compat_set_features()
The function is not used by PC code anymore and can be removed.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-08-13 14:08:25 +03:00
Eduardo Habkost 27add38141 pc: Use PC_COMPAT_* for CPUID feature compatibility
Now we can use compat_props to keep CPUID feature compatibility, using
the boolean QOM properties for CPUID feature flags.

This simplifies the compatibility code, and reduces duplication between
pc_piix.c and pc_q35.c.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-08-13 14:08:25 +03:00
Eduardo Habkost e33d22fab3 piix: Document coreboot-specific RAM size config register
The existing i440fx initialization code sets a PCI config register that
isn't documented anywhere in the Intel 440FX datasheet. Register 0x57 is
DRAMC (DRAM Control) and has nothing to do with the RAM size.

This was implemented in commit ec5f92ce6a
because old coreboot code tried to read registers 0x5a-0x5f,0x56,0x57 to
get the RAM size from QEMU, but I couldn't find out why coreboot did
that. I assume it was a mistake, and the original code was supposed to
be reading the DRB[0-7] registers (offsets 0x60-0x67).

Document that coreboot-specific register offset in a macro and a
comment, for future reference.

Cc: Ed Swierk <eswierk@skyportsystems.com>
Cc: Richard Smith <smithbone@gmail.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-08-13 14:08:25 +03:00
Victor Kaplansky 27fa747980 make: load only required dependency files.
The old rules.mak loads dependency .d files using include directive
with file glob pattern "*.d". This breaks the build when build tree has
left-over *.d files from another build.

This patch fixes this by
  - loading precise list of .d files made from *.o and *.mo.
  - specifying explicit list of required dependency info files for
     *.hex autogenerated sources.

Note that Makefile still includes some .d in root directory by including
"*.d".

Signed-off-by: Victor Kaplansky <victork@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-08-13 14:08:25 +03:00
Victor Kaplansky 998b7b1db4 make: fix where dependency *.d are stored.
In rules like "bar/%.o: %.c" there is a difference between $(*D) and
$(@D). $(*D) expands to '.', while $(@D) expands to 'bar'.  It is
cleaner to generate *.d in the same directory where appropriate *.o
resides. This allows precise including of dependency info from .d files.

As a hack, we also touch two sources for generated *.hex files.  Without
this hack, anyone doing "git pull; make" will not get *.hex rebuilt
correctly since the dependency file would be missing.

Signed-off-by: Victor Kaplansky <victork@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-08-13 14:08:24 +03:00
Peter Maydell 5c79ae3615 Update version for v2.4.0 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-11 15:30:34 +01:00
Peter Maydell 2d697366a1 Update version for v2.4.0-rc4 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-05 17:02:58 +01:00
Peter Maydell 0175409df4 virtio fix for 2.4
Fixes migration in virtio 1 mode.
 We still have a known bug with memory hotplug, it doesn't
 look like we can fix that in time for 2.4.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVwiRjAAoJECgfDbjSjVRpps8H/0Qh6JlHLeju9gEgqmreJTuT
 xihAdocwe7tFJkvkn6Lg404DtofIhBhS+hoMtnyXRgtGqrJ/qCk/J5fgTFhxk0Bo
 SUi45eTaR0W/g1L8Fwy4cwh8oc+vaD/Eaa6PXUYLlXdx0m9GkYRN+/QyVhXUJhhG
 90qx59eXfRLI1P0gm1/u+q9aYIwJ3N2dZm4tochVk2FQP9B9ZXKjCC/ux9OTyhmF
 APTrGa519CYheICWEdrimNbLa6+gaMnga+JUaLBypGXB6hE3RbLNzfxMmm2jy4i+
 qR2Nm6gDJ9Dw+OQJ0qw2BDIcQJo7PLrGgDE13IhqXBFliLTjLwxfLaAE9OaAv5s=
 =xygJ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio fix for 2.4

Fixes migration in virtio 1 mode.
We still have a known bug with memory hotplug, it doesn't
look like we can fix that in time for 2.4.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Wed 05 Aug 2015 15:57:39 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  virtio: fix 1.0 virtqueue migration

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-05 16:02:00 +01:00
Sascha Silbe e94867ed5f block: don't register quorum driver if SHA256 support is unavailable
Commit 488981a4 [block: convert quorum blockdrv to use crypto APIs]
broke qemu-iotest 041 on hosts with GnuTLS < 2.10.0. It converted a
compile-time check to a run-time check at device open time. The result
is that we now advertise a feature (the quorum block driver) that will
never work (on those hosts). There's no way (short of parsing
human-readable error messages) for qemu-iotests or any other API
consumer to recognise that the quorum block driver isn't _actually_
available and shouldn't be used or tested.

Move the run-time check to bdrv_quorum_init() to avoid registering the
quorum block driver if we know it cannot work. This way API consumers
can recognise it's unavailable.

Fixes: 488981a4af
Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Message-id: 1438699705-21761-1-git-send-email-silbe@linux.vnet.ibm.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-05 15:19:32 +01:00
Jason Wang 74aae7b22b virtio: fix 1.0 virtqueue migration
1.0 does not requires physically-contiguous pages layout for a
virtqueue. So we could not infer avail and used from desc. This means
we need to migrate vring.avail and vring.used when host support virtio
1.0. This fixes malfunction of virtio 1.0 device after migration.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-08-05 16:56:34 +03:00
Peter Maydell 2be4f242b5 X86 queue, 2015-08-04
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJVwN8WAAoJECgHk2+YTcWmPi4P/ikCbJimzKm7PXf1nMyhXpq7
 JLJcOxEPMKR+I2tBzPWnO0q5FS2juVjHx1vcFBcfDHcZiHj+poeyFwZWV2bQx56f
 mr9fmD0077lJElPDRDeSjRsjK82EEZLlFGrTDgfH1UImN63/Gqvjq0GMKQSrT4qL
 cJLBYAPYZuWcye8lkU/J4RyUD+pA3BYuFammz5S2kc9UAWMcQ4nzrGnKr2wv3MgY
 VASHZ5/9i+yAg0PvnDCCN0ifMocYzOY5aCdn6P0yX6lHCX4X/q7iLe+OV9nbyzWC
 nfbNglxJycytaD2/uHTi9bhZdE7WK1RXjCSoJWHiQKD0fTJIXYrn+MbOUNK8yOMm
 /Hh+XnOOaPWQG9TeUYu8oOdtJYYae+xlqgqO3y9m/hmBdz3rhlo9mEwbvjn++E8U
 oSHKr4PAOgrZmRYYTUSkOpsPAq7LDBXcDw1Xqvj/WZoSkjOLPDFm8MF2fuozJsd6
 TsJYPoP/u4ey41Xu1td9JspoS+zzzybnfyIwWVFp4c39A4eTmcymLE0Am8nZA+0V
 Fh+eyY9csVAdlach0Yzli7wU36XEFjxVB1rEz/tR+5aszBiOVT+0DBJfrHeoGwYU
 ud4pNkh9OCp/BA8wNN6Im3LqEUOIwSsdMOoMAqAA6QU5RWeMaAXMt0DcQq/MYKoJ
 CoVMsFEg0wXw7EyvLfGu
 =ttw0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging

X86 queue, 2015-08-04

# gpg: Signature made Tue 04 Aug 2015 16:49:42 BST using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-pull-request:
  target-i386: fix IvyBridge xlevel in PC_COMPAT_2_3

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-04 16:51:24 +01:00
Radim Krčmář 27751aabd1 target-i386: fix IvyBridge xlevel in PC_COMPAT_2_3
Previous patch changed xlevel and missed the compatibility code.

Fixes: 3046bb5deb ("target-i386: emulate CPUID level of real hardware")
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-08-04 12:49:32 -03:00
Peter Maydell 426d0e7b7e MIPS patches 2015-08-04
Changes:
 * fix semihosting for microMIPS R6
 * fix an abort when booting mips64 kernel with --enable-tcg-debug
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJVwKLBAAoJEFIRjjwLKdprdfEH/RVxNZyYkh7/mO6azHnZRJe3
 6ZyKi77Bw7xhBB6AkQD6/f7xDPPTfS7NZBTq9MftNCPnUvKk0nCJYVZFB3sla2mS
 XxeFdMi4dXBL1Dz8+04ZNsWUfO/SoGgKJUc2sFIn0ssvOS5IuzjjPIYu/+SgcVe7
 lAkIyOCfhWAIw6CQNhPrIGCmpfGklvns17HC9rcCNzgvECo8DTL5415DuC+7nJG9
 yVMo/gxpjgpGrvGW1I07QfPo6H9gcKwIuxNSlsEq/q6Tkh+aqDl22xscPPBZTOF0
 p3xo8cA1dcbZj+sw+DY+2pK3OpFHbM5MdW4W5/S23Un3gpVBLeJDoyLRpxLTdg8=
 =DhD7
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150804' into staging

MIPS patches 2015-08-04

Changes:
* fix semihosting for microMIPS R6
* fix an abort when booting mips64 kernel with --enable-tcg-debug

# gpg: Signature made Tue 04 Aug 2015 12:32:17 BST using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8DD3 2F98 5495 9D66 35D4  4FC0 5211 8E3C 0B29 DA6B

* remotes/lalrae/tags/mips-20150804:
  target-mips: Copy restrictions from ext/ins to dext/dins
  target-mips: fix semihosting for microMIPS R6

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-04 12:57:06 +01:00
Richard Henderson b7f26e5239 target-mips: Copy restrictions from ext/ins to dext/dins
The checks in dins is required to avoid triggering an assertion
in tcg_gen_deposit_tl.  The check in dext is just for completeness.
Fold the other D cases in via fallthru.

In this case the errant dins appears to be data, not code, as
translation failed to stop after a break insn.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2015-08-04 11:53:15 +01:00
Leon Alrae 060ebfef1a target-mips: fix semihosting for microMIPS R6
In semihosting mode the SDBBP 1 instructions should trigger UHI syscall,
but in QEMU this does not happen for recently added microMIPS R6.
Consequently bare metal microMIPS R6 programs supporting UHI will not run.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
2015-08-04 11:10:20 +01:00
Peter Maydell 260425ab40 cve-2015-5166
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJVv3pgAAoJEIlPj0hw4a6QGKUP/2za5f0iiPUERQuCW1ollKSe
 p1JdyHAJrzuHYiubHj4Zo878IhYzG2tvG1UNm2reaYV+gDAML/suUwH2Uh4FSRdp
 vjg/qIZJ+UPwVS220En/XRoyXHv6J9AC2oVDhFSUm7QBK6QJ9Pzr0qVLIyNj0UPi
 Ec9V+/pQn+mTveJ/ytu8/YxSmFZP8xyDtJb7jsUpcSQAcGPOLObIYamNdT+0ArVg
 ex+5VoZdOGjVuG18c9IAO6O0Ymy4Ll/MB2pe0KRfbpBMJtO8t7EH1honuQHR1w+z
 g4j34bTiNMT6U48Gh7gUcU8HgJxpLyN6GB63RkspuGyiJar5106n21sC1DtpfeKf
 CC34qb4cw+32GE7QqCAbx4yLD/w+MrtD99FYfpCtcxNGqkgxIaE+hT6/o/Qt+8TS
 8itcTvw1YCk0JSwb4P4nf6jOQtetAl3pMYRPh2TEsmCyuMqxPr6seMIJ3pK+zMd6
 CtT5jvNGSaYNPPonJ+AOlCShuWPPIfjMSOgOiUbrEBLN4A0JmZx5i3bYFgPXK3Ad
 v/Ny83rygmzqmtxKMnzHC0KdBlmmbhmeH7b8Iubfpl0amefqA1DZOEDc8PZJcz+2
 iErFILfJHmQDXhut3+LEUzxOX18GstKoLYdM3kOutae41Rga+cKQSUszkRaRWq5k
 lVT2zlk9TsAu5ccU5Y6l
 =rvso
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/sstabellini/tags/cve-2015-5166-tag' into staging

cve-2015-5166

# gpg: Signature made Mon 03 Aug 2015 15:27:44 BST using RSA key ID 70E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"

* remotes/sstabellini/tags/cve-2015-5166-tag:
  Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-03 18:52:55 +01:00
Peter Maydell e95edefbd0 xen-migration-2.4
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJVv5RcAAoJEIlPj0hw4a6QNHUP/iQTq0aGox9MzAY4eQ8QvyQe
 Qz+vXRHOZ61+Ipn9Aw7XrKXKfFklX1jrxdl1G87/YDD2/Or6W8wuRWKgoVa8OzJX
 ZTtT0b07+E0E20dBaFT/g/vgsecdciTvEzbBc0Y+wRw4PGFwHMCtmUmzU46+xBDR
 EEBscgP5eUuGad6K72DX6O2xy/qxXhJAc5oa/TBullKlnHXOgjoBtSjJZ6HrO0j/
 zl71zLoU9okFu4p71m9VcD9+6U3rSlhUZ+XMThftik1dYR6uinsQFnzhxVLpEPWW
 +Zvd8hfS6STKfguyWyWv+d4Io0VBBiENgG8jjw4m4HrARuvcEYRtFKis6rg0eqby
 nxOkhAYniosJwNukFuJwLwvvRbqFBr1BZ4Vmk52B1Qfm/rgSIK21JN3eFvRsI/Pn
 W3NgNtlNij3NuKCzLOYyjmK2ayOn3MuKluyz//dAdBXKITeIOsf+WJEGS+u4kmI2
 jVLlgfLa5NDbw81HjushSgz95EKwzqIcKdTwyHGDPhXuLuhf/oGfr89S8n+P/wg/
 DHBBIfou2kkDwqE7kAv3Me/rO+8Y+U8uB10q9mBmvgauUh7FZYZ9s+sTx7vv9dGK
 bcB14sciUcjfiFHV6x7NQuUcBFB3eER1d7E3Bbk3Q6vk4CD2Peahq4F+dKtxu08C
 s5GrknrXi0WomodR85jg
 =khJG
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/sstabellini/tags/xen-migration-2.4-tag' into staging

xen-migration-2.4

# gpg: Signature made Mon 03 Aug 2015 17:18:36 BST using RSA key ID 70E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"

* remotes/sstabellini/tags/xen-migration-2.4-tag:
  migration: Fix regression for xenfv and pc,accel=xen machine.
  migration: Fix global state with Xen.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-03 17:33:35 +01:00
Anthony PERARD 8c6dc68f4c migration: Fix regression for xenfv and pc,accel=xen machine.
This fix migration from the same QEMU version and from previous QEMU
version.

>From the global state section, we don't need runstate with Xen. Right now,
the way the Xen toolstack knows when QEMU is ready is when QEMU reach
"running" runstate.

The configuration section and the section footers are not going to be
present in previous version of QEMU with xenfv machine, so we skip them.

The Xen toolstack libxenlight does not specify a particular version of the
'pc' machine, so migration from older version of QEMU used by Xen to newer
one would break due to missing "configuration" section and section footers.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-08-03 16:13:40 +00:00
Anthony PERARD c69adea462 migration: Fix global state with Xen.
When doing migration via the QMP command xen_save_devices_state, the
current runstate is not store into the global state section. Also the
current runstate is not the one we want on the receiver side.

During migration, the Xen toolstack paused QEMU before save the devices
state. Also, the toolstack expect QEMU to autostart when the migration is
finished.
So this patch store "running" as it's current runstate.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-08-03 16:13:23 +00:00
Andreas Färber f60c87154a configure: Drop vnc-ws feature from help text
Commit 8e9b0d2 (ui: convert VNC websockets to use crypto APIs) dropped
the --enable-vnc-ws option but forgot to update the help text. Fix this.

Cc: Daniel P. Berrange <berrange@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1437749257-3313-1-git-send-email-afaerber@suse.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-03 15:32:17 +01:00
Stefano Stabellini 6cd387833d Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug)
pci_piix3_xen_ide_unplug should completely unhook the unplugged
IDEDevice from the corresponding BlockBackend, otherwise the next call
to release_drive will try to detach the drive again.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-08-03 14:27:12 +00:00
Peter Maydell 2a3612ccc1 Pull request
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVv1m5AAoJEJykq7OBq3PIO+QIAMbPSu/ZqfdANX+H4bgshudw
 9CMYsgEqlmjOSeFP1Pp7lYbuceInsvY4Ks+GtWsPkV/mhEl4+g1h9uWKMSWg0jsU
 14hfi7ibJomFngRPkEhcDemu6JSLAGsqedLPyrFZZyGzVZnY/TmpwG3s9CiSUSU0
 h7knQLxt8QemsPU+rlH6xE/QkSdyWpERsUCTpcKufIGwIZJDeUfW1/9UxDp6M0QK
 LZj+8ZJzF2g/s51xHCTmAyvFZxROceEgUbGyWYNh1Aj55LMT7k+t4TTEYkizqTYj
 n0AUDzV65Pm67OWRf22siqb74BPt72gf/048LmhqE7o4NZvLqJ7Kff6pFDYOF0Q=
 =9hkg
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/rtl8139-cplus-tx-input-validation-pull-request' into staging

Pull request

# gpg: Signature made Mon Aug  3 13:08:25 2015 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/rtl8139-cplus-tx-input-validation-pull-request:
  rtl8139: check TCP Data Offset field (CVE-2015-5165)
  rtl8139: skip offload on short TCP header (CVE-2015-5165)
  rtl8139: check IP Total Length field (CVE-2015-5165)
  rtl8139: check IP Header Length field (CVE-2015-5165)
  rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165)
  rtl8139: drop tautologous if (ip) {...} statement (CVE-2015-5165)
  rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-03 13:09:10 +01:00
Stefan Hajnoczi 8357946b15 rtl8139: check TCP Data Offset field (CVE-2015-5165)
The TCP Data Offset field contains the length of the header.  Make sure
it is valid and does not exceed the IP data length.

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03 13:08:10 +01:00
Stefan Hajnoczi 4240be4563 rtl8139: skip offload on short TCP header (CVE-2015-5165)
TCP Large Segment Offload accesses the TCP header in the packet.  If the
packet is too short we must not attempt to access header fields:

  tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
  int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03 13:08:07 +01:00
Stefan Hajnoczi c6296ea88d rtl8139: check IP Total Length field (CVE-2015-5165)
The IP Total Length field includes the IP header and data.  Make sure it
is valid and does not exceed the Ethernet payload size.

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03 13:08:06 +01:00
Stefan Hajnoczi 03247d43c5 rtl8139: check IP Header Length field (CVE-2015-5165)
The IP Header Length field was only checked in the IP checksum case, but
is used in other cases too.

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03 13:08:03 +01:00
Stefan Hajnoczi e1c120a9c5 rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165)
Transmit offload features access Ethernet and IP headers the packet.  If
the packet is too short we must not attempt to access header fields:

  int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
  ...
  eth_payload_data = saved_buffer + ETH_HLEN;
  ...
  ip = (ip_header*)eth_payload_data;
  if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03 13:08:00 +01:00
Stefan Hajnoczi d6812d60e7 rtl8139: drop tautologous if (ip) {...} statement (CVE-2015-5165)
The previous patch stopped using the ip pointer as an indicator that the
IP header is present.  When we reach the if (ip) {...} statement we know
ip is always non-NULL.

Remove the if statement to reduce nesting.

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03 13:07:54 +01:00
Stefan Hajnoczi 39b8e7dcaf rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165)
Transmit offload needs to parse packet headers.  If header fields have
unexpected values the offload processing is skipped.

The code currently uses nested ifs because there is relatively little
input validation.  The next patches will add missing input validation
and a goto label is more appropriate to avoid deep if statement nesting.

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03 13:06:59 +01:00
Peter Maydell bd80b5963f TCG MIPS and S390 fixes for 2.4.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVvyHXAAoJELqceAYd3Yyb0ysP+wY3gvuZJ4FRY2zszQ7/0Z08
 I9TIWlE+Ty5KY23BdTqVTIcslbIohN6avYTZXnbVXtHiAlktegAGhc7SsJgzNvoi
 xfntyiQXqtWbR2s/BrNZvBU8Xjirdfz6uJhONBXpYUkDBkHab0ivSDG8D4jr/Kfv
 yDQalmwGqoI8hrodkoIbIwhlX4wT6OIKY80fYzwJcQEgVO9a31MuK9o+twNqMO7P
 D0awzky7xleizfuffEDkoMVLX+3zcb/pVYr4zSJws6yDDcm7fsK8BK66/NvQGEd0
 PAc1a8aVtqQW2jwXZRzXmdlhpu6EGuhxOkvZepD1lSAuXFBTSMHNy9A4gZzrXBJI
 F5f1ZcvHsGovudjvQBxnZOPAWpLFV+wmM8YKOLWmVQoudmwm/q7jMyjRIw6nR/Yf
 oOBWeUgIRZ9wzH+VKj3AjfYeVp6LtNph8hvu4c2/SmlZgYugIKliAwfMVrGmm5Ke
 YgkCqyR8gF5+9WI9hr8vZjUCqnCjRbkTYkNdpLOzgGOEbpVLLVePm2lTrcMMkjXn
 OZYC6mXKRsGYpwwkevoQpBQ0PCMVwFBsdHs4mmgS7SAeEv+KECHw+o8DT76qh/o3
 0eb0DJFv1T7IrR87uo0uTHzj5tjg1Z1Kxyocey0WW46dVDOiFgHAydSo59x2l6nY
 /IQSliSUgF/ULdlG1Lmx
 =3lEa
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/aurel/tags/pull-tcg-mips-s390-20150803' into staging

TCG MIPS and S390 fixes for 2.4.

# gpg: Signature made Mon Aug  3 09:09:59 2015 BST using RSA key ID 1DDD8C9B
# gpg: Good signature from "Aurelien Jarno <aurelien@aurel32.net>"
# gpg:                 aka "Aurelien Jarno <aurelien@jarno.fr>"
# gpg:                 aka "Aurelien Jarno <aurel32@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7746 2642 A9EF 94FD 0F77  196D BA9C 7806 1DDD 8C9B

* remotes/aurel/tags/pull-tcg-mips-s390-20150803:
  tcg/mips: fix add2
  tcg/s390x: Mask TCGMemOp appropriately for indexing
  tcg/mips: Mask TCGMemOp appropriately for indexing
  tcg/mips: fix TLB loading for BE host with 32-bit guests

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-03 11:44:07 +01:00
Peter Maydell ff90f84e74 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQIcBAABAgAGBQJVu/WGAAoJEH3vgQaq/DkOWCcP/AnTuFcatf30pvHeniLxokLa
 t+6dLGo+KC6qPz4TpYcjQ9sA7pwZhk0/KSUTUnbZGQ8P0+uoxQ66OcL0UGvjZck1
 0da261meUWWyNzVhZK1JHZggfpn/H/EaXBM0OQojnhe0xmtrVR4RJqaqW1ZjNFL/
 jsw4HcA6BENokU8+wwYnX4HodX5ej2mh4GZpaPKh8gk7ryyeB1SermLcL7kvFvyZ
 1DFVPcmsxBXm93gVIaOP0u4lhAWFKzN6/0N2PSxUkdcvtTTbxxx78SOkVP74BICI
 q+IrwGGckfNoF2KIImKK2i09lsBqdW0GSK39RCPt2GBWWuThgJOjITGvGTD5PMz1
 uKBJJ2syO4MlmRhTbwM+slhSPiC5SCi0mWqE0y+RSpbbix12tTZ6FGkVTdgxH4L3
 f55LQz+u7jJiqNlY/K146nfbHbvKOvamupWvG112QabFSXotq0Iy2Q2py2rLJ6Ud
 GbSlAGSQ7KykD3NSu+UHV893lb/dZUb2cozER2qMXvO1md5643hsYvw+t5a6UYCV
 YsOM6nt+C575WUJfz/TNyVpRPgPU7hDYDEUKg7Qjn4MdMv50d+Zc+HG8BfvCXE3D
 UH+4kGDjCc9Ibgk5zmuc60Nka2xFKMq01615S7fVr5jRNgG8z+PcvkGuh+wIXXuJ
 rU5zBlPRozqqwOm256v9
 =76Uv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Fri Jul 31 23:24:06 2015 BST using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/ide-pull-request:
  ahci: fix ICC mask definition
  macio: re-add TRIM support

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-03 10:44:23 +01:00
Aurelien Jarno c99d69694a tcg/mips: fix add2
The add2 code in the tcg_out_addsub2 function doesn't take into account
the case where rl == al == bl. In that case we can't compute the carry
after the addition. As it corresponds to a multiplication by 2, the
carry bit is the bit 31.

While this is a corner case, this prevents x86-64 guests to boot on a
MIPS host.

Cc: qemu-stable@nongnu.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2015-08-01 09:39:50 +02:00
Aurelien Jarno 3c8691f568 tcg/s390x: Mask TCGMemOp appropriately for indexing
Commit 2b7ec66f fixed TCGMemOp masking following the MO_AMASK addition,
but two cases were forgotten in the TCG S390 backend.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2015-08-01 09:39:37 +02:00
Aurelien Jarno 4214a8cb7c tcg/mips: Mask TCGMemOp appropriately for indexing
Commit 2b7ec66f fixed TCGMemOp masking following the MO_AMASK addition,
but two cases were forgotten in the TCG MIPS backend.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2015-08-01 09:39:33 +02:00
Aurelien Jarno e72c4fb81d tcg/mips: fix TLB loading for BE host with 32-bit guests
For 32-bit guest, we load a 32-bit address from the TLB, so there is no
need to compensate for the low or high part. This fixes 32-bit guests on
big-endian hosts.

Cc: qemu-stable@nongnu.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2015-08-01 09:38:36 +02:00
John Snow 91ced51446 ahci: fix ICC mask definition
There are likely others that could be updated, but we'll
go with a light touch for 2.4 for now.

Without the Unsigned specifier, this shifts bits into the
signed bit, which makes clang unhappy and could cause
unwanted behavior.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1437501721-24495-1-git-send-email-jsnow@redhat.com
2015-07-31 16:39:20 -04:00
Aurelien Jarno 0e826a061a macio: re-add TRIM support
Commit bd4214fc dropped TRIM support by mistake. Given it is still
advertised to the host when using a drive with discard=on, this cause
the IDE bus to hang when the host issues a TRIM command.

This patch fixes that by re-adding the TRIM code, ported to the new
new DMA implementation.

Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: John Snow <jsnow@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Message-id: 1438198068-32428-1-git-send-email-aurelien@aurel32.net
Signed-off-by: John Snow <jsnow@redhat.com>
2015-07-31 16:38:50 -04:00
Richard Henderson cb48f67ad8 bsd-user: Fix operand to cpu_x86_exec
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1438195252-21968-1-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-30 12:38:49 +01:00
Peter Maydell 7008d580ac Update version for v2.4.0-rc3 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-29 18:50:11 +01:00
Peter Maydell 46739a2d7a Pull request
These fixes make dataplane work again after the notify_me optimization was
 added.  They also solve QEMUBH memory leaks and fix a bug in dataplane's
 cleanup code.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVuNoiAAoJEJykq7OBq3PIsGUH/1Zj/Ea6z0O2mOHyqP3NYrTb
 dgkBaMi5KzKG5OEIEDP6S3/vN8RpEOO8rzAAeWNwODYe/kGt6INiuTo4U9SJPLhF
 yRWfMpwtNtSacueXVON1gy7jFgtNSxfpXSPBwVK4kCgZL3uaAA727pO+K/FVw95k
 N2kbgOdMn+lMnv/COqgB4oyXaX0URvL8c6CqwiRgK9Z3hja8AYSvTXWreaBUeJ8r
 qz9+mx/XijpSIRLR72YuATlHV5MO9cjcsWtuIWSBP+R7GZsHvy7XyZDnCeW6K7GK
 gOhI6O0iQpRLGpLR/i4+bVgQYU7OhPXiv7TsA1TqUOVIaQBjGNah8gvX7ZYdovY=
 =6225
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

These fixes make dataplane work again after the notify_me optimization was
added.  They also solve QEMUBH memory leaks and fix a bug in dataplane's
cleanup code.

# gpg: Signature made Wed Jul 29 14:50:26 2015 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  AioContext: force event loop iteration using BH
  AioContext: avoid leaking BHs on cleanup
  virtio-blk-dataplane: delete bottom half before the AioContext is freed

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-29 17:08:38 +01:00
Stefan Hajnoczi ca96ac44dc AioContext: force event loop iteration using BH
The notify_me optimization introduced in commit eabc977973
("AioContext: fix broken ctx->dispatching optimization") skips
event_notifier_set() calls when the event loop thread is not blocked in
ppoll(2).

This optimization causes a deadlock if two aio_context_acquire() calls
race.  notify_me = 0 during the race so the winning thread can enter
ppoll(2) unaware that the other thread is waiting its turn to acquire
the AioContext.

This patch forces ppoll(2) to return by scheduling a BH instead of
calling aio_notify().

The following deadlock with virtio-blk dataplane is fixed:

  qemu ... -object iothread,id=iothread0 \
           -drive if=none,id=drive0,file=test.img,... \
           -device virtio-blk-pci,iothread=iothread0,drive=drive0

This command-line results in a hang early on without this patch.

Thanks to Paolo Bonzini <pbonzini@redhat.com> for investigating this bug
with me.

Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1438101249-25166-4-git-send-email-pbonzini@redhat.com
Message-Id: <1438014819-18125-3-git-send-email-stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-07-29 10:02:06 +01:00
Stefan Hajnoczi a076972a4d AioContext: avoid leaking BHs on cleanup
BHs are freed during aio_bh_poll().  This leads to memory leaks if there
is no aio_bh_poll() between qemu_bh_delete() and aio_ctx_finalize().

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1438101249-25166-3-git-send-email-pbonzini@redhat.com
Message-Id: <1438014819-18125-2-git-send-email-stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-07-29 10:02:06 +01:00
Paolo Bonzini fed105e275 virtio-blk-dataplane: delete bottom half before the AioContext is freed
Other uses of aio_bh_new are safe as long as all scheduled bottom
halves are run before an iothread is destroyed, which bdrv_drain will
ensure:

- archipelago_finish_aiocb: BH deletes itself

- inject_error: BH deletes itself

- blkverify_aio_bh: BH deletes itself

- abort_aio_request: BH deletes itself

- curl_aio_readv: BH deletes itself

- gluster_finish_aiocb: BH deletes itself

- bdrv_aio_rw_vector: BH deletes itself

- bdrv_co_maybe_schedule_bh: BH deletes itself

- iscsi_schedule_bh, iscsi_co_generic_cb: BH deletes itself

- laio_attach_aio_context: deleted in laio_detach_aio_context,
called through bdrv_detach_aio_context before deleting the iothread

- nfs_co_generic_cb: BH deletes itself

- null_aio_common: BH deletes itself

- qed_aio_complete: BH deletes itself

- rbd_finish_aiocb: BH deletes itself

- dma_blk_cb: BH deletes itself

- virtio_blk_dma_restart_cb: BH deletes itself

- qemu_bh_new: main loop AioContext is never destroyed

- test-aio.c: bh_delete_cb deletes itself, otherwise deleted in
the same function that calls aio_bh_new

Reported-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1438101249-25166-2-git-send-email-pbonzini@redhat.com
Message-Id: <1438086628-13000-1-git-send-email-pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-07-29 10:02:06 +01:00
Peter Maydell b83d017d88 Pull request
These two .can_receive() are now reviewed.  The net subsystem queue for 2.4 is now empty.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVt3TbAAoJEJykq7OBq3PIxcQH/2LEY8q3zetJdNe9Zu1bQMhQ
 J/Ah+szCNCCHOpNfQEBI6zRT4wUMZZTlIUM1el2ykYnYqRYd585GK/+RZ0/yWQUG
 yYNWAFfj/b586+aazk2+BnosSywVjCZ1f32OtaAsh14c+3aoXkQyahljA4onIuVp
 kLi1psmnBZgRf6AeICnuUTTOYq8BBX6CTg0sxPpIbZe57epwGkK+6gtZV6aSW/Ra
 lbkhXNrmyyvycGuOLDpyjE3yUvHuwn+H+JFeRklTEA2pKyMg1AYVMrIKvBeQej8u
 g4+sYYME0rMuFL9iISwVYnkTBjYZnE8+6on2ELkElGvWf28kqb1rYWYciyRhf1Y=
 =K3Fg
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging

Pull request

These two .can_receive() are now reviewed.  The net subsystem queue for 2.4 is now empty.

# gpg: Signature made Tue Jul 28 13:26:03 2015 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/net-pull-request:
  xen: Drop net_rx_ok
  hw/net: handle flow control in mcf_fec driver receiver

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-28 19:02:04 +01:00
Peter Maydell 170f209d78 virtio fixes for 2.4
Mostly virtio 1 spec compliance fixes.
 We are unlikely to make it perfectly compliant in
 the first release, but it seems worth it to try.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVtprUAAoJECgfDbjSjVRpgu4H/AljqEXBYIS/+7aZBGO4UnK/
 LSyxiOfw/sQPwYr8xqhYtoITVPQqkBnCajBFuDw3IaGrTDQ1pHfG8z5qt3Fri+yC
 RtiqiFg1LVR/AI8W/dUDuLAf8xq1GukZr1o59mi3hAA0pcPxUtVjPkZcaq63d0P+
 uzCgRw0qlg8nbT7SN2O9HZz7AT2emaUkaJBF2eRBb7r1kg3ZzM0FOtmCWaRhtS5s
 8AuHS+038BWA0J/S7yd5YooQh7NfvmWFpRNukMttJrtOmi7f5LCJJF9rxcXAnzOn
 Soc0afauCtUTfxJ4gkLqxQ586eKpREQ+7lzkJDQ62g1oD/+VatOMcbu3jdnJEtQ=
 =AoJS
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio fixes for 2.4

Mostly virtio 1 spec compliance fixes.
We are unlikely to make it perfectly compliant in
the first release, but it seems worth it to try.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon Jul 27 21:55:48 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  virtio: minor cleanup
  acpi: fix pvpanic device is not shown in ui
  virtio-blk: only clear VIRTIO_F_ANY_LAYOUT for legacy device
  virtio-blk: fail get_features when both scsi and 1.0 were set
  virtio: get_features() can fail
  virtio-pci: fix memory MR cleanup for modern
  virtio: set any_layout in virtio core
  virtio-9p: fix any_layout
  virtio-serial: fix ANY_LAYOUT
  virtio: hide legacy features from modern guests

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-28 17:09:56 +01:00