Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The e1000_receive function for the e1000 needs to discard packets longer than
1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes
this behavior and allocates memory based on this assumption.
Signed-off-by: Michael Contreras <michael@inetric.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit b0d9ffcd0251161c7c92f94804dcf599dfa3edeb)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The formula to compute slice_quota was wrong since commit 6ef228fc.
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit e3980e28bb888bf643054770452998d1b4319609)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Report an error instead of segfaulting when attaching a USB device to a
machine with no USB busses:
$ qemu-system-arm -machine vexpress-a9 \
-sd Fedora-17-armhfp-vexpress-mmcblk0.img \
-kernel vmlinuz-3.4.2-3.fc17.armv7hl \
-initrd initramfs-3.4.2-3.fc17.armv7hl.img \
-usbdevice disk:format=raw:test.img
Note that the vexpress-a9 machine does not have a USB host controller.
Reported-by: David Abdurachmanov <David.Abdurachmanov@cern.ch>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit c128d6a6d785eb9235a4f6dbd52f405ab8c60bee)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The devram memslot stays active when qxl enters UNDEFINED mode (i.e, no
primary surface). If migration has occurred while the device is in
UNDEFINED stae, the memslots have to be reloaded at the destination.
Fixes rhbz#874574
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit fa98efe932d93a15ffa867f3b05149c8d1fc7c28)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The virtio-scsi config space is, by specification, in guest endian (which
is ill-defined, but there you go). In virtio_scsi_get_config() we set up
all the fields in there, using stl_raw(). Which is a problem for the
max_channel and max_target fields, which are 16-bit, not 32-bit. For
little-endian targets we get away with it by accident, since the first
two bytes will still be correct, and the extra two bytes written (with
zeroes) will be overwritten correctly by the next store.
But for big-endian guests, this means the max_target field ends up as zero,
which means the guest will only recognize a single disk on the virtio-scsi
bus. This patch fixes the problem.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Paul 'Rusty' Russell <rusty@rustcorp.com.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 863d1050c96cff91dd478767c0da9cc288575919)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The virtio-scsi specification does not specify the correct endianness for
fields in the request structure. It's therefore best to assume that it is
"guest native" endian since that's the (stupid and poorly defined) norm in
virtio.
However, the qemu device for virtio-scsi has no byteswaps at all, and so
will break if the guest has different endianness from the host. This patch
fixes it by adding tswap() calls for the sense_len and resid fields in
the request structure. In theory status_qualifier needs swaps as well,
but that field is never actually touched. The tag field is a uint64_t, but
since its value is completely arbitrary, it might as well be uint8_t[8]
and so it does not need swapping.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Paul 'Rusty' Russell <rusty@rustcorp.com.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 474ee55a18765e7de8f0b2cc00db5d26286bb24d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Without any complex checks we can't assume that an
iscsi target is initialized to zero.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit f807ecd5741325fe0d281199ff22cdda0acb6a7a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
If the connection is interrupted before the first login is successfully
completed qemu-kvm is waiting forever in qemu_aio_wait().
This is fixed by performing an sync login to the target. If the
connection breaks after the first successful login errors are
handled internally by libiscsi.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit e829b0bb054ed3389e5b22dad61875e51674e629)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
If an invalid URL is specified iscsi_get_error(iscsi) is called
with iscsi == NULL.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 8da1e18b0cf46b6c95c88bbad1cc50d6dd1bef4b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The second parameter to qapi_dealloc_type_size should be a uint64_t *,
not a size_t *. This was causing our 32 bit x86 build to fail, since
warnings are treated as errors.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
(cherry picked from commit 1d16252652688a775b244fffa1b9ac9b719ceffc)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
visit_type_size() requires either visitor->type_size() or
visitor_uint64() to be implemented, otherwise a NULL function pointer is
invoked.
It is possible to trigger this crash as follows:
$ qemu-system-x86_64 -netdev tap,sndbuf=0,id=netdev0 \
-device virtio-blk-pci,netdev=netdev0
The 'sndbuf' option has type "size".
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 0c26f2eca40d6c65ea9edc62a10e510dc7f65cc8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The reference count for embedded objects is always one too low, because
object_initialize_with_type returns with zero references to the object.
This causes premature finalization of the object (or an assertion failure)
after calling object_ref to add an extra reference and object_unref to
remove it.
The fix is to move the initial object_ref call from object_new_with_type
to object_initialize_with_type.
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 764b63125a77dab54ed405d493452a4e05679c2e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
This patch fixes bug 1031698 :
https://bugs.launchpad.net/qemu/+bug/1031698
If we look at the (truncated) translation of the conditional branch
instruction in the test submitted in the bug post, the call to the
exception helper is missing in the "bne-false" chunk of translated
code :
IN:
bne- 0x1800278
OUT:
0xb544236d: jne 0xb5442396
0xb5442373: mov %ebp,(%esp)
0xb5442376: mov $0x44,%ebx
0xb544237b: mov %ebx,0x4(%esp)
0xb544237f: mov $0x1800278,%ebx
0xb5442384: mov %ebx,0x25c(%ebp)
0xb544238a: call 0x827475a
^^^^^^^^^^^^^^^^^^
0xb5442396: mov %ebp,(%esp)
0xb5442399: mov $0x44,%ebx
0xb544239e: mov %ebx,0x4(%esp)
0xb54423a2: mov $0x1800270,%ebx
0xb54423a7: mov %ebx,0x25c(%ebp)
Indeed, gen_exception(ctx, excp) called by gen_goto_tb (called by
gen_bcond) changes ctx->exception's value to excp's :
gen_bcond()
{
gen_goto_tb(ctx, 0, ctx->nip + li - 4);
/* ctx->exception value is POWERPC_EXCP_BRANCH */
gen_goto_tb(ctx, 1, ctx->nip);
/* ctx->exception now value is POWERPC_EXCP_TRACE */
}
Making the following gen_goto_tb()'s test false during the second call :
if ((ctx->singlestep_enabled &
(CPU_BRANCH_STEP | CPU_SINGLE_STEP)) &&
ctx->exception == POWERPC_EXCP_BRANCH /* false...*/) {
target_ulong tmp = ctx->nip;
ctx->nip = dest;
/* ... and this is the missing call */
gen_exception(ctx, POWERPC_EXCP_TRACE);
ctx->nip = tmp;
}
So the patch simply adds the missing matching case, fixing our problem.
Signed-off-by: Julio Guerra <guerr@julio.in>
Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit f0cc4aa8450376ca2aee3ebb09db71f9f2ff333b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Commit 0d93692 (qdev: Convert busses to QEMU Object Model, 2012-05-02)
removed a check on the type of the bus where a SCSI disk is hotplugged.
However, hot-plugging to the wrong kind of device now causes a crash
due to either a NULL pointer dereference (avoided by the previous patch)
or a failed QOM cast.
Instead, in this case we need to use object_dynamic_cast and check for
the result, similar to what was done before that commit.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit b5007bcc9729acd995518c52eb1038c4d8416b5d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Trying to cast a NULL value will cause a crash. Returning
NULL is also sensible, and it is also what the type-unsafe
DO_UPCAST macro does.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit b7f43fe46029d8fd0594cd599fa2599dcce0f553)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The local string tmp_filename is passed to function get_tmp_filename
which expects a string with minimum size MAX_PATH for w32 hosts.
MAX_PATH is 260 and PATH_MAX is 259, so tmp_filename was too short.
Commit eba25057b9a5e19d10ace2bc7716667a31297169 introduced this
regression.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 89c9bc3d147fdaa932db99b0463b4af1d3e7cda1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Fixes the pointer truncation that was occurring for branches.
Cc: Stefan Weil <sw@weilnetz.de>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Tested-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit c6c5063c7a5bb1d3fe6b9931a1ec15294e39b8b1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
A missing factor for the refcount table entry size in the calculation
could mean that too little memory was allocated for the in-memory
representation of the table, resulting in a buffer overflow.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Tested-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit a3548077062dd9dc2701ebffd931ba6eaef40bec)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
When building qemu-kvm for openSUSE:Factory, I am getting a
warning in the pipe2 detection performed by configure, which
prevents using --enable-werror.
Change detection code to use return value of pipe2.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 9bca81624ef9299b9a06013fd29cd6899079aab4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
On an ARM host, the registers definitions from cpu.h clash
with /usr/include/sys/ucontext.h. As there are unused, just remove
them.
Cc: Jia Liu <proljc@gmail.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 44e04d3b945ba6f5cc87e65192081da4783f73fa)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The bswap16 TCG opcode assumes that the high bytes of the temp equal
to 0 before calling it. The ARM backend implementation takes this
assumption to slightly optimize the generated code.
The same implementation is called for implementing the cross-endian
qemu_st16 opcode, where this assumption is not true anymore. One way to
fix that would be to zero the high bytes before calling it. Given the
store instruction just ignore them, it is possible to provide a slightly
more optimized version. With ARMv6+ the rev16 instruction does the work
correctly. For lower ARM versions the patch provides a version which
behaves correctly with non-zero high bytes, but fill them with junk.
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 7aab08aa786e3a8838beac758ee61c5000144937)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The TCG arm backend considers likely that the offset to the TLB
entries does not exceed 12 bits for mem_index = 0. In practice this is
not true for at least the MIPS target.
The current patch fixes that by loading the bits 23-12 with a separate
instruction, and using loads with address writeback, independently of
the value of mem_idx. In total this allow a 24-bit offset, which is a
lot more than needed.
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit d17bd1d8cc27f8c1a24c65f555a77a661c332b7f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
While reading microMIPS decoding, I found a possible wrong opcode
encoding. According to [1] page 166, the bits 13..12 for MULTU is
0x01 rather than 0x00. Please review, thanks.
[1] MIPS Architecture for Programmers VolumeIV-e: The MIPS DSP
Application-Specific Extension to the microMIPS32 Architecture
Signed-off-by: Chen Wei-Ren <chenwj@iis.sinica.edu.tw>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 6801038bc52d61f81ac8a25fbe392f1bad982887)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
According to the MIPS Malta Developement Platform User's Manual, the
i8259 interrupt controller is supposed to be connected to the hardware
IRQ0, and the CBUS UART to the hardware interrupt 2.
In QEMU they are both connected to hardware interrupt 0, the CBUS UART
interrupt being wrong. This patch fixes that. It should be noted that
the irq array in QEMU includes the software interrupts, hence
env->irq[2] is the first hardware interrupt.
Cc: Ralf Baechle <ralf@linux-mips.org>
Reviewed-by: Eric Johnson <ericj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 68d001928b151a0c50f367c0bdca645b3d5e9ed3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
We do not need BLKROSET if the kernel supports setting flags.
Also, always do BLKROSET even for a read-write export, otherwise
the read-only state remains "sticky" after the invocation of
"qemu-nbd -r".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c8969eded252058e90e91f12f75f32aceae46ec9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Fixing a simple typo, s/errno/err/, that caused
the error status from GDB semihosted system calls
to be returned incorrectly.
Signed-off-by: Meador Inge <meadori@codesourcery.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit aed91c1bff5e568c7b0fbd0e1e7e2f9e62409e73)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Tools were broken because they initialized the block layer while
qemu_aio_context was still NULL.
Reported-by: malc <av1474@comtv.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
(cherry picked from commit 2592c59a66d456fe98fe96cb5787b356c40ee66f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Used to be "UTB" not "USB".
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 0ebfb144e8ad3f2da436d630fdcc5aa9ab646341)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
OpenBIOS on sparc64 only support Standard VGA and not Cirrus VGA. Don't
build Cirrus VGA support so that it can't be selected.
This fixes the breakage introduced by commit f2898771.
Reported-by: Richard Henderson <rth@twiddle.net>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 0356404b0f1da939657cad1efeb556745cd430d5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Device tree properties need to be specified in big endian. Fix the
bamboo memory size property accordingly.
Signed-off-by: Alexander Graf <agraf@suse.de>
CC: qemu-stable@nongnu.org
(cherry picked from commit 5232fa59b17b45c04bd24e0d38224964816bf391)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
When using -initrd in the virtio machine, we need to indicate the initrd
start and size inside the kernel image. These parameters need to be stored
in native endianness.
Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Richard Henderson <rth@twiddle.net>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
(cherry picked from commit 235a3f0bed3584fe65079ffa07c7a842971f261e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The memory core drops regions that are hidden by another region (for example,
during BAR sizing), but it doesn't do so correctly if the lower address of the
existing range is below the lower address of the new range.
Example (qemu-system-mips -M malta -kernel vmlinux-2.6.32-5-4kc-malta
-append "console=ttyS0" -nographic -vga cirrus):
Existing range: 10000000-107fffff
New range: 100a0000-100bffff
Correct behaviour: drop new range
Incorrect behaviour: add new range
Fix by taking this case into account (previously we only considered
equal lower boundaries).
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit d26a8caea3f160782841efb87b5e8bea606b512b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Real HW always treats RX ring with RDH == RDT as empty.
Emulation is supposed to behave the same.
Reported-by: Chris Webb <chris.webb@elastichosts.com>
Reported-by: Richard Davies <richard.davies@elastichosts.com>
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit e5b8b0d4ba29fe1268ba049519a1b0cf8552a21a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The check using INT_MAX (2147483647) is wrong in this case.
Signed-off-by: Fred Oliveira <foliveira@cloudswitch.com>
Signed-off-by: Don Slutz <Don@CloudSwitch.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 2e84849aa2cc7f220d3b3668f5f7e3c57bb1b590)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Those functions return -errno in case of an error.
The old code would typically only detect EPERM (1) errors.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 7a608f562ebd91e811ed0b725e528c894e4f19c4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
When setting a date in 1980, Linux is actually disregarding the century
byte and setting the year to 2080. This causes a year-2038 overflow
in mktimegm. Fix this by doing the days-to-seconds computation in
64-bit math.
Reported-by: Lucas Meneghel Rodrigues <lookkas@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit b6db4aca20e9af4f62c9c9e08b9b9672a6ed3390)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Don't try to be clever and skip displaysurface reinitialization in case
the size hasn't changed. Other parameters might have changed
nevertheless, for example depth or stride, resulting in rendering being
broken then.
Trigger: boot linux guest with vesafb, start X11, make sure both vesafb
and X11 use the display same resolution. Then watch X11 screen being
upside down.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 0ec8df3974d2a4ff95b5fd4785b9bd3def7252f3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
As suggested by Paolo Bonzini, to avoid possible integer overflow issues.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit c5825ac6c861bfe1a4adfa27517931b56079e298)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
According to the spec we must raise an interrupt when one is requested
even for non active tds.
Linux depends on this, for bulk transfers it runs an inactivity timer
to work around a bug in early uhci revisions, when we take longer then
200 ms to process a packet, this timer goes of, and as part of the
handling Linux then unlinks the qh, and relinks it after the frindex
has increased by atleast 1, the problem is Linux only checks for the
frindex increases on an interrupt, and we don't send that, causing
the qh to go inactive for more then 32 frames, at which point we
consider the packet cancelled.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 883bca776daa43111e9c39008f0038f7c62ae723)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
When reverse connection is in use, there is no active VNC server
socket. Because of this, getsockopt(-1, ...) is attempted and
the following error is emitted:
$ socat TCP-LISTEN:5900,reuseaddr TCP-LISTEN:5901,reuseaddr &
$ x86_64-softmmu/qemu-system-x86_64 -vnc localhost:5900,reverse -monitor stdio
QEMU 1.2.50 monitor - type 'help' for more information
(qemu) info vnc
An undefined error has occurred
Because however the host, family, service and auth fields are
optional, we can just exit if there is no active server socket.
$ x86_64-softmmu/qemu-system-x86_64 -vnc localhost:5900,reverse -monitor stdio
QEMU 1.2.50 monitor - type 'help' for more information
(qemu) info vnc
Server:
Client:
address: 127.0.0.1:5900
x509_dname: none
username: none
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 417b0b88904fe1dd8c41bff8092dfbab0134d9cb)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
If TIGHT_PNG is not enabled by the --enable-vnc-png configure flag
then do not report to the client that it is supported.
Also, since TIGHT_PNG is the same as the TIGHT encoding but with the
filter/copy replaced with PNG data, adding it to the supported
encodings list when it is disabled will cause the TIGHT encoding to be
used even though the client requested TIGHT_PNG.
Signed-off-by: Joel Martin <github@martintribe.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit fe3e7f2dc05225cdd2ba40defcd4e2581bebc5e0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
commit 38f419f35225 fixed a breakage with CONFIG_QEMU_HELPERDIR
which has been introduced by 8bf188aa18ef7a8. But while techinically
that fix has been correct, all other similar variables are handled
differently. Make it consistent, and let scripts/create_config
expand and capitalize the variable properly like for all other
qemu_*dir variables.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit f354b1a1ee7a1c72d51b42808724a2b10eec315f)
Conflicts:
configure
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
We need to evaluate $libexecdir in configure, otherwise we literally end
up with "${prefix}/libexec" instead of the absolute path as
CONFIG_QEMU_HELPERDIR.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 38f419f35225decdbaea9fe1fd00218f8924ce84)
Conflicts:
configure
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
PAPR hypercalls should only be invoked from the guest kernel, not guest
user programs, that is, with MSR[PR]=0. Currently we check this in
spapr_hypercall, returning H_PRIVILEGE if MSR[PR]=1.
However, under KVM the state of MSR[PR] is already checked by the host
kernel before passing the hypercall to qemu, making this check redundant.
Worse, however, we don't generally synchronize KVM and qemu state on the
hypercall path, meaning that qemu could incorrectly reject a hypercall
because it has a stale MSR value.
This patch fixes the problem by moving the privilege test exclusively to
the TCG hypercall path.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
CC: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit efcb9383b974114e5f682e531346006f8f2466c0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The uint64_to_float32() conversion function was incorrectly always
returning numbers with the sign bit set (ie negative numbers). Correct
this so we return positive numbers instead.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit e744c06fca438dc08271e626034e632a270c91c8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Bit 10 of CPUID[8000_0001].EDX is not defined as an alias of
CPUID[1].EDX[10], so do not duplicate it on
kvm_arch_get_supported_cpuid().
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-By: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Don Slutz <Don@CloudSwitch.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit b1f4679392a03f2b26a37bfa52e95d6cc4f73d82)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
In the A series memory map (implemented in the Cortex A15 CoreTile), the
first NOR flash bank (flash 0) is mapped to address 0x08000000, while
address 0x00000000 can be configured as alias to either the first or the
second flash bank. This patch fixes the definition of flash 0 address,
and for simplicity removes the alias definition.
Signed-off-by: Francesco Lavra <francescolavra.fl@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 661bafb3e14bfffcb0a7c7910534c7944608ca45)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
When setting up the NVIC memory regions the memory range
0x100..0xcff is aliased to an IO memory region that belongs
to the ARM GIC. This aliased region should be added to the
NVIC memory container, but the actual GIC IO memory region
was being added instead. This mixup was causing the wrong
IO memory access functions to be called when accessing parts
of the NVIC memory.
Signed-off-by: Meador Inge <meadori@codesourcery.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 9892cae39562d2e6c00ccc5966302c00f23be6d4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|