| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
While reading microMIPS decoding, I found a possible wrong opcode
encoding. According to [1] page 166, the bits 13..12 for MULTU is
0x01 rather than 0x00. Please review, thanks.
[1] MIPS Architecture for Programmers VolumeIV-e: The MIPS DSP
Application-Specific Extension to the microMIPS32 Architecture
Signed-off-by: Chen Wei-Ren <chenwj@iis.sinica.edu.tw>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 6801038bc52d61f81ac8a25fbe392f1bad982887)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the MIPS Malta Developement Platform User's Manual, the
i8259 interrupt controller is supposed to be connected to the hardware
IRQ0, and the CBUS UART to the hardware interrupt 2.
In QEMU they are both connected to hardware interrupt 0, the CBUS UART
interrupt being wrong. This patch fixes that. It should be noted that
the irq array in QEMU includes the software interrupts, hence
env->irq[2] is the first hardware interrupt.
Cc: Ralf Baechle <ralf@linux-mips.org>
Reviewed-by: Eric Johnson <ericj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 68d001928b151a0c50f367c0bdca645b3d5e9ed3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 3e2880465fd07832bc1e26a39d80cad6242b6cf0)
|
|
|
|
|
|
|
|
|
|
| |
We do not need BLKROSET if the kernel supports setting flags.
Also, always do BLKROSET even for a read-write export, otherwise
the read-only state remains "sticky" after the invocation of
"qemu-nbd -r".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c8969eded252058e90e91f12f75f32aceae46ec9)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixing a simple typo, s/errno/err/, that caused
the error status from GDB semihosted system calls
to be returned incorrectly.
Signed-off-by: Meador Inge <meadori@codesourcery.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit aed91c1bff5e568c7b0fbd0e1e7e2f9e62409e73)
|
|
|
|
|
|
|
|
|
|
| |
Tools were broken because they initialized the block layer while
qemu_aio_context was still NULL.
Reported-by: malc <av1474@comtv.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
(cherry picked from commit 2592c59a66d456fe98fe96cb5787b356c40ee66f)
|
|
|
|
|
|
|
| |
Used to be "UTB" not "USB".
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 0ebfb144e8ad3f2da436d630fdcc5aa9ab646341)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenBIOS on sparc64 only support Standard VGA and not Cirrus VGA. Don't
build Cirrus VGA support so that it can't be selected.
This fixes the breakage introduced by commit f2898771.
Reported-by: Richard Henderson <rth@twiddle.net>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 0356404b0f1da939657cad1efeb556745cd430d5)
|
|
|
|
|
|
|
|
|
| |
Device tree properties need to be specified in big endian. Fix the
bamboo memory size property accordingly.
Signed-off-by: Alexander Graf <agraf@suse.de>
CC: qemu-stable@nongnu.org
(cherry picked from commit 5232fa59b17b45c04bd24e0d38224964816bf391)
|
|
|
|
|
|
|
|
|
|
|
| |
When using -initrd in the virtio machine, we need to indicate the initrd
start and size inside the kernel image. These parameters need to be stored
in native endianness.
Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Richard Henderson <rth@twiddle.net>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
(cherry picked from commit 235a3f0bed3584fe65079ffa07c7a842971f261e)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The memory core drops regions that are hidden by another region (for example,
during BAR sizing), but it doesn't do so correctly if the lower address of the
existing range is below the lower address of the new range.
Example (qemu-system-mips -M malta -kernel vmlinux-2.6.32-5-4kc-malta
-append "console=ttyS0" -nographic -vga cirrus):
Existing range: 10000000-107fffff
New range: 100a0000-100bffff
Correct behaviour: drop new range
Incorrect behaviour: add new range
Fix by taking this case into account (previously we only considered
equal lower boundaries).
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit d26a8caea3f160782841efb87b5e8bea606b512b)
|
|
|
|
|
|
|
|
|
|
|
| |
Real HW always treats RX ring with RDH == RDT as empty.
Emulation is supposed to behave the same.
Reported-by: Chris Webb <chris.webb@elastichosts.com>
Reported-by: Richard Davies <richard.davies@elastichosts.com>
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit e5b8b0d4ba29fe1268ba049519a1b0cf8552a21a)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Zero writes have cluster granularity in QED. Therefore they can only be
used to zero entire clusters.
If the zero write request leaves sectors untouched, zeroing the entire
cluster would obscure the backing file. Instead return -ENOTSUP, which
is handled by block.c:bdrv_co_do_write_zeroes() and falls back to a
regular write.
The qemu-iotests 034 test cases covers this scenario.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit ef72f76e58107bd4096018c3db2912d28249308e)
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case when TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64, the last
byte of the target dirent structure (aka d_type byte) was never copied
from the host dirent structure, thus breaking everything that relies
on valid d_type value, e.g. glob(3).
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
(cherry picked from commit 333858b77c2b4f7636257808a77822c58bdd80fe)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change addresses a problem where QEMU incorrectly traps on
floating-point MADD group instructions with SIGILL, at least while
emulating MIPS32r2 processors. These instructions use the COP1X major
opcode and include ones like:
madd.d $f2,$f4,$f2,$f6
Here's Nathan's original analysis of the problem:
"QEMU essentially does:
d = find_cpu (cpu_string) // get CPU definition
fpu_init (env, d) // initialize fpu state (init FCR0, basically)
cpu_reset (env)
...and the cpu_reset call clears all interesting state that fpu_init
setup, then proceeds to reinitialize all the CP0 registers...but not
FCR0."
I have verified this change with system emulation running the GDB test
suite for the mips-sde-elf target (o32, big endian, 24Kf CPU emulated),
there were 55 progressions and no regressions.
Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit f1cb0951c5298753652a73cfd8efc0b1a82f37de)
|
|
|
|
|
|
|
|
|
| |
Commit 59310659073d85745854f2f10c4292555c5a1c51 is incomplete,
we'll arrive in the scsi command complete callback in CSW state
and must handle that case correctly.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 54414218d78c9d043417b27bb29bd0334b4e3cb5)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The -numa option to qemu is used to create [fake] numa nodes
and expose them to the guest OS instance.
There are a couple of issues with the -numa option:
a) Max VCPU's that can be specified for a guest while using
the qemu's -numa option is 64. Due to a typecasting issue
when the number of VCPUs is > 32 the VCPUs don't show up
under the specified [fake] numa nodes.
b) KVM currently has support for 160VCPUs per guest. The
qemu's -numa option has only support for upto 64VCPUs
per guest.
This patch addresses these two issues.
Below are examples of (a) and (b)
a) >32 VCPUs are specified with the -numa option:
/usr/local/bin/qemu-system-x86_64 \
-enable-kvm \
71:01:01 \
-net tap,ifname=tap0,script=no,downscript=no \
-vnc :4
...
Upstream qemu :
--------------
QEMU 1.1.50 monitor - type 'help' for more information
(qemu) info numa
6 nodes
node 0 cpus: 0 1 2 3 4 5 6 7 8 9 32 33 34 35 36 37 38 39 40 41
node 0 size: 131072 MB
node 1 cpus: 10 11 12 13 14 15 16 17 18 19 42 43 44 45 46 47 48 49 50 51
node 1 size: 131072 MB
node 2 cpus: 20 21 22 23 24 25 26 27 28 29 52 53 54 55 56 57 58 59
node 2 size: 131072 MB
node 3 cpus: 30
node 3 size: 131072 MB
node 4 cpus:
node 4 size: 131072 MB
node 5 cpus: 31
node 5 size: 131072 MB
With the patch applied :
-----------------------
QEMU 1.1.50 monitor - type 'help' for more information
(qemu) info numa
6 nodes
node 0 cpus: 0 1 2 3 4 5 6 7 8 9
node 0 size: 131072 MB
node 1 cpus: 10 11 12 13 14 15 16 17 18 19
node 1 size: 131072 MB
node 2 cpus: 20 21 22 23 24 25 26 27 28 29
node 2 size: 131072 MB
node 3 cpus: 30 31 32 33 34 35 36 37 38 39
node 3 size: 131072 MB
node 4 cpus: 40 41 42 43 44 45 46 47 48 49
node 4 size: 131072 MB
node 5 cpus: 50 51 52 53 54 55 56 57 58 59
node 5 size: 131072 MB
b) >64 VCPUs specified with -numa option:
/usr/local/bin/qemu-system-x86_64 \
-enable-kvm \
-cpu Westmere,+rdtscp,+pdpe1gb,+dca,+pdcm,+xtpr,+tm2,+est,+smx,+vmx,+ds_cpl,+monitor,+dtes64,+pclmuldq,+pbe,+tm,+ht,+ss,+acpi,+d-vnc :4
...
Upstream qemu :
--------------
only 63 CPUs in NUMA mode supported.
only 64 CPUs in NUMA mode supported.
QEMU 1.1.50 monitor - type 'help' for more information
(qemu) info numa
8 nodes
node 0 cpus: 6 7 8 9 38 39 40 41 70 71 72 73
node 0 size: 65536 MB
node 1 cpus: 10 11 12 13 14 15 16 17 18 19 42 43 44 45 46 47 48 49 50 51 74 75 76 77 78 79
node 1 size: 65536 MB
node 2 cpus: 20 21 22 23 24 25 26 27 28 29 52 53 54 55 56 57 58 59 60 61
node 2 size: 65536 MB
node 3 cpus: 30 62
node 3 size: 65536 MB
node 4 cpus:
node 4 size: 65536 MB
node 5 cpus:
node 5 size: 65536 MB
node 6 cpus: 31 63
node 6 size: 65536 MB
node 7 cpus: 0 1 2 3 4 5 32 33 34 35 36 37 64 65 66 67 68 69
node 7 size: 65536 MB
With the patch applied :
-----------------------
QEMU 1.1.50 monitor - type 'help' for more information
(qemu) info numa
8 nodes
node 0 cpus: 0 1 2 3 4 5 6 7 8 9
node 0 size: 65536 MB
node 1 cpus: 10 11 12 13 14 15 16 17 18 19
node 1 size: 65536 MB
node 2 cpus: 20 21 22 23 24 25 26 27 28 29
node 2 size: 65536 MB
node 3 cpus: 30 31 32 33 34 35 36 37 38 39
node 3 size: 65536 MB
node 4 cpus: 40 41 42 43 44 45 46 47 48 49
node 4 size: 65536 MB
node 5 cpus: 50 51 52 53 54 55 56 57 58 59
node 5 size: 65536 MB
node 6 cpus: 60 61 62 63 64 65 66 67 68 69
node 6 size: 65536 MB
node 7 cpus: 70 71 72 73 74 75 76 77 78 79
Signed-off-by: Chegu Vinod <chegu_vinod@hp.com>, Jim Hull <jim.hull@hp.com>, Craig Hada <craig.hada@hp.com>
Tested-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit ee785fed5dd035d4b12142cacec6d3c344426dec)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the Intel manual
"Intel® 64 and IA-32 Architectures Software Developer’s Manual
Volume 3", "3.4.4 Segment Loading Instructions in IA-32e Mode":
"When in compatibility mode, FS and GS overrides operate as defined by
32-bit mode behavior regardless of the value loaded into the upper 32
linear-address bits of the hidden descriptor register base field.
Compatibility mode ignores the upper 32 bits when calculating an effective address."
However, the code misses the 64-bit mode case, where an instruction with
address and segment size override would be translated incorrectly. For example,
inc dword ptr gs:260h[ebx*4] gets incorrectly translated to:
(uint32_t)(gs.base + ebx * 4 + 0x260)
instead of
gs.base + (uint32_t)(ebx * 4 + 0x260)
Signed-off-by: Vitaly Chipounov <vitaly.chipounov@epfl.ch>
Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 7162ab21fe8e82f924002951cd8e87f69358f8b5)
|
|
|
|
|
|
|
|
|
| |
The check using INT_MAX (2147483647) is wrong in this case.
Signed-off-by: Fred Oliveira <foliveira@cloudswitch.com>
Signed-off-by: Don Slutz <Don@CloudSwitch.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 2e84849aa2cc7f220d3b3668f5f7e3c57bb1b590)
|
|
|
|
|
|
|
|
|
| |
Those functions return -errno in case of an error.
The old code would typically only detect EPERM (1) errors.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 7a608f562ebd91e811ed0b725e528c894e4f19c4)
|
|
|
|
|
|
|
|
|
|
|
|
| |
When setting a date in 1980, Linux is actually disregarding the century
byte and setting the year to 2080. This causes a year-2038 overflow
in mktimegm. Fix this by doing the days-to-seconds computation in
64-bit math.
Reported-by: Lucas Meneghel Rodrigues <lookkas@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit b6db4aca20e9af4f62c9c9e08b9b9672a6ed3390)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't try to be clever and skip displaysurface reinitialization in case
the size hasn't changed. Other parameters might have changed
nevertheless, for example depth or stride, resulting in rendering being
broken then.
Trigger: boot linux guest with vesafb, start X11, make sure both vesafb
and X11 use the display same resolution. Then watch X11 screen being
upside down.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 0ec8df3974d2a4ff95b5fd4785b9bd3def7252f3)
|
|
|
|
|
|
|
|
| |
As suggested by Paolo Bonzini, to avoid possible integer overflow issues.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit c5825ac6c861bfe1a4adfa27517931b56079e298)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the spec we must raise an interrupt when one is requested
even for non active tds.
Linux depends on this, for bulk transfers it runs an inactivity timer
to work around a bug in early uhci revisions, when we take longer then
200 ms to process a packet, this timer goes of, and as part of the
handling Linux then unlinks the qh, and relinks it after the frindex
has increased by atleast 1, the problem is Linux only checks for the
frindex increases on an interrupt, and we don't send that, causing
the qh to go inactive for more then 32 frames, at which point we
consider the packet cancelled.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 883bca776daa43111e9c39008f0038f7c62ae723)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When reverse connection is in use, there is no active VNC server
socket. Because of this, getsockopt(-1, ...) is attempted and
the following error is emitted:
$ socat TCP-LISTEN:5900,reuseaddr TCP-LISTEN:5901,reuseaddr &
$ x86_64-softmmu/qemu-system-x86_64 -vnc localhost:5900,reverse -monitor stdio
QEMU 1.2.50 monitor - type 'help' for more information
(qemu) info vnc
An undefined error has occurred
Because however the host, family, service and auth fields are
optional, we can just exit if there is no active server socket.
$ x86_64-softmmu/qemu-system-x86_64 -vnc localhost:5900,reverse -monitor stdio
QEMU 1.2.50 monitor - type 'help' for more information
(qemu) info vnc
Server:
Client:
address: 127.0.0.1:5900
x509_dname: none
username: none
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 417b0b88904fe1dd8c41bff8092dfbab0134d9cb)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If TIGHT_PNG is not enabled by the --enable-vnc-png configure flag
then do not report to the client that it is supported.
Also, since TIGHT_PNG is the same as the TIGHT encoding but with the
filter/copy replaced with PNG data, adding it to the supported
encodings list when it is disabled will cause the TIGHT encoding to be
used even though the client requested TIGHT_PNG.
Signed-off-by: Joel Martin <github@martintribe.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit fe3e7f2dc05225cdd2ba40defcd4e2581bebc5e0)
|
|
|
|
|
|
|
|
|
| |
Find a hopefully proper patch attached. Take it or leave it.
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Henning Schild <henning@hennsch.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 7e9c7ffe9fd9dfc3d0168dd584936db8144b230b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the guests replenish the receive ring buffer, the network device
should flush its queue of pending packets. This is done with
qemu_flush_queued_packets.
e1000's can_receive can go from false to true when RCTL or RDT are
modified.
Reported-by: Luigi Rizzo <rizzo@iet.unipi.it>
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Cc: Jan Kiszka <jan.kiszka@siemens.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit e8b4c680b41bd960ecccd9ff076b7b058e0afcd4)
|
|
|
|
|
|
|
|
|
|
|
|
| |
If readonly=on is given at device creation time, the ->readonly flag
needs to be set in the block driver state for this device so that
readonly-ness is preserved across media changes (qmp change command).
Similarly, to preserve the snapshot property requires ->open_flags to
be correct.
Signed-off-by: Kevin Shanahan <kmshanah@disenchant.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 80dd1aae3657a902d262f5d20a7a3c655b23705e)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bit 10 of CPUID[8000_0001].EDX is not defined as an alias of
CPUID[1].EDX[10], so do not duplicate it on
kvm_arch_get_supported_cpuid().
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-By: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Don Slutz <Don@CloudSwitch.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit b1f4679392a03f2b26a37bfa52e95d6cc4f73d82)
|
|
|
|
|
|
|
|
|
|
| |
The uint64_to_float32() conversion function was incorrectly always
returning numbers with the sign bit set (ie negative numbers). Correct
this so we return positive numbers instead.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit e744c06fca438dc08271e626034e632a270c91c8)
|
|
|
|
|
|
|
|
| |
usb-audio is a full speed (1.1) device,
but bcdUSB claims it is usb 2.0. Fix it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 2bbd086c41a00dc4384727ec895a94890c688eb5)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 8e729e3b521d9 "intel-hda: Fix reset of MSI function"
(applied to 1.1.1 as 0ec39075710) added a call to msi_reset()
into intel_hda_reset() function. But this function is called
not only from PCI bus reset method, but also from device init
method (intel_hda_set_g_ctl()), and there, we should not reset
msi state. For this, split intel_hda_reset() into two halves,
one common part with device reset, and one with msi reset,
intel_hda_reset_msi(), which also calls the common part, for
the bus method.
This is only needed for 1.1.x series, since in 1.2+, MSI reset
is called in proper places by the PCI code already.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: 688964@bugs.debian.org
|
|
|
|
|
|
|
|
|
|
| |
Document the -netdev syntax which supercedes the older -net syntax.
This patch is a first step to making -netdev prominent in the QEMU
manual.
Reported-by: Anatoly Techtonik <techtonik@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 08d12022c7f1aba6acccc75150659c6e4c9dff23)
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Advanced Error Interrupt Message Number (bits 31:27 of the Root
Error Status Register) is updated when the number of msi messages assigned to a
device changes. Migration of windows 7 on q35 chipset failed because the check
in get_pci_config_device() fails due to cmask being set on these bits. Its valid
to update these bits and we must restore this state across migration.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 0e180d9c8a7429c55d23d2e7855f1e490a063aaa)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While testing q35, I found that windows 7 (specifically, windows 7 ultimate
with sp1 x64), wouldn't install because it can't find the cdrom or disk drive.
The failure message is: 'A required cd/dvd device driver is missing. If you
have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now.'
This can also be reproduced on piix by adding an ahci controller, and
observing that windows 7 does not see any devices behind it.
The problem is that when windows issues a HBA reset, qemu does not reset the
individual ports' PxCMD register. Windows 7 then reads back the PxCMD register
and presumably assumes that the ahci controller has already been initialized.
Windows then never sets up the PxIE register to enable interrupts, and thus it
never gets irqs back when it sends ata device inquiry commands.
This change brings qemu into ahci 1.3 specification compliance.
Section 10.4.3 HBA Reset:
"
When GHC.HR is set to '1', GHC.AE, GHC.IE, the IS register, and all port
register fields (except PxFB/PxFBU/PxCLB/PxCLBU) that are not HwInit in the
HBA's register memory space are reset.
"
I've also re-tested Fedora 16 and 17 to verify that they continue to work with
this change.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 2a4f4f34e6fe55f4c82507c3e7ec9b58c2e24ad4)
Conflicts:
hw/ide/ahci.c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is reported by QA. When installing os with pxe, after the initial
kernel and initrd are loaded, the procedure tries to copy files from install
server to local harddisk, the network becomes stall because of running out of
receive descriptor.
[Whitespace fixes and removed qemu_notify_event() because Paolo's
earlier net patches have moved it into qemu_flush_queued_packets().
Additional info:
I can reproduce the network hang with a tap device doing a iPXE HTTP
boot as follows:
$ qemu -enable-kvm -m 1024 \
-netdev tap,id=netdev0,script=no,downscript=no \
-device i82559er,netdev=netdev0,romfile=80861209.rom \
-drive if=virtio,cache=none,file=test.img
iPXE> ifopen net0
iPXE> config # set static network configuration
iPXE> kernel http://mirror.bytemark.co.uk/fedora/linux/releases/17/Fedora/x86_64/os/images/pxeboot/vmlinuz
I needed a vanilla iPXE ROM to get to the iPXE prompt. I think the boot
prompt has been disabled in the ROMs that ship with QEMU to reduce boot
time.
During the vmlinuz HTTP download there is a network hang. hw/eepro100.c
has reached the end of the rx descriptor list. When the iPXE driver
replenishes the rx descriptor list we don't kick the QEMU net subsystem
and event loop, thereby leaving the tap netdev without its file
descriptor in select(2).
Stefan Hajnoczi <stefanha@gmail.com>]
Signed-off-by: Bo Yang <boyang@suse.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 1069985fb132cd4324fc02d371f1e61492a1823f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cpu_physical_memory_write_rom(), despite the name, can also be used to
write images into RAM - and will often be used that way if the machine
uses load_image_targphys() into RAM addresses.
However, cpu_physical_memory_write_rom(), unlike cpu_physical_memory_rw()
doesn't invalidate any cached TBs which might be affected by the region
written.
This was breaking reset (under full emu) on the pseries machine - we loaded
our firmware image into RAM, and while executing it rewrite the code at
the entry point (correctly causing a TB invalidate/refresh). When we
reset the firmware image was reloaded, but the TB from the rewrite was
still active and caused us to get an illegal instruction trap.
This patch fixes the bug by duplicating the tb invalidate code from
cpu_physical_memory_rw() in cpu_physical_memory_write_rom().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 0b57e287138728f72d88b06e69b970c5d745c44a)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(qemu) sendkey a
(qemu) sendkey 0x1e
(qemu) sendkey #0x1e
unknown key: '#0x1e'
The last command doesn't work, '#' is not requested before
raw values, and the raw value in decimal format is not supported.
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
(cherry picked from commit 886cc706ce5d4d3d1c296f028ddc2991cfbe3bbe)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 7b93fadf3a38d1ed65ea5536a52efc2772c6e3b8 "Add basic version
of bridge helper" put the bridge helper executable into a fixed
${prefix}/libexec/ location, instead of using ${libexecdir} for
this. At the same time, --libexecdir is being happily ignored
by ./configure. Even more, the same patch sets unused $libexecdir
variable in the generated config-host.mak, and uses fixed string
(\${prefix}/libexecdir) for the bridge helper binary.
Fix this braindamage by introducing $libexecdir variable, using
it for the bridge helper binary, and recognizing --libexecdir.
This patch is applicable to stable-1.1.
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Cc: Corey Bryant <coreyb@linux.vnet.ibm.com>
Cc: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 8bf188aa18ef7a8355d9edbd43871d590468c4ed)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tcp_chr_connect(), unlike for example udp_chr_update_read_handler() does
not check if the fd it is using is valid (>= 0) before passing it to
qemu_set_fd_handler2(). If using e.g. a TCP serial port, which is not
initially connected, this can result in -1 being passed to FD_ISSET, which
has undefined behaviour. On x86 it seems to harmlessly return 0, but on
PowerPC, it causes a fortify buffer overflow error to be thrown.
This patch fixes this by putting an extra test in tcp_chr_connect(), and
also adds an assert qemu_set_fd_handler2() to catch other such errors on
all platforms, rather than just some.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bbdd2ad0814ea0911076419ea21b7957505cf1cc)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The load/store slow path has been broken in e141ab52d:
- We need to move 4 registers for store functions and 3 registers for
load functions and not the reverse.
- According to the s390x calling convention the arguments of a function
should be zero extended. This means that the register shift should be
done with TCG_TYPE_I64 to ensure the higher word is correctly zero
extended when needed.
I am aware that CONFIG_TCG_PASS_AREG0 is being removed and thus that
this patch can be improved, but doing so means it can also be applied to
the 1.1 and 1.2 stable branches.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
|
|
| |
audio: Unbreak capturing in mixemu case
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
glibc 2.16 will remove the undocumented definition of 'struct siginfo'
from <bits/siginfo.h>.
This change is already present in glibc 2.15.90, so qemu compilation
of certain targets (eg. cris-user) breaks.
This struct was always typedef'd to be the same as 'siginfo_t' which
is what POSIX documents, so use that instead.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
|
|
|
|
|
|
| |
qemu-kvm-specific machine defaults were missing for pc-0.15 to pc-1.1.
Then Daniel noted that --disable-kvm caused problems as the generated
binaries would be unable to run. As we are at it, we can drop the
kernel_irqchip=on that is now enable by default in upstream.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes it is neccessary for an application to determine
whether a particular QMP event is available, so they can
decide whether to use compatibility code instead. This
introduces a new 'query-events' command to QMP to do just
that
{ "execute": "query-events" }
{"return": [{"name": "WAKEUP"},
{"name": "SUSPEND"},
{"name": "DEVICE_TRAY_MOVED"},
{"name": "BLOCK_JOB_CANCELLED"},
{"name": "BLOCK_JOB_COMPLETED"},
...snip...
{"name": "SHUTDOWN"}]}
* monitor.c: Turn MonitorEvent -> string conversion
into a lookup from a static table of constant strings.
Add impl of qmp_query_events monitor command handler
* qapi-schema.json, qmp-commands.hx: Define contract of
query-events command
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
|
|
|
|
|
|
|
|
| |
Provide a dummy kvm_kernel_irqchip so that kvm_irqchip_in_kernel can be
used by code that is not under CONFIG_KVM protection.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tag 'v1.1.2': (74 commits)
update VERSION for 1.1.2
console: bounds check whenever changing the cursor due to an escape code
qemu-timer: properly arm alarm timer for timers set by device initialization
target-xtensa: return ENOSYS for unimplemented simcalls
target-xtensa: fix big-endian BBS/BBC implementation
ehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream active
msix: make [un]use vectors on reset/load optional
reset PMBA and PMREGMISC PIIX4 registers.
qemu_rearm_alarm_timer: do not call rearm if the next deadline is INT64_MAX
qemu-ga: Fix null pointer passed to unlink in failure branch
memory: Fix copy&paste mistake in memory_region_iorange_write
ivshmem: remove redundant ioeventfd configuration
hw/arm_gic.c: Define .class_size in arm_gic_info TypeInfo
tcg/mips: fix broken CONFIG_TCG_PASS_AREG0 code
audio/winwave: previous audio buffer should be flushed
target-mips: allow microMIPS SWP and SDP to have RD equal to BASE
target-mips: add privilege level check to several Cop0 instructions
mips-linux-user: Always support rdhwr.
target-mips: Streamline indexed cp1 memory addressing.
Fix order of CVT.PS.S operands
...
Signed-off-by: Avi Kivity <avi@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
| |
| |
| |
| |
| |
| |
| | |
This is XSA-17 / CVE-2012-3515
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
QEMU will hang when fed the following command-line
qemu-system-mips -kernel vmlinux-2.6.32-5-4kc-malta -append "console=ttyS0" -nographic -net none
The -net none is important otherwise it seems some events are generated
causing the things to work. When it doesn't work, the guest hangs when
measuring the CPU frequency, after the following line:
[ 0.000000] NR_IRQS:256
Pressing a key on the serial port unblocks it, hinting that the problem
is due to the recent elimination of the 1 second timeout in the main
loop.
The problem is that because init_timer_alarm sets the timer's pending
flag to true, the alarm timer is never armed until after the first time
through the main loop. Thus the bug started when QEMU started testing
the pending flag in qemu_mod_timer (commit 1828be3, more alarm timer
cleanup, 2010-03-10).
But actually, it isn't true at all that a timer is pending when the
alarm timer is created, and the real bug has been latent forever: the
fix is to remove the bogus setting of pending flag.
Reported-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit de188751da8db3c77a681bf903035a0e5218c463)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|