Since mmap() with MAP_FIXED will map over the top of existing mappings,
it's a bad idea to use it to implement brk(), because brk() with a
large size is likely to overwrite important things like qemu itself
or the host libc. So we drop MAP_FIXED and handle "mapped but at
different address" as an error case instead.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@iki.fi>

Fix a bug in the linux-user ELF loader code where it was not correctly
handling images where the lowest vaddr to be loaded was not page aligned.
The problem was that the code to probe for a suitable guest base address
was changing the 'loaddr' variable (by rounding it to a page boundary),
which meant that the load bias would then be incorrectly calculated
unless loaddr happened to already be page-aligned.

Binaries generated by gcc with the default linker script do start with
a loadable segment at a page-aligned vaddr, so were unaffected. This
bug was noticed with a binary created by the Google Go toolchain for ARM.

We fix the bug by refactoring the "probe for guest base" code out into
its own self-contained function.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@iki.fi>

This patch fixes a "double free()" due to "realloc(syms, 0)" in the
loader when the ELF file has no "useful" symbol, as with the following
example (compiled with "sh4-linux-gcc -nostdlib"):

    .text
    .align 1
    .global _start
    _start:
        mov     #1, r3
        trapa   #40     // syscall(__NR_exit)
        nop

The bug appears when the log (option "-d") is enabled.
Signed-off-by: NCédric VINCENT <cedric.vincent@st.com>
Signed-off-by: NYves JANIN <yves.janin@st.com>
Signed-off-by: NRiku Voipio <riku.voipio@iki.fi>
Reviewed-by: NRichard Henderson <rth@twiddle.net>

Fixes crash in i386 when user emulation base address is non-zero.

21797 rt_sigreturn(8,1082124603,1,0,1082126048,1082126248)Exit reason and status: signal 11
Signed-off-by: NMike McCormack <mj.mccormack@samsung.com>
Signed-off-by: NRiku Voipio <riku.voipio@iki.fi>

The 9118 ethernet controller interrupt line is active low unless
the IRQ config register is programmed to set both the IRQ_POL
(polarity: active-high) and IRQ_TYPE (type: push-pull) bits:
implement support for inverting the irq output in other configurations.
This also requires that we support setting the bits in the first
place, and that we correctly preserve them across software reset.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAndrzej Zaborowski <andrew.zaborowski@intel.com>

BeOS and Haiku on i386 use long for 32-bit types, including pid_t.
Using %d with pid_t therefore results in a warning.

Unfortunately POSIX:2008 does not define a PRId* string for pid_t.

In some places pid_t was previously casted to long and %ld hardcoded.
The predecessor of this patch added another upcast for the simpletrace
filename but was not applied to date.

Since new uses of pid_t with %d keep creeping in, let's instead define
an OS-dependent format string and use that consistently.

Cc: Stefan Hajnoczi <stefanha@gmail.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: Ingo Weinhold <ingo_weinhold@gmx.de>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: NAndreas Färber <andreas.faerber@web.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Register the smc91c111 reset function as a qdev reset function.
Signed-off-by: NJuha Riihimäki <juha.riihimaki@nokia.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

* 'cocoa-for-upstream' of git://repo.or.cz/qemu/afaerber:
  Darwin: Fix compilation warning regarding the deprecated daemon() function
  cocoa: Avoid warning related to multiple handleEvent: definitions
  cocoa: Revert dependency on VNC
  cocoa: Provide central qemu_main() prototype
  Fix libfdt warnings on Darwin
  configure: Fix check for fdatasync()
  Remove warning in printf due to type mismatch
  Cocoa: avoid displaying window when command-line contains '-h' or '-help'
  Fix compilation warning due to incorrectly specified type
  cocoa: do not create a spurious window for -version

Add command line support for logging to a location other than /tmp/qemu.log.

With logging enabled (command line option -d), the log is written to
the hard-coded path /tmp/qemu.log. This patch adds support for writing
the log to a different location by passing the -D option.
Signed-off-by: NMatthew Fernandez <matthew.fernandez@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Without this, qemu segfaults when a BH handler first deletes its BH and
then calls another function which involves a nested qemu_bh_poll() call.

This can be reproduced by generating an I/O error (e.g. with blkdebug) on
an IDE device and using rerror/werror=stop to stop the VM. When continuing
the VM, qemu segfaults.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Reviewed-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>

Clearing the error status flag was missing for restarting flushes. Now that the
error status is separate from the BM status register, we can simply set it to 0
after restarting the request. This ensures that we never forget to clear a bit.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Add support for TRIM sub function of the data set management command,
and wire it up to the qemu discard infrastructure.
Signed-off-by: NChristoph Hellwig <hch@lst.de>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Replace the is_read flag with a dma_cmd flag to allow the dma and
restart logic to handler other commands like TRIM.
Signed-off-by: NChristoph Hellwig <hch@lst.de>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Make dma_bdrv_io available for drivers, and pass an explicit I/O function
instead of hardcoding bdrv_aio_readv/bdrv_aio_writev.  This is required
to implement non-READ/WRITE dma commands in the ide driver, e.g. the
upcoming TRIM support.
Signed-off-by: NChristoph Hellwig <hch@lst.de>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Signed-off-by: NKevin Wolf <kwolf@redhat.com>

When a failed PIO request caused the VM to stop, we still need to transfer the
PIO state even though DRQ=0 at this point.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

When adding the werror=stop mode, some flags were added to s->status
which are used to determine what kind of operation should be restarted
when the VM is continued.

Unfortunately, it turns out that s->status is in fact a device register
and as such is visible to the guest (some of the abused bits are even
writable for the guest).

For migration we keep on using the old VMState field (renamed to
migration_compat_status) if the status register doesn't use any of the
previously abused bits. If it does, we use a subsection with a clean copy of
the status register.

The error status is always sent in a subsection if there is any error. It can't
use the old field because errors happen even without PCI.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

If qcow2_cache_put returns an error during cluster allocation and the
allocation fails, it must be removed from the list of in-flight allocations.
Otherwise we'd get a loop in the list when the ACB is used for the next
allocation.

Luckily, this qcow2_cache_put shouldn't fail anyway because the L2 table is
only read, so that qcow2_cache_put doesn't even involve I/O.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Reviewed-by: NChristoph Hellwig <hch@lst.de>

Signed-off-by: NDevin Nakamura <devin122@gmail.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

bdrv_aio_* must not call the callback before returning to its caller. In vdi,
this could happen in some error cases. This starts the real requests processing
in a BH to avoid this situation.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

bdrv_aio_* must not call the callback before returning to its caller. In qcow,
this could happen in some error cases. This starts the real requests processing
in a BH to avoid this situation.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

bdrv_aio_* must not call the callback before returning to its caller. In qcow2,
this could happen in some error cases. This starts the real requests processing
in a BH to avoid this situation.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

This patchset enables a new CPU feature SMEP (Supervisor Mode Execution
Protection) in QEMU-KVM. SMEP prevents kernel from executing code in application.
Updated Intel SDM describes this CPU feature. The document will be published soon.

SMEP is identified by CPUID leaf 7 EBX[7], which is 0 before. Get the right value by query KVM kernel module, so that guest can get SMEP through CPUID.
Signed-off-by: NYang, Wei <wei.y.yang@intel.com>
Singed-off-by: NShan, Haitao <haitao.shan@intel.com>
Singed-off-by: NLi, Xin <xin.li@intel.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

When KVM is running on VIA CPU with host cpu's model, the
feautures of VIA CPU will be passed into kvm guest by calling
the CPUID instruction for Centaur.

Signed-off-by: BrillyWu<brillywu@viatech.com.cn>
Signed-off-by: KaryJin<karyjin@viatech.com.cn>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

ccid_initfn() allocates CCIDBus dynamically, but there is no exit
callback to free it.

Fix by getting rid of the allocation.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

No flag to configure is required. Instead, added a libcacard.la target that
is not built by default, only when requested explicitly via:

mkdir build
cd build
../configure
make libcacard.la
make install-libcacard

Uses libtool to do actual linking of object files and shared library, and
installing. Tested only under linux, but supposed to work on other systems as
well.

If libtool isn't found you get a message complaining about that, only at build
time (since it is not a default target I did not add a message at configure
time).

New build artifacts:
 .libs subdirectories (at <buildroot> and <buildroot>/libcacard)
 *.lo files (at same locations as the respective o files)

Added %.lo : %.c rule that uses libtool.
Updated clean rule to clean up those artifacts.
Added specific rule to call dtrace with libtool wrapper (note that because of
a current upstream dtrace bug fixed by systemtap b1568fd85 commit the -fPIC flag
isn't actually passed on. still current dtrace+libtool produced object links fine).
If libtool is missing any of the following targets will complain and exit 1:
 any subdir: *.lo
 root and libcacard: libcacard.la, libcacard-instsall

Tested to link and load with all tracing backends.

expire_time must be initialited when the guest activates the
usb scheduler, not at device creation time.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Implement the wakeup callback in the OHCI USBPortOps, so that when
a downstream device wakes up it correctly causes the OHCI controller
to come out of suspend.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

HcPeriodCurrentED is read-only, but Linux writes to it anyway; silently
ignore this rather than printing a warning message.

(Specifically, drivers/usb/host/ohci-hub.c:ohci_rh_resume() writes a
0, in at least kernels 2.6.25 through 2.6.39.)
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NBrad Hards <bradh@frogmouth.net>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NBrad Hards <bradh@frogmouth.net>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NBrad Hards <bradh@frogmouth.net>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

This causes an "Error: tried to detach unattached usb device " to be printed,
this can happen when deleting ie a usb host qdev, which did not
get attached (because a device matching the filter never got plugged in).
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

1024 bytes is way to small, one hd UVC webcam I have over here has so
many resolutions its descriptors take op close to 4k. Hopefully 8k will
be enough for all devices.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>