From Markus:

Makes "make check" hang:

    QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 gtester -k --verbose -m=quick tests/crash-test tests/rtc-test
    TEST: tests/crash-test... (pid=972)
    qemu-system-x86_64: Device needs media, but drive is empty
[Nothing happens, wait a while, then hit ^C]
    make: *** [check-qtest-x86_64] Interrupt

This was due to the fact that we weren't checked for errors when
reading from the QMP socket.  This patch adds appropriate error
checking.
Reported-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

From Markus:

Before:

    $ qemu-system-x86_64 -display none -drive if=ide
    qemu-system-x86_64: Device needs media, but drive is empty
    qemu-system-x86_64: Initialization of device ide-hd failed
    [Exit 1 ]

After:

    $ qemu-system-x86_64 -display none -drive if=ide
    qemu-system-x86_64: Device needs media, but drive is empty
    Segmentation fault (core dumped)
    [Exit 139 (SIGSEGV)]

This error always existed as qdev_init() frees the object.  But QOM
goes a bit further and purposefully sets the class pointer to NULL to
help find use-after-free.  It worked :-)

Cc: Andreas Faerber <afaerber@suse.de>
Reported-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Agreed between myself and Alex:
http://lists.nongnu.org/archive/html/qemu-devel/2012-06/msg03561.htmlSigned-off-by: NPeter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

Signed-off-by: NPeter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

Signed-off-by: NPeter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

* stefanha/trivial-patches:
  tci: Support INDEX_op_bswap64_i64
  target-i386: Use QEMU instead of Qemu
  Makefile.hw: avoid overly large 'make clean' rm command
  configure: Fix typo
  arm_gic: Send dbg msgs to stderr not stdout
  checkpatch: Add QEMU specific rule
  qemu-config: Use QEMU instead of Qemu
  libqtest: Fix socket_accept() to pass address_len
  Makefile.user: Define CONFIG_USER_ONLY for libuser/
  Makefile: Remove macro qapi-dir
  Makefile: Remove BUILD_DIR from qapi-dir
  Install 'bepo' keymap already included in Qemu source

* spice/spice.v58:
  vga: raise default vgamem size
  add pc-1.2
  qxl: add vgamem_size_mb and vgamem_size
  vga: make vram size configurable
  vga: raise xres+yres limits
  qxl: reset current_async on qxl_soft_reset
  hw/qxl: ignore guest from guestbug until reset
  qxl: stop dirty loging when not in vga mode
  hw/qxl: s/qxl_guest_bug/qxl_set_guest_bug/
  ui/spice-display.c: add missing initialization for valgrind

* mdroth/qga-pull-6-21-12:
  qemu-ga: add guest-fstrim command
  qemu-ga: make names more generic for mount list functions

* sstabellini/compile-xs:
  xenstore: Use <xenstore.h>
  xen: Reorganize includes of Xen headers.

* sstabellini/xen-pt:
  Introduce Xen PCI Passthrough, MSI
  Introduce apic-msidef.h
  Introduce Xen PCI Passthrough, PCI config space helpers
  Introduce Xen PCI Passthrough, qdevice
  qdev-properties: Introduce pci-host-devaddr.
  pci.c: Add opaque argument to pci_for_each_device.
  Introduce XenHostPCIDevice to access a pci device on the host.
  configure: Introduce --enable-xen-pci-passthrough.
  pci_ids: Add INTEL_82599_SFP_VF id.

* kraxel/usb.54:
  uhci: fix uhci_async_cancel_all
  usb-host: live migration support
  usb-host: attach only to running guest
  ehci: tracing improvements
  usb: restore USBDevice->attached on vmload
  ehci: add live migration support

This fixes a compiler error when QEMU was configured with --enable-debug.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NAlexander Graf <agraf@suse.de>

The order of the arguments was wrong (copy+paste error).
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NAlexander Graf <agraf@suse.de>

If tci_out_label is called in the context of tcg_gen_code_search_pc, we
could be overwriting an already patched relocation with zero -- and not
repatch it because the set_label is past search_pc, causing a QEMU crash
when it tries to branch to a zero label.

Not writing anything to the relocation area seems to be in line with what
other backends do from the couple I looked at (x86, ppc).
Signed-off-by: NScott Wood <scottwood@freescale.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Commit dcff25f2 removed too many *.d
files. The directories fpu/ and tcg/ still don't use the recursive
subdir rules.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

The new inline function qemu_log_vprintf should use this attribute.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf: (72 commits)
  PPC: BookE206: Bump MAS2 to 64bit
  PPC: BookE: Support 32 and 64 bit wide MAS2
  PPC: Extract SPR dump generation into its own function
  PPC: Add e5500 CPU target
  PPC: BookE: Make ivpr selectable by CPU type
  PPC: BookE: Implement EPR SPR
  PPC: Add support for MSR_CM
  PPC: Add some booke SPR defines
  uImage: increase the gzip load size
  PPC: e500: allow users to set the /compatible property via -machine
  dt: make setprop argument static
  PPC: e500: Refactor serial dt generation
  dt: Add global option to set phandle start offset
  PPC: e500: Extend address/size of / to 64bit
  PPC: e500: Define addresses as always 64bit
  PPC: e500: Use new SOC dt format
  PPC: e500: Use new MPIC dt format
  Revert "dt: temporarily disable subtree creation failure check"
  PPC: e500: enable manual loading of dtb blob
  PPC: e500: dt: use target_phys_addr_t for ramsize
  ...

* 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm: (33 commits)
  target-arm: Remove ARM_CPUID_* macros
  target-arm: Remove remaining old cp15 infrastructure
  target-arm: Move block cache ops to new cp15 framework
  target-arm: Remove c0_cachetype CPUARMState field
  target-arm: Convert final ID registers
  target-arm: Convert MPIDR
  target-arm: Convert cp15 cache ID registers
  target-arm: Convert cp15 crn=0 crm={1,2} feature registers
  target-arm: Convert cp15 crn=1 registers
  target-arm: Convert cp15 crn=9 registers
  target-arm: Convert cp15 crn=6 registers
  target-arm: convert cp15 crn=7 registers
  target-arm: Convert cp15 VA-PA translation registers
  target-arm: Convert cp15 MMU TLB control
  target-arm: Convert cp15 crn=15 registers
  target-arm: Convert cp15 crn=10 registers
  target-arm: Convert cp15 crn=13 registers
  target-arm: Convert cp15 crn=2 registers
  target-arm: Convert MMU fault status cp15 registers
  target-arm: Convert cp15 c3 register
  ...

* 's390-for-upstream' of git://repo.or.cz/qemu/agraf:
  s390: stop target cpu on sigp initial reset
  s390: make kvm_stat work on s390
  kvm: Update kernel headers
  s390x: fix s390 virtio aliases

* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
  arm_boot: Conditionalised DTB command line update
  cadence_ttc: changed master clock frequency
  cadence_gem: avoid stack-writing buffer-overrun
  hw/a9mpcore: Fix compilation failure if physaddrs are 64 bit
  hw/omap.h: Drop broken MEM_VERBOSE tracing
  hw/armv7m_nvic: Make the NVIC a freestanding class
  hw/arm_gic: Move CPU interface memory region setup into arm_gic_init
  hw/arm_gic.c: Make NVIC interrupt numbering a runtime setting
  hw/arm_gic: Make CPU target registers RAZ/WI on uniprocessor
  hw/arm_gic: Add qdev property for GIC revision
  hw/armv7m_nvic: Use MemoryRegions for NVIC specific registers
  hw/arm_gic: Move NVIC specific reset to armv7m_nvic_reset
  hw/arm_gic: Remove the special casing of NCPU for the NVIC
  hw/arm_gic: Remove NVIC ifdefs from gic_state struct
  arm_boot: Fix typos in comment
  ARM: Exynos4210 IRQ: Introduce new IRQ gate functionality.

On 64bit capable systems, MAS2 can actually hold a 64bit virtual page
address. So increase the mask for its EPN.
Signed-off-by: NAlexander Graf <agraf@suse.de>

The MAS registers on BookE are all 32 bit wide, except for MAS2, which
can hold up to 64 bit on 64 bit capable CPUs. Reflect this in the SPR
setting code, so that the guest can never write invalid values in them.
Signed-off-by: NAlexander Graf <agraf@suse.de>

This patch moves the debug #ifdef'ed SPR trace generation into its
own function, so we can call it from multiple places.
Signed-off-by: NAlexander Graf <agraf@suse.de>

This patch adds e5500's CPU initialization to the TCG CPU initialization
code.
Signed-off-by: NAlexander Graf <agraf@suse.de>

IVPR can either hold 32 or 64 bit addresses, depending on the CPU type. Let
the CPU initialization function pass in its mask itself, so we can easily
extend it.
Signed-off-by: NAlexander Graf <agraf@suse.de>

On the e500 series, accessing SPR_EPR magically turns into an access at
that CPU's IACK register on the MPIC. Implement that logic to get kernels
that make use of that feature work.
Signed-off-by: NAlexander Graf <agraf@suse.de>

The BookE variant of MSR_SF is MSR_CM. Implement everything it takes in TCG to
support running 64bit code with MSR_CM set.
Signed-off-by: NAlexander Graf <agraf@suse.de>

The number of SPRs avaiable in different PowerPC chip is still increasing. Add
definitions for the MAS7_MAS3 SPR and all currently known bits in EPCR.
Signed-off-by: NAlexander Graf <agraf@suse.de>

Recent u-boot has different defines for its gzip extract buffer, but the
common ground seems to be 64MB. So let's bump it up to that, enabling me
to load my test image again ;).
Signed-off-by: NAlexander Graf <agraf@suse.de>

Device trees usually have a node /compatible, which indicate which machine
type we're looking at. For quick prototyping, it can be very useful to change
the contents of that node via the command line.

Thus, introduce a new option to -machine called dt_compatible, which when
set changes the /compatible contents to its value.
Signed-off-by: NAlexander Graf <agraf@suse.de>

Whatever we pass in to qemu_devtree_setprop to put into the device tree
will not get modified by that function, so it can easily be declared const.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@petalogix.com>

When generating serial port device tree nodes, we duplicate quite a bit
of code, because there are 2 of them in the mpc8544ds board we emulate.

Shove the generating code into a function, so we duplicate less code.
Signed-off-by: NAlexander Graf <agraf@suse.de>

If anyone outside of QEMU wants to mess with a QEMU generated device tree,
he needs to know which range phandles are valid in. So let's expose a
machine option that an external program can use to set the start allocate
id for phandles in QEMU.
Signed-off-by: NAlexander Graf <agraf@suse.de>

We want to be able to support >= 4GB of RAM. To do so, we need to be able
to tell the guest OS how much RAM it has.

However, that information today is capped to 32bit. So let's extend the
offset and size fields to 64bit, so we can fit in big addresses and even
one day - if we wish to do so - map devices above 32bit.
Signed-off-by: NAlexander Graf <agraf@suse.de>

Every time we use an address constant, it needs to potentially fit into
a 64bit physical address space. So let's define things accordingly.
Signed-off-by: NAlexander Graf <agraf@suse.de>

Due to popular demand, let's clean up the soc node a bit and use
more recent dt notions.
Requested-by: NScott Wood <scottwood@freescale.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>

Due to popular demand, we're updating the way we generate the MPIC
node and interrupt lines based on what the current state of art is.
Requested-by: NScott Wood <scottwood@freescale.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>

This reverts commit "dt: temporarily disable subtree creation
failure check" which was meant as a temporary solution to keep
external and dynamic device tree construction intact.

Now that we switched to fully dynamic dt construction, it's no
longer necessary.
Signed-off-by: NAlexander Graf <agraf@suse.de>

We want to be able to override the automatically created device tree
by using the -dtb option. Implement this for the mpc8544ds machine.
Signed-off-by: NAlexander Graf <agraf@suse.de>

We're passing the ram size as uint32_t, capping it to 32 bits atm.
Change to target_phys_addr_t (uint64_t) to make sure we have all
the bits.
Signed-off-by: NAlexander Graf <agraf@suse.de>