- 25 2月, 2019 7 次提交
-
-
由 Daniel Henrique Barboza 提交于
In qcow2_snapshot_create there is the following code block: /* Generate an ID */ find_new_snapshot_id(bs, sn_info->id_str, sizeof(sn_info->id_str)); /* Check that the ID is unique */ if (find_snapshot_by_id_and_name(bs, sn_info->id_str, NULL) >= 0) { return -EEXIST; } find_new_snapshot_id cycles through all snapshots, getting the id_str as an unsigned long int, calculating the max id_max value of all the existing id_strs and writing in the id_str pointer id_max + 1: for(i = 0; i < s->nb_snapshots; i++) { sn = s->snapshots + i; id = strtoul(sn->id_str, NULL, 10); if (id > id_max) id_max = id; } snprintf(id_str, id_str_size, "%lu", id_max + 1); Here, sn_info->id_str will have the unique value id_max + 1. Right after that, find_snapshot_by_id_and_name is called with id = sn_info->id_str and name = NULL. This will cause the function to execute the following: } else if (id) { for (i = 0; i < s->nb_snapshots; i++) { if (!strcmp(s->snapshots[i].id_str, id)) { return i; } } } In short, we're searching the existing snapshots to see if sn_info->id_str matches any existing id, right after we set in the previous line a sn_info->id_str value that is already unique. The first code block goes way back to commit 585f8587, a 2006 commit from Fabrice Bellard that simply says "new qcow2 disk image format". No more info is provided about this logic in any subsequent commits that moved this code block around. I can't say about the original design, but the current logic is redundant. bdrv_snapshot_create is called in aio_context lock, forbidding any concurrent call to accidentally create a new snapshot between the find_new_snapshot_id and find_snapshot_by_id_and_name calls. What we're ending up doing is to cycle through the snapshots two times for no viable reason. This patch eliminates the redundancy by removing the 'id is unique' check that calls find_snapshot_by_id_and_name. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Daniel Henrique Barboza 提交于
After the previous patch, the only instance of this function left is inside qemu-img.c. qemu-img is using it inside the 'img_snapshot' function to delete snapshots in the SNAPSHOT_DELETE case, based on a "snapshot_name" string that refers to the tag, not ID, of the QEMUSnapshotInfo struct. This can be verified by checking the SNAPSHOT_CREATE case that comes shortly before SNAPSHOT_DELETE. In that case, the same "snapshot_name" variable is being strcpy to the 'name' field of the QEMUSnapshotInfo struct sn: pstrcpy(sn.name, sizeof(sn.name), snapshot_name); Based on that, it is unlikely that "snapshot_name" might contain an "id" in SNAPSHOT_DELETE. This patch changes SNAPSHOT_DELETE to use snapshot_find() and snapshot_delete() instead of bdrv_snapshot_delete_by_id_or_name. After that, there is no instances left of bdrv_snapshot_delete_by_id_or_name in the code, so it is safe to remove it entirely. Suggested-by: NMurilo Opsfelder Araujo <muriloo@linux.ibm.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Daniel Henrique Barboza 提交于
At this moment, QEMU attempts to create/load/delete snapshots by using either an ID (id_str) or a name. The problem is that the code isn't consistent of whether the entered argument is an ID or a name, causing unexpected behaviors. For example, when creating snapshots via savevm <arg>, what happens is that "arg" is treated as both name and id_str. In a guest without snapshots, create a single snapshot via savevm: (qemu) savevm 0 (qemu) info snapshots List of snapshots present on all disks: ID TAG VM SIZE DATE VM CLOCK -- 0 741M 2018-07-31 13:39:56 00:41:25.313 A snapshot with name "0" is created. ID is hidden from the user, but the ID is a non-zero integer that starts at "1". Thus, this snapshot has id_str=1, TAG="0". Creating a second snapshot with arg = 1, the first one is deleted: (qemu) savevm 1 (qemu) info snapshots List of snapshots present on all disks: ID TAG VM SIZE DATE VM CLOCK -- 1 741M 2018-07-31 13:42:14 00:41:55.252 What happened? - when creating the second snapshot, a verification is done inside bdrv_all_delete_snapshot to delete any existing snapshots that matches an string argument. Here, the code calls bdrv_all_delete_snapshot("1", ...); - bdrv_all_delete_snapshot calls bdrv_snapshot_find(..., "1") for each BlockDriverState of the guest. And this is where things goes tilting: bdrv_snapshot_find does a search by both id_str and name. It finds out that there is a snapshot that has id_str = 1, stores a reference to the snapshot in the sn_info pointer and then returns match found; - since a match was found, a call to bdrv_snapshot_delete_by_id_or_name() is made. This function ignores the pointer written by bdrv_snapshot_find. Instead, it deletes the snapshot using bdrv_snapshot_delete() calling it first with id_str = 1. If it fails to delete, then it calls it again with name = 1. - after all that, QEMU creates the new snapshot, that has id_str = 1 and name = 1. The user is left wondering that happened with the first snapshot created. Similar bugs can be triggered when using loadvm and delvm. Before contemplating discarding the use of ID input in these operations, I've searched the code of what would be the implications. My findings are: - the RBD and Sheepdog drivers don't care. Both uses the 'name' field as key in their logic, making id_str = name when appropriate. replay-snapshot.c does not make any special use of id_str; - qcow2 uses id_str as an unique identifier but it is automatically calculated, not being influenced by user input. Other than that, there are no distinguish operations made only with id_str; - in blockdev.c, the delete operation uses a match of both id_str AND name. Given that id_str is either a copy of 'name' or auto-generated, we're fine here. This gives motivation to not consider ID as a valid user input in HMP commands - sticking with 'name' input only is more consistent. To accomplish that, the following changes were made in this patch: - bdrv_snapshot_find() does not match for id_str anymore, only 'name'. The function is called in save_snapshot(), load_snapshot(), bdrv_all_delete_snapshot() and bdrv_all_find_snapshot(). This change makes the search function more predictable and does not change the behavior of any underlying code that uses these affected functions, which are related to HMP (which is fine) and the main loop inside vl.c (which doesn't care about it anyways); - bdrv_all_delete_snapshot() does not call bdrv_snapshot_delete_by_id_or_name anymore. Instead, it uses the pointer returned by bdrv_snapshot_find to erase the snapshot with the exact match of id_str an name. This function is called in save_snapshot and hmp_delvm, thus this change produces the intended effect; - documentation changes to reflect the new behavior. I consider this to be an API fix instead of an API change - the user was already creating snapshots using 'name', but now he/she will also enjoy a consistent behavior. Ideally we would get rid of the id_str field entirely, but this would have repercussions on existing snapshots. Another day perhaps. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Acked-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Jeff Cody 提交于
I'll not be involved in day-to-day qemu development. Remove myself as maintainer from the remainder of the network block drivers, and revert them to the general block layer maintainership. Move 'sheepdog' to the 'Odd Fixes' support level. For VHDX, added my personal email address as a maintainer, as I can answer questions or send the occassional bug fix. Leaving it as 'Supported', instead of 'Odd Fixes', because I think the rest of the block layer maintainers and developers will upkeep it as well, if needed. Signed-off-by: NJeff Cody <jcody@redhat.com> Acked-by: NMax Reitz <mreitz@redhat.com> Message-Id: <63e205cb84c8f0a10c1bc6d5d6856d72ceb56e41.1537984851.git.jcody@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Jeff Cody 提交于
I'll not be involved with day-to-day qemu development, and John Snow is a block jobs wizard. Have him take over block job maintainership duties. Signed-off-by: NJeff Cody <jcody@redhat.com> Acked-by: NJohn Snow <jsnow@redhat.com> Message-Id: <d56d7c6592e7d68aa72764e9616878394bffbc14.1537984851.git.jcody@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Peter Maydell 提交于
vga: bugfixes and edid support for virtio-vga # gpg: Signature made Fri 22 Feb 2019 08:24:25 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20190222-pull-request: display/virtio: add edid support. virtio-gpu: remove useless 'waiting' field virtio-gpu: block both 2d and 3d rendering virtio-gpu: remove unused config_size virtio-gpu: remove unused qdev Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
ui: add support for -display spice-app ui: gtk+sdl bugfixes. # gpg: Signature made Fri 22 Feb 2019 07:53:13 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/ui-20190222-pull-request: display: add -display spice-app launching a Spice client spice: use a default name for the server qapi: document DisplayType enum build-sys: add gio-2.0 check char: register spice ports after spice started char: move SpiceChardev and open_spice_port() to spice.h header spice: do not stop spice if VM is paused spice: merge options lists spice: avoid spice runtime assert char/spice: discard write() if backend is disconnected char/spice: trigger HUP event ui/gtk: Fix the license information sdl2: drop qemu_input_event_send_key_qcode call spice: set device address and device display ID in QXL interface kbd-state: don't block auto-repeat events Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 22 2月, 2019 33 次提交
-
-
由 Peter Maydell 提交于
VFIO updates 2019-02-21 - Workaround kernel overflow bug in vfio type1 DMA unmap (Alex Williamson) - Refactor vfio container initialization (Eric Auger) # gpg: Signature made Fri 22 Feb 2019 05:21:07 GMT # gpg: using RSA key 239B9B6E3BB08B22 # gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" [full] # gpg: aka "Alex Williamson <alex@shazbot.org>" [full] # gpg: aka "Alex Williamson <alwillia@redhat.com>" [full] # gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" [full] # Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B 8A90 239B 9B6E 3BB0 8B22 * remotes/awilliam/tags/vfio-updates-20190221.0: hw/vfio/common: Refactor container initialization vfio/common: Work around kernel overflow bug in DMA unmap Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Fix dino pci config access. # gpg: Signature made Thu 21 Feb 2019 19:03:26 GMT # gpg: using RSA key 64DF38E8AF7E215F # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth/tags/pull-hppa-20190221: hw/hppa/dino: mask out lower 2 bits of PCI config addr Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Allow const void * as argument to helpers. Remove obsolete TODO file. # gpg: Signature made Thu 21 Feb 2019 18:59:11 GMT # gpg: using RSA key 64DF38E8AF7E215F # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth/tags/pull-tcg-20190221: include/exec/helper-head.h: support "const void *" in helper calls tcg: Remove TODO file Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
MIPS queue for February 21st, 2019, v2 # gpg: Signature made Thu 21 Feb 2019 18:37:04 GMT # gpg: using RSA key D4972A8967F75A65 # gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01 DD75 D497 2A89 67F7 5A65 * remotes/amarkovic/tags/mips-queue-feb-21-2019-v2: target/mips: fulong2e: Dynamically generate SPD EEPROM data target/mips: fulong2e: Fix bios flash size hw/pci-host/bonito.c: Add PCI mem region mapped at the correct address target/mips: implement QMP query-cpu-definitions command tests/tcg: target/mips: Add wrappers for MSA integer compare instructions tests/tcg: target/mips: Change directory name 'bit-counting' to 'bit-count' tests/tcg: target/mips: Correct path to headers in some test source files hw/misc: mips_itu: Fix 32/64 bit issue in a line involving shift operator Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Marc-André Lureau 提交于
Add a new display backend that will configure Spice to allow a remote client to control QEMU in a similar fashion as other QEMU display backend/UI like GTK. For this to work, it will set up Spice server with a unix socket, and register a VC chardev that will be exposed as Spice ports. A QMP monitor is also exposed as a Spice port, this allows the remote client fuller qemu control and state handling. - doesn't handle VC set_echo() - this doesn't seem a strong requirement, very few front-end use it - spice options can be tweaked with other -spice arguments - Windows support shouldn't be hard to do, but will probably use a TCP port instead - we may want to watch the child process to quit automatically if it crashed Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Tested-by: NVictor Toso <victortoso@redhat.com> Message-id: 20190221110703.5775-12-marcandre.lureau@redhat.com [ kraxel: squash incremental fix ] Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gerd Hoffmann 提交于
This patch adds EDID support to the family of virtio-gpu devices. It is turned off by default, use the new edid property to enable it. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 20190221081054.13853-1-kraxel@redhat.com
-
由 Marc-André Lureau 提交于
Let's check renderer_blocked instead directly. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NChristophe Fergeau <cfergeau@redhat.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190221114330.17968-5-marcandre.lureau@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Marc-André Lureau 提交于
Now that 2d commands are translated to 3d rendering, qemu must stop sending 3d updates (from 2d) to Spice as well. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1674324 Cc: cfergeau@redhat.com Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NChristophe Fergeau <cfergeau@redhat.com> Tested-by: NChristophe Fergeau <cfergeau@redhat.com> Message-id: 20190221114330.17968-4-marcandre.lureau@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Marc-André Lureau 提交于
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NChristophe Fergeau <cfergeau@redhat.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190221114330.17968-3-marcandre.lureau@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Marc-André Lureau 提交于
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NChristophe Fergeau <cfergeau@redhat.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190221114330.17968-2-marcandre.lureau@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Eric Auger 提交于
We introduce the vfio_init_container_type() helper. It computes the highest usable iommu type and then set the container and the iommu type. Its usage in vfio_connect_container() makes the code ready for addition of new iommu types. Signed-off-by: NEric Auger <eric.auger@redhat.com> Reviewed-by: NGreg Kurz <groug@kaod.org> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Alex Williamson 提交于
A kernel bug was introduced in v4.15 via commit 71a7d3d78e3c which adds a test for address space wrap-around in the vfio DMA unmap path. Unfortunately due to overflow, the kernel detects an unmap of the last page in the 64-bit address space as a wrap-around. In QEMU, a Q35 guest with VT-d emulation and guest IOMMU enabled will attempt to make such an unmap request during VM system reset, triggering an error: qemu-kvm: VFIO_UNMAP_DMA: -22 qemu-kvm: vfio_dma_unmap(0x561f059948f0, 0xfef00000, 0xffffffff01100000) = -22 (Invalid argument) Here the IOVA start address (0xfef00000) and the size parameter (0xffffffff01100000) add to exactly 2^64, triggering the bug. A kernel fix is queued for the Linux v5.0 release to address this. This patch implements a workaround to retry the unmap, excluding the final page of the range when we detect an unmap failing which matches the requirements for this issue. This is expected to be a safe and complete workaround as the VT-d address space does not extend to the full 64-bit space and therefore the last page should never be mapped. This workaround can be removed once all kernels with this bug are sufficiently deprecated. Link: https://bugzilla.redhat.com/show_bug.cgi?id=1662291Reported-by: NPei Zhang <pezhang@redhat.com> Debugged-by: NPeter Xu <peterx@redhat.com> Reviewed-by: NPeter Xu <peterx@redhat.com> Reviewed-by: NCornelia Huck <cohuck@redhat.com> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Peter Maydell 提交于
target-arm queue: * Model the Arm "Musca" development boards: "musca-a" and "musca-b1" * Implement the ARMv8.3-JSConv extension * v8M MPU should use background region as default, not always * Stop unintentional sign extension in pmu_init # gpg: Signature made Thu 21 Feb 2019 18:56:32 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20190221: (21 commits) hw/arm/armsse: Make 0x5... alias region work for per-CPU devices hw/arm/musca: Wire up PL011 UARTs hw/arm/musca: Wire up PL031 RTC hw/arm/musca: Add MPCs hw/arm/musca: Add PPCs hw/arm/musca.c: Implement models of the Musca-A and -B1 boards hw/arm/armsse: Allow boards to specify init-svtor hw/arm/armsse: Document SRAM_ADDR_WIDTH property in header comment hw/char/pl011: Use '0x' prefix when logging hex numbers hw/char/pl011: Support all interrupt lines hw/char/pl011: Allow use as an embedded-struct device hw/timer/pl031: Convert to using trace events hw/timer/pl031: Allow use as an embedded-struct device hw/misc/tz-ppc: Support having unused ports in the middle of the range target/arm: Implement ARMv8.3-JSConv target/arm: Rearrange Floating-point data-processing (2 regs) target/arm: Split out vfp_helper.c target/arm: Restructure disas_fp_int_conv target/arm: Stop unintentional sign extension in pmu_init target/arm: v8M MPU should use background region as default, not always ... Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 BALATON Zoltan 提交于
The machine comes with 256M memory module by default but it's upgradable so it could have different memory size. There was a TODO comment to replace static SPD EEPROM data with dynamically generated one to support this. Now that we have a function for that, it's easy to do. Although this would allow larger RAM sizes, the peculiar memory map of the machine may need some special handling to map it as low and high memory. Because I don't know what the correct place would be for highmem, I've left memory size fixed at 256M for now and TODO is moved there instead. Signed-off-by: NBALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: NAleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
-
由 BALATON Zoltan 提交于
According to both the specifications on linux-mips.org referenced in a comment at the beginning of the file and the flash chip part number the bios size should be 512k not 1M. Signed-off-by: NBALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: NAleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
-
由 BALATON Zoltan 提交于
Stop using system memory as PCI memory otherwise devices such as VGA that have regions mapped to PCI memory clash with RAM. Use a separate memory region for PCI memory and map it to the correct address in system memory which allows PCI mem regions to show at the correct address where clients expect them. Signed-off-by: NBALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: NAleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
-
由 Pavel Dovgalyuk 提交于
This patch enables QMP-based querying of the available CPU types for MIPS and MIPS64 platforms. Signed-off-by: NPavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Signed-off-by: NAleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Aleksandar Markovic 提交于
Add wrappers for MSA integer compare instructions. Signed-off-by: NAleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: NAleksandar Rikalo <arikalo@wavecomp.com>
-
由 Aleksandar Markovic 提交于
Change directory name 'bit-counting' to 'bit-count'. This is just for cosmetic and consistency sake. This was the only subdirectory in MSA test directory that uses ending 'ing'. Signed-off-by: NAleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
-
由 Aleksandar Markovic 提交于
Correct path to headers in tests/tcg/mips/user/ase/msa/bit-counting/* source files. Signed-off-by: NAleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: NAleksandar Rikalo <arikalo@wavecomp.com>
-
由 Aleksandar Markovic 提交于
Fix 32/64 bit issue in a line involving shift operator. "1 << ..." calculation of size is done as a 32-bit signed integer which may then be unintentionally sign-extended into the 64-bit result. The problem was discovered by Coverity (CID 1398648). Using "1ULL" instead of "1" on the LHS of the shift fixes this problem. Reported-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NAleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
-
由 David Hildenbrand 提交于
Especially when dealing with out-of-line gvec helpers, it is often helpful to specify some vector pointers as constant. E.g. when we have two inputs and one output, marking the two inputs as consts pointers helps to avoid bugs. Const pointers can be specified via "cptr", however behave in TCG just like ordinary pointers. We can specify helpers like: DEF_HELPER_FLAGS_4(gvec_vbperm, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32) void HELPER(gvec_vbperm)(void *v1, const void *v2, const void *v3, uint32_t desc) And make sure that here, only v1 will be written (as long as const is not casted away, of course). Signed-off-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20190221093459.22547-1-david@redhat.com> Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Richard Henderson 提交于
The last update to this file was 9 years ago. In the meantime, 4 of the 6 ideas have actually been completed. The lat two do not actually make sense anymore. Suggested-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Peter Maydell 提交于
The region 0x40010000 .. 0x4001ffff and its secure-only alias at 0x50010000... are for per-CPU devices. We implement this by giving each CPU its own container memory region, where the per-CPU devices live. Unfortunately, the alias region which makes devices mapped at 0x4... addresses also appear at 0x5... is only implemented in the overall "all CPUs" container. The effect of this bug is that the CPU_IDENTITY register block appears only at 0x4001f000, but not at the 0x5001f000 alias where it should also appear. Guests (like very recent Arm Trusted Firmware-M) which try to access it at 0x5001f000 will crash. Fix this by moving the handling for this alias from the "all CPUs" container to the per-CPU container. (We leave the aliases for 0x1... and 0x3... in the overall container, because there are no per-CPU devices there.) Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 20190215180500.6906-1-peter.maydell@linaro.org Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
-
由 Peter Maydell 提交于
Wire up the two PL011 UARTs in the Musca board. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Peter Maydell 提交于
Wire up the PL031 RTC for the Musca board. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Peter Maydell 提交于
The Musca board puts its SRAM and flash behind TrustZone Memory Protection Controllers (MPCs). Each MPC sits between the CPU and the RAM/flash, and also has a set of memory mapped control registers. Wire up the MPCs, and the memory behind them. For the moment we implement the flash as simple ROM, which cannot be reprogrammed by the guest. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Peter Maydell 提交于
Many of the devices on the Musca board live behind TrustZone Peripheral Protection Controllers (PPCs); add models of the PPCs, using a similar scheme to the MPS2 board models. This commit wires up the PPCs with "unimplemented device" stubs behind them in the correct places in the address map. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Peter Maydell 提交于
The Musca-A and Musca-B1 development boards are based on the SSE-200 subsystem for embedded. Implement an initial skeleton model of these boards, which are similar but not identical. This commit creates the board model with the SSE and the IRQ splitters to wire IRQs up to its two CPUs. As yet there are no devices and no memory: these will be added later. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Peter Maydell 提交于
The Musca boards have DAPLink firmware that sets the initial secure VTOR value (the location of the vector table) differently depending on the boot mode (from flash, from RAM, etc). Export the init-svtor as a QOM property of the ARMSSE object so that the board can change it. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Peter Maydell 提交于
In commit 4b635cf7 we added a QOM property to the ARMSSE object, but forgot to add it to the documentation comment in the header. Correct the omission. Fixes: 4b635cf7 ("hw/arm/armsse: Make SRAM bank size configurable") Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Peter Maydell 提交于
The pl011 logs when the guest makes a bad access. It prints the address offset in hex but confusingly omits the '0x' prefix; add it. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Peter Maydell 提交于
The PL011 UART has six interrupt lines: * RX (receive data) * TX (transmit data) * RT (receive timeout) * MS (modem status) * E (errors) * combined (logical OR of all the above) So far we have only emulated the combined interrupt line; add support for the others, so that boards that wire them up to different interrupt controller inputs can do so. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
-