1. 06 12月, 2016 1 次提交
    • A
      target-arm/translate-a64: fix gen_load_exclusive · 5460da50
      Alex Bennée 提交于
      While testing rth's latest TCG patches with risu I found ldaxp was
      broken. Investigating further I found it was broken by 1dd089d0 when
      the cmpxchg atomic work was merged. As part of that change the code
      attempted to be clever by doing a single 64 bit load and then shuffle
      the data around to set the two 32 bit registers.
      
      As I couldn't quite follow the endian magic I've simply partially
      reverted the change to the original code gen_load_exclusive code. This
      doesn't affect the cmpxchg functionality as that is all done on in
      gen_store_exclusive part which is untouched.
      
      I've also restored the comment that was removed (with a slight tweak
      to mention cmpxchg).
      Signed-off-by: NAlex Bennée <alex.bennee@linaro.org>
      Acked-by: NRichard Henderson <rth@twiddle.net>
      Message-id: 20161202173454.19179-1-alex.bennee@linaro.org
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      5460da50
  2. 05 12月, 2016 1 次提交
    • S
      Merge remote-tracking branch 'yongbok/tags/mips-20161204' into staging · bc66cedb
      Stefan Hajnoczi 提交于
      MIPS patches 2016-12-04
      
      Changes:
      * Fix Loongson instructions
      * Fix bad shifts in {dextp|dextpdp}
      
      # gpg: Signature made Sun 04 Dec 2016 01:39:38 AM GMT
      # gpg:                using RSA key 0x2238EB86D5F797C2
      # gpg: Can't check signature: public key not found
      
      * yongbok/tags/mips-20161204:
        target-mips: fix bad shifts in {dextp|dextpdp}
        target-mips: Fix Loongson multimedia instructions.
        target-mips: Fix Loongson multimedia 'or' instruction.
        target-mips: Fix Loongson pandn instruction.
      
      Message-id: 1480816817-53245-1-git-send-email-yongbok.kim@imgtec.com
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      bc66cedb
  3. 04 12月, 2016 2 次提交
  4. 03 12月, 2016 2 次提交
  5. 01 12月, 2016 3 次提交
    • S
      Merge remote-tracking branch 'dgibson/tags/ppc-for-2.8-20161201' into staging · bd8ef506
      Stefan Hajnoczi 提交于
      ppc patch queue 2016-12-01
      
      Just a single migration / hotplug fix in this set.  I believe it's
      important enough to go in this late in the 2.8 release process.
      
      # gpg: Signature made Thu 01 Dec 2016 04:43:49 AM GMT
      # gpg:                using RSA key 0x6C38CACA20D9B392
      # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
      # gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
      # gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
      # gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
      # Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392
      
      * dgibson/tags/ppc-for-2.8-20161201:
        spapr: fix default DRC state for coldplugged LMBs
      
      Message-id: 20161201044441.14365-1-david@gibson.dropbear.id.au
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      bd8ef506
    • S
      Merge remote-tracking branch 'mst/tags/for_upstream' into staging · 2cfe5d7b
      Stefan Hajnoczi 提交于
      virtio, vhost, pc: fixes
      
      Minor fixes since 2.8.0-rc2.
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      
      # gpg: Signature made Wed 30 Nov 2016 02:25:12 AM GMT
      # gpg:                using RSA key 0x281F0DB8D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
      # gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
      # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
      #      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469
      
      * mst/tags/for_upstream:
        virtio-crypto: fix uninitialized variables
        loader: fix undefined behavior in rom_order_compare()
        loader: fix handling of custom address spaces when adding ROM blobs
        intel_iommu: fix incorrect device invalidate
        spec/vhost-user: fix the VHOST_USER prefix
      
      Message-id: 1480564455-23933-1-git-send-email-mst@redhat.com
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      2cfe5d7b
    • M
      spapr: fix default DRC state for coldplugged LMBs · 5c0139a8
      Michael Roth 提交于
      Currently we set the initial isolation/allocation state for DRCs
      associated with coldplugged LMBs to ISOLATED/UNUSABLE,
      respectively, under the assumption that the guest will move this
      state to UNISOLATED/USABLE.
      
      In fact, this is only the case for LMBs added via hotplug. For
      coldplugged LMBs, the guest actually assumes the initial state to
      be UNISOLATED/USABLE.
      
      In practice, this only becomes an issue when we attempt to unplug
      one of these LMBs, where the guest kernel will issue an
      rtas-get-sensor-state call to check that the corresponding DRC is
      in an USABLE state before it will release the LMB back to
      QEMU. If the returned state is otherwise, the guest will assume no
      further action is needed, which bypasses the QEMU-side cleanup that
      occurs during the USABLE->UNUSABLE transition. This results in
      LMBs and their corresponding pc-dimm devices to stick around
      indefinitely.
      
      This patch fixes the issue by manually setting DRCs associated with
      cold-plugged LMBs to UNISOLATED/ALLOCATED, but leaving the hotplug
      state untouched. As it turns out, this is analogous to the handling
      for cold-plugged CPUs in spapr_core_plug().
      
      Cc: qemu-ppc@nongnu.org
      Cc: David Gibson <david@gibson.dropbear.id.au>
      Cc: Bharata B Rao <bharata@linux.vnet.ibm.com>
      Cc: Greg Kurz <gkurz@linux.vnet.ibm.com>
      Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
      Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
      5c0139a8
  6. 30 11月, 2016 8 次提交
    • G
      virtio-crypto: fix uninitialized variables · 9730280d
      Gonglei 提交于
      Though crypto_cfg.reserve is an unused field, let me
      initialize the structure in order to make coverity happy.
      
      *** CID 1365923:  Uninitialized variables  (UNINIT)
      /hw/virtio/virtio-crypto.c: 851 in virtio_crypto_get_config()
      845         stl_le_p(&crypto_cfg.mac_algo_h, c->conf.mac_algo_h);
      846         stl_le_p(&crypto_cfg.aead_algo, c->conf.aead_algo);
      847         stl_le_p(&crypto_cfg.max_cipher_key_len, c->conf.max_cipher_key_len);
      848         stl_le_p(&crypto_cfg.max_auth_key_len, c->conf.max_auth_key_len);
      849         stq_le_p(&crypto_cfg.max_size, c->conf.max_size);
      850
      >>>     CID 1365923:  Uninitialized variables  (UNINIT)
      >>>     Using uninitialized value "crypto_cfg". Field "crypto_cfg.reserve"
             is uninitialized when calling "memcpy".
            [Note: The source code implementation of the function
             has been overridden by a builtin model.]
      851         memcpy(config, &crypto_cfg, c->config_size);
      852     }
      853
      Rported-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NGonglei <arei.gonglei@huawei.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      9730280d
    • L
      loader: fix undefined behavior in rom_order_compare() · 1b57bd4f
      Laszlo Ersek 提交于
      According to ISO C99 / N1256 (referenced in HACKING):
      
      > 6.5.8 Relational operators
      >
      > 4 For the purposes of these operators, a pointer to an object that is
      >   not an element of an array behaves the same as a pointer to the first
      >   element of an array of length one with the type of the object as its
      >   element type.
      >
      > 5 When two pointers are compared, the result depends on the relative
      >   locations in the address space of the objects pointed to. If two
      >   pointers to object or incomplete types both point to the same object,
      >   or both point one past the last element of the same array object, they
      >   compare equal. If the objects pointed to are members of the same
      >   aggregate object, pointers to structure members declared later compare
      >   greater than pointers to members declared earlier in the structure,
      >   and pointers to array elements with larger subscript values compare
      >   greater than pointers to elements of the same array with lower
      >   subscript values. All pointers to members of the same union object
      >   compare equal. If the expression /P/ points to an element of an array
      >   object and the expression /Q/ points to the last element of the same
      >   array object, the pointer expression /Q+1/ compares greater than /P/.
      >   In all other cases, the behavior is undefined.
      
      Our AddressSpace objects are allocated generally individually, and kept in
      the "address_spaces" linked list, so we mustn't compare their addresses
      with relops.
      
      Convert the pointers subjected to the relop in rom_order_compare() to
      "uintptr_t":
      
      > 7.18.1.4 Integer types capable of holding object pointers
      >
      > 1 [...]
      >
      >   The following type designates an unsigned integer type with the
      >   property that any valid pointer to void can be converted to this type,
      >   then converted back to pointer to void, and the result will compare
      >   equal to the original pointer:
      >
      >   /uintptr_t/
      >
      >   These types are optional.
      
      Cc: "Michael S. Tsirkin" <mst@redhat.com>
      Cc: Alistair Francis <alistair.francis@xilinx.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Peter Maydell <peter.maydell@linaro.org>
      Cc: qemu-devel@nongnu.org
      Fixes: 3e76099aSigned-off-by: NLaszlo Ersek <lersek@redhat.com>
      Reviewed-by: NAlistair Francis <alistair.francis@xilinx.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      1b57bd4f
    • L
      loader: fix handling of custom address spaces when adding ROM blobs · aa6c6ae8
      Laszlo Ersek 提交于
      * Commit 3e76099a ("loader: Allow a custom AddressSpace when loading
        ROMs") introduced the "Rom.as" field:
      
        (1) It modified the utility callers of rom_insert() to take "as" as a
            new parameter from *their* callers, and set "rom->as" from that
            parameter. The functions covered were rom_add_file() and
            rom_add_elf_program().
      
        (2) It also modified rom_insert() itself, to auto-assign
            "&address_space_memory", in case the external caller passed -- and
            the utility caller forwarded -- as=NULL.
      
        Except, commit 3e76099a forgot to update the third utility caller of
        rom_insert(), under point (1), namely rom_add_blob().
      
      * Later, commit 5e774eb3 ("loader: Add AddressSpace loading support
        to uImages") added the load_uimage_as() function, and the
        rom_add_blob_fixed_as() function-like macro, with the necessary changes
        elsewhere to propagate the new "as" parameter to rom_add_blob():
      
          load_uimage_as()
            load_uboot_image()
              rom_add_blob_fixed_as()
                rom_add_blob()
      
        At this point, the signature (and workings) of rom_add_blob() had been
        broken already, and the rom_add_blob_fixed_as() macro passed its "_as"
        parameter to rom_add_blob() as "callback_opaque". Given that the
        "fw_callback" parameter itself was set to NULL (correctly), this did no
        additional damage (the opaque arg would never be used), but ultimately
        it broke the new functionality of load_uimage_as().
      
      * The load_uimage_as() function would be put to use in one of the later
        patches, commit e481a1f6 ("generic-loader: Add a generic loader").
      
      * We can fix this only in a unified patch now. Append "AddressSpace *as"
        to the signature of rom_add_blob(), and handle the new parameter. Pass
        NULL from all current callers, except from rom_add_blob_fixed_as(),
        where "_as" has to be bumped to the proper position.
      
      * Note that rom_add_file() rejects the case when both "mr" and "as" are
        passed in as non-NULL. The action that this is apparently supposed to
        prevent is the
      
          rom->mr = mr;
      
        assignment (that's the only place where the "mr" parameter is used in
        rom_add_file()). In rom_add_blob() though, we have no "mr" parameter,
        and the actions done on the fw_cfg branch:
      
          if (fw_file_name && fw_cfg) {
              if (mc->rom_file_has_mr) {
                  data = rom_set_mr(rom, OBJECT(fw_cfg), devpath);
                  mr = rom->mr;
              } else {
                  data = rom->data;
              }
      
        reflect those that are performed by rom_add_file() too (with mr==NULL):
      
          if (rom->fw_file && fw_cfg) {
              if ((!option_rom || mc->option_rom_has_mr) &&
                  mc->rom_file_has_mr) {
                  data = rom_set_mr(rom, OBJECT(fw_cfg), devpath);
              } else {
                  data = rom->data;
              }
      
        Hence we need no additional restrictions in rom_add_blob().
      
      * Stable is not affected as both problematic commits appeared first in
        v2.8.0-rc0.
      
      Cc: "Michael S. Tsirkin" <mst@redhat.com>
      Cc: Alistair Francis <alistair.francis@xilinx.com>
      Cc: Igor Mammedov <imammedo@redhat.com>
      Cc: Michael Walle <michael@walle.cc>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Peter Maydell <peter.maydell@linaro.org>
      Cc: Shannon Zhao <zhaoshenglong@huawei.com>
      Cc: qemu-arm@nongnu.org
      Cc: qemu-devel@nongnu.org
      Fixes: 3e76099a
      Fixes: 5e774eb3Signed-off-by: NLaszlo Ersek <lersek@redhat.com>
      Reviewed-by: NAlistair Francis <alistair.francis@xilinx.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      aa6c6ae8
    • P
      intel_iommu: fix incorrect device invalidate · 6cb99acc
      Peter Xu 提交于
      "mask" needs to be inverted before use.
      Signed-off-by: NPeter Xu <peterx@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      6cb99acc
    • W
    • S
      Update version for v2.8.0-rc2 release · 1cd56fd2
      Stefan Hajnoczi 提交于
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      1cd56fd2
    • S
      Merge remote-tracking branch 'kwolf/tags/for-upstream' into staging · f05234df
      Stefan Hajnoczi 提交于
      Block layer patches for 2.8.0-rc2
      
      # gpg: Signature made Tue 29 Nov 2016 03:16:10 PM GMT
      # gpg:                using RSA key 0x7F09B272C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
      # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6
      
      * kwolf/tags/for-upstream:
        docs: Specify that cache-clean-interval is only supported in Linux
        qcow2: Remove stale comment
        qcow2: Allow 'cache-clean-interval' in Linux only
        qcow2: Make qcow2_cache_table_release() work only in Linux
      
      Message-id: 1480436227-2211-1-git-send-email-kwolf@redhat.com
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      f05234df
    • P
      rules.mak: Also try -r to build modules · 7ecf44a5
      Paolo Bonzini 提交于
      Building qemu fails in distributions where gcc enables PIE by default
      (e.g. Debian unstable) with:
      
      /usr/bin/ld: -r and -pie may not be used together
      
      You have to use -r instead of -Wl,-r to avoid gcc passing -pie to the linker
      when PIE is enabled and a relocatable object is passed.  However, clang
      does not know about -r, so try -Wl,-r first.
      
      [This is a fix for commit c96f0ee6
      ("rules.mak: Use -r instead of -Wl, -r to fix building when PIE is
      default") which mostly worked but broke the ./configure --enable-modules
      build with clang.
      --Stefan]
      Reported-by: NAdrian Bunk <bunk@stusta.de>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Message-id: 20161129153720.29747-1-pbonzini@redhat.com
      Cc: qemu-stable@nongnu.org
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      7ecf44a5
  7. 29 11月, 2016 11 次提交
  8. 28 11月, 2016 8 次提交
  9. 26 11月, 2016 1 次提交
    • E
      target-i386: Remove unused local_err variable · 685479bd
      Eduardo Habkost 提交于
      local_err can never be set to non-NULL. Remove the variable.
      
      Detected by Coverity:
      
          *** CID 1365201:  Possible Control flow issues  (DEADCODE)
          /target-i386/cpu.c: 2050 in x86_cpu_parse_featurestr()
          2044             prop->value = g_strdup(val);
          2045             prop->errp = &error_fatal;
          2046             qdev_prop_register_global(prop);
          2047         }
          2048
          2049         if (local_err) {
          >>>     CID 1365201:  Possible Control flow issues  (DEADCODE)
          >>>     Execution cannot reach this statement: "error_propagate(errp, local...".
          2050             error_propagate(errp, local_err);
          2051         }
          2052     }
          2053
          2054     static void x86_cpu_load_features(X86CPU *cpu, Error **errp);
          2055     static int x86_cpu_filter_features(X86CPU *cpu);
      Reported-by: NMarkus Armbruster <armbru@redhat.com>
      Message-Id: <1480087313-15102-1-git-send-email-ehabkost@redhat.com>
      Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
      685479bd
  10. 25 11月, 2016 3 次提交