When calculating a pointer to the currently selected fw_cfg item, the
following is used:

  FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];

When s->cur_entry is FW_CFG_INVALID, we are calculating the address of
a non-existent element in s->entries[arch][...], which is undefined.

This patch ensures the resulting entry pointer is set to NULL whenever
s->cur_entry is FW_CFG_INVALID.
Reported-by: NLaszlo Ersek <lersek@redhat.com>
Reviewed-by: NLaszlo Ersek <lersek@redhat.com>
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Message-id: 1446733972-1602-5-git-send-email-somlo@cmu.edu
Cc: Marc Marí <markmb@redhat.com>
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NLaszlo Ersek <lersek@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Read callbacks are now only invoked at item selection, before any
data is read. As such, the value of the offset argument passed to
the callback will always be 0. Also, the two callback instances
currently in use both leave their offset argument unused.

This patch removes the offset argument from the fw_cfg read callback
prototype, and from the currently available instances. The unused
(write) callback prototype is also removed (write support was removed
earlier, in commit 023e3148).

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc Marí <markmb@redhat.com>
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NLaszlo Ersek <lersek@redhat.com>
Message-id: 1446733972-1602-4-git-send-email-somlo@cmu.edu
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Currently, the fw_cfg internal API specifies that if an item was set up
with a read callback, the callback must be run each time a byte is read
from the item. This behavior is both wasteful (most items do not have a
read callback set), and impractical for bulk transfers (e.g., DMA read).

At the time of this writing, the only items configured with a callback
are "/etc/table-loader", "/etc/acpi/tables", and "/etc/acpi/rsdp". They
all share the same callback functions: virt_acpi_build_update() on ARM
(in hw/arm/virt-acpi-build.c), and acpi_build_update() on i386 (in
hw/i386/acpi.c). Both of these callbacks are one-shot (i.e. they return
without doing anything at all after the first time they are invoked with
a given build_state; since build_state is also shared across all three
items mentioned above, the callback only ever runs *once*, the first
time either of the listed items is read).

This patch amends the specification for fw_cfg_add_file_callback() to
state that any available read callback will only be invoked once each
time the item is selected. This change has no practical effect on the
current behavior of QEMU, and it enables us to significantly optimize
the behavior of fw_cfg reads during guest firmware setup, eliminating
a large amount of redundant callback checks and invocations.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc Marí <markmb@redhat.com>
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NLaszlo Ersek <lersek@redhat.com>
Message-id: 1446733972-1602-3-git-send-email-somlo@cmu.edu
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Move documentation for fw_cfg functions internal to qemufrom
docs/specs/fw_cfg.txt to the fw_cfg.h header file, next to
their prototype declarations, formatted as doc-comments.

NOTE: Documentation for fw_cfg_add_callback() is completely
dropped by this patch, as that function has been eliminated
by commit 023e3148.
Suggested-by: NPeter Maydell <peter.maydell@linaro.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc Marí <markmb@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NLaszlo Ersek <lersek@redhat.com>
Message-id: 1446733972-1602-2-git-send-email-somlo@cmu.edu
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

While in the long term we want throttling to be its own block filter
BDS, in the short term we want it to be part of the BB instead of a BDS;
even in the long term we may want legacy throttling to be automatically
tied to the BB.

blockdev-insert-medium and blockdev-remove-medium do not retain
throttling information in the BB (deliberately so). Therefore, using
them means tying this information to a BDS, which would break the model
described above. (The same applies to other flags such as
detect_zeroes.) We probably want to move this information to the BB or
its own filter BDS before blockdev-{insert,remove}-medium can be
considered completely stable.

Therefore, mark these functions experimental for the time being.
Suggested-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMax Reitz <mreitz@redhat.com>
Acked-by: NMarkus Armbruster <armbru@redhat.com>
Acked-by: NKevin Wolf <kwolf@redhat.com>
Message-id: 1449847385-13986-2-git-send-email-mreitz@redhat.com
Reviewed-by: NEric Blake <eblake@redhat.com>
[PMM: fixed format nit (underlining) in qmp-commands.hx]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

My fix (84e7b80a) replaced the last_sent_block update that I'd
removed earlier; however it was too aggressive in the xbzrle case.

save_xbzrle_page might return '0' to mean that the page didn't
need sending since it was the same as the last sent version;
in this case we can't update 'last_sent_block' since we didn't
actually send it.

Symptom: 'Illegal RAM offset 1018000' as we try and send a page
        to the wrong RAMBlock;  potentially that could be a data
        corruption if you were really unlucky.

Fixes: 84e7b80aSigned-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: NJuan Quintela <quintela@redhat.com>
Message-id: 1449765106-6528-1-git-send-email-dgilbert@redhat.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Update translation files (change created via 'make -C po update').
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Message-id: 1449754467-3496-1-git-send-email-peter.maydell@linaro.org

LEON3 allows the CASA instruction to be used from user space
if the ASI is set to 0xa (user data).
Signed-off-by: NAlex Zuepke <azu@sysgo.de>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

As suggested by Paolo, I add myself as maintainer for virtio-9p.
Signed-off-by: NGreg Kurz <gkurz@linux.vnet.ibm.com>
Acked-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Message-id: 20151130154016.20108.79073.stgit@bahia.huguette.org
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Since commit 4652f164 "virtio-9p: add savevm
handlers", if the user hot-unplugs a quiescent 9p device and live
migrates, the source QEMU crashes before migration completetion...
This happens because virtio-9p devices have a realize handler which
calls virtio_init() and register_savevm().  Both calls store pointers
to the device internals, that get dereferenced during migration even
if the device got unplugged.

This patch simply adds an unrealize handler to perform minimal
cleanup and avoid the crash.  Hot unplug of non-quiescent 9p devices
is still not supported in QEMU, and not supported by linux guests
either.
Signed-off-by: NGreg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Message-id: 20151208155457.27775.69441.stgit@bahia.huguette.org
[PMM: rewrapped long lines in commit message]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

blk_attach_dev() fails here only when we're working for device
"sdhci-pci" (which already attached the backend), and then we don't
want to attach a second time.  If we ever create another failure mode,
we're setting up ourselves to using the same backend from multiple
frontends, which is likely to end in tears.  Can't clean this up this
close to the release, so mark it FIXME.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1449503710-3707-3-git-send-email-armbru@redhat.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

We currently fuse controller and card into a single device model, but
we intend qomify things properly and separate the two.  The properties
that really belong to the card would then have to somehow pass-through
to the card's properties.  To avoid that complication, either mark
them experimental or drop them.

Properties "capareg", "maxcurr" and the usual PCI device properties
belong to the controller.  Property "drive" belongs to the card;
rename it to "x-drive".  Properties "logical_block_size",
"physical_block_size", "min_io_size", "opt_io_size",
"discard_granularity" belong to the card, but have no effect; drop
them.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1449503710-3707-2-git-send-email-armbru@redhat.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The official way of enabling dataplane is through the "iothread"
property that references an iothread object created by "-object
iothread".  Since the old "x-data-plane=on" way now even crashes, it's
probably easier to just drop it:

$ qemu-system-x86_64 -drive file=null-co://,id=d0,if=none \
    -device virtio-blk-pci,drive=d0,x-data-plane=on

ERROR:/home/fam/work/qemu/qom/object.c:1515:
object_get_canonical_path_component: assertion failed: (obj->parent != NULL)
Aborted
Signed-off-by: NFam Zheng <famz@redhat.com>
Message-id: 1449485967-19240-1-git-send-email-famz@redhat.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

# gpg: Signature made Mon 07 Dec 2015 14:06:07 GMT using RSA key ID 398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  lan9118: log and ignore access to invalid registers, rather than aborting
  lan9118: fix emulation of MAC address loaded bit in E2P_CMD register
  vmxnet3: silence warning
  pcnet: fix rx buffer overflow(CVE-2015-7512)
  net: pcnet: add check to validate receive data size(CVE-2015-7504)
  e1000: fix hang of win2k12 shutdown with flood ping
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

With this change, access to invalid/unimplemented device registers are
logged as a "guest error" rather than aborting qemu with
hw_error. This enables drivers for similar devices (e.g. SMSC 9221),
by simply ignoring the unimplemented writes. It's also closer to what
real hardware does.
Signed-off-by: NAndrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

There appears to have been a longstanding typo in the implementation
of the "MAC address loaded" bit in the E2P_CMD (EEPROM command)
register. The code was using 0x10, but the controller spec says it
should be bit 8 (0x100).
Signed-off-by: NAndrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

vmxnet3 always produces a warning under qtest.

This is not a user error, don't warn.
Suggested-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

Backends could provide a packet whose length is greater than buffer
size. Check for this and truncate the packet to avoid rx buffer
overflow in this case.

Cc: Prasad J Pandit <pjp@fedoraproject.org>
Cc: qemu-stable@nongnu.org
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

In loopback mode, pcnet_receive routine appends CRC code to the
receive buffer. If the data size given is same as the buffer size,
the appended CRC code overwrites 4 bytes after s->buffer. Added a
check to avoid that.

Reported by: Qinghao Tang <luodalongde@gmail.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: NJason Wang <jasowang@redhat.com>

e1000 driver in Win2k12 is really well rotten. It 100% hangs on shutdown
of UP VM under flood ping. The guest checks card state and reinjects
itself interrupt in a loop. This is fatal for UP machine.

There is no good way to fix this misbehavior but to kludge it. The
emulation has interrupt throttling register aka ITR which limits
interrupt rate and allows the guest to proceed this phase.
There is no problem with this kludge for Linux guests - it adjust the
value of it itself.

On the other hand according to the initial research in
    commit e9845f09
    Author: Vincenzo Maffione <v.maffione@gmail.com>
    Date:   Fri Aug 2 18:30:52 2013 +0200

    e1000: add interrupt mitigation support

    ...

    Interrupt mitigation boosts performance when the guest suffers from
    an high interrupt rate (i.e. receiving short UDP packets at high packet
    rate). For some numerical results see the following link
    http://info.iet.unipi.it/~luigi/papers/20130520-rizzo-vm.pdf

this should also boost performance a bit.

See https://bugzilla.redhat.com/show_bug.cgi?id=874406 for additional
details.
Signed-off-by: NDenis V. Lunev <den@openvz.org>
CC: Vincenzo Maffione <v.maffione@gmail.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

QOM infrastructure fixes and device conversions

* Documentation update
* qom-test and related fixes

# gpg: Signature made Fri 04 Dec 2015 17:54:55 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-peter:
  qom-test: Fix qmp() leaks
  tests: Use proper functions types instead of void (*fn)
  qom: Update documentation comment of struct Object
  tests: Fix check-report-qtest-% target
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Before this patch ASAN reported:
SUMMARY: AddressSanitizer: 677165875 byte(s) leaked in 1272437 allocation(s)

After this patch:
SUMMARY: AddressSanitizer: 465 byte(s) leaked in 32 allocation(s)
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1448551895-871-1-git-send-email-marcandre.lureau@redhat.com>
[Straightforwardly rebased onto the previous patch]
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

We have several function parameters declared as void (*fn).  This is
just a stupid way to write void *, and the only purpose writing it
like that could serve is obscuring the sin of bypassing the type
system without need.

The original sin is commit 49ee3590: its qtest_add_func() is a wrapper
for g_test_add_func().  Fix the parameter type to match
g_test_add_func()'s.  This uncovers type errors in ide-test.c; fix
them.

Commit 7949c0e3 faithfully repeated the sin for qtest_add_data_func().
Fix it the same way, along with a harmless type error uncovered in
vhost-user-test.c.

Commit 063c23d9 repeated it for qtest_add_abrt_handler().  The screwy
parameter gets assigned to GHook member func, so change its type to
match.  Requires wrapping kill_qemu() to keep the type checker happy.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
[AF/armbru: Inline GTestFunc/GTestDataFunc typedef for old GLib]
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

trivial patches for 2015-12-04

# gpg: Signature made Fri 04 Dec 2015 06:40:23 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"

* remotes/mjt/tags/pull-trivial-patches-2015-12-04:
  bt: check struct sizes
  typedefs: Put them back into alphabetical order
  scsi: remove scsi_req_free prototype
  gt64xxx: fix decoding of ISD register
  configure: use appropriate code fragment for -fstack-protector checks
  crypto: avoid two coverity false positive error reports
  configure: Diagnose broken linkers directly
  bt: avoid unintended sign extension
  util/id: fully allocate names table
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

ppc patch queue for 2.5 2015-12-04

This contains some last minute QOM behaviour fixes from Markus
Armbruster.

# gpg: Signature made Fri 04 Dec 2015 06:43:54 GMT using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.5-20151204:
  spapr_drc: Change value of property "fdt" from null back to {}
  spapr_drc: Make device "spapr-dr-connector" unavailable with -device
  spapr_drc: Handle visitor errors properly
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

See http://permalink.gmane.org/gmane.linux.bluez.kernel/36505.  For historical
reasons these do not use sizeof, and Coverity caught a mistake in
EVT_ENCRYPT_CHANGE_SIZE.

In addition:

- remove status from create_conn_cancel_cp; the "status" field is only
in rp structs.  Note that this means that the OCF_CREATE_CONN_CANCEL
could never have worked (it would have failed the LENGTH_CHECK), but
I am keeping it anyway.

- OCF_READ_LINK_QUALITY similarly could never have worked, but I am
fixing read_link_quality_cp anyway.

- fix inquiry_info which is shorter by one: the kernel has a struct that
is 14 byte long, but not counting the initial num_responses byte which
the kernel parses separately;

- remove extended_inquiry_info altogether, since it's not used and unlike
the other inquiry structs does not have the initial num_responses byte.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

"Please keep this list in alphabetical order" has been more honoured
in the breach than in the observance.  Clean up.

While there, drop a redundant struct declaration.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Function has been deleted in ad2d30f7.
Signed-off-by: NHervé Poussineau <hpoussin@reactos.org>
Reviewed-by: NFam Zheng <famz@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

The GT64xxx's internal registers can be placed above the first 4 GiB
in the address space, but not above the first 64 GiB.  Correctly cast
the register to a 64-bit integer, and mask away bits above bit 35.

Datasheet at http://pdf.datasheetarchive.com/datasheetsmain/Datasheets-33/DSA-655889.pdf
(bug reported by Coverity).
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

The check for stack-protector support consisted in compiling and linking
the test program below (output by function write_c_skeleton()) with the
compiler flag -fstack-protector-strong first and then with
-fstack-protector-all if the first one failed to work:

  int main(void) { return 0; }

This caused false positives when using certain toolchains in which the
compiler accepted -fstack-protector-strong but no support was provided
by the C library, since for this stack-protector variant the compiler
emits canary code only for functions that meet specific conditions
(local arrays, memory references to local variables, etc.) and the code
fragment under test included none of them (hence no stack protection
code generated, no link failure).

This fix changes the test program used for -fstack-protector checks to
include a function that meets conditions which cause the compiler to
generate canary code in all variants.
Signed-off-by: NRodrigo Rebello <rprebello@gmail.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

In qcrypto_tls_creds_get_path() coverity complains that
we are checking '*creds' for NULL, despite having
dereferenced it previously. This is harmless bug due
to fact that the trace call was too early. Moving it
after the cleanup gets the desired semantics.

In qcrypto_tls_creds_check_cert_key_purpose() coverity
complains that we're passing a pointer to a previously
free'd buffer into gnutls_x509_crt_get_key_purpose_oid()
This is harmless because we're passing a size == 0, so
gnutls won't access the buffer, but rather just report
what size it needs to be. We can avoid it though by
explicitly setting the buffer to NULL after free'ing
it.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Currently if the user's compiler works for creating .o files but
their linker is broken such that compiling an executable from a
C file does not work, we will report a misleading error message
about the compiler not supporting __thread (since that happens
to be the first test we run which requires a working linker).
Explicitly check that compile_prog works as well as compile_object,
so that people whose toolchain setup is broken get a more helpful
error message.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

In the case of a 4-byte length, shifting a value by 24 may cause
an unintended sign extension when converting from int to size_t.
Use a uint32_t variable instead.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Trivial: this array should be allocated to have ID_MAX entries always.
Otherwise if someone were to forget to expand this table, the assertion
in the id generator won't actually trigger; it will read junk data.
Signed-off-by: NJohn Snow <jsnow@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Reviewed-by: NJeff Cody <jcody@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

prop_get_fdt() misuses the visitor API: when fdt is null, it doesn't
visit anything.  object_property_get_qobject() happily
object_property_get_qobject().  Amazingly, the latter survives the
misuse.  Turns out we've papered over it long before prop_get_fdt()
existed, in commit 1d10b445.

However, commit 6c2f9a15 changed how we paper over it, and as a side
effect changed qom-get's value from {} to null.  Change it right back
by fixing the visitor misuse.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>

It should only be created via spapr_dr_connector_new().  Attempting to
create it with -device crashes.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>

Since prop_get_fdt() is only used with QmpOutputVisitor, errors
shouldn't actually happen, so this is only a latent bug.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>

It doesn't have "GSList *interfaces" anymore, drop the paragraph.
Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>