We don't validate the existence of handle_output which may let a buggy
guest to trigger a SIGSEV easily. E.g:

1) write 10 to queue_sel to a virtio net device with only 1 queue
2) setup an arbitrary pfn
3) then notify queue 10

Fixing this by validating the existence of handle_output before.

Cc: qemu-stable@nongnu.org
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NDon Koch <dkoch@verizon.com>
Reviewed-by: NFam Zheng <famz@redhat.com>

The anonymous struct only has a single field now, drop the wrapper
structure.
Suggested-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Acked-by: NPaolo Bonzini <pbonzini@redhat.com>

cdb is now part of cmd, drop it from req.
There's also nothing to check using build assert now.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Acked-by: NPaolo Bonzini <pbonzini@redhat.com>

Commit "virtio-scsi: use standard-headers" added
cdb and sense into req/rep structures, which
breaks uses of sizeof for these structures,
since qemu adds its own arrays on top.

To fix, redefine CDB/sense field size to 0.
Reported-by: NFam Zheng <famz@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

QEMU wants to use virtio scsi structures with
a different VIRTIO_SCSI_CDB_SIZE/VIRTIO_SCSI_SENSE_SIZE,
let's add ifdefs to allow overriding them.

Keep the old defines under new names:
VIRTIO_SCSI_CDB_DEFAULT_SIZE/VIRTIO_SCSI_SENSE_DEFAULT_SIZE,
since that's what these values really are:
defaults for cdb/sense size fields.
Suggested-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Acked-by: NPaolo Bonzini <pbonzini@redhat.com>

This is duplicated from the kernel header,
drop our copy.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

As noted by Andreas, hw/boards.h shouldn't be used outside softmmu code.
Include it conditionally, and drop the (now unnecessary) ifdef guards in
hw/boards.h
Reported-by: NAndreas Färber <afaerber@suse.de>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>

Will catch users if we misused it.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

It's sad when a friend leaves, but we have to move on.

Drop Anthony's email from MAINTAINERS so he stops getting
irrelevant email.

Got Anthony's ack off-list.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Acked-by: NAnthony Liguori <aliguori@amazon.com>

Move the memory subregion function into the DeviceClass realize function
due to isa_address_space (now) crashing if called in the instance init
function.
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Acked-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

qdev_init() is deprecated, and will be removed when its callers have
been weaned off it.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Running
    qemu-bin ... -machine pc,mem-merge=on
leads to crash:
    x86_64-softmmu/qemu-system-x86_64 -machine pc,dump-guest-core=on
    qemu-system-x86_64: qemu/util/qemu-option.c:387: qemu_opt_get_bool_helper:
    Assertion `opt->desc && opt->desc->type == QEMU_OPT_BOOL' failed.  Aborted
    (core dumped)

This happens because the commit e79d5a6 ("machine: remove qemu_machine_opts
global list") removed the global option descriptions and moved them to
MachineState's QOM properties.

Fix this by querying machine properties through designated wrappers.
Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

Running
    qemu-bin ... -machine pc,dump-guest-core=on
leads to crash:
    x86_64-softmmu/qemu-system-x86_64 -machine pc,dump-guest-core=on
    qemu-system-x86_64: qemu/util/qemu-option.c:387: qemu_opt_get_bool_helper:
    Assertion `opt->desc && opt->desc->type == QEMU_OPT_BOOL' failed.  Aborted
    (core dumped)

This happens because the commit e79d5a6 ("machine: remove qemu_machine_opts
global list") removed the global option descriptions and moved them to
MachineState's QOM properties.

Fix this by querying machine properties through designated wrappers.
Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

Make it safe to include hw/boards.h in exec.c
for linux-user configurations.
We don't need any of its contents though.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Commit e79d5a6 ("machine: remove qemu_machine_opts global list") removed
the global option descriptions and moved them to MachineState's QOM
properties.

Query phandle-start by accessing machine properties through designated
wrappers.
Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

Commit e79d5a6 ("machine: remove qemu_machine_opts global list") removed
the global option descriptions and moved them to MachineState's QOM
properties.

Query kvm-shadow-mem by accessing machine properties through designated
wrappers.
Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

Needed to query machine's properties.
Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

Running
    x86_64-softmmu/qemu-system-x86_64 -machine pc,kernel_irqchip=on -enable-kvm
leads to crash:
    qemu-system-x86_64: qemu/util/qemu-option.c:387: qemu_opt_get_bool_helper:
    Assertion `opt->desc && opt->desc->type == QEMU_OPT_BOOL' failed.  Aborted
    (core dumped)

This happens because the commit e79d5a6 ("machine: remove qemu_machine_opts
global list") removed the global option descriptions and moved them to
MachineState's QOM properties.

Fix this by querying machine properties through designated wrappers.
Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

The code using kernel-irqchip property requires 'allowed/required'
functionality. Replace machine's kernel_irqchip field with two fields
representing the new functionality and expose them through wrappers.
Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

Fixes a QEMU crash when passing iommu parameter in command line.
Running
    x86_64-softmmu/qemu-system-x86_64 -machine pc,iommu=on -enable-kvm
leads to crash:
    qemu-system-x86_64: qemu/util/qemu-option.c:387: qemu_opt_get_bool_helper:
    Assertion `opt->desc && opt->desc->type == QEMU_OPT_BOOL' failed.
    Aborted (core dumped)

This happens because commit e79d5a6 ("machine: remove qemu_machine_opts global
list") removed the global option descriptions and moved them to MachineState's
QOM properties.

Fix this by querying machine properties through designated wrappers.
Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

clang undefined behaviour sanitizer reports:
> hw/pci/shpc.c:162:27: runtime error: left shift of 1 by 31 places
> cannot be represented in type 'int'

Caused by the usual lack of a 'U' qualifier on a constant 1 being
shifted left. Fix it up.
Reported-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

commit ecdc7bab
    "acpi: fix aml_equal term implementation"
dropped a useless Zero in generated code,
update expected files appropriately.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

The DefLEqual op does not have a target operand. Remove it.
Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Opcodes are raw bytes, they shouldn't be added
using build_append_int. This only happens to work
with 0 and 1 opcodes.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

this code:
    aml_append(foo, bar);

might, non-intuitively, modify bar, which means that e.g. the following
might not DTRT:

    c = ....;
    aml_append(a, c);
    aml_append(b, c);

to fix, simply allocate an intermediate array,
and always modify that.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

trivial patches for 2015-03-04

# gpg: Signature made Tue Mar 10 05:16:59 2015 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"

* remotes/mjt/tags/pull-trivial-patches-2015-03-04: (44 commits)
  9pfs: remove useless return
  gdbstub: avoid possible NULL pointer dereference
  milkymist-pfpu: fix GCC 5.0.0 aggressive-loop-optimizations warning
  fix GCC 5.0.0 logical-not-parentheses warnings
  migration: Fix coding style (whitespace issues)
  oslib-posix: Fix compiler warning (-Wclobbered) and simplify the code
  disas/microblaze: Fix warnings caused by missing 'static' attribute
  disas/arm: Fix warnings caused by missing 'static' attribute
  vhost_net: Add missing 'static' attribute
  e500: fix memory leak
  gitignore: Ignore new tests
  gitignore: Track common.env in iotests gitignore
  sysbus: fix memory leak
  milkymist.c: fix memory leak
  macio: fix possible memory leak
  sparc/leon3.c: fix memory leak
  nbd: fix resource leak
  qemu-char: add cyrillic key 'numerosign' to Russian keymap
  qemu-char: add cyrillic characters 'numerosign' to VNC keysyms
  qapi-schema: Fix SpiceChannel docs
  ...
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Coverity reports that s->chr is checked after put_packet dereferences it.
Move the check earlier, consistent with the code used for user-mode
emulation.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

man gcc:
  Warn if in a loop with constant number of iterations the compiler
  detects undefined behavior in some statement during one or more of
  the iterations.

Milkymist pfpu has no jump instructions, so checking for MICROCODE_WORDS
instructions should have kept us in bounds of s->microcode, but i++
allowed one loop too many,

  hw/misc/milkymist-pfpu.c: In function ‘pfpu_write’:
  hw/misc/milkymist-pfpu.c:365:20: error: loop exit may only be reached after undefined behavior [-Werror=aggressive-loop-optimizations]
                   if (i++ >= MICROCODE_WORDS) {
                      ^
  hw/misc/milkymist-pfpu.c:167:14: note: possible undefined statement is here
       uint32_t insn = s->microcode[pc];
                ^

The code can still access out of bounds, because it presumes that PC register
always begins at 0, and we allow writing to it.
Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
Acked-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

man gcc:
  Warn about logical not used on the left hand side operand of a
  comparison.  This option does not warn if the RHS operand is of a
  boolean type.

By preferring bool over int where sensible, but without modifying any
depending code, make GCC happy in cases like this,
  qemu-img.c: In function ‘compare_sectors’:
  qemu-img.c:992:39: error: logical not is only applied to the left hand
  side of comparison [-Werror=logical-not-parentheses]
           if (!!memcmp(buf1, buf2, 512) != res) {

hw/ide/core.c:1836 doesn't throw an error,
  assert(!!s->error == !!(s->status & ERR_STAT));
even thought the second operand is int (and first hunk of this patch has
a very similar case), maybe GCC developers still have a little faith in
C programmers.
Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

* Remove trailing whitespace (fixes 9 errors from checkpatch.pl).
  One comment line was longer than 80 characters, so wrap it
  and fix a typo, too.
* Replace tabs by blanks (fixes 1 error).
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

gcc reports this warning with -Wclobbered:

util/oslib-posix.c: In function ‘os_mem_prealloc’:
util/oslib-posix.c:374:49: error: argument ‘memory’ might be clobbered by
 ‘longjmp’ or ‘vfork’ [-Werror=clobbered]

Fix this and simplify the code by using an existing macro.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Warnings from the Sparse static analysis tool:

disas/microblaze.c:289:3: warning:
 symbol 'opcodes' was not declared. Should it be static?
disas/microblaze.c:570:6: warning:
 symbol 'register_prefix' was not declared. Should it be static?
disas/microblaze.c:571:6: warning:
 symbol 'special_register_prefix' was not declared. Should it be static?
disas/microblaze.c:572:6: warning:
 symbol 'fsl_register_prefix' was not declared. Should it be static?
disas/microblaze.c:573:6: warning:
 symbol 'pvr_register_prefix' was not declared. Should it be static?

Remove the unused variable special_register_prefix.
The variable pvr_register_prefix was unused, too, but can be used.
Add also 'const' where possible.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Warnings from the Sparse static analysis tool:

disas/arm.c:1552:15: warning:
 symbol 'last_type' was not declared. Should it be static?
disas/arm.c:1553:5: warning:
 symbol 'last_mapping_sym' was not declared. Should it be static?
disas/arm.c:1554:9: warning:
 symbol 'last_mapping_addr' was not declared. Should it be static?

Instead of adding 'static', the unused variables and the unused code which
refers to those variables (which was deactivated a long time ago in
commit 4b0f1a8b) are removed.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

This fixes a warning from smatch.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NStefan Weil <sw@weilnetz.de>

Signed-off-by: NCole Robinson <crobinso@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Rather than track it in the toplevel gitignore
Signed-off-by: NCole Robinson <crobinso@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>