The previous parser had copy and paste errors when computing
vname_length and type_params_length, "name" was used instead
of respectively vname and type_params. This led to length that could
be bigger than the input string, and to access out of the array
bounds when trying to copy these strings. valgrind rightfully
complained about this. It also didn't handle empty fields correctly,
Signed-off-by: NChristophe Fergeau <cfergeau@redhat.com>
Reviewed-by: NAlon Levy <alevy@redhat.com>

vcard_emul_options used args = strip(args++) a few times, which
was not returning the expected result since the rest of the code
expected args to be increased by at least 1, which is not the case
if *args is not a blank space when this function is called.
Replace these calls by "strip(args+1)" which will do what we expect.
Signed-off-by: NChristophe Fergeau <cfergeau@redhat.com>
Reviewed-by: NAlon Levy <alevy@redhat.com>

vcard_emul_mirror_card and vcard_emul_init use
vcard_emul_alloc_arrays to allocate memory for temporary arrays
which will contain elements that in the end will be used one by
one in cac_card_init. The arrays themselves are never stored
anywhere, they are only used as temporary containers. Hence
the memory that was allocated for these arrays should be freed
after use or they will be leaked.

Some tokens claim to do CKM_RSA_X_509, but then choke when they try to do the
actual operations. Try to detect those cases and treat them as if the token
didn't claim support for X_509.
Signed-off-by: NRobert Relyea <rrelyea@redhat.com>

This patch implements MMU faults caused by TTE.NFO and TTE.E:
- access other than nonfaulting load to a page marked NFO should
  raise data_access_exception
- nonfaulting load to a page marked with E bit should raise
  data_access_exception

To distinguish nonfaulting loads, this patch extends (abuses?) the rw
argument of get_physical_address_data().  rw is set to 4 on nonfaulting
loads.
Signed-off-by: NTsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Nonfaulting loads should raise fast_data_access_MMU_miss traps as
normal loads do.  It is up to the guest OS kernel that detect MMU misses
on nonfaulting load instructions and make them complete without signaling.
Signed-off-by: NTsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

cpu_get_phys_page_nofault() calls get_physical_address() twice,
that results in overwriting the fault status in the SFSR.
We need this change in order for nonfaulting loads to raising MMU faults
as normal loads do.
Also removed the call to cpu_get_physical_page_desc() since we are
going to modify nonfaulting loads raising MMU faults.
Signed-off-by: NTsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

This patch makes cpu_get_phys_page_debug() independent from
cpu_get_phys_page_nofault() in advance of implementing nonfaulting load.
This also modifies cpu_get_phys_page_nofault() to be compiled only on
TARGET_SPARC64 because it is not required on SPARC32.
Signed-off-by: NTsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Introduce cpu_sparc_get_phys_page() to be used as a help for splitting
cpu_get_phys_page_debug() from cpu_get_phys_page_nofault().
Signed-off-by: NTsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add macros for SFSR fields and use macros instead of magic numbers.
Also fix the update of the register fields on MMU faults.
Signed-off-by: NTsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add macros for TTE bits and modify to use macros instead of
magic numbers.
Signed-off-by: NTsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Update Sparc32 and Sparc64 OpenBIOS images to SVN revision 1045.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

cea5f9a2 exposed bugs in unassigned memory
access handling. Fix them by always passing CPUState to the handlers.
Reported-by: NHervé Poussineau <hpoussin@reactos.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Don't compile virtio.c in hwlib, it depends on memory accesses
performed in CPU endianness.

Make loads and stores in CPU endianness unavailable to devices
and poison them to avoid further bugs.
Acked-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

UA2007 ASI_BLK_* should be added in is_translating_asi().
Signed-off-by: NTsuneo Saito <tsnsaito@gmail.com>
Acked-by: NArtyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

789f88d0 only fixed #else,
fix also #if.
Reviewed-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

cppcheck reports an error:
qemu/tcg/mips/tcg-target.c:1487: error: Invalid number of character (()

The unpatched code won't compile on mips hosts starting with commit
cea5f9a2.

Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NHervé Poussineau <hpoussin@reactos.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NHervé Poussineau <hpoussin@reactos.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NHervé Poussineau <hpoussin@reactos.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

"break" is missing on V9 fmovdcc (%icc).
Signed-off-by: NTsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

The destination registers of SIMD signed compare instructions
(fcmp*<16|32>) are not FP registers but general purpose r registers.
Comparisons should be freg_rs1 CMP freg_rs2, that were reversed.
Signed-off-by: NTsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

* 'for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
  target-arm: Fix BASEPRI, BASEPRI_MAX, and FAULTMASK access
  target-arm: Minimal implementation of performance counters
  Revert "Makefile.target: Allow target helpers to be in any *_helper.c file"
  Revert "target-arm: Use global env in neon_helper.c helpers"
  target-arm: Pass fp status pointer explicitly to neon fp helpers
  target-arm: Make VFP binop helpers take pointer to fpstatus, not CPUState
  target-arm: Add helper function to generate code to get fpstatus pointer
  Revert "target-arm: Use global env in iwmmxt_helper.c helpers"

Conflicts:
	Makefile.target

A host chardev could close just before the guest sends some data to be
written.  This will cause an -EPIPE error.  This shouldn't be propagated
to virtio-serial-bus.

Ideally we should close the port once -EPIPE is received, but since the
chardev interface doesn't return such meaningful values to its users,
all we get is -1 for any kind of error.  Just return 0 for now and wait
for chardevs to return better error messages to act better on the return
messages.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>

Markus fixed offenders in the file but one instance sneaked in via
another patch.  Fix it.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>

Add some trace events for messages passed between the char layer and the
virtio-serial bus.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>

Add some trace events for messages passed between the guest and host.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>

We were previously allowing arbitrarily-long indirect descriptors, which
could lead to a buffer overflow in qemu-kvm process.

CVE-2011-2212
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

move ids to pci info structure
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Signed-off-by: NAnthony PERARD <anthony.perard@citrix.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Sync xen names to ones used by linux. Add
xen platform device id as well.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

vhost dev stop failed to clear the log field.
Typically not an issue as dev start overwrites this field,
but if logging gets disabled before the following start,
it doesn't so this causes a double free.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

The new xen_console protocol changed the default xen_console output device
from whatever Qemu chose to whatever xenstore choses and "pty" as fallback.

This is not how Qemu works. It has its own serial redirection semantics. So
it xenstore doesn't contain information on what to do, Qemu is the place to
ask.
Signed-off-by: NAlexander Graf <agraf@suse.de>

Since CS 21994 on xen-unstable.hg and CS
466608f3a32e1f9808acdf832a5843af37e5fcec on qemu-xen-unstable.git, few
changes have been introduced to the PV console xenstore protocol, as
described by the document docs/misc/console.txt under xen-unstable.hg.

From the Qemu point of view, very few modifications are needed to
correctly support the protocol: read from xenstore the "output" node
that tell us what the output of the PV console is going to be.
In case the output is a tty, write to xenstore the device name.

Changes in v2:

- fix error paths: free malloc'ed strings and close the xenstore
connection before returning;

- remove useless snprintf in xenstore_store_pv_console_info if i == 0.

Changes in v3:

- replace xs_daemon_open/xs_daemon_close with xs_open/xs_close.

Changes in v4:

- add a compatibility implementation of xs_open/xs_close.

Changes in v5:

- fix code style.

[agraf] fix build error due to missing stub
Signed-off-by: NStefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>

When having code like this:

    static PCIDeviceInfo piix_ide_info[] = {
        {
            .qdev.name    = "piix3-ide",
            .qdev.size    = sizeof(PCIIDEState),
            .qdev.no_user = 1,
            .no_hotplug   = 1,
            .init         = pci_piix_ide_initfn,
            .vendor_id    = PCI_VENDOR_ID_INTEL,
            .device_id    = PCI_DEVICE_ID_INTEL_82371SB_1,
            .class_id     = PCI_CLASS_STORAGE_IDE,
        },{
            .qdev.name    = "piix4-ide",
            .qdev.size    = sizeof(PCIIDEState),
            .qdev.no_user = 1,
            .no_hotplug   = 1,
            .init         = pci_piix_ide_initfn,
            .vendor_id    = PCI_VENDOR_ID_INTEL,
            .device_id    = PCI_DEVICE_ID_INTEL_82371AB,
            .class_id     = PCI_CLASS_STORAGE_IDE,
        },{
            /* end of list */
        }
    };

checkpatch currently errors out, claiming that spaces need to follow
commas. However, this particular style of defining structs is pretty
common in qemu code and very readable. So let's declare it as supported
for the above case.
Reported-by: NKevin Wolf <kwolf@redhat.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>