When making copy of arguments we were doing partial copy
Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

There is no need to check for dest < 0 or vector >= 0 as both are
uint16_t.

This should fix problems with broken build with aggressive compiler
flags. Reported by Xudong Hao <xudong.hao@intel.com>
Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com>
Acked-by: NCam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Do not store return of get_image_size() in a uint32_t as it makes it
impossible to detect error returns from get_image_size.
Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Fix a warning from OpenBSD linker:
../libhw32/vl.o(.text+0x5c3c): In function `main':
/src/qemu/vl.c:2335: warning: sprintf() is often misused, please use snprintf()
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

acpi table file can be modified during load so file size check
should be more strict.
pointer calculation should be after qemu_realloc(). not before realloc().
Signed-off-by: NIsaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

https://bugs.launchpad.net/bugs/611646
reports that ./i386-softmmu/qemu -M isapc segfaults.
This patch fixes the segfault introduced by
f885f1ea

It's because i440fx_state in pc_init1() isn't initialized.

> Core was generated by `./i386-softmmu/qemu -M isapc'.
> Program terminated with signal 11, Segmentation fault.
> [New process 19686]
>     at qemu/hw/piix_pci.c:136
> (gdb) where
>     at qemu/hw/piix_pci.c:136
>     boot_device=0x7fffe1f5b040 "cad", kernel_filename=0x0,
>     kernel_cmdline=0x6469bf "", initrd_filename=0x0,
>     cpu_model=0x654d10 "486", pci_enabled=0)
>     at qemu/hw/pc_piix.c:178
>     boot_device=0x7fffe1f5b040 "cad", kernel_filename=0x0,
>     kernel_cmdline=0x6469bf "", initrd_filename=0x0, cpu_model=0x654d10 "486")
>     at qemu/hw/pc_piix.c:207
>     envp=0x7fffe1f5b188)
>     at qemu/vl.c:2871
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NIsaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

It is possible that subpage mmio is registered over existing memory
page. When this happens "memory" will have real memory address and not
index into io_mem array so next access to the page will generate
segfault. It is uncommon to have some part of a page to be accessed as
memory and some as mmio, but qemu shouldn't crash even when guest does
stupid things. So lets just pretend that the rest of the page is
unassigned if guest configure part of the memory page as mmio.
Signed-off-by: NGleb Natapov <gleb@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Combining bitwise AND and logical NOT is suspicious.

Fixed by this Coccinelle script:
// From http://article.gmane.org/gmane.linux.kernel/646367
@@ expression E1,E2; @@
(
 !E1 & !E2
|
- !E1 & E2
+ !(E1 & E2)
)
Acked-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Update Sparc32 and Sparc64 OpenBIOS images to SVN revision 859.

Bring also pc-bios/README up to date including the update performed by
419ef5f1.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

We can't use the return value of load_uimage() for the kernel because it
can't account for BSS size, and the PowerPC kernel does not relocate
blobs before zeroing BSS.

Instead, we now load at the fixed addresses chosen by u-boot (the normal
firmware for the board).
Signed-off-by: NHollis Blanchard <hollis@penguinppc.org>

The PowerPC 4xx SDRAM controller emulation unregisters RAM in its reset
callback. However, qemu_system_reset() is now called at initialization
time, so all RAM is unregistered before starting the guest (!).
Signed-off-by: NHollis Blanchard <hollis@penguinppc.org>

The message "Truncating memory to %d MiB to fit SDRAM controller limits"
should be displayed only when a user chooses an amount of RAM which
can't be represented by the PPC 4xx SDRAM controller (e.g. 129MB, which
would only be valid if the controller supports a bank size of 1MB).
Signed-off-by: NHollis Blanchard <hollis@penguinppc.org>

We must be able to use a non-native strip executable, but not all
versions of 'install' support the --strip-program option (e.g.
OpenBSD). Accordingly, we can't use 'install -s', and we must run strip
separately.
Signed-off-by: NHollis Blanchard <hollis@penguinppc.org>
Cc: blauwirbel@gmail.com

This updates the openBIOS binary to r589, adding support for PPC PV feature
pass-through in KVM.
Signed-off-by: NAlexander Graf <agraf@suse.de>

On KVM for PPC we need to tell the guest which instructions to use when
doing a hypercall. The clean way to do this is to go through an ioctl
from userspace and passing it on to the guest using the device tree.

So let's do the qemu part here: read out the hypercall and pass it on
to the guest's fw_cfg so openBIOS can read it out and expose it again.
Signed-off-by: NAlexander Graf <agraf@suse.de>

Changing block.h or blockdev.h resulted in recompiling most objects.

Move DriveInfo typedef and BlockInterfaceType enum definitions
to qemu-common.h and rearrange blockdev.h use to decrease churn.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Switch tree to lookup-by-name using qemu_find_opts().
Also hook up virtfs options so qemu_find_opts works for them too.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Old versions of the BOCHs VGA BIOS (cira 2003) made use of VBE
registers at 0xff80/81.  In VBE API version 0xb0c2 these were
moved to 0x1ce/cf.  Unfortunately, QEMU still registers handlers
for the old range.  If a guest attempts to assign an I/O device
overlapping this region, QEMU exits with a hw_error.  Windows
guests seem to like to assign I/O devices to the high end of
the address space, so it's pretty easy to hot add an rtl8139
to a Win2k8 guest and trigger the bug.  I can't find any reason
to register these handlers, so let's remove the cruft.
Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

A number of changes I prefer to do in one shot:

- Fix example
- Small clarifications
- Add multiple monitors example
- Add 'Development Process' section
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This code was originally developed by Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: NMiguel Di Ciurcio Filho <miguel.filho@gmail.com>
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Update the documentation of 'query-version' to output the string version broken
down.
Signed-off-by: NMiguel Di Ciurcio Filho <miguel.filho@gmail.com>
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Setting fd = -1 to qemu_set_fd_handler2() causes bus error at FD_SET
in main_loop_wait().
Signed-off-by: NYoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Free malloc'ed memory, unregister from savevm and clean up virtio-common
bits on device hot-unplug.

This was found performing a migration after device hot-unplug.

Reported-by: <lihuang@redhat.com>
Signed-off-by: NAmit Shah <amit.shah@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Correct the calculation of the offset in the msrpm
for the MSR range 0 - 0x1fff.
Signed-off-by: NAdam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Since most of the code in qemu_ram_alloc() and
qemu_ram_alloc_from_ptr() are duplicated, let
qemu_ram_alloc_from_ptr() to switch by checking void *host, and change
qemu_ram_alloc() to a wrapper.
Signed-off-by: NYoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NYoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NYoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

I have a guest OS which sends the command 0xfd to the keyboard
controller during initialization. To get rid of the message
"qemu: unsupported keyboard cmd=0x%02x\n" I added support for
the pulse output bit commands.

I found the following explanation here:
http://www.win.tue.nl/~aeb/linux/kbd/scancodes-11.html#ss11.3

Command 0xf0-0xff: Pulse output bit
Bits 3-0 of the output port P2 of the keyboard controller may
be pulsed low for approximately 6 µseconds. Bits 3-0 of this
command specify the output port bits to be pulsed. 0: Bit should
be pulsed. 1: Bit should not be modified. The only useful version
of this command is Command 0xfe.
(For MCA, replace 3-0 by 1-0 in the above.)

Command 0xfe: System reset
Pulse bit 0 of the output port P2 of the keyboard controller.
This will reset the CPU.
Signed-off-by: NBernhard Kohl <bernhard.kohl@nsn.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Replace a qemu_malloc call, followed by a memset, with qemu_mallocz.

Found with this Coccinelle semantic patch, adapted from
Coccinelle test package rule 94:
@@
type T;
expression x;
expression E;
@@

- x = (T)qemu_malloc(E)
+ x = qemu_mallocz(E)
  ...
(
- memset(x,0,E);
|
- memset(x,0,sizeof(*x));
)

Some files (tests/*) had to be filtered out.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Replace array size calculations with ARRAY_SIZE macro.

Implemented with this Coccinelle semantic patch, adapted from
Linux kernel:
@@
type T;
T[] E;
@@

- (sizeof(E)/sizeof(*E))
+ ARRAY_SIZE(E)

@@
type T;
T[] E;
@@

- (sizeof(E)/sizeof(E[...]))
+ ARRAY_SIZE(E)

@@
type T;
T[] E;
@@

- (sizeof(E)/sizeof(T))
+ ARRAY_SIZE(E)

Some files (*-dis.c, tests/*) had to be filtered out.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Found with this Coccinelle semantic patch:
@@
expression E;
identifier ptr;
identifier fn ~= "qemu_strn?dup";
@@

-ptr = fn(E);
-if (ptr == NULL) { ... }
-
+ptr = fn(E);
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>