Block limits emulation is just placing 0xb0 as the final byte of the
VPD pages list. However, VPD page numbers must be sorted, so change
that to an in-place insert. Since I couldn't find any disk that triggered
the loop more than once, this was tested by adding manually 0xb1
at the end of the list and checking that 0xb0 was added before.
Reported-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
While writing a message in 'lsi_do_msgin', message length value
in 'msg_len' could be invalid due to an invalid migration stream.
Add an assertion to avoid an out of bounds access, and reject
the incoming migration data if it contains an invalid message
length.
Discovered by Deja vu Security. Reported by Oracle.
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20181026194314.18663-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
object_new() returns a new backend with refcount == 1 and
then later object_property_add_child() increases refcount to 2
So when ivshmem is destroyed, the backend it has created isn't
destroyed along with it as children cleanup will bring
backend's refcount only to 1, which leaks backend including
resources it is using.
Drop the original reference from object_new() once backend
is attached to its parent.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1541069086-167036-1-git-send-email-imammedo@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Fixes: 5503e28504
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The 'q35' machine type implements an Intel Series 3 chipset,
of which there are several variants:
https://www.intel.com/Assets/PDF/datasheet/316966.pdf
The key difference between the 82P35 MCH ('p35', PCI device ID 0x29c0)
and 82Q35 GMCH ('q35', PCI device ID 0x29b0) variants is that the latter
has an integrated graphics adapter. QEMU does not implement integrated
graphics, so uses the PCI ID for the 82P35 chipset, despite calling the
machine type 'q35'. Thus we rename the PCI device ID constant to reflect
reality, to avoid confusing future developers. The new name more closely
matches what pci.ids reports it to be:
$ grep P35 /usr/share/hwdata/pci.ids | grep 29
29c0 82G33/G31/P35/P31 Express DRAM Controller
29c1 82G33/G31/P35/P31 Express PCI Express Root Port
29c4 82G33/G31/P35/P31 Express MEI Controller
29c5 82G33/G31/P35/P31 Express MEI Controller
29c6 82G33/G31/P35/P31 Express PT IDER Controller
29c7 82G33/G31/P35/P31 Express Serial KT Controller
$ grep Q35 /usr/share/hwdata/pci.ids | grep 29
29b0 82Q35 Express DRAM Controller
29b1 82Q35 Express PCI Express Root Port
29b2 82Q35 Express Integrated Graphics Controller
29b3 82Q35 Express Integrated Graphics Controller
29b4 82Q35 Express MEI Controller
29b5 82Q35 Express MEI Controller
29b6 82Q35 Express PT IDER Controller
29b7 82Q35 Express Serial KT Controller
Arguably the QEMU machine type should be named 'p35'. At this point in
time, however, it is not worth the churn for management applications &
documentation to worry about renaming it.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180830105757.10577-1-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If ioctl(..., VFIO_DEVICE_RESET) fails, we want to report errno
instead of ret (which is always -1 on error).
Fixes Coverity issue CID 1396176.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Tony Krowiak <akrowiak@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Add a virtual Xilinx Versal board.
This board is based on the Xilinx Versal SoC. The exact
details of what peripherals are attached to this board
will remain in control of QEMU. QEMU will generate an
FDT on the fly for Linux and other software to auto-discover
peripherals.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20181102131913.1535-3-edgar.iglesias@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add a model of Xilinx Versal SoC.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20181102131913.1535-2-edgar.iglesias@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The high[31:28] bits of 'direction' and 'state' registers of
SA-1100/SA-1110 device are reserved. Setting them may lead to
OOB 's->handler[]' array access issue. Mask off [31:28] bits to
avoid it.
Reported-by: Moguofang <moguofang@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20181030114635.31232-1-ppandit@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Wire up nRF51 UART in the corresponding SoC.
Signed-off-by: Julia Suvorova <jusual@mail.ru>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Not implemented: CTS/NCTS, PSEL*.
Signed-off-by: Julia Suvorova <jusual@mail.ru>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We are missing the VIRT_COMPAT_3_0 definition and setting.
Let's add them.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 20181024085602.16611-1-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJb2M/IAAoJEHWtZYAqC0IRu5AIAKR7lDJ9nPDqoCOvc4hAY6TV
Zd986geEGiwrsFJ/CXbXXMsM7aUP+Qq717wekkZFghjtsfG83S+JWROZo2b8AUsI
Atq0T/G6BLWFvdzW6sCtfo8zCrhj3EFJpFWTYCIrNHDB6rs1R9bbuR/Bt2h7tpDh
CAmUkbumVUvanG4oklaRrwWfN7GksVhxAqX41PHaJAACww6UkNLzkWDJ5eQswvG6
nzEtWGQU41FqdcL+5E7nH6IEEGb4MnTkAftIab5Phr+lMWnd3mN0/tiY0wgVCDbP
OGBxOiPDxRbO4m7EH9iigFL+Xz3eZz3m6mnjmD+Ss29JkROF4Rn1E5FuJIDxiic=
=SyrU
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2018-10-29-2' into staging
Merge tpm 2018/10/29 v2
# gpg: Signature made Tue 30 Oct 2018 21:40:24 GMT
# gpg: using RSA key 75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* remotes/stefanberger/tags/pull-tpm-2018-10-29-2:
tpm: Zero-init structure to avoid uninitialized variables in valgrind log
MAINTAINERS: Change my email address to the new domain
docs: tpm: Mention implemented TPM CRB interface emulation and specs
tests/tpm: Display if swtpm is not found or --tpm2 not supported
tests/tpm: fix tpm_util_swtpm_has_tpm2()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Zero-init the ptm_loc structure so that we don't have fields that
are not initialised.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
(Thank you to Thomas Huth)
v2: fix 32bit build with updated patch (v3) from Philippe Mathieu-Daudé
built in a 32bit debian sid chroot
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJb2D8VAAoJEPMMOL0/L748dZEP/11pPehjPPYVxesxM++pFeuf
2EOrLuOTkwlRX23itj2JHv8UTY3YZR9Z8kkF3SWe7qYfp4kB4dTEYjnJY5Im6fWQ
TUbC9D9SivknOOPyQUtGXZQRN8D8m6V4hN2ZcoXC2M48GT23/uqUWBwCKYeHxdLf
iJQFmhwDnXSZr+D0l9mpMK2vBsZ5ywcbne8GufTtrkz7Dq9A0nDWVc/XUEHzzahf
C+6r2fRPjtImxIjhAGQeAEzOk5tYnqK/3kXjy6T4UygvnZw0pkAS1rIb3hvlzm1e
kBlbA+pgL0kKumMmT9LBR4Os4hlL95URUF+BDNGa3EusImSL/wmhsawslQbfxVyv
5at3VKIdvPXr7GQvmhaJ3dllXiQixX7A+axevkwyZkuIcYLnuhvh6bCR3ap+4mq/
GRk4vwXStS6S8rDLAzo4GA4DsE4EDYJSnU13wMEaj1L9sYPVg1224AgCjnlIBbQa
ntGD3lY7+nG5q1BeVfZXmpNZ4+N4TSpu2uEBxNvWY2/YkaouleQXJ8W4eFirB1Eo
G8TN2fbroLcKgxhOlpvgFrfrgs8T5ZprpqQnvpE2h6M2Nu4JWJq4008q3uIPOwTy
o9MrquqOjdG0+OBHr8Ji5HwDKex68NRQhl8BYhqtPhi/+XycDo47YSodNBfw2U/Q
Ec9301/TQjBcvCBLEzrt
=sHPv
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/vivier2/tags/qemu-trivial-for-3.1-pull-request' into staging
QEMU trivial patches collected between June and October 2018
(Thank you to Thomas Huth)
v2: fix 32bit build with updated patch (v3) from Philippe Mathieu-Daudé
built in a 32bit debian sid chroot
# gpg: Signature made Tue 30 Oct 2018 11:23:01 GMT
# gpg: using RSA key F30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg: aka "Laurent Vivier <laurent@vivier.eu>"
# gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C
* remotes/vivier2/tags/qemu-trivial-for-3.1-pull-request:
milkymist-minimac2: Use qemu_log_mask(GUEST_ERROR) instead of error_report
ppc: move at24c to its own CONFIG_ symbol
hw/intc/gicv3: Remove useless parenthesis around DIV_ROUND_UP macro
hw/pci-host: Remove useless parenthesis around DIV_ROUND_UP macro
tests/bios-tables-test: Remove an useless cast
xen: Use the PCI_DEVICE macro
qobject: Catch another straggler for use of qdict_put_str()
configure: Support pkg-config for zlib
tests: Fix typos in comments and help message (found by codespell)
cpu.h: fix a typo in comment
linux-user: fix comment s/atomic_write/atomic_set/
qemu-iotests: make 218 executable
scripts/qemu.py: remove trailing quotes on docstring
scripts/decodetree.py: remove unused imports
docs/devel/testing.rst: add missing newlines after code block
qemu-iotests: fix filename containing checks
tests/tcg/README: fix location for lm32 tests
memory.h: fix typos in comments
vga_int: remove unused function protype
configs/alpha: Remove unused CONFIG_PARALLEL_ISA switch
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
qemu_log_mask(GUEST_ERROR) is more appropriate:
$ qemu -d help
Log items (comma separated):
guest_errors log when the guest OS does something invalid (eg accessing a non-existent register)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Michael Walle <michael@walle.cc>
Message-Id: <20181029130034.26750-1-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
AT24c EEPROM is currently gated by CONFIG_I2C, and as such it is
being included in all emulators that use I2C, even if they do not
really need it. Separate it and, since it was added for the e500
machines, add it to qemu-system-ppc and qemu-system-ppc64.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20180522191743.12872-1-pbonzini@redhat.com>
[lv: rebase]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
According to qdev-properties.h, properties of pointer type should
be avoided, it seems a link type property is a good substitution.
Cc: Jan Kiszka <jan.kiszka@web.de>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20181022074050.19638-3-maozhongyi@cmss.chinamobile.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
See qemu_spice_add_display_interface(), the console index is also used
as channel id. So put that into the qxl->id field too.
In typical use cases (one primary qxl-vga device, optionally one or more
secondary qxl devices, no non-qxl display devices) this doesn't change
anything.
With this in place the qxl->id can not be used any more to figure
whenever a given device is primary (with vga compat mode) or secondary.
So add a bool to track this.
Cc: spice-devel@lists.freedesktop.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20181012114540.27829-1-kraxel@redhat.com
This can avoid setting OCHIState.num_ports to a negative num.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Message-id: 1540263618-18344-1-git-send-email-liq3ea@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
TYPE_XEN_PT_DEVICE is a subclass of TYPE_PCI_DEVICE, the clean way
to access the PCIDevice pointer is using the PCI_DEVICE() macro.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20180705155811.20366-4-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
This pull request contains a handful of patches that have been floating
around various trees for a while but haven't made it upstream. These
patches all appear quite safe. They're all somewhat independent from
each other:
* One refactors our IRQ management function to allow multiple interrupts
to be raised an once. This patch has no functional difference.
* Cleaning up the op_helper/cpu_helper split. This patch has no
functional difference.
* Updates to various constants to keep them in sync with the latest ISA
specification and to remove some non-standard bits that snuck in.
* A fix for a memory leak in the PLIC driver.
* A fix to our device tree handling to avoid provinging a NULL string.
I've given this my standard test: building the port, booting a Fedora
root filesytem on the latest Linux tag, and then shutting down that
image. Essentially I'm just following the QEMU RISC-V wiki page's
instructions. Everything looks fine here.
We have a lot more outstanding patches so I'll definately be submitting
another PR for the soft freeze.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAlvHmPATHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRDvTKFQLMurQforD/47/fuqbXlH2YZw5kNIuc/s0ULLOQFy
yqiBig350IzO5fHZuiPeWdLJjlB4HXgif5O7yFuePTppG+3dl8IOf+hreMopia7K
HaOG368vS1vQBDRhdw9OSDqeHipb9PF3zLoj0WWzngxrazg5WTyqX24k7Z/hCtco
dP1dY8rCCgWAgyNE3yJki1Y/+KnubX0L3kmpoFQYp0otXmMG/IA+5KRKal4Jml03
Z1puymvQNYyk+vI9gRPyjGQfbLeDn2jKghY0COad1u3okbfef9irDilmwCoFxhAA
qW6ThXKsyIbYF/uEhqjfcvh6SSIu/q3OtLKFmTGwzWI+Df6eumcdLDW07OLKUpY1
Xj7/6LqmeGfKMbe6b6JUfGwdf/4EpQ0byhGWBOjhj7CRyhtOryHrhBs15I3Fc57I
QlBKrQXmETOiW++CC+h2BqLwdnJ8nlelzSLb96FzFGrYcVRlnAlof+n+1sMQPWNy
quVyIWe4dZteJjJuTC1fnju4+LTH6sQCmhrvz10Jk1Hed1BYneww4D/bWc/Gzzgx
FiIQud+7WvUYilwhGmzWOcHxPa2NYJvmJErW8asLXOvERd33cfbcyxjj4GCVpe/F
vfZiubP+Pm95qXN31ahXB4SziFEw3I6IPLvCndFcLQSV2GvvF639xgcQEZ6m4xiV
LahYSgwjWSkPwQ==
=+IgM
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/riscv/tags/riscv-for-master-3.1-sf0' into staging
First RISC-V Patch Set for the 3.1 Soft Freeze
This pull request contains a handful of patches that have been floating
around various trees for a while but haven't made it upstream. These
patches all appear quite safe. They're all somewhat independent from
each other:
* One refactors our IRQ management function to allow multiple interrupts
to be raised an once. This patch has no functional difference.
* Cleaning up the op_helper/cpu_helper split. This patch has no
functional difference.
* Updates to various constants to keep them in sync with the latest ISA
specification and to remove some non-standard bits that snuck in.
* A fix for a memory leak in the PLIC driver.
* A fix to our device tree handling to avoid provinging a NULL string.
I've given this my standard test: building the port, booting a Fedora
root filesytem on the latest Linux tag, and then shutting down that
image. Essentially I'm just following the QEMU RISC-V wiki page's
instructions. Everything looks fine here.
We have a lot more outstanding patches so I'll definately be submitting
another PR for the soft freeze.
# gpg: Signature made Wed 17 Oct 2018 21:17:52 BST
# gpg: using RSA key EF4CA1502CCBAB41
# gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>"
# gpg: aka "Palmer Dabbelt <palmer@sifive.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 00CE 76D1 8349 60DF CE88 6DF8 EF4C A150 2CCB AB41
* remotes/riscv/tags/riscv-for-master-3.1-sf0:
RISC-V: Don't add NULL bootargs to device-tree
RISC-V: Add missing free for plic_hart_config
RISC-V: Update CSR and interrupt definitions
RISC-V: Move non-ops from op_helper to cpu_helper
RISC-V: Allow setting and clearing multiple irqs
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20181001063803.22330-3-clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20181001063803.22330-2-clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Let's trace the address and the id of a memory device when
pre_plugging/plugging/unplugging succeeded.
Trace it when pre_plugging as well as when plugging, so we really know
when a specific address is actually used.
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181005092024.14344-17-david@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
With the new memory device functions in place, we can factor out
unplugging of memory devices completely.
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181005092024.14344-16-david@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
With the new memory device functions in place, we can factor out
plugging of memory devices completely.
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181005092024.14344-15-david@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Paolo Bonzini