* remotes/kraxel/tags/pull-vga-20170111-1:
virtio-gpu: tag as not hotpluggable
virtio-gpu: Fix memory leak in virtio_gpu_load()
virtio-gpu: Recalculate VirtIOGPU::hostmem on VM load
display: cirrus: ignore source pitch value as needed in blit_is_unsafe
virtio-gpu: fix information leak in capset get dispatch
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 12 Jan 2017 13:21:32 +0000 (13:21 +0000)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20170110' into staging
TCG opcodes for extract, clz, ctz, ctpop
# gpg: Signature made Wed 11 Jan 2017 02:12:41 GMT
# gpg: using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg: aka "Richard Henderson <rth@redhat.com>"
# gpg: aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC 16A4 AD12 70CC 4DD0 279B
* remotes/rth/tags/pull-tcg-20170110: (65 commits)
tcg/i386: Handle ctpop opcode
tcg/ppc: Handle ctpop opcode
tcg: Use ctpop to generate ctz if needed
tests: New test-bitcnt
qemu/host-utils.h: Reduce the operation count in the fallback ctpop
target-i386: Use ctpop helper
target-tilegx: Use ctpop helper
target-sparc: Use ctpop helper
target-s390x: Avoid a loop for popcnt
target-ppc: Use ctpop helper
target-alpha: Use ctpop helper
tcg: Add opcode for ctpop
target-xtensa: Use clrsb helper
target-tricore: Use clrsb helper
target-arm: Use clrsb helper
tcg: Add helpers for clrsb
tcg/i386: Rely on undefined/undocumented behaviour of BSF/BSR
tcg/i386: Handle ctz and clz opcodes
tcg/i386: Allow bmi2 shiftx to have non-matching operands
tcg/i386: Hoist common arguments in tcg_out_op
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Greg Kurz [Wed, 11 Jan 2017 08:49:32 +0000 (09:49 +0100)]
libqtest: handle zero length memwrite/memread
Some recently added tests pass a zero length to qtest_memwrite().
Unfortunately, the qtest protocol doesn't implement an on-the-wire
syntax for zero-length writes and the current code happily sends
garbage to QEMU. This causes intermittent failures.
It isn't worth the pain to enhance the protocol, so this patch
simply fixes the issue by "just return, doing nothing". The same
fix is applied to qtest_memread() since the issue also exists in
the QEMU part of the "memread" command.
Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 148412457273.22750.983275587432075569.stgit@bahia Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 9 Jan 2017 13:38:43 +0000 (13:38 +0000)]
virtio-gpu: Fix memory leak in virtio_gpu_load()
Coverity points out that if we fail in the "creating resources"
loop in virtio_gpu_load() we will leak various resources (CID 1356431).
Failing a VM load is going to leave the simulation in a complete mess,
but we can tidy up to the point that a full system reset should
get us back to sanity.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1483969123-14839-3-git-send-email-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Peter Maydell [Mon, 9 Jan 2017 13:38:42 +0000 (13:38 +0000)]
virtio-gpu: Recalculate VirtIOGPU::hostmem on VM load
The 'hostmem' field in VirtIOGPU is used to track the total memory
used in pixmaps so that we can impose a maximum limit on it.
However this field is neither migrated nor recalculated on
VM load, which means that after a migration it will be incorrectly
too low, which can allow the guest to use more pixmap memory
than it should. The per-resource hostmem fields are not filled
in either as we reallocate them in the load function.
Recalculate the memory used for each pixmap and the total memory
used as we reallocate the pixmaps in virtio_gpu_load().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1483969123-14839-2-git-send-email-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Bruce Rogers [Mon, 9 Jan 2017 20:35:20 +0000 (13:35 -0700)]
display: cirrus: ignore source pitch value as needed in blit_is_unsafe
Commit 4299b90 added a check which is too broad, given that the source
pitch value is not required to be initialized for solid fill operations.
This patch refines the blit_is_unsafe() check to ignore source pitch in
that case. After applying the above commit as a security patch, we
noticed the SLES 11 SP4 guest gui failed to initialize properly.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Message-id: 20170109203520.5619-1-brogers@suse.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Li Qiang [Tue, 1 Nov 2016 12:37:57 +0000 (05:37 -0700)]
virtio-gpu: fix information leak in capset get dispatch
In virgl_cmd_get_capset function, it uses g_malloc to allocate
a response struct to the guest. As the 'resp'struct hasn't been full
initialized it will lead the 'resp->padding' field to the guest.
Use g_malloc0 to avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 58188cae.4a6ec20a.3d2d1.aff2@mx.google.com
Alex Bennée [Fri, 9 Dec 2016 14:36:00 +0000 (14:36 +0000)]
tests: New test-bitcnt
Add some unit tests for bit count functions (currently only ctpop). As
the routines are based on the Hackers Delight optimisations I based
the test patterns on their tests.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
The number of actual invocations of ctpop itself does not warrent
an opcode, but it is very helpful for POWER7 to use in generating
an expansion for ctz.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
tcg/i386: Rely on undefined/undocumented behaviour of BSF/BSR
The ISA manual documents the output is undefined if the input was zero.
However, we document in target-i386 that the behavior of real silicon
is to preserve the contents of the output register. We also mention
that there are real applications that depend on this. That this is
baked into silicon is mentioned as a potential cause for some false
sharing behaviour wrt lzcnt/tzcnt.
Taking advantage of this allows us to save 2 insns in the normal case,
and 4 insns for i686 emulating a 64-bit clz.
Signed-off-by: Richard Henderson <rth@twiddle.net>
tcg: Pass the opcode width to target_parse_constraint
This will let us choose how to interpret a given constraint
depending on whether the opcode is 32- or 64-bit. Which will
let us share more constraint combinations between opcodes.
At the same time, change the interface to return the advanced
pointer instead of passing it in/out by reference.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
A couple of places where it was easy to identify a right-shift
followed by an extract or and-with-immediate, and the obvious
sign-extract from a high byte register.
Acked-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
* remotes/kraxel/tags/pull-ui-20170110-1:
ps2: Fix lost scancodes by recent changes
curses: Fix compiler warnings (Mingw-w64 redefinition of macro KEY_EVENT)
ui/vnc: Fix problem with sending too many bytes as server name
gtk: avoid oob array access
egl-helpers: Change file licensing to LGPLv2
sdl2: set window ID
console: move window ID code from baum to sdl
console: add API to get underlying gui window ID
ui: use evdev keymap when running under wayland
ui/gtk: fix crash at startup when no console is available
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 10 Jan 2017 10:46:21 +0000 (10:46 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, vhost, pc: fixes, features
beginnings of iotlb support for vhost
acpi hotplug rework
vhost net tx flush on link down
passing mtu to guests
hotplug for virtio crypto
fixes and cleanups all over the place
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 10 Jan 2017 05:37:48 GMT
# gpg: using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream: (41 commits)
acpi-test: update expected files
memhp: move DIMM devices into dedicated scope with related common methods
memhp: don't generate memory hotplug AML if it's not enabled/supported
memhp: move memory hotplug only defines to memory_hotplug.c
memhp: move GPE handler_E03 into build_memory_hotplug_aml()
memhp: merge build_memory_devices() into build_memory_hotplug_aml()
memhp: consolidate scattered MHPD device declaration
memhp: move build_memory_devices() into memory_hotplug.c
memhp: move build_memory_hotplug_aml() into memory_hotplug.c
tests: pc: add memory hotplug acpi tables tests
virtio-net: Add MTU feature support
vhost-net: Notify the backend about the host MTU
vhost-user: Add MTU protocol feature and op
net: virtio-net discards TX data after link down
virtio: Introduce virtqueue_drop_all procedure
net: vhost stop updates virtio queue state
net: Add virtio queue interface to update used index from vring state
balloon: Don't balloon roms
virtio: fix vq->inuse recalc after migr
pcie_aer: support configurable AER capa version
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Weil [Sat, 19 Nov 2016 18:53:18 +0000 (19:53 +0100)]
curses: Fix compiler warnings (Mingw-w64 redefinition of macro KEY_EVENT)
For builds with Mingw-w64 as it is included in Cygwin, there are two
header files which define KEY_EVENT with different values.
This results in lots of compiler warnings like this one:
CC vl.o
In file included from /qemu/include/ui/console.h:340:0,
from /qemu/vl.c:76:
/usr/i686-w64-mingw32/sys-root/mingw/include/curses.h:1522:0: warning: "KEY_EVENT" redefined
#define KEY_EVENT 0633 /* We were interrupted by an event */
In file included from /usr/share/mingw-w64/include/windows.h:74:0,
from /usr/share/mingw-w64/include/winsock2.h:23,
from /qemu/include/sysemu/os-win32.h:29,
from /qemu/include/qemu/osdep.h:100,
from /qemu/vl.c:24:
/usr/share/mingw-w64/include/wincon.h:101:0: note: this is the location of the previous definition
#define KEY_EVENT 0x1
QEMU only uses the KEY_EVENT macro from wincon.h.
Therefore we can undefine the macro coming from curses.h.
The explicit include statement for curses.h in ui/curses.c is not needed
and was removed.
Those two modifications fix the redefinition warnings.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-id: 20161119185318.10564-1-sw@weilnetz.de Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Thomas Huth [Mon, 21 Nov 2016 17:25:15 +0000 (18:25 +0100)]
ui/vnc: Fix problem with sending too many bytes as server name
If the buffer is not big enough, snprintf() does not return the number
of bytes that have been written to the buffer, but the number of bytes
that would be needed for writing the whole string. By using this value
for the following vnc_write() calls, we send some junk at the end of
the name in case the qemu_name is longer than 1017 bytes, which could
confuse the VNC clients. Fix this by adding an additional size check
here.
Buglink: https://bugs.launchpad.net/qemu/+bug/1637447 Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1479749115-21932-1-git-send-email-thuth@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Samuel Thibault [Wed, 21 Dec 2016 00:38:04 +0000 (01:38 +0100)]
console: add API to get underlying gui window ID
This adds two console functions, qemu_console_set_window_id and
qemu_graphic_console_get_window_id, to let graphical backend record the
window id in the QemuConsole structure, and let the baum driver read it.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-id: 20161221003806.22412-2-samuel.thibault@ens-lyon.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Wayland always uses evdev as its input source, so QEMU
can use the existing evdev keymap data
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Tested-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20161201094117.16407-1-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ui/gtk: fix crash at startup when no console is available
This patch fixes a segfault at QEMU startup, introduced in a08156321ab9a7d2fed9ee77dbfeea2a61ffd153.
gd_vc_find_current() return NULL, which is dereferenced without checking it.
While at it, disable the whole 'View' menu if no console exists.
Igor Mammedov [Mon, 5 Dec 2016 23:32:29 +0000 (00:32 +0100)]
memhp: move DIMM devices into dedicated scope with related common methods
Move DIMM devices from global _SB scope to a new \_SB.MHPC
container along with common methods used by DIMMs:
MCRS, MRST, MPXM, MOST, MEJ00, MSCN, MTFY
this reduces AML size on 12 * #slots bytes,
i.e. up to 3072 bytes for 265 slots.
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Igor Mammedov [Mon, 5 Dec 2016 23:32:28 +0000 (00:32 +0100)]
memhp: don't generate memory hotplug AML if it's not enabled/supported
That reduces DSDT by 910 bytes when memory hotplug
isn't enabled.
While doing so drop intermediate variables/arguments
passing around ACPI_MEMORY_HOTPLUG_IO_LEN and making
it local to memory_hotplug.c, hardcoding it there as
it can't change.
Also don't pass around ACPI_MEMORY_HOTPLUG_BASE through
intermediate variables/arguments where it's not needed.
Instead initialize in module static variable when MMIO
region is mapped and use that within memory_hotplug.c
whenever it's required.
That way MMIO base specified only at one place and AML
with MMIO would always use the same value.
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
projects / qemu-xen.git / log