SPARC64: fix VIS1 SIMD signed compare instructions
The destination registers of SIMD signed compare instructions
(fcmp*<16|32>) are not FP registers but general purpose r registers.
Comparisons should be freg_rs1 CMP freg_rs2, that were reversed.
Signed-off-by: Tsuneo Saito <tsnsaito@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Blue Swirl [Wed, 20 Jul 2011 20:23:01 +0000 (20:23 +0000)]
Merge branch 'for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm
* 'for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
target-arm: Fix BASEPRI, BASEPRI_MAX, and FAULTMASK access
target-arm: Minimal implementation of performance counters
Revert "Makefile.target: Allow target helpers to be in any *_helper.c file"
Revert "target-arm: Use global env in neon_helper.c helpers"
target-arm: Pass fp status pointer explicitly to neon fp helpers
target-arm: Make VFP binop helpers take pointer to fpstatus, not CPUState
target-arm: Add helper function to generate code to get fpstatus pointer
Revert "target-arm: Use global env in iwmmxt_helper.c helpers"
Amit Shah [Thu, 7 Jul 2011 12:05:27 +0000 (17:35 +0530)]
virtio-console: Prevent abort()s in case of host chardev close
A host chardev could close just before the guest sends some data to be
written. This will cause an -EPIPE error. This shouldn't be propagated
to virtio-serial-bus.
Ideally we should close the port once -EPIPE is received, but since the
chardev interface doesn't return such meaningful values to its users,
all we get is -1 for any kind of error. Just return 0 for now and wait
for chardevs to return better error messages to act better on the return
messages.
vhost dev stop failed to clear the log field.
Typically not an issue as dev start overwrites this field,
but if logging gets disabled before the following start,
it doesn't so this causes a double free.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Alexander Graf [Sun, 3 Jul 2011 07:44:48 +0000 (09:44 +0200)]
xen_console: fall back to qemu serial device
The new xen_console protocol changed the default xen_console output device
from whatever Qemu chose to whatever xenstore choses and "pty" as fallback.
This is not how Qemu works. It has its own serial redirection semantics. So
it xenstore doesn't contain information on what to do, Qemu is the place to
ask.
xen_console: support the new extended xenstore protocol
Since CS 21994 on xen-unstable.hg and CS 466608f3a32e1f9808acdf832a5843af37e5fcec on qemu-xen-unstable.git, few
changes have been introduced to the PV console xenstore protocol, as
described by the document docs/misc/console.txt under xen-unstable.hg.
From the Qemu point of view, very few modifications are needed to
correctly support the protocol: read from xenstore the "output" node
that tell us what the output of the PV console is going to be.
In case the output is a tty, write to xenstore the device name.
Changes in v2:
- fix error paths: free malloc'ed strings and close the xenstore
connection before returning;
- remove useless snprintf in xenstore_store_pv_console_info if i == 0.
Changes in v3:
- replace xs_daemon_open/xs_daemon_close with xs_open/xs_close.
Changes in v4:
- add a compatibility implementation of xs_open/xs_close.
Changes in v5:
- fix code style.
[agraf] fix build error due to missing stub
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Alexander Graf <agraf@suse.de>
checkpatch currently errors out, claiming that spaces need to follow
commas. However, this particular style of defining structs is pretty
common in qemu code and very readable. So let's declare it as supported
for the above case.
Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Alexander Graf <agraf@suse.de>
Register the vkbd backend even when running as device emulator for HVM
guests: it is useful because it doesn't need a frequent timer like usb.
Check whether the XenInput DisplayState has been set in the initialise
state, rather than the input state.
In case the DisplayState hasn't been set and there is no vfb for this
domain, then set the XenInput DisplayState to the default one.
Changed in v2:
- use qemu_free instead of free;
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Alexander Graf <agraf@suse.de>
Jan Kiszka [Tue, 21 Jun 2011 20:59:09 +0000 (22:59 +0200)]
xen: Fold CONFIG_XEN_MAPCACHE into CONFIG_XEN
Xen won't be enabled if there is no backend support available for the
host. And that also means the map cache will work. So drop the separate
config switch and move the required stubs over to xen-stub.c.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Alexander Graf <agraf@suse.de>
Jan Kiszka [Tue, 21 Jun 2011 20:59:07 +0000 (22:59 +0200)]
xen: Clean up build system
Introduce CONFIG_XEN_BACKEND so that this new config solely controls the
target-independent backend build and CONFIG_XEN can focus on per-target
building.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Alexander Graf <agraf@suse.de>
Changes since v1:
- take pthread_sigmask() out of the ifdef as it is now common
to both parts.
This fix effectively blocks, in the main thread, the signals handled
by signalfd or the compatibility signal thread.
This way, such signals are received synchronously in the main thread
through sigfd_handler() instead of triggering the signal handler
directly, asynchronously.
Signed-off-by: Alexandre Raymond <cerbere@gmail.com> Acked-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Peter Maydell [Wed, 22 Jun 2011 14:40:06 +0000 (15:40 +0100)]
tcg/README: Expand advice on number of TCG ops per target insn
Expand the note on the number of TCG ops generated per target insn,
to be clearer about the range of applicability of the 20 op rule
of thumb. Also add a note about the hard MAX_OP_PER_INSTR limit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Peter Maydell [Tue, 12 Jul 2011 20:27:15 +0000 (21:27 +0100)]
linux-user/signal.c: Rename s390 target_ucontext fields to fix ia64
The ia64 sys/ucontext.h defines macros 'uc_link', 'uc_sigmask' and
'uc_stack'. Rename the s390 target_ucontext struct members to tuc_*,
bringing them into line with the other targets and fixing a compile
failure on ia64 hosts caused by this clash.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
linux-user: make MIPS and ARM eabi use same argument reordering
MIPS uses similar calling convention than ARM eabi, where when using
64-bit values some registers are skipped. This patch makes MIPS and ARM
eabi share the argument reordering code.
This affects ftruncate64, creating insane sized fails (or just failing).
Cc: Wesley W. Terpstra <terpstra@debian.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The syscall #123 on SH4 should be "TARGET_NR_cacheflush" instead of
"TARGET_NR_modify_ldt" [1]. The only consequence of this misnaming is
that many "Unsupported syscall" warnings are issued when emulating JIT
compilers.
Reported-by: Cédric VINCENT <cedric.vincent@st.com> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Stefan Hajnoczi [Sat, 9 Jul 2011 09:22:07 +0000 (10:22 +0100)]
os-posix: set groups properly for -runas
Andrew Griffiths reports that -runas does not set supplementary group
IDs. This means that gid 0 (root) is not dropped when switching to an
unprivileged user.
Add an initgroups(3) call to use the -runas user's /etc/groups
membership to update the supplementary group IDs.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
esp: cancel current request only if some request is in flight
This bug was introduced in 94d3f98a3f3caddd7875f9a11776daeb84962a7b:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.
This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Peter Maydell [Mon, 4 Jul 2011 21:02:46 +0000 (22:02 +0100)]
target-alpha, target-ppc: Remove unnecessary setjmp.h include
Remove the include of setjmp.h from the cpu.h of target-alpha
and target-ppc. This is unnecessary because cpu-defs.h already
includes this header; this change brings these two targets
into line with all the rest.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Stefan Weil [Mon, 4 Jul 2011 18:52:38 +0000 (20:52 +0200)]
Remove unneeded setjmp.h (fix compilation on Debian "lenny")
Some versions of png.h cannot be included after setjmp.h,
even when PNG_SKIP_SETJMP_CHECK was defined.
setjmp.h was included from qemu-common.h and is not needed there.
Removing the include statement fixes compilation of ui/vnc-enc-tight.c
with CONFIG_VNC_PNG defined.
Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Jan Kiszka [Sat, 2 Jul 2011 07:50:51 +0000 (09:50 +0200)]
tcg: Reload local variables after return from longjmp
Recent compilers look deep into cpu_exec, find longjmp as a noreturn
function and decide to smash some stack variables as they won't be used
again. This may lead to env becoming invalid after return from setjmp,
causing crashes. Fix it by reloading env from cpu_single_env in that
case.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Peter Maydell [Wed, 22 Jun 2011 14:16:32 +0000 (15:16 +0100)]
exec-all.h: Make MAX_OP_PER_INSTR large enough for target-arm's uses
The target-arm frontend's worst-case TCG ops per instr is 194 (and in
general many of the "load multiple registers" ARM instructions generate
more than 100 TCG ops). Raise MAX_OP_PER_INSTR accordingly to avoid
possible buffer overruns.
Since it doesn't make any sense for the "64 bit guest on 32 bit host"
case to have a smaller limit than the normal case, we collapse the
two cases back into each other again.
(This increase costs us about 14K in extra static buffer space and
21K of extra margin at the end of a 32MB codegen buffer.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Peter Maydell [Wed, 22 Jun 2011 10:58:25 +0000 (11:58 +0100)]
exec.c: Fix calculation of code_gen_buffer_max_size
When calculating the point at which we should not try to put another
TB into the code gen buffer, we have to allow not just for OPC_MAX_SIZE
but OPC_BUF_SIZE. This is because the target translate.c will only
stop when an instruction has put it past the OPC_MAX_SIZE limit, so
we have to include the MAX_OP_PER_INSTR margin which that final insn
might have used.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Alexander Graf [Wed, 6 Jul 2011 07:09:23 +0000 (09:09 +0200)]
exec: add endian specific phys ld/st functions
Device code some times needs to access physical memory and does that
through the ld./st._phys functions. However, these are the exact same
functions that the CPU uses to access memory, which means they will
be endianness swapped depending on the target CPU.
However, devices don't know about the CPU's endianness, but instead
access memory directly using their own interface to the memory bus,
so they need some way to read data with their native endianness.
This patch adds _le and _be functions to ld./st._phys.
Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The codes for get/setrlimit differ between linux target platforms.
This patch adds conversion.
This is important else programs (rsyslog, python, ...) can go into a
near infinite loop trying to close all the file descriptors from 0 to
-1.
Signed-off-by: Wesley W. Terpstra <terpstra@debian.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Byte swap was applied in the wrong order with testing for
RLIM_INFINITY. On mips bigendian from an amd64 system this results in
infinity being misinterpretted as 2^31-1.
This is a serious bug because it causes setrlimit stack size to kill
all child processes. This means (for example) that 'make' can run no
children. The mechanism of failure:
1. parent sets stack size rlimit to 'infinity'
2. qemu screws this value up
3. child process fetches stack size as a large (but non-infinite) value
4. qemu tries to allocate stack before execution
5. stack allocation fails (too big) and child process dies
Signed-off-by: Wesley W. Terpstra <terpstra@debian.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Return -TARGET_ENOSYS instead of -ENOSYS from linux-user/main.c
* Caused strange 'Level 2 synchronization messages' instead of
correctly reporting the syscall was missing.
* Made glibc simply fail instead of using older syscalls
Signed-off-by: Riku Voipio <riku.voipio@linaro.org> Signed-off-by: Wesley W. Terpstra <terpstra@debian.org>
The syscall sigaltstack takes two parameters, not zero. This patch
should have no impact as only values above 4 influence the runtime
behaviour. Nevertheless, it is wrong.
Signed-off-by: Wesley W. Terpstra <terpstra@debian.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Enforce the same restriction on the size of the sigset passed to
pselect6 as the Linux kernel does. This is both correct and silences
a gcc 4.6 warning about a write-only variable.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Cédric VINCENT [Wed, 29 Jun 2011 13:09:10 +0000 (15:09 +0200)]
linux-user: Add support for more VT ioctls
DirectFB-1.0 uses at least two of the four added ioctls, and the two
others were added for completeness. This patch was validated with the
program "vlock -all/-new".
Cédric VINCENT [Wed, 29 Jun 2011 13:09:09 +0000 (15:09 +0200)]
linux-user: Add support for KD...LED ioctls
DirectFB-1.0 uses at least one of the four added ioctls, and the three
others were added for completeness. This patch was validated with the
program "setleds" and the following Makefile:
Cédric VINCENT [Wed, 29 Jun 2011 10:49:41 +0000 (12:49 +0200)]
arm-semi: Provide access to CLI arguments passed through the "-append" option
This patch basically adapts the new semi-hosting command-line support
-- introduced by Wolfgang Schildbach in the commit 2e8785ac -- for use
in system-mode.
Note that the "arm_cmdline_len" and "host_cmdline_len" variables were
renamed respectively "input_size" and "output_size" because:
* in C, the term "length" is generally used to count the number of
character in a string, not to count the number of bytes in a
buffer (as it is the case here).
* in QEMU, the term "host" is used to name variables that are in
the host address space, not to name variables in the target
address space (as it is the case here).
* in the case of this system-call, the terms "input" and "output"
fit the semantic of the official ARM semi-hosting specification
quite well.
I know renaming can be considered harmful but I do think in this case
the semantic really matters to keep this code more understandable.
Signed-off-by: Cédric VINCENT <cedric.vincent@st.com> Reviewed-by: Christophe Lyon <christophe.lyon@st.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Paul Brook <paul@codesourcery.com> Cc: Wolfgang Schildbach <wschi@dolby.com> Cc: Riku Voipio <riku.voipio@iki.fi> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Hans de Goede [Fri, 24 Jun 2011 12:26:18 +0000 (14:26 +0200)]
usb: assert on calling usb_attach(port, NULL) on a port without a dev
with the "usb-ehci: cleanup port reset handling" patch in place no callers
are calling usb_attach(port, NULL) for a port where port->dev is NULL.
Doing that makes no sense as that causes the port detach op to get called
for a port with nothing attached. Add an assert that port->dev != NULL when
dev == NULL, and remove the check for not having a port->dev in the dev == NULL
case.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Fri, 24 Jun 2011 10:31:11 +0000 (12:31 +0200)]
usb: Replace device_destroy bus op with a child_detach port op
Note this fixes 2 things in one go, first of all the device_destroy bus
op should be a device_detach bus op, as pending async packets from the
device should be cancelled on detach not on destroy.
Secondly having this as a bus op won't work with companion controllers, since
then there will be 1 bus driven by the ehci controller and thus 1 set of bus
ops, but the device being detached may be downstream of a handed over port.
Making the detach of a downstream device a port op allows the ehci controller
to forward this to the companion controller port for handed over ports.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Tue, 21 Jun 2011 09:52:28 +0000 (11:52 +0200)]
usb: Make port wakeup and complete ops take a USBPort instead of a Device
This makes them consistent with the attach and detach ops, and in general
it makes sense to make portops take a port as argument. This also makes
adding support for a companion controller easier / cleaner.
[ kraxel: fix usb-musb.c build ]
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Thu, 30 Jun 2011 10:05:19 +0000 (12:05 +0200)]
usb: Move (initial) call of usb_port_location to usb_fill_port
Cleanup / preparation patch for companion controller support. Note that
as a "side-effect" this patch also fixes the milkymist-softusb controller
not having a port_location set for its ports.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Peter Maydell [Tue, 14 Jun 2011 11:24:04 +0000 (12:24 +0100)]
hw/usb-musb.c: Don't misuse usb_packet_complete()
In musb_packet() handle final processing of non-asynchronous
USB packets by directly calling musb_schedule_cb() rather than
going through usb_packet_complete(). The latter will trigger
an assertion because the packet doesn't belong to a device.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Kevin Wolf [Mon, 4 Jul 2011 12:43:58 +0000 (14:43 +0200)]
ide: Initialise buffers with zeros
Just in case there's still a way how a guest can read out buffers when it's not
supposed to, let's zero the buffers during initialisation so that we don't leak
information to the guest.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Kevin Wolf [Mon, 4 Jul 2011 12:07:50 +0000 (14:07 +0200)]
ide: Ignore reads during PIO in and writes during PIO out
This fixes https://bugs.launchpad.net/qemu/+bug/786209:
When the DRQ_STAT bit is set, the IDE core permits both data reads
and data writes, regardless of whether the current transfer was
initiated as a read or write.
This potentially leaks uninitialized host memory into the guest,
if, before doing anything else to an IDE device, the guest begins a
write transaction (e.g. WIN_WRITE), but then *reads* from the IO
port instead of writing to it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
projects / qemu-upstream-4.5-testing.git / log