From d688e5239aad2a1f991147974832ce026f78c1a3 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 20 Nov 2012 08:16:51 +0000 Subject: [PATCH 1/6] hw/ide/macio: Fix segfault caused by NULL DMAContext* MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pass qemu_sglist_init the global dma_context_memory rather than a NULL pointer; this fixes a segfault in dma_memory_map() when the guest starts using DMA. Reported-by: Amadeusz Sławiński Signed-off-by: Peter Maydell Signed-off-by: Alexander Graf --- hw/ide/macio.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/ide/macio.c b/hw/ide/macio.c index 720af6ed9b..d2edcc0850 100644 --- a/hw/ide/macio.c +++ b/hw/ide/macio.c @@ -76,7 +76,8 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret) s->io_buffer_size = io->len; - qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL); + qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, + &dma_context_memory); qemu_sglist_add(&s->sg, io->addr, io->len); io->addr += io->len; io->len = 0; @@ -132,7 +133,8 @@ static void pmac_ide_transfer_cb(void *opaque, int ret) s->io_buffer_index = 0; s->io_buffer_size = io->len; - qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL); + qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, + &dma_context_memory); qemu_sglist_add(&s->sg, io->addr, io->len); io->addr += io->len; io->len = 0; From f0cc4aa8450376ca2aee3ebb09db71f9f2ff333b Mon Sep 17 00:00:00 2001 From: Julio Guerra Date: Fri, 19 Oct 2012 00:17:13 +0000 Subject: [PATCH 2/6] PPC: Fix missing TRACE exception This patch fixes bug 1031698 : https://bugs.launchpad.net/qemu/+bug/1031698 If we look at the (truncated) translation of the conditional branch instruction in the test submitted in the bug post, the call to the exception helper is missing in the "bne-false" chunk of translated code : IN: bne- 0x1800278 OUT: 0xb544236d: jne 0xb5442396 0xb5442373: mov %ebp,(%esp) 0xb5442376: mov $0x44,%ebx 0xb544237b: mov %ebx,0x4(%esp) 0xb544237f: mov $0x1800278,%ebx 0xb5442384: mov %ebx,0x25c(%ebp) 0xb544238a: call 0x827475a ^^^^^^^^^^^^^^^^^^ 0xb5442396: mov %ebp,(%esp) 0xb5442399: mov $0x44,%ebx 0xb544239e: mov %ebx,0x4(%esp) 0xb54423a2: mov $0x1800270,%ebx 0xb54423a7: mov %ebx,0x25c(%ebp) Indeed, gen_exception(ctx, excp) called by gen_goto_tb (called by gen_bcond) changes ctx->exception's value to excp's : gen_bcond() { gen_goto_tb(ctx, 0, ctx->nip + li - 4); /* ctx->exception value is POWERPC_EXCP_BRANCH */ gen_goto_tb(ctx, 1, ctx->nip); /* ctx->exception now value is POWERPC_EXCP_TRACE */ } Making the following gen_goto_tb()'s test false during the second call : if ((ctx->singlestep_enabled & (CPU_BRANCH_STEP | CPU_SINGLE_STEP)) && ctx->exception == POWERPC_EXCP_BRANCH /* false...*/) { target_ulong tmp = ctx->nip; ctx->nip = dest; /* ... and this is the missing call */ gen_exception(ctx, POWERPC_EXCP_TRACE); ctx->nip = tmp; } So the patch simply adds the missing matching case, fixing our problem. Signed-off-by: Julio Guerra Signed-off-by: Alexander Graf --- target-ppc/translate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target-ppc/translate.c b/target-ppc/translate.c index 16b9c5dd57..987b04eda5 100644 --- a/target-ppc/translate.c +++ b/target-ppc/translate.c @@ -3473,7 +3473,8 @@ static inline void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest) if (unlikely(ctx->singlestep_enabled)) { if ((ctx->singlestep_enabled & (CPU_BRANCH_STEP | CPU_SINGLE_STEP)) && - ctx->exception == POWERPC_EXCP_BRANCH) { + (ctx->exception == POWERPC_EXCP_BRANCH || + ctx->exception == POWERPC_EXCP_TRACE)) { target_ulong tmp = ctx->nip; ctx->nip = dest; gen_exception(ctx, POWERPC_EXCP_TRACE); From 752ced0488806830f18f96b60ae6f3d1fadfd089 Mon Sep 17 00:00:00 2001 From: Alexey Kardashevskiy Date: Mon, 19 Nov 2012 15:40:47 +0000 Subject: [PATCH 3/6] kvm: fix incorrect length in a loop over kvm dirty pages map QEMU allocates a map enough for 4k pages. However the system page size can be 64K (for example on POWER) and the host kernel uses only a small part of it as one big stores a dirty flag for 16 pages 4K each, the hpratio variable stores this ratio and the kvm_get_dirty_pages_log_range function handles it correctly. However kvm_get_dirty_pages_log_range still goes beyond the data provided by the host kernel which is not correct. It does not cause errors at the moment as the whole bitmap is zeroed before doing KVM ioctl. The patch reduces number of iterations over the map. Signed-off-by: Alexey Kardashevskiy Signed-off-by: Alexander Graf --- kvm-all.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kvm-all.c b/kvm-all.c index 3bc3347d07..8e9a8d8fd2 100644 --- a/kvm-all.c +++ b/kvm-all.c @@ -364,7 +364,7 @@ static int kvm_get_dirty_pages_log_range(MemoryRegionSection *section, unsigned int i, j; unsigned long page_number, c; hwaddr addr, addr1; - unsigned int len = ((section->size / TARGET_PAGE_SIZE) + HOST_LONG_BITS - 1) / HOST_LONG_BITS; + unsigned int len = ((section->size / getpagesize()) + HOST_LONG_BITS - 1) / HOST_LONG_BITS; unsigned long hpratio = getpagesize() / TARGET_PAGE_SIZE; /* From 70c68cf638b4cf44a42a937622deac3ad3c7833c Mon Sep 17 00:00:00 2001 From: Alexey Kardashevskiy Date: Mon, 12 Nov 2012 16:46:59 +0000 Subject: [PATCH 4/6] pseries: Fix bug in PCI MSI allocation In one of the recent reworks to the XICS code, a bug was introduced where we use the wrong sense and allocate level interrupts instead of message interrupts for PCI MSIs. This patch fixes it. Signed-off-by: Alexey Kardashevskiy Signed-off-by: David Gibson Signed-off-by: Alexander Graf --- hw/spapr_pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/spapr_pci.c b/hw/spapr_pci.c index a08ed11166..3c5b855bc0 100644 --- a/hw/spapr_pci.c +++ b/hw/spapr_pci.c @@ -351,7 +351,7 @@ static void rtas_ibm_change_msi(sPAPREnvironment *spapr, /* There is no cached config, allocate MSIs */ if (!phb->msi_table[ndev].nvec) { - irq = spapr_allocate_irq_block(req_num, true); + irq = spapr_allocate_irq_block(req_num, false); if (irq < 0) { fprintf(stderr, "Cannot allocate MSIs for device#%d", ndev); rtas_st(rets, 0, -1); /* Hardware error */ From c4d88267ae76810420295a1682cf779c49f3ddec Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 22 Nov 2012 06:48:45 +0000 Subject: [PATCH 5/6] vl.c: Fix broken -usb option Commit 094b287f0b accidentally broke the "-usb" command line option, so it would have no effect if the user had not specified any machine options at that point. (the return value from 'qemu_opts_find(qemu_find_opts("machine"), 0);' is NULL if there are no user specified options, so it is only to be used for looking up an option, not when trying to set one.) Similarly, would '-usbdevice' no longer cause USB to default to enabled. Fix this regression by using the same style of code for forcing the usb=on machine option that we use for other aliases such as '-enable-kvm'. Signed-off-by: Peter Maydell Signed-off-by: Alexander Graf --- vl.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/vl.c b/vl.c index c8e9c782d6..a3ab3841a7 100644 --- a/vl.c +++ b/vl.c @@ -3273,16 +3273,12 @@ int main(int argc, char **argv, char **envp) break; } case QEMU_OPTION_usb: - machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0); - if (machine_opts) { - qemu_opt_set_bool(machine_opts, "usb", true); - } + olist = qemu_find_opts("machine"); + qemu_opts_parse(olist, "usb=on", 0); break; case QEMU_OPTION_usbdevice: - machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0); - if (machine_opts) { - qemu_opt_set_bool(machine_opts, "usb", true); - } + olist = qemu_find_opts("machine"); + qemu_opts_parse(olist, "usb=on", 0); add_device_config(DEV_USB, optarg); break; case QEMU_OPTION_device: From 6e72719e721a40fe1224701ca10edc1caf0cd708 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 26 Nov 2012 19:49:58 +0100 Subject: [PATCH 6/6] fbdev: fix pixman compile on old pixman MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit My QEMU compile failed with the following error: qemu-pixman.c: In function ‘qemu_pixman_get_type’: qemu-pixman.c:24: error: ‘PIXMAN_TYPE_BGRA’ undeclared (first use in this function) qemu-pixman.c:24: error: (Each undeclared identifier is reported only once qemu-pixman.c:24: error: for each function it appears in.) Guard the PIXMAN_TYPE_BGRA branch like in the case right above the failing case, so that compilation is fixed. Functionality on such old pixman is a different question ;-). Signed-off-by: Alexander Graf --- qemu-pixman.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/qemu-pixman.c b/qemu-pixman.c index ac7bc018ec..e46e1804f6 100644 --- a/qemu-pixman.c +++ b/qemu-pixman.c @@ -21,7 +21,9 @@ int qemu_pixman_get_type(int rshift, int gshift, int bshift) if (rshift == 0) { type = PIXMAN_TYPE_ABGR; } else { +#if PIXMAN_VERSION >= PIXMAN_VERSION_ENCODE(0, 21, 8) type = PIXMAN_TYPE_BGRA; +#endif } } return type;