[Spice-commits] 23 commits - block.c block/vdi.c default-configs/mips-softmmu.mak default-configs/mips64-softmmu.mak default-configs/mipsel-softmmu.mak hw/char qapi/block-core.json qemu-img.c target-mips/cpu.h target-mips/translate.c target-mips/translate_init.c target-s390x/kvm.c tests/qemu-iotests
Gerd Hoffmann
kraxel at kemper.freedesktop.org
Mon Nov 10 23:56:19 PST 2014
block.c | 5 ---
block/vdi.c | 14 ++++++++-
default-configs/mips-softmmu.mak | 1
default-configs/mips64-softmmu.mak | 1
default-configs/mipsel-softmmu.mak | 1
hw/char/sclpconsole-lm.c | 12 +++++---
hw/char/sclpconsole.c | 12 +++++++-
hw/char/virtio-serial-bus.c | 2 -
qapi/block-core.json | 4 ++
qemu-img.c | 4 --
target-mips/cpu.h | 13 +++++++++
target-mips/translate.c | 20 ++++++++-----
target-mips/translate_init.c | 8 +++--
target-s390x/kvm.c | 10 +++---
tests/qemu-iotests/084 | 14 ++++-----
tests/qemu-iotests/084.out | 13 +++++----
tests/qemu-iotests/111 | 53 +++++++++++++++++++++++++++++++++++++
tests/qemu-iotests/111.out | 3 ++
tests/qemu-iotests/group | 1
19 files changed, 142 insertions(+), 49 deletions(-)
New commits:
commit 558c2c8ddfb165a36eb95dc93125c04829d68aa7
Merge: 7a8dda7 ea3beed
Author: Peter Maydell <peter.maydell at linaro.org>
Date: Mon Nov 10 16:28:51 2014 +0000
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches
# gpg: Signature made Mon 10 Nov 2014 09:42:07 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf at redhat.com>"
* remotes/kevin/tags/for-upstream:
block/vdi: Limit maximum size even futher
qapi: Complete BlkdebugEvent
iotests: Add test for non-existing backing file
block: Propagate error in bdrv_img_create()
qemu-img: Omit error_report() after img_open()
Signed-off-by: Peter Maydell <peter.maydell at linaro.org>
commit 7a8dda7e5d8035a10812bb9e852576c91de2dcdc
Merge: 2d91775 bb3e9e1
Author: Peter Maydell <peter.maydell at linaro.org>
Date: Mon Nov 10 14:58:59 2014 +0000
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20141105' into staging
Several bugfixes for s390x:
- instruction decoding and sparse warning in kvm
- overlong input and hangs in the sclp consoles
# gpg: Signature made Wed 05 Nov 2014 15:42:14 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc at linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck at de.ibm.com>"
* remotes/cohuck/tags/s390x-20141105:
s390x/sclpconsole: Avoid hanging SCLP ASCII console
s390x/sclpconsole-lm: Fix hanging SCLP line mode console
s390x/sclpconsole-lm: truncate input if line is too long
s390x/kvm: Fix warning from sparse
s390x/kvm: Fix opcode decoding for eb instruction handler
Signed-off-by: Peter Maydell <peter.maydell at linaro.org>
commit 2d9177588bde9881c6602284d1b0b08e4dfe361e
Merge: 7b4b7c5 cb269f2
Author: Peter Maydell <peter.maydell at linaro.org>
Date: Mon Nov 10 13:56:47 2014 +0000
Merge remote-tracking branch 'remotes/lalrae/tags/mips-20141107' into staging
* remotes/lalrae/tags/mips-20141107:
target-mips: fix multiple TCG registers covering same data
mips: Ensure PC update with MTC0 single-stepping
target-mips: fix for missing delay slot in BC1EQZ and BC1NEZ
mips: Set the CP0.Config3.DSP and CP0.Config3.DSP2P bits
mips: Add macros for CP0.Config3 and CP0.Config4 bits
mips: Respect CP0.Status.CU1 for microMIPS FP branches
mips: Remove CONFIG_VT82C686 from non-Fulong configs
Signed-off-by: Peter Maydell <peter.maydell at linaro.org>
commit 7b4b7c5fc7f25a161839802ca7d23f50f99e5174
Merge: 6e76d12 7eb7311
Author: Peter Maydell <peter.maydell at linaro.org>
Date: Mon Nov 10 11:58:39 2014 +0000
Merge remote-tracking branch 'remotes/amit/tags/vser-2.2.0-queue-2' into staging
Fixes a crash when a virtio-serial port is added without a name to it.
# gpg: Signature made Fri 07 Nov 2014 04:58:05 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit at amitshah.net>"
# gpg: aka "Amit Shah <amit at kernel.org>"
# gpg: aka "Amit Shah <amitshah at gmx.net>"
* remotes/amit/tags/vser-2.2.0-queue-2:
virtio-serial: avoid crash when port has no name
Signed-off-by: Peter Maydell <peter.maydell at linaro.org>
commit ea3beed41d2eeb33a09f1b538d1caea787a043b6
Merge: d21de4d d20418e
Author: Kevin Wolf <kwolf at redhat.com>
Date: Mon Nov 10 10:41:34 2014 +0100
Merge remote-tracking branch 'mreitz/block' into queue-block
* mreitz/block:
block/vdi: Limit maximum size even futher
commit d20418ee514774626ac47a1ad0aa9149c7249cf0
Author: Max Reitz <mreitz at redhat.com>
Date: Tue Oct 28 11:12:32 2014 +0100
block/vdi: Limit maximum size even futher
The block layer read and write functions do not like requests which are
bigger than INT_MAX bytes. Since the VDI bmap is read and written in a
single operation, its size is therefore limited accordingly. This
reduces the maximum VDI image size supported by QEMU to half of what it
currently is (down to approximately 512 TB).
The VDI test 084 has to be adapted accordingly. Actually, one could
clearly see that it was broken from the "Could not open
'TEST_DIR/t.IMGFMT': Invalid argument" line for an image which was
supposed to work just fine.
Signed-off-by: Max Reitz <mreitz at redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha at redhat.com>
Reviewed-by: Peter Lieven <pl at kamp.de>
diff --git a/block/vdi.c b/block/vdi.c
index e1d211c..39070b7 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -120,8 +120,18 @@ typedef unsigned char uuid_t[16];
#define VDI_IS_ALLOCATED(X) ((X) < VDI_DISCARDED)
-/* max blocks in image is (0xffffffff / 4) */
-#define VDI_BLOCKS_IN_IMAGE_MAX 0x3fffffff
+/* The bmap will take up VDI_BLOCKS_IN_IMAGE_MAX * sizeof(uint32_t) bytes; since
+ * the bmap is read and written in a single operation, its size needs to be
+ * limited to INT_MAX; furthermore, when opening an image, the bmap size is
+ * rounded up to be aligned on BDRV_SECTOR_SIZE.
+ * Therefore this should satisfy the following:
+ * VDI_BLOCKS_IN_IMAGE_MAX * sizeof(uint32_t) + BDRV_SECTOR_SIZE == INT_MAX + 1
+ * (INT_MAX + 1 is the first value not representable as an int)
+ * This guarantees that any value below or equal to the constant will, when
+ * multiplied by sizeof(uint32_t) and rounded up to a BDRV_SECTOR_SIZE boundary,
+ * still be below or equal to INT_MAX. */
+#define VDI_BLOCKS_IN_IMAGE_MAX \
+ ((unsigned)((INT_MAX + 1u - BDRV_SECTOR_SIZE) / sizeof(uint32_t)))
#define VDI_DISK_SIZE_MAX ((uint64_t)VDI_BLOCKS_IN_IMAGE_MAX * \
(uint64_t)DEFAULT_CLUSTER_SIZE)
diff --git a/tests/qemu-iotests/084 b/tests/qemu-iotests/084
index 2712c02..733018d 100755
--- a/tests/qemu-iotests/084
+++ b/tests/qemu-iotests/084
@@ -66,15 +66,15 @@ stat -c"disk image file size in bytes: %s" "${TEST_IMG}"
# check for image size too large
# poke max image size, and appropriate blocks_in_image value
-echo "Test 1: Maximum size (1024 TB):"
-poke_file "$TEST_IMG" "$ds_offset" "\x00\x00\xf0\xff\xff\xff\x03\x00"
-poke_file "$TEST_IMG" "$bii_offset" "\xff\xff\xff\x3f"
+echo "Test 1: Maximum size (512 TB - 128 MB):"
+poke_file "$TEST_IMG" "$ds_offset" "\x00\x00\x00\xf8\xff\xff\x01\x00"
+poke_file "$TEST_IMG" "$bii_offset" "\x80\xff\xff\x1f"
_img_info
echo
-echo "Test 2: Size too large (1024TB + 1)"
+echo "Test 2: Size too large (512 TB - 128 MB + 64 kB)"
# This should be too large (-EINVAL):
-poke_file "$TEST_IMG" "$ds_offset" "\x00\x00\xf1\xff\xff\xff\x03\x00"
+poke_file "$TEST_IMG" "$ds_offset" "\x00\x00\x01\xf8\xff\xff\x01\x00"
_img_info
echo
@@ -89,9 +89,9 @@ _img_info
echo
echo "Test 4: Size valid (64M), but Blocks In Image exceeds max allowed"
-# Now check the bounds of blocks_in_image - 0x3fffffff should be the max
+# Now check the bounds of blocks_in_image - 0x1fffff80 should be the max
# value here, and we should get -ENOTSUP
-poke_file "$TEST_IMG" "$bii_offset" "\x00\x00\x00\x40"
+poke_file "$TEST_IMG" "$bii_offset" "\x81\xff\xff\x1f"
_img_info
# Finally, 1MB is the only block size supported. Verify that
diff --git a/tests/qemu-iotests/084.out b/tests/qemu-iotests/084.out
index ea29ae0..5ece829 100644
--- a/tests/qemu-iotests/084.out
+++ b/tests/qemu-iotests/084.out
@@ -17,17 +17,20 @@ file format: IMGFMT
virtual size: 64M (67108864 bytes)
cluster_size: 1048576
disk image file size in bytes: 1024
-Test 1: Maximum size (1024 TB):
-qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Could not open 'TEST_DIR/t.IMGFMT': Invalid argument
+Test 1: Maximum size (512 TB - 128 MB):
+image: TEST_DIR/t.IMGFMT
+file format: IMGFMT
+virtual size: 512T (562949819203584 bytes)
+cluster_size: 1048576
-Test 2: Size too large (1024TB + 1)
-qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Unsupported VDI image size (size is 0x3fffffff10000, max supported is 0x3fffffff00000)
+Test 2: Size too large (512 TB - 128 MB + 64 kB)
+qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Unsupported VDI image size (size is 0x1fffff8010000, max supported is 0x1fffff8000000)
Test 3: Size valid (64M), but Blocks In Image too small (63)
qemu-img: Could not open 'TEST_DIR/t.IMGFMT': unsupported VDI image (disk size 67108864, image bitmap has room for 66060288)
Test 4: Size valid (64M), but Blocks In Image exceeds max allowed
-qemu-img: Could not open 'TEST_DIR/t.IMGFMT': unsupported VDI image (too many blocks 1073741824, max is 1073741823)
+qemu-img: Could not open 'TEST_DIR/t.IMGFMT': unsupported VDI image (too many blocks 536870785, max is 536870784)
Test 5: Valid Image: 64MB, Blocks In Image 64, Block Size 1MB
image: TEST_DIR/t.IMGFMT
commit d21de4d97faaad6ac21011d7bda924f9b2353b7b
Author: Max Reitz <mreitz at redhat.com>
Date: Fri Nov 7 16:51:35 2014 +0100
qapi: Complete BlkdebugEvent
Several events were missing from the QAPI enum, add them.
Reported-by: Kevin Wolf <kwolf at redhat.com>
Signed-off-by: Max Reitz <mreitz at redhat.com>
Signed-off-by: Kevin Wolf <kwolf at redhat.com>
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 77a0cfb..8c3e45d 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1422,7 +1422,9 @@
'refblock_alloc.write_blocks', 'refblock_alloc.write_table',
'refblock_alloc.switch_table', 'cluster_alloc',
'cluster_alloc_bytes', 'cluster_free', 'flush_to_os',
- 'flush_to_disk' ] }
+ 'flush_to_disk', 'pwritev_rmw.head', 'pwritev_rmw.after_head',
+ 'pwritev_rmw.tail', 'pwritev_rmw.after_tail', 'pwritev',
+ 'pwritev_zero', 'pwritev_done', 'empty_image_prepare' ] }
##
# @BlkdebugInjectErrorOptions
commit cb269f273fdbdb26ddb1cba4a0fe2249418a8e77
Author: Yongbok Kim <yongbok.kim at imgtec.com>
Date: Fri Nov 7 10:43:21 2014 +0000
target-mips: fix multiple TCG registers covering same data
Avoid to allocate different TCG registers for the FPU registers
that are mapped on the MSA vectore registers.
Signed-off-by: Yongbok Kim <yongbok.kim at imgtec.com>
Reviewed-by: Richard Henderson <rth at twiddle.net>
Signed-off-by: Leon Alrae <leon.alrae at imgtec.com>
diff --git a/target-mips/translate.c b/target-mips/translate.c
index 0bea3c4..f0b8e6f 100644
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@@ -19285,14 +19285,12 @@ void mips_tcg_init(void)
regnames[i]);
for (i = 0; i < 32; i++) {
- int off = offsetof(CPUMIPSState, active_fpu.fpr[i]);
- fpu_f64[i] = tcg_global_mem_new_i64(TCG_AREG0, off, fregnames[i]);
- }
-
- for (i = 0; i < 32; i++) {
int off = offsetof(CPUMIPSState, active_fpu.fpr[i].wr.d[0]);
msa_wr_d[i * 2] =
tcg_global_mem_new_i64(TCG_AREG0, off, msaregnames[i * 2]);
+ /* The scalar floating-point unit (FPU) registers are mapped on
+ * the MSA vector registers. */
+ fpu_f64[i] = msa_wr_d[i * 2];
off = offsetof(CPUMIPSState, active_fpu.fpr[i].wr.d[1]);
msa_wr_d[i * 2 + 1] =
tcg_global_mem_new_i64(TCG_AREG0, off, msaregnames[i * 2 + 1]);
commit 342368aff7d61a32b5853068b92039a2b15507c5
Author: Maciej W. Rozycki <macro at codesourcery.com>
Date: Thu Nov 6 20:38:10 2014 +0000
mips: Ensure PC update with MTC0 single-stepping
Correct the way PC is updated when single-stepping instructions, by
keeping the old PC only for the BS_EXCP (exception condition) state.
Some MTC0 (and possibly other) instructions switch to the BS_STOP state
to terminate the current translation block, so that the state transition
of the simulated CPU resulting from the CP0 operation takes effect with
the following instruction. This happens with `mtc0 <reg>,c0_config' for
example, typically used to set KSEG0 cacheability.
While single-stepping this has a side-effect of not advancing the PC
past the instruction just executed; subsequent single-step traps will
stop at the same instruction repeatedly. Example:
(gdb) stepi
0x80004d24 in _start ()
5: x/i $pc
=> 0x80004d24 <_start+364>: mfc0 t1,c0_config
(gdb)
0x80004d28 in _start ()
5: x/i $pc
=> 0x80004d28 <_start+368>: li at,-8
(gdb)
0x80004d2c in _start ()
5: x/i $pc
=> 0x80004d2c <_start+372>: and t1,t1,at
(gdb)
0x80004d30 in _start ()
5: x/i $pc
=> 0x80004d30 <_start+376>: ori t1,t1,0x3
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>: mtc0 t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>: mtc0 t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>: mtc0 t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>: mtc0 t1,c0_config
(gdb)
-- oops!
Signed-off-by: Maciej W. Rozycki <macro at codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae at imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae at imgtec.com>
diff --git a/target-mips/translate.c b/target-mips/translate.c
index 194d4fb..0bea3c4 100644
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@@ -19112,7 +19112,7 @@ gen_intermediate_code_internal(MIPSCPU *cpu, TranslationBlock *tb,
gen_io_end();
}
if (cs->singlestep_enabled && ctx.bstate != BS_BRANCH) {
- save_cpu_state(&ctx, ctx.bstate == BS_NONE);
+ save_cpu_state(&ctx, ctx.bstate != BS_EXCP);
gen_helper_0e0i(raise_exception, EXCP_DEBUG);
} else {
switch (ctx.bstate) {
commit 854795753c6efceda1d172851e2bae4b47a492be
Author: Leon Alrae <leon.alrae at imgtec.com>
Date: Thu Nov 6 10:29:38 2014 +0000
target-mips: fix for missing delay slot in BC1EQZ and BC1NEZ
New R6 COP1 conditional branches currently don't have delay slot. Fixing this
by setting MIPS_HFLAG_BDS32 flag which is required for branches having 4-byte
delay slot.
Signed-off-by: Leon Alrae <leon.alrae at imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim at imgtec.com>
diff --git a/target-mips/translate.c b/target-mips/translate.c
index d6722e1..194d4fb 100644
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@@ -8104,6 +8104,7 @@ static void gen_compute_branch1_r6(DisasContext *ctx, uint32_t op,
MIPS_DEBUG("%s: cond %02x target " TARGET_FMT_lx, opn,
ctx->hflags, btarget);
ctx->btarget = btarget;
+ ctx->hflags |= MIPS_HFLAG_BDS32;
out:
tcg_temp_free_i64(t0);
commit e30614d51780f27c53b196da793c3fb89f1f620f
Author: Maciej W. Rozycki <macro at codesourcery.com>
Date: Tue Nov 4 15:41:20 2014 +0000
mips: Set the CP0.Config3.DSP and CP0.Config3.DSP2P bits
Set the CP0.Config3.DSP2P bit for the 74kf processor and both that bit
and the CP0.Config3.DSP bit for the artificial mips32r5-generic and
mips64dspr2 processors. They have the DSPr2 ASE enabled in `insn_flags'
and CPUs that implement that ASE need to have both CP0.Config3.DSP and
CP0.Config3.DSP2P set or software won't detect its presence.
Signed-off-by: Maciej W. Rozycki <macro at codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae at imgtec.com>
[leon.alrae at imgtec.com: remove DSP flags from mips32r5-generic]
Signed-off-by: Leon Alrae <leon.alrae at imgtec.com>
diff --git a/target-mips/translate_init.c b/target-mips/translate_init.c
index 4dee1ca..148b394 100644
--- a/target-mips/translate_init.c
+++ b/target-mips/translate_init.c
@@ -333,7 +333,8 @@ static const mips_def_t mips_defs[] =
(0 << CP0C1_DS) | (3 << CP0C1_DL) | (1 << CP0C1_DA) |
(1 << CP0C1_CA),
.CP0_Config2 = MIPS_CONFIG2,
- .CP0_Config3 = MIPS_CONFIG3 | (0 << CP0C3_VInt) | (1 << CP0C3_DSPP),
+ .CP0_Config3 = MIPS_CONFIG3 | (1 << CP0C3_DSP2P) | (1 << CP0C3_DSPP) |
+ (0 << CP0C3_VInt),
.CP0_LLAddr_rw_bitmask = 0,
.CP0_LLAddr_shift = 4,
.SYNCI_Step = 32,
@@ -376,7 +377,7 @@ static const mips_def_t mips_defs[] =
(0x93 << FCR0_PRID),
.SEGBITS = 32,
.PABITS = 32,
- .insn_flags = CPU_MIPS32R5 | ASE_MIPS16 | ASE_DSP | ASE_DSPR2 | ASE_MSA,
+ .insn_flags = CPU_MIPS32R5 | ASE_MIPS16 | ASE_MSA,
.mmu_type = MMU_TYPE_R4000,
},
#if defined(TARGET_MIPS64)
@@ -601,7 +602,8 @@ static const mips_def_t mips_defs[] =
(2 << CP0C1_DS) | (4 << CP0C1_DL) | (3 << CP0C1_DA) |
(1 << CP0C1_PC) | (1 << CP0C1_WR) | (1 << CP0C1_EP),
.CP0_Config2 = MIPS_CONFIG2,
- .CP0_Config3 = MIPS_CONFIG3 | (1 << CP0C3_LPA),
+ .CP0_Config3 = MIPS_CONFIG3 | (1U << CP0C3_M) | (1 << CP0C3_DSP2P) |
+ (1 << CP0C3_DSPP) | (1 << CP0C3_LPA),
.CP0_LLAddr_rw_bitmask = 0,
.CP0_LLAddr_shift = 0,
.SYNCI_Step = 32,
commit 70409e6726aa6ece565c8732f6c5cb5cd5879716
Author: Maciej W. Rozycki <macro at codesourcery.com>
Date: Tue Nov 4 15:38:05 2014 +0000
mips: Add macros for CP0.Config3 and CP0.Config4 bits
Define macros for CP0.Config3 and CP0.Config4 bits. These used to be
exhaustive as at MIPS32r3, but more bits may have been added since.
Signed-off-by: Maciej W. Rozycki <macro at codesourcery.com>
Signed-off-by: Leon Alrae <leon.alrae at imgtec.com>
diff --git a/target-mips/cpu.h b/target-mips/cpu.h
index d21da8e..c01bbda 100644
--- a/target-mips/cpu.h
+++ b/target-mips/cpu.h
@@ -424,17 +424,25 @@ struct CPUMIPSState {
#define CP0C2_SA 0
int32_t CP0_Config3;
#define CP0C3_M 31
+#define CP0C3_BPG 30
+#define CP0C3_CMCGR 29
#define CP0C3_MSAP 28
#define CP0C3_BP 27
#define CP0C3_BI 26
+#define CP0C3_IPLW 21
+#define CP0C3_MMAR 18
+#define CP0C3_MCU 17
#define CP0C3_ISA_ON_EXC 16
+#define CP0C3_ISA 14
#define CP0C3_ULRI 13
#define CP0C3_RXI 12
+#define CP0C3_DSP2P 11
#define CP0C3_DSPP 10
#define CP0C3_LPA 7
#define CP0C3_VEIC 6
#define CP0C3_VInt 5
#define CP0C3_SP 4
+#define CP0C3_CDMM 3
#define CP0C3_MT 2
#define CP0C3_SM 1
#define CP0C3_TL 0
@@ -443,6 +451,11 @@ struct CPUMIPSState {
#define CP0C4_M 31
#define CP0C4_IE 29
#define CP0C4_KScrExist 16
+#define CP0C4_MMUExtDef 14
+#define CP0C4_FTLBPageSize 8
+#define CP0C4_FTLBWays 4
+#define CP0C4_FTLBSets 0
+#define CP0C4_MMUSizeExt 0
uint32_t CP0_Config5;
uint32_t CP0_Config5_rw_bitmask;
#define CP0C5_M 31
commit 272f458dc8d860f30add3b6a3fff9ad9876aadc1
Author: Maciej W. Rozycki <macro at codesourcery.com>
Date: Mon Nov 3 19:08:51 2014 +0000
mips: Respect CP0.Status.CU1 for microMIPS FP branches
Make microMIPS FP branches respect CP0.Status.CU1 and trap with a
Coprocessor Unusable exception if COP1 has been disabled; also trap if
no FPU is present at all.
Standard MIPS FP instruction encodings have a more regular structure and
branches are covered with a single umbrella along other instructions.
This is not the case with the microMIPS encoding, this case has to be
taken care of explicitly here. Code to do so has been copied from the
standard MIPS code handler for OPC_CP1, in `decode_opc'.
Problems arising from this bug will generally only show up on user
context switches in operating systems making use of lazy FP context
switches, such as Linux. It will also more readily trigger if software
FPU emulation is used, either implicitly on a non-float CPU, or forced
on a hard-float CPU such as with the "nofpu" Linux kernel command line
argument.
The problem may have been easily missed because we have no hard-float
microMIPS CPU configuration present; in fact we have no microMIPS CPU
configuration of any kind present.
Signed-off-by: Maciej W. Rozycki <macro at codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae at imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae at imgtec.com>
diff --git a/target-mips/translate.c b/target-mips/translate.c
index 2117ce8..d6722e1 100644
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@@ -13613,8 +13613,13 @@ static void decode_micromips32_opc (CPUMIPSState *env, DisasContext *ctx,
check_insn(ctx, ASE_MIPS3D);
/* Fall through */
do_cp1branch:
- gen_compute_branch1(ctx, mips32_op,
- (ctx->opcode >> 18) & 0x7, imm << 1);
+ if (env->CP0_Config1 & (1 << CP0C1_FP)) {
+ check_cp1_enabled(ctx);
+ gen_compute_branch1(ctx, mips32_op,
+ (ctx->opcode >> 18) & 0x7, imm << 1);
+ } else {
+ generate_exception_err(ctx, EXCP_CpU, 1);
+ }
break;
case BPOSGE64:
case BPOSGE32:
commit dff4021730b112ca00522d4c98c24a15feeef5a0
Author: Maciej W. Rozycki <macro at codesourcery.com>
Date: Mon Nov 3 18:36:17 2014 +0000
mips: Remove CONFIG_VT82C686 from non-Fulong configs
Fix the regression introduced with commit
47934d0aadc075b05ce2d9e8a44fa6a46edd1afa [hw: move ISA bridges and
devices to hw/isa/, configure with default-configs/], by removing
CONFIG_VT82C686 from configurations that previously did not enable it.
That southbridge is only available on Fulong platforms (CONFIG_FULONG)
that are exclusively little-endian, 64-bit MIPS. Previously vt82c686.o
was pulled explicitly with obj-$(CONFIG_FULONG).
Signed-off-by: Maciej W. Rozycki <macro at codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae at imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae at imgtec.com>
diff --git a/default-configs/mips-softmmu.mak b/default-configs/mips-softmmu.mak
index 71177ef..2a80b04 100644
--- a/default-configs/mips-softmmu.mak
+++ b/default-configs/mips-softmmu.mak
@@ -32,6 +32,5 @@ CONFIG_G364FB=y
CONFIG_I8259=y
CONFIG_JAZZ_LED=y
CONFIG_MC146818RTC=y
-CONFIG_VT82C686=y
CONFIG_ISA_TESTDEV=y
CONFIG_EMPTY_SLOT=y
diff --git a/default-configs/mips64-softmmu.mak b/default-configs/mips64-softmmu.mak
index 617301b..f1f933b 100644
--- a/default-configs/mips64-softmmu.mak
+++ b/default-configs/mips64-softmmu.mak
@@ -32,6 +32,5 @@ CONFIG_G364FB=y
CONFIG_I8259=y
CONFIG_JAZZ_LED=y
CONFIG_MC146818RTC=y
-CONFIG_VT82C686=y
CONFIG_ISA_TESTDEV=y
CONFIG_EMPTY_SLOT=y
diff --git a/default-configs/mipsel-softmmu.mak b/default-configs/mipsel-softmmu.mak
index 532a9ae..7708185 100644
--- a/default-configs/mipsel-softmmu.mak
+++ b/default-configs/mipsel-softmmu.mak
@@ -32,6 +32,5 @@ CONFIG_G364FB=y
CONFIG_I8259=y
CONFIG_JAZZ_LED=y
CONFIG_MC146818RTC=y
-CONFIG_VT82C686=y
CONFIG_ISA_TESTDEV=y
CONFIG_EMPTY_SLOT=y
commit 7eb7311427a6e2a9e080c1224f86a897f077282f
Author: Marc-André Lureau <marcandre.lureau at gmail.com>
Date: Wed Nov 5 15:43:14 2014 +0100
virtio-serial: avoid crash when port has no name
It seems "name" is not mandatory, and the following command line (based
on one generated by current libvirt) will crash qemu at start:
qemu-system-x86_64 \
-device virtio-serial-pci \
-device virtserialport,name=foo \
-device virtconsole
Program received signal SIGSEGV, Segmentation fault.
__strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:210
210 movlpd (%rsi), %xmm2
Missing separate debuginfos, use: debuginfo-install
python-libs-2.7.5-13.fc20.x86_64
(gdb) bt
#0 __strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:210
#1 0x000055555566bdc6 in find_port_by_name (name=0x0) at /home/elmarco/src/qemu/hw/char/virtio-serial-bus.c:67
Signed-off-by: Marc-André Lureau <marcandre.lureau at gmail.com>
Reviewed-by: Amos Kong <akong at redhat.com>
Signed-off-by: Amit Shah <amit.shah at redhat.com>
diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
index c6870f1..a7b1b68 100644
--- a/hw/char/virtio-serial-bus.c
+++ b/hw/char/virtio-serial-bus.c
@@ -871,7 +871,7 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp)
return;
}
- if (find_port_by_name(port->name)) {
+ if (port->name != NULL && find_port_by_name(port->name)) {
error_setg(errp, "virtio-serial-bus: A port already exists by name %s",
port->name);
return;
commit c4d01535dcc2c6a573c03a85a9b7502d15f2bb45
Author: Max Reitz <mreitz at redhat.com>
Date: Mon Oct 27 13:30:09 2014 +0100
iotests: Add test for non-existing backing file
Test the error message when a COW file is about to be created which is
supposed to inherit the size of its backing file, while the backing file
given does not actually exist.
Signed-off-by: Max Reitz <mreitz at redhat.com>
Reviewed-by: Kevin Wolf <kwolf at redhat.com>
Reviewed-by: Peter Lieven <pl at kamp.de>
Signed-off-by: Kevin Wolf <kwolf at redhat.com>
diff --git a/tests/qemu-iotests/111 b/tests/qemu-iotests/111
new file mode 100755
index 0000000..6011c94
--- /dev/null
+++ b/tests/qemu-iotests/111
@@ -0,0 +1,53 @@
+#!/bin/bash
+#
+# Test case for non-existing backing file when creating a qcow2 image
+# and not specifying the size
+#
+# Copyright (C) 2014 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# creator
+owner=mreitz at redhat.com
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+tmp=/tmp/$$
+status=1 # failure is the default!
+
+_cleanup()
+{
+ _cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qed qcow qcow2 vmdk
+_supported_proto file
+_supported_os Linux
+_unsupported_imgopts "subformat=monolithicFlat" "subformat=twoGbMaxExtentFlat"
+
+$QEMU_IMG create -f $IMGFMT -b "$TEST_IMG.inexistent" "$TEST_IMG" 2>&1 \
+ | _filter_testdir | _filter_imgfmt
+
+# success, all done
+echo '*** done'
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/111.out b/tests/qemu-iotests/111.out
new file mode 100644
index 0000000..683c01a
--- /dev/null
+++ b/tests/qemu-iotests/111.out
@@ -0,0 +1,3 @@
+QA output created by 111
+qemu-img: TEST_DIR/t.IMGFMT: Could not open 'TEST_DIR/t.IMGFMT.inexistent': No such file or directory
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 7b2c666..7dfe469 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -111,3 +111,4 @@
105 rw auto quick
107 rw auto quick
108 rw auto quick
+111 rw auto quick
commit e56934becea70817124be1534f4289ce7d8f6733
Author: Max Reitz <mreitz at redhat.com>
Date: Mon Oct 27 13:30:08 2014 +0100
block: Propagate error in bdrv_img_create()
If the specified backing file could not be opened, do not generate a new
error message which contains the message which has been generated by
bdrv_open(), but just propagate the latter.
Signed-off-by: Max Reitz <mreitz at redhat.com>
Reviewed-by: Kevin Wolf <kwolf at redhat.com>
Reviewed-by: Peter Lieven <pl at kamp.de>
Signed-off-by: Kevin Wolf <kwolf at redhat.com>
diff --git a/block.c b/block.c
index dacd881..4b5735c 100644
--- a/block.c
+++ b/block.c
@@ -5608,11 +5608,6 @@ void bdrv_img_create(const char *filename, const char *fmt,
ret = bdrv_open(&bs, backing_file, NULL, NULL, back_flags,
backing_drv, &local_err);
if (ret < 0) {
- error_setg_errno(errp, -ret, "Could not open '%s': %s",
- backing_file,
- error_get_pretty(local_err));
- error_free(local_err);
- local_err = NULL;
goto out;
}
size = bdrv_getlength(bs);
commit cc4d3ee43584d1441e8ff6b994684cc9a8d8f2b4
Author: Max Reitz <mreitz at redhat.com>
Date: Mon Nov 3 13:40:47 2014 +0100
qemu-img: Omit error_report() after img_open()
img_open() already prints an error if the operation failed, so there
should not be another error_report() afterwards.
Signed-off-by: Max Reitz <mreitz at redhat.com>
Reviewed-by: Markus Armbruster <armbru at redhat.com>
Signed-off-by: Kevin Wolf <kwolf at redhat.com>
diff --git a/qemu-img.c b/qemu-img.c
index 66a7eb4..a42335c 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1126,7 +1126,6 @@ static int img_compare(int argc, char **argv)
blk1 = img_open("image_1", filename1, fmt1, flags, true, quiet);
if (!blk1) {
- error_report("Can't open file %s", filename1);
ret = 2;
goto out3;
}
@@ -1134,7 +1133,6 @@ static int img_compare(int argc, char **argv)
blk2 = img_open("image_2", filename2, fmt2, flags, true, quiet);
if (!blk2) {
- error_report("Can't open file %s", filename2);
ret = 2;
goto out2;
}
@@ -1482,7 +1480,6 @@ static int img_convert(int argc, char **argv)
true, quiet);
g_free(id);
if (!blk[bs_i]) {
- error_report("Could not open '%s'", argv[optind + bs_i]);
ret = -1;
goto out;
}
@@ -2962,7 +2959,6 @@ static int img_amend(int argc, char **argv)
blk = img_open("image", filename, fmt, flags, true, quiet);
if (!blk) {
- error_report("Could not open image '%s'", filename);
ret = -1;
goto out;
}
commit bb3e9e1fd7ab62b60780c66d68b2d7bfd8758e61
Author: Heinz Graalfs <graalfs at linux.vnet.ibm.com>
Date: Fri Oct 24 13:10:49 2014 +0000
s390x/sclpconsole: Avoid hanging SCLP ASCII console
Force recalculation of file descriptor sets for main loop's poll(),
in order to be able to readd a possibly removed input file descriptor
after can_read() returned 0 (zero).
Signed-off-by: Heinz Graalfs <graalfs at linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi at linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck at de.ibm.com>
diff --git a/hw/char/sclpconsole.c b/hw/char/sclpconsole.c
index fca105d..79891df 100644
--- a/hw/char/sclpconsole.c
+++ b/hw/char/sclpconsole.c
@@ -36,6 +36,7 @@ typedef struct SCLPConsole {
uint32_t iov_bs; /* offset in buf for char layer read operation */
uint32_t iov_data_len; /* length of byte stream in buffer */
uint32_t iov_sclp_rest; /* length of byte stream not read via SCLP */
+ bool notify; /* qemu_notify_event() req'd if true */
} SCLPConsole;
/* character layer call-back functions */
@@ -44,8 +45,12 @@ typedef struct SCLPConsole {
static int chr_can_read(void *opaque)
{
SCLPConsole *scon = opaque;
+ int avail = SIZE_BUFFER_VT220 - scon->iov_data_len;
- return SIZE_BUFFER_VT220 - scon->iov_data_len;
+ if (avail == 0) {
+ scon->notify = true;
+ }
+ return avail;
}
/* Send data from a char device over to the guest */
@@ -113,6 +118,10 @@ static void get_console_data(SCLPEvent *event, uint8_t *buf, size_t *size,
cons->iov_sclp += avail;
/* more data pending */
}
+ if (cons->notify) {
+ cons->notify = false;
+ qemu_notify_event();
+ }
}
static int read_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
@@ -229,6 +238,7 @@ static void console_reset(DeviceState *dev)
scon->iov_bs = 0;
scon->iov_data_len = 0;
scon->iov_sclp_rest = 0;
+ scon->notify = false;
}
static int console_exit(SCLPEvent *event)
commit 87f2eff01623fe3d79e6c0962a3037d48b80b548
Author: Heinz Graalfs <graalfs at linux.vnet.ibm.com>
Date: Wed Oct 29 12:52:02 2014 +0000
s390x/sclpconsole-lm: Fix hanging SCLP line mode console
Trigger recalculating sets of file descriptors for the main loop's poll()
in order to make sure a possibly removed FD 0 from the poll() file
descriptor array is re-added. FD 0 is removed from the decriptor array
when the console's can_read() callback returns 0.
Signed-off-by: Heinz Graalfs <graalfs at linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi at linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck at de.ibm.com>
diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
index 605dd50..a9f5e62 100644
--- a/hw/char/sclpconsole-lm.c
+++ b/hw/char/sclpconsole-lm.c
@@ -128,6 +128,7 @@ static int get_console_data(SCLPEvent *event, uint8_t *buf, size_t *size,
cons->length = 0;
/* data provided and no more data pending */
event->event_pending = false;
+ qemu_notify_event();
return 0;
}
commit b3191432cf49c556f47d75c929f5aa692ae59da1
Author: Heinz Graalfs <graalfs at linux.vnet.ibm.com>
Date: Wed Oct 29 08:58:05 2014 +0000
s390x/sclpconsole-lm: truncate input if line is too long
As the SCLP line mode console input length is limited by the available
SCCB buffer space, it might lock up if the input does not fit into the
buffer.
With this patch, characters that don't fit are 'eaten' up to the next
CR/LF and the input line is sent truncated to the guest.
Signed-off-by: Heinz Graalfs <graalfs at linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi at linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck at de.ibm.com>
diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
index 80dd0a9..605dd50 100644
--- a/hw/char/sclpconsole-lm.c
+++ b/hw/char/sclpconsole-lm.c
@@ -52,7 +52,8 @@ typedef struct SCLPConsoleLM {
* event_pending is set when a newline character is encountered
*
* The maximum command line length is limited by the maximum
- * space available in an SCCB
+ * space available in an SCCB. Line mode console input is sent
+ * truncated to the guest in case it doesn't fit into the SCCB.
*/
static int chr_can_read(void *opaque)
@@ -61,10 +62,8 @@ static int chr_can_read(void *opaque)
if (scon->event.event_pending) {
return 0;
- } else if (SIZE_CONSOLE_BUFFER - scon->length) {
- return 1;
}
- return 0;
+ return 1;
}
static void chr_read(void *opaque, const uint8_t *buf, int size)
@@ -78,6 +77,10 @@ static void chr_read(void *opaque, const uint8_t *buf, int size)
sclp_service_interrupt(0);
return;
}
+ if (scon->length == SIZE_CONSOLE_BUFFER) {
+ /* Eat the character, but still process CR and LF. */
+ return;
+ }
scon->buf[scon->length] = *buf;
scon->length += 1;
if (scon->echo) {
commit f0d4dc18ce398e166c4b186bff325e755c22db2f
Author: Thomas Huth <thuth at linux.vnet.ibm.com>
Date: Thu Oct 23 09:58:56 2014 +0200
s390x/kvm: Fix warning from sparse
When running "sparse" with the s390x kvm.c code, it complains that
"constant 0x00400f1d40330000 is so big it is long" - let's fix this
by appending a proper suffix.
Signed-off-by: Thomas Huth <thuth at linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi at linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck at de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck at de.ibm.com>
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 690cb71..d247471 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -1272,7 +1272,7 @@ void kvm_s390_crw_mchk(void)
struct kvm_s390_irq irq = {
.type = KVM_S390_MCHK,
.u.mchk.cr14 = 1 << 28,
- .u.mchk.mcic = 0x00400f1d40330000,
+ .u.mchk.mcic = 0x00400f1d40330000ULL,
};
kvm_s390_floating_interrupt(&irq);
}
commit 80765f0734e08fe4d52e9be10e0cfb47b3cf43e3
Author: Frank Blaschka <blaschka at linux.vnet.ibm.com>
Date: Sat Oct 18 06:24:12 2014 +0200
s390x/kvm: Fix opcode decoding for eb instruction handler
The second byte of the opcode is encoded in the lowest byte of the ipb
field, not the lowest byte of the ipa field.
Signed-off-by: Frank Blaschka <blaschka at linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck at de.ibm.com>
Reviewed-by: Thomas Huth <thuth at linux.vnet.ibm.com>
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 5b10a25..690cb71 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -827,18 +827,18 @@ static int handle_b9(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
return r;
}
-static int handle_eb(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
+static int handle_eb(S390CPU *cpu, struct kvm_run *run, uint8_t ipbl)
{
int r = 0;
- switch (ipa1) {
+ switch (ipbl) {
case PRIV_EB_SQBS:
/* just inject exception */
r = -1;
break;
default:
r = -1;
- DPRINTF("KVM: unhandled PRIV: 0xeb%x\n", ipa1);
+ DPRINTF("KVM: unhandled PRIV: 0xeb%x\n", ipbl);
break;
}
@@ -1039,7 +1039,7 @@ static int handle_instruction(S390CPU *cpu, struct kvm_run *run)
r = handle_b9(cpu, run, ipa1);
break;
case IPA0_EB:
- r = handle_eb(cpu, run, ipa1);
+ r = handle_eb(cpu, run, run->s390_sieic.ipb & 0xff);
break;
case IPA0_DIAG:
r = handle_diag(cpu, run, run->s390_sieic.ipb);
More information about the Spice-commits
mailing list