Compare commits

...

850 Commits

Author SHA1 Message Date
Dinar Valeev
0ee4de5840 hw/input/hid.c Fix capslock hid code
When ever USB keyboard is used, e.g. '-usbdevice keyboard' pressing
caps lock key send 0x32 hid code, which is treated as backslash.
Instead it should be 0x39 code. This affects sending uppercase keys,
as they typed whith caps lock active.

While on x86 this can be workarounded by using ps/2 protocol. On
Power it is crusial as we don't have anything else than USB.

This is fixes guest automation tasts over vnc.

Signed-off-by: Dinar Valeev <dvaleev@suse.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-22 12:19:48 +01:00
Gerd Hoffmann
ba4d26064e hid: handle full ptr queues in post_load
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
2015-01-22 12:19:48 +01:00
Gerd Hoffmann
4083ae311d input: improve docs for input-send-event qmp command
Text partly suggested by Markus Armbruster <armbru@redhat.com>

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-22 12:19:48 +01:00
Peter Maydell
699eae17b8 Merge remote-tracking branch 'remotes/pmaydell/tags/pull-misc-20150120' into staging
Miscellaneous cross-tree patches:
 * load/store helper cleanup
 * drop TARGET_HAS_ICE define and checks
 * scripts/qapi-types.py: Add dummy member to empty structs
 * cpu_ldst.h: Don't define helpers if MMU_MODE*_SUFFIX not defined

# gpg: Signature made Tue 20 Jan 2015 15:43:38 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-misc-20150120:
  cpu_ldst.h: Don't define helpers if MMU_MODE*_SUFFIX not defined
  cpu_ldst.h, cpu-all.h, bswap.h: Update documentation on ld/st accessors
  cpu_ldst_template.h: Drop unused cpu_ldfq/stfq/ldfl/stfl accessors
  cpu_ldst.h: Drop unused _raw macros, saddr() and laddr()
  cpu_ldst_template.h: Use ld*_p directly rather than via ld*_raw macros
  cpu_ldst.h: Use inline functions for usermode cpu_ld/st accessors
  cpu_ldst.h: Remove unused very short ld*/st* defines
  cpu_ldst.h: Drop unused ld/st*_kernel defines
  target-mips: Don't use _raw load/store accessors
  linux-user/main.c (m68k): Use get_user_u16 rather than lduw in cpu_loop
  linux-user/vm86.c: Use cpu_ldl_data &c rather than plain ldl &c
  bsd-user/elfload.c: Don't use ldl() or ldq_raw()
  linux-user/elfload.c: Don't use _raw accessor functions
  target-sparc: Don't use {ld, st}*_raw functions
  monitor.c: Use ld*_p() instead of ld*_raw()
  cpu_ldst.h: Remove unused ldul_ macros
  exec.c: Drop TARGET_HAS_ICE define and checks
  scripts/qapi-types.py: Add dummy member to empty structs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-20 16:19:58 +00:00
Peter Maydell
de5ee4a888 cpu_ldst.h: Don't define helpers if MMU_MODE*_SUFFIX not defined
Not all targets define a full set of suffix strings for the
NB_MMU_MODES that they have. In this situation, don't define any
helper functions for that mode, rather than defining helper functions
with no suffix at all. The MMU mode is still functional; it is merely
not directly accessible via cpu_ld*_MODE from target helper functions.

Also add an "NB_MMU_MODES >= 2" check to the definition of the mode 1
helpers -- some targets only define one MMU mode.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1421432008-6786-1-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:35 +00:00
Peter Maydell
db5fd8d709 cpu_ldst.h, cpu-all.h, bswap.h: Update documentation on ld/st accessors
Add documentation of what the cpu_*_* accessors look like.
Correct some minor errors in the existing documentation of the
direct _p accessor family. Remove the near-duplicate comment
on the _p accessors from cpu-all.h and replace it with a reference
to the comment in bswap.h.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-16-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:35 +00:00
Peter Maydell
82f11917c9 cpu_ldst_template.h: Drop unused cpu_ldfq/stfq/ldfl/stfl accessors
The cpu_ldfq/stfq/ldfl/stfl accessors for loading and storing
float32 and float64 are completely unused, so delete them.
(The union they use for converting from the float32/float64
type to uint32_t or uint64_t is the wrong way to do it anyway:
they should be using make_float* and float*_val.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-15-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:34 +00:00
Peter Maydell
800e2ecc89 cpu_ldst.h: Drop unused _raw macros, saddr() and laddr()
The _raw macros and their helpers saddr() and laddr() are now
totally unused -- delete them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-14-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:34 +00:00
Peter Maydell
355392329e cpu_ldst_template.h: Use ld*_p directly rather than via ld*_raw macros
The ld*_raw and st*_raw macros are now only used within the code
produced by cpu_ldst_template.h, and only in three places.
Expand these out to just call the ld_p and st_p functions directly.

Note that in all the callsites the address argument is a uintptr_t,
so we can drop that part of the double-cast used in the saddr() and
laddr() macros.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-13-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:34 +00:00
Peter Maydell
9220fe54c6 cpu_ldst.h: Use inline functions for usermode cpu_ld/st accessors
Use inline functions rather than macros for cpu_ld/st accessors
for the *-user configurations, as we already do for softmmu.
This has a two advantages:
 * we can actually typecheck our arguments
 * we don't need to leak the _raw macros everywhere

Since the _kernel functions were only used by target-i386/seg_helper.c,
put the definitions for them in that file too. (It already has the
similar template include code to define them for the softmmu case,
so it makes sense to have it deal with defining them for user-only.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-12-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:34 +00:00
Peter Maydell
177ea79f65 cpu_ldst.h: Remove unused very short ld*/st* defines
The very short ld*/st* defines are now not used anywhere; delete them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-11-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:34 +00:00
Peter Maydell
5a0826f7d2 cpu_ldst.h: Drop unused ld/st*_kernel defines
The ld*_kernel and st*_kernel defines are not used anywhere;
delete them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-10-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:34 +00:00
Peter Maydell
1535300119 target-mips: Don't use _raw load/store accessors
Use cpu_*_data instead of the direct *_raw load/store accessors.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-9-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:33 +00:00
Peter Maydell
d8d5119cae linux-user/main.c (m68k): Use get_user_u16 rather than lduw in cpu_loop
In the m68k cpu_loop() use get_user_u16 to read the immediate for
the simcall rahter than lduw, to bring it into line with how other
archs do it and to remove another user of the ldl family of functions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-8-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:33 +00:00
Peter Maydell
5899d6d0b4 linux-user/vm86.c: Use cpu_ldl_data &c rather than plain ldl &c
Use the cpu_ld*_data and cpu_st*_data family of functions to access
guest memory in vm86.c rather than the very short-named ldl/stl functions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-7-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:33 +00:00
Peter Maydell
b8d6ac9f90 bsd-user/elfload.c: Don't use ldl() or ldq_raw()
Use get_user_u64() and get_user_ual() instead of the ldl() and
ldq_raw() functions.

[Note that this change is not compile tested as it is actually
in dead code -- none of the bsd-user configurations are PPC.]

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-6-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:33 +00:00
Peter Maydell
2ccf97ec0f linux-user/elfload.c: Don't use _raw accessor functions
The _raw accessor functions are an implementation detail that has
leaked out to some callsites. Use get_user_u64() instead of ldq_raw().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-5-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:33 +00:00
Peter Maydell
eb513f82f0 target-sparc: Don't use {ld, st}*_raw functions
Instead of using the _raw family of ld/st accessor functions, use
cpu_*_data. All this code is CONFIG_USER_ONLY, so the two are the
same semantically, but the _raw functions are really a detail of
the implementation which has leaked into a few callsites like this one.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-4-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:32 +00:00
Peter Maydell
24e60305c5 monitor.c: Use ld*_p() instead of ld*_raw()
The monitor code for doing a memory_dump() was using ld*_raw() to do
target-CPU accesses out of a local buf[] array. The correct functions
for this purpose are ld*_p(), which take a host pointer, rather than
ld*_raw(), which take an integer representing a guest address and
are somewhat meaningless in softmmu configurations. Nobody noticed
because for softmmu the _raw functions are the same as ldl_p but
with some extra casts thrown in. Switch to using the correct functions
instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-3-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:32 +00:00
Peter Maydell
0c021c1fd2 cpu_ldst.h: Remove unused ldul_ macros
The five ldul_ macros are not used anywhere and are marked up with an XXX
comment. "ldul" is a non-standard prefix for our family of load instructions:
we don't mark 32-bit accesses for signedness because they return a 32 bit
quantity. So just delete them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1421334118-3287-2-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:32 +00:00
Peter Maydell
ec53b45bcd exec.c: Drop TARGET_HAS_ICE define and checks
The TARGET_HAS_ICE #define is intended to indicate whether a target-*
guest CPU implementation supports the breakpoint handling. However,
all our guest CPUs have that support (the only two which do not
define TARGET_HAS_ICE are unicore32 and openrisc, and in both those
cases the bp support is present and the lack of the #define is just
a bug). So remove the #define entirely: all new guest CPU support
should include breakpoint handling as part of the basic implementation.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1420484960-32365-1-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:32 +00:00
Peter Maydell
83ecb22ba2 scripts/qapi-types.py: Add dummy member to empty structs
Make sure that all generated C structs have at least one field; this
avoids potential issues with attempting to malloc space for
zero-length structs in C (g_malloc(sizeof struct) would return NULL).
It also avoids an incompatibility with C++ (where an empty struct is
size 1); that isn't important to us now but might be in future.

Generated empty structures look like this:
    struct Abort
    {
        char qapi_dummy_field_for_empty_struct;
    };

This silences clang warnings like:
./qapi-types.h:3752:1: warning: empty struct has size 0 in C, size 1 in C++ [-Wextern-c-compat]
struct Abort
^

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1419359069-16611-1-git-send-email-peter.maydell@linaro.org
2015-01-20 15:19:32 +00:00
Peter Maydell
a5bd4470ed Merge remote-tracking branch 'remotes/sstabellini/xen-2015-01-20-v2' into staging
* remotes/sstabellini/xen-2015-01-20-v2:
  xen: add a lock for the mapcache
  xen: do not use __-named variables in mapcache
  Xen: Use the ioreq-server API when available
  Add device listener interface

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-20 14:34:38 +00:00
Paolo Bonzini
86a6a9bf55 xen: add a lock for the mapcache
Extend the existing dummy mapcache_lock/unlock macros to cover all of
xen-mapcache.c.  This prepares for unlocked memory access, when parts
of exec.c will not be protected by the BQL.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-01-20 14:24:17 +00:00
Paolo Bonzini
9b6d7b365d xen: do not use __-named variables in mapcache
Keep the namespace clean.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-01-20 14:24:13 +00:00
Paul Durrant
3996e85c18 Xen: Use the ioreq-server API when available
The ioreq-server API added to Xen 4.5 offers better security than
the existing Xen/QEMU interface because the shared pages that are
used to pass emulation request/results back and forth are removed
from the guest's memory space before any requests are serviced.
This prevents the guest from mapping these pages (they are in a
well known location) and attempting to attack QEMU by synthesizing
its own request structures. Hence, this patch modifies configure
to detect whether the API is available, and adds the necessary
code to use the API if it is.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-01-20 14:24:10 +00:00
Paul Durrant
707ff80021 Add device listener interface
The Xen ioreq-server API, introduced in Xen 4.5, requires that PCI device
models explicitly register with Xen for config space accesses. This patch
adds a listener interface into qdev-core which can be used by the Xen
interface code to monitor for arrival and departure of PCI devices.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-20 14:24:07 +00:00
Peter Maydell
74acb99737 Merge remote-tracking branch 'remotes/kraxel/tags/pull-console-20150119-1' into staging
ui: add shared surface format negotiation.

# gpg: Signature made Mon 19 Jan 2015 12:47:36 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-console-20150119-1:
  ui/sdl2: Support shared surface for more pixman formats
  ui/sdl: Support shared surface for more pixman formats
  ui/gtk: Support shared surface for most pixman formats
  ui/spice: Support shared surface for most pixman formats
  ui/vnc: Support shared surface for most pixman formats
  ui/pixman: add qemu_pixman_check_format
  ui: Add dpy_gfx_check_format() to check backend shared surface support
  ui: Make qemu_default_pixman_format() return 0 on unsupported formats

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-19 13:37:05 +00:00
Gerd Hoffmann
877417d9ae ui/sdl2: Support shared surface for more pixman formats
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-19 13:33:26 +01:00
Benjamin Herrenschmidt
7dd93291ca ui/sdl: Support shared surface for more pixman formats
At least all the ones I've tested. We make the assumption that
SDL is going to be better at conversion than we are.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

[ kraxel: minor format tweaks ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-19 13:33:26 +01:00
Benjamin Herrenschmidt
fcf73af68e ui/gtk: Support shared surface for most pixman formats
At least all the ones I've tested. We make the assumption that
pixman is going to be better at conversion than we are.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

[ kraxel: just hook up qemu_pixman_check_format ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-19 13:33:26 +01:00
Gerd Hoffmann
0002a51889 ui/spice: Support shared surface for most pixman formats
Just hook up qemu_pixman_check_format.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-19 13:33:26 +01:00
Benjamin Herrenschmidt
34da30afa4 ui/vnc: Support shared surface for most pixman formats
At least all the ones I've tested. We make the assumption that
pixman is going to be better at conversion than we are.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

[ kraxel: just hook up qemu_pixman_check_format ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-19 13:33:26 +01:00
Gerd Hoffmann
8cd996f493 ui/pixman: add qemu_pixman_check_format
Convinience check_format function for UIs using pixman.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-19 13:33:26 +01:00
Benjamin Herrenschmidt
49743df399 ui: Add dpy_gfx_check_format() to check backend shared surface support
This allows VGA to decide whether to use a shared surface based on
whether the UI backend supports the format or not. Backends that
don't provide the new callback fallback to native 32 bpp which
is equivalent to what was supported before.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

[ kraxel: fix console check, allow only 32 bpp as fallback ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-19 13:33:26 +01:00
Benjamin Herrenschmidt
aca7aaf628 ui: Make qemu_default_pixman_format() return 0 on unsupported formats
In order to remove the logic for detecting supported shared
pixmap formats from device models, make qemu_default_pixman_format()
capable for failing by returning 0 which is not a possible format
value rather than asserting.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2015-01-19 13:33:26 +01:00
Peter Maydell
1e42c35346 Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150116' into staging
target-arm queue:
 * fix endianness handling in fwcfg wide registers
 * fix broken crypto insn emulation on big endian hosts

# gpg: Signature made Fri 16 Jan 2015 12:04:08 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20150116:
  fw_cfg: fix endianness in fw_cfg_data_mem_read() / _write()
  target-arm: crypto: fix BE host support

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-16 12:06:41 +00:00
Laszlo Ersek
36b62ae6a5 fw_cfg: fix endianness in fw_cfg_data_mem_read() / _write()
(1) Let's contemplate what device endianness means, for a memory mapped
device register (independently of QEMU -- that is, on physical hardware).

It determines the byte order that the device will put on the data bus when
the device is producing a *numerical value* for the CPU. This byte order
may differ from the CPU's own byte order, therefore when software wants to
consume the *numerical value*, it may have to swap the byte order first.

For example, suppose we have a device that exposes in a 2-byte register
the number of sheep we have to count before falling asleep. If the value
is decimal 37 (0x0025), then a big endian register will produce [0x00,
0x25], while a little endian register will produce [0x25, 0x00].

If the device register is big endian, but the CPU is little endian, the
numerical value will read as 0x2500 (decimal 9472), which software has to
byte swap before use.

However... if we ask the device about who stole our herd of sheep, and it
answers "XY", then the byte representation coming out of the register must
be [0x58, 0x59], regardless of the device register's endianness for
numeric values. And, software needs to copy these bytes into a string
field regardless of the CPU's own endianness.

(2) QEMU's device register accessor functions work with *numerical values*
exclusively, not strings:

The emulated register's read accessor function returns the numerical value
(eg. 37 decimal, 0x0025) as a *host-encoded* uint64_t. QEMU translates
this value for the guest to the endianness of the emulated device register
(which is recorded in MemoryRegionOps.endianness). Then guest code must
translate the numerical value from device register to guest CPU
endianness, before including it in any computation (see (1)).

(3) However, the data register of the fw_cfg device shall transfer strings
*only* -- that is, opaque blobs. Interpretation of any given blob is
subject to further agreement -- it can be an integer in an independently
determined byte order, or a genuine string, or an array of structs of
integers (in some byte order) and fixed size strings, and so on.

Because register emulation in QEMU is integer-preserving, not
string-preserving (see (2)), we have to jump through a few hoops.

(3a) We defined the memory mapped fw_cfg data register as
DEVICE_BIG_ENDIAN.

The particular choice is not really relevant -- we picked BE only for
consistency with the control register, which *does* transfer integers --
but our choice affects how we must host-encode values from fw_cfg strings.

(3b) Since we want the fw_cfg string "XY" to appear as the [0x58, 0x59]
array on the data register, *and* we picked DEVICE_BIG_ENDIAN, we must
compose the host (== C language) value 0x5859 in the read accessor
function.

(3c) When the guest performs the read access, the immediate uint16_t value
will be 0x5958 (in LE guests) and 0x5859 (in BE guests). However, the
uint16_t value does not matter. The only thing that matters is the byte
pattern [0x58, 0x59], which the guest code must copy into the target
string *without* any byte-swapping.

(4) Now I get to explain where I screwed up. :(

When we decided for big endian *integer* representation in the MMIO data
register -- see (3a) --, I mindlessly added an indiscriminate
byte-swizzling step to the (little endian) guest firmware.

This was a grave error -- it violates (3c) --, but I didn't realize it. I
only saw that the code I otherwise intended for fw_cfg_data_mem_read():

    value = 0;
    for (i = 0; i < size; ++i) {
        value = (value << 8) | fw_cfg_read(s);
    }

didn't produce the expected result in the guest.

In true facepalm style, instead of blaming my guest code (which violated
(3c)), I blamed my host code (which was correct). Ultimately, I coded
ldX_he_p() into fw_cfg_data_mem_read(), because that happened to work.

Obviously (...in retrospect) that was wrong. Only because my host happened
to be LE, ldX_he_p() composed the (otherwise incorrect) host value 0x5958
from the fw_cfg string "XY". And that happened to compensate for the bogus
indiscriminate byte-swizzling in my guest code.

Clearly the current code leaks the host endianness through to the guest,
which is wrong. Any device should work the same regardless of host
endianness.

The solution is to compose the host-endian representation (2) of the big
endian interpretation (3a, 3b) of the fw_cfg string, and to drop the wrong
byte-swizzling in the guest (3c).

Brown paper bag time for me.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1420024880-15416-1-git-send-email-lersek@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-16 11:54:30 +00:00
Ard Biesheuvel
b449ca3c18 target-arm: crypto: fix BE host support
The crypto emulation code in target-arm/crypto_helper.c never worked
correctly on big endian hosts, due to the fact that it uses a union
of array types to convert between the native VFP register size (64
bits) and the types used in the algorithms (bytes and 32 bit words)

We cannot just swab between LE and BE when reading and writing the
registers, as the SHA code performs word additions, so instead, add
array accessors for the CRYPTO_STATE type whose LE and BE specific
implementations ensure that the correct array elements are referenced.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1420208303-24111-1-git-send-email-ard.biesheuvel@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-16 11:54:29 +00:00
Peter Maydell
e68cba3636 Merge remote-tracking branch 'remotes/amit-migration/tags/mig-2.3-1' into staging
A set of patches collected over the holidays.  Mix of optimizations and
fixes.

# gpg: Signature made Fri 16 Jan 2015 07:42:00 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit-migration/tags/mig-2.3-1:
  vmstate: type-check sub-arrays
  migration_cancel: shutdown migration socket
  Handle bi-directional communication for fd migration
  socket shutdown
  Tests: QEMUSizedBuffer/QEMUBuffer
  QEMUSizedBuffer: only free qsb that qemu_bufopen allocated
  xbzrle: rebuild the cache_is_cached function
  xbzrle: optimize XBZRLE to decrease the cache misses

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-16 10:16:14 +00:00
Paolo Bonzini
ea987c2c21 vmstate: type-check sub-arrays
While we cannot check against the type of the full array, we can check
against the type of the fields.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-01-16 13:06:17 +05:30
Dr. David Alan Gilbert
a26ba26e21 migration_cancel: shutdown migration socket
Force shutdown on migration socket on cancel to cause the cancel
to complete even if the socket is blocked on a dead network.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-01-16 13:06:17 +05:30
Cristian Klein
131fe9b843 Handle bi-directional communication for fd migration
libvirt prefers opening the TCP connection itself, for two reasons.
First, connection failed errors can be detected easier, without having
to parse qemu's error output.
Second, libvirt might be asked to secure the transfer by tunnelling the
communication through an TLS layer.
Therefore, libvirt opens the TCP connection itself and passes an FD to qemu
using QMP and a POSIX-specific mechanism.

Hence, in order to make the reverse-path work in such cases, qemu needs to
distinguish if the transmitted FD is a socket (reverse-path available)
or not (reverse-path might not be available) and use the corresponding
abstraction.

Signed-off-by: Cristian Klein <cristian.klein@cs.umu.se>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-01-16 13:06:17 +05:30
Dr. David Alan Gilbert
e1a8c9b67f socket shutdown
Add QEMUFile interface to allow a socket to be 'shut down' - i.e. any
reads/writes will fail (and any blocking read/write will be woken).

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-01-16 13:06:17 +05:30
Yang Hongyang
8580b06498 Tests: QEMUSizedBuffer/QEMUBuffer
Modify some of tests/test-vmstate.c due to qemu_bufopen() change.
If you create a QEMUSizedBuffer yourself, you have to explicitly
free it.

Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: Juan Quintela <quintela@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-01-16 13:06:17 +05:30
Yang Hongyang
f018d8cd21 QEMUSizedBuffer: only free qsb that qemu_bufopen allocated
Only free qsb that qemu_bufopen allocated, and also allow
qemu_bufopen accept qsb as input for write operation. It
will make the API more logical:
1.If you create the QEMUSizedBuffer yourself, you need to
  free it by using qsb_free() but not depends on other API
  like qemu_fclose.
2.allow qemu_bufopen() accept QEMUSizedBuffer as input for
  write operation, otherwise, it will be a little strange
  for this API won't accept the second parameter.

This brings API change, since there are only 3
users of this API currently, this change only impact the
first one which will be fixed in patch 2 of this patchset,
so I think it is safe to do this change.

1     70  tests/test-vmstate.c <<open_mem_file_read>>
            return qemu_bufopen("r", qsb);
2    404  tests/test-vmstate.c <<test_save_noskip>>
            QEMUFile *fsave = qemu_bufopen("w", NULL);
3    424  tests/test-vmstate.c <<test_save_skip>>
            QEMUFile *fsave = qemu_bufopen("w", NULL);

Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: Juan Quintela <quintela@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-01-16 13:06:17 +05:30
ChenLiang
1b826f2778 xbzrle: rebuild the cache_is_cached function
Rebuild the cache_is_cached function by cache_get_by_addr. And
drops the asserts because the caller is also asserting the same
thing.

Signed-off-by: ChenLiang <chenliang88@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-01-15 17:49:43 +05:30
ChenLiang
27af7d6ea5 xbzrle: optimize XBZRLE to decrease the cache misses
Avoid hot pages being replaced by others to remarkably decrease cache
misses

Sample results with the test program which quote from xbzrle.txt ran in
vm:(migrate bandwidth:1GE and xbzrle cache size 8MB)

the test program:

include <stdlib.h>
include <stdio.h>
int main()
 {
        char *buf = (char *) calloc(4096, 4096);
        while (1) {
            int i;
            for (i = 0; i < 4096 * 4; i++) {
                buf[i * 4096 / 4]++;
            }
            printf(".");
        }
 }

before this patch:
virsh qemu-monitor-command test_vm '{"execute": "query-migrate"}'
{"return":{"expected-downtime":1020,"xbzrle-cache":{"bytes":1108284,
"cache-size":8388608,"cache-miss-rate":0.987013,"pages":18297,"overflow":8,
"cache-miss":1228737},"status":"active","setup-time":10,"total-time":52398,
"ram":{"total":12466991104,"remaining":1695744,"mbps":935.559472,
"transferred":5780760580,"dirty-sync-counter":271,"duplicate":2878530,
"dirty-pages-rate":29130,"skipped":0,"normal-bytes":5748592640,
"normal":1403465}},"id":"libvirt-706"}

18k pages sent compressed in 52 seconds.
cache-miss-rate is 98.7%, totally miss.

after optimizing:
virsh qemu-monitor-command test_vm '{"execute": "query-migrate"}'
{"return":{"expected-downtime":2054,"xbzrle-cache":{"bytes":5066763,
"cache-size":8388608,"cache-miss-rate":0.485924,"pages":194823,"overflow":0,
"cache-miss":210653},"status":"active","setup-time":11,"total-time":18729,
"ram":{"total":12466991104,"remaining":3895296,"mbps":937.663549,
"transferred":1615042219,"dirty-sync-counter":98,"duplicate":2869840,
"dirty-pages-rate":58781,"skipped":0,"normal-bytes":1588404224,
"normal":387794}},"id":"libvirt-266"}

194k pages sent compressed in 18 seconds.
The value of cache-miss-rate decrease to 48.59%.

Signed-off-by: ChenLiang <chenliang88@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-01-15 17:49:43 +05:30
Peter Maydell
df58887b20 Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2015-01-15' into staging
trivial patches for 2015-01-15

# gpg: Signature made Thu 15 Jan 2015 08:26:26 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"

* remotes/mjt/tags/pull-trivial-patches-2015-01-15:
  vl.c: fix some alignment issues
  blizzard: do not depend on VGA internals
  Makefile: Remove config.status and common.env during 'make distclean'
  target-openrisc: bugfix for dec_sys to decode instructions correctly
  Do not hang on full PTY
  misc: Fix new typos in comments
  target-arm: Fix typo in comment (seperately -> separately)
  target-tricore: Fix new typos
  migration/qemu-file.c: Don't shift left into sign bit
  translate-all: Mark map_exec() with the 'unused' attribute
  tests/hd-geo-test.c: Remove unused test_image variable
  vt82c686: avoid out-of-bounds read

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-15 10:08:46 +00:00
Marcel Apfelbaum
99efa84d5c vl.c: fix some alignment issues
The misalignment was caused by tabs which were used instead of spaces.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-15 10:44:13 +03:00
Paolo Bonzini
31fc97c314 blizzard: do not depend on VGA internals
There is nothing that is used by this ARM-specific device.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-15 10:44:13 +03:00
Thomas Huth
ae21935924 Makefile: Remove config.status and common.env during 'make distclean'
config.status and tests/qemu-iotests/common.env are generated files
that should be deleted during 'make distclean'.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-15 10:44:13 +03:00
David Morrison
3d59b6808b target-openrisc: bugfix for dec_sys to decode instructions correctly
Fixed the decoding of "system" instructions (starting with 0x2)
in dec_sys() in translate.c.  In particular, the l.trap instruction
is now correctly decoded, which enables for singlestepping and
breakpoints to be set in GDB.

Signed-off-by: David R. Morrison <dmorrison@invlim.com>
Acked-by: Jia Liu <proljc@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-15 10:44:13 +03:00
Don Slutz
fac6688a18 Do not hang on full PTY
Signed-off-by: Don Slutz <dslutz@verizon.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-15 10:44:13 +03:00
Stefan Weil
b4952c3677 misc: Fix new typos in comments
recieve -> receive
suprise -> surprise

Cc: Igor Mammedov <imammedo@redhat.com>
Cc: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-15 10:44:13 +03:00
Stefan Weil
1281f8e308 target-arm: Fix typo in comment (seperately -> separately)
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Greg Bellows <greg.bellows@linaro.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-15 10:44:13 +03:00
Stefan Weil
37097418be target-tricore: Fix new typos
adress -> address
managment -> management

Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-15 10:44:13 +03:00
Peter Maydell
90d6a6730b migration/qemu-file.c: Don't shift left into sign bit
Add a cast in qemu_get_be32() to avoid shifting left into the sign
bit of a signed integer (which is undefined behaviour in C).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-15 10:44:13 +03:00
SeokYeon Hwang
2d8ac5eb7a translate-all: Mark map_exec() with the 'unused' attribute
Mark map_exec() with the 'unused' attribute to avoid '-Wunused-function'
warnings on clang 3.4 or later. This means we don't need to mark it
'inline', which is what we were previously using to suppress the warning
(a trick which only works with gcc, not clang).

Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
[PMM: tweaked comment message a little]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-15 10:44:13 +03:00
Peter Maydell
9c6d5c1ade tests/hd-geo-test.c: Remove unused test_image variable
Remove unused variable test_image; this silences a clang warning.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-15 10:44:13 +03:00
Paolo Bonzini
9feb8adeaa vt82c686: avoid out-of-bounds read
superio_ioport_readb can read the 256th element of the array.
Coverity reports an out-of-bounds write in superio_ioport_writeb,
but it does not show the corresponding out-of-bounds read
because it cannot prove that it can happen.  Fix the root
cause of the problem (zhanghailang's patch instead fixes
the logic in superio_ioport_writeb).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Cc: qemu-stable@nongnu.org
2015-01-15 10:44:13 +03:00
Peter Maydell
b629a38a13 Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Mostly bugfixes and cleanups from qemu-devel.  Yet another small patch from
the record/replay series, and a few SCSI and i386 patches as well.

# gpg: Signature made Wed 14 Jan 2015 09:39:14 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  cpus: consistently use QEMU_CLOCK_VIRTUAL_RT for icount_warp_rt timer
  qemu-timer: rename timer_init to timer_init_tl
  scsi: fix cancellation when I/O was completed but DMA was not.
  rules.mak: Fix module build
  hw/scsi/lsi53c895a: add support for additional diag / debug registers
  qemu-common.h: optimise muldiv64 if int128 is available
  target-i386: do not memcpy in and out of xmm_regs
  target-i386: fix movntsd on big-endian hosts
  vl.c: fix regression when reading memory size from config file
  vl: Don't silently change topology when all -smp options were set
  vl: fix max_cpus check
  vl: Avoid unnecessary 'if' nesting
  9pfs: changed to use event_notifier instead of qemu_pipe
  vl.c: fix regression when reading machine type from config file
  char: restore stdio echo on resume from suspend.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-14 18:02:47 +00:00
Pavel Dovgalyuk
1979b908b6 cpus: consistently use QEMU_CLOCK_VIRTUAL_RT for icount_warp_rt timer
Fix mismatch between timer_new_ms and timer_mod.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-14 10:38:58 +01:00
Paolo Bonzini
f186aa976b qemu-timer: rename timer_init to timer_init_tl
timer_init is not called that often.  Free the name for an equivalent
of timer_new.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-14 10:38:57 +01:00
Paolo Bonzini
488eef2f1d scsi: fix cancellation when I/O was completed but DMA was not.
Commit d577646 (scsi: Introduce scsi_req_cancel_complete, 2014-09-25)
was supposed to have no semantic change, but it missed a case.  When
r->aiocb has already been NULLed, but DMA was not complete and the
SCSI layer was waiting for scsi_req_continue, after the patch the
SCSI layer will not call the .cancel callback of SCSIBusInfo.

Fixes: d5776465ee
Cc: qemu-stable@nongnu.org
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-14 10:38:57 +01:00
Fam Zheng
c88f68ec3c rules.mak: Fix module build
Module build is broken since commit c261d774fb ( rules.mak: Fix DSO
build by pulling in archive symbols). That commit added .mo placeholders
of DSO to -y variables, in order to pull stub symbols to executable. But
the placeholders are unintentionally expanded in -y, rather than
filtered out while linking.

Fix it by moving the -objs expanding to before inserting .mo
placeholders.  Note that passing -cflags and -libs to member objects are
also moved to keep it happening before object expanding.

Reported-by: Bharata B Rao <bharata.rao@gmail.com>
Tested-by: Bharata B Rao <bharata.rao@gmail.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-14 10:38:57 +01:00
Peter Lieven
6f84da3a07 hw/scsi/lsi53c895a: add support for additional diag / debug registers
Some ancient Linux kernels read from registers 0x09 and 0x3c-3f during
boot. According to the spec these registers are for diag and debug
purposes only. If they are absend qemu aborts on read.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-14 10:38:57 +01:00
Frediano Ziglio
e1660dc57c qemu-common.h: optimise muldiv64 if int128 is available
Let compiler do the job to optimise the function.

Signed-off-by: Frediano Ziglio <frediano.ziglio@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
2015-01-14 10:38:57 +01:00
Paolo Bonzini
bee818872c target-i386: do not memcpy in and out of xmm_regs
After the next patch, we will move the high parts of AVX and AVX512 registers
in the same array as the SSE registers.  This will make it impossible to
memcpy an array of 128-bit values in and out of xmm_regs in one swoop.
Use a for loop instead.

Similarly, always use XMM_Q in translate.c.  This avoids introducing bugs
such as the one fixed in the previous patch.

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-14 10:38:57 +01:00
Paolo Bonzini
07958082fd target-i386: fix movntsd on big-endian hosts
This was accessing an XMM register's low half without going through XMM_Q.

Cc: qemu-stable@nongnu.org
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-14 10:38:57 +01:00
Marcel Apfelbaum
3b9985e9a1 vl.c: fix regression when reading memory size from config file
This is happening because an actual logic is performed on the memory
arguments inside the main's switch, disregarding the config file content.

Solved by extracting the logic on a separate function and calling it
after the switch.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-14 10:38:53 +01:00
Peter Maydell
3a7f560fa6 Merge remote-tracking branch 'remotes/sstabellini/xen-2015-01-13' into staging
* remotes/sstabellini/xen-2015-01-13:
  xen-hvm: increase maxmem before calling xc_domain_populate_physmap
  xen-pt: Fix PCI devices re-attach failed

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-13 18:32:42 +00:00
Stefano Stabellini
c1d322e604 xen-hvm: increase maxmem before calling xc_domain_populate_physmap
Increase maxmem before calling xc_domain_populate_physmap_exact to
avoid the risk of running out of guest memory. This way we can also
avoid complex memory calculations in libxl at domain construction
time.

This patch fixes an abort() when assigning more than 4 NICs to a VM.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Don Slutz <dslutz@verizon.com>
2015-01-13 18:05:52 +00:00
Peter Maydell
a00369fc56 Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
# gpg: Signature made Tue 13 Jan 2015 13:48:06 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request: (38 commits)
  NVMe: Set correct VS Value for 1.1 Compliant Controllers
  MAINTAINERS: Add migration/block* to block subsystem
  MAINTAINERS: Update email addresses for Chrysostomos Nanakos
  nvme: Fix get/set number of queues feature
  ide: Implement VPD response for ATAPI
  block: Split BLOCK_OP_TYPE_COMMIT to BLOCK_OP_TYPE_COMMIT_{SOURCE, TARGET}
  block: limited request size in write zeroes unsupported path
  coroutine: try harder not to delete coroutines
  coroutine: drop qemu_coroutine_adjust_pool_size
  coroutine: rewrite pool to avoid mutex
  QSLIST: add lock-free operations
  test-coroutine: avoid overflow on 32-bit systems
  qemu-thread: add per-thread atexit functions
  coroutine-ucontext: use __thread
  qemu-iotests: Add supported os parameter for python tests
  qemu-iotests: Add "_supported_os Linux" to 058
  qemu-iotests: Replace "/bin/true" with "true"
  .gitignore: Ignore generated "common.env"
  libqos: Convert malloc-pc allocator to a generic allocator
  migration/block: fix pending() return value
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-13 13:49:18 +00:00
Anubhav Rakshit
07d31d07f4 NVMe: Set correct VS Value for 1.1 Compliant Controllers
According to NVMe specifications Bits 15:08 represent Minor Version number.

Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Fam Zheng
47b0f45a92 MAINTAINERS: Add migration/block* to block subsystem
We are moving block-migration.c to the separated migration directory,
keep this file watched by block maintainers is a good idea.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Chrysostomos Nanakos
5734edd837 MAINTAINERS: Update email addresses for Chrysostomos Nanakos
Remove first email address and let the one from which I am contributing.

Signed-off-by: Chrysostomos Nanakos <chris@include.gr>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Alex Friedman
e7026f1953 nvme: Fix get/set number of queues feature
According to the specification, the low 16 bits should contain the number of
I/O submission queues, and the high 16 bits should contain the number of
I/O completion queues.

Signed-off-by: Alex Friedman <alex@e8storage.com>
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
John Snow
9a502563ee ide: Implement VPD response for ATAPI
SCSI devices have multiple kinds of queries they need to respond
to, as defined in the "cmd inquiry" section in MMC-6 and SPC-3.

Relevent sections:
MMC-6 revision 2g:
      Non-VPD response data and pointer to SPC-3;
      Section 6.8 "Inquiry Command"
SPC-3 revision 23:
      Inquiry command and error handling:
      Section 6.4 "INQUIRY command"
      VPD data pages format:
      Section 7.6 "Vital product data parameters"

We implement these Vital Product Data queries for SCSI, but not for
ATAPI through IDE. The result is that if you are looking for the WWN
identifier via tools such as sg3_utils, you will be unable to query
our CD/DVD rom device to obtain it.

This patch adds the minimum number of mandatory responses as defined
by SPC-3, which include the "supported pages" response (page 0x00)
and the "Device Identification" response (page 0x83). It also correctly
responds when it receives a request for an illegal page to improve
error output from related tools.

The Device ID page contains an arbitrary list of identification
strings of various formats; the ID strings included in this patch
were chosen to mimic those provided by the libata driver when
emulating this SCSI query (model, serial, and wwn when present.)

Example:

# libata emulated response
[root@localhost ~]# sg_inq --id /dev/sda
VPD INQUIRY: Device Identification page
  Designation descriptor number 1, descriptor length: 24
    designator_type: vendor specific [0x0],  code_set: ASCII
    associated with the addressed logical unit
      vendor specific: QM00001
  Designation descriptor number 2, descriptor length: 72
    designator_type: T10 vendor identification,  code_set: ASCII
    associated with the addressed logical unit
      vendor id: ATA
      vendor specific: QEMU HARDDISK                           QM00001

# QEMU generated ATAPI response, with WWN
[root@localhost ~]# sg_inq --id /dev/sr0
VPD INQUIRY: Device Identification page
  Designation descriptor number 1, descriptor length: 24
    designator_type: vendor specific [0x0],  code_set: ASCII
    associated with the addressed logical unit
      vendor specific: QM00005
  Designation descriptor number 2, descriptor length: 72
    designator_type: T10 vendor identification,  code_set: ASCII
    associated with the addressed logical unit
      vendor id: ATA
      vendor specific: QEMU DVD-ROM                            QM00005
  Designation descriptor number 3, descriptor length: 12
    designator_type: NAA,  code_set: Binary
    associated with the addressed logical unit
      NAA 5, IEEE Company_id: 0xc50
      Vendor Specific Identifier: 0x15ea71bb
      [0x5000c50015ea71bb]

See also: hw/scsi/scsi-disk.c, scsi_disk_emulate_inquiry()

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Fam Zheng
bb00021de0 block: Split BLOCK_OP_TYPE_COMMIT to BLOCK_OP_TYPE_COMMIT_{SOURCE, TARGET}
Like BLOCK_OP_TYPE_BACKUP_SOURCE and BLOCK_OP_TYPE_BACKUP_TARGET,
block-commit involves two asymmetric devices.

This change is not user-visible (yet), because commit only works with
device names.

But once we enable backing reference in blockdev-add, or specifying
node-name in block-commit command, we don't want the user to start two
commit jobs on the same backing chain, which will corrupt things because
of the final bdrv_swap.

Before we have per category blockers, splitting this type is still
better.

[Resolved virtio-blk dataplane conflict by replacing
BLOCK_OP_TYPE_COMMIT with both BLOCK_OP_TYPE_COMMIT_{SOURCE, TARGET}.
They are safe since the block job runs in the same AioContext as the
dataplane IOThread.
--Stefan]

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Peter Lieven
095e4fa4b5 block: limited request size in write zeroes unsupported path
If bs->bl.max_write_zeroes is large and we end up in the unsupported
path we might allocate a lot of memory for the iovector and/or even
generate an oversized requests.

Fix this by limiting the request by the minimum of the reported
maximum transfer size or 16MB (32768 sectors).

Reported-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Message-id: 1420457389-16332-1-git-send-email-pl@kamp.de
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Peter Lieven
51a2219bdc coroutine: try harder not to delete coroutines
Placing coroutines on the global pool should be preferrable, because it
can help all threads.  But if the global pool is full, we can still
try to save some allocations by stashing completed coroutines on the
local pool.  This is quite cheap too, because it does not require
atomic operations, and provides a gain of 15% in the best case.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417518350-6167-8-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Paolo Bonzini
66552b894b coroutine: drop qemu_coroutine_adjust_pool_size
This is not needed anymore.  The new TLS-based algorithm is adaptive.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417518350-6167-7-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Paolo Bonzini
4d68e86bb1 coroutine: rewrite pool to avoid mutex
This patch removes the mutex by using fancy lock-free manipulation of
the pool.  Lock-free stacks and queues are not hard, but they can suffer
from the ABA problem so they are better avoided unless you have some
deferred reclamation scheme like RCU.  Otherwise you have to stick
with adding to a list, and emptying it completely.  This is what this
patch does, by coupling a lock-free global list of available coroutines
with per-CPU lists that are actually used on coroutine creation.

Whenever the destruction pool is big enough, the next thread that runs
out of coroutines will steal the whole destruction pool.  This is positive
in two ways:

1) the allocation does not have to do any atomic operation in the fast
path, it's entirely using thread-local storage.  Once every POOL_BATCH_SIZE
allocations it will do a single atomic_xchg.  Release does an atomic_cmpxchg
loop, that hopefully doesn't cause any starvation, and an atomic_inc.

A later patch will also remove atomic operations from the release path,
and try to avoid the atomic_xchg altogether---succeeding in doing so if
all devices either use ioeventfd or are not submitting requests actively.

2) in theory this should be completely adaptive.  The number of coroutines
around should be a little more than POOL_BATCH_SIZE * number of allocating
threads; so this also empties qemu_coroutine_adjust_pool_size.  (The previous
pool size was POOL_BATCH_SIZE * number of block backends, so it was a bit
more generous.  But if you actually have many high-iodepth disks, it's better
to put them in different iothreads, which will also use separate thread
pools and aio=native file descriptors).

This speeds up perf/cost (in tests/test-coroutine) by a factor of ~1.33.
No matter if we end with some kind of coroutine bypass scheme or not,
it cannot hurt to optimize hot code.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417518350-6167-6-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Paolo Bonzini
c740ad92d0 QSLIST: add lock-free operations
These operations are trivial to implement and do not have ABA problems.
They are enough to implement simple multiple-producer, single consumer
lock-free lists or, as in the next patch, the multiple consumers can
steal a whole batch of elements and process them at their leisure.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417518350-6167-5-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Paolo Bonzini
6d86ae0824 test-coroutine: avoid overflow on 32-bit systems
unsigned long is not large enough to represent 1000000000 * duration there.
Just use floating point.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417518350-6167-4-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Paolo Bonzini
ef57137f1b qemu-thread: add per-thread atexit functions
Destructors are the main additional feature of pthread TLS compared
to __thread.  If we were using C++ (hint, hint!) we could have used
thread-local objects with a destructor.  Since we are not, instead,
we add a simple Notifier-based API.

Note that the notifier must be per-thread as well.  We can add a
global list as well later, perhaps.

The Win32 implementation has some complications because a) detached
threads used not to have a QemuThreadData; b) the main thread does
not go through win32_start_routine, so we have to use atexit too.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417518350-6167-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:29 +00:00
Paolo Bonzini
d1d1b206b0 coroutine-ucontext: use __thread
ELF thread local storage is about 10% faster on tests/test-coroutine's
perf/cost test.  The timing on my machine is 190ns per iteration with
pthread TLS, 170 with ELF TLS.

Based on a patch by Kevin Wolf and Peter Lieven, but redone to follow
the model of coroutine-win32.c (including the important "noinline"
attribute!).

Platforms without thread-local storage (OpenBSD probably?) will need
a new-enough GCC for this to compile, in order to use the same emutls
support that Windows already relies on.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417518350-6167-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:28 +00:00
Fam Zheng
bc52169660 qemu-iotests: Add supported os parameter for python tests
If I understand correctly, qemu-iotests never meant to be portable. We
only support Linux for all the shell cases, but didn't specify it for
python tests. Now add this and default all the python tests as Linux
only. If we cares enough later, we can override the parameter in
individual cases.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:28 +00:00
Fam Zheng
9c8ab1ae0d qemu-iotests: Add "_supported_os Linux" to 058
Other cases have this, and this test is not portable as well, as we want
to add "make check-block" to "make check", it shouldn't fail on Mac OS
X.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:28 +00:00
Fam Zheng
a2d9c0c407 qemu-iotests: Replace "/bin/true" with "true"
The former is not portable because on Mac OSX it is /usr/bin/true.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:28 +00:00
Fam Zheng
1dbe67503b .gitignore: Ignore generated "common.env"
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 13:43:28 +00:00
Liang Li
99605175c9 xen-pt: Fix PCI devices re-attach failed
Use the 'xl pci-attach $DomU $BDF' command to attach more than
one PCI devices to the guest, then detach the devices with
'xl pci-detach $DomU $BDF', after that, re-attach these PCI
devices again, an error message will be reported like following:

    libxl: error: libxl_qmp.c:287:qmp_handle_error_response: receive
    an error message from QMP server: Duplicate ID 'pci-pt-03_10.1'
    for device.

If using the 'address_space_memory' as the parameter of
'memory_listener_register', 'xen_pt_region_del' will not be called
if the memory region's name is not 'xen-pci-pt-*' when the devices
is detached. This will cause the device's related QemuOpts object
not be released properly.

Using the device's address space can avoid such issue, because the
calling count of 'xen_pt_region_add' when attaching and the calling
count of 'xen_pt_region_del' when detaching is the same, so all the
memory region ref and unref by the 'xen_pt_region_add' and
'xen_pt_region_del' can be released properly.

Signed-off-by: Liang Li <liang.z.li@intel.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reported-by: Longtao Pang <longtaox.pang@intel.com>
2015-01-13 11:49:46 +00:00
Marc Marí
292be092ad libqos: Convert malloc-pc allocator to a generic allocator
The allocator in malloc-pc has been extracted, so it can be used in every arch.
This operation showed that both the alloc and free functions can be also
generic.
Because of this, the QGuestAllocator has been removed from is function to wrap
the alloc and free function, and now just contains the allocator parameters.
As a result, only the allocator initalizer and unitializer are arch dependent.

Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 11:47:57 +00:00
Vladimir Sementsov-Ogievskiy
04636dc410 migration/block: fix pending() return value
Because of wrong return value of .save_live_pending() in
migration/block.c, migration finishes before the whole disk is
transferred. Such situation occurs when the migration process is fast
enough, for example when source and dest are on the same host.

If in the bulk phase we return something < max_size, we will skip
transferring the tail of the device. Currently we have "set pending to
BLOCK_SIZE if it is zero" for bulk phase, but there no guarantee, that
it will be < max_size.

True approach is to return, for example, max_size+1 when we are in the
bulk phase.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@parallels.com>
Message-id: 1419933856-4018-2-git-send-email-vsementsov@parallels.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-13 11:47:56 +00:00
Max Reitz
4dd7b8d30c iotests: Filter out "I/O thread spun..." warning
Filter out the "main loop: WARNING: I/O thread spun for..." warning from
qemu output (it hardly matters for code specifically testing I/O).

Furthermore, use _filter_qemu in all the custom functions which run
qemu.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:56 +00:00
Fam Zheng
7c6a4ab871 qemu-iotests: Test blockdev-backup in 055
This applies cases on drive-backup on blockdev-backup, except cases with
target format and mode.

Also add a case to check source == target.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1418899027-8445-5-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-01-13 11:47:56 +00:00
Fam Zheng
bd8baecddc block: Add blockdev-backup to transaction
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1418899027-8445-4-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-01-13 11:47:56 +00:00
Fam Zheng
c29c1dd312 qmp: Add command 'blockdev-backup'
Similar to drive-backup, but this command uses a device id as target
instead of creating/opening an image file.

Also add blocker on target bs, since the target is also a named device
now.

Add check and report error for bs == target which became possible but is
an illegal case with introduction of blockdev-backup.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1418899027-8445-3-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-01-13 11:47:56 +00:00
Fam Zheng
b7b9d39a7a qapi: Comment version info in TransactionAction
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1418899027-8445-2-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-01-13 11:47:56 +00:00
Vladimir Sementsov-Ogievskiy
c4237dfa63 block: fix spoiling all dirty bitmaps by mirror and migration
Mirror and migration use dirty bitmaps for their purposes, and since
commit [block: per caller dirty bitmap] they use their own bitmaps, not
the global one. But they use old functions bdrv_set_dirty and
bdrv_reset_dirty, which change all dirty bitmaps.

Named dirty bitmaps series by Fam and Snow are affected: mirroring and
migration will spoil all (not related to this mirroring or migration)
named dirty bitmaps.

This patch fixes this by adding bdrv_set_dirty_bitmap and
bdrv_reset_dirty_bitmap, which change concrete bitmap. Also, to prevent
such mistakes in future, old functions bdrv_(set,reset)_dirty are made
static, for internal block usage.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@parallels.com>
CC: John Snow <jsnow@redhat.com>
CC: Fam Zheng <famz@redhat.com>
CC: Denis V. Lunev <den@openvz.org>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417081246-3593-1-git-send-email-vsementsov@parallels.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-01-13 11:47:56 +00:00
Fam Zheng
a06e43556e qapi: Fix document for BlockStats.node-name
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1418694024-26498-1-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-01-13 11:47:56 +00:00
Max Reitz
527ab22a2a iotests: Add test for relative backing file names
Sometimes, qemu does not have a filename to work with, so it does not
know which directory to use for a backing file specified by a relative
filename. Add a test which tests that qemu exits with an appropriate
error message.

Additionally, add a test for qemu-img create with a backing filename
relative to the backed image's base directory while omitting the image
size.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:56 +00:00
Max Reitz
1085daf941 block/vmdk: Relative backing file for creation
When a vmdk image is created with a backing file, it is opened to check
whether it is indeed a vmdk file by letting qemu probe it. When doing
so, the backing filename is relative to the image's base directory so it
should be interpreted accordingly.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:56 +00:00
Max Reitz
291680186f block: Relative backing file for image creation
Relative backing filenames are always relative to the backed image's
directory; the same applies to image creation. Therefore, if the backing
file has to be opened for determining its size (in case the size has not
been explicitly specified) its filename should be interpreted relative
to the new image's base directory and not relative to qemu's working
directory.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:56 +00:00
Max Reitz
9f07429e88 block: JSON filenames and relative backing files
When using a relative backing file name, qemu needs to know the
directory of the top image file. For JSON filenames, such a directory
cannot be easily determined (e.g. how do you determine the directory of
a qcow2 BDS directly on top of a quorum BDS?). Therefore, do not allow
relative filenames for the backing file of BDSs only having a JSON
filename.

Furthermore, BDS::exact_filename should be used whenever possible. If
BDS::filename is not equal to BDS::exact_filename, the former will
always be a JSON object.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:56 +00:00
Max Reitz
0a82855a1a block: Get full backing filename from string
Introduce bdrv_get_full_backing_filename_from_filename(), a function
which takes the name of the backed file and a potentially relative
backing filename to produce the full (absolute) backing filename.

Use this function from bdrv_get_full_backing_filename().

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:56 +00:00
Max Reitz
a97ceca578 checkpatch: Brace handling on multi-line condition
CODING_STYLE states the following about braces around blocks:

> The opening brace is on the line that contains the control flow
> statement that introduces the new block; [...]

This is obviously impossible with multi-line conditions. Therefore,
CODING_STYLE does not make any clear statement about where to put the
opening brace after a multi-line condition.

There is a reason to prefer to place the opening brace on an own line
after such a condition while still placing it on the same line as the
"control flow statement" if possible; that reason is that the last line
of a multi-line condition is indented, in the case of "if", it is often
indented by four spaces, just as much as the first statement in the
block will be indented. This is hard to read as there is no clearly
visible distinction between condition and block. Placing the opening
brace on a separate line solves this issue.

Also, there are cases where placing the opening brace on a separate line
is the only viable option; if the previous line had nearly 80 characters
and splitting it is not desirable, the opening brace is naturally placed
on an own line.

This patch fixes checkpatch.pl to not complain about braces on own lines
if the condition introducing the block spanned more than one line, or if
the previous line had 79 or 80 characters.

Furthermore, the warning about not having braces around a block is fixed
to mind braces not being on the last line of the condition.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:56 +00:00
Paolo Bonzini
ee82310f8a block: replace g_new0 with g_new for bottom half allocation.
This saves about 15% of the clock cycles spent on allocation.  Using the
slice allocator does not add a visible improvement; allocation is faster
than malloc, while freeing seems to be slower.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:56 +00:00
Paolo Bonzini
e012b78cf5 block: do not allocate an iovec per read of a growable/zero_after_eof BDS
Most reads do not go past the end of the file, and they can use the
input QEMUIOVector instead of creating one.  This removes the
qemu_iovec_* functions from the profile.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:56 +00:00
Paolo Bonzini
fcf5def1ab block: mark AioContext as recursive
AioContext can be accessed recursively, in fact that's what we do with
aio_poll.  Marking the GSource as recursive avoids that GLib blocks it
and unblocks it around every call to aio_dispatch, which is a pretty
expensive operation.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:55 +00:00
Fam Zheng
b8aff7d6bf qemu-iotests: Speed up make check-block
Using /tmp, which is usually mounted as tmpfs, the quick group can be
quicker.

On my laptop (Lenovo T430s with Fedora 20), this reduces the time from
50s to 30s.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:55 +00:00
Fam Zheng
709e57753b qemu-iotests: Remove 091 from quick group
For the purpose of allowing running quick group on tmpfs.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13 11:47:55 +00:00
Peter Maydell
7d5ad15d17 Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
# gpg: Signature made Mon 12 Jan 2015 10:27:41 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/net-pull-request:
  hw/net/xen_nic.c: Set 'netdev->mac' to NULL after free it
  hw/net/xen_nic.c: Need free 'netdev->nic' in net_free() instead of net_disconnect()
  hw/net/xen_nic.c: Free 'netdev->txs' when map 'netdev->rxs' fails
  net: remove all cleanup methods from NIC NetClientInfos

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-12 11:13:24 +00:00
Chen Gang
a39d97c7be hw/net/xen_nic.c: Set 'netdev->mac' to NULL after free it
Since net_init() checks whether 'netdev->mac' is NULL, before alloc it;
net_release() also need set 'netdev->mac' to NULL after free it.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-12 10:16:23 +00:00
Chen Gang
d46858377b hw/net/xen_nic.c: Need free 'netdev->nic' in net_free() instead of net_disconnect()
net_init() and net_free() are pairs, net_connect() and net_disconnect()
are pairs. net_init() creates 'netdev->nic', so also need free it in
net_free().

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-12 10:16:23 +00:00
Chen Gang
b4f72e31b9 hw/net/xen_nic.c: Free 'netdev->txs' when map 'netdev->rxs' fails
When map 'netdev->rxs' fails, need free the original resource, or will
cause resource leak.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-12 10:16:23 +00:00
Paolo Bonzini
57407ea44c net: remove all cleanup methods from NIC NetClientInfos
All NICs have a cleanup function that, in most cases, zeroes the pointer
to the NICState.  In some cases, it frees data belonging to the NIC.

However, this function is never called except when exiting from QEMU.
It is not necessary to NULL pointers and free data here; the right place
to do that would be in the device's unrealize function, after calling
qemu_del_nic.  Zeroing the NIC multiple times is also wrong for multiqueue
devices.

This cleanup function gets in the way of making the NetClientStates for
the NIC hold an object_ref reference to the object, so get rid of it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-01-12 10:16:23 +00:00
Peter Maydell
5435f1d77e Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20150112-v3' into staging
s390x patches for 2.3.

Highlight is support for PCI devices on s390x. Otherwise, performance
improvements (register sync) and small cleanups.

# gpg: Signature made Mon 12 Jan 2015 09:49:31 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"

* remotes/cohuck/tags/s390x-20150112-v3:
  kvm: extend kvm_irqchip_add_msi_route to work on s390
  s390: implement pci instructions
  s390: Add PCI bus support
  s390x/kvm: avoid syscalls by syncing registers with kvm_run
  s390x/kvm: sync register support helper function
  s390x/css: Clean up unnecessary CONFIG_USER_ONLY wrappers
  s390x/ccw: fix oddity in machine class init

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-12 10:09:41 +00:00
Frank Blaschka
9e03a0405d kvm: extend kvm_irqchip_add_msi_route to work on s390
on s390 MSI-X irqs are presented as thin or adapter interrupts
for this we have to reorganize the routing entry to contain
valid information for the adapter interrupt code on s390.
To minimize impact on existing code we introduce an architecture
function to fixup the routing entry.

Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-01-12 10:14:04 +01:00
Frank Blaschka
863f6f52b7 s390: implement pci instructions
This patch implements the s390 pci instructions in qemu. It allows
to access and drive pci devices attached to the s390 pci bus.
Because of platform constrains devices using IO BARs are not
supported. Also a device has to support MSI/MSI-X to run on s390.

Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-01-12 10:14:04 +01:00
Frank Blaschka
8cba80c3a0 s390: Add PCI bus support
This patch implements a pci bus for s390x together with infrastructure
to generate and handle hotplug events, to configure/unconfigure via
sclp instruction, to do iommu translations and provide s390 support for
MSI/MSI-X notification processing.

Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-01-12 10:14:04 +01:00
David Hildenbrand
59ac15326e s390x/kvm: avoid syscalls by syncing registers with kvm_run
We can avoid loads of syscalls when dropping to user space by storing the values
of more registers directly within kvm_run.

Support is added for:
- ARCH0: CPU timer, clock comparator, TOD programmable register,
         guest breaking-event register, program parameter
- PFAULT: pfault parameters (token, select, compare)

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-01-12 10:14:04 +01:00
David Hildenbrand
fdb78ec006 s390x/kvm: sync register support helper function
Let's unify the code to sync registers by moving the checks into a helper
function can_sync_regs().

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-01-12 10:14:04 +01:00
Thomas Huth
6781fc412e s390x/css: Clean up unnecessary CONFIG_USER_ONLY wrappers
The css functions are only used from ioinst.c and other files that are
only built for CONFIG_SOFTMMU. So we do not need the dummy wrappers for
the CONFIG_USER_ONLY target in the cpu.h header.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Jason J. Herne <jjherne@us.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-01-12 10:14:04 +01:00
Cornelia Huck
fb85b34da7 s390x/ccw: fix oddity in machine class init
ccw_machine_class_init() uses ',' instead of ';' while initializing
the class' fields. This is almost certainly a copy/paste error and,
while legal C, rather on the unusual side. Just use ';' everywhere.

Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-01-12 10:14:04 +01:00
Peter Maydell
64ea8038ff Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150109.0' into staging
VFIO fixes:
- Fix 32bit overflow in handling large PCI BARs (Alex Williamson)
- Fix interrupt shutdown ordering (Alex Williamson)

# gpg: Signature made Fri 09 Jan 2015 16:23:42 GMT using RSA key ID 3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"

* remotes/awilliam/tags/vfio-update-20150109.0:
  vfio-pci: Fix interrupt disabling
  vfio-pci: Fix BAR size overflow

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-10 22:29:09 +00:00
Peter Maydell
aaf0301917 Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc: resizeable ROM blocks

This makes ROM blocks resizeable.  This infrastructure is required for other
functionality we have queued.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Thu 08 Jan 2015 11:19:24 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  acpi-build: make ROMs RAM blocks resizeable
  memory: API to allocate resizeable RAM MR
  arch_init: support resizing on incoming migration
  exec: qemu_ram_alloc_resizeable, qemu_ram_resize
  exec: split length -> used_length/max_length
  exec: cpu_physical_memory_set/clear_dirty_range
  memory: add memory_region_set_size

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-10 21:02:23 +00:00
Peter Maydell
97052d64e4 Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging
Patch queue for ppc - 2015-01-07

New year's release. This time's highlights:

  - E500: More RAM support
  - pseries: New SLOF release
  - Migration fixes
  - Simplify USB spawning logic, removes support for explicit usb=off
  - TCG: Simple untansactional TM emulation

# gpg: Signature made Wed 07 Jan 2015 15:19:37 GMT using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg:                 aka "Alexander Graf <alex@csgraf.de>"

* remotes/agraf/tags/signed-ppc-for-upstream: (37 commits)
  hw/ppc/mac_newworld: simplify usb controller creation logic
  hw/ppc/spapr: simplify usb controller creation logic
  hw/ppc/mac_newworld: QOMified mac99 machines
  hw/usb: simplified usb_enabled
  hw/machine: added machine_usb wrapper
  hw/ppc: modified the condition for usb controllers to be created for some ppc machines
  target-ppc: Cast ssize_t to size_t before printing with %zx
  target-ppc: Mark SR() and gen_sync_exception() as !CONFIG_USER_ONLY
  PPC: e500: Fix GPIO controller interrupt number
  target-ppc: Introduce Privileged TM Noops
  target-ppc: Introduce tcheck
  target-ppc: Introduce TM Noops
  target-ppc: Introduce tbegin
  target-ppc: Introduce TEXASRU Bit Fields
  target-ppc: Power8 Supports Transactional Memory
  target-ppc: Introduce tm_enabled Bit to CPU State
  target-ppc: Introduce Feature Flag for Transactional Memory
  target-ppc: Introduce Instruction Type for Transactional Memory
  pseries: Update SLOF firmware image to 20141202
  PPC: Fix crash on spapr_tce_table_finalize()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-10 19:50:21 +00:00
Peter Maydell
e77d927f1a Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20150105' into staging
seccomp branch queue

# gpg: Signature made Mon 05 Jan 2015 17:17:01 GMT using RSA key ID 12F8BD2F
# gpg: Can't check signature: public key not found

* remotes/otubo/tags/pull-seccomp-20150105:
  seccomp: add mbind() to the syscall whitelist
  seccomp: typo in configure error message

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-10 19:06:41 +00:00
Eduardo Habkost
ec2cbbdd80 vl: Don't silently change topology when all -smp options were set
QEMU tries to change the "threads" option even if it was explicitly set
in the command-line, and it shouldn't do that.

The right thing to do when all options (cpus, sockets, cores, threds)
are explicitly set is to sanity check them and abort in case they don't
make sense (i.e. when sockets*cores*threads < cpus).

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-09 23:41:12 +01:00
Andrew Jones
c00cd99527 vl: fix max_cpus check
We should confirm max_cpus, which is >= smp_cpus, is
<= the machine's true max_cpus, not just smp_cpus.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-09 23:41:12 +01:00
Eduardo Habkost
719cac1ce2 vl: Avoid unnecessary 'if' nesting
Just a coding style change, to make other changes easier to review.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-09 23:41:11 +01:00
SeokYeon Hwang
4d91558d60 9pfs: changed to use event_notifier instead of qemu_pipe
Changed to use event_notifier instead of qemu_pipe.
It is necessary for porting 9pfs to Windows and MacOS.

Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-09 23:41:11 +01:00
Marcel Apfelbaum
364c3e6b8d vl.c: fix regression when reading machine type from config file
After 'Machine as QOM' series the machine type input triggers
the creation of the machine class.
If the machine type is set in the configuration file, the machine
class is not updated accordingly and remains the default.

Fixed that by querying the machine options after the configuration
file is loaded.

Cc: qemu-stable@nongnu.org
Reported-by: William Dauchy <william@gandi.net>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-09 23:41:11 +01:00
Gal Hammer
e76d442043 char: restore stdio echo on resume from suspend.
The monitor's auto-completion feature stopped working when stdio is used
as an input and qemu was resumed after it was suspended (using ctrl-z).

Signed-off-by: Gal Hammer <ghammer@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-09 23:41:11 +01:00
Peter Maydell
f1c5831ca3 Merge remote-tracking branch 'remotes/amit-virtio-rng/tags/rng-for-2.3' into staging
Fixes an init-time check for parameter validity

# gpg: Signature made Mon 05 Jan 2015 08:34:05 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit-virtio-rng/tags/rng-for-2.3:
  virtio-rng: fix check for period_ms validity

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-09 18:55:29 +00:00
Peter Maydell
11fe680858 Merge remote-tracking branch 'remotes/amit/tags/for-2.3' into staging
Migration fix for virtio-serial devices on bi-endian targets by David
Gibson.

# gpg: Signature made Mon 05 Jan 2015 07:26:07 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit/tags/for-2.3:
  virtio-serial: Don't keep a persistent copy of config space
  virtio_serial: Don't use vser->config.max_nr_ports internally

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-09 17:59:16 +00:00
Peter Maydell
a4ba200894 Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
More migration fixes and more record/replay preparations.  Also moves
the sdhci-pci device id to make space for the rocker device.

# gpg: Signature made Sat 03 Jan 2015 08:22:36 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  pci: move REDHAT_SDHCI device ID to make room for Rocker
  block/iscsi: fix uninitialized variable
  pckbd: set bits 2-3-6-7 of the output port by default
  serial: refine serial_thr_ipending_needed
  gen-icount: check cflags instead of use_icount global
  translate: check cflags instead of use_icount global
  cpu-exec: add a new CF_USE_ICOUNT cflag
  target-ppc: pass DisasContext to SPR generator functions
  atomic: fix position of volatile qualifier

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-09 16:29:36 +00:00
Alex Williamson
b3e27c3aee vfio-pci: Fix interrupt disabling
When disabling MSI/X interrupts the disable functions will leave the
device in INTx mode (when available).  This matches how hardware
operates, INTx is enabled unless MSI/X is enabled (DisINTx is handled
separately).  Therefore when we really want to disable all interrupts,
such as when removing the device, and we start with the device in
MSI/X mode, we need to pass through INTx on our way to being
completely quiesced.

In well behaved situations, the guest driver will have shutdown the
device and it will start vfio_exitfn() in INTx mode, producing the
desired result.  If hot-unplug causes the guest to crash, we may get
the device in MSI/X state, which will leave QEMU with a bogus handler
installed.

Fix this by re-ordering our disable routine so that it should always
finish in VFIO_INT_NONE state, which is what all callers expect.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-01-09 08:50:53 -07:00
Alex Williamson
29c6e6df49 vfio-pci: Fix BAR size overflow
We use an unsigned int when working with the PCI BAR size, which can
obviously overflow if the BAR is 4GB or larger.  This needs to change
to a fixed length uint64_t.  A similar issue is possible, though even
more unlikely, when mapping the region above an MSI-X table.  The
start of the MSI-X vector table must be below 4GB, but the end, and
therefore the start of the next mapping region, could still land at
4GB.

Suggested-by: Nishank Trivedi <nishank.trivedi@netapp.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Don Slutz <dslutz@verizon.com>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2015-01-09 08:50:53 -07:00
Peter Maydell
7d010ae9e0 Merge remote-tracking branch 'remotes/mwalle/tags/lm32-fixes/20141229' into staging
lm32: milkymist fixes and MAINTAINER update

# gpg: Signature made Tue 30 Dec 2014 16:54:15 GMT using DSA key ID 3F98A378
# gpg: Can't check signature: public key not found

* remotes/mwalle/tags/lm32-fixes/20141229:
  MAINTAINERS: add myself to lm32 and milkymist
  milkymist: softmmu: fix event handling

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-09 15:38:20 +00:00
Marcel Apfelbaum
59a0419856 hw/ppc/mac_newworld: simplify usb controller creation logic
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-7-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-08 17:32:27 +00:00
Marcel Apfelbaum
d941fba0b5 hw/ppc/spapr: simplify usb controller creation logic
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-6-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-08 17:32:27 +00:00
Marcel Apfelbaum
b1c2fb9b29 hw/ppc/mac_newworld: QOMified mac99 machines
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-5-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-08 17:32:27 +00:00
Marcel Apfelbaum
de77a243b3 hw/usb: simplified usb_enabled
The argument is not longer used and the implementation
uses now QOM instead of QemuOpts.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-4-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-08 17:32:27 +00:00
Marcel Apfelbaum
5e97b623c2 hw/machine: added machine_usb wrapper
Following QOM convention, object properties should
not be accessed directly.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-3-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-08 17:32:27 +00:00
Marcel Apfelbaum
f8b6f8edac hw/ppc: modified the condition for usb controllers to be created for some ppc machines
Some ppc machines create a default usb controller based on a 'machine condition'.
Until now the logic was: create the usb controller if:
 -  the usb option was supplied in cli and value is true or
 -  the usb option was absent and both set_defaults and the machine
    condition were true.

Modified the logic to:
Create the usb controller if:
 - the machine condition is true and defaults are enabled or
 - the usb option is supplied and true.

The main for this is to simplify the usb_enabled method.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-2-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-08 17:32:27 +00:00
Michael S. Tsirkin
a1666142db acpi-build: make ROMs RAM blocks resizeable
Use resizeable ram API so we can painlessly extend ROMs in the
future.  Note: migration is not affected, as we are
not actually changing the used length for RAM, which
is the part that's migrated.

Use this in acpi: reserve x16 more RAM space.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-08 13:17:55 +02:00
Michael S. Tsirkin
60786ef339 memory: API to allocate resizeable RAM MR
Add API to allocate resizeable RAM MR.

This looks just like regular RAM generally, but
has a special property that only a portion of it
(used_length) is actually used, and migrated.

This used_length size can change across reboots.

Follow up patches will change used_length for such blocks at migration,
making it easier to extend devices using such RAM (notably ACPI,
but in the future thinkably other ROMs) without breaking migration
compatibility or wasting ROM (guest) memory.

Device is notified on resize, so it can adjust if necessary.

Note: nothing prevents making all RAM resizeable in this way.
However, reviewers felt that only enabling this selectively will
make some class of errors easier to detect.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-08 13:17:55 +02:00
Michael S. Tsirkin
b0cc3f8397 arch_init: support resizing on incoming migration
If block used_length does not match, try to resize it.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-08 13:17:54 +02:00
Michael S. Tsirkin
62be4e3a50 exec: qemu_ram_alloc_resizeable, qemu_ram_resize
Add API to allocate "resizeable" RAM.
This looks just like regular RAM generally, but
has a special property that only a portion of it
(used_length) is actually used, and migrated.

This used_length size can change across reboots.

Follow up patches will change used_length for such blocks at migration,
making it easier to extend devices using such RAM (notably ACPI,
but in the future thinkably other ROMs) without breaking migration
compatibility or wasting ROM (guest) memory.

Device is notified on resize, so it can adjust if necessary.

qemu_ram_alloc_resizeable allocates this memory, qemu_ram_resize resizes
it.

Note: nothing prevents making all RAM resizeable in this way.
However, reviewers felt that only enabling this selectively will
make some class of errors easier to detect.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-08 13:17:54 +02:00
Michael S. Tsirkin
9b8424d573 exec: split length -> used_length/max_length
This patch allows us to distinguish between two
length values for each block:
    max_length - length of memory block that was allocated
    used_length - length of block used by QEMU/guest

Currently, we set used_length - max_length, unconditionally.
Follow-up patches allow used_length <= max_length.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-08 13:17:54 +02:00
Michael S. Tsirkin
c8d6f66ae7 exec: cpu_physical_memory_set/clear_dirty_range
Make cpu_physical_memory_set/clear_dirty_range
behave symmetrically.

To clear range for a given client type only, add
cpu_physical_memory_clear_dirty_range_type.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-08 13:17:54 +02:00
Michael S. Tsirkin
e7af4c6730 memory: add memory_region_set_size
Add API to change MR size.
Will be used internally for RAM resize.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-08 13:17:54 +02:00
Marcel Apfelbaum
75c74ccbe1 hw/ppc/mac_newworld: simplify usb controller creation logic
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:29 +01:00
Marcel Apfelbaum
4ee9ced979 hw/ppc/spapr: simplify usb controller creation logic
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:29 +01:00
Marcel Apfelbaum
b8cbc738de hw/ppc/mac_newworld: QOMified mac99 machines
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:29 +01:00
Marcel Apfelbaum
09f28e5b51 hw/usb: simplified usb_enabled
The argument is not longer used and the implementation
uses now QOM instead of QemuOpts.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:29 +01:00
Marcel Apfelbaum
759bf45d81 hw/machine: added machine_usb wrapper
Following QOM convention, object properties should
not be accessed directly.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:28 +01:00
Marcel Apfelbaum
c760dbb9dc hw/ppc: modified the condition for usb controllers to be created for some ppc machines
Some ppc machines create a default usb controller based on a 'machine condition'.
Until now the logic was: create the usb controller if:
 -  the usb option was supplied in cli and value is true or
 -  the usb option was absent and both set_defaults and the machine
    condition were true.

Modified the logic to:
Create the usb controller if:
 - the machine condition is true and defaults are enabled or
 - the usb option is supplied and true.

The main for this is to simplify the usb_enabled method.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:28 +01:00
Peter Maydell
2f285bdd54 target-ppc: Cast ssize_t to size_t before printing with %zx
The mingw32 compiler complains about trying to print variables of type
ssize_t with the %z format string specifier. Since we're printing it
as unsigned hex anyway, cast to size_t to silence the warning.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:28 +01:00
Peter Maydell
466976d9ee target-ppc: Mark SR() and gen_sync_exception() as !CONFIG_USER_ONLY
The functions SR() and gen_sync_exception() are only used in softmmu
configs; wrap them in #ifndef CONFIG_USER_ONLY to suppress clang warnings
on the linux-user builds.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:28 +01:00
Amit Tomar
82e345f57e PPC: e500: Fix GPIO controller interrupt number
The GPIO controller lives at IRQ 47, not 43 on real hardware. This is a problem
because IRQ 43 is occupied by the I2C controller which we want to implement
next, so we'd have a conflict on that IRQ number.

Move the GPIO controller to IRQ 47 where it belongs.

Signed-off-by: Amit Singh Tomar <amit.tomar@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:28 +01:00
Tom Musta
f83c2378bb target-ppc: Introduce Privileged TM Noops
Add the supervisory Transactional Memory instructions treclaim. and
trechkpt.  The implementation is a degenerate one that simply
checks privileged state, TM availability and then sets CR[0] to
0b0000, just like the unprivileged noops.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:28 +01:00
Tom Musta
aeedd58234 target-ppc: Introduce tcheck
Add a degenerate implementation of the Transaction Check (tcheck)
instruction.  Since transaction always immediately fail, this
implementation simply sets CR[BF] to 0b1000, i.e. TDOOMED = 1
and MSR[TS] == 0.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:28 +01:00
Tom Musta
56a846157e target-ppc: Introduce TM Noops
Add degenerate implementations of the non-privileged Transactional
Memory instructions tend., tabort*. and tsr.  This implementation
simply checks the MSR[TM] bit and then sets CR0 to 0b0000.  This
is a reasonable degenerate implementation since transactions are
never allowed to begin and hence MSR[TS] is always 0b00.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:27 +01:00
Tom Musta
0ff93d11bc target-ppc: Introduce tbegin
Provide a degenerate implementation of the tbegin instruction.  This
implementation always fails the transaction, recording the failure
per Book II Section 5.3.2 of the Power ISA V2.07.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:27 +01:00
Tom Musta
aac862379c target-ppc: Introduce TEXASRU Bit Fields
Define mnemonics for the various bit fields in the Transaction
EXception And Summary Register (TEXASR).
Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:27 +01:00
Tom Musta
3e28c5e363 target-ppc: Power8 Supports Transactional Memory
The Power8 processor implements the Transactional Memory Facility
as defined in Power ISA 2.07.  Update the initialization code to
indicate this.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:27 +01:00
Tom Musta
69d1a93774 target-ppc: Introduce tm_enabled Bit to CPU State
Add a bit (tm_enabled) to CPU state that mirrors the MSR[TM] bit.
This is analogous to the other "available" bits in the MSR (FP,
VSX, etc.).

NOTE: Since MSR[TM] occupies big-endian bit 31, the code is wrapped
with a PPC64 bit check.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:27 +01:00
Tom Musta
e43668a7d2 target-ppc: Introduce Feature Flag for Transactional Memory
Add a flag (POWERPC_FLAG_TM) for the Transactional Memory
Facility introduced in Power ISA 2.07.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:27 +01:00
Tom Musta
f90468b646 target-ppc: Introduce Instruction Type for Transactional Memory
Add a category (PPC2_TM) for the Transactional Memory instructions
introduced in Power ISA 2.07.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:27 +01:00
Alexey Kardashevskiy
549cfe5d5d pseries: Update SLOF firmware image to 20141202
The changelog is:
  > version: update to 20141202
  > ipv4: Fix send packet across a subnet
  > pci: scan only type 0 and type 1
  > usb-xhci: support xhci extended capabilities
  > Fix term-io-key to also work when stdin has not been set yet
  > net-snk: llfw startup is using the wrong offset to handler
  > net-snk: Make call_client_interface() a bit more ABI compliant
  > net-snk: Remove custom printf version
  > net-snk: Sanitize our .lds file
  > net-snk: Avoid type clash for stdin & stdout
  > net-snk: use socket descriptor in the network stack
  > net-snk: Remove printk() in favor of printf()
  > net-snk: Remove redundant prototypes
  > net-snk: Remove unused timer functions
  > net-snk: Remove some unused PCI functions
  > net-snk: Remove module system
  > net-snk: Remove insmod/rmmod
  > net-snk: Remove snk_kernel_interface and related definitions
  > net-snk: Remove pci/vio_config gunk
  > js2x: Fix build
  > net-snk: Remoe some now unused "kernel" functions
  > rtas: Improve error handling in instantiate-rtas
  > version: update to 20140827
  > Add private HCALL to inform updated RTAS base and entry
  > xhci: fix port assignment

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:27 +01:00
David Gibson
5f9490de56 PPC: Fix crash on spapr_tce_table_finalize()
spapr_tce_table_finalize() can SEGV if the object was not previously
realized.  In particular this can be triggered by running
         qemu-system-ppc -device spapr-tce-table,?

The basic problem is that we have mismatched initialization versus
finalization: spapr_tce_table_finalize() is attempting to undo things that
are done in spapr_tce_table_realize(), not an instance_init function.

Therefore, replace spapr_tce_table_finalize() with
spapr_tce_table_unrealize().

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:26 +01:00
Paolo Bonzini
77bad151fb ppc: do not use get_clock_realtime()
Use the external qemu-timer API instead.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:26 +01:00
Sergey Fedorov
2bf9febc95 device-tree: fix memory leak
Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:26 +01:00
Samuel Mendoza-Jonas
e6b8fd246c spapr: Fix stale HTAB during live migration (TCG)
If a TCG guest reboots during a running migration HTAB entries are not
marked dirty, and the destination boots with an invalid HTAB.

When a reboot occurs, explicitly mark the current HTAB dirty after
clearing it.

Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:26 +01:00
Samuel Mendoza-Jonas
338c25b692 spapr: Fix integer overflow during migration (TCG)
The n_valid and n_invalid fields are unsigned short integers but it is
possible to have more than 65535 entries in a contiguous hunk, overflowing
the field. This results in an incorrect HTAB being sent to the destination
during migration.

Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:26 +01:00
Samuel Mendoza-Jonas
01a579729b spapr: Fix stale HTAB during live migration (KVM)
If a guest reboots during a running migration, changes to the
hash page table are not necessarily updated on the destination.
Opening a new file descriptor to the HTAB forces the migration
handler to resend the entire table.

Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:26 +01:00
Cédric Le Goater
e094c4c12f target-ppc: explicitly save page table headers in big endian
Currently, when the page tables are saved, the kvm_get_htab_header structs
and the ptes are assumed being big endian and dumped as a indistinct blob
in the statefile. This is no longer true when the host is little endian
and this breaks restoration.

This patch unfolds the kvmppc_save_htab routine to write explicitly the
kvm_get_htab_header structs in big endian. The ptes are left untouched.

Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:26 +01:00
Tom Musta
58dd0a4787 target-ppc: Eliminate set_fprf Argument From helper_compute_fprf
The set_fprf argument to the helper_compute_fprf helper function
is no longer necessary -- the helper is only invoked when FPSCR[FPRF]
is going to be set.

Eliminate the unnecessary argument from the function signature and
its corresponding implementation.  Change the return value of the
helper to "void".  Update the name of the local variable "ret" to
"fprf", which now makes more sense.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:25 +01:00
Tom Musta
7d45556eff target-ppc: Eliminate set_fprf Argument From gen_compute_fprf
The set_fprf argument to the gen_compute_fprf() utility is no longer
needed -- gen_compute_fprf() is now called only when FPRF is actually
computed and set.  Eliminate the obsolete argument.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:25 +01:00
Tom Musta
00e6fd3e03 target-ppc: Fully Migrate to gen_set_cr1_from_fpscr
Eliminate the set_rc argument from the gen_compute_fprf utility and
the corresponding (and incorrect) implementation.  Replace it with
calls to the gen_set_cr1_from_fpscr() utility.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:25 +01:00
Tom Musta
14ba79c73a target-ppc: mffs. Should Set CR1 from FPSCR Bits
Update the Move From FPSCR (mffs.) instruction to correctly
set CR[1] from FPSCR[FX,FEX,VX,OX].

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:25 +01:00
Tom Musta
4814f2d116 target-ppc: Fix Floating Point Move Instructions That Set CR1
The Floating Point Move instructions (fmr., fabs., fnabs., fneg.,
and fcpsgn.) incorrectly copy FPSCR[FPCC] instead of [FX,FEX,VX,OX].
Furthermore, the current code does this via a call to gen_compute_fprf,
which is awkward since these instructions do not actually set FPRF.

Change the code to use the gen_set_cr1_from_fpscr utility.

Signed-off-by: Tom Musta <tommusta@gmail.com>
[agraf: whitespace fixes]
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:25 +01:00
Tom Musta
b748863a7f target-ppc: VXSQRT Should Not Be Set for NaNs
The Power ISA square root instructions (fsqrt[s], frsqrte[s]) must
set the FPSCR[VXSQRT] flag when operating on a negative value.
However, NaNs have no sign and therefore this flag should not
be set when operating on one.

Change the order of the checks in the helper code.  Move the
SNaN-to-QNaN macro to the top of the file so that it can be
re-used.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:25 +01:00
Tom Musta
2791128e2f target-ppc: Load/Store Vector Element Storage Alignment
The Load Vector Element Indexed and Store Vector Element Indexed
instructions compute an effective address in the usual manner.
However, they truncate that address to the natural boundary.
For example, the lvewx instruction will ignore the least significant
two bits of the address and thus load the aligned word of storage.

Fix the generators for these instruction to properly perform this
truncation.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:25 +01:00
Alexander Graf
cb3778a045 PPC: e500 pci host: Add support for ATMUs
The e500 PCI controller has configurable windows that allow a guest OS
to selectively map parts of the PCI bus space to CPU address space and
to selectively map parts of the CPU address space for DMA requests into
PCI visible address ranges.

So far, we've simply assumed that this mapping is 1:1 and ignored it.

However, the PCICSRBAR (CCSR mapped in PCI bus space) always has to live
inside the first 32bits of address space. This means if we always treat
all mappings as 1:1, this map will collide with our RAM map from the CPU's
point of view.

So this patch adds proper ATMU support which allows us to keep the PCICSRBAR
below 32bits local to the PCI bus and have another, different window to PCI
BARs at the upper end of address space. We leverage this on e500plat though,
mpc8544ds stays virtually 1:1 like it was before, but now also goes via ATMU.

With this patch, I can run guests with lots of RAM and not coincidently access
MSI-X mappings while I really want to access RAM.

Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:24 +01:00
Alexander Graf
44045ce974 PPC: mpc8554ds: Tell user about exceeding RAM limits
The mpc8544ds board only supports up to 3GB of RAM due to its limited
address space.

When the user requests more, abort and tell him that he should use less.

Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:24 +01:00
Alexander Graf
e6b4e5f479 PPC: e500: Move CCSR and MMIO space to upper end of address space
On e500 we're basically guaranteed to have 36bits of physical address space
available for our enjoyment. Older chips (like the mpc8544) only had 32bits,
but everything from e500v2 onwards bumped it up.

It's reasonably safe to assume that if you're using the PV machine, your guest
kernel is configured to support 36bit physical address space. So in order to
support more guest RAM, we can move CCSR and other MMIO windows right below the
end of our 36bit address space, just like later SoC versions of e500 do.

With this patch, I'm able to successfully spawn an e500 VM with -m 48G.

Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:24 +01:00
Alexander Graf
2eaaac1f01 PPC: e500: Move CCSR definition to params
We want to have different MMIO region offsets for the mpc8544ds machine
and our e500 PV machine, so move the definitions of those into the machine
specific params struct.

Signed-off-by: Alexander Graf <agraf@suse.de>
2015-01-07 16:16:24 +01:00
Paul Moore
ea259acae5 seccomp: add mbind() to the syscall whitelist
The "memory-backend-ram" QOM object utilizes the mbind(2) syscall to
set the policy for a memory range.  Add the syscall to the seccomp
sandbox whitelist.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Tested-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
2015-01-05 18:13:38 +01:00
Eduardo Otubo
aa49668cc3 seccomp: typo in configure error message
Error message was misleading people to install wrong version of
libseccomp.

Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
2015-01-05 18:08:27 +01:00
Amit Shah
a3a292c420 virtio-rng: fix check for period_ms validity
This was reported for this warning:

hw/virtio/virtio-rng.c:150:31: warning: logical not is only applied to
the left hand side of comparison [-Wlogical-not-parentheses]

Reported-by: dcb
Suggested-by: dcb
Bug: https://bugs.launchpad.net/qemu/+bug/1393486
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-01-05 14:02:47 +05:30
David Gibson
08f432aa3e virtio-serial: Don't keep a persistent copy of config space
The 'config' field in the VirtIOSerial structure keeps a copy of the virtio
console's config space as visible to the guest, that is to say, in guest
endianness.  This is fiddly to maintain, because on some targets, such as
powerpc, the "guest endianness" can change when a new guest OS boots.

In fact, there's no need to maintain such a guest view of config space -
instead we can reconstruct it from host-format data when it is accessed
with get_config.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-01-05 12:50:27 +05:30
David Gibson
f2f6e00b2e virtio_serial: Don't use vser->config.max_nr_ports internally
A number of places in the virtio_serial driver retrieve the number of ports
from vser->config.max_nr_ports, which is guest-endian.  But for internal
users, we already have a host-endian copy of the number of ports in
vser->serial.max_virtserial_ports.  Using that instead of the config field
removes the need for easy-to-forget byteswapping.

In particular this fixes a bug on incoming migration, where we don't adjust
the endianness vser->config correctly, because it hasn't yet been loaded
from the migration stream when virtio_serial_load_device() is called.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-01-05 12:49:58 +05:30
Scott Feldman
5aa8136020 pci: move REDHAT_SDHCI device ID to make room for Rocker
The rocker device uses same PCI device ID as sdhci.  Since rocker device driver
has already been accepted into Linux 3.18, and REDHAT_SDHCI device ID isn't
used by any drivers, it's safe to move REDHAT_SDHCI device ID, avoiding
conflict with rocker.

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-03 09:22:13 +01:00
Peter Wu
debfb917a4 block/iscsi: fix uninitialized variable
'ret' was never initialized in the success path.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-03 09:22:13 +01:00
Paolo Bonzini
d13c040409 pckbd: set bits 2-3-6-7 of the output port by default
OSes typically write 0xdd/0xdf to turn the A20 line off and on.  This
has bits 2-3-6-7 on, so that the output port subsection is migrated.
Change the reset value and migration default to include those four
bits, thus avoiding that the subsection is migrated.

This strictly speaking changes guest ABI, but the long time during which
we have not migrated the value means that the guests really do not care
much; so the change is for all machine types.

Reported-by: Igor Mammedov <imammedo@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-03 09:22:13 +01:00
Paolo Bonzini
bfa7362889 serial: refine serial_thr_ipending_needed
If the THR interrupt is disabled, there is no need to migrate thr_ipending
because LSR.THRE will be sampled again when the interrupt is enabled.
(This is the behavior that is not documented in the datasheet, but
relied on by Windows!)

Note that in this case IIR will never be 0x2 so, if thr_ipending were
to be one, QEMU would produce the subsection.

Reported-by: Igor Mammedov <imammedo@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-03 09:22:12 +01:00
Paolo Bonzini
cd42d5b236 gen-icount: check cflags instead of use_icount global
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-03 09:22:12 +01:00
Paolo Bonzini
bd79255d25 translate: check cflags instead of use_icount global
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-03 09:22:10 +01:00
Michael Walle
4eab7a0a23 MAINTAINERS: add myself to lm32 and milkymist
Add myself to lm32 and milkymist files.

Signed-off-by: Michael Walle <michael@walle.cc>
2014-12-29 17:25:17 +01:00
Michael Walle
857cccac0d milkymist: softmmu: fix event handling
Keys which send more than one scancode (esp. windows key) weren't handled
correctly since commit 1ff5eedd. Two events were put into the input event
queue but only one was processed. This fixes this by fetching all pending
events in the callback handler.

Signed-off-by: Michael Walle <michael@walle.cc>
Cc: Gerd Hoffmann <kraxel@redhat.com>
2014-12-29 17:24:38 +01:00
Peter Maydell
ab0302ee76 Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20141223' into staging
target-arm queue:
 * enable 32-bit EL3 (TrustZone) for vexpress and virt boards
 * add fw_cfg device to virt board for UEFI firmware config
 * support passing commandline kernel/initrd to firmware

# gpg: Signature made Tue 23 Dec 2014 13:50:33 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20141223: (31 commits)
  hw/arm/virt: enable passing of EFI-stubbed kernel to guest UEFI firmware
  hw/arm: pass pristine kernel image to guest firmware over fw_cfg
  hw/loader: split out load_image_gzipped_buffer()
  arm: add fw_cfg to "virt" board
  fw_cfg_mem: expose the "data_width" property with fw_cfg_init_mem_wide()
  fw_cfg_mem: introduce the "data_width" property
  exec: allows 8-byte accesses in subpage_ops
  fw_cfg_mem: flip ctl_mem_ops and data_mem_ops to DEVICE_BIG_ENDIAN
  fw_cfg_mem: max access size and region size are the same for data register
  fw_cfg: move boards to fw_cfg_init_io() / fw_cfg_init_mem()
  fw_cfg: hard separation between the MMIO and I/O port mappings
  target-arm: add cpu feature EL3 to CPUs with Security Extensions
  target-arm: Disable EL3 on unsupported machines
  target-arm: Breakout integratorcp and versatilepb cpu init
  target-arm: Set CPU has_el3 prop during virt init
  target-arm: Enable CPU has_el3 prop during VE init
  target-arm: Add arm_boot_info secure_boot control
  target-arm: Add ARMCPU secure property
  target-arm: Add feature unset function
  target-arm: Add virt machine secure property
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-23 15:05:22 +00:00
Peter Maydell
03de06dde5 Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20141222.0' into staging
VFIO updates:
- Conversion to tracepoints (Eric Auger)
- Fix memory listener address space (Frank Blaschka)
- Move to hw/vfio/ and split common vs pci (Eric Auger & Kim Phillips)
- Trivial error_report() fixes (Alex Williamson)

In addition to enabling S390 with the address space fix and updating
to use tracepoints rather than compile time debug, this set of patches
moves hw/misc/vfio.c to hw/vfio/ and paves the way for vfio-platform
support by splitting common functionality from PCI specific code.

# gpg: Signature made Mon 22 Dec 2014 20:19:43 GMT using RSA key ID 3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"

* remotes/awilliam/tags/vfio-update-20141222.0:
  vfio: Cleanup error_report()s
  hw/vfio: create common module
  hw/vfio/pci: use name field in format strings
  hw/vfio/pci: rename group_list into vfio_group_list
  hw/vfio/pci: split vfio_get_device
  hw/vfio/pci: Introduce VFIORegion
  hw/vfio/pci: handle reset at VFIODevice
  hw/vfio/pci: add type, name and group fields in VFIODevice
  hw/vfio/pci: introduce minimalist VFIODevice with fd
  hw/vfio/pci: generalize mask/unmask to any IRQ index
  hw/vfio/pci: Rename VFIODevice into VFIOPCIDevice
  vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio
  vfio: fix adding memory listener to the right address space
  vfio: migration to trace points

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-23 14:01:14 +00:00
Paolo Bonzini
0266359e57 cpu-exec: add a new CF_USE_ICOUNT cflag
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-23 10:14:53 +01:00
Paolo Bonzini
69b058c881 target-ppc: pass DisasContext to SPR generator functions
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-23 10:14:52 +01:00
Paolo Bonzini
2cbcfb281a atomic: fix position of volatile qualifier
What needs to be volatile is not the pointer, but the pointed-to
value!

Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-23 10:14:46 +01:00
Laszlo Ersek
aa351061db hw/arm/virt: enable passing of EFI-stubbed kernel to guest UEFI firmware
The virt board already ensures mutual exclusion between -bios and -pflash
unit#0; we only need to set "bootinfo.firmware_loaded", introduced in the
previous patch, if either of those options was used to load the guest
firmware.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-12-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:39:20 +00:00
Laszlo Ersek
07abe45c48 hw/arm: pass pristine kernel image to guest firmware over fw_cfg
Introduce the new boolean field "arm_boot_info.firmware_loaded". When this
field is set, it means that the portion of guest DRAM that the VCPU
normally starts to execute, or the pflash chip that the VCPU normally
starts to execute, has been populated by board-specific code with
full-fledged guest firmware code, before the board calls
arm_load_kernel().

Simultaneously, "arm_boot_info.firmware_loaded" guarantees that the board
code has set up the global firmware config instance, for arm_load_kernel()
to find with fw_cfg_find().

Guest kernel (-kernel) and guest firmware (-bios, -pflash) has always been
possible to specify independently on the command line. The following cases
should be considered:

nr  -bios    -pflash  -kernel  description
             unit#0
--  -------  -------  -------  -------------------------------------------
1   present  present  absent   Board code rejects this case, -bios and
    present  present  present  -pflash unit#0 are exclusive. Left intact
                               by this patch.

2   absent   absent   present  Traditional kernel loading, with qemu's
                               minimal board firmware. Left intact by this
                               patch.

3   absent   present  absent   Preexistent case for booting guest firmware
    present  absent   absent   loaded with -bios or -pflash. Left intact
                               by this patch.

4   absent   absent   absent   Preexistent case for not loading any
                               firmware or kernel up-front. Left intact by
                               this patch.

5   present  absent   present  New case introduced by this patch: kernel
    absent   present  present  image is passed to externally loaded
                               firmware in unmodified form, using fw_cfg.

An easy way to see that this patch doesn't interfere with existing cases
is to realize that "info->firmware_loaded" is constant zero at this point.
Which makes the "outer" condition unchanged, and the "inner" condition
(with the fw_cfg-related code) dead.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-11-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:39:20 +00:00
Laszlo Ersek
7d48a0f721 hw/loader: split out load_image_gzipped_buffer()
In the next patch we'd like to reuse the image decompression facility
without installing the output as a ROM at a specific guest-phys address.

In addition, expose LOAD_IMAGE_MAX_GUNZIP_BYTES, because that's a
straightforward "max_sz" argument for the new load_image_gzipped_buffer().

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-10-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:39:19 +00:00
Laszlo Ersek
578f3c7b08 arm: add fw_cfg to "virt" board
fw_cfg already supports exposure over MMIO (used in ppc/mac_newworld.c,
ppc/mac_oldworld.c, sparc/sun4m.c); we can easily add it to the "virt"
board.

Because MMIO access is slow on ARM KVM, we enable the guest, with
fw_cfg_init_mem_wide(), to transfer up to 8 bytes with a single access.
This has been measured to speed up transfers up to 7.5-fold, relative to
single byte data access, on both ARM KVM and x86_64 TCG.

The MMIO register block of fw_cfg is advertized in the device tree. As
base address we pick 0x09020000, which conforms to the comment preceding
"a15memmap": it falls in the miscellaneous device I/O range 128MB..256MB,
and it is aligned at 64KB. The DTB properties follow the documentation in
the Linux source file "Documentation/devicetree/bindings/arm/fw-cfg.txt".

fw_cfg automatically exports a number of files to the guest; for example,
"bootorder" (see fw_cfg_machine_reset()).

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-9-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:39:19 +00:00
Laszlo Ersek
6c87e3d596 fw_cfg_mem: expose the "data_width" property with fw_cfg_init_mem_wide()
We rebase fw_cfg_init_mem() to the new function for compatibility with
current callers.

The behavior of the (big endian) multi-byte data reads is best shown
with a qtest session.  Here, we are reading the first six bytes of
the UUID

    $ arm-softmmu/qemu-system-arm -M virt -machine accel=qtest \
         -qtest stdio -uuid 4600cb32-38ec-4b2f-8acb-81c6ea54f2d8
>>> writew 0x9020008 0x0200
<<< OK
>>> readl 0x9020000
<<< OK 0x000000004600cb32

Remember this is big endian.  On big endian machines, it is stored
directly as 0x46 0x00 0xcb 0x32.

On a little endian machine, we have to first swap it, so that it becomes
0x32cb0046.  When written to memory, it becomes 0x46 0x00 0xcb 0x32
again.

Reading byte-by-byte works too, of course:

>>> readb 0x9020000
<<< OK 0x0000000000000038
>>> readb 0x9020000
<<< OK 0x00000000000000ec

Here only a single byte is read at a time, so they are read in order
similar to the 1-byte data port that is already in PPC and SPARC
machines.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-8-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:39:18 +00:00
Laszlo Ersek
cfaadf0e89 fw_cfg_mem: introduce the "data_width" property
The "data_width" property is capable of changing the maximum valid access
size to the MMIO data register, and resizes the memory region similarly,
at device realization time.

The default value of "data_memwidth" is set so that we don't yet diverge
from "fw_cfg_data_mem_ops".

Most of the fw_cfg_mem users will stick with the default, and for them we
should continue using the statically allocated "fw_cfg_data_mem_ops". This
is beneficial for debugging because gdb can resolve pointers referencing
static objects to the names of those objects.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-7-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:39:18 +00:00
Paolo Bonzini
ff6cff7554 exec: allows 8-byte accesses in subpage_ops
Otherwise fw_cfg accesses are split into 4-byte ones before they reach the
fw_cfg ops / handlers.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-6-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:39:17 +00:00
Laszlo Ersek
d789c84547 fw_cfg_mem: flip ctl_mem_ops and data_mem_ops to DEVICE_BIG_ENDIAN
The standalone selector port (fw_cfg_ctl_mem_ops) is only used by big
endian guests to date (*), hence this change doesn't regress them. Paolo
and Alex have suggested / requested an explicit DEVICE_BIG_ENDIAN setting
here, for clarity.

(*) git grep -l fw_cfg_init_mem

    hw/nvram/fw_cfg.c
    hw/ppc/mac_newworld.c
    hw/ppc/mac_oldworld.c
    hw/sparc/sun4m.c
    include/hw/nvram/fw_cfg.h

The standalone data port (fw_cfg_data_mem_ops) has max_access_size 1 (for
now), hence changing its endianness doesn't change behavior for existing
guest code.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-5-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:39:16 +00:00
Laszlo Ersek
86099db382 fw_cfg_mem: max access size and region size are the same for data register
Make it clear that the maximum access size to the MMIO data register
determines the full size of the memory region.

Currently the max access size is 1.

This patch doesn't change behavior.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-4-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:39:16 +00:00
Laszlo Ersek
66708822cd fw_cfg: move boards to fw_cfg_init_io() / fw_cfg_init_mem()
This allows us to drop the fw_cfg_init() shim and to enforce the possible
mappings at compile time.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:39:15 +00:00
Laszlo Ersek
5712db6ae5 fw_cfg: hard separation between the MMIO and I/O port mappings
We are going to introduce a wide data register for fw_cfg, but only for
the MMIO mapped device. The wide data register will also require the
tightening of endiannesses.

However we don't want to touch the I/O port mapped fw_cfg device at all.

Currently QEMU provides a single fw_cfg device type that can handle both
I/O port and MMIO mapping. This flexibility is not actually exploited by
any board in the tree, but it renders restricting the above changes to
MMIO very hard.

Therefore, let's derive two classes from TYPE_FW_CFG: TYPE_FW_CFG_IO and
TYPE_FW_CFG_MEM.

TYPE_FW_CFG_IO incorporates the base I/O port and the related combined
MemoryRegion. (NB: all boards in the tree that use the I/O port mapped
flavor opt for the combined mapping; that is, when the data port overlays
the high address byte of the selector port. Therefore we can drop the
capability to map those I/O ports separately.)

TYPE_FW_CFG_MEM incorporates the base addresses for the MMIO selector and
data registers, and their respective MemoryRegions.

The "realize" and "props" class members are specific to each new derived
class, and become unused for the base class. The base class retains the
"reset" member and the "vmsd" member, because the reset functionality and
the set of migrated data are not specific to the mapping.

The new functions fw_cfg_init_io() and fw_cfg_init_mem() expose the
possible mappings in separation. For now fw_cfg_init() is retained as a
compatibility shim that enforces the above assumptions.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:13:10 +00:00
Fabian Aggeler
c0ccb02db4 target-arm: add cpu feature EL3 to CPUs with Security Extensions
Set ARM_FEATURE_EL3 feature for CPUs that implement Security Extensions.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-16-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:28 +00:00
Greg Bellows
61e2f3521c target-arm: Disable EL3 on unsupported machines
Disables the CPU ARM_FEATURE_EL3 featuere on machine models that can be
configured to use Cortex-A9, Cortex-A15, and ARM1176 but don't officially
support EL3.  This preserves backwards compatibility.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-15-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:28 +00:00
Greg Bellows
223a72f117 target-arm: Breakout integratorcp and versatilepb cpu init
This commit changes the integratorcp and versatilepb CPU initialization from
using the generic ARM cpu_arm_init function to doing it inline.  This is
necessary in order to allow CPU configuration changes to occur between CPU
instance initialization and realization.  Specifically, this change is in
preparation for disabling CPU EL3 support.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-14-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:28 +00:00
Greg Bellows
e5a5604f8f target-arm: Set CPU has_el3 prop during virt init
Adds setting of the CPU has_el3 property based on the virt machine
secure state property during initialization.  This enables/disables EL3
state during start-up.  Changes include adding an additional secure state
boolean during virt CPU initialization.  Also disables the ARM secure boot
by default.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418684992-8996-13-git-send-email-greg.bellows@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:28 +00:00
Greg Bellows
12d027f132 target-arm: Enable CPU has_el3 prop during VE init
Adds setting of the CPU has_el3 property based on the vexpress machine
secure state property during initialization.  This enables/disables EL3
state during start-up.  Changes include adding an additional secure state
boolean during vexpress CPU initialization.  Also enables the ARM secure boot
by default.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418684992-8996-12-git-send-email-greg.bellows@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:28 +00:00
Greg Bellows
c8e829b7bf target-arm: Add arm_boot_info secure_boot control
Adds the secure_boot boolean field to the arm_boot_info descriptor.  This
fields is used to indicate whether Linux should boot into secure or non-secure
state if the ARM EL3 feature is enabled.  The default is to leave the CPU in an
unaltered reset state.  On EL3 enabled systems, the reset state is secure and
can be overridden by setting the added field to false.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-11-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:28 +00:00
Greg Bellows
51942aee3c target-arm: Add ARMCPU secure property
Added a "has_el3" state property to the ARMCPU descriptor.  This property
indicates whether the ARMCPU has security extensions enabled (EL3) or not.
By default it is disabled at this time.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-10-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:28 +00:00
Greg Bellows
08828484a5 target-arm: Add feature unset function
Add an unset_feature() function to compliment the set_feature() function.  This
will be used to disable functions after they have been enabled during
initialization.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-9-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:28 +00:00
Greg Bellows
083a58906c target-arm: Add virt machine secure property
Add "secure" virt machine specific property to allow override of the
default secure state configuration.  By default, when using the QEMU
-kernel command line argument, virt machines boot into NS/SVC.  When using
the QEMU -bios command line argument, virt machines boot into S/SVC.

The secure state can be changed from the default specifying the secure
state as a machine property.  For example, the below command line would disable
security extensions on a -kernel Linux boot:

    aarch64-softmmu/qemu-system-aarch64
        -machine type=virt,secure=off
        -kernel ...

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-8-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:28 +00:00
Greg Bellows
c29196904b target-arm: Add virt class and machine types
Switch virt qemu machine support to use the newer object type, class, and
instance model.  Added virt TypeInfo with static registration along with virt
specific class and machine structs.  Also added virt class initialization
method.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-7-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:28 +00:00
Greg Bellows
e364bab69b target-arm: Change vexpress daughterboard init arg
Change the Vexpress daughterboard initialization method to take a vexpress
machine state pointer instead of the daughterboard struct pointer.  The machine
state now contains the daughterboard pointer.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-6-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:27 +00:00
Greg Bellows
4902192432 target-arm: Add vexpress machine secure property
Add "secure" Vexpress machine specific property to allow override of the
default secure state configuration.  By default, when using the QEMU
-kernel command line argument, Vexpress machines boot into NS/SVC.  When using
the QEMU -bios command line argument, Vexpress machines boot into S/SVC.

The secure state can be changed from the default specifying the secure
state as a machine property.  For example, the below command line would disable
security extensions on a -kernel Linux boot:

    aarch64-softmmu/qemu-system-aarch64
        -machine type=vexpress-a15,secure=off
        -kernel ...

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-5-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:27 +00:00
Greg Bellows
af7c9f34b1 target-arm: Switch to common vexpress machine init
Switched the Vexpress machine initialization to use the common function with
the machine pointer to board info.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-4-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:27 +00:00
Greg Bellows
9ee00ba831 target-arm: Add vexpress a9 & a15 machine objects
Add Vexpress machine objects for the the Cortex A9 & A15 variants.  The older
style QEMUMachine types were replaced with dedicated TypeInfo objects. The new
objects include dedicated class init functions that currently ustilze dedicated
machine init methods.  The previous qemu_register_machine calls were replaced
with the newer type_register_status calls.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-3-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:27 +00:00
Greg Bellows
7eb1dc7f0b target-arm: Add vexpress class and machine types
Adds base Vexpress class and machine objects and infrastructure.  This is in
preparation for switching to the full QEMU object model.  The base vexpress
infrastructure is intended to handle common vexpress details.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-2-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:27 +00:00
Marcel Apfelbaum
52eb3dfd7d vl.c: add HMP help to machine
The help is based on the actual machine properties
exposing only the relevant options.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418217570-15517-4-git-send-email-marcel.a@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:27 +00:00
Marcel Apfelbaum
2e16898a61 vl.c: simplified machine_set_property
Refactored the code to re-use object_property_parse.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418217570-15517-3-git-send-email-marcel.a@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:27 +00:00
Marcel Apfelbaum
49d2e648e8 machine: remove qemu_machine_opts global list
QEMU has support for options per machine, keeping
a global list of options is no longer necessary.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418217570-15517-2-git-send-email-marcel.a@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:27 +00:00
Greg Bellows
60fb1a87b4 target-arm: Merge EL3 CP15 register lists
Merge of the v8_el2_cp_reginfo and el3_cp_reginfo ARMCPRegInfo lists.
Previously, some EL3 registers were restricted to the ARMv8 list under the
impression that they were not needed on ARMv7.  However, this is not the case
as the ARMv7/32-bit variants rely on the ARMv8/64-bit variants to handle
migration and reset.  For this reason they must always exist.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418406450-14961-1-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 23:12:27 +00:00
Peter Maydell
b28fb27b5e audio: Don't free hw resources until after hw backend is stopped
When stopping an audio voice, call the audio backend's fini
method before calling audio_pcm_hw_free_resources_ rather than
afterwards. This allows backends which use helper threads (like
pulseaudio) to terminate those threads before the conv_buf or
mix_buf are freed and avoids race conditions where the helper
may access a NULL pointer or freed memory.

Cc: qemu-stable@nongnu.org
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418406239-9838-1-git-send-email-peter.maydell@linaro.org
2014-12-22 23:12:25 +00:00
Alex Williamson
dcbfc5cefb vfio: Cleanup error_report()s
With the conversion to tracepoints, a couple previous DPRINTKs are
now quite a bit more visible and are really just informational.
Remove these and add a bit more description to another.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-22 10:37:27 -07:00
Eric Auger
e2c7d025ad hw/vfio: create common module
A new common module is created. It implements all functions
that have no device specificity (PCI, Platform).

This patch only consists in move (no functional changes)

Signed-off-by: Kim Phillips <kim.phillips@linaro.org>
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-22 09:54:51 -07:00
Eric Auger
df92ee4448 hw/vfio/pci: use name field in format strings
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-22 09:54:49 -07:00
Eric Auger
62356b7292 hw/vfio/pci: rename group_list into vfio_group_list
better fit in the rest of the namespace

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-22 09:54:46 -07:00
Eric Auger
d13dd2d7a9 hw/vfio/pci: split vfio_get_device
vfio_get_device now takes a VFIODevice as argument. The function is split
into 2 parts: vfio_get_device which is generic and vfio_populate_device
which is bus specific.

3 new fields are introduced in VFIODevice to store dev_info.

vfio_put_base_device is created.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-22 09:54:38 -07:00
Eric Auger
a664477db8 hw/vfio/pci: Introduce VFIORegion
This structure is going to be shared by VFIOPCIDevice and
VFIOPlatformDevice. VFIOBAR includes it.

vfio_eoi becomes an ops of VFIODevice specialized by parent device.
This makes possible to transform vfio_bar_write/read into generic
vfio_region_write/read that will be used by VFIOPlatformDevice too.

vfio_mmap_bar becomes vfio_map_region

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-22 09:54:37 -07:00
Eric Auger
b47d8efa9f hw/vfio/pci: handle reset at VFIODevice
Since we can potentially have both PCI and platform devices in
the same VFIO group, this latter now owns a list of VFIODevices.
A unified reset handler, vfio_reset_handler, is registered, looping
through this VFIODevice list. 2 specialized operations are introduced
(vfio_compute_needs_reset and vfio_hot_reset_multi): they allow to
implement type specific behavior. also reset_works and needs_reset
VFIOPCIDevice fields are moved into VFIODevice.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-22 09:54:35 -07:00
Eric Auger
462037c9e8 hw/vfio/pci: add type, name and group fields in VFIODevice
Add 3 new fields in the VFIODevice struct. Type is set to
VFIO_DEVICE_TYPE_PCI. The type enum value will later be used
to discriminate between VFIO PCI and platform devices. The name is
set to domain🚌slot:function. Currently used to test whether
the device already is attached to the group. Later on, the name
will be used to simplify all traces. The group is simply moved
from VFIOPCIDevice to VFIODevice.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
[Fix g_strdup_printf() usage]
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-22 09:54:31 -07:00
Peter Maydell
7e58e2ac77 Merge remote-tracking branch 'remotes/gonglei/tags/bootdevice-next-20141222' into staging
bootdevice: Refactor and improvement

# gpg: Signature made Mon 22 Dec 2014 06:44:08 GMT using RSA key ID DDE30FBB
# gpg: Can't check signature: public key not found

* remotes/gonglei/tags/bootdevice-next-20141222:
  bootdevice: add Error **errp argument for QEMUBootSetHandler
  bootdevice: add validate check for qemu_boot_set()
  bootdevice: add Error **errp argument for qemu_boot_set()
  bootdevice: add Error **errp argument for validate_bootdevices()
  bootdevice: move code about bootorder from vl.c to bootdevice.c

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 14:52:52 +00:00
Peter Maydell
7db96d6cf8 Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-20141221' into staging
TriCore RR, RR1 insn added and several bug fixes

# gpg: Signature made Sun 21 Dec 2014 18:39:11 GMT using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"

* remotes/bkoppelmann/tags/pull-tricore-20141221:
  target-tricore: Add instructions of RR1 opcode format, that have 0xb3 as first opcode
  target-tricore: Fix MFCR/MTCR insn and B format offset.
  target-tricore: Add missing 1.6 insn of BOL opcode format
  target-tricore: Add instructions of RR opcode format, that have 0x4b as the first opcode
  target-tricore: Add instructions of RR opcode format, that have 0x1 as the first opcode
  target-tricore: Add instructions of RR opcode format, that have 0xf as the first opcode
  target-tricore: Add instructions of RR opcode format, that have 0xb as the first opcode
  target-tricore: Change SSOV/SUOV makro name to SSOV32/SUOV32
  target-tricore: Fix mask handling JNZ.T being 7 bit long
  target-tricore: pretty-print register dump and show more status registers
  target-tricore: add missing 64-bit MOV in RLC format
  target-tricore: typo in BOL format
  target-tricore: fix offset masking in BOL format

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-22 13:15:52 +00:00
Gonglei
ddcd55316f bootdevice: add Error **errp argument for QEMUBootSetHandler
It will be useful for checking when we change traditional
boot order dynamically and propagate error message
to the monitor.
For x86 architecture, we pass &local_err to set_boot_dev()
when vm startup in pc_coms_init().

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2014-12-22 14:39:21 +08:00
Gonglei
3b08098b40 bootdevice: add validate check for qemu_boot_set()
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2014-12-22 14:39:21 +08:00
Gonglei
f1839938b0 bootdevice: add Error **errp argument for qemu_boot_set()
It will be useful for checking when we change traditional
boot order dynamically and propagate error message
to the monitor.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2014-12-22 14:39:20 +08:00
Gonglei
703008e81a bootdevice: add Error **errp argument for validate_bootdevices()
It will be useful for checking when we change traditional
boot order dynamically and propagate error message
to the monitor.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2014-12-22 14:39:20 +08:00
Gonglei
9816833d3b bootdevice: move code about bootorder from vl.c to bootdevice.c
First, we can downsize vl.c, make it simpler by
little and little. Second, I can maintain those code
and make some improvement.

Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2014-12-22 14:39:20 +08:00
Peter Maydell
c95f3901b4 Merge remote-tracking branch 'remotes/kraxel/tags/pull-sdl-20141219-1' into staging
sdl2: fixes, cleanups and opengl preparation.

# gpg: Signature made Fri 19 Dec 2014 09:06:07 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-sdl-20141219-1:
  sdl2: Work around SDL2 SDL_ShowWindow() bug
  sdl2: Use correct sdl2_console for window events
  sdl2: move sdl2_2d_refresh to sdl2-2d.c
  sdl2: factor out sdl2_poll_events
  sdl2: add+use sdl2_2d_redraw function.
  sdl2: move sdl_switch to sdl2-2d.c
  sdl2: overhaul window size handling
  sdl2: move sdl_update to new sdl2-2d.c
  sdl2: turn on keyboard grabs
  sdl2: move keyboard input code to new sdl2-input.c
  sdl2: rename sdl2_state to sdl2_console, move to header file
  sdl: move version logic from source code to makefile

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-21 23:17:00 +00:00
Bastian Koppelmann
9655b9328a target-tricore: Add instructions of RR1 opcode format, that have 0xb3 as first opcode
Add instructions of RR1 opcode format, that have 0xb3 as first opcode.
Add helper functions mulh, mulmh and mulrh, that compute multiplication,
with multiprecision (mulmh) or rounding (mulrh) of 4 halfwords, being either low or high parts
of two 32 bit regs.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-21 18:35:49 +00:00
Bastian Koppelmann
436d63ff3e target-tricore: Fix MFCR/MTCR insn and B format offset.
Fix gen_mtcr using wrong register.
Fix gen_mtcr/mfcr using sign extended offsets.
Fix B format insn using not sign extendend offsets.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-21 18:35:38 +00:00
Bastian Koppelmann
b5fd8fa345 target-tricore: Add missing 1.6 insn of BOL opcode format
Some of the 1.6 ISA instructions were still missing. So let's add them.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-21 18:35:28 +00:00
Bastian Koppelmann
e2bed107c6 target-tricore: Add instructions of RR opcode format, that have 0x4b as the first opcode
Add instructions of RR opcode format, that have 0x4b as the first opcode.
Add helper functions:
    * parity: Calculates the parity bits for every byte of a 32 int.
    * bmerge/bsplit: Merges two regs into one bitwise/Splits one reg into two bitwise.
    * unpack: unpack a IEEE 754 single precision floating point number as exponent and mantissa.
    * dvinit_b_13/131: (ISA v1.3/v1.31)Prepare operands for a divide operation,
                       where the quotient result is guaranteed to fit into 8 bit.
    * dvinit_h_13/131: (ISA v1.3/v1.31)Prepare operands for a divide operation,
                       where the quotient result is guaranteed to fit into 16 bit.
OPCM_32_RR_FLOAT -> OPCM_32_RR_DIVIDE.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-21 18:35:16 +00:00
Bastian Koppelmann
f2f1585f60 target-tricore: Add instructions of RR opcode format, that have 0x1 as the first opcode
Add instructions of RR opcode format, that have 0x1 as the first opcode.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-21 18:35:00 +00:00
Bastian Koppelmann
0b79a78169 target-tricore: Add instructions of RR opcode format, that have 0xf as the first opcode
Add instructions of RR opcode format, that have 0xf as the first opcode.
Add helper functions:
    * clo/z/s: Counts leading ones/zeros/signs.
    * clo/z/s_h: Count leading ones/zeros/signs in two haflwords.
    * sh/_h: Shifts one/two word/hwords.
    * sha/_h: Shifts one/two word/hwords arithmeticly.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-21 18:34:48 +00:00
Bastian Koppelmann
d5de7839d7 target-tricore: Add instructions of RR opcode format, that have 0xb as the first opcode
Add instructions of RR opcode format, that have 0xb as the first opcode.
Add helper functions, for hword and byte arithmetics:
    * add_h_ssov/suov: Add two halfword and saturate on overflow.
    * sub_h_ssov/suov: Sub two halfword and saturate on overflow.
    * absdif_h_ssov: Compute absolute difference for halfwords and saturate on overflow.
    * abs_h_ssov/suov: Compute absolute value for two halfwords and saturate on overflow.
    * abs_b/h: Compute absolute value for four/two bytes/halfwords
    * absdif_b/h: Compute absolute difference for four/two bytes/halfwords
    * add_b/h: Add four/two bytes/halfwords.
    * sub_b/h: Sub four/two bytes/halfwords.
    * eq_b/h: Compare four/two bytes/halfwords with four/two bytes/halfwords on
              equality and set all bits of to either one ore zero.
    * eqany_b/h: Compare four/two bytes/halfwords with four/two bytes/halfwords on equality.
    * lt_b/bu/h/hu: Compare four/two bytes/halfwords with four/two bytes/halfwords
                    on less than signed and unsigned.
    * max_b/bu/h/hu: Calculate max for four/two bytes/halfwords signed and unsigned.
    * min_b/bu/h/hu: Calculate min for four/two bytes/halfwords signed and unsigned.
Add helper function abs_ssov, that computes the absolute value for a 32 bit integer and saturates on overflow.
Add microcode generator functions:
    * gen_sub_CC: Caluclates sub and sets the carry bit.
    * gen_subc_CC: Caluclates sub and carry and sets the carry bit
    * gen_abs: Compute absolute value for a 32 bit integer.
    * gen_cond_w: Compares two 32 bit values on cond and sets result either zero or all bits one.

OPC2_32_RR_MIN switched with OPC2_32_RR_MIN_U.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-21 18:34:34 +00:00
Bastian Koppelmann
e4e3917630 target-tricore: Change SSOV/SUOV makro name to SSOV32/SUOV32
Those makros are exclusively used for 32 bit arithmetics and won't work for
16 bit with two halfwords. So lets get rid of the len parameter and make them
always use 32 bit. Now no token pasting is needed anymore and they can be
regular functions.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-21 18:34:22 +00:00
Bastian Koppelmann
7f13420ec0 target-tricore: Fix mask handling JNZ.T being 7 bit long
The mask is actually 7 bit long, instead of 6, so the expression checking
for JNZ.T is always false. Let's make the mask 1 bit wider.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2014-12-21 18:34:05 +00:00
Alex Zuepke
45820fccaf target-tricore: pretty-print register dump and show more status registers
Now using psw_read() to retrieve the status bits correctly.

Signed-off-by: Alex Zuepke <alexander.zuepke@hs-rm.de>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2014-12-21 18:33:29 +00:00
Alex Zuepke
4b5b443576 target-tricore: add missing 64-bit MOV in RLC format
Signed-off-by: Alex Zuepke <alexander.zuepke@hs-rm.de>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2014-12-21 18:32:27 +00:00
Alex Zuepke
af715d9802 target-tricore: typo in BOL format
Signed-off-by: Alex Zuepke <alexander.zuepke@hs-rm.de>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2014-12-21 18:32:16 +00:00
Alex Zuepke
781b717c50 target-tricore: fix offset masking in BOL format
Signed-off-by: Alex Zuepke <alexander.zuepke@hs-rm.de>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2014-12-21 18:32:03 +00:00
Peter Maydell
328b3b6c44 Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
# gpg: Signature made Fri 19 Dec 2014 13:18:18 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/net-pull-request:
  e1000: defer packets until BM enabled
  net: Use g_new() & friends where that makes obvious sense
  net: Fuse g_malloc(); memset() into g_new0()
  net: don't use set/get_pointer() in set/get_netdev()
  tap: fix vcpu long time io blocking on tap

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-20 22:04:13 +00:00
Peter Maydell
c4e7c17a8e Merge remote-tracking branch 'remotes/kraxel/tags/pull-roms-20141217-1' into staging
update ipxe from 69313ed to 35c5379

# gpg: Signature made Wed 17 Dec 2014 14:45:04 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-roms-20141217-1:
  update ipxe from 69313ed to 35c5379

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-20 21:28:53 +00:00
Paolo Bonzini
adee64249e exec: change default exception_index value for migration to -1
In QEMU 2.2 the exception_index value was added to the migration stream
through a subsection.  The default was set to 0, which is wrong and
should have been -1.

However, 2.2 does not have commit e511b4d (cpu-exec: reset exception_index
correctly, 2014-11-26), hence in 2.2 the exception_index is never used
and is set to -1 on the next call to cpu_exec.  So we can change the
migration stream to make the default -1.  The effects are:

- 2.2.1 -> 2.2.0: cpu->exception_index set incorrectly to 0 if it
were -1 on the source; then reset to -1 in cpu_exec.  This is TCG
only; KVM does not use exception_index.

- 2.2.0 -> 2.2.1: cpu->exception_index set incorrectly to -1 if it
were 0 on the source; but it would be reset to -1 in cpu_exec anyway.
This is TCG only; KVM does not use exception_index.

- 2.2.1 -> 2.1: two bugs fixed: 1) can migrate backwards if
cpu->exception_index is set to -1; 2) should not migrate backwards
(but 2.2.0 allows it) if cpu->exception_index is set to 0

- 2.2.0 -> 2.3.0: 2.2.0 will send the subsection unnecessarily if
exception_index is -1, but that is not a problem.  2.3.0 will set
cpu->exception_index to -1 if it is 0 on the source, but this would
be anyway a problem for 2.2.0 -> 2.2.x migration (due to lack of
commit e511b4d in 2.2.x) so we can ignore it

- 2.2.1 -> 2.3.0: everything works.

In addition, play it safe and never send the subsection unless TCG
is in use.  KVM does not use exception_index (PPC KVM stores values
in it for use in the subsequent call to ppc_cpu_do_interrupt, but
does not need it as soon as kvm_handle_debug returns).  Xen and
qtest do not run any code for the CPU at all.

Reported-by: Igor Mammedov <imammedo@redhat.com>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Tested-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1418989994-17244-3-git-send-email-pbonzini@redhat.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-20 20:38:07 +00:00
Paolo Bonzini
f9d8f66735 cpu: initialize cpu->exception_index on reset
This unbreaks linux-user (broken by e511b4d, cpu-exec: reset exception_index
correctly, 2014-11-26).

Reported-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Tested-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 1418989994-17244-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-20 20:38:07 +00:00
Eric Auger
5546a621a8 hw/vfio/pci: introduce minimalist VFIODevice with fd
Introduce a new base VFIODevice strcut that will be used by both PCI
and Platform VFIO device. Move VFIOPCIDevice fd field there. Obviously
other fields from VFIOPCIDevice will be moved there but this patch
file is introduced to ease the review.

Also vfio_mask_single_irqindex, vfio_unmask_single_irqindex,
vfio_disable_irqindex now take a VFIODevice handle as argument.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-19 15:24:31 -07:00
Eric Auger
079eb19cbb hw/vfio/pci: generalize mask/unmask to any IRQ index
To prepare for platform device introduction, rename vfio_mask_intx
and vfio_unmask_intx into vfio_mask_single_irqindex and respectively
unmask_single_irqindex. Also use a nex index parameter.

With that name and prototype the function will be usable for other
indexes than VFIO_PCI_INTX_IRQ_INDEX.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-19 15:24:24 -07:00
Eric Auger
9ee27d7381 hw/vfio/pci: Rename VFIODevice into VFIOPCIDevice
This prepares for the introduction of VFIOPlatformDevice

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-19 15:24:15 -07:00
Kim Phillips
cf7087db10 vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio
This is done in preparation for the addition of VFIO platform
device support.

Signed-off-by: Kim Phillips <kim.phillips@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-19 15:24:06 -07:00
Frank Blaschka
c67676711c vfio: fix adding memory listener to the right address space
Depending on the device, container->space->as contains the valid AddressSpace.
Using address_space_memory breaks devices sitting behind an iommu (and using
a separate address space).

Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-19 14:40:06 -07:00
Eric Auger
385f57cf9a vfio: migration to trace points
This patch removes all DPRINTF and replace them by trace points.
A few DPRINTF used in error cases were transformed into error_report.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-12-19 14:40:06 -07:00
Michael S. Tsirkin
20302e71a5 e1000: defer packets until BM enabled
Some guests seem to set BM for e1000 after
enabling RX.
If packets arrive in the window, device is wedged.
Probably works by luck on real hardware, work around
this by making can_receive depend on BM.

Tested-by: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-19 13:17:06 +00:00
Markus Armbruster
58889fe50a net: Use g_new() & friends where that makes obvious sense
g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
for two reasons.  One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

This commit only touches allocations with size arguments of the form
sizeof(T).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-19 13:17:02 +00:00
Markus Armbruster
71e28e3cc2 net: Fuse g_malloc(); memset() into g_new0()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-19 13:17:02 +00:00
Jason Wang
23120b13c6 net: don't use set/get_pointer() in set/get_netdev()
Commit 1ceef9f273 (net: multiqueue
support) tries to use set_pointer() and get_pointer() to set and get
NICPeers which is not a pointer defined in DEFINE_PROP_NETDEV. This
trick works but result a unclean and fragile implementation (e.g
print_netdev and parse_netdev).

This patch solves this issue by not using set/get_pinter() and set and
get netdev directly in set_netdev() and get_netdev(). After this the
parse_netdev() and print_netdev() were no longer used and dropped from
the source.

[Renamed 'err' label to 'out' as suggested by Markus Armbruster.
--Stefan]

Cc: Markus Armbruster <armbru@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-19 13:17:02 +00:00
Wangkai (Kevin,C)
756ae78b27 tap: fix vcpu long time io blocking on tap
[Adjusted doc comment for grammar.
--Stefan]

Signed-off-by: Wangkai <wangkai86@huawei.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-19 11:19:22 +00:00
Peter Maydell
b574f60268 Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20141216-1' into staging
cirrus hwcursor fixes.
set secondary-vga category.

# gpg: Signature made Tue 16 Dec 2014 14:44:09 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vga-20141216-1:
  vga: set catagory bit for secondary vga device
  move hw cursor pos from cirrus to vga
  cirrus: Force use of shadow pixmap when HW cursor is enabled
  vga: Add mechanism to force the use of a shadow surface

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-17 19:22:42 +00:00
Peter Maydell
86b182ac0e Merge remote-tracking branch 'remotes/xtensa/tags/20141217-xtensa' into staging
Xtensa updates for 2.3:

- fix cross-page opcode handling;
- move window overflow exception generation decision to translation phase;
- don't generate dead code after privilege, window overflow or coprocessor
  exception;
- add monitor command 'info opcount' for dumping TCG opcode counters.

# gpg: Signature made Wed 17 Dec 2014 02:57:01 GMT using RSA key ID F83FA044
# gpg: Good signature from "Max Filippov <max.filippov@cogentembedded.com>"
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>"

* remotes/xtensa/tags/20141217-xtensa:
  target-xtensa: don't generate dead code
  target-xtensa: record available window in TB flags
  target-xtensa: test cross-page opcode
  target-xtensa: fix translation for opcodes crossing page boundary
  tcg: add separate monitor command to dump opcode counters

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-17 17:31:26 +00:00
Peter Maydell
84afc4dd56 Merge remote-tracking branch 'remotes/lalrae/tags/mips-20141216' into staging
* remotes/lalrae/tags/mips-20141216: (30 commits)
  target-mips: remove excp_names[] from linux-user as it is unused
  disas/mips: disable unused mips16_to_32_reg_map[]
  disas/mips: remove unused mips_msa_control_names_numeric[32]
  target-mips: convert single case switch into if statement
  target-mips: Fix DisasContext's ulri member initialization
  target-mips: Use local float status pointer across MSA macros
  target-mips: Add missing calls to synchronise SoftFloat status
  linux-user: Use the 5KEf processor for 64-bit emulation
  target-mips: Also apply the CP0.Status mask to MTTC0
  target-mips: gdbstub: Clean up FPU register handling
  target-mips: Correct 32-bit address space wrapping
  target-mips: Tighten ISA level checks
  target-mips: Fix CP0.Config3.ISAOnExc write accesses
  target-mips: Output CP0.Config2-5 in the register dump
  target-mips: Fix the 64-bit case for microMIPS MOVE16 and MOVEP
  target-mips: Correct the writes to Status and Cause registers via gdbstub
  target-mips: Correct the handling of writes to CP0.Status for MIPSr6
  target-mips: Correct MIPS16/microMIPS branch size calculation
  target-mips: Restore the order of helpers
  target-mips: Remove unused `FLOAT_OP' macro
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-17 16:25:21 +00:00
Gerd Hoffmann
c246cee4ee update ipxe from 69313ed to 35c5379
Anton D. Kachalov (1):
      [intel] Add 8086:1557 card (Intel 82599 10G ethernet mezz)

Christian Hesse (1):
      [build] Merge util/geniso and util/genliso

Curtis Larsen (3):
      [efi] Use EFI_CONSOLE_CONTROL_PROTOCOL to set text mode if available
      [efi] Report errors from attempting to disconnect existing drivers
      [efi] Try various possible SNP receive filters

Dale Hamel (1):
      [smbios] Expose board serial number as ${board-serial}

Florian Schmaus (1):
      [build] Set GITVERSION only if there is a git repository

Hannes Reinecke (3):
      [ethernet] Provide eth_random_addr() to generate random Ethernet addresses
      [igbvf] Assign random MAC address if none is set
      [igbvf] Allow changing of MAC address

Jan Kiszka (1):
      [intel] Add I217-LM PCI ID

Marin Hannache (4):
      [nfs] Fix an invalid free() when loading a symlink
      [nfs] Fix an invalid free() when loading a regular (non-symlink) file
      [nfs] Rewrite NFS URI handling
      [readline] Add CTRL-W shortcut to remove a word

Michael Brown (144):
      [profile] Allow interrupts to be excluded from profiling results
      [intel] Exclude time spent in hypervisor from profiling
      [build] Fix version.o dependency upon git index
      [tcp] Defer sending ACKs until all received packets have been processed
      [lkrnprefix] Function as a bzImage kernel
      [build] Avoid errors when build directory is mounted via NFS
      [undi] Apply quota only to number of complete received packets
      [lkrnprefix] Make real-mode setup code relocatable
      [intel] Increase receive ring fill level
      [syslog] Strip invalid characters from hostname
      [test] Add self-tests for strdup()
      [libc] Prevent strndup() from reading beyond the end of the string
      [efi] Allow for optional protocols
      [efi] Make EFI_DEVICE_PATH_TO_TEXT_PROTOCOL optional
      [efi] Make EFI_HII_DATABASE_PROTOCOL optional
      [efi] Do not try to fetch loaded image device path protocol
      [ipv6] Fix definition of IN6_IS_ADDR_LINKLOCAL()
      [dhcpv6] Do not set sin6_scope_id on the unspecified client socket address
      [ipv6] Do not set sin6_scope_id on source address
      [ipv6] Include network device when transcribing multicast addresses
      [ipv6] Avoid potentially copying from a NULL pointer in ipv6_tx()
      [librm] Allow for the PIC interrupt vector offset to be changed
      [ifmgmt] Do not sleep CPU while configuring network devices
      [scsi] Improve sense code parsing
      [iscsi] Read IPv4 settings only from the relevant network device
      [iscsi] Include IP address origin in iBFT
      [debug] Allow debug message colours to be customised via DBGCOL=...
      [build] Expose build timestamp, build name, and product names
      [efi] Allow device paths to be easily included in debug messages
      [efi] Provide a meaningful EFI SNP device name
      [efi] Restructure EFI driver model
      [build] Fix erroneous object name in version object
      [build] Add yet another potential location for isolinux.bin
      [efi] Allow network devices to be created on top of arbitrary SNP devices
      [autoboot] Allow autoboot device to be identified by link-layer address
      [efi] Identify autoboot device by MAC address when chainloading
      [efi] Attempt to start only drivers claiming support for a device
      [efi] Rewrite SNP NIC driver
      [efi] Include SNP NIC driver within the all-drivers target
      [crypto] Add support for iPAddress subject alternative names
      [crypto] Fix debug message
      [netdevice] Reset network device index when last device is unregistered
      [efi] Update EDK2 headers
      [efi] Install our own disk I/O protocol and claim exclusive use of it
      [efi] Allow for interception of boot services calls by loaded image
      [efi] Print well-known GUIDs by name in debug messages
      [efi] Include EFI_CONSOLE_CONTROL_PROTOCOL header
      [ioapi] Fail ioremap() when attempting to map a zero bus address
      [intel] Check for ioremap() failures
      [realtek] Check for ioremap() failures
      [vmxnet3] Check for ioremap() failures
      [skel] Check for ioremap() failures
      [myson] Check for ioremap() failures
      [natsemi] Check for ioremap() failures
      [i386] Add functions to read and write model-specific registers
      [x86_64] Add functions to read and write model-specific registers
      [efi] Show more diagnostic information when building with DEBUG=efi_wrap
      [ioapi] Centralise notion of PAGE_SIZE
      [lotest] Discard packets arriving on the incorrect network device
      [xen] Import selected public headers
      [xen] Add basic support for PV-HVM domains
      [xen] Add support for Xen netfront virtual NICs
      [efi] Default to releasing network devices for use via SNP
      [efi] Unload started images only on failure
      [efi] Fill in loaded image's DeviceHandle if firmware fails to do so
      [efi] Fix incorrect debug message level when device has no device path
      [efi] Report exact failure when unable to open the device path
      [netdevice] Avoid registering duplicate network devices
      [efi] Ignore failures when attempting to install SNP HII protocol
      [efi] Expand the range of well-known EFI GUIDs in debug messages
      [efi] Provide efi_handle_name() for debugging
      [efi] Add ability to dump all openers of a given protocol on a handle
      [efi] Use efi_handle_name() instead of efi_handle_devpath_text()
      [efi] Use efi_handle_name() instead of efi_devpath_text() where applicable
      [efi] Allow compiler to perform type checks on EFI_HANDLE
      [efi] Avoid unnecessarily passing pointers to EFI_HANDLEs
      [efi] Dump existing openers when we are unable to open a protocol
      [efi] Dump handle information around connect/disconnect attempts
      [efi] Improve debugging of the debugging facilities
      [efi] Add excessive sanity checks into efi_debug functions
      [efi] Also try original ComponentName protocol for retrieving driver names
      [efi] Print raw device path when we have no DevicePathToTextProtocol
      [efi] Add ability to dump SNP device mode information
      [efi] Reset multicast filter list when setting SNP receive filters
      [efi] Provide centralised definitions of commonly-used GUIDs
      [efi] Open device path protocol only at point of use
      [efi] Move abstract device path and handle functions to efi_utils.c
      [efi] Generalise snpnet_pci_info() to efi_locate_device()
      [bios] Support displaying and hiding cursor
      [efi] Support displaying and hiding cursor
      [readline] Ensure cursor is visible when prompting for input
      [xen] Accept alternative Xen platform PCI device ID 5853:0002
      [xen] Use version 1 grant tables by default
      [xen] Cope with unexpected initial backend states
      [smc9000] Avoid using CONFIG as a preprocessor macro
      [build] Allow for named configurations at build time
      [intel] Display PBS value when applying ICH errata workaround
      [intel] Display before and after values for both PBS and PBA
      [intel] Apply PBS/PBA errata workaround only to ICH8 PCI device IDs
      [efi] Add definitions of GUIDs observed during Windows boot
      [efi] Dump details of any calls to our dummy block and disk I/O protocols
      [romprefix] Do not preserve unused register %di
      [build] Remove obsolete references to .zrom build targets
      [build] Allow ISA ROMs to be built
      [build] Avoid deleting config header files if build is interrupted
      [prefix] Halt system without burning CPU if we cannot access the payload
      [prefix] Report both %esi and %ecx when opening payload fails
      [util] Use PCI length field to obtain length of individual images
      [mromprefix] Use PCI length field to obtain length of individual images
      [mromprefix] Allow for .mrom images larger than 128kB
      [efi] Show details of intercepted LoadImage() calls
      [efi] Make our virtual file system case insensitive
      [efi] Wrap any images loaded by our wrapped image
      [efi] Use the SNP protocol instance to match the SNP chainloading device
      [efi] Avoid returning uninitialised data from PCI configuration space reads
      [efi] Make EFI_PCI_ROOT_BRIDGE_IO_PROTOCOL optional
      [efi] Allow for non-PCI snpnet devices
      [build] Clean up all binary directories on "make [very]clean"
      [efi] Add efifatbin utility
      [efi] Provide dummy device path in efi_image_probe()
      [dhcp] Check for matching chaddr in received DHCP packets
      [dhcp] Remove obsolete dhcp_chaddr() function
      [build] Use -malign-double to build 32-bit UEFI binaries
      [efi] Centralise definitions of more protocol GUIDs
      [efi] Add definitions of GUIDs observed when chainloading from Intel driver
      [efi] Free transmit ring entry before calling netdev_tx_complete()
      [efi] Generalise snpnet_dev_info() to efi_device_info()
      [efi] Update to current EDK2 headers
      [efi] Add NII / UNDI driver
      [efi] Check for presence of UNDI in NII protocol
      [efi] Include NII driver within "snp" and "snponly" build targets
      [ping] Report timed-out pings via the callback function
      [ping] Allow termination after a specified number of packets
      [ping] Allow "ping" command output to be inhibited
      [intel] Use autoloaded MAC address instead of EEPROM MAC address
      [crypto] Fix parsing of OCSP responder ID key hash
      [vmxnet3] Add profiling code to exclude time spent in the hypervisor
      [netdevice] Fix erroneous use of free(iobuf) instead of free_iob(iobuf)
      [libc] Add ASSERTED macro to test if any assertion has triggered
      [list] Add sanity checks after list-adding functions
      [malloc] Tidy up debug output
      [malloc] Sanity check parameters to alloc_memblock() and free_memblock()
      [malloc] Check integrity of free list
      [malloc] Report caller address as soon as memory corruption is detected

Peter Lemenkov (1):
      [build] Check if git index actually exists

Robin Smidsrød (2):
      [build] Add named configuration for VirtualBox
      [build] Avoid using embedded script in VirtualBox named configuration

Sven Ulland (1):
      [lacp] Set "aggregatable" flag in response LACPDU

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-17 14:11:39 +01:00
Max Reitz
d3f3a0f453 sdl2: Work around SDL2 SDL_ShowWindow() bug
Apparently it is possible for X to send an event to a hidden SDL2
window, leading to SDL2 believing it is now shown. SDL2 will pass the
SDL_WINDOWEVENT_SHOWN message to the application without actually
showing the window; the problem is that the next SDL_ShowWindow() will
be a no-op because SDL2 assumes the window is already shown.

The correct way to react to SDL_WINDOWEVENT_SHOWN would be to clear
scon->hidden (analogous for SDL_WINDOWEVENT_HIDDEN). However, due to the
window not actually being shown, this will somehow not be correct after
all.

Therefore, just hide the window on SDL_WINDOWEVENT_SHOWN if it is
supposed to be hidden (and analogous for SDL_WINDOWEVENT_HIDDEN).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-17 12:44:01 +01:00
Max Reitz
1dfc5c8808 sdl2: Use correct sdl2_console for window events
SDL_PollEvent() polls events for all windows; therefore,
sdl2_poll_events() will poll the events for all windows and not only for
the one identified by the given sdl2_console.

This should be considered in handle_windowevent(): The window affected
by the event is not necessarily the one identified by the sdl2_console
object given to sdl2_poll_events(), but the one identified by
ev->window.windowID.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-17 12:44:01 +01:00
Gerd Hoffmann
62959ffe45 sdl2: move sdl2_2d_refresh to sdl2-2d.c
Now that common event handling code is split off, we can move
over sdl_refresh to sdl2-2d.c, and rename it to sdl2_2d_refresh.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-12-17 12:44:01 +01:00
Gerd Hoffmann
63ed4907cb sdl2: factor out sdl2_poll_events
Create a new function to poll and handle sdl2 events,
which is then just called from the refresh timer.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-12-17 12:44:01 +01:00
Gerd Hoffmann
0d01b7ce61 sdl2: add+use sdl2_2d_redraw function.
Add a new sdl2_2d_redraw function for a complete screen refresh,
so we can stop using graphic_hw_invalidate for that.  There is
no need to bother console / gfx emulation code if we are just
going to re-blit the screen after window resizes.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-12-17 12:44:01 +01:00
Gerd Hoffmann
2c3056f182 sdl2: move sdl_switch to sdl2-2d.c
Move sdl_switch to sdl2-2d.c file, rename to sdl2_2d_switch.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-12-17 12:44:01 +01:00
Gerd Hoffmann
46522a8223 sdl2: overhaul window size handling
Split do_sdl_resize function (which does alot more than just resizing)
into three: sdl2_window_{create,destroy,resize}.

Fix SDL_Renderer handling: must be guest display size not host window
size, and SDL2 will magically handle all scaling for us.

Make fullscreen actually enter fullscreen mode and simplify the code.
There is no need to store the original window size, the window manager
will do that for us.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-12-17 12:44:01 +01:00
Gerd Hoffmann
f1ddebd865 sdl2: move sdl_update to new sdl2-2d.c
Create new sdl2-2d file for 2d display rendering.
Move over sdl_update code, and rename to sdl2_2d_update.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-12-17 12:44:01 +01:00
Gerd Hoffmann
44f017d03e sdl2: turn on keyboard grabs
Makes quite some keys actually go to the guest instead of
being captured by the host window manager.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-12-17 12:43:55 +01:00
Gerd Hoffmann
8fc1a3f58f sdl2: move keyboard input code to new sdl2-input.c
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-12-17 12:43:27 +01:00
Gerd Hoffmann
5d0fe65078 sdl2: rename sdl2_state to sdl2_console, move to header file
Create sdl2.h header file, in preparation for sdl2 code splitup.
Populate it with sdl2_console struct (renamed from sdl2_state).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-12-17 12:43:00 +01:00
Max Filippov
97e89ee914 target-xtensa: don't generate dead code
Don't generate TCG operations when privilege, register window or
coprocessor checks fail.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-17 05:49:32 +03:00
Max Filippov
2db59a76c4 target-xtensa: record available window in TB flags
Record last valid 4-register window pane number in TB flags so that a
window overflow exception throw point is known at the translation time.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-17 05:49:32 +03:00
Max Filippov
85d36377e4 target-xtensa: test cross-page opcode
Alter cross-page TB test to also test cross-page opcode.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2014-12-17 05:49:32 +03:00
Max Filippov
01673a3401 target-xtensa: fix translation for opcodes crossing page boundary
If TB ends with an opcode that crosses page boundary and the following
page is not executable then EPC1 for the code fetch exception wrongly
points at the beginning of the TB. Always treat instruction that crosses
page boundary as a separate TB.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2014-12-17 05:49:32 +03:00
Max Filippov
246ae24d7d tcg: add separate monitor command to dump opcode counters
Currently 'info jit' outputs half of the information to monitor and the
rest to qemu log. Dumping opcode counts to monitor as a part of 'info
jit' command doesn't sound useful. Add new monitor command 'info
opcount' that only dumps opcode counters.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2014-12-17 05:49:32 +03:00
Antony Pavlov
339aaf5b7f qemu-log: add log category for MMU info
Running barebox on qemu-system-mips* with '-d unimp' overloads
stderr by very very many mips_cpu_handle_mmu_fault() messages:

  mips_cpu_handle_mmu_fault address=b80003fd ret 0 physical 00000000180003fd prot 3
  mips_cpu_handle_mmu_fault address=a0800884 ret 0 physical 0000000000800884 prot 3
  mips_cpu_handle_mmu_fault pc a080cd80 ad b80003fd rw 0 mmu_idx 0

So it's very difficult to find LOG_UNIMP message.

The mips_cpu_handle_mmu_fault() messages appear on enabling ANY
logging! It's not very handy.

Adding separate log category for *_cpu_handle_mmu_fault()
logging fixes the problem.

Signed-off-by: Antony Pavlov <antonynpavlov@gmail.com>
Acked-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1418489298-1184-1-git-send-email-antonynpavlov@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-16 18:43:19 +00:00
Peter Maydell
d86fb03469 Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20141216-1' into staging
misc spice updates.

# gpg: Signature made Tue 16 Dec 2014 14:03:07 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/spice/tags/pull-spice-20141216-1:
  spice: fix memory leak
  spice: remove spice-experimental.h include
  spice: do not require TCP ports
  spice: rework mirror allocation, add no-resize fast path
  spice: reduce refresh rate in native mode
  spice: use bottom half instead of refresh timer for cursor updates

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-16 16:52:42 +00:00
Peter Maydell
4db753b1ac Merge remote-tracking branch 'remotes/amit-migration/tags/for-2.3-2' into staging
Migration pull for 2.3.  Mostly moving the code to the migration/
directory, and updating MAINTAINERS.

I've also folded my other MAINTAINERS update patches into this, as
they're small by themselves.

# gpg: Signature made Tue 16 Dec 2014 12:21:24 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit-migration/tags/for-2.3-2:
  MAINTAINERS: Update for migrated migration code
  Split the QEMU buffered file code out
  Split struct QEMUFile out
  Remove migration- pre/post fixes off files in migration/ dir
  Start migrating migration code into a migration directory
  qmp-command.hx: add missing docs for migration capabilites
  cpu: verify that block->host is set
  cpu: assert host pointer offset within block
  exec: add wrapper for host pointer access
  MAINTAINERS: add include files to virtio-serial entry
  MAINTAINERS: add entry for virtio-rng
  MAINTAINERS: migration: add vmstate static checker files
  MAINTAINERS: Add myself to migration maintainers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-16 14:53:23 +00:00
Gonglei
46817e86fc vga: set catagory bit for secondary vga device
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-16 15:14:42 +01:00
Gerd Hoffmann
22382bb96c move hw cursor pos from cirrus to vga 2014-12-16 15:14:42 +01:00
Benjamin Herrenschmidt
b9fd11b867 cirrus: Force use of shadow pixmap when HW cursor is enabled
The HW cursor cannot be painted on a shared surface. This fixes HW
cursor display in Windows NT 4.0 and Windows 98.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-16 15:14:42 +01:00
Benjamin Herrenschmidt
5508099397 vga: Add mechanism to force the use of a shadow surface
This prevents surface sharing which will be necessary to
fix cirrus HW cursor support.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-16 15:14:42 +01:00
Gonglei
a41642708a spice: fix memory leak
If errors happen for middle items of channel_list,
qmp_query_spice_channels() returns NULL, and the variable
cur_item going out of scope leaks the storage it points to.

The flag is a compatibility thing for older spice-server
versions. Meanwhile our minimum spice version requirement is
new enough that we should never ever see this error, and if we
do something went very seriously wrong. Let's using assert()
instead of returning NULL to avoid a memory leak.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-16 14:15:29 +01:00
Marc-André Lureau
e0883e2de0 spice: remove spice-experimental.h include
Nothing seems to be using functions from spice-experimental.h (better
that way). Let's remove its inclusion.

Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-16 14:15:29 +01:00
Marc-André Lureau
cf7856adef spice: do not require TCP ports
It is possible to use Spice server without TCP port.  On local VM,
qemu (and libvirt) can add new clients thanks to QMP add_client command.

Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-16 14:15:29 +01:00
Gerd Hoffmann
555e72f2d0 spice: rework mirror allocation, add no-resize fast path
Add fast path to qemu_spice_display_switch in case old and new
displaysurface have identical size (happens with display panning
and page flipping).  We just swap the backing store then and don't
go through the whole process of deleting and creating the primary
surface.

To simplify the code a bit move mirror surface allocation to
qemu_spice_display_switch().

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-16 14:15:29 +01:00
Gerd Hoffmann
3dcadce507 spice: reduce refresh rate in native mode
Now that cursor updates are out of the way qxl needs the refresh timer
only when when running in vga mode, for dirty bitmap checking.  In
native qxl mode the guest will notify us, so we don't need to poll and
can use the idle interval (one refresh wakeup every few seconds).

Cc: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-16 14:15:29 +01:00
Gerd Hoffmann
0b2824e5e4 spice: use bottom half instead of refresh timer for cursor updates
Calling directly doesn't work due to the qxl-render code running in
spice server thread context.  Meanwhile bottom half scheduling is
thread-safe though, so we can use that to kick a cursor update in
main i/o thread context.

Cc: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-16 14:15:29 +01:00
Gerd Hoffmann
d29c431edc sdl: move version logic from source code to makefile
Compile sdl.c / sdl2.c depending on CONFIG_SDLABI instead of
compiling both and have version #ifdefs in the source code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-12-16 14:15:27 +01:00
Leon Alrae
d4fa5354a2 target-mips: remove excp_names[] from linux-user as it is unused
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-16 12:45:20 +00:00
Leon Alrae
8ef3915263 disas/mips: disable unused mips16_to_32_reg_map[]
This array is used by print_mips16_insn_arg() which is guarded by #if 0.
Therefore doing the same with the array as it generates clang warnings.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Leon Alrae
8e5f757044 disas/mips: remove unused mips_msa_control_names_numeric[32]
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-16 12:45:20 +00:00
Leon Alrae
00fb4a1181 target-mips: convert single case switch into if statement
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
66991d1103 target-mips: Fix DisasContext's ulri member initialization
Set DisasContext's ulri member to 0 or 1 as with other bool members.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
1a4d570017 target-mips: Use local float status pointer across MSA macros
Reduce line wrapping throughout MSA helper macros by using a local float
status pointer rather than referring to the float status through the
environment each time.  No functional change.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
bb962386b8 target-mips: Add missing calls to synchronise SoftFloat status
Add missing calls to synchronise the SoftFloat status with the CP1.FSCR:

+ for the rounding and flush-to-zero modes upon processor reset,

+ for the flush-to-zero mode on FSCR updates through the GDB stub.

Refactor code accordingly and remove the redundant RESTORE_ROUNDING_MODE
macro.

Signed-off-by: Thomas Schwinge <thomas@codesourcery.com>
Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
74797f40dc linux-user: Use the 5KEf processor for 64-bit emulation
Replace the 20Kc original MIPS64 ISA processor used for 64-bit user
emulation with the 5KEf processor that implements the MIPS64r2 ISA,
complementing the choice of the 24Kf processor for 32-bit emulation.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
1d725ae952 target-mips: Also apply the CP0.Status mask to MTTC0
Make CP0.Status writes made with the MTTC0 instruction respect this
register's mask just like all the other places.  Also preserve the
current values of masked out bits.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
cbb26c9a12 target-mips: gdbstub: Clean up FPU register handling
Rewrite the FPU register access parts of `mips_cpu_gdb_read_register'
and `mips_cpu_gdb_write_register' for consistency between each other.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
c48245f0c6 target-mips: Correct 32-bit address space wrapping
Make sure the address space is unconditionally wrapped on 32-bit
processors, that is ones that do not implement at least the MIPS III
ISA.

Also make MIPS16 SAVE and RESTORE instructions use address calculation
rather than plain arithmetic operations for stack pointer manipulation
so that their semantics for stack accesses follows the architecture
specification.  That in particular applies to user software run on
64-bit processors with the CP0.Status.UX bit clear where the address
space is wrapped to 32 bits.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
d922445020 target-mips: Tighten ISA level checks
Tighten ISA level checks down to MIPS II that many of our instructions
are missing.  Also make sure any 64-bit instruction enables are only
applied to 64-bit processors, that is ones that implement at least the
MIPS III ISA.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
90f12d735d target-mips: Fix CP0.Config3.ISAOnExc write accesses
Fix CP0.Config3.ISAOnExc write accesses on microMIPS processors.  This
bit is mandatory for any processor that implements the microMIPS
instruction set.  This bit is r/w for processors that implement both the
standard MIPS and the microMIPS instruction set.  This bit is r/o and
hardwired to 1 if only the microMIPS instruction set is implemented.

There is no other bit ever writable in CP0.Config3 so defining a
corresponding `CP0_Config3_rw_bitmask' member in `CPUMIPSState' is I
think an overkill.  Therefore make the ability to write the bit rely on
the presence of ASE_MICROMIPS set in the instruction flags.

The read-only case of the microMIPS instruction set being implemented
only can be added when we add support for such a configuration.  We do
not currently have such support, we have no instruction flag that would
control the presence of the standard MIPS instruction set nor any
associated code in instruction decoding.

This change is needed to boot a microMIPS Linux kernel successfully,
otherwise it hangs early on as interrupts are enabled and then the
exception handler invoked loops as its first instruction is interpreted
in the wrong execution mode and triggers another exception right away.
And then over and over again.

We already check the current setting of the CP0.Config3.ISAOnExc in
`set_hflags_for_handler' to set the ISA bit correctly on the exception
handler entry so it is the ability to set it that is missing only.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
27e1fb13f2 target-mips: Output CP0.Config2-5 in the register dump
Include CP0.Config2 through CP0.Config5 registers in the register dump
produced with the `info registers' monitor command.  Align vertically
with the registers already output.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
7215d7e7ae target-mips: Fix the 64-bit case for microMIPS MOVE16 and MOVEP
Fix microMIPS MOVE16 and MOVEP instructions on 64-bit processors by
using register addition operations.

This copies the approach taken with MIPS16 MOVE instructions (I8_MOV32R
and I8_MOVR32 opcodes) and follows the observation that OPC_ADDU expands
to tcg_gen_mov_tl whenever `rt' is 0 and `rs' is not, therefore copying
`rs' to `rd' verbatim.  This is not the case with OPC_ADDIU where a
sign-extension from bit #31 is made, unless in the uninteresting case of
`rs' being 0, losing the upper 32 bits of the value copied for any
proper 64-bit values.

This also serves as an optimization as one op is produced in generated
code rather than two (again, unless `rs' is 0, where it doesn't change
anything).

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:20 +00:00
Maciej W. Rozycki
81a423e6c6 target-mips: Correct the writes to Status and Cause registers via gdbstub
Make writes to CP0.Status and CP0.Cause have the same effect as
executing corresponding MTC0 instructions would in Kernel Mode.  Also
ignore writes in the user emulation mode.

Currently for requests from the GDB stub we write all the bits across
both registers, ignoring any read-only locations, and do not synchronise
the environment to evaluate side effects.  We also write these registers
in the user emulation mode even though a real kernel presents them as
read only.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
f88f79ec9d target-mips: Correct the handling of writes to CP0.Status for MIPSr6
Correct these issues with the handling of CP0.Status for MIPSr6:

* only ignore the bit pattern of 0b11 on writes to CP0.Status.KSU, that
  is for processors that do implement Supervisor Mode, let the bit
  pattern be written to CP0.Status.UM:R0 freely (of course the value
  written to read-only CP0.Status.R0 will be discarded anyway); this is
  in accordance to the relevant architecture specification[1],

* check the newly written pattern rather than the current contents of
  CP0.Status for the KSU bits being 0b11,

* use meaningful macro names to refer to CP0.Status bits rather than
  magic numbers.

References:

[1] "MIPS Architecture For Programmers, Volume III: MIPS64 / microMIPS64
    Privileged Resource Architecture", MIPS Technologies, Inc., Document
    Number: MD00091, Revision 6.00, March 31, 2014, Table 9.45 "Status
    Register Field Descriptions", pp. 210-211.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
c357747981 target-mips: Correct MIPS16/microMIPS branch size calculation
Correct MIPS16/microMIPS branch size calculation in PC adjustment
needed:

- to set the value of CP0.ErrorEPC at the entry to the reset exception,

- for the purpose of branch reexecution in the context of device I/O.

Follow the approach taken in `exception_resume_pc' for ordinary, Debug
and NMI exceptions.

MIPS16 and microMIPS branches can be 2 or 4 bytes in size and that has
to be reflected in calculation.  Original MIPS ISA branches, which is
where this code originates from, are always 4 bytes long, just as all
original MIPS ISA instructions.

Signed-off-by: Nathan Froyd <froydnj@codesourcery.com>
Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
8fc605b8aa target-mips: Restore the order of helpers
Restore the order of helpers that used to be: unary operations (generic,
then MIPS-specific), binary operations (generic, then MIPS-specific),
compare operations.  At one point FMA operations were inserted at a
random place in the file, disregarding the preexisting order, and later
on even more operations sprinkled across the file.  Revert the mess by
moving FMA operations to a new ternary class inserted after the binary
class and move the misplaced unary and binary operations to where they
belong.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
51fdea945a target-mips: Remove unused `FLOAT_OP' macro
Remove the `FLOAT_OP' macro, unused since commit
b6d96beda3 [Use temporary registers for
the MIPS FPU emulation.].

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
2b09f94cdb target-mips: Make `helper_float_cvtw_s' consistent with the remaining helpers
Move the call to `update_fcr31' in `helper_float_cvtw_s' after the
exception flag check, for consistency with the remaining helpers that do
it last too.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
d2bfa6e622 target-mips: Fix formatting in `decode_opc'
Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
6225a4a0e3 target-mips: Fix formatting in `mips_defs'
Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
d75de74967 target-mips: Fix formatting in `decode_extended_mips16_opc'
Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
4386f08767 target-mips: Enable vectored interrupt support for the 74Kf CPU
Enable vectored interrupt support for the 74Kf CPU, reflecting hardware.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
11f5ea105c target-mips: Add M14K and M14Kc MIPS32r2 microMIPS processors
Add the M14K and M14Kc processors from MIPS Technologies that are the
original implementation of the microMIPS ISA.  They are dual instruction
set processors, implementing both the microMIPS and the standard MIPSr32
ISA.

These processors correspond to the M4K and 4KEc CPUs respectively,
except with support for the microMIPS instruction set added, support for
the MCU ASE added and two extra interrupt lines, making a total of 8
hardware interrupts plus 2 software interrupts.  The remaining parts of
the microarchitecture, in particular the pipeline, stayed unchanged.

The presence of the microMIPS ASE is is reflected in the configuration
added.  We currently have no support for the MCU ASE, including in
particular the ACLR, ASET and IRET instructions in either encoding, and
we have no support for the extra interrupt lines, including bits in
CP0.Status and CP0.Cause registers, so these features are not marked,
making our support diverge from real hardware.

Signed-off-by: Sandra Loosemore <sandra@codesourcery.com>
Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
8280b12c0e target-mips: Make CP0.Config4 and CP0.Config5 registers signed
Make the data type used for the CP0.Config4 and CP0.Config5 registers
and their mask signed, for consistency with the remaining 32-bit CP0
registers, like CP0.Config0, etc.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
36b86e0dc2 target-mips: Add 5KEc and 5KEf MIPS64r2 processors
Add the 5KEc and 5KEf processors from MIPS Technologies that are the
original implementation of the MIPS64r2 ISA.

Silicon for these processors has never been taped out and no soft cores
were released even.  They do exist though, a CP0.PRId value has been
assigned and experimental RTLs produced at the time the MIPS64r2 ISA has
been finalized.  The settings introduced here faithfully reproduce that
hardware.

As far the implementation goes these processors are the same as the 5Kc
and the 5Kf CPUs respectively, except implementing the MIPS64r2 rather
than the original MIPS64 instruction set.  There must have been some
updates to the CP0 architecture as mandated by the ISA, such as the
addition of the EBase register, although I am not sure about the exact
details, no documentation has ever been produced for these processors.
The remaining parts of the microarchitecture, in particular the
pipeline, stayed unchanged.  Or to put it another way, the difference
between a 5K and a 5KE CPU corresponds to one between a 4K and a 4KE
CPU, except for the 64-bit rather than 32-bit ISA.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
c7d4d98ae7 target-mips: Make CP1.FIR read-only here too
CP1.FIR is read-only in hardware so gdbstub must respect it.  We already
respect it for CTC1 instructions, so do it here too.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Maciej W. Rozycki
800675f117 target-mips: Correct the handling of register #72 on writes
Fix an off-by-one error in `mips_cpu_gdb_write_register' for register
matching how `mips_cpu_gdb_read_register' handles it.  This register
slot is a fake anyway, there's nothing in hardware that corresponds to
it.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-12-16 12:45:19 +00:00
Dr. David Alan Gilbert
44a1f94684 MAINTAINERS: Update for migrated migration code
My previous patches migrated the migration code into migration/
but didn't update MAINTAINERS.

Note that does mean that the owner for block-migration.c
changes, but I'll ask block people what they want to do.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:36 +05:30
Dr. David Alan Gilbert
977184db39 Split the QEMU buffered file code out
The splitting of qemu-file and addition of the buffered file landed
at the same time; so now split the buffered file code out.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:36 +05:30
Dr. David Alan Gilbert
4f9d090012 Split struct QEMUFile out
Now we've got multiple QEMUFile source files, some of them need
access to things that were defined in qemu-file.c, so create
a -internal header for them.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:36 +05:30
Dr. David Alan Gilbert
329c9b10b6 Remove migration- pre/post fixes off files in migration/ dir
The general feeling is that having migration/migration-blah
is overkill.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:36 +05:30
Dr. David Alan Gilbert
60fe637bf0 Start migrating migration code into a migration directory
The migration code now occupies a fair chunk of the top level .c
files, it seems time to give it it's own directory.

I've not touched:
   arch_init.c - that's mostly RAM migration but has a few random other
                 bits
   savevm.c    - because it's built target specific

This is purely a code move; no code has changed.
   - it fails checkpatch because of old violations, it feels safer
     to keep this as purely a move and fix those at some mythical future
     date.

The xbzrle and vmstate tests are now only run for softmmu builds
since they require files in the migrate/ directory which is only built
for softmmu.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:36 +05:30
zhanghailiang
d6d69731f5 qmp-command.hx: add missing docs for migration capabilites
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:35 +05:30
Michael S. Tsirkin
b78accf614 cpu: verify that block->host is set
If it isn't, access at an offset will cause memory corruption.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:35 +05:30
Michael S. Tsirkin
fd5f3b6367 cpu: assert host pointer offset within block
Make accesses safer in case we missed some
check somewhere.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:35 +05:30
Michael S. Tsirkin
1240be2435 exec: add wrapper for host pointer access
host pointer accesses force pointer math, let's
add a wrapper to make them safer.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:35 +05:30
Amit Shah
68a5e38a7e MAINTAINERS: add include files to virtio-serial entry
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:35 +05:30
Amit Shah
1f51a5cb97 MAINTAINERS: add entry for virtio-rng
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:35 +05:30
Amit Shah
c55156402e MAINTAINERS: migration: add vmstate static checker files
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:35 +05:30
Amit Shah
7f4675c3f7 MAINTAINERS: Add myself to migration maintainers
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-12-16 17:47:35 +05:30
Peter Maydell
dfa9c2a0f4 Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
- Migration and linuxboot fixes for 2.2 regressions
- valgrind/KVM support
- small i386 patches
- PCI SD host controller support
- malloc/free cleanups from Markus (x86/scsi)
- IvyBridge model
- XSAVES support for KVM
- initial patches from record/replay

# gpg: Signature made Mon 15 Dec 2014 16:35:08 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (47 commits)
  sdhci: Support SDHCI devices on PCI
  sdhci: Define SDHCI PCI ids
  sdhci: Add "sysbus" to sdhci QOM types and methods
  sdhci: Remove class "virtual" methods
  sdhci: Set a default frequency clock
  serial: only resample THR interrupt on rising edge of IER.THRI
  serial: update LSR on enabling/disabling FIFOs
  serial: clean up THRE/TEMT handling
  serial: reset thri_pending on IER writes with THRI=0
  linuxboot: fix loading old kernels
  kvm/apic: fix 2.2->2.1 migration
  target-i386: add Ivy Bridge CPU model
  target-i386: add f16c and rdrand to Haswell and Broadwell
  target-i386: add VME to all CPUs
  pc: add 2.3 machine types
  i386: do not cross the pages boundaries in replay mode
  cpus: make icount warp behave well with respect to stop/cont
  timer: introduce new QEMU_CLOCK_VIRTUAL_RT clock
  cpu-exec: invalidate nocache translation if they are interrupted
  icount: introduce cpu_get_icount_raw
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-15 16:43:42 +00:00
Kevin O'Connor
224d10ff5a sdhci: Support SDHCI devices on PCI
Support for PCI devices following the "SD Host Controller Simplified
Specification Version 2.00" spec.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 17:34:44 +01:00
Kevin O'Connor
ece5e5bfa1 sdhci: Define SDHCI PCI ids
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 17:34:44 +01:00
Kevin O'Connor
7302dcd60b sdhci: Add "sysbus" to sdhci QOM types and methods
Update the sdhci sysbus QOM types and methods so that sysbus is in
their name.  This is in preparation for adding PCI versions of these
types and methods.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 17:34:44 +01:00
Kevin O'Connor
d368ba4376 sdhci: Remove class "virtual" methods
The SDHCIClass defines a series of class "methods".  However, no code
in the QEMU tree overrides these methods or even uses them outside of
sdhci.c.

Remove the virtual methods and replace them with direct calls to the
underlying functions.  This simplifies the process of extending the
sdhci code to support PCI devices (which have a different parent
class).

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 17:34:44 +01:00
Kevin O'Connor
c7ff8daacf sdhci: Set a default frequency clock
The Linux SDHCI PCI driver will only register the device if there is a
clock frequency set.  So, set a default frequency of 52Mhz.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 17:34:43 +01:00
Paolo Bonzini
1645b8eee5 serial: only resample THR interrupt on rising edge of IER.THRI
There is disagreement on whether LSR.THRE should be resampled when
IER.THRI goes from 1 to 1.  Bochs only does it if IER.THRI goes from 0
to 1; PCE does it even if IER.THRI is unchanged.  But the Windows driver
seems to always go from 1 to 0 and back to 1, so do things in agreement
with Bochs, because the handling of thr_ipending was reported in 2010
(https://lists.gnu.org/archive/html/qemu-devel/2010-03/msg01914.html)
as breaking DR-DOS Plus.

Reported-by: Roy Tam <roytam@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 17:34:42 +01:00
Paolo Bonzini
023c3a9707 serial: update LSR on enabling/disabling FIFOs
When the transmit FIFO is emptied or enabled, the transmitter
hold register is empty.  When it is disabled, it is also emptied and
in addition the previous contents of the transmitter hold register
are discarded.  In either case, the THRE bit in LSR must be set and
THRI raised.

When the receive FIFO is emptied or enabled, the data ready and break
bits must be cleared in LSR.  Likewise when the receive FIFO is disabled.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 17:34:05 +01:00
Paolo Bonzini
0d931d7062 serial: clean up THRE/TEMT handling
- assert TEMT is cleared before sending a character; we'll get one from
TSR if tsr_retry > 0, from the FIFO or THR otherwise

- assert THRE cleared and FIFO not empty (if enabled) before fetching a
character to send.  This effectively reverts dffacd46, but the check
makes no sense and commit f702e62 (serial: change retry logic to avoid
concurrency, 2014-07-11) must have made it unnecessary.  The commit
message for f702e62 talks about multiple calls to qemu_chr_fe_add_watch
triggering s->tsr_retry >= MAX_XMIT_RETRY, but other failures were
possible.  For example, if you have multiple calls, the subsequent ones
will see s->tsr_retry == 0 and will find THRE and/or TEMT on entry.

- for clarity, raise THRI immediately after the code sets THRE

- check THRE to see if another character has to be sent.  This makes
the assertions more obvious and also means TEMT has to be set as soon as
the loop ends.  It makes the loop send both TSR and THR if flow-control
happens in non-FIFO mode.  Previously, THR would be lost.

- clear TEMT together with THRE even in the non-FIFO case

The last two items are bugfixes, but they were just found by inspection
and do not squash known bugs.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 17:33:37 +01:00
Paolo Bonzini
4e02b0fcf5 serial: reset thri_pending on IER writes with THRI=0
This is responsible for failure of migration from 2.2 to 2.1, because
thr_ipending is always one in practice.

serial.c is setting thr_ipending unconditionally.  However, thr_ipending
is not used at all if THRI=0, and it will be overwritten again the next
time THRE or THRI changes.  For that reason, we can set thr_ipending to
zero every time THRI is reset.

There is disagreement on whether LSR.THRE should be resampled when IER.THRI
goes from 1 to 1.  This patch does not touch the code, leaving that for
QEMU 2.3+.

This has no semantic change and is enough to fix migration in the common
case where the interrupt is not pending or is reported in IIR.  It does not
change the migration format, so 2.2.0 -> 2.1 will remain broken but we
can fix 2.2.1 -> 2.1 without breaking 2.2.1 <-> 2.2.0.

The case that remains broken (the one in which the subsection is strictly
necessary) is when THRE=1, the THRI interrupt has *not* been acknowledged
yet, and a higher-priority interrupt comes.  In this case, you need the
subsection to tell the source that the lower-priority THRI interrupt is
pending.  The subsection's breakage of migration, in this case, prevents
continuing the VM on the destination with an invalid state.

Cc: qemu-stable@nongnu.org
Reported-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 14:35:53 +01:00
Paolo Bonzini
269e235849 linuxboot: fix loading old kernels
Old kernels that used high memory only allowed the initrd to be in the
first 896MB of memory.  If you load the initrd above, they complain
that "initrd extends beyond end of memory".

In order to fix this, while not breaking machines with small amounts
of memory fixed by cdebec5 (linuxboot: compute initrd loading address,
2014-10-06), we need to distinguish two cases.  If pc.c placed the
initrd at end of memory, use the new algorithm based on the e801
memory map.  If instead pc.c placed the initrd at the maximum address
specified by the bzImage, leave it there.

The only interesting part is that the low-memory info block is now
loaded very early, in real mode, and thus the 32-bit address has
to be converted into a real mode segment.  The initrd address is
also patched in the info block before entering real mode, it is
simpler that way.

This fixes booting the RHEL4.8 32-bit installation image with 1GB
of RAM.

Cc: qemu-stable@nongnu.org
Cc: mst@redhat.com
Cc: jsnow@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:03 +01:00
Paolo Bonzini
575a6f4082 kvm/apic: fix 2.2->2.1 migration
The wait_for_sipi field is set back to 1 after an INIT, so it was not
effective to reset it in kvm_apic_realize.  Introduce a reset callback
and reset wait_for_sipi there.

Reported-by: Igor Mammedov <imammedo@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Paolo Bonzini
2f9ac42acf target-i386: add Ivy Bridge CPU model
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Paolo Bonzini
78a611f193 target-i386: add f16c and rdrand to Haswell and Broadwell
Both were added in Ivy Bridge (for which we do not have a CPU model
yet!).

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Paolo Bonzini
b3a4f0b1a0 target-i386: add VME to all CPUs
vm86 mode extensions date back to the 486.  All models should have
them.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Paolo Bonzini
64bbd372f2 pc: add 2.3 machine types
The next patch will differentiate them.

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Pavel Dovgalyuk
5b9efc39ae i386: do not cross the pages boundaries in replay mode
This patch denies crossing the boundary of the pages in the replay mode,
because it can cause an exception. Do it only when boundary is
crossed by the first instruction in the block.
If current instruction already crossed the bound - it's ok,
because an exception hasn't stopped this code.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Pavel Dovgalyuk
bf2a7ddb0a cpus: make icount warp behave well with respect to stop/cont
This patch makes icount warp use the new QEMU_CLOCK_VIRTUAL_RT clock.
This way, icount's QEMU_CLOCK_VIRTUAL will never count time during which
the virtual machine is stopped.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Pavel Dovgalyuk
4e7fa73ec2 timer: introduce new QEMU_CLOCK_VIRTUAL_RT clock
This patch introduces new QEMU_CLOCK_VIRTUAL_RT clock, which
should be used for icount warping.  In the next patch, it
will be used to avoid a huge icount warp when a virtual
machine is stopped for a long time.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Pavel Dovgalyuk
d8a499f17e cpu-exec: invalidate nocache translation if they are interrupted
In this case, QEMU might longjmp out of cpu-exec.c and miss the final
cleanup in cpu_exec_nocache.  Do this manually through a new compile
flag.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Pavel Dovgalyuk
2a62914bd8 icount: introduce cpu_get_icount_raw
Separate accessing the instruction counter from the compensation for
speed and halting that are introduced by qemu_icount_bias.  This
introduces new infrastructure used by the record/replay patches.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Pavel Dovgalyuk
626cf8f4c6 icount: set can_do_io outside TB execution
This patch sets can_do_io function to allow reading icount
within cpu-exec, but outside TB execution.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Pavel Dovgalyuk
e511b4d783 cpu-exec: reset exception_index correctly
Exception index is reset at every entry at every entry into cpu_exec()
function. This may cause missing the exceptions while replaying them.
This patch moves exception_index reset to the locations where they are
processed.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Pavel Dovgalyuk
b4ac20b4df cpu-exec: fix cpu_exec_nocache
In icount mode cpu_exec_nocache function is used to execute part of the
existing TB. At the end of cpu_exec_nocache newly created TB is deleted.
Sometimes io_read function needs to recompile current TB and restart TB
lookup and execution. After that tb_find_fast function finds old (bigger)
TB again. This TB cannot be executed (because icount is not big enough)
and cpu_exec_nocache is called again. Such a loop continues over and over.
This patch deletes old TB and avoids finding it in the TB cache.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Paolo Bonzini
f8e1f53334 scsi-disk: provide maximum transfer length
The QEMU block layer has a limit of INT_MAX bytes per transfer.

Expose it in the block limits VPD page for both regular transfers
and WRITE SAME.

Reported-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Markus Armbruster
3c55fe2a13 scsi: Use g_new() & friends where that makes obvious sense
g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
for two reasons.  One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

This commit only touches allocations with size arguments of the form
sizeof(T).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Markus Armbruster
0bd0adbe5b scsi: Fuse g_malloc(); memset() into g_malloc0()
Coccinelle semantic patch:

    @@
    expression LHS, SZ;
    @@
    -       LHS = g_malloc(SZ);
    -       memset(LHS, 0, SZ);
    +       LHS = g_malloc0(SZ);

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Markus Armbruster
1c3381af32 scsi: Drop superfluous conditionals around g_free()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Markus Armbruster
e42a92ae64 x86: Drop some superfluous casts from void *
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Markus Armbruster
ab3ad07f89 x86: Use g_new() & friends where that makes obvious sense
g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
for two reasons.  One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

This commit only touches allocations with size arguments of the form
sizeof(T).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Markus Armbruster
4be34d1e21 x86: Fuse g_malloc(); memset() into g_malloc0()
Coccinelle semantic patch:

    @@
    expression LHS, SZ;
    @@
    -       LHS = g_malloc(SZ);
    -       memset(LHS, 0, SZ);
    +       LHS = g_malloc0(SZ);

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Markus Armbruster
18fc805534 x86: Drop superfluous conditionals around g_free()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:02 +01:00
Wanpeng Li
18cd2c17b5 target-i386: get/set/migrate XSAVES state
Add xsaves related definition, it also adds corresponding part
to kvm_get/put, and vmstate.

Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Paolo Bonzini
906b53a2de target-mips: kvm: do not use get_clock()
Use the external qemu-timer API instead.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Paolo Bonzini
0bb0b2d2fe target-i386: add feature flags for CPUID[EAX=0xd,ECX=1]
These represent xsave-related capabilities of the processor, and KVM may
or may not support them.

Add feature bits so that they are considered by "-cpu ...,enforce", and use
the new feature work instead of calling kvm_arch_get_supported_cpuid.

Bit 3 (XSAVES) is not migratables because it requires saving MSR_IA32_XSS.
Neither KVM nor any commonly available hardware supports it anyway.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Christian Borntraeger
e9af2fef24 coverity/s390x: avoid false positive in kvm_irqchip_add_adapter_route
Paolo Bonzini reported that Coverity reports an uninitialized pad value.
Let's use a designated initializer for kvm_irq_routing_entry to avoid
this false positive. This is similar to kvm_irqchip_add_msi_route and
other users of kvm_irq_routing_entry.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Christian Borntraeger
e6eef7c221 valgrind/s390x: avoid false positives on KVM_SET_FPU ioctl
struct kvm_fpu contains an alignment padding on s390x. Let's use a
designated initializer to avoid false positives from valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Christian Borntraeger
076796f8fd valgrind/i386: avoid false positives on KVM_SET_VCPU_EVENTS ioctl
struct kvm_vcpu_events contains reserved fields. Let's use a
designated initializer to avoid false positives in valgrind.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Christian Borntraeger
d19ae73e98 valgrind/i386: avoid false positives on KVM_GET_MSRS ioctl
struct kvm_msrs contains a pad field. Let's use a designated
initializer on the info part to avoid false positives from
valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Christian Borntraeger
c7fe4b1298 valgrind/i386: avoid false positives on KVM_SET_MSRS ioctl
struct kvm_msrs contains padding bytes. Let's use a designated
initializer on the info part to avoid false positives from
valgrind/memcheck. Do the same for generic MSRS, the TSC and
feature control.

We also need to zero out the reserved fields in the entries.
We do this in kvm_msr_entry_set as suggested by Paolo. This
avoids a big memset that a designated initializer on the
full structure would do.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Christian Borntraeger
bdfc8480c5 valgrind/i386: avoid false positives on KVM_SET_XCRS ioctl
struct kvm_xcrs contains padding bytes. Let's use a designated
initializer to avoid false positives from valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Christian Borntraeger
b0a0551283 valgrind/i386: avoid false positives on KVM_SET_PIT ioctl
struct kvm_pit_state2 contains pad fields. Let's use a designated
initializer to avoid false positives from valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Christian Borntraeger
5e0b7d8869 valgrind/i386: avoid false positives on KVM_SET_CLOCK ioctl
kvm_clock_data contains pad fields. Let's use a designated
initializer to avoid false positives from valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Christian Borntraeger
d229b985b5 valgrind: avoid false positives in KVM_GET_DIRTY_LOG ioctl
struct kvm_dirty_log contains padding fields that trigger false
positives in valgrind. Let's use a designated initializer to avoid
false positives from valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Eric Auger
9fc0e2d8ac vfio: use kvm_resamplefds_enabled()
Use the kvm_resamplefds_enabled function

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Eric Auger
f41389ae3c KVM_CAP_IRQFD and KVM_CAP_IRQFD_RESAMPLE checks
Compute kvm_irqfds_allowed by checking the KVM_CAP_IRQFD extension.
Remove direct settings in architecture specific files.

Add a new kvm_resamplefds_allowed variable, initialized by
checking the KVM_CAP_IRQFD_RESAMPLE extension. Add a corresponding
kvm_resamplefds_enabled() function.

A special notice for s390 where KVM_CAP_IRQFD was not immediatly
advirtised when irqfd capability was introduced in the kernel.
KVM_CAP_IRQ_ROUTING was advertised instead.

This was fixed in "KVM: s390: announce irqfd capability",
ebc3226202d5956a5963185222982d435378b899 whereas irqfd support
was brought in 84223598778ba08041f4297fda485df83414d57e,
"KVM: s390: irq routing for adapter interrupts".  Both commits
first appear in 3.15 so there should not be any kernel
version impacted by this QEMU modification.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Aurelien Jarno
9551ea6991 target-i386: simplify AES emulation
This patch simplifies the AES code, by directly accessing the newly added
S-Box, InvS-Box and InvMixColumns tables instead of recreating them by
using the AES_Te and AES_Td tables.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Drew DeVault
5eba5a6632 Add bootloader name to multiboot implementation
The name is set to "qemu".

Signed-off-by: Drew DeVault <sir@cmpwn.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Drew DeVault <sircmpwn@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-15 12:21:01 +01:00
Peter Maydell
54600752a1 Merge remote-tracking branch 'remotes/rth/tags/x86-next-20141214' into staging
Collected x86 patches

# gpg: Signature made Sun 14 Dec 2014 22:54:28 GMT using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/x86-next-20141214:
  target-i386: fix icount processing for repz instructions
  target-i386: fbld instruction doesn't set minus sign
  target-i386: Wrong conversion infinity from float80 to int32/int64

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-15 11:11:52 +00:00
Pavel Dovgalyuk
c4d4525c38 target-i386: fix icount processing for repz instructions
TCG generates optimized code for i386 repz instructions in single step mode.
It means that when ecx becomes 0, execution of the string instruction breaks
immediately without an additional iteration for ecx==0 (which will only check
ecx and set the flags). Omitting this iteration leads to different
instructions counting in singlestep mode and in normal execution.
This patch disables optimization of this last iteration for icount mode
which should be deterministic.

v2: inverted the condition and formatted the comment

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2014-12-14 16:48:38 -06:00
Dmitry Poletaev
18b41f95d2 target-i386: fbld instruction doesn't set minus sign
Signed-off-by: Dmitry Poletaev <poletaev-qemu@yandex.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2014-12-14 16:34:29 -06:00
Dmitry Poletaev
ea32aaf1a7 target-i386: Wrong conversion infinity from float80 to int32/int64
Signed-off-by: Dmitry Poletaev <poletaev-qemu@yandex.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2014-12-14 16:34:29 -06:00
Peter Maydell
e0d3795654 Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
# gpg: Signature made Fri 12 Dec 2014 17:09:56 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  linux-aio: simplify removal of completed iocbs from the list
  linux-aio: drop return code from laio_io_unplug and ioq_submit
  linux-aio: rename LaioQueue idx field to "n"
  linux-aio: track whether the queue is blocked
  linux-aio: queue requests that cannot be submitted
  block: drop unused bdrv_clear_incoming_migration_all() prototype
  block: Don't add trailing space in "Formating..." message
  qemu-iotests: Remove traling whitespaces in *.out
  block: vhdx - set .bdrv_has_zero_init to bdrv_has_zero_init_1
  iotests: Fix test 039
  iotests: Filter for "Killed" in qemu-io output
  qemu-io: Add sigraise command
  block: vhdx - change .vhdx_create default block state to ZERO
  block: vhdx - update PAYLOAD_BLOCK_UNMAPPED value to match 1.00 spec
  block: vhdx - remove redundant comments
  block/rbd: fix memory leak
  iotests: Add test for vmdk JSON file names
  vmdk: Fix error for JSON descriptor file names
  block migration: fix return value

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-12 17:10:44 +00:00
Paolo Bonzini
82595da8de linux-aio: simplify removal of completed iocbs from the list
There is no need to do another O(n) pass on the list; the iocb to
split the list at is already available through the array we passed to
io_submit.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1418305950-30924-6-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 16:57:55 +00:00
Paolo Bonzini
de35464461 linux-aio: drop return code from laio_io_unplug and ioq_submit
These are unused.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1418305950-30924-5-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 16:57:55 +00:00
Paolo Bonzini
8455ce053a linux-aio: rename LaioQueue idx field to "n"
It does not identify an index in an array anymore.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1418305950-30924-4-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 16:57:55 +00:00
Paolo Bonzini
43f2376e09 linux-aio: track whether the queue is blocked
Avoid that unplug submits requests when io_submit reported that it
couldn't accept more; at the same time, try more io_submit calls if it
could handle the whole set of requests that were passed, so that the
"blocked" flag is reset as soon as possible.

After the previous patch, laio_submit already tried to avoid submitting
requests to a blocked queue, by comparing s->io_q.idx with "==" instead
of the more natural ">=".  Switch to the simpler expression now that we
have the "blocked" flag.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1418305950-30924-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 16:57:55 +00:00
Paolo Bonzini
28b240877b linux-aio: queue requests that cannot be submitted
Keep a queue of requests that were not submitted; pass them to
the kernel when a completion is reported, unless the queue is
plugged.

The array of iocbs is rebuilt every time from scratch.  This
avoids keeping the iocbs array and list synchronized.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1418305950-30924-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 16:57:55 +00:00
Stefan Hajnoczi
b5cf2c1b08 block: drop unused bdrv_clear_incoming_migration_all() prototype
The bdrv_clear_incoming_migration_all() function has not existed since
commit 7ea2d269cb ("block/migration:
Disable cache invalidate for incoming migration").

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1418212937-22222-1-git-send-email-stefanha@redhat.com
2014-12-12 16:55:16 +00:00
Fam Zheng
43c5d8f800 block: Don't add trailing space in "Formating..." message
Change the message printing code to output a separator for each option
string before it instead of after, then we don't one more extra ' ' in
the end.

To update qemu-iotests output files, most of the times one would just
copy the *.out.bad to *.out. With this change we will not have the
space disliked by checkpatch.pl.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1418110684-19528-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 16:52:33 +00:00
Fam Zheng
7486458c33 qemu-iotests: Remove traling whitespaces in *.out
This is simply:

  $ cd tests/qemu-iotests; sed -i -e 's/ *$//' *.out

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1418110684-19528-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 16:52:33 +00:00
Jeff Cody
85b712c9d5 block: vhdx - set .bdrv_has_zero_init to bdrv_has_zero_init_1
Now that new VHDX images will default to BAT block states of
PAYLOAD_BLOCK_ZERO, we can indicate that VHDX has zero init.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 5e582703e36450b9ca939e2e5c9fa3930030f7fe.1418018421.git.jcody@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 16:35:35 +00:00
Max Reitz
3f394472c5 iotests: Fix test 039
Test 039 used qemu-io -c abort for simulating a qemu crash; however,
abort() generally results in a core dump and ulimit -c 0 is no reliable
way of preventing that. Use "sigraise $(kill -l KILL)" instead to have
it crash without a core dump.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1418032092-16813-4-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 15:48:26 +00:00
Max Reitz
9e0c3e8df5 iotests: Filter for "Killed" in qemu-io output
_filter_qemu_io already filters out the process ID when qemu-io is
aborted; the same should be done when it is killed.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1418032092-16813-3-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 15:48:26 +00:00
Max Reitz
0e82dc7bbd qemu-io: Add sigraise command
abort() has the sometimes undesirable side-effect of generating a core
dump. If that is not needed, SIGKILL has the same effect of abruptly
crash qemu; without a core dump.

Thus, -c abort is not always useful to simulate a qemu-io crash;
therefore, this patch adds a new sigraise command which allows raising
a signal.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1418032092-16813-2-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 15:48:26 +00:00
Jeff Cody
30af51ce7f block: vhdx - change .vhdx_create default block state to ZERO
The VHDX spec specifies that the default new block state is
PAYLOAD_BLOCK_NOT_PRESENT for a dynamic VHDX image, and
PAYLOAD_BLOCK_FULLY_PRESENT for a fixed VHDX image.

However, in order to create space-efficient VHDX images with qemu-img
convert, it is desirable to be able to set has_zero_init to true for
VHDX.

There is currently an option when creating VHDX images, to use block
state ZERO for new blocks.  However, this currently defaults to 'off'.
In order to be able to eventually set has_zero_init to true for VHDX,
this needs to default to 'on'.

This patch changes the default to 'on', and provides some help
information to warn against setting it to 'off' when using qemu-img
convert.

[Max Reitz pointed out that a full stop was missing at the end of the
VHDX_BLOCK_OPT_ZERO option help text.  I have added it.
--Stefan]

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 85164899eacc86e150c3ceba793cf93b398dedd7.1418018421.git.jcody@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 15:42:49 +00:00
Jeff Cody
a9d1e9daa5 block: vhdx - update PAYLOAD_BLOCK_UNMAPPED value to match 1.00 spec
The 0.95 VHDX spec defined PAYLOAD_BLOCK_UNMAPPED to be 5.  The 1.00
VHDX spec redefines PAYLOAD_BLOCK_UNMAPPED to be 3 instead.

The original value of 5 is now an undefined state in the spec, but it
should be safe to treat it the same and return zeros for data read.
This way, we can maintain compatibility with any images out in the wild
that may have been created in accordance to the 0.95 spec.

Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 8a4d2da73a8dbc04cde62bea782fc09ff84b1cf1.1418018421.git.jcody@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 15:42:22 +00:00
Jeff Cody
0571df44a1 block: vhdx - remove redundant comments
Minor cleanup.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: e8718ae3fd3e40a527e46a00e394973fbaab4d53.1418018421.git.jcody@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 15:42:22 +00:00
Gonglei
9281dbe653 block/rbd: fix memory leak
Variable local_err going out of scope
leaks the storage it points to.

Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Message-id: 1417674851-6248-1-git-send-email-arei.gonglei@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 13:16:56 +00:00
Max Reitz
942764cc32 iotests: Add test for vmdk JSON file names
Add a test for vmdk files which use a file with a JSON file name, and
which then try to open extents. That should fail and the error message
should at least try to look helpful.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417615043-26174-3-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 13:14:10 +00:00
Max Reitz
5c98415b2a vmdk: Fix error for JSON descriptor file names
If vmdk blindly tries to use path_combine() using bs->file->filename as
the base file name, this will result in a bad error message for JSON
file names when calling bdrv_open(). It is better to only try
bs->file->exact_filename; if that is empty, bs->file->filename will be
useless for path_combine() and an error should be emitted (containing
bs->file->filename because desc_file_path (which is
bs->file->exact_filename) is empty).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417615043-26174-2-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 13:14:10 +00:00
Gary R Hook
ebd9fbd7e1 block migration: fix return value
Modify block_save_iterate() to return positive/zero/negative
(success/not done/failure) return status. The computation of
the blocks transferred (an int64_t) exceeds the size of an
int return value.

Signed-off-by: Gary R Hook <gary.hook@nimboxx.com>
Reviewed-by: ChenLiang <chenliang88@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1416958202-15913-1-git-send-email-gary.hook@nimboxx.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12 10:29:44 +00:00
Peter Maydell
99c9c3cb24 Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2014-12-11' into staging
trivial patches for 2014-12-11

# gpg: Signature made Thu 11 Dec 2014 18:13:58 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"

* remotes/mjt/tags/pull-trivial-patches-2014-12-11:
  Sort include/qemu/typedefs.h
  hpet: increase spelling precision
  pflash_cfi02.c: associate "cfi.pflash02" to "Storage devices" category
  vt82c686: fix coverity warning about out-of-bounds write
  virtio: remove useless declaration of virtio_net_init()
  qapi-schema: fix typo about change-vnc-password
  fw_cfg: remove superfluous blank line
  get_maintainer.pl: Remove the --git-chief-penguins option
  configure: Replace which(1) with "has"
  util: Use g_new() & friends where that makes obvious sense
  util: Fuse g_malloc(); memset() into g_new0()
  util: Drop superfluous conditionals around g_free()
  Drop superfluous conditionals around g_strdup()
  Drop superfluous conditionals around qemu_opts_del()
  usb: delete redundant brackets in usb_host_handle_control()
  virtio-bus: avoid breaking build when open DEBUG switch
  acpi-build: Make DPRINTF working for acpi-build
  acpi-build: adjust indention 8 -> 4 spaces
  target-s390x: fix possible out of bounds read
  qmp: fix typo in input-send-event examples

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 18:27:02 +00:00
Dr. David Alan Gilbert
64baadc272 Sort include/qemu/typedefs.h
Mainly to make it less likely to conflict during merges.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-11 21:00:30 +03:00
Stefan Hajnoczi
97c61fb78a hpet: increase spelling precision
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-11 20:57:11 +03:00
Peter Maydell
b141290478 Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20141211' into staging
target-arm queue:
 * pass semihosting exit code out to system
 * more TrustZone support code (still not enabled yet)
 * allow user to direct semihosting to gdb or native explicitly
   rather than always auto-guessing the destination
 * fix memory leak in realview_init
 * fix coverity warning in hw/arm/boot
 * get state migration working for AArch64 CPUs
 * check errors in kvm_arm_reset_vcpu

# gpg: Signature made Thu 11 Dec 2014 12:16:19 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20141211: (33 commits)
  target-arm: Check error conditions on kvm_arm_reset_vcpu
  target-arm: Support save/load for 64 bit CPUs
  target-arm/kvm: make reg sync code common between kvm32/64
  arm_gic_kvm: Tell kernel about number of IRQs
  hw/arm/boot: fix uninitialized scalar variable warning reported by coverity
  hw/arm/realview.c: Fix memory leak in realview_init()
  target-arm: make MAIR0/1 banked
  target-arm: make c13 cp regs banked (FCSEIDR, ...)
  target-arm: make VBAR banked
  target-arm: make PAR banked
  target-arm: make IFAR/DFAR banked
  target-arm: make DFSR banked
  target-arm: make IFSR banked
  target-arm: make DACR banked
  target-arm: make TTBCR banked
  target-arm: make TTBR0/1 banked
  target-arm: make CSSELR banked
  target-arm: respect SCR.FW, SCR.AW and SCTLR.NMFI
  target-arm: add SCTLR_EL3 and make SCTLR banked
  target-arm: add MVBAR support
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 16:47:23 +00:00
Peter Maydell
7c3843332d Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches for 2.3

# gpg: Signature made Wed 10 Dec 2014 09:31:53 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream: (73 commits)
  vmdk: Set errp on failures in vmdk_open_vmdk4
  vmdk: Remove unnecessary initialization
  vmdk: Check descriptor file length when reading it
  vmdk: Clean up descriptor file reading
  vmdk: Fix comment to match code of extent lines
  vmdk: Use g_random_int to generate CID
  block: Use g_new0() for a bit of extra type checking
  block: remove BLOCK_OPT_NOCOW from vpc_create_opts
  block: remove BLOCK_OPT_NOCOW from vdi_create_opts
  qemu-iotests: Skip 099 for VMDK subformats with desc file
  block/raw-posix: Fix ret in raw_open_common()
  qcow2: Respect bdrv_truncate() error
  qcow2: Flushing the caches in qcow2_close may fail
  qcow2: Prevent numerical overflow
  iotests: Add test for unsupported image creation
  iotests: Only kill NBD server if it runs
  qemu-img: Check create_opts before image amendment
  qemu-img: Check create_opts before image creation
  block: Check create_opts before image creation
  block/nfs: Add create_opts
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:36:32 +00:00
Christoffer Dall
25f2895e0e target-arm: Check error conditions on kvm_arm_reset_vcpu
When resetting a VCPU we currently call both kvm_arm_vcpu_init() and
write_kvmstate_to_list(), both of which can fail, but we never check the
return value.

The only choice here is to print an error an exit if the calls fail.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418039630-11773-1-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:53 +00:00
Peter Maydell
a7130a3ef9 target-arm: Support save/load for 64 bit CPUs
For migration to work on 64 bit CPUs, we need to include both
the 64-bit integer register file and the PSTATE. Everything
else is either stored in the same place as existing 32-bit CPU
state or handled by the generic sysreg mechanism.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1417788683-4038-3-git-send-email-peter.maydell@linaro.org
2014-12-11 12:07:53 +00:00
Alex Bennée
38df27c8a7 target-arm/kvm: make reg sync code common between kvm32/64
Before we launch a guest we query KVM for the list of "co-processor"
registers it knows about. This is used to synchronize system
register state for the bulk of coprocessor/system registers.
Move this code from the 32-bit specific vcpu init function into
a common routine and call it also from the 64-bit vcpu init.

This allows system registers to migrate correctly when using
KVM, and also permits QEMU code to see the current KVM register
state (which will be needed to support big-endian guests, since
the virtio endianness callback must check for some system register
settings).

Since vcpu reset also has to sync registers, we move the
32 bit kvm_arm_reset_vcpu() into common code as well and
share it with the 64 bit version.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
[PMM: just copy the 32-bit code rather than improving it along the way;
 don't share reg_syncs_via_tuple_list() between 32 and 64 bit;
 tweak function names; move reset]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:53 +00:00
Peter Maydell
72149414e2 arm_gic_kvm: Tell kernel about number of IRQs
Newer kernels support a device attribute on the GIC which allows us to
tell it how many IRQs this GIC instance is configured with; use it, if
it exists.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1417718679-1071-1-git-send-email-peter.maydell@linaro.org
2014-12-11 12:07:53 +00:00
zhanghailiang
a554ecb49d hw/arm/boot: fix uninitialized scalar variable warning reported by coverity
Coverity reports the 'size' may be used uninitialized, but that can't happen,
because the caller has checked "if (binfo->dtb_filename || binfo->get_dtb)"
before call 'load_dtb'.

Here we simply remove the 'if (binfo->get_dtb)' to satisfy coverity.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Message-id: 1416826240-12368-1-git-send-email-zhang.zhanghailiang@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:53 +00:00
Nikita Belov
b1ab03af89 hw/arm/realview.c: Fix memory leak in realview_init()
Variable 'ram_lo' is allocated unconditionally, but used only in some cases.
When it is unused pointer will be lost at function exit, resulting in a
memory leak. Allocate memory for 'ram_lo' only if it is needed.

Valgrind output:
==16879== 240 bytes in 1 blocks are definitely lost in loss record 6,033 of 7,018
==16879==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16879==    by 0x33D2CE: malloc_and_trace (vl.c:2804)
==16879==    by 0x509E610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==16879==    by 0x288836: realview_init (realview.c:55)
==16879==    by 0x28988C: realview_pb_a8_init (realview.c:375)
==16879==    by 0x341426: main (vl.c:4413)

Signed-off-by: Nikita Belov <zodiac@ispras.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:52 +00:00
Greg Bellows
be693c87e4 target-arm: make MAIR0/1 banked
Added CP register info entries for the ARMv7 MAIR0/1 secure banks.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-26-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:52 +00:00
Fabian Aggeler
54bf36ed35 target-arm: make c13 cp regs banked (FCSEIDR, ...)
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
FCSEIDR, CONTEXTIDR, TPIDRURW, TPIDRURO and TPIDRPRW have a secure
and a non-secure instance.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-25-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:52 +00:00
Greg Bellows
fb6c91ba2b target-arm: make VBAR banked
When EL3 is running in Aarch32 (or ARMv7 with Security Extensions)
VBAR has a secure and a non-secure instance, which are mapped to
VBAR_EL1 and VBAR_EL3.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-24-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:52 +00:00
Fabian Aggeler
01c097f796 target-arm: make PAR banked
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
PAR has a secure and a non-secure instance.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-23-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:52 +00:00
Fabian Aggeler
b848ce2b9c target-arm: make IFAR/DFAR banked
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
IFAR and DFAR have a secure and a non-secure instance.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-22-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:51 +00:00
Fabian Aggeler
4a7e2d7315 target-arm: make DFSR banked
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
DFSR has a secure and a non-secure instance.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-21-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:51 +00:00
Fabian Aggeler
88ca1c2d70 target-arm: make IFSR banked
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
IFSR has a secure and a non-secure instance.  Adds IFSR32_EL2 definition and
storage.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-20-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:51 +00:00
Fabian Aggeler
0c17d68c1d target-arm: make DACR banked
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
DACR has a secure and a non-secure instance.  Adds definition for DACR32_EL2.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-19-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:51 +00:00
Fabian Aggeler
11f136ee25 target-arm: make TTBCR banked
Adds secure and non-secure bank register suport for TTBCR.
Added new struct to compartmentalize the TCR data and masks.  Removed old
tcr/ttbcr data and added a 4 element array of the new structs in cp15.  This
allows for one entry per EL.  Added a CP register definition for TCR_EL3.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-18-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:51 +00:00
Fabian Aggeler
7dd8c9af0d target-arm: make TTBR0/1 banked
Adds secure and non-secure bank register suport for TTBR0 and TTBR1.
Changes include adding secure and non-secure instances of ttbr0 and ttbr1 as
well as a CP register definition for TTBR0_EL3.  Added a union containing
both EL based array fields and secure and non-secure fields mapped to them.
Updated accesses to use A32_BANKED_CURRENT_REG_GET macro.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-17-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:51 +00:00
Fabian Aggeler
b85a1fd61c target-arm: make CSSELR banked
Rename CSSELR (cache size selection register) and add secure
instance (AArch32).

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-16-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:50 +00:00
Fabian Aggeler
6e8801f9de target-arm: respect SCR.FW, SCR.AW and SCTLR.NMFI
Add checks of SCR AW/FW bits when performing writes of CPSR.  These SCR bits
are used to control whether the CPSR masking bits can be adjusted from
non-secure state.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-15-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:50 +00:00
Fabian Aggeler
137feaa9a1 target-arm: add SCTLR_EL3 and make SCTLR banked
Implements SCTLR_EL3 and uses secure/non-secure instance when
needed.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-14-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:50 +00:00
Fabian Aggeler
e89e51a17e target-arm: add MVBAR support
Use MVBAR register as exception vector base address for
exceptions taken to CPU monitor mode.

Signed-off-by: Sergey Fedorov <s.fedorov@samsung.com>
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-13-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:50 +00:00
Greg Bellows
144634ae6c target-arm: add SDER definition
Added CP register defintions for SDER and SDER32_EL3 as well as cp15.sder for
register storage.

Signed-off-by: Sergey Fedorov <s.fedorov@samsung.com>
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-12-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:50 +00:00
Fabian Aggeler
770225764f target-arm: add NSACR register
Implements NSACR register with corresponding read/write functions
for ARMv7 and ARMv8.

Signed-off-by: Sergey Fedorov <s.fedorov@samsung.com>
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-11-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:49 +00:00
Fabian Aggeler
de38d23b54 target-arm: implement IRQ/FIQ routing to Monitor mode
SCR.{IRQ/FIQ} bits allow to route IRQ/FIQ exceptions to monitor CPU
mode. When taking IRQ exception to monitor mode FIQ exception is
additionally masked.

Signed-off-by: Sergey Fedorov <s.fedorov@samsung.com>
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-10-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:49 +00:00
Fabian Aggeler
0f1a3b2470 target-arm: move AArch32 SCR into security reglist
Define a new ARM CP register info list for the ARMv7 Security Extension
feature. Register that list only for ARM cores with Security Extension/EL3
support. Moving AArch32 SCR into Security Extension register group.

Signed-off-by: Sergey Fedorov <s.fedorov@samsung.com>
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-9-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:49 +00:00
Fabian Aggeler
3f3c82a57d target-arm: insert AArch32 cpregs twice into hashtable
Prepare for cp register banking by inserting every cp register twice,
once for secure world and once for non-secure world.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-8-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:49 +00:00
Peter Maydell
51a79b0397 target-arm: add secure state bit to CPREG hash
Added additional NS-bit to CPREG hash encoding.  Updated hash lookup
locations to specify hash bit currently set to non-secure.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-7-git-send-email-greg.bellows@linaro.org
[PMM: fix uses of ENCODE_CP_REG in kvm32.c to add extra argument]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:49 +00:00
Fabian Aggeler
c3e3026062 target-arm: add CPREG secure state support
Prepare ARMCPRegInfo to support specifying two fieldoffsets per
register definition. This will allow us to keep one register
definition for banked registers (different offsets for secure/
non-secure world).

Also added secure state tracking field and flags.  This allows for
identification of the register info secure state.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-6-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:49 +00:00
Sergey Fedorov
3f342b9e0e target-arm: add non-secure Translation Block flag
This patch is based on idea found in patch at
git://github.com/jowinter/qemu-trustzone.git
f3d955c6c0ed8c46bc0eb10b634201032a651dd2 by
Johannes Winter <johannes.winter@iaik.tugraz.at>.

The TBFLAG captures the SCR NS secure state at the time when a TB is created so
the correct bank is accessed on system register accesses.

Signed-off-by: Sergey Fedorov <s.fedorov@samsung.com>
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-5-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:48 +00:00
Fabian Aggeler
ea30a4b824 target-arm: add banked register accessors
If EL3 is in AArch32 state certain cp registers are banked (secure and
non-secure instance). When reading or writing to coprocessor registers
the following macros can be used.

- A32_BANKED macros are used for choosing the banked register based on provided
  input security argument.  This macro is used to choose the bank during
  translation of MRC/MCR instructions that are dependent on something other
  than the current secure state.
- A32_BANKED_CURRENT macros are used for choosing the banked register based on
  current secure state.  This is NOT to be used for choosing the bank used
  during translation as it breaks monitor mode.

If EL3 is operating in AArch64 state coprocessor registers are not
banked anymore. The macros use the non-secure instance (_ns) in this
case, which is architecturally mapped to the AArch64 EL register.

Signed-off-by: Sergey Fedorov <s.fedorov@samsung.com>
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-4-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:48 +00:00
Greg Bellows
0eeb17d618 target-arm: add async excp target_el function
Adds a dedicated function and a lookup table for determining the target
exception level of IRQ and FIQ exceptions.  The lookup table is taken from the
ARMv7 and ARMv8 specification exception routing tables.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-3-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:48 +00:00
Greg Bellows
57e3a0c7cb target-arm: extend async excp masking
This patch extends arm_excp_unmasked() to use lookup tables for determining
whether IRQ and FIQ exceptions are masked.  The lookup tables are based on the
ARMv8 and ARMv7 specification physical interrupt masking tables.

If EL3 is using AArch64 IRQ/FIQ masking is ignored in all exception levels
other than EL3 if SCR.{FIQ|IRQ} is set to 1 (routed to EL3).

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-2-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:48 +00:00
Liviu Ionescu
a38bb0792c Add the "-semihosting-config" option.
The usual semihosting behaviour is to process the system calls locally and
return; unfortuantelly the initial implementation dinamically changed the
target to GDB during debug sessions, which, for the usual arm-none-eabi-gdb,
is not implemented. The result was that during debug sessions the semihosting
calls were discarded.

This patch adds a configuration variable and an option to set it on the
command line:

    -semihosting-config [enable=on|off,]target=native|gdb|auto

This option enables semihosting and defines where the semihosting calls will
be addressed, to QEMU ('native') or to GDB ('gdb'). The default is auto, which
means 'gdb' during debug sessions and 'native' otherwise.

Signed-off-by: Liviu Ionescu <ilg@livius.net>
Message-id: 1416341957-9796-1-git-send-email-ilg@livius.net
[PMM: moved declaration and definition of semihosting_target to
 gdbstub.h and gdbstub.c to fix build failure on linux-user]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:48 +00:00
Liviu Ionescu
1ecc3a2df1 Pass semihosting exit code back to system.
In order to run unit tests under semihosting, it is necessary to pass the
application exit code back to the system.

ARM defines only the code to be used for non-error application exit
(ADP_Stopped_ApplicationExit), all other codes should return non-zero
exit codes.

This patch checks if the application code passed via TARGET_SYS_EXIT is
ADP_Stopped_ApplicationExit, and return 0, otherwise return 1.

Signed-off-by: Liviu Ionescu <ilg@livius.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 12:07:48 +00:00
Peter Maydell
a09f2d16f6 Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-20141210' into staging
TriCore BOL, BRC, BRN, BRR, RC, RCPW, RCRR, RCR, RLC and RCR insn added

# gpg: Signature made Wed 10 Dec 2014 11:21:58 GMT using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"

* remotes/bkoppelmann/tags/pull-tricore-20141210:
  target-tricore: Add instructions of RCR opcode format
  target-tricore: Add instructions of RLC opcode format
  target-tricore: Add instructions of RCPW, RCRR and RCRW opcode format
  target-tricore: Make TRICORE_FEATURES implying others.
  target-tricore: Add instructions of RC opcode format
  target-tricore: Add instructions of BRR opcode format
  target-tricore: Add instructions of BRN opcode format
  target-tricore: Add instructions of BRC opcode format
  target-tricore: Add instructions of BOL opcode format

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 11:41:11 +00:00
Peter Maydell
67a5eebca1 Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20141210-1' into staging
vnc-enc-tight fix, keymaps code style.

# gpg: Signature made Wed 10 Dec 2014 09:24:33 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vnc-20141210-1:
  keymaps: correct keymaps.c following Qemu coding style
  vnc-enc-tight: fix Arguments in wrong order

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-11 11:19:57 +00:00
Antony Pavlov
df6f93182a pflash_cfi02.c: associate "cfi.pflash02" to "Storage devices" category
Signed-off-by: Antony Pavlov <antonynpavlov@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 14:29:25 +03:00
Bastian Koppelmann
328f1f0f08 target-tricore: Add instructions of RCR opcode format
Add instructions of RCR opcode format.
Add helper for madd32/64_ssov and madd32/64_suov.
Add helper for msub32/64_ssov and msub32/64_suov.
Add microcode generator function madd/msub for 32bit and 64bit, which calculate a mul and a add/sub.
OPC2_32_RCR_MSUB_U_32 -> OPC2_32_RCR_MSUB_U_32.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-10 11:13:45 +00:00
Bastian Koppelmann
2b2f7d97d8 target-tricore: Add instructions of RLC opcode format
Add instructions of RLC opcode format.
Add helper psw_write/read.
Add microcode generator gen_mtcr/mfcr, which loads/stores a value to a core special function register, which are defined in csfr.def

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-10 11:13:45 +00:00
Bastian Koppelmann
ed51626066 target-tricore: Add instructions of RCPW, RCRR and RCRW opcode format
Add instructions of RCPW, RCRR and RCRW opcode format.
Add microcode generator function gen_insert.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-10 11:13:45 +00:00
Bastian Koppelmann
47e04430ed target-tricore: Make TRICORE_FEATURES implying others.
Since all the TriCore instructionsets are subsets of each other (1.3 C 1.3.1 C 1.6),
make the features implying each other, e.g 1.6 also has 1.3.1 and 1.3. This way
we only need to check our features for the instructionset, where a instruction was first introduced.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-10 11:13:45 +00:00
Bastian Koppelmann
0974257ed5 target-tricore: Add instructions of RC opcode format
Add instructions of RC opcode format.
Add helper for mul, sha, absdif with signed saturation on overflow.
Add helper for add, sub, mul with unsigned saturation on overflow.
Add microcode generator functions:
    * gen_add_CC, which calculates the carry bit.
    * gen_addc_CC, which adds the carry bit to the add and calculates the carry bit.
    * gen_absdif, which calculates the absolute difference.
    * gen_mul_i64s/u, which mul two 32 bits val into one 64bit reg.
    * gen_sh_hi, which shifts two 16bit words in one reg.
    * gen_sha_hi, which does a arithmetic shift on two 16bit words.
    * gen_sh_cond, which shifts left a reg by one and writes the result of cond into the lsb.
    * gen_accumulating_cond, which ands/ors/xors the result of cond of the lsbs
      with the lsb of the result.
    * gen_eqany_bi/hi, which checks ever byte/hword on equality.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-10 11:13:45 +00:00
Bastian Koppelmann
a68e0d547f target-tricore: Add instructions of BRR opcode format
Add instructions of BRR opcode format.
Add MASK_OP_BRR_DISP15_SEXT.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-10 11:13:45 +00:00
Bastian Koppelmann
83c1bb1868 target-tricore: Add instructions of BRN opcode format
Add instructions of BRN opcode format.
Add MASK_OP_BRN_DISP15_SEXT.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-10 11:13:45 +00:00
Bastian Koppelmann
fc2ef4a391 target-tricore: Add instructions of BRC opcode format
Add instructions of BRC opcode format.
Fixed OP2_BRC_JGE -> OP2_32_BRC_JGE

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-10 11:13:45 +00:00
Bastian Koppelmann
3fb763cb55 target-tricore: Add instructions of BOL opcode format
Add instructions of BOL opcode format.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-12-10 11:13:44 +00:00
Fam Zheng
d899d2e248 vmdk: Set errp on failures in vmdk_open_vmdk4
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1417649314-13704-7-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:21 +01:00
Fam Zheng
9aeecbbc62 vmdk: Remove unnecessary initialization
It will be assigned to the return value of vmdk_read_desc.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1417649314-13704-6-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:21 +01:00
Fam Zheng
03c3359dfc vmdk: Check descriptor file length when reading it
Since a too small file cannot be a valid VMDK image, and also since the
buffer's first 4 bytes will be unconditionally examined by
vmdk_open_sparse, let's error out the small file case to be clear.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
Message-id: 1417649314-13704-5-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:21 +01:00
Fam Zheng
73b7bcad43 vmdk: Clean up descriptor file reading
Zeroing a buffer that will be filled right after is not necessary, and
allocating a power of two + 1 is naughty.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1417649314-13704-4-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:21 +01:00
Fam Zheng
8a3e0bc370 vmdk: Fix comment to match code of extent lines
commit 04d542c8b (vmdk: support vmfs files) added support of VMFS extent
type but the comment above the changed code is left out. Update the
comment so they are consistent.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
Message-id: 1417649314-13704-3-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:21 +01:00
Fam Zheng
e5dc64b8ff vmdk: Use g_random_int to generate CID
This replaces two "time(NULL)" invocations with "g_random_int()".
According to VMDK spec, CID "is a random 32‐bit value updated the first
time the content of the virtual disk is modified after the virtual disk
is opened". Using "seconds since epoch" is just a "lame way" to generate
it, and not completely safe because of the low precision.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1417649314-13704-2-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:21 +01:00
Markus Armbruster
3ba235a022 block: Use g_new0() for a bit of extra type checking
g_new(T, 1) is safer than g_malloc(sizeof(T)), because it returns T *
rather than void *, which lets the compiler catch more type errors.

Missed in commit 02c4f26.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1417697709-13087-1-git-send-email-armbru@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:21 +01:00
Jeff Cody
625fa9fe6f block: remove BLOCK_OPT_NOCOW from vpc_create_opts
In commit fef6070, the need for NOCOW was removed from the vpc driver,
as we removed the the posix calls.  However, the BLOCK_OPT_NOCOW was not
removed from vpc_create_opts.  This was a mistake - remove the opt from
there as well.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 8ba076fa725fed681cde7d8afc4fb239ae06a9c6.1417620301.git.jcody@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:21 +01:00
Jeff Cody
0d0d7f47b4 block: remove BLOCK_OPT_NOCOW from vdi_create_opts
In commit 7074786, the need for NOCOW was removed from the vdi driver,
as we removed the the posix calls.  However, the BLOCK_OPT_NOCOW was not
removed from vdi_create_opts.  This was a mistake - remove the opt from
there as well.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: e189364de11929d8fa04722f5d845de0a9834d44.1417620301.git.jcody@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:20 +01:00
Fam Zheng
0fc9b0d162 qemu-iotests: Skip 099 for VMDK subformats with desc file
VMDK extent parsing code doesn't handle the JSON file name, so the case
fails for these subformats. Disabled them.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1417571370-19495-1-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:20 +01:00
Max Reitz
01212d4ed6 block/raw-posix: Fix ret in raw_open_common()
The return value must be negative on error; there is one place in
raw_open_common() where errp is set, but ret remains 0. Fix it.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:20 +01:00
Max Reitz
6a69b9620a qcow2: Respect bdrv_truncate() error
bdrv_truncate() may fail and qcow2_write_compressed() should return the
error code in that case.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:20 +01:00
Max Reitz
3b5e14c76a qcow2: Flushing the caches in qcow2_close may fail
qcow2_cache_flush() may fail; if one of the caches failed to be flushed
successfully to disk in qcow2_close() the image should not be marked
clean, and we should emit a warning.

This breaks the (qcow2-specific) iotests 026, 071 and 089; change their
output accordingly.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:20 +01:00
Max Reitz
11c89769dc qcow2: Prevent numerical overflow
In qcow2_alloc_cluster_offset(), *num is limited to
INT_MAX >> BDRV_SECTOR_BITS by all callers. However, since remaining is
of type uint64_t, we might as well cast *num to that type before
performing the shift.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:20 +01:00
Max Reitz
2247798d13 iotests: Add test for unsupported image creation
Add a test for creating and amending images (amendment uses the creation
options) with formats not supporting creation over protocols not
supporting creation.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:20 +01:00
Max Reitz
f798068c56 iotests: Only kill NBD server if it runs
There may be NBD tests which do not create a sample image and simply
test whether wrong usage of the protocol is rejected as expected. In
this case, there will be no NBD server and trying to kill it during
clean-up will fail.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:20 +01:00
Max Reitz
b2439d26f0 qemu-img: Check create_opts before image amendment
The image options which can be amended are described by the .create_opts
field for every driver. This field must therefore be non-NULL so that
anything can be amended in the first place. Check that this holds true
before going into qemu_opts_create() (because if .create_opts is NULL,
the create_opts pointer in img_amend() will be NULL after
qemu_opts_append()).

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:20 +01:00
Max Reitz
f75613cf24 qemu-img: Check create_opts before image creation
If a driver supports image creation, it needs to set the .create_opts
field. We can use that to make sure .create_opts for both drivers
involved is not NULL for the target image in qemu-img convert, which is
important so that the create_opts pointer in img_convert() is not NULL
after the qemu_opts_append() calls and when going into
qemu_opts_create().

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:20 +01:00
Max Reitz
c614972408 block: Check create_opts before image creation
If a driver supports image creation, it needs to set the .create_opts
field. We can use that to make sure .create_opts for both drivers
involved is not NULL in bdrv_img_create(), which is important so that
the create_opts pointer in that function is not NULL after the
qemu_opts_append() calls and when going into qemu_opts_create().

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:20 +01:00
Max Reitz
fd752801ae block/nfs: Add create_opts
The nfs protocol driver is capable of creating images, but did not
specify any creation options. Fix it.

A way to test this issue is the following:

$ qemu-img create -f nfs nfs://127.0.0.1/foo.qcow2 64M

Without this patch, it segfaults. With this patch, it does not. However,
this is not something that should really work; qemu-img should check
whether the parameter for the -f option (and -O for convert) is indeed a
format, and error out if it is not. Therefore, I am not making it an
iotest.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:19 +01:00
Max Reitz
1bcb15cf77 block/vvfat: qcow driver may not be found
Although virtually impossible right now, bdrv_find_format("qcow") may
fail. The vvfat block driver should heed that case.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:19 +01:00
Max Reitz
ef8104378c block: Omit bdrv_find_format for essential drivers
We can always assume raw, file and qcow2 being available; so do not use
bdrv_find_format() to locate their BlockDriver objects but statically
reference the respective objects.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:19 +01:00
Max Reitz
5f535a941e block: Make essential BlockDriver objects public
There are some block drivers which are essential to QEMU and may not be
removed: These are raw, file and qcow2 (as the default non-raw format).
Make their BlockDriver objects public so they can be directly referenced
throughout the block layer without needing to call bdrv_find_format()
and having to deal with an error at runtime, while the real problem
occurred during linking (where raw, file or qcow2 were not linked into
qemu).

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:19 +01:00
Max Reitz
b89689f5b2 iotests: Specify qcow2 format for qemu-io in 059
There are two instances of iotest 059 using qemu-io on a qcow2 image. As
of "qemu-iotests: Use qemu-io -f $IMGFMT" the iotests can no longer rely
on $QEMU_IO doing probing, therefore the qcow2 format has to be
specified explicitly here.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:19 +01:00
Kevin Wolf
d20051856c ide: Check validity of logical block size
Our IDE emulation can't handle logical block sizes other than 512. Check
for it.

The original assumption was that other values would silently be ignored
(which is bad enough), but it's not quite true: The physical block size
is exposed in IDENTIFY DEVICE as a multiple of the logical block size.
Setting a logical block size therefore also corrupts the physical block
size (4096/4096 doesn't silently downgrade to 4096/512, but 512/512).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
2014-12-10 10:31:16 +01:00
Anton Blanchard
be0677a93c nvme: 64kB page size fixes
Initialise our maximum page size capability to 64kB and increase
the page_size variable from 16 to 32 bits.

Signed-off-by: Anton Blanchard <anton@samba.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:16 +01:00
Michael Mueller
d11032315a qemu-iotests: 082: Filter the real disk size
The real on-disk size of an image depends on things like the host
filesystem. _img_info already filters it out, use the function in 082.

Signed-off-by: Michael Mueller <mimu@linux.vnet.ibm.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:16 +01:00
Kevin Wolf
e800e5d4e2 qemu-iotests: 060: Filter the real disk size
The real on-disk size of an image depends on things like the host
filesystem. _img_info already filters it out, use the function in 060.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Michael Mueller <mimu@linux.vnet.ibm.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-12-10 10:31:13 +01:00
Paolo Bonzini
a56ebc6ba4 block: do not use get_clock()
Use the external qemu-timer API instead.

No one else should be calling cpu_get_clock(), get_clock() and
get_clock_realtime() directly; they are internal functions and they
should be confined to qemu-timer.c and cpus.c (where the icount
implementation resides).  All accesses should go through
qemu_clock_get_ns.

Cc: kwolf@redhat.com
Cc: stefanha@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1417010463-3527-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:13 +01:00
Kevin Wolf
c5f6e493bb block: Don't probe for unknown backing file format
If a qcow2 image specifies a backing file format that doesn't correspond
to any format driver that qemu knows, we shouldn't fall back to probing,
but simply error out.

Not looking up the backing file driver in bdrv_open_backing_file(), but
just filling in the "driver" option if it isn't there moves us closer to
the goal of having everything in QDict options and gets us the error
handling of bdrv_open(), which correctly refuses unknown drivers.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416935562-7760-4-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:13 +01:00
Kevin Wolf
8884dd1bbc qcow2.py: Add required padding for header extensions
The qcow2 specification requires that the header extension data be
padded to round up the extension size to the next multiple of 8 bytes.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416935562-7760-3-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:13 +01:00
Kevin Wolf
2ebafc854d qcow2: Fix header extension size check
After reading the extension header, offset is incremented, but not
checked against end_offset any more. This way an integer overflow could
happen when checking whether the extension end is within the allowed
range, effectively disabling the check.

This patch adds the missing check and a test case for it.

Cc: qemu-stable@nongnu.org
Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416935562-7760-2-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:13 +01:00
Stefan Hajnoczi
3dc7ca3c97 blockdev: check for BLOCK_OP_TYPE_INTERNAL_SNAPSHOT
The BLOCK_OP_TYPE_INTERNAL_SNAPSHOT op blocker exists but was never
used!  Let's fix that so internal snapshots can be blocked.

[Fixed s/external/internal/ typo as pointed out by Paolo Bonzini and Max
Reitz.
--Stefan]

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416566940-4430-5-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:13 +01:00
Stefan Hajnoczi
5d6e96efb8 blockdev: acquire AioContext in QMP 'transaction' actions
The transaction QMP command performs operations atomically on a group of
drives.  This command needs to acquire AioContext in order to work
safely when virtio-blk dataplane IOThreads are accessing drives.

The transactional nature of the command means that actions are split
into prepare, commit, abort, and clean functions.  Acquire the
AioContext in prepare and don't release it until one of the other
functions is called.  This prevents the IOThread from running the
AioContext before the transaction has completed.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416566940-4430-4-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:13 +01:00
Stefan Hajnoczi
73f1f7564d blockdev: drop unnecessary DriveBackupState field assignment
drive_backup_prepare() assigns DriveBackupState fields to NULL in the
error path.  This is unnecessary because the DriveBackupState is
allocated using g_malloc0() and other functions like
external_snapshot_prepare() already rely on this.

Do not explicitly assign fields to NULL so that the error path is
concise and does not require modification when fields are added to
DriveBackupState.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416566940-4430-3-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:13 +01:00
Stefan Hajnoczi
b756b9ce8a blockdev: update outdated qmp_transaction() comments
Originally the transaction QMP command was just for taking snapshots.
The command became more general when drive-backup and abort were added.

It is more accurate to say the command is about performing operations on
an atomic group than to say it is about snapshots.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416566940-4430-2-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:13 +01:00
Kevin Wolf
00e047926e qemu-iotests: Test writing non-raw image headers to raw image
This is forbidden if the raw driver was probed.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416497234-29880-10-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:13 +01:00
Kevin Wolf
d71a8b0686 qemu-iotests: Fix stderr handling in common.qemu
The original intention was to pipe stderr of qemu into $fifo_out.
However, the redirections were specified in the wrong order for this.
This patch fixes it.

Now qemu's output on stderr can be retrieved with _send_qemu_cmd, which
applies several useful filters on the output that were missing before.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416497234-29880-9-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:13 +01:00
Kevin Wolf
38f3ef574b raw: Prohibit dangerous writes for probed images
If the user neglects to specify the image format, QEMU probes the
image to guess it automatically, for convenience.

Relying on format probing is insecure for raw images (CVE-2008-2004).
If the guest writes a suitable header to the device, the next probe
will recognize a format chosen by the guest.  A malicious guest can
abuse this to gain access to host files, e.g. by crafting a QCOW2
header with backing file /etc/shadow.

Commit 1e72d3b (April 2008) provided -drive parameter format to let
users disable probing.  Commit f965509 (March 2009) extended QCOW2 to
optionally store the backing file format, to let users disable backing
file probing.  QED has had a flag to suppress probing since the
beginning (2010), set whenever a raw backing file is assigned.

All of these additions that allow to avoid format probing have to be
specified explicitly. The default still allows the attack.

In order to fix this, commit 79368c8 (July 2010) put probed raw images
in a restricted mode, in which they wouldn't be able to overwrite the
first few bytes of the image so that they would identify as a different
image. If a write to the first sector would write one of the signatures
of another driver, qemu would instead zero out the first four bytes.
This patch was later reverted in commit 8b33d9e (September 2010) because
it didn't get the handling of unaligned qiov members right.

Today's block layer that is based on coroutines and has qiov utility
functions makes it much easier to get this functionality right, so this
patch implements it.

The other differences of this patch to the old one are that it doesn't
silently write something different than the guest requested by zeroing
out some bytes (it fails the request instead) and that it doesn't
maintain a list of signatures in the raw driver (it calls the usual
probe function instead).

Note that this change doesn't introduce new breakage for false positive
cases where the guest legitimately writes data into the first sector
that matches the signatures of an image format (e.g. for nested virt):
These cases were broken before, only the failure mode changes from
corruption after the next restart (when the wrong format is probed) to
failing the problematic write request.

Also note that like in the original patch, the restrictions only apply
if the image format has been guessed by probing. Explicitly specifying a
format allows guests to write anything they like.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1416497234-29880-8-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:13 +01:00
Kevin Wolf
7cddd3728e block: Read only one sector for format probing
The only image format driver that even potentially accesses anything
after 512 bytes in its bdrv_probe() implementation is VMDK, which reads
a plain-text descriptor file. In practice, the field it's looking for
seems to come first and will be well within the first 512 bytes, too.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416497234-29880-7-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Markus Armbruster
c6684249fd block: Factor bdrv_probe_all() out of find_image_format()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416497234-29880-6-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Kevin Wolf
b8e665e4d8 qtests: Specify image format explicitly
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416497234-29880-5-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Kevin Wolf
90c9b1671e qemu-iotests: Add qemu-io format option in Python tests
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416497234-29880-4-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Kevin Wolf
8f9e835fd2 qemu-iotests: Use qemu-io -f $IMGFMT
This patch changes $QEMU_IO so that all tests by default pass a format
argument to qemu-io.

There are a few cases where -f $IMGFMT is not wanted because it selects
the wrong driver or json: filenames including a driver are used. They
are changed to use $QEMU_IO_PROG, which doesn't include any options.

Tests 071 and 081 have output changes because now the actual request
fails instead of reading the 2k probing buffer.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416497234-29880-3-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Kevin Wolf
be6273da9e qemu-io: Allow explicitly specifying format
This adds a -f option to qemu-io which allows to explicitly specify the
block driver to use for the given image.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416497234-29880-2-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Fam Zheng
e465ce7d09 tests: Use "command -v" instead of which(1) in shell scripts
When which(1) is not installed, we would complain "perl not found"
because it's the first set_prog_path check. The error message is
wrong.

Fix it by using "command -v", a native way to query the existence of a
command.

Suggested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1416380832-9697-1-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Max Reitz
4c58e80acd qemu-nbd: Use BlockBackend where reasonable
Because qemu-nbd creates the BlockBackend by itself, it should create
the according BlockDriverState tree by itself as well; that means, it
has call bdrv_open() on its own. This is one of the places where
qemu-nbd still needs to use a BlockDriverState directly (the root BDS
below the BB); other places are the configuration of zero detection
(which may be lifted into the BB eventually, but is not yet) and
temporarily loading a snapshot.

Everywhere else, though, qemu-nbd can and thus should use BlockBackend.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1416309679-333-7-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Max Reitz
aadf99a792 nbd: Use BlockBackend internally
With all externally visible functions changed to use BlockBackend, this
patch makes nbd use BlockBackend for everything internally as well.

While touching them, substitute 512 by BDRV_SECTOR_SIZE in the calls to
blk_read(), blk_write() and blk_co_discard().

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1416309679-333-6-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Max Reitz
e140177d9c nbd: Change external interface to BlockBackend
Substitute BlockDriverState by BlockBackend in every globally visible
function provided by nbd.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1416309679-333-5-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Max Reitz
2c28b21f7c block: Add blk_add_close_notifier() for BB
Adding something like a "delete notifier" to a BlockBackend would not
make much sense, because whoever is interested in registering there will
probably hold a reference to that BlockBackend; therefore, the notifier
will never be called (or only when the notifiee already relinquished its
reference and thus most probably is no longer interested in that
notification).

Therefore, this patch just passes through the close notifier interface
of the root BDS. This will be called when the device is ejected, for
instance, and therefore does make sense.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1416309679-333-4-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Max Reitz
2019ba0a01 block: Add AioContextNotifier functions to BB
Because all BlockDriverStates behind a single BlockBackend reside in a
single AioContext, it is fine to just pass these functions
(blk_add_aio_context_notifier() and blk_remove_aio_context_notifier())
through to the root BlockDriverState.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1416309679-333-3-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Max Reitz
2bb0dce762 block: Lift more functions into BlockBackend
There are already some blk_aio_* functions, so we might as well have
blk_co_* functions (as far as we need them). This patch adds
blk_co_flush(), blk_co_discard(), and also blk_invalidate_cache() (which
is not a blk_co_* function but is needed nonetheless).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1416309679-333-2-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Stefan Hajnoczi
17fcb74af9 ahci: replace SATA FIS type magic numbers with constants
SATA 3.0 "10.3.1 FIS Type values" defines the constants used to
differentiate between FIS types.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1415874281-7371-3-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Stefan Hajnoczi
192cf55cc0 ahci: avoid #ifdef DEBUG_AHCI bitrot
Debug code using #ifdef is susceptible to bitrot because the compiler
never checks the debug code.

This is easy to avoid, change the DPRINTF() macro to use if (DEBUG_AHCI)
and always give it a 0 or 1 value.

This also allows us to drop an #ifdef DEBUG_AHCI in ahci_start_dma()
since the compiler can now see the local variable is used.

The motivation for this change is a recent DEBUG_AHCI build failure due
to an outdated DPRINTF() format string.  From now on the compiler will
catch these errors.

Cc: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1415874281-7371-2-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:12 +01:00
Max Reitz
f48a33b608 iotests: Plain blkdebug filename generation
Add one test whether blkdebug is able to generate a plain filename if
given a configuration file and a file to be tested only; and add another
test whether blkdebug is able to do the same without being given a
configuration file.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1415697825-26678-3-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:11 +01:00
Max Reitz
8779441b1b blkdebug: Simplify and improve filename generation
Instead of actually recreating the options from scratch, just reuse the
options given for creating the BDS, which are the configuration file
name and additional options. In case there are no additional options we
can thus create a plain filename.

This obviously results in a different output for qemu-iotest 099 which
exactly tests this filename generation. Fix it up as well.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1415697825-26678-2-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:11 +01:00
Kevin Wolf
48fe86f640 monitor: Fix HMP tab completion
Commands with multiple boolean flag options (like 'info block') didn't
provide correct completion because only the first one was skipped.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:11 +01:00
Kevin Wolf
e6bb31ec6f block/hmp: Allow node-name in 'info block'
The optional parameter specifying a block device allows now to use a
node-name instead of a drive name (and therefore to inspect any node in
the graph). The new -n options allows listing all named nodes instead of
BlockBackends.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:11 +01:00
Kevin Wolf
8d6adccda2 block/hmp: Allow info = NULL in print_block_info()
This allows printing infos of BlockDriverStates that aren't at the root
of the graph (and logically implementing a BlockBackend).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:11 +01:00
Kevin Wolf
289b276c69 block/hmp: Factor out print_block_info()
The new function prints the info for a single BlockDriverState.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:31:11 +01:00
Kevin Wolf
9e193c5a65 block/qapi: Add cache information to query-block
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2014-12-10 10:31:09 +01:00
Stefan Hajnoczi
729962f6db blockdev: acquire AioContext in change-backing-file
Add dataplane support to the change-backing-file QMP commands.  By
acquiring the AioContext we avoid race conditions with the dataplane
thread which may also be accessing the BlockDriverState.

Note that this command operates on both bs and a node in its chain
(image_bs).  The bdrv_chain_contains(bs, image_bs) check guarantees that
bs and image_bs are in the same AioContext.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:30 +01:00
Stefan Hajnoczi
e3442099a2 blockdev: acquire AioContext in eject, change, and block_passwd
By acquiring the AioContext we avoid race conditions with the dataplane
thread which may also be accessing the BlockDriverState.

Fix up eject, change, and block_passwd in a single patch because
qmp_eject() and qmp_change_blockdev() both call eject_device().  Also
fix block_passwd while we're tackling a command that takes a block
encryption password.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:30 +01:00
Stefan Hajnoczi
0b92885420 blockdev: check for BLOCK_OP_TYPE_INTERNAL_SNAPSHOT_DELETE
The BLOCK_OP_TYPE_INTERNAL_SNAPSHOT_DELETE op blocker exists but was
never used!  Let's fix that so snapshot delete can be blocked.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:30 +01:00
Stefan Hajnoczi
4ef3982a99 blockdev: acquire AioContext in blockdev-snapshot-delete-internal-sync
Add dataplane support to the blockdev-snapshot-delete-internal-sync QMP
command.  By acquiring the AioContext we avoid race conditions with the
dataplane thread which may also be accessing the BlockDriverState.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:30 +01:00
Max Reitz
2389eeae69 iotests: Use -qmp-pretty in 067
067 invokes query-block, resulting in a reference output with really
long lines (which may pose a problem in email patches and always poses a
problem when the output changes, because it is hard to see what has
actually changed). Use -qmp-pretty to mitigate this issue.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:30 +01:00
Max Reitz
cc20b07a42 iotests: _filter_qmp for pretty JSON output
_filter_qmp should be able to correctly filter out the QMP version
object for pretty JSON output.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:30 +01:00
Max Reitz
4821cd4cfd chardev: Add -qmp-pretty
Add a command line option for adding a QMP monitor using pretty JSON
formatting.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:30 +01:00
Max Reitz
4b58554a0e qjson: Drop trailing space for pretty formatting
For the pretty formatting, the functions converting QDicts and QLists to
JSON should not print a space after the comma separating objects,
because a newline will emitted immediately afterwards, making the
whitespace superfluous.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:30 +01:00
Fam Zheng
f71eaa74c0 qmp: Add optional switch "query-nodes" in query-blockstats
This bool option will allow query all the node names. It iterates all
the BDSes that are assigned a name, also in this case don't query up the
backing chain.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:29 +01:00
Fam Zheng
4875a77950 block: Include "node-name" if present in query-blockstats
Node name is a better identifier of BDS.

We will want to query statistics of a BDS node buried in the BDS graph,
so reporting the node's name if there is one will do the trick.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:29 +01:00
Fam Zheng
20a9e77dfa block: Add bdrv_get_node_name
This returns the node name of a BDS. Remove the TODO comment and expect
the callers to be explicit.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:29 +01:00
Fam Zheng
04df765ab4 block: Add bdrv_next_node
Similar to bdrv_next, this traverses through graph_bdrv_states. Will be
useful to enumerate all the named nodes.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-12-10 10:25:29 +01:00
Gonglei
43948386bb keymaps: correct keymaps.c following Qemu coding style
It's hard to read because of the confused coding
style in this file. Let's correct it following Qemu
coding style.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-10 10:08:12 +01:00
Gonglei
525965b85d vnc-enc-tight: fix Arguments in wrong order
Arguments in wrong order (SWAPPED_ARGUMENTS)
The positions of arguments in the call to
tight_fill_palette do not match the ordering of the parameters:
 &fg is passed to bg
 &bg is passed to fg

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-10 10:08:12 +01:00
zhanghailiang
b196d969ef vt82c686: fix coverity warning about out-of-bounds write
Refactor superio_ioport_writeb to fix the out of bounds write warning.

In addition, fix two typos: s/chage/change/

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:59:17 +03:00
Gonglei
7766aa0c0e virtio: remove useless declaration of virtio_net_init()
commit 1773d9ee (virtio-net: cleanup: init and exit function)
removed the definition of virtio_net_init(), but didn't remove its
declaration in the header.  Clean that up.

Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:52:21 +03:00
Gonglei
1c854067b3 qapi-schema: fix typo about change-vnc-password
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:51:08 +03:00
Gonglei
d504fb4cec fw_cfg: remove superfluous blank line
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:48:56 +03:00
Thomas Huth
80b57dda89 get_maintainer.pl: Remove the --git-chief-penguins option
Linus likely does not want to get e-mails about QEMU, so let's
just remove this option.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Don Slutz <dslutz@verizon.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:46:43 +03:00
Fam Zheng
8ccefb91bf configure: Replace which(1) with "has"
Using "has" is more slick because which(1) is not always there.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:35:36 +03:00
Markus Armbruster
e1cf558264 util: Use g_new() & friends where that makes obvious sense
g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
for two reasons.  One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

This commit only touches allocations with size arguments of the form
sizeof(T).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:34:15 +03:00
Markus Armbruster
9be71be5bd util: Fuse g_malloc(); memset() into g_new0()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:33:38 +03:00
Markus Armbruster
44c2286b5d util: Drop superfluous conditionals around g_free()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:32:37 +03:00
Markus Armbruster
24588100ab Drop superfluous conditionals around g_strdup()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:30:55 +03:00
Markus Armbruster
4ad608803c Drop superfluous conditionals around qemu_opts_del()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:27:02 +03:00
lijun
7251711472 usb: delete redundant brackets in usb_host_handle_control()
When see usb codes, find there are redundant brackets !((udev->port->speedmask
& USB_SPEED_MASK_SUPER)) here. So delete it.

Signed-off-by: Jun Li <junmuzi@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:24:35 +03:00
Gonglei
2c80ab15e2 virtio-bus: avoid breaking build when open DEBUG switch
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:18:52 +03:00
Gonglei
8b310fc4f9 acpi-build: Make DPRINTF working for acpi-build
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:16:21 +03:00
Gonglei
fcf55f580d acpi-build: adjust indention 8 -> 4 spaces
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:16:12 +03:00
zhanghailiang
1a71992376 target-s390x: fix possible out of bounds read
Array index starts at 0, so the valid index of ext_queue array,
io_queue array, mchk_queue array should be MAX_EXT_QUEUE - 1,
MAX_IO_QUEUE - 1, MAX_MCHK_QUEUE - 1.

The original checks missed the invalid bound value, which will lead
possible out of bounds read in the follow codes.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:14:44 +03:00
Amos Kong
b5369dd841 qmp: fix typo in input-send-event examples
Lack of two closed bracket in json commands.

Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10 11:14:44 +03:00
Peter Maydell
7fb8da2b88 Open 2.3 development tree
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-09 21:48:34 +00:00
Peter Maydell
45e1611de8 Update version for v2.2.0 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-09 12:13:37 +00:00
Peter Maydell
d00e6cddc2 Update version for v2.2.0-rc5 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-04 15:51:22 +00:00
Peter Maydell
54f3a180a3 Merge remote-tracking branch 'remotes/kraxel/tags/pull-cve-2014-8106-20141204-1' into staging
cirrus: fix blit region check

# gpg: Signature made Thu 04 Dec 2014 11:54:57 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-cve-2014-8106-20141204-1:
  cirrus: don't overflow CirrusVGAState->cirrus_bltbuf
  cirrus: fix blit region check

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-04 12:22:46 +00:00
Peter Maydell
0d7954c288 Update version for v2.2.0-rc4 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-01 13:35:26 +00:00
Gonglei
b19ca18802 vhost: Fix vhostfd leak in error branch
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1417166789-1960-1-git-send-email-arei.gonglei@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-01 12:29:35 +00:00
Gerd Hoffmann
bf25983345 cirrus: don't overflow CirrusVGAState->cirrus_bltbuf
This is CVE-2014-8106.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-01 10:25:46 +01:00
Gerd Hoffmann
d3532a0db0 cirrus: fix blit region check
Issues:
 * Doesn't check pitches correctly in case it is negative.
 * Doesn't check width at all.

Turn macro into functions while being at it, also factor out the check
for one region which we then can simply call twice for src + dst.

This is CVE-2014-8106.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-01 10:25:12 +01:00
David Gibson
db12451dec Fix for crash after migration in virtio-rng on bi-endian targets
VirtIO devices now remember which endianness they're operating in in order
to support targets which may have guests of either endianness, such as
powerpc.  This endianness state is transferred in a subsection of the
virtio device's information.

With virtio-rng this can lead to an abort after a loadvm hitting the
assert() in virtio_is_big_endian().  This can be reproduced by doing a
migrate and load from file on a bi-endian target with a virtio-rng device.
The actual guest state isn't particularly important to triggering this.

The cause is that virtio_rng_load_device() calls virtio_rng_process() which
accesses the ring and thus needs the endianness.  However,
virtio_rng_process() is called via virtio_load() before it loads the
subsections.  Essentially the ->load callback in VirtioDeviceClass should
only be used for actually reading the device state from the stream, not for
post-load re-initialization.

This patch fixes the bug by moving the virtio_rng_process() after the call
to virtio_load().  Better yet would be to convert virtio to use vmsd and
have the virtio_rng_process() as a post_load callback, but that's a bigger
project for another day.

This is bugfix, and should be considered for the 2.2 branch.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Message-id: 1417067290-20715-1-git-send-email-david@gibson.dropbear.id.au
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-28 13:06:00 +00:00
Jason Wang
771b6ed37e virtio-net: fix unmap leak
virtio_net_handle_ctrl() and other functions that process control vq
request call iov_discard_front() which will shorten the iov. This will
lead unmapping in virtqueue_push() leaks mapping.

Fixes this by keeping the original iov untouched and using a temp variable
in those functions.

Cc: Wen Congyang <wency@cn.fujitsu.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1417082643-23907-1-git-send-email-jasowang@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-28 10:29:20 +00:00
Marcel Apfelbaum
4cae4d5aca hmp: fix regression of HMP device_del auto-completion
The commits:
 - 6a1fa9f5 (monitor: add del completion for peripheral device)
 - 66e56b13 (qdev: add qdev_build_hotpluggable_device_list helper)

cause a QEMU crash when trying to use HMP device_del auto-completion.
It can be easily reproduced by:
    <qemu-bin> -enable-kvm  ~/images/fedora.qcow2 -monitor stdio -device virtio-net-pci,id=vnet

    (qemu) device_del
    /home/mapfelba/git/upstream/qemu/hw/core/qdev.c:941:qdev_build_hotpluggable_device_list: Object 0x7f6ce04e4fe0 is not an instance of type device
    Aborted (core dumped)

The root cause is qdev_build_hotpluggable_device_list going recursively over
all peripherals and their children assuming all are devices. It doesn't work
since PCI devices have at least on child which is a memory region (bus master).

Solved by observing that all devices appear as direct children of
/machine/peripheral container. No need of going recursively
over all the children.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reported-by: Gal Hammer <ghammer@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 1417002601-20799-1-git-send-email-marcel.a@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-27 14:36:20 +00:00
Peter Maydell
490309fcfb qemu-timer: Avoid overflows when converting timeout to struct timespec
In qemu_poll_ns(), when we convert an int64_t nanosecond timeout into
a struct timespec, we may accidentally run into overflow problems if
the timeout is very long. This happens because the tv_sec field is a
time_t, which is signed, so we might end up setting it to a negative
value by mistake. This will result in what was intended to be a
near-infinite timeout turning into an instantaneous timeout, and we'll
busy loop. Cap the maximum timeout at INT32_MAX seconds (about 68 years)
to avoid this problem.

This specifically manifested on ARM hosts as an extreme slowdown on
guest shutdown (when the guest reprogrammed the PL031 RTC to not
generate alarms using a very long timeout) but could happen on other
hosts and guests too.

Reported-by: Christoffer Dall <christoffer.dall@linaro.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1416939705-1272-1-git-send-email-peter.maydell@linaro.org
2014-11-27 11:31:58 +00:00
Peter Maydell
3ef4ebcc5c Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
The final 2.2 patches from me.

# gpg: Signature made Wed 26 Nov 2014 11:12:25 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  s390x/kvm: Fix compile error
  fw_cfg: fix boot order bug when dynamically modified via QOM
  -machine vmport=auto: Fix handling of VMWare ioport emulation for xen

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-26 12:18:00 +00:00
Christian Borntraeger
dc622deb2d s390x/kvm: Fix compile error
commit a2b257d621 "memory: expose alignment used for allocating RAM
as MemoryRegion API" triggered a compile error on KVM/s390x.

Fix the prototype and the implementation of legacy_s390_alloc.

Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-26 12:11:27 +01:00
Gonglei
f3b3766899 fw_cfg: fix boot order bug when dynamically modified via QOM
When we dynamically modify boot order, the length of
boot order will be changed, but we don't update
s->files->f[i].size with new length. This casuse
seabios read a wrong vale of qemu cfg file about
bootorder.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-26 12:11:27 +01:00
Don Slutz
d1048bef9d -machine vmport=auto: Fix handling of VMWare ioport emulation for xen
c/s 9b23cfb76b

or

c/s b154537ad0

moved the testing of xen_enabled() from pc_init1() to
pc_machine_initfn().

xen_enabled() does not return the correct value in
pc_machine_initfn().

Changed vmport from a bool to an enum.  Added the value "auto" to do
the old way.  Move check of xen_enabled() back to pc_init1().

Acked-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Don Slutz <dslutz@verizon.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-26 12:11:27 +01:00
Peter Maydell
2528043f1f Update version for v2.2.0-rc3 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-25 18:23:54 +00:00
Gerd Hoffmann
df5b2adb73 input: move input-send-event into experimental namespace
Ongoing discussions on how we are going to specify the console,
so tag the command as experiental so we can refine things in
the 2.3 development cycle.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1416923657-10614-1-git-send-email-armbru@redhat.com
[Spell out "not a stable API", and x- the QAPI schema, too]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-25 17:03:31 +00:00
Peter Maydell
ca6028185d Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc, pci, misc bugfixes

A bunch of bugfixes for 2.2.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 24 Nov 2014 18:59:47 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  pc: acpi: mark all possible CPUs as enabled in SRAT
  pcie: fix improper use of negative value
  pcie: fix typo in pcie_cap_deverr_init()
  target-i386: move generic memory hotplug methods to DSDTs
  acpi-build: mark RAM dirty on table update
  hw/pci: fix crash on shpc error flow
  pc: count in 1Gb hugepage alignment when sizing hotplug-memory container
  pc: explicitly check maxmem limit when adding DIMM
  pc: pc-dimm: use backend alignment during address auto allocation
  pc: align DIMM's address/size by backend's alignment value
  memory: expose alignment used for allocating RAM as MemoryRegion API
  pc: limit DIMM address and size to page aligned values
  pc: make pc_dimm_plug() more readble
  pc: kvm: check if KVM has free memory slots to avoid abort()
  qemu-char: fix tcp_get_fds

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-24 19:31:50 +00:00
Igor Mammedov
dd0247e09a pc: acpi: mark all possible CPUs as enabled in SRAT
If QEMU is started with  -numa ... Windows only notices that
CPU has been hot-added but it will not online such CPUs.

It's caused by the fact that possible CPUs are flagged as
not enabled in SRAT and Windows honoring that information
doesn't use corresponding CPU.

ACPI 5.0 Spec regarding to flag says:
"
Table 5-47 Local APIC Flags
...
Enabled: if zero, this processor is unusable, and the operating system
support will not attempt to use it.
"

Fix QEMU to adhere to spec and mark possible CPUs as enabled
in SRAT.

With that Windows onlines hot-added CPUs as expected.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-24 20:57:11 +02:00
Gonglei
6c150fbd34 pcie: fix improper use of negative value
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-24 20:57:11 +02:00
Gonglei
8e815eeefe pcie: fix typo in pcie_cap_deverr_init()
Reported-by:
 https://bugs.launchpad.net/qemu/+bug/1393440

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-24 20:57:10 +02:00
Paolo Bonzini
4f99ab7a78 target-i386: move generic memory hotplug methods to DSDTs
This makes it simpler to keep the SSDT byte-for-byte identical for a
given machine type, which is a goal we want to have for 2.2 and newer
types.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-24 20:57:10 +02:00
Michael S. Tsirkin
ad5b88b1f1 acpi-build: mark RAM dirty on table update
acpi build modifies internal FW CFG RAM on first access
but we forgot to mark it dirty.
If this RAM has been migrated already, it won't be
migrated again, returning corrupted tables to guest.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-24 20:57:10 +02:00
Marcel Apfelbaum
109e90e470 hw/pci: fix crash on shpc error flow
If the pci bridge enters in error flow as part
of init process it will only delete the shpc mmio
subregion but not remove it from the properties list,
resulting in segmentation fault when the bridge runs
the exit function.

Example: add a pci bridge without specifing the chassis number:
    <qemu-bin> ... -device pci-bridge,id=p1
Result:
    (qemu) qemu-system-x86_64: -device pci-bridge,id=p1: Bridge chassis not specified. Each bridge is required to be assigned a unique chassis id > 0.
    qemu-system-x86_64: -device pci-bridge,id=p1: Device
    initialization failed.
    Segmentation fault (core dumped)

    if (child->class->unparent) {
    #0  0x00005555558d629b in object_finalize_child_property (obj=0x555556d2e830, name=0x555556d30630 "shpc-mmio[0]", opaque=0x555556a42fc8) at qom/object.c:1078
    #1  0x00005555558d4b1f in object_property_del_all (obj=0x555556d2e830) at qom/object.c:367
    #2  0x00005555558d4ca1 in object_finalize (data=0x555556d2e830) at qom/object.c:412
    #3  0x00005555558d55a1 in object_unref (obj=0x555556d2e830) at qom/object.c:720
    #4  0x000055555572c907 in qdev_device_add (opts=0x5555563544f0) at qdev-monitor.c:566
    #5  0x0000555555744f16 in device_init_func (opts=0x5555563544f0, opaque=0x0) at vl.c:2213
    #6  0x00005555559cf5f0 in qemu_opts_foreach (list=0x555555e0f8e0 <qemu_device_opts>, func=0x555555744efa <device_init_func>, opaque=0x0, abort_on_failure=1) at util/qemu-option.c:1057
    #7  0x000055555574a11b in main (argc=16, argv=0x7fffffffdde8, envp=0x7fffffffde70) at vl.c:423

Unparent the shpc mmio region as part of shpc cleanup.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
2014-11-24 20:57:10 +02:00
Igor Mammedov
085f8e88ba pc: count in 1Gb hugepage alignment when sizing hotplug-memory container
if DIMMs with different size/alignment are interleaved
in creation order, it could lead to hotplug-memory
container fragmentation and following inability to use
all RAM upto maxmem.
For example:
    -m 4G,slots=3,maxmem=7G
    -object memory-backend-file,id=mem-1,size=256M,mem-path=/pagesize-2MB
    -device pc-dimm,id=mem1,memdev=mem-1
    -object memory-backend-file,id=mem-2,size=1G,mem-path=/pagesize-1GB
    -device pc-dimm,id=mem2,memdev=mem-2
    -object memory-backend-file,id=mem-3,size=256M,mem-path=/pagesize-2MB
    -device pc-dimm,id=mem3,memdev=mem-3

fragments hotplug-memory container and doesn't allow
to use 1GB hugepage backend to consume remainig 1Gb.

To ease managment factor count in max 1Gb alignment for
each memory slot when sizing hotplug-memory region so
that regadless of fragmentaion it would be possible to
add max aligned DIMM.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-24 20:57:10 +02:00
Igor Mammedov
b03541fa77 pc: explicitly check maxmem limit when adding DIMM
Currently maxmem limit is not checked and depends on
hotplug region container not being able to fit more RAM
than maxmem. Do check explicitly so that it would
be possible to change hotplug container size later
to deal with fragmentation.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-24 20:57:10 +02:00
Peter Maydell
3d4a70f80f Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches for 2.2.0-rc3

# gpg: Signature made Mon 24 Nov 2014 12:52:23 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  Revert "qemu-img info: show nocow info"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-24 15:01:54 +00:00
Peter Maydell
a31a7475e9 Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Three patches to fix ExtINT for the QEMU implementation of the local APIC.

# gpg: Signature made Mon 24 Nov 2014 13:38:36 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  apic: fix incorrect handling of ExtINT interrupts wrt processor priority
  apic: fix loss of IPI due to masked ExtINT
  apic: avoid getting out of halted state on masked PIC interrupts

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-24 13:50:22 +00:00
Paolo Bonzini
5224c88dd3 apic: fix incorrect handling of ExtINT interrupts wrt processor priority
This fixes another failure with ExtINT, demonstrated by QNX.  The failure
mode is as follows:
- IPI sent to cpu 0 (bit set in APIC irr)
- IPI accepted by cpu 0 (bit cleared in irr, set in isr)
- IPI sent to cpu 0 (bit set in both irr and isr)
- PIC interrupt sent to cpu 0

The PIC interrupt causes CPU_INTERRUPT_HARD to be set, but
apic_irq_pending observes that the highest pending APIC interrupt priority
(the IPI) is the same as the processor priority (since the IPI is still
being handled), so apic_get_interrupt returns a spurious interrupt rather
than the pending PIC interrupt. The result is an endless sequence of
spurious interrupts, since nothing will clear CPU_INTERRUPT_HARD.

Instead, ExtINT interrupts should have ignored the processor priority.
Calling apic_check_pic early in apic_get_interrupt ensures that
apic_deliver_pic_intr is called instead of delivering the spurious
interrupt.  apic_deliver_pic_intr then clears CPU_INTERRUPT_HARD if needed.

Reported-by: Richard Bilson <rbilson@qnx.com>
Tested-by: Richard Bilson <rbilson@qnx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-24 14:37:45 +01:00
Paolo Bonzini
8092cb7132 apic: fix loss of IPI due to masked ExtINT
This patch fixes an obscure failure of the QNX kernel on QEMU x86 SMP.
In QNX, all hardware interrupts come via the PIC, and are delivered by
the cpu 0 LAPIC in ExtINT mode, while IPIs are delivered by the LAPIC
in fixed mode.

This bug happens as follows:
- cpu 0 masks a particular PIC interrupt
- IPI sent to cpu 0 (CPU_INTERRUPT_HARD is set)
- before the IPI is accepted, the masked interrupt line is asserted by the
device

Since the interrupt is masked, apic_deliver_pic_intr will clear
CPU_INTERRUPT_HARD. The IPI will still be set in the APIC irr, but since
CPU_INTERRUPT_HARD is not set the cpu will not notice. Depending on the
scenario this can cause a system hang, i.e. if cpu 0 is expected to unmask
the interrupt.

In order to fix this, do a full check of the APIC before an EXTINT
is acknowledged.  This can result in clearing CPU_INTERRUPT_HARD, but
can also result in delivering the lost IPI.

Reported-by: Richard Bilson <rbilson@qnx.com>
Tested-by: Richard Bilson <rbilson@qnx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-24 14:37:40 +01:00
Paolo Bonzini
60e68042cf apic: avoid getting out of halted state on masked PIC interrupts
After the next patch, if a masked PIC interrupts causes CPU_INTERRUPT_POLL
to be set, the CPU will spuriously get out of halted state.  While this
is technically valid, we should avoid that.

Make CPU_INTERRUPT_POLL run apic_update_irq in the right thread and then
look at CPU_INTERRUPT_HARD.  If CPU_INTERRUPT_HARD does not get set,
do not report the CPU as having work.

Also move the handling of software-disabled APIC from apic_update_irq
to apic_irq_pending, and always trigger CPU_INTERRUPT_POLL.  This will
be important once we will add a case that resets CPU_INTERRUPT_HARD
from apic_update_irq.  We want to run it even if we go through
CPU_INTERRUPT_POLL, and even if the local APIC is software disabled.

Reported-by: Richard Bilson <rbilson@qnx.com>
Tested-by: Richard Bilson <rbilson@qnx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-24 14:37:30 +01:00
Kevin Wolf
24bf10dac3 Revert "qemu-img info: show nocow info"
This reverts commit 000c4dfff4.

The main reason for reverting this commit before the 2.2 release is that
it adds a QAPI interface that we don't want to keep: The 'nocow' flag
doesn't generally make sense for block nodes, but only for the raw-posix
driver. It should therefore be part of ImageInfoSpecific rather than
ImageInfo.

The commit contains more problems, but unlike the API stability issue
they wouldn't justify reverting it.

Conflicts:
	block/qapi.c

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-24 13:52:10 +01:00
Igor Mammedov
0c0de1b681 pc: pc-dimm: use backend alignment during address auto allocation
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-23 12:12:46 +02:00
Igor Mammedov
91aa70ab2a pc: align DIMM's address/size by backend's alignment value
Performance wise it's better to align GVA by the backend's
page size.

Also do not allow to create DIMM device with suboptimal
size (i.e. not aligned to backends page size) to aviod
memory loss.

Do above only for 2.2 and newer machine types to avoid
breaking working configs with 2.1 machine type.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-23 12:12:39 +02:00
Igor Mammedov
a2b257d621 memory: expose alignment used for allocating RAM as MemoryRegion API
introduce memory_region_get_alignment() that returns
underlying memory block alignment or 0 if it's not
relevant/implemented for backend.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-23 12:11:30 +02:00
Igor Mammedov
92a37a04d6 pc: limit DIMM address and size to page aligned values
When running in KVM mode, kvm_set_phys_mem() will silently
fail if registered MemoryRegion address/size is not page
aligned. Causing memory hotplug failure in guest.

Mapping non aligned MemoryRegion in TCG mode 'works', but
sane guest OS still expects page aligned memory module
and fails to initialize it if it's not aligned.

So do not allow non aligned (i.e. valid) address/size
values for DIMM to avoid either KVM failure or guest
issues caused by it.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-23 12:11:30 +02:00
Igor Mammedov
34dde13685 pc: make pc_dimm_plug() more readble
split addr initialization from declaration so that
later when new local vars are added property getter
wouldn't drift off of error check.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-23 12:11:30 +02:00
Igor Mammedov
b8865591d4 pc: kvm: check if KVM has free memory slots to avoid abort()
When more memory devices are used than available
KVM memory slots, QEMU crashes with:

kvm_alloc_slot: no free slot available
Aborted (core dumped)

Fix this by checking that KVM has a free slot before
attempting to map memory in guest address space.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-23 12:11:29 +02:00
Michael S. Tsirkin
c409572678 qemu-char: fix tcp_get_fds
tcp_get_fds API discards fds if there's more than 1 of these.

It's tricky to fix this without API changes in the generic case.

However, this API is only used by tests ATM, and tests know how
many fds they expect.

So let's not waste cycles trying to fix this properly:
simply assume at most 16 fds (tests use at most 8 now).
assert if some test tries to get more.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-23 12:11:29 +02:00
Peter Maydell
0e88f47850 Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
# gpg: Signature made Fri 21 Nov 2014 11:12:37 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/net-pull-request:
  rtl8139: fix Pointer to local outside scope
  pcnet: fix Negative array index read
  net/socket: fix Uninitialized scalar variable
  net/slirp: fix memory leak

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-21 14:15:37 +00:00
Peter Maydell
a00c117338 Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-20141121-1' into staging
gtk: two bugfixes for 2.2.

# gpg: Signature made Fri 21 Nov 2014 07:38:45 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-gtk-20141121-1:
  gtk: Don't crash if -nodefaults
  gtk: fix possible memory leak about local_err

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-21 13:22:18 +00:00
Gonglei
b0af844007 rtl8139: fix Pointer to local outside scope
Coverity spot:
 Assigning: iov = struct iovec [3]({{buf, 12UL},
                       {(void *)dot1q_buf, 4UL},
                       {buf + 12, size - 12}})
 (address of temporary variable of type struct iovec [3]).
 out_of_scope: Temporary variable of type struct iovec [3] goes out of scope.

Pointer to local outside scope (RETURN_LOCAL)
use_invalid:
 Using iov, which points to an out-of-scope temporary variable of type struct iovec [3].

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-21 10:50:54 +00:00
Gonglei
7b50d00911 pcnet: fix Negative array index read
s->xmit_pos maybe assigned to a negative value (-1),
but in this branch variable s->xmit_pos as an index to
array s->buffer. Let's add a check for s->xmit_pos.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-21 10:50:54 +00:00
Gonglei
8db804ac41 net/socket: fix Uninitialized scalar variable
If is_connected parameter is false, the saddr
variable will no initialize. Coverity report:
uninit_use: Using uninitialized value saddr.sin_port.

We don't need add saddr information to nc->info_str
when is_connected is false.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-21 10:50:54 +00:00
Gonglei
7a8919dc29 net/slirp: fix memory leak
commit b412eb61 introduce 'cmd:' target for guestfwd,
and fwd don't be used in this scenario, and will leak
memory in true branch with 'cmd:'. Let's allocate memory
for fwd variable just in else statement.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-21 10:50:54 +00:00
Fam Zheng
b310a2a609 gtk: Don't crash if -nodefaults
This fixes a crash by just skipping the vte resize hack if cur is NULL.

Reproducer:

qemu-system-x86_64 -nodefaults

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-11-21 08:37:59 +01:00
zhanghailiang
8a0f9b5263 gtk: fix possible memory leak about local_err
local_err in gd_vc_gfx_init() is not freed, and we don't use it,
so remove it.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-11-21 08:37:59 +01:00
Leif Lindholm
9c7074da5e hw/arm/virt: set stdout-path instead of linux,stdout-path
ePAPR 1.1 defines the stdout-path property, making the os-specific
linux,stdout-path property redundant. Change the DT setup for ARM virt
to use the generic property - supported by Linux since 3.15.

The old QEMU behaviour was not present in any released version of
QEMU, and was only added to QEMU after the kernel changed, so
this should not break any existing setups.

Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
[PMM: add note to commit about the old behaviour never hving been
in a released version of QEMU]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-20 14:58:37 +00:00
Peter Maydell
ff323a6b54 Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging
Patch queue for ppc - 2014-11-20

Hopefully the last few fixups for 2.2:

  - KVM memory slot fix (should usually only occur on PPC)
  - e300 fix
  - Altivec mtvscr instruction fix

# gpg: Signature made Thu 20 Nov 2014 13:53:34 GMT using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg:                 aka "Alexander Graf <alex@csgraf.de>"

* remotes/agraf/tags/signed-ppc-for-upstream:
  target-ppc: Altivec's mtvscr Decodes Wrong Register
  kvm: Fix memory slot page alignment logic
  target-ppc: Fix breakpoint registers for e300

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-20 14:02:24 +00:00
Tom Musta
76cb658419 target-ppc: Altivec's mtvscr Decodes Wrong Register
The Move to Vector Status and Control Register (mtvscr) instruction
uses VRB as the source register.  Fix the code generator to correctly
decode the VRB field.  That is, use "rB(ctx->opcode)" instead of
"rD(ctx->opcode)".

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-20 14:52:01 +01:00
Alexander Graf
f2a64032a1 kvm: Fix memory slot page alignment logic
Memory slots have to be page aligned to get entered into KVM. There
is existing logic that tries to ensure that we pad memory slots that
are not page aligned to the biggest region that would still fit in the
alignment requirements.

Unfortunately, that logic is broken. It tries to calculate the start
offset based on the region size.

Fix up the logic to do the thing it was intended to do and document it
properly in the comment above it.

With this patch applied, I can successfully run an e500 guest with more
than 3GB RAM (at which point RAM starts overlapping subpage memory regions).

Cc: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-20 14:52:01 +01:00
Fabien Chouteau
3ade1a055c target-ppc: Fix breakpoint registers for e300
In the previous patch, the registers were added to init_proc_G2LE
instead of init_proc_e300.

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-20 14:52:01 +01:00
Peter Maydell
f75ad80f6c Merge remote-tracking branch 'remotes/amit-migration/tags/for-2.2-2' into staging
Fix from a while back that unfortunately got ignored.  Dave Gilbert says
it may actually fix a case where autoconverge would break on a repeat
migration (and not just fix stats).

# gpg: Signature made Thu 20 Nov 2014 12:52:41 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit-migration/tags/for-2.2-2:
  migration: static variables will not be reset at second migration

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-20 13:00:28 +00:00
ChenLiang
6c1b663c4c migration: static variables will not be reset at second migration
The static variables in migration_bitmap_sync will not be reset in
the case of a second attempted migration.

Signed-off-by: ChenLiang <chenliang88@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-11-20 18:17:22 +05:30
Peter Maydell
af3ff19b48 Update version for v2.2.0-rc2 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18 18:00:58 +00:00
Don Slutz
6b896ab261 hw/ide/core.c: Prevent SIGSEGV during migration
The other callers to blk_set_enable_write_cache() in this file
already check for s->blk == NULL.

Signed-off-by: Don Slutz <dslutz@verizon.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1416259239-13281-1-git-send-email-dslutz@verizon.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18 17:36:14 +00:00
Peter Maydell
8336e465ac Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
# gpg: Signature made Tue 18 Nov 2014 15:04:53 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/net-pull-request:
  net: The third parameter of getsockname should be initialized

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18 16:17:32 +00:00
Peter Maydell
b1b1e81fb5 Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging
# gpg: Signature made Tue 18 Nov 2014 15:04:14 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/tracing-pull-request:
  Tracing: Fix simpletrace.py error on tcg enabled binary traces
  Tracing docs fix configure option and description

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18 15:05:36 +00:00
zhanghailiang
ed6273e26f net: The third parameter of getsockname should be initialized
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-18 15:04:35 +00:00
Christoph Seifert
776ec96f79 Tracing: Fix simpletrace.py error on tcg enabled binary traces
simpletrace.py does not recognize the tcg option while reading trace-events  file. In result simpletrace does not work on binary traces and tcg enabled events. Moved transformation of tcg enabled events to _read_events() which is used by simpletrace.

Signed-off-by: Christoph Seifert <christoph.seifert@posteo.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-18 14:05:58 +00:00
Dr. David Alan Gilbert
b73e8bd414 Tracing docs fix configure option and description
Fix the example trace configure option.
Update the text to say that multiple backends are allowed and what
happens when multiple backends are enabled.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1412691161-31785-1-git-send-email-dgilbert@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-18 14:05:54 +00:00
Peter Maydell
1ab8f867ef Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches for 2.2.0-rc2

# gpg: Signature made Tue 18 Nov 2014 11:32:55 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  block/raw-posix: Catch fsync() errors
  block/raw-posix: Only sync after successful preallocation
  block/raw-posix: Fix preallocating write() loop
  raw-posix: The SEEK_HOLE code is flawed, rewrite it
  raw-posix: SEEK_HOLE suffices, get rid of FIEMAP
  raw-posix: Fix comment for raw_co_get_block_status()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18 13:43:37 +00:00
Peter Maydell
ea5b201a0a Merge remote-tracking branch 'remotes/amit-migration/tags/for-2.2' into staging
Fix for CVE-2014-7840, avoiding arbitrary qemu memory overwrite for
migration by Michael S. Tsirkin.

# gpg: Signature made Tue 18 Nov 2014 11:23:00 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit-migration/tags/for-2.2:
  migration: fix parameter validation on ram load

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18 12:29:05 +00:00
Ard Biesheuvel
444b1996cb linux-headers: update to 3.18-rc5
This updates the Linux header to version 3.18-rc5, adding support for
(among other things) read-only memslots on ARM and arm64.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-id: 1416248898-6302-1-git-send-email-ard.biesheuvel@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18 11:24:31 +00:00
Michael S. Tsirkin
0be839a270 migration: fix parameter validation on ram load
During migration, the values read from migration stream during ram load
are not validated. Especially offset in host_from_stream_offset() and
also the length of the writes in the callers of said function.

To fix this, we need to make sure that the [offset, offset + length]
range fits into one of the allocated memory regions.

Validating addr < len should be sufficient since data seems to always be
managed in TARGET_PAGE_SIZE chunks.

Fixes: CVE-2014-7840

Note: follow-up patches add extra checks on each block->host access.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-11-18 16:49:44 +05:30
Max Reitz
098ffa6674 block/raw-posix: Catch fsync() errors
fsync() may fail, and that case should be handled.

Reported-by: László Érsek <lersek@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-18 12:09:00 +01:00
Max Reitz
731de38052 block/raw-posix: Only sync after successful preallocation
The loop which filled the file with zeroes may have been left early due
to an error. In that case, the fsync() should be skipped.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-18 12:09:00 +01:00
Max Reitz
39411cf3c3 block/raw-posix: Fix preallocating write() loop
write() may write less bytes than requested; in this case, the number of
bytes written is returned. This is the byte count we should be
subtracting from the number of bytes still to be written, and not the
byte count we requested to write.

Reported-by: László Érsek <lersek@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-18 12:08:59 +01:00
Peter Maydell
f874bf905f exec: Handle multipage ranges in invalidate_and_set_dirty()
The code in invalidate_and_set_dirty() needs to handle addr/length
combinations which cross guest physical page boundaries. This can happen,
for example, when disk I/O reads large blocks into guest RAM which previously
held code that we have cached translations for. Unfortunately we were only
checking the clean/dirty status of the first page in the range, and then
were calling a tb_invalidate function which only handles ranges that don't
cross page boundaries. Fix the function to deal with multipage ranges.

The symptoms of this bug were that guest code would misbehave (eg segfault),
in particular after a guest reboot but potentially any time the guest
reused a page of its physical RAM for new code.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1416167061-13203-1-git-send-email-peter.maydell@linaro.org
2014-11-18 10:19:12 +00:00
Kevin Wolf
8676785302 Merge remote-tracking branch 'mreitz/block' into queue-block
* mreitz/block:
  raw-posix: The SEEK_HOLE code is flawed, rewrite it
  raw-posix: SEEK_HOLE suffices, get rid of FIEMAP
  raw-posix: Fix comment for raw_co_get_block_status()
2014-11-18 11:01:05 +01:00
Markus Armbruster
d1f06fe665 raw-posix: The SEEK_HOLE code is flawed, rewrite it
On systems where SEEK_HOLE in a trailing hole seeks to EOF (Solaris,
but not Linux), try_seek_hole() reports trailing data instead.

Additionally, unlikely lseek() failures are treated badly:

* When SEEK_HOLE fails, try_seek_hole() reports trailing data.  For
  -ENXIO, there's in fact a trailing hole.  Can happen only when
  something truncated the file since we opened it.

* When SEEK_HOLE succeeds, SEEK_DATA fails, and SEEK_END succeeds,
  then try_seek_hole() reports a trailing hole.  This is okay only
  when SEEK_DATA failed with -ENXIO (which means the non-trailing hole
  found by SEEK_HOLE has since become trailing somehow).  For other
  failures (unlikely), it's wrong.

* When SEEK_HOLE succeeds, SEEK_DATA fails, SEEK_END fails (unlikely),
  then try_seek_hole() reports bogus data [-1,start), which its caller
  raw_co_get_block_status() turns into zero sectors of data.  Could
  theoretically lead to infinite loops in code that attempts to scan
  data vs. hole forward.

Rewrite from scratch, with very careful comments.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2014-11-18 09:45:48 +01:00
Markus Armbruster
c4875e5b22 raw-posix: SEEK_HOLE suffices, get rid of FIEMAP
Commit 5500316 (May 2012) implemented raw_co_is_allocated() as
follows:

1. If defined(CONFIG_FIEMAP), use the FS_IOC_FIEMAP ioctl

2. Else if defined(SEEK_HOLE) && defined(SEEK_DATA), use lseek()

3. Else pretend there are no holes

Later on, raw_co_is_allocated() was generalized to
raw_co_get_block_status().

Commit 4f11aa8 (May 2014) changed it to try the three methods in order
until success, because "there may be implementations which support
[SEEK_HOLE/SEEK_DATA] but not [FIEMAP] (e.g., NFSv4.2) as well as vice
versa."

Unfortunately, we used FIEMAP incorrectly: we lacked FIEMAP_FLAG_SYNC.
Commit 38c4d0a (Sep 2014) added it.  Because that's a significant
speed hit, the next commit 7c159037 put SEEK_HOLE/SEEK_DATA first.

As you see, the obvious use of FIEMAP is wrong, and the correct use is
slow.  I guess this puts it somewhere between -7 "The obvious use is
wrong" and -10 "It's impossible to get right" on Rusty Russel's Hard
to Misuse scale[*].

"Fortunately", the FIEMAP code is used only when

* SEEK_HOLE/SEEK_DATA aren't defined, but CONFIG_FIEMAP is

  Uncommon.  SEEK_HOLE had no XFS implementation between 2011 (when it
  was introduced for ext4 and btrfs) and 2012.

* SEEK_HOLE/SEEK_DATA and CONFIG_FIEMAP are defined, but lseek() fails

  Unlikely.

Thus, the FIEMAP code executes rarely.  Makes it a nice hidey-hole for
bugs.  Worse, bugs hiding there can theoretically bite even on a host
that has SEEK_HOLE/SEEK_DATA.

I don't want to worry about this crap, not even theoretically.  Get
rid of it.

[*] http://ozlabs.org/~rusty/index.cgi/tech/2008-04-01.html

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2014-11-18 09:45:35 +01:00
Markus Armbruster
be2ebc6dad raw-posix: Fix comment for raw_co_get_block_status()
Missed in commit 705be72.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2014-11-18 09:44:02 +01:00
Peter Maydell
d6be29e3fb target-arm: handle address translations that start at level 3
The ARMv8 address translation system defines that a page table walk
starts at a level which depends on the translation granule size
and the number of bits of virtual address that need to be resolved.
Where the translation granule is 64KB and the guest sets the
TCR.TxSZ field to between 35 and 39, it's actually possible to
start at level 3 (the final level). QEMU's implementation failed
to handle this case, and so we would set level to 2 and behave
incorrectly (including invoking the C undefined behaviour of
shifting left by a negative number). Correct the code that
determines the starting level to deal with the start-at-3 case,
by replacing the if-else ladder with an expression derived from
the ARM ARM pseudocode version.

This error was detected by the Coverity scan, which spotted
the potential shift by a negative number.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1415890569-7454-1-git-send-email-peter.maydell@linaro.org
2014-11-17 19:30:28 +00:00
Peter Maydell
1aba4be97e Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
A smattering of fixes for problems that Coverity reported.

# gpg: Signature made Mon 17 Nov 2014 17:03:25 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  hcd-musb: fix dereference null return value
  target-cris/translate.c: fix out of bounds read
  shpc: fix error propaagation
  qemu-char: fix MISSING_COMMA
  acl: fix memory leak
  nvme: remove superfluous check
  loader: fix NEGATIVE_RETURNS
  qga: fix false negative argument passing
  mips_mipssim: fix use-after-free for filename
  l2tpv3: fix fd leak
  l2tpv3: fix possible double free
  libcacard: fix resource leak

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-17 17:22:03 +00:00
Paolo Bonzini
a9be76576e hcd-musb: fix dereference null return value
usb_ep_get and usb_handle_packet can deal with a NULL device, but we have
to avoid dereferencing NULL pointers when building the id.

Thanks to Gonglei for an initial stab at fixing this.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17 18:02:31 +01:00
Peter Maydell
d8edf52a51 Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging
Update OpenBIOS images

# gpg: Signature made Sat 15 Nov 2014 13:12:02 GMT using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"

* remotes/mcayland/tags/qemu-openbios-signed:
  Update OpenBIOS images

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-17 15:37:10 +00:00
zhanghailiang
fae38221e7 target-cris/translate.c: fix out of bounds read
In function t_gen_mov_TN_preg and t_gen_mov_preg_TN, The begin check about the
validity of in-parameter 'r' is useless. We still access cpu_PR[r] in the
follow code if it is invalid. Which will be an out-of-bounds read error.

Fix it by using assert() to ensure it is valid before using it.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17 13:59:23 +01:00
Gonglei
0e8b439ae5 shpc: fix error propaagation
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17 11:49:19 +01:00
Gonglei
86d10328a0 qemu-char: fix MISSING_COMMA
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17 11:49:05 +01:00
Gonglei
6cfcd864a4 acl: fix memory leak
If 'i != index' for all acl->entries, variable
entry leaks the storage it points to.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17 11:48:56 +01:00
Gonglei
720fdd6fa9 nvme: remove superfluous check
Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
((n->bar.aqa >> AQA_ASQS_SHIFT) & AQA_ASQS_MASK) > 4095
is always false regardless of the values of its operands.
This occurs as the logical second operand of '||'.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17 11:43:09 +01:00
Gonglei
ddd2eab72f loader: fix NEGATIVE_RETURNS
lseek will return -1 on error, g_malloc0(size) and read(,,size)
paramenters cannot be negative. We should add a check for return
value of lseek().

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17 11:41:56 +01:00
Gonglei
1def74548d qga: fix false negative argument passing
Function send_response(s, &qdict->base) returns a negative number
when any failures occured. But strerror()'s parameter cannot be
negative. Let's change the testing condition and pass '-ret' to
strerr().

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17 11:41:25 +01:00
Gonglei
77e205a528 mips_mipssim: fix use-after-free for filename
May pass freed pointer filename as an argument to error_report.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17 11:41:03 +01:00
Gonglei
d4754a9531 l2tpv3: fix fd leak
In this false branch, fd will leak when it is zero.
Change the testing condition.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
[Fix net_l2tpv3_cleanup as well. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17 11:40:36 +01:00
Mark Cave-Ayland
35fb5b73a2 Update OpenBIOS images
Update OpenBIOS images to SVN r1327 built from submodule.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-11-15 13:01:44 +00:00
Peter Maydell
4e70f9271d Merge remote-tracking branch 'remotes/sstabellini/xen-2014-11-14' into staging
* remotes/sstabellini/xen-2014-11-14:
  xen_disk: fix unmapping of persistent grants
  pc: piix4_pm: init legacy PCI hotplug when running on Xen

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-14 12:05:33 +00:00
zhanghailiang
77374582ab l2tpv3: fix possible double free
freeaddrinfo(result) does not assign result = NULL, after frees it.
There will be a double free when it goes error case.
It is reported by covertiy.

Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-14 12:16:24 +01:00
zhanghailiang
5bbebf6228 libcacard: fix resource leak
In function connect_to_qemu(), getaddrinfo() will allocate memory
that is stored into server, it should be freed by using freeaddrinfo()
before connect_to_qemu() return.

Cc: qemu-stable@nongnu.org
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-14 12:15:40 +01:00
Peter Maydell
b87dcdd074 Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
# gpg: Signature made Fri 14 Nov 2014 11:05:54 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  vmdk: Leave bdi intact if -ENOTSUP in vmdk_get_info
  block: Fix max nb_sectors in bdrv_make_zero
  ahci: factor out FIS decomposition from handle_cmd
  ahci: Check cmd_fis[1] more explicitly
  ahci: Reorder error cases in handle_cmd
  ahci: Fix FIS decomposition
  ahci: add is_ncq predicate helper
  ide: Correct handling of malformed/short PRDTs
  ahci: unify sglist preparation
  ide: repair PIO transfers for cases where nsector > 1
  ahci: Fix byte count regression for ATAPI/PIO

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-14 11:12:40 +00:00
Roger Pau Monne
2f01dfacb5 xen_disk: fix unmapping of persistent grants
This patch fixes two issues with persistent grants and the disk PV backend
(Qdisk):

 - Keep track of memory regions where persistent grants have been mapped
   since we need to unmap them as a whole. It is not possible to unmap a
   single grant if it has been batch-mapped. A new check has also been added
   to make sure persistent grants are only used if the whole mapped region
   can be persistently mapped in the batch_maps case.
 - Unmap persistent grants before switching to the closed state, so the
   frontend can also free them.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reported-by: George Dunlap <george.dunlap@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: George Dunlap <george.dunlap@eu.citrix.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2014-11-14 11:12:38 +00:00
Igor Mammedov
91ab2ed722 pc: piix4_pm: init legacy PCI hotplug when running on Xen
If user starts QEMU with "-machine pc,accel=xen", then
compat property in xenfv won't work and it would cause error:
"Unsupported bus. Bus doesn't have property 'acpi-pcihp-bsel' set"
when PCI device is added with -device on QEMU CLI.

From: Igor Mammedov <imammedo@redhat.com>

In case of Xen instead of using compat property, just use the fact
that xen doesn't use QEMU's fw_cfg/acpi tables to switch piix4_pm
into legacy PCI hotplug mode when Xen is enabled.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Li Liang <liang.z.li@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-14 11:11:44 +00:00
Fam Zheng
5f58330790 vmdk: Leave bdi intact if -ENOTSUP in vmdk_get_info
When extent types don't match, we return -ENOTSUP. In this case, be
polite to the caller and don't modify bdi.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1415938161-16217-1-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-14 09:20:45 +00:00
Fam Zheng
f3a9cfddae block: Fix max nb_sectors in bdrv_make_zero
In bdrv_rw_co we report -EINVAL for nb_sectors > INT_MAX /
BDRV_SECTOR_SIZE, so a caller shouldn't exceed it.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1415603264-21497-1-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-14 09:20:35 +00:00
John Snow
107f0d4677 ahci: factor out FIS decomposition from handle_cmd
In order to make handle_cmd more readable at the macro level,
the details of how to decompose particular types of FIS packets
are left to helper functions.

In our case, the only type of FIS packet we currently expect to
see is a Register H2D FIS packet, but the gory details of its
decomposition are of no particular interest in handle_cmd.

This patch keeps the receipt of FIS packets and the decomposition
thereof separated to two different functions.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1415058979-16604-6-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-14 09:20:35 +00:00
John Snow
102e56254d ahci: Check cmd_fis[1] more explicitly
Instead of checking for a known byte, inspect the
fields of this byte explicitly to produce more meaningful
error messages and improve the readability of this section.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1415058979-16604-5-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-14 09:20:35 +00:00
John Snow
36ab3c3400 ahci: Reorder error cases in handle_cmd
Error checking in ahci's handle_cmd is re-ordered so that we
initialize as few things as possible before we've done our
sanity checking. This simplifies returning from this call
in case of an error.

A check to make sure the DMA memory map succeeds with the
correct size is also added, and the debug print of the
command fis is cleaned up with its size corrected.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1415058979-16604-4-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-14 09:20:35 +00:00
John Snow
1cbdd96813 ahci: Fix FIS decomposition
This patch introduces a few changes to how FIS packets are
deciphered in the AHCI virtual device. The summary of
changes can be grouped into two pieces:

[A] Changes to how we apply a preliminary sieve to FISes,
[B] Changes in how we internalize a decomposed FIS.

== Changes to how we apply a preliminary sieve to FISes ==

(1) Packets may now either update the Control register or
    the Command register, but not both. This is according
    to the SATA 3.2 specification which states:
    "...the device either initiates processing of the command
    indicated in the Command register or initiates processing
    of the control request indicated [...] depending on the
    state of the C bit in the FIS."

    See SATA 3.2 section 10.5.5.4, "Reception" in the 10.5.5
    "Register Host to Device FIS" section.

    This change accounts for the first two regions of change
    within the diff. All other changes belong to the following
    changes.

== Changes in how we internalize a decomposed FIS ==

(2) Instead of trying to extract the sector number out of the
    FIS from bytes 4-10 and setting it with ide_set_sector,
    we set the appropriate IDEState registers and trust that
    ide_get_sector can retrieve the correct sector later.

    By "constructing" the sector for use with ide_set_sector,
    we are duplicating the mechanisms of ide_get_sector.
    This change makes the FIS decomposition more obvious.

    SATA 3.2 as a specification does not make the legacy
    register mapping with respect to the D2H FIS obvious.
    However, SATA 3.2 section 10.5.5.1 "Register Host to
    Device FIS layout" describes all of the "cmd_fis"
    bytes:

    0 - FIS Type (0x27)
    1 - Port Multiplier Port and Command Update flag
    2 - ATA Command
    3 - Features_Low
    4 - LBA 7:0
    5 - LBA 15:8
    6 - LBA 23:16
    7 - Device, AKA "Drive Select."
    8 - LBA 31:24
    9 - LBA 39:32
    10 - LBA 47:40
    11 - Features_High
    12 - Count Low
    13 - Count High
    14 - ICC
    15 - Control
    16-19 - Auxiliary (for NCQ, defined per-command)

    Most of these registers map to existing IDEState registers
    in obvious ways, especially features, select, hob_features,
    and nsector (count). ICC is reserved in older specifications
    but is not supported in our implementation, and remains
    unused here. The Control register is not valid for a command
    that is trying to update the command register and is to be
    considered reserved at this point.

    What is not obvious is the LBA register mappings, but SATA 1.0
    can help inform of us legacy device support, see SATA 1.0 section
    8.5.2 "Register - Host to Device."

    LBA 7:0   - Sector Number    (sector)
    LBA 15:8  - Cyl Low          (lcyl)
    LBA 23:16 - Cyl High         (hcyl)
    LBA 31:24 - Sector Num Exp.  (hob_sector)
    LBA 39:32 - Cyl Low Exp.     (hob_lcyl)
    LBA 47:40 - Cyl High Exp.    (hob_hcyl)

    These mappings help guide which registers the FIS should be decomposed
    into/towards for CHS, LBA28 and LBA48 commands.

    As a note: The prior confusion that can be seen in the documentation
    arises from the fact that CHS and LBA28 commands use the low nybble
    of the drive select register to store LBA 27:24, whereas LNA48 commands
    use the hob_sector, hob_lcyl and hob_hcyl registers as explained above.

    The decomposition as it stands now will correctly decompose CHS, LBA28
    and LBA48 commands into their appropriate registers where the core
    IDE/ATAPI layers can deal with them correctly.

    See the below point for more information.

(3) We save cmd_fis[7] as ide_state->select, which informs
    decisions about if we are using LBA or CHS.
    This corrects a bug in AHCI wherein we attempt to set and/or
    retrieve the sector number by using ide_set_sector and
    ide_get_sector, which depend on the select register to
    determine if we are using LBA or CHS.

    Without this adjustment, LBA48 read/writes are currently
    broken. Thanks to Eniac Zheng @ HP for pointing this out.

(4) Save cmd_fis[11] as ide_state->hob_feature, as defined in SATA 3.2.

(5) For several ATA commands, the sector count register set to 0
    is a magic number that means 256 sectors. For LBA48 commands,
    this means 65,536 sectors. We drop the magic sector correction
    here, and trust the ide core layer to handle the conversion
    appropriately, in ide_cmd_lba48_transform(). As it stands,
    the current AHCI code is only compliant with LBA28 commands.
    By simply removing the magic, it will work with LBA28 and LBA48.

(6) We expand FIS decomposition to include both ATAPI and IDE devices.
    We leave the logic of determining if the fields are valid or not
    to the respective layers.

    This change intends to make it clearer that AHCI is only a
    composition mechanism for the FIS packets: the meanings of
    the registers is best left to the implementation layers for
    those devices.

(7) Forcefully setting the feature, hcyl and lcyl registers for ATAPI
    commands is removed.
    - The hcyl and lcyl magic present here is valid at boot only,
      and should not be overridden for every PACKET command.
    - The feature register is defined as valid for the PACKET command,
      so we should not suppress it. The ATAPI layer does not even
      currently depend on or require 0x01 as mandatory.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1415058979-16604-3-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-14 09:20:35 +00:00
John Snow
72a065dbb1 ahci: add is_ncq predicate helper
A small helper to determine which S/ATA commands
are destined to be routed to the NCQ pathways.

This references SATA 3.2 section 13.6,
Native Command Queueing. See sections 13.6.4,
13.6.5, 13.6.6, 13.6.7 and 13.6.8 for all
SATA commands considered to be part of the
NCQ feature set. This is summarized in a small
list in section 13.6.3.1 and again in 13.6.3.2.

Not all of these NCQ commands are currently supported,
so the error pathways are adjusted slightly to be more
informative in the case they are encountered.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1415058979-16604-2-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-14 09:20:35 +00:00
John Snow
3251bdcf1c ide: Correct handling of malformed/short PRDTs
This impacts both BMDMA and AHCI HBA interfaces for IDE.
Currently, we confuse the difference between a PRDT having
"0 bytes" and a PRDT having "0 complete sectors."

When we receive an incomplete sector, inconsistent error checking
leads to an infinite loop wherein the call succeeds, but it
didn't give us enough bytes -- leading us to re-call the
DMA chain over and over again. This leads to, in the BMDMA case,
leaked memory for short PRDTs, and infinite loops and resource
usage in the AHCI case.

The .prepare_buf() callback is reworked to return the number of
bytes that it successfully prepared. 0 is a valid, non-error
answer that means the table was empty and described no bytes.
-1 indicates an error.

Our current implementation uses the io_buffer in IDEState to
ultimately describe the size of a prepared scatter-gather list.
Even though the AHCI PRDT/SGList can be as large as 256GiB, the
AHCI command header limits transactions to just 4GiB. ATA8-ACS3,
however, defines the largest transaction to be an LBA48 command
that transfers 65,536 sectors. With a 512 byte sector size, this
is just 32MiB.

Since our current state structures use the int type to describe
the size of the buffer, and this state is migrated as int32, we
are limited to describing 2GiB buffer sizes unless we change the
migration protocol.

For this reason, this patch begins to unify the assertions in the
IDE pathways that the scatter-gather list provided by either the
AHCI PRDT or the PCI BMDMA PRDs can only describe, at a maximum,
2GiB. This should be resilient enough unless we need a sector
size that exceeds 32KiB.

Further, the likelihood of any guest operating system actually
attempting to transfer this much data in a single operation is
very slim.

To this end, the IDEState variables have been updated to more
explicitly clarify our maximum supported size. Callers to the
prepare_buf callback have been reworked to understand the new
return code, and all versions of the prepare_buf callback have
been adjusted accordingly.

Lastly, the ahci_populate_sglist helper, relied upon by the
AHCI implementation of .prepare_buf() as well as the PCI
implementation of the callback have had overflow assertions
added to help make clear the reasonings behind the various
type changes.

[Added %d -> %"PRId64" fix John sent because off_pos changed from int to
int64_t.
--Stefan]

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1414785819-26209-4-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-14 09:20:35 +00:00
John Snow
bef1301acb ahci: unify sglist preparation
The intent of this patch is to further unify the creation and
deletion of the sglist used for all AHCI transfers, including
emulated PIO, ATAPI R/W, and native DMA R/W.

By replacing ahci_start_transfer's call to ahci_populate_sglist
with ahci_dma_prepare_buf, we reduce the number of direct calls
where we manipulate the scatter-gather list in the AHCI code.

To make this switch, the constant "0" passed as an offset
in ahci_dma_prepare_buf is adjusted to use io_buffer_offset.

For DMA pathways, this has no effect: io_buffer_offset is always
updated to 0 at the beginning of a DMA transfer loop regardless.
DMA pathways through ide_dma_cb() update the io_buffer_offset
accordingly, and for circumstances where we might make several
trips through this loop, this may actually correct a design flaw.

For PIO pathways, the newly updated ahci_dma_prepare_buf will
now prepare the sglist at the correct offset. It will also set
io_buffer_size, but this is not used in the cmd_read_pio or
cmd_write_pio pathways.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1414785819-26209-3-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-14 09:20:34 +00:00
John Snow
36334faf35 ide: repair PIO transfers for cases where nsector > 1
Currently, for emulated PIO transfers through the AHCI device,
any attempt made to request more than a single sector's worth
of data will result in the same sector being transferred over
and over.

For example, if we request 8 sectors via PIO READ SECTORS, the
AHCI device will give us the same sector eight times.

This patch adds offset tracking into the PIO pathways so that
we can fulfill these requests appropriately.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1414785819-26209-2-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-14 09:20:34 +00:00
John Snow
a395f3fa2f ahci: Fix byte count regression for ATAPI/PIO
This patch fixes a regression caused by commit
659142ecf7.
The problem occurs when we wish to return early
from the ahci_start_transfer function, but are now
updating the transferred byte count in the AHCI
command header via ahci_commit_buf.

This will cause problems in the Windows 8 installer.

Don't update the byte count in the command header
for the transmission of ATAPI packets: These commands
will distort the final byte count of the actual data
payload.

The call to ahci_commit_buf remains in the "out"
portion of the call in order to clean up the sglist.
The byte count is maintained by forcing size to be 0.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-14 09:20:34 +00:00
Peter Maydell
c52e67924f Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
x86 and SCSI fixes.  I left out the APIC device model
patches, pending confirmation from the submitter that they really
fix QNX.

# gpg: Signature made Thu 13 Nov 2014 15:13:38 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  acpi: accurate overflow check
  smbios: change 'ram_addr_t' variables to 'uint64_t'
  kvmclock: Add comment explaining why we need cpu_clean_all_dirty()
  target-i386: fix Coverity complaints about overflows
  apic_common: migrate missing fields
  target-i386: eliminate dead code and hoist common code out of "if"
  virtio-scsi: Fix comment for VirtIOSCSIReq
  virtio-scsi: dataplane: suppress guest notification
  esp: Do not overwrite ESP_TCHI after reset
  virtio-scsi: dataplane: fix allocation for 'cmd_vrings'
  esp: fix coding standards
  virtio-scsi: work around bug in old BIOSes
  esp-pci: fixup deadlock with linux

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-13 15:44:16 +00:00
Pavel Dovgalyuk
3ef0eab178 acpi: accurate overflow check
Compare clock in ns, because acpi_pm_tmr_update uses rounded
to ns value instead of ticks.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
[This lets Windows boot in icount mode. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-13 16:13:28 +01:00
SeokYeon Hwang
f4ec5cd29d smbios: change 'ram_addr_t' variables to 'uint64_t'
ram_addr_t should not be used except if referring to a RAMBlobk.
Using 'uint64_t' avoids a -Wconstant-conversion warning, which
clang >= 3.4 produces in "smbios_get_tables()".

Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-13 16:13:28 +01:00
Eduardo Habkost
1154d84dcc kvmclock: Add comment explaining why we need cpu_clean_all_dirty()
Try to explain why commit 317b0a6d8b
needed a cpu_clean_all_dirty() call just after calling
cpu_synchronize_all_states().

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Cc: Andrey Korolyov <andrey@xdel.ru>
Cc: Marcin Gibuła <m.gibula@beyond.pl>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-13 16:13:28 +01:00
Paolo Bonzini
e6a33e45c2 target-i386: fix Coverity complaints about overflows
sipi_vector is an int; it is shifted by 12 and passed as a 64-bit value,
which makes Coverity think that we wanted (uint64_t)sipi_vector << 12.

But actually it must be between 0 and 255.  Make this explicit.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-13 16:13:27 +01:00
Pavel Dovgalyuk
c2c00148ec apic_common: migrate missing fields
This patch adds missed sipi_vector and wait_for_sipi fields to a new
subsection of the vmstate of the apic_common module. Saving and loading
of these fields makes migration of the apic state deterministic.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
[Initialize the field in pre_load and kvm_apic_realize. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-13 16:13:27 +01:00
Peter Maydell
b56cb28895 Merge remote-tracking branch 'remotes/kraxel/tags/pull-seabios-1.7.5.1-20141113-1' into staging
update seabios to 1.7.5.1 stable release

# gpg: Signature made Thu 13 Nov 2014 11:03:05 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-seabios-1.7.5.1-20141113-1:
  update seabios to 1.7.5.1 stable release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-13 13:02:31 +00:00
Peter Maydell
e08d300450 Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-20141113-1' into staging
QMP/input-send-event: make console parameter optional

# gpg: Signature made Thu 13 Nov 2014 10:07:26 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-input-20141113-1:
  QMP/input-send-event: make console parameter optional
  QMP/input-send-event: update document of union InputEvent

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-13 11:52:11 +00:00
Gerd Hoffmann
953ea14d66 update seabios to 1.7.5.1 stable release
git shortlog since 1.7.5:

Hannes Reinecke (1):
      megasas: read addional PCI I/O bar

Kevin O'Connor (5):
      boot: Change ":rom%d" boot order rom instance to ":rom%x"
      vgabios: Return from handle_1011() if handler found.
      Don't enable thread preemption during S3 resume vga option rom execution.
      build: Avoid absolute paths during "whole-program" compiling.
      ehci: Fix bug in hub port assignment

Marcel Apfelbaum (1):
      hw/pci: reserve IO and mem for pci express downstream ports with no devices attached

Markus Armbruster (1):
      boot: Fix boot order for SCSI target, lun > 9

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-11-13 11:59:46 +01:00
Peter Maydell
410bd787bf Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20141112-1' into staging
usb bugfixes for 2.2

# gpg: Signature made Wed 12 Nov 2014 14:35:09 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-usb-20141112-1:
  usb-host: fix usb_host_speed_compat tyops
  xhci: add sanity checks to xhci_lookup_uport
  Provide the missing LIBUSB_LOG_LEVEL_* for older libusb or FreeBSD. Providing just the needed value as a defined.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-13 10:54:05 +00:00
Amos Kong
51fc44768a QMP/input-send-event: make console parameter optional
The 'QemuConsole' is the input source for handler, we share some
input handlers to process the input events from different QemuConsole.

Normally we only have one set of keyboard, mouse, usbtablet, etc.
The devices have different mask, it's fine to just checking mask to
insure that the handler has the ability to process the event.

I saw we try to bind console to handler in usb/dev-hid.c, but display
always isn't available at that time.

If we have multiseat setup (as Gerd said), we only have 'problem' in
this case. Actually event from different devices have the same effect
for system, it's fine to always use the first available handler
without caring about the console.

For send-key command, we just pass a NULL for console parameter in
calling qemu_input_event_send_key(NULL, ..), but 'input-send-event'
needs to care more devices.

Conclusion:
Generally assigning the special console is meanless, and we can't
directly remove the QMP parameter for compatibility.

So we can make the parameter optional. The parameter might be useful
for some special condition: we have multiple devices without binding
console and they all have the ability(mask) to process events, and
we don't want to use the first one.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-11-13 11:06:40 +01:00
Amos Kong
935fb91522 QMP/input-send-event: update document of union InputEvent
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-11-13 11:06:40 +01:00
Gerd Hoffmann
79ae25af15 usb-host: fix usb_host_speed_compat tyops
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
2014-11-12 15:27:23 +01:00
Paolo Bonzini
ae67dc72e4 target-i386: eliminate dead code and hoist common code out of "if"
ist != 0 is checked in the first "if", so it cannot be true in
the "else if" part.  While at it, simplify the code and move
the ESP alignment out of the conditionals.

Reported by Coverity.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-12 12:43:45 +01:00
Fam Zheng
f69c111585 virtio-scsi: Fix comment for VirtIOSCSIReq
The cdb is not zeroed by virtio_scsi_init_req, so fix the misleading
comment.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-12 12:43:45 +01:00
Ming Lei
6012ca8159 virtio-scsi: dataplane: suppress guest notification
This patch uses vring_should_notify() to suppress
guest notification, and looks notification frequency
can be decreased from ~33K/sec to ~2K/sec in my test
environment.

Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-12 11:19:19 +01:00
Hannes Reinecke
c9cf45c1a4 esp: Do not overwrite ESP_TCHI after reset
After a reset ESP_TCHI should contain the unique ID
of the chip. This value will be overwritten with the
current tranfer count if the transfer count has
previously been set.
So we should always return the chip id if ESP_TCHI
has never been written to.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-12 10:27:03 +01:00
Peter Maydell
e0d0041ec6 Update version for v2.2.0-rc1 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-11 17:25:11 +00:00
Peter Maydell
7f06a3b14d Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20141111' into staging
seccomp branch queue

# gpg: Signature made Tue 11 Nov 2014 16:12:48 GMT using RSA key ID 12F8BD2F
# gpg: Can't check signature: public key not found

* remotes/otubo/tags/pull-seccomp-20141111:
  seccomp: change configure to avoid arm 32 to break
  seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-11 16:23:02 +00:00
Eduardo Otubo
4cc47f8b3c seccomp: change configure to avoid arm 32 to break
Current stable version of libseccomp (2.1.1) only supports i386 and
x86_64 archs correctly. This patch limits the usage of the syscall
filter for those archs and updates to the correct last version of
libseccomp.

This patch also fixes the bug:
https://bugs.launchpad.net/qemu/+bug/1363641

Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Moore <pmoore@redhat.com>
2014-11-11 17:05:21 +01:00
Philipp Gesang
f73adec709 seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch()
fallocate() is needed for snapshotting. If it isn’t whitelisted

    $ qemu-img create -f qcow2 x.qcow 1G
    Formatting 'x.qcow', fmt=qcow2 size=1073741824 encryption=off cluster_size=65536 lazy_refcounts=off
    $ qemu-kvm -display none -monitor stdio -sandbox on x.qcow
    QEMU 2.1.50 monitor - type 'help' for more information
    (qemu) savevm foo
    (qemu) loadvm foo

will fail, as will subsequent savevm commands on the same image.

fadvise64(), inotify_init1(), inotify_add_watch() are needed by
the SDL display. Without the whitelist entries,

    qemu-kvm -sandbox on

fails immediately.

In my tests fadvise64() is called 50--51 times per VM run. That
number seems independent of the duration of the run. fallocate(),
inotify_init1(), inotify_add_watch() are called once each.
Accordingly, they are added to the whitelist at a very low
priority.

Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
2014-11-11 17:01:35 +01:00
Peter Maydell
776346cd63 Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2014-11-11' into staging
trivial patches for 2014-11-11

# gpg: Signature made Tue 11 Nov 2014 14:38:39 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"

* remotes/mjt/tags/pull-trivial-patches-2014-11-11:
  block: Fix comment for bdrv_co_get_block_status
  sysbus: Correct SYSTEM_BUS(obj) defines
  target-i386: cpu: keeping function parameters alignment on new line
  xen-hvm: Remove redundant variable 'xstate'
  coroutine-sigaltstack: Change jmp_buf to sigjmp_buf
  pc-bios: petalogix-s3adsp1800.dtb: Use 'xlnx, xps-ethernetlite-2.00.a' instead of 'xlnx, xps-ethernetlite-2.00.b'
  gdbstub: Add a missing case of signal number translation in gdbstub
  numa: make 'info numa' take into account hotplugged memory
  slirp/smbd: modify/set several parameters in generated smbd.conf
  qemu-doc.texi: fix typos in x509 examples
  icc_bus: fix typo ICC_BRIGDE -> ICC_BRIDGE

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-11 14:50:10 +00:00
Fam Zheng
705be728c0 block: Fix comment for bdrv_co_get_block_status
It returns more information than binary, fix the comment.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-11 17:36:19 +03:00
Gonglei
00c2275c95 sysbus: Correct SYSTEM_BUS(obj) defines
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-11 17:36:19 +03:00
Chen Fan
8f9d989cac target-i386: cpu: keeping function parameters alignment on new line
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-11 17:36:19 +03:00
Chen Gang
d208a85f15 xen-hvm: Remove redundant variable 'xstate'
In xen_hvm_change_state_handler(), we can pass 'opaque' with type cast
to xen_main_loop_prepare() directly, there's no need to use additional
variable for it.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-11 17:34:53 +03:00
Peter Maydell
8447414510 Merge remote-tracking branch 'remotes/armbru/tags/for-upstream' into staging
Patches to MAINTAINERS that haven't been picked up

# gpg: Signature made Tue 11 Nov 2014 08:46:55 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/for-upstream:
  Add Migration maintainer
  MAINTAINERS: add section for QEMU Guest Agent
  MAINTAINERS: add myself as bootdevice.c maintainer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-11 11:05:54 +00:00
Ming Lei
ed4b43265d virtio-scsi: dataplane: fix allocation for 'cmd_vrings'
The size of each element should be sizeof(VirtIOSCSIVring *).

Signed-off-by: Ming Lei <ming.lei@canonical.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-11 12:03:47 +01:00
Peter Maydell
59c4f2ecef Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20141111' into staging
linux-user pull for 2.2

Two last minute fixes uncovered and fixed by Tom Musta
and Alexander Graf, thanks

# gpg: Signature made Tue 11 Nov 2014 06:36:02 GMT using RSA key ID DE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg:                 aka "Riku Voipio <riku.voipio@linaro.org>"

* remotes/riku/tags/pull-linux-user-20141111:
  linux-user: Fix up timer id handling
  linux-user: Do not subtract offset from end address

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-11 10:09:31 +00:00
Juan Quintela
c0787c8dd1 Add Migration maintainer
Signed-off-by: Juan Quintela <quintela@trasno.org>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2014-11-11 09:46:46 +01:00
Michael Roth
f05d9999f4 MAINTAINERS: add section for QEMU Guest Agent
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2014-11-11 09:46:34 +01:00
Gonglei
b5e9476c0f MAINTAINERS: add myself as bootdevice.c maintainer
bootdevice.c was created by me, and I wrote most of
the code in this file. And now I can maintain it,
I'd hope nobody object this.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2014-11-11 09:42:47 +01:00
Willem Pinckaers
7f151e6f71 coroutine-sigaltstack: Change jmp_buf to sigjmp_buf
This is a simple patch to change the type of old_env from jmp_buf
to sigjmp_buf.  old_env is used by sigsetjmp and as such should be
a sigjmp_buf.

This fixes a stack_chk fail in a OSX 32bit build. Since at least on
OSX sigjmp_buf is four bytes larger then a jmpbuf, resulting in an
overflow in sigsetjmp. Due to variable reordering this overwrites
the stack cookie.

Signed-off-by: Willem Pinckaers <willem_qemu@lekkertech.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Peter: I think I must have missed this one when I converted
       all the jmp_buf to sigjmp_buf in commit 6ab7e546.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-11 11:07:55 +03:00
Gerd Hoffmann
f2ad97ff81 xhci: add sanity checks to xhci_lookup_uport
Also catch xhci_lookup_uport failures in post_load.

https://bugzilla.redhat.com/show_bug.cgi?id=1074219

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-11-11 08:48:16 +01:00
Chris Johns
1e03e40784 Provide the missing LIBUSB_LOG_LEVEL_* for older libusb or FreeBSD. Providing just the needed value as a defined.
Signed-off-by: Chris Johns <chrisj@rtems.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-11-11 08:48:16 +01:00
Alexander Graf
aecc88616a linux-user: Fix up timer id handling
When creating a timer handle, we give the timer id a special magic offset
of 0xcafe0000. However, we never mask that offset out of the timer id before
we start using it to dereference our timer array. So we always end up aborting
timer operations because the timer id is out of bounds.

This was not an issue before my patch e52a99f756 ("linux-user: Simplify
timerid checks on g_posix_timers range") because before we would blindly mask
anything above the first 16 bits.

This patch simplifies the code around timer id creation by introducing a proper
target_timer_id typedef that is s32, just like Linux has it. It also changes the
magic offset to a value that makes all timer ids be positive.

Reported-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-11-11 08:13:09 +02:00
Tom Musta
ccf661f827 linux-user: Do not subtract offset from end address
When computing the upper address of a program segment, do not subtract the
offset from the virtual address; instead compute the sum of the virtual address
and the memory size.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-11-11 08:12:45 +02:00
Chen Gang
c21fd2c79e pc-bios: petalogix-s3adsp1800.dtb: Use 'xlnx, xps-ethernetlite-2.00.a' instead of 'xlnx, xps-ethernetlite-2.00.b'
For Linux upstream kernel (e.g. 3.17-rc7), the related compatible string
'xlnx,xps-ethernetlite-2.00.a' is supported, but 'b' is not supported,
so change qemu dtb file to match kernel driver.

The related operation for qemu (after this patch):

   yum install libvirt
   yum install tunctl
   tunctl -b
   ip link set tap0 up
   brctl addif virbr0 tap0

   ./configure
   make
   ./microblaze-softmmu/qemu-system-microblaze -M petalogix-s3adsp1800 \
     -kernel ../linux-stable.microblaze/arch/microblaze/boot/linux.bin \
     -no-reboot -append "console=ttyUL0,115200 doreboot" -nographic \
     -net nic,vlan=0,model=xlnx.xps-ethernetlite,macaddr=00:16:35:AF:94:00 \
     -net tap,vlan=0,ifname=tap0,script=no,downscript=no

   in microblaze qemu bash (guest machine):

     ifconfig eth0 add 192.168.122.2 netmask 255.255.255.0
     ifconfig eth0 up

   Then can telnet 192.168.122.2 directly without password from the host
   machine.

The related operation for generating new dtb:

   building Linux kernel firstly, then get dts tool "./scripts/dts/dts".
   "./scripts/dtc/dtc -I dtb -O dts  -o ../work.dts ../qemu/petalogix-s3adsp1800.dtb"
   edit work.dts (replace 'xlnx,xps-ethernetlite-2.00.b')
   "./scripts/dtc/dtc -I dts -O dtb  -o ..qemu/petalogix-s3adsp1800.dtb ../work.dts"

(Since I am not quite sure whether can read this patch or not, I put the
related dtb file in attachment, please check, thanks).

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-11 09:04:13 +03:00
Martin Simmons
f17b069010 gdbstub: Add a missing case of signal number translation in gdbstub
While using qemu with gdb "target remote" to debug an application that uses
fork and exec, the qemu process receives SIGSTOP every time the forked process
terminates (sending SIGCHLD).

This is caused by a missing call to gdb_signal_to_target in gdbstub.c, which
is fixed by this patch:

Signed-off-by: Martin Simmons <martin@lispworks.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-11 08:58:30 +03:00
zhanghailiang
5b009e4008 numa: make 'info numa' take into account hotplugged memory
When do memory hotplug, if there is numa node, we should add
the memory size to the corresponding node memory size.

It affects the result of hmp command "info numa".

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-11 08:50:58 +03:00
Peter Wu
7912d04be6 slirp/smbd: modify/set several parameters in generated smbd.conf
The file sharing module should not handle printers, so disable it.
The options 'load printers' and 'printing' have been available since the
beginning (May 1996, commit 0e8fd3398771da2f016d72830179507f3edda51b).
Option 'disable spoolss' is available since Samba 2.0.4, commit
de5f42c9d9172592779fa2504d44544e3b6b1c0d).

Next, "socket address" was reported as deprecated, use a combination of
"interfaces" and "bind interfaces only" instead (available since October
1997, commit 79f4fb52c1ed56fd843f81b4eb0cdd2991d4d0f4).

Override cache directory to avoid writing to a global directory. Option
available since Samba 3.4.0, Jan 2009, commit
19a05bf2f485023b11b41dfae3f6459847d55ef7.

Set "usershare max shared=0" to prevent a global directory from being
used. Option available since Samba 3.0.23, February 2006, commit
5831715049f2d460ce42299963a5defdc160891b.

The last option was introduced with Samba 3.4.0, but previously
"state directory" was already added which exists in Samba 3.4.0. As
unknown parameters are ignored (while printing a warning), it should be
safe to add another option.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-11 08:49:16 +03:00
Peter Maydell
9df98352b7 Merge remote-tracking branch 'remotes/xtensa/tags/20141110-xtensa' into staging
Xtensa fixes for 2.2:
- fix entry opcode register window checking and add unit test.

# gpg: Signature made Mon 10 Nov 2014 15:01:47 GMT using RSA key ID F83FA044
# gpg: Good signature from "Max Filippov <max.filippov@cogentembedded.com>"
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>"

* remotes/xtensa/tags/20141110-xtensa:
  target-xtensa: add entry overflow test
  target-xtensa: add missing window check for entry

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-10 20:50:37 +00:00
Peter Maydell
558c2c8ddf Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches

# gpg: Signature made Mon 10 Nov 2014 09:42:07 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  block/vdi: Limit maximum size even futher
  qapi: Complete BlkdebugEvent
  iotests: Add test for non-existing backing file
  block: Propagate error in bdrv_img_create()
  qemu-img: Omit error_report() after img_open()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-10 16:28:51 +00:00
Max Filippov
09c7fbef76 target-xtensa: add entry overflow test
Check that entry instruction raises window overflow exception when
PS.CALLINC points to live registers.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2014-11-10 17:59:13 +03:00
Max Filippov
1b3e71f8ee target-xtensa: add missing window check for entry
Entry opcode needs to check if moving to new register frame would cause
register window overflow. Entry used in function prologue never
overflows because preceding windowed call* opcode writes return address
to the target register window frame, causing overflow exceptions at the
point of call. But when a sequence of entry opcodes is used for register
window spilling there may not be a call or other opcode that would cause
window check between entries and they would not raise overflow exception
themselves resulting in data corruption.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2014-11-10 17:59:13 +03:00
Peter Maydell
7a8dda7e5d Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20141105' into staging
Several bugfixes for s390x:
- instruction decoding and sparse warning in kvm
- overlong input and hangs in the sclp consoles

# gpg: Signature made Wed 05 Nov 2014 15:42:14 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"

* remotes/cohuck/tags/s390x-20141105:
  s390x/sclpconsole: Avoid hanging SCLP ASCII console
  s390x/sclpconsole-lm: Fix hanging SCLP line mode console
  s390x/sclpconsole-lm: truncate input if line is too long
  s390x/kvm: Fix warning from sparse
  s390x/kvm: Fix opcode decoding for eb instruction handler

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-10 14:58:59 +00:00
Peter Maydell
2d9177588b Merge remote-tracking branch 'remotes/lalrae/tags/mips-20141107' into staging
* remotes/lalrae/tags/mips-20141107:
  target-mips: fix multiple TCG registers covering same data
  mips: Ensure PC update with MTC0 single-stepping
  target-mips: fix for missing delay slot in BC1EQZ and BC1NEZ
  mips: Set the CP0.Config3.DSP and CP0.Config3.DSP2P bits
  mips: Add macros for CP0.Config3 and CP0.Config4 bits
  mips: Respect CP0.Status.CU1 for microMIPS FP branches
  mips: Remove CONFIG_VT82C686 from non-Fulong configs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-10 13:56:47 +00:00
Paolo Bonzini
25aaa2c568 esp: fix coding standards
Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-10 13:58:14 +01:00
Peter Maydell
7b4b7c5fc7 Merge remote-tracking branch 'remotes/amit/tags/vser-2.2.0-queue-2' into staging
Fixes a crash when a virtio-serial port is added without a name to it.

# gpg: Signature made Fri 07 Nov 2014 04:58:05 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit/tags/vser-2.2.0-queue-2:
  virtio-serial: avoid crash when port has no name

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-10 11:58:39 +00:00
Kevin Wolf
ea3beed41d Merge remote-tracking branch 'mreitz/block' into queue-block
* mreitz/block:
  block/vdi: Limit maximum size even futher
2014-11-10 10:41:34 +01:00
Max Reitz
d20418ee51 block/vdi: Limit maximum size even futher
The block layer read and write functions do not like requests which are
bigger than INT_MAX bytes. Since the VDI bmap is read and written in a
single operation, its size is therefore limited accordingly. This
reduces the maximum VDI image size supported by QEMU to half of what it
currently is (down to approximately 512 TB).

The VDI test 084 has to be adapted accordingly. Actually, one could
clearly see that it was broken from the "Could not open
'TEST_DIR/t.IMGFMT': Invalid argument" line for an image which was
supposed to work just fine.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Lieven <pl@kamp.de>
2014-11-09 23:39:50 +01:00
Max Reitz
d21de4d97f qapi: Complete BlkdebugEvent
Several events were missing from the QAPI enum, add them.

Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-07 17:38:18 +01:00
Paolo Bonzini
55783a5521 virtio-scsi: work around bug in old BIOSes
Old BIOSes left some padding by mistake after the req_size/resp_size.
New QEMU does not like it, thinking it is a bidirectional command.

As a workaround, we can check if the ANY_LAYOUT bit is set; if not, we
always consider the first buffer as the virtio-scsi request/response,
because, back when QEMU did not support ANY_LAYOUT, it expected the
payload to start at the second element of the iovec.

This can show up during migration.

Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-07 16:09:57 +01:00
Yongbok Kim
cb269f273f target-mips: fix multiple TCG registers covering same data
Avoid to allocate different TCG registers for the FPU registers
that are mapped on the MSA vectore registers.

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-07 14:15:28 +00:00
Maciej W. Rozycki
342368aff7 mips: Ensure PC update with MTC0 single-stepping
Correct the way PC is updated when single-stepping instructions, by
keeping the old PC only for the BS_EXCP (exception condition) state.

Some MTC0 (and possibly other) instructions switch to the BS_STOP state
to terminate the current translation block, so that the state transition
of the simulated CPU resulting from the CP0 operation takes effect with
the following instruction.  This happens with `mtc0 <reg>,c0_config' for
example, typically used to set KSEG0 cacheability.

While single-stepping this has a side-effect of not advancing the PC
past the instruction just executed; subsequent single-step traps will
stop at the same instruction repeatedly.  Example:

(gdb) stepi
0x80004d24 in _start ()
5: x/i $pc
=> 0x80004d24 <_start+364>:     mfc0    t1,c0_config
(gdb)
0x80004d28 in _start ()
5: x/i $pc
=> 0x80004d28 <_start+368>:     li      at,-8
(gdb)
0x80004d2c in _start ()
5: x/i $pc
=> 0x80004d2c <_start+372>:     and     t1,t1,at
(gdb)
0x80004d30 in _start ()
5: x/i $pc
=> 0x80004d30 <_start+376>:     ori     t1,t1,0x3
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)
0x80004d34 in _start ()
5: x/i $pc
=> 0x80004d34 <_start+380>:     mtc0    t1,c0_config
(gdb)

-- oops!

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-07 14:15:28 +00:00
Leon Alrae
854795753c target-mips: fix for missing delay slot in BC1EQZ and BC1NEZ
New R6 COP1 conditional branches currently don't have delay slot. Fixing this
by setting MIPS_HFLAG_BDS32 flag which is required for branches having 4-byte
delay slot.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-07 14:15:28 +00:00
Maciej W. Rozycki
e30614d517 mips: Set the CP0.Config3.DSP and CP0.Config3.DSP2P bits
Set the CP0.Config3.DSP2P bit for the 74kf processor and both that bit
and the CP0.Config3.DSP bit for the artificial mips32r5-generic and
mips64dspr2 processors.  They have the DSPr2 ASE enabled in `insn_flags'
and CPUs that implement that ASE need to have both CP0.Config3.DSP and
CP0.Config3.DSP2P set or software won't detect its presence.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
[leon.alrae@imgtec.com: remove DSP flags from mips32r5-generic]
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-07 14:15:28 +00:00
Maciej W. Rozycki
70409e6726 mips: Add macros for CP0.Config3 and CP0.Config4 bits
Define macros for CP0.Config3 and CP0.Config4 bits.  These used to be
exhaustive as at MIPS32r3, but more bits may have been added since.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-07 14:15:28 +00:00
Hannes Reinecke
c3543fb5fe esp-pci: fixup deadlock with linux
A linux guest will be issuing messages:

[   32.124042] DC390: Deadlock in DataIn_0: DMA aborted unfinished: 000000 bytes remain!!
[   32.126348] DC390: DataIn_0: DMA State: 0

and the HBA will fail to work properly.
Reason is the emulation is not setting the 'DMA transfer done'
status correctly.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-07 13:31:19 +01:00
Maciej W. Rozycki
272f458dc8 mips: Respect CP0.Status.CU1 for microMIPS FP branches
Make microMIPS FP branches respect CP0.Status.CU1 and trap with a
Coprocessor Unusable exception if COP1 has been disabled; also trap if
no FPU is present at all.

Standard MIPS FP instruction encodings have a more regular structure and
branches are covered with a single umbrella along other instructions.
This is not the case with the microMIPS encoding, this case has to be
taken care of explicitly here.  Code to do so has been copied from the
standard MIPS code handler for OPC_CP1, in `decode_opc'.

Problems arising from this bug will generally only show up on user
context switches in operating systems making use of lazy FP context
switches, such as Linux.  It will also more readily trigger if software
FPU emulation is used, either implicitly on a non-float CPU, or forced
on a hard-float CPU such as with the "nofpu" Linux kernel command line
argument.

The problem may have been easily missed because we have no hard-float
microMIPS CPU configuration present; in fact we have no microMIPS CPU
configuration of any kind present.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-07 11:16:16 +00:00
Maciej W. Rozycki
dff4021730 mips: Remove CONFIG_VT82C686 from non-Fulong configs
Fix the regression introduced with commit
47934d0aad [hw: move ISA bridges and
devices to hw/isa/, configure with default-configs/], by removing
CONFIG_VT82C686 from configurations that previously did not enable it.
That southbridge is only available on Fulong platforms (CONFIG_FULONG)
that are exclusively little-endian, 64-bit MIPS.  Previously vt82c686.o
was pulled explicitly with obj-$(CONFIG_FULONG).

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-07 11:15:49 +00:00
Marc-André Lureau
7eb7311427 virtio-serial: avoid crash when port has no name
It seems "name" is not mandatory, and the following command line (based
on one generated by current libvirt) will crash qemu at start:

qemu-system-x86_64 \
    -device virtio-serial-pci \
    -device virtserialport,name=foo \
    -device virtconsole

Program received signal SIGSEGV, Segmentation fault.
__strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:210
210        movlpd    (%rsi), %xmm2
Missing separate debuginfos, use: debuginfo-install
python-libs-2.7.5-13.fc20.x86_64
(gdb) bt
 #0  __strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:210
 #1  0x000055555566bdc6 in find_port_by_name (name=0x0) at /home/elmarco/src/qemu/hw/char/virtio-serial-bus.c:67

Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-11-07 10:27:11 +05:30
Max Reitz
c4d01535dc iotests: Add test for non-existing backing file
Test the error message when a COW file is about to be created which is
supposed to inherit the size of its backing file, while the backing file
given does not actually exist.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-06 12:45:47 +01:00
Max Reitz
e56934bece block: Propagate error in bdrv_img_create()
If the specified backing file could not be opened, do not generate a new
error message which contains the message which has been generated by
bdrv_open(), but just propagate the latter.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-06 12:45:47 +01:00
Max Reitz
cc4d3ee435 qemu-img: Omit error_report() after img_open()
img_open() already prints an error if the operation failed, so there
should not be another error_report() afterwards.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-06 12:45:47 +01:00
Heinz Graalfs
bb3e9e1fd7 s390x/sclpconsole: Avoid hanging SCLP ASCII console
Force recalculation of file descriptor sets for main loop's poll(),
in order to be able to readd a possibly removed input file descriptor
after can_read() returned 0 (zero).

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-11-05 16:35:56 +01:00
Heinz Graalfs
87f2eff016 s390x/sclpconsole-lm: Fix hanging SCLP line mode console
Trigger recalculating sets of file descriptors for the main loop's poll()
in order to make sure a possibly removed FD 0 from the poll() file
descriptor array is re-added. FD 0 is removed from the decriptor array
when the console's can_read() callback returns 0.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-11-05 16:35:56 +01:00
Heinz Graalfs
b3191432cf s390x/sclpconsole-lm: truncate input if line is too long
As the SCLP line mode console input length is limited by the available
SCCB buffer space, it might lock up if the input does not fit into the
buffer.

With this patch, characters that don't fit are 'eaten' up to the next
CR/LF and the input line is sent truncated to the guest.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-11-05 16:35:55 +01:00
Thomas Huth
f0d4dc18ce s390x/kvm: Fix warning from sparse
When running "sparse" with the s390x kvm.c code, it complains that
"constant 0x00400f1d40330000 is so big it is long" - let's fix this
by appending a proper suffix.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-11-05 16:35:55 +01:00
Frank Blaschka
80765f0734 s390x/kvm: Fix opcode decoding for eb instruction handler
The second byte of the opcode is encoded in the lowest byte of the ipb
field, not the lowest byte of the ipa field.

Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
2014-11-05 16:35:55 +01:00
Peter Maydell
6e76d125f2 Update version for v2.2.0-rc0 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-05 15:21:04 +00:00
Peter Maydell
3752ac8932 Merge remote-tracking branch 'remotes/agraf/tags/signed-s390-for-upstream' into staging
Patch queue for s390 - 2014-11-05

Two simple bug fixes to enable slightly newer guest kernels
and preliminary -M s390-ccw support for TCG (virtio doesn't work yet!)

# gpg: Signature made Wed 05 Nov 2014 11:01:55 GMT using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg:                 aka "Alexander Graf <alex@csgraf.de>"

* remotes/agraf/tags/signed-s390-for-upstream:
  s390x: Implement SAM{24,31,64}
  s390x: Fix sclp console input

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-05 14:14:47 +00:00
Gonglei
30de46db50 vhost-user-test: Fix 'make check' broken on glib < 2.26
After commit 89b516d8, some logics is turbid and
breaks 'make check' as below errors:
tests/vhost-user-test.c: In function '_cond_wait_until':
tests/vhost-user-test.c:154: error: 'G_TIME_SPAN_SECOND' undeclared (first use in this function)
tests/vhost-user-test.c:154: error: (Each undeclared identifier is reported only once
tests/vhost-user-test.c:154: error: for each function it appears in.)
tests/vhost-user-test.c: In function 'read_guest_mem':
tests/vhost-user-test.c:192: warning: implicit declaration of function 'g_get_monotonic_time'
tests/vhost-user-test.c:192: warning: nested extern declaration of 'g_get_monotonic_time'
tests/vhost-user-test.c:192: error: 'G_TIME_SPAN_SECOND' undeclared (first use in this function)
make: *** [tests/vhost-user-test.o] Error 1

First, vhost-usr-test.c rely on glib-compat.h because
of using G_TIME_SPAN_SECOND [glib < 2.26] and g_get_monotonic_time(),
but vhost-usr-test.c defined QEMU_GLIB_COMPAT_H, which make
glib-compat.h will not be included.
Second, if we remove QEMU_GLIB_COMPAT_H definability in
vhost-usr-test.c, then we will get below warnings:

tests/vhost-user-test.c: In function 'read_guest_mem':
tests/vhost-user-test.c:190: warning: passing argument 1 of 'g_mutex_lock' from incompatible pointer type
tests/vhost-user-test.c:234: warning: passing argument 1 of 'g_mutex_unlock' from incompatible pointer type

That's because glib-compat.h redefine the g_mutex_lock/unlock
function. Those functions' arguments is CompatGMutex/CompatGCond,
but vhost-user-test.c is using GMutex/GCond, which cause the type
is not consistent.

We can rerealize those functions of vhost-user-test.c,
which need a lots of patches. Let's simply address it, and
leave this file alone.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-id: 1415149259-6188-1-git-send-email-arei.gonglei@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-05 12:53:08 +00:00
Alexander Graf
44dd33ba8f s390x: Implement SAM{24,31,64}
The SAM instructions simply change 2 bits in PSW.MASK to advertise
the current memory mode. While we can't fully guarantee that 31 bit
mode (or even remotely 24 bit mode) actually work correctly, we don't
check whether lpswe modifies these bits, so we shouldn't keep the
guest from executing SAM instructions either.

This patch implements all SAM instrutions with their actual PSW changing
semantics, making more recent Linux kernels boot properly which do issue
a SAM31 call during early boot.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-11-05 12:01:28 +01:00
Alexander Graf
d4827355f6 s390x: Fix sclp console input
When injecting an sclp console interrupt into the guest, we increase
the PC by 4 for some reason. I have no idea why I put that code there,
but it's clearly wrong. Remove the increment.

This patch fixes sclp serial input for the ccw machine.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2014-11-05 12:01:28 +01:00
Gonglei
63c693f8d0 qemu-doc.texi: fix typos in x509 examples
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-05 09:53:18 +03:00
Peter Maydell
c8d943303d Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging
Patch queue for ppc - 2014-11-04

Fun things for 2.2:

  - e500 virt machine: power off support (needs 3.19 guests)
  - e500 virt machine: -device eTSEC support
  - new framework to allow dynamic spawning of sysbus devices
  - spapr: enable migration of nvram
  - new 440x5wDFPU cpu type
  - Altivec and other random fixes

# gpg: Signature made Tue 04 Nov 2014 22:26:39 GMT using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg:                 aka "Alexander Graf <alex@csgraf.de>"

* remotes/agraf/tags/signed-ppc-for-upstream: (34 commits)
  spapr: Allow dynamic creation of PHB
  target-ppc: Fix Altivec Round Opcodes
  target-ppc: Fix vcmpbfp. Unordered Case
  target-ppc: Fix Altivec Shifts
  target-ppc: simplify AES emulation
  e500: Add support for eTSEC in device tree
  PPC: e500: Support dynamically spawned sysbus devices
  sysbus: Add new platform bus helper device
  sysbus: Expose MMIO enumeration helper
  sysbus: Expose IRQ enumeration helpers
  sysbus: Make devices spawnable via -device
  sysbus: Add dynamic sysbus device search
  hw/ppc/spapr_pci.c: Avoid functions not in glib 2.12 (g_hash_table_iter_*)
  ppc: do not look at the MMU index to detect PR/HV mode
  target-ppc: kvm: Fix memory overflow issue about strncat()
  spapr_nvram: Enable migration
  PPC: E500: Hook up power off GPIO to GPIO controller
  PPC: E500: Instantiate MPC8XXX gpio controller on virt machine
  PPC: Add MPC8XXX gpio controller
  target-ppc: Fix an invalid free in opcode table handling code.
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-04 22:27:23 +00:00
Alexander Graf
9e3f973335 spapr: Allow dynamic creation of PHB
Now that we finally check for presence of dangling sysbus devices, make check
started complaining that the sPAPR PHB is one such device.

However, it really isn't. The spapr PHB is not really a traditional sysbus
device, but much more a special spapr pv device which is already able to get
created dynamically.

Move spapr to its own dynamic sysbus check handling and allow PHB devices to
get allocated dynamically.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:15 +01:00
Tom Musta
abe60a439b target-ppc: Fix Altivec Round Opcodes
Correct the opcodes for the vrfim, vrfin and vrfiz instructions.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:15 +01:00
Tom Musta
4007b8de6e target-ppc: Fix vcmpbfp. Unordered Case
Fix the implementation of Vector Compare Bounds Single Precision.
Specifically, fix the case where the operands are unordered -- since
the result is non-zero, the CR[6] field should be set to zero.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:15 +01:00
Tom Musta
24e669ba53 target-ppc: Fix Altivec Shifts
Fix the implementation of the Altivec shift left and shift right
instructions (vsl, vsr) which erroneously inverts shift direction
on big endian hosts.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:15 +01:00
Aurelien Jarno
36cbde7c30 target-ppc: simplify AES emulation
This patch simplifies the AES code, by directly accessing the newly added
S-Box, InvS-Box tables instead of recreating them by using the AES_Te and
AES_Td tables.

Cc: Alexander Graf <agraf@suse.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:15 +01:00
Alexander Graf
fdfb7f2cdb e500: Add support for eTSEC in device tree
This patch adds support to expose eTSEC devices in the dynamically created
guest facing device tree. This allows us to expose eTSEC devices into guests
without changes in the machine file.

Because we can now tell the guest about eTSEC devices this patch allows the
user to specify eTSEC devices via -device at all.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:15 +01:00
Alexander Graf
f70873438d PPC: e500: Support dynamically spawned sysbus devices
For e500 our approach to supporting dynamically spawned sysbus devices is to
create a simple bus from the guest's point of view within which we map those
devices dynamically.

We allocate memory regions always within the "platform" hole in address
space and map IRQs to predetermined IRQ lines that are reserved for platform
device usage.

This maps really nicely into device tree logic, so we can just tell the
guest about our virtual simple bus in device tree as well.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:14 +01:00
Alexander Graf
7634fe3c27 sysbus: Add new platform bus helper device
We need to support spawning of sysbus devices dynamically via the command line.
The easiest way to represent these dynamically spawned devices in the guest's
memory and IRQ layout is by preallocating some space for dynamic sysbus devices.

This is what the "platform bus" device does. It is a sysbus device that exports
a configurably sized MMIO region and a configurable number of IRQ lines. When
this device encounters sysbus devices that have been dynamically created and not
manually wired up, it dynamically connects them to its own pool of resources.

The machine model can then loop through all of these devices and create a guest
configuration (device tree) to make them visible to the guest.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:14 +01:00
Alexander Graf
471a9bc144 sysbus: Expose MMIO enumeration helper
Sysbus devices have a range of MMIO regions they expose. The exact number
of regions is device specific and internal information to the device model.

Expose whether a region exists via a public interface. That way our platform
bus enumeration code can dynamically determine how many regions exist.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:14 +01:00
Alexander Graf
b797318666 sysbus: Expose IRQ enumeration helpers
Sysbus devices can get their IRQ lines connected to other devices. It is
possible to figure out which IRQ line a connection is on and whether a sysbus
device even provides an IRQ connector at a specific offset.

This patch exposes helpers to make this information publicly accessible. We
will need it for the platform bus dynamic sysbus enumeration.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:14 +01:00
Alexander Graf
33cd52b5d7 sysbus: Make devices spawnable via -device
Now that we can properly map sysbus devices that haven't been connected to
something forcefully by C code, we can allow the -device command line option
to spawn them.

For machines that don't implement dynamic sysbus assignment in their board
files we add a new bool "has_dynamic_sysbus" to the machine class.
When that property is false (default), we bail out when we see dynamically
spawned sysbus devices, like we did before.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:14 +01:00
Alexander Graf
eb5722801c sysbus: Add dynamic sysbus device search
Sysbus devices can be spawned by C code or dynamically via the command line.
In the latter case, we need to be able to find the dynamically created devices
to do things with them.

This patch adds a search helper that makes it easy to look for dynamically
spawned sysbus devices.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:14 +01:00
Peter Maydell
f8833a37c0 hw/ppc/spapr_pci.c: Avoid functions not in glib 2.12 (g_hash_table_iter_*)
The g_hash_table_iter_* functions for iterating through a hash table
are not present in glib 2.12, which is our current minimum requirement.
Rewrite the code to use g_hash_table_foreach() instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:13 +01:00
Paolo Bonzini
c47493f24f ppc: do not look at the MMU index to detect PR/HV mode
The MMU index is an internal detail that should not be needed by the
translator (except to generate loads and stores).  Look at the MSR
directly.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:13 +01:00
Chen Gang
cc64b1a194 target-ppc: kvm: Fix memory overflow issue about strncat()
strncat() will append additional '\0' to destination buffer, so need
additional 1 byte for it, or may cause memory overflow, just like other
area within QEMU have done.

And can use g_strdup_printf() instead of strncat(), which may be more
easier understanding.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:13 +01:00
Alexey Kardashevskiy
f58aa48314 spapr_nvram: Enable migration
The only case when sPAPR NVRAM migrates now is if is backed by a file and
copy-storage migration is performed. In other cases NVRAM does not
migrate regardless whether it is backed by a file or not.

This enables shadow copy of NVRAM in RAM which is read from a file
(if used) and used for reads. Writes to NVRAM are mirrored to the file.

This defines a VMSTATE descriptor for NVRAM device so the memory copy
of NVRAM can migrate and be flushed to a backing file on the destination
if one is specified.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:13 +01:00
Alexander Graf
016f775898 PPC: E500: Hook up power off GPIO to GPIO controller
Now that we have a working GPIO controller on the virt machine, we can use
one pin to notify QEMU that the guests wants to power off the system.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:13 +01:00
Alexander Graf
b88e77f493 PPC: E500: Instantiate MPC8XXX gpio controller on virt machine
With the e500 virt machine, we don't have to adhere to the exact hardware
layout of an mpc8544ds board. So there we can just add a qoriq compatible
GPIO controller into the system that we can add a power off hook to.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:12 +01:00
Alexander Graf
228aa992fc PPC: Add MPC8XXX gpio controller
On e500 systems most SoCs implement a common GPIO controller that Linux
calls the "mpc8xxx" gpio controller. This patch adds an emulation model
for this device.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:12 +01:00
Bharata B Rao
81f194dd69 target-ppc: Fix an invalid free in opcode table handling code.
Opcode table has direct, indirect and double indirect handlers, but
ppc_cpu_unrealizefn() frees direct handlers which are never allocated
and never frees double indirect handlers.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:12 +01:00
Bharata B Rao
54ff58bb10 target-ppc: Use macros in opcodes table handling code
Define and use macros instead of direct numbers wherever
possible in ppc opcodes table handling code.

This doesn't change any code functionality.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:12 +01:00
Peter Maydell
bf362e9610 hw/pci/ppc4xx_pci.c: Remove unused pci4xx_cfgaddr_read/write/ops
The MemoryRegionOps struct pci4xx_cfgaddr_ops and the read and
write functions it references are all unused; remove them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:12 +01:00
Pierre Mallard
b8c867ed09 target-ppc : Add new processor type 440x5wDFPU
This patch add a new processor type 440x5wDFPU for Virtex 5 PPC440
with an external APU FPU in double precision mode

Signed-off-by: Pierre Mallard <mallard.pierre@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:12 +01:00
Pierre Mallard
4171853cf4 target-ppc : Allow fc[tf]id[*] mnemonics for non TARGET_PPC64
This patch remove limitation for fc[tf]id[*] on 32 bits targets and
add a new insn flag for signed integer 64 conversion PPC2_FP_CVT_S64

Signed-off-by: Pierre Mallard <mallard.pierre@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:11 +01:00
Alexander Graf
9ac58dc59a PPC: openpic_kvm: Only map first occurence in address space
The in-kernel OpenPIC emulation only supports a single map. However, we
map the OpenPIC at 2 locations: The CPU visible one and the PCI visible
one. For KVM acceleration, we only care about the first one.

To make sure that we only map that first mapping and not the PCI map that
happens dynamically later during bootup, ignore maps that happen when
we are already considering ourselves mapped.

Credits due are to Bogdan and Mihai for debugging this.

Reported-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Reported-by: Mihai Caraman <mihai.caraman@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:11 +01:00
David Gibson
4aee73623d spapr: Cleanup machine naming conventions, and prepare for 2.2 release
As of qemu-2.1, spapr/pseries, has a set of versioned machine classes to
represent the machine type as it appeared to the guest in different qemu
versions.  This allows for safe migration of guests between current and
future qemu versions.

However, these are organized a bit differently from those for PC: on PC,
the default plain "pc" machine type is just an alias for the most recent
versioned machine type.  In sPAPR, it names the base machine class from
which the versioned types are derived.

The PC approach is preferable; it makes it clearer which explicit version
is the current one.  Additionally updating the "current" machine as the
base class makes it even more likely than otherwise to incorrectly alter
the versioned machines' behaviour when updating the current machine.

Therefore this patch changes sPAPR to the PC approach - the base class
becomes abstract, and plain "pseries" becomes an alias for the most
recent versioned machine class.  Since qemu-2.1 is now released, we also
create a new pseries-2.2 machine type, to incorporate changes during this
development cycle (for now it is identical to pseries-2.1).

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:11 +01:00
David Gibson
0691e8ebce target-ppc: virtex-ml507 machine type should depend on CONFIG_XILINX
The virtex-ml507 is a Xilinx CPU based system, and requires several sub
devices which are only included with CONFIG_XILINX.  Therefore, it should
only be compiled if CONFIG_XILINX is set.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:11 +01:00
Tom Musta
8412d11276 target-ppc: Implement IVOR[59] By Default for Book E
Adjust the IVOR mask for generic Book E implementation to support bit 59.
This is consistent with the Power ISA.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Reported-by: Pierre Mallard <mallard.pierre@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:11 +01:00
Alexey Kardashevskiy
0b6ff57640 target-ppc: Fix kvmppc_set_compat to use negotiated cpu-version
By mistake, QEMU uses the maximum compatibility level from the command
line instead of the value negotiated in client-architecture-support call.

This replaces @max_compat with @cpu_version. This only affects guests
which do not support the host CPU.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:10 +01:00
Paolo Bonzini
8f9fb7ac49 ppc: compute mask from BI using right shift
This will match the code we use in fpu_helper.c when we flip
CRF_* bit-endianness.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:10 +01:00
Paolo Bonzini
e57d02022c ppc: rename gen_set_cr6_from_fpscr
It sets CR1, not CR6 (and the spec agrees).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:10 +01:00
Paolo Bonzini
ebbd8b40a9 ppc: fix result of DLMZB when no zero bytes are found
It must return 8 and place 8 in XER, but the current code uses
i directly which is 9 at this point of the code.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:10 +01:00
Paolo Bonzini
72189ea41d ppc: use CRF_* in int_helper.c
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:10 +01:00
Paolo Bonzini
d298118060 ppc: fix monitor access to CR
This was off-by-one.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-04 23:26:10 +01:00
Peter Maydell
d5b4dc3b50 Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
QOM infrastructure fixes and device conversions

* Fixes for -device foo,help

# gpg: Signature made Tue 04 Nov 2014 17:27:41 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-peter:
  qdev: Use qdev_get_device_class() for -device <type>,help
  qdev: Move error printing to the end of qdev_device_help()
  qdev: Create qdev_get_device_class() function

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-04 17:33:34 +00:00
Eduardo Habkost
31bed5509d qdev: Use qdev_get_device_class() for -device <type>,help
Make sure we try to list properties from classes that can be safely used
with "-device".

Fixes the following crashes:

  $ qemu-system-x86_64 -device x86_64-cpu,help
  **
  ERROR:qom/object.c:336:object_initialize_with_type: assertion failed: (type->abstract == false)
  Aborted (core dumped)
  $ qemu-system-x86_64 -device host-x86_64-cpu,help
  qemu-system-x86_64: [...]/target-i386/cpu.c:1329: host_x86_cpu_initfn: Assertion `(kvm_allowed)' failed.
  Aborted (core dumped)

After applying this patch:

  $ qemu-system-x86_64 -device x86_64-cpu,help
  Parameter 'driver' expects non-abstract device type
  $ qemu-system-x86_64 -device host-x86_64-cpu,help
  Parameter 'driver' expects pluggable device type

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-11-04 17:50:00 +01:00
Eduardo Habkost
5185f0e0a6 qdev: Move error printing to the end of qdev_device_help()
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-11-04 17:50:00 +01:00
Eduardo Habkost
43c95d782d qdev: Create qdev_get_device_class() function
Extract the DeviceClass lookup from qdev_device_add() to a separate
function.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-11-04 17:50:00 +01:00
Peter Maydell
2bb41e5d30 Merge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-peter' into staging
QOM CPUState and X86CPU

* Cleanups for -cpu ...,enforce

* remotes/afaerber/tags/qom-cpu-for-peter:
  target-i386: Disable SVM by default in KVM mode
  target-i386: Don't enable nested VMX by default
  target-i386: Remove unsupported bits from all CPU models
  target-i386: Disable CPUID_ACPI by default in KVM mode
  target-i386: Rename KVM auto-feature-enable compat function
  pc: Create pc_compat_2_1() functions

Conflicts:
	hw/i386/pc_piix.c
	hw/i386/pc_q35.c
[PMM: Fixed minor textual conflicts]

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-04 15:56:26 +00:00
Peter Maydell
1bc8dae31b Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-20141104-2' into staging
gtk: fix fullscreen with gtk3, fix build with older gtk2 versions.

# gpg: Signature made Tue 04 Nov 2014 13:42:09 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-gtk-20141104-2:
  gtk: add GDK_KEY_pause #define
  gtk: Hide the menubar when in fullscreen mode (lp 1294898)
  gtk: Install vc accelerators on parent window
  gtk: Install fullscreen accelerator on toplevel window
  gtk: Grab accel_group from GtkDisplayState

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-04 15:00:17 +00:00
Eduardo Habkost
75d373ef97 target-i386: Disable SVM by default in KVM mode
Make SVM be disabled by default on all CPU models when in KVM mode.
Nested SVM is enabled by default in the KVM kernel module, but it is
probably less stable than nested VMX (which is already disabled by
default).

Add a new compat function, x86_cpu_compat_kvm_no_autodisable(), to keep
compatibility on previous machine-types.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-11-04 15:49:05 +01:00
Eduardo Habkost
e93abc147f target-i386: Don't enable nested VMX by default
TCG doesn't support VMX, and nested VMX is not enabled by default in the
KVM kernel module.

So, there's no reason to have VMX enabled by default on the core2duo and
coreduo CPU models, today. Even the newer Intel CPU model definitions
don't have it enabled.

In this case, we need machine-type compat code, as people may be running
the older machine-types on hosts that had VMX nesting enabled.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-11-04 15:48:47 +01:00
Eduardo Habkost
b9fc20bccf target-i386: Remove unsupported bits from all CPU models
The following CPU features were never supported by neither TCG or KVM,
so they are useless on the CPU model definitions, today:

 * CPUID_DTS (DS)
 * CPUID_HT
 * CPUID_TM
 * CPUID_PBE
 * CPUID_EXT_DTES64
 * CPUID_EXT_DSCPL
 * CPUID_EXT_EST
 * CPUID_EXT_TM2
 * CPUID_EXT_XTPR
 * CPUID_EXT_PDCM
 * CPUID_SVM_LBRV

As using "enforce" mode is the only way to ensure guest ABI doesn't
change when moving to a different host, we should make "enforce" mode
the default or at least encourage management software to always use it.

In turn, to make "enforce" usable, we need CPU models that work without
always requiring some features to be explicitly disabled. This patch
removes the above features from all CPU model definitions.

We won't need any machine-type compat code for those changes, because it
is impossible to have existing VMs with those features enabled.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-11-04 15:42:39 +01:00
Eduardo Habkost
864867b91b target-i386: Disable CPUID_ACPI by default in KVM mode
KVM never supported the CPUID_ACPI flag, so it doesn't make sense to
have it enabled by default when KVM is enabled.

The motivation here is exactly the same we had for the MONITOR flag
(disabled by commit 136a7e9a85).

And like in the MONITOR flag case, we don't need machine-type compat code
because it is currently impossible to run a KVM VM with the ACPI flag set.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-11-04 15:35:47 +01:00
Peter Maydell
45da08fa8a Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20141104' into staging
target-arm queue:
 * avoid passing CPU env pointer around in A32/T32 decoders
 * split M profile exception masking out from A/R profile

# gpg: Signature made Tue 04 Nov 2014 12:28:15 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20141104:
  target-arm: Correct condition for taking VIRQ and VFIQ
  target-arm: Separate out M profile cpu_exec_interrupt handling
  target-arm/translate.c: Don't pass CPUARMState * to disas_arm_insn()
  target-arm/translate.c: Don't pass CPUARMState around in the decoder
  target-arm/translate.c: Don't use IS_M()
  target-arm/translate.c: Use arm_dc_feature() rather than arm_feature()
  target-arm/translate.c: Use arm_dc_feature() in ENABLE_ARCH_ macros

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-04 13:35:04 +00:00
Peter Maydell
6943109011 Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging
Update OpenBIOS images

# gpg: Signature made Tue 04 Nov 2014 00:24:41 GMT using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"

* remotes/mcayland/tags/qemu-openbios-signed:
  Update OpenBIOS images

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-04 12:35:08 +00:00
Peter Maydell
9fae24f554 target-arm: Correct condition for taking VIRQ and VFIQ
The VIRQ and VFIQ exceptions are (as the comments say) only
taken if the CPU is in Non-secure state and the IMO/FMO bits
are set to enable virtualized interrupts. Correct the code
to actually implement this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1414684132-23971-3-git-send-email-peter.maydell@linaro.org
2014-11-04 12:05:23 +00:00
Peter Maydell
b5c633c5bd target-arm: Separate out M profile cpu_exec_interrupt handling
The M profile cpu_exec_interrupt handling is fairly simple
but does include an M profile specific oddity (disabling
interrupts for certain PC values). A/R profile handling
on the other hand is getting rapidly more complicated
with the support for EL2 and EL3. Split the M profile
code out into its own implementation of cpu_exec_interrupt
to keep these two things out of each others' way.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1414684132-23971-2-git-send-email-peter.maydell@linaro.org
2014-11-04 12:05:23 +00:00
Peter Maydell
f4df22102a target-arm/translate.c: Don't pass CPUARMState * to disas_arm_insn()
Refactor to avoid passing a CPUARMState * to disas_arm_insn(). To do this
we move the "read insn from memory" code to the callsite and pass the
insn to the function instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1414524244-20316-6-git-send-email-peter.maydell@linaro.org
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2014-11-04 12:05:11 +00:00
Peter Maydell
7dcc1f894d target-arm/translate.c: Don't pass CPUARMState around in the decoder
Passing the CPUARMState around in the decoder is a recipe for
bugs where we accidentally generate code that depends on CPU
state which isn't reflected in the TB flags. Stop doing this
and instead use DisasContext as a way to pass around those
bits of CPU state which are known to be safe to use.

This commit simply removes initial "CPUARMState *env" parameters
from various function definitions, and removes the initial "env"
argument from the places where those functions are called.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1414524244-20316-5-git-send-email-peter.maydell@linaro.org
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2014-11-04 12:05:06 +00:00
Peter Maydell
b53d8923a5 target-arm/translate.c: Don't use IS_M()
Instead of using IS_M(), use arm_dc_feature(s, ARM_FEATURE_M), so we
don't need to pass CPUARMState pointers around the decoder.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1414524244-20316-4-git-send-email-peter.maydell@linaro.org
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2014-11-04 12:05:03 +00:00
Peter Maydell
d614a51378 target-arm/translate.c: Use arm_dc_feature() rather than arm_feature()
Use arm_dc_feature() rather than arm_feature() to avoid using
CPUARMState unnecessarily.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1414524244-20316-3-git-send-email-peter.maydell@linaro.org
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2014-11-04 12:04:25 +00:00
Peter Maydell
2b51668fca target-arm/translate.c: Use arm_dc_feature() in ENABLE_ARCH_ macros
All the places where we use the ENABLE_ARCH_* and ARCH() macros have a
DisasContext* s, so switch them over to use arm_dc_feature() rather than
arm_feature() so we don't need to pass the CPUARMState* env around too.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1414524244-20316-2-git-send-email-peter.maydell@linaro.org
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2014-11-04 00:39:16 +00:00
Peter Maydell
d780615520 Merge remote-tracking branch 'remotes/lalrae/tags/mips-20141103' into staging
* remotes/lalrae/tags/mips-20141103: (34 commits)
  target-mips: add MSA support to mips32r5-generic
  disas/mips.c: disassemble MSA instructions
  target-mips: add MSA MI10 format instructions
  target-mips: add MSA 2RF format instructions
  target-mips: add MSA VEC/2R format instructions
  target-mips: add MSA 3RF format instructions
  target-mips: add MSA ELM format instructions
  target-mips: add MSA 3R format instructions
  target-mips: add MSA BIT format instructions
  target-mips: add MSA I5 format instruction
  target-mips: add MSA I8 format instructions
  target-mips: add MSA branch instructions
  target-mips: add msa_helper.c
  target-mips: add msa_reset(), global msa register
  target-mips: add MSA opcode enum
  target-mips: stop translation after ctc1
  target-mips: remove duplicated mips/ieee mapping function
  target-mips: add MSA exceptions
  target-mips: add MSA defines and data structure
  target-mips: enable features in MIPS64R6-generic CPU
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-04 00:17:45 +00:00
Mark Cave-Ayland
e3b561be48 Update OpenBIOS images
Update OpenBIOS images to SVN r1321 built from submodule.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-11-04 00:02:33 +00:00
Eduardo Habkost
1cadaa9482 target-i386: Rename KVM auto-feature-enable compat function
The x86_cpu_compat_disable_kvm_features() name was a bit confusing, as
it won't forcibly disable the feature for all CPU models (i.e. add it to
kvm_default_unset_features), but it will instead turn off the KVM
auto-enabling of the feature (i.e. remove it from kvm_default_features),
meaning the feature may still be enabled by default in some CPU models).

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-11-03 19:39:10 +01:00
Eduardo Habkost
179b9f40f2 pc: Create pc_compat_2_1() functions
We will need new compat code for the 2.1 machine-types.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-11-03 19:36:19 +01:00
Zhu Guihua
3a0614c6c7 icc_bus: fix typo ICC_BRIGDE -> ICC_BRIDGE
Rename ICC_BRIGDE for better readability.

Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-03 19:51:56 +03:00
Yongbok Kim
55a2201e79 target-mips: add MSA support to mips32r5-generic
add MSA support to mips32r5-generic core definition

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
ed8a933f97 disas/mips.c: disassemble MSA instructions
disassemble MIPS SIMD Architecture instructions

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
f7685877f5 target-mips: add MSA MI10 format instructions
add MSA MI10 format instructions
update LSA and DLSA for MSA

add 16, 64 bit load and store

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
3bdeb68866 target-mips: add MSA 2RF format instructions
add MSA 2RF format instructions

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
cbe50b9a8e target-mips: add MSA VEC/2R format instructions
add MSA VEC/2R format instructions

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
7d05b9c86f target-mips: add MSA 3RF format instructions
add MSA 3RF format instructions

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
1e608ec14e target-mips: add MSA ELM format instructions
add MSA ELM format instructions

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
28f99f08cf target-mips: add MSA 3R format instructions
add MSA 3R format instructions

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
d4cf28dec2 target-mips: add MSA BIT format instructions
add MSA BIT format instructions

Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
80e7159184 target-mips: add MSA I5 format instruction
add MSA I5 format instructions

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
4c7895465e target-mips: add MSA I8 format instructions
add MSA I8 format instructions

Reviewed-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
5692c6e1f8 target-mips: add MSA branch instructions
add MSA branch instructions

Reviewed-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
42daa9bed4 target-mips: add msa_helper.c
add msa_helper.c

Reviewed-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
863f264d10 target-mips: add msa_reset(), global msa register
add msa_reset() and global msa register (d type only)

Reviewed-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
239dfebe12 target-mips: add MSA opcode enum
add MSA opcode enum

Reviewed-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
4cf8a45f56 target-mips: stop translation after ctc1
stop translation as ctc1 instruction can change hflags

Reviewed-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
b7651e9521 target-mips: remove duplicated mips/ieee mapping function
Remove the duplicated ieee_rm in gdbstub.c.
Make the other ieee_rm and ieee_ex_to_mips available to other files.

Reviewed-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
b10ac20446 target-mips: add MSA exceptions
add MSA exceptions

Reviewed-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Yongbok Kim
e97a391d20 target-mips: add MSA defines and data structure
add defines and data structure for MIPS SIMD Architecture

Reviewed-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2014-11-03 11:48:35 +00:00
Leon Alrae
2d9e48bc04 target-mips: enable features in MIPS64R6-generic CPU
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:35 +00:00
Leon Alrae
f31b035a9f target-mips: correctly handle access to unimplemented CP0 register
Release 6 limits the number of cases where software can cause UNDEFINED or
UNPREDICTABLE behaviour. In this case, when accessing reserved / unimplemented
CP0 register, writes are ignored and reads return 0.

In pre-R6 the behaviour is not specified, but generating RI exception is not
what the real HW does.

Additionally, remove CP0 Random register as it became reserved in Release 6.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
ba801af429 target-mips: add restrictions for possible values in registers
In Release 6 not all the values are allowed to be written to a register.
If the value is not valid or unsupported then it should stay unchanged.

For pre-R6 the existing behaviour has been changed only for CP0_Index register
as the current implementation does not seem to be correct - it looks like it
tries to limit the input value but the limit is higher than the actual
number of tlb entries.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
a63eb0ce0f target-mips: CP0_Status.CU0 no longer allows the user to access CP0
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
339cd2a82a target-mips: implement forbidden slot
When conditional compact branch is encountered decode one more instruction in
current translation block - that will be forbidden slot. Instruction in
forbidden slot will be executed only if conditional compact branch is not taken.

Any control transfer instruction (CTI) which are branches, jumps, ERET,
DERET, WAIT and PAUSE will generate RI exception if executed in forbidden or
delay slot.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
faf1f68ba1 target-mips: add Config5.SBRI
SDBBP instruction Reserved Instruction control. The purpose of this field is
to restrict availability of SDBBP to kernel mode operation.

If the bit is set then SDBBP instruction can only be executed in kernel mode.
User execution of SDBBP will cause a Reserved Instruction exception.

Additionally add missing Config4 and Config5 cases for dm{f,t}c0.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
460c81f14a target-mips: update cpu_save/cpu_load to support new registers
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
aea14095ea target-mips: add BadInstr and BadInstrP support
BadInstr Register (CP0 Register 8, Select 1)
The BadInstr register is a read-only register that capture the most recent
instruction which caused an exception.

BadInstrP Register (CP0 Register 8, Select 2)
The BadInstrP register contains the prior branch instruction, when the
faulting instruction is in a branch delay slot.

Using error_code to indicate whether AdEL or TLBL was triggered during
instruction fetch, in this case BadInstr is not updated as valid instruction
word is not available.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
9456c2fbcd target-mips: add TLBINV support
For Standard TLB configuration (Config.MT=1):

TLBINV invalidates a set of TLB entries based on ASID. The virtual address is
ignored in the entry match. TLB entries which have their G bit set to 1 are not
modified.

TLBINVF causes all entries to be invalidated.

Single TLB entry can be marked as invalid on TLB entry write by having
EntryHi.EHINV set to 1.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
92ceb440d4 target-mips: add new Read-Inhibit and Execute-Inhibit exceptions
An Execute-Inhibit exception occurs when the virtual address of an instruction
fetch matches a TLB entry whose XI bit is set. This exception type can only
occur if the XI bit is implemented within the TLB and is enabled, this is
denoted by the PageGrain XIE bit.

An Read-Inhibit exception occurs when the virtual address of a memory load
reference matches a TLB entry whose RI bit is set. This exception type can
only occur if the RI bit is implemented within the TLB and is enabled, this is
denoted by the PageGrain RIE bit.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
7207c7f9d7 target-mips: update PageGrain and m{t,f}c0 EntryLo{0,1}
PageGrain needs rw bitmask which differs between MIPS architectures.
In pre-R6 if RIXI is supported, PageGrain.XIE and PageGrain.RIE are writeable,
whereas in R6 they are read-only 1.

On MIPS64 mtc0 instruction left shifts bits 31:30 for MIPS32 backward
compatiblity, therefore there are separate mtc0 and dmtc0 helpers.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
2fb58b7374 target-mips: add RI and XI fields to TLB entry
In Revision 3 of the architecture, the RI and XI bits were added to the TLB
to enable more secure access of memory pages. These bits (along with the Dirty
bit) allow the implementation of read-only, write-only, no-execute access
policies for mapped pages.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
9f6bcedba6 target-mips: distinguish between data load and instruction fetch
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
55e9409366 softmmu: provide softmmu access type enum
New MIPS features depend on the access type and enum is more convenient than
using the numbers directly.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
2014-11-03 11:48:34 +00:00
Leon Alrae
e98c0d179f target-mips: add KScratch registers
KScratch<n> Registers (CP0 Register 31, Selects 2 to 7)

The KScratch registers are read/write registers available for scratch pad
storage by kernel mode software. They are 32-bits in width for 32-bit
processors and 64-bits for 64-bit processors.

CP0Config4.KScrExist[2:7] bits indicate presence of CP0_KScratch1-6 registers.
For Release 6, all KScratch registers are required.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
2014-11-03 11:48:34 +00:00
641 changed files with 31512 additions and 9975 deletions

1
.gitignore vendored
View File

@@ -109,3 +109,4 @@ cscope.*
tags
TAGS
*~
/tests/qemu-iotests/common.env

View File

@@ -11,7 +11,7 @@ option) any later version.
As of July 2013, contributions under version 2 of the GNU General Public
License (and no later version) are only accepted for the following files
or directories: bsd-user/, linux-user/, hw/misc/vfio.c, hw/xen/xen_pt*.
or directories: bsd-user/, linux-user/, hw/vfio/, hw/xen/xen_pt*.
3) The Tiny Code Generator (TCG) is released under the BSD license
(see license headers in files).

View File

@@ -98,8 +98,12 @@ LM32
M: Michael Walle <michael@walle.cc>
S: Maintained
F: target-lm32/
F: disas/lm32.c
F: hw/lm32/
F: hw/char/lm32_*
F: hw/*/lm32_*
F: hw/*/milkymist-*
F: include/hw/char/lm32_juart.h
F: include/hw/lm32/
F: tests/tcg/lm32/
M68K
@@ -534,6 +538,7 @@ S390 Virtio
M: Alexander Graf <agraf@suse.de>
S: Maintained
F: hw/s390x/s390-*.c
X: hw/s390x/*pci*.[hc]
S390 Virtio-ccw
M: Cornelia Huck <cornelia.huck@de.ibm.com>
@@ -544,6 +549,7 @@ F: hw/s390x/s390-virtio-ccw.c
F: hw/s390x/css.[hc]
F: hw/s390x/sclp*.[hc]
F: hw/s390x/ipl*.[hc]
F: hw/s390x/*pci*.[hc]
F: include/hw/s390x/
F: pc-bios/s390-ccw/
T: git git://github.com/cohuck/qemu virtio-ccw-upstr
@@ -657,7 +663,7 @@ F: hw/usb/dev-serial.c
VFIO
M: Alex Williamson <alex.williamson@redhat.com>
S: Supported
F: hw/misc/vfio.c
F: hw/vfio/*
vhost
M: Michael S. Tsirkin <mst@redhat.com>
@@ -696,6 +702,14 @@ M: Amit Shah <amit.shah@redhat.com>
S: Supported
F: hw/char/virtio-serial-bus.c
F: hw/char/virtio-console.c
F: include/hw/virtio/virtio-serial.h
virtio-rng
M: Amit Shah <amit.shah@redhat.com>
S: Supported
F: hw/virtio/virtio-rng.c
F: include/hw/virtio/virtio-rng.h
F: backends/rng*.c
nvme
M: Keith Busch <keith.busch@intel.com>
@@ -743,6 +757,7 @@ F: aio-*.c
F: block*
F: block/
F: hw/block/
F: migration/block*
F: qemu-img*
F: qemu-io*
F: tests/image-fuzzer/
@@ -880,6 +895,12 @@ S: Maintained
F: qobject/
T: git git://repo.or.cz/qemu/qmp-unstable.git queue/qmp
QEMU Guest Agent
M: Michael Roth <mdroth@linux.vnet.ibm.com>
S: Maintained
F: qga/
T: git git://github.com/mdroth/qemu.git qga
QOM
M: Anthony Liguori <aliguori@amazon.com>
M: Andreas Färber <afaerber@suse.de>
@@ -920,6 +941,17 @@ M: Blue Swirl <blauwirbel@gmail.com>
S: Odd Fixes
F: scripts/checkpatch.pl
Migration
M: Juan Quintela <quintela@redhat.com>
M: Amit Shah <amit.shah@redhat.com>
S: Maintained
F: include/migration/
F: migration/
F: savevm.c
F: arch_init.c
F: scripts/vmstate-static-checker.py
F: tests/vmstate-static-checker-data/
Seccomp
M: Eduardo Otubo <eduardo.otubo@profitbricks.com>
S: Supported
@@ -1074,7 +1106,11 @@ S: Supported
F: block/ssh.c
ARCHIPELAGO
M: Chrysostomos Nanakos <cnanakos@grnet.gr>
M: Chrysostomos Nanakos <chris@include.gr>
S: Maintained
F: block/archipelago.c
Bootdevice
M: Gonglei <arei.gonglei@huawei.com>
S: Maintained
F: bootdevice.c

View File

@@ -313,8 +313,8 @@ qemu-%.tar.bz2:
distclean: clean
rm -f config-host.mak config-host.h* config-host.ld $(DOCS) qemu-options.texi qemu-img-cmds.texi qemu-monitor.texi
rm -f config-all-devices.mak config-all-disas.mak
rm -f po/*.mo
rm -f config-all-devices.mak config-all-disas.mak config.status
rm -f po/*.mo tests/qemu-iotests/common.env
rm -f roms/seabios/config.mak roms/vgabios/config.mak
rm -f qemu-doc.info qemu-doc.aux qemu-doc.cp qemu-doc.cps qemu-doc.dvi
rm -f qemu-doc.fn qemu-doc.fns qemu-doc.info qemu-doc.ky qemu-doc.kys

View File

@@ -48,15 +48,9 @@ common-obj-$(CONFIG_POSIX) += os-posix.o
common-obj-$(CONFIG_LINUX) += fsdev/
common-obj-y += migration.o migration-tcp.o
common-obj-y += vmstate.o
common-obj-y += qemu-file.o qemu-file-unix.o qemu-file-stdio.o
common-obj-$(CONFIG_RDMA) += migration-rdma.o
common-obj-y += migration/
common-obj-y += qemu-char.o #aio.o
common-obj-y += block-migration.o
common-obj-y += page_cache.o xbzrle.o
common-obj-$(CONFIG_POSIX) += migration-exec.o migration-unix.o migration-fd.o
common-obj-y += page_cache.o
common-obj-$(CONFIG_SPICE) += spice-qemu-char.o

View File

@@ -1 +1 @@
2.1.50
2.2.50

View File

@@ -73,7 +73,7 @@ void aio_set_fd_handler(AioContext *ctx,
} else {
if (node == NULL) {
/* Alloc and insert if it's not already there */
node = g_malloc0(sizeof(AioHandler));
node = g_new0(AioHandler, 1);
node->pfd.fd = fd;
QLIST_INSERT_HEAD(&ctx->aio_handlers, node, node);

View File

@@ -67,7 +67,7 @@ void aio_set_fd_handler(AioContext *ctx,
if (node == NULL) {
/* Alloc and insert if it's not already there */
node = g_malloc0(sizeof(AioHandler));
node = g_new0(AioHandler, 1);
node->pfd.fd = fd;
QLIST_INSERT_HEAD(&ctx->aio_handlers, node, node);
}
@@ -129,7 +129,7 @@ void aio_set_event_notifier(AioContext *ctx,
} else {
if (node == NULL) {
/* Alloc and insert if it's not already there */
node = g_malloc0(sizeof(AioHandler));
node = g_new0(AioHandler, 1);
node->e = e;
node->pfd.fd = (uintptr_t)event_notifier_get_handle(e);
node->pfd.events = G_IO_IN;

View File

@@ -346,7 +346,8 @@ static void xbzrle_cache_zero_page(ram_addr_t current_addr)
/* We don't care if this fails to allocate a new cache page
* as long as it updated an old one */
cache_insert(XBZRLE.cache, current_addr, ZERO_TARGET_PAGE);
cache_insert(XBZRLE.cache, current_addr, ZERO_TARGET_PAGE,
bitmap_sync_count);
}
#define ENCODING_FLAG_XBZRLE 0x1
@@ -358,10 +359,11 @@ static int save_xbzrle_page(QEMUFile *f, uint8_t **current_data,
int encoded_len = 0, bytes_sent = -1;
uint8_t *prev_cached_page;
if (!cache_is_cached(XBZRLE.cache, current_addr)) {
if (!cache_is_cached(XBZRLE.cache, current_addr, bitmap_sync_count)) {
acct_info.xbzrle_cache_miss++;
if (!last_stage) {
if (cache_insert(XBZRLE.cache, current_addr, *current_data) == -1) {
if (cache_insert(XBZRLE.cache, current_addr, *current_data,
bitmap_sync_count) == -1) {
return -1;
} else {
/* update *current_data when the page has been
@@ -486,15 +488,23 @@ static void migration_bitmap_sync_range(ram_addr_t start, ram_addr_t length)
/* Needs iothread lock! */
/* Fix me: there are too many global variables used in migration process. */
static int64_t start_time;
static int64_t bytes_xfer_prev;
static int64_t num_dirty_pages_period;
static void migration_bitmap_sync_init(void)
{
start_time = 0;
bytes_xfer_prev = 0;
num_dirty_pages_period = 0;
}
static void migration_bitmap_sync(void)
{
RAMBlock *block;
uint64_t num_dirty_pages_init = migration_dirty_pages;
MigrationState *s = migrate_get_current();
static int64_t start_time;
static int64_t bytes_xfer_prev;
static int64_t num_dirty_pages_period;
int64_t end_time;
int64_t bytes_xfer_now;
static uint64_t xbzrle_cache_miss_prev;
@@ -514,7 +524,7 @@ static void migration_bitmap_sync(void)
address_space_sync_dirty_bitmap(&address_space_memory);
QTAILQ_FOREACH(block, &ram_list.blocks, next) {
migration_bitmap_sync_range(block->mr->ram_addr, block->length);
migration_bitmap_sync_range(block->mr->ram_addr, block->used_length);
}
trace_migration_bitmap_sync_end(migration_dirty_pages
- num_dirty_pages_init);
@@ -660,7 +670,7 @@ static int ram_find_and_save_block(QEMUFile *f, bool last_stage)
offset >= last_offset) {
break;
}
if (offset >= block->length) {
if (offset >= block->used_length) {
offset = 0;
block = QTAILQ_NEXT(block, next);
if (!block) {
@@ -719,7 +729,7 @@ uint64_t ram_bytes_total(void)
uint64_t total = 0;
QTAILQ_FOREACH(block, &ram_list.blocks, next)
total += block->length;
total += block->used_length;
return total;
}
@@ -774,6 +784,7 @@ static int ram_save_setup(QEMUFile *f, void *opaque)
mig_throttle_on = false;
dirty_rate_high_cnt = 0;
bitmap_sync_count = 0;
migration_bitmap_sync_init();
if (migrate_use_xbzrle()) {
XBZRLE_cache_lock();
@@ -822,7 +833,7 @@ static int ram_save_setup(QEMUFile *f, void *opaque)
QTAILQ_FOREACH(block, &ram_list.blocks, next) {
uint64_t block_pages;
block_pages = block->length >> TARGET_PAGE_BITS;
block_pages = block->used_length >> TARGET_PAGE_BITS;
migration_dirty_pages += block_pages;
}
@@ -835,7 +846,7 @@ static int ram_save_setup(QEMUFile *f, void *opaque)
QTAILQ_FOREACH(block, &ram_list.blocks, next) {
qemu_put_byte(f, strlen(block->idstr));
qemu_put_buffer(f, (uint8_t *)block->idstr, strlen(block->idstr));
qemu_put_be64(f, block->length);
qemu_put_be64(f, block->used_length);
}
qemu_mutex_unlock_ramlist();
@@ -1006,7 +1017,7 @@ static inline void *host_from_stream_offset(QEMUFile *f,
uint8_t len;
if (flags & RAM_SAVE_FLAG_CONTINUE) {
if (!block) {
if (!block || block->max_length <= offset) {
error_report("Ack, bad migration stream!");
return NULL;
}
@@ -1019,8 +1030,10 @@ static inline void *host_from_stream_offset(QEMUFile *f,
id[len] = 0;
QTAILQ_FOREACH(block, &ram_list.blocks, next) {
if (!strncmp(id, block->idstr, sizeof(id)))
if (!strncmp(id, block->idstr, sizeof(id)) &&
block->max_length > offset) {
return memory_region_get_ram_ptr(block->mr) + offset;
}
}
error_report("Can't find block %s!", id);
@@ -1075,11 +1088,14 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id)
QTAILQ_FOREACH(block, &ram_list.blocks, next) {
if (!strncmp(id, block->idstr, sizeof(id))) {
if (block->length != length) {
error_report("Length mismatch: %s: 0x" RAM_ADDR_FMT
" in != 0x" RAM_ADDR_FMT, id, length,
block->length);
ret = -EINVAL;
if (length != block->used_length) {
Error *local_err = NULL;
ret = qemu_ram_resize(block->offset, length, &local_err);
if (local_err) {
error_report("%s", error_get_pretty(local_err));
error_free(local_err);
}
}
break;
}

11
async.c
View File

@@ -44,10 +44,12 @@ struct QEMUBH {
QEMUBH *aio_bh_new(AioContext *ctx, QEMUBHFunc *cb, void *opaque)
{
QEMUBH *bh;
bh = g_malloc0(sizeof(QEMUBH));
bh->ctx = ctx;
bh->cb = cb;
bh->opaque = opaque;
bh = g_new(QEMUBH, 1);
*bh = (QEMUBH){
.ctx = ctx,
.cb = cb,
.opaque = opaque,
};
qemu_mutex_lock(&ctx->bh_lock);
bh->next = ctx->first_bh;
/* Make sure that the members are ready before putting bh into list */
@@ -300,6 +302,7 @@ AioContext *aio_context_new(Error **errp)
error_setg_errno(errp, -ret, "Failed to initialize event notifier");
return NULL;
}
g_source_set_can_recurse(&ctx->source, true);
aio_set_event_notifier(ctx, &ctx->notifier,
(EventNotifierHandler *)
event_notifier_test_and_clear);

View File

@@ -191,9 +191,9 @@ static void glue (audio_pcm_hw_gc_, TYPE) (HW **hwp)
audio_detach_capture (hw);
#endif
QLIST_REMOVE (hw, entries);
glue (hw->pcm_ops->fini_, TYPE) (hw);
glue (s->nb_hw_voices_, TYPE) += 1;
glue (audio_pcm_hw_free_resources_ ,TYPE) (hw);
glue (hw->pcm_ops->fini_, TYPE) (hw);
g_free (hw);
*hwp = NULL;
}

View File

@@ -88,11 +88,7 @@ static char *rng_random_get_filename(Object *obj, Error **errp)
{
RndRandom *s = RNG_RANDOM(obj);
if (s->filename) {
return g_strdup(s->filename);
}
return NULL;
return g_strdup(s->filename);
}
static void rng_random_set_filename(Object *obj, const char *filename,

213
block.c
View File

@@ -97,6 +97,10 @@ static QTAILQ_HEAD(, BlockDriverState) graph_bdrv_states =
static QLIST_HEAD(, BlockDriver) bdrv_drivers =
QLIST_HEAD_INITIALIZER(bdrv_drivers);
static void bdrv_set_dirty(BlockDriverState *bs, int64_t cur_sector,
int nr_sectors);
static void bdrv_reset_dirty(BlockDriverState *bs, int64_t cur_sector,
int nr_sectors);
/* If non-zero, use only whitelisted block drivers */
static int use_bdrv_whitelist;
@@ -229,7 +233,7 @@ size_t bdrv_opt_mem_align(BlockDriverState *bs)
}
/* check if the path starts with "<protocol>:" */
static int path_has_protocol(const char *path)
int path_has_protocol(const char *path)
{
const char *p;
@@ -303,15 +307,32 @@ void path_combine(char *dest, int dest_size,
}
}
void bdrv_get_full_backing_filename(BlockDriverState *bs, char *dest, size_t sz)
void bdrv_get_full_backing_filename_from_filename(const char *backed,
const char *backing,
char *dest, size_t sz,
Error **errp)
{
if (bs->backing_file[0] == '\0' || path_has_protocol(bs->backing_file)) {
pstrcpy(dest, sz, bs->backing_file);
if (backing[0] == '\0' || path_has_protocol(backing) ||
path_is_absolute(backing))
{
pstrcpy(dest, sz, backing);
} else if (backed[0] == '\0' || strstart(backed, "json:", NULL)) {
error_setg(errp, "Cannot use relative backing file names for '%s'",
backed);
} else {
path_combine(dest, sz, bs->filename, bs->backing_file);
path_combine(dest, sz, backed, backing);
}
}
void bdrv_get_full_backing_filename(BlockDriverState *bs, char *dest, size_t sz,
Error **errp)
{
char *backed = bs->exact_filename[0] ? bs->exact_filename : bs->filename;
bdrv_get_full_backing_filename_from_filename(backed, bs->backing_file,
dest, sz, errp);
}
void bdrv_register(BlockDriver *bdrv)
{
/* Block drivers without coroutine functions need emulation */
@@ -629,7 +650,7 @@ BlockDriver *bdrv_find_protocol(const char *filename,
}
if (!path_has_protocol(filename) || !allow_protocol_prefix) {
return bdrv_find_format("file");
return &bdrv_file;
}
p = strchr(filename, ':');
@@ -648,22 +669,49 @@ BlockDriver *bdrv_find_protocol(const char *filename,
return NULL;
}
/*
* Guess image format by probing its contents.
* This is not a good idea when your image is raw (CVE-2008-2004), but
* we do it anyway for backward compatibility.
*
* @buf contains the image's first @buf_size bytes.
* @buf_size is the buffer size in bytes (generally BLOCK_PROBE_BUF_SIZE,
* but can be smaller if the image file is smaller)
* @filename is its filename.
*
* For all block drivers, call the bdrv_probe() method to get its
* probing score.
* Return the first block driver with the highest probing score.
*/
BlockDriver *bdrv_probe_all(const uint8_t *buf, int buf_size,
const char *filename)
{
int score_max = 0, score;
BlockDriver *drv = NULL, *d;
QLIST_FOREACH(d, &bdrv_drivers, list) {
if (d->bdrv_probe) {
score = d->bdrv_probe(buf, buf_size, filename);
if (score > score_max) {
score_max = score;
drv = d;
}
}
}
return drv;
}
static int find_image_format(BlockDriverState *bs, const char *filename,
BlockDriver **pdrv, Error **errp)
{
int score, score_max;
BlockDriver *drv1, *drv;
uint8_t buf[2048];
BlockDriver *drv;
uint8_t buf[BLOCK_PROBE_BUF_SIZE];
int ret = 0;
/* Return the raw BlockDriver * to scsi-generic devices or empty drives */
if (bs->sg || !bdrv_is_inserted(bs) || bdrv_getlength(bs) == 0) {
drv = bdrv_find_format("raw");
if (!drv) {
error_setg(errp, "Could not find raw image format");
ret = -ENOENT;
}
*pdrv = drv;
*pdrv = &bdrv_raw;
return ret;
}
@@ -675,17 +723,7 @@ static int find_image_format(BlockDriverState *bs, const char *filename,
return ret;
}
score_max = 0;
drv = NULL;
QLIST_FOREACH(drv1, &bdrv_drivers, list) {
if (drv1->bdrv_probe) {
score = drv1->bdrv_probe(buf, ret, filename);
if (score > score_max) {
score_max = score;
drv = drv1;
}
}
}
drv = bdrv_probe_all(buf, ret, filename);
if (!drv) {
error_setg(errp, "Could not determine image format: No compatible "
"driver found");
@@ -1162,7 +1200,7 @@ void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd)
bdrv_op_block_all(bs->backing_hd, bs->backing_blocker);
/* Otherwise we won't be able to commit due to check in bdrv_commit */
bdrv_op_unblock(bs->backing_hd, BLOCK_OP_TYPE_COMMIT,
bdrv_op_unblock(bs->backing_hd, BLOCK_OP_TYPE_COMMIT_TARGET,
bs->backing_blocker);
out:
bdrv_refresh_limits(bs, NULL);
@@ -1180,7 +1218,6 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *options, Error **errp)
{
char *backing_filename = g_malloc0(PATH_MAX);
int ret = 0;
BlockDriver *back_drv = NULL;
BlockDriverState *backing_hd;
Error *local_err = NULL;
@@ -1201,7 +1238,14 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *options, Error **errp)
QDECREF(options);
goto free_exit;
} else {
bdrv_get_full_backing_filename(bs, backing_filename, PATH_MAX);
bdrv_get_full_backing_filename(bs, backing_filename, PATH_MAX,
&local_err);
if (local_err) {
ret = -EINVAL;
error_propagate(errp, local_err);
QDECREF(options);
goto free_exit;
}
}
if (!bs->drv || !bs->drv->supports_backing) {
@@ -1213,14 +1257,14 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *options, Error **errp)
backing_hd = bdrv_new();
if (bs->backing_format[0] != '\0') {
back_drv = bdrv_find_format(bs->backing_format);
if (bs->backing_format[0] != '\0' && !qdict_haskey(options, "driver")) {
qdict_put(options, "driver", qstring_from_str(bs->backing_format));
}
assert(bs->backing_hd == NULL);
ret = bdrv_open(&backing_hd,
*backing_filename ? backing_filename : NULL, NULL, options,
bdrv_backing_flags(bs->open_flags), back_drv, &local_err);
bdrv_backing_flags(bs->open_flags), NULL, &local_err);
if (ret < 0) {
bdrv_unref(backing_hd);
backing_hd = NULL;
@@ -1294,7 +1338,6 @@ int bdrv_append_temp_snapshot(BlockDriverState *bs, int flags, Error **errp)
/* TODO: extra byte is a hack to ensure MAX_PATH space on Windows. */
char *tmp_filename = g_malloc0(PATH_MAX + 1);
int64_t total_size;
BlockDriver *bdrv_qcow2;
QemuOpts *opts = NULL;
QDict *snapshot_options;
BlockDriverState *bs_snapshot;
@@ -1319,11 +1362,10 @@ int bdrv_append_temp_snapshot(BlockDriverState *bs, int flags, Error **errp)
goto out;
}
bdrv_qcow2 = bdrv_find_format("qcow2");
opts = qemu_opts_create(bdrv_qcow2->create_opts, NULL, 0,
opts = qemu_opts_create(bdrv_qcow2.create_opts, NULL, 0,
&error_abort);
qemu_opt_set_number(opts, BLOCK_OPT_SIZE, total_size);
ret = bdrv_create(bdrv_qcow2, tmp_filename, opts, &local_err);
ret = bdrv_create(&bdrv_qcow2, tmp_filename, opts, &local_err);
qemu_opts_del(opts);
if (ret < 0) {
error_setg_errno(errp, -ret, "Could not create temporary overlay "
@@ -1343,7 +1385,7 @@ int bdrv_append_temp_snapshot(BlockDriverState *bs, int flags, Error **errp)
bs_snapshot = bdrv_new();
ret = bdrv_open(&bs_snapshot, NULL, NULL, snapshot_options,
flags, bdrv_qcow2, &local_err);
flags, &bdrv_qcow2, &local_err);
if (ret < 0) {
error_propagate(errp, local_err);
goto out;
@@ -1467,6 +1509,7 @@ int bdrv_open(BlockDriverState **pbs, const char *filename,
}
/* Image format probing */
bs->probed = !drv;
if (!drv && file) {
ret = find_image_format(file, filename, &drv, &local_err);
if (ret < 0) {
@@ -2173,8 +2216,8 @@ int bdrv_commit(BlockDriverState *bs)
return -ENOTSUP;
}
if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_COMMIT, NULL) ||
bdrv_op_is_blocked(bs->backing_hd, BLOCK_OP_TYPE_COMMIT, NULL)) {
if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_COMMIT_SOURCE, NULL) ||
bdrv_op_is_blocked(bs->backing_hd, BLOCK_OP_TYPE_COMMIT_TARGET, NULL)) {
return -EBUSY;
}
@@ -2790,8 +2833,8 @@ int bdrv_make_zero(BlockDriverState *bs, BdrvRequestFlags flags)
if (nb_sectors <= 0) {
return 0;
}
if (nb_sectors > INT_MAX) {
nb_sectors = INT_MAX;
if (nb_sectors > INT_MAX / BDRV_SECTOR_SIZE) {
nb_sectors = INT_MAX / BDRV_SECTOR_SIZE;
}
ret = bdrv_get_block_status(bs, sector_num, nb_sectors, &n);
if (ret < 0) {
@@ -3019,18 +3062,16 @@ static int coroutine_fn bdrv_aligned_preadv(BlockDriverState *bs,
max_nb_sectors = ROUND_UP(MAX(0, total_sectors - sector_num),
align >> BDRV_SECTOR_BITS);
if (max_nb_sectors > 0) {
if (nb_sectors < max_nb_sectors) {
ret = drv->bdrv_co_readv(bs, sector_num, nb_sectors, qiov);
} else if (max_nb_sectors > 0) {
QEMUIOVector local_qiov;
size_t local_sectors;
max_nb_sectors = MIN(max_nb_sectors, SIZE_MAX / BDRV_SECTOR_BITS);
local_sectors = MIN(max_nb_sectors, nb_sectors);
qemu_iovec_init(&local_qiov, qiov->niov);
qemu_iovec_concat(&local_qiov, qiov, 0,
local_sectors * BDRV_SECTOR_SIZE);
max_nb_sectors * BDRV_SECTOR_SIZE);
ret = drv->bdrv_co_readv(bs, sector_num, local_sectors,
ret = drv->bdrv_co_readv(bs, sector_num, max_nb_sectors,
&local_qiov);
qemu_iovec_destroy(&local_qiov);
@@ -3203,6 +3244,9 @@ static int coroutine_fn bdrv_co_do_write_zeroes(BlockDriverState *bs,
if (ret == -ENOTSUP) {
/* Fall back to bounce buffer if write zeroes is unsupported */
int max_xfer_len = MIN_NON_ZERO(bs->bl.max_transfer_length,
MAX_WRITE_ZEROES_DEFAULT);
num = MIN(num, max_xfer_len);
iov.iov_len = num * BDRV_SECTOR_SIZE;
if (iov.iov_base == NULL) {
iov.iov_base = qemu_try_blockalign(bs, num * BDRV_SECTOR_SIZE);
@@ -3219,7 +3263,7 @@ static int coroutine_fn bdrv_co_do_write_zeroes(BlockDriverState *bs,
/* Keep bounce buffer around if it is big enough for all
* all future requests.
*/
if (num < max_write_zeroes) {
if (num < max_xfer_len) {
qemu_vfree(iov.iov_base);
iov.iov_base = NULL;
}
@@ -3801,6 +3845,14 @@ bool bdrv_chain_contains(BlockDriverState *top, BlockDriverState *base)
return top != NULL;
}
BlockDriverState *bdrv_next_node(BlockDriverState *bs)
{
if (!bs) {
return QTAILQ_FIRST(&graph_bdrv_states);
}
return QTAILQ_NEXT(bs, node_list);
}
BlockDriverState *bdrv_next(BlockDriverState *bs)
{
if (!bs) {
@@ -3809,6 +3861,11 @@ BlockDriverState *bdrv_next(BlockDriverState *bs)
return QTAILQ_NEXT(bs, device_list);
}
const char *bdrv_get_node_name(const BlockDriverState *bs)
{
return bs->node_name;
}
/* TODO check what callers really want: bs->node_name or blk_name() */
const char *bdrv_get_device_name(const BlockDriverState *bs)
{
@@ -3903,9 +3960,9 @@ typedef struct BdrvCoGetBlockStatusData {
} BdrvCoGetBlockStatusData;
/*
* Returns true iff the specified sector is present in the disk image. Drivers
* not implementing the functionality are assumed to not support backing files,
* hence all their sectors are reported as allocated.
* Returns the allocation status of the specified sectors.
* Drivers not implementing the functionality are assumed to not support
* backing files, hence all their sectors are reported as allocated.
*
* If 'sector_num' is beyond the end of the disk image the return value is 0
* and 'pnum' is set to 0.
@@ -5361,8 +5418,20 @@ void bdrv_dirty_iter_init(BlockDriverState *bs,
hbitmap_iter_init(hbi, bitmap->bitmap, 0);
}
void bdrv_set_dirty(BlockDriverState *bs, int64_t cur_sector,
int nr_sectors)
void bdrv_set_dirty_bitmap(BlockDriverState *bs, BdrvDirtyBitmap *bitmap,
int64_t cur_sector, int nr_sectors)
{
hbitmap_set(bitmap->bitmap, cur_sector, nr_sectors);
}
void bdrv_reset_dirty_bitmap(BlockDriverState *bs, BdrvDirtyBitmap *bitmap,
int64_t cur_sector, int nr_sectors)
{
hbitmap_reset(bitmap->bitmap, cur_sector, nr_sectors);
}
static void bdrv_set_dirty(BlockDriverState *bs, int64_t cur_sector,
int nr_sectors)
{
BdrvDirtyBitmap *bitmap;
QLIST_FOREACH(bitmap, &bs->dirty_bitmaps, list) {
@@ -5370,7 +5439,8 @@ void bdrv_set_dirty(BlockDriverState *bs, int64_t cur_sector,
}
}
void bdrv_reset_dirty(BlockDriverState *bs, int64_t cur_sector, int nr_sectors)
static void bdrv_reset_dirty(BlockDriverState *bs, int64_t cur_sector,
int nr_sectors)
{
BdrvDirtyBitmap *bitmap;
QLIST_FOREACH(bitmap, &bs->dirty_bitmaps, list) {
@@ -5541,6 +5611,18 @@ void bdrv_img_create(const char *filename, const char *fmt,
return;
}
if (!drv->create_opts) {
error_setg(errp, "Format driver '%s' does not support image creation",
drv->format_name);
return;
}
if (!proto_drv->create_opts) {
error_setg(errp, "Protocol driver '%s' does not support image creation",
proto_drv->format_name);
return;
}
create_opts = qemu_opts_append(create_opts, drv->create_opts);
create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
@@ -5597,22 +5679,27 @@ void bdrv_img_create(const char *filename, const char *fmt,
if (size == -1) {
if (backing_file) {
BlockDriverState *bs;
char *full_backing = g_new0(char, PATH_MAX);
int64_t size;
int back_flags;
bdrv_get_full_backing_filename_from_filename(filename, backing_file,
full_backing, PATH_MAX,
&local_err);
if (local_err) {
g_free(full_backing);
goto out;
}
/* backing files always opened read-only */
back_flags =
flags & ~(BDRV_O_RDWR | BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING);
bs = NULL;
ret = bdrv_open(&bs, backing_file, NULL, NULL, back_flags,
ret = bdrv_open(&bs, full_backing, NULL, NULL, back_flags,
backing_drv, &local_err);
g_free(full_backing);
if (ret < 0) {
error_setg_errno(errp, -ret, "Could not open '%s': %s",
backing_file,
error_get_pretty(local_err));
error_free(local_err);
local_err = NULL;
goto out;
}
size = bdrv_getlength(bs);
@@ -5633,8 +5720,8 @@ void bdrv_img_create(const char *filename, const char *fmt,
}
if (!quiet) {
printf("Formatting '%s', fmt=%s ", filename, fmt);
qemu_opts_print(opts);
printf("Formatting '%s', fmt=%s", filename, fmt);
qemu_opts_print(opts, " ");
puts("");
}

View File

@@ -24,6 +24,7 @@
#include "block/accounting.h"
#include "block/block_int.h"
#include "qemu/timer.h"
void block_acct_start(BlockAcctStats *stats, BlockAcctCookie *cookie,
int64_t bytes, enum BlockAcctType type)
@@ -31,7 +32,7 @@ void block_acct_start(BlockAcctStats *stats, BlockAcctCookie *cookie,
assert(type < BLOCK_MAX_IOTYPE);
cookie->bytes = bytes;
cookie->start_time_ns = get_clock();
cookie->start_time_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
cookie->type = type;
}
@@ -41,7 +42,8 @@ void block_acct_done(BlockAcctStats *stats, BlockAcctCookie *cookie)
stats->nr_bytes[cookie->type] += cookie->bytes;
stats->nr_ops[cookie->type]++;
stats->total_time_ns[cookie->type] += get_clock() - cookie->start_time_ns;
stats->total_time_ns[cookie->type] +=
qemu_clock_get_ns(QEMU_CLOCK_REALTIME) - cookie->start_time_ns;
}

View File

@@ -360,6 +360,7 @@ static void coroutine_fn backup_run(void *opaque)
hbitmap_free(job->bitmap);
bdrv_iostatus_disable(target);
bdrv_op_unblock_all(target, job->common.blocker);
data = g_malloc(sizeof(*data));
data->ret = ret;
@@ -379,6 +380,11 @@ void backup_start(BlockDriverState *bs, BlockDriverState *target,
assert(target);
assert(cb);
if (bs == target) {
error_setg(errp, "Source and target cannot be the same");
return;
}
if ((on_source_error == BLOCKDEV_ON_ERROR_STOP ||
on_source_error == BLOCKDEV_ON_ERROR_ENOSPC) &&
!bdrv_iostatus_is_enabled(bs)) {
@@ -386,6 +392,26 @@ void backup_start(BlockDriverState *bs, BlockDriverState *target,
return;
}
if (!bdrv_is_inserted(bs)) {
error_setg(errp, "Device is not inserted: %s",
bdrv_get_device_name(bs));
return;
}
if (!bdrv_is_inserted(target)) {
error_setg(errp, "Device is not inserted: %s",
bdrv_get_device_name(target));
return;
}
if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_BACKUP_SOURCE, errp)) {
return;
}
if (bdrv_op_is_blocked(target, BLOCK_OP_TYPE_BACKUP_TARGET, errp)) {
return;
}
len = bdrv_getlength(bs);
if (len < 0) {
error_setg_errno(errp, -len, "unable to get length for '%s'",
@@ -399,6 +425,8 @@ void backup_start(BlockDriverState *bs, BlockDriverState *target,
return;
}
bdrv_op_block_all(target, job->common.blocker);
job->on_source_error = on_source_error;
job->on_target_error = on_target_error;
job->target = target;

View File

@@ -721,93 +721,50 @@ static int64_t blkdebug_getlength(BlockDriverState *bs)
static void blkdebug_refresh_filename(BlockDriverState *bs)
{
BDRVBlkdebugState *s = bs->opaque;
struct BlkdebugRule *rule;
QDict *opts;
QList *inject_error_list = NULL, *set_state_list = NULL;
QList *suspend_list = NULL;
int event;
const QDictEntry *e;
bool force_json = false;
if (!bs->file->full_open_options) {
for (e = qdict_first(bs->options); e; e = qdict_next(bs->options, e)) {
if (strcmp(qdict_entry_key(e), "config") &&
strcmp(qdict_entry_key(e), "x-image") &&
strcmp(qdict_entry_key(e), "image") &&
strncmp(qdict_entry_key(e), "image.", strlen("image.")))
{
force_json = true;
break;
}
}
if (force_json && !bs->file->full_open_options) {
/* The config file cannot be recreated, so creating a plain filename
* is impossible */
return;
}
if (!force_json && bs->file->exact_filename[0]) {
snprintf(bs->exact_filename, sizeof(bs->exact_filename),
"blkdebug:%s:%s",
qdict_get_try_str(bs->options, "config") ?: "",
bs->file->exact_filename);
}
opts = qdict_new();
qdict_put_obj(opts, "driver", QOBJECT(qstring_from_str("blkdebug")));
QINCREF(bs->file->full_open_options);
qdict_put_obj(opts, "image", QOBJECT(bs->file->full_open_options));
for (event = 0; event < BLKDBG_EVENT_MAX; event++) {
QLIST_FOREACH(rule, &s->rules[event], next) {
if (rule->action == ACTION_INJECT_ERROR) {
QDict *inject_error = qdict_new();
qdict_put_obj(inject_error, "event", QOBJECT(qstring_from_str(
BlkdebugEvent_lookup[rule->event])));
qdict_put_obj(inject_error, "state",
QOBJECT(qint_from_int(rule->state)));
qdict_put_obj(inject_error, "errno", QOBJECT(qint_from_int(
rule->options.inject.error)));
qdict_put_obj(inject_error, "sector", QOBJECT(qint_from_int(
rule->options.inject.sector)));
qdict_put_obj(inject_error, "once", QOBJECT(qbool_from_int(
rule->options.inject.once)));
qdict_put_obj(inject_error, "immediately",
QOBJECT(qbool_from_int(
rule->options.inject.immediately)));
if (!inject_error_list) {
inject_error_list = qlist_new();
}
qlist_append_obj(inject_error_list, QOBJECT(inject_error));
} else if (rule->action == ACTION_SET_STATE) {
QDict *set_state = qdict_new();
qdict_put_obj(set_state, "event", QOBJECT(qstring_from_str(
BlkdebugEvent_lookup[rule->event])));
qdict_put_obj(set_state, "state",
QOBJECT(qint_from_int(rule->state)));
qdict_put_obj(set_state, "new_state", QOBJECT(qint_from_int(
rule->options.set_state.new_state)));
if (!set_state_list) {
set_state_list = qlist_new();
}
qlist_append_obj(set_state_list, QOBJECT(set_state));
} else if (rule->action == ACTION_SUSPEND) {
QDict *suspend = qdict_new();
qdict_put_obj(suspend, "event", QOBJECT(qstring_from_str(
BlkdebugEvent_lookup[rule->event])));
qdict_put_obj(suspend, "state",
QOBJECT(qint_from_int(rule->state)));
qdict_put_obj(suspend, "tag", QOBJECT(qstring_from_str(
rule->options.suspend.tag)));
if (!suspend_list) {
suspend_list = qlist_new();
}
qlist_append_obj(suspend_list, QOBJECT(suspend));
}
for (e = qdict_first(bs->options); e; e = qdict_next(bs->options, e)) {
if (strcmp(qdict_entry_key(e), "x-image") &&
strcmp(qdict_entry_key(e), "image") &&
strncmp(qdict_entry_key(e), "image.", strlen("image.")))
{
qobject_incref(qdict_entry_value(e));
qdict_put_obj(opts, qdict_entry_key(e), qdict_entry_value(e));
}
}
if (inject_error_list) {
qdict_put_obj(opts, "inject-error", QOBJECT(inject_error_list));
}
if (set_state_list) {
qdict_put_obj(opts, "set-state", QOBJECT(set_state_list));
}
if (suspend_list) {
qdict_put_obj(opts, "suspend", QOBJECT(suspend_list));
}
bs->full_open_options = opts;
}

View File

@@ -260,9 +260,6 @@ int blk_attach_dev(BlockBackend *blk, void *dev)
blk_ref(blk);
blk->dev = dev;
bdrv_iostatus_reset(blk->bs);
/* We're expecting I/O from the device so bump up coroutine pool size */
qemu_coroutine_adjust_pool_size(COROUTINE_POOL_RESERVATION);
return 0;
}
@@ -290,7 +287,6 @@ void blk_detach_dev(BlockBackend *blk, void *dev)
blk->dev_ops = NULL;
blk->dev_opaque = NULL;
bdrv_set_guest_block_size(blk->bs, 512);
qemu_coroutine_adjust_pool_size(-COROUTINE_POOL_RESERVATION);
blk_unref(blk);
}
@@ -497,6 +493,16 @@ BlockAIOCB *blk_aio_ioctl(BlockBackend *blk, unsigned long int req, void *buf,
return bdrv_aio_ioctl(blk->bs, req, buf, cb, opaque);
}
int blk_co_discard(BlockBackend *blk, int64_t sector_num, int nb_sectors)
{
return bdrv_co_discard(blk->bs, sector_num, nb_sectors);
}
int blk_co_flush(BlockBackend *blk)
{
return bdrv_co_flush(blk->bs);
}
int blk_flush(BlockBackend *blk)
{
return bdrv_flush(blk->bs);
@@ -549,6 +555,11 @@ void blk_set_enable_write_cache(BlockBackend *blk, bool wce)
bdrv_set_enable_write_cache(blk->bs, wce);
}
void blk_invalidate_cache(BlockBackend *blk, Error **errp)
{
bdrv_invalidate_cache(blk->bs, errp);
}
int blk_is_inserted(BlockBackend *blk)
{
return bdrv_is_inserted(blk->bs);
@@ -609,6 +620,29 @@ void blk_set_aio_context(BlockBackend *blk, AioContext *new_context)
bdrv_set_aio_context(blk->bs, new_context);
}
void blk_add_aio_context_notifier(BlockBackend *blk,
void (*attached_aio_context)(AioContext *new_context, void *opaque),
void (*detach_aio_context)(void *opaque), void *opaque)
{
bdrv_add_aio_context_notifier(blk->bs, attached_aio_context,
detach_aio_context, opaque);
}
void blk_remove_aio_context_notifier(BlockBackend *blk,
void (*attached_aio_context)(AioContext *,
void *),
void (*detach_aio_context)(void *),
void *opaque)
{
bdrv_remove_aio_context_notifier(blk->bs, attached_aio_context,
detach_aio_context, opaque);
}
void blk_add_close_notifier(BlockBackend *blk, Notifier *notify)
{
bdrv_add_close_notifier(blk->bs, notify);
}
void blk_io_plug(BlockBackend *blk)
{
bdrv_io_plug(blk->bs);

View File

@@ -1286,7 +1286,7 @@ static int iscsi_open(BlockDriverState *bs, QDict *options, int flags,
QemuOpts *opts;
Error *local_err = NULL;
const char *filename;
int i, ret;
int i, ret = 0;
if ((BDRV_SECTOR_SIZE % 512) != 0) {
error_setg(errp, "iSCSI: Invalid BDRV_SECTOR_SIZE. "

View File

@@ -35,14 +35,14 @@ struct qemu_laiocb {
size_t nbytes;
QEMUIOVector *qiov;
bool is_read;
QLIST_ENTRY(qemu_laiocb) node;
QSIMPLEQ_ENTRY(qemu_laiocb) next;
};
typedef struct {
struct iocb *iocbs[MAX_QUEUED_IO];
int plugged;
unsigned int size;
unsigned int idx;
unsigned int n;
bool blocked;
QSIMPLEQ_HEAD(, qemu_laiocb) pending;
} LaioQueue;
struct qemu_laio_state {
@@ -59,6 +59,8 @@ struct qemu_laio_state {
int event_max;
};
static void ioq_submit(struct qemu_laio_state *s);
static inline ssize_t io_event_ret(struct io_event *ev)
{
return (ssize_t)(((uint64_t)ev->res2 << 32) | ev->res);
@@ -135,6 +137,10 @@ static void qemu_laio_completion_bh(void *opaque)
qemu_laio_process_completion(s, laiocb);
}
if (!s->io_q.plugged && !QSIMPLEQ_EMPTY(&s->io_q.pending)) {
ioq_submit(s);
}
}
static void qemu_laio_completion_cb(EventNotifier *e)
@@ -172,50 +178,41 @@ static const AIOCBInfo laio_aiocb_info = {
static void ioq_init(LaioQueue *io_q)
{
io_q->size = MAX_QUEUED_IO;
io_q->idx = 0;
QSIMPLEQ_INIT(&io_q->pending);
io_q->plugged = 0;
io_q->n = 0;
io_q->blocked = false;
}
static int ioq_submit(struct qemu_laio_state *s)
static void ioq_submit(struct qemu_laio_state *s)
{
int ret, i = 0;
int len = s->io_q.idx;
int ret, len;
struct qemu_laiocb *aiocb;
struct iocb *iocbs[MAX_QUEUED_IO];
QSIMPLEQ_HEAD(, qemu_laiocb) completed;
do {
ret = io_submit(s->ctx, len, s->io_q.iocbs);
} while (i++ < 3 && ret == -EAGAIN);
len = 0;
QSIMPLEQ_FOREACH(aiocb, &s->io_q.pending, next) {
iocbs[len++] = &aiocb->iocb;
if (len == MAX_QUEUED_IO) {
break;
}
}
/* empty io queue */
s->io_q.idx = 0;
ret = io_submit(s->ctx, len, iocbs);
if (ret == -EAGAIN) {
break;
}
if (ret < 0) {
abort();
}
if (ret < 0) {
i = 0;
} else {
i = ret;
}
for (; i < len; i++) {
struct qemu_laiocb *laiocb =
container_of(s->io_q.iocbs[i], struct qemu_laiocb, iocb);
laiocb->ret = (ret < 0) ? ret : -EIO;
qemu_laio_process_completion(s, laiocb);
}
return ret;
}
static void ioq_enqueue(struct qemu_laio_state *s, struct iocb *iocb)
{
unsigned int idx = s->io_q.idx;
s->io_q.iocbs[idx++] = iocb;
s->io_q.idx = idx;
/* submit immediately if queue is full */
if (idx == s->io_q.size) {
ioq_submit(s);
}
s->io_q.n -= ret;
aiocb = container_of(iocbs[ret - 1], struct qemu_laiocb, iocb);
QSIMPLEQ_SPLIT_AFTER(&s->io_q.pending, aiocb, next, &completed);
} while (ret == len && !QSIMPLEQ_EMPTY(&s->io_q.pending));
s->io_q.blocked = (s->io_q.n > 0);
}
void laio_io_plug(BlockDriverState *bs, void *aio_ctx)
@@ -225,22 +222,19 @@ void laio_io_plug(BlockDriverState *bs, void *aio_ctx)
s->io_q.plugged++;
}
int laio_io_unplug(BlockDriverState *bs, void *aio_ctx, bool unplug)
void laio_io_unplug(BlockDriverState *bs, void *aio_ctx, bool unplug)
{
struct qemu_laio_state *s = aio_ctx;
int ret = 0;
assert(s->io_q.plugged > 0 || !unplug);
if (unplug && --s->io_q.plugged > 0) {
return 0;
return;
}
if (s->io_q.idx > 0) {
ret = ioq_submit(s);
if (!s->io_q.blocked && !QSIMPLEQ_EMPTY(&s->io_q.pending)) {
ioq_submit(s);
}
return ret;
}
BlockAIOCB *laio_submit(BlockDriverState *bs, void *aio_ctx, int fd,
@@ -276,12 +270,11 @@ BlockAIOCB *laio_submit(BlockDriverState *bs, void *aio_ctx, int fd,
}
io_set_eventfd(&laiocb->iocb, event_notifier_get_fd(&s->e));
if (!s->io_q.plugged) {
if (io_submit(s->ctx, 1, &iocbs) < 0) {
goto out_free_aiocb;
}
} else {
ioq_enqueue(s, iocbs);
QSIMPLEQ_INSERT_TAIL(&s->io_q.pending, laiocb, next);
s->io_q.n++;
if (!s->io_q.blocked &&
(!s->io_q.plugged || s->io_q.n >= MAX_QUEUED_IO)) {
ioq_submit(s);
}
return &laiocb->common;

View File

@@ -128,7 +128,8 @@ static void mirror_write_complete(void *opaque, int ret)
BlockDriverState *source = s->common.bs;
BlockErrorAction action;
bdrv_set_dirty(source, op->sector_num, op->nb_sectors);
bdrv_set_dirty_bitmap(source, s->dirty_bitmap, op->sector_num,
op->nb_sectors);
action = mirror_error_action(s, false, -ret);
if (action == BLOCK_ERROR_ACTION_REPORT && s->ret >= 0) {
s->ret = ret;
@@ -145,7 +146,8 @@ static void mirror_read_complete(void *opaque, int ret)
BlockDriverState *source = s->common.bs;
BlockErrorAction action;
bdrv_set_dirty(source, op->sector_num, op->nb_sectors);
bdrv_set_dirty_bitmap(source, s->dirty_bitmap, op->sector_num,
op->nb_sectors);
action = mirror_error_action(s, true, -ret);
if (action == BLOCK_ERROR_ACTION_REPORT && s->ret >= 0) {
s->ret = ret;
@@ -286,7 +288,8 @@ static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s)
next_sector += sectors_per_chunk;
}
bdrv_reset_dirty(source, sector_num, nb_sectors);
bdrv_reset_dirty_bitmap(source, s->dirty_bitmap, sector_num,
nb_sectors);
/* Copy the dirty cluster. */
s->in_flight++;
@@ -442,7 +445,7 @@ static void coroutine_fn mirror_run(void *opaque)
assert(n > 0);
if (ret == 1) {
bdrv_set_dirty(bs, sector_num, n);
bdrv_set_dirty_bitmap(bs, s->dirty_bitmap, sector_num, n);
sector_num = next;
} else {
sector_num += n;

View File

@@ -409,6 +409,19 @@ out:
return ret;
}
static QemuOptsList nfs_create_opts = {
.name = "nfs-create-opts",
.head = QTAILQ_HEAD_INITIALIZER(nfs_create_opts.head),
.desc = {
{
.name = BLOCK_OPT_SIZE,
.type = QEMU_OPT_SIZE,
.help = "Virtual disk size"
},
{ /* end of list */ }
}
};
static int nfs_file_create(const char *url, QemuOpts *opts, Error **errp)
{
int ret = 0;
@@ -470,6 +483,8 @@ static BlockDriver bdrv_nfs = {
.instance_size = sizeof(NFSClient),
.bdrv_needs_filename = true,
.create_opts = &nfs_create_opts,
.bdrv_has_zero_init = nfs_has_zero_init,
.bdrv_get_allocated_file_size = nfs_get_allocated_file_size,
.bdrv_truncate = nfs_file_truncate,

View File

@@ -29,13 +29,6 @@
#include "qapi/qmp-output-visitor.h"
#include "qapi/qmp/types.h"
#include "sysemu/block-backend.h"
#ifdef __linux__
#include <linux/fs.h>
#include <sys/ioctl.h>
#ifndef FS_NOCOW_FL
#define FS_NOCOW_FL 0x00800000 /* Do not cow file */
#endif
#endif
BlockDeviceInfo *bdrv_block_device_info(BlockDriverState *bs)
{
@@ -47,6 +40,13 @@ BlockDeviceInfo *bdrv_block_device_info(BlockDriverState *bs)
info->encrypted = bs->encrypted;
info->encryption_key_missing = bdrv_key_required(bs);
info->cache = g_new(BlockdevCacheInfo, 1);
*info->cache = (BlockdevCacheInfo) {
.writeback = bdrv_enable_write_cache(bs),
.direct = !!(bs->open_flags & BDRV_O_NOCACHE),
.no_flush = !!(bs->open_flags & BDRV_O_NO_FLUSH),
};
if (bs->node_name[0]) {
info->has_node_name = true;
info->node_name = g_strdup(bs->node_name);
@@ -180,9 +180,6 @@ void bdrv_query_image_info(BlockDriverState *bs,
int ret;
Error *err = NULL;
ImageInfo *info;
#ifdef __linux__
int fd, attr;
#endif
size = bdrv_getlength(bs);
if (size < 0) {
@@ -212,24 +209,17 @@ void bdrv_query_image_info(BlockDriverState *bs,
info->format_specific = bdrv_get_specific_info(bs);
info->has_format_specific = info->format_specific != NULL;
#ifdef __linux__
/* get NOCOW info */
fd = qemu_open(bs->filename, O_RDONLY | O_NONBLOCK);
if (fd >= 0) {
if (ioctl(fd, FS_IOC_GETFLAGS, &attr) == 0 && (attr & FS_NOCOW_FL)) {
info->has_nocow = true;
info->nocow = true;
}
qemu_close(fd);
}
#endif
backing_filename = bs->backing_file;
if (backing_filename[0] != '\0') {
info->backing_filename = g_strdup(backing_filename);
info->has_backing_filename = true;
bdrv_get_full_backing_filename(bs, backing_filename2,
sizeof(backing_filename2));
sizeof(backing_filename2), &err);
if (err) {
error_propagate(errp, err);
qapi_free_ImageInfo(info);
return;
}
if (strcmp(backing_filename, backing_filename2) != 0) {
info->full_backing_filename =
@@ -322,7 +312,8 @@ static void bdrv_query_info(BlockBackend *blk, BlockInfo **p_info,
qapi_free_BlockInfo(info);
}
static BlockStats *bdrv_query_stats(const BlockDriverState *bs)
static BlockStats *bdrv_query_stats(const BlockDriverState *bs,
bool query_backing)
{
BlockStats *s;
@@ -333,6 +324,11 @@ static BlockStats *bdrv_query_stats(const BlockDriverState *bs)
s->device = g_strdup(bdrv_get_device_name(bs));
}
if (bdrv_get_node_name(bs)[0]) {
s->has_node_name = true;
s->node_name = g_strdup(bdrv_get_node_name(bs));
}
s->stats = g_malloc0(sizeof(*s->stats));
s->stats->rd_bytes = bs->stats.nr_bytes[BLOCK_ACCT_READ];
s->stats->wr_bytes = bs->stats.nr_bytes[BLOCK_ACCT_WRITE];
@@ -347,12 +343,12 @@ static BlockStats *bdrv_query_stats(const BlockDriverState *bs)
if (bs->file) {
s->has_parent = true;
s->parent = bdrv_query_stats(bs->file);
s->parent = bdrv_query_stats(bs->file, query_backing);
}
if (bs->backing_hd) {
if (query_backing && bs->backing_hd) {
s->has_backing = true;
s->backing = bdrv_query_stats(bs->backing_hd);
s->backing = bdrv_query_stats(bs->backing_hd, query_backing);
}
return s;
@@ -383,17 +379,22 @@ BlockInfoList *qmp_query_block(Error **errp)
return NULL;
}
BlockStatsList *qmp_query_blockstats(Error **errp)
BlockStatsList *qmp_query_blockstats(bool has_query_nodes,
bool query_nodes,
Error **errp)
{
BlockStatsList *head = NULL, **p_next = &head;
BlockDriverState *bs = NULL;
while ((bs = bdrv_next(bs))) {
/* Just to be safe if query_nodes is not always initialized */
query_nodes = has_query_nodes && query_nodes;
while ((bs = query_nodes ? bdrv_next_node(bs) : bdrv_next(bs))) {
BlockStatsList *info = g_malloc0(sizeof(*info));
AioContext *ctx = bdrv_get_aio_context(bs);
aio_context_acquire(ctx);
info->value = bdrv_query_stats(bs);
info->value = bdrv_query_stats(bs, !query_nodes);
aio_context_release(ctx);
*p_next = info;
@@ -655,8 +656,4 @@ void bdrv_image_info_dump(fprintf_function func_fprintf, void *f,
func_fprintf(f, "Format specific information:\n");
bdrv_image_info_specific_dump(func_fprintf, f, info->format_specific);
}
if (info->has_nocow && info->nocow) {
func_fprintf(f, "NOCOW flag: set\n");
}
}

View File

@@ -1263,7 +1263,7 @@ int qcow2_alloc_cluster_offset(BlockDriverState *bs, uint64_t offset,
again:
start = offset;
remaining = *num << BDRV_SECTOR_BITS;
remaining = (uint64_t)*num << BDRV_SECTOR_BITS;
cluster_offset = 0;
*host_offset = 0;
cur_bytes = 0;

View File

@@ -117,7 +117,7 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
#ifdef DEBUG_EXT
printf("ext.magic = 0x%x\n", ext.magic);
#endif
if (ext.len > end_offset - offset) {
if (offset > end_offset || ext.len > end_offset - offset) {
error_setg(errp, "Header extension too large");
return -EINVAL;
}
@@ -1428,10 +1428,23 @@ static void qcow2_close(BlockDriverState *bs)
s->l1_table = NULL;
if (!(bs->open_flags & BDRV_O_INCOMING)) {
qcow2_cache_flush(bs, s->l2_table_cache);
qcow2_cache_flush(bs, s->refcount_block_cache);
int ret1, ret2;
qcow2_mark_clean(bs);
ret1 = qcow2_cache_flush(bs, s->l2_table_cache);
ret2 = qcow2_cache_flush(bs, s->refcount_block_cache);
if (ret1) {
error_report("Failed to flush the L2 table cache: %s",
strerror(-ret1));
}
if (ret2) {
error_report("Failed to flush the refcount block cache: %s",
strerror(-ret2));
}
if (!ret1 && !ret2) {
qcow2_mark_clean(bs);
}
}
qcow2_cache_destroy(bs, s->l2_table_cache);
@@ -1915,10 +1928,9 @@ static int qcow2_create2(const char *filename, int64_t total_size,
* refcount of the cluster that is occupied by the header and the refcount
* table)
*/
BlockDriver* drv = bdrv_find_format("qcow2");
assert(drv != NULL);
ret = bdrv_open(&bs, filename, NULL, NULL,
BDRV_O_RDWR | BDRV_O_CACHE_WB | BDRV_O_NO_FLUSH, drv, &local_err);
BDRV_O_RDWR | BDRV_O_CACHE_WB | BDRV_O_NO_FLUSH,
&bdrv_qcow2, &local_err);
if (ret < 0) {
error_propagate(errp, local_err);
goto out;
@@ -1970,7 +1982,7 @@ static int qcow2_create2(const char *filename, int64_t total_size,
/* Reopen the image without BDRV_O_NO_FLUSH to flush it before returning */
ret = bdrv_open(&bs, filename, NULL, NULL,
BDRV_O_RDWR | BDRV_O_CACHE_WB | BDRV_O_NO_BACKING,
drv, &local_err);
&bdrv_qcow2, &local_err);
if (local_err) {
error_propagate(errp, local_err);
goto out;
@@ -2150,8 +2162,7 @@ static int qcow2_write_compressed(BlockDriverState *bs, int64_t sector_num,
/* align end of file to a sector boundary to ease reading with
sector based I/Os */
cluster_offset = bdrv_getlength(bs->file);
bdrv_truncate(bs->file, cluster_offset);
return 0;
return bdrv_truncate(bs->file, cluster_offset);
}
if (nb_sectors != s->cluster_sectors) {
@@ -2847,7 +2858,7 @@ static QemuOptsList qcow2_create_opts = {
}
};
static BlockDriver bdrv_qcow2 = {
BlockDriver bdrv_qcow2 = {
.format_name = "qcow2",
.instance_size = sizeof(BDRVQcowState),
.bdrv_probe = qcow2_probe,

View File

@@ -41,7 +41,7 @@ BlockAIOCB *laio_submit(BlockDriverState *bs, void *aio_ctx, int fd,
void laio_detach_aio_context(void *s, AioContext *old_context);
void laio_attach_aio_context(void *s, AioContext *new_context);
void laio_io_plug(BlockDriverState *bs, void *aio_ctx);
int laio_io_unplug(BlockDriverState *bs, void *aio_ctx, bool unplug);
void laio_io_unplug(BlockDriverState *bs, void *aio_ctx, bool unplug);
#endif
#ifdef _WIN32

View File

@@ -60,9 +60,6 @@
#define FS_NOCOW_FL 0x00800000 /* Do not cow file */
#endif
#endif
#ifdef CONFIG_FIEMAP
#include <linux/fiemap.h>
#endif
#ifdef CONFIG_FALLOCATE_PUNCH_HOLE
#include <linux/falloc.h>
#endif
@@ -151,9 +148,6 @@ typedef struct BDRVRawState {
bool has_write_zeroes:1;
bool discard_zeroes:1;
bool needs_alignment;
#ifdef CONFIG_FIEMAP
bool skip_fiemap;
#endif
} BDRVRawState;
typedef struct BDRVRawReopenState {
@@ -452,6 +446,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
}
if (fstat(s->fd, &st) < 0) {
ret = -errno;
error_setg_errno(errp, errno, "Could not stat file");
goto fail;
}
@@ -1457,9 +1452,16 @@ static int raw_create(const char *filename, QemuOpts *opts, Error **errp)
"Could not write to the new file");
break;
}
left -= num;
left -= result;
}
if (result >= 0) {
result = fsync(fd);
if (result < 0) {
result = -errno;
error_setg_errno(errp, -result,
"Could not flush new file to disk");
}
}
fsync(fd);
g_free(buf);
break;
}
@@ -1481,83 +1483,93 @@ out:
return result;
}
static int try_fiemap(BlockDriverState *bs, off_t start, off_t *data,
off_t *hole, int nb_sectors)
{
#ifdef CONFIG_FIEMAP
BDRVRawState *s = bs->opaque;
int ret = 0;
struct {
struct fiemap fm;
struct fiemap_extent fe;
} f;
if (s->skip_fiemap) {
return -ENOTSUP;
}
f.fm.fm_start = start;
f.fm.fm_length = (int64_t)nb_sectors * BDRV_SECTOR_SIZE;
f.fm.fm_flags = FIEMAP_FLAG_SYNC;
f.fm.fm_extent_count = 1;
f.fm.fm_reserved = 0;
if (ioctl(s->fd, FS_IOC_FIEMAP, &f) == -1) {
s->skip_fiemap = true;
return -errno;
}
if (f.fm.fm_mapped_extents == 0) {
/* No extents found, data is beyond f.fm.fm_start + f.fm.fm_length.
* f.fm.fm_start + f.fm.fm_length must be clamped to the file size!
*/
off_t length = lseek(s->fd, 0, SEEK_END);
*hole = f.fm.fm_start;
*data = MIN(f.fm.fm_start + f.fm.fm_length, length);
} else {
*data = f.fe.fe_logical;
*hole = f.fe.fe_logical + f.fe.fe_length;
if (f.fe.fe_flags & FIEMAP_EXTENT_UNWRITTEN) {
ret |= BDRV_BLOCK_ZERO;
}
}
return ret;
#else
return -ENOTSUP;
#endif
}
static int try_seek_hole(BlockDriverState *bs, off_t start, off_t *data,
off_t *hole)
/*
* Find allocation range in @bs around offset @start.
* May change underlying file descriptor's file offset.
* If @start is not in a hole, store @start in @data, and the
* beginning of the next hole in @hole, and return 0.
* If @start is in a non-trailing hole, store @start in @hole and the
* beginning of the next non-hole in @data, and return 0.
* If @start is in a trailing hole or beyond EOF, return -ENXIO.
* If we can't find out, return a negative errno other than -ENXIO.
*/
static int find_allocation(BlockDriverState *bs, off_t start,
off_t *data, off_t *hole)
{
#if defined SEEK_HOLE && defined SEEK_DATA
BDRVRawState *s = bs->opaque;
off_t offs;
*hole = lseek(s->fd, start, SEEK_HOLE);
if (*hole == -1) {
return -errno;
/*
* SEEK_DATA cases:
* D1. offs == start: start is in data
* D2. offs > start: start is in a hole, next data at offs
* D3. offs < 0, errno = ENXIO: either start is in a trailing hole
* or start is beyond EOF
* If the latter happens, the file has been truncated behind
* our back since we opened it. All bets are off then.
* Treating like a trailing hole is simplest.
* D4. offs < 0, errno != ENXIO: we learned nothing
*/
offs = lseek(s->fd, start, SEEK_DATA);
if (offs < 0) {
return -errno; /* D3 or D4 */
}
assert(offs >= start);
if (offs > start) {
/* D2: in hole, next data at offs */
*hole = start;
*data = offs;
return 0;
}
if (*hole > start) {
/* D1: in data, end not yet known */
/*
* SEEK_HOLE cases:
* H1. offs == start: start is in a hole
* If this happens here, a hole has been dug behind our back
* since the previous lseek().
* H2. offs > start: either start is in data, next hole at offs,
* or start is in trailing hole, EOF at offs
* Linux treats trailing holes like any other hole: offs ==
* start. Solaris seeks to EOF instead: offs > start (blech).
* If that happens here, a hole has been dug behind our back
* since the previous lseek().
* H3. offs < 0, errno = ENXIO: start is beyond EOF
* If this happens, the file has been truncated behind our
* back since we opened it. Treat it like a trailing hole.
* H4. offs < 0, errno != ENXIO: we learned nothing
* Pretend we know nothing at all, i.e. "forget" about D1.
*/
offs = lseek(s->fd, start, SEEK_HOLE);
if (offs < 0) {
return -errno; /* D1 and (H3 or H4) */
}
assert(offs >= start);
if (offs > start) {
/*
* D1 and H2: either in data, next hole at offs, or it was in
* data but is now in a trailing hole. In the latter case,
* all bets are off. Treating it as if it there was data all
* the way to EOF is safe, so simply do that.
*/
*data = start;
} else {
/* On a hole. We need another syscall to find its end. */
*data = lseek(s->fd, start, SEEK_DATA);
if (*data == -1) {
*data = lseek(s->fd, 0, SEEK_END);
}
*hole = offs;
return 0;
}
return 0;
/* D1 and H1 */
return -EBUSY;
#else
return -ENOTSUP;
#endif
}
/*
* Returns true iff the specified sector is present in the disk image. Drivers
* not implementing the functionality are assumed to not support backing files,
* hence all their sectors are reported as allocated.
* Returns the allocation status of the specified sectors.
*
* If 'sector_num' is beyond the end of the disk image the return value is 0
* and 'pnum' is set to 0.
@@ -1593,28 +1605,26 @@ static int64_t coroutine_fn raw_co_get_block_status(BlockDriverState *bs,
nb_sectors = DIV_ROUND_UP(total_size - start, BDRV_SECTOR_SIZE);
}
ret = try_seek_hole(bs, start, &data, &hole);
if (ret < 0) {
ret = try_fiemap(bs, start, &data, &hole, nb_sectors);
if (ret < 0) {
/* Assume everything is allocated. */
data = 0;
hole = start + nb_sectors * BDRV_SECTOR_SIZE;
ret = 0;
}
}
assert(ret >= 0);
if (data <= start) {
ret = find_allocation(bs, start, &data, &hole);
if (ret == -ENXIO) {
/* Trailing hole */
*pnum = nb_sectors;
ret = BDRV_BLOCK_ZERO;
} else if (ret < 0) {
/* No info available, so pretend there are no holes */
*pnum = nb_sectors;
ret = BDRV_BLOCK_DATA;
} else if (data == start) {
/* On a data extent, compute sectors to the end of the extent. */
*pnum = MIN(nb_sectors, (hole - start) / BDRV_SECTOR_SIZE);
return ret | BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID | start;
ret = BDRV_BLOCK_DATA;
} else {
/* On a hole, compute sectors to the beginning of the next extent. */
assert(hole == start);
*pnum = MIN(nb_sectors, (data - start) / BDRV_SECTOR_SIZE);
return ret | BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID | start;
ret = BDRV_BLOCK_ZERO;
}
return ret | BDRV_BLOCK_OFFSET_VALID | start;
}
static coroutine_fn BlockAIOCB *raw_aio_discard(BlockDriverState *bs,
@@ -1675,7 +1685,7 @@ static QemuOptsList raw_create_opts = {
}
};
static BlockDriver bdrv_file = {
BlockDriver bdrv_file = {
.format_name = "file",
.protocol_name = "file",
.instance_size = sizeof(BDRVRawState),
@@ -1913,7 +1923,7 @@ static int fd_open(BlockDriverState *bs)
return 0;
last_media_present = (s->fd >= 0);
if (s->fd >= 0 &&
(get_clock() - s->fd_open_time) >= FD_OPEN_TIMEOUT) {
(qemu_clock_get_ns(QEMU_CLOCK_REALTIME) - s->fd_open_time) >= FD_OPEN_TIMEOUT) {
qemu_close(s->fd);
s->fd = -1;
#ifdef DEBUG_FLOPPY
@@ -1922,7 +1932,7 @@ static int fd_open(BlockDriverState *bs)
}
if (s->fd < 0) {
if (s->fd_got_error &&
(get_clock() - s->fd_error_time) < FD_OPEN_TIMEOUT) {
(qemu_clock_get_ns(QEMU_CLOCK_REALTIME) - s->fd_error_time) < FD_OPEN_TIMEOUT) {
#ifdef DEBUG_FLOPPY
printf("No floppy (open delayed)\n");
#endif
@@ -1930,7 +1940,7 @@ static int fd_open(BlockDriverState *bs)
}
s->fd = qemu_open(bs->filename, s->open_flags & ~O_NONBLOCK);
if (s->fd < 0) {
s->fd_error_time = get_clock();
s->fd_error_time = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
s->fd_got_error = 1;
if (last_media_present)
s->fd_media_changed = 1;
@@ -1945,7 +1955,7 @@ static int fd_open(BlockDriverState *bs)
}
if (!last_media_present)
s->fd_media_changed = 1;
s->fd_open_time = get_clock();
s->fd_open_time = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
s->fd_got_error = 0;
return 0;
}

View File

@@ -540,7 +540,7 @@ static QemuOptsList raw_create_opts = {
}
};
static BlockDriver bdrv_file = {
BlockDriver bdrv_file = {
.format_name = "file",
.protocol_name = "file",
.instance_size = sizeof(BDRVRawState),

View File

@@ -58,8 +58,58 @@ static int coroutine_fn raw_co_readv(BlockDriverState *bs, int64_t sector_num,
static int coroutine_fn raw_co_writev(BlockDriverState *bs, int64_t sector_num,
int nb_sectors, QEMUIOVector *qiov)
{
void *buf = NULL;
BlockDriver *drv;
QEMUIOVector local_qiov;
int ret;
if (bs->probed && sector_num == 0) {
/* As long as these conditions are true, we can't get partial writes to
* the probe buffer and can just directly check the request. */
QEMU_BUILD_BUG_ON(BLOCK_PROBE_BUF_SIZE != 512);
QEMU_BUILD_BUG_ON(BDRV_SECTOR_SIZE != 512);
if (nb_sectors == 0) {
/* qemu_iovec_to_buf() would fail, but we want to return success
* instead of -EINVAL in this case. */
return 0;
}
buf = qemu_try_blockalign(bs->file, 512);
if (!buf) {
ret = -ENOMEM;
goto fail;
}
ret = qemu_iovec_to_buf(qiov, 0, buf, 512);
if (ret != 512) {
ret = -EINVAL;
goto fail;
}
drv = bdrv_probe_all(buf, 512, NULL);
if (drv != bs->drv) {
ret = -EPERM;
goto fail;
}
/* Use the checked buffer, a malicious guest might be overwriting its
* original buffer in the background. */
qemu_iovec_init(&local_qiov, qiov->niov + 1);
qemu_iovec_add(&local_qiov, buf, 512);
qemu_iovec_concat(&local_qiov, qiov, 512, qiov->size - 512);
qiov = &local_qiov;
}
BLKDBG_EVENT(bs->file, BLKDBG_WRITE_AIO);
return bdrv_co_writev(bs->file, sector_num, nb_sectors, qiov);
ret = bdrv_co_writev(bs->file, sector_num, nb_sectors, qiov);
fail:
if (qiov == &local_qiov) {
qemu_iovec_destroy(&local_qiov);
}
qemu_vfree(buf);
return ret;
}
static int64_t coroutine_fn raw_co_get_block_status(BlockDriverState *bs,
@@ -158,6 +208,18 @@ static int raw_open(BlockDriverState *bs, QDict *options, int flags,
Error **errp)
{
bs->sg = bs->file->sg;
if (bs->probed && !bdrv_is_read_only(bs)) {
fprintf(stderr,
"WARNING: Image format was not specified for '%s' and probing "
"guessed raw.\n"
" Automatically detecting the format is dangerous for "
"raw images, write operations on block 0 will be restricted.\n"
" Specify the 'raw' format explicitly to remove the "
"restrictions.\n",
bs->file->filename);
}
return 0;
}
@@ -173,7 +235,7 @@ static int raw_probe(const uint8_t *buf, int buf_size, const char *filename)
return 1;
}
static BlockDriver bdrv_raw = {
BlockDriver bdrv_raw = {
.format_name = "raw",
.bdrv_probe = &raw_probe,
.bdrv_reopen_prepare = &raw_reopen_prepare,

View File

@@ -459,7 +459,7 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
clientname = qemu_rbd_parse_clientname(conf, clientname_buf);
r = rados_create(&s->cluster, clientname);
if (r < 0) {
error_setg(&local_err, "error initializing");
error_setg(errp, "error initializing");
goto failed_opts;
}
@@ -495,19 +495,19 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
r = rados_connect(s->cluster);
if (r < 0) {
error_setg(&local_err, "error connecting");
error_setg(errp, "error connecting");
goto failed_shutdown;
}
r = rados_ioctx_create(s->cluster, pool, &s->io_ctx);
if (r < 0) {
error_setg(&local_err, "error opening pool %s", pool);
error_setg(errp, "error opening pool %s", pool);
goto failed_shutdown;
}
r = rbd_open(s->io_ctx, s->name, &s->image, s->snap);
if (r < 0) {
error_setg(&local_err, "error reading header from %s", s->name);
error_setg(errp, "error reading header from %s", s->name);
goto failed_open;
}

View File

@@ -120,8 +120,18 @@ typedef unsigned char uuid_t[16];
#define VDI_IS_ALLOCATED(X) ((X) < VDI_DISCARDED)
/* max blocks in image is (0xffffffff / 4) */
#define VDI_BLOCKS_IN_IMAGE_MAX 0x3fffffff
/* The bmap will take up VDI_BLOCKS_IN_IMAGE_MAX * sizeof(uint32_t) bytes; since
* the bmap is read and written in a single operation, its size needs to be
* limited to INT_MAX; furthermore, when opening an image, the bmap size is
* rounded up to be aligned on BDRV_SECTOR_SIZE.
* Therefore this should satisfy the following:
* VDI_BLOCKS_IN_IMAGE_MAX * sizeof(uint32_t) + BDRV_SECTOR_SIZE == INT_MAX + 1
* (INT_MAX + 1 is the first value not representable as an int)
* This guarantees that any value below or equal to the constant will, when
* multiplied by sizeof(uint32_t) and rounded up to a BDRV_SECTOR_SIZE boundary,
* still be below or equal to INT_MAX. */
#define VDI_BLOCKS_IN_IMAGE_MAX \
((unsigned)((INT_MAX + 1u - BDRV_SECTOR_SIZE) / sizeof(uint32_t)))
#define VDI_DISK_SIZE_MAX ((uint64_t)VDI_BLOCKS_IN_IMAGE_MAX * \
(uint64_t)DEFAULT_CLUSTER_SIZE)
@@ -842,11 +852,6 @@ static QemuOptsList vdi_create_opts = {
.def_value_str = "off"
},
#endif
{
.name = BLOCK_OPT_NOCOW,
.type = QEMU_OPT_BOOL,
.help = "Turn off copy-on-write (valid only on btrfs)"
},
/* TODO: An additional option to set UUID values might be useful. */
{ /* end of list */ }
}

View File

@@ -1109,8 +1109,9 @@ static coroutine_fn int vhdx_co_readv(BlockDriverState *bs, int64_t sector_num,
/* check the payload block state */
switch (s->bat[sinfo.bat_idx] & VHDX_BAT_STATE_BIT_MASK) {
case PAYLOAD_BLOCK_NOT_PRESENT: /* fall through */
case PAYLOAD_BLOCK_UNDEFINED: /* fall through */
case PAYLOAD_BLOCK_UNMAPPED: /* fall through */
case PAYLOAD_BLOCK_UNDEFINED:
case PAYLOAD_BLOCK_UNMAPPED:
case PAYLOAD_BLOCK_UNMAPPED_v095:
case PAYLOAD_BLOCK_ZERO:
/* return zero */
qemu_iovec_memset(&hd_qiov, 0, 0, sinfo.bytes_avail);
@@ -1277,11 +1278,11 @@ static coroutine_fn int vhdx_co_writev(BlockDriverState *bs, int64_t sector_num,
sectors_to_write += iov2.iov_len >> BDRV_SECTOR_BITS;
}
}
/* fall through */
case PAYLOAD_BLOCK_NOT_PRESENT: /* fall through */
case PAYLOAD_BLOCK_UNMAPPED: /* fall through */
case PAYLOAD_BLOCK_UNDEFINED: /* fall through */
case PAYLOAD_BLOCK_UNMAPPED:
case PAYLOAD_BLOCK_UNMAPPED_v095:
case PAYLOAD_BLOCK_UNDEFINED:
bat_prior_offset = sinfo.file_offset;
ret = vhdx_allocate_block(bs, s, &sinfo.file_offset);
if (ret < 0) {
@@ -1773,7 +1774,7 @@ static int vhdx_create(const char *filename, QemuOpts *opts, Error **errp)
log_size = qemu_opt_get_size_del(opts, VHDX_BLOCK_OPT_LOG_SIZE, 0);
block_size = qemu_opt_get_size_del(opts, VHDX_BLOCK_OPT_BLOCK_SIZE, 0);
type = qemu_opt_get_del(opts, BLOCK_OPT_SUBFMT);
use_zero_blocks = qemu_opt_get_bool_del(opts, VHDX_BLOCK_OPT_ZERO, false);
use_zero_blocks = qemu_opt_get_bool_del(opts, VHDX_BLOCK_OPT_ZERO, true);
if (image_size > VHDX_MAX_IMAGE_SIZE) {
error_setg_errno(errp, EINVAL, "Image size too large; max of 64TB");
@@ -1935,7 +1936,9 @@ static QemuOptsList vhdx_create_opts = {
{
.name = VHDX_BLOCK_OPT_ZERO,
.type = QEMU_OPT_BOOL,
.help = "Force use of payload blocks of type 'ZERO'. Non-standard."
.help = "Force use of payload blocks of type 'ZERO'. "\
"Non-standard, but default. Do not set to 'off' when "\
"using 'qemu-img convert' with subformat=dynamic."
},
{ NULL }
}
@@ -1953,6 +1956,7 @@ static BlockDriver bdrv_vhdx = {
.bdrv_create = vhdx_create,
.bdrv_get_info = vhdx_get_info,
.bdrv_check = vhdx_check,
.bdrv_has_zero_init = bdrv_has_zero_init_1,
.create_opts = &vhdx_create_opts,
};

View File

@@ -226,7 +226,8 @@ typedef struct QEMU_PACKED VHDXLogDataSector {
#define PAYLOAD_BLOCK_NOT_PRESENT 0
#define PAYLOAD_BLOCK_UNDEFINED 1
#define PAYLOAD_BLOCK_ZERO 2
#define PAYLOAD_BLOCK_UNMAPPED 5
#define PAYLOAD_BLOCK_UNMAPPED 3
#define PAYLOAD_BLOCK_UNMAPPED_v095 5
#define PAYLOAD_BLOCK_FULLY_PRESENT 6
#define PAYLOAD_BLOCK_PARTIALLY_PRESENT 7

View File

@@ -28,6 +28,7 @@
#include "qemu/module.h"
#include "migration/migration.h"
#include <zlib.h>
#include <glib.h>
#define VMDK3_MAGIC (('C' << 24) | ('O' << 16) | ('W' << 8) | 'D')
#define VMDK4_MAGIC (('K' << 24) | ('D' << 16) | ('M' << 8) | 'V')
@@ -556,8 +557,16 @@ static char *vmdk_read_desc(BlockDriverState *file, uint64_t desc_offset,
return NULL;
}
size = MIN(size, 1 << 20); /* avoid unbounded allocation */
buf = g_malloc0(size + 1);
if (size < 4) {
/* Both descriptor file and sparse image must be much larger than 4
* bytes, also callers of vmdk_read_desc want to compare the first 4
* bytes with VMDK4_MAGIC, let's error out if less is read. */
error_setg(errp, "File is too small, not a valid image");
return NULL;
}
size = MIN(size, (1 << 20) - 1); /* avoid unbounded allocation */
buf = g_malloc(size + 1);
ret = bdrv_pread(file, desc_offset, buf, size);
if (ret < 0) {
@@ -565,6 +574,7 @@ static char *vmdk_read_desc(BlockDriverState *file, uint64_t desc_offset,
g_free(buf);
return NULL;
}
buf[ret] = 0;
return buf;
}
@@ -635,6 +645,7 @@ static int vmdk_open_vmdk4(BlockDriverState *bs,
bs->file->total_sectors * 512 - 1536,
&footer, sizeof(footer));
if (ret < 0) {
error_setg_errno(errp, -ret, "Failed to read footer");
return ret;
}
@@ -646,6 +657,7 @@ static int vmdk_open_vmdk4(BlockDriverState *bs,
le32_to_cpu(footer.eos_marker.size) != 0 ||
le32_to_cpu(footer.eos_marker.type) != MARKER_END_OF_STREAM)
{
error_setg(errp, "Invalid footer");
return -EINVAL;
}
@@ -676,6 +688,7 @@ static int vmdk_open_vmdk4(BlockDriverState *bs,
l1_entry_sectors = le32_to_cpu(header.num_gtes_per_gt)
* le64_to_cpu(header.granularity);
if (l1_entry_sectors == 0) {
error_setg(errp, "L1 entry size is invalid");
return -EINVAL;
}
l1_size = (le64_to_cpu(header.capacity) + l1_entry_sectors - 1)
@@ -784,10 +797,12 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
VmdkExtent *extent;
while (*p) {
/* parse extent line:
/* parse extent line in one of below formats:
*
* RW [size in sectors] FLAT "file-name.vmdk" OFFSET
* or
* RW [size in sectors] SPARSE "file-name.vmdk"
* RW [size in sectors] VMFS "file-name.vmdk"
* RW [size in sectors] VMFSSPARSE "file-name.vmdk"
*/
flat_offset = -1;
ret = sscanf(p, "%10s %" SCNd64 " %10s \"%511[^\n\r\"]\" %" SCNd64,
@@ -818,6 +833,14 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
goto next_line;
}
if (!path_is_absolute(fname) && !path_has_protocol(fname) &&
!desc_file_path[0])
{
error_setg(errp, "Cannot use relative extent paths with VMDK "
"descriptor file '%s'", bs->file->filename);
return -EINVAL;
}
path_combine(extent_path, sizeof(extent_path),
desc_file_path, fname);
extent_file = NULL;
@@ -894,7 +917,7 @@ static int vmdk_open_desc_file(BlockDriverState *bs, int flags, char *buf,
}
s->create_type = g_strdup(ct);
s->desc_offset = 0;
ret = vmdk_parse_extents(buf, bs, bs->file->filename, errp);
ret = vmdk_parse_extents(buf, bs, bs->file->exact_filename, errp);
exit:
return ret;
}
@@ -902,7 +925,7 @@ exit:
static int vmdk_open(BlockDriverState *bs, QDict *options, int flags,
Error **errp)
{
char *buf = NULL;
char *buf;
int ret;
BDRVVmdkState *s = bs->opaque;
uint32_t magic;
@@ -1538,7 +1561,7 @@ static int vmdk_write(BlockDriverState *bs, int64_t sector_num,
/* update CID on the first write every time the virtual disk is
* opened */
if (!s->cid_updated) {
ret = vmdk_write_cid(bs, time(NULL));
ret = vmdk_write_cid(bs, g_random_int());
if (ret < 0) {
return ret;
}
@@ -1868,8 +1891,19 @@ static int vmdk_create(const char *filename, QemuOpts *opts, Error **errp)
}
if (backing_file) {
BlockDriverState *bs = NULL;
ret = bdrv_open(&bs, backing_file, NULL, NULL, BDRV_O_NO_BACKING, NULL,
char *full_backing = g_new0(char, PATH_MAX);
bdrv_get_full_backing_filename_from_filename(filename, backing_file,
full_backing, PATH_MAX,
&local_err);
if (local_err) {
g_free(full_backing);
error_propagate(errp, local_err);
ret = -ENOENT;
goto exit;
}
ret = bdrv_open(&bs, full_backing, NULL, NULL, BDRV_O_NO_BACKING, NULL,
errp);
g_free(full_backing);
if (ret != 0) {
goto exit;
}
@@ -1922,7 +1956,7 @@ static int vmdk_create(const char *filename, QemuOpts *opts, Error **errp)
}
/* generate descriptor file */
desc = g_strdup_printf(desc_template,
(uint32_t)time(NULL),
g_random_int(),
parent_cid,
fmt,
parent_desc_line,
@@ -2137,23 +2171,29 @@ static ImageInfoSpecific *vmdk_get_specific_info(BlockDriverState *bs)
return spec_info;
}
static bool vmdk_extents_type_eq(const VmdkExtent *a, const VmdkExtent *b)
{
return a->flat == b->flat &&
a->compressed == b->compressed &&
(a->flat || a->cluster_sectors == b->cluster_sectors);
}
static int vmdk_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
{
int i;
BDRVVmdkState *s = bs->opaque;
assert(s->num_extents);
/* See if we have multiple extents but they have different cases */
for (i = 1; i < s->num_extents; i++) {
if (!vmdk_extents_type_eq(&s->extents[0], &s->extents[i])) {
return -ENOTSUP;
}
}
bdi->needs_compressed_writes = s->extents[0].compressed;
if (!s->extents[0].flat) {
bdi->cluster_size = s->extents[0].cluster_sectors << BDRV_SECTOR_BITS;
}
/* See if we have multiple extents but they have different cases */
for (i = 1; i < s->num_extents; i++) {
if (bdi->needs_compressed_writes != s->extents[i].compressed ||
(bdi->cluster_size && bdi->cluster_size !=
s->extents[i].cluster_sectors << BDRV_SECTOR_BITS)) {
return -ENOTSUP;
}
}
return 0;
}

View File

@@ -893,11 +893,6 @@ static QemuOptsList vpc_create_opts = {
"Type of virtual hard disk format. Supported formats are "
"{dynamic (default) | fixed} "
},
{
.name = BLOCK_OPT_NOCOW,
.type = QEMU_OPT_BOOL,
.help = "Turn off copy-on-write (valid only on btrfs)"
},
{ /* end of list */ }
}
};

View File

@@ -2917,6 +2917,12 @@ static int enable_write_target(BDRVVVFATState *s, Error **errp)
}
bdrv_qcow = bdrv_find_format("qcow");
if (!bdrv_qcow) {
error_setg(errp, "Failed to locate qcow driver");
ret = -ENOENT;
goto err;
}
opts = qemu_opts_create(bdrv_qcow->create_opts, NULL, 0, &error_abort);
qemu_opt_set_number(opts, BLOCK_OPT_SIZE, s->sector_count * 512);
qemu_opt_set(opts, BLOCK_OPT_BACKING_FILE, "fat:");

View File

@@ -10,6 +10,7 @@
*/
#include "sysemu/blockdev.h"
#include "sysemu/block-backend.h"
#include "hw/block/block.h"
#include "monitor/monitor.h"
#include "qapi/qmp/qerror.h"
@@ -73,7 +74,7 @@ static void nbd_close_notifier(Notifier *n, void *data)
void qmp_nbd_server_add(const char *device, bool has_writable, bool writable,
Error **errp)
{
BlockDriverState *bs;
BlockBackend *blk;
NBDExport *exp;
NBDCloseNotifier *n;
@@ -87,12 +88,12 @@ void qmp_nbd_server_add(const char *device, bool has_writable, bool writable,
return;
}
bs = bdrv_find(device);
if (!bs) {
blk = blk_by_name(device);
if (!blk) {
error_set(errp, QERR_DEVICE_NOT_FOUND, device);
return;
}
if (!bdrv_is_inserted(bs)) {
if (!blk_is_inserted(blk)) {
error_set(errp, QERR_DEVICE_HAS_NO_MEDIUM, device);
return;
}
@@ -100,18 +101,18 @@ void qmp_nbd_server_add(const char *device, bool has_writable, bool writable,
if (!has_writable) {
writable = false;
}
if (bdrv_is_read_only(bs)) {
if (blk_is_read_only(blk)) {
writable = false;
}
exp = nbd_export_new(bs, 0, -1, writable ? 0 : NBD_FLAG_READ_ONLY, NULL);
exp = nbd_export_new(blk, 0, -1, writable ? 0 : NBD_FLAG_READ_ONLY, NULL);
nbd_export_set_name(exp, device);
n = g_new0(NBDCloseNotifier, 1);
n->n.notify = nbd_close_notifier;
n->exp = exp;
bdrv_add_close_notifier(bs, &n->n);
blk_add_close_notifier(blk, &n->n);
QTAILQ_INSERT_TAIL(&close_notifiers, n, next);
}

View File

@@ -1105,6 +1105,7 @@ SnapshotInfo *qmp_blockdev_snapshot_delete_internal_sync(const char *device,
Error **errp)
{
BlockDriverState *bs = bdrv_find(device);
AioContext *aio_context;
QEMUSnapshotInfo sn;
Error *local_err = NULL;
SnapshotInfo *info = NULL;
@@ -1128,25 +1129,34 @@ SnapshotInfo *qmp_blockdev_snapshot_delete_internal_sync(const char *device,
return NULL;
}
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT_DELETE, errp)) {
goto out_aio_context;
}
ret = bdrv_snapshot_find_by_id_and_name(bs, id, name, &sn, &local_err);
if (local_err) {
error_propagate(errp, local_err);
return NULL;
goto out_aio_context;
}
if (!ret) {
error_setg(errp,
"Snapshot with id '%s' and name '%s' does not exist on "
"device '%s'",
STR_OR_NULL(id), STR_OR_NULL(name), device);
return NULL;
goto out_aio_context;
}
bdrv_snapshot_delete(bs, id, name, &local_err);
if (local_err) {
error_propagate(errp, local_err);
return NULL;
goto out_aio_context;
}
aio_context_release(aio_context);
info = g_new0(SnapshotInfo, 1);
info->id = g_strdup(sn.id_str);
info->name = g_strdup(sn.name);
@@ -1157,9 +1167,13 @@ SnapshotInfo *qmp_blockdev_snapshot_delete_internal_sync(const char *device,
info->vm_clock_sec = sn.vm_clock_nsec / 1000000000;
return info;
out_aio_context:
aio_context_release(aio_context);
return NULL;
}
/* New and old BlockDriverState structs for group snapshots */
/* New and old BlockDriverState structs for atomic group operations */
typedef struct BlkTransactionState BlkTransactionState;
@@ -1193,6 +1207,7 @@ struct BlkTransactionState {
typedef struct InternalSnapshotState {
BlkTransactionState common;
BlockDriverState *bs;
AioContext *aio_context;
QEMUSnapshotInfo sn;
} InternalSnapshotState;
@@ -1226,11 +1241,19 @@ static void internal_snapshot_prepare(BlkTransactionState *common,
return;
}
/* AioContext is released in .clean() */
state->aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(state->aio_context);
if (!bdrv_is_inserted(bs)) {
error_set(errp, QERR_DEVICE_HAS_NO_MEDIUM, device);
return;
}
if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT, errp)) {
return;
}
if (bdrv_is_read_only(bs)) {
error_set(errp, QERR_DEVICE_IS_READ_ONLY, device);
return;
@@ -1303,11 +1326,22 @@ static void internal_snapshot_abort(BlkTransactionState *common)
}
}
static void internal_snapshot_clean(BlkTransactionState *common)
{
InternalSnapshotState *state = DO_UPCAST(InternalSnapshotState,
common, common);
if (state->aio_context) {
aio_context_release(state->aio_context);
}
}
/* external snapshot private data */
typedef struct ExternalSnapshotState {
BlkTransactionState common;
BlockDriverState *old_bs;
BlockDriverState *new_bs;
AioContext *aio_context;
} ExternalSnapshotState;
static void external_snapshot_prepare(BlkTransactionState *common,
@@ -1374,6 +1408,10 @@ static void external_snapshot_prepare(BlkTransactionState *common,
return;
}
/* Acquire AioContext now so any threads operating on old_bs stop */
state->aio_context = bdrv_get_aio_context(state->old_bs);
aio_context_acquire(state->aio_context);
if (!bdrv_is_inserted(state->old_bs)) {
error_set(errp, QERR_DEVICE_HAS_NO_MEDIUM, device);
return;
@@ -1432,6 +1470,8 @@ static void external_snapshot_commit(BlkTransactionState *common)
ExternalSnapshotState *state =
DO_UPCAST(ExternalSnapshotState, common, common);
bdrv_set_aio_context(state->new_bs, state->aio_context);
/* This removes our old bs and adds the new bs */
bdrv_append(state->new_bs, state->old_bs);
/* We don't need (or want) to use the transactional
@@ -1439,6 +1479,8 @@ static void external_snapshot_commit(BlkTransactionState *common)
* don't want to abort all of them if one of them fails the reopen */
bdrv_reopen(state->new_bs, state->new_bs->open_flags & ~BDRV_O_RDWR,
NULL);
aio_context_release(state->aio_context);
}
static void external_snapshot_abort(BlkTransactionState *common)
@@ -1448,23 +1490,38 @@ static void external_snapshot_abort(BlkTransactionState *common)
if (state->new_bs) {
bdrv_unref(state->new_bs);
}
if (state->aio_context) {
aio_context_release(state->aio_context);
}
}
typedef struct DriveBackupState {
BlkTransactionState common;
BlockDriverState *bs;
AioContext *aio_context;
BlockJob *job;
} DriveBackupState;
static void drive_backup_prepare(BlkTransactionState *common, Error **errp)
{
DriveBackupState *state = DO_UPCAST(DriveBackupState, common, common);
BlockDriverState *bs;
DriveBackup *backup;
Error *local_err = NULL;
assert(common->action->kind == TRANSACTION_ACTION_KIND_DRIVE_BACKUP);
backup = common->action->drive_backup;
bs = bdrv_find(backup->device);
if (!bs) {
error_set(errp, QERR_DEVICE_NOT_FOUND, backup->device);
return;
}
/* AioContext is released in .clean() */
state->aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(state->aio_context);
qmp_drive_backup(backup->device, backup->target,
backup->has_format, backup->format,
backup->sync,
@@ -1475,12 +1532,10 @@ static void drive_backup_prepare(BlkTransactionState *common, Error **errp)
&local_err);
if (local_err) {
error_propagate(errp, local_err);
state->bs = NULL;
state->job = NULL;
return;
}
state->bs = bdrv_find(backup->device);
state->bs = bs;
state->job = state->bs->job;
}
@@ -1495,6 +1550,88 @@ static void drive_backup_abort(BlkTransactionState *common)
}
}
static void drive_backup_clean(BlkTransactionState *common)
{
DriveBackupState *state = DO_UPCAST(DriveBackupState, common, common);
if (state->aio_context) {
aio_context_release(state->aio_context);
}
}
typedef struct BlockdevBackupState {
BlkTransactionState common;
BlockDriverState *bs;
BlockJob *job;
AioContext *aio_context;
} BlockdevBackupState;
static void blockdev_backup_prepare(BlkTransactionState *common, Error **errp)
{
BlockdevBackupState *state = DO_UPCAST(BlockdevBackupState, common, common);
BlockdevBackup *backup;
BlockDriverState *bs, *target;
Error *local_err = NULL;
assert(common->action->kind == TRANSACTION_ACTION_KIND_BLOCKDEV_BACKUP);
backup = common->action->blockdev_backup;
bs = bdrv_find(backup->device);
if (!bs) {
error_set(errp, QERR_DEVICE_NOT_FOUND, backup->device);
return;
}
target = bdrv_find(backup->target);
if (!target) {
error_set(errp, QERR_DEVICE_NOT_FOUND, backup->target);
return;
}
/* AioContext is released in .clean() */
state->aio_context = bdrv_get_aio_context(bs);
if (state->aio_context != bdrv_get_aio_context(target)) {
state->aio_context = NULL;
error_setg(errp, "Backup between two IO threads is not implemented");
return;
}
aio_context_acquire(state->aio_context);
qmp_blockdev_backup(backup->device, backup->target,
backup->sync,
backup->has_speed, backup->speed,
backup->has_on_source_error, backup->on_source_error,
backup->has_on_target_error, backup->on_target_error,
&local_err);
if (local_err) {
error_propagate(errp, local_err);
return;
}
state->bs = bs;
state->job = state->bs->job;
}
static void blockdev_backup_abort(BlkTransactionState *common)
{
BlockdevBackupState *state = DO_UPCAST(BlockdevBackupState, common, common);
BlockDriverState *bs = state->bs;
/* Only cancel if it's the job we started */
if (bs && bs->job && bs->job == state->job) {
block_job_cancel_sync(bs->job);
}
}
static void blockdev_backup_clean(BlkTransactionState *common)
{
BlockdevBackupState *state = DO_UPCAST(BlockdevBackupState, common, common);
if (state->aio_context) {
aio_context_release(state->aio_context);
}
}
static void abort_prepare(BlkTransactionState *common, Error **errp)
{
error_setg(errp, "Transaction aborted using Abort action");
@@ -1516,6 +1653,13 @@ static const BdrvActionOps actions[] = {
.instance_size = sizeof(DriveBackupState),
.prepare = drive_backup_prepare,
.abort = drive_backup_abort,
.clean = drive_backup_clean,
},
[TRANSACTION_ACTION_KIND_BLOCKDEV_BACKUP] = {
.instance_size = sizeof(BlockdevBackupState),
.prepare = blockdev_backup_prepare,
.abort = blockdev_backup_abort,
.clean = blockdev_backup_clean,
},
[TRANSACTION_ACTION_KIND_ABORT] = {
.instance_size = sizeof(BlkTransactionState),
@@ -1526,13 +1670,13 @@ static const BdrvActionOps actions[] = {
.instance_size = sizeof(InternalSnapshotState),
.prepare = internal_snapshot_prepare,
.abort = internal_snapshot_abort,
.clean = internal_snapshot_clean,
},
};
/*
* 'Atomic' group snapshots. The snapshots are taken as a set, and if any fail
* then we do not pivot any of the devices in the group, and abandon the
* snapshots
* 'Atomic' group operations. The operations are performed as a set, and if
* any fail then we roll back all operations in the group.
*/
void qmp_transaction(TransactionActionList *dev_list, Error **errp)
{
@@ -1543,10 +1687,10 @@ void qmp_transaction(TransactionActionList *dev_list, Error **errp)
QSIMPLEQ_HEAD(snap_bdrv_states, BlkTransactionState) snap_bdrv_states;
QSIMPLEQ_INIT(&snap_bdrv_states);
/* drain all i/o before any snapshots */
/* drain all i/o before any operations */
bdrv_drain_all();
/* We don't do anything in this loop that commits us to the snapshot */
/* We don't do anything in this loop that commits us to the operations */
while (NULL != dev_entry) {
TransactionAction *dev_info = NULL;
const BdrvActionOps *ops;
@@ -1581,10 +1725,7 @@ void qmp_transaction(TransactionActionList *dev_list, Error **errp)
goto exit;
delete_and_fail:
/*
* failure, and it is all-or-none; abandon each new bs, and keep using
* the original bs for all images
*/
/* failure, and it is all-or-none; roll back all operations */
QSIMPLEQ_FOREACH(state, &snap_bdrv_states, entry) {
if (state->ops->abort) {
state->ops->abort(state);
@@ -1603,14 +1744,18 @@ exit:
static void eject_device(BlockBackend *blk, int force, Error **errp)
{
BlockDriverState *bs = blk_bs(blk);
AioContext *aio_context;
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_EJECT, errp)) {
return;
goto out;
}
if (!blk_dev_has_removable_media(blk)) {
error_setg(errp, "Device '%s' is not removable",
bdrv_get_device_name(bs));
return;
goto out;
}
if (blk_dev_is_medium_locked(blk) && !blk_dev_is_tray_open(blk)) {
@@ -1618,11 +1763,14 @@ static void eject_device(BlockBackend *blk, int force, Error **errp)
if (!force) {
error_setg(errp, "Device '%s' is locked",
bdrv_get_device_name(bs));
return;
goto out;
}
}
bdrv_close(bs);
out:
aio_context_release(aio_context);
}
void qmp_eject(const char *device, bool has_force, bool force, Error **errp)
@@ -1644,6 +1792,7 @@ void qmp_block_passwd(bool has_device, const char *device,
{
Error *local_err = NULL;
BlockDriverState *bs;
AioContext *aio_context;
int err;
bs = bdrv_lookup_bs(has_device ? device : NULL,
@@ -1654,16 +1803,23 @@ void qmp_block_passwd(bool has_device, const char *device,
return;
}
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
err = bdrv_set_key(bs, password);
if (err == -EINVAL) {
error_set(errp, QERR_DEVICE_NOT_ENCRYPTED, bdrv_get_device_name(bs));
return;
goto out;
} else if (err < 0) {
error_set(errp, QERR_INVALID_PASSWORD);
return;
goto out;
}
out:
aio_context_release(aio_context);
}
/* Assumes AioContext is held */
static void qmp_bdrv_open_encrypted(BlockDriverState *bs, const char *filename,
int bdrv_flags, BlockDriver *drv,
const char *password, Error **errp)
@@ -1696,6 +1852,7 @@ void qmp_change_blockdev(const char *device, const char *filename,
{
BlockBackend *blk;
BlockDriverState *bs;
AioContext *aio_context;
BlockDriver *drv = NULL;
int bdrv_flags;
Error *err = NULL;
@@ -1707,24 +1864,30 @@ void qmp_change_blockdev(const char *device, const char *filename,
}
bs = blk_bs(blk);
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
if (format) {
drv = bdrv_find_whitelisted_format(format, bs->read_only);
if (!drv) {
error_set(errp, QERR_INVALID_BLOCK_FORMAT, format);
return;
goto out;
}
}
eject_device(blk, 0, &err);
if (err) {
error_propagate(errp, err);
return;
goto out;
}
bdrv_flags = bdrv_is_read_only(bs) ? 0 : BDRV_O_RDWR;
bdrv_flags |= bdrv_is_snapshot(bs) ? BDRV_O_SNAPSHOT : 0;
qmp_bdrv_open_encrypted(bs, filename, bdrv_flags, drv, NULL, errp);
out:
aio_context_release(aio_context);
}
/* throttling disk I/O limits */
@@ -2055,7 +2218,7 @@ void qmp_block_commit(const char *device,
/* drain all i/o before commits */
bdrv_drain_all();
if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_COMMIT, errp)) {
if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_COMMIT_SOURCE, errp)) {
goto out;
}
@@ -2088,6 +2251,10 @@ void qmp_block_commit(const char *device,
assert(bdrv_get_aio_context(base_bs) == aio_context);
if (bdrv_op_is_blocked(base_bs, BLOCK_OP_TYPE_COMMIT_TARGET, errp)) {
goto out;
}
/* Do not allow attempts to commit an image into itself */
if (top_bs == base_bs) {
error_setg(errp, "cannot commit an image into itself");
@@ -2156,6 +2323,8 @@ void qmp_drive_backup(const char *device, const char *target,
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
/* Although backup_run has this check too, we need to use bs->drv below, so
* do an early check redundantly. */
if (!bdrv_is_inserted(bs)) {
error_set(errp, QERR_DEVICE_HAS_NO_MEDIUM, device);
goto out;
@@ -2172,6 +2341,7 @@ void qmp_drive_backup(const char *device, const char *target,
}
}
/* Early check to avoid creating target */
if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_BACKUP_SOURCE, errp)) {
goto out;
}
@@ -2239,6 +2409,57 @@ BlockDeviceInfoList *qmp_query_named_block_nodes(Error **errp)
return bdrv_named_nodes_list();
}
void qmp_blockdev_backup(const char *device, const char *target,
enum MirrorSyncMode sync,
bool has_speed, int64_t speed,
bool has_on_source_error,
BlockdevOnError on_source_error,
bool has_on_target_error,
BlockdevOnError on_target_error,
Error **errp)
{
BlockDriverState *bs;
BlockDriverState *target_bs;
Error *local_err = NULL;
AioContext *aio_context;
if (!has_speed) {
speed = 0;
}
if (!has_on_source_error) {
on_source_error = BLOCKDEV_ON_ERROR_REPORT;
}
if (!has_on_target_error) {
on_target_error = BLOCKDEV_ON_ERROR_REPORT;
}
bs = bdrv_find(device);
if (!bs) {
error_set(errp, QERR_DEVICE_NOT_FOUND, device);
return;
}
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
target_bs = bdrv_find(target);
if (!target_bs) {
error_set(errp, QERR_DEVICE_NOT_FOUND, target);
goto out;
}
bdrv_ref(target_bs);
bdrv_set_aio_context(target_bs, aio_context);
backup_start(bs, target_bs, speed, sync, on_source_error, on_target_error,
block_job_cb, bs, &local_err);
if (local_err != NULL) {
bdrv_unref(target_bs);
error_propagate(errp, local_err);
}
out:
aio_context_release(aio_context);
}
#define DEFAULT_MIRROR_BUF_SIZE (10 << 20)
void qmp_drive_mirror(const char *device, const char *target,
@@ -2548,6 +2769,7 @@ void qmp_change_backing_file(const char *device,
Error **errp)
{
BlockDriverState *bs = NULL;
AioContext *aio_context;
BlockDriverState *image_bs = NULL;
Error *local_err = NULL;
bool ro;
@@ -2561,34 +2783,37 @@ void qmp_change_backing_file(const char *device,
return;
}
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
image_bs = bdrv_lookup_bs(NULL, image_node_name, &local_err);
if (local_err) {
error_propagate(errp, local_err);
return;
goto out;
}
if (!image_bs) {
error_setg(errp, "image file not found");
return;
goto out;
}
if (bdrv_find_base(image_bs) == image_bs) {
error_setg(errp, "not allowing backing file change on an image "
"without a backing file");
return;
goto out;
}
/* even though we are not necessarily operating on bs, we need it to
* determine if block ops are currently prohibited on the chain */
if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_CHANGE, errp)) {
return;
goto out;
}
/* final sanity check */
if (!bdrv_chain_contains(bs, image_bs)) {
error_setg(errp, "'%s' and image file are not in the same chain",
device);
return;
goto out;
}
/* if not r/w, reopen to make r/w */
@@ -2599,7 +2824,7 @@ void qmp_change_backing_file(const char *device,
bdrv_reopen(image_bs, open_flags | BDRV_O_RDWR, &local_err);
if (local_err) {
error_propagate(errp, local_err);
return;
goto out;
}
}
@@ -2619,6 +2844,9 @@ void qmp_change_backing_file(const char *device,
error_propagate(errp, local_err); /* will preserve prior errp */
}
}
out:
aio_context_release(aio_context);
}
void qmp_blockdev_add(BlockdevOptions *options, Error **errp)

View File

@@ -25,6 +25,7 @@
#include "sysemu/sysemu.h"
#include "qapi/visitor.h"
#include "qemu/error-report.h"
#include "hw/hw.h"
typedef struct FWBootEntry FWBootEntry;
@@ -37,6 +38,78 @@ struct FWBootEntry {
static QTAILQ_HEAD(, FWBootEntry) fw_boot_order =
QTAILQ_HEAD_INITIALIZER(fw_boot_order);
static QEMUBootSetHandler *boot_set_handler;
static void *boot_set_opaque;
void qemu_register_boot_set(QEMUBootSetHandler *func, void *opaque)
{
boot_set_handler = func;
boot_set_opaque = opaque;
}
void qemu_boot_set(const char *boot_order, Error **errp)
{
Error *local_err = NULL;
if (!boot_set_handler) {
error_setg(errp, "no function defined to set boot device list for"
" this architecture");
return;
}
validate_bootdevices(boot_order, &local_err);
if (local_err) {
error_propagate(errp, local_err);
return;
}
boot_set_handler(boot_set_opaque, boot_order, errp);
}
void validate_bootdevices(const char *devices, Error **errp)
{
/* We just do some generic consistency checks */
const char *p;
int bitmap = 0;
for (p = devices; *p != '\0'; p++) {
/* Allowed boot devices are:
* a-b: floppy disk drives
* c-f: IDE disk drives
* g-m: machine implementation dependent drives
* n-p: network devices
* It's up to each machine implementation to check if the given boot
* devices match the actual hardware implementation and firmware
* features.
*/
if (*p < 'a' || *p > 'p') {
error_setg(errp, "Invalid boot device '%c'", *p);
return;
}
if (bitmap & (1 << (*p - 'a'))) {
error_setg(errp, "Boot device '%c' was given twice", *p);
return;
}
bitmap |= 1 << (*p - 'a');
}
}
void restore_boot_order(void *opaque)
{
char *normal_boot_order = opaque;
static int first = 1;
/* Restore boot order and remove ourselves after the first boot */
if (first) {
first = 0;
return;
}
qemu_boot_set(normal_boot_order, NULL);
qemu_unregister_reset(restore_boot_order, normal_boot_order);
g_free(normal_boot_order);
}
void check_boot_index(int32_t bootindex, Error **errp)
{

View File

@@ -351,8 +351,10 @@ static inline void init_thread(struct target_pt_regs *_regs, struct image_info *
_regs->gpr[1] = infop->start_stack;
#if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
entry = ldq_raw(infop->entry) + infop->load_addr;
toc = ldq_raw(infop->entry + 8) + infop->load_addr;
get_user_u64(entry, infop->entry);
entry += infop->load_addr;
get_user_u64(toc, infop->entry + 8);
toc += infop->load_addr;
_regs->gpr[2] = toc;
infop->entry = entry;
#endif
@@ -365,8 +367,9 @@ static inline void init_thread(struct target_pt_regs *_regs, struct image_info *
get_user_ual(_regs->gpr[3], pos);
pos += sizeof(abi_ulong);
_regs->gpr[4] = pos;
for (tmp = 1; tmp != 0; pos += sizeof(abi_ulong))
tmp = ldl(pos);
for (tmp = 1; tmp != 0; pos += sizeof(abi_ulong)) {
get_user_ual(tmp, pos);
}
_regs->gpr[5] = pos;
}

36
configure vendored
View File

@@ -1823,13 +1823,14 @@ fi
# libseccomp check
if test "$seccomp" != "no" ; then
if $pkg_config --atleast-version=2.1.0 libseccomp; then
if test "$cpu" = "i386" || test "$cpu" = "x86_64" &&
$pkg_config --atleast-version=2.1.1 libseccomp; then
libs_softmmu="$libs_softmmu `$pkg_config --libs libseccomp`"
QEMU_CFLAGS="$QEMU_CFLAGS `$pkg_config --cflags libseccomp`"
seccomp="yes"
else
if test "$seccomp" = "yes"; then
feature_not_found "libseccomp" "Install libseccomp devel >= 2.1.0"
feature_not_found "libseccomp" "Install libseccomp devel >= 2.1.1"
fi
seccomp="no"
fi
@@ -1868,6 +1869,32 @@ EOF
#if !defined(HVM_MAX_VCPUS)
# error HVM_MAX_VCPUS not defined
#endif
int main(void) {
xc_interface *xc;
xs_daemon_open();
xc = xc_interface_open(0, 0, 0);
xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
xc_gnttab_open(NULL, 0);
xc_domain_add_to_physmap(0, 0, XENMAPSPACE_gmfn, 0, 0);
xc_hvm_inject_msi(xc, 0, 0xf0000000, 0x00000000);
xc_hvm_create_ioreq_server(xc, 0, 0, NULL);
return 0;
}
EOF
compile_prog "" "$xen_libs"
then
xen_ctrl_version=450
xen=yes
elif
cat > $TMPC <<EOF &&
#include <xenctrl.h>
#include <xenstore.h>
#include <stdint.h>
#include <xen/hvm/hvm_info_table.h>
#if !defined(HVM_MAX_VCPUS)
# error HVM_MAX_VCPUS not defined
#endif
int main(void) {
xc_interface *xc;
xs_daemon_open();
@@ -2726,7 +2753,7 @@ fi
if test "$modules" = yes; then
shacmd_probe="sha1sum sha1 shasum"
for c in $shacmd_probe; do
if which $c >/dev/null 2>&1; then
if has $c; then
shacmd="$c"
break
fi
@@ -4282,6 +4309,9 @@ if test -n "$sparc_cpu"; then
echo "Target Sparc Arch $sparc_cpu"
fi
echo "xen support $xen"
if test "$xen" = "yes" ; then
echo "xen ctrl version $xen_ctrl_version"
fi
echo "brlapi support $brlapi"
echo "bluez support $bluez"
echo "Documentation $docs"

View File

@@ -155,7 +155,7 @@ Coroutine *qemu_coroutine_new(void)
stack_t oss;
sigset_t sigs;
sigset_t osigs;
jmp_buf old_env;
sigjmp_buf old_env;
/* The way to manipulate stack is with the sigaltstack function. We
* prepare a stack, with it delivering a signal to ourselves and then

View File

@@ -25,7 +25,6 @@
#include <stdlib.h>
#include <setjmp.h>
#include <stdint.h>
#include <pthread.h>
#include <ucontext.h>
#include "qemu-common.h"
#include "block/coroutine_int.h"
@@ -48,15 +47,8 @@ typedef struct {
/**
* Per-thread coroutine bookkeeping
*/
typedef struct {
/** Currently executing coroutine */
Coroutine *current;
/** The default coroutine */
CoroutineUContext leader;
} CoroutineThreadState;
static pthread_key_t thread_state_key;
static __thread CoroutineUContext leader;
static __thread Coroutine *current;
/*
* va_args to makecontext() must be type 'int', so passing
@@ -68,36 +60,6 @@ union cc_arg {
int i[2];
};
static CoroutineThreadState *coroutine_get_thread_state(void)
{
CoroutineThreadState *s = pthread_getspecific(thread_state_key);
if (!s) {
s = g_malloc0(sizeof(*s));
s->current = &s->leader.base;
pthread_setspecific(thread_state_key, s);
}
return s;
}
static void qemu_coroutine_thread_cleanup(void *opaque)
{
CoroutineThreadState *s = opaque;
g_free(s);
}
static void __attribute__((constructor)) coroutine_init(void)
{
int ret;
ret = pthread_key_create(&thread_state_key, qemu_coroutine_thread_cleanup);
if (ret != 0) {
fprintf(stderr, "unable to create leader key: %s\n", strerror(errno));
abort();
}
}
static void coroutine_trampoline(int i0, int i1)
{
union cc_arg arg;
@@ -193,15 +155,23 @@ void qemu_coroutine_delete(Coroutine *co_)
g_free(co);
}
CoroutineAction qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
CoroutineAction action)
/* This function is marked noinline to prevent GCC from inlining it
* into coroutine_trampoline(). If we allow it to do that then it
* hoists the code to get the address of the TLS variable "current"
* out of the while() loop. This is an invalid transformation because
* the sigsetjmp() call may be called when running thread A but
* return in thread B, and so we might be in a different thread
* context each time round the loop.
*/
CoroutineAction __attribute__((noinline))
qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
CoroutineAction action)
{
CoroutineUContext *from = DO_UPCAST(CoroutineUContext, base, from_);
CoroutineUContext *to = DO_UPCAST(CoroutineUContext, base, to_);
CoroutineThreadState *s = coroutine_get_thread_state();
int ret;
s->current = to_;
current = to_;
ret = sigsetjmp(from->env, 0);
if (ret == 0) {
@@ -212,14 +182,13 @@ CoroutineAction qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
Coroutine *qemu_coroutine_self(void)
{
CoroutineThreadState *s = coroutine_get_thread_state();
return s->current;
if (!current) {
current = &leader.base;
}
return current;
}
bool qemu_in_coroutine(void)
{
CoroutineThreadState *s = pthread_getspecific(thread_state_key);
return s && s->current->caller;
return current && current->caller;
}

View File

@@ -168,7 +168,9 @@ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, uint8_t *tb_ptr)
}
#endif /* DEBUG_DISAS */
cpu->can_do_io = 0;
next_tb = tcg_qemu_tb_exec(env, tb_ptr);
cpu->can_do_io = 1;
trace_exec_tb_exit((void *) (next_tb & ~TB_EXIT_MASK),
next_tb & TB_EXIT_MASK);
@@ -202,14 +204,19 @@ static void cpu_exec_nocache(CPUArchState *env, int max_cycles,
{
CPUState *cpu = ENV_GET_CPU(env);
TranslationBlock *tb;
target_ulong pc = orig_tb->pc;
target_ulong cs_base = orig_tb->cs_base;
uint64_t flags = orig_tb->flags;
/* Should never happen.
We only end up here when an existing TB is too long. */
if (max_cycles > CF_COUNT_MASK)
max_cycles = CF_COUNT_MASK;
tb = tb_gen_code(cpu, orig_tb->pc, orig_tb->cs_base, orig_tb->flags,
max_cycles);
/* tb_gen_code can flush our orig_tb, invalidate it now */
tb_phys_invalidate(orig_tb, -1);
tb = tb_gen_code(cpu, pc, cs_base, flags,
max_cycles | CF_NOCACHE);
cpu->current_tb = tb;
/* execute the generated code */
trace_exec_tb_nocache(tb, tb->pc);
@@ -353,7 +360,6 @@ int cpu_exec(CPUArchState *env)
}
cc->cpu_exec_enter(cpu);
cpu->exception_index = -1;
/* Calculate difference between guest clock and host clock.
* This delay includes the delay of the last cycle, so
@@ -373,6 +379,7 @@ int cpu_exec(CPUArchState *env)
if (ret == EXCP_DEBUG) {
cpu_handle_debug_exception(env);
}
cpu->exception_index = -1;
break;
} else {
#if defined(CONFIG_USER_ONLY)
@@ -383,6 +390,7 @@ int cpu_exec(CPUArchState *env)
cc->do_interrupt(cpu);
#endif
ret = cpu->exception_index;
cpu->exception_index = -1;
break;
#else
cc->do_interrupt(cpu);
@@ -537,6 +545,7 @@ int cpu_exec(CPUArchState *env)
cpu = current_cpu;
env = cpu->env_ptr;
cc = CPU_GET_CLASS(cpu);
cpu->can_do_io = 1;
#ifdef TARGET_I386
x86_cpu = X86_CPU(cpu);
#endif

39
cpus.c
View File

@@ -136,8 +136,7 @@ typedef struct TimersState {
static TimersState timers_state;
/* Return the virtual CPU time, based on the instruction counter. */
static int64_t cpu_get_icount_locked(void)
int64_t cpu_get_icount_raw(void)
{
int64_t icount;
CPUState *cpu = current_cpu;
@@ -145,10 +144,18 @@ static int64_t cpu_get_icount_locked(void)
icount = timers_state.qemu_icount;
if (cpu) {
if (!cpu_can_do_io(cpu)) {
fprintf(stderr, "Bad clock read\n");
fprintf(stderr, "Bad icount read\n");
exit(1);
}
icount -= (cpu->icount_decr.u16.low + cpu->icount_extra);
}
return icount;
}
/* Return the virtual CPU time, based on the instruction counter. */
static int64_t cpu_get_icount_locked(void)
{
int64_t icount = cpu_get_icount_raw();
return timers_state.qemu_icount_bias + cpu_icount_to_ns(icount);
}
@@ -317,7 +324,7 @@ static void icount_adjust(void)
static void icount_adjust_rt(void *opaque)
{
timer_mod(icount_rt_timer,
qemu_clock_get_ms(QEMU_CLOCK_REALTIME) + 1000);
qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL_RT) + 1000);
icount_adjust();
}
@@ -345,7 +352,7 @@ static void icount_warp_rt(void *opaque)
seqlock_write_lock(&timers_state.vm_clock_seqlock);
if (runstate_is_running()) {
int64_t clock = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
int64_t clock = cpu_get_clock_locked();
int64_t warp_delta;
warp_delta = clock - vm_clock_warp_start;
@@ -354,9 +361,8 @@ static void icount_warp_rt(void *opaque)
* In adaptive mode, do not let QEMU_CLOCK_VIRTUAL run too
* far ahead of real time.
*/
int64_t cur_time = cpu_get_clock_locked();
int64_t cur_icount = cpu_get_icount_locked();
int64_t delta = cur_time - cur_icount;
int64_t delta = clock - cur_icount;
warp_delta = MIN(warp_delta, delta);
}
timers_state.qemu_icount_bias += warp_delta;
@@ -419,7 +425,7 @@ void qemu_clock_warp(QEMUClockType type)
}
/* We want to use the earliest deadline from ALL vm_clocks */
clock = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
clock = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL_RT);
deadline = qemu_clock_deadline_ns_all(QEMU_CLOCK_VIRTUAL);
if (deadline < 0) {
return;
@@ -437,8 +443,8 @@ void qemu_clock_warp(QEMUClockType type)
* sleep in icount mode if there is a pending QEMU_CLOCK_VIRTUAL
* timer; rather time could just advance to the next QEMU_CLOCK_VIRTUAL
* event. Instead, we do stop VCPUs and only advance QEMU_CLOCK_VIRTUAL
* after some e"real" time, (related to the time left until the next
* event) has passed. The QEMU_CLOCK_REALTIME timer will do this.
* after some "real" time, (related to the time left until the next
* event) has passed. The QEMU_CLOCK_VIRTUAL_RT clock will do this.
* This avoids that the warps are visible externally; for example,
* you will not be sending network packets continuously instead of
* every 100ms.
@@ -512,8 +518,8 @@ void configure_icount(QemuOpts *opts, Error **errp)
return;
}
icount_align_option = qemu_opt_get_bool(opts, "align", false);
icount_warp_timer = timer_new_ns(QEMU_CLOCK_REALTIME,
icount_warp_rt, NULL);
icount_warp_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL_RT,
icount_warp_rt, NULL);
if (strcmp(option, "auto") != 0) {
errno = 0;
icount_time_shift = strtol(option, &rem_str, 0);
@@ -537,10 +543,10 @@ void configure_icount(QemuOpts *opts, Error **errp)
the virtual time trigger catches emulated time passing too fast.
Realtime triggers occur even when idle, so use them less frequently
than VM triggers. */
icount_rt_timer = timer_new_ms(QEMU_CLOCK_REALTIME,
icount_adjust_rt, NULL);
icount_rt_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL_RT,
icount_adjust_rt, NULL);
timer_mod(icount_rt_timer,
qemu_clock_get_ms(QEMU_CLOCK_REALTIME) + 1000);
qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL_RT) + 1000);
icount_vm_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
icount_adjust_vm, NULL);
timer_mod(icount_vm_timer,
@@ -934,6 +940,7 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
qemu_mutex_lock(&qemu_global_mutex);
qemu_thread_get_self(cpu->thread);
cpu->thread_id = qemu_get_thread_id();
cpu->can_do_io = 1;
current_cpu = cpu;
r = kvm_init_vcpu(cpu);
@@ -974,6 +981,7 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
qemu_mutex_lock_iothread();
qemu_thread_get_self(cpu->thread);
cpu->thread_id = qemu_get_thread_id();
cpu->can_do_io = 1;
sigemptyset(&waitset);
sigaddset(&waitset, SIG_IPI);
@@ -1016,6 +1024,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
CPU_FOREACH(cpu) {
cpu->thread_id = qemu_get_thread_id();
cpu->created = true;
cpu->can_do_io = 1;
}
qemu_cond_signal(&qemu_cpu_cond);

View File

@@ -270,7 +270,8 @@ void tlb_set_page(CPUState *cpu, target_ulong vaddr,
assert(sz >= TARGET_PAGE_SIZE);
#if defined(DEBUG_TLB)
printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
qemu_log_mask(CPU_LOG_MMU,
"tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
" prot=%x idx=%d\n",
vaddr, paddr, prot, mmu_idx);
#endif

View File

@@ -32,6 +32,5 @@ CONFIG_G364FB=y
CONFIG_I8259=y
CONFIG_JAZZ_LED=y
CONFIG_MC146818RTC=y
CONFIG_VT82C686=y
CONFIG_ISA_TESTDEV=y
CONFIG_EMPTY_SLOT=y

View File

@@ -32,6 +32,5 @@ CONFIG_G364FB=y
CONFIG_I8259=y
CONFIG_JAZZ_LED=y
CONFIG_MC146818RTC=y
CONFIG_VT82C686=y
CONFIG_ISA_TESTDEV=y
CONFIG_EMPTY_SLOT=y

View File

@@ -32,6 +32,5 @@ CONFIG_G364FB=y
CONFIG_I8259=y
CONFIG_JAZZ_LED=y
CONFIG_MC146818RTC=y
CONFIG_VT82C686=y
CONFIG_ISA_TESTDEV=y
CONFIG_EMPTY_SLOT=y

View File

@@ -30,3 +30,5 @@ CONFIG_IPACK=y
CONFIG_WDT_IB6300ESB=y
CONFIG_PCI_TESTDEV=y
CONFIG_NVME_PCI=y
CONFIG_SD=y
CONFIG_SDHCI=y

View File

@@ -1,3 +1,4 @@
include pci.mak
CONFIG_VIRTIO=y
CONFIG_SCLPCONSOLE=y
CONFIG_S390_FLIC=y

View File

@@ -324,6 +324,7 @@ int qemu_fdt_setprop_sized_cells_from_array(void *fdt,
uint64_t value;
int cellnum, vnum, ncells;
uint32_t hival;
int ret;
propcells = g_new0(uint32_t, numvalues * 2);
@@ -331,18 +332,23 @@ int qemu_fdt_setprop_sized_cells_from_array(void *fdt,
for (vnum = 0; vnum < numvalues; vnum++) {
ncells = values[vnum * 2];
if (ncells != 1 && ncells != 2) {
return -1;
ret = -1;
goto out;
}
value = values[vnum * 2 + 1];
hival = cpu_to_be32(value >> 32);
if (ncells > 1) {
propcells[cellnum++] = hival;
} else if (hival != 0) {
return -1;
ret = -1;
goto out;
}
propcells[cellnum++] = cpu_to_be32(value);
}
return qemu_fdt_setprop(fdt, node_path, property, propcells,
cellnum * sizeof(uint32_t));
ret = qemu_fdt_setprop(fdt, node_path, property, propcells,
cellnum * sizeof(uint32_t));
out:
g_free(propcells);
return ret;
}

View File

@@ -220,6 +220,28 @@ see <http://www.gnu.org/licenses/>. */
#define OP_SH_MTACC_D 13
#define OP_MASK_MTACC_D 0x3
/* MSA */
#define OP_MASK_1BIT 0x1
#define OP_SH_1BIT 16
#define OP_MASK_2BIT 0x3
#define OP_SH_2BIT 16
#define OP_MASK_3BIT 0x7
#define OP_SH_3BIT 16
#define OP_MASK_4BIT 0xf
#define OP_SH_4BIT 16
#define OP_MASK_5BIT 0x1f
#define OP_SH_5BIT 16
#define OP_MASK_10BIT 0x3ff
#define OP_SH_10BIT 11
#define OP_MASK_MSACR11 0x1f
#define OP_SH_MSACR11 11
#define OP_MASK_MSACR6 0x1f
#define OP_SH_MSACR6 6
#define OP_MASK_GPR 0x1f
#define OP_SH_GPR 6
#define OP_MASK_1_TO_4 0x3
#define OP_SH_1_TO_4 6
#define OP_OP_COP0 0x10
#define OP_OP_COP1 0x11
#define OP_OP_COP2 0x12
@@ -510,6 +532,9 @@ struct mips_opcode
/* Instruction writes MDMX accumulator. */
#define INSN2_WRITE_MDMX_ACC 0x00000004
/* Reads the general purpose register in OP_*_RD. */
#define INSN2_READ_GPR_D 0x00000200
/* Instruction is actually a macro. It should be ignored by the
disassembler, and requires special treatment by the assembler. */
#define INSN_MACRO 0xffffffff
@@ -567,7 +592,12 @@ struct mips_opcode
#define INSN_5500 0x02000000
/* MDMX ASE */
#define INSN_MDMX 0x04000000
#define INSN_MDMX 0x00000000 /* Deprecated */
/* MIPS MSA Extension */
#define INSN_MSA 0x04000000
#define INSN_MSA64 0x04000000
/* MT ASE */
#define INSN_MT 0x08000000
/* SmartMIPS ASE */
@@ -1204,6 +1234,17 @@ extern const int bfd_mips16_num_opcodes;
/* MIPS MT ASE support. */
#define MT32 INSN_MT
/* MSA */
#define MSA INSN_MSA
#define MSA64 INSN_MSA64
#define WR_VD INSN_WRITE_FPR_D /* Reuse INSN_WRITE_FPR_D */
#define RD_VD WR_VD /* Reuse WR_VD */
#define RD_VT INSN_READ_FPR_T /* Reuse INSN_READ_FPR_T */
#define RD_VS INSN_READ_FPR_S /* Reuse INSN_READ_FPR_S */
#define RD_d INSN2_READ_GPR_D /* Reuse INSN2_READ_GPR_D */
#define RD_rd6 0
/* The order of overloaded instructions matters. Label arguments and
register arguments look the same. Instructions that can have either
for arguments must apear in the correct order in this table for the
@@ -1363,6 +1404,541 @@ const struct mips_opcode mips_builtin_opcodes[] =
{"cmp.sor.d", "D,S,T", 0x46a00019, 0xffe0003f, RD_S|RD_T|WR_D|FP_D, 0, I32R6},
{"cmp.sune.d", "D,S,T", 0x46a0001a, 0xffe0003f, RD_S|RD_T|WR_D|FP_D, 0, I32R6},
{"cmp.sne.d", "D,S,T", 0x46a0001b, 0xffe0003f, RD_S|RD_T|WR_D|FP_D, 0, I32R6},
/* MSA */
{"sll.b", "+d,+e,+f", 0x7800000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"sll.h", "+d,+e,+f", 0x7820000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"sll.w", "+d,+e,+f", 0x7840000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"sll.d", "+d,+e,+f", 0x7860000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"slli.b", "+d,+e,+7", 0x78700009, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"slli.h", "+d,+e,+8", 0x78600009, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"slli.w", "+d,+e,+9", 0x78400009, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"slli.d", "+d,+e,'", 0x78000009, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"sra.b", "+d,+e,+f", 0x7880000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"sra.h", "+d,+e,+f", 0x78a0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"sra.w", "+d,+e,+f", 0x78c0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"sra.d", "+d,+e,+f", 0x78e0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srai.b", "+d,+e,+7", 0x78f00009, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"srai.h", "+d,+e,+8", 0x78e00009, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"srai.w", "+d,+e,+9", 0x78c00009, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"srai.d", "+d,+e,'", 0x78800009, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"srl.b", "+d,+e,+f", 0x7900000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srl.h", "+d,+e,+f", 0x7920000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srl.w", "+d,+e,+f", 0x7940000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srl.d", "+d,+e,+f", 0x7960000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srli.b", "+d,+e,+7", 0x79700009, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"srli.h", "+d,+e,+8", 0x79600009, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"srli.w", "+d,+e,+9", 0x79400009, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"srli.d", "+d,+e,'", 0x79000009, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"bclr.b", "+d,+e,+f", 0x7980000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bclr.h", "+d,+e,+f", 0x79a0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bclr.w", "+d,+e,+f", 0x79c0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bclr.d", "+d,+e,+f", 0x79e0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bclri.b", "+d,+e,+7", 0x79f00009, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"bclri.h", "+d,+e,+8", 0x79e00009, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"bclri.w", "+d,+e,+9", 0x79c00009, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"bclri.d", "+d,+e,'", 0x79800009, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"bset.b", "+d,+e,+f", 0x7a00000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bset.h", "+d,+e,+f", 0x7a20000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bset.w", "+d,+e,+f", 0x7a40000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bset.d", "+d,+e,+f", 0x7a60000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bseti.b", "+d,+e,+7", 0x7a700009, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"bseti.h", "+d,+e,+8", 0x7a600009, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"bseti.w", "+d,+e,+9", 0x7a400009, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"bseti.d", "+d,+e,'", 0x7a000009, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"bneg.b", "+d,+e,+f", 0x7a80000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bneg.h", "+d,+e,+f", 0x7aa0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bneg.w", "+d,+e,+f", 0x7ac0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bneg.d", "+d,+e,+f", 0x7ae0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bnegi.b", "+d,+e,+7", 0x7af00009, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"bnegi.h", "+d,+e,+8", 0x7ae00009, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"bnegi.w", "+d,+e,+9", 0x7ac00009, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"bnegi.d", "+d,+e,'", 0x7a800009, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"binsl.b", "+d,+e,+f", 0x7b00000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"binsl.h", "+d,+e,+f", 0x7b20000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"binsl.w", "+d,+e,+f", 0x7b40000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"binsl.d", "+d,+e,+f", 0x7b60000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"binsli.b", "+d,+e,+7", 0x7b700009, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"binsli.h", "+d,+e,+8", 0x7b600009, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"binsli.w", "+d,+e,+9", 0x7b400009, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"binsli.d", "+d,+e,'", 0x7b000009, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"binsr.b", "+d,+e,+f", 0x7b80000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"binsr.h", "+d,+e,+f", 0x7ba0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"binsr.w", "+d,+e,+f", 0x7bc0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"binsr.d", "+d,+e,+f", 0x7be0000d, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"binsri.b", "+d,+e,+7", 0x7bf00009, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"binsri.h", "+d,+e,+8", 0x7be00009, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"binsri.w", "+d,+e,+9", 0x7bc00009, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"binsri.d", "+d,+e,'", 0x7b800009, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"addv.b", "+d,+e,+f", 0x7800000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"addv.h", "+d,+e,+f", 0x7820000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"addv.w", "+d,+e,+f", 0x7840000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"addv.d", "+d,+e,+f", 0x7860000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"addvi.b", "+d,+e,k", 0x78000006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"addvi.h", "+d,+e,k", 0x78200006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"addvi.w", "+d,+e,k", 0x78400006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"addvi.d", "+d,+e,k", 0x78600006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"subv.b", "+d,+e,+f", 0x7880000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subv.h", "+d,+e,+f", 0x78a0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subv.w", "+d,+e,+f", 0x78c0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subv.d", "+d,+e,+f", 0x78e0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subvi.b", "+d,+e,k", 0x78800006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"subvi.h", "+d,+e,k", 0x78a00006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"subvi.w", "+d,+e,k", 0x78c00006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"subvi.d", "+d,+e,k", 0x78e00006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"max_s.b", "+d,+e,+f", 0x7900000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"max_s.h", "+d,+e,+f", 0x7920000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"max_s.w", "+d,+e,+f", 0x7940000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"max_s.d", "+d,+e,+f", 0x7960000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"maxi_s.b", "+d,+e,+5", 0x79000006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"maxi_s.h", "+d,+e,+5", 0x79200006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"maxi_s.w", "+d,+e,+5", 0x79400006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"maxi_s.d", "+d,+e,+5", 0x79600006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"max_u.b", "+d,+e,+f", 0x7980000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"max_u.h", "+d,+e,+f", 0x79a0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"max_u.w", "+d,+e,+f", 0x79c0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"max_u.d", "+d,+e,+f", 0x79e0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"maxi_u.b", "+d,+e,k", 0x79800006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"maxi_u.h", "+d,+e,k", 0x79a00006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"maxi_u.w", "+d,+e,k", 0x79c00006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"maxi_u.d", "+d,+e,k", 0x79e00006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"min_s.b", "+d,+e,+f", 0x7a00000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"min_s.h", "+d,+e,+f", 0x7a20000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"min_s.w", "+d,+e,+f", 0x7a40000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"min_s.d", "+d,+e,+f", 0x7a60000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mini_s.b", "+d,+e,+5", 0x7a000006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"mini_s.h", "+d,+e,+5", 0x7a200006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"mini_s.w", "+d,+e,+5", 0x7a400006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"mini_s.d", "+d,+e,+5", 0x7a600006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"min_u.b", "+d,+e,+f", 0x7a80000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"min_u.h", "+d,+e,+f", 0x7aa0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"min_u.w", "+d,+e,+f", 0x7ac0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"min_u.d", "+d,+e,+f", 0x7ae0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mini_u.b", "+d,+e,k", 0x7a800006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"mini_u.h", "+d,+e,k", 0x7aa00006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"mini_u.w", "+d,+e,k", 0x7ac00006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"mini_u.d", "+d,+e,k", 0x7ae00006, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"max_a.b", "+d,+e,+f", 0x7b00000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"max_a.h", "+d,+e,+f", 0x7b20000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"max_a.w", "+d,+e,+f", 0x7b40000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"max_a.d", "+d,+e,+f", 0x7b60000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"min_a.b", "+d,+e,+f", 0x7b80000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"min_a.h", "+d,+e,+f", 0x7ba0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"min_a.w", "+d,+e,+f", 0x7bc0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"min_a.d", "+d,+e,+f", 0x7be0000e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ceq.b", "+d,+e,+f", 0x7800000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ceq.h", "+d,+e,+f", 0x7820000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ceq.w", "+d,+e,+f", 0x7840000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ceq.d", "+d,+e,+f", 0x7860000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ceqi.b", "+d,+e,+5", 0x78000007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"ceqi.h", "+d,+e,+5", 0x78200007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"ceqi.w", "+d,+e,+5", 0x78400007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"ceqi.d", "+d,+e,+5", 0x78600007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clt_s.b", "+d,+e,+f", 0x7900000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"clt_s.h", "+d,+e,+f", 0x7920000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"clt_s.w", "+d,+e,+f", 0x7940000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"clt_s.d", "+d,+e,+f", 0x7960000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"clti_s.b", "+d,+e,+5", 0x79000007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clti_s.h", "+d,+e,+5", 0x79200007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clti_s.w", "+d,+e,+5", 0x79400007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clti_s.d", "+d,+e,+5", 0x79600007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clt_u.b", "+d,+e,+f", 0x7980000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"clt_u.h", "+d,+e,+f", 0x79a0000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"clt_u.w", "+d,+e,+f", 0x79c0000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"clt_u.d", "+d,+e,+f", 0x79e0000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"clti_u.b", "+d,+e,k", 0x79800007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clti_u.h", "+d,+e,k", 0x79a00007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clti_u.w", "+d,+e,k", 0x79c00007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clti_u.d", "+d,+e,k", 0x79e00007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"cle_s.b", "+d,+e,+f", 0x7a00000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"cle_s.h", "+d,+e,+f", 0x7a20000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"cle_s.w", "+d,+e,+f", 0x7a40000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"cle_s.d", "+d,+e,+f", 0x7a60000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"clei_s.b", "+d,+e,+5", 0x7a000007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clei_s.h", "+d,+e,+5", 0x7a200007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clei_s.w", "+d,+e,+5", 0x7a400007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clei_s.d", "+d,+e,+5", 0x7a600007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"cle_u.b", "+d,+e,+f", 0x7a80000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"cle_u.h", "+d,+e,+f", 0x7aa0000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"cle_u.w", "+d,+e,+f", 0x7ac0000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"cle_u.d", "+d,+e,+f", 0x7ae0000f, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"clei_u.b", "+d,+e,k", 0x7a800007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clei_u.h", "+d,+e,k", 0x7aa00007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clei_u.w", "+d,+e,k", 0x7ac00007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"clei_u.d", "+d,+e,k", 0x7ae00007, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"ld.b", "+d,+^(d)", 0x78000020, 0xfc00003f, WR_VD|LDD, RD_d, MSA},
{"ld.h", "+d,+#(d)", 0x78000021, 0xfc00003f, WR_VD|LDD, RD_d, MSA},
{"ld.w", "+d,+$(d)", 0x78000022, 0xfc00003f, WR_VD|LDD, RD_d, MSA},
{"ld.d", "+d,+%(d)", 0x78000023, 0xfc00003f, WR_VD|LDD, RD_d, MSA},
{"st.b", "+d,+^(d)", 0x78000024, 0xfc00003f, RD_VD|SM, RD_d, MSA},
{"st.h", "+d,+#(d)", 0x78000025, 0xfc00003f, RD_VD|SM, RD_d, MSA},
{"st.w", "+d,+$(d)", 0x78000026, 0xfc00003f, RD_VD|SM, RD_d, MSA},
{"st.d", "+d,+%(d)", 0x78000027, 0xfc00003f, RD_VD|SM, RD_d, MSA},
{"sat_s.b", "+d,+e,+7", 0x7870000a, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"sat_s.h", "+d,+e,+8", 0x7860000a, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"sat_s.w", "+d,+e,+9", 0x7840000a, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"sat_s.d", "+d,+e,'", 0x7800000a, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"sat_u.b", "+d,+e,+7", 0x78f0000a, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"sat_u.h", "+d,+e,+8", 0x78e0000a, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"sat_u.w", "+d,+e,+9", 0x78c0000a, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"sat_u.d", "+d,+e,'", 0x7880000a, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"add_a.b", "+d,+e,+f", 0x78000010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"add_a.h", "+d,+e,+f", 0x78200010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"add_a.w", "+d,+e,+f", 0x78400010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"add_a.d", "+d,+e,+f", 0x78600010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_a.b", "+d,+e,+f", 0x78800010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_a.h", "+d,+e,+f", 0x78a00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_a.w", "+d,+e,+f", 0x78c00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_a.d", "+d,+e,+f", 0x78e00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_s.b", "+d,+e,+f", 0x79000010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_s.h", "+d,+e,+f", 0x79200010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_s.w", "+d,+e,+f", 0x79400010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_s.d", "+d,+e,+f", 0x79600010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_u.b", "+d,+e,+f", 0x79800010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_u.h", "+d,+e,+f", 0x79a00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_u.w", "+d,+e,+f", 0x79c00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"adds_u.d", "+d,+e,+f", 0x79e00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ave_s.b", "+d,+e,+f", 0x7a000010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ave_s.h", "+d,+e,+f", 0x7a200010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ave_s.w", "+d,+e,+f", 0x7a400010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ave_s.d", "+d,+e,+f", 0x7a600010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ave_u.b", "+d,+e,+f", 0x7a800010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ave_u.h", "+d,+e,+f", 0x7aa00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ave_u.w", "+d,+e,+f", 0x7ac00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ave_u.d", "+d,+e,+f", 0x7ae00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"aver_s.b", "+d,+e,+f", 0x7b000010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"aver_s.h", "+d,+e,+f", 0x7b200010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"aver_s.w", "+d,+e,+f", 0x7b400010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"aver_s.d", "+d,+e,+f", 0x7b600010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"aver_u.b", "+d,+e,+f", 0x7b800010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"aver_u.h", "+d,+e,+f", 0x7ba00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"aver_u.w", "+d,+e,+f", 0x7bc00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"aver_u.d", "+d,+e,+f", 0x7be00010, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subs_s.b", "+d,+e,+f", 0x78000011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subs_s.h", "+d,+e,+f", 0x78200011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subs_s.w", "+d,+e,+f", 0x78400011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subs_s.d", "+d,+e,+f", 0x78600011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subs_u.b", "+d,+e,+f", 0x78800011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subs_u.h", "+d,+e,+f", 0x78a00011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subs_u.w", "+d,+e,+f", 0x78c00011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subs_u.d", "+d,+e,+f", 0x78e00011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subsus_u.b", "+d,+e,+f", 0x79000011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subsus_u.h", "+d,+e,+f", 0x79200011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subsus_u.w", "+d,+e,+f", 0x79400011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subsus_u.d", "+d,+e,+f", 0x79600011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subsuu_s.b", "+d,+e,+f", 0x79800011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subsuu_s.h", "+d,+e,+f", 0x79a00011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subsuu_s.w", "+d,+e,+f", 0x79c00011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"subsuu_s.d", "+d,+e,+f", 0x79e00011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"asub_s.b", "+d,+e,+f", 0x7a000011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"asub_s.h", "+d,+e,+f", 0x7a200011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"asub_s.w", "+d,+e,+f", 0x7a400011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"asub_s.d", "+d,+e,+f", 0x7a600011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"asub_u.b", "+d,+e,+f", 0x7a800011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"asub_u.h", "+d,+e,+f", 0x7aa00011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"asub_u.w", "+d,+e,+f", 0x7ac00011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"asub_u.d", "+d,+e,+f", 0x7ae00011, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mulv.b", "+d,+e,+f", 0x78000012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mulv.h", "+d,+e,+f", 0x78200012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mulv.w", "+d,+e,+f", 0x78400012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mulv.d", "+d,+e,+f", 0x78600012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"maddv.b", "+d,+e,+f", 0x78800012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"maddv.h", "+d,+e,+f", 0x78a00012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"maddv.w", "+d,+e,+f", 0x78c00012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"maddv.d", "+d,+e,+f", 0x78e00012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"msubv.b", "+d,+e,+f", 0x79000012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"msubv.h", "+d,+e,+f", 0x79200012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"msubv.w", "+d,+e,+f", 0x79400012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"msubv.d", "+d,+e,+f", 0x79600012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"div_s.b", "+d,+e,+f", 0x7a000012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"div_s.h", "+d,+e,+f", 0x7a200012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"div_s.w", "+d,+e,+f", 0x7a400012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"div_s.d", "+d,+e,+f", 0x7a600012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"div_u.b", "+d,+e,+f", 0x7a800012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"div_u.h", "+d,+e,+f", 0x7aa00012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"div_u.w", "+d,+e,+f", 0x7ac00012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"div_u.d", "+d,+e,+f", 0x7ae00012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mod_s.b", "+d,+e,+f", 0x7b000012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mod_s.h", "+d,+e,+f", 0x7b200012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mod_s.w", "+d,+e,+f", 0x7b400012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mod_s.d", "+d,+e,+f", 0x7b600012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mod_u.b", "+d,+e,+f", 0x7b800012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mod_u.h", "+d,+e,+f", 0x7ba00012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mod_u.w", "+d,+e,+f", 0x7bc00012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mod_u.d", "+d,+e,+f", 0x7be00012, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dotp_s.h", "+d,+e,+f", 0x78200013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dotp_s.w", "+d,+e,+f", 0x78400013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dotp_s.d", "+d,+e,+f", 0x78600013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dotp_u.h", "+d,+e,+f", 0x78a00013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dotp_u.w", "+d,+e,+f", 0x78c00013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dotp_u.d", "+d,+e,+f", 0x78e00013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpadd_s.h", "+d,+e,+f", 0x79200013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpadd_s.w", "+d,+e,+f", 0x79400013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpadd_s.d", "+d,+e,+f", 0x79600013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpadd_u.h", "+d,+e,+f", 0x79a00013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpadd_u.w", "+d,+e,+f", 0x79c00013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpadd_u.d", "+d,+e,+f", 0x79e00013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpsub_s.h", "+d,+e,+f", 0x7a200013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpsub_s.w", "+d,+e,+f", 0x7a400013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpsub_s.d", "+d,+e,+f", 0x7a600013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpsub_u.h", "+d,+e,+f", 0x7aa00013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpsub_u.w", "+d,+e,+f", 0x7ac00013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"dpsub_u.d", "+d,+e,+f", 0x7ae00013, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"sld.b", "+d,+e[t]", 0x78000014, 0xffe0003f, WR_VD|RD_VS|RD_t, 0, MSA},
{"sld.h", "+d,+e[t]", 0x78200014, 0xffe0003f, WR_VD|RD_VS|RD_t, 0, MSA},
{"sld.w", "+d,+e[t]", 0x78400014, 0xffe0003f, WR_VD|RD_VS|RD_t, 0, MSA},
{"sld.d", "+d,+e[t]", 0x78600014, 0xffe0003f, WR_VD|RD_VS|RD_t, 0, MSA},
{"sldi.b", "+d,+e[+9]", 0x78000019, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"sldi.h", "+d,+e[+8]", 0x78200019, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"sldi.w", "+d,+e[+7]", 0x78300019, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"sldi.d", "+d,+e[+6]", 0x78380019, 0xfffc003f, WR_VD|RD_VS, 0, MSA},
{"splat.b", "+d,+e[t]", 0x78800014, 0xffe0003f, WR_VD|RD_VS|RD_t, 0, MSA},
{"splat.h", "+d,+e[t]", 0x78a00014, 0xffe0003f, WR_VD|RD_VS|RD_t, 0, MSA},
{"splat.w", "+d,+e[t]", 0x78c00014, 0xffe0003f, WR_VD|RD_VS|RD_t, 0, MSA},
{"splat.d", "+d,+e[t]", 0x78e00014, 0xffe0003f, WR_VD|RD_VS|RD_t, 0, MSA},
{"splati.b", "+d,+e[+9]", 0x78400019, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"splati.h", "+d,+e[+8]", 0x78600019, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"splati.w", "+d,+e[+7]", 0x78700019, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"splati.d", "+d,+e[+6]", 0x78780019, 0xfffc003f, WR_VD|RD_VS, 0, MSA},
{"pckev.b", "+d,+e,+f", 0x79000014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"pckev.h", "+d,+e,+f", 0x79200014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"pckev.w", "+d,+e,+f", 0x79400014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"pckev.d", "+d,+e,+f", 0x79600014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"pckod.b", "+d,+e,+f", 0x79800014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"pckod.h", "+d,+e,+f", 0x79a00014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"pckod.w", "+d,+e,+f", 0x79c00014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"pckod.d", "+d,+e,+f", 0x79e00014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvl.b", "+d,+e,+f", 0x7a000014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvl.h", "+d,+e,+f", 0x7a200014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvl.w", "+d,+e,+f", 0x7a400014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvl.d", "+d,+e,+f", 0x7a600014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvr.b", "+d,+e,+f", 0x7a800014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvr.h", "+d,+e,+f", 0x7aa00014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvr.w", "+d,+e,+f", 0x7ac00014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvr.d", "+d,+e,+f", 0x7ae00014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvev.b", "+d,+e,+f", 0x7b000014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvev.h", "+d,+e,+f", 0x7b200014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvev.w", "+d,+e,+f", 0x7b400014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvev.d", "+d,+e,+f", 0x7b600014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvod.b", "+d,+e,+f", 0x7b800014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvod.h", "+d,+e,+f", 0x7ba00014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvod.w", "+d,+e,+f", 0x7bc00014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ilvod.d", "+d,+e,+f", 0x7be00014, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"vshf.b", "+d,+e,+f", 0x78000015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"vshf.h", "+d,+e,+f", 0x78200015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"vshf.w", "+d,+e,+f", 0x78400015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"vshf.d", "+d,+e,+f", 0x78600015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srar.b", "+d,+e,+f", 0x78800015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srar.h", "+d,+e,+f", 0x78a00015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srar.w", "+d,+e,+f", 0x78c00015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srar.d", "+d,+e,+f", 0x78e00015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srari.b", "+d,+e,+7", 0x7970000a, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"srari.h", "+d,+e,+8", 0x7960000a, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"srari.w", "+d,+e,+9", 0x7940000a, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"srari.d", "+d,+e,'", 0x7900000a, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"srlr.b", "+d,+e,+f", 0x79000015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srlr.h", "+d,+e,+f", 0x79200015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srlr.w", "+d,+e,+f", 0x79400015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srlr.d", "+d,+e,+f", 0x79600015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"srlri.b", "+d,+e,+7", 0x79f0000a, 0xfff8003f, WR_VD|RD_VS, 0, MSA},
{"srlri.h", "+d,+e,+8", 0x79e0000a, 0xfff0003f, WR_VD|RD_VS, 0, MSA},
{"srlri.w", "+d,+e,+9", 0x79c0000a, 0xffe0003f, WR_VD|RD_VS, 0, MSA},
{"srlri.d", "+d,+e,'", 0x7980000a, 0xffc0003f, WR_VD|RD_VS, 0, MSA},
{"hadd_s.h", "+d,+e,+f", 0x7a200015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"hadd_s.w", "+d,+e,+f", 0x7a400015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"hadd_s.d", "+d,+e,+f", 0x7a600015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"hadd_u.h", "+d,+e,+f", 0x7aa00015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"hadd_u.w", "+d,+e,+f", 0x7ac00015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"hadd_u.d", "+d,+e,+f", 0x7ae00015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"hsub_s.h", "+d,+e,+f", 0x7b200015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"hsub_s.w", "+d,+e,+f", 0x7b400015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"hsub_s.d", "+d,+e,+f", 0x7b600015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"hsub_u.h", "+d,+e,+f", 0x7ba00015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"hsub_u.w", "+d,+e,+f", 0x7bc00015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"hsub_u.d", "+d,+e,+f", 0x7be00015, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"and.v", "+d,+e,+f", 0x7800001e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"andi.b", "+d,+e,5", 0x78000000, 0xff00003f, WR_VD|RD_VS, 0, MSA},
{"or.v", "+d,+e,+f", 0x7820001e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ori.b", "+d,+e,5", 0x79000000, 0xff00003f, WR_VD|RD_VS, 0, MSA},
{"nor.v", "+d,+e,+f", 0x7840001e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"nori.b", "+d,+e,5", 0x7a000000, 0xff00003f, WR_VD|RD_VS, 0, MSA},
{"xor.v", "+d,+e,+f", 0x7860001e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"xori.b", "+d,+e,5", 0x7b000000, 0xff00003f, WR_VD|RD_VS, 0, MSA},
{"bmnz.v", "+d,+e,+f", 0x7880001e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bmnzi.b", "+d,+e,5", 0x78000001, 0xff00003f, WR_VD|RD_VS, 0, MSA},
{"bmz.v", "+d,+e,+f", 0x78a0001e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bmzi.b", "+d,+e,5", 0x79000001, 0xff00003f, WR_VD|RD_VS, 0, MSA},
{"bsel.v", "+d,+e,+f", 0x78c0001e, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"bseli.b", "+d,+e,5", 0x7a000001, 0xff00003f, WR_VD|RD_VS, 0, MSA},
{"shf.b", "+d,+e,5", 0x78000002, 0xff00003f, WR_VD|RD_VS, 0, MSA},
{"shf.h", "+d,+e,5", 0x79000002, 0xff00003f, WR_VD|RD_VS, 0, MSA},
{"shf.w", "+d,+e,5", 0x7a000002, 0xff00003f, WR_VD|RD_VS, 0, MSA},
{"bnz.v", "+f,p", 0x45e00000, 0xffe00000, CBD|RD_VT, 0, MSA},
{"bz.v", "+f,p", 0x45600000, 0xffe00000, CBD|RD_VT, 0, MSA},
{"fill.b", "+d,d", 0x7b00001e, 0xffff003f, WR_VD, RD_d, MSA},
{"fill.h", "+d,d", 0x7b01001e, 0xffff003f, WR_VD, RD_d, MSA},
{"fill.w", "+d,d", 0x7b02001e, 0xffff003f, WR_VD, RD_d, MSA},
{"fill.d", "+d,d", 0x7b03001e, 0xffff003f, WR_VD, RD_d, MSA64},
{"pcnt.b", "+d,+e", 0x7b04001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"pcnt.h", "+d,+e", 0x7b05001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"pcnt.w", "+d,+e", 0x7b06001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"pcnt.d", "+d,+e", 0x7b07001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"nloc.b", "+d,+e", 0x7b08001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"nloc.h", "+d,+e", 0x7b09001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"nloc.w", "+d,+e", 0x7b0a001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"nloc.d", "+d,+e", 0x7b0b001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"nlzc.b", "+d,+e", 0x7b0c001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"nlzc.h", "+d,+e", 0x7b0d001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"nlzc.w", "+d,+e", 0x7b0e001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"nlzc.d", "+d,+e", 0x7b0f001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"copy_s.b", "+i,+e[+9]", 0x78800019, 0xffe0003f, RD_VS, RD_rd6, MSA},
{"copy_s.h", "+i,+e[+8]", 0x78a00019, 0xfff0003f, RD_VS, RD_rd6, MSA},
{"copy_s.w", "+i,+e[+7]", 0x78b00019, 0xfff8003f, RD_VS, RD_rd6, MSA},
{"copy_s.d", "+i,+e[+6]", 0x78b80019, 0xfffc003f, RD_VS, RD_rd6, MSA64},
{"copy_u.b", "+i,+e[+9]", 0x78c00019, 0xffe0003f, RD_VS, RD_rd6, MSA},
{"copy_u.h", "+i,+e[+8]", 0x78e00019, 0xfff0003f, RD_VS, RD_rd6, MSA},
{"copy_u.w", "+i,+e[+7]", 0x78f00019, 0xfff8003f, RD_VS, RD_rd6, MSA},
{"copy_u.d", "+i,+e[+6]", 0x78f80019, 0xfffc003f, RD_VS, RD_rd6, MSA64},
{"insert.b", "+d[+9],d", 0x79000019, 0xffe0003f, WR_VD|RD_VD, RD_d, MSA},
{"insert.h", "+d[+8],d", 0x79200019, 0xfff0003f, WR_VD|RD_VD, RD_d, MSA},
{"insert.w", "+d[+7],d", 0x79300019, 0xfff8003f, WR_VD|RD_VD, RD_d, MSA},
{"insert.d", "+d[+6],d", 0x79380019, 0xfffc003f, WR_VD|RD_VD, RD_d, MSA64},
{"insve.b", "+d[+9],+e[+~]", 0x79400019, 0xffe0003f, WR_VD|RD_VD|RD_VS, 0, MSA},
{"insve.h", "+d[+8],+e[+~]", 0x79600019, 0xfff0003f, WR_VD|RD_VD|RD_VS, 0, MSA},
{"insve.w", "+d[+7],+e[+~]", 0x79700019, 0xfff8003f, WR_VD|RD_VD|RD_VS, 0, MSA},
{"insve.d", "+d[+6],+e[+~]", 0x79780019, 0xfffc003f, WR_VD|RD_VD|RD_VS, 0, MSA},
{"bnz.b", "+f,p", 0x47800000, 0xffe00000, CBD|RD_VT, 0, MSA},
{"bnz.h", "+f,p", 0x47a00000, 0xffe00000, CBD|RD_VT, 0, MSA},
{"bnz.w", "+f,p", 0x47c00000, 0xffe00000, CBD|RD_VT, 0, MSA},
{"bnz.d", "+f,p", 0x47e00000, 0xffe00000, CBD|RD_VT, 0, MSA},
{"bz.b", "+f,p", 0x47000000, 0xffe00000, CBD|RD_VT, 0, MSA},
{"bz.h", "+f,p", 0x47200000, 0xffe00000, CBD|RD_VT, 0, MSA},
{"bz.w", "+f,p", 0x47400000, 0xffe00000, CBD|RD_VT, 0, MSA},
{"bz.d", "+f,p", 0x47600000, 0xffe00000, CBD|RD_VT, 0, MSA},
{"ldi.b", "+d,+0", 0x7b000007, 0xffe0003f, WR_VD, 0, MSA},
{"ldi.h", "+d,+0", 0x7b200007, 0xffe0003f, WR_VD, 0, MSA},
{"ldi.w", "+d,+0", 0x7b400007, 0xffe0003f, WR_VD, 0, MSA},
{"ldi.d", "+d,+0", 0x7b600007, 0xffe0003f, WR_VD, 0, MSA},
{"fcaf.w", "+d,+e,+f", 0x7800001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcaf.d", "+d,+e,+f", 0x7820001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcun.w", "+d,+e,+f", 0x7840001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcun.d", "+d,+e,+f", 0x7860001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fceq.w", "+d,+e,+f", 0x7880001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fceq.d", "+d,+e,+f", 0x78a0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcueq.w", "+d,+e,+f", 0x78c0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcueq.d", "+d,+e,+f", 0x78e0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fclt.w", "+d,+e,+f", 0x7900001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fclt.d", "+d,+e,+f", 0x7920001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcult.w", "+d,+e,+f", 0x7940001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcult.d", "+d,+e,+f", 0x7960001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcle.w", "+d,+e,+f", 0x7980001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcle.d", "+d,+e,+f", 0x79a0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcule.w", "+d,+e,+f", 0x79c0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcule.d", "+d,+e,+f", 0x79e0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsaf.w", "+d,+e,+f", 0x7a00001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsaf.d", "+d,+e,+f", 0x7a20001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsun.w", "+d,+e,+f", 0x7a40001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsun.d", "+d,+e,+f", 0x7a60001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fseq.w", "+d,+e,+f", 0x7a80001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fseq.d", "+d,+e,+f", 0x7aa0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsueq.w", "+d,+e,+f", 0x7ac0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsueq.d", "+d,+e,+f", 0x7ae0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fslt.w", "+d,+e,+f", 0x7b00001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fslt.d", "+d,+e,+f", 0x7b20001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsult.w", "+d,+e,+f", 0x7b40001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsult.d", "+d,+e,+f", 0x7b60001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsle.w", "+d,+e,+f", 0x7b80001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsle.d", "+d,+e,+f", 0x7ba0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsule.w", "+d,+e,+f", 0x7bc0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsule.d", "+d,+e,+f", 0x7be0001a, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fadd.w", "+d,+e,+f", 0x7800001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fadd.d", "+d,+e,+f", 0x7820001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsub.w", "+d,+e,+f", 0x7840001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsub.d", "+d,+e,+f", 0x7860001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmul.w", "+d,+e,+f", 0x7880001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmul.d", "+d,+e,+f", 0x78a0001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fdiv.w", "+d,+e,+f", 0x78c0001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fdiv.d", "+d,+e,+f", 0x78e0001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmadd.w", "+d,+e,+f", 0x7900001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmadd.d", "+d,+e,+f", 0x7920001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmsub.w", "+d,+e,+f", 0x7940001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmsub.d", "+d,+e,+f", 0x7960001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fexp2.w", "+d,+e,+f", 0x79c0001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fexp2.d", "+d,+e,+f", 0x79e0001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fexdo.h", "+d,+e,+f", 0x7a00001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fexdo.w", "+d,+e,+f", 0x7a20001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ftq.h", "+d,+e,+f", 0x7a80001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"ftq.w", "+d,+e,+f", 0x7aa0001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmin.w", "+d,+e,+f", 0x7b00001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmin.d", "+d,+e,+f", 0x7b20001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmin_a.w", "+d,+e,+f", 0x7b40001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmin_a.d", "+d,+e,+f", 0x7b60001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmax.w", "+d,+e,+f", 0x7b80001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmax.d", "+d,+e,+f", 0x7ba0001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmax_a.w", "+d,+e,+f", 0x7bc0001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fmax_a.d", "+d,+e,+f", 0x7be0001b, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcor.w", "+d,+e,+f", 0x7840001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcor.d", "+d,+e,+f", 0x7860001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcune.w", "+d,+e,+f", 0x7880001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcune.d", "+d,+e,+f", 0x78a0001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcne.w", "+d,+e,+f", 0x78c0001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fcne.d", "+d,+e,+f", 0x78e0001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mul_q.h", "+d,+e,+f", 0x7900001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mul_q.w", "+d,+e,+f", 0x7920001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"madd_q.h", "+d,+e,+f", 0x7940001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"madd_q.w", "+d,+e,+f", 0x7960001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"msub_q.h", "+d,+e,+f", 0x7980001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"msub_q.w", "+d,+e,+f", 0x79a0001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsor.w", "+d,+e,+f", 0x7a40001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsor.d", "+d,+e,+f", 0x7a60001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsune.w", "+d,+e,+f", 0x7a80001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsune.d", "+d,+e,+f", 0x7aa0001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsne.w", "+d,+e,+f", 0x7ac0001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fsne.d", "+d,+e,+f", 0x7ae0001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mulr_q.h", "+d,+e,+f", 0x7b00001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"mulr_q.w", "+d,+e,+f", 0x7b20001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"maddr_q.h", "+d,+e,+f", 0x7b40001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"maddr_q.w", "+d,+e,+f", 0x7b60001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"msubr_q.h", "+d,+e,+f", 0x7b80001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"msubr_q.w", "+d,+e,+f", 0x7ba0001c, 0xffe0003f, WR_VD|RD_VS|RD_VT, 0, MSA},
{"fclass.w", "+d,+e", 0x7b20001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"fclass.d", "+d,+e", 0x7b21001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"fsqrt.w", "+d,+e", 0x7b26001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"fsqrt.d", "+d,+e", 0x7b27001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"frsqrt.w", "+d,+e", 0x7b28001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"frsqrt.d", "+d,+e", 0x7b29001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"frcp.w", "+d,+e", 0x7b2a001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"frcp.d", "+d,+e", 0x7b2b001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"frint.w", "+d,+e", 0x7b2c001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"frint.d", "+d,+e", 0x7b2d001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"flog2.w", "+d,+e", 0x7b2e001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"flog2.d", "+d,+e", 0x7b2f001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"fexupl.w", "+d,+e", 0x7b30001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"fexupl.d", "+d,+e", 0x7b31001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"fexupr.w", "+d,+e", 0x7b32001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"fexupr.d", "+d,+e", 0x7b33001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ffql.w", "+d,+e", 0x7b34001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ffql.d", "+d,+e", 0x7b35001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ffqr.w", "+d,+e", 0x7b36001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ffqr.d", "+d,+e", 0x7b37001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ftint_s.w", "+d,+e", 0x7b38001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ftint_s.d", "+d,+e", 0x7b39001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ftint_u.w", "+d,+e", 0x7b3a001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ftint_u.d", "+d,+e", 0x7b3b001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ffint_s.w", "+d,+e", 0x7b3c001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ffint_s.d", "+d,+e", 0x7b3d001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ffint_u.w", "+d,+e", 0x7b3e001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ffint_u.d", "+d,+e", 0x7b3f001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ftrunc_s.w", "+d,+e", 0x7b40001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ftrunc_s.d", "+d,+e", 0x7b41001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ftrunc_u.w", "+d,+e", 0x7b42001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ftrunc_u.d", "+d,+e", 0x7b43001e, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"ctcmsa", "+h,d", 0x783e0019, 0xffff003f, COD, RD_d, MSA},
{"cfcmsa", "+i,+g", 0x787e0019, 0xffff003f, COD, 0, MSA},
{"move.v", "+d,+e", 0x78be0019, 0xffff003f, WR_VD|RD_VS, 0, MSA},
{"lsa", "d,v,t,+@", 0x00000005, 0xfc00073f, WR_d|RD_s|RD_t, 0, MSA},
{"dlsa", "d,v,t,+@", 0x00000015, 0xfc00073f, WR_d|RD_s|RD_t, 0, MSA64},
{"pref", "k,o(b)", 0xcc000000, 0xfc000000, RD_b, 0, I4|I32|G3 },
{"prefx", "h,t(b)", 0x4c00000f, 0xfc0007ff, RD_b|RD_t, 0, I4|I33 },
{"nop", "", 0x00000000, 0xffffffff, 0, INSN2_ALIAS, I1 }, /* sll */
@@ -2410,6 +2986,8 @@ const struct mips_opcode mips_builtin_opcodes[] =
{"tlbp", "", 0x42000008, 0xffffffff, INSN_TLB, 0, I1 },
{"tlbr", "", 0x42000001, 0xffffffff, INSN_TLB, 0, I1 },
{"tlbwi", "", 0x42000002, 0xffffffff, INSN_TLB, 0, I1 },
{"tlbinv", "", 0x42000003, 0xffffffff, INSN_TLB, 0, I32 },
{"tlbinvf", "", 0x42000004, 0xffffffff, INSN_TLB, 0, I32 },
{"tlbwr", "", 0x42000006, 0xffffffff, INSN_TLB, 0, I1 },
{"tlti", "s,j", 0x040a0000, 0xfc1f0000, RD_s|TRAP, 0, I2 },
{"tlt", "s,t", 0x00000032, 0xfc00ffff, RD_s|RD_t|TRAP, 0, I2 },
@@ -2933,6 +3511,7 @@ struct mips_cp0sel_name
const char * const name;
};
#if 0
/* The mips16 registers. */
static const unsigned int mips16_to_32_reg_map[] =
{
@@ -2940,7 +3519,7 @@ static const unsigned int mips16_to_32_reg_map[] =
};
#define mips16_reg_names(rn) mips_gpr_names[mips16_to_32_reg_map[rn]]
#endif
static const char * const mips_gpr_names_numeric[32] =
{
@@ -2998,6 +3577,13 @@ static const char * const mips_fpr_names_64[32] =
"fs0", "fs1", "fs2", "fs3", "fs4", "fs5", "fs6", "fs7"
};
static const char * const mips_wr_names[32] = {
"w0", "w1", "w2", "w3", "w4", "w5", "w6", "w7",
"w8", "w9", "w10", "w11", "w12", "w13", "w14", "w15",
"w16", "w17", "w18", "w19", "w20", "w21", "w22", "w23",
"w24", "w25", "w26", "w27", "w28", "w29", "w30", "w31"
};
static const char * const mips_cp0_names_numeric[32] =
{
"$0", "$1", "$2", "$3", "$4", "$5", "$6", "$7",
@@ -3216,6 +3802,13 @@ static const char * const mips_hwr_names_mips3264r2[32] =
"$24", "$25", "$26", "$27", "$28", "$29", "$30", "$31"
};
static const char * const mips_msa_control_names_mips3264r2[32] = {
"MSAIR", "MSACSR", "$2", "$3", "$4", "$5", "$6", "$7",
"$8", "$9", "$10", "$11", "$12", "$13", "$14", "$15",
"$16", "$17", "$18", "$19", "$20", "$21", "$22", "$23",
"$24", "$25", "$26", "$27", "$28", "$29", "$30", "$31"
};
struct mips_abi_choice
{
const char *name;
@@ -3333,7 +3926,7 @@ static const struct mips_arch_choice mips_arch_choices[] =
{ "mips32r2", 1, bfd_mach_mipsisa32r2, CPU_MIPS32R2,
(ISA_MIPS32R2 | INSN_MIPS16 | INSN_SMARTMIPS | INSN_DSP | INSN_DSPR2
| INSN_MIPS3D | INSN_MT),
| INSN_MIPS3D | INSN_MT | INSN_MSA),
mips_cp0_names_mips3264r2,
mips_cp0sel_names_mips3264r2, ARRAY_SIZE (mips_cp0sel_names_mips3264r2),
mips_hwr_names_mips3264r2 },
@@ -3687,6 +4280,89 @@ print_insn_args (const char *d,
(l >> OP_SH_UDI4) & OP_MASK_UDI4);
break;
case '5': /* 5-bit signed immediate in bit 16 */
delta = ((l >> OP_SH_RT) & OP_MASK_RT);
if (delta & 0x10) { /* test sign bit */
delta |= ~OP_MASK_RT;
}
(*info->fprintf_func) (info->stream, "%d", delta);
break;
case '6':
(*info->fprintf_func) (info->stream, "0x%lx",
(l >> OP_SH_2BIT) & OP_MASK_2BIT);
break;
case '7':
(*info->fprintf_func) (info->stream, "0x%lx",
(l >> OP_SH_3BIT) & OP_MASK_3BIT);
break;
case '8':
(*info->fprintf_func) (info->stream, "0x%lx",
(l >> OP_SH_4BIT) & OP_MASK_4BIT);
break;
case '9':
(*info->fprintf_func) (info->stream, "0x%lx",
(l >> OP_SH_5BIT) & OP_MASK_5BIT);
break;
case ':':
(*info->fprintf_func) (info->stream, "0x%lx",
(l >> OP_SH_1BIT) & OP_MASK_1BIT);
break;
case '!': /* 10-bit pc-relative target in bit 11 */
delta = ((l >> OP_SH_10BIT) & OP_MASK_10BIT);
if (delta & 0x200) { /* test sign bit */
delta |= ~OP_MASK_10BIT;
}
info->target = (delta << 2) + pc + INSNLEN;
(*info->print_address_func) (info->target, info);
break;
case '~':
(*info->fprintf_func) (info->stream, "0");
break;
case '@':
(*info->fprintf_func) (info->stream, "0x%lx",
((l >> OP_SH_1_TO_4) & OP_MASK_1_TO_4)+1);
break;
case '^': /* 10-bit signed immediate << 0 in bit 16 */
delta = ((l >> OP_SH_IMM10) & OP_MASK_IMM10);
if (delta & 0x200) { /* test sign bit */
delta |= ~OP_MASK_IMM10;
}
(*info->fprintf_func) (info->stream, "%d", delta);
break;
case '#': /* 10-bit signed immediate << 1 in bit 16 */
delta = ((l >> OP_SH_IMM10) & OP_MASK_IMM10);
if (delta & 0x200) { /* test sign bit */
delta |= ~OP_MASK_IMM10;
}
(*info->fprintf_func) (info->stream, "%d", delta << 1);
break;
case '$': /* 10-bit signed immediate << 2 in bit 16 */
delta = ((l >> OP_SH_IMM10) & OP_MASK_IMM10);
if (delta & 0x200) { /* test sign bit */
delta |= ~OP_MASK_IMM10;
}
(*info->fprintf_func) (info->stream, "%d", delta << 2);
break;
case '%': /* 10-bit signed immediate << 3 in bit 16 */
delta = ((l >> OP_SH_IMM10) & OP_MASK_IMM10);
if (delta & 0x200) { /* test sign bit */
delta |= ~OP_MASK_IMM10;
}
(*info->fprintf_func) (info->stream, "%d", delta << 3);
break;
case 'C':
case 'H':
msbd = (l >> OP_SH_EXTMSBD) & OP_MASK_EXTMSBD;
@@ -3794,6 +4470,38 @@ print_insn_args (const char *d,
break;
}
case 'd':
(*info->fprintf_func) (info->stream, "%s",
mips_wr_names[(l >> OP_SH_FD) & OP_MASK_FD]);
break;
case 'e':
(*info->fprintf_func) (info->stream, "%s",
mips_wr_names[(l >> OP_SH_FS) & OP_MASK_FS]);
break;
case 'f':
(*info->fprintf_func) (info->stream, "%s",
mips_wr_names[(l >> OP_SH_FT) & OP_MASK_FT]);
break;
case 'g':
(*info->fprintf_func) (info->stream, "%s",
mips_msa_control_names_mips3264r2[(l >> OP_SH_MSACR11)
& OP_MASK_MSACR11]);
break;
case 'h':
(*info->fprintf_func) (info->stream, "%s",
mips_msa_control_names_mips3264r2[(l >> OP_SH_MSACR6)
& OP_MASK_MSACR6]);
break;
case 'i':
(*info->fprintf_func) (info->stream, "%s",
mips_gpr_names[(l >> OP_SH_GPR) & OP_MASK_GPR]);
break;
default:
/* xgettext:c-format */
(*info->fprintf_func) (info->stream,

View File

@@ -44,6 +44,8 @@ PCI devices (other than virtio):
1b36:0002 PCI serial port (16550A) adapter (docs/specs/pci-serial.txt)
1b36:0003 PCI Dual-port 16550A adapter (docs/specs/pci-serial.txt)
1b36:0004 PCI Quad-port 16550A adapter (docs/specs/pci-serial.txt)
1b36:0005 PCI test device (docs/specs/pci-testdev.txt)
1b36:0007 PCI SD Card Host Controller Interface (SDHCI)
All these devices are documented in docs/specs.

View File

@@ -139,12 +139,12 @@ events are not tightly coupled to a specific trace backend, such as LTTng or
SystemTap. Support for trace backends can be added by extending the "tracetool"
script.
The trace backend is chosen at configure time and only one trace backend can
be built into the binary:
The trace backends are chosen at configure time:
./configure --trace-backends=simple
./configure --enable-trace-backends=simple
For a list of supported trace backends, try ./configure --help or see below.
If multiple backends are enabled, the trace is sent to them all.
The following subsections describe the supported trace backends.

View File

@@ -71,6 +71,14 @@ encoded buffer:
encoded length 24
e9 07 0f 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 03 01 67 01 01 69
Cache update strategy
=====================
Keeping the hot pages in the cache is effective for decreased cache
misses. XBZRLE uses a counter as the age of each page. The counter will
increase after each ram dirty bitmap sync. When a cache conflict is
detected, XBZRLE will only evict pages in the cache that are older than
a threshold.
Usage
======================
1. Verify the destination QEMU version is able to decode the new format.

192
exec.c
View File

@@ -75,6 +75,11 @@ static MemoryRegion io_mem_unassigned;
/* RAM is mmap-ed with MAP_SHARED */
#define RAM_SHARED (1 << 1)
/* Only a portion of RAM (used_length) is actually used, and migrated.
* This used_length size can change across reboots.
*/
#define RAM_RESIZEABLE (1 << 2)
#endif
struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
@@ -434,7 +439,7 @@ static int cpu_common_pre_load(void *opaque)
{
CPUState *cpu = opaque;
cpu->exception_index = 0;
cpu->exception_index = -1;
return 0;
}
@@ -443,7 +448,7 @@ static bool cpu_common_exception_index_needed(void *opaque)
{
CPUState *cpu = opaque;
return cpu->exception_index != 0;
return tcg_enabled() && cpu->exception_index != -1;
}
static const VMStateDescription vmstate_cpu_common_exception_index = {
@@ -548,7 +553,6 @@ void cpu_exec_init(CPUArchState *env)
}
}
#if defined(TARGET_HAS_ICE)
#if defined(CONFIG_USER_ONLY)
static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
{
@@ -564,7 +568,6 @@ static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
}
}
#endif
#endif /* TARGET_HAS_ICE */
#if defined(CONFIG_USER_ONLY)
void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
@@ -684,7 +687,6 @@ static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
CPUBreakpoint **breakpoint)
{
#if defined(TARGET_HAS_ICE)
CPUBreakpoint *bp;
bp = g_malloc(sizeof(*bp));
@@ -705,15 +707,11 @@ int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
*breakpoint = bp;
}
return 0;
#else
return -ENOSYS;
#endif
}
/* Remove a specific breakpoint. */
int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
{
#if defined(TARGET_HAS_ICE)
CPUBreakpoint *bp;
QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
@@ -723,27 +721,21 @@ int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
}
}
return -ENOENT;
#else
return -ENOSYS;
#endif
}
/* Remove a specific breakpoint by reference. */
void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
{
#if defined(TARGET_HAS_ICE)
QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
breakpoint_invalidate(cpu, breakpoint->pc);
g_free(breakpoint);
#endif
}
/* Remove all matching breakpoints. */
void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
{
#if defined(TARGET_HAS_ICE)
CPUBreakpoint *bp, *next;
QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
@@ -751,14 +743,12 @@ void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
cpu_breakpoint_remove_by_ref(cpu, bp);
}
}
#endif
}
/* enable or disable single step mode. EXCP_DEBUG is returned by the
CPU loop after each instruction */
void cpu_single_step(CPUState *cpu, int enabled)
{
#if defined(TARGET_HAS_ICE)
if (cpu->singlestep_enabled != enabled) {
cpu->singlestep_enabled = enabled;
if (kvm_enabled()) {
@@ -770,7 +760,6 @@ void cpu_single_step(CPUState *cpu, int enabled)
tb_flush(env);
}
}
#endif
}
void cpu_abort(CPUState *cpu, const char *fmt, ...)
@@ -812,11 +801,11 @@ static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
/* The list is protected by the iothread lock here. */
block = ram_list.mru_block;
if (block && addr - block->offset < block->length) {
if (block && addr - block->offset < block->max_length) {
goto found;
}
QTAILQ_FOREACH(block, &ram_list.blocks, next) {
if (addr - block->offset < block->length) {
if (addr - block->offset < block->max_length) {
goto found;
}
}
@@ -840,7 +829,7 @@ static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
block = qemu_get_ram_block(start);
assert(block == qemu_get_ram_block(end - 1));
start1 = (uintptr_t)block->host + (start - block->offset);
start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
cpu_tlb_reset_dirty_all(start1, length);
}
@@ -850,7 +839,7 @@ void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
{
if (length == 0)
return;
cpu_physical_memory_clear_dirty_range(start, length, client);
cpu_physical_memory_clear_dirty_range_type(start, length, client);
if (tcg_enabled()) {
tlb_reset_dirty_range_all(start, length);
@@ -909,14 +898,15 @@ static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
uint16_t section);
static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
qemu_anon_ram_alloc;
/*
* Set a custom physical guest memory alloator.
* Accelerators with unusual needs may need this. Hopefully, we can
* get rid of it eventually.
*/
void phys_mem_set_alloc(void *(*alloc)(size_t))
void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
{
phys_mem_alloc = alloc;
}
@@ -1098,6 +1088,7 @@ static void *file_ram_alloc(RAMBlock *block,
error_propagate(errp, local_err);
goto error;
}
block->mr->align = hpagesize;
if (memory < hpagesize) {
error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
@@ -1184,7 +1175,7 @@ static ram_addr_t find_ram_offset(ram_addr_t size)
QTAILQ_FOREACH(block, &ram_list.blocks, next) {
ram_addr_t end, next = RAM_ADDR_MAX;
end = block->offset + block->length;
end = block->offset + block->max_length;
QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
if (next_block->offset >= end) {
@@ -1212,7 +1203,7 @@ ram_addr_t last_ram_offset(void)
ram_addr_t last = 0;
QTAILQ_FOREACH(block, &ram_list.blocks, next)
last = MAX(last, block->offset + block->length);
last = MAX(last, block->offset + block->max_length);
return last;
}
@@ -1294,6 +1285,49 @@ static int memory_try_enable_merging(void *addr, size_t len)
return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
}
/* Only legal before guest might have detected the memory size: e.g. on
* incoming migration, or right after reset.
*
* As memory core doesn't know how is memory accessed, it is up to
* resize callback to update device state and/or add assertions to detect
* misuse, if necessary.
*/
int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
{
RAMBlock *block = find_ram_block(base);
assert(block);
if (block->used_length == newsize) {
return 0;
}
if (!(block->flags & RAM_RESIZEABLE)) {
error_setg_errno(errp, EINVAL,
"Length mismatch: %s: 0x" RAM_ADDR_FMT
" in != 0x" RAM_ADDR_FMT, block->idstr,
newsize, block->used_length);
return -EINVAL;
}
if (block->max_length < newsize) {
error_setg_errno(errp, EINVAL,
"Length too large: %s: 0x" RAM_ADDR_FMT
" > 0x" RAM_ADDR_FMT, block->idstr,
newsize, block->max_length);
return -EINVAL;
}
cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
block->used_length = newsize;
cpu_physical_memory_set_dirty_range(block->offset, block->used_length);
memory_region_set_size(block->mr, newsize);
if (block->resized) {
block->resized(block->idstr, newsize, block->host);
}
return 0;
}
static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
{
RAMBlock *block;
@@ -1303,13 +1337,15 @@ static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
/* This assumes the iothread lock is taken here too. */
qemu_mutex_lock_ramlist();
new_block->offset = find_ram_offset(new_block->length);
new_block->offset = find_ram_offset(new_block->max_length);
if (!new_block->host) {
if (xen_enabled()) {
xen_ram_alloc(new_block->offset, new_block->length, new_block->mr);
xen_ram_alloc(new_block->offset, new_block->max_length,
new_block->mr);
} else {
new_block->host = phys_mem_alloc(new_block->length);
new_block->host = phys_mem_alloc(new_block->max_length,
&new_block->mr->align);
if (!new_block->host) {
error_setg_errno(errp, errno,
"cannot set up guest memory '%s'",
@@ -1317,13 +1353,13 @@ static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
qemu_mutex_unlock_ramlist();
return -1;
}
memory_try_enable_merging(new_block->host, new_block->length);
memory_try_enable_merging(new_block->host, new_block->max_length);
}
}
/* Keep the list sorted from biggest to smallest block. */
QTAILQ_FOREACH(block, &ram_list.blocks, next) {
if (block->length < new_block->length) {
if (block->max_length < new_block->max_length) {
break;
}
}
@@ -1347,14 +1383,15 @@ static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
old_ram_size, new_ram_size);
}
}
cpu_physical_memory_set_dirty_range(new_block->offset, new_block->length);
cpu_physical_memory_set_dirty_range(new_block->offset,
new_block->used_length);
qemu_ram_setup_dump(new_block->host, new_block->length);
qemu_madvise(new_block->host, new_block->length, QEMU_MADV_HUGEPAGE);
qemu_madvise(new_block->host, new_block->length, QEMU_MADV_DONTFORK);
qemu_ram_setup_dump(new_block->host, new_block->max_length);
qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
if (kvm_enabled()) {
kvm_setup_guest_memory(new_block->host, new_block->length);
kvm_setup_guest_memory(new_block->host, new_block->max_length);
}
return new_block->offset;
@@ -1388,7 +1425,8 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
size = TARGET_PAGE_ALIGN(size);
new_block = g_malloc0(sizeof(*new_block));
new_block->mr = mr;
new_block->length = size;
new_block->used_length = size;
new_block->max_length = size;
new_block->flags = share ? RAM_SHARED : 0;
new_block->host = file_ram_alloc(new_block, size,
mem_path, errp);
@@ -1407,7 +1445,12 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
}
#endif
ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
static
ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
void (*resized)(const char*,
uint64_t length,
void *host),
void *host, bool resizeable,
MemoryRegion *mr, Error **errp)
{
RAMBlock *new_block;
@@ -1415,14 +1458,21 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
Error *local_err = NULL;
size = TARGET_PAGE_ALIGN(size);
max_size = TARGET_PAGE_ALIGN(max_size);
new_block = g_malloc0(sizeof(*new_block));
new_block->mr = mr;
new_block->length = size;
new_block->resized = resized;
new_block->used_length = size;
new_block->max_length = max_size;
assert(max_size >= size);
new_block->fd = -1;
new_block->host = host;
if (host) {
new_block->flags |= RAM_PREALLOC;
}
if (resizeable) {
new_block->flags |= RAM_RESIZEABLE;
}
addr = ram_block_add(new_block, &local_err);
if (local_err) {
g_free(new_block);
@@ -1432,9 +1482,24 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
return addr;
}
ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
MemoryRegion *mr, Error **errp)
{
return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
}
ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
{
return qemu_ram_alloc_from_ptr(size, NULL, mr, errp);
return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
}
ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
void (*resized)(const char*,
uint64_t length,
void *host),
MemoryRegion *mr, Error **errp)
{
return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
}
void qemu_ram_free_from_ptr(ram_addr_t addr)
@@ -1472,11 +1537,11 @@ void qemu_ram_free(ram_addr_t addr)
xen_invalidate_map_cache_entry(block->host);
#ifndef _WIN32
} else if (block->fd >= 0) {
munmap(block->host, block->length);
munmap(block->host, block->max_length);
close(block->fd);
#endif
} else {
qemu_anon_ram_free(block->host, block->length);
qemu_anon_ram_free(block->host, block->max_length);
}
g_free(block);
break;
@@ -1496,8 +1561,8 @@ void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
QTAILQ_FOREACH(block, &ram_list.blocks, next) {
offset = addr - block->offset;
if (offset < block->length) {
vaddr = block->host + offset;
if (offset < block->max_length) {
vaddr = ramblock_ptr(block, offset);
if (block->flags & RAM_PREALLOC) {
;
} else if (xen_enabled()) {
@@ -1548,7 +1613,7 @@ void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
{
RAMBlock *block = qemu_get_ram_block(addr);
return block->host;
return ramblock_ptr(block, 0);
}
/* Return a host pointer to ram allocated with qemu_ram_alloc.
@@ -1572,10 +1637,10 @@ void *qemu_get_ram_ptr(ram_addr_t addr)
return xen_map_cache(addr, 0, 0);
} else if (block->host == NULL) {
block->host =
xen_map_cache(block->offset, block->length, 1);
xen_map_cache(block->offset, block->max_length, 1);
}
}
return block->host + (addr - block->offset);
return ramblock_ptr(block, addr - block->offset);
}
/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
@@ -1591,10 +1656,10 @@ static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
RAMBlock *block;
QTAILQ_FOREACH(block, &ram_list.blocks, next) {
if (addr - block->offset < block->length) {
if (addr - block->offset + *size > block->length)
*size = block->length - addr + block->offset;
return block->host + (addr - block->offset);
if (addr - block->offset < block->max_length) {
if (addr - block->offset + *size > block->max_length)
*size = block->max_length - addr + block->offset;
return ramblock_ptr(block, addr - block->offset);
}
}
@@ -1616,7 +1681,7 @@ MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
}
block = ram_list.mru_block;
if (block && block->host && host - block->host < block->length) {
if (block && block->host && host - block->host < block->max_length) {
goto found;
}
@@ -1625,7 +1690,7 @@ MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
if (block->host == NULL) {
continue;
}
if (host - block->host < block->length) {
if (host - block->host < block->max_length) {
goto found;
}
}
@@ -1765,7 +1830,7 @@ static uint64_t subpage_read(void *opaque, hwaddr addr,
unsigned len)
{
subpage_t *subpage = opaque;
uint8_t buf[4];
uint8_t buf[8];
#if defined(DEBUG_SUBPAGE)
printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
@@ -1779,6 +1844,8 @@ static uint64_t subpage_read(void *opaque, hwaddr addr,
return lduw_p(buf);
case 4:
return ldl_p(buf);
case 8:
return ldq_p(buf);
default:
abort();
}
@@ -1788,7 +1855,7 @@ static void subpage_write(void *opaque, hwaddr addr,
uint64_t value, unsigned len)
{
subpage_t *subpage = opaque;
uint8_t buf[4];
uint8_t buf[8];
#if defined(DEBUG_SUBPAGE)
printf("%s: subpage %p len %u addr " TARGET_FMT_plx
@@ -1805,6 +1872,9 @@ static void subpage_write(void *opaque, hwaddr addr,
case 4:
stl_p(buf, value);
break;
case 8:
stq_p(buf, value);
break;
default:
abort();
}
@@ -1827,6 +1897,10 @@ static bool subpage_accepts(void *opaque, hwaddr addr,
static const MemoryRegionOps subpage_ops = {
.read = subpage_read,
.write = subpage_write,
.impl.min_access_size = 1,
.impl.max_access_size = 8,
.valid.min_access_size = 1,
.valid.max_access_size = 8,
.valid.accepts = subpage_accepts,
.endianness = DEVICE_NATIVE_ENDIAN,
};
@@ -2066,10 +2140,8 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
static void invalidate_and_set_dirty(hwaddr addr,
hwaddr length)
{
if (cpu_physical_memory_is_clean(addr)) {
/* invalidate code */
tb_invalidate_phys_page_range(addr, addr + length, 0);
/* set dirty bit */
if (cpu_physical_memory_range_includes_clean(addr, length)) {
tb_invalidate_phys_range(addr, addr + length, 0);
cpu_physical_memory_set_dirty_range_nocode(addr, length);
}
xen_modified_memory(addr, length);
@@ -2872,7 +2944,7 @@ void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
RAMBlock *block;
QTAILQ_FOREACH(block, &ram_list.blocks, next) {
func(block->host, block->offset, block->length, opaque);
func(block->host, block->offset, block->used_length, opaque);
}
}
#endif

View File

@@ -317,6 +317,8 @@ static GDBState *gdbserver_state;
bool gdb_has_xml;
int semihosting_target = SEMIHOSTING_TARGET_AUTO;
#ifdef CONFIG_USER_ONLY
/* XXX: This is not thread safe. Do we care? */
static int gdbserver_fd = -1;
@@ -351,10 +353,19 @@ static enum {
GDB_SYS_DISABLED,
} gdb_syscall_mode;
/* If gdb is connected when the first semihosting syscall occurs then use
remote gdb syscalls. Otherwise use native file IO. */
/* Decide if either remote gdb syscalls or native file IO should be used. */
int use_gdb_syscalls(void)
{
if (semihosting_target == SEMIHOSTING_TARGET_NATIVE) {
/* -semihosting-config target=native */
return false;
} else if (semihosting_target == SEMIHOSTING_TARGET_GDB) {
/* -semihosting-config target=gdb */
return true;
}
/* -semihosting-config target=auto */
/* On the first call check if gdb is connected and remember. */
if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
: GDB_SYS_DISABLED);
@@ -823,7 +834,10 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
action = *p++;
signal = 0;
if (action == 'C' || action == 'S') {
signal = strtoul(p, (char **)&p, 16);
signal = gdb_signal_to_target(strtoul(p, (char **)&p, 16));
if (signal == -1) {
signal = 0;
}
} else if (action != 'c' && action != 's') {
res = 0;
break;

233
hmp.c
View File

@@ -290,14 +290,131 @@ void hmp_info_cpus(Monitor *mon, const QDict *qdict)
qapi_free_CpuInfoList(cpu_list);
}
static void print_block_info(Monitor *mon, BlockInfo *info,
BlockDeviceInfo *inserted, bool verbose)
{
ImageInfo *image_info;
assert(!info || !info->has_inserted || info->inserted == inserted);
if (info) {
monitor_printf(mon, "%s", info->device);
if (inserted && inserted->has_node_name) {
monitor_printf(mon, " (%s)", inserted->node_name);
}
} else {
assert(inserted);
monitor_printf(mon, "%s",
inserted->has_node_name
? inserted->node_name
: "<anonymous>");
}
if (inserted) {
monitor_printf(mon, ": %s (%s%s%s)\n",
inserted->file,
inserted->drv,
inserted->ro ? ", read-only" : "",
inserted->encrypted ? ", encrypted" : "");
} else {
monitor_printf(mon, ": [not inserted]\n");
}
if (info) {
if (info->has_io_status && info->io_status != BLOCK_DEVICE_IO_STATUS_OK) {
monitor_printf(mon, " I/O status: %s\n",
BlockDeviceIoStatus_lookup[info->io_status]);
}
if (info->removable) {
monitor_printf(mon, " Removable device: %slocked, tray %s\n",
info->locked ? "" : "not ",
info->tray_open ? "open" : "closed");
}
}
if (!inserted) {
return;
}
monitor_printf(mon, " Cache mode: %s%s%s\n",
inserted->cache->writeback ? "writeback" : "writethrough",
inserted->cache->direct ? ", direct" : "",
inserted->cache->no_flush ? ", ignore flushes" : "");
if (inserted->has_backing_file) {
monitor_printf(mon,
" Backing file: %s "
"(chain depth: %" PRId64 ")\n",
inserted->backing_file,
inserted->backing_file_depth);
}
if (inserted->detect_zeroes != BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF) {
monitor_printf(mon, " Detect zeroes: %s\n",
BlockdevDetectZeroesOptions_lookup[inserted->detect_zeroes]);
}
if (inserted->bps || inserted->bps_rd || inserted->bps_wr ||
inserted->iops || inserted->iops_rd || inserted->iops_wr)
{
monitor_printf(mon, " I/O throttling: bps=%" PRId64
" bps_rd=%" PRId64 " bps_wr=%" PRId64
" bps_max=%" PRId64
" bps_rd_max=%" PRId64
" bps_wr_max=%" PRId64
" iops=%" PRId64 " iops_rd=%" PRId64
" iops_wr=%" PRId64
" iops_max=%" PRId64
" iops_rd_max=%" PRId64
" iops_wr_max=%" PRId64
" iops_size=%" PRId64 "\n",
inserted->bps,
inserted->bps_rd,
inserted->bps_wr,
inserted->bps_max,
inserted->bps_rd_max,
inserted->bps_wr_max,
inserted->iops,
inserted->iops_rd,
inserted->iops_wr,
inserted->iops_max,
inserted->iops_rd_max,
inserted->iops_wr_max,
inserted->iops_size);
}
if (verbose) {
monitor_printf(mon, "\nImages:\n");
image_info = inserted->image;
while (1) {
bdrv_image_info_dump((fprintf_function)monitor_printf,
mon, image_info);
if (image_info->has_backing_image) {
image_info = image_info->backing_image;
} else {
break;
}
}
}
}
void hmp_info_block(Monitor *mon, const QDict *qdict)
{
BlockInfoList *block_list, *info;
ImageInfo *image_info;
BlockDeviceInfoList *blockdev_list, *blockdev;
const char *device = qdict_get_try_str(qdict, "device");
bool verbose = qdict_get_try_bool(qdict, "verbose", 0);
bool nodes = qdict_get_try_bool(qdict, "nodes", 0);
bool printed = false;
block_list = qmp_query_block(NULL);
/* Print BlockBackend information */
if (!nodes) {
block_list = qmp_query_block(false);
} else {
block_list = NULL;
}
for (info = block_list; info; info = info->next) {
if (device && strcmp(device, info->value->device)) {
@@ -308,102 +425,40 @@ void hmp_info_block(Monitor *mon, const QDict *qdict)
monitor_printf(mon, "\n");
}
monitor_printf(mon, "%s", info->value->device);
if (info->value->has_inserted) {
monitor_printf(mon, ": %s (%s%s%s)\n",
info->value->inserted->file,
info->value->inserted->drv,
info->value->inserted->ro ? ", read-only" : "",
info->value->inserted->encrypted ? ", encrypted" : "");
} else {
monitor_printf(mon, ": [not inserted]\n");
}
if (info->value->has_io_status && info->value->io_status != BLOCK_DEVICE_IO_STATUS_OK) {
monitor_printf(mon, " I/O status: %s\n",
BlockDeviceIoStatus_lookup[info->value->io_status]);
}
if (info->value->removable) {
monitor_printf(mon, " Removable device: %slocked, tray %s\n",
info->value->locked ? "" : "not ",
info->value->tray_open ? "open" : "closed");
}
if (!info->value->has_inserted) {
continue;
}
if (info->value->inserted->has_backing_file) {
monitor_printf(mon,
" Backing file: %s "
"(chain depth: %" PRId64 ")\n",
info->value->inserted->backing_file,
info->value->inserted->backing_file_depth);
}
if (info->value->inserted->detect_zeroes != BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF) {
monitor_printf(mon, " Detect zeroes: %s\n",
BlockdevDetectZeroesOptions_lookup[info->value->inserted->detect_zeroes]);
}
if (info->value->inserted->bps
|| info->value->inserted->bps_rd
|| info->value->inserted->bps_wr
|| info->value->inserted->iops
|| info->value->inserted->iops_rd
|| info->value->inserted->iops_wr)
{
monitor_printf(mon, " I/O throttling: bps=%" PRId64
" bps_rd=%" PRId64 " bps_wr=%" PRId64
" bps_max=%" PRId64
" bps_rd_max=%" PRId64
" bps_wr_max=%" PRId64
" iops=%" PRId64 " iops_rd=%" PRId64
" iops_wr=%" PRId64
" iops_max=%" PRId64
" iops_rd_max=%" PRId64
" iops_wr_max=%" PRId64
" iops_size=%" PRId64 "\n",
info->value->inserted->bps,
info->value->inserted->bps_rd,
info->value->inserted->bps_wr,
info->value->inserted->bps_max,
info->value->inserted->bps_rd_max,
info->value->inserted->bps_wr_max,
info->value->inserted->iops,
info->value->inserted->iops_rd,
info->value->inserted->iops_wr,
info->value->inserted->iops_max,
info->value->inserted->iops_rd_max,
info->value->inserted->iops_wr_max,
info->value->inserted->iops_size);
}
if (verbose) {
monitor_printf(mon, "\nImages:\n");
image_info = info->value->inserted->image;
while (1) {
bdrv_image_info_dump((fprintf_function)monitor_printf,
mon, image_info);
if (image_info->has_backing_image) {
image_info = image_info->backing_image;
} else {
break;
}
}
}
print_block_info(mon, info->value, info->value->has_inserted
? info->value->inserted : NULL,
verbose);
printed = true;
}
qapi_free_BlockInfoList(block_list);
if ((!device && !nodes) || printed) {
return;
}
/* Print node information */
blockdev_list = qmp_query_named_block_nodes(NULL);
for (blockdev = blockdev_list; blockdev; blockdev = blockdev->next) {
assert(blockdev->value->has_node_name);
if (device && strcmp(device, blockdev->value->node_name)) {
continue;
}
if (blockdev != blockdev_list) {
monitor_printf(mon, "\n");
}
print_block_info(mon, NULL, blockdev->value, verbose);
}
qapi_free_BlockDeviceInfoList(blockdev_list);
}
void hmp_info_blockstats(Monitor *mon, const QDict *qdict)
{
BlockStatsList *stats_list, *stats;
stats_list = qmp_query_blockstats(NULL);
stats_list = qmp_query_blockstats(false, false, NULL);
for (stats = stats_list; stats; stats = stats->next) {
if (!stats->value->has_device) {

View File

@@ -14,6 +14,7 @@
#include "fsdev/qemu-fsdev.h"
#include "qemu/thread.h"
#include "qemu/event_notifier.h"
#include "block/coroutine.h"
#include "virtio-9p-coth.h"
@@ -26,15 +27,11 @@ void co_run_in_worker_bh(void *opaque)
g_thread_pool_push(v9fs_pool.pool, co, NULL);
}
static void v9fs_qemu_process_req_done(void *arg)
static void v9fs_qemu_process_req_done(EventNotifier *e)
{
char byte;
ssize_t len;
Coroutine *co;
do {
len = read(v9fs_pool.rfd, &byte, sizeof(byte));
} while (len == -1 && errno == EINTR);
event_notifier_test_and_clear(e);
while ((co = g_async_queue_try_pop(v9fs_pool.completed)) != NULL) {
qemu_coroutine_enter(co, NULL);
@@ -43,22 +40,18 @@ static void v9fs_qemu_process_req_done(void *arg)
static void v9fs_thread_routine(gpointer data, gpointer user_data)
{
ssize_t len;
char byte = 0;
Coroutine *co = data;
qemu_coroutine_enter(co, NULL);
g_async_queue_push(v9fs_pool.completed, co);
do {
len = write(v9fs_pool.wfd, &byte, sizeof(byte));
} while (len == -1 && errno == EINTR);
event_notifier_set(&v9fs_pool.e);
}
int v9fs_init_worker_threads(void)
{
int ret = 0;
int notifier_fds[2];
V9fsThPool *p = &v9fs_pool;
sigset_t set, oldset;
@@ -66,10 +59,6 @@ int v9fs_init_worker_threads(void)
/* Leave signal handling to the iothread. */
pthread_sigmask(SIG_SETMASK, &set, &oldset);
if (qemu_pipe(notifier_fds) == -1) {
ret = -1;
goto err_out;
}
p->pool = g_thread_pool_new(v9fs_thread_routine, p, -1, FALSE, NULL);
if (!p->pool) {
ret = -1;
@@ -84,13 +73,9 @@ int v9fs_init_worker_threads(void)
ret = -1;
goto err_out;
}
p->rfd = notifier_fds[0];
p->wfd = notifier_fds[1];
event_notifier_init(&p->e, 0);
fcntl(p->rfd, F_SETFL, O_NONBLOCK);
fcntl(p->wfd, F_SETFL, O_NONBLOCK);
qemu_set_fd_handler(p->rfd, v9fs_qemu_process_req_done, NULL, NULL);
event_notifier_set_handler(&p->e, v9fs_qemu_process_req_done);
err_out:
pthread_sigmask(SIG_SETMASK, &oldset, NULL);
return ret;

View File

@@ -21,8 +21,8 @@
#include <glib.h>
typedef struct V9fsThPool {
int rfd;
int wfd;
EventNotifier e;
GThreadPool *pool;
GAsyncQueue *completed;
} V9fsThPool;

View File

@@ -26,6 +26,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += ssi/
devices-dirs-$(CONFIG_SOFTMMU) += timer/
devices-dirs-$(CONFIG_TPM) += tpm/
devices-dirs-$(CONFIG_SOFTMMU) += usb/
devices-dirs-$(CONFIG_SOFTMMU) += vfio/
devices-dirs-$(CONFIG_VIRTIO) += virtio/
devices-dirs-$(CONFIG_SOFTMMU) += watchdog/
devices-dirs-$(CONFIG_SOFTMMU) += xen/

View File

@@ -376,8 +376,11 @@ static void acpi_notify_wakeup(Notifier *notifier, void *data)
/* ACPI PM1a EVT */
uint16_t acpi_pm1_evt_get_sts(ACPIREGS *ar)
{
int64_t d = acpi_pm_tmr_get_clock();
if (d >= ar->tmr.overflow_time) {
/* Compare ns-clock, not PM timer ticks, because
acpi_pm_tmr_update function uses ns for setting the timer. */
int64_t d = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
if (d >= muldiv64(ar->tmr.overflow_time,
get_ticks_per_sec(), PM_TIMER_FREQUENCY)) {
ar->pm1.evt.sts |= ACPI_BITMASK_TIMER_STATUS;
}
return ar->pm1.evt.sts;

View File

@@ -36,6 +36,7 @@
#include "hw/mem/pc-dimm.h"
#include "hw/acpi/memory_hotplug.h"
#include "hw/acpi/acpi_dev_interface.h"
#include "hw/xen/xen.h"
//#define DEBUG
@@ -501,6 +502,9 @@ I2CBus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
s->irq = sci_irq;
s->smi_irq = smi_irq;
s->kvm_enabled = kvm_enabled;
if (xen_enabled()) {
s->use_acpi_pci_hotplug = false;
}
qdev_init_nofail(dev);

View File

@@ -329,6 +329,8 @@ static void set_kernel_args_old(const struct arm_boot_info *info)
* Returns: the size of the device tree image on success,
* 0 if the image size exceeds the limit,
* -1 on errors.
*
* Note: Must not be called unless have_dtb(binfo) is true.
*/
static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
hwaddr addr_limit)
@@ -352,7 +354,7 @@ static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
goto fail;
}
g_free(filename);
} else if (binfo->get_dtb) {
} else {
fdt = binfo->get_dtb(binfo, &size);
if (!fdt) {
fprintf(stderr, "Board was unable to create a dtb blob\n");
@@ -455,6 +457,16 @@ static void do_cpu_reset(void *opaque)
env->thumb = info->entry & 1;
}
} else {
/* If we are booting Linux then we need to check whether we are
* booting into secure or non-secure state and adjust the state
* accordingly. Out of reset, ARM is defined to be in secure state
* (SCR.NS = 0), we change that here if non-secure boot has been
* requested.
*/
if (arm_feature(env, ARM_FEATURE_EL3) && !info->secure_boot) {
env->cp15.scr_el3 |= SCR_NS;
}
if (CPU(cpu) == first_cpu) {
if (env->aarch64) {
env->pc = info->loader_start;
@@ -476,6 +488,55 @@ static void do_cpu_reset(void *opaque)
}
}
/**
* load_image_to_fw_cfg() - Load an image file into an fw_cfg entry identified
* by key.
* @fw_cfg: The firmware config instance to store the data in.
* @size_key: The firmware config key to store the size of the loaded
* data under, with fw_cfg_add_i32().
* @data_key: The firmware config key to store the loaded data under,
* with fw_cfg_add_bytes().
* @image_name: The name of the image file to load. If it is NULL, the
* function returns without doing anything.
* @try_decompress: Whether the image should be decompressed (gunzipped) before
* adding it to fw_cfg. If decompression fails, the image is
* loaded as-is.
*
* In case of failure, the function prints an error message to stderr and the
* process exits with status 1.
*/
static void load_image_to_fw_cfg(FWCfgState *fw_cfg, uint16_t size_key,
uint16_t data_key, const char *image_name,
bool try_decompress)
{
size_t size = -1;
uint8_t *data;
if (image_name == NULL) {
return;
}
if (try_decompress) {
size = load_image_gzipped_buffer(image_name,
LOAD_IMAGE_MAX_GUNZIP_BYTES, &data);
}
if (size == (size_t)-1) {
gchar *contents;
gsize length;
if (!g_file_get_contents(image_name, &contents, &length, NULL)) {
fprintf(stderr, "failed to load \"%s\"\n", image_name);
exit(1);
}
size = length;
data = (uint8_t *)contents;
}
fw_cfg_add_i32(fw_cfg, size_key, size);
fw_cfg_add_bytes(fw_cfg, data_key, data, size);
}
void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
{
CPUState *cs;
@@ -498,19 +559,48 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
}
/* Load the kernel. */
if (!info->kernel_filename) {
if (!info->kernel_filename || info->firmware_loaded) {
if (have_dtb(info)) {
/* If we have a device tree blob, but no kernel to supply it to,
* copy it to the base of RAM for a bootloader to pick up.
/* If we have a device tree blob, but no kernel to supply it to (or
* the kernel is supposed to be loaded by the bootloader), copy the
* DTB to the base of RAM for the bootloader to pick up.
*/
if (load_dtb(info->loader_start, info, 0) < 0) {
exit(1);
}
}
/* If no kernel specified, do nothing; we will start from address 0
* (typically a boot ROM image) in the same way as hardware.
if (info->kernel_filename) {
FWCfgState *fw_cfg;
bool try_decompressing_kernel;
fw_cfg = fw_cfg_find();
try_decompressing_kernel = arm_feature(&cpu->env,
ARM_FEATURE_AARCH64);
/* Expose the kernel, the command line, and the initrd in fw_cfg.
* We don't process them here at all, it's all left to the
* firmware.
*/
load_image_to_fw_cfg(fw_cfg,
FW_CFG_KERNEL_SIZE, FW_CFG_KERNEL_DATA,
info->kernel_filename,
try_decompressing_kernel);
load_image_to_fw_cfg(fw_cfg,
FW_CFG_INITRD_SIZE, FW_CFG_INITRD_DATA,
info->initrd_filename, false);
if (info->kernel_cmdline) {
fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE,
strlen(info->kernel_cmdline) + 1);
fw_cfg_add_string(fw_cfg, FW_CFG_CMDLINE_DATA,
info->kernel_cmdline);
}
}
/* We will start from address 0 (typically a boot ROM image) in the
* same way as hardware.
*/
return;
}

View File

@@ -152,6 +152,17 @@ Exynos4210State *exynos4210_init(MemoryRegion *system_mem,
Object *cpuobj = object_new(object_class_get_name(cpu_oc));
Error *err = NULL;
/* By default A9 CPUs have EL3 enabled. This board does not currently
* support EL3 so the CPU EL3 property is disabled before realization.
*/
if (object_property_find(cpuobj, "has_el3", NULL)) {
object_property_set_bool(cpuobj, false, "has_el3", &err);
if (err) {
error_report("%s", error_get_pretty(err));
exit(1);
}
}
s->cpu[n] = ARM_CPU(cpuobj);
object_property_set_int(cpuobj, EXYNOS4210_SMP_PRIVATE_BASE_ADDR,
"reset-cbar", &error_abort);

View File

@@ -241,6 +241,18 @@ static void calxeda_init(MachineState *machine, enum cxmachines machine_id)
cpuobj = object_new(object_class_get_name(oc));
cpu = ARM_CPU(cpuobj);
/* By default A9 and A15 CPUs have EL3 enabled. This board does not
* currently support EL3 so the CPU EL3 property is disabled before
* realization.
*/
if (object_property_find(cpuobj, "has_el3", NULL)) {
object_property_set_bool(cpuobj, false, "has_el3", &err);
if (err) {
error_report("%s", error_get_pretty(err));
exit(1);
}
}
if (object_property_find(cpuobj, "reset-cbar", NULL)) {
object_property_set_int(cpuobj, MPCORE_PERIPHBASE,
"reset-cbar", &error_abort);

View File

@@ -15,6 +15,7 @@
#include "net/net.h"
#include "exec/address-spaces.h"
#include "sysemu/sysemu.h"
#include "qemu/error-report.h"
#define TYPE_INTEGRATOR_CM "integrator_core"
#define INTEGRATOR_CM(obj) \
@@ -469,6 +470,8 @@ static void integratorcp_init(MachineState *machine)
const char *kernel_filename = machine->kernel_filename;
const char *kernel_cmdline = machine->kernel_cmdline;
const char *initrd_filename = machine->initrd_filename;
ObjectClass *cpu_oc;
Object *cpuobj;
ARMCPU *cpu;
MemoryRegion *address_space_mem = get_system_memory();
MemoryRegion *ram = g_new(MemoryRegion, 1);
@@ -476,16 +479,40 @@ static void integratorcp_init(MachineState *machine)
qemu_irq pic[32];
DeviceState *dev;
int i;
Error *err = NULL;
if (!cpu_model) {
cpu_model = "arm926";
}
cpu = cpu_arm_init(cpu_model);
if (!cpu) {
cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
if (!cpu_oc) {
fprintf(stderr, "Unable to find CPU definition\n");
exit(1);
}
cpuobj = object_new(object_class_get_name(cpu_oc));
/* By default ARM1176 CPUs have EL3 enabled. This board does not
* currently support EL3 so the CPU EL3 property is disabled before
* realization.
*/
if (object_property_find(cpuobj, "has_el3", NULL)) {
object_property_set_bool(cpuobj, false, "has_el3", &err);
if (err) {
error_report("%s", error_get_pretty(err));
exit(1);
}
}
object_property_set_bool(cpuobj, true, "realized", &err);
if (err) {
error_report("%s", error_get_pretty(err));
exit(1);
}
cpu = ARM_CPU(cpuobj);
memory_region_init_ram(ram, NULL, "integrator.ram", ram_size, &error_abort);
vmstate_register_ram_global(ram);
/* ??? On a real system the first 1Mb is mapped as SSRAM or boot flash. */

View File

@@ -1344,7 +1344,7 @@ static void n8x0_init(MachineState *machine,
n8x0_dss_setup(s);
n8x0_cbus_setup(s);
n8x0_uart_setup(s);
if (usb_enabled(false)) {
if (usb_enabled()) {
n8x0_usb_setup(s);
}

View File

@@ -273,10 +273,10 @@ static void pxa2xx_pwrmode_write(CPUARMState *env, const ARMCPRegInfo *ri,
case 3:
s->cpu->env.uncached_cpsr = ARM_CPU_MODE_SVC;
s->cpu->env.daif = PSTATE_A | PSTATE_F | PSTATE_I;
s->cpu->env.cp15.c1_sys = 0;
s->cpu->env.cp15.sctlr_ns = 0;
s->cpu->env.cp15.c1_coproc = 0;
s->cpu->env.cp15.ttbr0_el1 = 0;
s->cpu->env.cp15.c3 = 0;
s->cpu->env.cp15.ttbr0_el[1] = 0;
s->cpu->env.cp15.dacr_ns = 0;
s->pm_regs[PSSR >> 2] |= 0x8; /* Set STS */
s->pm_regs[RCSR >> 2] |= 0x8; /* Set GPR */
@@ -2143,7 +2143,7 @@ PXA2xxState *pxa270_init(MemoryRegion *address_space,
s->ssp[i] = (SSIBus *)qdev_get_child_bus(dev, "ssi");
}
if (usb_enabled(false)) {
if (usb_enabled()) {
sysbus_create_simple("sysbus-ohci", 0x4c000000,
qdev_get_gpio_in(s->pic, PXA2XX_PIC_USBH1));
}
@@ -2276,7 +2276,7 @@ PXA2xxState *pxa255_init(MemoryRegion *address_space, unsigned int sdram_size)
s->ssp[i] = (SSIBus *)qdev_get_child_bus(dev, "ssi");
}
if (usb_enabled(false)) {
if (usb_enabled()) {
sysbus_create_simple("sysbus-ohci", 0x4c000000,
qdev_get_gpio_in(s->pic, PXA2XX_PIC_USBH1));
}

View File

@@ -52,7 +52,7 @@ static void realview_init(MachineState *machine,
CPUARMState *env;
ObjectClass *cpu_oc;
MemoryRegion *sysmem = get_system_memory();
MemoryRegion *ram_lo = g_new(MemoryRegion, 1);
MemoryRegion *ram_lo;
MemoryRegion *ram_hi = g_new(MemoryRegion, 1);
MemoryRegion *ram_alias = g_new(MemoryRegion, 1);
MemoryRegion *ram_hack = g_new(MemoryRegion, 1);
@@ -101,6 +101,18 @@ static void realview_init(MachineState *machine,
Object *cpuobj = object_new(object_class_get_name(cpu_oc));
Error *err = NULL;
/* By default A9,A15 and ARM1176 CPUs have EL3 enabled. This board
* does not currently support EL3 so the CPU EL3 property is disabled
* before realization.
*/
if (object_property_find(cpuobj, "has_el3", NULL)) {
object_property_set_bool(cpuobj, false, "has_el3", &err);
if (err) {
error_report("%s", error_get_pretty(err));
exit(1);
}
}
if (is_pb && is_mpcore) {
object_property_set_int(cpuobj, periphbase, "reset-cbar", &err);
if (err) {
@@ -135,6 +147,7 @@ static void realview_init(MachineState *machine,
if (is_pb && ram_size > 0x20000000) {
/* Core tile RAM. */
ram_lo = g_new(MemoryRegion, 1);
low_ram_size = ram_size - 0x20000000;
ram_size = 0x20000000;
memory_region_init_ram(ram_lo, NULL, "realview.lowmem", low_ram_size,
@@ -248,7 +261,7 @@ static void realview_init(MachineState *machine,
sysbus_connect_irq(busdev, 2, pic[50]);
sysbus_connect_irq(busdev, 3, pic[51]);
pci_bus = (PCIBus *)qdev_get_child_bus(dev, "pci");
if (usb_enabled(false)) {
if (usb_enabled()) {
pci_create_simple(pci_bus, -1, "pci-ohci");
}
n = drive_get_max_bus(IF_SCSI);

View File

@@ -18,6 +18,7 @@
#include "sysemu/block-backend.h"
#include "exec/address-spaces.h"
#include "hw/block/flash.h"
#include "qemu/error-report.h"
#define VERSATILE_FLASH_ADDR 0x34000000
#define VERSATILE_FLASH_SIZE (64 * 1024 * 1024)
@@ -175,6 +176,8 @@ static struct arm_boot_info versatile_binfo;
static void versatile_init(MachineState *machine, int board_id)
{
ObjectClass *cpu_oc;
Object *cpuobj;
ARMCPU *cpu;
MemoryRegion *sysmem = get_system_memory();
MemoryRegion *ram = g_new(MemoryRegion, 1);
@@ -189,15 +192,40 @@ static void versatile_init(MachineState *machine, int board_id)
int n;
int done_smc = 0;
DriveInfo *dinfo;
Error *err = NULL;
if (!machine->cpu_model) {
machine->cpu_model = "arm926";
}
cpu = cpu_arm_init(machine->cpu_model);
if (!cpu) {
cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, machine->cpu_model);
if (!cpu_oc) {
fprintf(stderr, "Unable to find CPU definition\n");
exit(1);
}
cpuobj = object_new(object_class_get_name(cpu_oc));
/* By default ARM1176 CPUs have EL3 enabled. This board does not
* currently support EL3 so the CPU EL3 property is disabled before
* realization.
*/
if (object_property_find(cpuobj, "has_el3", NULL)) {
object_property_set_bool(cpuobj, false, "has_el3", &err);
if (err) {
error_report("%s", error_get_pretty(err));
exit(1);
}
}
object_property_set_bool(cpuobj, true, "realized", &err);
if (err) {
error_report("%s", error_get_pretty(err));
exit(1);
}
cpu = ARM_CPU(cpuobj);
memory_region_init_ram(ram, NULL, "versatile.ram", machine->ram_size,
&error_abort);
vmstate_register_ram_global(ram);
@@ -253,7 +281,7 @@ static void versatile_init(MachineState *machine, int board_id)
pci_nic_init_nofail(nd, pci_bus, "rtl8139", NULL);
}
}
if (usb_enabled(false)) {
if (usb_enabled()) {
pci_create_simple(pci_bus, -1, "pci-ohci");
}
n = drive_get_max_bus(IF_SCSI);

View File

@@ -157,7 +157,27 @@ static hwaddr motherboard_aseries_map[] = {
typedef struct VEDBoardInfo VEDBoardInfo;
typedef void DBoardInitFn(const VEDBoardInfo *daughterboard,
typedef struct {
MachineClass parent;
VEDBoardInfo *daughterboard;
} VexpressMachineClass;
typedef struct {
MachineState parent;
bool secure;
} VexpressMachineState;
#define TYPE_VEXPRESS_MACHINE "vexpress"
#define TYPE_VEXPRESS_A9_MACHINE "vexpress-a9"
#define TYPE_VEXPRESS_A15_MACHINE "vexpress-a15"
#define VEXPRESS_MACHINE(obj) \
OBJECT_CHECK(VexpressMachineState, (obj), TYPE_VEXPRESS_MACHINE)
#define VEXPRESS_MACHINE_GET_CLASS(obj) \
OBJECT_GET_CLASS(VexpressMachineClass, obj, TYPE_VEXPRESS_MACHINE)
#define VEXPRESS_MACHINE_CLASS(klass) \
OBJECT_CLASS_CHECK(VexpressMachineClass, klass, TYPE_VEXPRESS_MACHINE)
typedef void DBoardInitFn(const VexpressMachineState *machine,
ram_addr_t ram_size,
const char *cpu_model,
qemu_irq *pic);
@@ -176,7 +196,7 @@ struct VEDBoardInfo {
};
static void init_cpus(const char *cpu_model, const char *privdev,
hwaddr periphbase, qemu_irq *pic)
hwaddr periphbase, qemu_irq *pic, bool secure)
{
ObjectClass *cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
DeviceState *dev;
@@ -193,6 +213,10 @@ static void init_cpus(const char *cpu_model, const char *privdev,
Object *cpuobj = object_new(object_class_get_name(cpu_oc));
Error *err = NULL;
if (!secure) {
object_property_set_bool(cpuobj, false, "has_el3", NULL);
}
if (object_property_find(cpuobj, "reset-cbar", NULL)) {
object_property_set_int(cpuobj, periphbase,
"reset-cbar", &error_abort);
@@ -232,7 +256,7 @@ static void init_cpus(const char *cpu_model, const char *privdev,
}
}
static void a9_daughterboard_init(const VEDBoardInfo *daughterboard,
static void a9_daughterboard_init(const VexpressMachineState *vms,
ram_addr_t ram_size,
const char *cpu_model,
qemu_irq *pic)
@@ -268,7 +292,7 @@ static void a9_daughterboard_init(const VEDBoardInfo *daughterboard,
memory_region_add_subregion(sysmem, 0x60000000, ram);
/* 0x1e000000 A9MPCore (SCU) private memory region */
init_cpus(cpu_model, "a9mpcore_priv", 0x1e000000, pic);
init_cpus(cpu_model, "a9mpcore_priv", 0x1e000000, pic, vms->secure);
/* Daughterboard peripherals : 0x10020000 .. 0x20000000 */
@@ -322,7 +346,7 @@ static VEDBoardInfo a9_daughterboard = {
.init = a9_daughterboard_init,
};
static void a15_daughterboard_init(const VEDBoardInfo *daughterboard,
static void a15_daughterboard_init(const VexpressMachineState *vms,
ram_addr_t ram_size,
const char *cpu_model,
qemu_irq *pic)
@@ -354,7 +378,7 @@ static void a15_daughterboard_init(const VEDBoardInfo *daughterboard,
memory_region_add_subregion(sysmem, 0x80000000, ram);
/* 0x2c000000 A15MPCore private memory region (GIC) */
init_cpus(cpu_model, "a15mpcore_priv", 0x2c000000, pic);
init_cpus(cpu_model, "a15mpcore_priv", 0x2c000000, pic, vms->secure);
/* A15 daughterboard peripherals: */
@@ -513,9 +537,11 @@ static pflash_t *ve_pflash_cfi01_register(hwaddr base, const char *name,
return OBJECT_CHECK(pflash_t, (dev), "cfi.pflash01");
}
static void vexpress_common_init(VEDBoardInfo *daughterboard,
MachineState *machine)
static void vexpress_common_init(MachineState *machine)
{
VexpressMachineState *vms = VEXPRESS_MACHINE(machine);
VexpressMachineClass *vmc = VEXPRESS_MACHINE_GET_CLASS(machine);
VEDBoardInfo *daughterboard = vmc->daughterboard;;
DeviceState *dev, *sysctl, *pl041;
qemu_irq pic[64];
uint32_t sys_id;
@@ -530,8 +556,7 @@ static void vexpress_common_init(VEDBoardInfo *daughterboard,
const hwaddr *map = daughterboard->motherboard_map;
int i;
daughterboard->init(daughterboard, machine->ram_size, machine->cpu_model,
pic);
daughterboard->init(vms, machine->ram_size, machine->cpu_model, pic);
/*
* If a bios file was provided, attempt to map it into memory
@@ -678,39 +703,99 @@ static void vexpress_common_init(VEDBoardInfo *daughterboard,
daughterboard->bootinfo.smp_bootreg_addr = map[VE_SYSREGS] + 0x30;
daughterboard->bootinfo.gic_cpu_if_addr = daughterboard->gic_cpu_if_addr;
daughterboard->bootinfo.modify_dtb = vexpress_modify_dtb;
/* Indicate that when booting Linux we should be in secure state */
daughterboard->bootinfo.secure_boot = true;
arm_load_kernel(ARM_CPU(first_cpu), &daughterboard->bootinfo);
}
static void vexpress_a9_init(MachineState *machine)
static bool vexpress_get_secure(Object *obj, Error **errp)
{
vexpress_common_init(&a9_daughterboard, machine);
VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
return vms->secure;
}
static void vexpress_a15_init(MachineState *machine)
static void vexpress_set_secure(Object *obj, bool value, Error **errp)
{
vexpress_common_init(&a15_daughterboard, machine);
VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
vms->secure = value;
}
static QEMUMachine vexpress_a9_machine = {
.name = "vexpress-a9",
.desc = "ARM Versatile Express for Cortex-A9",
.init = vexpress_a9_init,
.block_default_type = IF_SCSI,
.max_cpus = 4,
static void vexpress_instance_init(Object *obj)
{
VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
/* EL3 is enabled by default on vexpress */
vms->secure = true;
object_property_add_bool(obj, "secure", vexpress_get_secure,
vexpress_set_secure, NULL);
object_property_set_description(obj, "secure",
"Set on/off to enable/disable the ARM "
"Security Extensions (TrustZone)",
NULL);
}
static void vexpress_class_init(ObjectClass *oc, void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
mc->name = TYPE_VEXPRESS_MACHINE;
mc->desc = "ARM Versatile Express";
mc->init = vexpress_common_init;
mc->block_default_type = IF_SCSI;
mc->max_cpus = 4;
}
static void vexpress_a9_class_init(ObjectClass *oc, void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
VexpressMachineClass *vmc = VEXPRESS_MACHINE_CLASS(oc);
mc->name = TYPE_VEXPRESS_A9_MACHINE;
mc->desc = "ARM Versatile Express for Cortex-A9";
vmc->daughterboard = &a9_daughterboard;;
}
static void vexpress_a15_class_init(ObjectClass *oc, void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
VexpressMachineClass *vmc = VEXPRESS_MACHINE_CLASS(oc);
mc->name = TYPE_VEXPRESS_A15_MACHINE;
mc->desc = "ARM Versatile Express for Cortex-A15";
vmc->daughterboard = &a15_daughterboard;
}
static const TypeInfo vexpress_info = {
.name = TYPE_VEXPRESS_MACHINE,
.parent = TYPE_MACHINE,
.abstract = true,
.instance_size = sizeof(VexpressMachineState),
.instance_init = vexpress_instance_init,
.class_size = sizeof(VexpressMachineClass),
.class_init = vexpress_class_init,
};
static QEMUMachine vexpress_a15_machine = {
.name = "vexpress-a15",
.desc = "ARM Versatile Express for Cortex-A15",
.init = vexpress_a15_init,
.block_default_type = IF_SCSI,
.max_cpus = 4,
static const TypeInfo vexpress_a9_info = {
.name = TYPE_VEXPRESS_A9_MACHINE,
.parent = TYPE_VEXPRESS_MACHINE,
.class_init = vexpress_a9_class_init,
};
static const TypeInfo vexpress_a15_info = {
.name = TYPE_VEXPRESS_A15_MACHINE,
.parent = TYPE_VEXPRESS_MACHINE,
.class_init = vexpress_a15_class_init,
};
static void vexpress_machine_init(void)
{
qemu_register_machine(&vexpress_a9_machine);
qemu_register_machine(&vexpress_a15_machine);
type_register_static(&vexpress_info);
type_register_static(&vexpress_a9_info);
type_register_static(&vexpress_a15_info);
}
machine_init(vexpress_machine_init);

View File

@@ -68,6 +68,7 @@ enum {
VIRT_UART,
VIRT_MMIO,
VIRT_RTC,
VIRT_FW_CFG,
};
typedef struct MemMapEntry {
@@ -86,6 +87,24 @@ typedef struct VirtBoardInfo {
uint32_t clock_phandle;
} VirtBoardInfo;
typedef struct {
MachineClass parent;
VirtBoardInfo *daughterboard;
} VirtMachineClass;
typedef struct {
MachineState parent;
bool secure;
} VirtMachineState;
#define TYPE_VIRT_MACHINE "virt"
#define VIRT_MACHINE(obj) \
OBJECT_CHECK(VirtMachineState, (obj), TYPE_VIRT_MACHINE)
#define VIRT_MACHINE_GET_CLASS(obj) \
OBJECT_GET_CLASS(VirtMachineClass, obj, TYPE_VIRT_MACHINE)
#define VIRT_MACHINE_CLASS(klass) \
OBJECT_CLASS_CHECK(VirtMachineClass, klass, TYPE_VIRT_MACHINE)
/* Addresses and sizes of our components.
* 0..128MB is space for a flash device so we can run bootrom code such as UEFI.
* 128MB..256MB is used for miscellaneous device I/O.
@@ -107,6 +126,7 @@ static const MemMapEntry a15memmap[] = {
[VIRT_GIC_CPU] = { 0x08010000, 0x00010000 },
[VIRT_UART] = { 0x09000000, 0x00001000 },
[VIRT_RTC] = { 0x09010000, 0x00001000 },
[VIRT_FW_CFG] = { 0x09020000, 0x0000000a },
[VIRT_MMIO] = { 0x0a000000, 0x00000200 },
/* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
/* 0x10000000 .. 0x40000000 reserved for PCI */
@@ -389,7 +409,7 @@ static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic)
qemu_fdt_setprop(vbi->fdt, nodename, "clock-names",
clocknames, sizeof(clocknames));
qemu_fdt_setprop_string(vbi->fdt, "/chosen", "linux,stdout-path", nodename);
qemu_fdt_setprop_string(vbi->fdt, "/chosen", "stdout-path", nodename);
g_free(nodename);
}
@@ -519,6 +539,23 @@ static void create_flash(const VirtBoardInfo *vbi)
g_free(nodename);
}
static void create_fw_cfg(const VirtBoardInfo *vbi)
{
hwaddr base = vbi->memmap[VIRT_FW_CFG].base;
hwaddr size = vbi->memmap[VIRT_FW_CFG].size;
char *nodename;
fw_cfg_init_mem_wide(base + 8, base, 8);
nodename = g_strdup_printf("/fw-cfg@%" PRIx64, base);
qemu_fdt_add_subnode(vbi->fdt, nodename);
qemu_fdt_setprop_string(vbi->fdt, nodename,
"compatible", "qemu,fw-cfg-mmio");
qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
2, base, 2, size);
g_free(nodename);
}
static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
{
const VirtBoardInfo *board = (const VirtBoardInfo *)binfo;
@@ -529,6 +566,7 @@ static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
static void machvirt_init(MachineState *machine)
{
VirtMachineState *vms = VIRT_MACHINE(machine);
qemu_irq pic[NUM_IRQS];
MemoryRegion *sysmem = get_system_memory();
int n;
@@ -566,6 +604,10 @@ static void machvirt_init(MachineState *machine)
}
cpuobj = object_new(object_class_get_name(oc));
if (!vms->secure) {
object_property_set_bool(cpuobj, false, "has_el3", NULL);
}
object_property_set_int(cpuobj, QEMU_PSCI_CONDUIT_HVC, "psci-conduit",
NULL);
@@ -604,6 +646,8 @@ static void machvirt_init(MachineState *machine)
*/
create_virtio_devices(vbi, pic);
create_fw_cfg(vbi);
vbi->bootinfo.ram_size = machine->ram_size;
vbi->bootinfo.kernel_filename = machine->kernel_filename;
vbi->bootinfo.kernel_cmdline = machine->kernel_cmdline;
@@ -612,19 +656,60 @@ static void machvirt_init(MachineState *machine)
vbi->bootinfo.board_id = -1;
vbi->bootinfo.loader_start = vbi->memmap[VIRT_MEM].base;
vbi->bootinfo.get_dtb = machvirt_dtb;
vbi->bootinfo.firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0);
arm_load_kernel(ARM_CPU(first_cpu), &vbi->bootinfo);
}
static QEMUMachine machvirt_a15_machine = {
.name = "virt",
.desc = "ARM Virtual Machine",
.init = machvirt_init,
.max_cpus = 8,
static bool virt_get_secure(Object *obj, Error **errp)
{
VirtMachineState *vms = VIRT_MACHINE(obj);
return vms->secure;
}
static void virt_set_secure(Object *obj, bool value, Error **errp)
{
VirtMachineState *vms = VIRT_MACHINE(obj);
vms->secure = value;
}
static void virt_instance_init(Object *obj)
{
VirtMachineState *vms = VIRT_MACHINE(obj);
/* EL3 is enabled by default on virt */
vms->secure = true;
object_property_add_bool(obj, "secure", virt_get_secure,
virt_set_secure, NULL);
object_property_set_description(obj, "secure",
"Set on/off to enable/disable the ARM "
"Security Extensions (TrustZone)",
NULL);
}
static void virt_class_init(ObjectClass *oc, void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
mc->name = TYPE_VIRT_MACHINE;
mc->desc = "ARM Virtual Machine",
mc->init = machvirt_init;
mc->max_cpus = 8;
}
static const TypeInfo machvirt_info = {
.name = TYPE_VIRT_MACHINE,
.parent = TYPE_MACHINE,
.instance_size = sizeof(VirtMachineState),
.instance_init = virt_instance_init,
.class_size = sizeof(VirtMachineClass),
.class_init = virt_class_init,
};
static void machvirt_machine_init(void)
{
qemu_register_machine(&machvirt_a15_machine);
type_register_static(&machvirt_info);
}
machine_init(machvirt_machine_init);

View File

@@ -126,6 +126,18 @@ static void zynq_init(MachineState *machine)
cpu = ARM_CPU(object_new(object_class_get_name(cpu_oc)));
/* By default A9 CPUs have EL3 enabled. This board does not
* currently support EL3 so the CPU EL3 property is disabled before
* realization.
*/
if (object_property_find(OBJECT(cpu), "has_el3", NULL)) {
object_property_set_bool(OBJECT(cpu), false, "has_el3", &err);
if (err) {
error_report("%s", error_get_pretty(err));
exit(1);
}
}
object_property_set_int(OBJECT(cpu), ZYNQ_BOARD_MIDR, "midr", &err);
if (err) {
error_report("%s", error_get_pretty(err));

View File

@@ -197,7 +197,14 @@ void virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf,
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_RESIZE, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_DRIVE_DEL, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_BACKUP_SOURCE, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_COMMIT, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_CHANGE, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_COMMIT_SOURCE, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_COMMIT_TARGET, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_EJECT, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_EXTERNAL_SNAPSHOT, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT_DELETE,
s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_MIRROR, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_STREAM, s->blocker);
blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_REPLACE, s->blocker);

View File

@@ -476,7 +476,8 @@ static uint16_t nvme_get_feature(NvmeCtrl *n, NvmeCmd *cmd, NvmeRequest *req)
switch (dw10) {
case NVME_NUMBER_OF_QUEUES:
req->cqe.result = cpu_to_le32(n->num_queues);
req->cqe.result =
cpu_to_le32((n->num_queues - 1) | ((n->num_queues - 1) << 16));
break;
default:
return NVME_INVALID_FIELD | NVME_DNR;
@@ -490,7 +491,8 @@ static uint16_t nvme_set_feature(NvmeCtrl *n, NvmeCmd *cmd, NvmeRequest *req)
switch (dw10) {
case NVME_NUMBER_OF_QUEUES:
req->cqe.result = cpu_to_le32(n->num_queues);
req->cqe.result =
cpu_to_le32((n->num_queues - 1) | ((n->num_queues - 1) << 16));
break;
default:
return NVME_INVALID_FIELD | NVME_DNR;
@@ -583,8 +585,7 @@ static int nvme_start_ctrl(NvmeCtrl *n)
NVME_CC_IOCQES(n->bar.cc) > NVME_CTRL_CQES_MAX(n->id_ctrl.cqes) ||
NVME_CC_IOSQES(n->bar.cc) < NVME_CTRL_SQES_MIN(n->id_ctrl.sqes) ||
NVME_CC_IOSQES(n->bar.cc) > NVME_CTRL_SQES_MAX(n->id_ctrl.sqes) ||
!NVME_AQA_ASQS(n->bar.aqa) || NVME_AQA_ASQS(n->bar.aqa) > 4095 ||
!NVME_AQA_ACQS(n->bar.aqa) || NVME_AQA_ACQS(n->bar.aqa) > 4095) {
!NVME_AQA_ASQS(n->bar.aqa) || !NVME_AQA_ACQS(n->bar.aqa)) {
return -1;
}
@@ -812,8 +813,9 @@ static int nvme_init(PCIDevice *pci_dev)
NVME_CAP_SET_AMS(n->bar.cap, 1);
NVME_CAP_SET_TO(n->bar.cap, 0xf);
NVME_CAP_SET_CSS(n->bar.cap, 1);
NVME_CAP_SET_MPSMAX(n->bar.cap, 4);
n->bar.vs = 0x00010001;
n->bar.vs = 0x00010100;
n->bar.intmc = n->bar.intms = 0;
for (i = 0; i < n->num_namespaces; i++) {

View File

@@ -688,7 +688,7 @@ typedef struct NvmeCtrl {
NvmeBar bar;
BlockConf conf;
uint16_t page_size;
uint32_t page_size;
uint16_t page_bits;
uint16_t max_prp_ents;
uint16_t cqe_size;

View File

@@ -744,6 +744,7 @@ static void pflash_cfi02_class_init(ObjectClass *klass, void *data)
dc->realize = pflash_cfi02_realize;
dc->props = pflash_cfi02_properties;
set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
}
static const TypeInfo pflash_cfi02_info = {

View File

@@ -59,6 +59,13 @@ struct PersistentGrant {
typedef struct PersistentGrant PersistentGrant;
struct PersistentRegion {
void *addr;
int num;
};
typedef struct PersistentRegion PersistentRegion;
struct ioreq {
blkif_request_t req;
int16_t status;
@@ -118,6 +125,7 @@ struct XenBlkDev {
gboolean feature_discard;
gboolean feature_persistent;
GTree *persistent_gnts;
GSList *persistent_regions;
unsigned int persistent_gnt_count;
unsigned int max_grants;
@@ -177,6 +185,23 @@ static void destroy_grant(gpointer pgnt)
g_free(grant);
}
static void remove_persistent_region(gpointer data, gpointer dev)
{
PersistentRegion *region = data;
struct XenBlkDev *blkdev = dev;
XenGnttab gnt = blkdev->xendev.gnttabdev;
if (xc_gnttab_munmap(gnt, region->addr, region->num) != 0) {
xen_be_printf(&blkdev->xendev, 0,
"xc_gnttab_munmap region %p failed: %s\n",
region->addr, strerror(errno));
}
xen_be_printf(&blkdev->xendev, 3,
"unmapped grant region %p with %d pages\n",
region->addr, region->num);
g_free(region);
}
static struct ioreq *ioreq_start(struct XenBlkDev *blkdev)
{
struct ioreq *ioreq = NULL;
@@ -343,6 +368,7 @@ static int ioreq_map(struct ioreq *ioreq)
void *page[BLKIF_MAX_SEGMENTS_PER_REQUEST];
int i, j, new_maps = 0;
PersistentGrant *grant;
PersistentRegion *region;
/* domids and refs variables will contain the information necessary
* to map the grants that are needed to fulfill this request.
*
@@ -421,7 +447,22 @@ static int ioreq_map(struct ioreq *ioreq)
}
}
}
if (ioreq->blkdev->feature_persistent) {
if (ioreq->blkdev->feature_persistent && new_maps != 0 &&
(!batch_maps || (ioreq->blkdev->persistent_gnt_count + new_maps <=
ioreq->blkdev->max_grants))) {
/*
* If we are using persistent grants and batch mappings only
* add the new maps to the list of persistent grants if the whole
* area can be persistently mapped.
*/
if (batch_maps) {
region = g_malloc0(sizeof(*region));
region->addr = ioreq->pages;
region->num = new_maps;
ioreq->blkdev->persistent_regions = g_slist_append(
ioreq->blkdev->persistent_regions,
region);
}
while ((ioreq->blkdev->persistent_gnt_count < ioreq->blkdev->max_grants)
&& new_maps) {
/* Go through the list of newly mapped grants and add as many
@@ -447,6 +488,7 @@ static int ioreq_map(struct ioreq *ioreq)
grant);
ioreq->blkdev->persistent_gnt_count++;
}
assert(!batch_maps || new_maps == 0);
}
for (i = 0; i < ioreq->v.niov; i++) {
ioreq->v.iov[i].iov_base += (uintptr_t)page[i];
@@ -971,7 +1013,10 @@ static int blk_connect(struct XenDevice *xendev)
blkdev->max_grants = max_requests * BLKIF_MAX_SEGMENTS_PER_REQUEST;
blkdev->persistent_gnts = g_tree_new_full((GCompareDataFunc)int_cmp,
NULL, NULL,
batch_maps ?
(GDestroyNotify)g_free :
(GDestroyNotify)destroy_grant);
blkdev->persistent_regions = NULL;
blkdev->persistent_gnt_count = 0;
}
@@ -1000,6 +1045,26 @@ static void blk_disconnect(struct XenDevice *xendev)
blkdev->cnt_map--;
blkdev->sring = NULL;
}
/*
* Unmap persistent grants before switching to the closed state
* so the frontend can free them.
*
* In the !batch_maps case g_tree_destroy will take care of unmapping
* the grant, but in the batch_maps case we need to iterate over every
* region in persistent_regions and unmap it.
*/
if (blkdev->feature_persistent) {
g_tree_destroy(blkdev->persistent_gnts);
assert(batch_maps || blkdev->persistent_gnt_count == 0);
if (batch_maps) {
blkdev->persistent_gnt_count = 0;
g_slist_foreach(blkdev->persistent_regions,
(GFunc)remove_persistent_region, blkdev);
g_slist_free(blkdev->persistent_regions);
}
blkdev->feature_persistent = false;
}
}
static int blk_free(struct XenDevice *xendev)
@@ -1011,11 +1076,6 @@ static int blk_free(struct XenDevice *xendev)
blk_disconnect(xendev);
}
/* Free persistent grants */
if (blkdev->feature_persistent) {
g_tree_destroy(blkdev->persistent_gnts);
}
while (!QLIST_EMPTY(&blkdev->freelist)) {
ioreq = QLIST_FIRST(&blkdev->freelist);
QLIST_REMOVE(ioreq, list);

View File

@@ -52,7 +52,8 @@ typedef struct SCLPConsoleLM {
* event_pending is set when a newline character is encountered
*
* The maximum command line length is limited by the maximum
* space available in an SCCB
* space available in an SCCB. Line mode console input is sent
* truncated to the guest in case it doesn't fit into the SCCB.
*/
static int chr_can_read(void *opaque)
@@ -61,10 +62,8 @@ static int chr_can_read(void *opaque)
if (scon->event.event_pending) {
return 0;
} else if (SIZE_CONSOLE_BUFFER - scon->length) {
return 1;
}
return 0;
return 1;
}
static void chr_read(void *opaque, const uint8_t *buf, int size)
@@ -78,6 +77,10 @@ static void chr_read(void *opaque, const uint8_t *buf, int size)
sclp_service_interrupt(0);
return;
}
if (scon->length == SIZE_CONSOLE_BUFFER) {
/* Eat the character, but still process CR and LF. */
return;
}
scon->buf[scon->length] = *buf;
scon->length += 1;
if (scon->echo) {
@@ -125,6 +128,7 @@ static int get_console_data(SCLPEvent *event, uint8_t *buf, size_t *size,
cons->length = 0;
/* data provided and no more data pending */
event->event_pending = false;
qemu_notify_event();
return 0;
}

View File

@@ -36,6 +36,7 @@ typedef struct SCLPConsole {
uint32_t iov_bs; /* offset in buf for char layer read operation */
uint32_t iov_data_len; /* length of byte stream in buffer */
uint32_t iov_sclp_rest; /* length of byte stream not read via SCLP */
bool notify; /* qemu_notify_event() req'd if true */
} SCLPConsole;
/* character layer call-back functions */
@@ -44,8 +45,12 @@ typedef struct SCLPConsole {
static int chr_can_read(void *opaque)
{
SCLPConsole *scon = opaque;
int avail = SIZE_BUFFER_VT220 - scon->iov_data_len;
return SIZE_BUFFER_VT220 - scon->iov_data_len;
if (avail == 0) {
scon->notify = true;
}
return avail;
}
/* Send data from a char device over to the guest */
@@ -113,6 +118,10 @@ static void get_console_data(SCLPEvent *event, uint8_t *buf, size_t *size,
cons->iov_sclp += avail;
/* more data pending */
}
if (cons->notify) {
cons->notify = false;
qemu_notify_event();
}
}
static int read_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
@@ -229,6 +238,7 @@ static void console_reset(DeviceState *dev)
scon->iov_bs = 0;
scon->iov_data_len = 0;
scon->iov_sclp_rest = 0;
scon->notify = false;
}
static int console_exit(SCLPEvent *event)

View File

@@ -224,21 +224,23 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
SerialState *s = opaque;
do {
assert(!(s->lsr & UART_LSR_TEMT));
if (s->tsr_retry <= 0) {
assert(!(s->lsr & UART_LSR_THRE));
if (s->fcr & UART_FCR_FE) {
if (fifo8_is_empty(&s->xmit_fifo)) {
return FALSE;
}
assert(!fifo8_is_empty(&s->xmit_fifo));
s->tsr = fifo8_pop(&s->xmit_fifo);
if (!s->xmit_fifo.num) {
s->lsr |= UART_LSR_THRE;
}
} else if ((s->lsr & UART_LSR_THRE)) {
return FALSE;
} else {
s->tsr = s->thr;
s->lsr |= UART_LSR_THRE;
s->lsr &= ~UART_LSR_TEMT;
}
if ((s->lsr & UART_LSR_THRE) && !s->thr_ipending) {
s->thr_ipending = 1;
serial_update_irq(s);
}
}
@@ -256,17 +258,13 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
} else {
s->tsr_retry = 0;
}
/* Transmit another byte if it is already available. It is only
possible when FIFO is enabled and not empty. */
} while ((s->fcr & UART_FCR_FE) && !fifo8_is_empty(&s->xmit_fifo));
} while (!(s->lsr & UART_LSR_THRE));
s->last_xmit_ts = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
if (s->lsr & UART_LSR_THRE) {
s->lsr |= UART_LSR_TEMT;
s->thr_ipending = 1;
serial_update_irq(s);
}
s->lsr |= UART_LSR_TEMT;
return FALSE;
}
@@ -323,10 +321,10 @@ static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
fifo8_pop(&s->xmit_fifo);
}
fifo8_push(&s->xmit_fifo, s->thr);
s->lsr &= ~UART_LSR_TEMT;
}
s->thr_ipending = 0;
s->lsr &= ~UART_LSR_THRE;
s->lsr &= ~UART_LSR_TEMT;
serial_update_irq(s);
if (s->tsr_retry <= 0) {
serial_xmit(NULL, G_IO_OUT, s);
@@ -338,10 +336,12 @@ static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
s->divider = (s->divider & 0x00ff) | (val << 8);
serial_update_parameters(s);
} else {
uint8_t changed = (s->ier ^ val) & 0x0f;
s->ier = val & 0x0f;
/* If the backend device is a real serial port, turn polling of the modem
status lines on physical port on or off depending on UART_IER_MSI state */
if (s->poll_msl >= 0) {
* status lines on physical port on or off depending on UART_IER_MSI state.
*/
if ((changed & UART_IER_MSI) && s->poll_msl >= 0) {
if (s->ier & UART_IER_MSI) {
s->poll_msl = 1;
serial_update_msl(s);
@@ -350,8 +350,27 @@ static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
s->poll_msl = 0;
}
}
if (s->lsr & UART_LSR_THRE) {
s->thr_ipending = 1;
/* Turning on the THRE interrupt on IER can trigger the interrupt
* if LSR.THRE=1, even if it had been masked before by reading IIR.
* This is not in the datasheet, but Windows relies on it. It is
* unclear if THRE has to be resampled every time THRI becomes
* 1, or only on the rising edge. Bochs does the latter, and Windows
* always toggles IER to all zeroes and back to all ones, so do the
* same.
*
* If IER.THRI is zero, thr_ipending is not used. Set it to zero
* so that the thr_ipending subsection is not migrated.
*/
if (changed & UART_IER_THRI) {
if ((s->ier & UART_IER_THRI) && (s->lsr & UART_LSR_THRE)) {
s->thr_ipending = 1;
} else {
s->thr_ipending = 0;
}
}
if (changed) {
serial_update_irq(s);
}
}
@@ -365,12 +384,15 @@ static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
/* FIFO clear */
if (val & UART_FCR_RFR) {
s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
timer_del(s->fifo_timeout_timer);
s->timeout_ipending = 0;
fifo8_reset(&s->recv_fifo);
}
if (val & UART_FCR_XFR) {
s->lsr |= UART_LSR_THRE;
s->thr_ipending = 1;
fifo8_reset(&s->xmit_fifo);
}
@@ -623,8 +645,17 @@ static int serial_post_load(void *opaque, int version_id)
static bool serial_thr_ipending_needed(void *opaque)
{
SerialState *s = opaque;
bool expected_value = ((s->iir & UART_IIR_ID) == UART_IIR_THRI);
return s->thr_ipending != expected_value;
if (s->ier & UART_IER_THRI) {
bool expected_value = ((s->iir & UART_IIR_ID) == UART_IIR_THRI);
return s->thr_ipending != expected_value;
} else {
/* LSR.THRE will be sampled again when the interrupt is
* enabled. thr_ipending is not used in this case, do
* not migrate it.
*/
return false;
}
}
const VMStateDescription vmstate_serial_thr_ipending = {

View File

@@ -482,10 +482,14 @@ static uint32_t get_features(VirtIODevice *vdev, uint32_t features)
/* Guest requested config info */
static void get_config(VirtIODevice *vdev, uint8_t *config_data)
{
VirtIOSerial *vser;
VirtIOSerial *vser = VIRTIO_SERIAL(vdev);
struct virtio_console_config *config =
(struct virtio_console_config *)config_data;
vser = VIRTIO_SERIAL(vdev);
memcpy(config_data, &vser->config, sizeof(struct virtio_console_config));
config->cols = 0;
config->rows = 0;
config->max_nr_ports = virtio_tswap32(vdev,
vser->serial.max_virtserial_ports);
}
static void guest_reset(VirtIOSerial *vser)
@@ -533,10 +537,6 @@ static void vser_reset(VirtIODevice *vdev)
vser = VIRTIO_SERIAL(vdev);
guest_reset(vser);
/* In case we have switched endianness */
vser->config.max_nr_ports =
virtio_tswap32(vdev, vser->serial.max_virtserial_ports);
}
static void virtio_serial_save(QEMUFile *f, void *opaque)
@@ -551,15 +551,16 @@ static void virtio_serial_save_device(VirtIODevice *vdev, QEMUFile *f)
VirtIOSerialPort *port;
uint32_t nr_active_ports;
unsigned int i, max_nr_ports;
struct virtio_console_config config;
/* The config space */
qemu_put_be16s(f, &s->config.cols);
qemu_put_be16s(f, &s->config.rows);
qemu_put_be32s(f, &s->config.max_nr_ports);
/* The config space (ignored on the far end in current versions) */
get_config(vdev, (uint8_t *)&config);
qemu_put_be16s(f, &config.cols);
qemu_put_be16s(f, &config.rows);
qemu_put_be32s(f, &config.max_nr_ports);
/* The ports map */
max_nr_ports = virtio_tswap32(vdev, s->config.max_nr_ports);
max_nr_ports = s->serial.max_virtserial_ports;
for (i = 0; i < (max_nr_ports + 31) / 32; i++) {
qemu_put_be32s(f, &s->ports_map[i]);
}
@@ -715,13 +716,7 @@ static int virtio_serial_load_device(VirtIODevice *vdev, QEMUFile *f,
qemu_get_be16s(f, (uint16_t *) &tmp);
qemu_get_be32s(f, &tmp);
/* Note: this is the only location where we use tswap32() instead of
* virtio_tswap32() because:
* - virtio_tswap32() only makes sense when the device is fully restored
* - the target endianness that was used to populate s->config is
* necessarly the default one
*/
max_nr_ports = tswap32(s->config.max_nr_ports);
max_nr_ports = s->serial.max_virtserial_ports;
for (i = 0; i < (max_nr_ports + 31) / 32; i++) {
qemu_get_be32s(f, &ports_map);
@@ -784,10 +779,9 @@ static void virtser_bus_dev_print(Monitor *mon, DeviceState *qdev, int indent)
/* This function is only used if a port id is not provided by the user */
static uint32_t find_free_port_id(VirtIOSerial *vser)
{
VirtIODevice *vdev = VIRTIO_DEVICE(vser);
unsigned int i, max_nr_ports;
max_nr_ports = virtio_tswap32(vdev, vser->config.max_nr_ports);
max_nr_ports = vser->serial.max_virtserial_ports;
for (i = 0; i < (max_nr_ports + 31) / 32; i++) {
uint32_t map, bit;
@@ -848,7 +842,6 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp)
VirtIOSerialPort *port = VIRTIO_SERIAL_PORT(dev);
VirtIOSerialPortClass *vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port);
VirtIOSerialBus *bus = VIRTIO_SERIAL_BUS(qdev_get_parent_bus(dev));
VirtIODevice *vdev = VIRTIO_DEVICE(bus->vser);
int max_nr_ports;
bool plugging_port0;
Error *err = NULL;
@@ -871,7 +864,7 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp)
return;
}
if (find_port_by_name(port->name)) {
if (port->name != NULL && find_port_by_name(port->name)) {
error_setg(errp, "virtio-serial-bus: A port already exists by name %s",
port->name);
return;
@@ -890,7 +883,7 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp)
}
}
max_nr_ports = virtio_tswap32(vdev, port->vser->config.max_nr_ports);
max_nr_ports = port->vser->serial.max_virtserial_ports;
if (port->id >= max_nr_ports) {
error_setg(errp, "virtio-serial-bus: Out-of-range port id specified, "
"max. allowed: %u", max_nr_ports - 1);
@@ -995,8 +988,6 @@ static void virtio_serial_device_realize(DeviceState *dev, Error **errp)
vser->ovqs[i] = virtio_add_queue(vdev, 128, handle_output);
}
vser->config.max_nr_ports =
virtio_tswap32(vdev, vser->serial.max_virtserial_ports);
vser->ports_map = g_malloc0(((vser->serial.max_virtserial_ports + 31) / 32)
* sizeof(vser->ports_map[0]));
/*

View File

@@ -14,3 +14,4 @@ common-obj-$(CONFIG_SOFTMMU) += machine.o
common-obj-$(CONFIG_SOFTMMU) += null-machine.o
common-obj-$(CONFIG_SOFTMMU) += loader.o
common-obj-$(CONFIG_SOFTMMU) += qdev-properties-system.o
common-obj-$(CONFIG_SOFTMMU) += platform-bus.o

View File

@@ -80,6 +80,13 @@ int load_image(const char *filename, uint8_t *addr)
if (fd < 0)
return -1;
size = lseek(fd, 0, SEEK_END);
if (size == -1) {
fprintf(stderr, "file %-20s: get size error: %s\n",
filename, strerror(errno));
close(fd);
return -1;
}
lseek(fd, 0, SEEK_SET);
if (read(fd, addr, size) != size) {
close(fd);
@@ -607,14 +614,9 @@ int load_ramdisk(const char *filename, hwaddr addr, uint64_t max_sz)
NULL, NULL);
}
/* This simply prevents g_malloc in the function below from allocating
* a huge amount of memory, by placing a limit on the maximum
* uncompressed image size that load_image_gzipped will read.
*/
#define LOAD_IMAGE_MAX_GUNZIP_BYTES (256 << 20)
/* Load a gzip-compressed kernel. */
int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz)
/* Load a gzip-compressed kernel to a dynamically allocated buffer. */
int load_image_gzipped_buffer(const char *filename, uint64_t max_sz,
uint8_t **buffer)
{
uint8_t *compressed_data = NULL;
uint8_t *data = NULL;
@@ -646,8 +648,11 @@ int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz)
goto out;
}
rom_add_blob_fixed(filename, data, bytes, addr);
/* trim to actual size and return to caller */
*buffer = g_realloc(data, bytes);
ret = bytes;
/* ownership has been transferred to caller */
data = NULL;
out:
g_free(compressed_data);
@@ -655,6 +660,20 @@ int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz)
return ret;
}
/* Load a gzip-compressed kernel. */
int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz)
{
int bytes;
uint8_t *data;
bytes = load_image_gzipped_buffer(filename, max_sz, &data);
if (bytes != -1) {
rom_add_blob_fixed(filename, data, bytes, addr);
g_free(data);
}
return bytes;
}
/*
* Functions for reboot-persistent memory regions.
* - used for vga bios and option roms.
@@ -705,12 +724,22 @@ static void rom_insert(Rom *rom)
QTAILQ_INSERT_TAIL(&roms, rom, next);
}
static void fw_cfg_resized(const char *id, uint64_t length, void *host)
{
if (fw_cfg) {
fw_cfg_modify_file(fw_cfg, id + strlen("/rom@"), host, length);
}
}
static void *rom_set_mr(Rom *rom, Object *owner, const char *name)
{
void *data;
rom->mr = g_malloc(sizeof(*rom->mr));
memory_region_init_ram(rom->mr, owner, name, rom->datasize, &error_abort);
memory_region_init_resizeable_ram(rom->mr, owner, name,
rom->datasize, rom->romsize,
fw_cfg_resized,
&error_abort);
memory_region_set_readonly(rom->mr, true);
vmstate_register_ram_global(rom->mr);
@@ -748,6 +777,12 @@ int rom_add_file(const char *file, const char *fw_dir,
}
rom->addr = addr;
rom->romsize = lseek(fd, 0, SEEK_END);
if (rom->romsize == -1) {
fprintf(stderr, "rom: file %-20s: get size error: %s\n",
rom->name, strerror(errno));
goto err;
}
rom->datasize = rom->romsize;
rom->data = g_malloc0(rom->datasize);
lseek(fd, 0, SEEK_SET);
@@ -798,37 +833,39 @@ err:
return -1;
}
void *rom_add_blob(const char *name, const void *blob, size_t len,
hwaddr addr, const char *fw_file_name,
ram_addr_t rom_add_blob(const char *name, const void *blob, size_t len,
size_t max_len, hwaddr addr, const char *fw_file_name,
FWCfgReadCallback fw_callback, void *callback_opaque)
{
Rom *rom;
void *data = NULL;
ram_addr_t ret = RAM_ADDR_MAX;
rom = g_malloc0(sizeof(*rom));
rom->name = g_strdup(name);
rom->addr = addr;
rom->romsize = len;
rom->romsize = max_len ? max_len : len;
rom->datasize = len;
rom->data = g_malloc0(rom->datasize);
memcpy(rom->data, blob, len);
rom_insert(rom);
if (fw_file_name && fw_cfg) {
char devpath[100];
void *data;
snprintf(devpath, sizeof(devpath), "/rom@%s", fw_file_name);
if (rom_file_has_mr) {
data = rom_set_mr(rom, OBJECT(fw_cfg), devpath);
ret = memory_region_get_ram_addr(rom->mr);
} else {
data = rom->data;
}
fw_cfg_add_file_callback(fw_cfg, fw_file_name,
fw_callback, callback_opaque,
data, rom->romsize);
data, rom->datasize);
}
return data;
return ret;
}
/* This function is specific for elf program because we don't need to allocate

View File

@@ -12,6 +12,9 @@
#include "hw/boards.h"
#include "qapi/visitor.h"
#include "hw/sysbus.h"
#include "sysemu/sysemu.h"
#include "qemu/error-report.h"
static char *machine_get_accel(Object *obj, Error **errp)
{
@@ -257,52 +260,128 @@ static void machine_set_iommu(Object *obj, bool value, Error **errp)
ms->iommu = value;
}
static int error_on_sysbus_device(SysBusDevice *sbdev, void *opaque)
{
error_report("Option '-device %s' cannot be handled by this machine",
object_class_get_name(object_get_class(OBJECT(sbdev))));
exit(1);
}
static void machine_init_notify(Notifier *notifier, void *data)
{
Object *machine = qdev_get_machine();
ObjectClass *oc = object_get_class(machine);
MachineClass *mc = MACHINE_CLASS(oc);
if (mc->has_dynamic_sysbus) {
/* Our machine can handle dynamic sysbus devices, we're all good */
return;
}
/*
* Loop through all dynamically created devices and check whether there
* are sysbus devices among them. If there are, error out.
*/
foreach_dynamic_sysbus_device(error_on_sysbus_device, NULL);
}
static void machine_initfn(Object *obj)
{
MachineState *ms = MACHINE(obj);
object_property_add_str(obj, "accel",
machine_get_accel, machine_set_accel, NULL);
object_property_set_description(obj, "accel",
"Accelerator list",
NULL);
object_property_add_bool(obj, "kernel-irqchip",
machine_get_kernel_irqchip,
machine_set_kernel_irqchip,
NULL);
object_property_set_description(obj, "kernel-irqchip",
"Use KVM in-kernel irqchip",
NULL);
object_property_add(obj, "kvm-shadow-mem", "int",
machine_get_kvm_shadow_mem,
machine_set_kvm_shadow_mem,
NULL, NULL, NULL);
object_property_set_description(obj, "kvm-shadow-mem",
"KVM shadow MMU size",
NULL);
object_property_add_str(obj, "kernel",
machine_get_kernel, machine_set_kernel, NULL);
object_property_set_description(obj, "kernel",
"Linux kernel image file",
NULL);
object_property_add_str(obj, "initrd",
machine_get_initrd, machine_set_initrd, NULL);
object_property_set_description(obj, "initrd",
"Linux initial ramdisk file",
NULL);
object_property_add_str(obj, "append",
machine_get_append, machine_set_append, NULL);
object_property_set_description(obj, "append",
"Linux kernel command line",
NULL);
object_property_add_str(obj, "dtb",
machine_get_dtb, machine_set_dtb, NULL);
object_property_set_description(obj, "dtb",
"Linux kernel device tree file",
NULL);
object_property_add_str(obj, "dumpdtb",
machine_get_dumpdtb, machine_set_dumpdtb, NULL);
object_property_set_description(obj, "dumpdtb",
"Dump current dtb to a file and quit",
NULL);
object_property_add(obj, "phandle-start", "int",
machine_get_phandle_start,
machine_set_phandle_start,
NULL, NULL, NULL);
object_property_set_description(obj, "phandle-start",
"The first phandle ID we may generate dynamically",
NULL);
object_property_add_str(obj, "dt-compatible",
machine_get_dt_compatible,
machine_set_dt_compatible,
NULL);
object_property_set_description(obj, "dt-compatible",
"Overrides the \"compatible\" property of the dt root node",
NULL);
object_property_add_bool(obj, "dump-guest-core",
machine_get_dump_guest_core,
machine_set_dump_guest_core,
NULL);
object_property_set_description(obj, "dump-guest-core",
"Include guest memory in a core dump",
NULL);
object_property_add_bool(obj, "mem-merge",
machine_get_mem_merge,
machine_set_mem_merge, NULL);
object_property_set_description(obj, "mem-merge",
"Enable/disable memory merge support",
NULL);
object_property_add_bool(obj, "usb",
machine_get_usb,
machine_set_usb, NULL);
object_property_set_description(obj, "usb",
"Set on/off to enable/disable usb",
NULL);
object_property_add_str(obj, "firmware",
machine_get_firmware,
machine_set_firmware, NULL);
object_property_set_description(obj, "firmware",
"Firmware image",
NULL);
object_property_add_bool(obj, "iommu",
machine_get_iommu,
machine_set_iommu, NULL);
object_property_set_description(obj, "iommu",
"Set on/off to enable/disable Intel IOMMU (VT-d)",
NULL);
/* Register notifier when init is done for sysbus sanity checks */
ms->sysbus_notifier.notify = machine_init_notify;
qemu_add_machine_init_done_notifier(&ms->sysbus_notifier);
}
static void machine_finalize(Object *obj)
@@ -319,6 +398,11 @@ static void machine_finalize(Object *obj)
g_free(ms->firmware);
}
bool machine_usb(MachineState *machine)
{
return machine->usb;
}
static const TypeInfo machine_info = {
.name = TYPE_MACHINE,
.parent = TYPE_OBJECT,

253
hw/core/platform-bus.c Normal file
View File

@@ -0,0 +1,253 @@
/*
* Platform Bus device to support dynamic Sysbus devices
*
* Copyright (C) 2014 Freescale Semiconductor, Inc. All rights reserved.
*
* Author: Alexander Graf, <agraf@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#include "hw/platform-bus.h"
#include "monitor/monitor.h"
#include "exec/address-spaces.h"
#include "sysemu/sysemu.h"
/*
* Returns the PlatformBus IRQ number for a SysBusDevice irq number or -1 if
* the IRQ is not mapped on this Platform bus.
*/
int platform_bus_get_irqn(PlatformBusDevice *pbus, SysBusDevice *sbdev,
int n)
{
qemu_irq sbirq = sysbus_get_connected_irq(sbdev, n);
int i;
for (i = 0; i < pbus->num_irqs; i++) {
if (pbus->irqs[i] == sbirq) {
return i;
}
}
/* IRQ not mapped on platform bus */
return -1;
}
/*
* Returns the PlatformBus MMIO region offset for Region n of a SysBusDevice or
* -1 if the region is not mapped on this Platform bus.
*/
hwaddr platform_bus_get_mmio_addr(PlatformBusDevice *pbus, SysBusDevice *sbdev,
int n)
{
MemoryRegion *pbus_mr = &pbus->mmio;
MemoryRegion *sbdev_mr = sysbus_mmio_get_region(sbdev, n);
Object *pbus_mr_obj = OBJECT(pbus_mr);
Object *parent_mr;
if (!memory_region_is_mapped(sbdev_mr)) {
/* Region is not mapped? */
return -1;
}
parent_mr = object_property_get_link(OBJECT(sbdev_mr), "container", NULL);
assert(parent_mr);
if (parent_mr != pbus_mr_obj) {
/* MMIO region is not mapped on platform bus */
return -1;
}
return object_property_get_int(OBJECT(sbdev_mr), "addr", NULL);
}
static int platform_bus_count_irqs(SysBusDevice *sbdev, void *opaque)
{
PlatformBusDevice *pbus = opaque;
qemu_irq sbirq;
int n, i;
for (n = 0; ; n++) {
if (!sysbus_has_irq(sbdev, n)) {
break;
}
sbirq = sysbus_get_connected_irq(sbdev, n);
for (i = 0; i < pbus->num_irqs; i++) {
if (pbus->irqs[i] == sbirq) {
bitmap_set(pbus->used_irqs, i, 1);
break;
}
}
}
return 0;
}
/*
* Loop through all sysbus devices and look for unassigned IRQ lines as well as
* unassociated MMIO regions. Connect them to the platform bus if available.
*/
static void plaform_bus_refresh_irqs(PlatformBusDevice *pbus)
{
bitmap_zero(pbus->used_irqs, pbus->num_irqs);
foreach_dynamic_sysbus_device(platform_bus_count_irqs, pbus);
pbus->done_gathering = true;
}
static int platform_bus_map_irq(PlatformBusDevice *pbus, SysBusDevice *sbdev,
int n)
{
int max_irqs = pbus->num_irqs;
int irqn;
if (sysbus_is_irq_connected(sbdev, n)) {
/* IRQ is already mapped, nothing to do */
return 0;
}
irqn = find_first_zero_bit(pbus->used_irqs, max_irqs);
if (irqn >= max_irqs) {
hw_error("Platform Bus: Can not fit IRQ line");
return -1;
}
set_bit(irqn, pbus->used_irqs);
sysbus_connect_irq(sbdev, n, pbus->irqs[irqn]);
return 0;
}
static int platform_bus_map_mmio(PlatformBusDevice *pbus, SysBusDevice *sbdev,
int n)
{
MemoryRegion *sbdev_mr = sysbus_mmio_get_region(sbdev, n);
uint64_t size = memory_region_size(sbdev_mr);
uint64_t alignment = (1ULL << (63 - clz64(size + size - 1)));
uint64_t off;
bool found_region = false;
if (memory_region_is_mapped(sbdev_mr)) {
/* Region is already mapped, nothing to do */
return 0;
}
/*
* Look for empty space in the MMIO space that is naturally aligned with
* the target device's memory region
*/
for (off = 0; off < pbus->mmio_size; off += alignment) {
if (!memory_region_find(&pbus->mmio, off, size).mr) {
found_region = true;
break;
}
}
if (!found_region) {
hw_error("Platform Bus: Can not fit MMIO region of size %"PRIx64, size);
}
/* Map the device's region into our Platform Bus MMIO space */
memory_region_add_subregion(&pbus->mmio, off, sbdev_mr);
return 0;
}
/*
* For each sysbus device, look for unassigned IRQ lines as well as
* unassociated MMIO regions. Connect them to the platform bus if available.
*/
static int link_sysbus_device(SysBusDevice *sbdev, void *opaque)
{
PlatformBusDevice *pbus = opaque;
int i;
for (i = 0; sysbus_has_irq(sbdev, i); i++) {
platform_bus_map_irq(pbus, sbdev, i);
}
for (i = 0; sysbus_has_mmio(sbdev, i); i++) {
platform_bus_map_mmio(pbus, sbdev, i);
}
return 0;
}
static void platform_bus_init_notify(Notifier *notifier, void *data)
{
PlatformBusDevice *pb = container_of(notifier, PlatformBusDevice, notifier);
/*
* Generate a bitmap of used IRQ lines, as the user might have specified
* them on the command line.
*/
plaform_bus_refresh_irqs(pb);
foreach_dynamic_sysbus_device(link_sysbus_device, pb);
}
static void platform_bus_realize(DeviceState *dev, Error **errp)
{
PlatformBusDevice *pbus;
SysBusDevice *d;
int i;
d = SYS_BUS_DEVICE(dev);
pbus = PLATFORM_BUS_DEVICE(dev);
memory_region_init(&pbus->mmio, NULL, "platform bus", pbus->mmio_size);
sysbus_init_mmio(d, &pbus->mmio);
pbus->used_irqs = bitmap_new(pbus->num_irqs);
pbus->irqs = g_new0(qemu_irq, pbus->num_irqs);
for (i = 0; i < pbus->num_irqs; i++) {
sysbus_init_irq(d, &pbus->irqs[i]);
}
/*
* Register notifier that allows us to gather dangling devices once the
* machine is completely assembled
*/
pbus->notifier.notify = platform_bus_init_notify;
qemu_add_machine_init_done_notifier(&pbus->notifier);
}
static Property platform_bus_properties[] = {
DEFINE_PROP_UINT32("num_irqs", PlatformBusDevice, num_irqs, 0),
DEFINE_PROP_UINT32("mmio_size", PlatformBusDevice, mmio_size, 0),
DEFINE_PROP_END_OF_LIST()
};
static void platform_bus_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
dc->realize = platform_bus_realize;
dc->props = platform_bus_properties;
}
static const TypeInfo platform_bus_info = {
.name = TYPE_PLATFORM_BUS_DEVICE,
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(PlatformBusDevice),
.class_init = platform_bus_class_init,
};
static void platform_bus_register_types(void)
{
type_register_static(&platform_bus_info);
}
type_init(platform_bus_register_types)

View File

@@ -177,42 +177,69 @@ PropertyInfo qdev_prop_chr = {
};
/* --- netdev device --- */
static int parse_netdev(DeviceState *dev, const char *str, void **ptr)
static void get_netdev(Object *obj, Visitor *v, void *opaque,
const char *name, Error **errp)
{
NICPeers *peers_ptr = (NICPeers *)ptr;
DeviceState *dev = DEVICE(obj);
Property *prop = opaque;
NICPeers *peers_ptr = qdev_get_prop_ptr(dev, prop);
char *p = g_strdup(peers_ptr->ncs[0] ? peers_ptr->ncs[0]->name : "");
visit_type_str(v, &p, name, errp);
g_free(p);
}
static void set_netdev(Object *obj, Visitor *v, void *opaque,
const char *name, Error **errp)
{
DeviceState *dev = DEVICE(obj);
Property *prop = opaque;
NICPeers *peers_ptr = qdev_get_prop_ptr(dev, prop);
NetClientState **ncs = peers_ptr->ncs;
NetClientState *peers[MAX_QUEUE_NUM];
int queues, i = 0;
int ret;
Error *local_err = NULL;
int queues, err = 0, i = 0;
char *str;
if (dev->realized) {
qdev_prop_set_after_realize(dev, name, errp);
return;
}
visit_type_str(v, &str, name, &local_err);
if (local_err) {
error_propagate(errp, local_err);
return;
}
queues = qemu_find_net_clients_except(str, peers,
NET_CLIENT_OPTIONS_KIND_NIC,
MAX_QUEUE_NUM);
if (queues == 0) {
ret = -ENOENT;
goto err;
err = -ENOENT;
goto out;
}
if (queues > MAX_QUEUE_NUM) {
ret = -E2BIG;
goto err;
error_setg(errp, "queues of backend '%s'(%d) exceeds QEMU limitation(%d)",
str, queues, MAX_QUEUE_NUM);
goto out;
}
for (i = 0; i < queues; i++) {
if (peers[i] == NULL) {
ret = -ENOENT;
goto err;
err = -ENOENT;
goto out;
}
if (peers[i]->peer) {
ret = -EEXIST;
goto err;
err = -EEXIST;
goto out;
}
if (ncs[i]) {
ret = -EINVAL;
goto err;
err = -EINVAL;
goto out;
}
ncs[i] = peers[i];
@@ -221,30 +248,9 @@ static int parse_netdev(DeviceState *dev, const char *str, void **ptr)
peers_ptr->queues = queues;
return 0;
err:
return ret;
}
static char *print_netdev(void *ptr)
{
NetClientState *netdev = ptr;
const char *val = netdev->name ? netdev->name : "";
return g_strdup(val);
}
static void get_netdev(Object *obj, Visitor *v, void *opaque,
const char *name, Error **errp)
{
get_pointer(obj, v, opaque, print_netdev, name, errp);
}
static void set_netdev(Object *obj, Visitor *v, void *opaque,
const char *name, Error **errp)
{
set_pointer(obj, v, opaque, parse_netdev, name, errp);
out:
error_set_from_qdev_prop_error(errp, err, dev, prop, str);
g_free(str);
}
PropertyInfo qdev_prop_netdev = {

View File

@@ -189,6 +189,56 @@ int qdev_init(DeviceState *dev)
return 0;
}
static QTAILQ_HEAD(device_listeners, DeviceListener) device_listeners
= QTAILQ_HEAD_INITIALIZER(device_listeners);
enum ListenerDirection { Forward, Reverse };
#define DEVICE_LISTENER_CALL(_callback, _direction, _args...) \
do { \
DeviceListener *_listener; \
\
switch (_direction) { \
case Forward: \
QTAILQ_FOREACH(_listener, &device_listeners, link) { \
if (_listener->_callback) { \
_listener->_callback(_listener, ##_args); \
} \
} \
break; \
case Reverse: \
QTAILQ_FOREACH_REVERSE(_listener, &device_listeners, \
device_listeners, link) { \
if (_listener->_callback) { \
_listener->_callback(_listener, ##_args); \
} \
} \
break; \
default: \
abort(); \
} \
} while (0)
static int device_listener_add(DeviceState *dev, void *opaque)
{
DEVICE_LISTENER_CALL(realize, Forward, dev);
return 0;
}
void device_listener_register(DeviceListener *listener)
{
QTAILQ_INSERT_TAIL(&device_listeners, listener, link);
qbus_walk_children(sysbus_get_default(), NULL, NULL, device_listener_add,
NULL, NULL);
}
void device_listener_unregister(DeviceListener *listener)
{
QTAILQ_REMOVE(&device_listeners, listener, link);
}
static void device_realize(DeviceState *dev, Error **errp)
{
DeviceClass *dc = DEVICE_GET_CLASS(dev);
@@ -453,6 +503,17 @@ void qdev_connect_gpio_out_named(DeviceState *dev, const char *name, int n,
g_free(propname);
}
qemu_irq qdev_get_gpio_out_connector(DeviceState *dev, const char *name, int n)
{
char *propname = g_strdup_printf("%s[%d]",
name ? name : "unnamed-gpio-out", n);
qemu_irq ret = (qemu_irq)object_property_get_link(OBJECT(dev), propname,
NULL);
return ret;
}
/* disconnect a GPIO ouput, returning the disconnected input (if any) */
static qemu_irq qdev_disconnect_gpio_out_named(DeviceState *dev,
@@ -924,7 +985,7 @@ void qdev_alias_all_properties(DeviceState *target, Object *source)
} while (class != object_class_by_name(TYPE_DEVICE));
}
int qdev_build_hotpluggable_device_list(Object *obj, void *opaque)
static int qdev_add_hotpluggable_device(Object *obj, void *opaque)
{
GSList **list = opaque;
DeviceState *dev = DEVICE(obj);
@@ -933,10 +994,18 @@ int qdev_build_hotpluggable_device_list(Object *obj, void *opaque)
*list = g_slist_append(*list, dev);
}
object_child_foreach(obj, qdev_build_hotpluggable_device_list, opaque);
return 0;
}
GSList *qdev_build_hotpluggable_device_list(Object *peripheral)
{
GSList *list = NULL;
object_child_foreach(peripheral, qdev_add_hotpluggable_device, &list);
return list;
}
static bool device_get_realized(Object *obj, Error **errp)
{
DeviceState *dev = DEVICE(obj);
@@ -975,6 +1044,8 @@ static void device_set_realized(Object *obj, bool value, Error **errp)
goto fail;
}
DEVICE_LISTENER_CALL(realize, Forward, dev);
hotplug_ctrl = qdev_get_hotplug_handler(dev);
if (hotplug_ctrl) {
hotplug_handler_plug(hotplug_ctrl, dev, &local_err);
@@ -1016,6 +1087,7 @@ static void device_set_realized(Object *obj, bool value, Error **errp)
dc->unrealize(dev, local_errp);
}
dev->pending_deleted_event = true;
DEVICE_LISTENER_CALL(unrealize, Reverse, dev);
}
if (local_err != NULL) {
@@ -1122,9 +1194,7 @@ static void device_finalize(Object *obj)
NamedGPIOList *ngl, *next;
DeviceState *dev = DEVICE(obj);
if (dev->opts) {
qemu_opts_del(dev->opts);
}
qemu_opts_del(dev->opts);
QLIST_FOREACH_SAFE(ngl, &dev->gpios, node, next) {
QLIST_REMOVE(ngl, node);

View File

@@ -24,6 +24,51 @@
static void sysbus_dev_print(Monitor *mon, DeviceState *dev, int indent);
static char *sysbus_get_fw_dev_path(DeviceState *dev);
typedef struct SysBusFind {
void *opaque;
FindSysbusDeviceFunc *func;
} SysBusFind;
/* Run func() for every sysbus device, traverse the tree for everything else */
static int find_sysbus_device(Object *obj, void *opaque)
{
SysBusFind *find = opaque;
Object *dev;
SysBusDevice *sbdev;
dev = object_dynamic_cast(obj, TYPE_SYS_BUS_DEVICE);
sbdev = (SysBusDevice *)dev;
if (!sbdev) {
/* Container, traverse it for children */
return object_child_foreach(obj, find_sysbus_device, opaque);
}
find->func(sbdev, find->opaque);
return 0;
}
/*
* Loop through all dynamically created sysbus devices and call
* func() for each instance.
*/
void foreach_dynamic_sysbus_device(FindSysbusDeviceFunc *func, void *opaque)
{
Object *container;
SysBusFind find = {
.func = func,
.opaque = opaque,
};
/* Loop through all sysbus devices that were spawened outside the machine */
container = container_get(qdev_get_machine(), "/peripheral");
find_sysbus_device(container, &find);
container = container_get(qdev_get_machine(), "/peripheral-anon");
find_sysbus_device(container, &find);
}
static void system_bus_class_init(ObjectClass *klass, void *data)
{
BusClass *k = BUS_CLASS(klass);
@@ -39,11 +84,38 @@ static const TypeInfo system_bus_info = {
.class_init = system_bus_class_init,
};
/* Check whether an IRQ source exists */
bool sysbus_has_irq(SysBusDevice *dev, int n)
{
char *prop = g_strdup_printf("%s[%d]", SYSBUS_DEVICE_GPIO_IRQ, n);
ObjectProperty *r;
r = object_property_find(OBJECT(dev), prop, NULL);
return (r != NULL);
}
bool sysbus_is_irq_connected(SysBusDevice *dev, int n)
{
return !!sysbus_get_connected_irq(dev, n);
}
qemu_irq sysbus_get_connected_irq(SysBusDevice *dev, int n)
{
DeviceState *d = DEVICE(dev);
return qdev_get_gpio_out_connector(d, SYSBUS_DEVICE_GPIO_IRQ, n);
}
void sysbus_connect_irq(SysBusDevice *dev, int n, qemu_irq irq)
{
qdev_connect_gpio_out_named(DEVICE(dev), SYSBUS_DEVICE_GPIO_IRQ, n, irq);
}
/* Check whether an MMIO region exists */
bool sysbus_has_mmio(SysBusDevice *dev, unsigned int n)
{
return (n < dev->num_mmio);
}
static void sysbus_mmio_map_common(SysBusDevice *dev, int n, hwaddr addr,
bool may_overlap, int priority)
{
@@ -238,13 +310,6 @@ static void sysbus_device_class_init(ObjectClass *klass, void *data)
DeviceClass *k = DEVICE_CLASS(klass);
k->init = sysbus_device_init;
k->bus_type = TYPE_SYSTEM_BUS;
/*
* device_add plugs devices into suitable bus. For "real" buses,
* that actually connects the device. For sysbus, the connections
* need to be made separately, and device_add can't do that. The
* device would be left unconnected, and could not possibly work.
*/
k->cannot_instantiate_with_device_add_yet = true;
}
static const TypeInfo sysbus_device_type_info = {

View File

@@ -73,11 +73,11 @@ typedef struct ICCBridgeState {
MemoryRegion apic_container;
} ICCBridgeState;
#define ICC_BRIGDE(obj) OBJECT_CHECK(ICCBridgeState, (obj), TYPE_ICC_BRIDGE)
#define ICC_BRIDGE(obj) OBJECT_CHECK(ICCBridgeState, (obj), TYPE_ICC_BRIDGE)
static void icc_bridge_init(Object *obj)
{
ICCBridgeState *s = ICC_BRIGDE(obj);
ICCBridgeState *s = ICC_BRIDGE(obj);
SysBusDevice *sb = SYS_BUS_DEVICE(obj);
qbus_create_inplace(&s->icc_bus, sizeof(s->icc_bus), TYPE_ICC_BUS,

View File

@@ -21,7 +21,6 @@
#include "qemu-common.h"
#include "ui/console.h"
#include "hw/devices.h"
#include "vga_int.h"
#include "ui/pixel_ops.h"
typedef void (*blizzard_fn_t)(uint8_t *, const uint8_t *, unsigned int);

View File

@@ -173,20 +173,6 @@
#define CIRRUS_PNPMMIO_SIZE 0x1000
#define BLTUNSAFE(s) \
( \
( /* check dst is within bounds */ \
(s)->cirrus_blt_height * ABS((s)->cirrus_blt_dstpitch) \
+ ((s)->cirrus_blt_dstaddr & (s)->cirrus_addr_mask) > \
(s)->vga.vram_size \
) || \
( /* check src is within bounds */ \
(s)->cirrus_blt_height * ABS((s)->cirrus_blt_srcpitch) \
+ ((s)->cirrus_blt_srcaddr & (s)->cirrus_addr_mask) > \
(s)->vga.vram_size \
) \
)
struct CirrusVGAState;
typedef void (*cirrus_bitblt_rop_t) (struct CirrusVGAState *s,
uint8_t * dst, const uint8_t * src,
@@ -216,8 +202,6 @@ typedef struct CirrusVGAState {
uint32_t cirrus_bank_base[2];
uint32_t cirrus_bank_limit[2];
uint8_t cirrus_hidden_palette[48];
uint32_t hw_cursor_x;
uint32_t hw_cursor_y;
int cirrus_blt_pixelwidth;
int cirrus_blt_width;
int cirrus_blt_height;
@@ -279,6 +263,50 @@ static void cirrus_update_memory_access(CirrusVGAState *s);
*
***************************************/
static bool blit_region_is_unsafe(struct CirrusVGAState *s,
int32_t pitch, int32_t addr)
{
if (pitch < 0) {
int64_t min = addr
+ ((int64_t)s->cirrus_blt_height-1) * pitch;
int32_t max = addr
+ s->cirrus_blt_width;
if (min < 0 || max >= s->vga.vram_size) {
return true;
}
} else {
int64_t max = addr
+ ((int64_t)s->cirrus_blt_height-1) * pitch
+ s->cirrus_blt_width;
if (max >= s->vga.vram_size) {
return true;
}
}
return false;
}
static bool blit_is_unsafe(struct CirrusVGAState *s)
{
/* should be the case, see cirrus_bitblt_start */
assert(s->cirrus_blt_width > 0);
assert(s->cirrus_blt_height > 0);
if (s->cirrus_blt_width > CIRRUS_BLTBUFSIZE) {
return true;
}
if (blit_region_is_unsafe(s, s->cirrus_blt_dstpitch,
s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
return true;
}
if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
return true;
}
return false;
}
static void cirrus_bitblt_rop_nop(CirrusVGAState *s,
uint8_t *dst,const uint8_t *src,
int dstpitch,int srcpitch,
@@ -636,7 +664,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
if (BLTUNSAFE(s))
if (blit_is_unsafe(s))
return 0;
(*s->cirrus_rop) (s, dst, src,
@@ -654,8 +682,9 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
{
cirrus_fill_t rop_func;
if (BLTUNSAFE(s))
if (blit_is_unsafe(s)) {
return 0;
}
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
rop_func(s, s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
s->cirrus_blt_dstpitch,
@@ -752,7 +781,7 @@ static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
{
if (BLTUNSAFE(s))
if (blit_is_unsafe(s))
return 0;
cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
@@ -1297,7 +1326,7 @@ static void cirrus_vga_write_sr(CirrusVGAState * s, uint32_t val)
case 0xd0:
case 0xf0: // Graphics Cursor X
s->vga.sr[0x10] = val;
s->hw_cursor_x = (val << 3) | (s->vga.sr_index >> 5);
s->vga.hw_cursor_x = (val << 3) | (s->vga.sr_index >> 5);
break;
case 0x11:
case 0x31:
@@ -1308,7 +1337,7 @@ static void cirrus_vga_write_sr(CirrusVGAState * s, uint32_t val)
case 0xd1:
case 0xf1: // Graphics Cursor Y
s->vga.sr[0x11] = val;
s->hw_cursor_y = (val << 3) | (s->vga.sr_index >> 5);
s->vga.hw_cursor_y = (val << 3) | (s->vga.sr_index >> 5);
break;
case 0x07: // Extended Sequencer Mode
cirrus_update_memory_access(s);
@@ -1320,7 +1349,6 @@ static void cirrus_vga_write_sr(CirrusVGAState * s, uint32_t val)
case 0x0d: // VCLK 2
case 0x0e: // VCLK 3
case 0x0f: // DRAM Control
case 0x12: // Graphics Cursor Attribute
case 0x13: // Graphics Cursor Pattern Address
case 0x14: // Scratch Register 2
case 0x15: // Scratch Register 3
@@ -1339,6 +1367,14 @@ static void cirrus_vga_write_sr(CirrusVGAState * s, uint32_t val)
s->vga.sr_index, val);
#endif
break;
case 0x12: // Graphics Cursor Attribute
s->vga.sr[0x12] = val;
s->vga.force_shadow = !!(val & CIRRUS_CURSOR_SHOW);
#ifdef DEBUG_CIRRUS
printf("cirrus: cursor ctl SR12=%02x (force shadow: %d)\n",
val, s->vga.force_shadow);
#endif
break;
case 0x17: // Configuration Readback and Extended Control
s->vga.sr[s->vga.sr_index] = (s->vga.sr[s->vga.sr_index] & 0x38)
| (val & 0xc7);
@@ -2157,14 +2193,14 @@ static void cirrus_cursor_invalidate(VGACommonState *s1)
}
/* invalidate last cursor and new cursor if any change */
if (s->last_hw_cursor_size != size ||
s->last_hw_cursor_x != s->hw_cursor_x ||
s->last_hw_cursor_y != s->hw_cursor_y) {
s->last_hw_cursor_x != s->vga.hw_cursor_x ||
s->last_hw_cursor_y != s->vga.hw_cursor_y) {
invalidate_cursor1(s);
s->last_hw_cursor_size = size;
s->last_hw_cursor_x = s->hw_cursor_x;
s->last_hw_cursor_y = s->hw_cursor_y;
s->last_hw_cursor_x = s->vga.hw_cursor_x;
s->last_hw_cursor_y = s->vga.hw_cursor_y;
/* compute the real cursor min and max y */
cirrus_cursor_compute_yrange(s);
invalidate_cursor1(s);
@@ -2221,14 +2257,15 @@ static void cirrus_cursor_draw_line(VGACommonState *s1, uint8_t *d1, int scr_y)
} else {
h = 32;
}
if (scr_y < s->hw_cursor_y ||
scr_y >= (s->hw_cursor_y + h))
if (scr_y < s->vga.hw_cursor_y ||
scr_y >= (s->vga.hw_cursor_y + h)) {
return;
}
src = s->vga.vram_ptr + s->real_vram_size - 16 * 1024;
if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
src += (s->vga.sr[0x13] & 0x3c) * 256;
src += (scr_y - s->hw_cursor_y) * 16;
src += (scr_y - s->vga.hw_cursor_y) * 16;
poffset = 8;
content = ((uint32_t *)src)[0] |
((uint32_t *)src)[1] |
@@ -2236,7 +2273,7 @@ static void cirrus_cursor_draw_line(VGACommonState *s1, uint8_t *d1, int scr_y)
((uint32_t *)src)[3];
} else {
src += (s->vga.sr[0x13] & 0x3f) * 256;
src += (scr_y - s->hw_cursor_y) * 4;
src += (scr_y - s->vga.hw_cursor_y) * 4;
poffset = 128;
@@ -2248,10 +2285,10 @@ static void cirrus_cursor_draw_line(VGACommonState *s1, uint8_t *d1, int scr_y)
return;
w = h;
x1 = s->hw_cursor_x;
x1 = s->vga.hw_cursor_x;
if (x1 >= s->vga.last_scr_width)
return;
x2 = s->hw_cursor_x + w;
x2 = s->vga.hw_cursor_x + w;
if (x2 > s->vga.last_scr_width)
x2 = s->vga.last_scr_width;
w = x2 - x1;
@@ -2740,8 +2777,8 @@ static const VMStateDescription vmstate_cirrus_vga = {
VMSTATE_INT32(vga.bank_offset, CirrusVGAState),
VMSTATE_UINT8(cirrus_hidden_dac_lockindex, CirrusVGAState),
VMSTATE_UINT8(cirrus_hidden_dac_data, CirrusVGAState),
VMSTATE_UINT32(hw_cursor_x, CirrusVGAState),
VMSTATE_UINT32(hw_cursor_y, CirrusVGAState),
VMSTATE_UINT32(vga.hw_cursor_x, CirrusVGAState),
VMSTATE_UINT32(vga.hw_cursor_y, CirrusVGAState),
/* XXX: we do not save the bitblt state - we assume we do not save
the state when the blitter is active */
VMSTATE_END_OF_LIST()

View File

@@ -283,12 +283,14 @@ int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
qxl->ssd.mouse_x = cmd->u.set.position.x;
qxl->ssd.mouse_y = cmd->u.set.position.y;
qemu_mutex_unlock(&qxl->ssd.lock);
qemu_bh_schedule(qxl->ssd.cursor_bh);
break;
case QXL_CURSOR_MOVE:
qemu_mutex_lock(&qxl->ssd.lock);
qxl->ssd.mouse_x = cmd->u.position.x;
qxl->ssd.mouse_y = cmd->u.position.y;
qemu_mutex_unlock(&qxl->ssd.lock);
qemu_bh_schedule(qxl->ssd.cursor_bh);
break;
}
return 0;

View File

@@ -1092,6 +1092,7 @@ static void qxl_enter_vga_mode(PCIQXLDevice *d)
spice_qxl_driver_unload(&d->ssd.qxl);
#endif
graphic_console_set_hwops(d->ssd.dcl.con, d->vga.hw_ops, &d->vga);
update_displaychangelistener(&d->ssd.dcl, GUI_REFRESH_INTERVAL_DEFAULT);
qemu_spice_create_host_primary(&d->ssd);
d->mode = QXL_MODE_VGA;
vga_dirty_log_start(&d->vga);
@@ -1105,6 +1106,7 @@ static void qxl_exit_vga_mode(PCIQXLDevice *d)
}
trace_qxl_exit_vga_mode(d->id);
graphic_console_set_hwops(d->ssd.dcl.con, &qxl_ops, d);
update_displaychangelistener(&d->ssd.dcl, GUI_REFRESH_INTERVAL_IDLE);
vga_dirty_log_stop(&d->vga);
qxl_destroy_primary(d, QXL_SYNC);
}
@@ -1153,6 +1155,7 @@ static void qxl_soft_reset(PCIQXLDevice *d)
qxl_enter_vga_mode(d);
} else {
d->mode = QXL_MODE_UNDEFINED;
update_displaychangelistener(&d->ssd.dcl, GUI_REFRESH_INTERVAL_IDLE);
}
}
@@ -1861,10 +1864,6 @@ static void display_refresh(DisplayChangeListener *dcl)
if (qxl->mode == QXL_MODE_VGA) {
qemu_spice_display_refresh(&qxl->ssd);
} else {
qemu_mutex_lock(&qxl->ssd.lock);
qemu_spice_cursor_refresh_unlocked(&qxl->ssd);
qemu_mutex_unlock(&qxl->ssd.lock);
}
}
@@ -2025,6 +2024,7 @@ static int qxl_init_common(PCIQXLDevice *qxl)
qxl_reset_state(qxl);
qxl->update_area_bh = qemu_bh_new(qxl_render_update_area_bh, qxl);
qxl->ssd.cursor_bh = qemu_bh_new(qemu_spice_cursor_refresh_bh, &qxl->ssd);
return 0;
}

View File

@@ -321,6 +321,7 @@ static void secondary_class_init(ObjectClass *klass, void *data)
dc->vmsd = &vmstate_vga_pci;
dc->props = secondary_pci_properties;
dc->reset = pci_secondary_vga_reset;
set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
}
static const TypeInfo vga_info = {

View File

@@ -1436,6 +1436,8 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
uint8_t *d;
uint32_t v, addr1, addr;
vga_draw_line_func *vga_draw_line = NULL;
bool share_surface;
pixman_format_code_t format;
#ifdef HOST_WORDS_BIGENDIAN
bool byteswap = !s->big_endian_fb;
#else
@@ -1479,21 +1481,42 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
}
depth = s->get_bpp(s);
/*
* Check whether we can share the surface with the backend
* or whether we need a shadow surface. We share native
* endian surfaces for 15bpp and above and byteswapped
* surfaces for 24bpp and above.
*/
format = qemu_default_pixman_format(depth, !byteswap);
if (format) {
share_surface = dpy_gfx_check_format(s->con, format)
&& !s->force_shadow;
} else {
share_surface = false;
}
if (s->line_offset != s->last_line_offset ||
disp_width != s->last_width ||
height != s->last_height ||
s->last_depth != depth ||
s->last_byteswap != byteswap) {
if (depth == 32 || (depth == 16 && !byteswap)) {
pixman_format_code_t format =
qemu_default_pixman_format(depth, !byteswap);
s->last_byteswap != byteswap ||
share_surface != is_buffer_shared(surface)) {
if (share_surface) {
surface = qemu_create_displaysurface_from(disp_width,
height, format, s->line_offset,
s->vram_ptr + (s->start_addr * 4));
dpy_gfx_replace_surface(s->con, surface);
#ifdef DEBUG_VGA
printf("VGA: Using shared surface for depth=%d swap=%d\n",
depth, byteswap);
#endif
} else {
qemu_console_resize(s->con, disp_width, height);
surface = qemu_console_surface(s->con);
#ifdef DEBUG_VGA
printf("VGA: Using shadow surface for depth=%d swap=%d\n",
depth, byteswap);
#endif
}
s->last_scr_width = disp_width;
s->last_scr_height = height;

View File

@@ -151,6 +151,7 @@ typedef struct VGACommonState {
uint32_t last_scr_width, last_scr_height; /* in pixels */
uint32_t last_depth; /* in bits */
bool last_byteswap;
bool force_shadow;
uint8_t cursor_start, cursor_end;
bool cursor_visible_phase;
int64_t cursor_blink_time;
@@ -162,6 +163,8 @@ typedef struct VGACommonState {
bool default_endian_fb;
/* hardware mouse cursor support */
uint32_t invalidated_y_table[VGA_MAX_HEIGHT / 32];
uint32_t hw_cursor_x;
uint32_t hw_cursor_y;
void (*cursor_invalidate)(struct VGACommonState *s);
void (*cursor_draw_line)(struct VGACommonState *s, uint8_t *d, int y);
/* tell for each page if it has been updated since the last time */

View File

@@ -2,5 +2,6 @@ common-obj-$(CONFIG_MAX7310) += max7310.o
common-obj-$(CONFIG_PL061) += pl061.o
common-obj-$(CONFIG_PUV3) += puv3_gpio.o
common-obj-$(CONFIG_ZAURUS) += zaurus.o
common-obj-$(CONFIG_E500) += mpc8xxx.o
obj-$(CONFIG_OMAP) += omap_gpio.o

217
hw/gpio/mpc8xxx.c Normal file
View File

@@ -0,0 +1,217 @@
/*
* GPIO Controller for a lot of Freescale SoCs
*
* Copyright (C) 2014 Freescale Semiconductor, Inc. All rights reserved.
*
* Author: Alexander Graf, <agraf@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#include "hw/sysbus.h"
#define TYPE_MPC8XXX_GPIO "mpc8xxx_gpio"
#define MPC8XXX_GPIO(obj) OBJECT_CHECK(MPC8XXXGPIOState, (obj), TYPE_MPC8XXX_GPIO)
typedef struct MPC8XXXGPIOState {
SysBusDevice parent_obj;
MemoryRegion iomem;
qemu_irq irq;
qemu_irq out[32];
uint32_t dir;
uint32_t odr;
uint32_t dat;
uint32_t ier;
uint32_t imr;
uint32_t icr;
} MPC8XXXGPIOState;
static const VMStateDescription vmstate_mpc8xxx_gpio = {
.name = "mpc8xxx_gpio",
.version_id = 1,
.minimum_version_id = 1,
.fields = (VMStateField[]) {
VMSTATE_UINT32(dir, MPC8XXXGPIOState),
VMSTATE_UINT32(odr, MPC8XXXGPIOState),
VMSTATE_UINT32(dat, MPC8XXXGPIOState),
VMSTATE_UINT32(ier, MPC8XXXGPIOState),
VMSTATE_UINT32(imr, MPC8XXXGPIOState),
VMSTATE_UINT32(icr, MPC8XXXGPIOState),
VMSTATE_END_OF_LIST()
}
};
static void mpc8xxx_gpio_update(MPC8XXXGPIOState *s)
{
qemu_set_irq(s->irq, !!(s->ier & s->imr));
}
static uint64_t mpc8xxx_gpio_read(void *opaque, hwaddr offset,
unsigned size)
{
MPC8XXXGPIOState *s = (MPC8XXXGPIOState *)opaque;
if (size != 4) {
/* All registers are 32bit */
return 0;
}
switch (offset) {
case 0x0: /* Direction */
return s->dir;
case 0x4: /* Open Drain */
return s->odr;
case 0x8: /* Data */
return s->dat;
case 0xC: /* Interrupt Event */
return s->ier;
case 0x10: /* Interrupt Mask */
return s->imr;
case 0x14: /* Interrupt Control */
return s->icr;
default:
return 0;
}
}
static void mpc8xxx_write_data(MPC8XXXGPIOState *s, uint32_t new_data)
{
uint32_t old_data = s->dat;
uint32_t diff = old_data ^ new_data;
int i;
for (i = 0; i < 32; i++) {
uint32_t mask = 0x80000000 >> i;
if (!(diff & mask)) {
continue;
}
if (s->dir & mask) {
/* Output */
qemu_set_irq(s->out[i], (new_data & mask) != 0);
}
}
s->dat = new_data;
}
static void mpc8xxx_gpio_write(void *opaque, hwaddr offset,
uint64_t value, unsigned size)
{
MPC8XXXGPIOState *s = (MPC8XXXGPIOState *)opaque;
if (size != 4) {
/* All registers are 32bit */
return;
}
switch (offset) {
case 0x0: /* Direction */
s->dir = value;
break;
case 0x4: /* Open Drain */
s->odr = value;
break;
case 0x8: /* Data */
mpc8xxx_write_data(s, value);
break;
case 0xC: /* Interrupt Event */
s->ier &= ~value;
break;
case 0x10: /* Interrupt Mask */
s->imr = value;
break;
case 0x14: /* Interrupt Control */
s->icr = value;
break;
}
mpc8xxx_gpio_update(s);
}
static void mpc8xxx_gpio_reset(MPC8XXXGPIOState *s)
{
s->dir = 0;
s->odr = 0;
s->dat = 0;
s->ier = 0;
s->imr = 0;
s->icr = 0;
}
static void mpc8xxx_gpio_set_irq(void * opaque, int irq, int level)
{
MPC8XXXGPIOState *s = (MPC8XXXGPIOState *)opaque;
uint32_t mask;
mask = 0x80000000 >> irq;
if ((s->dir & mask) == 0) {
uint32_t old_value = s->dat & mask;
s->dat &= ~mask;
if (level)
s->dat |= mask;
if (!(s->icr & irq) || (old_value && !level)) {
s->ier |= mask;
}
mpc8xxx_gpio_update(s);
}
}
static const MemoryRegionOps mpc8xxx_gpio_ops = {
.read = mpc8xxx_gpio_read,
.write = mpc8xxx_gpio_write,
.endianness = DEVICE_BIG_ENDIAN,
};
static int mpc8xxx_gpio_initfn(SysBusDevice *sbd)
{
DeviceState *dev = DEVICE(sbd);
MPC8XXXGPIOState *s = MPC8XXX_GPIO(dev);
memory_region_init_io(&s->iomem, OBJECT(s), &mpc8xxx_gpio_ops, s, "mpc8xxx_gpio", 0x1000);
sysbus_init_mmio(sbd, &s->iomem);
sysbus_init_irq(sbd, &s->irq);
qdev_init_gpio_in(dev, mpc8xxx_gpio_set_irq, 32);
qdev_init_gpio_out(dev, s->out, 32);
mpc8xxx_gpio_reset(s);
return 0;
}
static void mpc8xxx_gpio_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
k->init = mpc8xxx_gpio_initfn;
dc->vmsd = &vmstate_mpc8xxx_gpio;
}
static const TypeInfo mpc8xxx_gpio_info = {
.name = TYPE_MPC8XXX_GPIO,
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(MPC8XXXGPIOState),
.class_init = mpc8xxx_gpio_class_init,
};
static void mpc8xxx_gpio_register_types(void)
{
type_register_static(&mpc8xxx_gpio_info);
}
type_init(mpc8xxx_gpio_register_types)

Some files were not shown because too many files have changed in this diff Show More