Commit Graph

48965 Commits

Author SHA1 Message Date
Peter Maydell
081b1b98b7 hw/intc/arm_gicv3: Fix ICC register tracepoints
Fix some problems with the tracepoints for ICC register reads
and writes:
 * tracepoints for ICC_BPR<n>, ICC_AP<n>R<x>, ICC_IGRPEN<n>,
   ICC_EIOR<n> were not printing the <n> that indicated whether
   the access was to the group 0 or 1 register
 * the ICC_IGREPEN1_EL3 read function was not actually calling
   the associated tracepoint
 * the ICC_BPR<n> write function was incorrectly calling the
   tracepoint for ICC_PMR writes

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1476294876-12340-4-git-send-email-peter.maydell@linaro.org
2016-10-17 19:32:44 +01:00
Peter Maydell
194cbc492b target-arm: Add trace events for the generic timers
Add some useful trace events for the ARM generic timers (notably
the various register writes and the resulting IRQ line state).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1476294876-12340-3-git-send-email-peter.maydell@linaro.org
2016-10-17 19:32:44 +01:00
Peter Maydell
5dbdc4342f target-arm: Implement dummy MDCCINT_EL1
MDCCINT_EL1 is part of the DCC debugger communication
channel between the CPU and an attached external debugger.
QEMU doesn't implement this, but since Linux may try
to access this register we need to provide at least
a dummy implementation.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1476294876-12340-2-git-send-email-peter.maydell@linaro.org
2016-10-17 19:32:44 +01:00
Peter Maydell
fb0e8e79a9 Fix masking of PC lower bits when doing exception returns
In commit 9b6a3ea7a6 store_reg() was changed to mask
both bits 0 and 1 of the new PC value when in ARM mode.
Unfortunately this broke the exception return code paths
when doing a return from ARM mode to Thumb mode: in some
of these we write a new CPSR including new Thumb mode
bit via gen_helper_cpsr_write_eret(), and then use store_reg()
to write the new PC. In this case if the new CPSR specified
Thumb mode then masking bit 1 of the PC is incorrect
(these code paths correspond to the v8 ARM ARM pseudocode
function AArch32.ExceptionReturn(), which always aligns the
new PC appropriately for the new instruction set state).

Instead of using store_reg() in exception-return code paths,
call a new store_pc_exc_ret() which stores the raw new PC
value to env->regs[15], and then mask it appropriately in
the subsequent helper_cpsr_write_eret() where the new
env->thumb state is available.

This fixes a bug introduced by 9b6a3ea7a6 which caused
crashes/hangs or otherwise bad behaviour for Linux when
userspace was using Thumb.

Reported-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1476113163-24578-1-git-send-email-peter.maydell@linaro.org
2016-10-17 19:29:03 +01:00
Thomas Hanson
957956b301 target-arm: Comments added to identify cases in a switch
3 cases in a switch in disas_exc() require reference to the
ARM ARM spec in order to determine what case they're handling.

Signed-off-by: Thomas Hanson <thomas.hanson@linaro.org>
Message-id: 1476301853-15774-5-git-send-email-thomas.hanson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:18 +01:00
Thomas Hanson
6feecb8b94 target-arm: Code changes to implement overwrite of tag field on PC load
For BR, BLR and RET instructions, if tagged addresses are enabled, the
tag field in the address must be cleared out prior to loading the
address into the PC.  Depending on the current EL, it will be set to
either all 0's or all 1's.

Signed-off-by: Thomas Hanson <thomas.hanson@linaro.org>
Message-id: 1476301853-15774-3-git-send-email-thomas.hanson@linaro.org
[PMM: remove unnecessary gen_a64_set_pc_reg() wrapper,
 rename gen_a64_set_pc_var() to gen_a64_set_pc(), fix stray
 misindentation]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:18 +01:00
Thomas Hanson
86fb3fa4ed target-arm: Infrastucture changes to enable handling of tagged address loading into PC
When capturing the current CPU state for the TB, extract the TBI0 and TBI1
values from the correct TCR for the current EL and then add them to the TB
flags field.

Then, at the start of code generation for the block, copy the TBI fields
into the DisasContext structure.

Signed-off-by: Thomas Hanson <thomas.hanson@linaro.org>
Message-id: 1476301853-15774-2-git-send-email-thomas.hanson@linaro.org
[PMM: drop useless 'extern' keyword on function prototypes;
 provide CONFIG_USER_ONLY trivial versions of arm_regime_tbi[01]()]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:18 +01:00
Vijay Kumar B
08426da7dd pxa2xx: Auto-assign name for i2c bus in i2c_init_bus.
If a name is provided, the same name is assigned to both the I2C
controllers. Leaving it NULL, causes names to be automatically
assigned with an ID suffix, giving unique names to each
controller. This helps us to uniquely identify each controller in the
device tree, for example when adding an I2C device.

Signed-off-by: Vijay Kumar B. <vijaykumar@zilogic.com>
Reviewed-by: Deepak S. <deepak@zilogic.com>
Message-id: 1476351885-8905-1-git-send-email-vijaykumar@zilogic.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:18 +01:00
Paolo Bonzini
24b9462544 tests: cleanup ptimer-test
1) ptimer-test is not a qtest---it runs the ptimer.c code directly in the
ptimer-test process

2) ptimer-test has its own stubs file, so there is no need to add more
stubs to stubs/vmstate.c

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:17 +01:00
Cédric Le Goater
7a2334f720 tests: add a m25p80 test
This test uses the palmetto platform and the Aspeed SPI controller to
test the m25p80 flash module device model. The flash model is defined
by the platform (n25q256a) and it would be nice to find way to control
it, using a property probably.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1475787271-28794-1-git-send-email-clg@kaod.org
Brainstormed-with: Greg Kurz <groug@kaod.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:17 +01:00
Andrew Jones
2231f69b4e hw/arm/virt: no ITS on older machine types
We should avoid exposing new hardware (through DT and ACPI) on older
machine types. This patch keeps 2.7 and older from changing, despite
the introduction of ITS support for 2.8.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 1476117341-32690-3-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:17 +01:00
Andrew Jones
13cda48712 hw/arm/virt-acpi-build: fix MADT generation
We can't return early from build_* functions, as build_header is
only called at the end.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 1476117341-32690-2-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:17 +01:00
Christopher Covington
bad07da21c hw/intc/arm_gic_kvm: Fix build on aarch64
Remove unused debugging code to fix native building on aarch64. Without
this change, the following -Werr output inhibits make from completing.

  qemu/hw/intc/arm_gic_kvm.c:38:18: error: debug_gic_kvm defined but not used [-Werror=unused-const-variable=]
   static const int debug_gic_kvm = 0;
                    ^~~~~~~~~~~~~
  cc1: all warnings being treated as errors
  qemu/rules.mak:60: recipe for target 'hw/intc/arm_gic_kvm.o' failed
  make[1]: *** [hw/intc/arm_gic_kvm.o] Error 1
  Makefile:205: recipe for target 'subdir-aarch64-softmmu' failed

Signed-off-by: Christopher Covington <cov@codeaurora.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20161011163202.19720-1-cov@codeaurora.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:17 +01:00
Thomas Huth
04bb79d1f5 hw/dma/pl080: Fix bad bit mask (PL080_CONF_M1 | PL080_CONF_M1)
The M1 and M2 bits are both used for configuring the endianness
of the AHB master interfaces, so the second PL080_CONF_M1 should
be PL080_CONF_M2 instead.

Buglink: https://bugs.launchpad.net/qemu/+bug/1631773
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1476274451-26567-1-git-send-email-thuth@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:17 +01:00
Michael Olbrich
4c8afda7d2 hw/arm/boot: allow using a command line specified dtb without a kernel
When kernel and device tree are specified in the QEMU commandline, then
this device tree may be modified e.g. to add virtio_mmio devices.
With a bootloader e.g. on a flash device these extra devices are not
available.
With this change, the device tree can be specified at the QEMU commandline.
The modified device tree made available to the bootloader with the same
mechanism already supported by device trees fully generated by QEMU.

Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Message-id: 1473520054-402-1-git-send-email-m.olbrich@pengutronix.de
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:17 +01:00
Cédric Le Goater
a03cb1daf1 aspeed: add support for the SMC segment registers
The SMC controller on the Aspeed SoC has a set of registers to
configure the mapping of each flash module in the SoC address
space. Writing to these registers triggers a remap of the memory
region and the spec requires a certain number of checks before doing
so.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1474977462-28032-7-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:17 +01:00
Cédric Le Goater
2da95fd88b aspeed: create mapping regions for the maximum number of slaves
The SMC controller on the Aspeed SoC has a set of registers to
configure the mapping of each flash module in the SoC address
space. These mapping windows are configurable even though no SPI slave
is attached to the controller.

Also rewrite a bit the comments in the code on this topic.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1474977462-28032-6-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:17 +01:00
Cédric Le Goater
6dc52326cc aspeed: add support for the AST2500 SoC SMC controllers
The SMC controllers on the Aspeed AST2500 SoC are very similar to the
ones found on the AST2400. The differences are on the number of
supported flash modules and their default mappings in the SoC address
space.

The Aspeed AST2500 has one SPI controller for the BMC firmware and two
for the host firmware. All controllers have now the same set of
registers compatible with the AST2400 FMC controller and the legacy
'SMC' controller is fully gone.

We keep the FMC object to act as the BMC SPI controller and add a new
SPI controller for the host. We also have to introduce new type names
to handle the differences in the flash modules memory mappping.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1474977462-28032-5-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:16 +01:00
Cédric Le Goater
dbcabeeb54 aspeed: extend the number of host SPI controllers
The AST2500 SoC has two. Let's prepare ground for the next changes
which will add the required definitions for the second host SPI
controller.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1474977462-28032-4-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:16 +01:00
Cédric Le Goater
dcb834447f aspeed: move the flash module mapping address under the controller definition
This will ease the definition of the new controllers for the AST2500
SoC and also ease the support of the segment registers, which provide
a way to reconfigure the mapping window of each slave.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1474977462-28032-3-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:16 +01:00
Cédric Le Goater
0e5803dfbc aspeed: rename the smc object to fmc
The Aspeed SoC has three different types of SMC (Static Memory
Controller) controllers: the SMC (legacy), the FMC (the new one) and
the SPI for the host PNOR. The FMC and the SPI models are now
converging on the AST2500 SoC and the SMC, which was still available
on the AST2400 SoC, was removed.

The Aspeed SoC does not provide support for the legacy SMC
controller. So, let's rename the 'smc' object to 'fmc' to clarify its
nature.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1474977462-28032-2-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:16 +01:00
Paolo Bonzini
4344af65e7 target-arm: kvm: use AddressSpace-specific listener
The only address space where the GIC devices are added is
address_space_memory.  There is no need to use a global
MemoryListener.

This removes the only user of global MemoryListeners.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[PMM: added missing #include "exec/address-spaces.h"]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1475219846-32609-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:16 +01:00
Rutuja Shah
cabbcca037 Reducing stack frame size in stream_process_mem2s()
This patch allocates memory for txbuf in struct Stream rather than the stack.
As a result, the stack frame size is reduced of stream_process_mem2s().

Signed-off-by: Rutuja Shah <rutu.shah.26@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:16 +01:00
Alistair Francis
bcf48274ba docs/generic-loader: Update the document
This patch does three things:
 - It adds a list of restrictions and ToDos
 - It corrects the header --- lines to match the length of the header
 - It clarifies the force-raw option

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: e75d1d285cf8f45037c41ebe1bc3f68120f09cb9.1475702918.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 19:22:16 +01:00
Peter Maydell
0975b8b823 This pull request contains:
- a patch to add a vdc->reset() handler to virtio-9p
 - a bunch of patches to fix various memory leaks (thanks to Li Qiang)
 - some code cleanups for 9pfs
 -----BEGIN PGP SIGNATURE-----
 
 iEYEABECAAYFAlgE59oACgkQAvw66wEB28IrzgCePLq8RVQHvxJKcx9CO1XQaXCE
 Dp4AoJm+CDVuaBd+cojoUmwGaLmZG8lb
 =8nIw
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging

This pull request contains:
- a patch to add a vdc->reset() handler to virtio-9p
- a bunch of patches to fix various memory leaks (thanks to Li Qiang)
- some code cleanups for 9pfs

# gpg: Signature made Mon 17 Oct 2016 16:01:46 BST
# gpg:                using DSA key 0x02FC3AEB0101DBC2
# gpg: Good signature from "Greg Kurz <groug@kaod.org>"
# gpg:                 aka "Greg Kurz <groug@free.fr>"
# gpg:                 aka "Greg Kurz <gkurz@fr.ibm.com>"
# gpg:                 aka "Greg Kurz <gkurz@linux.vnet.ibm.com>"
# gpg:                 aka "Gregory Kurz (Groug) <groug@free.fr>"
# gpg:                 aka "Gregory Kurz (Cimai Technology) <gkurz@cimai.com>"
# gpg:                 aka "Gregory Kurz (Meiosys Technology) <gkurz@meiosys.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2BD4 3B44 535E C0A7 9894  DBA2 02FC 3AEB 0101 DBC2

* remotes/gkurz/tags/for-upstream:
  9pfs: fix memory leak in v9fs_write
  9pfs: fix memory leak in v9fs_link
  9pfs: fix memory leak in v9fs_xattrcreate
  9pfs: fix information leak in xattr read
  virtio-9p: add reset handler
  9pfs: only free completed request if not flushed
  9pfs: drop useless check in pdu_free()
  9pfs: use coroutine_fn annotation in hw/9pfs/9p.[ch]
  9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch]
  9pfs: fsdev: drop useless extern annotation for functions
  9pfs: fix potential host memory leak in v9fs_read
  9pfs: allocate space for guest originated empty strings

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 16:17:51 +01:00
Li Qiang
fdfcc9aeea 9pfs: fix memory leak in v9fs_write
If an error occurs when marshalling the transfer length to the guest, the
v9fs_write() function doesn't free an IO vector, thus leading to a memory
leak. This patch fixes the issue.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Greg Kurz <groug@kaod.org>
[groug, rephrased the changelog]
Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00
Li Qiang
4c1586787f 9pfs: fix memory leak in v9fs_link
The v9fs_link() function keeps a reference on the source fid object. This
causes a memory leak since the reference never goes down to 0. This patch
fixes the issue.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Greg Kurz <groug@kaod.org>
[groug, rephrased the changelog]
Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00
Li Qiang
ff55e94d23 9pfs: fix memory leak in v9fs_xattrcreate
The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
situation that this field has been allocated previously. Every time, it
will be allocated directly. This leads to a host memory leak issue if
the client sends another Txattrcreate message with the same fid number
before the fid from the previous time got clunked.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Greg Kurz <groug@kaod.org>
[groug, updated the changelog to indicate how the leak can occur]
Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00
Li Qiang
eb68760285 9pfs: fix information leak in xattr read
9pfs uses g_malloc() to allocate the xattr memory space, if the guest
reads this memory before writing to it, this will leak host heap memory
to the guest. This patch avoid this.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00
Greg Kurz
0e44a0fd3f virtio-9p: add reset handler
Virtio devices should implement the VirtIODevice->reset() function to
perform necessary cleanup actions and to bring the device to a quiescent
state.

In the case of the virtio-9p device, this means:
- emptying the list of active PDUs (i.e. draining all in-flight I/O)
- freeing all fids (i.e. close open file descriptors and free memory)

That's what this patch does.

The reset handler first waits for all active PDUs to complete. Since
completion happens in the QEMU global aio context, we just have to
loop around aio_poll() until the active list is empty.

The freeing part involves some actions to be performed on the backend,
like closing file descriptors or flushing extended attributes to the
underlying filesystem. The virtfs_reset() function already does the
job: it calls free_fid() for all open fids not involved in an ongoing
I/O operation. We are sure this is the case since we have drained
the PDU active list.

The current code implements all backend accesses with coroutines, but we
want to stay synchronous on the reset path. We can either change the
current code to be able to run when not in coroutine context, or create
a coroutine context and wait for virtfs_reset() to complete. This patch
goes for the latter because it results in simpler code.

Note that we also need to create a dummy PDU because it is also an API
to pass the FsContext pointer to all backend callbacks.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-10-17 14:13:58 +02:00
Greg Kurz
f74e27bf0f 9pfs: only free completed request if not flushed
If a PDU has a flush request pending, the current code calls pdu_free()
twice:

1) pdu_complete()->pdu_free() with pdu->cancelled set, which does nothing

2) v9fs_flush()->pdu_free() with pdu->cancelled cleared, which moves the
   PDU back to the free list.

This works but it complexifies the logic of pdu_free().

With this patch, pdu_complete() only calls pdu_free() if no flush request
is pending, i.e. qemu_co_queue_next() returns false.

Since pdu_free() is now supposed to be called with pdu->cancelled cleared,
the check in pdu_free() is dropped and replaced by an assertion.

Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00
Greg Kurz
6868a420c5 9pfs: drop useless check in pdu_free()
Out of the three users of pdu_free(), none ever passes a NULL pointer to
this function.

Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00
Greg Kurz
8440e22ec1 9pfs: use coroutine_fn annotation in hw/9pfs/9p.[ch]
All these functions either call the v9fs_co_* functions which have the
coroutine_fn annotation, or pdu_complete() which calls qemu_co_queue_next().

Let's mark them to make it obvious they execute in coroutine context.

Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00
Greg Kurz
5bdade6621 9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch]
All these functions use the v9fs_co_run_in_worker() macro, and thus always
call qemu_coroutine_self() and qemu_coroutine_yield().

Let's mark them to make it obvious they execute in coroutine context.

Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00
Greg Kurz
bc70a5925f 9pfs: fsdev: drop useless extern annotation for functions
Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00
Li Qiang
e95c9a493a 9pfs: fix potential host memory leak in v9fs_read
In 9pfs read dispatch function, it doesn't free two QEMUIOVector
object thus causing potential memory leak. This patch avoid this.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00
Li Qiang
ba42ebb863 9pfs: allocate space for guest originated empty strings
If a guest sends an empty string paramater to any 9P operation, the current
code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }.

This is unfortunate because it can cause NULL pointer dereference to happen
at various locations in the 9pfs code. And we don't want to check str->data
everywhere we pass it to strcmp() or any other function which expects a
dereferenceable pointer.

This patch enforces the allocation of genuine C empty strings instead, so
callers don't have to bother.

Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if
the returned string is empty. It now uses v9fs_string_size() since
name.data cannot be NULL anymore.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
[groug, rewritten title and changelog,
 fix empty string check in v9fs_xattrwalk()]
Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00
Peter Maydell
7bf59dfec4 ppc patch queue 2016-10-17
Highlights:
     * Significant rework of how PCI IO windows are placed for the
       pseries machine type
     * A number of extra tests added for ppc
     * Other tests clean up / fixed
     * Some cleanups to the XICS interrupt controller in preparation
       for the 'powernv' machine type
 
 A number of the test changes aren't strictly in ppc related code, but
 are included via my tree because they're primarily focused on
 improving test coverage for ppc.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJYBDqhAAoJEGw4ysog2bOSVPAP/RlWYnOCTDiKuSCXz7+joHl9
 lY3K+x2r8DbFFmqxk82h+uObBG/dVQ7kcF+o3SD49dMUqoi/iD8rS5UFrDtArFKP
 vPh4h7KpVbQHyMWoHTjo1Zw94Sr2xEqRelQOrZjRA+a794kg6MKs3EIekHo9QdZl
 33qU0aE02LNOmguDwsTqTavrs/19qjcUM+fAyfOMEMiaQHNxdwrQjvldlIeELPka
 Dz/iOS5Lxibq2txmZWMxiMAuBe6lmJQWlcUUy+xXylQ5OE7CQctCfm2hsWWoMpGo
 PnhY+UC+9Ctqvb4TyTzqjllEmEfwK219091+hW7epWIUXGuaWde1RCvwRUr7pFGD
 DN4/75M82aNrpG0ydjzLpqbOwj/h+YvQARdKTTS2/4iJCrDPd5O2rR4Yjkrt1lcq
 jrSSnqsCeYET+4JY4G4h3ZZsPRcLnnpcNrUcF9AwkRCe1ybr4npK8FGSd4AGWAOR
 J7/mZqs7Gne4DjbjIzwfntP8ak5AASPqJKEmwjAO7M8zD0/xm6Ovqbmo8Xte9Vxx
 ge4nBcAhoJJ8y1hiZNLOyy1d87WUiD84MiN/BuSK7UbeBVsfHvYWAcEsVGXFzaP0
 hXwLHxddmflU7gy6hTbQ/f9SQiaobphCaP3uM4fLIOzAn64EIELCDvRwlr6NakRW
 CbJWqMsNz/WblA/ZSlA3
 =tnCe
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.8-20161017' into staging

ppc patch queue 2016-10-17

Highlights:
    * Significant rework of how PCI IO windows are placed for the
      pseries machine type
    * A number of extra tests added for ppc
    * Other tests clean up / fixed
    * Some cleanups to the XICS interrupt controller in preparation
      for the 'powernv' machine type

A number of the test changes aren't strictly in ppc related code, but
are included via my tree because they're primarily focused on
improving test coverage for ppc.

# gpg: Signature made Mon 17 Oct 2016 03:42:41 BST
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.8-20161017:
  spapr: Improved placement of PCI host bridges in guest memory map
  spapr_pci: Add a 64-bit MMIO window
  spapr: Adjust placement of PCI host bridge to allow > 1TiB RAM
  spapr_pci: Delegate placement of PCI host bridges to machine type
  libqos: Limit spapr-pci to 32-bit MMIO for now
  libqos: Correct error in PCI hole sizing for spapr
  libqos: Isolate knowledge of spapr memory map to qpci_init_spapr()
  ppc/xics: Split ICS into ics-base and ics class
  ppc/xics: Make the ICSState a list
  spapr: fix inheritance chain for default machine options
  target-ppc: implement vexts[bh]2w and vexts[bhw]2d
  tests/boot-sector: Increase time-out to 90 seconds
  tests/boot-sector: Use mkstemp() to create a unique file name
  tests/boot-sector: Use minimum length for the Forth boot script
  qtest: ask endianness of the target in qtest_init()
  tests: minor cleanups in usb-hcd-uhci-test

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 12:59:54 +01:00
Peter Maydell
ad728364e3 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
 iQEcBAABCAAGBQJYBDKcAAoJEMo1YkxqkXHGUUUH/A3xe/y54QGsQQxLpH0Ek1Vk
 NX1Wzu9Q+J8xqyT8qf1Yp/BtL9fnDQKT2deZTx09zaIRjUKqO9JGdXmOVg/zFFAs
 0JynVVFNwO9kDAEHtsbBvc3pvfpdONKj2muCHdG3KiVxP5YH6MiuW5waQ9ujyUKb
 nrW8+oWM/seoCgouBAC6YtIr7lq25NkXxuIL95SBi/yskAjKiPgpQjn+II8tUDTU
 ZF35KNoeFLAw/CgdMZpu2MVZZwod5HDxpBbY1EHIWsboGX/iO3R+CuTyVdSJ6kna
 B9Oi1U4A58OMVCZATpqRIdW/xxjaWs3b+kM1uMIJIzhR9Sk2kWFPweaznwGHc2Y=
 =FdKf
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/famz/tags/for-upstream' into staging

# gpg: Signature made Mon 17 Oct 2016 03:08:28 BST
# gpg:                using RSA key 0xCA35624C6A9171C6
# gpg: Good signature from "Fam Zheng <famz@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5003 7CB7 9706 0F76 F021  AD56 CA35 624C 6A91 71C6

* remotes/famz/tags/for-upstream:
  tests/docker/Makefile.include: add a generic docker-run target
  tests/docker: make test-mingw honour TARGET_LIST
  tests/docker: test-build script
  tests/docker: add travis dockerfile

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 11:56:18 +01:00
Peter Maydell
4378caf59e migration/next for 20161014
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJYAPidAAoJEPSH7xhYctcjgakP/0M4gXnf5HpEPrF2y5fWOrds
 9/65UEdkg466tyshu8gY2YWjNNLh65psNiD1eDwwUbOBydapAai8dJiaqlO4/vvz
 le0ctBMv34FUQ4bTYMpf9ZaKK3gplNQWZp70DXZ7d4LKNNPPbqiCK1vaMwZkT2bM
 3cal8IsWaDVcUnN3C85FlgGuS43IDNmbzMd7/WZKNZX/u9dcn/Fg1LMMmpIMl1IM
 o+i9jJv4MAyBqTQ4FMcvGJZ6uFVHz/GftYVCshCG6acU1Qoeq3KsInk41Ev0N8wO
 RRWOelbcSlug1HshQbKiJcEFajZT/2zIdMMA+xAmwTnCRufH8OMeQAAByRjArQLZ
 bfuZZpdRSQdhQwEt5Tad7t+oPDFXYWkiNiZo8CQFnXRSwMiKP0XCW7clphCUNeCV
 tyG5njvHuM1WqsXG0qhSVXUWvshSk4XBlNgiCn7Et1sM0mZNEnNaKGl6TCJwWaO3
 pbm021zxyY7jJl3FDptnRdqhUJHqLqnmj5A0kIVMzsTTz1LCliyhjSmtVBfpi3bu
 dTPYheUvsvOrWgcFwEBlcFMjXWHRB6UqEHeRm4eKnoB3ewkMPfW2sl5W+gCwAoGj
 aINiBIHPm0plfnWnv+D7AKzWolHsyM5aHdLUjrnFfDqahqZc+zGib63c7A1Kn4Fv
 2+OTc+a9ckGC7VahqS0E
 =Gd97
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20161014' into staging

migration/next for 20161014

# gpg: Signature made Fri 14 Oct 2016 16:24:13 BST
# gpg:                using RSA key 0xF487EF185872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>"
# gpg:                 aka "Juan Quintela <quintela@trasno.org>"
# Primary key fingerprint: 1899 FF8E DEBF 58CC EE03  4B82 F487 EF18 5872 D723

* remotes/juanquintela/tags/migration/20161014:
  docs/xbzrle: correction
  migrate: move max-bandwidth and downtime-limit to migrate_set_parameter
  migration: Fix seg with missing port
  migration/postcopy: Explicitly disallow huge pages
  RAMBlocks: Store page size
  Postcopy vs xbzrle: Don't send xbzrle pages once in postcopy [for 2.8]
  migrate: Fix bounds check for migration parameters in migration.c
  migrate: Use boxed qapi for migrate-set-parameters
  migrate: Share common MigrationParameters struct
  migrate: Fix cpu-throttle-increment regression in HMP
  migration/rdma: Don't flag an error when we've been told about one
  migration: Make failed migration load set file error
  migration/rdma: Pass qemu_file errors across link
  migration: Report values for comparisons
  migration: report an error giving the failed field

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-17 10:31:10 +01:00
Alex Bennée
e86c9a64f4 tests/docker/Makefile.include: add a generic docker-run target
This re-factors the docker makefile to include a docker-run target which
can be controlled entirely from environment variables specified on the
make command line. This allows us to run against any given docker image
we may have in our repository, for example:

    make docker-run TEST="test-quick" IMAGE="debian:arm64" \
         EXECUTABLE=./aarch64-linux-user/qemu-aarch64

The existing docker-foo@bar targets still work but the inline
verification has been dropped because we already don't hit that due to
other pattern rules in rules.mak.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

Message-Id: <20161011161625.9070-5-alex.bennee@linaro.org>
Message-Id: <20161011161625.9070-6-alex.bennee@linaro.org>
[Squash in the verification removal patch. - Fam]
Signed-off-by: Fam Zheng <famz@redhat.com>
2016-10-17 10:05:48 +08:00
Alex Bennée
86a17cb3f4 tests/docker: make test-mingw honour TARGET_LIST
The other builders honour this variable, so should the mingw build.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20161011161625.9070-4-alex.bennee@linaro.org>
Signed-off-by: Fam Zheng <famz@redhat.com>
2016-10-17 10:05:48 +08:00
Alex Bennée
bdecba6e97 tests/docker: test-build script
Much like test-quick but only builds. This is useful for some of the
build targets like ThreadSanitizer that don't yet pass "make check".

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

Message-Id: <20161011161625.9070-3-alex.bennee@linaro.org>
Signed-off-by: Fam Zheng <famz@redhat.com>
2016-10-17 10:05:48 +08:00
Alex Bennée
8b9b3177a2 tests/docker: add travis dockerfile
This target grabs the latest Travis containers from their repository at
quay.io and then installs QEMU's build dependencies. With this it is
possible to run on broadly the same setup as they have on travis-ci.org.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20161011161625.9070-2-alex.bennee@linaro.org>
Signed-off-by: Fam Zheng <famz@redhat.com>
2016-10-17 10:05:48 +08:00
David Gibson
357d1e3bc7 spapr: Improved placement of PCI host bridges in guest memory map
Currently, the MMIO space for accessing PCI on pseries guests begins at
1 TiB in guest address space.  Each PCI host bridge (PHB) has a 64 GiB
chunk of address space in which it places its outbound PIO and 32-bit and
64-bit MMIO windows.

This scheme as several problems:
  - It limits guest RAM to 1 TiB (though we have a limited fix for this
    now)
  - It limits the total MMIO window to 64 GiB.  This is not always enough
    for some of the large nVidia GPGPU cards
  - Putting all the windows into a single 64 GiB area means that naturally
    aligning things within there will waste more address space.
In addition there was a miscalculation in some of the defaults, which meant
that the MMIO windows for each PHB actually slightly overran the 64 GiB
region for that PHB.  We got away without nasty consequences because
the overrun fit within an unused area at the beginning of the next PHB's
region, but it's not pretty.

This patch implements a new scheme which addresses those problems, and is
also closer to what bare metal hardware and pHyp guests generally use.

Because some guest versions (including most current distro kernels) can't
access PCI MMIO above 64 TiB, we put all the PCI windows between 32 TiB and
64 TiB.  This is broken into 1 TiB chunks.  The first 1 TiB contains the
PIO (64 kiB) and 32-bit MMIO (2 GiB) windows for all of the PHBs.  Each
subsequent TiB chunk contains a naturally aligned 64-bit MMIO window for
one PHB each.

This reduces the number of allowed PHBs (without full manual configuration
of all the windows) from 256 to 31, but this should still be plenty in
practice.

We also change some of the default window sizes for manually configured
PHBs to saner values.

Finally we adjust some tests and libqos so that it correctly uses the new
default locations.  Ideally it would parse the device tree given to the
guest, but that's a more complex problem for another time.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
2016-10-16 12:04:15 +11:00
David Gibson
daa2369903 spapr_pci: Add a 64-bit MMIO window
On real hardware, and under pHyp, the PCI host bridges on Power machines
typically advertise two outbound MMIO windows from the guest's physical
memory space to PCI memory space:
  - A 32-bit window which maps onto 2GiB..4GiB in the PCI address space
  - A 64-bit window which maps onto a large region somewhere high in PCI
    address space (traditionally this used an identity mapping from guest
    physical address to PCI address, but that's not always the case)

The qemu implementation in spapr-pci-host-bridge, however, only supports a
single outbound MMIO window, however.  At least some Linux versions expect
the two windows however, so we arranged this window to map onto the PCI
memory space from 2 GiB..~64 GiB, then advertised it as two contiguous
windows, the "32-bit" window from 2G..4G and the "64-bit" window from
4G..~64G.

This approach means, however, that the 64G window is not naturally aligned.
In turn this limits the size of the largest BAR we can map (which does have
to be naturally aligned) to roughly half of the total window.  With some
large nVidia GPGPU cards which have huge memory BARs, this is starting to
be a problem.

This patch adds true support for separate 32-bit and 64-bit outbound MMIO
windows to the spapr-pci-host-bridge implementation, each of which can
be independently configured.  The 32-bit window always maps to 2G.. in PCI
space, but the PCI address of the 64-bit window can be configured (it
defaults to the same as the guest physical address).

So as not to break possible existing configurations, as long as a 64-bit
window is not specified, a large single window can be specified.  This
will appear the same way to the guest as the old approach, although it's
now implemented by two contiguous memory regions rather than a single one.

For now, this only adds the possibility of 64-bit windows.  The default
configuration still uses the legacy mode.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
2016-10-16 12:03:09 +11:00
David Gibson
2efff1c0dd spapr: Adjust placement of PCI host bridge to allow > 1TiB RAM
Currently the default PCI host bridge for the 'pseries' machine type is
constructed with its IO windows in the 1TiB..(1TiB + 64GiB) range in
guest memory space.  This means that if > 1TiB of guest RAM is specified,
the RAM will collide with the PCI IO windows, causing serious problems.

Problems won't be obvious until guest RAM goes a bit beyond 1TiB, because
there's a little unused space at the bottom of the area reserved for PCI,
but essentially this means that > 1TiB of RAM has never worked with the
pseries machine type.

This patch fixes this by altering the placement of PHBs on large-RAM VMs.
Instead of always placing the first PHB at 1TiB, it is placed at the next
1 TiB boundary after the maximum RAM address.

Technically, this changes behaviour in a migration-breaking way for
existing machines with > 1TiB maximum memory, but since having > 1 TiB
memory was broken anyway, this seems like a reasonable trade-off.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
2016-10-16 12:03:09 +11:00
David Gibson
6737d9ad79 spapr_pci: Delegate placement of PCI host bridges to machine type
The 'spapr-pci-host-bridge' represents the virtual PCI host bridge (PHB)
for a PAPR guest.  Unlike on x86, it's routine on Power (both bare metal
and PAPR guests) to have numerous independent PHBs, each controlling a
separate PCI domain.

There are two ways of configuring the spapr-pci-host-bridge device: first
it can be done fully manually, specifying the locations and sizes of all
the IO windows.  This gives the most control, but is very awkward with 6
mandatory parameters.  Alternatively just an "index" can be specified
which essentially selects from an array of predefined PHB locations.
The PHB at index 0 is automatically created as the default PHB.

The current set of default locations causes some problems for guests with
large RAM (> 1 TiB) or PCI devices with very large BARs (e.g. big nVidia
GPGPU cards via VFIO).  Obviously, for migration we can only change the
locations on a new machine type, however.

This is awkward, because the placement is currently decided within the
spapr-pci-host-bridge code, so it breaks abstraction to look inside the
machine type version.

So, this patch delegates the "default mode" PHB placement from the
spapr-pci-host-bridge device back to the machine type via a public method
in sPAPRMachineClass.  It's still a bit ugly, but it's about the best we
can do.

For now, this just changes where the calculation is done.  It doesn't
change the actual location of the host bridges, or any other behaviour.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
2016-10-16 12:03:09 +11:00
David Gibson
8360544a6d libqos: Limit spapr-pci to 32-bit MMIO for now
Currently the functions in pci-spapr.c (like pci-pc.c on which it's based)
don't distinguish between 32-bit and 64-bit PCI MMIO.  At the moment, the
qemu side implementation is a bit weird and has a single MMIO window
straddling 32-bit and 64-bit regions, but we're likely to change that in
future.

In any case, pci-pc.c - and therefore the testcases using PCI - only handle
32-bit MMIOs for now.  For spapr despite whatever changes might happen with
the MMIO windows, the 32-bit window is likely to remain at 2..4 GiB in PCI
space.

So, explicitly limit pci-spapr.c to 32-bit MMIOs for now, we can add 64-bit
MMIO support back in when and if we need it.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
2016-10-16 12:03:09 +11:00
David Gibson
c711369087 libqos: Correct error in PCI hole sizing for spapr
In pci-spapr.c (as in pci-pc.c from which it was derived), the
pci_hole_start/pci_hole_size and pci_iohole_start/pci_iohole_size pairs[1]
essentially define the region of PCI (not CPU) addresses in which MMIO
or PIO BARs respectively will be allocated.

The size value is relative to the start value.  But in pci-spapr.c it is
set to the entire size of the window supported by the (emulated) hardware,
but the start values are *not* at the beginning of the emulated windows.

That means if you tried to map enough PCI BARs, we'd messily overrun the
IO windows, instead of failing in iomap as we should.

This patch corrects this by calculating the hole sizes from the location
of the window in PCI space and the hole start.

[1] Those are bad names, but that's a problem for another time.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
2016-10-16 12:03:09 +11:00