Commit Graph

11381 Commits

Author SHA1 Message Date
Peter Lieven
2f487a3d40 ui/vnc: fix vmware VGA incompatiblities
this fixes invalid rectangle updates observed after commit 12b316d
with the vmware VGA driver. The issues occured because the server
and client surface update seems to be out of sync at some points
and the max width of the surface is not dividable by
VNC_DIRTY_BITS_PER_PIXEL (16).

Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-18 08:21:24 +01:00
Christian Borntraeger
4f3ed190a6 s390x/sclpconsole-lm: Fix and simplify irq setup
valgrind complains about a memory leak in irq setup of sclpconsole:

==42117== 8 bytes in 1 blocks are definitely lost in loss record 89of 833
==42117==    at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117==    by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117==    by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117==    by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117==    by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117==    by 0x800F5685: console_init (sclpconsole.c:235)
==42117==    by 0x80297C79: event_realize (event-facility.c:386)
==42117==    by 0x80105071: device_set_realized (qdev.c:693)
==42117==    by 0x801CDC4B: property_set_bool (object.c:1337)
 ==42117==    by 0x801CBD7F: object_property_set (object.c:819)
[...]

We dont need the indirection of an qemu irq to inject an slcp interrupt.
Fixes a valgrind error and makes the code simpler.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
2014-03-17 22:01:19 +01:00
Christian Borntraeger
b074e62205 s390x/sclpconsole: Fix and simplify interrupt injection
valgrind complains about a memory leak in irq setup of sclpconsole:

==42117== 8 bytes in 1 blocks are definitely lost in loss record 89 of 833
==42117==    at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117==    by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117==    by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117==    by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117==    by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117==    by 0x800F5685: console_init (sclpconsole.c:235)
==42117==    by 0x80297C79: event_realize (event-facility.c:386)
==42117==    by 0x80105071: device_set_realized (qdev.c:693)
==42117==    by 0x801CDC4B: property_set_bool (object.c:1337)
==42117==    by 0x801CBD7F: object_property_set (object.c:819)
[...]

Turns out that we actually dont need the indirection, so trigger the
sclp interrupt directly.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
2014-03-17 22:01:19 +01:00
Christian Borntraeger
7b53f2940e s390x/cpu hotplug: Fix memory leak
valgrind complains about the following:
==42117== 8 bytes in 1 blocks are definitely lost in loss record 88 of 833
==42117==    at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117==    by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117==    by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117==    by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117==    by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117==    by 0x8029FA4B: irq_cpu_hotplug_init (sclpcpu.c:84)
==42117==    by 0x80297C79: event_realize (event-facility.c:386)
==42117==    by 0x80105071: device_set_realized (qdev.c:693)
[...]

Right it is. Don't drop the pointer of the irq.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Jason J. Herne <jjherne@us.ibm.com>
2014-03-17 22:01:19 +01:00
Christian Borntraeger
0a1bec8a4e s390/ipl: Fix error path on BIOS loading
commit 18674b2678
(elf-loader: add more return codes) enabled the elf loader to return
other errors than -1.

Lets also handle that case for our "BIOS" on s390.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: Alexey Kardashevskiy <aik@ozlabs.ru>
CC: Alexander Graf <agraf@suse.de>
2014-03-17 22:01:19 +01:00
Peter Maydell
ba7500852d virt: Set reset-cbar on CPUs
Set the reset-cbar property on CPUs used by the virt board,
if they have it. This isn't necessary for correct functioning
under Linux (since the A9 isn't a valid CPU for the virt board),
but it is the correct behaviour.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1394462692-8871-5-git-send-email-peter.maydell@linaro.org
2014-03-17 16:31:46 +00:00
Peter Maydell
4719ab918a exynos4210: Set reset-cbar property of Cortex-A9 CPUs
Set the reset-cbar property of the Exynos4210 SoC's Cortex-A9
CPUs, so that Linux doesn't misrecognize them as a broken
uniprocessor SoC.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1394462692-8871-4-git-send-email-peter.maydell@linaro.org
2014-03-17 16:31:46 +00:00
Peter Maydell
b5a3ca3e30 realview-pbx-a9: Set reset-cbar property for CPUs
If the CPU is a Cortex-A9 then we should set its reset-cbar property
so that the guest can read the correct PERIPHBASE/CBAR register value;
newer versions of the Linux kernel (as of commit bc41b8724 in 3.12)
will otherwise assume the CPU is a buggy single core A9 SoC. The
realview-pbx-a9 is the only one of the cluster of boards in realview.c
which works with the Cortex-A9 (ie which gets an a9mpcore_priv device);
make sure it also has reset-cbar set correctly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1394462692-8871-3-git-send-email-peter.maydell@linaro.org
2014-03-17 16:31:45 +00:00
Peter Maydell
9948c38bd9 vexpress: Set reset-cbar property for CPUs
Newer versions of the Linux kernel (as of commit bc41b8724 in 3.12)
now assume that if the CPU is a Cortex-A9 and the reset value of the
PERIPHBASE/CBAR register is zero then the CPU is a specific buggy
single core A9 SoC, and will not try to start other cores. Since we
now have a CPU property for the reset value of the CBAR, we can
just fix the vexpress board model to correctly set CBAR so SMP
works again. To avoid duplicate boilerplate code in both the A9
and A15 daughterboard init functions, we split out the CPU and
private memory region init to its own function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Rob Herring <rob.herring@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1394462692-8871-2-git-send-email-peter.maydell@linaro.org
2014-03-17 16:31:45 +00:00
Fabien Chouteau
9c749e4dbe FSL eTSEC: Fix typo in rx ring
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-03-15 13:54:18 +04:00
Stefan Weil
69df1c3c9d audio: Add 'static' attributes to several variables
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-03-15 13:54:18 +04:00
Stefan Weil
3b163b0165 misc: Fix typos in comments
Codespell found and fixed these new typos:

* doesnt -> doesn't
* funtion -> function
* perfomance -> performance
* remaing -> remaining

A coding style issue (line too long) was fixed manually.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-03-15 13:54:18 +04:00
Sebastian Huber
9d5614d582 hw/timer/grlib_gptimer: Avoid integer overflows
The GPTIMER uses 32-bit registers.  Use a 64-bit operation to get the
ptimer count, otherwise we end up with a count of 0 for GPTIMER counter
values of 0xffffffff.

Use the GPTIMER counter value for tracing to avoid an overflow of the
32-bit value passed to trace_grlib_gptimer_enable().

Reviewed-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-03-15 13:54:18 +04:00
Paolo Bonzini
aa7a6a399f virtio-scsi: actually honor sense_size from configuration space
We were always truncating the sense size to 96 bytes.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-03-14 13:38:03 +01:00
Fam Zheng
2e323f03bf scsi: Fix migration of scsi sense data
c5f52875 changed the size of sense array in vmstate_scsi_device by
mistake. This patch restores the old size, and add a subsection for the
remaining part of the buffer size. So that migration is not broken.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-03-14 10:06:55 +01:00
Alexey Kardashevskiy
22956a3755 spapr-vscsi: fix CRQ status
Normally VIOSRP_OK (0) means success and non-zero value means error
except VIOSRP_OK2 (0x99) which is another success code by weird accident.

This uses 0 as success code always as some guests do not cope with
the 0x99 value well. The existing linux driver checks for both VIOSRP_OK
and VIOSRP_OK2 since 2.6.32.

This returns non-zero code (VIOSRP_ADAPTER_FAIL == 0x10) on errors which
can only happen if DMA write failed.

Suggested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-03-14 10:06:55 +01:00
Peter Maydell
b19fc63cad QOM/QTest infrastructure fixes
* QOM cast fix for virtserialport and regression test
 * QTest error handling fix
 * QTest output cleanup
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTIhh2AAoJEPou0S0+fgE/6jAP/362k1KrTFe5edcdBEJE6IgI
 FssJBenl/A8eKbfhbeLWK4I3q1RZJb8oDfSVDFpwmgSIknmYFAldDS+Ju/UePX/9
 PikS9CYjBnDMmWBnmFAhgRtCrDq3gazu2c7hicBdnLemFD/1CaBkL65VNIwvXEvY
 KUYtleABUr6YbmjgMYtf8gCUZjYBcI5tw2ZgG6T0jgZRqPPGsEozKxBTctM9PIuW
 LtQdLDvhD2rfJAeDTG4jrTCeDBrgJCs8UGXDaNctMBwsESMQBuCjW0TeVsmdI0Qp
 P/y30N3HDfQfhuMkJk8Udm8iiOs1LX0YNRi08aeHOYxoWb3dc9C3mtLMFU8UYTLP
 ddpJZ5WEOVt42rsZvtmnwdv6kGBkbphcIzCP56eJN0w+HallKQf6qusRH04nO3GM
 ISr+1xIfchl1CzXdP41AiHrodfCDozROhItz+SgIynJGs1kFOETsjJQhHCUutDx+
 u4Y8+NGDVRxd2a0h0eLYwqqt8ObpBs8a0+Xnsr7HEES6zPg0eN7VPe9x3jR3TFZN
 trvKCDiV9zycrC82wlwx6z+KFrFPJE+9yvzGlELyDhw0McBtCpt9VaEk94jEWkK5
 tSs1AsIehAom8oMTZweU28TZwiS4p2bLuJfLlw99E0cnGqOvMr8dmvbcVLOmIPZl
 oFy0sTD3JECuYa1wR8dI
 =WXjm
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-2.0' into staging

QOM/QTest infrastructure fixes

* QOM cast fix for virtserialport and regression test
* QTest error handling fix
* QTest output cleanup

# gpg: Signature made Thu 13 Mar 2014 20:43:34 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-2.0:
  main-loop: Suppress "I/O thread spun" warnings for qtest
  qtest: Fix crash if SIGABRT during qtest_init()
  virtio-console-test: Test virtserialport as well
  virtio-console: Fix VIRTIO_CONSOLE() cast macro

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-13 21:50:40 +00:00
Peter Maydell
90c5d39cb8 PowerPC queue for 2.0
* Fixes for -device VGA
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTIg2YAAoJEPou0S0+fgE/3ckP/0ZS6CIpOnQp83t8jPnXjhGJ
 ztS2J7yxxCzcCqw97IjyHO/tOJXL5Bw1XUt1G9dDgAIr/4ZRqL2iI3ltH4MyX/lQ
 Zvdfua9VSACQrbH0S29sh5tJFt0jZ3zbLN9V/SUZ56r+04WaSy3ij8zEvEirebi1
 CdQu3vT6pymgvnRkGaXel9RqCjMj4MpZcu54uRKC+YmF5HcfHobj5tUi36iB3KJV
 YYVAUwmTAEsS46msSWSX0O9SilJTyNPI343K58BDb5oOeiJBr9cXKqRG78sVawzW
 zkDYsuU61ZIMJvGcFA2IgJaFO8T3if7isVgmoAPD3VWz0VJFN0KEa1UGA04tLdr7
 3FsRHjU6mJeGJnQMQ29g2U4/jxbpC5djFQzCStM9vJ8klJhxy8uT+9hqf+gNUB1N
 a8Whng+wnJz5AgkQ9tLK2XbWHTUKnOgbU+8Nxg30qA0MNHEGLA2mbViVnQf7R1+v
 qQu8HjFnHhe5fH9P8RYkOTctkNKOjkr4zN9xaPEkq8vfENMmveIQKGdIGzcSOFC8
 tMMAsHLqzKsvNm6IKhjgbclk/z+MjJXy3sirWtOw1qEVuzbGbjmkdVBPfLKLxLPQ
 ihnQReNxX86vrbWkQZNahLmql1NqYJN9bP/J1DRLmhNeWqsZdW+aG08vyHfysJFy
 j8o0/JYAq0Ljh4lClt/a
 =f+Kw
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/ppc-for-2.0' into staging

PowerPC queue for 2.0

* Fixes for -device VGA

# gpg: Signature made Thu 13 Mar 2014 19:57:12 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/ppc-for-2.0:
  spapr: Fix return value of vga initialization
  Fix vga_interface_type for command line argument '-device VGA'

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-13 21:27:54 +00:00
Andreas Färber
be21c33616 virtio-console: Fix VIRTIO_CONSOLE() cast macro
Commit 0399a3819b (virtio-console: QOM
cast cleanup for VirtConsole) broke virtserialport since it shares
functions and state struct with virtconsole. Let virtconsole inherit
from virtserialport, and use virtserialport type for casting.

Note that virtio-serial-port is the abstract base type in
virtio-serial-bus.c, whereas virtserialport is the user-instantiatable
type in virtio-console.c. Therefore using TYPE_VIRTIO_CONSOLE_SERIAL_PORT.

Reported-by: Richard W.M. Jones <rjones@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 21:12:07 +01:00
Peter Maydell
8bf0975902 PReP machine and devices
* ppc_rom.bin update
 * Raven PCI host bridge preparations for OpenBIOS
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTIgblAAoJEPou0S0+fgE/kO0P/0QCzC8omYaBg5jTJvYLQhvw
 CQ1gOPp4HzundgK1fLXPhBOD6JhXK1uS0QnkwnrpnU69nSKL2snCdfb6rrN4BQRe
 L0MFjJmSQHW528DfUf4KbUhl+XeOZPiEnxjwXCUQdcVjVl1uo3DJHt1cur8adESW
 yoYxLbvMhkVxA3hhIXR/lZNiQBZVIxQ1DM92hgPtttiTEuC0yf+Ke9acyKrehi72
 xr5Ke2b6Osq3mR51X+8LOhmxV5zSmCEndP3gTHQ6ma1kOZ1Q0mbomrFjuhS6dWI0
 nNxi47A6roKLrwLH/ZMADaqJ1nviBWCQsNoKSwuT+rxLltvXhipY05pCRcTX0HQ8
 1Be9rcx83jEJnZMijwSComkML9W7e/fwFj6d3Au+t+k9xQwBj9iphR6u+gekgVwZ
 JxElpx2agjuEkKjCfL5oNBKJfXeAPDFGvtTYX85PHAHAHseZ1ygTBK8zBJ86JT2Q
 fUWTfZplPWmu8TFqeEyY7oYW2rMRtylblF3XC1G4NrvAvcAJvSTDpdPnNnuHgEf8
 aSISKxYJhea0mjIbqn/064yZfVYBGPzA5x8gsm0z4zetPtq7qo3LZjwzkwbsMQOW
 xNycQufNiIn+nMKWEf8SQj3alNNaFhltbRju2W8B+Rn2LVplOEB72frZ/lx5ea7F
 NMLotmkJV1fi9WZeIF63
 =rkuo
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/prep-for-2.0' into staging

PReP machine and devices

* ppc_rom.bin update
* Raven PCI host bridge preparations for OpenBIOS

# gpg: Signature made Thu 13 Mar 2014 19:28:37 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/prep-for-2.0:
  raven: Move BIOS loading from board code to PCI host
  prep: Update ppc_rom.bin

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-13 20:09:11 +00:00
Mark Wu
7effdaa321 spapr: Fix return value of vga initialization
Before spapr_vga_init will returned false if the vga is specified by
the command '-device VGA' because vga_interface_type was evaluated to
VGA_NONE. With the change in previous patch of this series,
spapr_vga_init should return true if it's told that the vga will be
initialized in flow of the generic devices initialization.

To keep '-nodefaults' have the semantics of bare minimum, it adds a
check of 'has_defaults' in usb_enabled() to avoid that a USB controller
is added by '-nodefautls, -device VGA' implicitly.

This patch also makes two cleanups:
1. skip initialization for VGA_NONE
2. remove the useless 'break'

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Mark Wu <wudxw@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 20:53:28 +01:00
Hervé Poussineau
d0b2542574 raven: Move BIOS loading from board code to PCI host
Raven datasheet explains where firmware lives in system memory, so do
it there instead of in board code. Other boards using the same PCI
host will not have to copy the firmware loading code.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
[AF: Drop BIOS size workaround in favor of replacing our firmware blob]
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2014-03-13 20:15:37 +01:00
Andreas Färber
00c8cb0a36 cputlb: Change tlb_flush() argument to CPUState
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 19:52:47 +01:00
Andreas Färber
0ea8cb8895 cpu-exec: Change cpu_resume_from_signal() argument to CPUState
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 19:20:48 +01:00
Andreas Färber
648f034c6c translate-all: Change tb_gen_code() argument to CPUState
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 19:20:48 +01:00
Andreas Färber
3f38f309b2 translate-all: Change cpu_restore_state() argument to CPUState
This lets us drop some local variables in tlb_fill() functions.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 19:20:47 +01:00
Andreas Färber
27103424c4 cpu: Move exception_index field from CPU_COMMON to CPUState
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 19:20:46 +01:00
Andreas Färber
93afeade09 cpu: Move mem_io_{pc,vaddr} fields from CPU_COMMON to CPUState
Reset them.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 19:20:46 +01:00
Eduardo Habkost
ef02ef5f45 target-i386: Enable x2apic by default on KVM
When on KVM mode, enable x2apic by default on all CPU models.

Normally we try to keep the CPU model definitions as close as the real
CPUs as possible, but x2apic can be emulated by KVM without host CPU
support for x2apic, and it improves performance by reducing APIC access
overhead. x2apic emulation is available on KVM since 2009 (Linux
2.6.32-rc1), there's no reason for not enabling x2apic by default when
running KVM.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 19:01:49 +01:00
Eduardo Habkost
8fb4f821e9 target-i386: Introduce x86_cpu_compat_disable_kvm_features()
Instead of the feature-specific disable_kvm_pv_eoi() function, create a
more general function that can be used to disable other feature bits in
machine-type compat code.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 19:01:49 +01:00
Andreas Färber
33276f1b9c target-ppc: Clean up ENV_GET_CPU() usage
Commits fdfba1a298,
ab1da85791,
f606604f1c and
2c17449b30 added usages of ENV_GET_CPU()
macro in target-specific code.

Use ppc_env_get_cpu() instead.

Cc: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 19:01:48 +01:00
Peter Maydell
57fac92c2d Block pull request
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTIbe5AAoJEJykq7OBq3PI0/AH/jglW+rsN+0/kAr5wIY4BQUn
 qvzYHBP9xvPtd0cGubTt2N3bZPlb/zTVFe/OOpJmaENrVJY/rPZNF3nKqdrr5uOP
 WrBbQZi2hkOG82uuiN2BiGh324zOMBNSh3d2WaHmJpxjabZcjN28UOkx5WGlBImu
 VAHY/HaImOLMkS120GxbMsFziXRLM66o9XWEbA/l0EBOISM6KloX6mtZd7y6MGzA
 a35JbUueyRo+hvndFEHY2P2XvUc5ZycOYF2yOz59X5QrqhmP6I+Ym4ohtyO2Olga
 jpoAO7jDpV/7PJwo1xC8j+1jhl3VGdX2L7iWgDUTJ0jY8mV3hQWhy58fOEwYY+k=
 =0llk
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Thu 13 Mar 2014 13:50:49 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request: (24 commits)
  block/raw-win32: bdrv_parse_filename() for hdev
  block/raw-posix: Strip protocol prefix on creation
  block/raw-posix: bdrv_parse_filename() for cdrom
  block/raw-posix: bdrv_parse_filename() for floppy
  block/raw-posix: bdrv_parse_filename() for hdev
  qemu-io: Fix warnings from static code analysis
  block: Unlink temporary file
  qcow2: Don't write with BDRV_O_INCOMING
  qcow2: Keep option in qcow2_invalidate_cache()
  qmp: add query-iothreads command
  iothread: stash thread ID away
  dataplane: replace internal thread with IOThread
  iothread: add "iothread" qdev property type
  qdev: make get_pointer() handle temporary strings
  iothread: add I/O thread object
  aio: add aio_context_acquire() and aio_context_release()
  rfifolock: add recursive FIFO lock
  object: add object_get_canonical_path_component()
  block: Rewrite the snapshot authorization mechanism for block filters.
  iotests: Test corruption during COW request
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-13 15:33:04 +00:00
Stefan Hajnoczi
48ff269272 dataplane: replace internal thread with IOThread
Today virtio-blk dataplane uses a 1:1 device-per-thread model.  Now that
IOThreads have been introduced we can generalize this to N:M devices per
threads.

This patch drops thread code from dataplane in favor of running inside
an IOThread AioContext.

As a bonus we solve the case where a guest keeps submitting I/O requests
while dataplane is trying to stop.  Previously the dataplane thread
would continue to process requests until the request gave it a break.
Now we can shut down in bounded time thanks to
aio_context_acquire/release.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-13 14:42:24 +01:00
Stefan Hajnoczi
6e4a876b43 iothread: add "iothread" qdev property type
Add a "iothread" qdev property type so devices can be hooked up to an
IOThread from the comand-line:

  qemu -object iothread,id=iothread0 \
       -device some-device,x-iothread=iothread0

Note that Paolo Bonzini <pbonzini@redhat.com> has suggested using QOM
links instead.  This way the relationship between the objects is
reflected in QOM.  There are currently shortcomings of
object_property_add_link() which prevent this use case.  I will attempt
to fix them and move to QOM links in a separate series.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-13 14:42:24 +01:00
Igor Mammedov
7d1de46448 qdev: make get_pointer() handle temporary strings
get_pointer()'s print() callback might return a heap allocated
string, to avoid adding dedicated get_pointer_foo for this case
convert current print() callbacks to return temporary heap
allocated string and make get_pointer() free it.

Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-13 14:42:24 +01:00
Peter Maydell
be86c53c05 PowerPC queue for 2.0-rc0
* QEMUMachine include cleanup
 * SLOF update
 * XICS reset fix
 * sPAPR PCI host bridge refactorings
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTIR0LAAoJEPou0S0+fgE/4rMP/ReyYRPSXFFu2PXt2werCYcA
 P5Agynib/O5LXTBgZCOSkTrRYBE2+5bq3Zp3iQe7gkLrpbRjHJLulwBpFW3rlVQO
 5IWxMoFC1eW+PE9k+V0hRdTFXMfVxvvHam3g77XVGb4lm/thwHkQ2RYa7z1V4zCP
 hbj/gVdZA7pzXQZfLnOU6illaVCBjYeajEle5sagLlN+DANFSm3G/BdYWPTtxKxq
 MLiMEdaZJkBG/NG3zocyuCsWeF+oLyh8fB4IQUjORq7x8v749DgprQjFUy3YMrB5
 Ph5CQXyVyyiZSXmfbdINMpQPxdPaVm2rtBD9ol7p+mXtc6UOS3uzbFQ75XXiG401
 crqDpc74iXYpxmwtSs9FwD8TFqh5n8NFGEN8U3MOkhcNQ3zdjnlbVRMG1aqFIUne
 SbQeWC5Qg3MI7UruStq9n3l/3SL3KJSRRrT11ndO/4UoHT6PZfBKQ4eCD8XiHmPu
 /p0ahfnl8/UvMyTWVJhBvLt5G6+v8aumKJR/47jhrPnqLFCk4yUDbCdT5a5KSDjt
 ZauyfGlIQcORXKRbVw+DRgSQjeGLoQJMtOVqDXnKwS8j8cuhF2JebBCVTPHHjC72
 UTRYk5/tLjcZCLD7Vscpd4uRiuz69xJu/MCvwqUwSZ3TssuoW3Vl0/giLyajMxTU
 RLn0uLaFguDX+DoSNIAy
 =icAj
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/ppc-for-2.0' into staging

PowerPC queue for 2.0-rc0

* QEMUMachine include cleanup
* SLOF update
* XICS reset fix
* sPAPR PCI host bridge refactorings

# gpg: Signature made Thu 13 Mar 2014 02:50:51 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/ppc-for-2.0:
  spapr-pci: Convert fprintf() to error_report()
  spapr-pci: Convert to QOM realize
  xics-kvm: Fix reset function
  pseries: Update SLOF firmware image to qemu-slof-20140304
  Move QEMUMachine typedef to qemu/typedefs.h
  Revert "KVM: Split QEMUMachine typedef into separate header"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-13 13:19:46 +00:00
Alexey Kardashevskiy
295d51aa6a spapr-pci: Convert fprintf() to error_report()
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Mike Day <ncmike@ncultra.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 03:49:48 +01:00
Alexey Kardashevskiy
c6ba42f6bc spapr-pci: Convert to QOM realize
This converts the old-style SysBusDevice::init() callback to a new-style
DeviceClass::realize() callback.

As a part of conversion, this replaces fprintf(stderr) with error_setg()
as realize() does not "return" any value, instead it puts the extended
error into **errp.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Mike Day <ncmike@ncultra.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 03:49:48 +01:00
Alexey Kardashevskiy
fb0e843a11 xics-kvm: Fix reset function
Currently interrupt priorities are set to 0 (highest) at the very
beginning of the guest execution which is not correct and makes the guest
produce random interrupt error messages such as:
"Interrupt 0x1001 (real) is invalid, disabling it".
This also prevents interrupt states from correct migration.

This initializes priority to 0xFF as the emulated XICS does.

Suggested-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 03:49:48 +01:00
Bandan Das
d2f69df746 pci: Move VMState registration/unregistration to QOM realize/unrealize
Use the realize and unrealize hooks to register and unregister
vmstate_pcibus respectively.

Relocate some stuff to avoid forward declarations.

Signed-off-by: Bandan Das <bsd@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
[AF: Keep using PCI_BUS() cast macro]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 01:21:57 +01:00
Bandan Das
5c21ce77d7 qdev: Realize buses on device realization
Integrate (un)realization of child buses with realization/unrealization
of the device hosting them. Code in device_unparent() is reordered for
unrealization of buses to work as part of device unrealization.

That way no changes need to be made to bus instantiation.

Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 01:21:57 +01:00
Bandan Das
02e7f85dac qdev: Prepare realize/unrealize hooks for BusState
Add a "realized" property calling realize/unrealize hooks as for devices.

Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 01:21:57 +01:00
Andreas Färber
2ef66625f3 virtio-serial-port: Convert to QOM realize/unrealize
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 01:21:57 +01:00
Andreas Färber
0399a3819b virtio-console: QOM cast cleanup for VirtConsole
Introduce type constant, cast macro and rename parent field.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 01:21:57 +01:00
Marcel Apfelbaum
36d20cb2b3 hw/core: Introduce QEMU machine as QOM object
The main functional change is to convert QEMUMachine into MachineClass
and QEMUMachineInitArgs into MachineState, instance of MachineClass.

As a first step, in order to make possible an incremental development,
both QEMUMachine and QEMUMachineInitArgs are being embedded into the
new types.

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Alexey Kardashevskiy
1b8601b0ea spapr-pci: Change the default PCI bus naming
Previously libvirt required the first/default PCI bus to have name "pci".
Since QEMU can support multiple buses now, libvirt wants "pci.0" now.

This removes custom bus name and lets QEMU make up default names.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Peter Crosthwaite
cdccf7d7e7 block/m25p80: Remove FROM_SSI_SLAVE() usages
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Rename parent field]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Peter Crosthwaite
7c77b654c5 misc/max111x: QOM casting sweep
Define and use QOM cast macro. Removes some usages of legacy casting
systems.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Rename parent field]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Peter Crosthwaite
5ef4a1c304 misc/max111x: Create abstract max111x type
Create an abstract class that encompasses both max111x variants. This is
needed for QOM cast macro creation (and is the right thing to do
anyway). Macroify type-names in the process.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Peter Crosthwaite
d43269dddc ssi: Convert legacy SSI_BUS -> BUS casts
Remove two legacy ->qbus style casts from TYPE_SSI_BUS to TYPE_BUS in
ssi.c.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Convert one missing ->qbus and rename parent field]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Peter Crosthwaite
1a7d9ee6dd ssi: Convert legacy SSI_SLAVE -> DEVICE casts
Convert legacy ->qdev style casts from TYPE_SSI_SLAVE to TYPE_DEVICE.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Introduce local DeviceState variable for transition to QOM realize]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Igor Mammedov
267a3264cd qdev: Set DeviceClass::hotpluggable default in class_init()
Move setting DeviceClass::hotpluggable default from device's
class_base_init() to device's class_init().

Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Andreas Färber
2b81b35f8f qdev: Fix bus dependency of DeviceState::hotpluggable getter
Commit 1a37eca107 (qdev: add
"hotpluggable" property to Device) added a property "hotpluggable" to
each device, with its getter accessing parent_bus->allow_hotplug.

Add a NULL check.

Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Michael S. Tsirkin
eee822e359 acpi-build: fix misaligned access
clang build reported a misaligned access:
    runtime error: store to misaligned address 0x2b5aa47dfb19 for type
    'uint16_t' (aka 'unsigned short'), which requires 2 byte alignment
    0x2b5aa47dfb19: note: pointer points here
     45 53 54  0b ff ff 5b 80 50 45 4f  52 01 50 45 53 54 01 5b  81 0b 50
    45 4f 52 01 50  45 50 54 08 14

fix this up

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-12 17:12:00 +02:00
Peter Maydell
be813ef02d acpi,pc,test bug fixes
More small fixes: the issues annoy developers so
 I thought they are worth fixing quickly.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTHvMwAAoJECgfDbjSjVRp2SIH/Rh5X1U+tUjr0xnvWllXTgdP
 ixot7AxXO2UkmPqhyAPV/oEr/3xBFyp8C8ZysQzaHsUqDyq40DtkKp+UWvG6EjpY
 3Ser+wA9NzsT67ixtEIN2z1qnO7l29ErggS8EfTOh7gyFJzSKN8x3GV2ENB/FBJW
 k0LSO7aJ0rmTdg63u9T3RIctKPbtCBO8wlE6wuS461pBshYNr6aVkMWDY9bVpx/f
 ol/aoJs7xaPkJs1qFzOfOisYi3LeBZR4O9gRRixqzwJtwWl5rMG3y/oBxbYDfyZw
 NbP7zFAWCj/YYgG0U8L9SR4P28n65FoULAvQ9CRY1+fF7Ozwj0SzoU2Ld6fvINw=
 =VRRB
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

acpi,pc,test bug fixes

More small fixes: the issues annoy developers so
I thought they are worth fixing quickly.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 11 Mar 2014 11:27:44 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  acpi-test: update expected SSDT files
  acpi-build: don't access unaligned addresses
  q35: Correct typo BRDIGE -> BRIDGE
  configure: don't modify .status on error
  pc: avoid duplicate names for ROM MRs
  loader: rename in_ram/has_mr

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-11 19:52:32 +00:00
Peter Maydell
0ca540dbae target-arm queue:
* implement WFE as yield (improves performance with emulated SMP)
  * fixes to avoid undefined behaviour shifting left into sign bit
  * libvixl format string fixes for 32 bit hosts
  * fix build error when intptr_t and tcg_target_long are different
    sizes (eg x32)
  * implement PMCCNTR register
  * fix incorrect setting of E bit in CPSR (broke booting under
    KVM on ARM)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABCAAGBQJTHdS1AAoJEDwlJe0UNgze0B8P/3DkFSe5hKQhU4mcqsQ8/bXJ
 ub75hyA/vm1anZIsrKQkOz0+ySNjphyhGtQVDCERc/r2hhwYl7v+9KZ/LS8LECYD
 Dl0Rf7woTYNwJKwyKuXbFjHkl443gDa5FS0HR1QD1t3gp1T/AMkgq7XsjUOlx6Up
 h14m0/3NQB3fgU5VmqYeUC4wVuH6SVhPo9CSVH864HGX4lBL30zfMoJjluZCQ6Y9
 Qo3FOPXT+rWmLmiiFgbEVHs96mfN05ooiIbpISCKSKL/9LujoeX6PV2qX6KFyk3T
 zhWY4X65Gz6PqW1LZR9DUkl4NWxIjdYVS2DE2cOgQJLz6guy6JEfLoWechHyzBXa
 w4evOmoexaVlY713joMtDceRrIeAzPLS69rS1HuRj85MikFpqNrY4g2lEqGgCaWH
 oQ3W8UpcEMfvBIKXyAF8i8UJNH8q5YkI+z4KT2TOX3y+KiVcwixDuWizsjW7uLUN
 zdLaYWXYRLa026b37AY0Y0k/K2kQt1yXemI5hk4P4jCQM/2/hireO5Z9TYBpD8ym
 Igsq0ljH7gpyExhXsyvL73ZmFOTmdO1RwU5ybSR8ZzfpAT6W+e1acQOZ/8WyWVcz
 gsrwVeuTlK04nte9fpmrN54MeEHr3Jn2K4bsOfeKFRPD/pvORRAzLIHQJO/SPXoA
 Cmn/627VVNTnpBhtlSlc
 =SHmz
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140310' into staging

target-arm queue:
 * implement WFE as yield (improves performance with emulated SMP)
 * fixes to avoid undefined behaviour shifting left into sign bit
 * libvixl format string fixes for 32 bit hosts
 * fix build error when intptr_t and tcg_target_long are different
   sizes (eg x32)
 * implement PMCCNTR register
 * fix incorrect setting of E bit in CPSR (broke booting under
   KVM on ARM)

# gpg: Signature made Mon 10 Mar 2014 15:05:25 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20140310:
  target-arm: Implement WFE as a yield operation
  hw/arm/musicpal: Avoid shifting left into sign bit
  hw/ssi/xilinx_spips.c: Avoid shifting left into sign bit
  hw/arm/omap1.c: Avoid shifting left into sign bit
  pxa2xx: Don't shift into sign bit
  libvixl: Fix format strings for several int64_t values
  target-arm: Fix intptr_t vs tcg_target_long
  target-arm: Implements the ARM PMCCNTR register
  target-arm: Fix incorrect setting of E bit in CPSR

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-11 13:20:23 +00:00
Michael S. Tsirkin
b4e5a4bffd acpi-build: don't access unaligned addresses
casting an unaligned address to e.g.
uint32_t can trigger undefined behaviour in C.
Replace cast + assignment with memcpy.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-11 13:27:27 +02:00
BALATON Zoltan
263cf4367f q35: Correct typo BRDIGE -> BRIDGE
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-11 13:27:27 +02:00
Michael S. Tsirkin
ac41881b48 pc: avoid duplicate names for ROM MRs
Since
commit 04920fc0fa
    loader: store FW CFG ROM files in RAM
RAM MRs including ROM files in FW CFGs are created
and named using the file basename.

This becomes problematic if these names are
supplied by user, since the basename might not
be unique.

There are two cases we care about:
- option-rom flag.
- option ROM for devices. This triggers e.g. when
  using rombar=0.

At the moment we get an assert. E.g
qemu -option-rom /usr/share/ipxe/8086100e.rom -option-rom
/usr/share/ipxe.efi/8086100e.rom
RAMBlock "/rom@genroms/8086100e.rom" already registered, abort!

This is a regression from 1.6.

For now let's keep it simple and just avoid creating the
MRs in case of option ROMs.

when using 1.7 machine types, enable
option ROMs in RAM to match that version.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-11 13:25:48 +02:00
Peter Maydell
2b194951c5 hw/arm/musicpal: Avoid shifting left into sign bit
Add missing 'U' suffixes to avoid shifting left into sign
bit of a signed integer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1392988008-15938-5-git-send-email-peter.maydell@linaro.org
2014-03-10 14:56:30 +00:00
Peter Maydell
c8f8f9fb2b hw/ssi/xilinx_spips.c: Avoid shifting left into sign bit
Add missing 'U' suffix to avoid shifting left into sign bit of
a signed integer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1392988008-15938-4-git-send-email-peter.maydell@linaro.org
2014-03-10 14:56:30 +00:00
Peter Maydell
d2f41a1169 hw/arm/omap1.c: Avoid shifting left into sign bit
Add missing 'U' suffix to avoid shifting left into sign bit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1392988008-15938-3-git-send-email-peter.maydell@linaro.org
2014-03-10 14:56:29 +00:00
Peter Maydell
43a32ed68f pxa2xx: Don't shift into sign bit
Add  missing 'U' suffixes to avoid potentially shifting into
the sign bit of a signed integer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1392988008-15938-2-git-send-email-peter.maydell@linaro.org
2014-03-10 14:56:29 +00:00
Michael S. Tsirkin
98bc3ab0f2 loader: rename in_ram/has_mr
we put copy of ROMs in MR for migration.
but the name rom_in_ram makes one think we
load it in guest RAM.
Rename has_mr to make intent clearer.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-09 21:09:38 +02:00
Gabriel L. Somlo
220c8ed536 qemu: x86: ignore ioapic polarity
Both QEMU and KVM have already accumulated a significant number of
optimizations based on the hard-coded assumption that ioapic polarity
will always use the ActiveHigh convention, where the logical and
physical states of level-triggered irq lines always match (i.e.,
active(asserted) == high == 1, inactive == low == 0). QEMU guests
are expected to follow directions given via ACPI and configure the
ioapic with polarity 0 (ActiveHigh). However, even when misbehaving
guests (e.g. OS X <= 10.9) set the ioapic polarity to 1 (ActiveLow),
QEMU will still use the ActiveHigh signaling convention when
interfacing with the emulated ioapic.

This patch modifies the emulated ioapic to completely ignore polarity
as set by the guest OS, enabling misbehaving guests to work alongside
those which comply with the ActiveHigh polarity specified by QEMU's
ACPI tables.

Signed-off-by: Gabriel L. Somlo <somlo@cmu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-09 21:09:38 +02:00
Hervé Poussineau
f1b7e0e498 pckbd: return 'keyboard enabled' on read input port command
Bit 7 of Input Port is the keyboard inhibit switch.
0 means keyboard inhibited, while 1 means keyboard enabled.

Incidentaly, this also fixes an error encountered while booting
an Award BIOS: "Keyboard is locked out - Unlock the key".

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-09 21:09:38 +02:00
Hervé Poussineau
175f099b30 pam: partly fix write-only mode
In write-only mode, writes are forwarded to RAM, while reads should not be
handled (ie should return 0xff).
Assume that in this mode, no read access is ever done, as they shouldn't
give any sensible result.

So, in write-only mode, alias PAM region to RAM, instead of PCI memory
(which can even be mapped to some device!)

This fixes Award BIOS, which use this mode to shadow system BIOS and video BIOS.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-09 21:09:38 +02:00
Dr. David Alan Gilbert
4900116e6f Add a 'name' parameter to qemu_thread_create
If enabled, set the thread name at creation (on GNU systems with
  pthread_set_np)
Fix up all the callers with a thread name

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2014-03-09 21:09:38 +02:00
Igor Mammedov
6e1f0a55a1 PCIE: fix regression with coldplugged multifunction device
PCIE is causing asserts each time a multifunction device is added
on command line (coldplug).

This is caused by
commit a66e657e18
    pci/pcie: convert PCIE hotplug to use hotplug-handler API
QEMU abort is caused by misplaced assertion, which should
be checked only when device is hotplugged.

Reference to regression report:
 http://www.mail-archive.com/qemu-devel@nongnu.org/msg216226.html

Fixes: a66e657e18

Reported-By: Nigel Kukard <nkukard+qemu@lbsd.net>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-09 21:09:37 +02:00
Joel Stanley
ddfa83ea06 virtio-net: remove function calls from assert
peer_{de,at}tach were called from inside assert().
We don't support building without NDEBUG but it's not tidy.
Rearrange to attach peer outside assert calls.

Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-09 21:09:37 +02:00
Michael S. Tsirkin
8dcf525abc acpi-build: append description for non-hotplug
As reported in
http://article.gmane.org/gmane.comp.emulators.qemu/253987
Mac OSX actually requires describing all occupied slots
in ACPI - even if hotplug isn't enabled.

I didn't expect this so I dropped description of all
non hotpluggable slots from ACPI.
As a result: before
commit 99fd437dee (enable
hotplug for pci bridges), PCI cards show up in the "device tree" of OS X
(System Information). E.g., on MountainLion users have:

Hardware -> PCI Cards:

  Card          Type                 Driver Installed  Slot
 *ethernet      Ethernet Controller  Yes               PCI Slot 2
  pci8086,2934  USB UHC              Yes               PCI Slot 29

  ethernet:
    Type:                 Ethernet Controller
    Driver Installed:     Yes
    MSI:                  No
    Bus:                  PCI
    Slot                  PCI Slot 2
    Vendor ID:            0x8086
    Device ID:            0x100e
    Subsystem Vendor ID:  0x1af4
    Subsystem ID:         0x1100
    Revision ID:          0x0003

Hardware -> Ethernet Cards

  ethernet:
    Type:                 Ethernet Controller
    Bus:                  PCI
    Slot                  PCI Slot 2
    Vendor ID:            0x8086
    Device ID:            0x100e
    Subsystem Vendor ID:  0x1af4
    Subsystem ID:         0x1100
    Revision ID:          0x0003
    BSD name:             en0
    Kext name:            AppleIntel8254XEthernet.kext
    Location:             /System/Library/Extensions/...
    Version:              3.1.1b1

After commit 99fd437dee, users get:

Hardware -> PCI Cards:

  This computer doesn't contain any PCI cards. If you installed PCI
  cards, make sure they're properly installed.

Hardware -> Ethernet Cards

  ethernet:
    Type:                 Ethernet Controller
    Bus:                  PCI
    Vendor ID:            0x8086
    Device ID:            0x100e
    Subsystem Vendor ID:  0x1af4
    Subsystem ID:         0x1100
    Revision ID:          0x0003
    BSD name:             en0
    Kext name:            AppleIntel8254XEthernet.kext
    Location:             /System/Library/Extensions/...
    Version:              3.1.1b1

Ethernet still works, but it's not showing up on the PCI bus, and it
no longer thinks it's plugged in to slot #2, as it used to before the
change.

To fix, append description for all occupied non hotpluggable PCI slots.

One need to be careful when doing this: VGA devices
are now described in SSDT, so we need to drop description from DSDT.
And ISA devices are used in DSDT so drop them from SSDT.

Reported-by: Gabriel L. Somlo <gsomlo@gmail.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Also update generated dsdt and pcihp hex dump files.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-09 21:09:30 +02:00
Peter Maydell
f53f3d0a00 Merge remote-tracking branch 'remotes/kvaneesh/for-upstream' into staging
* remotes/kvaneesh/for-upstream:
  hw/9pfs: Include virtio-9p-device.o in build
  hw/9pfs: use g_strdup_printf() instead of PATH_MAX limitation
  hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf()
  hw/9pfs/virtio-9p-local.c: move v9fs_string_free() to below "err_out:"
  fsdev: Fix overrun after readlink() fills buffer completely

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-08 12:38:43 +00:00
Peter Maydell
d7c698af8a Block patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJTGcncAAoJEH8JsnLIjy/WaIwP/iXPS19/Xax3kXyVDdMONhmQ
 6hT8oilKRIVwo+1dw59IWxvLPisY0cTtChzsKUxVAAKtjlc5LgAVxX+3memM9AHr
 WA8FjW+fmOf2D+3iNv/Vg/aCf0ck8ghHIDW68vAHhcdmiD7DThm7MTGzsPTANQ2/
 HhTg1/p7vDdpq5LXvpJCRKZjyeQqUOlv+Y8ctFpAiQ+iQT19eG7wVZNHLu4jhnN9
 qzpgpbvv8T7Ayx4XocWYsXZrT/cnmipj1DOC7IjTLoHfynq13l9UazBb3xSdFqzz
 hpHc8KlEXvZkX1L3BXl/GKC4GN0pdbPp/Vj9/F3b++logGnDMIVgt4JFdJLjoeyA
 R8mHevbXiecJRaOagdQoIzDpglZ5fHSUjbk+zy/yISsYxjlndVs+K61O7UFGzpoG
 auBlQD31JZGc2/5ygNL0QHvCZVF2DHF3UOS5HWwO0U5AYAall932GtMdm6hQJ5GO
 2VJgv20d2GF1kTkaZPcuSG8W9mFDO0Uf24JTMtAbq3+s3u+IGTJiRk1GycfSBdLy
 DqK1lovq/AxCo+VF/WQacxn9G1vXN0wOJZ31PQmUme9Q/qyxIFGV4EskEDcMvfWx
 AC2tjsA3T8YxwTO+379Ls0RbIYuiuIXlHGKl8jJ0Gz9kaUDpQf35Sm2zkpW564Px
 D+nD26nj43Lt8uhoha9m
 =6sTe
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block patches

# gpg: Signature made Fri 07 Mar 2014 13:30:04 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  block: qemu-iotests 085 - live snapshots tests
  hw/ide/ahci.h: Avoid shifting left into sign bit
  block: Fix error path segfault in bdrv_open()
  qemu-iotests: Test a few blockdev-add error cases
  blockdev: Fix NULL pointer dereference in blockdev-add
  blockdev: Fail blockdev-add with encrypted images
  block/raw-win32: Strip "file:" prefix on creation
  block/raw-win32: Implement bdrv_parse_filename()
  block/raw-posix: Strip "file:" prefix on creation
  block/raw-posix: Implement bdrv_parse_filename()
  block: Keep "filename" option after parsing
  block: mirror - remove code cruft that has no function
  block: make bdrv_swap rebuild the bs graph node list field.
  block: Fix bs->request_alignment assertion for bs->sg=1
  iscsi: Use bs->sg for everything else than disks
  qemu-iotests: Test progress output for conversion
  qemu-img convert: Fix progress output
  gluster: Remove unused defines and header include
  gluster: Change licence to GPLv2+

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-08 12:17:17 +00:00
Andreas Färber
80aaa0741f xenfb: Fix graphic_console_init() build failure
In commit 5643706a09 (console: add head
to index to qemu consoles.) graphic_console_init() was extended to take
an additional argument, but xenfb was not updated accordingly. Fix it.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Don Slutz <dslutz@verizon.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1394228528-31625-1-git-send-email-afaerber@suse.de
2014-03-08 11:27:00 +00:00
Peter Maydell
6fc0303b95 Input handling rewrite.
SDL2 support.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTFwd4AAoJEEy22O7T6HE4+JAP/jdPnsM8Vzf58mijlKix9Qks
 I/zMLn8Uri4o/cS/BeUZfXB9OetfgqwTDD2t351MSVLURSSFVU6krTj7MGnDr9o/
 NWkHSlG0J+Uoo7EF0cE9RGZEhNi4KUhbJ20Ku2S4xV3kyFSJh0wCzXWijOBZkbc5
 TAbcoUawSjq7mgK6gBqUU5C+JgACsoUohA9pWfj/f5UeQjzdFsNKVxpE7CzH4SX7
 xwl9S+wgnZk+EYQnKkL6A88lv5+8y0hPHTexsxNO5W6JaL0EQEAuTMCcjYCPMS4S
 QqOHVM+ffMVht4iN50mxi9kde7DpuLIKYbFOlWupmjpqE5j8yqzJ6eGk3pbZTrUj
 fcDauZ/+SbM/kwKV3bzm61AM5SoJb9nQ/Jf/MVs3ZdK8yRO4I1itQS6Q7I85Djs1
 BFGhSYEoPMWNiDzh2inTXCUn1wiBArLlfO0II34aCIYn6m8R38k3366YFDyH0P44
 WdnKOi6ZOxjoxoV6b4VFngysRn3c+L+5cea36mCJQZ2ykUtjFu3gLMEtUSz7guRx
 d0iA7BJVetQ2shbnopGQejRZnPusSzd5d0k9IwVPm9hmtcE8AJ9mfDaQPoKSPljv
 niG2INtu9OiNf6G6AqyKJQSREc9VX9AQ2chxQv4GiWjOBjGOi0uUF5uFeFwf8L8n
 NtZEC4K1oWa1Sa1562Td
 =8xIt
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-4' into staging

Input handling rewrite.
SDL2 support.

# gpg: Signature made Wed 05 Mar 2014 11:16:08 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-input-4: (38 commits)
  ui/sdl2 : initial port to SDL 2.0 (v2.0)
  console: add QemuUIInfo
  console: add head to index to qemu consoles.
  input: remove index_from_keycode (no users)
  input: move do_mouse_set to new core
  input: move qmp_query_mice to new core
  input: add input_mouse_mode tracepoint
  input: move mouse mode notifier to new core
  input-legacy: remove kbd_mouse_event
  input-legacy: remove kbd_mouse_is_absolute
  input-legacy: remove kbd_mouse_has_absolute
  input-legacy: remove kbd_put_keycode
  input: trace events
  input: mouse: switch cocoa ui to new core
  input: keyboard: switch cocoa ui to new core
  input: mouse: switch monitor to new core
  input: mouse: switch spice ui to new core
  input: mouse: switch vnc ui to new core
  input: mouse: switch sdl ui to new core
  input: mouse: switch gtk ui to new core
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-07 18:29:33 +00:00
Peter Maydell
bb2b045034 Patch queue for ppc - 2014-03-05
This pull request includes:
 
   - VSX emulation support
   - book3s pr/hv selection
   - some bug fixes
   - qdev stable numbering
   - eTSEC emulation
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJTFoh7AAoJECszeR4D/txgZkQQAIBNHeYN96PR0JWziEig9a3i
 ByOC+ug2x6KH5RPy/plMFG00W8AnDt0fYO+zQebvu/stJbQtSGRA5fdOiKbRGer/
 7p0XUpeGWHTPULvgNBWrZKYbC36GOPtFvYyYShzS7oLQOhufNdbzP6Br41Lr816m
 4UdGjcItmn/WOron0TpL+yBJA1UIK6n6bmJqtDk+N3kyDSQ9XauBJoZ9yRBSRgp7
 ToabDa5lLcA7u9QLIT1b0AuTKEW+Opq8bSRwCQQDpfd9UDxLoX60pvsO8oupvu/6
 yLwiaYIdc336nI0R4jjXwgBCUacSCBubIAI0bm5xw91JH7Jo7G2i2g01ok5VfelG
 /ljzwcjcanDFYr04NfOEK1pmQhULSDyOBKDs8ZUNfiwjoGMM0+ZVmqPY8VPyTVRB
 TxViS2Fm0cnymcfBarAaP2gVJBmqZF29QMQl7KgwbkNYrn5+WM3XcOEham/hTN2+
 Q5dhiVBuWQBILKPV09SrijpEV1iNVVvJ3UNyMoQ9Ngb0MypHN3siw9X8b0rx6Dsi
 O2SxiUKowVyK7BfTai53Pep+ep8Zo6lAzXFGh1CHtEMhyme+p07FXZrh9mgPsdZU
 5C1jKzTMZDEcibmFGj/Jb52RmXVGHWpalh4OBaqRv3kooU8eEL0e0f2wRvLAGLrD
 J4firKDdB/CIPvatLD0a
 =a6Q/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging

Patch queue for ppc - 2014-03-05

This pull request includes:

  - VSX emulation support
  - book3s pr/hv selection
  - some bug fixes
  - qdev stable numbering
  - eTSEC emulation

# gpg: Signature made Wed 05 Mar 2014 02:14:19 GMT using RSA key ID 03FEDC60
# gpg: Can't check signature: public key not found

* remotes/agraf/tags/signed-ppc-for-upstream: (130 commits)
  target-ppc: spapr: e500: fix to use cpu_dt_id
  target-ppc: add PowerPCCPU::cpu_dt_id
  target-ppc: Introduce hypervisor call H_GET_TCE
  target-ppc: Update ppc_hash64_store_hpte to support updating in-kernel htab
  target-ppc: Change the hpte store API
  target-ppc: Fix page table lookup with kvm enabled
  target-ppc: Fix htab_mask calculation
  target-ppc: Use Additional Temporary in stqcx Case
  target-ppc: Fix Compiler Warnings Due to 64-Bit Constants Declared as UL
  PPC: sPAPR: Only use getpagesize() when we run with kvm
  target-ppc/translate.c: Use ULL suffix for 64 bit constants
  spapr-vlan: flush queue whenever can_receive can go from false to true
  target-ppc: Altivec 2.07: Vector Permute and Exclusive OR
  target-ppc: Altivec 2.07: Vector SHA Sigma Instructions
  target-ppc: Altivec 2.07: AES Instructions
  target-ppc: Altivec 2.07: Binary Coded Decimal Instructions
  target-ppc: Altivec 2.07: Vector Polynomial Multiply Sum
  target-ppc: Altivec 2.07: Vector Gather Bits by Bytes
  target-ppc: Altivec 2.07: Doubleword Compares
  target-ppc: Altivec 2.07: vbpermq Instruction
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-07 16:36:38 +00:00
Peter Maydell
2c02f88780 hw/ide/ahci.h: Avoid shifting left into sign bit
Add 'U' suffixes to avoid undefined behaviour shifting left into
the signed bit of a signed integer type. Clang's sanitizer will
warn about this:

 hw/ide/ahci.c:1210:27: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-03-07 11:29:21 +01:00
Gerd Hoffmann
5643706a09 console: add head to index to qemu consoles.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-05 09:52:04 +01:00
Cornelia Huck
7e7494627f s390x/virtio-ccw: Adapter interrupt support.
Handle the new CCW_CMD_SET_IND_ADAPTER command enabling adapter interrupts
on guest request. When active, host->guest notifications will be handled
via global_indicator -> queue indicators instead of queue indicators +
subchannel I/O interrupt. Indicators for virtqueues may be present at an
offset.

Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-03-05 09:42:05 +01:00
Alexey Kardashevskiy
0f20ba62c3 target-ppc: spapr: e500: fix to use cpu_dt_id
This makes use of @cpu_dt_id and related API in:
1. emulated XICS hypercall handlers as they receive fixed CPU indexes;
2. XICS-KVM to enable in-kernel XICS on right CPU;
3. device-tree renderer.

This removes @cpu_index fixup as @cpu_dt_id is used instead so QEMU monitor
can accept command-line CPU indexes again.

This changes kvm_arch_vcpu_id() to use ppc_get_vcpu_dt_id() as at the moment
KVM CPU id and device tree ID are calculated using the same algorithm.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Acked-by: Mike Day <ncmike@ncultra.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:07:04 +01:00
Alexey Kardashevskiy
0ce470cd4c target-ppc: add PowerPCCPU::cpu_dt_id
Normally CPUState::cpu_index is used to pick the right CPU for various
operations. However default consecutive numbering does not always work
for POWERPC.

These indexes are reflected in /proc/device-tree/cpus/PowerPC,POWER7@XX
and used to call KVM VCPU's ioctls. In order to achieve this,
kvmppc_fixup_cpu() was introduced. Roughly speaking, it multiplies
cpu_index by the number of threads per core.

This approach has disadvantages such as:
1. NUMA configuration stays broken after the fixup;
2. CPU-targeted commands from the QEMU Monitor do not work properly as
CPU indexes have been fixed and there is no clear way for the user to
know what the new CPU indexes are.

This introduces a @cpu_dt_id field in the CPUPPCState struct which
is initialized from @cpu_index by default and can be fixed later
to meet the device tree requirements.

This adds an API to handle @cpu_dt_id.

This removes kvmppc_fixup_cpu() as it is not more needed, @cpu_dt_id
is calculated in ppc_cpu_realize().

This will be used later in machine code.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Acked-by: Mike Day <ncmike@ncultra.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:07:03 +01:00
Laurent Dufour
a0fcac9c21 target-ppc: Introduce hypervisor call H_GET_TCE
This patch introduces the hypervisor call H_GET_TCE which is basically the
reverse of H_PUT_TCE, as defined in the Power Architecture Platform
Requirements (PAPR).

The hcall H_GET_TCE is required by the kdump kernel which is calling it to
retrieve the TCE set up by the panicing kernel.

Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:07:03 +01:00
Aneesh Kumar K.V
3f94170be3 target-ppc: Change the hpte store API
For updating in kernel htab we need to provide both pte0 and pte1, hence update
the interface to take pte0 and pte1 together

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
[ ldq_phys() API change, Greg Kurz <gkurz@linux.vnet.ibm.com> ]
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:07:02 +01:00
Aneesh Kumar K.V
7c43bca004 target-ppc: Fix page table lookup with kvm enabled
With kvm enabled, we store the hash page table information in the hypervisor.
Use ioctl to read the htab contents. Without this we get the below error when
trying to read the guest address

 (gdb) x/10 do_fork
 0xc000000000098660 <do_fork>:   Cannot access memory at address 0xc000000000098660
 (gdb)

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
[ fixes for 32 bit build (casts!), ldq_phys() API change,
  Greg Kurz <gkurz@linux.vnet.ibm.com ]
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:07:02 +01:00
Aneesh Kumar K.V
f3c75d42ad target-ppc: Fix htab_mask calculation
Correctly update the htab_mask using the return value of
KVM_PPC_ALLOCATE_HTAB ioctl. Also we don't update sdr1
on GET_SREGS for HV. We check for external htab and if
found true, we don't need to update sdr1

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
[ fixed pte group offset computation in ppc_hash64_htab_lookup() that
  caused TCG to fail, Greg Kurz <gkurz@linux.vnet.ibm.com> ]
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:07:02 +01:00
Alexander Graf
3c3b0ddefa PPC: sPAPR: Only use getpagesize() when we run with kvm
We currently size the msi window trap page according to the host's page
size so that we poke a working hole into a memory slot in case we overlap.

However, this is only ever necessary with KVM active. Without KVM, we should
rather try to be host platform agnostic and use a constant size: 4k.

This fixes a build breakage on win32 hosts.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:07:01 +01:00
Alexey Kardashevskiy
0a61f3b478 spapr-vlan: flush queue whenever can_receive can go from false to true
When the guests adds buffers to receive queue, the network device
should flush its queue of pending packets. This is done with
qemu_flush_queued_packets.

This adds a call to qemu_flush_queued_packets() which wakes up the main
loop and let QEMU update the network device status which now is "can
receive". The patch basically does the same thing as e8b4c68 does.

Suggested-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:07:00 +01:00
Alexander Graf
61de36761b qdev: Keep global allocation counter per bus
When we have 2 separate qdev devices that both create a qbus of the
same type without specifying a bus name or device name, we end up
with two buses of the same name, such as ide.0 on the Mac machines:

  dev: macio-ide, id ""
    bus: ide.0
      type IDE
  dev: macio-ide, id ""
    bus: ide.0
      type IDE

If we now spawn a device that connects to a ide.0 the last created
bus gets the device, with the first created bus inaccessible to the
command line.

After some discussion on IRC we concluded that the best quick fix way
forward for this is to make automated bus-class type based allocation
count a global counter. That's what this patch implements. With this
we instead get

  dev: macio-ide, id ""
    bus: ide.1
      type IDE
  dev: macio-ide, id ""
    bus: ide.0
      type IDE

on the example mentioned above.

This also means that if you did -device ...,bus=ide.0 you got a device
on the first bus (the last created one) before this patch and get that
device on the second one (the first created one) now.  Breaks
migration unless you change bus=ide.0 to bus=ide.1 on the destination.

This is intended and makes the bus enumeration work as expected.

As per review request follows a list of otherwise affected boards and
the reasoning for the conclusion that they are ok:

   target      machine         bus id              times
   ------      -------         ------              -----

   aarch64     n800            i2c-bus.0           2
   aarch64     n810            i2c-bus.0           2
   arm         n800            i2c-bus.0           2
   arm         n810            i2c-bus.0           2

-> Devices are only created explicitly on one of the two buses, using
   s->mpu->i2c[0], so no change to the guest.

   aarch64     vexpress-a15    virtio-mmio-bus.0   4
   aarch64     vexpress-a9     virtio-mmio-bus.0   4
   aarch64     virt            virtio-mmio-bus.0   32
   arm         vexpress-a15    virtio-mmio-bus.0   4
   arm         vexpress-a9     virtio-mmio-bus.0   4
   arm         virt            virtio-mmio-bus.0   32

-> Makes -device bus= work for all virtio-mmio buses.  Breaks
   migration.  Workaround for migration from old to new: specify
   virtio-mmio-bus.4 or .32 respectively rather than .0 on the
   destination.

   aarch64     xilinx-zynq-a9  usb-bus.0           2
   arm         xilinx-zynq-a9  usb-bus.0           2
   mips64el    fulong2e        usb-bus.0           2

-> Normal USB operation not affected. Migration driver needs command
   line to use the other bus.

   i386        isapc           ide.0               2
   x86_64      isapc           ide.0               2
   mips        mips            ide.0               2
   mips64      mips            ide.0               2
   mips64el    mips            ide.0               2
   mipsel      mips            ide.0               2
   ppc         g3beige         ide.0               2
   ppc         mac99           ide.0               2
   ppc         prep            ide.0               2
   ppc64       g3beige         ide.0               2
   ppc64       mac99           ide.0               2
   ppc64       prep            ide.0               2

-> Makes -device bus= work for all IDE buses.  Breaks migration.
   Workaround for migration from old to new: specify ide.1 rather than
   ide.0 on the destination.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:06:47 +01:00
Aneesh Kumar K.V
5736245c80 target-ppc: Update external_htab even when HTAB is managed by kernel
We will use this in later patches to make sure we use the right load
functions when copying hpte entries.

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:06:47 +01:00
Alexey Kardashevskiy
3b66da82ce spapr: print more detailed error message on failed load_elf()
This makes use of new error codes which load_elf() can return and
prints more informative error message.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:06:47 +01:00
Alexey Kardashevskiy
18674b2678 elf-loader: add more return codes
The existing load_elf() just returns -1 if it fails to load ELF. However
it could be smarter than this and tell more about the failure such as
wrong endianness or incompatible platform.

This adds additional return codes for wrong architecture, wrong
endianness and if the image is not ELF at all.

This adds a load_elf_strerror() helper to convert return codes into
string messages.

This fixes handling of what load_elf() returns for s390x, other
callers just check the return value for <0 and this remains unchanged.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:06:46 +01:00
Alexey Kardashevskiy
6a2331d12e moxie: fix load_elf() usage
At the moment in the case of error, load_elf() returns -1 so load_kernel()
will not signal error at all.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:06:46 +01:00
Alexey Kardashevskiy
133e70ee88 spapr: support only ELF kernel images
Currently everybody uses ELF kernel images with "-kernel" option on
pseries machine but QEMU still tries to boot from an image even it
fails to recognize it is ELF. This produces undefined behaviour if
the user tries a kernel image compiled for another architecture.

This removes support of raw kernel images.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:06:46 +01:00
Fabien Chouteau
eb1e7c3e51 Add Enhanced Three-Speed Ethernet Controller (eTSEC)
This implementation doesn't include ring priority, TCP/IP Off-Load, QoS.

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:06:45 +01:00
Edgar E. Iglesias
0658aa9cba virtex_ml507: Add support for loading initrd images
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
[agraf: fix up stray quotes and newlines in strings]
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:06:45 +01:00
Nathan Whitehorn
3052f0d594 spapr_vscsi: Fix REPORT_LUNS handling
Intercept REPORT_LUNS commands addressed either to SRP LUN 0 or the well-known
LUN for REPORT_LUNS commands. This is required to implement the SAM and SPC
specifications.

Since SRP implements only a single SCSI target port per connection, the SRP
target is required to report all available LUNs in response to a REPORT_LUNS
command addressed either to LUN 0 or the well-known LUN. Instead, QEMU was
forwarding such requests to the first QEMU SCSI target, with the result that
initiators that relied on this feature would only see LUNs on the first QEMU
SCSI target.

Behavior for REPORT_LUNS commands addressed to any other LUN is not specified
by the standard and so is left unchanged. This preserves behavior under Linux
and SLOF, which enumerate possible LUNs by hand and so address no commands
either to LUN 0 or the well-known REPORT_LUNS LUN.

Signed-off-by: Nathan Whitehorn <nwhitehorn@freebsd.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
[agraf: define constant as ULL for 32bit hosts]
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:06:26 +01:00
Alexey Kardashevskiy
09aa9a526a spapr-pci: enable adding PHB via -device
Recent changes introduced cannot_instantiate_with_device_add_yet
and removed capability of adding yet another PCI host bridge via
command line for SPAPR platform (POWERPC64 server).

This brings the capability back and puts SPAPR PHB into "bridge"
category.

This is not much use for emulated PHB but it is absolutely required
for VFIO as we put an IOMMU group onto a separate PHB on SPAPR.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:06:26 +01:00
Aneesh Kumar K.V
135a129a1c kvm: Add a new machine option kvm-type
Targets like ppc64 support different types of KVM, one which use
hypervisor mode and the other which doesn't. Add a new machine
option kvm-type that helps in selecting the respective ones
We also add a new QEMUMachine callback get_vm_type that helps
in mapping the string representation of kvm type specified.

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
[agraf: spelling fixes, use error_report(), use qemumachine.h]
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05 03:06:24 +01:00
Peter Maydell
c2cb92f9ea Several features, fixes and cleanups for kvm/s390:
- sclp event facility: cleanup structure. This allows to use
   realize/unrealize   as well as migration support via vmsd
 - reboot: Two fixes that make reboot much more reliable
 - ipl: make elf loading more robust
 - flic interrupt controller: This allows to migrate floating
   interrupts, as well as clear them on reset etc.
 - enable async_pf feature of KVM on s390
 - several sclp fixes and cleanups
 - several sigp fixes and cleanups
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJTDwZVAAoJEBF7vIC1phx8lx4P/Rv+UVD9XDFFF8yHuye1am40
 NpRGjdarQ/9QUkS4gqyKwYUvIjAClk5id7U2d5zrfdc8XC49AH0ZhVFMdRupaOon
 AUqXjOXD5zAh9bfUcewg1EK1P1VuKcp0hyh0jFlIqk9Xmidw8N5guQ6iBoTqGJD5
 UYTp0PuSqIjY1RCuF4fCTCurzRd1+J2oKcQBip7BSWlVuWZlg2/hPxoIraLezlz2
 huwOU9tkSGXwSRv4C6fCcukEwlqnvkE6W0MCrHrcb2T8xYwAR2Jjs0TsscbKxb+t
 lIjZRiCxBrFwOLUqGN8DMYtZPffR+cigZ5bYb4o3PPJ0DQL4vLQVd8SPMPrdJhbb
 M7UOaeTclSTQuzmM/Uuc1pmrFc8PDq0dg50dT3weH2bW8aSgyqutYGpmUcm1Q6kq
 JLFuyswOBr1vS9o0TlBunP4+TqJJrnGvtIQ4EbRZm7zP78mBaIIrUcAZlbgOI+XI
 cSjtFXkBOCz0j28J9GSHrsWMC7RQ179TGdcH/FjDpu0dNDOxH7eH5gZPQoQDAqwC
 SjstqJdIFnd0qxOB1EqcgMUxbSqQYq3hoGvJ644ZrMA3T5trBn0fSw3J9ZU/qAK7
 EvOKRacMfcacIj4l0aEQgpwqVmktwIYnkfetX/QAKw/4AImJz/R9GRkmYgjCfOH8
 /CUfXM71zWLEdv1o5uJ5
 =toIt
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/borntraeger/tags/kvm-s390-20140227' into staging

Several features, fixes and cleanups for kvm/s390:

- sclp event facility: cleanup structure. This allows to use
  realize/unrealize   as well as migration support via vmsd
- reboot: Two fixes that make reboot much more reliable
- ipl: make elf loading more robust
- flic interrupt controller: This allows to migrate floating
  interrupts, as well as clear them on reset etc.
- enable async_pf feature of KVM on s390
- several sclp fixes and cleanups
- several sigp fixes and cleanups

* remotes/borntraeger/tags/kvm-s390-20140227: (22 commits)
  s390x/ipl: Fix crash of ELF images with arbitrary entry points
  s390x/kvm: Rework priv instruction handlers
  s390x/kvm: Add missing SIGP CPU RESET order
  s390x/kvm: Rework SIGP INITIAL CPU RESET handler
  s390x/cpu: Use ioctl to reset state in the kernel
  s390-ccw.img: new binary rom to match latest fixes
  s390-ccw.img: Fix sporadic errors with ccw boot image - initialize css
  s390-ccw.img: Fix sporadic reboot hangs: Initialize next_idx
  s390x/event-facility: exploit realize/unrealize
  s390x/event-facility: add support for live migration
  s390x/event-facility: code restructure
  s390x/event-facility: some renaming
  s390x/sclp: Fixed setting of condition code register
  s390x/sclp: Add missing checks to SCLP handler
  s390x/sclp: Fixed the size of sccb and code parameter
  s390x/eventfacility: mask out commands
  s390x/virtio-hcall: Specification exception for illegal subcodes
  s390x/virtio-hcall: Add range check for hypervisor call
  s390x/kvm: Fixed bad SIGP SET-ARCHITECTURE handler
  s390x/async_pf: Check for apf extension and enable pfault
  ...

Conflicts:
	linux-headers/linux/kvm.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-04 14:50:46 +00:00
Peter Maydell
739aa555b8 Merge remote-tracking branch 'remotes/bonzini/scsi-next' into staging
* remotes/bonzini/scsi-next:
  block/iscsi: fix segfault if writesame fails
  scsi-disk: Add support for port WWN and index descriptors in VPD page 83h
  block/iscsi: query for supported VPD pages
  block/iscsi: fix deadlock on scsi check condition
  scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b
  scsi: report thin provisioning errors with werror=report
  scsi: Change scsi sense buf size to 252

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-04 14:25:34 +00:00
Peter Maydell
d47e95c0c8 Merge remote-tracking branch 'remotes/mcayland/qemu-sparc' into staging
* remotes/mcayland/qemu-sparc:
  sun4m: Add Sun CG3 framebuffer initialisation function
  sun4m: Add Sun CG3 framebuffer and corresponding OpenBIOS FCode ROM
  sun4m: fix slavio timer RUN/STOP bit
  sun4m: Set HostID in NVRAM

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-04 13:09:06 +00:00
Aneesh Kumar K.V
993c91a0e9 hw/9pfs: Include virtio-9p-device.o in build
After commit ba1183da9a we are including
hw/Makefile.objs directly from Makefile.target. Make sure hw/Makefile.objs
rules doesn't depend on variable defined in Makefile.objs

Tested-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2014-03-04 09:20:49 +05:30
Chen Gang
4fa4ce7107 hw/9pfs: use g_strdup_printf() instead of PATH_MAX limitation
When path is truncated by PATH_MAX limitation, it causes QEMU to access
incorrect file. So use original full path instead of PATH_MAX within
9pfs (need check/process ENOMEM for related memory allocation).

The related test:

 - Environments (for qemu-devel):

   - Host is under fedora17 desktop with ext4fs:

     qemu-system-x86_64 -hda test.img -m 1024 \
       -net nic,vlan=4,model=virtio,macaddr=00:16:35:AF:94:04 \
       -net tap,vlan=4,ifname=tap4,script=no,downscript=no \
       -device virtio-9p-pci,id=fs0,fsdev=fsdev0,mount_tag=hostshare \
       -fsdev local,security_model=passthrough,id=fsdev0,\
         path=/upstream/vm/data/share/1234567890abcdefghijklmnopqrstuvwxyz\
           ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890acdefghijklmnopqrstuvwxyz\
           ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890/111111111111111111111111111\
           1111111111111111111111111111111111111111111111111111222222222222\
           2222222222222222222222222222222222222222222222222222222222222222\
           2222222222222222222222222222222222233333333333333333333333333333\
           3333333333333333333333333333333333

    - Guest is ubuntu12 server with 9pfs.

      mount -t 9p -o trans=virtio,version=9p2000.L hostshare /share

    - Limitations:

      full path limitation is PATH_MAX (4096B include nul) under Linux.
      file/dir node name maximized length is 256 (include nul) under ext4.

 - Special test:

    Under host, modify the file: "/upstream/vm/data/share/1234567890abcdefg\
      hijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890acdefghijklmno\
      pqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890/111111111111111111111\
      111111111111111111111111111111111111111111111111111111111122222222222\
      222222222222222222222222222222222222222222222222222222222222222222222\
      222222222222222222222222222222233333333333333333333333333333333333333\
      3333333333333333333333333/4444444444444444444444444444444444444444444\
      444444444444444444444444444444444444444444444444444444444444444444444\
      444444444444444444444444444444444444444444444444444444444444444444444\
      444444444444444444444444444444444444444/55555555555555555555555555555\
      555555555555555555555555555555555555555555555555555555555555555555555\
      555555555555555555555555555555555555555555555555555555555555555555555\
      555555555555555555555555555555555555555555555555555555555555555555555\
      55555555/666666666666666666666666666666666666666666666666666666666666\
      666666666666666666666666666666666666666666666666666666666666666666666\
      666666666666666666666666666666666666666666666666666666666666666666666\
      666666666666666666666/77777777777777777777777777777777777777777777777\
      777777777777777777777777777777777777777777777777777777777777777777777\
      777777777777777777777777777777777777777777777777777777777777777777777\
      77777777777777777777777777777777777777777777777777777777777/888888888\
      888888888888888888888888888888888888888888888888888888888888888888888\
      888888888888888888888888888888888888888888888888888888888888888888888\
      888888888888888888888888888888888888888888888888888888888888888888888\
      888888888/99999999999999999999999999999999999999999999999999999999999\
      999999999999999999999999999999999999999999999999999999999999999999999\
      999999999999999999999999999999999999999999999999999999999999999999999\
      99999999999999999999999999999999999999999/000000000000000000000000000\
      000000000000000000000000000000000000000000000000000000000000000000000\
      000000000000000000000000000000000000000000000000000000000000000000000\
      000000000000000000000000000000000000000000000000/aaaaaaaaaaaaaaaaaaaa\
      aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
      aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
      aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbb\
      bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb\
      bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb\
      bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ccccccccc\
      ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\
      ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\
      ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\
      cccccccccc/dddddddddddddddddddddddddddddddddddddddddddddddddddddddddd\
      ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd\
      ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd\
      dddddddddddddddddddddd/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\
      eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\
      eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\
      eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/fffffffffffffff\
      fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\
      fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\
      ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff/gggggggggg\
      ggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg\
      ggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg\
      ggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg\
      ggggggggggggggggggggggg/iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii\
      iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii\
      iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii\
      iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii/jjjjjjjjjjjjj\
      jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj\
      jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj/ppppppppppppppppppppp\
      ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp\
      ppppppppppppppppppppppppppppppppppppppp/test1234567890file.log"
        (need enter dir firstly, then modify file, or can not open it).

   Under guest, still allow modify "test1234567890file.log" (will generate
   "test123456" file with contents).

   After apply this patch, can not open "test1234567890file.log" under guest
   (permission denied).

 - Common test:

   All are still OK after apply this path.

     "mkdir -p", "create/open file/dir", "modify file/dir", "rm file/dir".
     change various mount point paths under host and/or guest.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2014-03-04 00:57:57 +05:30
Chen Gang
fae0864573 hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf()
'ctx->fs_root' + 'path'/'fullname.data' may be larger than PATH_MAX, so
need use snprintf() instead of sprintf() just like another area have done
in 9pfs. This could possibly result in the truncation of pathname, which we
address in the follow up patch.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2014-03-03 21:56:31 +05:30
Chen Gang
75b7931ec6 hw/9pfs/virtio-9p-local.c: move v9fs_string_free() to below "err_out:"
When "goto err_out", 'v9fs_string' already was allocated, so still need
free 'v9fs_string' before return.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2014-03-03 21:55:01 +05:30
Peter Maydell
73795cea96 Updates include:
- Coverify fixes for vfio & pci-assign (Markus)
  - VFIO blacklisting support for known brokwn PCI option ROMs (Bandan)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJTDi9AAAoJECObm247sIsi5nwP/2hwA3YVzx4eamWWAK4IDuZO
 8Umga2wYQcpFkyb5zEDfZgYIQ+YcLFLVO0R9Uszlkl4Lmlu8Nl0Xoknn41NTEghH
 V9wGwlVfAcsnF2bP5aMN26Yd6pQditfL4Oj+o+kM6Vz63u7k3tCtiH+gDN0YYc/A
 wvyCmfv9nZGCKmtRljbeuSi7cYrDHld4LDXMeXkQCkc/x3BdsmyiCmw6uMuMPLP3
 LD8eCu6j08YowoPrQXSbJOw0kbYmWn/7pXMWdDZxswNQhNgBO+zt7niaEPTnql+s
 grxMzCABP3C1QIG/tMF1HM2CjSitM1qZJnO1W0UWup5+BrjdweZ5qnTTDmYi/XmT
 bne24I0zsLVIlEOTZeIZybeEnfbqHM2LfkyUJP/jwF8L1K+hsSdx0X6h1SJ+2PlV
 0hUBovhqvln1n9SH6WQ0e/bTfeERUr9QF9TfKZNIFpDSg2a+TQqQYFBtx/2I6wV6
 7BYRULG4/ykMEPu801iuxbLLgzXqSuY4HR775j0jVzqJp7jsO5a6mRiHqWHd2Rok
 r2jA/KA/9uWeeey+AumndL1olTMxBTlhTCKiX87bPCn/rYjld2oioIpft6JSVc9U
 PXoS5h16iyY4SWwCV9OkvluPYzx6o++Tb0rWdvnTyHPebf8EoDQeaKgxjU1bUpDa
 kYxTBa5mC03lNEoZ2XmQ
 =d8HV
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-pci-for-qemu-20140226.0' into staging

Updates include:
 - Coverify fixes for vfio & pci-assign (Markus)
 - VFIO blacklisting support for known brokwn PCI option ROMs (Bandan)

# gpg: Signature made Wed 26 Feb 2014 18:15:28 GMT using RSA key ID 3BB08B22
# gpg: Can't check signature: public key not found

* remotes/awilliam/tags/vfio-pci-for-qemu-20140226.0:
  vfio: blacklist loading of unstable roms
  qdev-monitor: set DeviceState opts before calling realize
  pci-assign: Fix potential read beyond buffer on -EBUSY
  vfio: Fix overrun after readlink() fills buffer completely

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-27 11:31:52 +00:00
Mark Cave-Ayland
af87bf290f sun4m: Add Sun CG3 framebuffer initialisation function
In order to allow the user to choose the framebuffer for sparc-softmmu, add
-vga tcx and -vga cg3 options to the QEMU command line. If no option is
specified, the default TCX framebuffer is used.

Since proprietary FCode ROMs use a resolution of 1152x900, slightly relax the
validation rules to allow both displays to be initiated at the higher
resolution used by these ROMs upon request (OpenBIOS FCode ROMs default to
the normal QEMU sun4m default resolution of 1024x768).

Finally move any fprintf(stderr ...) statements in the areas affected by this
patch over to the new error_report() function.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Blue Swirl <blauwirbel@gmail.com>
CC: Anthony Liguori <aliguori@amazon.com>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Bob Breuer <breuerr@mc.net>
CC: Artyom Tarasenko <atar4qemu@gmail.com>
2014-02-27 10:01:41 +00:00
Mark Cave-Ayland
9eb08a435a sun4m: Add Sun CG3 framebuffer and corresponding OpenBIOS FCode ROM
The CG3 framebuffer is a simple 8-bit framebuffer for use with operating
systems such as early Solaris that do not have drivers for TCX.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Blue Swirl <blauwirbel@gmail.com>
CC: Anthony Liguori <aliguori@amazon.com>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Bob Breuer <breuerr@mc.net>
CC: Artyom Tarasenko <atar4qemu@gmail.com>
2014-02-27 10:01:41 +00:00
Mark Cave-Ayland
ead4cf04f8 sun4m: fix slavio timer RUN/STOP bit
The sun4m architecture has one 'system' timer and one timer per CPU.
The CPU timers can be configured in two modes:

  * 22 bits Counter/Timer. Periodic interrupts.
  * 54 bits User timer. For profiling. In this mode, the Run/Stop bit
    controls the timer.

The run/stop bit controls the timer only when it is in "User" mode, but
its state shall be persistent.

Signed-off-by: Olivier Danet <odanet@caramail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-02-27 10:01:41 +00:00
Thomas Huth
7f00eb30fe s390x/ipl: Fix crash of ELF images with arbitrary entry points
When loading S390 kernels, the current code expects an ELF file with the
start address 0x10000. Other ELF files cause a segmentation fault. To avoid
these crashes, we should get the start address from the ELF file instead
of always using a hard-coded address.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:26 +01:00
Heinz Graalfs
c804c2a717 s390x/event-facility: exploit realize/unrealize
init/exit functionality of abstract SCLPEvent class is now exploiting
realize/unrealize.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Heinz Graalfs
6fbef18a4c s390x/event-facility: add support for live migration
Add support for live migration using VMStateDescription.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Heinz Graalfs
477a72a1ef s390x/event-facility: code restructure
Code restructure in order to simplify class hierarchy
  - remove S390SCLPDevice abstract base class
    and move function pointers into new SCLPEventFacilityClass
  - implement SCLPEventFacility as SysBusDevice
  - use define constants for instance creation strings

The following ascii-art shows the class structure wrt the SCLP EventFacility
before (CURRENT) and after the restructure (NEW):

----
CURRENT:

   "s390-sclp-events-bus"
   +-------------------------+
   |      SCLPEventsBus      |
   |-------------------------|
   |BusState qbus            |
   +-------------------------+

   +-------------------------+
   |   SCLPEventFacility     |  - to be replaced by new SCLPEventFacility,
   |-------------------------|    which will be a SysBusDevice
   |SCLPEventsBus sbus       |
   |DeviceState *qdev        |
   |unsigned int receive_mask|
   +-------------------------+

   +-------------------------+
   |   S390SCLPDeviceClass   |  - to be replaced by new SCLPEventFacilityClass
   |-------------------------|
   |DeviceClass qdev         |
   |*(init)()                |
   +-------------------------+

   "s390-sclp-event-facility"
             |
         instance-of
             |
             V
   "s390-sclp-device"           - this is an abstract class
   +-------------------------+
   |     S390SCLPDevice   (A)|  - to be replaced by new SCLPEventFacility
   |-------------------------|
   |SysBusDevice busdev      |
   |SCLPEventFacility *ef    |
   |                         |
   |*(sclp_command_handler)()|  - these 2 go to new SCLPEventFacilityClass
   |*(event_pending)()       |
   +-------------------------+

----
NEW:

   "s390-sclp-events-bus"
   +-------------------------+
   |      SCLPEventsBus      |
   |-------------------------|
   |BusState qbus            |
   +-------------------------+

   +-------------------------+
   | SCLPEventFacilityClass  |
   |-------------------------|
   |DeviceClass parent_class |
   |                         |
   |*(init)()                |
   |*(command_handler)()     |
   |*(event_pending)()       |
   +-------------------------+

   "s390-sclp-event-facility"
   +-------------------------+
   |   SCLPEventFacility     |
   |-------------------------|
   |SysBusDevice parent_class|
   |SCLPEventsBus sbus       |
   |unsigned int receive_mask|
   +-------------------------+

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Heinz Graalfs
65e526c24e s390x/event-facility: some renaming
Do some renaming to shorten some identifiers and to emphasize sclp.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Thomas Huth
6e25280216 s390x/sclp: Add missing checks to SCLP handler
If the 51 most significant bits of the SCCB address are zero or equal to
the prefix, we should throw an specification exception, too.
Also moved the check for privileged mode to sclp_service_call() to have
all program checks in one place now.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Thomas Huth
a0fa2cb8cc s390x/sclp: Fixed the size of sccb and code parameter
The pointer to the SCCB should not be limited to 32 bits only.
In contrast to this, the command word parameter is only 32 bits
(the upper 32 bits should be ignored).

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Christian Borntraeger
9da45bb217 s390x/eventfacility: mask out commands
As a followup to commit 5f04c14a10
(s390-sclp: Define New SCLP Codes) we should mask the sclp command
not only in base sclp, but also in the event facility.

Based on an initial patch from Ralf Hoppe.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Thomas Huth
77319f2263 s390x/virtio-hcall: Specification exception for illegal subcodes
So far, the DIAG 500 hypervisor call was only setting -EINVAL in
R2 when a guest tried to call this function with an illegal subcode.
This patch now changes the behavior so that a specification exception
is thrown instead, since this is the common behavior of other DIAG
functions (and other CPU instructions) when being called with illegal
parameters.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Thomas Huth
f2c55d1735 s390x/virtio-hcall: Add range check for hypervisor call
The handler for diag 500 did not check whether the requested function
was in the supported range, so illegal values could crash QEMU in the
worst case.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: qemu-stable@nongnu.org
2014-02-27 09:51:25 +01:00
Dominik Dingel
819bd3091e s390x/async_pf: Check for apf extension and enable pfault
S390 can also use async page faults, to enhance guest scheduling.
In case of live migration we want to disable the feature and let
all pending request finish.

Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Jens Freimann
3a553fc658 s390x/kvm: implement floating-interrupt controller device
This patch implements a floating-interrupt controller device (flic)
which interacts with the s390 flic kvm_device.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Peter Maydell
2ce5868ca1 target-arm queue:
* fixes for various Coverity-spotted bugs
  * support new KVM device control API for VGIC
  * support KVM VGIC save/restore/migration
  * more AArch64 system mode foundations
  * support ARMv8 CRC instructions for A32/T32
  * PL330 minor fixes and cleanup
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABCAAGBQJTDimkAAoJEDwlJe0UNgzeJckQAIgv++tjcGk9d5gl0QQMyHJJ
 GNb0raWPHSvVqsuGJzdzgfd5dt0FN3fvqKs4ThtstLjcmkiIqDoIaDuDDFdU/Zt0
 YAMA07cQ7xZNoVB8x8zqMD/yrLV99CKZlC5/Cr4yq8SPNrOKZkpnFViSC2wgrrDt
 JyCRjc6GIv3SofkOP8sCF3Fg7JMi0J9qFCCw2fGWrRBq1TEMYlaCn5rSO4O9jiW3
 g8YMVUeYFjKkLUnoNOA93NQhhkrQNl5xkXmCo+JF7TPL9w2lH/G76RWmLtaPGLuh
 IkwfG+7/AVbtoK8Njp9scsmu56hau1RkNip/yquLM1ONb2H7h94AkpRCGQXOXBW3
 rEocDKR3cR7quvLHtQ54blR5/TJMhFZfchX5cvGYT4pH2+8yxyP0UeFpNVJawoLO
 Bb1zYTswjXfAfe0jk/nr91P5lSNa6lkk42mh7k7Shc7bvCjkaLQDbNRDBB1B6gLr
 0b0vj73U8+Gz+5WoWbu0GJhuR5NdWxnAiuTYXEJ8roTaZL2AP6fuef4OZ+Nnpw/K
 dBRoO6NWrKT04ZaYu6tB/q31sa6ff6S+hRpqr8lp/S8PGFWC0Pni8Pz0rYLpyhVh
 yZRqkY7C6FRE5EmXSWt0ZkpSkykwnibL/xXigHIvmGEBiohR0f4SGSIDLqTGkYqQ
 HWtue+3jyM/1kirp2QLx
 =1X50
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140226' into staging

target-arm queue:
 * fixes for various Coverity-spotted bugs
 * support new KVM device control API for VGIC
 * support KVM VGIC save/restore/migration
 * more AArch64 system mode foundations
 * support ARMv8 CRC instructions for A32/T32
 * PL330 minor fixes and cleanup

# gpg: Signature made Wed 26 Feb 2014 17:51:32 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20140226: (45 commits)
  dma/pl330: implement dmaadnh instruction
  dma/pl330: Fix buffer depth
  dma/pl330: Add event debugging printfs
  dma/pl330: Rename parent_obj
  dma/pl330: printf format type sweep.
  dma/pl330: Fix misleading type
  dma/pl330: Delete overly verbose debug printf
  target-arm: Add support for AArch32 ARMv8 CRC32 instructions
  include/qemu/crc32c.h: Rename include guards to match filename
  target-arm: Add utility function for checking AA32/64 state of an EL
  target-arm: Implement AArch64 view of CPACR
  target-arm: A64: Implement MSR (immediate) instructions
  target-arm: Store AIF bits in env->pstate for AArch32
  target-arm: A64: Implement WFI
  target-arm: Get MMU index information correct for A64 code
  target-arm: Implement AArch64 OSLAR_EL1 sysreg as WI
  target-arm: Implement AArch64 dummy breakpoint and watchpoint registers
  target-arm: Implement AArch64 ID and feature registers
  target-arm: Implement AArch64 generic timers
  target-arm: Implement AArch64 MPIDR
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 22:53:51 +00:00
Peter Maydell
bc3fbad816 Net patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTDJtxAAoJEJykq7OBq3PIEBAH/0Fh1TUsHpLGwtVC+HObl4HF
 19KJpaXfG3L1x5pV4qbRvsmgXDNjnm8sSAbAvINn5uKJqk371qshvgssaIyLOA/o
 VD+9lR1mwE9mwiktCfFniddoZmTsMyGxsbE4i1dZAxsGuuiJ3x2zRotpQCLjmWMJ
 OSIdy1v657tR0EnhjI19g4fNvCpfOwX3tvMt20vgL6/x9AuNjMfFeP6S/KNuxBBC
 6vflVNmN0AIc/tIbR5bql5/wcDixJcxobFXHxAmIbaaJTNtFXq0PNpo0kfLi5Zzx
 s6iVoYVXNMx1xqpegBEVLyIvtcX7SCggO8FT+bhzaOfPVL8NaSXRJMRjH22V+D0=
 =UA+s
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging

Net patches

# gpg: Signature made Tue 25 Feb 2014 13:32:33 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/net-pull-request:
  virtio-net: use qemu_get_queue() where possible
  vhost_net: use offload API instead of bypassing it
  net: remove implicit peer from offload API
  net: Disable netmap backend when not supported
  net: add offloading support to netmap backend
  net: make tap offloading callbacks static
  net: virtio-net and vmxnet3 use offloading API
  net: TAP uses NetClientInfo offloading callbacks
  net: extend NetClientInfo for offloading
  net: change vnet-hdr TAP prototypes
  opencores_eth: flush queue whenever can_receive can go from false to true

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 20:04:37 +00:00
Peter Maydell
28c05edff5 hda-audio: qom cleanups
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTCzjkAAoJEEy22O7T6HE4eqcP/2mtgvuyVQ9xl8Zyk/cp/Uy+
 14n6lsnyHQ9ZXw+YwnmLqyVhyoAfM4zJ7N2IvZDQxKcW56GUishV4BbrNW9+ldvm
 9rQP7ODQviN2RrKNtxoJGYsBqxkM9p2gZ0rhs9W1/MD7CvwbrOH0xO1dDWuz9YvC
 W68lioEwBNLu9YPvNqBZVAiQf57ez1pf8CPrVilcCWw2K33l0Owk+Y0uIYWkqu35
 jJE3fBdHXFbdYxT5Lof4mvYMo4m1pI7pYWVAUN3iYyQnFaLSYqLtglyJTPUrx+dc
 Vwb1bsWredAtBkzPbsAzVU++kylRsS6AI36MqXi/UvpD3SlmRE3q8gIGXoBEKUHP
 Ab+ozjNNGQYlRysmeEowmjkVfjDelbd9Rd3rfi5v1XYlKR96I5j49c4U7SNotUL2
 UcVWxSGwQ+tSvCWHfBfxhLom8oWPMUpXUVucYgV84GpQyqoZGXxKotVko/zXvrss
 q64OIJO7Db6bJHjn0tvrqO3mA+B9gkHO5m7ow41EFAquwevTiOKqUP1gjD8an8hN
 eqe4LFs6APDEvMyoPPPrrR5u18wW4nkEgFgpZA/QcYHajOWggb5S7tH6Howlf486
 +2GSWwQAF5Nwg7WXkm7HiDslj2fZIcjbBH8yOV9b511lNaTAhr/Z0MOsOoXLnxzf
 yq38KN0SArsYirT9F+3F
 =FdLD
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-3' into staging

hda-audio: qom cleanups

# gpg: Signature made Mon 24 Feb 2014 12:19:48 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-audio-3:
  hda-audio: qom cleanups

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 18:22:11 +00:00
Bandan Das
4b9430294e vfio: blacklist loading of unstable roms
Certain cards such as the Broadcom BCM57810 have rom quirks
that exhibit unstable system behavior duing device assignment. In
the particular case of 57810, rom execution hangs and if a FLR
follows, the device becomes inoperable until a power cycle. This
change blacklists loading of rom for such cards unless the user
specifies a romfile or rombar=1 on the cmd line

Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-02-26 10:33:45 -07:00
Markus Armbruster
82d0794565 pci-assign: Fix potential read beyond buffer on -EBUSY
readlink() doesn't write a terminating null byte.
assign_failed_examine() passes the unterminated string to strrchr().
Oops.  Terminate it.

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-02-26 10:30:03 -07:00
Markus Armbruster
13665a2d2f vfio: Fix overrun after readlink() fills buffer completely
readlink() returns the number of bytes written to the buffer, and it
doesn't write a terminating null byte.  vfio_init() writes it itself.
Overruns the buffer when readlink() filled it completely.

Fix by treating readlink() filling the buffer completely as error,
like we do in pci-assign.c's assign_failed_examine().

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-02-26 10:28:36 -07:00
Peter Crosthwaite
c04018e933 dma/pl330: implement dmaadnh instruction
Implement the missing DMAADNH instruction. This is a minor variant
of the DMAADDH instruction, so factor out to a common implementation
for both (dmaadxh).

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 73ab13532a7cae53441da89b46c279b5f50785e3.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:09 +00:00
Peter Crosthwaite
a5ae7e3984 dma/pl330: Fix buffer depth
This is the product of the data-width and the depth arguments, I.e the
depth of the FIFO is in terms of data entries and not bytes (which is
what the original implementation was suggesting). Fix.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: c34de31031511538ccdb3164b48ee8a6a973ebd4.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:08 +00:00
Peter Crosthwaite
432a0a130e dma/pl330: Add event debugging printfs
These are helpful to anyone trying to debug event sequencing.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: e82a0ad804db3de4f46839e55a9d287735ef870d.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:08 +00:00
Peter Crosthwaite
1c8be73d4e dma/pl330: Rename parent_obj
As per current QOM conventions.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: abb137347ea1ee9c31487b544f3d5435fb17f6a4.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:08 +00:00
Peter Crosthwaite
c3143ba877 dma/pl330: printf format type sweep.
Use PRI formats as appropriate rather than raw %x and %d. This fixes
debug printfery on some host platforms. Fix types of debug only
variables as appropriate.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: dbb5f5fd048b2d4a3cb5c6357577d11211a7a585.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:08 +00:00
Peter Crosthwaite
024c6e2ea5 dma/pl330: Fix misleading type
This type really should just be a regular int as no usages rely on it's
32 bitness (it's only meaningful as a bit position and not a bit mask).
This also fixes a printf which uses the variable with a regular %d.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 2a99d31f377aee371476d9da8fd0d1b7efa30f63.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:08 +00:00
Peter Crosthwaite
63a31905cb dma/pl330: Delete overly verbose debug printf
When using event synchronisation, this particular debug printf floods.
Just delete it.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: dd94d19493f97c47497b9d8caf74ca43e70d58fd.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:07 +00:00
Peter Maydell
4cc35614a0 target-arm: Store AIF bits in env->pstate for AArch32
To avoid complication in code that otherwise would not need to
care about whether EL1 is AArch32 or AArch64, we should store
the interrupt mask bits (CPSR.AIF in AArch32 and PSTATE.DAIF
in AArch64) in one place consistently regardless of EL1's mode.
Since AArch64 has an extra enable bit (D for debug exceptions)
which isn't visible in AArch32, this means we need to keep
the enables in env->pstate. (This is also consistent with the
general approach we're taking that we handle 32 bit CPUs as
being like AArch64/ARMv8 CPUs but which only run in 32 bit mode.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-02-26 17:20:06 +00:00
Peter Maydell
327ed10fa2 target-arm: Implement AArch64 TTBR*
Implement the AArch64 TTBR* registers. For v7 these were already 64 bits
to handle LPAE, but implemented as two separate uint32_t fields.
Combine them into a single uint64_t which can be used for all purposes.
Since this requires touching every use, take the opportunity to rename
the field to the architectural name.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-02-26 17:20:04 +00:00
Christoffer Dall
855011be05 hw: arm_gic_kvm: Add KVM VGIC save/restore logic
Save and restore the ARM KVM VGIC state from the kernel.  We rely on
QEMU to marshal the GICState data structure and therefore simply
synchronize the kernel state with the QEMU emulated state in both
directions.

We take some care on the restore path to check the VGIC has been
configured with enough IRQs and CPU interfaces that we can properly
restore the state, and for separate set/clear registers we first fully
clear the registers and then set the required bits.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1392687921-26921-1-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:01 +00:00
Christoffer Dall
1da41cc1c6 arm: vgic device control api support
Support creating the ARM vgic device through the device control API and
setting the base address for the distributor and cpu interfaces in KVM
VMs using this API.

Because the older KVM_CREATE_IRQCHIP interface needs the irq chip to be
created prior to creating the VCPUs, we first test if we can use the
device control API in kvm_arch_irqchip_create (using the test flag from
the device control API).  If we cannot, it means we have to fall back to
KVM_CREATE_IRQCHIP and use the older ioctl at this point in time.  If
however, we can use the device control API, we don't do anything and
wait until the arm_gic_kvm driver initializes and let that use the
device control API.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1392687720-26806-5-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:00 +00:00
Christoffer Dall
6453fa998a hw/intc/arm_gic: Fix GIC_SET_LEVEL
The GIC_SET_LEVEL macro unfortunately overwrote the entire level
bitmask instead of just or'ing on the necessary bits, causing active
level PPIs on a core to clear PPIs on other cores.

Cc: qemu-stable@nongnu.org
Reported-by: Rob Herring <rob.herring@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1393031030-8692-1-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:19:59 +00:00
Peter Maydell
cf143ad350 hw/arm/musicpal: Remove nonexistent CDTP2, CDTP3 registers
The ethernet device in the musicpal only has two tx queues,
but we modelled it with four CTDP registers, presumably a
cut and paste from the rx queue registers. Since the tx_queue[]
array is only 2 entries long this allowed a guest to overrun
this buffer. Remove the nonexistent registers.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1392737293-10073-1-git-send-email-peter.maydell@linaro.org
Acked-by: Jan Kiszka <jan.kiszka@web.de>
Cc: qemu-stable@nongnu.org
2014-02-26 17:19:59 +00:00
Peter Maydell
fce0a82608 hw/intc/exynos4210_combiner: Don't overrun output_irq array in init
The Exynos4210 combiner has IIC_NIRQ inputs and IIC_NGRP outputs;
use the correct constant in the loop initializing our output
sysbus IRQs so that we don't overrun the output_irq[] array.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1392659611-8439-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Andreas Färber <afaerber@suse.de>
Cc: qemu-stable@nongnu.org
2014-02-26 17:19:58 +00:00
Peter Maydell
cba933b225 hw/timer/arm_timer: Avoid array overrun for bad addresses
The integrator's timer read/write functions log an error for
bad addresses in guest accesses, but were falling through and
using an out of bounds array index rather than returning early.
Fix this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1392647854-8067-4-git-send-email-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
2014-02-26 17:19:58 +00:00
Peter Maydell
106a73b6d2 hw/net/stellaris_enet: Avoid unintended sign extension
Add a cast to avoid an unintended sign extension that
would mean we returned 0xffffffff in the high 32 bits
for an IA0 read if bit 31 in the MAC address was 1.
(This is harmless since we'll only be doing 4 byte
reads, but it could be confusing, so best avoided.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1392647854-8067-3-git-send-email-peter.maydell@linaro.org
2014-02-26 17:19:58 +00:00
Peter Maydell
ec1efab957 hw/misc/arm_sysctl: Fix bad boundary check on mb clock accesses
Fix incorrect use of sizeof() rather than ARRAY_SIZE() to guard
accesses into the mb_clock[] array, which was allowing a malicious
guest to overwrite the end of the array.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1392647854-8067-2-git-send-email-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
2014-02-26 17:19:57 +00:00
Peter Crosthwaite
d5001cf787 xilinx: Delete hw/include/xilinx.h
This is now obsolete - remove the header and all its inclusions.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-26 14:54:45 +10:00
Peter Crosthwaite
d91a68a73b xilinx: Inline usages of xilinx_axi*_init()
Inline the only usage of each of xilinx_axiethernet_init and
xilinx_axidma_init. Converts this init to at least a semi-recent QOM
styling.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-26 14:54:45 +10:00
Peter Crosthwaite
b8d4e1c43b xilinx: Inline usage of xilinx_ethlite_create()
Inline the only usage. Converts this init to at least a semi-recent QOM
styling.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-26 14:54:45 +10:00
Peter Crosthwaite
29873712e6 xilinx: Inline usages of xilinx_timer_create()
Inline these usages. Converts these init to at least a semi-recent QOM
styling.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-26 14:54:45 +10:00
Peter Crosthwaite
13c9bfbfbb xilinx: Inline usages of xilinx_intc_create()
Inline these usages. Converts these init to at least a semi-recent QOM
styling.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-26 14:54:45 +10:00
Peter Crosthwaite
8174196b7f microblaze/ml605: Define macros for irq/memory maps
Define (missing) macros for the interrupt and memory maps for the sake
of self documentation.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-26 14:54:45 +10:00