Commit Graph

23542 Commits

Author SHA1 Message Date
Ian Jackson
249e7e0fff cpu_ioreq_pio, cpu_ioreq_move: i should be uint32_t rather than int
The current code compare i (int) with req->count (uint32_t) in a for
loop, risking an infinite loop if req->count is equal to UINT_MAX.

Also i is only used in comparisons or multiplications with unsigned
integers.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Dongxiao Xu <dongxiao.xu@intel.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
2012-12-17 11:44:02 +00:00
Ian Jackson
a38648290e cpu_ioreq_pio, cpu_ioreq_move: introduce read_phys_req_item, write_phys_req_item
Replace a lot of formulaic multiplications (containing casts, no less)
with calls to a pair of functions.  This encapsulates in a single
place the operations which require care relating to integer overflow.

Cc: Dongxiao Xu <dongxiao.xu@intel.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2012-12-17 11:43:19 +00:00
Sander Eikelenboom
f1b8caf1d9 Fix compile errors when enabling Xen debug logging.
Signed-off-by: Sander Eikelenboom <linux@eikelenboom.it>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2012-12-17 11:37:43 +00:00
Stefano Stabellini
044b99c655 xen: fix trivial PCI passthrough MSI-X bug
We are currently passing entry->data as address parameter. Pass
entry->addr instead.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Tested-by: Sander Eikelenboom <linux@eikelenboom.it>
Xen-devel: http://marc.info/?l=xen-devel&m=135515462613715
2012-12-17 11:36:58 +00:00
Stefano Stabellini
2c1d4d15f0 xen: implement support for secondary consoles in the console backend
This patch corresponds to commit
840184a106bc24e745beda5c77e392f6cecd2bc9 from
git://xenbits.xensource.com/qemu-xen-unstable.git.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2012-12-17 11:36:09 +00:00
Blue Swirl
a8a826a3c3 exec: refactor cpu_restore_state
Refactor common code around calls to cpu_restore_state().

tb_find_pc() has now no external users, make it static.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-16 08:35:24 +00:00
Blue Swirl
5b6dd8683d exec: move TB handling to translate-all.c
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-16 08:28:41 +00:00
Blue Swirl
5a3165263a exec: extract TB watchpoint check
Will be moved by the next patch.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-16 08:28:29 +00:00
Blue Swirl
44209fc4ed exec: fix coding style
Fix coding style in areas to be moved by later patches.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-16 08:28:16 +00:00
Blue Swirl
6d4e18925a Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf: (40 commits)
  pseries: Increase default NVRAM size
  target-ppc: Don't use hwaddr to represent hardware state
  PPC: e500: pci: Export slot2irq calculation
  PPC: E500plat: Make a lot of PCI slots available
  PPC: E500: Move PCI slot information into params
  PPC: E500: Generate dt pci irq map dynamically
  PPC: E500: PCI: Make IRQ calculation more generic
  PPC: E500: PCI: Make first slot qdev settable
  openpic: Accelerate pending irq search
  openpic: fix minor coding style issues
  MSI-X: Fix endianness
  PPC: e500: Declare pci bridge as bridge
  PPC: e500: Add MSI support
  openpic: add Shared MSI support
  openpic: make brr1 model specific
  openpic: convert to qdev
  openpic: remove irq_out
  openpic: rename openpic_t to OpenPICState
  openpic: convert simple reg operations to builtin bitops
  openpic: remove unused type variable
  ...
2012-12-15 09:05:26 +00:00
Max Filippov
659f807c0a target-xtensa: fix ITLB/DTLB page protection flags
With MMU option xtensa architecture has two TLBs: ITLB and DTLB. ITLB is
only used for code access, DTLB is only for data. However TLB entries in
both TLBs have attribute field controlling write and exec access. These
bits need to be properly masked off depending on TLB type before being
used as tlb_set_page prot argument. Otherwise the following happens:

(1) ITLB entry for some PFN gets invalidated
(2) DTLB entry for the same PFN gets updated, attributes allow code
    execution
(3) code at the page with that PFN is executed (possible due to step 2),
    entry for the TB is written into the jump cache
(4) QEMU TLB entry for the PFN gets replaced with an entry for some
    other PFN
(5) code in the TB from step 3 is executed (possible due to jump cache)
    and it accesses data, for which there's no DTLB entry, causing DTLB
    miss exception
(6) re-translation of the TB from step 5 is attempted, but there's no
    QEMU TLB entry nor xtensa ITLB entry for that PFN, which causes ITLB
    miss exception at the TB start address
(7) ITLB miss exception is handled by the guest, but execution is
    resumed from the beginning of the faulting TB (the point where ITLB
    miss occured), not from the point where DTLB miss occured, which is
    wrong.

With that fix the above scenario causes ITLB miss exception (that used
to be step 7) at step 3, right at the beginning of the TB.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-15 08:39:00 +00:00
Gerd Hoffmann
4b4496dbcc console: clip update rectangle
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-14 20:56:26 +00:00
Gerd Hoffmann
bc210eb163 pixman: fix vnc tight png/jpeg support
This patch adds an x argument to qemu_pixman_linebuf_fill so it can
also be used to convert a partial scanline.  Then fix tight + png/jpeg
encoding by passing in the x+y offset, so the data is read from the
correct screen location instead of the upper left corner.

Cc: 1087974@bugs.launchpad.net
Cc: qemu-stable@nongnu.org
Reported-by: Tim Hardeneck <thardeck@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-14 20:56:19 +00:00
Gerd Hoffmann
f27b2e1dfe pixman: update internal copy to pixman-0.28.2
Some w64 fixes by Stefan Weil found their way into 0.28.2,
so update the internal copy to that version to improve
windows support.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-14 20:56:01 +00:00
Gerd Hoffmann
cb1d40d7cc Revert "pixman: require 0.18.4 or newer"
This reverts commit 288fa40736.

The only reason old pixman versions didn't work was the missing
PIXMAN_TYPE_BGRA, which is properly #ifdef'ed now.  So we don't
have to require a minimum pixman version.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-14 20:55:57 +00:00
Gerd Hoffmann
fbddfc727b pixman: fix version check for PIXMAN_TYPE_BGRA
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-14 20:55:37 +00:00
David Gibson
a64ae610b9 pseries: Increase default NVRAM size
If no image file for NVRAM is specified, the pseries machine currently
creates a 16K non-persistent NVRAM by default.  This basically works, but
is not large enough for current firmware and guest kernels to create all
the NVRAM partitions they would like to.  Increasing the default size to
64K addresses this and stops the guest generating error messages.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:58 +01:00
David Gibson
b162d02e94 target-ppc: Don't use hwaddr to represent hardware state
The hwaddr type is somewhat vaguely defined as being able to contain bus
addresses on the widest possible bus in the system.  For that reason it's
discouraged for representing specific pieces of persistent hardware state,
which should instead use an explicit width type that matches the bits
available in real hardware.  In particular, because of the possibility that
the size of hwaddr might change if different buses are added to the target
in future, it's not suitable for use in vm state descriptions for savevm
and migration.

This patch purges such unwise uses of hwaddr from the ppc target code,
which turns out to be just one.  The ppcemb_tlb_t struct, used on a number
of embedded ppc models to represent a TLB entry contains a hwaddr for the
real address field.  This patch changes it to be a fixed uint64_t which is
suitable enough for all machine types which use this structure.

Other uses of hwaddr in CPUPPCState turn out not to be problematic:
htab_base and htab_mask are just used for the convenience of the TCG code;
the underlying machine state is the SDR1 register, which is stored with
a suitable type already.  Likewise the mpic_cpu_base field is only used
internally and does not represent fundamental hardware state which needs to
be saved.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:57 +01:00
Alexander Graf
9e2c12988b PPC: e500: pci: Export slot2irq calculation
We need the calculation method to get from a PCI slot ID to its respective
interrupt line twice. Once in the internal map function and once when
assembling the device tree.

So let's extract the calculation to a separate function that can be called
by both users.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:57 +01:00
Alexander Graf
3bb7e02a97 PPC: E500plat: Make a lot of PCI slots available
The ppce500 machine doesn't have to stick to hardware limitations,
as it's defined as being fully device tree based.

Thus we can change the initial PCI slot ID to 0x1 which gives us a
whopping 31 PCI devices we can support with this machine now!

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:57 +01:00
Alexander Graf
492ec48dc2 PPC: E500: Move PCI slot information into params
We have a params struct that allows us to expose differences between
e500 machine models. Include PCI slot information there, so we can have
different machines with different PCI slot topology.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:57 +01:00
Alexander Graf
347dd79dcc PPC: E500: Generate dt pci irq map dynamically
Today we're hardcoding the PCI interrupt map in the e500 machine file.
Instead, let's write it dynamically so that different machine types
can have different slot properties.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:57 +01:00
Alexander Graf
05f57d9de8 PPC: E500: PCI: Make IRQ calculation more generic
The IRQ line calculation is more or less hardcoded today. Instead, let's
write it as an algorithmic function that theoretically allows an arbitrary
number of PCI slots.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:57 +01:00
Alexander Graf
eafb325fb1 PPC: E500: PCI: Make first slot qdev settable
Today the first slot id in our e500 pci implementation is hardcoded to
0x11. Keep it there as default, but allow users to change the default to
a different id.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:57 +01:00
Alexander Graf
76aec1f8b6 openpic: Accelerate pending irq search
When we're done with one interrupt, we need to search for the next pending
interrupt in the queue. This search has grown quite big now that we have
more than 256 possible irq lines.

So let's memorize how many interrupts we have pending in our bitmaps, so
that we can always bail out in the usual case - the one where we're all done.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:57 +01:00
Alexander Graf
dbe30e13e8 openpic: fix minor coding style issues
This patch removes all remaining occurences of spaces before function
parameter indicating parenthesis.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:57 +01:00
Alexander Graf
68d1e1f52d MSI-X: Fix endianness
The MSI-X vector tables are usually stored in little endian in memory,
so let's mark the accessors as such.

This fixes MSI-X on e500 for me.

Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2012-12-14 13:12:57 +01:00
Alexander Graf
997505065d PPC: e500: Declare pci bridge as bridge
The new PCI host bridge device needs to identify itself as PCI host bridge.
Declare it as such.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:56 +01:00
Alexander Graf
a911b7a920 PPC: e500: Add MSI support
Now that our interrupt controller supports MSIs, let's expose that feature
to the guest through the device tree!

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:56 +01:00
Alexander Graf
732aa6ec26 openpic: add Shared MSI support
The OpenPIC allows MSI access through shared MSI registers. Implement
them for the MPC8544 MPIC, so we can support MSIs.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:56 +01:00
Alexander Graf
dbbbfd6058 openpic: make brr1 model specific
Now that we can properly distinguish between openpic model differences,
let's move brr1 out of the raven code path.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:56 +01:00
Alexander Graf
d0b7263134 openpic: convert to qdev
This patch converts the OpenPIC device to qdev. Along the way it
renames the "openpic" target to "raven" and the "mpic" target to
"fsl_mpic_20", to better reflect the actual models they implement.

This way we have a generic OpenPIC device now that can handle
different flavors of the OpenPIC specification.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:56 +01:00
Alexander Graf
5bac070111 openpic: remove irq_out
The current openpic emulation contains half-ready code for bypass mode.
Remove it, so that when someone wants to finish it they can start from a
clean state.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:56 +01:00
Alexander Graf
6d544ee8ac openpic: rename openpic_t to OpenPICState
Rename the openpic_t struct to OpenPICState, so it adheres better to
the current coding style rules.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:56 +01:00
Alexander Graf
1945dbc15f openpic: convert simple reg operations to builtin bitops
The openpic code has its own bitmap code to access bits inside of a
bitmap. However, that is overkill when we simply want to check for a
bit inside of a uint32_t.

So instead, let's use normal bit masks and C builtin shifts and ands.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:56 +01:00
Alexander Graf
e1d1085152 openpic: remove unused type variable
The openpic source irqs are carrying around a type indicator that
is never accessed by anything. Remove it.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:56 +01:00
Alexander Graf
35732cb41e openpic: unify memory api subregions
The only difference between the "openpic" and "mpic" memory api subregion
descriptors is the endianness. Unify them as openpic accessors with explicit
endianness markers in their names.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:56 +01:00
Alexander Graf
825463b384 openpic: combine openpic and mpic reset functions
The openpic and mpic reset handlers are almost identical. Combine
them and extract the differences into state variables.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:55 +01:00
Alexander Graf
c38c0b8ad0 openpic: merge mpic and openpic timer handling
The openpic and mpic timer handling code is basically the same.
Merge them.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:55 +01:00
Alexander Graf
5861a33898 openpic: combine mpic and openpic irq raise functions
The IRQ raise mechanisms of the OpenPIC and MPIC controllers is identical,
just that the MPIC one can also raise critical interrupts.

Combine those two and check for critical raise capability during runtime.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:55 +01:00
Alexander Graf
780d16b77f openpic: Convert subregions to memory api
The "openpic" controller is currently using one big region and does
subregion dispatching manually. Move this to the memory api.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:55 +01:00
Alexander Graf
a285f1ca70 openpic: combine mpic and openpic src handlers
The MPIC source irq handler suddenly became identical to the standard
OpenPIC source irq handler. Combine them into the same function.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:55 +01:00
Alexander Graf
b9b2aaa3c6 openpic: update to proper memory api
The openpic code was still using the old mmio memory api. Convert it to
be a generic memory api user and clean up some code that becomes redundant
that way.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:55 +01:00
Alexander Graf
cdbb912a6f mpic: Unify numbering scheme
MPIC interrupt numbers in Linux (device tree) and in QEMU are different,
because QEMU takes the sparseness of the IRQ number space into account.

Remove that cleverness and instead assume a flat number space. This makes
the code easier to understand, because we are actually aligned with Linux
on the view of our worlds.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:55 +01:00
Alexander Graf
38898d7ed8 openpic: Remove unused code
The openpic code had a few WIP bits left that nobody reanimated within
the last few years. Remove that code.

Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Hervé Poussineau <hpoussin@reactos.org>
2012-12-14 13:12:55 +01:00
David Gibson
8b1853e7d8 pseries: Don't allow TCE (iommu) tables to be registered with duplicate LIOBNs
The PAPR specification requires that every bus or device mediated by the
IOMMU have a unique Logical IO Bus Number (LIOBN).  This patch adds a check
to enforce this, which will help catch errors in configuration earlier.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:55 +01:00
Bharat Bhushan
3eddc1be1c Adding BAR0 for e500 PCI controller
PCI Root complex have TYPE-1 configuration header while PCI endpoint
have type-0 configuration header. The type-1 configuration header have
a BAR (BAR0). In Freescale PCI controller BAR0 is used for mapping pci
address space to CCSR address space. This can used for 2 purposes: 1)
for MSI interrupt generation 2) Allow CCSR registers access when configured
as PCI endpoint, which I am not sure is a use case with QEMU-KVM guest.

What I observed is that when guest read the size of BAR0 of host controller
configuration header (TYPE1 header) then it always reads it as 0. When
looking into the QEMU hw/ppce500_pci.c, I do not find the PCI controller
device registering BAR0. I do not find any other controller also doing so
may they do not use BAR0.

There are two issues when BAR0 is not there (which I can think of):
1) There should be BAR0 emulated for PCI Root complex (TYPE1 header) and
when reading the size of BAR0, it should give size as per real h/w.

2) Do we need this BAR0 inbound address translation?
        When BAR0 is of non-zero size then it will be configured for PCI
address space to local address(CCSR) space translation on inbound access.
The primary use case is for MSI interrupt generation. The device is
configured with an address offsets in PCI address space, which will be
translated to MSI interrupt generation MPIC registers. Currently I do
not understand the MSI interrupt generation mechanism in QEMU and also
IIRC we do not use QEMU MSI interrupt mechanism on e500 guest machines.
But this BAR0 will be used when using MSI on e500.

I can see one more issue, There are ATMUs emulated in hw/ppce500_pci.c,
but i do not see these being used for address translation.
So far that works because pci address space and local address space are 1:1
mapped. BAR0 inbound translation + ATMU translation will complete the address
translation of inbound traffic.

Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
[agraf: fix double variable assignment w/o read]
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:54 +01:00
Bharat Bhushan
dffb1dc29f e500: Adding CCSR memory region
All devices are also placed under CCSR memory region.
The CCSR memory region is exported to pci device. The MSI interrupt
generation is the main reason to export the CCSR region to PCI device.
This put the requirement to move mpic under CCSR region, but logically
all devices should be under CCSR. So this patch places all emulated
devices under ccsr region.

Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:54 +01:00
David Gibson
4fd50339c0 pseries: Update SLOF for NVRAM support
Now that we have implemented PAPR compatible NVRAM interfaces in qemu, this
updates the SLOF firmware to actually initialize and use the NVRAM as a
PAPR guest firmware is expected to do.

This SLOF update also includes an ugly but useful workaround for a bug in
the SLES11 installer which caused it to fail under KVM.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:54 +01:00
David Gibson
639e8102ae pseries: Implement PAPR NVRAM
The PAPR specification requires a certain amount of NVRAM, accessed via
RTAS, which we don't currently implement in qemu.  This patch addresses
this deficiency, implementing the NVRAM as a VIO device, with some glue to
instantiate it automatically based on a machine option.

The machine option specifies a drive id, which is used to back the NVRAM,
making it persistent.  If nothing is specified, the driver instead simply
allocates space for the NVRAM, which will not be persistent

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14 13:12:54 +01:00