Commit Graph

16800 Commits

Author SHA1 Message Date
Peter Xu
cb135f59b8 q35: ioapic: add support for emulated IOAPIC IR
This patch translates all IOAPIC interrupts into MSI ones. One pseudo
ioapic address space is added to transfer the MSI message. By default,
it will be system memory address space. When IR is enabled, it will be
IOMMU address space.

Currently, only emulated IOAPIC is supported.

Idea suggested by Jan Kiszka and Rita Sinha in the following patch:

https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg01933.html

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-21 20:43:49 +03:00
Michael S. Tsirkin
09cd058a2c intel_iommu: get rid of {0} initializers
Correct and portable in theory, but triggers warnings with older gcc
versions when -Wmissing-braces is enabled.
See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53119

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-21 20:43:43 +03:00
Peter Maydell
61ead113ae Pull request
v2:
  * Resolved merge conflict with block/iscsi.c [Peter]
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXj6TkAAoJEJykq7OBq3PI15oIAL24OFnMTFOAWyY2h3yfzGwe
 Gn1qzFOTHCXgbgVsolVuZnFU/SDn9WzMS9y6o7jcJykv++FdMSYUO7paPQAg9etX
 o9KOgyfUUDhskbaXEbTKxhqy7UvcyJsZYmjN+TD5tupfnrqGlmu6rkUPpSwGo++G
 u7CkAZewJc5SvsCdQRe3N10LbG4xU/j06cjCIHWDPRr+AV9qvsb9KkIOg3wkrhWN
 R83yj+yX6vhfQouHLoOlh3RYZ5HNo020JPum0jT1tGcoshKoFyu0prSRqNVVMqTY
 BepvWMhXbiq219HnFaQBtnysve9gWix4WhuCHtaAlaZDTBh945ZztsW7w7dubtA=
 =7ics
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

v2:
 * Resolved merge conflict with block/iscsi.c [Peter]

# gpg: Signature made Wed 20 Jul 2016 17:20:52 BST
# gpg:                using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request: (25 commits)
  raw_bsd: Convert to byte-based interface
  nbd: Convert to byte-based interface
  block: Kill .bdrv_co_discard()
  sheepdog: Switch .bdrv_co_discard() to byte-based
  raw_bsd: Switch .bdrv_co_discard() to byte-based
  qcow2: Switch .bdrv_co_discard() to byte-based
  nbd: Switch .bdrv_co_discard() to byte-based
  iscsi: Switch .bdrv_co_discard() to byte-based
  gluster: Switch .bdrv_co_discard() to byte-based
  blkreplay: Switch .bdrv_co_discard() to byte-based
  block: Add .bdrv_co_pdiscard() driver callback
  block: Convert .bdrv_aio_discard() to byte-based
  rbd: Switch rbd_start_aio() to byte-based
  raw-posix: Switch paio_submit() to byte-based
  block: Convert BB interface to byte-based discards
  block: Convert bdrv_aio_discard() to byte-based
  block: Switch BlockRequest to byte-based
  block: Convert bdrv_discard() to byte-based
  block: Convert bdrv_co_discard() to byte-based
  iscsi: Rely on block layer to break up large requests
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Conflicts:
	block/gluster.c
2016-07-21 11:00:36 +01:00
Peter Maydell
e66b05e9ca x86 queue, 2016-07-20
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJXj5O6AAoJECgHk2+YTcWmxR4P/ihirI3Ze+QrL1B5NbslzLR4
 BFZ+JJt224GLAXdOFu75cLj4t/sNHXzcOL48xVXYPJtSYztq82BpiRopHbH3uaaA
 Ta9gyu1cFsg8kSDxC5Ij6229r0hYt989LCPaUSlFgJb8PPmLbPbXH55JBFac7PDD
 CYSg/ogCth7CUBiDG7CRlZGHETWAMHQkMjQGV+PMMT0sUeNhKmYTfTVNwUBh4Ogh
 BBvTv0oXO8rFVZHWrlaU1NT9fSsLEsQLLokBwi/+SEa5i4wThEfTPw/dnivsMyIT
 SYaleap6tkU3FD6MmoMtg/alKjjPX5oBriS+KaZQahGqdel9HviCniMvrH2u5YZJ
 wNwL1U9iAPuW6DgKTeRaptJcidbaEKv8ji9RxtGE3dtxUnOSXGYAOPKts7W7tFLr
 KsMs4t18LnAFlJIThpYrk0UYkPG3Si8QKaoXYKEASQcfU+IQyxIWmJufCteQM9rV
 wxn04sshqdhCMzP1L3L/zWImRL+w3mEk3oDwi03ayzIBg9n5w8RY6cqL/3pwYgQS
 HEF0xNCAItwqCED36z5o6JYwTM30own/IOuxC5I8+rUf6Fajjnxa0r98bLu829E6
 kPuoLH0AX0tRKDU5onz002PS4JgP230Fp+8YCgpiNxj9tmqPxH3eGYOI3UASKLmK
 PoDnk5Lmy5zP9BpmzERt
 =hLqT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging

x86 queue, 2016-07-20

# gpg: Signature made Wed 20 Jul 2016 16:07:38 BST
# gpg:                using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-pull-request: (28 commits)
  pc: Make device_del CPU work for x86 CPUs
  target-i386: Add x86_cpu_unrealizefn()
  apic: Use apic_id as apic's migration instance_id
  (kvm)apic: Add unrealize callbacks
  apic: kvm-apic: Fix crash due to access to freed memory region
  apic: Drop APICCommonState.idx and use APIC ID as index in local_apics[]
  apic: move MAX_APICS check to 'apic' class
  pc: Implement query-hotpluggable-cpus callback
  pc: cpu: Allow device_add to be used with x86 cpu
  pc: Enforce adding CPUs contiguously and removing them in opposite order
  pc: Forbid BSP removal
  pc: Register created initial and hotpluged CPUs in one place pc_cpu_plug()
  pc: Delay setting number of boot CPUs to machine_done time
  pc: Set APIC ID based on socket/core/thread ids if it's not been set yet
  target-i386: Fix apic object leak when CPU is deleted
  target-i386: cpu: Do not ignore error and fix apic parent
  target-i386: Add support for UMIP and RDPID CPUID bits
  target-i386: Add socket/core/thread properties to X86CPU
  target-i386: Replace custom apic-id setter/getter with static property
  pc: cpu: Consolidate apic-id validity checks in pc_cpu_pre_plug()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-20 21:32:56 +01:00
Peter Maydell
3b55fbdcb0 Fixes for s390x in the css area.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXj4bbAAoJEN7Pa5PG8C+vZO8P/A/VXyR86+N3pBtHlG0AQHuS
 WelhHVfoI0CyYrxngyEdkMTlr2nmGhMCRoCwEK0OOL8ISyRx4vMbxCbxpNn2bjvg
 g1z8+eHC4FLRDIQCLg3Pl7Pr0rpJpg5P8icskMT5A2fuHEOjCTC6MwHMuxKYl/V0
 HMv0z5djx6NL/08VPwJXmyob/Kd1mP2oTnFvDyoAjQgX04FDjBxpfHqg0QlPvgst
 lupdo2h6u+c6yioHjxaSaO+WzOpBuBnd7Rq9iThXUJG31AlvA8ZT76GfW63j7X71
 8TWoP+vIY1CPaI5+iP+l06N1K7wZGoJa7YVnd2zhv4xv5JGR7YHDQwJ7so0dYP5p
 klyYv42nIY/xUSk3w7ZFG+cB8XyBasYug8ab562JZ+gen5ZOxwnwdeV8PXoafKnu
 ltzXXc+7/5lcwzH9hvK0A6P+c7LdLLtU0U5kvAwOfVVaNqsyepcdp47g2boDelVb
 nUXsCi/Q+2Wlx99IdWdNYo12moIGEj1te/uQxlabKvmh4NtDaAH2OyTw2R/H+J2q
 m0nf360pXEQuu33kI2Ws1OM2x+Uj2PV1dJvPCglupU4s+pKmO7RreRFLiVOfLPaQ
 chVSUwEhCfcwI6hGfHGx1EVmS2ORDfEaGZTUnM+Ic5ZtNUhc5jmF0xCl288M2Cs6
 WoMcMd8AMO1BZFVDfCeb
 =InaB
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20160720' into staging

Fixes for s390x in the css area.

# gpg: Signature made Wed 20 Jul 2016 15:12:43 BST
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20160720:
  s390x/css: provide a dev_path for css devices
  s390x/css: sch_handle_start_func() handles resume, too
  s390x/css: copy CCW format bit from ORB to SCSW

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-20 20:59:05 +01:00
Peter Maydell
6a426eb27e usb: xhci assert fix, add usbredir streams property
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXj2E5AAoJEEy22O7T6HE4V4YQANVSnCGcDAkgPyfKc1idzKrz
 tUakv/G3NRkFUXLInw/LCgvHz/Hz1ffFPXerW7VCJXjhXKwcJK0Yv9jAEchqt+Ux
 ZiCTW+/WoKqSHZRuxnsQUmVTHhGHqQ0lEhI/N8l/+kKt3/kVOJwof1HttIPtNvPB
 w7yU3evSx0YY2vFiPbQGrvk40pfjtB9rP3G4HuAJeT3C3dY0q2iqgZVZLO1M44OM
 wYE3YdNXOA8seN7lQhY9W+8bYsi9YpWF3yOlYKJ19qUNQbEjTVvy0g8lx04bXe9G
 +de7mos8/xXES7mcDc3ynMZI3pMjzcAl9x7X1rNuHMKpwzNl7MWZvZVVKIHHaF2Y
 34Glely1Cje4DYdH9hsWCf13eKzbNlrM2cxBVV9ZBp6ngM8+PMGkITPwPmcbaDyW
 ZgnFXGfJZvn8OUIrPS6WPj43OOuK/WWHUCdVw7OUR98pPqlSawoog1N5V+mL3YYi
 PjVC7wV1SmdBiptSSZI6InlY3b4WXU+uJNOV4pH+5nxLtirHtSMt0lLGS6b/RDKb
 IJvyf8IMT2sKfEntQjui330O8O/A08Y7QtN/1dbTSyFjRf9d+G8M2g7UNqFiXT7R
 HelDXzXRAnM5c/igdwFPnIxl+TTDZqe2FUYbzbkF1W/A/129/r6auBZFDubsr0z3
 6eASgbytwQlv/0NnAkuo
 =6gF5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160720-1' into staging

usb: xhci assert fix, add usbredir streams property

# gpg: Signature made Wed 20 Jul 2016 12:32:09 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-usb-20160720-1:
  usbredir: add streams property
  xhci: Fix possible side effect from assert()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-20 20:31:31 +01:00
Peter Maydell
518cb31fa7 qxl: fix qxl_set_dirty call in qxl_dirty_one_surface
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXj2BBAAoJEEy22O7T6HE4hGAP/03sTKlaYNad4FQDwBL/mrlr
 3m+SQuT+xlxwDC279wqZbcq8iCH4nqjAnjboMOVMROLn8Gd2MmBnPCO0YGMVl05a
 BfvOj79SqCSJjDXRyPAQEyiNLfcU2OCKe+gk9cqXRkJM9+D3ZBFOgP66h5IM9JbC
 oDkUCT1hWO8DiJ3zQQ34n2oZK0Maos7KNIpIHtJYLaWuzVe+LH8OPKnWguYNbKOg
 HgCYEYWS/viveWHIR4Zx7c+r4LAMalNrNpoHwADes3GNrOQ2O7wJgqDoMbGQ0+Tq
 MOv/ZVMV9w/+5ZcTBc77EXVFW4bs8xlrcdBBtKj62fj52nrNAiFFrewbMLbtUuaB
 x8OkN0zvAIZ/wvwFdK8bKW3v5SCAUWL4/17VbDsyIhfdLHau6xS3xhqyZqEjR4aV
 3nWLDczNnIB8Abhe9Cc/OW2+C2YG8v2+BqqXxeoZ8g29BTzEXBrf9/C1jMIvjezs
 /5vzn6uMlNWY0NY6jTqF3mv80tuxN/3GUcW38p0apQnM3Ce8VIy7ioXYeGmTdcKT
 FR/qX5Dg+rgl5nTzODZ3UPQMXfTM1+GreeW57RCVmKe9MqU+saNda83APaosPrvw
 ghc+m4kkLqTKjYTJx4zj5yiMy5vH8OeLIFdCId7ZzFNjQth6q3POoXrGMBu1+I49
 8vzswYehTN4SxtxfY1a4
 =VJWz
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160720-1' into staging

qxl: fix qxl_set_dirty call in qxl_dirty_one_surface

# gpg: Signature made Wed 20 Jul 2016 12:28:01 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-vga-20160720-1:
  qxl: fix qxl_set_dirty call in qxl_dirty_one_surface

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-20 19:41:20 +01:00
Peter Xu
651e4cefee intel_iommu: Add support for PCI MSI remap
This patch enables interrupt remapping for PCI devices.

To play the trick, one memory region "iommu_ir" is added as child region
of the original iommu memory region, covering range 0xfeeXXXXX (which is
the address range for APIC). All the writes to this range will be taken
as MSI, and translation is carried out only when IR is enabled.

Idea suggested by Paolo Bonzini.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:31:04 +03:00
Peter Xu
a4ca297e84 intel_iommu: add IR translation faults defines
Adding translation fault definitions for interrupt remapping. Please
refer to VT-d spec section 7.1.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:27 +03:00
Peter Xu
80de52ba87 intel_iommu: handle interrupt remap enable
Handle writting to IRE bit in global command register.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:27 +03:00
Peter Xu
a58614391d intel_iommu: define interrupt remap table addr register
Defined Interrupt Remap Table Address register to store IR table
pointer. Also, do proper handling on global command register writes to
store table pointer and its size.

One more debug flag "DEBUG_IR" is added for interrupt remapping.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:27 +03:00
Peter Xu
cfc13df462 acpi: add DMAR scope definition for root IOAPIC
To enable interrupt remapping for intel IOMMU device, each IOAPIC device
in the system reported via ACPI MADT must be explicitly enumerated under
one specific remapping hardware unit. This patch adds the root-complex
IOAPIC into the default DMAR device.

Please refer to VT-d spec 8.3.1.1 for more information.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:27 +03:00
Peter Xu
d54bd7f80a intel_iommu: set IR bit for ECAP register
Enable IR in IOMMU Extended Capability register.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:27 +03:00
Peter Xu
b79104722f intel_iommu: allow queued invalidation for IR
Queued invalidation is required for IR. This patch add basic support for
interrupt cache invalidate requests. Since we currently have no IR cache
implemented yet, we can just skip all interrupt cache invalidation
requests for now.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:27 +03:00
Peter Xu
d46114f9ec acpi: enable INTR for DMAR report structure
In ACPI DMA remapping report structure, enable INTR flag when specified.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:27 +03:00
Peter Xu
1121e0afdc x86-iommu: introduce "intremap" property
Adding one property for intel-iommu devices to specify whether we should
support interrupt remapping. By default, IR is disabled. To enable it,
we should use (take Intel IOMMU as example):

  -device intel_iommu,intremap=on

This property can be shared by Intel and future AMD IOMMUs.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:27 +03:00
Peter Xu
1cf5fd573f x86-iommu: provide x86_iommu_get_default
Instead of searching the device tree every time, one static variable is
declared for the default system x86 IOMMU device.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:27 +03:00
Peter Xu
04af0e18bc intel_iommu: rename VTD_PCI_DEVFN_MAX to x86-iommu
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:27 +03:00
Peter Xu
1c7955c450 x86-iommu: introduce parent class
Introducing parent class for intel-iommu devices named "x86-iommu". This
is preparation work to abstract shared functionalities out from Intel
and AMD IOMMUs. Currently, only the parent class is introduced. It does
nothing yet.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:27 +03:00
Marcel Apfelbaum
b1af7959a6 hw/versatile: realize the PCI root bus as part of the versatile init
'Realize' the PCI root bus manually since the 'realize' mechanism
does not propagate to child devices yet.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-07-20 19:30:27 +03:00
Marcel Apfelbaum
685f9a3428 hw/prep: realize the PCI root bus as part of the prep init
'Realize' the PCI root bus manually since the 'realize' mechanism
does not propagate to child devices yet.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-07-20 19:30:26 +03:00
Marcel Apfelbaum
3c3c1e3203 hw/grackle: fix PCI bus initialization
Delay the host-bridge 'realization' until the
PCI root bus is attached.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-07-20 19:30:26 +03:00
Marcel Apfelbaum
2f3ae0b2d4 hw/apb: fix PCI bus initialization
Create and connect the PCI root bus to the
host bridge before the later is 'realized'.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-07-20 19:30:26 +03:00
Marcel Apfelbaum
a8c1a75343 hw/mips: fix PCI bus initialization
Delay the host-bridge 'realization' until the
PCI root bus is attached.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: Leon Alrae <leon.alrae@imgtec.com>
Tested-by: Leon Alrae <leon.alrae@imgtec.com>
2016-07-20 19:30:26 +03:00
Marcel Apfelbaum
50d3bba9da hw/alpha: fix PCI bus initialization
Delay the host-bridge 'realization' until the
PCI root bus is attached.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-07-20 19:30:26 +03:00
Stefan Hajnoczi
cdcab9d941 nvdimm: fix memory leak in error code path
object_get_canonical_path_component() returns a heap-allocated string
that must be freed using g_free().

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-20 19:30:26 +03:00
Igor Mammedov
8fe6374e8e pc: Make device_del CPU work for x86 CPUs
ACPI subsystem already has all logic in place the only
thing left to eject CPU is destroy it and ammend
present CPUs counter in CMOS, do so.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:20 -03:00
Igor Mammedov
f6e984443f apic: Use apic_id as apic's migration instance_id
instance_id is generated by last_used_id + 1 for a given device type
so for QEMU with 3 CPUs instance_id for APICs is a seti of [0, 1, 2]
When CPU in the middle is hot-removed and migration started
APICs with instance_ids 0 and 2 are transferred in migration stream.
However target starts with 2 CPUs and APICs' instance_ids are
generated from scratch [0, 1] hence migration fails with error
  Unknown savevm section or instance 'apic' 2

Fix issue by manually registering APIC's vmsd with apic_id as
instance_id, in this case instance_id on target will always
match instance_id on source as apic_id is the same for a given
cpu instance.

Reported-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:19 -03:00
Igor Mammedov
9c156f9de5 (kvm)apic: Add unrealize callbacks
Callbacks will do necessary cleanups before APIC device is deleted

Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Signed-off-by: Gu Zheng <guz.fnst@cn.fujitsu.com>
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:19 -03:00
Igor Mammedov
365aa1131f apic: kvm-apic: Fix crash due to access to freed memory region
kvm-apic.io_memory memory region had its parent set to NULL at
memory_region_init_io() time, so it ended up as a child in
 /unattached contaner.
As result when kvm-apic instance was deleted, the child property
 /unattached/kvm-apic-msi[XXX] contained a reference to
kvm-apic.io_memory address which was freed as part of kvm-apic.

Do the same as 'apic' and make kvm-apic instance the owner
of the memory region so that it won't end up in /unattached
and gets cleanly released along with related kvm-apic instance.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:19 -03:00
Igor Mammedov
1dfe3282cf apic: Drop APICCommonState.idx and use APIC ID as index in local_apics[]
local_apics[] is sized to contain all APIC ID supported in xAPIC mode,
so use APIC ID as index in it instead of constantly increasing counter idx.

Fixes error "apic initialization failed" when a CPU hotplugged and
unplugged more times than there are free slots in local_apics[].

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:19 -03:00
Igor Mammedov
889211b18b apic: move MAX_APICS check to 'apic' class
MAX_APICS is only used by child 'apic' class and not
by its parent TYPE_APIC_COMMON or any other derived
class.

Move check into end user 'apic' class so it won't
get in the way of other APIC implementations
if they support more then MAX_APICS.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:19 -03:00
Igor Mammedov
4d952914a0 pc: Implement query-hotpluggable-cpus callback
it returns a list of present/possible to hotplug CPU
objects with a list of properties to use with
device_add.

in PC case returned list would looks like:
-> { "execute": "query-hotpluggable-cpus" }
<- {"return": [
     {
        "type": "qemu64-x86_64-cpu", "vcpus-count": 1,
        "props": {"core-id": 0, "socket-id": 1, "thread-id": 0}
     },
     {
        "qom-path": "/machine/unattached/device[0]",
        "type": "qemu64-x86_64-cpu", "vcpus-count": 1,
        "props": {"core-id": 0, "socket-id": 0, "thread-id": 0}
     }
   ]}

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:19 -03:00
Igor Mammedov
4da7faaeb0 pc: Enforce adding CPUs contiguously and removing them in opposite order
It will still allow us to use cpu_index as migration instance_id
since when CPUs are added contiguously (from the first to the last)
and removed in opposite order, cpu_index stays stable and it's
reproducible on destination side.

While there is work in progress to support migration when there
are holes in cpu_index range resulting from out-of-order plug or
unplug, this patch is intended as an interim solution until
cpu_index usage is cleaned up.

As result of this patch it would be possible to plug/unplug CPUs,
but in limited order that doesn't break migration.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:19 -03:00
Igor Mammedov
73360e2785 pc: Forbid BSP removal
Boot CPU is assumed to always present in QEMU code, so
untile that assumptions are gone, deny removal request,
In another words QEMU won't support BSP hot-unplug.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:19 -03:00
Igor Mammedov
a44a49dbf2 pc: Register created initial and hotpluged CPUs in one place pc_cpu_plug()
Consolidate possible_cpus array management in pc_cpu_plug() for
smp_cpus, coldplugged with -device and hotplugged with
device_add.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:18 -03:00
Igor Mammedov
ba157b696c pc: Delay setting number of boot CPUs to machine_done time
Currently present CPUs counter in CMOS only contains
smp_cpus (i.e. initial CPUs specified with -smp X) and
doesn't account for CPUs created with -device.
If VM is started with additional CPUs added with
 -device, it will hang in BIOS waiting for condition
   smp_cpus == counted_cpus
forever as counted_cpus will include -device CPUs as well
and be more than smp_cpus.

Make present CPUs counter in CMOS to count all CPUs
(initial and coldplugged with -device) by delaying
it to machine done time when it possible to count
CPUs added with -device.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
2016-07-20 12:02:18 -03:00
Igor Mammedov
e8f7b83e88 pc: Set APIC ID based on socket/core/thread ids if it's not been set yet
CPU added with device_add help won't have APIC ID set,
so set it according to socket/core/thread ids provided
with device_add command.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:18 -03:00
Igor Mammedov
d89c2b8b98 target-i386: Add socket/core/thread properties to X86CPU
These properties will be used by as address where to plug
CPU with help -device/device_add commands.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:18 -03:00
Igor Mammedov
4ec60c76d5 pc: cpu: Consolidate apic-id validity checks in pc_cpu_pre_plug()
Machine code knows about all possible APIC IDs so use that
instead of hack which does O(n^2) complexity duplicate
checks, interating over global CPUs list.
As result duplicate check is done only once with O(log n) complexity.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 12:02:17 -03:00
Igor Mammedov
7baef5cfea pc: Extract CPU lookup into a separate function
It will be reused in the next patch at pre_plug time

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-20 11:58:44 -03:00
Cornelia Huck
2a79eb1a61 s390x/css: provide a dev_path for css devices
We need to implement the get_dev_path method for the css bus, or
else we might end up with two different devices having the same
qdev_path.

This was noticed when adding two scsi_hd controllers: The SCSIBus
code will produce a non-unique dev_path for vmstate usage if the
parent bus does not provide the get_dev_path method.

We simply use the device's bus id, as this is unique and we won't
have any deeper hierarchy from a channel subsystem perspective
anyway.

Note that we need to disable this for older machine versions,
as this changes the migration format.

Reported-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Tested-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-20 15:47:25 +02:00
Sascha Silbe
727a0424dd s390x/css: sch_handle_start_func() handles resume, too
It's not obvious from the code flow that sch_handle_start_func() gets
called for rsch. Add some comments explaining this.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-20 15:47:25 +02:00
Sascha Silbe
485dd69088 s390x/css: copy CCW format bit from ORB to SCSW
The CCW Format (F) flag of the Subchannel-Status Word (SCSW) indicates
the format of the CCWs "associated with an I/O operation", i.e. the
value of CCW-Format Control (F) bit of the Operation-Request Block
(ORB).

Copy the CCW format bit from the ORB to the SCSW so we correctly
indicate the format of the CCWs to the guest.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-20 15:47:25 +02:00
Peter Maydell
3b2e6798ff QAPI patches for 2016-07-19
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXjnLvAAoJEDhwtADrkYZTkd0P/iVsviq3WwxjmpbjyYDqgBYl
 2hj9XL8ZtYGwFIU9WZXdu16lXlXtZom9u8XzspXIvhy5McNeWDxYarbE2kByyjac
 rl4873YzIspVKPPFMl2LWsHwtq7LLGzFF+f+ofjHN81ZdM6qTwZBe00gxxY8281I
 6x1aQYkhOAmqJAlqqnEVk76WtdScs23mdbqmy1LzGD3ZBKvDa8IasogAKvZquNZX
 P16kYdq9QFqFJ30non9fWg9VQWtdryisseVhpSY/PXlrM4H+XPDK4hvegr3pjN8S
 yqtmKkPOuVWQyCfRz6UWBP0ncz3QN7iOiVLqb6TJgxJ8jFp3lbEEsXsCkvpSWjOU
 JDFOcGuiE1AVoZF8NxWQ3fdLiHt2jyCgY7iqgbNc1A3eT2H5IshIc7OF5QOU7MtP
 EYqk5bXiusUftuvZE5Mh0pXJ5AeOEOoXM+/dGRt3IRxPtqOWlW7/NM4YGgMD9XFg
 83i5OIjdOBa1HYvetfEl3oKYsu+2zGsSqz4AH3CDIWJ8aoWJ9RNId3JJWFf+jyFR
 S+l7wMyFYdzDL7VqUmIy8xrVgc0IQPYT0udcjdOciEej873roEVencQ07VnK2zN0
 aiAmAN/BQFO0HmmH4rBvTcLxF06+HnW0CwKii0mlAeisUFTQJEDmyg823Uc+MAGl
 4pGFqDUbnzsy8xK3HCCP
 =MhfL
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-07-19' into staging

QAPI patches for 2016-07-19

# gpg: Signature made Tue 19 Jul 2016 19:35:27 BST
# gpg:                using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2016-07-19:
  net: Use correct type for bool flag
  qapi: Change Netdev into a flat union
  block: Simplify drive-mirror
  block: Simplify block_set_io_throttle
  qapi: Implement boxed types for commands/events
  qapi: Plumb in 'boxed' to qapi generator lower levels
  qapi-event: Simplify visit of non-implicit data
  qapi: Drop useless gen_err_check()
  qapi: Add type.is_empty() helper
  qapi: Hide tag_name data member of variants
  qapi: Special case c_name() for empty type
  qapi: Require all branches of flat union enum to be covered
  net: use Netdev instead of NetClientOptions in client init
  qapi: change QmpInputVisitor to QSLIST
  qapi: change QmpOutputVisitor to QSLIST

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-20 14:34:08 +01:00
Eric Blake
1c6c4bb7f0 block: Convert BB interface to byte-based discards
Change sector-based blk_discard(), blk_co_discard(), and
blk_aio_discard() to instead be byte-based blk_pdiscard(),
blk_co_pdiscard(), and blk_aio_pdiscard().  NBD gets a lot
simpler now that ignoring the unaligned portion of a
byte-based discard request is handled under the hood by
the block layer.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1468624988-423-6-git-send-email-eblake@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-07-20 14:11:55 +01:00
Gerd Hoffmann
87ae924b73 usbredir: add streams property
Enabled by default, can be used to turn off (usb3) streams support.
xhci has a such a property too (same name, same default).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1468408474-17648-1-git-send-email-kraxel@redhat.com
2016-07-20 13:31:20 +02:00
Alexey Kardashevskiy
f81bb347ef xhci: Fix possible side effect from assert()
A static analysis tool called BEAM detected possible side effect from
assert() calling a helper which may change an XHCI ring after every call.

This moves xhci_ring_fetch() out of assert() so it will be called
with and without enabled debug.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-id: 1468812548-31868-1-git-send-email-aik@ozlabs.ru
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-07-20 13:31:09 +02:00
Gerd Hoffmann
e0127d2eec qxl: fix qxl_set_dirty call in qxl_dirty_one_surface
qxl_set_dirty() expects start and end as range specification.
qxl_dirty_one_surface passes 'size' instead of 'offset + size' as end
parameter.  Fix that.  Also use uint64_t everywhere while being at it.

Bug was added by "e25139b qxl: set only off-screen surfaces dirty instead
of the whole vram" and carried forward unnoticed by "5cdc402 qxl: fix
surface migration".

Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1468413187-22071-1-git-send-email-kraxel@redhat.com
2016-07-20 12:08:14 +02:00
Eric Blake
0e55c381f6 net: Use correct type for bool flag
is_netdev is only used as a bool, so make it one.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1468468228-27827-14-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-19 20:18:27 +02:00
Eric Blake
f394b2e20d qapi: Change Netdev into a flat union
This is a mostly-mechanical conversion that creates a new flat
union 'Netdev' QAPI type that covers all the branches of the
former 'NetClientOptions' simple union, where the branches are
now listed in a new 'NetClientDriver' enum rather than generated
from the simple union.  The existence of a flat union has no
change to the command line syntax accepted for new code, and
will make it possible for a future patch to switch the QMP
command to parse a boxed union for no change to valid QMP; but
it does have some ripple effect on the C code when dealing with
the new types.

While making the conversion, note that the 'NetLegacy' type
remains unchanged: it applies only to legacy command line options,
and will not be ported to QMP, so it should remain a wrapper
around a simple union; to avoid confusion, the type named
'NetClientOptions' is now gone, and we introduce 'NetLegacyOptions'
in its place.  Then, in the C code, we convert from NetLegacy to
Netdev as soon as possible, so that the bulk of the net stack
only has to deal with one QAPI type, not two.  Note that since
the old legacy code always rejected 'hubport', we can just omit
that branch from the new 'NetLegacyOptions' simple union.

Based on an idea originally by Zoltán Kővágó <DirtY.iCE.hu@gmail.com>:
Message-Id: <01a527fbf1a5de880091f98cf011616a78adeeee.1441627176.git.DirtY.iCE.hu@gmail.com>
although the sed script in that patch no longer applies due to
other changes in the tree since then, and I also did some manual
cleanups (such as fixing whitespace to keep checkpatch happy).

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1468468228-27827-13-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Fixup from Eric squashed in]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-19 20:18:02 +02:00
Peter Maydell
acd8279621 arm_gicv3: Add assert()s to tell Coverity that offsets are aligned
Coverity complains that the GICR_IPRIORITYR case in gicv3_readl()
can overflow an array, because it doesn't know that the offsets
passed to that function must be word aligned. Add some assert()s
which hopefully tell Coverity that this isn't possible.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1468261372-17508-1-git-send-email-peter.maydell@linaro.org
2016-07-19 17:56:27 +01:00
Peter Maydell
a3b3437721 * two old patches from prospective GSoC students
* i386 -kernel device tree support
 * Coverity fix
 * memory usage improvement from Peter
 * checkpatch fix
 * g_path_get_dirname cleanup
 * caching of block status for iSCSI
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJXjcwdAAoJEL/70l94x66D0s8IAKyEBxtATSXZG90jJR+uoCbv
 oK6ea9RDWUZxa2hKjcXh9Be+g4pTv99BqTKJJt+uwkFHAAJl0gvVty+EHE/2sfyo
 Nlt9FlWibxBdSoHxeCq4jg9APWORxcSx3rspg0I8TdxbweKdm9onvXEjfvmhucqG
 FfPSIHg5vsoutCPEDTXfaJDFiLw+rV7Em53kxD/y4VhHZlAWhahpCHSL/lWGRoLp
 B0mKvoHhqHR/EqJr7y7fuga+Aoimyh8R6dUfpxuXQely3309V7znhq0erPQWvSwX
 JKRITmGbWW3HOjplqBT971eH5iH0bDEryx91Oas9VNpm9eGr6qygePhc1eMszxE=
 =pBxf
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* two old patches from prospective GSoC students
* i386 -kernel device tree support
* Coverity fix
* memory usage improvement from Peter
* checkpatch fix
* g_path_get_dirname cleanup
* caching of block status for iSCSI

# gpg: Signature made Tue 19 Jul 2016 07:43:41 BST
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  target-i386: Remove redundant HF_SOFTMMU_MASK
  block/iscsi: allow caching of the allocation map
  block/iscsi: fix rounding in iscsi_allocationmap_set
  Move README to markdown
  cpu-exec: Move down some declarations in cpu_exec()
  exec: avoid realloc in phys_map_node_reserve
  checkpatch: consider git extended headers valid patches
  megasas: remove useless check for cmd->frame
  compiler: never omit assertions if using a static analysis tool
  hw/i386: add device tree support
  Changed malloc to g_malloc, free to g_free in bsd-user/qemu.h
  use g_path_get_dirname instead of dirname

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-19 15:08:05 +01:00
Peter Maydell
d25321f210 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJXjZGEAAoJEO8Ells5jWIR8z8H/0TDJyMKdRsq2STHKpyAyqyy
 LSeqP90hwoe9q9D0oeaQtmqxkETZl/vMIfJjS4wFnN0GJYXFQsZyq3MdiOL+4G46
 lgfIofSFogUG/wow+0Sklgm+KjeVFsbwGz2E+t45P4FEgy6HjzdWQ6jKAcpa4Bnr
 fd8DwlxCENteI2YeO9cyzYUNvnToJWsvI+dqKbctqPflzFMcVEehq+ExEVqgdqpk
 84MNcQtHIRGUpfahz8TGkqQsdclvPke6B3DLdOWwi9nun9OZ/RJEinS22sahBuIV
 3aG7IQaUoHjvnbwx6ItRTQlv7gXAiVWg9hUDYexsyX6rtMzzDKd751ACXqv4qWw=
 =sVRr
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Tue 19 Jul 2016 03:33:40 BST
# gpg:                using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  e1000e: fix building without CONFIG_VMXNET3_PCI
  MAINTAINERS: release Scott from being a rocker maintainer
  tap: fix memory leak on failure to create a multiqueue tap device
  net: fix incorrect argument to iov_to_buf
  net: fix incorrect access to pointer
  e1000e: fix incorrect access to pointer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-19 13:00:35 +01:00
Peter Maydell
ad31cd4c69 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQIcBAABAgAGBQJXjV3bAAoJEH3vgQaq/DkOArAQAKc03QhwukqT2aZ5zs7kZ1Hv
 PCHrISL0dKGK3YfyiSitppoxr6eBoBR9UIEjaNlW0XwujqwWdWfJ7kIbVSGAyWqR
 YWmV+bA+TUWXz+tFbeDI0maMH9GNVCAuvQiqldmJxhZ303pf5cksZ9CqiALSylTY
 t5XUB6nhV7MPto63C2X2xjLkKxlsT9KOTsYxGVgVXwUzgW1lAuu8Lo6eNULXCgUa
 j+azgSFAiUOKwfKxcKD25kPOxgWlrxkGRc2LdFlopEzShENROhR2r9ut3okgAoM4
 KPVIE3jSsLMhNr9bRQRUJw53vRSL/bxFvlCdzKiBFSo7wNMKWNA9RWF6+If1Jvoi
 Am+BzINCfNfoFmqlXppqWGlapk9ZtmDGbPwaUyT6NJ9axAASTQxcj8QOjGEX07UE
 ubvzIXx7D1Amo59/4RWRXVDpMb9+p3npqkuCL+DWZzq7EVB42ig8+fKhijhS4jUK
 2DA7uL4orUjUIoTbJZsKciw7MfaWuP2/SnP1VRNRXSsiNg5N4qJDUB6Wo5AKksQB
 LWP4Ou4irPj/ZGvMhJBMMOQ5kl2maqj8beP9pVjltVjGVzAihAyuXHUqjPdqe1R9
 PLQidHKCb1OaJWi3c53vayuzlINH9iY+adjgSuYxi1QOZ+uqEsjSs+3+m1gyTOeh
 sd8VU/TtJbiGBCh9VTTf
 =9N8+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Mon 18 Jul 2016 23:53:15 BST
# gpg:                using RSA key 0x7DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/ide-pull-request:
  block: ignore flush requests when storage is clean
  tests: in IDE and AHCI tests perform DMA write before flushing
  ide: set retry_unit for PIO and FLUSH requests
  ide: refactor retry_unit set and clear into separate function

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-19 11:47:07 +01:00
Peter Maydell
08b558f07b VFIO update 2016-07-18
One fix for 2.7-rc0 which hides the ARI extended capability, fixing
 multifunction support in PCIe configurations where the assigned device
 function topology does not match the host (Alex Williamson)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJXjQujAAoJECObm247sIsieFIQAIAm7rl4CT1kpIbeoJi0C9Ri
 0DnWnNQC5RtP9M4OMOpCReN2xol48XvZEpfQWorn6txH4xwKrF242MzQIABsP9u2
 6iOtHcGpKAx8ffRsdJAV5Ejuo/khtzNMFoxuioje06xEW2yQ5nHBcievwuxxggH0
 RcXNRMr09DwAC2eB6jYOuQcm5qkOy53t/t4oVBM+agd/C9epr+VHDvNarN2ZpL8t
 BLLBKESEhuUGRr3Vo7da9wnszBpxyP1PYameNLaEY6rZ5vcyU6Dcec5Y/zsaJZV2
 yHAr50UyGop6fK/azPTgL+GV/OWrwawn6KatiCEVQD3Yz/ZzvXIoNXLX6pR4xjqF
 AN+KmjcBoi9q6hiKLcbSZXJPzGi52HJlko+uMH6m1xhDzOlwznHw9ZaVZ8rd+idv
 wnuSjVoJGN8PG2tBoMwYTe3iIvVJLlvckGsxeeoHfVR/64NMUtaDBcd+BYNdy9iK
 CAqBq/MXNBPkNWkVXjC8mnbLGvXSBKHBlLieFpEYiBUJXnHblqojN/H345ZVVvby
 uIMqOOeanaVBZ0jNP39u6F5Qzp8mcR1GKphfFg6YaSzNLw0IgF2CQ4qwHbIBMA4v
 HUlNAoIxSKQe6Rk/8SFjyfzgVrJ4U18NhRTrSySvEupZgZvizXacjLYQNkTo1MN5
 STV2TpoVG18nl9KKhdG+
 =40ci
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20160718.0' into staging

VFIO update 2016-07-18

One fix for 2.7-rc0 which hides the ARI extended capability, fixing
multifunction support in PCIe configurations where the assigned device
function topology does not match the host (Alex Williamson)

# gpg: Signature made Mon 18 Jul 2016 18:02:27 BST
# gpg:                using RSA key 0x239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* remotes/awilliam/tags/vfio-update-20160718.0:
  vfio/pci: Hide ARI capability

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-19 09:02:05 +01:00
Evgeny Yakovlev
35f78ab469 ide: set retry_unit for PIO and FLUSH requests
The following sequence of tests discovered a problem in IDE emulation:
1. Send DMA write to IDE device 0
2. Send CMD_FLUSH_CACHE to same IDE device which will be failed by block
layer using blkdebug script in tests/ide-test:test_retry_flush

When doing DMA request ide/core.c will set s->retry_unit to s->unit in
ide_start_dma. When dma completes ide_set_inactive sets retry_unit to -1.
After that ide_flush_cache runs and fails thanks to blkdebug.
ide_flush_cb calls ide_handle_rw_error which asserts that s->retry_unit
== s->unit. But s->retry_unit is still -1 after previous DMA completion
and flush does not use anything related to retry.

This patch restricts retry unit assertion only to ops that actually use
retry logic.

Signed-off-by: Evgeny Yakovlev <eyakovlev@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1468870792-7411-3-git-send-email-den@openvz.org
CC: Kevin Wolf <kwolf@redhat.com>
CC: Max Reitz <mreitz@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Fam Zheng <famz@redhat.com>
CC: John Snow <jsnow@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
2016-07-18 18:19:01 -04:00
Evgeny Yakovlev
0eeee07e24 ide: refactor retry_unit set and clear into separate function
Code to set and clear state associated with retry in moved into
ide_set_retry and ide_clear_retry to make adding retry setups easier.

Signed-off-by: Evgeny Yakovlev <eyakovlev@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1468870792-7411-2-git-send-email-den@openvz.org
CC: Kevin Wolf <kwolf@redhat.com>
CC: Max Reitz <mreitz@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Fam Zheng <famz@redhat.com>
CC: John Snow <jsnow@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
2016-07-18 18:19:01 -04:00
Alex Williamson
383a7af7ec vfio/pci: Hide ARI capability
QEMU supports ARI on downstream ports and assigned devices may support
ARI in their extended capabilities.  The endpoint ARI capability
specifies the next function, such that the OS doesn't need to walk
each possible function, however this next function is relative to the
host, not the guest.  This leads to device discovery issues when we
combine separate functions into virtual multi-function packages in a
guest.  For example, SR-IOV VFs are not enumerated by simply probing
the function address space, therefore the ARI next-function field is
zero.  When we combine multiple VFs together as a multi-function
device in the guest, the guest OS identifies ARI is enabled, relies on
this next-function field, and stops looking for additional function
after the first is found.

Long term we should expose the ARI capability to the guest to enable
configurations with more than 8 functions per slot, but this requires
additional QEMU PCI infrastructure to manage the next-function field
for multiple, otherwise independent devices.  In the short term,
hiding this capability allows equivalent functionality to what we
currently have on non-express chipsets.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2016-07-18 10:55:17 -06:00
Cao jin
ab3b9c1be8 virtio-blk: dataplane cleanup
No need duplicate the judgment, there is one in function entry.

Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Max Reitz <mreitz@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1468814749-14510-1-git-send-email-caoj.fnst@cn.fujitsu.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-07-18 15:10:52 +01:00
Jason Wang
103916cbe9 e1000e: fix building without CONFIG_VMXNET3_PCI
e1000e needs net_tx_pkt.o and net_rx_pkt.o too.

Cc: Dmitry Fleytman <dmitry.fleytman@ravellosystems.com>
Cc: Leonid Bloch <leonid.bloch@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-07-18 16:17:02 +08:00
Paolo Bonzini
1ac6c07f42 e1000e: fix incorrect access to pointer
This is not dereferencing the pointer, and instead checking only
the value of the pointer.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-07-18 16:16:20 +08:00
Bharata B Rao
5cbc64de25 spapr: Ensure CPU cores are added contiguously and removed in LIFO order
If CPU core addition or removal is allowed in random order leading to
holes in the core id range (and hence in the cpu_index range), migration
can fail as migration with holes in cpu_index range isn't yet handled
correctly.

Prevent this situation by enforcing the addition in contiguous order
and removal in LIFO order so that we never end up with holes in
cpu_index range.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-18 10:40:27 +10:00
David Gibson
21bb3093e6 vfio/spapr: Remove stale ioctl() call
This ioctl() call to VFIO_IOMMU_SPAPR_TCE_REMOVE was left over from an
earlier version of the code and has since been folded into
vfio_spapr_remove_window().

It wasn't caught because although the argument structure has been removed,
the libc function remove() means this didn't trigger a compile failure.
The ioctl() was also almost certain to fail silently and harmlessly with
the bogus argument, so this wasn't caught in testing.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2016-07-18 10:40:27 +10:00
Mark Cave-Ayland
2df778967b dbdma: reset io->processing flag for unassigned DBDMA channel rw accesses
Otherwise MacOS 9 hangs upon shutdown.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-18 10:40:27 +10:00
Mark Cave-Ayland
894993905d dbdma: set FLUSH bit upon reception of flush command for unassigned DBDMA channels
This fixes MacOS 9 whereby it continually flushes and polls the status bits
until they are set to indicate a successful flush.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-18 10:40:27 +10:00
Mark Cave-Ayland
e12f50b900 dbdma: fix load_word/store_word value endianness
The values to read/write to/from physical memory are copied directly to the
physical address with no endian swapping required.

Also add some extra information to debugging output while we are here.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-18 10:40:27 +10:00
Mark Cave-Ayland
3f0d4128dc dbdma: fix endian of DBDMA_CMDPTR_LO during branch
The current DBDMA command is stored in little-endian format, so make sure
we convert it to match our CPU when updating the DBDMA_CMDPTR_LO register.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-18 10:40:27 +10:00
Mark Cave-Ayland
3e49c43940 dbdma: add per-channel debugging enabled via DEBUG_DBDMA_CHANMASK
By default large amounts of DBDMA debugging are produced when often it is just
1 or 2 channels that are of interest. Introduce DEBUG_DBDMA_CHANMASK to allow
the developer to select the channels of interest at compile time, and then
further add the extra channel information to each debug statement where
possible.

Also clearly mark the start/end of DBDMA_run_bh to allow tracking the bottom
half execution.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-18 10:40:27 +10:00
Mark Cave-Ayland
ba0b17dd8f dbdma: always define DBDMA_DPRINTF and enable debug with DEBUG_DBDMA
Enabling DBDMA_DPRINTF unconditionally ensures that any errors in debug
statements are picked up immediately.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-18 10:40:27 +10:00
Greg Kurz
44d691f7d9 spapr: fix core unplug crash
If the host has 8 threads/core and the guest is started with:

-smp cores=1,threads=4,maxcpus=12

It is possible to crash QEMU by doing:

(qemu) device_add host-spapr-cpu-core,core-id=16,id=foo
(qemu) device_del foo
Segmentation fault

This happens because spapr_core_unplug() assumes cpu_dt_id == core_id.
As long as cpu_dt_id is derived from the non-table cpu_index, this is
only true when you plug cores with contiguous ids.

It is safer to be consistent: the DR connector was created with an
index that is immediately written to cc->core_id, and spapr_core_plug()
also relies on cc->core_id.

Let's use it also in spapr_core_unplug().

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-18 10:40:27 +10:00
Paolo Bonzini
8cc46787b5 megasas: remove useless check for cmd->frame
megasas_enqueue_frame always returns with non-NULL cmd->frame.
Remove the "else" part as it is dead code.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-17 09:59:21 +02:00
Antonio Borneo
3cbeb52467 hw/i386: add device tree support
With "-dtb" on command-line:
- append the device tree blob to the kernel image;
- pass the blob's pointer to the kernel through setup_data, as
  requested by upstream kernel commit da6b737b9ab7 ("x86: Add
  device tree support").

The device tree blob is passed as-is to the guest; none of its
fields is modified nor updated. This is not an issue; the kernel
commit above uses the device tree only as an extension to the
traditional kernel configuration.

To: "Michael S. Tsirkin" <mst@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
To: Richard Henderson <rth@twiddle.net>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: qemu-devel@nongnu.org
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Message-Id: <1459973054-2777-1-git-send-email-borneo.antonio@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-17 09:59:21 +02:00
Peter Maydell
14c7d99333 target-arm queue:
* add virtio-mmio transport base address to device path
    (avoid an assertion failure with multiple virtio-scsi-devices)
  * revert hw/ptimer commit 5a50307 which causes regressions on
    SPARC guests
  * use Neon to accelerate zero-page checking on AArch64 hosts
  * set the MPIDR for TCG to match how KVM does it (and fit with
    GICv2/GICv3 restrictions on SGI target lists)
  * add some missing AArch32 TLBI hypervisor TLB operations
  * m25p80: Fix QIOR/DIOR handling for Winbond
  * hw/misc: fix typo in Aspeed SCU hw-strap2 property name
  * ast2400: pretend DMAs are done for U-boot
  * ast2400: some minor code cleanups
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJXh7wKAAoJEDwlJe0UNgzeTKUQAJFbi+fyN5m4ubkrgtVHUbpl
 H8msZTYt1Ce7k4uYmUan18fBDAqJgDOYupzU7inAlAVo32h0+iYQNRmedyXvaxA3
 ihL5GWGWTKm9t/ZP0Od2xo4VlSIGl3sI+WLFTJBtPdVUw7ZMT8/j3NiE3hgayTBd
 xn4N+bcV0ODf1vUhEJc5lma6eWDPjclZGReN3yyaAzhD43pyG+ScR4Kz8vLlEYhj
 KoGdD39RdO+Ya+B6fYHEAFCeXyJOtbIuS3dD+g9qkWwRx0sdeWnokK8H0eixuD4G
 lriFjit6GxIyPQ1lGhVhVQxeP72ghyNJxStRqgvjKDEEs5jJc4XZUgoUwlpk+Bno
 GQHG4KVtS+PZrDnEhM9nq5zZ0HuOv3asS08g/y1fEBqPg1z5eFJ4B+4lVDY9PcxZ
 0vPgMiClqNz5d+4RK/QfX0ebKG8gJJql1AK/DAw0pGh5/AoAah8gC1thHs7LUxOn
 f3hrglN75WZwkLnqQ7qdP+d1iJ6VbmMDhXrsL6Ar8ASx1V/AGGUsoXtSEZGEePFV
 4gh8CRGV5X/g2wTrdpsQWtCWcHC7oUBspB156aNNyqR+cUWnHBRKBDXv/CWgMmc+
 2zhim8sGVECoD7NYj826bps60ZHyFf83j9WZ5uod2jdAqooLba5Had8eYq7UAFnG
 irmYuzZrCooaIvYow10b
 =+HaT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160714' into staging

target-arm queue:
 * add virtio-mmio transport base address to device path
   (avoid an assertion failure with multiple virtio-scsi-devices)
 * revert hw/ptimer commit 5a50307 which causes regressions on
   SPARC guests
 * use Neon to accelerate zero-page checking on AArch64 hosts
 * set the MPIDR for TCG to match how KVM does it (and fit with
   GICv2/GICv3 restrictions on SGI target lists)
 * add some missing AArch32 TLBI hypervisor TLB operations
 * m25p80: Fix QIOR/DIOR handling for Winbond
 * hw/misc: fix typo in Aspeed SCU hw-strap2 property name
 * ast2400: pretend DMAs are done for U-boot
 * ast2400: some minor code cleanups

# gpg: Signature made Thu 14 Jul 2016 17:21:30 BST
# gpg:                using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20160714:
  ast2400: externalize revision numbers
  ast2400: pretend DMAs are done for U-boot
  ast2400: replace aspeed_smc_is_implemented()
  hw/misc: fix typo in Aspeed SCU hw-strap2 property name
  m25p80: Fix QIOR/DIOR handling for Winbond
  target-arm: Add missed AArch32 TLBI sytem registers
  hw/arm/virt: tcg: adjust MPIDR like KVM
  gic: provide defines for v2/v3 targetlist sizes
  target-arm: Use Neon for zero checking
  Revert "hw/ptimer: Perform counter wrap around if timer already expired"
  virtio-mmio: format transport base address in BusClass.get_dev_path

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 17:32:53 +01:00
Cédric Le Goater
79a9f323a8 ast2400: externalize revision numbers
AST2400_A0_SILICON_REV is defined twice. Fix this by including the
definition in the header file as well as the routine to check if a
silicon revision is supported. It will useful to reuse in other
controllers.

Let's add also AST2500_A0_SILICON_REV for future use.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467994016-11678-5-git-send-email-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 16:51:39 +01:00
Cédric Le Goater
2e1f05020b ast2400: pretend DMAs are done for U-boot
U-boot does SPI timing calibration using DMA tranfers. To let the
initialization continue, we fake success by setting the DMA status of
the Interrupt Control Register.

For the moment, DMA support is not required as it is not used in
normal operation.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467994016-11678-4-git-send-email-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 16:51:38 +01:00
Cédric Le Goater
97c2ed5dbd ast2400: replace aspeed_smc_is_implemented()
aspeed_smc_is_implemented() filters invalid registers in a peculiar
way. Let's remove it and open code the if conditions. It serves the
same purpose, the aesthetic is better, and new registers can easily be
added.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467994016-11678-3-git-send-email-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 16:51:38 +01:00
Cédric Le Goater
2ddfa2817b hw/misc: fix typo in Aspeed SCU hw-strap2 property name
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467994016-11678-2-git-send-email-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 16:51:38 +01:00
Marcin Krzeminski
fe84770528 m25p80: Fix QIOR/DIOR handling for Winbond
Winbond also support continuous read mode, but as an opposite for other
flash type read mode clock cycles are included to dummy cycles number.
This path add proper handling of read mode byte and update needed
dummy cycles. QPI mode and dummy cycles configuration are not supported.

Signed-off-by: Marcin Krzeminski <marcin.krzeminski@nokia.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467809036-6986-1-git-send-email-marcin.krzeminski@nokia.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 16:51:38 +01:00
Andrew Jones
95eb49c8a3 hw/arm/virt: tcg: adjust MPIDR like KVM
KVM adjusts the MPIDR of guest vcpus based on the architecture of
the host, 32-bit vs. 64-bit, and, for 64-bit, also on the type of
GIC the guest is using. To be consistent and improve SGI efficiency
we make the same adjustments for TCG as 64-bit KVM hosts. We neglect
to add consistency with 32-bit KVM hosts, as that would reduce SGI
efficiency and KVM is expected to change.

As MPIDR is a system register, and thus guest visible, we only make
adjustments for current and later versioned machines.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 1467378129-23302-3-git-send-email-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 16:51:37 +01:00
Dmitry Osipenko
56215da394 Revert "hw/ptimer: Perform counter wrap around if timer already expired"
Software should see timer counter wraparound only after IRQ being triggered.
This fixes regression introduced by the commit 5a50307 ("hw/ptimer: Perform
counter wrap around if timer already expired"), resulting in monotonic timer
jumping backwards on SPARC emulated machine running NetBSD guest OS, as
reported by Mark Cave-Ayland.

Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Message-id: 20160708132206.2080-1-digetx@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 16:51:36 +01:00
Laszlo Ersek
f58b39d2d5 virtio-mmio: format transport base address in BusClass.get_dev_path
At the moment the following QEMU command line triggers an assertion
failure (minimal reproducer by Cole):

  qemu-system-aarch64 \
    -machine virt-2.6,accel=tcg \
    -nodefaults \
    -no-user-config \
    -nographic -monitor stdio \
    -device virtio-scsi-device,id=scsi0 \
    -device virtio-scsi-device,id=scsi1 \
    -drive file=foo.img,format=raw,if=none,id=d0 \
    -device scsi-hd,bus=scsi0.0,drive=d0 \
    -drive file=foo.img,format=raw,if=none,id=d1 \
    -device scsi-hd,bus=scsi1.0,drive=d1

  qemu-system-aarch64: migration/savevm.c:615:
  vmstate_register_with_alias_id:
  Assertion `!se->compat || se->instance_id == 0' failed.

The reason is that the vmstate sections for the two scsi-hd devices are
not uniquely identifiable by name.

The direct parent buses of the scsi-hd devices -- scsi0.0 and scsi1.0 --
support the BusClass.get_dev_path member function. scsibus_get_dev_path()
formats a device path prefix with the help of its topologically parent
bus, and then appends the chan🆔lun triplet to it. For both scsi-hd
devices, this triplet is 0:0:0.

(Here we use "device path" in the QEMU migration sense, for vmstate
section identification, not in the OFW or UEFI device path senses.)

The virtio-scsi HBA is plugged into the virtio-mmio bus (implemented by
the internal VirtIOMMIOProxy device). This bus class
(TYPE_VIRTIO_MMIO_BUS) inherits, as its get_dev_path() member function,
the virtio_bus_get_dev_path() method from its parent class
(TYPE_VIRTIO_BUS).

virtio_bus_get_dev_path() does not format any kind of device address on
its own; "virtio addresses" are transport-specific. Therefore
virtio_bus_get_dev_path() asks the topologically parent bus of the proxy
object (implementing the specific virtio transport) to format the address
of the proxy object.

(For virtio-pci devices (where the proxy is an instance of VirtIOPCIProxy,
plugged into a PCI bus), this ends up in pcibus_get_dev_path().)

However, VirtIOMMIOProxy is usually (in practice: always) plugged into
"main-system-bus", the singleton TYPE_SYSTEM_BUS object. This BusClass
does not support formatting QEMU vmstate device paths at all (as
SysBusDevice objects can have zero or more IO ports and zero or more MMIO
regions). Hence the formatting request delegated from
virtio_bus_get_dev_path() gets answered with NULL.

The end result is that the two scsi-hd devices end up with the same device
path "0:0:0", which triggers the assert.

We can solve this by recognizing that virtio-mmio transports are
distinguished from each other by their base addresses in MMIO address
space. Implement virtio_mmio_bus_get_dev_path() as follows:

(1) The virtio device whose devpath is to be formatted resides on a
    virtio-mmio bus that is implemented by a VirtIOMMIOProxy object. Ask
    the parent bus of VirtIOMMIOProxy to format the device path of
    VirtIOMMIOProxy, as a path prefix. (This is identical to what
    virtio_bus_get_dev_path() does.)

(2) Append the base address of VirtIOMMIOProxy to the device path, such
    as:
    - virtio-mmio@000000000a003e00,
    - virtio-mmio@000000000a003c00.

Given that these device paths are placed in the migration stream, step (2)
above, if done unconditionally, would break migration. So make that step
conditional on a new VirtIOMMIOProxy property, which is enabled for 2.7
machine types and later.

Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Cole Robinson <crobinso@redhat.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: Kevin Zhao <kevin.zhao@linaro.org>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Tom Hanson <thomas.hanson@linaro.org>
Reported-by: Kevin Zhao <kevin.zhao@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1467739394-28357-1-git-send-email-lersek@redhat.com
Fixes: https://bugs.launchpad.net/qemu/+bug/1594239
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 16:51:36 +01:00
Peter Maydell
1c8e93fb41 * Updated fw_cfg option ROM to include DMA support
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJXh5jKAAoJEL/70l94x66DC3wIAJZ6QBdkeLc8J16dtCo6p6oR
 laxJm5NNPrqh/PgcQO+NEmqpPt4M3TuvTuOZuXXFqqW9F6d9QhIYqYhohSQgvu86
 4ImunfjuVUHQqdDeHvDPLOHW61U2m9isoYRj+x06GORHUpNGsee31PsoDjHUxI9c
 Uea/lSkH86K0y/2RBVFTrGou0VZkOEtOrVb9W3B1Welg0qjs4BY8Yem8Y/vspTvA
 yxavGCyEO96trlhRIhwbcDU1u4AmunGRGCjIubFmXLNgPMaa49pGXtCfF30FxAen
 0nBCRMhv2hs2V8bIxfVsNTR2NndvEuaT8uCMhYgTcZKShW6oDFQq/+bTYsN7krE=
 =oQEo
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream-fwcfg' into staging

* Updated fw_cfg option ROM to include DMA support

# gpg: Signature made Thu 14 Jul 2016 14:51:06 BST
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream-fwcfg:
  Add optionrom compatible with fw_cfg DMA version

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 16:49:18 +01:00
Peter Maydell
22e28174ae Xtensa-related fixes:
- fix FLASH interface width for XTFPGA boards.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXh3C1AAoJEFH5zJH4P6BE4ccP/0mjz/OFTURfcFyeAiuK1M6V
 EicOZyfcfmIeyZm4Os0r8PHLWLpNTRU5L7HGB8RmhP6s98PE/kBAZQv43hDO2bij
 nRMT5dyuWT7vc6bHv9wEG1omkdGCNB/iO7POV0al1ZolaRgZIazw9DHdXk5Fc7At
 Q2PjzJ7sIKahqFUISykF//ShDRXu2ui6u7tPEuCDGQb8zQcuIV+yzjuwyppiPy4B
 qBNkDAsk/QxGcOkUtdIn/CRWO89dxSdDhwqaNhyVtU4TTBkzOHBx6dRrCPXfROlp
 yVGjW9kMBBWL44OW9PZycOqMo6yKPsp8XZorWQfWWmmPdb3WmR7C0Uzp/wZkYjYi
 C198kWnxmsdrSTxGagK0BFKLKgL4ZeuFXL0fylp9RzS3PybfRjjphch45QiiIv3L
 sRquHGVxJoPhIl/EGjR7dorrp6tGSOMpHR11YAgI/EEY7bTqNLQg9jpSigynf5Xq
 9ACnIeW7bNMfW8dmoF+DrmvIMjhKYk/FR/1bKIMO/UxHBvcKas07stazpmXflQwQ
 K7ToYQCdd97co4709D02dERsNRAsVREUY6Ip5ggRM3et7kw3VDUm8toaMC4CFnlN
 vWurl2P7em4sAtbAHst1ueyWWaaEQpvRGrCanDl0AqrjFgX+241uEHEeF/L7cqlH
 dNWVK67XHCG9gAjmsHRW
 =nE3b
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/xtensa/tags/20160714-xtensa' into staging

Xtensa-related fixes:

- fix FLASH interface width for XTFPGA boards.

# gpg: Signature made Thu 14 Jul 2016 12:00:05 BST
# gpg:                using RSA key 0x51F9CC91F83FA044
# gpg: Good signature from "Max Filippov <max.filippov@cogentembedded.com>"
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>"
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20160714-xtensa:
  target-xtensa: xtfpga: fix FLASH interface width

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 15:57:28 +01:00
Marc Marí
b2a575a1c6 Add optionrom compatible with fw_cfg DMA version
This optionrom is based on linuxboot.S.

Signed-off-by: Marc Marí <markmb@redhat.com>
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <1464027093-24073-2-git-send-email-rjones@redhat.com>
[Add -fno-toplevel-reorder, support clang without -m16. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-14 15:50:52 +02:00
Peter Maydell
190c93c982 * SCSI scanner support
* fixes to qemu-char and net exit
 * FreeBSD fixes
 * Other small bugfixes
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJXhiZDAAoJEL/70l94x66DrGAH/10ZlIYugx6Ijn12qy3irmIC
 hbMY6HWjvPlk8ZpAcPa3UXNQvqhTwqhSMXRiwp9aNPlRUqrXnDXZapQunJveKSAn
 luLE8ISRKODz0W39qg6znyb4R1ipCGJWwjBCQmLWZuD7883JJ2DsykTATRx7yKQF
 qsq9r/DPBTfD3vnOCTbqp0GeB80UFleTNm+K7cct8M1+WzfiwKeVHk9CAKy0fkTH
 hS+YnV9UWYL6PR/w+uZ+2MfgH5er4X794+HaNbio0QJJbEZ2bsL4A3Prh7pUonN7
 qJoCbT4W79scrnWQ40RbWRXOMfUk4J7gIMEZYar8z6NmqnamNZgxbWj3dv6pO+k=
 =sz/L
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* SCSI scanner support
* fixes to qemu-char and net exit
* FreeBSD fixes
* Other small bugfixes

# gpg: Signature made Wed 13 Jul 2016 12:30:11 BST
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  hostmem: detect host backend memory is being used properly
  hostmem: fix QEMU crash by 'info memdev'
  char: do not use atexit cleanup handler
  net: do not use atexit for cleanup
  slirp: use exit notifier for slirp_smb_cleanup
  tap: use an exit notifier to call down_script
  util: Fix MIN_NON_ZERO
  qemu-sockets: use qapi_free_SocketAddress in cleanup
  disas: avoid including everything in headers compiled from C++
  json-streamer: fix double-free on exiting during a parse
  main-loop: check return value before using pointer
  Use "-s" instead of "--quiet" to resolve non-fatal build error on FreeBSD.
  scsi-bus: Use longer sense buffer with scanners
  scsi-bus: Add SCSI scanner support

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14 13:44:06 +01:00
Max Filippov
f9a555e499 target-xtensa: xtfpga: fix FLASH interface width
FLASH chip on XTFPGA boards is connected with 16-bit-wide interface.
Latest U-Boot can see the difference and does not work correctly with
32-bit-wide interface.
Set FLASH chip 'width' property to 2.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2016-07-14 13:59:44 +03:00
Kevin Wolf
8c39825218 block/qdev: Allow configuring rerror/werror with qdev properties
The rerror/werror policies are implemented in the devices, so that's
where they should be configured. In comparison to the old options in
-drive, the qdev properties are only added to those devices that
actually support them.

If the option isn't given (or "auto" is specified), the setting of the
BlockBackend is used for compatibility with the old options. For block
jobs, "auto" is the same as "enospc".

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-07-13 13:32:27 +02:00
Kevin Wolf
f6166a06ff block/qdev: Allow configuring WCE with qdev properties
As cache.writeback is a BlockBackend property and as such more related
to the guest device than the BlockDriverState, we already removed it
from the blockdev-add interface. This patch adds the new way to set it,
as a qdev property of the corresponding guest device.

For example: -drive if=none,file=test.img,node-name=img
             -device ide-hd,drive=img,write-cache=off

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-07-13 13:32:27 +02:00
Xiao Guangrong
2aece63c8a hostmem: detect host backend memory is being used properly
Currently, we use memory_region_is_mapped() to detect if the host
backend memory is being used. This works if the memory is directly
mapped into guest's address space, however, it is not true for
nvdimm as it uses aliased memory region to map the memory. This is
why this bug can happen:
   https://bugzilla.redhat.com/show_bug.cgi?id=1352769

Fix it by introduce a new filed, is_mapped, to HostMemoryBackend,
we set/clear this filed accordingly when the device link/unlink to
host backend memory

Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-13 13:30:04 +02:00
Kevin Wolf
8daea51095 block/qdev: Allow node name for drive properties
If a node name instead of a BlockBackend name is specified as the driver
for a guest device, an anonymous BlockBackend is created now.

The order of operations in release_drive() must be reversed in order to
avoid a use-after-free bug because now blk_detach_dev() frees the last
reference if an anonymous BlockBackend is used.

usb-storage uses a hack where it forwards its BlockBackend as a property
to another device that it internally creates. This hack must be updated
so that it doesn't drop its original BB before it can be passed to the
other device. This used to work because we always had the monitor
reference around, but with node-names the device reference is the only
one now.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-07-13 13:28:00 +02:00
Paolo Bonzini
0b8b8753e4 coroutine: move entry argument to qemu_coroutine_create
In practice the entry argument is always known at creation time, and
it is confusing that sometimes qemu_coroutine_enter is used with a
non-NULL argument to re-enter a coroutine (this happens in
block/sheepdog.c and tests/test-coroutine.c).  So pass the opaque value
at creation time, for consistency with e.g. aio_bh_new.

Mostly done with the following semantic patch:

@ entry1 @
expression entry, arg, co;
@@
- co = qemu_coroutine_create(entry);
+ co = qemu_coroutine_create(entry, arg);
  ...
- qemu_coroutine_enter(co, arg);
+ qemu_coroutine_enter(co);

@ entry2 @
expression entry, arg;
identifier co;
@@
- Coroutine *co = qemu_coroutine_create(entry);
+ Coroutine *co = qemu_coroutine_create(entry, arg);
  ...
- qemu_coroutine_enter(co, arg);
+ qemu_coroutine_enter(co);

@ entry3 @
expression entry, arg;
@@
- qemu_coroutine_enter(qemu_coroutine_create(entry), arg);
+ qemu_coroutine_enter(qemu_coroutine_create(entry, arg));

@ reentry @
expression co;
@@
- qemu_coroutine_enter(co, NULL);
+ qemu_coroutine_enter(co);

except for the aforementioned few places where the semantic patch
stumbled (as expected) and for test_co_queue, which would otherwise
produce an uninitialized variable warning.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-13 13:26:02 +02:00
Jarkko Lavinen
6959e508c6 scsi-bus: Use longer sense buffer with scanners
Scanners can provide additional sense bytes beyond 18 bytes.
VueScan uses 32 bytes alloc length with Request Sense command.

Signed-off-by: Jarkko Lavinen <jarkko.lavinen@iki.fi>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-12 18:31:26 +02:00
Jarkko Lavinen
297b044a7f scsi-bus: Add SCSI scanner support
Add support for missing scanner specific SCSI commands and their xfer
lenghts as per ANSI spec section 15.

Signed-off-by: Jarkko Lavinen <jarkko.lavinen@iki.fi>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-12 18:31:26 +02:00
Peter Maydell
ca3d87d4c8 Clean up #include "..." vs <...> and header guards
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXhP1vAAoJEDhwtADrkYZTSnsP/050pn1Zeo8tF7+C9Sj/8mu1
 Peuaz7f+QkGzvkteoVu8W2dDNebUnjZI1InsBFcpJab8TCjnk+A2UipalTyWlX2U
 QQbgqgLKTJgewVPMje+7B96D2Eyr4IhnhiaJDP7zBtx5tW+mO9NDqly7j9VJajbO
 cBC9SBFLNEk3wQqiQMv4Ig6qi3a4jfU56Zhazt6ci7lJRKJwPnbhZjEWCKliRjzT
 TjZsV8mlKm5Sp3wmahxGiWuUI+JnbneEnjLLvRBot5mUGZsA9oU4mgmzFBn+/uvp
 rzvae41tfw1Td/S7nRBwTxZqRo8qiRSC5vNc90piBKkj7H1TaKnZUVBskkexZl4x
 ibFOAVPx3yJredtCgjJZun2gc/EBpIQtcV9WNqY9qjwldczjim93ua/lM7BcTrbN
 4rdNP63a81KYOkgL3rSd9zVarGybHIrhd96KUhX8j6SKbc7z4gVn90uMnAPsapk/
 I39HR3smMvgNK3x6gZ4pU3Ghr2hmmWMah+gQ2ErczmoYArAixR8lDqFO+c2eoqfe
 bHfZM6gsZickrJSL1t3/FXB0oXfcNifUzF5g2hDQY9WKDjFee4tb2+UGHcrb7PW8
 Uq3eYqigNitj1COMksjijG0iBAfCqtJNPJDA4M0SLhuYVnH+cSGWYg3UWgETwu8q
 nYZHU/nNqI9p3BNFkILR
 =Zct/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-include-2016-07-12' into staging

Clean up #include "..." vs <...> and header guards

# gpg: Signature made Tue 12 Jul 2016 15:23:43 BST
# gpg:                using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-include-2016-07-12:
  cris: Fix broken header guard in hw/cris/boot.h
  Clean up decorations and whitespace around header guards
  Clean up ill-advised or unusual header guards
  libdecnumber: Don't error out on decNumberLocal.h re-inclusion
  libdecnumber: Don't fool around with guards to avoid #include
  Clean up header guards that don't match their file name
  Drop Emacs local variables lists redundant with .dir-locals.el
  spapr_pci: Include spapr.h instead of playing games with #error
  tcg: Clean up tcg-target.h header guards
  linux-user: Fix broken header guard in syscall_defs.h
  linux-user: Clean up hostdep.h header guards
  linux-user: Clean up target_structs.h header guards
  linux-user: Clean up target_signal.h header guards
  linux-user: Clean up target_cpu.h header guards
  linux-user: Clean up target_syscall.h header guards
  target-*: Clean up cpu.h header guards
  scripts: New clean-header-guards.pl
  Use #include "..." for our own headers, <...> for others

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-12 16:04:36 +01:00
Markus Armbruster
82751a32be cris: Fix broken header guard in hw/cris/boot.h
Found with scripts/clean-header-guards.pl.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-07-12 16:20:46 +02:00
Markus Armbruster
175de52487 Clean up decorations and whitespace around header guards
Cleaned up with scripts/clean-header-guards.pl.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-07-12 16:20:46 +02:00
Markus Armbruster
2a6a4076e1 Clean up ill-advised or unusual header guards
Cleaned up with scripts/clean-header-guards.pl.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-07-12 16:20:46 +02:00
Markus Armbruster
121d07125b Clean up header guards that don't match their file name
Header guard symbols should match their file name to make guard
collisions less likely.  Offenders found with
scripts/clean-header-guards.pl -vn.

Cleaned up with scripts/clean-header-guards.pl, followed by some
renaming of new guard symbols picked by the script to better ones.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-07-12 16:19:16 +02:00
Markus Armbruster
85aad98a0e Drop Emacs local variables lists redundant with .dir-locals.el
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-07-12 16:19:16 +02:00
Markus Armbruster
a9c94277f0 Use #include "..." for our own headers, <...> for others
Tracked down with an ugly, brittle and probably buggy Perl script.

Also move includes converted to <...> up so they get included before
ours where that's obviously okay.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-07-12 16:19:16 +02:00
Peter Maydell
43120576cb hw/bt: Don't use cpu_to_*w() and *_to_cpup()
Don't use cpu_to_*w() and *_to_cpup() to do byte-swapped loads
and stores; instead use ld*_p() and st*_p() which correctly handle
misaligned accesses.

Bring the HNDL() macro into line with how we deal with
PARAMHANDLE(), by using cpu_to_le16() rather than an ifdef
HOST_WORDS_BIGENDIAN.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1467908460-27048-3-git-send-email-peter.maydell@linaro.org
2016-07-12 15:08:53 +01:00
Peter Maydell
74e1b782b3 MIPS patches 2016-07-12
Changes:
 * support 10-bit ASIDs
 * MIPS64R6-generic renamed to I6400
 * initial GIC support
 * implement RESET_BASE register in CM GCR
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJXhMtOAAoJEFIRjjwLKdprahQH/2qBMp7Hnucy7jhiPHRtRZTo
 zZAhuRJ0Z2LT9xH+sTg3HcjHI7aXps5cG2f7Fw4X/JKNRY4KO19yEBnMhc5he2Ut
 XPtHCeMXXq6zU4RMHqlx6wChHn5AUll/3EeSvm6JMV+HhE6oDBk1yl5C8ipPlVCd
 KEz6LlUFNMbuxu2tM4DoMNAWeKmunBx3vO+JuErB6hjCWM5G0mV9aPDkbwTOmVLn
 qGgzzmNDiPE6JWrSpbHetsdCO7V9xtXzhcFsu240GJ/+XJMjUXb1m6ETsJxT9EYh
 vLfFzwozBSjX6ZQZVNFIAeJZnq96NOHqZ56sU7s4YktVXjl26JAahScTTH0aiNo=
 =sTce
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/lalrae/tags/mips-20160712' into staging

MIPS patches 2016-07-12

Changes:
* support 10-bit ASIDs
* MIPS64R6-generic renamed to I6400
* initial GIC support
* implement RESET_BASE register in CM GCR

# gpg: Signature made Tue 12 Jul 2016 11:49:50 BST
# gpg:                using RSA key 0x52118E3C0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"
# Primary key fingerprint: 8DD3 2F98 5495 9D66 35D4  4FC0 5211 8E3C 0B29 DA6B

* remotes/lalrae/tags/mips-20160712:
  target-mips: enable 10-bit ASIDs in I6400 CPU
  target-mips: support CP0.Config4.AE bit
  target-mips: change ASID type to hold more than 8 bits
  target-mips: add ASID mask field and replace magic values
  target-mips: replace MIPS64R6-generic with the real I6400 CPU model
  hw/mips_cmgcr: implement RESET_BASE register in CM GCR
  hw/mips_cpc: make VP correctly start from the reset vector
  target-mips: add exception base to MIPS CPU
  hw/mips/cps: create GIC block inside CPS
  hw/mips: implement Global Interrupt Controller
  hw/mips: implement GIC Interval Timer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-12 12:34:41 +01:00
Peter Maydell
c1ac514a04 usb: misc fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXhK6ZAAoJEEy22O7T6HE4CJUP/1BFqjyFTCARP0ju3qD0mgWv
 A58V5tAryL+pA4CkcxZdqtb6Kktw0WAQf5/zhS3MCk6Te/LzCglgRnWlppCi6xkT
 d7/dF1B6GQ0434TSt46UOkuRsZLyheqS1bgjKAFHoYtlegQihKjSWdBGDjf6QflT
 U3zVMOM9mzJUNwHLftKc6uRr8qpw70rEK/V83np87Qn/vIucawESjGp/2LsKjar6
 junoBcjz8BUd+VX6XtwowuKBKQG3UdgW9BTVy01psslWaf9g+SdlMr09XbXIQPRP
 ByCBIWkVcfhCSeQt07WzV2MYNc/0w4AzCiPEFQRq1ddtQZNErSD/OL6thjd0F9Gp
 EJ62kK+pnFvXntJq5/sz+VanUczeebBvWJMfhLjskI5u5vzgl2mRE/xmUN2woKUA
 pSB0PUSZRDV95XYj8X3ZHVCjyxycsdk1cm045uwx5GoK3cKukV5i1KKnxsxS37wV
 lHiCVJwcpZZcJ2s8ee/34RuTl2a3Xu3rN9kJfXQWq+ALJG6RrgRDQFwMltfG6L2z
 1SRlIx3fsn5I97Zq3s60qgkF/ODLA7qPjz8Kkvqk27Lt1UMmhvvAy+zYYPZ53h2Q
 e7s1rAJM4yE7fXbPEPc4H3Dlt5FjCmoQtBtEEDPi879gMPT2AJwtAeAYHc/ItcGa
 ZBet8h2z+thgqIrEUBzx
 =DO24
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160712-1' into staging

usb: misc fixes.

# gpg: Signature made Tue 12 Jul 2016 09:47:21 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-usb-20160712-1:
  xen-usb: Fix 32bit build
  usb: add storage hotplug documentation
  nec-usb-xhci: set the device state to USB_STATE_DEFAULT

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-12 12:03:29 +01:00
Anthony PERARD
042ec47e68 xen-usb: Fix 32bit build
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Message-id: 20160623110829.22671-1-anthony.perard@citrix.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-07-12 10:47:03 +02:00
Zhang Shuaiyi
a4055d8586 nec-usb-xhci: set the device state to USB_STATE_DEFAULT
This patch is a rough fix to "hw/usb/core.c:401: usb_handle_packet:
 Assertion `dev->state == 3' failed.". Qemu will crash when a usb3
device redirect to Windows7 VM via nec-usb-xhci.

In extensible-host-controler-interface-usb-xhci.pdf P94(4.6.5
Address Device):
    • If the Block Set Address Request (BSR) flag = ‘1’
        • If the slot is in the Enabled state:
            ...
            • Set the Slot State in the Output Slot Context to Default.

BSR = ‘1’: Enabled state to Default state; BSR = ‘0’: Default state
to Addressed state. Try to call usb_device_reset to set device state
to USB_STATE_DEFAULT in xhci_address_slot wether bsr is zero.

Signed-off-by: Zhang Shuaiyi <zhang_syi@massclouds.com>
Message-id: 1467258640-11921-1-git-send-email-zhang_syi@massclouds.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-07-12 10:23:59 +02:00
Leon Alrae
c09199fe73 hw/mips_cmgcr: implement RESET_BASE register in CM GCR
Implement RESET_BASE register which is local to each VP and a write to
it changes VP's reset exception base. Also, add OTHER register to
allow a software running on one VP to access other VP's local registers.

Guest can use this mechanism to specify custom address from which a VP
will start execution.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2016-07-12 09:10:16 +01:00
Leon Alrae
dff94251f0 hw/mips_cpc: make VP correctly start from the reset vector
When VP enters the Run state it starts execution from the reset vector.
Currently used CPU_INTERRUPT_WAKE does not do that if reset exception
base has been modified. Therefore fix that by simply resetting given VP.

Drop the usage of CPU_INTERRUPT_WAKE also in VP_STOP and instead raise
the CPU_INTERRUPT_HALT to halt a VP.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2016-07-12 09:10:15 +01:00
Leon Alrae
19494f811a hw/mips/cps: create GIC block inside CPS
Add GIC to CPS and expose its interrupt pins instead of CPU's.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2016-07-12 09:10:13 +01:00
Yongbok Kim
e8bd336dd1 hw/mips: implement Global Interrupt Controller
The Global Interrupt Controller (GIC) is responsible for mapping each
internal and external interrupt to the correct location for servicing.

The internal representation of registers is different from the specification
in order to consolidate information for each GIC Interrupt Sources and Virtual
Processors with same functionalities. For example SH_MAP00_VP00 registers are
defined like each bit represents a VP but in this implementation the equivalent
map_vp contains VP number in integer form for ease accesses. When it is being
accessed via read write functions an internal data is converted back into the
original format as the specification.

Limitations:
Level triggering only
GIC CounterHi not implemented (Countbits = 32bits)
DINT not implemented
Local WatchDog, Fast Debug Channel, Perf Counter not implemented

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2016-07-12 09:10:12 +01:00
Yongbok Kim
405140519f hw/mips: implement GIC Interval Timer
The interval timer is similar to the CP0 Count/Compare timer within
each processor. The difference is the GIC_SH_COUNTER register is global
to the system so that all processors have the same time reference.

To ease implementation, all VPs are having its own QEMU timer but sharing
global settings and registers such as GIC_SH_CONFIG.COUTNSTOP and
GIC_SH_COUNTER.

MIPS GIC Interval Timer does support upto 64 bits of Count register but
in this implementation it is limited to 32 bits only.

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2016-07-12 09:10:09 +01:00
Gerd Hoffmann
c80276b420 input: add trace events for full queues
It isn't unusual to happen, for example during reboot when the guest
doesn't reveice events for a while.  So better don't flood stderr
with alarming messages.  Turn them into tracepoints instead so they
can be enabled in case they are needed for trouble-shooting.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1466675495-28797-1-git-send-email-kraxel@redhat.com
2016-07-12 09:25:28 +02:00
Peter Maydell
f1ef557866 Last round of s390x patches for 2.7:
- A large update of the s390x PCI code, bringing it in line with
   the architecture
 - Fixes and improvements in the ipl (boot) code
 - Refactoring in the css code
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXg1MjAAoJEN7Pa5PG8C+vOpIP/A0s4oGk056YHN8APCCPEnhD
 jQIH7GxMZXsCvBb0w7mcvk0EYqoGBOplWZ9mOzHGr8wzQhL56quOOY3Esidj8yVD
 Nulwg4bPtd4SQJoaV0CndZq9Vn6JtWsyS05ncq23VnasrMLPzzAPltI7EuV8OynY
 zgpb/B6KM1vk/wN9brci2WGKTaeTeAD9FmHTuPTiYJDZEZL8FjjQkE0sHmCwNm9Z
 w0dlwEfRyFPwNtvYYMQmlU8jl9MlizOi/FKIU5G2FtsGlwgyMYPoayAuv455iIm9
 a7wb4Sb2VdWeLWzB9E0bqzMJ+mmH+nwxMtMzFw5XYw2uBLbLh0J3PxB1UUDwab12
 BJMJc4QRzTNfjddwVD2Yi8xg9da0AEOoynHogK4r2z3mlBaloNBHIm63Dkjmrvfw
 2W/FQ67RdcQah54Du62ZezSoyjfxVhCUF0tHfh+PqjhXeC8L8dPvKug/vLp2bgVS
 JZfz0ObjGrYGJ3JLIPKobEif4teXPmxiOEzYhCnIUE6ZHFnjlrOdWUiVEpA8laMR
 jQn1amp0UkbaPXnNjcS35swnSYHHOGpI3N0cJ5E/xM+uRLZ2W569ceIfAhCRb2Su
 oGRQTE8vnSyni+H4SoAXqSttGbXX8ST5mR2BCnvX+vNzUYd/azV+CKckcdgfJtXR
 Q+6YDC9Y8SLL/pJFzSfg
 =/+SU
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20160711' into staging

Last round of s390x patches for 2.7:
- A large update of the s390x PCI code, bringing it in line with
  the architecture
- Fixes and improvements in the ipl (boot) code
- Refactoring in the css code

# gpg: Signature made Mon 11 Jul 2016 09:04:51 BST
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20160711: (25 commits)
  s390x/pci: make hot-unplug handler smoother
  s390x/pci: replace fid with idx in msg data of msix
  s390x/pci: fix stpcifc_service_call
  s390x/pci: refactor list_pci
  s390x/pci: refactor s390_pci_find_dev_by_idx
  s390x/pci: add checkings in CLP_SET_PCI_FN
  s390x/pci: enable zpci hot-plug/hot-unplug
  s390x/pci: enable uid-checking
  s390x/pci: introduce S390PCIBusDevice qdev
  s390x/pci: introduce S390PCIIOMMU
  s390x/pci: introduce S390PCIBus
  s390x/pci: enforce zPCI state checking
  s390x/pci: refactor s390_pci_find_dev_by_fh
  s390x/pci: unify FH_ macros
  s390x/pci: write fid in CLP_QUERY_PCI_FN
  s390x/pci: acceleration for getting S390pciState
  s390x/pci: fix failures of dma map/unmap
  s390x/css: Unplug handler of virtual css bridge
  s390x/css: Factor out virtual css bridge and bus
  s390x/css: use define for "virtual-css-bridge" literal
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-11 18:46:38 +01:00
Yi Min Zhao
93d16d81c8 s390x/pci: make hot-unplug handler smoother
The current implementation of hot-unplug handler is abrupt. Any pci
operation will be just rejected if pci device is unconfigured. Thus a
pci device can not be reset or destroyed in a right, smooth and safe
way.

Improve this as follows:
- Notify the guest via a HP_EVENT_DECONFIGURE_REQUEST(0x303) event in
  the unplug handler, giving it a chance to deconfigure the device via
  sclp and allowing us to continue hot-unplug afterwards.
- Set up a timer that will generate the HP_EVENT_CONFIGURE_TO_STBRES
  (0x304) event as before if the guest did not react after an adequate
  time.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
cdd85eb280 s390x/pci: replace fid with idx in msg data of msix
Present code uses fid as the part of message data of msix for looking
up the specific zpci device. However it limits the usable range of fid,
and the code looking up the zpci device may fail due to truncation of
the fid.

In addition, fh is composed of enabled bit, FH_VIRT and the array index.
So we can use the array index as the identifier to store in msg data.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
0a608a6e13 s390x/pci: fix stpcifc_service_call
Firstly the function misses dmaas checking. This patch adds it.

Secondly the function uses s390_pci_find_dev_by_fh() to look up the
zpci device. This may fail if the guest provides a valid and disabled
fh but fh of the associated zpci device is enabled. Thus we use
s390_pci_find_dev_by_idx() instead.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
4e3bfc167d s390x/pci: refactor list_pci
Because of the refactor of s390_pci_find_dev_by_idx(), list_pci()
should be updated. We introduce a new function to get the next
available zpci device. It simplifies the code of looking up zpci
devices.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Acked-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
ab9746570a s390x/pci: refactor s390_pci_find_dev_by_idx
s390_find_dev_by_idx() only indexes usable zpci devices. It implies
that the index value of each zpci device is dynamic and may change if
a new zpci device is plugged. So we have to use a constant index to
look up the device.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
bd4976838d s390x/pci: add checkings in CLP_SET_PCI_FN
The code in CLP_SET_PCI_FN case misses some checkings. Let's add
them.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
af9ed379fc s390x/pci: enable zpci hot-plug/hot-unplug
We need to support hot-plug/hot-unplug for the new zpci devices as
well. This patch enables the present hot-plug/hot-unplug handlers
to support not only generic pci devices but also zpci devices.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
bf328399da s390x/pci: enable uid-checking
The uid-checking facility guarantees uniqueness of the uid within the
vm and exposes the real uid to the guest when listing pci devices.
Let's always enable it and present it to the guest in the response to
the list pci clp command.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
3e5cfba3ca s390x/pci: introduce S390PCIBusDevice qdev
To support definitions of s390 pci attributes in Qemu cmdline, we have
to make current S390PCIBusDevice struct inherit DeviceState and add
three properties for it. Currently we only support definitions of uid
and fid.

'uid' is optionally defined by users, identifies a zpci device and
must be defined with a 16-bit and non-zero unique value.

'fid' ranges from 0x0 to 0xFFFFFFFF. For fid property, we introduce a
new PropertyInfo by the name of s390_pci_fid_propinfo with our special
setter and getter. As 'fid' is optional, introduce 'fid_defined' to
track whether the user specified a fid.

'target' field is to direct qemu to find the corresponding generic PCI
device. It is equal to the 'id' value of one of generic pci devices.
If the user doesn't specify 'id' parameter for a generic pci device,
its 'id' value will be generated automatically and use this value as
'target' to create an associated zpci device.

If the user did not specify 'uid' or 'fid', values are generated
automatically. 'target' is required.

In addition, if a pci device has no associated zpci device, the code
will generate a zpci device automatically for it.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
67d5cd9722 s390x/pci: introduce S390PCIIOMMU
Currently each zpci device holds its own DMA address space and memory
region. At the same time, all instances of zpci device are stored in
S390pciState. So duirng the initialization of S390pciState, all zpci
devices are created and then all DMA address spaces are created. Thus,
when initializing pci devices, their corresponding DMA address spaces
could be found.

But zpci qdev will be introduced later. Zpci device may be initialized
and plugged afterwards generic pci device. So we should initialize all
DMA address spaces and memory regions before initializing zpci devices.

We introduce a new struct named S390PCIIOMMU. And a new field of
S390pciState, which is an array to store all instances of S390PCIIOMMU,
is added so that qemu pci code could find the corresponding DMA
address space when initializing a generic pci device. And this should
be done before the connection of a zpci device and a generic pci
device is built.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Acked-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
90a0f9afec s390x/pci: introduce S390PCIBus
To enable S390PCIBusDevice as qdev, there should be a new bus to
plug and manage all instances of S390PCIBusDevice. Due to this,
S390PCIBus is introduced.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
5d1abf2344 s390x/pci: enforce zPCI state checking
Current code uses some fields combinatorially to indicate the state of
a s390 pci device. This patch introduces device states in order to make
the code more readable and more logical.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
06a96dae11 s390x/pci: refactor s390_pci_find_dev_by_fh
Because this function is called very frequently, we should use a more
effective way to find the zpci device. So we use the FH's index to get
the device directly.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
c188e30315 s390x/pci: unify FH_ macros
Present code uses some macros to structure PCI Function Handle. But
their names don't have a uniform format. Let's use FH_MASK_ as the
unified prefix.

While we're at it, differentiate the SHM bits: use different bits for
vfio and emulated devices.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
67aad508de s390x/pci: write fid in CLP_QUERY_PCI_FN
We forgot to write the fid; fix that.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Acked-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
e7d336959b s390x/pci: acceleration for getting S390pciState
There are a number of places where the code needs to get the instance
of S390pciState. It calls object_resolve_path() every time. This
wastes a lot of time and leads to low performance. Thus we add
s390_get_phb() to improve it.

Because we always have a phb, we remove all return checkings in the
callers and add an assert in s390_get_phb() to make sure that phb is
getted successfully.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Yi Min Zhao
f7c40aa1e7 s390x/pci: fix failures of dma map/unmap
In commit d78c19b5cf, vfio code stores
the IOMMU's offset_within_address_space and adjusts the IOVA before
calling vfio_dma_map/vfio_dma_unmap. But s390_translate_iommu already
considers the base address of an IOMMU memory region.

Thus we use pal as the size and 0x0 as the base address to initialize
IOMMU memory subregion.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Jing Liu
b804e8a62a s390x/css: Unplug handler of virtual css bridge
The previous patch moved virtual css bridge and bus out from
virtio-ccw, but kept the direct reference of virtio-ccw specific
unplug function inside css-bridge.c.

To make the virtual css bus and bridge useful for non-virtio devices,
this introduces a common unplug function pointer "unplug" to call
specific virtio-ccw unplug parts. Thus, the tight coupling to
virtio-ccw can be removed.

This unplug pointer is a member of CCWDeviceClass, which is introduced
as an abstract device layer called "ccw-device". This layer is between
DeviceState and specific devices which are plugged in virtual css bus,
like virtio-ccw device. The specific unplug handlers should be assigned
to "unplug" during initialization.

Signed-off-by: Jing Liu <liujbjl@linux.vnet.ibm.com>
Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Reviewed-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Jing Liu
dd70bd0d4c s390x/css: Factor out virtual css bridge and bus
Currently, common base layers virtual css bridge and bus are
defined in hw/s390x/virtio-ccw.c(h). In order to support
multiple types of devices in the virtual channel subsystem,
especially non virtio-ccw, refactoring work needs to be done.

This work is just a pure code move without any functional change
except dropping an empty function virtual_css_bridge_init() and
virtio_ccw_busdev_unplug() changing. virtio_ccw_busdev_unplug()
is specific to virtio-ccw but gets referenced from the common
virtual css bridge code. To keep the functional changes to a
minimum we export this function from virtio-ccw.c and continue
to reference it inside virtual_css_bridge_class_init()
(now living in hw/s390x/css-bridge.c). A follow-up patch will
clean this up.

Signed-off-by: Jing Liu <liujbjl@linux.vnet.ibm.com>
Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Sascha Silbe
3f9e485964 s390x/css: use define for "virtual-css-bridge" literal
Introduce a TYPE_* define (like we already use for a couple of other
QOM types) for the name of the virtual CSS bridge QOM type instead of
sprinkling the same string literal over several source files.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Sascha Silbe
cf2499350a s390x/css: factor out some generic code from virtio_ccw_device_realize()
A lot of what virtio_ccw_device_realize() does isn't specific to
virtio; it would apply to emulated CCW as well. Factor it out to make
it easier to implement emulated CCW devices later on.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
David Hildenbrand
bb0995468a s390x/ipl: fix reboots for migration from different bios
When migrating from a different QEMU version, the start_address and
bios_start_address may differ. During migration these values are migrated
and overwrite the values that were detected by QEMU itself.

On a reboot, QEMU will reload its own BIOS, but use the migrated start
addresses, which does not work if the values differ.

Fix this by not relying on the migrated values anymore, but still
provide them during migration, so existing QEMUs continue to work.

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Alexander Yarygin
e468b6730c s390x/ipl: Support IPL from selected SCSI device
If bootindex is specified for a device, we need to IPL from
it. Currently it works for ccw devices, but not for SCSI. To be able to
IPL from the specific device, pc-bios needs to know its address.
For this reason we add special QEMU_SCSI IPL type into the IPLB
structure, that contains the scsi device address.

We enhance the ipl block with a currently qemu-only parameter block
that allows us to specify a concrete scsi device.

Signed-off-by: Alexander Yarygin <yarygin@linux.vnet.ibm.com>
Reviewed-by: Eric Farman <farman@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-07-11 09:48:05 +02:00
Haozhong Zhang
217f1b4a72 target-i386: Publish advised value of MSR_IA32_FEATURE_CONTROL via fw_cfg
It's a prerequisite that certain bits of MSR_IA32_FEATURE_CONTROL should
be set before some features (e.g. VMX and LMCE) can be used, which is
usually done by the firmware. This patch adds a fw_cfg file
"etc/msr_feature_control" which contains the advised value of
MSR_IA32_FEATURE_CONTROL and can be used by guest firmware (e.g. SeaBIOS).

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-07 15:25:31 -03:00
Igor Mammedov
6aff24c6a6 pc: Parse CPU features only once
Considering that features are converted to global properties and
global properties are automatically applied to every new instance
of created CPU (at object_new() time), there is no point in
parsing cpu_model string every time a CPU created. So move
parsing outside CPU creation loop and do it only once.

Parsing also should be done before any CPU is created so that
features would affect the first CPU a well.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-07 15:25:06 -03:00
Igor Mammedov
09f71b054a arm: virt: Parse cpu_model only once
Considering that features are converted to global properties and
global properties are automatically applied to every new instance
of created CPU (at object_new() time), there is no point in
parsing cpu_model string every time a CPU created. So move
parsing outside CPU creation loop and do it only once.

Parsing also should be done before any CPU is created so that
features would affect the first CPU a well.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-07 15:25:05 -03:00
Igor Mammedov
62a48a2a57 cpu: Use CPUClass->parse_features() as convertor to global properties
Currently CPUClass->parse_features() is used to parse -cpu
features string and set properties on created CPU instances.

But considering that features specified by -cpu apply to every
created CPU instance, it doesn't make sense to parse the same
features string for every CPU created. It also makes every target
that cares about parsing features string explicitly call
CPUClass->parse_features() parser, which gets in a way if we
consider using generic device_add for CPU hotplug as device_add
has not a clue about CPU specific hooks.

Turns out we can use global properties mechanism to set
properties on every created CPU instance for a given type. That
way it's possible to convert CPU features into a set of global
properties for CPU type specified by -cpu cpu_model and common
Device.device_post_init() will apply them to CPU of given type
automatically regardless whether it's manually created CPU or CPU
created with help of device_add.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-07 15:25:01 -03:00
Eduardo Habkost
adae837d40 vl: Set errp to &error_abort on machine compat_props
Use the new GlobalProperty.errp field to handle compat_props
errors.

Example output before this change:
(with an intentionally broken entry added to PC_COMPAT_1_3 just
for testing)

  $ qemu-system-x86_64 -machine pc-1.3
  qemu-system-x86_64: hw/core/qdev-properties.c:1091: qdev_prop_set_globals_for_type: Assertion `prop->user_provided' failed.
  Aborted (core dumped)

After:

  $ qemu-system-x86_64 -machine pc-1.3
  Unexpected error in x86_cpuid_set_vendor() at /home/ehabkost/rh/proj/virt/qemu/target-i386/cpu.c:1688:
  qemu-system-x86_64: can't apply global cpu.vendor=x: Property '.vendor' doesn't take value 'x'
  Aborted (core dumped)

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-07 15:24:55 -03:00
Eduardo Habkost
39a3b377b8 machine: Add machine_register_compat_props() function
Move the compat_props handling to core machine code.

Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-07 15:24:54 -03:00
Eduardo Habkost
77280adbdf qdev: GlobalProperty.errp field
The new field will allow error handling to be configured by
qdev_prop_register_global() callers: &error_fatal and
&error_abort can be used to make QEMU exit or abort if any errors
are reported when applying the properties.

While doing it, change the error message from "global %s.%s=%s
ignored" to "can't apply global %s.%s=%s".

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-07 15:24:52 -03:00
Eduardo Habkost
8d76bfe8f8 qdev: Eliminate qemu_add_globals() function
The function is just a helper to handle the -global options, it
can stay in vl.c like most qemu_opts_foreach() calls.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-07 15:24:50 -03:00
Eduardo Habkost
823efc5d26 qdev: Don't stop applying globals on first error
qdev_prop_set_globals_for_type() stops applying global properties
on the first error. It is a leftover from when QEMU exited on any
error when applying global property. Commit 25f8dd9 changed the
fatal error to a warning, but neglected to drop the stopping.
Fix that.

For example, the following command-line will not set CPUID level
to 3, but will warn only about "x86_64-cpu.vendor" being ignored.

  $ ./x86_64-softmmu/qemu-system-x86_64 \
      -global x86_64-cpu.vendor=x \
      -global x86_64-cpu.level=3
  qemu-system-x86_64: Warning: global x86_64-cpu.vendor=x ignored: Property '.vendor' doesn't take value 'x'

Fix this by not returning from qdev_prop_set_globals_for_type()
on the first error.

Cc: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-07-07 15:24:47 -03:00
Jean-Christophe Dubois
66542f6399 i.MX: split the GPT timer implementation into per SOC definitions
In various Freescale SOCs, the GPT timers can be configured to select
its input clock.

Depending on the SOC the set of available input clocks may vary.

The actual single GPT definition was no good enough and because of it
booting the sabrelite board with a i.MX6DL device tree would fail
because of an incorrect input clock definition for the i.MX6DL SOC.

This patch fixes the i.MX6DL boot failure by adding the ability to
define a different set of input clocks depending on the considered SOC.

A different class has been defined for i.MX25, i.MX31 and i.MX6 each with
its specific set of input clocks.

The patch has been tested by booting KZM, i.MX25 PDK, i.MX6Q sabrelite
and i.MX6DL sabrelite.

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 1467325619-8374-1-git-send-email-jcd@tribudubois.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: fixed spacing round '/' operator]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-07 13:47:01 +01:00
Shannon Zhao
eef9f19eea hw/block/m25p80: fix resource leak
These two are spot by Coverity 1357232 and 1357233.

Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Message-id: 1467684998-12076-1-git-send-email-zhaoshenglong@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-07 13:47:01 +01:00
Peter Maydell
e0dadc1e9e aux: Rename aux.[ch] to auxbus.[ch] for the benefit of Windows
On Windows 'aux.*' is a reserved name and cannot be used for
filenames; see
  https://msdn.microsoft.com/en-gb/library/windows/desktop/aa365247(v=vs.85).aspx

This prevents cloning the QEMU git repo on Windows:

C:\Java\sources\kvm> git clone https://github.com/qemu/qemu.git
Cloning into 'qemu'...
remote: Counting objects: 279563, done.
remote: Total 279563 (delta 0), reused 0 (delta 0), pack-reused 279563R
Receiving objects: 100% (279563/279563), 122.45 MiB | 3.52 MiB/s, done.
Resolving deltas: 100% (221942/221942), done.
Checking connectivity... done.
error: unable to create file hw/misc/aux.c (No such file or directory)
error: unable to create file include/hw/misc/aux.h (No such file or directory)
Checking out files: 100% (4795/4795), done.
fatal: unable to checkout working tree
warning: Clone succeeded, but checkout failed.
You can inspect what was checked out with 'git status'
and retry the checkout with 'git checkout -f HEAD'

(bug https://bugs.launchpad.net/bugs/1595240)

Rename the offending files for the benefit of Windows.

Reported-by: Алексей Курган <akurgan@yandex.ru>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Wei Huang <wei@redhat.com>
Tested-by: KONRAD Frederic <fred.konrad@greensocs.com>
Message-id: 1467377145-32385-1-git-send-email-peter.maydell@linaro.org
2016-07-07 13:47:01 +01:00
Paolo Bonzini
5229f45bd9 aux: fix break that wanted to break two levels out
The last "ret = AUX_I2C_NACK;" is dead, because it is always overridden
by AUX_I2C_ACK.  What really the code wants is to jump out of the switch
statement, and a "return" will not cut it because it would omit a debug
printf.

Change the logic so that we can break out of the while loop.  For clarity,
hoist the bus->last_* assignments up, right after i2c_start_transfer.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-07 13:47:00 +01:00
Paolo Bonzini
bb14a1eda0 xlnx_dp: fix iffy xlnx_dp_aux_push_tx_fifo
xlnx_dp_aux_push_tx_fifo takes an immediate uint8_t and a buffer length,
which must be 1 because that is how many uint8_t's fit in a uint8_t.
Sure enough, that is what xlnx_dp_write passes to it, but the function
is just weird.  Therefore, make xlnx_dp_aux_push_tx_fifo look like
xlnx_dp_aux_push_rx_fifo, taking a pointer to the buffer.

Reported by Coverity.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-07 13:47:00 +01:00
Jason Wang
69e87b3268 tap: vhost busy polling support
This patch add the capability of basic vhost net busy polling which is
supported by recent kernel. User could configure the maximum number of
us that could be spent on busy polling through a new property of tap
"poll-us".

Cc: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-07-07 14:29:04 +08:00
Peter Maydell
0c56c6ab68 spice and qxl bugfixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXfNLqAAoJEEy22O7T6HE41IQQANvL1W2WNdzbhjKypNK/R4lU
 dXu1RYks0zs/R4e9jGz9f7BR13WltOkuADOWjyECmQ8KZGlX/Dr0H7UeSA74hs9U
 ZqMXZm1L0Hr8vJIp+JtqejSXKVFWzgb2jduAjA/Oedly8IGuRm6pY8XM6CnGcrAt
 w9A9NG3KKgWoYB5laF7UZUgs+QaREgZT2JGbQJOUxHA/q0Ony3NF4OjTJaT5QkLP
 yoVaBQ1LiXFgOJVub+6rAgturW3fmp/vcAeA5KTaRHqFHD0fbMBtaGnRwDdKtDf+
 8YqYWNCL/QfVL6B+uSEUdFn8TgApr7RiAIeAPgSqaz354Lm99/TJNd217CKgsJrE
 PHq7mXrHcll5PmDcBbXJISVl3a1/kxsgXV2yH1wweIW+MPxvu3bAHweKWKBJCIvw
 aZTBpc7WFNJ7BxoRbTpKL0dHG2TSYSvhjislQqcwftoR/glimX+nTnChJ75yQX8F
 0q5v3MG37yZFEdSNbaMQlfvm0FdLb1DZrTmvR/23IWfd6HfE9hpsyvM9cQL0wIJt
 tPmLv39yqABajfa0inVzyHaqZdui4hGtvwYHt7BeL8t8UC7LRD9v/L6mFK9pVhK2
 YWC/XEnzg0d+MF7zCDoD99coI3iS5jgpKuRo01nRGwhK7pnbvbcYYz2WqMx42f1I
 oZO0u11rjQ0v+9yNPpsM
 =ZUKP
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20160706-1' into staging

spice and qxl bugfixes.

# gpg: Signature made Wed 06 Jul 2016 10:44:10 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/spice/tags/pull-spice-20160706-1:
  virgl: pass whole GL scanout dimensions
  spice: use the right head for multi-monitor
  virgl: count the calls to gl_block
  spice: avoid .set_mm_time on >= 0.12.6
  qxl: fix surface migration
  qxl: store memory region and offset instead of pointer for guest slots
  qxl: factor out qxl_get_check_slot_offset
  qxl: handle no updates in interface_update_area_complete
  qxl: use uint64_t for vram size

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-06 12:49:51 +01:00
Peter Maydell
975b1c3ac6 QAPI patches for 2016-07-06
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXfMjDAAoJEDhwtADrkYZTyKwP/i5Lva3qhDk9AJhvPNSbnps/
 sxVGVkUTeUM0UoXdKmDChkk2zScv2AOVxL3oibb22PmU1MvDU+XoKYokae/VucVS
 WL16t/Z77QxSJ1yKhXT3i0P7+9sR9Gq2eDHchSSITLreVO8/jNb7u1JjnV4nPyQP
 Scg6sCCnfgSw8W4EOz0wDhwXHbRv7obSY0lGUD1R6FifETHQ98rTpII0BS1AyvbF
 HIJMcGpirAe62BGNQeJv933mrD1EgRfBytQAkEL/l6DDlz/xk9AE26bsjdP5Xa9A
 MwEBje9CPm0ICleqq1ZVKNQQqng2PVfXXXdJYKQKVnIHL+REzRDKbTGTlS4njdVi
 v2i4E7MwDPIf86zRUXJ6eUkWDHgld4of2WZmoxNPZmWWmHMb31iqGcb0//mYmP06
 QOPd/uxpxg9pze4JeQMhzHCbFum2/s43cyqaH24lrwhTw3EsI45t4sgJQTG1NIFt
 ZdPXVwNBfa6ur50dsRWHYonQimpofW94YYupWLggiVGKTzvfSWVQJGc9Ho65P23y
 ZJrkbN3bWNnwVFzIbWFI5TKnE/TsnWvTPwk+9cGSP4MKf1sy6t5nIycoTiP3vC9x
 PesENYYKy5ZkOkKQpC6lGwjkMl24ii3lVl5g4vWXXjtZHwGNmq/7/UJ7Dm4htqIk
 B5gm5gQ/2Tul4Dihlteb
 =BgpV
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-07-06' into staging

QAPI patches for 2016-07-06

# gpg: Signature made Wed 06 Jul 2016 10:00:51 BST
# gpg:                using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2016-07-06:
  replay: Use new QAPI cloning
  sockets: Use new QAPI cloning
  qapi: Add new clone visitor
  qapi: Add new visit_complete() function
  tests: Factor out common code in qapi output tests
  tests: Clean up test-string-output-visitor
  qmp-output-visitor: Favor new visit_free() function
  string-output-visitor: Favor new visit_free() function
  qmp-input-visitor: Favor new visit_free() function
  string-input-visitor: Favor new visit_free() function
  opts-visitor: Favor new visit_free() function
  qapi: Add new visit_free() function
  qapi: Add parameter to visit_end_*
  qemu-img: Don't leak errors when outputting JSON
  qapi: Improve use of qmp/types.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-06 11:38:09 +01:00
Eric Blake
09204eac9b opts-visitor: Favor new visit_free() function
Now that we have a polymorphic visit_free(), we no longer need
opts_visitor_cleanup(); which in turn means we no longer need
to return a subtype from opts_visitor_new() nor a public upcast
function.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-6-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-06 10:52:04 +02:00
Eric Blake
1158bb2a05 qapi: Add parameter to visit_end_*
Rather than making the dealloc visitor track of stack of pointers
remembered during visit_start_* in order to free them during
visit_end_*, it's a lot easier to just make all callers pass the
same pointer to visit_end_*.  The generated code has access to the
same pointer, while all other users are doing virtual walks and
can pass NULL.  The dealloc visitor is then greatly simplified.

All three visit_end_*() functions intentionally take a void**,
even though the visit_start_*() functions differ between void**,
GenericList**, and GenericAlternate**.  This is done for several
reasons: when doing a virtual walk, passing NULL doesn't care
what the type is, but when doing a generated walk, we already
have to cast the caller's specific FOO* to call visit_start,
while using void** lets us use visit_end without a cast. Also,
an upcoming patch will add a clone visitor that wants to use
the same implementation for all three visit_end callbacks,
which is made easier if all three share the same signature.

For visitors with already track per-object state (the QMP visitors
via a stack, and the string visitors which do not allow nesting),
add an assertion that the caller is indeed passing the same
pointer to paired calls.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-4-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-06 10:52:04 +02:00
Eric Blake
c7eb39cbd4 qapi: Improve use of qmp/types.h
'qjson.h' is not a QObject subtype; include this file directly in
.c files that are using it, rather than abusing qmp/types.h for
that purpose.

Meanwhile, for files that include a list of individual QObject
subtypes, it's easier to just use qmp/types.h for that purpose.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-2-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-06 10:52:03 +02:00
Marc-André Lureau
9d8256ebc0 virgl: pass whole GL scanout dimensions
Spice client needs the whole GL texture dimension to be able to show a
scanout with a monitor offset (different than +0+0).

Furthermore, this fixes a crash when calling surface_{width,height}()
after dpy_gfx_replace_surface(con, NULL) was called in
virgl_cmd_set_scanout()

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1465911849-30423-4-git-send-email-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-07-06 10:32:14 +02:00
Marc-André Lureau
c540128f93 virgl: count the calls to gl_block
In virgl_cmd_resource_flush(), when several consoles are updated, it
needs to keep blocking until all spice gl draws are done. This fixes an
assert() in spice when using multiple monitors with virgl.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1465911849-30423-2-git-send-email-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-07-06 10:32:14 +02:00
John Snow
015e02f880 spice: avoid .set_mm_time on >= 0.12.6
Spice deprecated this callback in 0.12.6.
It's not a problem yet, but it will cause Clang to fail in a -Werror
build due to the deprecated tag.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1467240095-12507-2-git-send-email-jsnow@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-07-06 10:31:57 +02:00
Gerd Hoffmann
1331eab216 qxl: fix surface migration
Create a helper function qxl_dirty_one_surface() to mark a single qxl
surface as dirty.  Use the new qxl_get_check_slot_offset function and
lookup the memory region from the slot instead of assuming the surface
is stored in vram.

Use the new helper function in qxl_dirty_surfaces, for both primary and
off-screen surfaces.  For off-screen surfaces this is no functional
change.  For primary surfaces this will dirty only the memory actually
used instead of the whole surface0 region.  It will also work correctly
in case the guest places the primary surface in vram instead of the
surface0 region (linux kms driver does that).

https://bugzilla.redhat.com/show_bug.cgi?id=1235732

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1466597244-5938-3-git-send-email-kraxel@redhat.com
2016-07-06 10:31:11 +02:00
Gerd Hoffmann
3cb5158f15 qxl: store memory region and offset instead of pointer for guest slots
Store MemoryRegion and offset instead of a pointer for each qxl memory
slot, so we can easily figure in which memory region an qxl object
stored.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1466597244-5938-2-git-send-email-kraxel@redhat.com
2016-07-06 10:31:11 +02:00
Gerd Hoffmann
726bdf653a qxl: factor out qxl_get_check_slot_offset
New helper function which translates a qxl physical address into
memory slot and offset.  Also applies sanity checks.  Factored out
from qxl_phys2virt.  No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1466597244-5938-1-git-send-email-kraxel@redhat.com
2016-07-06 10:31:11 +02:00
Gerd Hoffmann
2f5ae772c6 qxl: handle no updates in interface_update_area_complete
Simply return early in case there are no updated rects.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1465395101-13580-1-git-send-email-kraxel@redhat.com
2016-07-06 10:31:02 +02:00
Gerd Hoffmann
de1b9b85ef qxl: use uint64_t for vram size
This allows for the 64bit vram bar to become larger than 2G
(try -device qxl-vga,vram64_size_mb=8192).

https://bugzilla.redhat.com/show_bug.cgi?id=1340439

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1465389648-5179-1-git-send-email-kraxel@redhat.com
2016-07-06 10:30:50 +02:00
Peter Maydell
07bee7f4f4 Block layer patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXe9ZGAAoJEH8JsnLIjy/WmIkQAKpszWb2lH1/qgnWOzOEoz9s
 FUiZlf9f2LLIXMFnBFPGVs12SkTJHedsEKo0VG/tfVQdq+xJd8gEHSUZQbH1/vgg
 ArCQ76Rwc9giCrl4AwZhETbjTtpKlapxuWwDHCNjMYY9F4jndBRC+AZKUkIGAHHJ
 8BWrmPgv8ueDZKWpQBfVmm0ItYk0g09UCgCnsiVNkEC9+nN6YQ2OCgDkzQbMj6OQ
 GxvccTelueIgmC4fQdaAEnsbqK/LyVrnZfz1Y1ilErI8ny7gmiiT5TInQXjsrzAr
 UVfycyAlVDNDVaUabi3F3b6Rpj9aBOMYsNVySmJKVeWUf2LKNy7v6T+JteFFZ3Qw
 ULddAnZIlpplL3wrzIklElw+2xz2aJ5n9SoUdzq7xKLLt8asQE6nMNsszjiow+fC
 LzbyOVP+aLVgOaUBHgt0aFShLHyGIuLAuvtaXk/wxYPDQe0Cyn4qsI41gF/VgnET
 7ueIUwgi+AWyihz1uNsqO5RgakNQqN0Ms+LAYEBu7K9t88llv8yoSl0z8Ad+ZzN2
 fdjOssU+Q26N/OAInO73W8LjWGR0N0bk0EQa4xlA0zhJKOB52RE7nDnKEchs7Xgp
 tChW084u9ixlct7u8V/cBWTEVQnW/p9fmD4RZhSE0IrkPfoTY9dmND2adTgyVc1v
 7ONXnUCGoHcHVPNMVGG0
 =jKrb
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches

# gpg: Signature made Tue 05 Jul 2016 16:46:14 BST
# gpg:                using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream: (43 commits)
  block/qcow2: Don't use cpu_to_*w()
  block: Convert bdrv_co_preadv/pwritev to BdrvChild
  block: Convert bdrv_prwv_co() to BdrvChild
  block: Convert bdrv_pwrite_zeroes() to BdrvChild
  block: Convert bdrv_pwrite(v/_sync) to BdrvChild
  block: Convert bdrv_pread(v) to BdrvChild
  block: Convert bdrv_write() to BdrvChild
  block: Convert bdrv_read() to BdrvChild
  block: Use BlockBackend for I/O in bdrv_commit()
  block: Move bdrv_commit() to block/commit.c
  block: Convert bdrv_co_do_readv/writev to BdrvChild
  block: Convert bdrv_aio_writev() to BdrvChild
  block: Convert bdrv_aio_readv() to BdrvChild
  block: Convert bdrv_co_writev() to BdrvChild
  block: Convert bdrv_co_readv() to BdrvChild
  vhdx: Some more BlockBackend use in vhdx_create()
  blkreplay: Convert to byte-based I/O
  vvfat: Use BdrvChild for s->qcow
  block/qdev: Fix NULL access when using BB twice
  block: fix return code for partial write for Linux AIO
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-05 17:53:02 +01:00
Peter Maydell
791b7d2340 pc, pci, virtio: new features, cleanups, fixes
iommus can not be added with -device.
 cleanups and fixes all over the place
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXe4l4AAoJECgfDbjSjVRpIz4IALye7mKG61/POA4Gqmhalc3d
 HnlNSZ2YcKAuvPg7WWkBuRacrQvVY/MbW1mLloG1lY0tdFgZG8Cy+CY6wJg1NE4c
 cXd+77vHkIyrnl+Nil+QOgTFiAsMnD+mXHHsnCDw2jGn3JbgVNuCMi7V34fGkQd2
 PDkZyYfwTqO3HytuG0/j2Somc9du1gjYdn+9qigfZVgP96jGDojBuJWuuU5flCB3
 Kj5xrOuI01XlbdTk71tVjBJBektQurWr6r7GECDqZIpUfc+BI70FU9jPh+OlLTO/
 92yi29ncjyStz4tRnf18xoQ8uBgH/tD1xigEUPRtnm1+0i/tgONBL8cAdBF9FBE=
 =ABGE
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc, pci, virtio: new features, cleanups, fixes

iommus can not be added with -device.
cleanups and fixes all over the place

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 05 Jul 2016 11:18:32 BST
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream: (30 commits)
  vmw_pvscsi: remove unnecessary internal msi state flag
  e1000e: remove unnecessary internal msi state flag
  vmxnet3: remove unnecessary internal msi state flag
  mptsas: remove unnecessary internal msi state flag
  megasas: remove unnecessary megasas_use_msi()
  pci: Convert msi_init() to Error and fix callers to check it
  pci bridge dev: change msi property type
  megasas: change msi/msix property type
  mptsas: change msi property type
  intel-hda: change msi property type
  usb xhci: change msi/msix property type
  change pvscsi_init_msi() type to void
  tests: add APIC.cphp and DSDT.cphp blobs
  tests: acpi: add CPU hotplug testcase
  log: Permit -dfilter 0..0xffffffffffffffff
  range: Replace internal representation of Range
  range: Eliminate direct Range member access
  log: Clean up misuse of Range for -dfilter
  pci_register_bar: cleanup
  Revert "virtio-net: unbreak self announcement and guest offloads after migration"
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-05 16:48:24 +01:00
Kevin Wolf
a9d52a7563 block/qdev: Fix NULL access when using BB twice
BlockBackend has only a single pointer to its guest device, so it makes
sure that only a single guest device is attached to it. device-add
returns an error if you try to attach a second device to a BB. In order
to make the error message nicer, -device that manually connects to a
if=none block device get a different message than -drive that implicitly
creates a guest device. The if=... option is stored in DriveInfo.

However, since blockdev-add exists, not every BlockBackend has a
DriveInfo any more. Check that it exists before we dereference it.

QMP reproducer resulting in a segfault:

{"execute":"blockdev-add","arguments":{"options":{"id":"disk","driver":"file","filename":"/tmp/test.img"}}}
{"execute":"device_add","arguments":{"driver":"virtio-blk-pci","drive":"disk"}}
{"execute":"device_add","arguments":{"driver":"virtio-blk-pci","drive":"disk"}}

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-07-05 16:46:26 +02:00
Eric Blake
5def6b80e1 block: Switch transfer length bounds to byte-based
Sector-based limits are awkward to think about; in our on-going
quest to move to byte-based interfaces, convert max_transfer_length
and opt_transfer_length.  Rename them (dropping the _length suffix)
so that the compiler will help us catch the change in semantics
across any rebased code, and improve the documentation.  Use unsigned
values, so that we don't have to worry about negative values and
so that bit-twiddling is easier; however, we are still constrained
by 2^31 of signed int in most APIs.

When a value comes from an external source (iscsi and raw-posix),
sanitize the results to ensure that opt_transfer is a power of 2.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-05 16:46:25 +02:00
Eric Blake
24ce9a2026 block: Give nonzero result to blk_get_max_transfer_length()
Making all callers special-case 0 as unlimited is awkward,
and we DO have a hard maximum of BDRV_REQUEST_MAX_SECTORS given
our current block layer API limits.

In the case of scsi, this means that we now always advertise a
limit to the guest, even in cases where the underlying layers
previously use 0 for no inherent limit beyond the block layer.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-05 16:46:25 +02:00
Eric Blake
efaf4781a9 scsi: Advertise limits by blocksize, not 512
s->blocksize may be larger than 512, in which case our
tweaks to max_xfer_len and opt_xfer_len must be scaled
appropriately.

CC: qemu-stable@nongnu.org
Reported-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-05 16:46:25 +02:00
Peter Maydell
60a0f1af07 ipxe: update submodule from 4e03af8ec to 041863191
e1000e+vmxnet3: add boot rom
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXegFqAAoJEEy22O7T6HE4BasP/A3kDhgn6J3dqJN85eVw9jcb
 52zxttQuDJBibVKZaSIRiZAnBCTEn5WbUvZ5ZRTt5MVH3Whhv09ZhLfdWUJho9az
 Dnebv3wqyHg3SlAWFNBE3CjSkHswwIAhTrERqjJqXL2jU2erPAHIdTzprx1LdGc7
 hKxNy9tPHjyEeGWLUWrTCIC/YcTNkIp1gdSNcVIQ8TbEHIqo0vSK1Jyl429GYVYD
 bZO6VbX5D/QAEHs6a+Twf5lFnLZ4hlplm+9SbfjsfaVocx/+D5VtMD0AgYukR60M
 sHNKqzRimHsLQoz1PV4z9+ZexRDdge4y0eNlVHM8XdXYq0AHybv2/MYW6DHBAXaE
 nayEPPrwNnOVnE95Xgn03CtpddbQ2hAUXObm8gm6aAJEpXh8SeL7YLAYrYJtF5Oq
 cpB0ks0zDZZRPAr/c0gy075IbB3ITGUcphFid9lpn5ork/YYD/y5//GVB22IrOvQ
 qT0IXtmL7OA71i7XOvxYejdTWcArpzgWnOXmh7eVjumxDicC+B3JIORZutKaXHDu
 w9LFnz5l1DyIM0nLEJb2onP4lXRlYdyeiSHjQi4HH6fLEqZERfKlWvftRiE7agGq
 nt6QaFFeSXqaaDOjfmPFLF2RmIgTHzit279WcWGUQXkbWKvQSCgRB26LBGZ6kFB2
 Z1lTOF1b2zUjpKEsuFH2
 =zaj0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-ipxe-20160704-1' into staging

ipxe: update submodule from 4e03af8ec to 041863191
e1000e+vmxnet3: add boot rom

# gpg: Signature made Mon 04 Jul 2016 07:25:46 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-ipxe-20160704-1:
  build: add pc-bios to config-host.mak deps
  ipxe: add new roms to BLOBS
  ipxe: update prebuilt binaries
  vmxnet3: add boot rom
  e1000e: add boot rom
  ipxe: add vmxnet3 rom
  ipxe: add e1000e rom
  ipxe: update submodule from 4e03af8ec to 041863191

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-05 12:46:18 +01:00
Cao jin
269fe4c3ab vmw_pvscsi: remove unnecessary internal msi state flag
Internal flag msi_used is uncesessary, msi_uninit() could be called
directly, msi_enabled() is enough to check device msi state.

But for migration compatibility, keep the field in structure.

cc: Paolo Bonzini <pbonzini@redhat.com>
cc: Dmitry Fleytman <dmitry@daynix.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-07-05 13:14:41 +03:00
Cao jin
66bf7d58d8 e1000e: remove unnecessary internal msi state flag
Internal big flag E1000E_USE_MSI is unnecessary, also is the helper
function: e1000e_init_msi(), e1000e_cleanup_msi(), so, remove them all.

cc: Dmitry Fleytman <dmitry@daynix.com>
cc: Jason Wang <jasowang@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-07-05 13:14:41 +03:00
Cao jin
1070048eae vmxnet3: remove unnecessary internal msi state flag
Internal flag msi_used is unnecessary, it has the same effect as msi_enabled().
msi_uninit() could be called directly without risk.

cc: Paolo Bonzini <pbonzini@redhat.com>
cc: Dmitry Fleytman <dmitry@daynix.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-05 13:14:41 +03:00
Cao jin
2e2aa31674 mptsas: remove unnecessary internal msi state flag
internal flag msi_in_use in unnecessary, msi_uninit() could be called
directly, and msi_enabled() is enough to check device msi state.

cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>
cc: Paolo Bonzini <pbonzini@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-05 13:14:41 +03:00
Cao jin
afea4e1410 megasas: remove unnecessary megasas_use_msi()
megasas overwrites user configuration when msi_init fail to flag internal msi
state, which is unsuitable. megasa_use_msi() is unnecessary, we can call
msi_uninit() directly when unrealize, even no need to call msi_enabled() first.

cc: Hannes Reinecke <hare@suse.de>
cc: Paolo Bonzini <pbonzini@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>

Acked-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-05 13:14:41 +03:00
Cao jin
1108b2f8a9 pci: Convert msi_init() to Error and fix callers to check it
msi_init() reports errors with error_report(), which is wrong
when it's used in realize().

Fix by converting it to Error.

Fix its callers to handle failure instead of ignoring it.

For those callers who don't handle the failure, it might happen:
when user want msi on, but he doesn't get what he want because of
msi_init fails silently.

cc: Gerd Hoffmann <kraxel@redhat.com>
cc: John Snow <jsnow@redhat.com>
cc: Dmitry Fleytman <dmitry@daynix.com>
cc: Jason Wang <jasowang@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>
cc: Hannes Reinecke <hare@suse.de>
cc: Paolo Bonzini <pbonzini@redhat.com>
cc: Alex Williamson <alex.williamson@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
2016-07-05 13:14:41 +03:00
Cao jin
69b205bb0b pci bridge dev: change msi property type
>From bit to enum OnOffAuto.

cc: Michael S. Tsirkin <mst@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-05 13:14:41 +03:00
Cao jin
b4b4a57fa6 megasas: change msi/msix property type
>From bit to enum OnOffAuto.

cc: Hannes Reinecke <hare@suse.de>
cc: Paolo Bonzini <pbonzini@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
2016-07-05 13:14:41 +03:00
Cao jin
444dd1af1c mptsas: change msi property type
>From uint32 to enum OnOffAuto, and give it a shorter name.

cc: Paolo Bonzini <pbonzini@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-05 13:14:41 +03:00
Cao jin
c0f2abff73 intel-hda: change msi property type
>From uint32 to enum OnOffAuto.

cc: Gerd Hoffmann <kraxel@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-05 13:14:41 +03:00
Cao jin
290fd20db6 usb xhci: change msi/msix property type
>From bit to enum OnOffAuto

cc: Gerd Hoffmann <kraxel@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-05 13:14:41 +03:00
Cao jin
b2e1fffb5a change pvscsi_init_msi() type to void
Nobody use its return value, so change the type to void.

cc: Michael S. Tsirkin <mst@redhat.com>
cc: Paolo Bonzini <pbonzini@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Dmitry Fleytman <dmitry@daynix.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-05 13:14:41 +03:00
Benjamin Herrenschmidt
912acdf487 ppc/hash64: Add proper real mode translation support
This adds proper support for translating real mode addresses based
on the combination of HV and LPCR bits. This handles HRMOR offset
for hypervisor real mode, and both RMA and VRMA modes for guest
real mode. PAPR mode adjusts the offsets appropriately to match the
RMA used in TCG, but we need to limit to the max supported by the
implementation (16G).

This includes some fixes by Cédric Le Goater <clg@kaod.org>

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[dwg: Adjusted for differences in my version of the prereq patches]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-05 14:31:08 +10:00
Cédric Le Goater
1f0252e66e ppc: simplify ppc_hash64_hpte_page_shift_noslb()
The segment page shift parameter is never used. Let's remove it.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-05 14:31:08 +10:00
Alexey Kardashevskiy
ae4de14cd3 spapr_pci/spapr_pci_vfio: Support Dynamic DMA Windows (DDW)
This adds support for Dynamic DMA Windows (DDW) option defined by
the SPAPR specification which allows to have additional DMA window(s)

The "ddw" property is enabled by default on a PHB but for compatibility
the pseries-2.6 machine and older disable it.
This also creates a single DMA window for the older machines to
maintain backward migration.

This implements DDW for PHB with emulated and VFIO devices. The host
kernel support is required. The advertised IOMMU page sizes are 4K and
64K; 16M pages are supported but not advertised by default, in order to
enable them, the user has to specify "pgsz" property for PHB and
enable huge pages for RAM.

The existing linux guests try creating one additional huge DMA window
with 64K or 16MB pages and map the entire guest RAM to. If succeeded,
the guest switches to dma_direct_ops and never calls TCE hypercalls
(H_PUT_TCE,...) again. This enables VFIO devices to use the entire RAM
and not waste time on map/unmap later. This adds a "dma64_win_addr"
property which is a bus address for the 64bit window and by default
set to 0x800.0000.0000.0000 as this is what the modern POWER8 hardware
uses and this allows having emulated and VFIO devices on the same bus.

This adds 4 RTAS handlers:
* ibm,query-pe-dma-window
* ibm,create-pe-dma-window
* ibm,remove-pe-dma-window
* ibm,reset-pe-dma-window
These are registered from type_init() callback.

These RTAS handlers are implemented in a separate file to avoid polluting
spapr_iommu.c with PCI.

This changes sPAPRPHBState::dma_liobn to an array to allow 2 LIOBNs
and updates all references to dma_liobn. However this does not add
64bit LIOBN to the migration stream as in fact even 32bit LIOBN is
rather pointless there (as it is a PHB property and the management
software can/should pass LIOBNs via CLI) but we keep it for the backward
migration support.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-05 14:31:08 +10:00
Alexey Kardashevskiy
2e4109de8e vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)
New VFIO_SPAPR_TCE_v2_IOMMU type supports dynamic DMA window management.
This adds ability to VFIO common code to dynamically allocate/remove
DMA windows in the host kernel when new VFIO container is added/removed.

This adds a helper to vfio_listener_region_add which makes
VFIO_IOMMU_SPAPR_TCE_CREATE ioctl and adds just created IOMMU into
the host IOMMU list; the opposite action is taken in
vfio_listener_region_del.

When creating a new window, this uses heuristic to decide on the TCE table
levels number.

This should cause no guest visible change in behavior.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
[dwg: Added some casts to prevent printf() warnings on certain targets
 where the kernel headers' __u64 doesn't match uint64_t or PRIx64]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-05 14:31:08 +10:00
Alexey Kardashevskiy
f4ec5e26ed vfio: Add host side DMA window capabilities
There are going to be multiple IOMMUs per a container. This moves
the single host IOMMU parameter set to a list of VFIOHostDMAWindow.

This should cause no behavioral change and will be used later by
the SPAPR TCE IOMMU v2 which will also add a vfio_host_win_del() helper.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-05 14:31:08 +10:00
Alexey Kardashevskiy
318f67ce13 vfio: spapr: Add DMA memory preregistering (SPAPR IOMMU v2)
This makes use of the new "memory registering" feature. The idea is
to provide the userspace ability to notify the host kernel about pages
which are going to be used for DMA. Having this information, the host
kernel can pin them all once per user process, do locked pages
accounting (once) and not spent time on doing that in real time with
possible failures which cannot be handled nicely in some cases.

This adds a prereg memory listener which listens on address_space_memory
and notifies a VFIO container about memory which needs to be
pinned/unpinned. VFIO MMIO regions (i.e. "skip dump" regions) are skipped.

The feature is only enabled for SPAPR IOMMU v2. The host kernel changes
are required. Since v2 does not need/support VFIO_IOMMU_ENABLE, this does
not call it when v2 is detected and enabled.

This enforces guest RAM blocks to be host page size aligned; however
this is not new as KVM already requires memory slots to be host page
size aligned.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[dwg: Fix compile error on 32-bit host]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-05 14:30:54 +10:00
Alexey Kardashevskiy
606b54986d spapr_iommu: Realloc guest visible TCE table when starting/stopping listening
The sPAPR TCE tables manage 2 copies when VFIO is using an IOMMU -
a guest view of the table and a hardware TCE table. If there is no VFIO
presense in the address space, then just the guest view is used, if
this is the case, it is allocated in the KVM. However since there is no
support yet for VFIO in KVM TCE hypercalls, when we start using VFIO,
we need to move the guest view from KVM to the userspace; and we need
to do this for every IOMMU on a bus with VFIO devices.

This implements the callbacks for the sPAPR IOMMU - notify_started()
reallocated the guest view to the user space, notify_stopped() does
the opposite.

This removes explicit spapr_tce_set_need_vfio() call from PCI hotplug
path as the new callbacks do this better - they notify IOMMU at
the exact moment when the configuration is changed, and this also
includes the case of PCI hot unplug.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-05 10:43:02 +10:00
Bharata B Rao
7093645a84 spapr: Ensure thread0 of CPU core is always realized first
During CPU core realization, we create all the thread objects and parent
them to the core object in a loop. However, the realization of thread
objects is done separately by walking the threads of a core using
object_child_foreach(). With this, there is no guarantee on the order
in which the child thread objects get realized. Since CPU device tree
properties are currently derived from the CPU thread object, we assume
thread0 of the core to be the representative thread of the core when
creating device tree properties for the core. If thread0 is not the
first thread that gets realized, then we would end up having an
incorrect dt_id for the core and this causes hotplug failures from
the guest.

Fix this by realizing each thread object by walking the core's thread
object list thereby ensuring that thread0 and other threads are always
realized in the correct order.

Future TODO: CPU DT nodes are per-core properties and we should
ideally base the creation of CPU DT nodes on core objects rather than
the thread objects.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-05 10:43:02 +10:00
Markus Armbruster
a0efbf1660 range: Eliminate direct Range member access
Users of struct Range mess liberally with its members, which makes
refactoring hard.  Create a set of methods, and convert all users to
call them instead of accessing members.  The methods have carefully
worded contracts, and use assertions to check them.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-04 16:49:33 +03:00
Cao jin
5178ecd863 pci_register_bar: cleanup
place relevant code tegother, make the code easier to read

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-04 16:49:33 +03:00
Cédric Le Goater
e1ad9bc405 ast2400: create SPI flash slaves
A set of SPI flash slaves is attached under the flash controllers of
the palmetto platform. "n25q256a" flash modules are used for the BMC
and "mx25l25635e" for the host. These types are common in the
OpenPower ecosystem.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-9-git-send-email-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-04 13:15:22 +01:00
Cédric Le Goater
924ed16386 ast2400: add SPI flash slaves
Each controller on the ast2400 has a memory range on which it maps its
flash module slaves. Each slave is assigned a memory segment for its
mapping that can be changed at bootime with the Segment Address
Register. This is not supported in the current implementation so we
are using the defaults provided by the specs.

Each SPI flash slave can then be accessed in two modes: Command and
User. When in User mode, accesses to the memory segment of the slaves
are translated in SPI transfers. When in Command mode, the HW
generates the SPI commands automatically and the memory segment is
accessed as if doing a MMIO. Other SPI controllers call that mode
linear addressing mode.

For this purpose, we are adding below each crontoller an array of
structs gathering for each SPI flash module, a segment rank, a
MemoryRegion to handle the memory accesses and the associated SPI
slave device, which should be a m25p80.

Only the User mode is supported for now but we are preparing ground
for the Command mode. The framework is sufficient to support Linux.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-8-git-send-email-clg@kaod.org
[PMM: Use g_new0() rather than g_malloc0()]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-04 13:15:22 +01:00
Cédric Le Goater
7c1c69bca4 ast2400: add SMC controllers (FMC and SPI)
The Aspeed AST2400 soc includes a static memory controller for the BMC
which supports NOR, NAND and SPI flash memory modules. This controller
has two modes : the SMC for the legacy interface which supports only
one module and the FMC for the new interface which supports up to five
modules. The AST2400 also includes a SPI only controller used for the
host firmware, commonly called BIOS on Intel. It can be used in three
mode : a SPI master, SPI slave and SPI pass-through

Below is the initial framework for the SMC controller (FMC mode only)
and the SPI controller: the sysbus object, MMIO for registers
configuration and controls. Each controller has a SPI bus and a
configurable number of CS lines for SPI flash slaves.

The differences between the controllers are small, so they are
abstracted using indirections on the register numbers.

Only SPI flash modules are supported.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-7-git-send-email-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added one missing error_propagate]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-04 13:15:22 +01:00
Paolo Bonzini
73bce5187b m25p80: qdev-ify drive property
This allows specifying the property via -drive if=none and creating
the flash device with -device.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-6-git-send-email-clg@kaod.org
[clg: added an extra fix for sabrelite_init()
      keeping the test on flash_dev did not seem necessary. ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-04 13:15:22 +01:00
Paolo Bonzini
b7f480c3f6 m25p80: change cur_addr to 32 bit integer
The maximum amount of storage that can be addressed by the m25p80 command
set is 4 GiB.  However, cur_addr is currently a 64-bit integer.  To avoid
further problems related to sign extension of signed 32-bit integer
expressions, change cur_addr to a 32 bit integer.  Preserve migration
format by adding a dummy 4-byte field in place of the (big-endian)
high four bytes in the formerly 64-bit cur_addr field.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-5-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-04 13:15:22 +01:00
Paolo Bonzini
b68cb06093 m25p80: avoid out of bounds accesses
s->cur_addr can be made to point outside s->storage, either by
writing a value >= 128 to s->ear (because s->ear * MAX_3BYTES_SIZE
is a signed integer and sign-extends into the 64-bit cur_addr),
or just by writing an address beyond the size of the flash being
emulated.  Avoid the sign extension to make the code cleaner, and
on top of that mask s->cur_addr to s->size.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-4-git-send-email-clg@kaod.org
Reviewed by: Marcin Krzeminski <marcin.krzeminski@nokia.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-04 13:15:22 +01:00
Paolo Bonzini
cace7b801d m25p80: do not put iovec on the stack
When doing a read-modify-write cycle, QEMU uses the iovec after returning
from blk_aio_pwritev.  m25p80 puts the iovec on the stack of blk_aio_pwritev's
caller, which causes trouble in this case.  This has been a problem
since commit 243e6f6 ("m25p80: Switch to byte-based block access",
2016-05-12) started doing writes at a smaller granularity than 512 bytes.
In principle however it could have broken before when using -drive
if=mtd,cache=none on a disk with 4K native sectors.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-3-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-04 13:15:22 +01:00