-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVPnmrAAoJECgHk2+YTcWm9fkQALwhU06fh1C3zOqW162cYnPi
omkrj89606UzbpC9/NxP1XsjJcXysjD2Dn+yZ5F4WKwHOuqRcoj9wdp/PdE1+lUt
+Dwl3+c0waVmRm91fBA71EgkENGpd1+d0BmddAKhCcoM/R1qtH/RJBVmmojHnt7g
43uAVunV2PLpnW00nug4fJZnjS/MN3d5MDyJLw0AbaLLGDojG7r9sI6UMbOK8I2l
zjCX+RUDAzf4QPPszwvwD+2JsZOSUoqNRts42FxGe1AOMvH4REBnIJZzbFoZ58lr
tqL+1vJYx6HHvvZu0/gWSD4tmQenWelhlfVIig1L02srJKLq2Zw6oq18D9QOJXdd
7a/lkM+RRCFYwBQR/74ZIFEvS5VxtJzQbxpuHAf0A5tjHzV7E97Nz7SwvuSAAdCv
aKQSKqMa5aQFxCaUK6sl7u5X08Av9o6cNg2z7Ri+hFFVXQu1JIKoNFxPH9As/gDZ
YtGSrsVDBEYHxLF70iLXWEMdxM5j5Aec1HIBYWGXA930hSXDxZYRSFnbRhiPe7HI
wArOPvk81w/DrD0Pqy+4r9emxPsiDbAn/U03VYHVoSZXl6BbHN8gMnyF+X0sZT3f
kaLQEFihzTHron7b3nzfrFsktkbrRWnxCeqVhhMn0yPCZwJV6I/MD01FcDdTe7y0
f16IYLpvqMDTDT+HUt/d
=P+kR
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into staging
NUMA queue, 2015-04-27
# gpg: Signature made Mon Apr 27 19:02:19 2015 BST using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/numa-pull-request:
MAINTAINERS: Add myself as NUMA code maintainer
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* memory system updates to support transaction attributes
* set user-mode and secure attributes for accesses made by ARM CPUs
* rename c1_coproc to cpacr_el1
* adjust id_aa64pfr0 when has_el3 CPU property disabled
* allow ARMv8 SCR.SMD updates
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVPlJWAAoJEDwlJe0UNgzeX6wP/3VRL+vFcgTugqLtG5MNpWl1
FOjWikAKY6NNjddduK4e7gusy3a9NVnLJnqEfBL+9PYsWyMkDPJKgVzy+4gBl6Yy
M5kGlemzLF1Fnx0ORXRLN4MHXDnrr7JIKtscKVMIZHG4YyqkWpd/iVWu+IlB+F2e
S10QT+Djv3eAR/hu64CbdgQ+d2EzP5z84t+qIB/BMSklZ+wv/MFctotUb2LY+6xT
9Sj1s1820BJGK1prFg9yb4NKsGcmwbn490bVb5Q6t5otqwns4O1LHlVLRpN5HAXB
XReCuyaTBif1sD/iRlBTZGBdbM9p4UEPFwFDA8CEToZlRQemm7y+YZxkNgVLSVX3
SeCUuYz81kklRmC4egKeMs1l4jKmNCKvHhoO/XpEVAwlIcf/Aap/Bm31G1hB5moI
Ao0yEd9PXOinOxUSNUtmdM0CfVx7Rmja98Li4/7+GcgsyqOVO2M+dOp5dR5JUumf
YbnYxegoxAGCSvXtmGqwPOnFcIpXJ/0a4mjVx40govnYC1KEc97KA+//pFQIy8s8
cDKFYSVdpZ6VJ5M1V2fr4uUPa7phTZQDw8k7UoxzcjfL/ABQErkQG7ABcx+Q1txZ
K7pA8LtCxInn+Ah03VPya2BRpb1eC+7ycr7ezb0Vlc7XtxgRqWGesvcWAr9z+Jtm
eyr8k+QtnO9ic7Pgpt8M
=hDRI
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150427' into staging
target-arm queue:
* memory system updates to support transaction attributes
* set user-mode and secure attributes for accesses made by ARM CPUs
* rename c1_coproc to cpacr_el1
* adjust id_aa64pfr0 when has_el3 CPU property disabled
* allow ARMv8 SCR.SMD updates
# gpg: Signature made Mon Apr 27 16:14:30 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20150427:
Allow ARMv8 SCR.SMD updates
target-arm: Adjust id_aa64pfr0 when has_el3 CPU property disabled
target-arm: rename c1_coproc to cpacr_el1
target-arm: Check watchpoints against CPU security state
target-arm: Use attribute info to handle user-only watchpoints
target-arm: Add user-mode transaction attribute
target-arm: Use correct memory attributes for page table walks
target-arm: Honour NS bits in page tables
Switch non-CPU callers from ld/st*_phys to address_space_ld/st*
exec.c: Capture the memory attributes for a watchpoint hit
exec.c: Add new address_space_ld*/st* functions
exec.c: Make address_space_rw take transaction attributes
exec.c: Convert subpage memory ops to _with_attrs
Add MemTxAttrs to the IOTLB
Make CPU iotlb a structure rather than a plain hwaddr
memory: Replace io_mem_read/write with memory_region_dispatch_read/write
memory: Define API for MemoryRegionOps to take attrs and return status
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When CPU vendor is AMD, the AMD feature alias bits on
CPUID[0x80000001].EDX are already automatically copied from CPUID[1].EDX
on x86_cpu_realizefn(). When CPU vendor is Intel, those bits are
reserved and should be zero. On either case, those bits shouldn't be set
in the CPU model table.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
We already have "level" and "xlevel", only "xlevel2" is missing.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Static properties require only 1 line of code, much simpler than the
existing code that requires writing new getters/setters.
As a nice side-effect, this fixes an existing bug where the setters were
incorrectly allowing the properties to be changed after the CPU was
already realized.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Currently it is impossible to set an option in a config file to an empty
string, because the parser matches only lines containing non-empty
strings between double-quotes.
As sscanf() "[" conversion specifier only matches non-empty strings, add
a special case for empty strings.
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
"Odd Fixes" doesn't reflect the current status of target-i386. We have
people looking after it, now.
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
The "srat" and "numa" keywords will help get_maintainer.pl catch
NUMA-related code in other files too.
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
address_space_translate_internal will clamp the *plen length argument
based on the size of the memory region being queried. The iommu walker
logic in addresss_space_translate was ignoring this by discarding the
post fn call value of *plen. Fix by just always using *plen as the
length argument throughout the fn, removing the len local variable.
This fixes a bootloader bug when a single elf section spans multiple
QEMU memory regions.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1426570554-15940-1-git-send-email-peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When an I/O port is more than 1 byte long, ioport.c is currently
creating "short" regions, for example 0x1ce-0x1ce for the 16-bit
Bochs index port. When I/O ports are memory mapped, and thus
accessed via a subpage_ops memory region, subpage_accepts gets
confused because it finds a hole at 0x1cf and rejects the access.
In order to fix this, modify registration of the region to cover
the whole size of the I/O port. Attempts to access an invalid
port will be blocked by find_portio returning NULL.
This only affects the VBE DISPI regions. For all other cases,
the MemoryRegionPortio entries for 2- or 4-byte accesses overlap
an entry for 1-byte accesses, thus the size of the memory region
is not affected.
Reported-by: Zoltan Balaton <balaton@eik.bme.hu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Right now, ioport.c assumes that the entire range specified with
MemoryRegionPortio includes a region with size == 1. This however
is not true for the VBE DISPI ports, which are 16-bit only. The
next patch will make these regions' length equal to two, which can
cause the assertions to trigger. Replace them with simple conditionals.
Also, ioport.c will emulate a 16-bit ioport with two distinct reads
or writes, even if one of the two accesses is out of the bounds given
by the MemoryRegionPortio array. Do not do this anymore, instead
discard writes to the incorrect register and read it as all-ones.
This ensures that the mrp->read and mrp->write callbacks get an
in-range ioport number.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ioport.c has not been using an alias since commit b40acf9 (ioport:
Switch dispatching to memory core layer, 2013-06-24). Remove the
obsolete comment.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
IDE PIO data must be written, for example, at 0x1f0. You cannot
do word or dword writes to 0x1f1..0x1f3 to access the data register.
Adjust the ide_portio_list accordingly.
Cc: John Snow <jsnow@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Remove 16-bit reads/writes, since ioport.c is able to synthesize them.
Remove the two MIDI registers (0x300 and 0x301) from gus_portio_list1,
and add the second MIDI register (0x301) to gus_portio_list2.
Tested with Second Reality.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ioport.c is already able to split a 16-bit access into two 8-bit
accesses to consecutive ports. Tested with Epic Pinball.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
These were being incorrectly declared as MISC_SIZE (1 byte) rather than
4 bytes and 2 bytes respectively. As a result accesses clamped to the
real register size would unexpectedly fail.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1427987370-15897-1-git-send-email-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ram_addr_t is an internal interface, everyone should go through
MemoryRegion. Clean it up by making rom_add_blob return a
MemoryRegion* and using the new qemu_ram_resize infrastructure.
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If DMA's owning thread cancels the IO while the bounce buffer's owning thread
is notifying the "cpu client list", a use-after-free happens:
continue_after_map_failure dma_aio_cancel
------------------------------------------------------------------
aio_bh_new
qemu_bh_delete
qemu_bh_schedule (use after free)
Also, the old code doesn't run the bh in the right AioContext.
Fix both problems by passing a QEMUBH to cpu_register_map_client.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1426496617-10702-6-git-send-email-famz@redhat.com>
[Remove unnecessary forward declaration. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The caller's workflow is like
if (!address_space_map()) {
...
cpu_register_map_client();
}
If bounce buffer became available after address_space_map() but before
cpu_register_map_client(), the caller could miss it and has to wait for the
next bounce buffer notify, which may never happen in the worse case.
Just notify the list in cpu_register_map_client().
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-5-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
So that accesses from multiple threads are safe.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-4-git-send-email-famz@redhat.com>
[Remove #if from cpu_exec_init_all. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The function is a nop for user mode, so just remove them.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-3-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
There could be a race condition when two processes call
address_space_map concurrently and both want to use the bounce buffer.
Add an in_use flag in BounceBuffer to sync it.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-2-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Since commit
b7b5233a "bsd-user/mmap.c: Don't try to override g_malloc/g_free"
the exception we make here for usermode has been unnecessary.
Get rid of it.
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1428610053-26148-1-git-send-email-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The Spice protocol uses cursor position on hotspot: the client is
applying hotspot offset when drawing the cursor.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Denis Kirjanov is busy getting spice run on ppc64 and trapped into this
one. Spice wire format is little endian, so we have to explicitly say
we want little endian when letting pixman convert the data for us.
Reported-by: Denis Kirjanov <kirjanov@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Live migration with spice works like this today:
(1) client_migrate_info monitor cmd
(2) spice server notifies client, client connects to target host.
(3) qemu waits until spice client connect is finished.
(4) send over vmstate (i.e. main part of live migration).
(5) spice handover to target host.
(3) is implemented by making client_migrate_info a async monitor
command. This is the only async monitor command we have.
The original reason to implement this dance was that qemu did not accept
new tcp connections while the incoming migration was running, so (2) and
(4) could not be done in parallel. That issue was fixed long ago though.
Qemu version 1.3.0 (released Dec 2012) and newer happily accept tcp
connects while the incoming migration runs.
Time to drop step (3). This patch does exactly that, by making the
monitor command synchronous and removing the code needed to handle the
async monitor command in ui/spice-core.c
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
GTK2 sends the accel key to the guest when switching to the graphic
console via that shortcut. Resolve this by ignoring any keys until the
next key-release event. However, do not ignore keys when switching via
the menu or when on GTK3.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
At least on GTK2, the VTE terminal has to be specified as target of
gtk_widget_grab_focus. Otherwise, switching from one VTE terminal to
another causes the focus to get lost.
CC: John Snow <jsnow@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
[ kraxel: fixed build with CONFIG_VTE=n ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Updated scr_write to always allow updates to the SCR.SMD bit on ARMv8
regardless of whether virtualization (EL2) is enabled or not.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1429888797-4378-1-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Rename the field holding CPACR_EL1 system register state in AArch64
naming style.
Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
[PMM: also fixed a couple of missed occurrences in cpu.c]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fix a TODO in bp_wp_matches() now that we have a function for
testing whether the CPU is currently in Secure mode or not.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Now that we have memory access attribute information in the watchpoint
checking code, we can correctly implement handling of watchpoints
which should match only on userspace accesses, where LDRT/STRT/LDT/STT
from EL1 are treated as userspace accesses.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Add a transaction attribute indicating that a memory access is being
done from user-mode (unprivileged). This corresponds to an equivalent
signal in ARM AMBA buses.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Factor out the page table walk memory accesses into their own function,
so that we can specify the correct S/NS memory attributes for them.
This will also provide a place to use the correct endianness and
handle the need for a stage-2 translation when virtualization is
supported.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Honour the NS bit in ARM page tables:
* when adding entries to the TLB, include the Secure/NonSecure
transaction attribute
* set the NS bit in the PAR when doing ATS operations
Note that we don't yet correctly use the NSTable bit to
cause the page table walk itself to use the right attributes.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Switch all the uses of ld/st*_phys to address_space_ld/st*,
except for those cases where the address space is the CPU's
(ie cs->as). This was done with the following script which
generates a Coccinelle patch.
A few over-80-columns lines in the result were rewrapped by
hand where Coccinelle failed to do the wrapping automatically,
as well as one location where it didn't put a line-continuation
'\' when wrapping lines on a change made to a match inside
a macro definition.
===begin===
#!/bin/sh -e
# Usage:
# ./ldst-phys.spatch.sh > ldst-phys.spatch
# spatch -sp_file ldst-phys.spatch -dir . | sed -e '/^+/s/\t/ /g' > out.patch
# patch -p1 < out.patch
for FN in ub uw_le uw_be l_le l_be q_le q_be uw l q; do
cat <<EOF
@ cpu_matches_ld_${FN} @
expression E1,E2;
identifier as;
@@
ld${FN}_phys(E1->as,E2)
@ other_matches_ld_${FN} depends on !cpu_matches_ld_${FN} @
expression E1,E2;
@@
-ld${FN}_phys(E1,E2)
+address_space_ld${FN}(E1,E2, MEMTXATTRS_UNSPECIFIED, NULL)
EOF
done
for FN in b w_le w_be l_le l_be q_le q_be w l q; do
cat <<EOF
@ cpu_matches_st_${FN} @
expression E1,E2,E3;
identifier as;
@@
st${FN}_phys(E1->as,E2,E3)
@ other_matches_st_${FN} depends on !cpu_matches_st_${FN} @
expression E1,E2,E3;
@@
-st${FN}_phys(E1,E2,E3)
+address_space_st${FN}(E1,E2,E3, MEMTXATTRS_UNSPECIFIED, NULL)
EOF
done
===endit===
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Capture the memory attributes for the transaction which triggered
a watchpoint; this allows CPU specific code to implement features
like ARM's "user-mode only WPs also hit for LDRT/STRT accesses
made from privileged code". This change also correctly passes
through the memory attributes to the underlying device when
a watchpoint access doesn't hit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Add new address_space_ld*/st* functions which allow transaction
attributes and error reporting for basic load and stores. These
are named to be in line with the address_space_read/write/rw
buffer operations.
The existing ld/st*_phys functions are now wrappers around
the new functions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Make address_space_rw take transaction attributes, rather
than always using the 'unspecified' attributes.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Convert the subpage memory ops to _with_attrs; this will allow
us to pass the attributes through to the underlying access
functions. (Nothing uses the attributes yet.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Add a MemTxAttrs field to the IOTLB, and allow target-specific
code to set it via a new tlb_set_page_with_attrs() function;
pass the attributes through to the device when making IO accesses.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Make the CPU iotlb a structure rather than a plain hwaddr;
this will allow us to add transaction attributes to it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
