Commit Graph

19034 Commits

Author SHA1 Message Date
Peter Maydell
3d75007e01 mps2: Correctly set parent bus for SCC device
A cut-and-paste error meant that instead of setting the
qdev parent bus for the SCC device we were setting it
twice for the ARMv7M container device. Fix this bug.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1500634509-28011-1-git-send-email-peter.maydell@linaro.org
2017-07-24 17:59:28 +01:00
Peter Maydell
eda40cc168 fsl_imx*: Migrate ROM contents
The fsl-imx* boards accidentally forgot to register the ROM memory
regions for migration.  This used to require a manual step of calling
vmstate_register_ram(), but following commits
1cfe48c1ce21..b08199c6fbea194 we can use memory_region_init_rom() to
have it do the migration for us.

This is a migration break, but the migration code currently does not
handle the case of having two RAM regions which were not registered
for migration, and so prior to this commit a migration load would
always fail with:
  "qemu-system-arm: Length mismatch: 0x4000 in != 0x18000: Invalid argument"

NB: migration appears at this point to be broken for this board
anyway -- it succeeds but the destination hangs; probably some
device in the system does not yet support migration.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1500309775-18361-1-git-send-email-peter.maydell@linaro.org
2017-07-24 17:59:28 +01:00
Markus Armbruster
d2f95f4d48 qapi: Use QNull for a more regular visit_type_null()
Make visit_type_null() take an @obj argument like its buddies.  This
helps keep the next commit simple.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-24 13:35:11 +02:00
Alexey G
7fb394ad8a xen-mapcache: Fix the bug when overlapping emulated DMA operations may cause inconsistency in guest memory mappings
Under certain circumstances normal xen-mapcache functioning may be broken
by guest's actions. This may lead to either QEMU performing exit() due to
a caught bad pointer (and with QEMU process gone the guest domain simply
appears hung afterwards) or actual use of the incorrect pointer inside
QEMU address space -- a write to unmapped memory is possible. The bug is
hard to reproduce on a i440 machine as multiple DMA sources are required
(though it's possible in theory, using multiple emulated devices), but can
be reproduced somewhat easily on a Q35 machine using an emulated AHCI
controller -- each NCQ queue command slot may be used as an independent
DMA source ex. using READ FPDMA QUEUED command, so a single storage
device on the AHCI controller port will be enough to produce multiple DMAs
(up to 32). The detailed description of the issue follows.

Xen-mapcache provides an ability to map parts of a guest memory into
QEMU's own address space to work with.

There are two types of cache lookups:
 - translating a guest physical address into a pointer in QEMU's address
   space, mapping a part of guest domain memory if necessary (while trying
   to reduce a number of such (re)mappings to a minimum)
 - translating a QEMU's pointer back to its physical address in guest RAM

These lookups are managed via two linked-lists of structures.
MapCacheEntry is used for forward cache lookups, while MapCacheRev -- for
reverse lookups.

Every guest physical address is broken down into 2 parts:
    address_index  = phys_addr >> MCACHE_BUCKET_SHIFT;
    address_offset = phys_addr & (MCACHE_BUCKET_SIZE - 1);

MCACHE_BUCKET_SHIFT depends on a system (32/64) and is equal to 20 for
a 64-bit system (which assumed for the further description). Basically,
this means that we deal with 1 MB chunks and offsets within those 1 MB
chunks. All mappings are created with 1MB-granularity, i.e. 1MB/2MB/3MB
etc. Most DMA transfers typically are less than 1MB, however, if the
transfer crosses any 1MB border(s) - than a nearest larger mapping size
will be used, so ex. a 512-byte DMA transfer with the start address
700FFF80h will actually require a 2MB range.

Current implementation assumes that MapCacheEntries are unique for a given
address_index and size pair and that a single MapCacheEntry may be reused
by multiple requests -- in this case the 'lock' field will be larger than
1. On other hand, each requested guest physical address (with 'lock' flag)
is described by each own MapCacheRev. So there may be multiple MapCacheRev
entries corresponding to a single MapCacheEntry. The xen-mapcache code
uses MapCacheRev entries to retrieve the address_index & size pair which
in turn used to find a related MapCacheEntry. The 'lock' field within
a MapCacheEntry structure is actually a reference counter which shows
a number of corresponding MapCacheRev entries.

The bug lies in ability for the guest to indirectly manipulate with the
xen-mapcache MapCacheEntries list via a special sequence of DMA
operations, typically for storage devices. In order to trigger the bug,
guest needs to issue DMA operations in specific order and timing.
Although xen-mapcache is protected by the mutex lock -- this doesn't help
in this case, as the bug is not due to a race condition.

Suppose we have 3 DMA transfers, namely A, B and C, where
- transfer A crosses 1MB border and thus uses a 2MB mapping
- transfers B and C are normal transfers within 1MB range
- and all 3 transfers belong to the same address_index

In this case, if all these transfers are to be executed one-by-one
(without overlaps), no special treatment necessary -- each transfer's
mapping lock will be set and then cleared on unmap before starting
the next transfer.
The situation changes when DMA transfers overlap in time, ex. like this:

  |===== transfer A (2MB) =====|

              |===== transfer B (1MB) =====|

                          |===== transfer C (1MB) =====|
 time --->

In this situation the following sequence of actions happens:

1. transfer A creates a mapping to 2MB area (lock=1)
2. transfer B (1MB) tries to find available mapping but cannot find one
   because transfer A is still in progress, and it has 2MB size + non-zero
   lock. So transfer B creates another mapping -- same address_index,
   but 1MB size.
3. transfer A completes, making 1st mapping entry available by setting its
   lock to 0
4. transfer C starts and tries to find available mapping entry and sees
   that 1st entry has lock=0, so it uses this entry but remaps the mapping
   to a 1MB size
5. transfer B completes and by this time
  - there are two locked entries in the MapCacheEntry list with the SAME
    values for both address_index and size
  - the entry for transfer B actually resides farther in list while
    transfer C's entry is first
6. xen_ram_addr_from_mapcache() for transfer B gets correct address_index
   and size pair from corresponding MapCacheRev entry, but then it starts
   looking for MapCacheEntry with these values and finds the first entry
   -- which belongs to transfer C.

At this point there may be following possible (bad) consequences:

1. xen_ram_addr_from_mapcache() will use a wrong entry->vaddr_base value
   in this statement:

   raddr = (reventry->paddr_index << MCACHE_BUCKET_SHIFT) +
       ((unsigned long) ptr - (unsigned long) entry->vaddr_base);

resulting in an incorrent raddr value returned from the function. The
(ptr - entry->vaddr_base) expression may produce both positive and negative
numbers and its actual value may differ greatly as there are many
map/unmap operations take place. If the value will be beyond guest RAM
limits then a "Bad RAM offset" error will be triggered and logged,
followed by exit() in QEMU.

2. If raddr value won't exceed guest RAM boundaries, the same sequence
of actions will be performed for xen_invalidate_map_cache_entry() on DMA
unmap, resulting in a wrong MapCacheEntry being unmapped while DMA
operation which uses it is still active. The above example must
be extended by one more DMA transfer in order to allow unmapping as the
first mapping in the list is sort of resident.

The patch modifies the behavior in which MapCacheEntry's are added to the
list, avoiding duplicates.

Signed-off-by: Alexey Gerasimenko <x1917x@gmail.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
2017-07-21 17:37:06 -07:00
Igor Druzhinin
9e6bdb92c8 xen: fix compilation on 32-bit hosts
Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
2017-07-21 17:32:56 -07:00
Peter Maydell
95a5befc2f Use qemu_tolower() and qemu_toupper(), not tolower() and toupper()
On NetBSD, where tolower() and toupper() are implemented using an
array lookup, the compiler warns if you pass a plain 'char'
to these functions:

gdbstub.c:914:13: warning: array subscript has type 'char'

This reflects the fact that toupper() and tolower() give
undefined behaviour if they are passed a value that isn't
a valid 'unsigned char' or EOF.

We have qemu_tolower() and qemu_toupper() to avoid this problem;
use them.

(The use in scsi-generic.c does not trigger the warning because
it passes a uint8_t; we switch it anyway, for consistency.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> for the s390 part.
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Message-id: 1500568290-7966-1-git-send-email-peter.maydell@linaro.org
2017-07-21 10:32:41 +01:00
Peter Maydell
4439e1f156 usb: Fix build with newer gcc
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZcG2HAAoJEEy22O7T6HE42ncP/0fyFYSYioElUh7gCfVV68dq
 yOmPYdZLZv9v4p7rFpn1/hFMt3RMUHELXL1OTkj0af4FmKyH8Q9RQ/3wRKCIVxaH
 9GMkldWiTkfdD5nFAmz87P5oTA8ztrt6iAMc7gm0zZ0kES7wl1CvSGQTJRMh5A4q
 eDM6kkXUp9PzbUuJ3XPXP4wy81CGsu4ViOanjh+kvGbQJZicZKa4ai+K8aHVAUBC
 CZOjmeMp6LV/RVJLnmbmJgFi+1HQ0EukQHioUBcIzeiab037VD7MwqDZSNPAZnqD
 94nW3CU1xD8MDYR3Hg3Dvu6PQ+emvZS+fzc6T6wcbMED6e4/TjNXkskFqh4m1zUi
 eZtaQKrsvpBoEXtrytXZ+y3OX6ppHogF5V2jobMmidrQcPPVhz0wzoWzkj6V28TL
 z9txMEWiOCZ1qAZEaMt1aIGcR9jXprEKhpf/OB0b4Xx9m0e0ewnU2AKKph/lDX7d
 r5sxiWc6Ta8WlkQTU4hD4nESblJk1N1/bosHpBsOGPuNAQcPAqguZoBZ6Fuv1LI5
 3FC7ukg9lOX5xfzfoI5pzEKzIeozpjwqOEDpJly8U9J/VCEh06m8yCNTHqGZOVYr
 GhBULY8VQqDRuvccI4lIB2SfavXbk5j3bHba2AnPiieGRPZQ28btsZ/gyhpjGccm
 dt8pW7pZf2/gsaUtldMK
 =In3i
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20170720-pull-request' into staging

usb: Fix build with newer gcc

# gpg: Signature made Thu 20 Jul 2017 09:44:55 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20170720-pull-request:
  usb: Fix build with newer gcc

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-20 17:52:48 +01:00
Peter Maydell
ab7a75b553 configure: Rename CONFIG_IVSHMEM to CONFIG_IVSHMEM_DEVICE
The current CONFIG_IVSHMEM is confusing, because it looks like it's a
flag for "do we have ivshmem support?", but actually it's a flag for
"is the ivshmem PCI device being compiled?" (and implicitly "do we
have ivshmem support?" is tested with CONFIG_EVENTFD).

Rename it to CONFIG_IVSHMEM_DEVICE to clear this confusion up;
shortly we will add a new CONFIG_IVSHMEM which really does indicate
whether the host can support ivshmem.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1500021225-4118-2-git-send-email-peter.maydell@linaro.org
2017-07-20 14:56:20 +01:00
Eric Blake
121829cb21 usb: Fix build with newer gcc
gcc 7 is pickier about our sources:

hw/usb/bus.c: In function ‘usb_port_location’:
hw/usb/bus.c:410:66: error: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size between 0 and 15 [-Werror=format-truncation=]
         snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
                                                                  ^~
hw/usb/bus.c:410:9: note: ‘snprintf’ output between 3 and 28 bytes into a destination of size 16
         snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  upstream->path, portnr);
                  ~~~~~~~~~~~~~~~~~~~~~~~

But we know that there are at most 5 levels of USB hubs, with at
most two digits per level; that plus the separating dots means we
use at most 15 bytes (including trailing NUL) of our 16-byte field.
Adding an assertion to show gcc that we checked for truncation is
enough to shut up the false-positive warning.

Inspired by an idea by Dr. David Alan Gilbert <dgilbert@redhat.com>.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170717151334.17954-1-eblake@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-07-20 10:02:11 +02:00
Peter Maydell
824dbfb45d Queued target/alpha patches
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJZbuNPAAoJEK0ScMxN0Ceb9/IH/RDqPqqb1MPqbOxh6lyXITdS
 Bej2OwjpQUrlPm1k1ardmn6kTW1NltriVsMn73zCijRZR6oRL+OBUeAlgkM0syI9
 K4yuASJB9BJN+zZ5axKxtw3U5J69B57J57I4U83atwHw5Ds0EpY145hu90z19jQe
 T3agzUV4nFdcWgQNajKN6PChcycmgoNekQhg2MnGajAEb0vgLX2AoUEG3dzYWS9v
 VA4cLnRKKI2/c4HTcdLQNwZFAX8IoGAVM5O+TiHLbPkJL/vI1EmC2W9jd2fQmVS+
 07HQsntAyinAuV0exJRQOyLMEJB0K6kISPCGg3OmsWUSaTzkUrsPIVwpF+IVWC8=
 =uF7I
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-axp-20170718' into staging

Queued target/alpha patches

# gpg: Signature made Wed 19 Jul 2017 05:42:55 BST
# gpg:                using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC  16A4 AD12 70CC 4DD0 279B

* remotes/rth/tags/pull-axp-20170718:
  target/alpha: Log temp leaks
  target/alpha: Fix temp leak in gen_fbcond
  target/alpha: Fix temp leak in gen_call_pal
  target/alpha: Fix temp leak in gen_mtpr
  target/alpha: Fix temp leak in gen_bcond
  target/alpha: Merge several flag bytes into ENV->FLAGS
  target/alpha: Copy tb->flags into DisasContext
  target/alpha: Remove amask from tb->flags

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-19 17:51:36 +01:00
Peter Maydell
b3e46a8914 Xen 2017/07/18
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJZbokoAAoJEIlPj0hw4a6QgloP/jc9tVFrPjTDezDyPmXR4ls8
 U/kvz5RCn2bu4y8h6U+FHK4BZ7DR1Ccd3Uq1qqDbnlyfcvJeISqqkN2RrnwUQEgV
 XMCEr+okQyiQV4H/MLvmUWtPHpHt3gSEBdoRdGHnkzA2dC/YsJ1F/khKgCh8wqWS
 GTeACabyDTb9L/QFdh//o7GtcI6qv/APGJ/rVVFrrVktp+lZuIZCGZ3hbJ8lopoI
 FSXuM7caVgIlNzP/6RmCoP91ibREPfbfL/yqgv0cW7kiOWVXWwriz6Mi/J2AzmCo
 jqgDqRzkLZPAl1WdZM7MosQIiY7ZlAGhpS9ArK5P4Kv7H6TYV7mkbiSap8SmjnZH
 NvSRLxgT3JjTE5evSodfaaQpjiX0KGaZX0JmpqXYPqOBSYal2lDUNFSokbeucp7w
 y3dBZGY0/9om+G34QzZNvPisYJ2F4Yr5DvCtue8hmkvLSw+z3251555wKQvc6TNx
 wob2h8b8h+YsfhvnSrN1R8w3OL69kGFlMz9PWEgB4opVacZqph/XsMKLARXCg+FD
 83kCuJnV/WAannHpvQA8k4HO6GiKGtrulh6vv1QOlCJQokcK1mZt7Atot+cPcGU2
 UTyhSaOv4sy07lPYzvv0B4MUHNObN/v/OoDygrf7WjCDKigH+RpsVruwAqFakoCB
 09+PtQ26X2Vup+YtW5bG
 =qPq6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20170718-tag' into staging

Xen 2017/07/18

# gpg: Signature made Tue 18 Jul 2017 23:18:16 BST
# gpg:                using RSA key 0x894F8F4870E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"
# gpg:                 aka "Stefano Stabellini <sstabellini@kernel.org>"
# Primary key fingerprint: D04E 33AB A51F 67BA 07D3  0AEA 894F 8F48 70E1 AE90

* remotes/sstabellini/tags/xen-20170718-tag:
  xen: don't use xenstore to save/restore physmap anymore
  xen/mapcache: introduce xen_replace_cache_entry()
  xen/mapcache: add an ability to create dummy mappings
  xen: move physmap saving into a separate function
  xen-platform: separate unplugging of NVMe disks
  xen_pt_msi.c: Check for xen_host_pci_get_* failures in xen_pt_msix_init()
  hw/xen: Set emu_mask for igd_opregion register

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-19 16:31:08 +01:00
Peter Maydell
6d60e295ef -----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJZbjMbAAoJEH3vgQaq/DkOzHkQAI8GkOJH2lsuz17d3mKQwP3h
 7lT5fR8CIoh4AKnr/hPie1hTJgXkx2zWIVOshmlFWwjJIryP61U+/3g5maZvdZMD
 oubFe2xw60X6KQI945jyK2f500kQmUHfA71fZDuj0wfcLyJ/Ue7EVnv9E2ku/3cP
 yK9bq5Letjuz4B7jiuGb5Ny2qjdUutc5nuR1rvYqjN39dmrAnZyNmIb/Xcb94a1o
 wr3XZF0EY9bq57KnNvP7SKvAN7PYdb28akCU00N3Ti8sCQLYFxaKMdo1eR2DawY2
 1K8SQugq8j02ByYfvKEjrBKkQIw3iiklW5hOT9yX6xspUMz6oDlKuQAOC1fXYtJ4
 eYwgWqbvdhNMfSgMFyFkVqv8BwbeXWVM9EkrBDlXR3qNKa/SuC9Lr/NSobnYoTfV
 Q9HMDoWlzui1rhvj2gcfmuH2l07e/X8/dPrcLq5Hhk941XL9kYN1d+DcbTCsYzad
 zn+SFWk+gjW7rWQPO9RV0b+SlypLfeEXaJL8ZvspalZMoGiDYwVImcBokLFY3JMA
 IKA+5EoLt0aG4IP8h6lzj1U6gR6dir1+SzLRQzkK4NCYKnv1DVV0pY7E0dSY7ZBR
 m55auer2uR3Pq+rY9WaIY2MYyKDmYzVZMhg96wLlHknTVuYD8ucL8/lrPzcb5597
 wdTDNuvXv6FJZH8/o0vK
 =9MnE
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Tue 18 Jul 2017 17:11:07 BST
# gpg:                using RSA key 0x7DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/ide-pull-request:
  tests/ahci-test: Be mean with RAM
  ahci: split public and private interface
  ahci: Isolate public AHCI interface
  ahci: add ahci_get_num_ports

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-19 13:43:58 +01:00
Peter Maydell
988879b66e migration/next for 20170718
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJZbiu1AAoJEPSH7xhYctcjIzgP/RvewJbZbofe7kEiQDrueWp2
 Jod3YFPhzoc+UgwzkKM0GFbCeyuyoC+b/mXiJrUcVcnrnKpF+hN/uPK7MjvCBfmb
 wkY1BX6dhYch48YzBWZHXL6y/PkS0rW2Nt7blDl6h0zr0xdIe85MPr1Z9vIkDYbI
 dTf5Mrw9axseoAi3ydZNh5pSkLmbVjNbh1S3y89XS0eZwExliBILKBOqt/liuQxd
 y1FDtliB7GWFq1Ykg2+lZgPcdiPZv1zRkH6n8jbpRLTXGYRx5OyA+FZOQiPV52wf
 leWB38NqyBkFJ9+mdcrA0x6FpVSLJLqKuZcnLVvN7fvvNF6EiB0ozRPVQpa3rSvs
 h339Ouk4GsdmRobhMrptpsPSxM+6c9bhvT2fCBZ6slwbxEdqEYk3+Xm5VGQkiOQ/
 l4a1fHLdwuIKXMGI8zTao+UW/3JZaU/BaOONyO0BJY+I/tde559eJWVHi1wMDJWV
 DOg22PF5Ux1tnr4+MbjXABCr9lUafQxGacVfNFLh0z2/GLe3Vvx7dBgvPZFIMS3W
 YPc/AqOvM2Rlwvi8jlsVM29lTGl9/YjB9EH99M1l30M0RNifcSLxJJoDBhKtB/d2
 CctmTS0b+/jDSwf2BiniqLNpLt33QdY7so9LFnsQWTq4whYxPKLjcivTPHX+mQjy
 Uys+Hyhhps81I2zbBHtx
 =75E9
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20170718' into staging

migration/next for 20170718

# gpg: Signature made Tue 18 Jul 2017 16:39:33 BST
# gpg:                using RSA key 0xF487EF185872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>"
# gpg:                 aka "Juan Quintela <quintela@trasno.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 1899 FF8E DEBF 58CC EE03  4B82 F487 EF18 5872 D723

* remotes/juanquintela/tags/migration/20170718:
  migration: check global caps for validity
  migration: provide migrate_cap_add()
  migration: provide migrate_caps_check()
  migration: remove check against colo support
  migration: check global params for validity
  migration: provide migrate_params_apply()
  migration: introduce migrate_params_check()
  migration: export capabilities to props
  migration: export parameters to props
  qdev: provide DEFINE_PROP_INT64()
  migration/rdma: Send error during cancelling
  migration/rdma: Safely convert control types
  migration/rdma: Allow cancelling while waiting for wrid
  migration/rdma: fix qemu_rdma_block_for_wrid error paths
  migration: Close file on failed migration load
  migration/rdma: Fix race on source

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-19 12:30:41 +01:00
Peter Maydell
f1a46e8885 Block layer patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZbg1XAAoJEH8JsnLIjy/Wdj8QAJm5SE8cOwonEDRd9AV5n0Eg
 xoHLFEEKjqBJ8oDHHn7huVbNdHN693vM2ro2Exxx8ZCTSdIkvSeVmEOrzb76sWOe
 QRbCTWUKbMD6wjCNF5tqPsvmk+ZkHMqYhyVcRAaIpd+IcEECA16ot/fhRa6Ec/bk
 8GHzDSxkVq5wFgoEJ09hGEE7GY2uGdV1HEJK7xq+Vittx8LV3QMnlH4KvZ9VzYfe
 BnNsmK5vMNlsHTfWfQXsB+sxb+aGGr5v45e4XfctTxGx08ajMC50WnYZUezySERJ
 TXimHOiJNHMpapfU7focLuapwMm6AxpQAh5QzxTBgaqW7eeX3P16DWx4m/WfRL7v
 AuyM4U3TdH0vYZPGlQ5pAlScmeZh+GRBRiDkJf/04q7hH2Hgt85+8gyef7FF/Qta
 KT49tBr64eA89ZUDVFBCkukyYWKWTDSNrGJjB6gMqh7cI6gI55uLdXB/nF4vCgJu
 YfYTdaF/1GJm22HtAg3O5fctRDh14rkBgi5jPhifaT7pP0zZm0JBxGlpXUWkg3RA
 NIhZ2fJ2/FasS7/5IsUjJbYuI52CTLmNXQIRt/ZHekzQkgk1VPrnJls0ibCdG8NF
 4z90uIG7bUuEIjZWKogB+gyH9MMtG3qlfZ0RjmXq2FfWCNhBmfezcGOx+Jnf+XDb
 IMPzzwu77XVcduj4XxKL
 =2c6k
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches

# gpg: Signature made Tue 18 Jul 2017 14:29:59 BST
# gpg:                using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream: (21 commits)
  qemu-img: Check for backing image if specified during create
  blockdev: move BDRV_O_NO_BACKING option forward
  block/vvfat: Fix compiler warning with gcc 7
  vvfat: initialize memory after allocating it
  vvfat: correctly parse non-ASCII short and long file names
  vvfat: add a constant for bootsector name
  vvfat: add constants for special values of name[0]
  qemu-iotests: Test unplug of -device without drive
  qemu-iotests: Test 'info block'
  scsi-disk: bdrv_attach_dev() for empty CD-ROM
  ide: bdrv_attach_dev() for empty CD-ROM
  block: List anonymous device BBs in query-block
  block/qapi: Use blk_all_next() for query-block
  block: Make blk_all_next() public
  block/qapi: Add qdev device name to query-block
  block: Make blk_get_attached_dev_id() public
  block/vpc.c: Handle write failures in get_image_offset()
  block/vmdk: Report failures in vmdk_read_cid()
  block: remove timer canceling in throttle_config()
  block: add clock_type field to ThrottleGroup
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-19 10:48:31 +01:00
Richard Henderson
bcd2625da5 target/alpha: Merge several flag bytes into ENV->FLAGS
The flags are arranged such that we can manipulate them either
a whole, or as individual bytes.  The computation within
cpu_get_tb_cpu_state is now reduced to a single load and mask.

Tested-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-18 18:41:52 -10:00
Igor Druzhinin
331b5189d7 xen: don't use xenstore to save/restore physmap anymore
If we have a system with xenforeignmemory_map2() implemented
we don't need to save/restore physmap on suspend/restore
anymore. In case we resume a VM without physmap - try to
recreate the physmap during memory region restore phase and
remap map cache entries accordingly. The old code is left
for compatibility reasons.

Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
2017-07-18 14:16:52 -07:00
Igor Druzhinin
5ba3d75645 xen/mapcache: introduce xen_replace_cache_entry()
This new call is trying to update a requested map cache entry
according to the changes in the physmap. The call is searching
for the entry, unmaps it and maps again at the same place using
a new guest address. If the mapping is dummy this call will
make it real.

This function makes use of a new xenforeignmemory_map2() call
with an extended interface that was recently introduced in
libxenforeignmemory [1].

[1] https://www.mail-archive.com/xen-devel@lists.xen.org/msg113007.html

Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
2017-07-18 14:16:09 -07:00
Igor Druzhinin
759235653d xen/mapcache: add an ability to create dummy mappings
Dummys are simple anonymous mappings that are placed instead
of regular foreign mappings in certain situations when we need
to postpone the actual mapping but still have to give a
memory region to QEMU to play with.

This is planned to be used for restore on Xen.

Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
2017-07-18 14:12:20 -07:00
Igor Druzhinin
697b66d006 xen: move physmap saving into a separate function
Non-functional change.

Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
2017-07-18 14:12:19 -07:00
Stefano Stabellini
04d6da4ff6 xen-platform: separate unplugging of NVMe disks
Commit 090fa1c8 "add support for unplugging NVMe disks..." extended the
existing disk unplug flag to cover NVMe disks as well as IDE and SCSI.

The recent thread on the xen-devel mailing list [1] has highlighted that
this is not desirable behaviour: PV frontends should be able to distinguish
NVMe disks from other types of disk and should have separate control over
whether they are unplugged.

This patch defines a new bit in the unplug mask for this purpose (see Xen
commit [2]) and also tidies up the definitions of, and improves the
comments regarding, the previously exiting bits in the protocol.

[1] https://lists.xen.org/archives/html/xen-devel/2017-03/msg02924.html
[2] http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=1096aa02

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
2017-07-18 14:12:06 -07:00
Peter Maydell
64c7c1175b xen_pt_msi.c: Check for xen_host_pci_get_* failures in xen_pt_msix_init()
Check the return status of the xen_host_pci_get_* functions we call in
xen_pt_msix_init(), and fail device init if the reads failed rather than
ploughing ahead. (Spotted by Coverity: CID 777338.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
2017-07-18 13:27:04 -07:00
Xiong Zhang
a19bae42e3 hw/xen: Set emu_mask for igd_opregion register
In igd passthrough environment, guest could only access opregion at the
first bootup time. Once guest shutdown, later guest couldn't access
opregion anymore.
This is because qemu set emulated guest opregion base address to host
register. Later guest get a wrong host opregion base address, and couldn't
access it anymore.

This patch set emu_mask for igd_opregion register, so guest won't set
guest opregion base address to host.

Signed-off-by: Xiong Zhang <xiong.y.zhang@intel.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
2017-07-18 13:26:35 -07:00
John Snow
70e2337030 ahci: split public and private interface
Complete the split by renaming ahci_public.h --> ahci.h and
moving the current ahci.h to hw/ide/ahci_internal.h.

Adjust ahci_internal.h to now load ahci.h instead of ahci_public.h.

Finalize the split by switching external users to the new header.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170623220926.11479-4-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2017-07-18 11:47:57 -04:00
John Snow
bbe3179a13 ahci: add ahci_get_num_ports
Instead of reaching into the PCI state, allow the AHCIDevice to
respond with how many ports it has.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170623220926.11479-2-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2017-07-18 11:47:56 -04:00
Peter Maydell
9d836fc552 VFIO fixes 2017-07-17
- Init re-order to better support hot-add on SPAR (Alexey Kardashevskiy)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJZbR79AAoJECObm247sIsiIIEQAKPUWHWIpI+SNflxVg82U1Mi
 SIvfAAXpHTojCLlZlXJMgWtiAXQ9ciMvTXy/NQkrhTMRpna/2iC3Iu0N8xjN61Nk
 1Zlf7RlB5QCTuKCY1ven1bX9hQ59Kws9tbd2G2eGUKW/gSAxH1BVrHjPJxjvfIJC
 gGwEurCeYz15tgXeIR8tftI9SuqqL0h7nLP8NPH90Jam6DgcHGVfn7gFIEuuX8Yj
 m3erYv5KPw+o+QvQPOQ9GebyZB7CjPqDGxX//TMPtnEfxZmAE5QpwexwQpUrIN0X
 lxRmcPHeX/2tx2vlqmRJhR4QjUKVrQUJXOqstwZ5UlsNkbeX6EOx6Pkp2TDNajVh
 iVsEan5+TqtOoquJGhAvy02ub+5tWP9hZB4oJXb9E7eqUoy/SMZFra+3fmQyj17K
 buCOeEX9cbsF8rZU1Fp+1grEA/IZwTjVDB+XFn1L/JgIsd41obATMwnI5WXxUmB1
 DsnB/kGQrX+CX0cmQgOMHXtJex9PnHwh1Gf/tyN6bGZkdZBGaYz0GCV6zqvboVdG
 Vg7rfNOGpQdAFkw2IPfPn6PX2C8TBQ+wAW0B3eY7zmESkIwCUyJx72g3IJKfTd7v
 0DBVIiAaN2YJIlM1f7gvhOypZb2s2nF735ZYmFclEweOlBiF9NIg1sjxYez78iTU
 B1KDk2SAHwuwet80kl1t
 =Mu8i
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20170717.0' into staging

VFIO fixes 2017-07-17

 - Init re-order to better support hot-add on SPAR (Alexey Kardashevskiy)

# gpg: Signature made Mon 17 Jul 2017 21:33:01 BST
# gpg:                using RSA key 0x239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* remotes/awilliam/tags/vfio-updates-20170717.0:
  vfio-pci, ppc64/spapr: Reorder group-to-container attaching

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-18 16:43:47 +01:00
Peter Xu
07d1d063d3 qdev: provide DEFINE_PROP_INT64()
We have nearly all the stuff, but this one is missing. Add it in.

Am going to use this new helper for MigrationParameters fields, since
most of them are int64_t.

CC: Markus Armbruster <armbru@redhat.com>
CC: Eduardo Habkost <ehabkost@redhat.com>
CC: Marc-André Lureau <marcandre.lureau@redhat.com>
CC: Peter Xu <peterx@redhat.com>
CC: Juan Quintela <quintela@redhat.com>
CC: Marcel Apfelbaum <marcel@redhat.com>
CC: Eric Blake <eblake@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1500349150-13240-2-git-send-email-peterx@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-07-18 17:36:19 +02:00
Peter Maydell
368e708b4c x86 and machine queue, 2017-07-17
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJZbQX2AAoJECgHk2+YTcWmVVgP/jJ+ctRt2PL8KMZQffcF8j+G
 ij5ZVa6C/8dwA+KwYa9HEVVPe/R7SyGw51BQidk/5u5L/w+ROx9teH/KX6phG1q1
 Zq8BxL1lIlSElneUEULm+tsxc+CDhXoH45XU8/7252VnzHN8w4B/og86osWwjtYA
 ShBNM6uhFTGrCl7fwrQldw3b33dznUpp4oI8lmLKFgyeUb6gjNk5ws1wDyPsO6ns
 pBYAoKvrdz6mJ/LCxufmHcexd7BMUoPmvp8SKqViK3ZrBFs0R0Ys6FFc0SIUuKzd
 Vc0FOTQPVnMfqi6EhzK6XW0I2odZ4n7MukoRnEYCU37WwYB0cpA+aVZuw/ZUj/cP
 sXrwi8O2QCSXUIa5ZQ/yBOsA6ZYkD90rALQEsJgzDiHqSG77tKkG8lZtEaAdPuFl
 eVTME0c7khA0aO9PXORAUqfJ8Av9+S8fWJ80A6duGkCxokqO0edLGAVFIFF5P1v7
 4DtvV45U3q0FQ/L21L08TlgXW0tlpOIEwc3UFeDoo+c+kZRkIlWhca47OLWozyus
 N24ku4cDZVmNYCJbKBWX6CECP7EfN8cFwVR7dCy22p1mwPWdQyQxx0pz3LQVJIab
 ccmluZmPX9zqQj/ecKMWY5GMvLw51c5hkP7r5hPwSHgMBNkt0uF2C4aZYBk/n6A1
 hj+EEKcaUJCnqO3EW5La
 =Vt6Z
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-and-machine-pull-request' into staging

x86 and machine queue, 2017-07-17

# gpg: Signature made Mon 17 Jul 2017 19:46:14 BST
# gpg:                using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-and-machine-pull-request:
  qmp: Include parent type on 'qom-list-types' output
  qmp: Include 'abstract' field on 'qom-list-types' output
  tests: Simplify abstract-interfaces check with a helper
  i386: add Skylake-Server cpu model
  i386: Update comment about XSAVES on Skylake-Client
  i386: expose "TCGTCGTCGTCG" in the 0x40000000 CPUID leaf
  fw_cfg: move QOM type defines and fw_cfg types into fw_cfg.h
  fw_cfg: move qdev_init_nofail() from fw_cfg_init1() to callers
  fw_cfg: switch fw_cfg_find() to locate the fw_cfg device by type rather than path
  qom: Fix ambiguous path detection when ambiguous=NULL
  Revert "machine: Convert abstract typename on compat_props to subclass names"
  test-qdev-global-props: Test global property ordering
  qdev: fix the order compat and global properties are applied
  tests: Test case for object_resolve_path*()
  device-crash-test: Fix regexp on whitelist

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-18 15:24:11 +01:00
Kevin Wolf
83b4fe0ed5 scsi-disk: bdrv_attach_dev() for empty CD-ROM
If no drive=... option is passed (for an empty drive), we don't only
lack the BlockBackend normally created by parse_drive(), but we also
need to manually call blk_attach_dev().

This fixes at least a segfault when unplugging such devices, the bug
that they didn't show up in query-block, and probably some more
problems.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
2017-07-18 15:14:36 +02:00
Kevin Wolf
947231ad3b ide: bdrv_attach_dev() for empty CD-ROM
If no drive=... option is passed (for an empty drive), we don't only
lack the BlockBackend normally created by parse_drive(), but we also
need to manually call blk_attach_dev().

IDE does not support hot unplug, but if it did, qdev would take care to
call the matching blk_detach_dev() on unplug.

This fixes at least the bug that such devices didn't show up in
query-block, and probably some more problems.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
2017-07-18 15:14:36 +02:00
Peter Maydell
6c4591566d target-arm queue:
* new model of the ARM MPS2/MPS2+ FPGA based development board
  * clean up DISAS_* exit conditions and fix various regressions
    since commits e75449a346 8a6b28c7b5 (in particular including
    ones which broke OP-TEE guests)
  * make Cortex-M3 and M4 correctly default to 8 PMSA regions
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJZbLEBAAoJEDwlJe0UNgzeTqsP/06M2a/rswUKjIGAsXv+TeTl
 5N31g9E6Jr57HXK94Q0XtNkLlPwvIn97Dcv6VKg5+E8OgJx7ozldwZVFghWvMbOA
 mbaikzgTRRUf6ydNTA4DtWYZPkaLNT86Vmb2T1GKS0nmw2ymd+hMLNk5vZd1jhDv
 krHxwECI5e+u1INpw7erlQ2mqVP1NjvOuMNtjdAgtJ5tnjFRfQaVedePmr5qOuIK
 xkYMKMNtled/KS0gP4TaSu5S012iYhzrpKISN/g4WHT/8kllr+iEowNAOJSJ6l38
 oaBJJJCsLwnnV1nRClp4NNQv0Q/RXyIex5mPkeWERk4QU9adSDHnYJR7xn7JEyzV
 l9o+av28bXA7l3C8BOi3ahSGh5cDu+hif0Biml/Kke7e4+1Lp3/QWSQ+p/E5PDDq
 rhk65cg07PxSHeogN8hgu+RYN0gF3WBKASwUIDAkVdBsLlH8LVmoT5DtllL+6PyY
 cwCp3nWeu0q2YDxGOfCZrUC4YJMl8hqHoWbdVah8vLKV/w/JVUtVEIol0za50dzG
 ii6wOLqzV8GH0vkVa5x0InlH+t+/LtDRVkgHUT3/64eEEG+SsK/GmZeEtvcmp7GP
 7Qx+Dd7hPgh+uis0XZPz37vqyCYhaFNw1+M9EESlQKUKfdY8B5B5bpXVDOBF+0Zl
 daOoMw8xBd21DXNk9tCk
 =gVxi
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20170717' into staging

target-arm queue:
 * new model of the ARM MPS2/MPS2+ FPGA based development board
 * clean up DISAS_* exit conditions and fix various regressions
   since commits e75449a346 8a6b28c7b5 (in particular including
   ones which broke OP-TEE guests)
 * make Cortex-M3 and M4 correctly default to 8 PMSA regions

# gpg: Signature made Mon 17 Jul 2017 13:43:45 BST
# gpg:                using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20170717:
  MAINTAINERS: Add entries for MPS2 board
  hw/arm/mps2: Add ethernet
  hw/arm/mps2: Add SCC
  hw/misc/mps2_scc: Implement MPS2 Serial Communication Controller
  hw/arm/mps2: Add timers
  hw/char/cmsdk-apb-timer: Implement CMSDK APB timer device
  hw/arm/mps2: Add UARTs
  hw/char/cmsdk-apb-uart.c: Implement CMSDK APB UART
  hw/arm/mps2: Implement skeleton mps2-an385 and mps2-an511 board models
  target/arm: use DISAS_EXIT for eret handling
  target/arm: use gen_goto_tb for ISB handling
  target/arm/translate: ensure gen_goto_tb sets exit flags
  target/arm/translate.h: expand comment on DISAS_EXIT
  target/arm/translate: make DISAS_UPDATE match declared semantics
  include/exec/exec-all: document common exit conditions
  target/arm: Make Cortex-M3 and M4 default to 8 PMSA regions
  qdev: support properties which don't set a default value
  qdev-properties.h: Explicitly set the default value for arraylen properties

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-18 10:35:06 +01:00
Peter Maydell
a778cd5610 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJZbKrNAAoJEO8Ells5jWIRzWkH/0GgEkT5XqSPR8gTixxR5+aT
 1+LvlqI861/oR3aZ/1+6nzbFF4RBHO0TJb9v8HovfaOMU/tjaVMOGOD98+rqToa7
 2P2BTQo5jfsQhzGj2GBWnjpTqYunUjXdT0jjZAdERGqrNjoFOGhAjFXPvTKL23d5
 haDgRQgTh2z4w+rvuHNQ79S8tCDtUGvH1i9fIpWNnVLlv4Lea8XJlm7p2+jNQslF
 W2ysoQ6PR/3HihtqMwsh4ZBJAQfhEpJcrcLeq5wWEdg40U2JVA1MjpX0q58X6fRJ
 YQ36K0vxmdnxdCK6NnoMLkGqI12aRqJnFEq0Avc3dC2U0OWIfNk4mp8X0Vr8o+s=
 =z3QF
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Mon 17 Jul 2017 13:17:17 BST
# gpg:                using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  virtio-net: fix offload ctrl endian
  virtion-net: Prefer is_power_of_2()
  docs/colo-proxy.txt: Update colo-proxy usage of net driver with vnet_header
  net/filter-rewriter.c: Make filter-rewriter support vnet_hdr_len
  net/colo-compare.c: Add vnet packet's tcp/udp/icmp compare
  net/colo.c: Add vnet packet parse feature in colo-proxy
  net/colo-compare.c: Make colo-compare support vnet_hdr_len
  net/colo-compare.c: Introduce parameter for compare_chr_send()
  net/colo.c: Make vnet_hdr_len as packet property
  net/filter-mirror.c: Add new option to enable vnet support for filter-redirector
  net/filter-mirror.c: Make filter mirror support vnet support.
  net/filter-mirror.c: Introduce parameter for filter_send()
  net/net.c: Add vnet_hdr support in SocketReadState
  net: Add vnet_hdr_len arguments in NetClientState

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-18 09:16:43 +01:00
Mark Cave-Ayland
39736e18cd fw_cfg: move QOM type defines and fw_cfg types into fw_cfg.h
By exposing FWCfgIoState and FWCfgMemState internals we allow the possibility
for the internal MemoryRegion fields to be mapped by name for boards that wish
to wire up the fw_cfg device themselves.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <1500025208-14827-4-git-send-email-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-07-17 15:41:30 -03:00
Mark Cave-Ayland
38f3adc34d fw_cfg: move qdev_init_nofail() from fw_cfg_init1() to callers
When looking to instantiate a TYPE_FW_CFG_MEM or TYPE_FW_CFG_IO device to be
able to wire it up differently, it is much more convenient for the caller to
instantiate the device and have the fw_cfg default files already preloaded
during realize.

Move fw_cfg_init1() to the end of both the fw_cfg_mem_realize() and
fw_cfg_io_realize() functions so it no longer needs to be called manually
when instantiating the device, and also rename it to fw_cfg_common_realize()
which better describes its new purpose.

Since it is now the responsibility of the machine to wire up the fw_cfg device
it is necessary to introduce a object_property_add_child() call into
fw_cfg_init_io() and fw_cfg_init_mem() to link the fw_cfg device to the root
machine object as before.

Finally with the previous change to fw_cfg_find() we can now remove the
assert() preventing multiple fw_cfg devices being instantiated and replace
them with a simple call to fw_cfg_find() at realize time instead. This allows
us to remove FW_CFG_NAME and FW_CFG_PATH since they are no longer required.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1500025208-14827-3-git-send-email-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-07-17 15:41:30 -03:00
Mark Cave-Ayland
6e99c075a0 fw_cfg: switch fw_cfg_find() to locate the fw_cfg device by type rather than path
This will enable the fw_cfg device to be placed anywhere within the QOM tree
regardless of its machine location.

Note that we also add a comment to document the behaviour that we return NULL to
indicate failure where either no fw_cfg device or multiple fw_cfg devices are
found.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <1500025208-14827-2-git-send-email-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-07-17 15:41:30 -03:00
Eduardo Habkost
6d1e30c4ac Revert "machine: Convert abstract typename on compat_props to subclass names"
This reverts commit 0bcba41fe3.

The bug addressed by that commit is now fixed in a better way by the
commit "qdev: fix the order compat and global properties are applied".

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20170711004303.3902-4-ehabkost@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-07-17 15:41:30 -03:00
Greg Kurz
5eb6a3c501 qdev: fix the order compat and global properties are applied
The current code recursively applies global properties from child up to
parent types. This can cause properties passed with the -global option to
be silently overridden by internal compat properties.

This is exactly what happened with virtio-*-pci drivers since commit:

"9a4c0e220d8a hw/virtio-pci: fix virtio behaviour"

Passing -device virtio-blk-pci.disable-modern=off had no effect on 2.6
machine types because the internal virtio-pci.disable-modern=on compat
property always prevailed.

A workaround for this was included with commit 0bcba41f ("machine:
Convert abstract typename on compat_props to subclass names").

This patch fixes the issue properly by reversing the logic: we now go
through the global property list and, for each property, we check if it
is applicable to the device.

This results in compat properties being applied first, in the order they
appear in the HW_COMPAT_* macros, followed by global properties, in the
order they appear on the command line.

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <148103887228.22326.478406873609299999.stgit@bahia.lab.toulouse-stg.fr.ibm.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20170711004303.3902-2-ehabkost@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-07-17 15:41:29 -03:00
Alexey Kardashevskiy
8c37faa475 vfio-pci, ppc64/spapr: Reorder group-to-container attaching
At the moment VFIO PCI device initialization works as follows:
vfio_realize
	vfio_get_group
		vfio_connect_container
			register memory listeners (1)
			update QEMU groups lists
		vfio_kvm_device_add_group

Then (example for pseries) the machine reset hook triggers region_add()
for all regions where listeners from (1) are listening:

ppc_spapr_reset
	spapr_phb_reset
		spapr_tce_table_enable
			memory_region_add_subregion
				vfio_listener_region_add
					vfio_spapr_create_window

This scheme works fine until we need to handle VFIO PCI device hotplug
and we want to enable PPC64/sPAPR in-kernel TCE acceleration on,
i.e. after PCI hotplug we need a place to call
ioctl(vfio_kvm_device_fd, KVM_DEV_VFIO_GROUP_SET_SPAPR_TCE).
Since the ioctl needs a LIOBN fd (from sPAPRTCETable) and a IOMMU group fd
(from VFIOGroup), vfio_listener_region_add() seems to be the only place
for this ioctl().

However this only works during boot time because the machine reset
happens strictly after all devices are finalized. When hotplug happens,
vfio_listener_region_add() is called when a memory listener is registered
but when this happens:
1. new group is not added to the container->group_list yet;
2. VFIO KVM device is unaware of the new IOMMU group.

This moves bits around to have all necessary VFIO infrastructure
in place for both initial startup and hotplug cases.

[aw: ie, register vfio groups with kvm prior to memory listener
registration such that kvm-vfio pseudo device ioctls are available
during the region_add callback]

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2017-07-17 12:39:09 -06:00
Peter Maydell
ca4e667dbf ehci fix for 2.10
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZbIXwAAoJEEy22O7T6HE4L+AQAJUPSHH+fkyrFrzv2Cy6NbvS
 2BbrvyYWy074Bg4+ASqCzX1hA0IAiUUcm7rbxhjyDi4lRsosAEHo4FP9/lsipwKY
 BFFmYEuOBm1tLYTY8VUeF6lvAK7jo2MPcUadnF/XSxPCWdN1xDBs52WlPjCS+nGL
 b5zUZGW0oqnL0oJapYrzDzfh4LDmOajWGZjf031kzK+h8+BHwaOuELEvZ92Te1z4
 Mth+HTPdCC35NO7eJDz870JfGsoaYX070FcXJRPE9BakujfCxiGleGDL6FzbtQZd
 Sfzv7fWXMoRgAHN8sc7sJTD9u9gwkCDvv4dScQF3FZ32dMTgbTJET7CPbTDovsFs
 S9fDdxA03+ptXkLaK4wm4B/OluGyw3VGCzkjkkcvAxE5MJxujzoO7vxAJmEJJca2
 5ckCpAt/Y0GKqMTUMCMSYIwycur3mE4m/zjN98t65+nYJUilVeGjox+KqWctVkUu
 Bd60fz+8VBdt9v9UDoU7PvNfNRBeTBjNYYXjHKWaDv7wX+pGS2FG/BeR616We32C
 JgHIIPmL4v8tHO7fP+iX37RRu5lbVwmKfJXDezuZIn8YN2hgbkMr1pDjw311G7dX
 CvfC5wT7apavTX/TbFFJVYOF9swnk7eozD+BW1OvN3RBTcfJ0PqBsBGQR61p/O9t
 /Q8pY5cHKY//4xU072mc
 =07Gg
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20170717-pull-request' into staging

ehci fix for 2.10

# gpg: Signature made Mon 17 Jul 2017 10:40:00 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20170717-pull-request:
  ehci: add sanity check for maxframes

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-17 17:54:17 +01:00
Peter Maydell
df55c7e8c8 virtio-gpu migration fix for 2.10
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZbIZdAAoJEEy22O7T6HE4legP/3V4lFzuVQquaJZcMG6EFiUx
 bpvQ63hFNRdpB/TglgqR66ijut1TwoC7N9AzeTTDYaze2sywNq32ySmqSQWLZUiN
 oKHl6Oo7s5YVLNj2qtCRHtJIaqurWjWun7ayGei9Q8hTpsbD7DeZiUHMWBusNc6y
 xhhttuzZnAhywm2vuQjXDs/gpqDTDp8eNF/9oQwAF8mV8g2L8TTD2QzWIgB277pO
 sjfvlNs6F5wWh2yawhFznMzXzCBr6k01TlzPHVlZfdgaasrbXW9iHPJIoWIo9R+R
 BAAAlbu7t4lrwOc9DKd6NfP3VpblqvoQuTo9mhhQvVRXYf1vxaKK1HMaFygibiaO
 qnkYXt/Ofk5lsRgTVvFbKiAPmJ1WmInwwwzDiycA2tvXbJSxi8lsYzuQ+Me7diqY
 rvd2OxKQEG0XqpQKUG104i4NDJxXV+xRMh7wgENa02cylcrpjs48BokGSybGfw7D
 C/DcONQfghwGhsqiPXsoYPke/yFH/DMq3UyCBpy4c2W4LzFoDiUah1G2eB3s9DB9
 tobc7yuCcCiM/kGX3T1teqy83T4ssHogaVwbYyhFSNq7mwspDyVDYB8XKnH+E3k0
 znws1MOpiRQE49u9iJ4CW8FU67lI90+5C/SMoVqLFx/hVl6iDe4u2PmnSMLdFm3v
 GxIcTezItHsqYIPxmHti
 =PwkY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20170717-pull-request' into staging

virtio-gpu migration fix for 2.10

# gpg: Signature made Mon 17 Jul 2017 10:41:49 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20170717-pull-request:
  virtio-gpu: skip update cursor in post_load if we don't have one

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-17 17:12:41 +01:00
Peter Maydell
63dba7e6b1 audio: fixes for 2.10
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZbINkAAoJEEy22O7T6HE4rtwP/0y9GzAQXdWemDFEfk/+ZEZA
 foImJBORm99Ri5vApM4vR4I+5AHnClPCPUfrAJNNTPZOJJ7u+uaZK6s1dxI9ut3j
 LVsGlZJBb2sZYr2XUi2bUOp4A/IUgWnwDWBOZQD3iBw1KlaZCOOXtIMZI+01BY05
 0KVpqP+LvO5lQClzjbYQ/3gHGpRFpi6/T5ctTK5+UYJLnh8k4pDmFnV/5AvU3uCd
 at/sSKutwc+pBNiYNmbHyfH0MOI3rf23zEO3LhVkz9QPtgVFShZffmndjxjSpE8Z
 gcCgISQWMYlY0aCObfe6hOhy9sjA/OClAz5459FylpWj3aMbl7SEirdK+qTwullU
 mS/e67EHWHRAV0w3b83L4o/VzT57jyX3ArGTUlTE0u/hrLbHULmpJZ5s8mG/GwUA
 gE3liyHsH34NFn1o0ZGNGWDkI9AGXZcdVAd/zTTvjn1miTRcSmzjKHnoPoV49RXe
 ZdvD9uHtojKOLlFWQSQxQcn2cohQlwC4SW1/smWvACUpDkLpYVtx0XlkqHsG0O2N
 i5CT/Z7a2vhPV38UNt3p1gsa3CH/rE3IOh+J/frEisskDWYbWtgYMy5mys97hkfz
 yiDNbI4vQ9Qt/8FMGAET0Kt64U9bOVr+z72QPq/evqYaL3mz30V0/Rb0uB6kGbua
 FriSoVyWhBwo+UxBrT4b
 =2aNN
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/audio-20170717-pull-request' into staging

audio: fixes for 2.10

# gpg: Signature made Mon 17 Jul 2017 10:29:08 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20170717-pull-request:
  audio/adlib: remove limitation of one adlib card
  audio/fmopl: modify timer callback to give opaque and channel parameters in two arguments
  audio: st_rate_flow exist a infinite loop

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-17 15:43:15 +01:00
Peter Maydell
3587393922 hw/arm/mps2: Add ethernet
The MPS2 FPGA images support ethernet via a LAN9220. We use
QEMU's LAN9118 model, which is software compatible except
that it is missing the checksum-offload feature.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1500029487-14822-9-git-send-email-peter.maydell@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-07-17 13:36:09 +01:00
Peter Maydell
6dbdf4ec33 hw/arm/mps2: Add SCC
Add the SCC to the MPS2 board models.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1500029487-14822-8-git-send-email-peter.maydell@linaro.org
2017-07-17 13:36:08 +01:00
Peter Maydell
dd73185b7d hw/misc/mps2_scc: Implement MPS2 Serial Communication Controller
Implement a model of the Serial Communication Controller (SCC) found
in MPS2 FPGA images.

The primary purpose of this device is to communicate with the
Motherboard Configuration Controller (MCC) which is located on
the MPS board itself, outside the FPGA image. This is used
for programming the MPS clock generators. The SCC also has
some basic ID registers and an output for the board LEDs.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1500029487-14822-7-git-send-email-peter.maydell@linaro.org
2017-07-17 13:36:08 +01:00
Peter Maydell
3d53904a68 hw/arm/mps2: Add timers
Add the CMSDK APB timers to the MPS2 board.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1500029487-14822-6-git-send-email-peter.maydell@linaro.org
2017-07-17 13:36:08 +01:00
Peter Maydell
5dd85b4b48 hw/char/cmsdk-apb-timer: Implement CMSDK APB timer device
Implement a model of the simple timer device found in the CMSDK.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1500029487-14822-5-git-send-email-peter.maydell@linaro.org
2017-07-17 13:36:08 +01:00
Peter Maydell
977a15f480 hw/arm/mps2: Add UARTs
Add the UARTs to the MPS2 board models.

Unfortunately the details of the wiring of the interrupts through
various OR gates differ between AN511 and AN385 so this can't
be purely a data-driven difference.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1500029487-14822-4-git-send-email-peter.maydell@linaro.org
2017-07-17 13:36:08 +01:00
Peter Maydell
775df84e48 hw/char/cmsdk-apb-uart.c: Implement CMSDK APB UART
Implement a model of the simple "APB UART" provided in
the Cortex-M System Design Kit (CMSDK).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1500029487-14822-3-git-send-email-peter.maydell@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2017-07-17 13:36:08 +01:00
Peter Maydell
2eb5578b47 hw/arm/mps2: Implement skeleton mps2-an385 and mps2-an511 board models
Model the ARM MPS2/MPS2+ FPGA based development board.

The MPS2 and MPS2+ dev boards are FPGA based (the 2+ has a bigger
FPGA but is otherwise the same as the 2). Since the CPU itself
and most of the devices are in the FPGA, the details of the board
as seen by the guest depend significantly on the FPGA image.

We model the following FPGA images:
 "mps2_an385" -- Cortex-M3 as documented in ARM Application Note AN385
 "mps2_an511" -- Cortex-M3 'DesignStart' as documented in AN511

They are fairly similar but differ in the details for some
peripherals.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1500029487-14822-2-git-send-email-peter.maydell@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2017-07-17 13:36:08 +01:00
Peter Maydell
5cc56cc687 qdev: support properties which don't set a default value
In some situations it's useful to have a qdev property which doesn't
automatically set its default value when qdev_property_add_static is
called (for instance when the default value is not constant).

Support this by adding a flag to the Property struct indicating
whether to set the default value.  This replaces the existing test
for whether the PropertyInfo set_default_value function pointer is
NULL, and we set the .set_default field to true for all those cases
of struct Property which use a PropertyInfo with a non-NULL
set_default_value, so behaviour remains the same as before.

This gives us the semantics of:
 * if .set_default is true, then .info->set_default_value must
   be not NULL, and .defval is used as the the default value of
   the property
 * otherwise, the property system does not set any default, and
   the field will retain whatever initial value it was given by
   the device's .instance_init method

We define two new macros DEFINE_PROP_SIGNED_NODEFAULT and
DEFINE_PROP_UNSIGNED_NODEFAULT, to cover the most plausible use cases
of wanting to set an integer property with no default value.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1499788408-10096-3-git-send-email-peter.maydell@linaro.org
2017-07-17 13:36:06 +01:00
Jason Wang
189ae6bb5c virtio-net: fix offload ctrl endian
Spec said offloads should be le64, so use virtio_ldq_p() to guarantee
valid endian.

Fixes: 644c98587d ("virtio-net: dynamic network offloads configuration")
Cc: qemu-stable@nongnu.org
Cc: Dmitry Fleytman <dfleytma@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-07-17 20:13:56 +08:00