Commit Graph

37207 Commits

Author SHA1 Message Date
Peter Maydell
651621b780 coverity: Improve and extend model
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJU05hhAAoJEDhwtADrkYZT92IP/imvbG800C9LZIbpQy2MBoD6
 h9RFw/MRXo3enNN2QyJUA5nDoUISVT2Gs7Pz+bZ4u9Y+5H09kZjfb1TXiA3iLaFl
 AJwU2gQCNNo5sOcXBI+9OxjBgE4N+w5dHatKIXb/DTOZCjUaEpUFSknyQppOy7tP
 gBAlo8cKPxI7hDyqjhX7KLUTwKWwhDK4jKHN/7WlBqECV7mRwtL9cGOtYfSws8r0
 R3Rg51mKgKDMqELzjIhBlCH4Z/XAlBV3qYgP10HtVaowflmKkyzdHMkVbqoRbMln
 Ji59o8UuSPQQg72Mv+WKZ+Q3OGcWQn08zKn1w2uZcl52oEzo1v+IJanMCXkyoue1
 vTDaYWSUvsK8Mc+C3I5go1/Erj5WAz2eKxMTQvhYx/Aw9WuoprFD9S7cXTF8pGWT
 tn+ZfX8RnM13I2th4y4uNE0lq0wXmhJ93AsnNcSeaux5UhB9LfZb5gM5mJo+fIeP
 jWdB90RqqnnF7JayKkW95Rw6eTWu0TmRrkgao/HBHvauncbzrdO2rmvLHWceOavs
 duXsk3hM4mBxqvTdvHkQegbLtLAai7Cd8XZsFwdIkKOGuPNfsYmsTDPnXsT4OQyP
 5/Y9lKnozRSHMst9qmczXw0GTlvYFO6Ch3N78VvRzhTxUwIV88Ul7zmSnb/RQ1XJ
 fDBsfgq0/Jpe43cqowO/
 =ZNaN
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-cov-model-2015-02-05' into staging

coverity: Improve and extend model

# gpg: Signature made Thu 05 Feb 2015 16:20:49 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-cov-model-2015-02-05:
  MAINTAINERS: Add myself as Coverity model maintainer
  coverity: Model g_free() isn't necessarily free()
  coverity: Model GLib string allocation partially
  coverity: Improve model for GLib memory allocation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 16:40:00 +00:00
Zhang Haoyu
bb42631190 fix mc146818rtc wrong subsection name to avoid vmstate_subsection_load() fail
fix mc146818rtc wrong subsection name to avoid vmstate_subsection_load() fail
during incoming migration or loadvm.

Signed-off-by: Zhang Haoyu <zhanghy@sangfor.com.cn>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-02-05 17:16:14 +01:00
Markus Armbruster
8c413e7902 MAINTAINERS: Add myself as Coverity model maintainer
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-02-05 17:16:14 +01:00
Dr. David Alan Gilbert
733252deb8 Tracify migration/rdma.c
Turn all the D/DD/DDDPRINTFs into trace events
Turn most of the fprintf(stderr, into error_report

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-02-05 17:16:14 +01:00
Alexander Graf
b17425701d Add migration stream analyzation script
This patch adds a python tool to the scripts directory that can read
a dumped migration stream if it contains the JSON description of the
device states. I constructs a human readable JSON stream out of it.

It's very simple to use:

  $ qemu-system-x86_64
    (qemu) migrate "exec:cat > mig"
  $ ./scripts/analyze_migration.py -f mig

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-02-05 17:16:14 +01:00
Alexander Graf
8118f0950f migration: Append JSON description of migration stream
One of the annoyances of the current migration format is the fact that
it's not self-describing. In fact, it's not properly describing at all.
Some code randomly scattered throughout QEMU elaborates roughly how to
read and write a stream of bytes.

We discussed an idea during KVM Forum 2013 to add a JSON description of
the migration protocol itself to the migration stream. This patch
adds a section after the VM_END migration end marker that contains
description data on what the device sections of the stream are composed of.

This approach is backwards compatible with any QEMU version reading the
stream, because QEMU just stops reading after the VM_END marker and ignores
any data following it.

With an additional external program this allows us to decipher the
contents of any migration stream and hopefully make migration bugs easier
to track down.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-02-05 17:16:14 +01:00
Alexander Graf
9722140011 qemu-file: Add fast ftell code path
For ftell we flush the output buffer to ensure that we don't have anything
lingering in our internal buffers. This is a very safe thing to do.

However, with the dynamic size measurement that the dynamic vmstate
description will bring this would turn out quite slow.

Instead, we can fast path this specific measurement and just take the
internal buffers into account when telling the kernel our position.

I'm sure I overlooked some corner cases where this doesn't work, so
instead of tuning the safe, existing version, this patch adds a fast
variant of ftell that gets used by the dynamic vmstate description code
which isn't critical when it fails.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-02-05 17:16:14 +01:00
Alexander Graf
190c882ce2 QJSON: Add JSON writer
To support programmatic JSON assembly while keeping the code that generates it
readable, this patch introduces a simple JSON writer. It emits JSON serially
into a buffer in memory.

The nice thing about this writer is its simplicity and low memory overhead.
Unlike the QMP JSON writer, this one does not need to spawn QObjects for every
element it wants to represent.

This is a prerequisite for the migration stream format description generator.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-02-05 17:16:14 +01:00
Dr. David Alan Gilbert
0457d07342 Print errors in some of the early migration failure cases.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-02-05 17:16:14 +01:00
Dr. David Alan Gilbert
a5df2a0222 Migration: Add lots of trace events
Mostly on the load side, so that when we get a complaint about
a migration failure we can figure out what it didn't like.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-02-05 17:16:14 +01:00
Dr. David Alan Gilbert
6a64b644ac savevm: Convert fprintf to error_report
Convert a bunch of fprintfs to error_reports

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-02-05 17:16:14 +01:00
Amit Shah
027f15696d vmstate-static-checker: update whitelist
Commit 22382bb96c renamed the
'hw_cursor_x' and 'hw_cursor_y' fields in cirrus_vga.  Update the static
checker's whitelist to allow matching against the old and new names.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-02-05 17:16:14 +01:00
Markus Armbruster
7ad4c72001 coverity: Model g_free() isn't necessarily free()
Memory allocated with GLib needs to be freed with GLib.  Freeing it
with free() instead of g_free() is a common error.  Harmless when
g_free() is a trivial wrapper around free(), which is commonly the
case.  But model the difference anyway.

In a local scan, this flags four ALLOC_FREE_MISMATCH.  Requires
--enable ALLOC_FREE_MISMATCH, because the checker is still preview.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-05 17:16:11 +01:00
Markus Armbruster
e4b77daa57 coverity: Model GLib string allocation partially
Without a model, Coverity can't know that the result of g_strdup()
needs to be fed to g_free().

One way to get such a model is to scan GLib, build a derived model
file with cov-collect-models, and use that when scanning QEMU.
Unfortunately, the Coverity Scan service we use doesn't support that.

Thus, we're stuck with the other way: write a user model.  Doing that
for all of GLib is hardly practical.  I'm doing it for the "String
Utility Functions" we actually use that return dynamically allocated
strings.

In a local scan, this flags 20 additional RESOURCE_LEAKs.  The ones I
checked look genuine.

It also loses a NULL_RETURNS about ppce500_init() using
qemu_find_file() without error checking.  I don't understand why.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-05 17:16:07 +01:00
Markus Armbruster
9d7a4c6690 coverity: Improve model for GLib memory allocation
In current versions of GLib, g_new() may expand into g_malloc_n().
When it does, Coverity can't see the memory allocation, because we
don't model g_malloc_n().  Similarly for g_new0(), g_renew(),
g_try_new(), g_try_new0(), g_try_renew().

Model g_malloc_n(), g_malloc0_n(), g_realloc_n().  Model
g_try_malloc_n(), g_try_malloc0_n(), g_try_realloc_n() by adding
indeterminate out of memory conditions on top.

To avoid undue duplication, replace the existing models for g_malloc()
& friends by trivial wrappers around g_malloc_n() & friends.

In a local scan, this flags four additional RESOURCE_LEAKs and one
NULL_RETURNS.

The NULL_RETURNS is a false positive: Coverity can now see that
g_try_malloc(l1_sz * sizeof(uint64_t)) in
qcow2_check_metadata_overlap() may return NULL, but is too stupid to
recognize that a loop executing l1_sz times won't be entered then.

Three out of the four RESOURCE_LEAKs appear genuine.  The false
positive is in ppce500_prep_device_tree(): the pointer dies, but a
pointer to a struct member escapes, and we get the pointer back for
freeing with container_of().  Too funky for Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-05 17:05:12 +01:00
Peter Maydell
cd07b19307 target-arm queue:
* refactor/clean up armv7m_init()
  * some initial cleanup in the direction of supporting 64-bit EL3
  * fix broken synchronization of registers between QEMU and KVM
    for 32-bit ARM hosts (which among other things broke memory
    access via gdbstub)
  * fix flush-to-zero handling in FMULX, FRECPS, FRSQRTS and FRECPE
  * don't crash QEMU for UNPREDICTABLE BFI insns in A32 encoding
  * explain why virt board's device-to-transport mapping code is
    the way it is
  * implement mmu_idx values which match the architectural
    distinctions, and introduce the concept of a translation
    regime to get_phys_addr() rather than incorrectly looking
    at the current CPU state
  * update to upstream VIXL 1.7 (gives us correct code addresses
    when dissassembling pc-relative references)
  * sync system register state between KVM and QEMU for 64-bit ARM
  * support virtio on big-endian guests by implementing the
    "which endian is the guest now?" CPU method
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJU03foAAoJEDwlJe0UNgze6xsP/jJHiEE4EieGfzkd0rKBAWlP
 0iW0oI8VRdYgbwmgRfZJwdbcR/7qYATS6ffS1QINfb6zQRyNHF1J3Qv9sOnU/NC5
 k7hQedqLoG68RUe3QwA0LxrF3r6NVYIddDKMPkjWgbByDbcAtUdElB2UTpd6yLFF
 hrRfkQWUbWqUoe1yqSPUaffo8s88MXFHqArhCHOhN5LQ/KAr70iggAEity6irJIX
 z+dhXaIoi7V6R1rSX+uAt6YAfja3/7GYzG3zK+xy/wdLv3Ka7ametCkwZZP+cvcp
 Zfbo1cpkbKSoPcxmaPoT/FDVH5AGKyO00QKQI/1Nsjb4CcR49dKczqIvlFfK82XL
 M0lNmfDFIf5K4D6KYsXkCbSCETEPuTeDQFI14z/gFNevAUMmRp02HGK+6/Z/mn0W
 n17nWiLiKhpvKo7xoPrIhCaYuaFP7OzL4g0ZktGlKYEGBrNATzpAH2v8pAYn4S41
 aF9Yzo5PF4lVlNpCZQSmilX6VmXLAuC4WSEB8nUkRjjk+wsBxzYO7SqXB+gxvagW
 leahFyHExRMTbOFXsrRAoCGcdOCpNjAam3QYKQaIAhgYy89XmqSl8wKnV6PESOxt
 QSBB/frbmn1Uj4aPMM2xSG/5vVpM/TtaBWDIi6+nlokCE4PO37kSjOprNUT/INeJ
 QATeeqh5iPio7BQwgjH8
 =gmUH
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150205' into staging

target-arm queue:
 * refactor/clean up armv7m_init()
 * some initial cleanup in the direction of supporting 64-bit EL3
 * fix broken synchronization of registers between QEMU and KVM
   for 32-bit ARM hosts (which among other things broke memory
   access via gdbstub)
 * fix flush-to-zero handling in FMULX, FRECPS, FRSQRTS and FRECPE
 * don't crash QEMU for UNPREDICTABLE BFI insns in A32 encoding
 * explain why virt board's device-to-transport mapping code is
   the way it is
 * implement mmu_idx values which match the architectural
   distinctions, and introduce the concept of a translation
   regime to get_phys_addr() rather than incorrectly looking
   at the current CPU state
 * update to upstream VIXL 1.7 (gives us correct code addresses
   when dissassembling pc-relative references)
 * sync system register state between KVM and QEMU for 64-bit ARM
 * support virtio on big-endian guests by implementing the
   "which endian is the guest now?" CPU method

# gpg: Signature made Thu 05 Feb 2015 14:02:16 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20150205: (28 commits)
  target-arm: fix for exponent comparison in recpe_f64
  target-arm: Guest cpu endianness determination for virtio KVM ARM/ARM64
  target-arm: KVM64: Get and Sync up guest register state like kvm32.
  disas/arm-a64.cc: Tell libvixl correct code addresses
  disas/libvixl: Update to upstream VIXL 1.7
  target-arm: Fix brace style in reindented code
  target-arm: Reindent ancient page-table-walk code
  target-arm: Use mmu_idx in get_phys_addr()
  target-arm: Pass mmu_idx to get_phys_addr()
  target-arm: Split AArch64 cases out of ats_write()
  target-arm: Don't define any MMU_MODE*_SUFFIXes
  target-arm: Use correct mmu_idx for unprivileged loads and stores
  target-arm: Define correct mmu_idx values and pass them in TB flags
  target-arm/translate-a64: Fix wrong mmu_idx usage for LDT/STT
  target-arm: Make arm_current_el() return sensible values for M profile
  cpu_ldst.h: Allow NB_MMU_MODES to be 7
  hw/arm/virt: explain device-to-transport mapping in create_virtio_devices()
  target-arm: check that LSB <= MSB in BFI instruction
  target-arm: Squash input denormals in FRECPS and FRSQRTS
  Fix FMULX not squashing denormalized inputs when FZ is set.
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 14:22:51 +00:00
Ildar Isaev
fc1792e9aa target-arm: fix for exponent comparison in recpe_f64
f64 exponent in HELPER(recpe_f64) should be compared to 2045 rather than 1023
(FPRecipEstimate in ARMV8 spec). This fixes incorrect underflow handling when
flushing denormals to zero in the FRECPE instructions operating on 64-bit
values.

Signed-off-by: Ildar Isaev <ild@inbox.ru>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:25 +00:00
Pranavkumar Sawargaonkar
84f2bed3cf target-arm: Guest cpu endianness determination for virtio KVM ARM/ARM64
This patch implements a fucntion pointer "virtio_is_big_endian"
from "CPUClass" structure for arm/arm64.
Function arm_cpu_is_big_endian() is added to determine and
return the guest cpu endianness to virtio.
This is required for running cross endian guests with virtio on ARM/ARM64.

Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
Message-id: 1423130382-18640-3-git-send-email-pranavkumar@linaro.org
[PMM: check CPSR_E in env->cpsr_uncached, not env->pstate.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:25 +00:00
Pranavkumar Sawargaonkar
568bab1fb8 target-arm: KVM64: Get and Sync up guest register state like kvm32.
This patch adds:
1. Call write_kvmstate_to_list() and write_list_to_cpustate()
   in kvm_arch_get_registers() to sync guest register state.
2. Call write_list_to_kvmstate() in kvm_arch_put_registers()
   to sync guest register state.

These changes are already there for kvm32 in target-arm/kvm32.c.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
Message-id: 1423130382-18640-2-git-send-email-pranavkumar@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:25 +00:00
Peter Maydell
8d298bee09 disas/arm-a64.cc: Tell libvixl correct code addresses
disassembling relative branches in code which doesn't reside at
what the guest CPU would think its execution address is. Use
the new MapCodeAddress() API to tell libvixl where the code is
from the guest CPU's point of view so it can get the target
addresses right.

Previous disassembly:

0x0000000040000000:  580000c0      ldr x0, pc+24 (addr 0x7f6cb7020434)
0x0000000040000004:  aa1f03e1      mov x1, xzr
0x0000000040000008:  aa1f03e2      mov x2, xzr
0x000000004000000c:  aa1f03e3      mov x3, xzr
0x0000000040000010:  58000084      ldr x4, pc+16 (addr 0x7f6cb702042c)
0x0000000040000014:  d61f0080      br x4

Fixed disassembly:
0x0000000040000000:  580000c0      ldr x0, pc+24 (addr 0x40000018)
0x0000000040000004:  aa1f03e1      mov x1, xzr
0x0000000040000008:  aa1f03e2      mov x2, xzr
0x000000004000000c:  aa1f03e3      mov x3, xzr
0x0000000040000010:  58000084      ldr x4, pc+16 (addr 0x40000020)
0x0000000040000014:  d61f0080      br x4

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422274779-13359-3-git-send-email-peter.maydell@linaro.org
2015-02-05 13:37:25 +00:00
Peter Maydell
d4eba98df4 disas/libvixl: Update to upstream VIXL 1.7
Update our copy of libvixl to upstream's 1.7 release.
This includes upstream's fix for the issue we had a local
patch for in commit 94cc44a9e.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422274779-13359-2-git-send-email-peter.maydell@linaro.org
2015-02-05 13:37:25 +00:00
Peter Maydell
87c3d48615 target-arm: Fix brace style in reindented code
This patch fixes the brace style in the code reindented in the
previous commit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2015-02-05 13:37:24 +00:00
Peter Maydell
554b0b09ae target-arm: Reindent ancient page-table-walk code
A few of the oldest parts of the page-table-walk code have broken indent
(either hardcoded tabs or two-spaces). Reindent these sections.

For ease of review, this patch does not touch the brace style and
so is a whitespace-only change.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2015-02-05 13:37:24 +00:00
Peter Maydell
0480f69abf target-arm: Use mmu_idx in get_phys_addr()
Now we have the mmu_idx in get_phys_addr(), use it correctly to
determine the behaviour of virtual to physical address translations,
rather than using just an is_user flag and the current CPU state.

Some TODO comments have been added to indicate where changes will
need to be made to add EL2 and 64-bit EL3 support.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
2015-02-05 13:37:24 +00:00
Peter Maydell
d364970287 target-arm: Pass mmu_idx to get_phys_addr()
Make all the callers of get_phys_addr() pass it the correct
mmu_idx rather than just a simple "is_user" flag. This includes
properly decoding the AT/ATS system instructions; we include the
logic for handling all the opc1/opc2 cases because we'll need
them later for supporting EL2/EL3, even if we don't have the
regdef stanzas yet.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2015-02-05 13:37:24 +00:00
Peter Maydell
060e8a48cb target-arm: Split AArch64 cases out of ats_write()
Instead of simply reusing ats_write() as the handler for both AArch32
and AArch64 address translation operations, use a different function
for each with the common code in a third function. This is necessary
because the semantics for selecting the right translation regime are
different; we are only getting away with sharing currently because
we don't support EL2 and only support EL3 in AArch32.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2015-02-05 13:37:24 +00:00
Peter Maydell
0dfef7b58f target-arm: Don't define any MMU_MODE*_SUFFIXes
target-arm doesn't use any of the MMU-mode specific cpu ldst
accessor functions. Suppress their generation by not defining
any of the MMU_MODE*_SUFFIX macros. ("user" and "kernel" are
too simplistic as descriptions of indexes 0 and 1 anyway.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2015-02-05 13:37:24 +00:00
Peter Maydell
579d21cce6 target-arm: Use correct mmu_idx for unprivileged loads and stores
The MMU index to use for unprivileged loads and stores is more
complicated than we currently implement:
 * for A64, it should be "if at EL1, access as if EL0; otherwise
   access at current EL"
 * for A32/T32, it should be "if EL2, UNPREDICTABLE; otherwise
   access as if at EL0".

In both cases, if we want to make the access for Secure EL0
this is not the same mmu_idx as for Non-Secure EL0.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
2015-02-05 13:37:23 +00:00
Peter Maydell
c1e3781090 target-arm: Define correct mmu_idx values and pass them in TB flags
We currently claim that for ARM the mmu_idx should simply be the current
exception level. However this isn't actually correct -- secure EL0 and EL1
should have separate indexes from non-secure EL0 and EL1 since their
VA->PA mappings may differ. We also will want an index for stage 2
translations when we properly support EL2.

Define and document all seven mmu index values that we require, and
pass the mmu index in the TB flags rather than exception level or
priv/user bit.

This change doesn't update the get_phys_addr() code, so our page
table walking still assumes a simplistic "user or priv?" model for
the moment.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
---
This leaves some odd gaps in the TB flags usage. I will circle
back and clean this up later (including moving the other common
flags like the singlestep ones to the top of the flags word),
but I didn't want to bloat this patchseries further.
2015-02-05 13:37:23 +00:00
Peter Maydell
949013ce11 target-arm/translate-a64: Fix wrong mmu_idx usage for LDT/STT
The LDT/STT (load/store unprivileged) instruction decode was using
the wrong MMU index value. This meant that instead of these insns
being "always access as if user-mode regardless of current privilege"
they were "always access as if kernel-mode regardless of current
privilege". This went unnoticed because AArch64 Linux doesn't use
these instructions.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
I'm not counting this as a security issue because I'm assuming
nobody treats TCG guests as a security boundary (certainly I
would not recommend doing so...)
2015-02-05 13:37:23 +00:00
Peter Maydell
6d54ed3c93 target-arm: Make arm_current_el() return sensible values for M profile
Although M profile doesn't have the same concept of exception level
as A profile, it does have a notion of privileged versus not, which
we currently track in the privmode TB flag. Support returning this
information if arm_current_el() is called on an M profile core, so
that we can identify the correct MMU index to use (and put the MMU
index in the TB flags) without having to special-case M profile.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
2015-02-05 13:37:23 +00:00
Peter Maydell
8f3ae2ae2d cpu_ldst.h: Allow NB_MMU_MODES to be 7
Support guest CPUs which need 7 MMU index values.
Add a comment about what would be required to raise the limit
further (trivial for 8, TCG backend rework for 9 or more).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2015-02-05 13:37:23 +00:00
Laszlo Ersek
587078f0ed hw/arm/virt: explain device-to-transport mapping in create_virtio_devices()
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1422592273-4432-1-git-send-email-lersek@redhat.com
[PMM: added note recommending UUIDs]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:23 +00:00
Kirill Batuzov
45140a5767 target-arm: check that LSB <= MSB in BFI instruction
The documentation states that if LSB > MSB in BFI instruction behaviour
is unpredictable. Currently QEMU crashes because of assertion failure in
this case:

tcg/tcg-op.h:2061: tcg_gen_deposit_i32: Assertion `len <= 32' failed.

While assertion failure may meet the "unpredictable" definition this
behaviour is undesirable because it allows an unprivileged guest program
to crash the emulator with the OS and other programs.

This patch addresses the issue by throwing illegal instruction exception
if LSB > MSB. Only ARM decoder is affected because Thumb decoder already
has this check in place.

To reproduce issue run the following program

int main(void) {
    asm volatile (".long 0x07c00c12" :: );
    return 0;
}

compiled with
  gcc -marm -static badop_arm.c -o badop_arm

Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:22 +00:00
Peter Maydell
a8eb6e1999 target-arm: Squash input denormals in FRECPS and FRSQRTS
The helper functions for FRECPS and FRSQRTS have special case
handling that includes checks for zero inputs, so squash input
denormals if necessary before those checks. This fixes incorrect
output when the FPCR DZ bit is set to enable squashing of input
denormals.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
2015-02-05 13:37:22 +00:00
Xiangyu Hu
dabf005808 Fix FMULX not squashing denormalized inputs when FZ is set.
While FMULX returns a 2.0f float when two operators are infinity and
zero, those operators should be unpacked from raw inputs first. Inconsistent
cases would occur when operators are denormalized floats in flush-to-zero
mode. A wrong codepath will be entered and 2.0f will not be returned
without this patch.
Fix by checking whether inputs need to be flushed before running into
different codepaths.

Signed-off-by: Xiangyu Hu <libhu.so@gmail.com>
Message-id: 1422459650-12490-1-git-send-email-libhu.so@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:22 +00:00
Peter Maydell
375421ccae target-arm: Add checks that cpreg raw accesses are handled
Add assertion checking when cpreg structures are registered that they
either forbid raw-access attempts or at least make an attempt at
handling them. Also add an assert in the raw-accessor-of-last-resort,
to avoid silently doing a read or write from offset zero, which is
actually AArch32 CPU register r0.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422282372-13735-3-git-send-email-peter.maydell@linaro.org
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
2015-02-05 13:37:22 +00:00
Peter Maydell
7a0e58fa64 target-arm: Split NO_MIGRATE into ALIAS and NO_RAW
We currently mark ARM coprocessor/system register definitions with
the flag ARM_CP_NO_MIGRATE for two different reasons:
1) register is an alias on to state that's also visible via
   some other register, and that other register is the one
   responsible for migrating the state
2) register is not actually state at all (for instance the TLB
   or cache maintenance operation "registers") and it makes no
   sense to attempt to migrate it or otherwise access the raw state

This works fine for identifying which registers should be ignored
when performing migration, but we also use the same functions for
synchronizing system register state between QEMU and the kernel
when using KVM. In this case we don't want to try to sync state
into registers in category 2, but we do want to sync into registers
in category 1, because the kernel might have picked a different
one of the aliases as its choice for which one to expose for
migration. (In particular, on 32 bit hosts the kernel will
expose the state in the AArch32 version of the register, but
TCG's convention is to mark the AArch64 version as the version
to migrate, even if the CPU being emulated happens to be 32 bit,
so almost all system registers will hit this issue now that we've
added AArch64 system emulation.)

Fix this by splitting the NO_MIGRATE flag in two (ALIAS and NO_RAW)
corresponding to the two different reasons we might not want to
migrate a register. When setting up the TCG list of registers to
migrate we honour both flags; when populating the list from KVM,
only ignore registers which are NO_RAW.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1422282372-13735-2-git-send-email-peter.maydell@linaro.org
[PMM: changed ARM_CP_NO_MIGRATE to ARM_CP_ALIAS on new SP_EL1 and
 SP_EL2 reginfo stanzas since there was a (semantic) merge conflict
 with the patchset that added those]
2015-02-05 13:37:22 +00:00
Greg Bellows
884b4deeeb target-arm: Add missing SP_ELx register definition
Added CP register definitions for SP_EL1 and SP_EL2.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-5-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:22 +00:00
Greg Bellows
5097227c15 target-arm: Change reset to highest available EL
Update to arm_cpu_reset() to reset into the highest available exception level
based on the set ARM features.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-4-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:22 +00:00
Greg Bellows
be8e812859 target-arm: Add extended RVBAR support
Added RVBAR_EL2 and RVBAR_EL3 CP register support.  All RVBAR_EL# registers
point to the same location and only the highest EL version exists at any one
time.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-3-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:22 +00:00
Greg Bellows
569b49f864 target-arm: Fix RVBAR_EL1 register encoding
Fix the RVBAR_EL1 CP register opc2 encoding from 2 to 1

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-2-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:21 +00:00
Alistair Francis
8b47b7da29 target_arm: Parameterise the irq lines for armv7m_init
This patch allows the board to specifiy the number of NVIC interrupt
lines when using armv7m_init.

Signed-off-by: Alistair Francis <alistair23@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 5a0b0fcc778df0340899f488053acc9493679e03.1422077994.git.alistair23@gmail.com
[PMM: removed stale FIXME comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:21 +00:00
Alistair Francis
fe6ac447ad target_arm: Remove memory region init from armv7m_init
This patch moves the memory region init code from the
armv7m_init function to the stellaris_init function

Signed-off-by: Alistair Francis <alistair23@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 4836be7e1d708554d6eb0bc639dc2fbf7dac0458.1422077994.git.alistair23@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 13:37:21 +00:00
Peter Maydell
2c918a245c qmp hmp balloon: Cleanups around error reporting
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJU0xh/AAoJEDhwtADrkYZTRgUQAJxcfjFRxgHeg6+ohw2JbSP4
 fSwlsq2ugT5VwCgoOPjKnL1rSqxNDIIzmKm0E2PqUPg73Yd4MpBY1F7DT4mB0022
 yeiK4b7zv5xxn8UcRTa+jysdmrh5SdmLLgpG+zrRFnObYIJs56O8u7Y8oZR4bTLQ
 D4GDEUlWK0j1zHnQpsRlEgAnUtG4+2zWbNAotqjifYlxpDcebbBVT72r2/1Z6Vvr
 8GH+eaTUZ8e75euCRLDb+NjuIOowwO6Cfj2Xo6/2eXgFeHXEGiTaZbcHdKl0PjWe
 RxcC6khm7yQr+/DRr3zBUIk0nl7BVHdNP7LQMcMLS2sq2lUjyL80XxiYUj93TEO8
 JUeEhv8AH6F16W/U69lxeB6t94Urbfo9EFfSf5MMDtbT4mV87N8mAmhFgtkV4Myj
 4BtzsE5r09xd/hN4AQ/J2Wr8MbTCz17J3+zPoPsDPLEya77kuo3td2HnmoHR8FmF
 vfdj2Gp5O4HW5fUmESLQ8eSNJUuWN+bd9xBD1w9q0w9iZnVOmHHd3ZT9xnpNvvkg
 DBRIB9HxR13gljAVT5z4kedl+H98FfkKv3x7mqiHN/khM67LNTBKCzyqu9Kecvvk
 FhSp6si0SEDxNyS0WnUahsiNmszdvreXNnA/oaSZ/UlgsCAL3DVRCa3/v7WPR/ol
 9tU1t6vKMRvNP0fNKCwm
 =LanK
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-02-05' into staging

qmp hmp balloon: Cleanups around error reporting

# gpg: Signature made Thu 05 Feb 2015 07:15:11 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-error-2015-02-05:
  balloon: Eliminate silly QERR_ macros
  balloon: Factor out common "is balloon active" test
  balloon: Inline qemu_balloon(), qemu_balloon_status()
  qmp: Eliminate silly QERR_COMMAND_NOT_FOUND macro
  qmp: Simplify recognition of capability negotiation command
  qmp: Clean up qmp_query_spice() #ifndef !CONFIG_SPICE dummy
  hmp: Compile hmp_info_spice() only with CONFIG_SPICE
  qmp hmp: Improve error messages when SPICE is not in use
  qmp hmp: Factor out common "using spice" test

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 11:11:56 +00:00
Stefan Hajnoczi
442469e61d MAINTAINERS: add Jason Wang as net subsystem maintainer
Jason Wang will be co-maintaining the QEMU net subsystem with me.  He
has contributed improvements and reviewed patches over the past years as
part of working on virtio-net and virtualized networking.

Jason has already been backing me up with patch reviews.  For the time
being I will continue to submit pull requests.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
2015-02-05 11:07:31 +00:00
Peter Maydell
32193cb421 VFIO fixes:
- Fix wrong initializer (Chen Fan)
 - Add missing object_unparent (Alex Williamson)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJU0mm0AAoJECObm247sIsiLK0P/04mGed8J/iPWW9KXXDPc0Nm
 ewHSo1Q3LBp3aDPqy7pXBD2PdFm1QI3KmyZI6A+Z/LqCUeq66u3EnxZ48nlwNw3i
 XyEIAUfWOiVJPOLMt+4aLQc4cRH7XO507lR/P3usuWAl6ZxEePNrba7cXKmDEsQk
 nd2Wn6lxYeQlRG1yqO5lM9PApOHrFHnjGFt2o1z1fi++rSvT+gv3KhavnKsM+uIP
 QVzTwmQtwQrLaYnJpFhZpLUO8gP0kxVCdtwUG+DAOajyPOQn/zsdg6nR332TLBcP
 BYaRYebKtMKyay8+1spyNkMV8f1/H1cE7fo3OzuDYFORHFDXPMONDnAjRA7dJ1M6
 +BS5+rhEUuop782RN1mt5WNEr7S0o0oG5qLW+exph6nWW9OS73CUdujnDHhWy+Ot
 8Gd7sjHAK4GigS1IWUnXfNcUFo1PTwVBXq9gtHRctPVDFkGNIFPhEXZEeoCpEPPx
 Bz/IPm4TXHmHgwWdC17IOem7uBfBRnK9oPUnKKMCTdTTpxAxk7mqfRw/118DvUrE
 xvxcTHGzewXAlobOa1wKfVOs7qCEbW5fPJMpanf3pSZWpb5EOrEwNw91T3iXqMN5
 VJq27sgbkWAiCwCmB3CF/5yJGxnJNyUsVjUKfbAR3BRN+P1ACVmNcxHF9/Dbigab
 VxBSjYRhM33lpdiuo7cQ
 =DPXs
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150204.0' into staging

VFIO fixes:
- Fix wrong initializer (Chen Fan)
- Add missing object_unparent (Alex Williamson)

# gpg: Signature made Wed 04 Feb 2015 18:49:24 GMT using RSA key ID 3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"

* remotes/awilliam/tags/vfio-update-20150204.0:
  vfio-pci: Fix missing unparent of dynamically allocated MemoryRegion
  vfio: fix wrong initialize vfio_group_list

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-05 10:19:38 +00:00
Alex Williamson
3a4dbe6aa9 vfio-pci: Fix missing unparent of dynamically allocated MemoryRegion
Commit d8d9581460 added explicit object_unparent() calls for
dynamically allocated MemoryRegions.  The VFIOMSIXInfo structure also
contains such a MemoryRegion, covering the mmap'd region of a PCI BAR
above the MSI-X table.  This structure is freed as part of the class
exit function and therefore also needs an explicit object_unparent().
Failing to do this results in random segfaults due to fields within
the structure, often the class pointer, being reclaimed and corrupted
by the time object_finalize_child_property() is called for the object.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-stable@nongnu.org # 2.2
2015-02-04 11:45:32 -07:00
Chen Fan
39cb514f02 vfio: fix wrong initialize vfio_group_list
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-02-04 11:45:32 -07:00
Peter Maydell
ec6f25e788 s390 translator bug fixes
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJU0THzAAoJEK0ScMxN0CebpTEIAKv2k1iE/Mj5YeE6ZygepQXg
 iNe28daFU2XXFKv+DNS0ptPnt+M1NLbFcuyXTOhWnQnpc+Z82i2TecxgqqCMrp4f
 JjW56WxJR8H7Gdc6CesCigld2QNXOprniEMxZwkCy8KEZa32D22WKb9E/CHOFzeS
 3+YqiYlnj52DAm8oS+hVapf0tm+qJLGfgDFEU1MJLCtAVNE5DJclguzi05//W5Go
 Jx0LClvED5a0rRN4vYFXHRMB9H6QTsG5/HtvYLR5wBUCk6SBcx/2domHSXYKiEfN
 LS1DjLYArXwjzI3Fr232po8VX3pcG0QrG71kYh9v8GXcvxDUNtQ69DV7p8ZRxZ0=
 =RqeH
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-tg-s390-20150203' into staging

s390 translator bug fixes

# gpg: Signature made Tue 03 Feb 2015 20:39:15 GMT using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/pull-tg-s390-20150203:
  target-s390x: fix and optimize slb* and slbg* computation of carry/borrow flag
  target-s390x: support OC and NC in the EX instruction
  disas/s390.c: Remove unused variables
  target-s390x: Mark check_privileged() as !CONFIG_USER_ONLY
  target-s390: Implement ECAG
  target-s390: Implement LURA, LURAG, STURG
  target-s390: Fix STURA
  target-s390: Fix STIDP
  target-s390: Implement EPSW
  target-s390: Implement SAM specification exception

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-02-03 21:37:16 +00:00