Commit Graph

11844 Commits

Author SHA1 Message Date
Alexey Kardashevskiy
4af88944d0 xics: Add flags for interrupts
The existing interrupt allocation scheme in SPAPR assumes that
interrupts are allocated at the start time, continously and the config
will not change. However, there are cases when this is not going to work
such as:

1. migration - we will have to have an ability to choose interrupt
numbers for devices in the command line and this will create gaps in
interrupt space.

2. PCI hotplug - interrupts from unplugged device need to be returned
back to interrupt pool, otherwise we will quickly run out of interrupts.

This replaces a separate lslsi[] array with a byte in the ICSIRQState
struct and defines "LSI" and "MSI" flags. Neither of these flags set
signals that the descriptor is not allocated and not in use.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:26 +02:00
Sam bobroff
3b50d8974b spapr: Add RTAS sysparm SPLPAR Characteristics
Add support for the SPLPAR Characteristics parameter to the emulated
RTAS call ibm,get-system-parameter.

The support provides just enough information to allow "cat
/proc/powerpc/lparcfg" to succeed without generating a kernel error
message.

Without this patch the above command will produce the following kernel
message: arch/powerpc/platforms/pseries/lparcfg.c \
parse_system_parameter_string Error calling get-system-parameter \
(0xfffffffd)

Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:26 +02:00
Sam bobroff
b907d7b0fd spapr: Add RTAS sysparm UUID
Add support for the UUID parameter to the emulated RTAS call
ibm,get-system-parameter.

Return the guest's UUID as the value for the RTAS UUID system
parameter, or null (a zero length result) if it is not set.

Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:26 +02:00
Sam bobroff
3052d95190 spapr: Fix RTAS sysparm DIAGNOSTICS_RUN_MODE
This allows the ibm,get-system-parameter RTAS call to succeed for the
DIAGNOSTICS_RUN_MODE system parameter.

The problem can be seen with "ppc64_cpu --run-mode" from the
powerpc-utils package which fails before this patch with "Machine does
not support diagnostic run mode".

This is corrected by using the rtas_st_buffer() function to write to
the buffer.

The RTAS constants are also moved out into a header file, some new
constants added and the surrounding code slightly simplified.

Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
[agraf: remove some commentary]
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:25 +02:00
Alexey Kardashevskiy
6026db4501 spapr: Define a 2.1 pseries machine
This adds a v2.1 machine to support backward compatibility
for newer macines in the case if they ever be implemented.

This adds a "pseries-2.1" machine as a child of the "pseries"
machine and only changes visible machine name.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:25 +02:00
Alexey Kardashevskiy
6ca1502e36 spapr: Fix code design style (s/SPAPRMachine/sPAPRMachineState)
Every single sPAPR QOM object has small first "s".
Most (not all yet) QOM objects have "State" suffix.

This replaces SPAPRMachine with sPAPRMachineState to conform with QEMU
code style and removes redundant empty line.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:25 +02:00
BALATON Zoltan
1be88255a7 uninorth: Fix PCI hole size
Fix PCI hole size to match that what is found on real hardware.
(OpenBIOS already uses the correct length.)

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:24 +02:00
BALATON Zoltan
a0bb2a5fa0 mac99: Add motherboard devices before PCI cards
Change the order of creating devices for New World Mac emulation so
that devices on the motherboard are added first and PCI cards (VGA and
NIC) come later. As a side effect, this also causes OpenBIOS to map
the motherboard devices into the MMIO space to the same addresses as
on real hardware and allow clients that hardcode these addresses (e.g.
MorphOS) to find and use them until OpenBIOS is tought to map devices
to specific addresses. (On real hardware the graphics and network
cards are really on separate buses but we don't model that yet.) This
brings the memory map closer to what is found on PowerMac3,1.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:24 +02:00
Alexey Kardashevskiy
591812634c vfio: Enable for SPAPR
This turns the sPAPR support on and enables VFIO container use
in the kernel.

This extends vfio_connect_container to support VFIO_SPAPR_TCE_IOMMU type
in the host kernel.

This registers a memory listener which sPAPR IOMMU will notify when
executing H_PUT_TCE/etc DMA calls. The listener then will notify the host
kernel about DMA map/unmap operation via VFIO_IOMMU_MAP_DMA/
VFIO_IOMMU_UNMAP_DMA ioctls.

This executes VFIO_IOMMU_ENABLE ioctl to make sure that the IOMMU is free
of mappings and can be exclusively given to the user. At the moment SPAPR
is the only platform requiring this call to be implemented.

Note that the host kernel function implementing VFIO_IOMMU_DISABLE
is called automatically when container's fd is closed so there is
no need to call it explicitly from QEMU. We may need to call
VFIO_IOMMU_DISABLE explicitly in the future for some sort of dynamic
reconfiguration (PCI hotplug or dynamic IOMMU group management).

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:23 +02:00
Alexey Kardashevskiy
9fc34ada7e spapr_pci_vfio: Add spapr-pci-vfio-host-bridge to support vfio
The patch adds a spapr-pci-vfio-host-bridge device type
which is a PCI Host Bridge with VFIO support. The new device
inherits from the spapr-pci-host-bridge device and adds an "iommu"
property which is an IOMMU id. This ID represents a minimal entity
for which IOMMU isolation can be guaranteed. In SPAPR architecture IOMMU
group is called a Partitionable Endpoint (PE).

Current implementation supports one IOMMU id per QEMU VFIO PHB. Since
SPAPR allows multiple PHB for no extra cost, this does not seem to
be a problem. This limitation may change in the future though.

Example of use:
Configure and Add 3 functions of a multifunctional device to QEMU:
(the NEC PCI USB card is used as an example here):
-device spapr-pci-vfio-host-bridge,id=USB,iommu=4,index=7 \
-device vfio-pci,host=4:0:1.0,addr=1.0,bus=USB,multifunction=true
-device vfio-pci,host=4:0:1.1,addr=1.1,bus=USB
-device vfio-pci,host=4:0:1.2,addr=1.2,bus=USB

where:
* index=7 is a QEMU PHB index (used as source for MMIO/MSI/IO windows
offset);
* iommu=4 is an IOMMU id which can be found in sysfs:
[aik@vpl2 ~]$ cd /sys/bus/pci/devices/0004:00:00.0/
[aik@vpl2 0004:00:00.0]$ ls -l iommu_group
lrwxrwxrwx 1 root root 0 Jun  5 12:49 iommu_group -> ../../../kernel/iommu_groups/4

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:23 +02:00
Alexey Kardashevskiy
6d8be4c343 vfio: Add vfio_container_ioctl()
While most operations with VFIO IOMMU driver are generic and used inside
vfio.c, there are still some operations which only specific VFIO IOMMU
drivers implement. The first example of it will be reading a DMA window
start from the host.

This adds a helper which passes an ioctl request to the container's fd.

The helper will check if @req is known. For this, stub is added. This return
-1 on any requests for now.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:23 +02:00
Alexey Kardashevskiy
9bb62a0702 spapr_iommu: Make in-kernel TCE table optional
POWER KVM supports an KVM_CAP_SPAPR_TCE capability which allows allocating
TCE tables in the host kernel memory and handle H_PUT_TCE requests
targeted to specific LIOBN (logical bus number) right in the host without
switching to QEMU. At the moment this is used for emulated devices only
and the handler only puts TCE to the table. If the in-kernel H_PUT_TCE
handler finds a LIOBN and corresponding table, it will put a TCE to
the table and complete hypercall execution. The user space will not be
notified.

Upcoming VFIO support is going to use the same sPAPRTCETable device class
so KVM_CAP_SPAPR_TCE is going to be used as well. That means that TCE
tables for VFIO are going to be allocated in the host as well.
However VFIO operates with real IOMMU tables and simple copying of
a TCE to the real hardware TCE table will not work as guest physical
to host physical address translation is requited.

So until the host kernel gets VFIO support for H_PUT_TCE, we better not
to register VFIO's TCE in the host.

This adds a place holder for KVM_CAP_SPAPR_TCE_VFIO capability. It is not
in upstream yet and being discussed so now it is always false which means
that in-kernel VFIO acceleration is not supported.

This adds a bool @vfio_accel flag to the sPAPRTCETable device telling
that sPAPRTCETable should not try allocating TCE table in the host kernel
for VFIO. The flag is false now as at the moment there is no VFIO.

This adds an vfio_accel parameter to spapr_tce_new_table(), the semantic
is the same. Since there is only emulated PCI and VIO now, the flag is set
to false. Upcoming VFIO support will set it to true.

This is a preparation patch so no change in behaviour is expected

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:23 +02:00
Alexey Kardashevskiy
3a3b8502e6 spapr: Fix RTAS token numbers
At the moment spapr_rtas_register() allocates a new token number for every
new RTAS callback so numbers are not fixed and depend on the number of
supported RTAS handlers and the exact order of spapr_rtas_register() calls.
These tokens are copied into the device tree and remain the same during
the guest lifetime.

When we start another guest to receive a migration, it calls
spapr_rtas_register() as well. If the number of RTAS handlers or their
order is different in QEMU on source and destination sides, the "/rtas"
node in the device tree will differ. Since migration overwrites the device
tree (as it overwrites the entire RAM), the actual RTAS config on
the destination side gets broken.

This defines global contant values for every RTAS token which QEMU
is using today.

This changes spapr_rtas_register() to accept a token number instead of
allocating one. This changes all users of spapr_rtas_register().

This changes XICS-KVM not to cache tokens registered with KVM as they
constant now.

This makes TOKEN_BASE global as RTAS_XXX use TOKEN_BASE as
a base. TOKEN_MAX is moved and renamed too and its value is changed
to the last token + 1. Boundary checks for token values are adjusted.

This reserves token numbers for "os-term" handlers and PCI hotplug
which we are working on.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:22 +02:00
Avik Sil
cc84c0f357 spapr: Add "qemu, boot-menu" property to /chosen
This is required to enable boot menu display during booting

Signed-off-by: Avik Sil <aviksil@linux.vnet.ibm.com>
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27 13:48:22 +02:00
Peter Maydell
64e64ef609 hw/moxie/moxiesim.c: Remove unused moxie_intc_create()
The function moxie_intc_create() is unused; remove it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-06-24 20:01:24 +04:00
Stefan Weil
5d831be272 Fix new typos (found by codespell)
* accomodate -> accommodate
* aquiring -> acquiring
* beacuse -> because
* loosing -> losing
* prefering -> preferring
* threshhold -> threshold

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-06-24 20:01:24 +04:00
Paolo Bonzini
10358b6a1c virtio-serial: remove useless set_config function
Its only contents are a dead memcpy.  Since it is optional,
drop the function altogether.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-06-24 20:01:24 +04:00
Peter Maydell
513d80edc1 migration/next for 20140623
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJTqGGBAAoJEPSH7xhYctcj+9MQAKyWUh3eC/wVoy+KgtCLz81Y
 kOFTZI2AT0yAunr2ujR6v7DvR1QX5ygYL1rnwmZhwe8/yV3bXr4d7EhzfDRoNrTr
 tPOu13qqBB1i3iNR/dCFAPRopo9dZ/0synYFvJWhzO8EqdFfjJ2xhlE5PD0Slayb
 08qRQsuvkaEgD2Q4iYzqmS/o7pEK3HqBCuTqRYaty0QpIcOKXhUDivImSf1Yhlka
 NJoNuZWL8gMxUqdZZPMMWTh7Hcw1zLrm7ve4ydiBx7EMKSSviBujCpxkAskthYbA
 PYchxQ3kZ36cILxTtimuYayRUDZLu5naoNtlxN79obeRXgZpbZFWr4SwXjWOYAzS
 GBKpaZQLddYWeHDfAChuSNV0ldfrlicabX/rLVBnsJidRlShQBrqIjuh/z2U9Mad
 PKRPyw6QYKZXR8kehCBGgNegOTD+IpLHdI2ea0SrMz8x1sCaiG3NVZk2X5bb0yOa
 X9mvDE35DOOePzbTGzJtTHMCW2w0ZoLBbO/8IL6BViJjvZQoFh/I+dzcVfIlF18j
 mfCi6xPAw3LM7BvQDD/AfFfl40X+O7HYXCeQ0aNksja6eaymuIgMrl3iIPxPYKwz
 vVE4Z073U5YAzEmZrbgB/gag4VCAFCIldDBexUA+eVWpSWPRHXlnzJ+e16JKXTqD
 49oXnzmPeuzJUCSpW9bL
 =2yjp
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140623' into staging

migration/next for 20140623

# gpg: Signature made Mon 23 Jun 2014 18:18:57 BST using RSA key ID 5872D723
# gpg: Can't check signature: public key not found

* remotes/juanquintela/tags/migration/20140623: (22 commits)
  vmstate: Refactor & increase tests for primitive types
  vmstate: Return error in case of error
  migration: Remove unneeded minimum_version_id_old
  tests: vmstate static checker: add size mismatch inside substructure
  tests: vmstate static checker: add substructure for usb-kbd for hid section
  tests: vmstate static checker: remove Subsections
  tests: vmstate static checker: remove a subsection
  tests: vmstate static checker: remove Description inside Fields
  tests: vmstate static checker: remove Description
  tests: vmstate static checker: remove Fields
  tests: vmstate static checker: change description name
  tests: vmstate static checker: remove last field in a struct
  tests: vmstate static checker: remove a field
  tests: vmstate static checker: remove a section
  tests: vmstate static checker: minimum_version_id check
  tests: vmstate static checker: version mismatch inside a Description
  tests: vmstate static checker: add version error in main section
  tests: vmstate static checker: incompat machine types
  tests: vmstate static checker: add dump1 and dump2 files
  vmstate-static-checker: script to validate vmstate changes
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-24 15:33:42 +01:00
Peter Maydell
089a39486f Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
* remotes/qmp-unstable/queue/qmp: (43 commits)
  monitor: protect event emission
  monitor: protect outbuf and mux_out with mutex
  qemu-char: make writes thread-safe
  qemu-char: move pty_chr_update_read_handler around
  qemu-char: do not call chr_write directly
  qemu-char: introduce qemu_chr_alloc
  qapi event: clean up
  qapi event: convert QUORUM events
  qapi event: convert GUEST_PANICKED
  qapi event: convert BALLOON_CHANGE
  qmp: convert ACPI_DEVICE_OST event
  qapi event: convert SPICE events
  qapi event: convert VNC events
  qapi event: convert NIC_RX_FILTER_CHANGED
  qapi event: convert other BLOCK_JOB events
  qapi event: convert BLOCK_IMAGE_CORRUPTED
  qapi event: convert BLOCK_IO_ERROR and BLOCK_JOB_ERROR
  qapi event: convert DEVICE_TRAY_MOVED
  qapi event: convert DEVICE_DELETED
  qapi event: convert WATCHDOG
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-24 13:06:13 +01:00
Juan Quintela
25feab2fc2 migration: Remove unneeded minimum_version_id_old
Once there, make checkpatch happy.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2014-06-23 19:14:52 +02:00
Wenchao Xia
3a44969037 qapi event: convert GUEST_PANICKED
'monitor.h' is still included in target-s390x/kvm.c, since I have
no good way to verify whether other code need it on my x86 host.

Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:12:28 -04:00
Wenchao Xia
aef9d3115f qapi event: convert BALLOON_CHANGE
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:12:28 -04:00
Igor Mammedov
5f41fbba90 qmp: convert ACPI_DEVICE_OST event
... using new QAPI event infrastructure

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:12:28 -04:00
Wenchao Xia
0615027903 qapi event: convert NIC_RX_FILTER_CHANGED
Param name is declared as optional, since in code it is an optional
one.

Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:12:28 -04:00
Wenchao Xia
24b699fb2b qapi event: convert DEVICE_DELETED
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:12:27 -04:00
Wenchao Xia
99eaf09c73 qapi event: convert WATCHDOG
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:12:27 -04:00
Wenchao Xia
e010ad8f1e qapi event: convert RTC_CHANGE
This patch also eliminates build time warning caused by no caller
of monitor_qapi_event_throttle().

Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:12:27 -04:00
Wenchao Xia
2ea4100f44 qapi event: convert SUSPEND_DISK
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:12:27 -04:00
Don Slutz
c87b152072 pc & q35: Add new machine opt max-ram-below-4g
This is a pc & q35 only machine opt.

If you add enough PCI devices then all mmio for them will not fit
below 4G which may not be the layout the user wanted. This allows
you to increase the below 4G address space that PCI devices can use
(aka decrease ram below 4G) and therefore in more cases not have any
mmio that is above 4G.

For example using "-machine pc,max-ram-below-4g=2G" on the command
line will limit the amount of ram that is below 4G to 2G.

Note: this machine option cannot be used to increase the amount
of ram below 4G.

Signed-off-by: Don Slutz <dslutz@verizon.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

MST: fix 32 bit
2014-06-23 18:02:41 +03:00
Wenchao Xia
a589569f2f qapi: adjust existing defines
In order to let event defines use existing types later, instead of
redefine new ones, some old type defines for spice and vnc are changed,
and BlockErrorAction is moved from block.h to qapi schema. Note that
BlockErrorAction is not merged with BlockdevOnError.

At this point, VncInfo is not made a child of VncBasicInfo, because
VncBasicInfo has mandatory fields where VncInfo makes them optional.

Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:01:25 -04:00
Luiz Capitulino
37f6be977a audio: fmopl: drop INLINE macro
This commit expands all uses of the INLINE macro and drop it.

The reason for this is to avoid clashes with external libraries with
bad name conventions and also because renaming keywords is not a good
practice.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:01:24 -04:00
Don Slutz
3c2a96699e xen-hvm: Fix xen_hvm_init() to adjust pc memory layout
This is just below_4g_mem_size and above_4g_mem_size which is used later in QEMU.

Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Don Slutz <dslutz@verizon.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:50:04 +03:00
Michael S. Tsirkin
20de98aff5 pcie: coding style tweak
- whitespace fix
- unnecessary != 0 in a condition

Cc: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:49:49 +03:00
Marcel Apfelbaum
554f802da3 hw/pcie: better hotplug/hotunplug support
The current code is broken: it does surprise removal which crashes guests.

Reimplemented the steps:
 - Hotplug triggers both 'present detect change' and
   'attention button pressed'.

 - Hotunplug starts by triggering 'attention button pressed',
   then waits for the OS to power off the device and only
   then detaches it.

Fixes CVE-2014-3471.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:48:42 +03:00
Marcel Apfelbaum
f23b6bdc3c hw/pcie: implement power controller functionality
It is needed by hot-unplug in order to get an indication
from the OS when the device can be physically detached.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:48:42 +03:00
Marcel Apfelbaum
e4bcd27c86 hw/pcie: correct debug message
Trivial issue, discovered while debugging.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:48:42 +03:00
Eduardo Habkost
48cb7f3c15 q35: Use PC_Q35_COMPAT_1_4 on pc-q35-1.4 compat_props
pc-q35-1.4 was incorrectly using PC_COMPAT_1_4 instead of
PC_Q35_COMPAT_1_4.

The only side-effect was that the hpet compat property (inherited from
PC_Q35_COMPAT_1_7) was missing.

Without this patch, pc-q35-1.4 inicorrectly initializes hpet-intcap to
0xff0104 (behavior introduced in QEMU 2.0, by commit
7a10ef51c2).

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
2014-06-23 17:48:42 +03:00
Fam Zheng
c7ff54825b virtio-pci: Report an error when msix vectors init fails
Currently vectors silently cleared to 0 if the initialization is failed,
but user should at least have one way to notice this.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:38:00 +03:00
Gabriel L. Somlo
d7a4155265 e1000: factor out checking for auto-negotiation availability
Also fix minor indentation issues in the surrounding code.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:38:00 +03:00
Gabriel L. Somlo
d52aec9545 e1000: move e1000_autoneg_timer() to after set_ics()
Enable calling set_ics() from within e1000_autoneg_timer() without
the need for a forward declaration.

This patch contains no functional changes.

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:38:00 +03:00
Gabriel L. Somlo
39bb8ee737 e1000: signal guest on successful link auto-negotiation
Generate a link status change interrupt once link auto-netotiation
is successfully completed. This does not affect Linux and Windows
(XP and 7 tested) in any way, but is needed by the stock OS X driver
(AppleIntel8254XEthernet.kext), which would otherwise fail to notice
the link status change event.

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:38:00 +03:00
Gabriel L. Somlo
6883b59140 e1000: improve auto-negotiation reporting via mii-tool
Using mii-tool (on F20-live), the following output is produced:

  SIOCGMIIREG on ens3 failed: Input/output error
  ens3: no autonegotiation, 1000baseT-FD flow-control, link ok

The first line (SIOCGMIIREG error) is due to mii-tool's inability
to read the PHY auto-negotiation expansion register.
On the second line, "no autonegotiation" is wrong, and caused by
the absence of a flag in the link partner ability register which
would indicate that our link partner has acked us. This flag is
listed as "reserved" in the Intel e1000 manual, but mii-tool uses
it as LPA_LPACK from /usr/include/linux/mii.h.

This patch adds read access to PHY_AUTONEG_EXP and defines the
link partner ack flag, allowing mii-tool to generate output as
normally expected:

  ens3: negotiated 1000baseT-FD flow-control, link ok

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:38:00 +03:00
Gabriel L. Somlo
6a2acedb19 e1000: emulate auto-negotiation during external link status change
This patch emulates auto-negotiation when the network link status
is modified externally (i.e. via "set_link <id> off/on").

Also, a couple of cleanup items:
  - unset PHY status reg. AUTONEG_COMPLETE during link_down()
  - set PHY status reg. AUTONEG_COMPLETE during autoneg_timer() only
    if we actually brought the link up.
  - group all checks for "can we, and should we autonegotiate?"
    together for more clarity.

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:38:00 +03:00
Michael S. Tsirkin
8617343faa vhost: fix resource leak in error handling
vhost_verify_ring_mappings leaks mappings on error.
Fix this up.

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:37:59 +03:00
Michael S. Tsirkin
7145872ed3 vhost: block migration if backend does not log memory
vhost user does not support LOG_ALL feature bit.
Generally, we should not try to set this bit without
checking that backend can support it first.

Detect and block migration.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23 17:37:59 +03:00
Peter Maydell
d9c1647d89 Block pull request
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTp+sdAAoJEJykq7OBq3PIzoEH/RIaGU7Sg9jxf1O30if5Ilb2
 jw+r0DkYxNiD6qj8DWHT7xnqdJvSYuHz1h8hWth+JqHTNrdQhm9pJWi403WigNmD
 am7NIZQBE7x3koX5gwP4jzlpi7hRFq2BNd17E4KRqvFEUETjKVkY0AsiwWAKI9/4
 i/zDXhj8beKPkHftz4fOtvN+NsKr+8icTmst796J28Eb82+pshqKxUICksE4DIR8
 zH97TsuGAzZelrxnMewEj/ntqj0qHqxdyHq5VvQB5aBa0hp45WifcbWbI7j3Bgi1
 K1ujlC2jmnVLL6DkivMT5TlJjsb2XXK/MWVneaUJU31qS3ivbD/o0SOqa1ca4aM=
 =2s4u
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Mon 23 Jun 2014 09:53:49 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  block: asynchronously stop the VM on I/O errors
  vl: allow other threads to do qemu_system_vmstop_request
  sheepdog: fix NULL dereference in sd_create
  QemuOpts: check NULL opts in qemu_opt_get functions
  block: m25p80: Support read only bdrvs.
  block: m25p80: sync_page(): Deindent function body.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-23 12:55:22 +01:00
Peter Crosthwaite
999e5aa5ce block: m25p80: Support read only bdrvs.
By just never doing write-backs. This is completely invisible to the
guest, as the entire storage area is implemented as device state (at
realize time the entire drive is read in).

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-21 16:40:14 +08:00
Peter Crosthwaite
fc1084aad7 block: m25p80: sync_page(): Deindent function body.
sync_page() was conditionalizing it's whole fn body on the bdrv being
non-null. Just return for the function immediately on NULL brdv and
get rid of the big if.

Makes implementation consistent with flash_zynq_area().

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-21 16:40:14 +08:00
Stefan Weil
68716da745 apb: Fix out-of-bounds array write access
The array regs is declared with IOMMU_NREGS (3) elements and accessed
using IOMMU_CTRL (0) and IOMMU_BASE (8). In most cases, those values
are right shifted before being used as an index which results in indices
0 and 1. In one case, this right shift was missing for IOMMU_BASE which
results in an out-of-bounds write access with index 8.

The patch adds the missing shift operation also for IOMMU_CTRL where
it is needed only for cosmetic reasons.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-06-20 23:52:49 +01:00
Sanjay Lal
427e1750a0 gt64xxx_pci: Add VMStateDescription
Add VMStateDescription for GT64120 PCI emulation used by the Malta
platform, to allow it to work with savevm/loadvm and live migration.

The entire register array is saved/restored using VMSTATE_UINT32_ARRAY
(fixed length GT_REGS = 1024).

Signed-off-by: Sanjay Lal <sanjayl@kymasys.com>
[james.hogan@imgtec.com: Convert to VMState]
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Andreas Färber <afaerber@suse.de>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2014-06-20 23:40:16 +02:00