Move the dtb load bits outside of create_fdt(), and put it explicitly
in sifive_u_machine_init() and virt_machine_init(). With such change
create_fdt() does exactly what its function name tells us.
Suggested-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20230228074522.1845007-2-bmeng@tinylab.org>
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Launch qemu-system-riscv64 with a given dtb for 'sifive_u' and 'virt'
machines, QEMU complains:
qemu_fdt_add_subnode: Failed to create subnode /soc: FDT_ERR_EXISTS
The whole DT generation logic should be skipped when a given DTB is
present.
Fixes: b1f19f238c ("hw/riscv: write bootargs 'chosen' FDT after riscv_load_kernel()")
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20230228074522.1845007-1-bmeng@tinylab.org>
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Read cpu_ptr->cfg.mmu directly. As a bonus, use cpu_ptr in
riscv_isa_string().
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Weiwei Li <liweiwei@iscas.ac.cn>
Reviewed-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-ID: <20230222185205.355361-9-dbarboza@ventanamicro.com>
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
This adds support for emulating Xen under Linux/KVM, based on kernel
patches which have been present since Linux v5.12. As with the kernel
support, it's derived from work started by João Martins of Oracle in
2018.
This series just adds the basic platform support — CPUID, hypercalls,
event channels, a stub of XenStore.
A full single-tenant internal implementation of XenStore, and patches
to make QEMU's Xen PV drivers work with this Xen emulation, are waiting
in the wings to be submitted in a follow-on patch series.
As noted in the documentation, it's enabled by setting the xen-version
property on the KVM accelerator, e.g.:
qemu-system-x86_64 -serial mon:stdio -M q35 -display none -m 1G -smp 2 \
-accel kvm,xen-version=0x4000e,kernel-irqchip=split \
-kernel vmlinuz-6.0.7-301.fc37.x86_64 \
-append "console=ttyS0 root=/dev/sda1" \
-drive file=/var/lib/libvirt/images/fedora28.qcow2,if=none,id=disk \
-device ahci,id=ahci -device ide-hd,drive=disk,bus=ahci.0
Even before this was merged, we've already been using it to find and fix
bugs in the Linux kernel Xen guest support:
https://lore.kernel.org/all/4bffa69a949bfdc92c4a18e5a1c3cbb3b94a0d32.camel@infradead.org/https://lore.kernel.org/all/871qnunycr.ffs@tglx/
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Report which machine types support ACPI so that management applications
can properly use the 'acpi' property even on platforms such as ARM where
support for ACPI depends on the machine type and thus checking presence
of '-machine acpi=' in 'query-command-line-options' is insufficient.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <537625d3e25d345052322c42ca19812b98b4f49a.1677571792.git.pkrempa@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Every caller of xen_be_init() checks and exits on error, then calls
xen_be_register_common(). Just make xen_be_init() abort for itself and
return void, and register the common devices too.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
The default number of PIRQs is set to 256 to avoid issues with 32-bit MSI
devices. Allow it to be increased if the user desires.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
The way that Xen handles MSI PIRQs is kind of awful.
There is a special MSI message which targets a PIRQ. The vector in the
low bits of data must be zero. The low 8 bits of the PIRQ# are in the
destination ID field, the extended destination ID field is unused, and
instead the high bits of the PIRQ# are in the high 32 bits of the address.
Using the high bits of the address means that we can't intercept and
translate these messages in kvm_send_msi(), because they won't be caught
by the APIC — addresses like 0x1000fee46000 aren't in the APIC's range.
So we catch them in pci_msi_trigger() instead, and deliver the event
channel directly.
That isn't even the worst part. The worst part is that Xen snoops on
writes to devices' MSI vectors while they are *masked*. When a MSI
message is written which looks like it targets a PIRQ, it remembers
the device and vector for later.
When the guest makes a hypercall to bind that PIRQ# (snooped from a
marked MSI vector) to an event channel port, Xen *unmasks* that MSI
vector on the device. Xen guests using PIRQ delivery of MSI don't
ever actually unmask the MSI for themselves.
Now that this is working we can finally enable XENFEAT_hvm_pirqs and
let the guest use it all.
Tested with passthrough igb and emulated e1000e + AHCI.
CPU0 CPU1
0: 65 0 IO-APIC 2-edge timer
1: 0 14 xen-pirq 1-ioapic-edge i8042
4: 0 846 xen-pirq 4-ioapic-edge ttyS0
8: 1 0 xen-pirq 8-ioapic-edge rtc0
9: 0 0 xen-pirq 9-ioapic-level acpi
12: 257 0 xen-pirq 12-ioapic-edge i8042
24: 9600 0 xen-percpu -virq timer0
25: 2758 0 xen-percpu -ipi resched0
26: 0 0 xen-percpu -ipi callfunc0
27: 0 0 xen-percpu -virq debug0
28: 1526 0 xen-percpu -ipi callfuncsingle0
29: 0 0 xen-percpu -ipi spinlock0
30: 0 8608 xen-percpu -virq timer1
31: 0 874 xen-percpu -ipi resched1
32: 0 0 xen-percpu -ipi callfunc1
33: 0 0 xen-percpu -virq debug1
34: 0 1617 xen-percpu -ipi callfuncsingle1
35: 0 0 xen-percpu -ipi spinlock1
36: 8 0 xen-dyn -event xenbus
37: 0 6046 xen-pirq -msi ahci[0000:00:03.0]
38: 1 0 xen-pirq -msi-x ens4
39: 0 73 xen-pirq -msi-x ens4-rx-0
40: 14 0 xen-pirq -msi-x ens4-rx-1
41: 0 32 xen-pirq -msi-x ens4-tx-0
42: 47 0 xen-pirq -msi-x ens4-tx-1
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
This wires up the basic infrastructure but the actual interrupts aren't
there yet, so don't advertise it to the guest.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Just hook up the basic hypercalls to stubs in xen_evtchn.c for now.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
It isn't strictly mandatory but Linux guests at least will only map
their grant tables over the dummy BAR that it provides, and don't have
sufficient wit to map them in any other unused part of their guest
address space. So include it by default for minimal surprise factor.
As I come to document "how to run a Xen guest in QEMU", this means one
fewer thing to tell the user about, according to the mantra of "if it
needs documenting, fix it first, then document what remains".
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Extract requests, return ENOSYS to all of them. This is enough to allow
older Linux guests to boot, as they need *something* back but it doesn't
matter much what.
A full implementation of a single-tentant internal XenStore copy-on-write
tree with transactions and watches is waiting in the wings to be sent in
a subsequent round of patches along with hooking up the actual PV disk
back end in qemu, but this is enough to get guests booting for now.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Just the basic shell, with the event channel hookup. It only dumps the
buffer for now; a real ring implmentation will come in a subsequent patch.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
The provides the QEMU side of interdomain event channels, allowing events
to be sent to/from the guest.
The API mirrors libxenevtchn, and in time both this and the real Xen one
will be available through ops structures so that the PV backend drivers
can use the correct one as appropriate.
For now, this implementation can be used directly by our XenStore which
will be for emulated mode only.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Introduce support for one shot and periodic mode of Xen PV timers,
whereby timer interrupts come through a special virq event channel
with deadlines being set through:
1) set_timer_op hypercall (only oneshot)
2) vcpu_op hypercall for {set,stop}_{singleshot,periodic}_timer
hypercalls
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
The guest is permitted to specify an arbitrary domain/bus/device/function
and INTX pin from which the callback IRQ shall appear to have come.
In QEMU we can only easily do this for devices that actually exist, and
even that requires us "knowing" that it's a PCMachine in order to find
the PCI root bus — although that's OK really because it's always true.
We also don't get to get notified of INTX routing changes, because we
can't do that as a passive observer; if we try to register a notifier
it will overwrite any existing notifier callback on the device.
But in practice, guests using PCI_INTX will only ever use pin A on the
Xen platform device, and won't swizzle the INTX routing after they set
it up. So this is just fine.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
The GSI callback (and later PCI_INTX) is a level triggered interrupt. It
is asserted when an event channel is delivered to vCPU0, and is supposed
to be cleared when the vcpu_info->evtchn_upcall_pending field for vCPU0
is cleared again.
Thankfully, Xen does *not* assert the GSI if the guest sets its own
evtchn_upcall_pending field; we only need to assert the GSI when we
have delivered an event for ourselves. So that's the easy part, kind of.
There's a slight complexity in that we need to hold the BQL before we
can call qemu_set_irq(), and we definitely can't do that while holding
our own port_lock (because we'll need to take that from the qemu-side
functions that the PV backend drivers will call). So if we end up
wanting to set the IRQ in a context where we *don't* already hold the
BQL, defer to a BH.
However, we *do* need to poll for the evtchn_upcall_pending flag being
cleared. In an ideal world we would poll that when the EOI happens on
the PIC/IOAPIC. That's how it works in the kernel with the VFIO eventfd
pairs — one is used to trigger the interrupt, and the other works in the
other direction to 'resample' on EOI, and trigger the first eventfd
again if the line is still active.
However, QEMU doesn't seem to do that. Even VFIO level interrupts seem
to be supported by temporarily unmapping the device's BARs from the
guest when an interrupt happens, then trapping *all* MMIO to the device
and sending the 'resample' event on *every* MMIO access until the IRQ
is cleared! Maybe in future we'll plumb the 'resample' concept through
QEMU's irq framework but for now we'll do what Xen itself does: just
check the flag on every vmexit if the upcall GSI is known to be
asserted.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Specifically add listing, injection of event channels.
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Add the array of virq ports to each vCPU so that we can deliver timers,
debug ports, etc. Global virqs are allocated against vCPU 0 initially,
but can be migrated to other vCPUs (when we implement that).
The kernel needs to know about VIRQ_TIMER in order to accelerate timers,
so tell it via KVM_XEN_VCPU_ATTR_TYPE_TIMER. Also save/restore the value
of the singleshot timer across migration, as the kernel will handle the
hypercalls automatically now.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
This finally comes with a mechanism for actually injecting events into
the guest vCPU, with all the atomic-test-and-set that's involved in
setting the bit in the shinfo, then the index in the vcpu_info, and
injecting either the lapic vector as MSI, or letting KVM inject the
bare vector.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
It calls an internal close_port() helper which will also be used from
EVTCHNOP_reset and will actually do the work to disconnect/unbind a port
once any of that is actually implemented in the first place.
That in turn calls a free_port() internal function which will be in
error paths after allocation.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
This adds the basic structure for maintaining the port table and reporting
the status of ports therein.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Include basic support for setting HVM_PARAM_CALLBACK_IRQ to the global
vector method HVM_PARAM_CALLBACK_TYPE_VECTOR, which is handled in-kernel
by raising the vector whenever the vCPU's vcpu_info->evtchn_upcall_pending
flag is set.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Xen will "latch" the guest's 32-bit or 64-bit ("long mode") setting when
the guest writes the MSR to fill in the hypercall page, or when the guest
sets the event channel callback in HVM_PARAM_CALLBACK_IRQ.
KVM handles the former and sets the kernel's long_mode flag accordingly.
The latter will be handled in userspace. Keep them in sync by noticing
when a hypercall is made in a mode that doesn't match qemu's idea of
the guest mode, and resyncing from the kernel. Do that same sync right
before serialization too, in case the guest has set the hypercall page
but hasn't yet made a system call.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
The xen_overlay device (and later similar devices for event channels and
grant tables) need to be instantiated. Do this from a kvm_type method on
the PC machine derivatives, since KVM is only way to support Xen emulation
for now.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
For the shared info page and for grant tables, Xen shares its own pages
from the "Xen heap" to the guest. The guest requests that a given page
from a certain address space (XENMAPSPACE_shared_info, etc.) be mapped
to a given GPA using the XENMEM_add_to_physmap hypercall.
To support that in qemu when *emulating* Xen, create a memory region
(migratable) and allow it to be mapped as an overlay when requested.
Xen theoretically allows the same page to be mapped multiple times
into the guest, but that's hard to track and reinstate over migration,
so we automatically *unmap* any previous mapping when creating a new
one. This approach has been used in production with.... a non-trivial
number of guests expecting true Xen, without any problems yet being
noticed.
This adds just the shared info page for now. The grant tables will be
a larger region, and will need to be overlaid one page at a time. I
think that means I need to create separate aliases for each page of
the overall grant_frames region, so that they can be mapped individually.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
The only thing we need to fix to make this build is the PIO hack which
sets the BIOS memory areas to R/W v.s. R/O. Theoretically we could hook
that up to the PAM registers on the emulated PIIX, but in practice
nobody cares, so just leave it doing nothing.
Now it builds without actual Xen, move it to CONFIG_XEN_BUS to include it
in the KVM-only builds.
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Such that PCI passthrough devices work for Xen emulated guests.
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
The XEN_EMU option will cover core Xen support in target/, which exists
only for x86 with KVM today but could theoretically also be implemented
on Arm/Aarch64 and with TCG or other accelerators (if anyone wants to
run the gauntlet of struct layout compatibility, errno mapping, and the
rest of that fui).
It will also cover the support for architecture-independent grant table
and event channel support which will be added in hw/i386/kvm/ (on the
basis that the non-KVM support is very theoretical and making it not use
KVM directly seems like gratuitous overengineering at this point).
The XEN_BUS option is for the xenfv platform support, which will now be
used both by XEN_EMU and by real Xen.
The XEN option remains dependent on the Xen runtime libraries, and covers
support for real Xen. Some code which currently resides under CONFIG_XEN
will be moving to CONFIG_XEN_BUS over time as the direct dependencies on
Xen runtime libraries are eliminated. The Xen PCI platform device will
also reside under CONFIG_XEN_BUS.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: John Snow <jsnow@redhat.com>
Message-Id: <20210511041848.2743312-5-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-21-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-20-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-19-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
The function is only used inside ide/pci.c, so doesn't need to be exported.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-18-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-17-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
ide_get_geometry() and ide_get_bios_chs_trans() are only
used by the TYPE_PC_MACHINE.
"hw/ide.h" is a mixed bag of lost IDE declarations. In order
to remove this (almost) pointless header soon, move these
declarations to "hw/ide/internal.h".
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230220091358.17038-18-philmd@linaro.org>
idebus_active_if() operates on a IDEBus; rename it as
ide_bus_active_if() to emphasize its first argument
is a IDEBus.
Mechanical change using:
$ sed -i -e 's/idebus_active_if/ide_bus_active_if/g' \
$(git grep -l idebus_active_if)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-16-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
ide_init2() initializes a IDEBus, and set its output IRQ.
To emphasize this, rename it as ide_bus_init_output_irq().
Mechanical change using:
$ sed -i -e 's/ide_init2/ide_bus_init_output_irq/g' \
$(git grep -l ide_init2)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-15-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
ide_exec_cmd() operates on a IDEBus; rename it as
ide_bus_exec_cmd() to emphasize its first argument
is a IDEBus.
Mechanical change using:
$ sed -i -e 's/ide_exec_cmd/ide_bus_exec_cmd/g' \
$(git grep -wl ide_exec_cmd)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-14-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
ide_register_restart_cb() operates on a IDEBus; rename it as
ide_bus_register_restart_cb() to emphasize its first argument
is a IDEBus.
Mechanical change using:
$ sed -i -e 's/ide_register_restart_cb/ide_bus_register_restart_cb/g' \
$(git grep -l ide_register_restart_cb)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-13-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
ide_create_drive() operates on a IDEBus; rename it as
ide_bus_create_drive() to emphasize its first argument
is a IDEBus.
Mechanical change using:
$ sed -i -e 's/ide_create_drive/ide_bus_create_drive/g' \
$(git grep -wl ide_create_drive)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-12-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
ide_set_irq() operates on a IDEBus; rename it as
ide_bus_set_irq() to emphasize its first argument
is a IDEBus.
Mechanical change using:
$ sed -i -e 's/ide_set_irq/ide_bus_set_irq/g' \
$(git grep -l ide_set_irq)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-11-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Only include "hw/irq.h" where appropriate.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-10-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Only atapi.c requires the SCSI constants. No need to include
it in all files including "hw/ide/internal.h".
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230215112712.23110-7-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
The intermediate ISAIDEState::irq variable just add noise, remove it.
Message-Id: <20230215112712.23110-6-philmd@linaro.org>
Reviewed-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
"hw/ide.h" is a mixed bag of lost IDE declarations.
Extract isa_ide_init() and the TYPE_ISA_IDE QOM declarations
to a new "hw/ide/isa.h" header.
Rename ISAIDEState::isairq as 'irqnum' to emphasize this is
not a qemu_irq object but the number (index) of an ISA IRQ.
Message-Id: <20230215112712.23110-5-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Bernhard Beschow <shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
"hw/ide.h" is a mixed bag of lost IDE declarations.
Extract mmio_ide_init_drives() and the TYPE_MMIO_IDE QOM
declarations to a new "hw/ide/mmio.h" header.
Document the SysBus interface.
Message-Id: <20230215112712.23110-4-philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Following docs/devel/style.rst guidelines, rename MMIOIDEState
as IdeMmioState.
Having the structure name and its typedef named equally,
we can manually convert from the old DECLARE_INSTANCE_CHECKER()
macro to the more recent OBJECT_DECLARE_SIMPLE_TYPE().
Note, due to that name mismatch, this macro wasn't automatically
converted during commit 8063396bf3 ("Use OBJECT_DECLARE_SIMPLE_TYPE
when possible").
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230220091358.17038-3-philmd@linaro.org>
Fixes: e4baa9f00b ("AHCI: Replace DPRINTF with trace-events")
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20230217103130.42077-1-f.ebner@proxmox.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
MAL properties are declared as uint8_t:
static Property ppc4xx_mal_properties[] = {
DEFINE_PROP_UINT8("txc-num", Ppc4xxMalState, txcnum, 0),
DEFINE_PROP_UINT8("rxc-num", Ppc4xxMalState, rxcnum, 0),
DEFINE_PROP_END_OF_LIST(),
};
Correct the API use by setting the property using
qdev_prop_set_uint8(). No behavioral change.
Fixes: da116a8aab ("ppc/ppc405: QOM'ify MAL")
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230203145536.17585-7-philmd@linaro.org>
Pixman may return false if it does not have a suitable implementation.
Add fallbacks to handle such cases.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reported-by: Rene Engel <ReneEngel80@emailn.de>
Tested-by: Rene Engel <ReneEngel80@emailn.de>
Message-Id: <20ed9442a0146238254ccc340c0d1efa226c6356.1677445307.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Add simple implementation for two raster operations that are used by
AmigaOS which fixes graphics problems in some programs using these.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reported-by: Rene Engel <ReneEngel80@emailn.de>
Tested-by: Rene Engel <ReneEngel80@emailn.de>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <17ef3c59dc7868f75034e9ebe21e2999c8f718d4.1677445307.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
No need to use an intermediate 'dma-offset' property in the
chipset object. Alias the property, so when the machine (here
r2d-plus) sets the value on the chipset, it is propagated to
the OHCI object.
Note we can rename the chipset 'base' property as 'dma-offset'
since the object is a non-user-creatable sysbus type.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <20230203145536.17585-12-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230220150515.32549-8-philmd@linaro.org>
NEC_XHCI is a QOM object type. Declare its macros /
typedefs using OBJECT_DECLARE_SIMPLE_TYPE().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230220150515.32549-7-philmd@linaro.org>
By using the QOM UHCI_GET_CLASS() cast macro we don't to
use the intermediate PCIDeviceClass variable.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230220150515.32549-6-philmd@linaro.org>
The automatic conversion done during commit a489d1951c
("Use OBJECT_DECLARE_TYPE when possible") missed this
model because the typedefs are in a different file unit
(hcd-uhci.c) than where the DECLARE_INSTANCE_CHECKER()
is (hcd-uhci.h). Manually convert to OBJECT_DECLARE_TYPE().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230220150515.32549-5-philmd@linaro.org>
To help debugging add trace points that print values read from or
written to the device's registers.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <1bb4985e5dfc1df5a290e77f76fd827ae3592ab7.1676916640.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
The ohci_port_set_if_connected() function is only used by
ohci_port_set_status(), move next to it to have them at the same place.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <46411d4980ab0fba61ab0d2209a939fdc41eb573.1676916640.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Forward-define the type first, then use it for the ohci_die() handler.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230220150515.32549-3-philmd@linaro.org>
Avoid when including "hw/usb/hcd-ohci.h":
hw/usb/hcd-ohci.h💯5: error: unknown type name 'SysBusDevice'
SysBusDevice parent_obj;
^
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230203113650.78146-6-philmd@linaro.org>
hw/usb/u2f.h was added by commit 80e267f1d1 ("hw/usb: Add
U2F key base class"), almost the same time of the automatic
conversion done by commit c821774a3b ("Use OBJECT_DECLARE_TYPE
where posible"). Manually convert to OBJECT_DECLARE_TYPE().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230220150515.32549-9-philmd@linaro.org>
To avoid forward-declaring CCIDBus, declare CCID_BUS QOM
definitions before its use in the USBCCIDState structure.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230220150515.32549-2-philmd@linaro.org>
These can be shared with other AC97 implementations.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <6f0980fdc3753624be6f3935a6ab0a2dc1df4b30.1677445307.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230220131837.26292-5-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230220131837.26292-4-philmd@linaro.org>
To avoid forward-declaring ES1370State, declare ES1370 QOM
definitions before its use in the chan_bits structure.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230220131837.26292-3-philmd@linaro.org>
To avoid forward-declaring HDAAudioState, declare HDA_AUDIO QOM
definitions before its use in the HDAAudioStream structure.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230220131837.26292-2-philmd@linaro.org>
Avoid when refactoring unrelated headers:
hw/timer/hpet.c:776:39: error: array has incomplete element type 'Property' (aka 'struct Property')
static Property hpet_device_properties[] = {
^
hw/timer/hpet.c:777:5: error: implicit declaration of function 'DEFINE_PROP_UINT8' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
DEFINE_PROP_UINT8("timers", HPETState, num_timers, HPET_MIN_TIMERS),
^
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230215174353.37097-2-philmd@linaro.org>
rtc_get_memory() and rtc_set_memory() helpers only work with
TYPE_MC146818_RTC devices. 'memory' in their name refer to
the CMOS region. Rename them as mc146818rtc_get_cmos_data()
and mc146818rtc_set_cmos_data() to be explicit about what
they are doing.
Mechanical change doing:
$ sed -i -e 's/rtc_set_memory/mc146818rtc_set_cmos_data/g' \
$(git grep -wl rtc_set_memory)
$ sed -i -e 's/rtc_get_memory/mc146818rtc_get_cmos_data/g' \
$(git grep -wl rtc_get_memory)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230210233116.80311-4-philmd@linaro.org>
rtc_get_memory() and rtc_set_memory() methods can not take any
TYPE_ISA_DEVICE object. They expect a TYPE_MC146818_RTC one.
Simplify the API by passing a MC146818RtcState.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230210233116.80311-3-philmd@linaro.org>
RTCState only represents a Motorola MC146818 model,
not any RTC chipset. Rename the structure as MC146818RtcState
using:
$ sed -i -e s/RTCState/MC146818RtcState/g $(git grep -wl RTCState)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230210233116.80311-2-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230215161641.32663-4-philmd@linaro.org>
isa_get_irq() was added in commit 3a38d437ca
("Add isa_reserve_irq()" Fri Aug 14 11:36:15 2009) as:
a temporary interface to be used to allocate ISA IRQs for
devices which have not yet been converted to qdev, and for
special cases which are not suited for qdev conversions,
such as the 'ferr'.
We still use it 14 years later, using the global 'isabus'
singleton. In order to get rid of such *temporary* interface,
extract isa_bus_get_irq() which can take any ISABus* object.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230215161641.32663-3-philmd@linaro.org>
isa_get_dma() returns a DMA channel handler from an ISABus.
To emphasize this, rename it as isa_bus_get_dma().
Mechanical change using:
$ sed -i -e 's/isa_get_dma/isa_bus_get_dma/g' \
$(git grep -l isa_get_dma)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230215161641.32663-2-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230210163744.32182-11-philmd@linaro.org>
isa_bus_irqs() register an array of input IRQs on
the ISA bus. Rename it as isa_bus_register_input_irqs().
Mechanical change using:
$ sed -i -e 's/isa_bus_irqs/isa_bus_register_input_irqs/g' \
$(git grep -wl isa_bus_irqs)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230210163744.32182-10-philmd@linaro.org>
No point in inlining isa_bus_from_device() which is only
used at device realization time.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230210163744.32182-9-philmd@linaro.org>
Reviewed-by: Bernhard Beschow <shentey@gmail.com>
ISADeviceClass is an empty class and just increase code
complexity. Remove it, directly embedding DeviceClass in
classes expanding TYPE_ISA_DEVICE.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bernhard Beschow <shentey@gmail.com>
Message-Id: <20230215161641.32663-19-philmd@linaro.org>
Keep reference to ISA input IRQs in EbusState.
To emphasize input/output distinction, rename arrays
as isa_irqs_in / isa_irqs_out.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230210163744.32182-7-philmd@linaro.org>
Directly dispatch ISA IRQs to 'cpu_intr' output IRQ
by removing the intermediate via_isa_request_i8259_irq()
handler. Rename ISA IRQs array as 'isa_irqs_in' to
emphasize these are input IRQs.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230210163744.32182-5-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
When the i82378 model was added in commit a04ff94097 ("prep:
Add i82378 PCI-to-ISA bridge emulation") the i8259 model was
not yet QOM'ified. This happened later in commit 747c70af78
("i8259: Convert to qdev").
Directly dispatch ISA IRQs to 'cpu_intr' output IRQ
by removing the intermediate i82378_request_out0_irq()
handler. Rename ISA IRQs array as 'isa_irqs_in' to
emphasize these are input IRQs.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230210163744.32182-4-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Commit a04ff94097 ("prep: Add i82378 PCI-to-ISA bridge
emulation") aimed to model the 2 output IRQs: CPU intr
and NMI. Commit 5039d6e235 ("i8257: remove cpu_request_exit
irq") removed the NMI IRQ.
Since this model only use the CPU interrupt, replace the
'out[2]' array by a single 'cpu_intr'.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230210163744.32182-3-philmd@linaro.org>
i8259_init() helper creates a i8259 device on an ISA bus,
connects its IRQ output to the parent's input IRQ, and
returns an array of 16 ISA input IRQs.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230210163744.32182-2-philmd@linaro.org>
ICH9 is a south bridge which doesn't necessarily depend on x86, so move
it into the southbridge folder, analoguous to PIIX.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213173033.98762-13-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213173033.98762-12-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
The ioapic sources reside in hw/intc already. Move the headers there
as well.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213173033.98762-11-shentey@gmail.com>
[PMD: Keep ioapic_internal.h in hw/intc/, not under include/]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Most code uses IOAPIC_NUM_PINS. The only place where GSI_NUM_PINS defines
the size of an array is ICH9LPCState::gsi which needs to match
IOAPIC_NUM_PINS. Remove GSI_NUM_PINS for consistency.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213173033.98762-10-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
ich9_lpc_reset() is the dc->reset callback which is called
automatically. No need to call it explicitly during k->realize.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213173033.98762-9-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Make TYPE_ICH9_LPC_DEVICE more self-contained by moving the call to
ich9_lpc_pm_init() from board code to its realize function. In order
to propagate x86_machine_is_smm_enabled(), introduce an "smm-enabled"
property like we have in piix4.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213173033.98762-8-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
This is a preparation to make the next patch cleaner.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213173033.98762-7-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
ich9_smb_init() is a legacy init function, so modernize the code.
Note that the smb_io_base parameter was unused.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Acked-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213173033.98762-6-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
This is a preparation for the next commit to make it cleaner.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213173033.98762-5-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
By using qdev_get_child_bus() we can eliminate ICH9LPCState::isa_bus and
spare the ich9_lpc variable in pc_q35, too.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213173033.98762-4-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
No need to rely on the board to wire up the ICH9 PCI IRQs. All functions
access private state of the LPC device which suggests that it should
wire up the IRQs.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213173033.98762-3-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
This function is not used anywhere outside this file, so
we can delete the prototype from include/hw/i386/x86.h and
make the function "static void".
This fixes when building with -Wall and using Clang
("Apple clang version 14.0.0 (clang-1400.0.29.202)"):
../hw/i386/x86.c:70:24: error: static function 'MACHINE' is used in an inline function with external linkage [-Werror,-Wstatic-in-inline]
MachineState *ms = MACHINE(x86ms);
^
include/hw/i386/x86.h:101:1: note: use 'static' to give inline function 'init_topo_info' internal linkage
void init_topo_info(X86CPUTopoInfo *topo_info, const X86MachineState *x86ms);
^
static
include/hw/boards.h:24:49: note: 'MACHINE' declared here
OBJECT_DECLARE_TYPE(MachineState, MachineClass, MACHINE)
^
Reported-by: Stefan Weil <sw@weilnetz.de>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221216220158.6317-6-philmd@linaro.org>
The structure is accessed read-only by qdev_get_parent_bus().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230212224730.51438-2-philmd@linaro.org>
Local variable "name" is allocated through strdup_printf and should be
freed with g_free() to avoid memory leak.
Fixes: 3616f424 ("nubus-device: add romfile property for loading declaration ROMs")
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20221222172915.671597-1-mcascell@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
replay API is used deeply within TCG common code (common to user
and system emulation). Unfortunately "sysemu/replay.h" requires
some QAPI headers for few system-specific declarations, example:
void replay_input_event(QemuConsole *src, InputEvent *evt);
Since commit c2651c0eaa ("qapi/meson: Restrict UI module to system
emulation and tools") the QAPI header defining the InputEvent is
not generated anymore.
To keep it simple, extract the 'core' replay prototypes to a new
"exec/replay-core.h" header which we include in the TCG code that
doesn't need the rest of the replay API.
Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-Id: <20221219170806.60580-5-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
OBJECT_DECLARE_SIMPLE_TYPE() macro provides the OrIRQState
declaration for free. Besides, the QOM code style is to use
the structure name as typedef, and QEMU style is to use Camel
Case, so rename qemu_or_irq as OrIRQState.
Mechanical change using:
$ sed -i -e 's/qemu_or_irq/OrIRQState/g' $(git grep -l qemu_or_irq)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20230113200138.52869-5-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
QOM *DECLARE* macros expect a typedef as first argument,
not a structure. Replace 'struct IRQState' by 'IRQState'
to avoid when modifying the macros:
../hw/core/irq.c:29:1: error: declaration of anonymous struct must be a definition
DECLARE_INSTANCE_CHECKER(struct IRQState, IRQ,
^
Use OBJECT_DECLARE_SIMPLE_TYPE instead of DECLARE_INSTANCE_CHECKER.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20230113200138.52869-3-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
cmsdk_apb_uart_create() is only used twice in the same
file. Open-code it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230220115114.25237-7-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Open-code the single use of xilinx_uartlite_create().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230220115114.25237-6-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230220115114.25237-5-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
pl011_luminary_create() is only used for the Stellaris board,
open-code it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230220115114.25237-4-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
pl011_create() is only used in DeviceRealize handlers,
not a hot-path. Inlining is not justified.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230220115114.25237-3-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Since &I2C_SLAVE(dev)->qdev == dev, no need to go back and
forth with QOM type casting. Directly use 'dev'.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230220115114.25237-2-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This is in preparation to moving the hflags code into its own file
under the tcg/ directory.
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
pci_device.h is not needed at all in allwinner-a10.h, and serial.h
is only needed by the corresponding .c file.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20230215152233.210024-1-thuth@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Fix memory corruption in the s390x dump code
* Various s390x TCG clean-ups
* s390x PV support for asynchronous teardown for reboot
* qemu-keymap related fixes
* Improvements for the duration of the gitlab-CI
* Deprecate the "-no-acpi" command line switch
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmP8lVURHHRodXRoQHJl
ZGhhdC5jb20ACgkQLtnXdP5wLbWYkg//RTKsG0+HGMtnKvjTA5NzLIJrWAQfSPfh
ABkxNHoscReae8LGquFfeTy9cN/uA051e/P06WfPXAkg3Uj72JKHHs/ncm5VhApY
7moOCIHlvFRAsy5TKYoInM+Yo0jov7vgKqqJcS3AL3hwhmvEwPwKr0cpZLNfKV8p
GD+XM453g0AFn2jDFoXDsnHX3zco+7sd4dQN4olSrkd/gDel2UQ5JE4gJ/o6Qgys
GW4vb+NpxQ6W3mSlU+ClTr03ZljPkascBS7tZO8Fwn+J3Wv4UTNLlM1JFXQhC3v8
x9HpVpk4HW6C/hiPcsMpZRlXBb/HklkAhDxZ6tjTnQLRvbJ/o2uISJt+ZgeH9zeQ
Ae4Ap7yPxsuGbx2twzbGoyEPAJj18hW7EUd6KromFqy877svmyRYs3NXQqSJOEmh
Pv7VriUe6esyyVSXWjA6g2imo5pIhWxxRlsNVrrp8vOJNYT+ygBIFqu28ngwk86H
jZOLqekEkQrNkwZZLuoxm8FyCAvzfMBeHQFlDnL4a3114dlC6X3/cJqCZ5htTaO+
t7CL6QcepRh0NQPw1jRlUCARZK+WocjwwcmzgVzSKKzGpdg/EJC8Sg54l7wdVQCp
jY3HEUWHHHmrqe3IefrzadRQhsB9xKcNdUaZmetRUm+ohgSc9S0cfpVXNwT+G3+M
a47dp9ueI6Q=
=wDFZ
-----END PGP SIGNATURE-----
Merge tag 'pull-request-2023-02-27' of https://gitlab.com/thuth/qemu into staging
* Simplify device casting in w/vfio/ccw.c
* Fix memory corruption in the s390x dump code
* Various s390x TCG clean-ups
* s390x PV support for asynchronous teardown for reboot
* qemu-keymap related fixes
* Improvements for the duration of the gitlab-CI
* Deprecate the "-no-acpi" command line switch
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmP8lVURHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbWYkg//RTKsG0+HGMtnKvjTA5NzLIJrWAQfSPfh
# ABkxNHoscReae8LGquFfeTy9cN/uA051e/P06WfPXAkg3Uj72JKHHs/ncm5VhApY
# 7moOCIHlvFRAsy5TKYoInM+Yo0jov7vgKqqJcS3AL3hwhmvEwPwKr0cpZLNfKV8p
# GD+XM453g0AFn2jDFoXDsnHX3zco+7sd4dQN4olSrkd/gDel2UQ5JE4gJ/o6Qgys
# GW4vb+NpxQ6W3mSlU+ClTr03ZljPkascBS7tZO8Fwn+J3Wv4UTNLlM1JFXQhC3v8
# x9HpVpk4HW6C/hiPcsMpZRlXBb/HklkAhDxZ6tjTnQLRvbJ/o2uISJt+ZgeH9zeQ
# Ae4Ap7yPxsuGbx2twzbGoyEPAJj18hW7EUd6KromFqy877svmyRYs3NXQqSJOEmh
# Pv7VriUe6esyyVSXWjA6g2imo5pIhWxxRlsNVrrp8vOJNYT+ygBIFqu28ngwk86H
# jZOLqekEkQrNkwZZLuoxm8FyCAvzfMBeHQFlDnL4a3114dlC6X3/cJqCZ5htTaO+
# t7CL6QcepRh0NQPw1jRlUCARZK+WocjwwcmzgVzSKKzGpdg/EJC8Sg54l7wdVQCp
# jY3HEUWHHHmrqe3IefrzadRQhsB9xKcNdUaZmetRUm+ohgSc9S0cfpVXNwT+G3+M
# a47dp9ueI6Q=
# =wDFZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 27 Feb 2023 11:34:45 GMT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2023-02-27' of https://gitlab.com/thuth/qemu: (33 commits)
Deprecate the "-no-acpi" command line switch
gitlab-ci.d/base: Mark jobs as interruptible by default
gitlab-ci.d: Build with --enable-fdt=system by default
gitlab-ci.d/buildtest-template: Simplify the configure step
gitlab-ci.d/buildtest: Disintegrate the build-coroutine-sigaltstack job
gitlab-ci.d/buildtest: Remove aarch64-softmmu from the build-system-ubuntu job
Updated the FSF address to <https://www.gnu.org/licenses/>
meson: fix dependency on qemu-keymap
qemu-keymap: Silence memory leak warning from Clang's sanitizer
configure: Add 'mkdir build' check
tests/tcg/s390x: Add sam.S
tests/tcg/s390x: Add bal.S
target/s390x: Use tcg_constant_* in translate_vx.c.inc
target/s390x: Use tcg_constant_i32 for fpinst_extract_m34
target/s390x: Use tcg_constant_* for DisasCompare
target/s390x: Use tcg_constant_* in local contexts
s390x/pv: Add support for asynchronous teardown for reboot
target/s390x: Hoist some computation in access_memmove
target/s390x: Inline do_access_{get,set}_byte
target/s390x: Remove TLB_NOTDIRTY workarounds
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The Free Software Foundation moved to a new address and some
sources in QEMU referred to their old location.
The address should be updated and replaced by a pointer to
<https://www.gnu.org/licenses/>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/379
Signed-off-by: Khadija Kamran <kkamran.bese16seecs@seecs.edu.pk>
Message-Id: <576ee9203fdac99d7251a98faa66b9ce1e7febc5.1675941486.git.kkamran.bese16seecs@seecs.edu.pk>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Thomas Huth <thuth@redhat.com>
This patch adds support for the asynchronous teardown for reboot for
protected VMs.
When attempting to tear down a protected VM, try to use the new
asynchronous interface first. If that fails, fall back to the classic
synchronous one.
The asynchronous interface involves invoking the new
KVM_PV_ASYNC_DISABLE_PREPARE command for the KVM_S390_PV_COMMAND ioctl.
This will prepare the current protected VM for asynchronous teardown.
Once the protected VM is prepared for teardown, execution can continue
immediately.
Once the protected VM has been prepared, a new thread is started to
actually perform the teardown. The new thread uses the new
KVM_PV_ASYNC_DISABLE command for the KVM_S390_PV_COMMAND ioctl. The
previously prepared protected VM is torn down in the new thread.
Once KVM_PV_ASYNC_DISABLE is invoked, it is possible to use
KVM_PV_ASYNC_DISABLE_PREPARE again. If a protected VM has already been
prepared and its cleanup has not started, it will not be possible to
prepare a new VM. In that case the classic synchronous teardown has to
be performed.
The synchronous teardown will now also clean up any prepared VMs whose
asynchronous teardown has not been initiated yet.
This considerably speeds up the reboot of a protected VM; for large VMs
especially, it could take a long time to perform a reboot with the
traditional synchronous teardown, while with this patch it is almost
immediate.
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230214163035.44104-3-imbrenda@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Use the VFIO_CCW() QOM type-checking macro to avoid DO_UPCAST().
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230213170145.45666-7-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
QOM parenthood relationship is:
VFIOCCWDevice -> S390CCWDevice -> CcwDevice -> DeviceState
No need to double-cast, call CCW_DEVICE() on VFIOCCWDevice.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20230213170145.45666-6-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Use the S390_CCW_DEVICE() QOM type-checking macro to avoid DO_UPCAST().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230213170145.45666-5-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
'cdev' is VFIOCCWDevice's private parent object.
Access it using the S390_CCW_DEVICE() QOM macro.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20230213170145.45666-4-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
QOM parenthood relationship is:
VFIOCCWDevice -> S390CCWDevice -> CcwDevice -> DeviceState
We can directly use the QOM DEVICE() macro to get the parent object.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20230213170145.45666-3-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
hw.h only contains the protoype of one function nowadays, hw_error(),
so all files that do not use this function anymore also do not need
to include this header anymore.
Message-Id: <20230216142915.304481-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
* A triplet of cleanups to the kernel/initrd loader that avoids
duplication between the various boards.
* Weiwei Li, Daniel Henrique Barboza, and Liu Zhiwei have been added as
reviewers. Thanks for the help!
* A fix for PMP matching to avoid incorrectly appling the default
permissions on PMP permission violations.
* A cleanup to avoid an unnecessary avoid env_archcpu() in
cpu_get_tb_cpu_state().
* Fixes for the vector slide instructions to avoid truncating 64-bit
values (such as doubles) on 32-bit targets.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmP5Br8THHBhbG1lckBk
YWJiZWx0LmNvbQAKCRAuExnzX7sYiT4RD/9hdSlQlR1g/2h4fbCJ3U0GvyNH0T7N
mt3AX8hFvmfR1O63qqVVebJSHM1dTm6WsA19vKE5tdtbjV5V8UZuBTSqYeRBSrLd
LK9IHhwv3k9OQ/EG8CgRo7HEMxAurpC26zTf3chnfwa1Wyl5XxCXNx5hPbhu18G9
oxw0sBi51T0Tb+N6lOVVSfmiEZWLXRq+lDCZdV0j864brsSjo4x8VEGrLaFTOJLf
X4MW6vBI4Pcb7EGnHjj5WvRKsf8gdahdx8bSTjORIm8oGri9Iyw6Vrg2khuhjnuH
99sD1O06cvrylp+sCOVei8H3S6/xCepQXUXnCBCd1/cetgV+olo+ZR78Z8ZjXPED
jhZ23lsDcge+4W141lsCiwLgzI0YO3Ac+84zQLIvcx16c8zow3G9FO9sTlBSsgnW
0XJrsUF7AZB6quUSMytG7WK+OBizzCRwj7ItC+Mty68wLrei5lDVj8b0t8hAQEdr
dOb7jku+Dz8OspGZx1aDKKifGDO+Ppv4PjAM2G44OmkM824SvvFg8+FEr9NgbKbp
VgTZDCeVC6IEpzthKsK8WeompLo7Sc33KITqwMbGiyGs+gsnmgKP2bcTLF8YTlFk
dqFBWjo3tjH5oukgTLCSYY4xPaHR9q418vGAfRox15GtUVliQ9iL5oH47PVXg4U7
YsNZ74nD1pUueg==
=Umli
-----END PGP SIGNATURE-----
Merge tag 'pull-riscv-to-apply-20230224' of github.com:palmer-dabbelt/qemu into staging
Fourth RISC-V PR for QEMU 8.0, Attempt 2
* A triplet of cleanups to the kernel/initrd loader that avoids
duplication between the various boards.
* Weiwei Li, Daniel Henrique Barboza, and Liu Zhiwei have been added as
reviewers. Thanks for the help!
* A fix for PMP matching to avoid incorrectly appling the default
permissions on PMP permission violations.
* A cleanup to avoid an unnecessary avoid env_archcpu() in
cpu_get_tb_cpu_state().
* Fixes for the vector slide instructions to avoid truncating 64-bit
values (such as doubles) on 32-bit targets.
# -----BEGIN PGP SIGNATURE-----
#
# iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmP5Br8THHBhbG1lckBk
# YWJiZWx0LmNvbQAKCRAuExnzX7sYiT4RD/9hdSlQlR1g/2h4fbCJ3U0GvyNH0T7N
# mt3AX8hFvmfR1O63qqVVebJSHM1dTm6WsA19vKE5tdtbjV5V8UZuBTSqYeRBSrLd
# LK9IHhwv3k9OQ/EG8CgRo7HEMxAurpC26zTf3chnfwa1Wyl5XxCXNx5hPbhu18G9
# oxw0sBi51T0Tb+N6lOVVSfmiEZWLXRq+lDCZdV0j864brsSjo4x8VEGrLaFTOJLf
# X4MW6vBI4Pcb7EGnHjj5WvRKsf8gdahdx8bSTjORIm8oGri9Iyw6Vrg2khuhjnuH
# 99sD1O06cvrylp+sCOVei8H3S6/xCepQXUXnCBCd1/cetgV+olo+ZR78Z8ZjXPED
# jhZ23lsDcge+4W141lsCiwLgzI0YO3Ac+84zQLIvcx16c8zow3G9FO9sTlBSsgnW
# 0XJrsUF7AZB6quUSMytG7WK+OBizzCRwj7ItC+Mty68wLrei5lDVj8b0t8hAQEdr
# dOb7jku+Dz8OspGZx1aDKKifGDO+Ppv4PjAM2G44OmkM824SvvFg8+FEr9NgbKbp
# VgTZDCeVC6IEpzthKsK8WeompLo7Sc33KITqwMbGiyGs+gsnmgKP2bcTLF8YTlFk
# dqFBWjo3tjH5oukgTLCSYY4xPaHR9q418vGAfRox15GtUVliQ9iL5oH47PVXg4U7
# YsNZ74nD1pUueg==
# =Umli
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 24 Feb 2023 18:49:35 GMT
# gpg: using RSA key 2B3C3747446843B24A943A7A2E1319F35FBB1889
# gpg: issuer "palmer@dabbelt.com"
# gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown]
# gpg: aka "Palmer Dabbelt <palmerdabbelt@google.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 00CE 76D1 8349 60DF CE88 6DF8 EF4C A150 2CCB AB41
# Subkey fingerprint: 2B3C 3747 4468 43B2 4A94 3A7A 2E13 19F3 5FBB 1889
* tag 'pull-riscv-to-apply-20230224' of github.com:palmer-dabbelt/qemu:
target/riscv: Fix vslide1up.vf and vslide1down.vf
target/riscv: avoid env_archcpu() in cpu_get_tb_cpu_state()
target/riscv: Smepmp: Skip applying default rules when address matches
MAINTAINERS: Add some RISC-V reviewers
target/riscv: Remove privileged spec version restriction for RVV
hw/riscv/boot.c: make riscv_load_initrd() static
hw/riscv/boot.c: consolidate all kernel init in riscv_load_kernel()
hw/riscv: handle 32 bit CPUs kernel_entry in riscv_load_kernel()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When an IOThread is configured, the ctrl virtqueue is processed in the
IOThread. TMFs that reset SCSI devices are currently called directly
from the IOThread and trigger an assertion failure in blk_drain() from
the following call stack:
virtio_scsi_handle_ctrl_req -> virtio_scsi_do_tmf -> device_code_reset
-> scsi_disk_reset -> scsi_device_purge_requests -> blk_drain
../block/block-backend.c:1780: void blk_drain(BlockBackend *): Assertion `qemu_in_main_thread()' failed.
The blk_drain() function is not designed to be called from an IOThread
because it needs the Big QEMU Lock (BQL).
This patch defers TMFs that reset SCSI devices to a Bottom Half (BH)
that runs in the main loop thread under the BQL. This way it's safe to
call blk_drain() and the assertion failure is avoided.
Introduce s->tmf_bh_list for tracking TMF requests that have been
deferred to the BH. When the BH runs it will grab the entire list and
process all requests. Care must be taken to clear the list when the
virtio-scsi device is reset or unrealized. Otherwise deferred TMF
requests could execute later and lead to use-after-free or other
undefined behavior.
The s->resetting counter that's used by TMFs that reset SCSI devices is
accessed from multiple threads. This patch makes that explicit by using
atomic accessor functions. With this patch applied the counter is only
modified by the main loop thread under the BQL but can be read by any
thread.
Reported-by: Qing Wang <qinwang@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230221212218.1378734-4-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
dma_blk_cb() only takes the AioContext lock around ->io_func(). That
means the rest of dma_blk_cb() is not protected. In particular, the
DMAAIOCB field accesses happen outside the lock.
There is a race when the main loop thread holds the AioContext lock and
invokes scsi_device_purge_requests() -> bdrv_aio_cancel() ->
dma_aio_cancel() while an IOThread executes dma_blk_cb(). The dbs->acb
field determines how cancellation proceeds. If dma_aio_cancel() sees
dbs->acb == NULL while dma_blk_cb() is still running, the request can be
completed twice (-ECANCELED and the actual return value).
The following assertion can occur with virtio-scsi when an IOThread is
used:
../hw/scsi/scsi-disk.c:368: scsi_dma_complete: Assertion `r->req.aiocb != NULL' failed.
Fix the race by holding the AioContext across dma_blk_cb(). Now
dma_aio_cancel() under the AioContext lock will not see
inconsistent/intermediate states.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230221212218.1378734-3-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If requests are being processed in the IOThread when a SCSIDevice is
unplugged, scsi_device_purge_requests() -> scsi_req_cancel_async() races
with I/O completion callbacks. Both threads load and store req->aiocb.
This can lead to assert(r->req.aiocb == NULL) failures and undefined
behavior.
Protect r->req.aiocb with the AioContext lock to prevent the race.
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230221212218.1378734-2-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The QERR_ macros are leftovers from the days of "rich" error objects.
We've been trying to reduce their remaining use.
The stubbed out Rocker monitor commands are the last remaining users
of QERR_FEATURE_DISABLED. They fail like this:
(qemu) info rocker mumble
Error: The feature 'rocker' is not enabled
The real rocker commands fail like this when the named object doesn't
exist:
Error: rocker mumble not found
If that's good enough when Rocker is enabled, then it's good enough
when it's disabled, so replace QERR_FEATURE_DISABLED with that, and
drop the macro.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230207075115.1525-13-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
The QERR_ macros are leftovers from the days of "rich" error objects.
We've been trying to reduce their remaining use.
Get rid of a use of QERR_FEATURE_DISABLED, and improve the slightly
awkward error message
(qemu) info hotpluggable-cpus
Error: The feature 'query-hotpluggable-cpus' is not enabled
to
Error: machine does not support hot-plugging CPUs
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230207075115.1525-11-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
The QERR_ macros are leftovers from the days of "rich" error objects.
We've been trying to reduce their remaining use.
qmp_query_vm_generation_id() in stubs/vmgenid.c is the last user of
QERR_UNSUPPORTED outside qga/. Unlike the stubs we just dropped, it
is actually reachable, namely when CONFIG_ACPI_VMGENID is off. It
always fails like
(qemu) info vm-generation-id
Error: this feature or command is not currently supported
Turns out the real qmp_query_vm_generation_id() doesn't actually
depend on CONFIG_ACPI_VMGENID, and fails safely when it's off. Move
it to hw/core/machine-qmp-cmds.c, and drop the stub. The error
message becomes
Error: VM Generation ID device not found
Feels like an improvement to me.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230207075115.1525-8-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
The QERR_ macros are leftovers from the days of "rich" error objects.
We've been trying to reduce their remaining use.
acpi_table_add() is only ever called on behalf of CLI option
-acpitable. Since qemu-options.hx sets @arch_mask to QEMU_ARCH_I386,
it is reachable only for these targets. Since they provide a real
acpi_table_add(), the stub is unreachable.
There's no point in unreachable code keeping QERR_UNSUPPORTED alive.
Dumb it down to g_assert_not_reached().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230207075115.1525-7-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
The QERR_ macros are leftovers from the days of "rich" error objects.
We've been trying to reduce their remaining use.
smbios_entry_add() is only ever called on behalf of CLI option
-smbios. Since qemu-options.hx sets @arch_mask to QEMU_ARCH_I386 |
QEMU_ARCH_ARM, it is reachable only for these targets. Since they
provide a real smbios_entry_add(), the stub is unreachable.
There's no point in unreachable code keeping QERR_UNSUPPORTED alive.
Dumb it down to g_assert_not_reached().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230207075115.1525-6-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
The QERR_ macros are leftovers from the days of "rich" error objects.
We've been trying to reduce their remaining use.
Get rid of a use of QERR_UNSUPPORTED, and improve the rather vague
error message
(qemu) nmi
Error: this feature or command is not currently supported
to
Error: machine does not provide NMIs
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230207075115.1525-5-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
