Commit Graph

21979 Commits

Author SHA1 Message Date
Philippe Mathieu-Daudé
a7e1562ca2 hw/ssi/xilinx_spi: Use DeviceState::realize rather than SysBusDevice::init
Move from the legacy SysBusDevice::init method to using DeviceState::realize.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20181002212522.23303-5-f4bug@amsat.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-10-24 06:44:59 -03:00
Philippe Mathieu-Daudé
e871972e65 hw/timer/sun4v-rtc: Use DeviceState::realize rather than SysBusDevice::init
Move from the legacy SysBusDevice::init method to using DeviceState::realize.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20181002212522.23303-4-f4bug@amsat.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-10-24 06:44:59 -03:00
Philippe Mathieu-Daudé
252bfbdec0 hw/timer/sun4v-rtc: Convert from DPRINTF() macro to trace events
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Artyom Tarasenko <atar4qemu@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20181002212522.23303-3-f4bug@amsat.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-10-24 06:44:59 -03:00
Philippe Mathieu-Daudé
d33fff2a93 trace-events: Fix copy/paste typo
Missed while reviewing 5dd85b4b48.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20181002212522.23303-2-f4bug@amsat.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-10-24 06:44:59 -03:00
Edgar E. Iglesias
e2c0c4eef5 net: cadence_gem: Announce 64bit addressing support
Announce 64bit addressing support.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20181017213932.19973-3-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-24 07:51:37 +01:00
Edgar E. Iglesias
726a2a951b net: cadence_gem: Announce availability of priority queues
Announce the availability of the various priority queues.
This fixes an issue where guest kernels would miss to
configure secondary queues due to inproper feature bits.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20181017213932.19973-2-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-24 07:51:37 +01:00
Stewart Hildebrand
ea358872a6 hw/arm/boot: Increase compliance with kernel arm64 boot protocol
"The Image must be placed text_offset bytes from a 2MB aligned base
address anywhere in usable system RAM and called there."

For the virt board, we write our startup bootloader at the very
bottom of RAM, so that bit can't be used for the image. To avoid
overlap in case the image requests to be loaded at an offset
smaller than our bootloader, we increment the load offset to the
next 2MB.

This fixes a boot failure for Xen AArch64.

Signed-off-by: Stewart Hildebrand <stewart.hildebrand@dornerworks.com>
Tested-by: Andre Przywara <andre.przywara@arm.com>
Message-id: b8a89518794b4436af0c151ed10de4fa@dornerworks.com
[PMM: Rephrased a comment a bit]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-24 07:51:36 +01:00
Richard Henderson
47576b94af target/arm: Move some system registers into a substructure
Create struct ARMISARegisters, to be accessed during translation.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20181016223115.24100-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-24 07:50:16 +01:00
Markus Armbruster
61e9e3cb45 ssi-sd: Make devices picking up backends unavailable with -device
Device models aren't supposed to go on fishing expeditions for
backends.  They should expose suitable properties for the user to set.
For onboard devices, board code sets them.

Device ssi-sd picks up its block backend in its init() method with
drive_get_next() instead.  This mistake is already marked FIXME since
commit af9e40a.

Unset user_creatable to remove the mistake from our external
interface.  Since the SSI bus doesn't support hotplug, only -device
can be affected.  Only certain ARM machines have ssi-sd and provide an
SSI bus for it; this patch breaks -device ssi-sd for these machines.
No actual use of -device ssi-sd is known.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-id: 20181009060835.4608-1-armbru@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-24 07:50:16 +01:00
Thomas Huth
eae2e2e96b configs: Add a CONFIG_SMC37C669 switch for the "smc37c669-superio" device
This device is not user-creatable and currently only used for the
"alpha" target. So if the user does not want to compile alpha-softmmu,
we should also not compile this device. Add a proper config switch to
be able to compile this more flexibly.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2018-10-24 07:33:44 +01:00
Thomas Huth
3858ff7639 hw/core: Move null-machine into the common-obj list
The null-machine code used to be target specific since it used the
target-specific cpu_init() function in the past. But in the recent
commit 2278b93941 ("Use cpu_create(type) instead of
cpu_init(cpu_model)") this has been change, so that the code now
uses the common cpu_create() function instead. Thus we can put
the null-machine into the common-obj list so that it is compiled
only once for all targets, to save some compilation time.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2018-10-24 07:27:25 +01:00
Peter Maydell
13399aad4f Error reporting patches for 2018-10-22
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbzcCHAAoJEDhwtADrkYZT3YsP/2qE4HNY/htj3IP6vNJuSaqw
 CLPRTz7zWmUBTE6FqSkvLsq3X2BMFFLeaIPA9EFcbyn2km6qPqBYgg9ElXXvPZBm
 6hDeRIoC8FdRD0Apozd5MGC94/lE47PheDRV8V+4KrGLaaMXEPxMZ0wP4AfdS5pS
 6Pt2xuF7nPu1+OWVxMk0fXadGjGLEuOQQmTh3B21J5RaynQ3gtd6h7XFC/LJyOGG
 LC/6GyPc0h7KU83VnvrRjH/EOpu1wENgrsvWsS0sem8op35Z+i9jU5BfCp4qFkDy
 gCHHUEyEeyexS+W+Tj87eBtK2gfrqQx9ovo8CIsWcUwpKbdD6AMK4FKGsDNMNHab
 Kg5u/M+O8nHCB7DuursF+3mqEbZHb05cfKe6JEtiq49EuORMV5hp4Ap966noSwTw
 UEU0NJNA1p8EdmXVudyyyYR7wpoSSmZpoenA+bJ3nthK8K0KcU4RUGk6ZEbxfJy+
 7ENl+3R2IxmxzgXv/x0tz0uFisaVW1rltTXtMte+ElQsO0qy74iHdfR7JHsmLxj9
 CO/ABMVoYsWq2OJv8pWLrdKpT4v3HQLJdHhknyu0ZcJGDyICqX29ULLEhPrNEZvW
 rxVxAkiemlaqxlUjbrM46CDQQm+w03OCnk7aCYcV4oK+u5+o3mCag705gMPErapZ
 6uOE3fAjiWw43sA31mek
 =kPZX
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2018-10-22' into staging

Error reporting patches for 2018-10-22

# gpg: Signature made Mon 22 Oct 2018 13:20:23 BST
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-error-2018-10-22: (40 commits)
  error: Drop bogus "use error_setg() instead" admonitions
  vpc: Fail open on bad header checksum
  block: Clean up bdrv_img_create()'s error reporting
  vl: Simplify call of parse_name()
  vl: Fix exit status for -drive format=help
  blockdev: Convert drive_new() to Error
  vl: Assert drive_new() does not fail in default_drive()
  fsdev: Clean up error reporting in qemu_fsdev_add()
  spice: Clean up error reporting in add_channel()
  tpm: Clean up error reporting in tpm_init_tpmdev()
  numa: Clean up error reporting in parse_numa()
  vnc: Clean up error reporting in vnc_init_func()
  ui: Convert vnc_display_init(), init_keyboard_layout() to Error
  ui/keymaps: Fix handling of erroneous include files
  vl: Clean up error reporting in device_init_func()
  vl: Clean up error reporting in parse_fw_cfg()
  vl: Clean up error reporting in mon_init_func()
  vl: Clean up error reporting in machine_set_property()
  vl: Clean up error reporting in chardev_init_func()
  qom: Clean up error reporting in user_creatable_add_opts_foreach()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-23 17:20:23 +01:00
Peter Maydell
b312532fd0 * RTC fixes (Artem)
* icount fixes (Artem)
 * rr fixes (Pavel, myself)
 * hotplug cleanup (Igor)
 * SCSI fixes (myself)
 * 4.20-rc1 KVM header update (myself)
 * coalesced PIO support (Peng Hao)
 * HVF fixes (Roman B.)
 * Hyper-V refactoring (Roman K.)
 * Support for Hyper-V IPI (Vitaly)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJbycRuAAoJEL/70l94x66DGL4H/00Gu/+0dNlpxt6hYVaJ30jX
 vFCsZoglBJ060M8m0C9roTF7zdIgI/X0oxJKWNaxqCDD0GSL5oM1AfG0DCsEBq6X
 ApHYfBOh6mMWuB2qzV9QkK0b2u7+g9J8pQQYfZlU+QNtmUUmbzBxV4h7oqOoedJZ
 nTJrkYzBg88bLDXUAuFrnMhaktqzPvyhdD36vUX5Kc9Hk9R3krtEenc/XKfEJg+o
 n1DX9QeAWgi3MdhkhXSaNSnAu2k2+/qJDmOPk1r63ft5ZfaUKOaVecU06ioiEmrc
 KJd6EYeRvh2eIpbOCGSEVDrieGVBOPvqYg0ryWroxSveoPqJZh5ys9MdIjD+8zg=
 =4XhC
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* RTC fixes (Artem)
* icount fixes (Artem)
* rr fixes (Pavel, myself)
* hotplug cleanup (Igor)
* SCSI fixes (myself)
* 4.20-rc1 KVM header update (myself)
* coalesced PIO support (Peng Hao)
* HVF fixes (Roman B.)
* Hyper-V refactoring (Roman K.)
* Support for Hyper-V IPI (Vitaly)

# gpg: Signature made Fri 19 Oct 2018 12:47:58 BST
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (47 commits)
  replay: pass raw icount value to replay_save_clock
  target/i386: kvm: just return after migrate_add_blocker failed
  hyperv_testdev: add SynIC message and event testmodes
  hyperv: process POST_MESSAGE hypercall
  hyperv: add support for KVM_HYPERV_EVENTFD
  hyperv: process SIGNAL_EVENT hypercall
  hyperv: add synic event flag signaling
  hyperv: add synic message delivery
  hyperv: make overlay pages for SynIC
  hyperv: only add SynIC in compatible configurations
  hyperv: qom-ify SynIC
  hyperv:synic: split capability testing and setting
  i386: add hyperv-stub for CONFIG_HYPERV=n
  default-configs: collect CONFIG_HYPERV* in hyperv.mak
  hyperv: factor out arch-independent API into hw/hyperv
  hyperv: make hyperv_vp_index inline
  hyperv: split hyperv-proto.h into x86 and arch-independent parts
  hyperv: rename kvm_hv_sint_route_set_sint
  hyperv: make HvSintRoute reference-counted
  hyperv: address HvSintRoute by X86CPU pointer
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-19 19:01:07 +01:00
Markus Armbruster
b836723dfe fsdev: Clean up error reporting in qemu_fsdev_add()
Calling error_report() from within a function that takes an Error **
argument is suspicious.  qemu_fsdev_add() does that, and its caller
fsdev_init_func() then fails without setting an error.  Its caller
main(), via qemu_opts_foreach(), is fine with it, but clean it up
anyway.

Cc: Greg Kurz <groug@kaod.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Greg Kurz <groug@kaod.org>
Message-Id: <20181017082702.5581-32-armbru@redhat.com>
2018-10-19 14:51:34 +02:00
Markus Armbruster
fff4c9c325 xen/pt: Fix incomplete conversion to realize()
The conversion of "xen-pci-passthrough" to realize() (commit
5a11d0f754, v2.6.0) neglected to convert the xen_pt_config_init()
error path.  If xen_pt_config_init() fails, xen_pt_realize() reports
the error, then returns success without completing its job.  I don't
know the exact impact, but it can't be good.

Belatedly convert the error path.

Fixes: 5a11d0f754
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20181017082702.5581-17-armbru@redhat.com>
2018-10-19 14:51:34 +02:00
Markus Armbruster
1028283c60 smbios: Clean up error handling in smbios_add()
Calling error_report() in a function that takes an Error ** argument
is suspicious.  smbios_entry_add() does that, and then exit()s.  It
also passes &error_fatal to qemu_opts_validate().  Both wrong, but
currently harmless, as its only caller passes &error_fatal.  Messed up
in commit 1007a37e20.  Clean it up.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20181017082702.5581-12-armbru@redhat.com>
2018-10-19 14:51:34 +02:00
Markus Armbruster
11ab69d6e7 ioapic: Fix error handling in realize()
Calling error_report() in a function that takes an Error ** argument
is suspicious.  ioapic_realize() does that, and then exit()s.
Currently mostly harmless, as the device cannot be hot-plugged.

Fixes: 20fd4b7b6d
Cc: Peter Xu <peterx@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20181017082702.5581-11-armbru@redhat.com>
2018-10-19 14:51:34 +02:00
Markus Armbruster
d319e05d6f pc: Fix machine property nvdimm-persistence error handling
Calling error_report() in a function that takes an Error ** argument
is suspicious.  pc.c's pc_machine_set_nvdimm_persistence() does that,
and then exit()s.  Wrong.  Attempting to set machine property
nvdimm-persistence to a bad value instantly kills the VM:

    $ qemu-system-x86_64 -nodefaults -S -display none -qmp stdio
    {"QMP": {"version": {"qemu": {"micro": 50, "minor": 0, "major": 3}, "package": "v3.0.0-837-gc5e4e49258"}, "capabilities": []}}
    {"execute": "qmp_capabilities"}
    {"return": {}}
    {"execute": "qom-set", "arguments": {"path": "/machine", "property": "nvdimm-persistence", "value": "instadeath"}}
    -machine nvdimm-persistence=instadeath: unsupported option
    $ echo $?
    1

Broken when commit 11c39b5cd9 (v3.0.0) replaced error_propagate();
return by error_report(); exit() instead of error_setg(); return.  Fix
that.

Fixes: 11c39b5cd9
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20181017082702.5581-10-armbru@redhat.com>
2018-10-19 14:51:34 +02:00
Markus Armbruster
1245402e3c 9pfs: Fix CLI parsing crash on error
Calling error_report() in a function that takes an Error ** argument
is suspicious.  9p-handle.c's handle_parse_opts() does that, and then
fails without setting an error.  Wrong.  Its caller crashes when it
tries to report the error:

    $ qemu-system-x86_64 -nodefaults -fsdev id=foo,fsdriver=handle
    qemu-system-x86_64: -fsdev id=foo,fsdriver=handle: warning: handle backend is deprecated
    qemu-system-x86_64: -fsdev id=foo,fsdriver=handle: fsdev: No path specified
    Segmentation fault (core dumped)

Screwed up when commit 91cda4e8f3 (v2.12.0) converted the function to
Error.  Fix by calling error_setg() instead of error_report().

Fixes: 91cda4e8f3
Cc: Greg Kurz <groug@kaod.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20181017082702.5581-9-armbru@redhat.com>
2018-10-19 14:51:34 +02:00
Markus Armbruster
c3b8e3e0ed vfio: Clean up error reporting after previous commit
The previous commit changed vfio's warning messages from

    vfio warning: DEV-NAME: Could not frobnicate

to

    warning: vfio DEV-NAME: Could not frobnicate

To match this change, change error messages from

    vfio error: DEV-NAME: On fire

to

    vfio DEV-NAME: On fire

Note the loss of "error".  If we think marking error messages that way
is a good idea, we should mark *all* error messages, i.e. make
error_report() print it.

Cc: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Message-Id: <20181017082702.5581-7-armbru@redhat.com>
2018-10-19 14:51:34 +02:00
Markus Armbruster
e1eb292ace vfio: Use warn_report() & friends to report warnings
The vfio code reports warnings like

    error_report(WARN_PREFIX "Could not frobnicate", DEV-NAME);

where WARN_PREFIX is defined so the message comes out as

    vfio warning: DEV-NAME: Could not frobnicate

This usage predates the introduction of warn_report() & friends in
commit 97f40301f1.  It's time to convert to that interface.  Since
these functions already prefix the message with "warning: ", replace
WARN_PREFIX by VFIO_MSG_PREFIX, so the messages come out like

    warning: vfio DEV-NAME: Could not frobnicate

The next commit will replace ERR_PREFIX.

Cc: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20181017082702.5581-6-armbru@redhat.com>
2018-10-19 14:51:34 +02:00
Markus Armbruster
0765691e97 cpus hw target: Use warn_report() & friends to report warnings
Calling error_report() in a function that takes an Error ** argument
is suspicious.  Convert a few that are actually warnings to
warn_report().

While there, split a warning consisting of multiple sentences to
conform to conventions spelled out in warn_report()'s contract.

Cc: Alex Bennée <alex.bennee@linaro.org>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Fam Zheng <famz@redhat.com>
Cc: Wei Huang <wei@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20181017082702.5581-5-armbru@redhat.com>
2018-10-19 14:51:34 +02:00
Markus Armbruster
50beeb6809 Use error_fatal to simplify obvious fatal errors (again)
Add a slight improvement of the Coccinelle semantic patch from commit
007b06578a, and use it to clean up.  It leaves dead Error * variables
behind, cleaned up manually.

Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Alexander Graf <agraf@suse.de>
Cc: Eric Blake <eblake@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20181017082702.5581-3-armbru@redhat.com>
2018-10-19 14:51:34 +02:00
Markus Armbruster
4b5766488f error: Fix use of error_prepend() with &error_fatal, &error_abort
From include/qapi/error.h:

  * Pass an existing error to the caller with the message modified:
  *     error_propagate(errp, err);
  *     error_prepend(errp, "Could not frobnicate '%s': ", name);

Fei Li pointed out that doing error_propagate() first doesn't work
well when @errp is &error_fatal or &error_abort: the error_prepend()
is never reached.

Since I doubt fixing the documentation will stop people from getting
it wrong, introduce error_propagate_prepend(), in the hope that it
lures people away from using its constituents in the wrong order.
Update the instructions in error.h accordingly.

Convert existing error_prepend() next to error_propagate to
error_propagate_prepend().  If any of these get reached with
&error_fatal or &error_abort, the error messages improve.  I didn't
check whether that's the case anywhere.

Cc: Fei Li <fli@suse.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20181017082702.5581-2-armbru@redhat.com>
2018-10-19 14:51:34 +02:00
Roman Kagan
6738ccfff0 hyperv_testdev: add SynIC message and event testmodes
Add testmodes for SynIC messages and events.  The message or event
connection setup / teardown is initiated by the guest via new control
codes written to the test device port.  Then the test connections bounce
the respective operations back to the guest, i.e. the incoming messages
are posted or the incoming events are signaled on the configured vCPUs.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:14 +02:00
Roman Kagan
76036a5fc7 hyperv: process POST_MESSAGE hypercall
Add handling of POST_MESSAGE hypercall.  For that, add an interface to
regsiter a handler for the messages arrived from the guest on a
particular connection id (IOW set up a message connection in Hyper-V
speak).

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921082217.29481-10-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:14 +02:00
Roman Kagan
8d3bc0b753 hyperv: add support for KVM_HYPERV_EVENTFD
When setting up a notifier for Hyper-V event connection, try to use the
KVM-assisted one first, and fall back to userspace handling of the
hypercall if the kernel doesn't provide the requested feature.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921082217.29481-9-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:14 +02:00
Roman Kagan
e6ea9f45b7 hyperv: process SIGNAL_EVENT hypercall
Add handling of SIGNAL_EVENT hypercall.  For that, provide an interface
to associate an EventNotifier with an event connection number, so that
it's signaled when the SIGNAL_EVENT hypercall with the matching
connection ID is called by the guest.

Support for using KVM functionality for this will be added in a followup
patch.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921082217.29481-8-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:14 +02:00
Roman Kagan
f5642f8b45 hyperv: add synic event flag signaling
Add infrastructure to signal SynIC event flags by atomically setting the
corresponding bit in the event flags page and firing a SINT if
necessary.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921082217.29481-7-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:14 +02:00
Roman Kagan
4cbaf3c133 hyperv: add synic message delivery
Add infrastructure to deliver SynIC messages to the SynIC message page.

Note that KVM may also want to deliver (SynIC timer) messages to the
same message slot.

The problem is that the access to a SynIC message slot is controlled by
the value of its .msg_type field which indicates if the slot is being
owned by the hypervisor (zero) or by the guest (non-zero).

This leaves no room for synchronizing multiple concurrent producers.

The simplest way to deal with this for both KVM and QEMU is to only
deliver messages in the vcpu thread.  KVM already does this; this patch
makes it for QEMU, too.

Specifically,

 - add a function for posting messages, which only copies the message
   into the staging buffer if its free, and schedules a work on the
   corresponding vcpu to actually deliver it to the guest slot;

 - instead of a sint ack callback, set up the sint route with a message
   status callback.  This function is called in a bh whenever there are
   updates to the message slot status: either the vcpu made definitive
   progress delivering the message from the staging buffer (succeeded or
   failed) or the guest issued EOM; the status is passed as an argument
   to the callback.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921082217.29481-6-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:14 +02:00
Roman Kagan
267e071bd6 hyperv: make overlay pages for SynIC
Per Hyper-V spec, SynIC message and event flag pages are to be
implemented as so called overlay pages.  That is, they are owned by the
hypervisor and, when mapped into the guest physical address space,
overlay the guest physical pages such that

1) the overlaid guest page becomes invisible to the guest CPUs until the
   overlay page is turned off
2) the contents of the overlay page is preserved when it's turned off
   and back on, even at a different address; it's only zeroed at vcpu
   reset

This particular nature of SynIC message and event flag pages is ignored
in the current code, and guest physical pages are used directly instead.
This happens to (mostly) work because the actual guests seem not to
depend on the features listed above.

This patch implements those pages as the spec mandates.

Since the extra RAM regions, which introduce migration incompatibility,
are only added at SynIC object creation which only happens when
hyperv_synic_kvm_only == false, no extra compat logic is necessary.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921082217.29481-5-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:14 +02:00
Roman Kagan
606c34bfd5 hyperv: qom-ify SynIC
Make Hyper-V SynIC a device which is attached as a child to a CPU.  For
now it only makes SynIC visibile in the qom hierarchy, and maintains its
internal fields in sync with the respecitve msrs of the parent cpu (the
fields will be used in followup patches).

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921082217.29481-3-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:14 +02:00
Roman Kagan
701189e311 hyperv: factor out arch-independent API into hw/hyperv
A significant part of hyperv.c is not actually tied to x86, and can
be moved to hw/.

This will allow to maintain most of Hyper-V and VMBus
target-independent, and to avoid conflicts with inclusion of
arch-specific headers down the road in VMBus implementation.

Also this stuff can now be opt-out with CONFIG_HYPERV.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921082041.29380-4-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:13 +02:00
Roman Kagan
2486cb8eba hyperv: rename kvm_hv_sint_route_set_sint
There's nothing kvm-specific in it so follow the suite and replace
"kvm_hv" prefix with "hyperv".

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921081836.29230-9-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:13 +02:00
Roman Kagan
3d3e6e85c3 hyperv: make HvSintRoute reference-counted
Multiple entities (e.g. VMBus devices) can use the same SINT route.  To
make their lives easier in maintaining SINT route ownership, make it
reference-counted.  Adjust the respective API names accordingly.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921081836.29230-8-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:13 +02:00
Roman Kagan
b56920245c hyperv: allow passing arbitrary data to sint ack callback
Make sint ack callback accept an opaque pointer, that is stored on
sint_route at creation time.

This allows for more convenient interaction with the callback.

Besides, nothing outside hyperv.c should need to know the layout of
HvSintRoute fields any more so its declaration can be removed from the
header.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921081836.29230-6-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:13 +02:00
Roman Kagan
cc4669f065 hyperv_testdev: drop unnecessary includes
Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921081836.29230-3-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:13 +02:00
Roman Kagan
1ba5c3a954 hyperv_testdev: refactor for better maintainability
Make hyperv_testdev slightly easier to follow and enhance in future.
For that, put the hyperv sint routes (wrapped in a helper structure) on
a linked list rather than a fixed-size array.  Besides, this way
HvSintRoute can be treated as an opaque structure, allowing for easier
refactoring of the core Hyper-V SynIC code in followup pathches.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180921081836.29230-2-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:13 +02:00
Paolo Bonzini
40dce4ee61 scsi-disk: fix rerror/werror=ignore
rerror=ignore was returning true from scsi_handle_rw_error but the callers were not
calling scsi_req_complete when rerror=ignore returns true (this is the correct thing
to do when true is returned after executing a passthrough command).  Fix this by
calling it in scsi_handle_rw_error.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:13 +02:00
Paolo Bonzini
e6aa5ba4ac scsi-disk: fix double completion of failing passthrough requests
If a command fails with a sense that scsi_sense_buf_to_errno converts to
ECANCELED/EAGAIN/ENOTCONN or with a unit attention, scsi_req_complete is
called twice.  This caused a crash.

Reported-by: Wangguang <wang.guangA@h3c.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:12 +02:00
Li Qiang
a519e38944 hw: edu: drop DO_UPCAST
Signed-off-by: Li Qiang <liq3ea@163.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:12 +02:00
Igor Mammedov
8b5e6caf01 call HotplugHandler->plug() as the last step in device realization
When [2] was fixed it was agreed that adding and calling post_plug()
callback after device_reset() was low risk approach to hotfix issue
right before release. So it was merged instead of moving already
existing plug() callback after device_reset() is called which would
be more risky and require all plug() callbacks audit.

Looking at the current plug() callbacks, it doesn't seem that moving
plug() callback after device_reset() is breaking anything, so here
goes agreed upon [3] proper fix which essentially reverts [1][2]
and moves plug() callback after device_reset().
This way devices always comes to plug() stage, after it's been fully
initialized (including being reset), which fixes race condition [2]
without need for an extra post_plug() callback.

 1. (25e897881 "qdev: add HotplugHandler->post_plug() callback")
 2. (8449bcf94 "virtio-scsi: fix hotplug ->reset() vs event race")
 3. https://www.mail-archive.com/qemu-devel@nongnu.org/msg549915.html

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1539696820-273275-1-git-send-email-imammedo@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Pierre Morel<pmorel@linux.ibm.com>
Acked-by: Pierre Morel<pmorel@linux.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:12 +02:00
Peng Hao
a8de011500 target-i386: add q35 0xcf8 port as coalesced_pio
Signed-off-by: Peng Hao <peng.hao2@zte.com.cn>
Message-Id: <1539795177-21038-6-git-send-email-peng.hao2@zte.com.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:11 +02:00
Peng Hao
37abf8d234 target-i386: add i440fx 0xcf8 port as coalesced_pio
Signed-off-by: Peng Hao <peng.hao2@zte.com.cn>
Message-Id: <1539795177-21038-5-git-send-email-peng.hao2@zte.com.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:11 +02:00
Peng Hao
f98167ea06 target-i386: add rtc 0x70 port as coalesced_pio
Signed-off-by: Peng Hao <peng.hao2@zte.com.cn>
Message-Id: <1539890353-30273-1-git-send-email-peng.hao2@zte.com.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:11 +02:00
Paolo Bonzini
24f7973b67 es1370: more fixes for ADC_FRAMEADR and ADC_FRAMECNT
They are not consecutive with DAC1_FRAME* and DAC2_FRAME*; Coverity
still complains about es1370_read, while es1370_write was fixed in
commit cf9270e522.

Fixes: 154c1d1f96
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-19 13:44:00 +02:00
Jason Wang
1001cf45a7 e1000: indicate dropped packets in HW counters
The e1000 emulation silently discards RX packets if there's
insufficient space in the ring buffer. This leads to errors
on higher-level protocols in the guest, with no indication
about the error cause.

This patch increments the "Missed Packets Count" (MPC) and
"Receive No Buffers Count" (RNBC) HW counters in this case.
As the emulation has no FIFO for buffering packets that can't
immediately be pushed to the guest, these two registers are
practically equivalent (see 10.2.7.4, 10.2.7.33 in
https://www.intel.com/content/www/us/en/embedded/products/networking/82574l-gbe-controller-datasheet.html).

On a Linux guest, the register content  will be reflected in
the "rx_missed_errors" and "rx_no_buffer_count" stats from
"ethtool -S", and in the "missed" stat from "ip -s -s link show",
giving at least some hint about the error cause inside the guest.

If the cause is known, problems like this can often be avoided
easily, by increasing the number of RX descriptors in the guest
e1000 driver (e.g under Linux, "e1000.RxDescriptors=1024").

The patch also adds a qemu trace message for this condition.

Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-10-19 11:15:04 +08:00
Jason Wang
b1d80d12c5 pcnet: fix possible buffer overflow
In pcnet_receive(), we try to assign size_ to size which converts from
size_t to integer. This will cause troubles when size_ is greater
INT_MAX, this will lead a negative value in size and it can then pass
the check of size < MIN_BUF_SIZE which may lead out of bound access
for both buf and buf1.

Fixing by converting the type of size to size_t.

CC: qemu-stable@nongnu.org
Reported-by: Daniel Shapira <daniel@twistlock.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-10-19 11:15:04 +08:00
Jason Wang
1a326646fe rtl8139: fix possible out of bound access
In rtl8139_do_receive(), we try to assign size_ to size which converts
from size_t to integer. This will cause troubles when size_ is greater
INT_MAX, this will lead a negative value in size and it can then pass
the check of size < MIN_BUF_SIZE which may lead out of bound access of
for both buf and buf1.

Fixing by converting the type of size to size_t.

CC: qemu-stable@nongnu.org
Reported-by: Daniel Shapira <daniel@twistlock.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-10-19 11:15:04 +08:00
Jason Wang
fdc89e90fa ne2000: fix possible out of bound access in ne2000_receive
In ne2000_receive(), we try to assign size_ to size which converts
from size_t to integer. This will cause troubles when size_ is greater
INT_MAX, this will lead a negative value in size and it can then pass
the check of size < MIN_BUF_SIZE which may lead out of bound access of
for both buf and buf1.

Fixing by converting the type of size to size_t.

CC: qemu-stable@nongnu.org
Reported-by: Daniel Shapira <daniel@twistlock.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-10-19 11:15:04 +08:00
liujunjie
7da2d99fb9 clean up callback when del virtqueue
Before, we did not clear callback like handle_output when delete
the virtqueue which may result be segmentfault.
The scene is as follows:
1. Start a vm with multiqueue vhost-net,
2. then we write VIRTIO_PCI_GUEST_FEATURES in PCI configuration to
triger multiqueue disable in this vm which will delete the virtqueue.
In this step, the tx_bh is deleted but the callback virtio_net_handle_tx_bh
still exist.
3. Finally, we write VIRTIO_PCI_QUEUE_NOTIFY in PCI configuration to
notify the deleted virtqueue. In this way, virtio_net_handle_tx_bh
will be called and qemu will be crashed.

Although the way described above is uncommon, we had better reinforce it.

CC: qemu-stable@nongnu.org
Signed-off-by: liujunjie <liujunjie23@huawei.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-10-19 11:15:03 +08:00
Peter Maydell
77f7c74719 - Updates for qtest entries in test/Makefile.include
- Simple updates for some shell scripts
 - Misc simple patches for files without regular subsystem pull requests
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJbxuLDAAoJEC7Z13T+cC2144kQAJ135I3HTRLpFHEA2zj026ym
 3qW+1VmY6dSAluo/OR7ZQJfrLGCG44/Lo1OlXk07EFHcZXRImybry+dmrotDA6tK
 regbe88NLBYIx40ur388w6ZDBqsfcZspa1A0QwACxEA/BD4jZhoij4jDuxpyGXRL
 uo6UD34gU1qQPpc3JngdASK7sZsT/el2Gi6dCV5oudQg1VLbxUVRhcdqgYG/4m5H
 HpxMtdeq8nTekCRNpvDr6cjHrPBdFrBzhgXS38T+Gac/dOuJcEeiUcaH9o2ynLS4
 o74aaQfHkmO10DyKZ9rnJGsU3Hqn3zkjoxPGQR/ewUX70KR2ZVfQZiLWkWpF4gOV
 BWddr3M8DUFwTAv85qriJS5CtVn6X/DJESFEtbApMkmurhnfzXA3Ligks5beDmEn
 C82iSv/8Sl+Rt+J4zCQ4AnMaIrdKC/Ie2E65jxrbAsGynUZ0ser2Yj7CDKUWAlDZ
 l6m1p6G0TmLS6oeS6P8nMppdFhihtMD7EcglQKKLoZcbhpSD98E0jefLBh4ZqAdx
 MbFAQR9oGpOS0iLQQ/8iFe2HDRqdddw7pYNPWix74AuiGpJyVkOBPObw6QEfphe9
 6+waQ27l+x2lUYJ/ZNm6kainy0TB+SoUu8x1CQtBwv3lYU6TRrAg63ij8AXYOyPm
 bLUPeiGq3uTVzyN836Th
 =vYUc
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2018-10-17' into staging

- Updates for qtest entries in test/Makefile.include
- Simple updates for some shell scripts
- Misc simple patches for files without regular subsystem pull requests

# gpg: Signature made Wed 17 Oct 2018 08:20:35 BST
# gpg:                using RSA key 2ED9D774FE702DB5
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>"
# gpg:                 aka "Thomas Huth <thuth@redhat.com>"
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>"
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>"
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2018-10-17:
  configure: remove glib_subprocess check
  hw/core/generic-loader: Compile only once, not for each target
  cpu: Provide a proper prototype for target_words_bigendian() in a header
  hw/core/generic-loader: Set a category for the generic-loader device
  qemu/compiler: Wrap __attribute__((flatten)) in a macro
  mailmap: Fix Reimar Döffinger name
  show-fixed-bugs.sh: Modern shell scripting (use $() instead of ``)
  git-submodule.sh: Modern shell scripting (use $() instead of ``)
  archive-source.sh: Modern shell scripting (use $() instead of ``)
  MAINTAINERS: update block/sheepdog maintainers
  gdbstub: Remove unused include
  tests: remove gcov-files- variables
  tests: Prevent more accidental test disabling
  target/cris/translate: Get rid of qemu_log_separate()
  qemu-common.h: update copyright date to 2018

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-18 13:40:19 +01:00
Michael Clark
7c28f4da20
RISC-V: Don't add NULL bootargs to device-tree
Signed-off-by: Michael Clark <mjc@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Palmer Dabbelt <palmer@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-10-17 13:02:30 -07:00
Michael Clark
b6aa6cedf4
RISC-V: Add missing free for plic_hart_config
Signed-off-by: Michael Clark <mjc@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Palmer Dabbelt <palmer@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-10-17 13:02:24 -07:00
Michael Clark
85ba724fd6
RISC-V: Allow setting and clearing multiple irqs
Change the API of riscv_set_local_interrupt to take a
write mask and value to allow setting and clearing of
multiple local interrupts atomically in a single call.
Rename the new function to riscv_cpu_update_mip.

Signed-off-by: Michael Clark <mjc@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Palmer Dabbelt <palmer@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-10-17 13:02:09 -07:00
Thomas Huth
1a1ff38c55 hw/core/generic-loader: Compile only once, not for each target
The generic-loader is currently compiled target specific due to one
single "#ifdef TARGET_WORDS_BIGENDIAN" in the file. We have already a
function called target_words_bigendian() for this instead, so we can
put the generic-loader into common-obj to save some compilation time.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2018-10-17 08:45:37 +02:00
Thomas Huth
c95ac10340 cpu: Provide a proper prototype for target_words_bigendian() in a header
We've got three places already that provide a prototype for this
function in a .c file - that's ugly. Let's provide a proper prototype
in a header instead, with a proper description why this function should
not be used in most cases.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2018-10-17 08:41:43 +02:00
Thomas Huth
8c827c53c5 hw/core/generic-loader: Set a category for the generic-loader device
Each device that is instantiatable by the users should be marked with
a category. Since the generic-loader does not fit anywhere else, put
it into the MISC category.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2018-10-17 08:40:15 +02:00
Edgar E. Iglesias
357aa01335 net: cadence_gem: Implement support for 64bit descriptor addresses
Implement support for 64bit descriptor addresses.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20181011021931.4249-8-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-16 17:13:50 +01:00
Edgar E. Iglesias
84aec8efd6 net: cadence_gem: Add support for selecting the DMA MemoryRegion
Add support for selecting the Memory Region that the GEM
will do DMA to.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20181011021931.4249-7-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-16 17:13:49 +01:00
Edgar E. Iglesias
e48fdd9d90 net: cadence_gem: Add support for extended descriptors
Add support for extended descriptors with optional 64bit
addressing and timestamping. QEMU will not yet provide
timestamps (always leaving the valid timestamp bit as zero).

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20181011021931.4249-6-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-16 17:13:49 +01:00
Edgar E. Iglesias
8568313f3b net: cadence_gem: Add macro with max number of descriptor words
Add macro with max number of DMA descriptor words.
No functional change.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20181011021931.4249-5-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-16 17:13:48 +01:00
Edgar E. Iglesias
f02361822f net: cadence_gem: Use uint32_t for 32bit descriptor words
Use uint32_t instead of unsigned to describe 32bit descriptor words.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20181011021931.4249-4-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-16 17:13:47 +01:00
Edgar E. Iglesias
b2d43091b5 net: cadence_gem: Disable TSU feature bit
Disable the Timestamping Unit feature bit since QEMU does not
yet support it. This allows guest SW to correctly probe for
its existance.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20181011021931.4249-2-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-16 16:16:42 +01:00
Jerome Forissier
fb23d693a3 hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
Bindings for /secure-chosen and /secure-chosen/stdout-path have been
proposed 1.5 years ago [1] and implemented in OP-TEE at the same time [2].
They've now been officially agreed on, so we can implement them
in QEMU.

This patch creates the property when the machine is secure.

[1] https://patchwork.kernel.org/patch/9602401/
[2] https://github.com/OP-TEE/optee_os/commit/4dc31c52544a

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Message-id: 20181005080729.6480-1-jerome.forissier@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: commit message tweak]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-16 16:15:01 +01:00
Li Qiang
2683ccd5be vfio-pci: make vfio-pci device more QOM conventional
Define a TYPE_VFIO_PCI and drop DO_UPCAST.

Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-10-15 11:22:29 -06:00
Geert Uytterhoeven
4ebc0b613c hw/arm/virt: Allow dynamic vfio-platform devices again
Allow the instantation of generic dynamic vfio-platform devices again,
without the need to create a new device-specific vfio type.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-10-15 11:22:28 -06:00
Eric Auger
af7d64ede0 hw/arm/sysbus-fdt: Allow device matching with DT compatible value
Up to now we have relied on the device type to identify a device tree
node creation function.  Since we would like the vfio-platform device to
be instantiable with different compatible strings we introduce the
capability to specialize the node creation depending on actual
compatible value.

NodeCreationPair is renamed into BindingEntry. The struct is enhanced
with compat and match_fn() fields.  We introduce a new matching function
adapted to the vfio-platform generic device.

Soon, the AMD XGBE can be instantiated with either manner, i.e.:

    -device vfio-amd-xgbe,host=e0900000.xgmac

or using the new option line:

    -device vfio-platform,host=e0900000.xgmac

Signed-off-by: Eric Auger <eric.auger@redhat.com>
[geert: Match using compatible values in sysfs instead of user-supplied
	manufacturer/model options, reword]
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-10-15 11:22:04 -06:00
Eric Auger
a49531ebd0 vfio/platform: Make the vfio-platform device non-abstract
Up to now the vfio-platform device has been abstract and could not be
instantiated.  The integration of a new vfio platform device required
creating a dummy derived device which only set the compatible string.

Following the few vfio-platform device integrations we have seen the
actual requested adaptation happens on device tree node creation
(sysbus-fdt).

Hence remove the abstract setting, and read the list of compatible
values from sysfs if not set by a derived device.

Update the amd-xgbe and calxeda-xgmac drivers to fill in the number of
compatible values, as there can now be more than one.

Note that sysbus-fdt does not support the instantiation of the
vfio-platform device yet.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
[geert: Rebase, set user_creatable=true, use compatible values in sysfs
	instead of user-supplied manufacturer/model options, reword]
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-10-15 10:52:09 -06:00
Gerd Hoffmann
b290659fc3 hw/vfio/display: add ramfb support
So we have a boot display when using a vgpu as primary display.

ramfb depends on a fw_cfg file.  fw_cfg files can not be added and
removed at runtime, therefore a ramfb-enabled vfio device can't be
hotplugged.

Add a nohotplug variant of the vfio-pci device (as child class).  Add
the ramfb property to the nohotplug variant only.  So to enable the vgpu
display with boot support use this:

  -device vfio-pci-nohotplug,display=on,ramfb=on,sysfsdev=...

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-10-15 10:52:09 -06:00
Thomas Huth
ce3cf70eda hw/display/cirrus_vga: Move "isa-cirrus-vga" device into a separate file
In downstream distros like RHEL we'd like to disable some of the "legacy"
devices of QEMU. The ISA version of the Cirrus VGA device is one of these
legacy devices. So let's make the build process a little bit more flexible
here by putting the Cirrus ISA code into a separate file which is only
included if both, CONFIG_VGA_CIRRUS and CONFIG_VGA_ISA are set.

Note that this disables "isa-cirrus-vga" for the ppc-softmmu and the
alpha-softmmu target since CONFIG_VGA_ISA is not set there. But I think
this is OK since these targets are only interested in the PCI variant
anyway.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1539339106-32427-1-git-send-email-thuth@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-10-15 09:57:33 +02:00
Gerd Hoffmann
715eb05b78 i2c: switch ddc to use the new edid generator
This also makes the default display resolution configurable,
via xres and yres properties.  The default is 1024x768.

The old code had a hard-coded resolution of 1600x1200.

Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20181005110837.28209-1-kraxel@redhat.com
2018-10-15 09:57:33 +02:00
Gerd Hoffmann
2f99f80c5d qxl: check qxl_phys2virt return value
Fixes: CID 1395986
Fixes: 979f7ef896
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20181005134608.1251-1-kraxel@redhat.com
2018-10-15 09:57:33 +02:00
Gerd Hoffmann
a0d098b794 bochs-display: wire up edid support
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20181005160147.892-3-kraxel@redhat.com
2018-10-15 09:57:33 +02:00
Gerd Hoffmann
cc22c1bf5d display: add separate config option for bochs-display
This allows modern architectures which don't care about vga
compatibility (risc-v for example) build bochs-display without
including all vga emulation too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20181005160147.892-2-kraxel@redhat.com
2018-10-15 09:57:33 +02:00
Gerd Hoffmann
2e4a0b1766 edid: fix alignment issues
Use stl_le_p() & friends instead of casts.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20181015055333.32030-1-kraxel@redhat.com
2018-10-15 09:57:33 +02:00
Peter Maydell
69ac8c4cb9 More s390x updates:
- introduce support for vfio-ap (s390 crypto devices), including a
   Linux headers update to get the new interfaces
 - the usual fixing + cleanup
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAlvAb14SHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vdL4P/3rl6yyQhtiyP4Dw3TWZvWdhXwuPAMIL
 kzzQt1CQdqcMu+rdvXeResbWUb2nf7uyfRanchmj+D9hw9BlDojo2e7ZWmAsSymr
 37ZyPiRrOkxxShNRIlFk2w4lmwvN7n7JLXyBD5Z/ptrVvuNPyn8Wh8PCd+ieY4m9
 o89dvZOv+o+3+ToL+9+jnjpfK6sECzs+ULFq//+cnhTBzz2jXrNy8PztB82N6d70
 KUKIoab0BTRu2wkX73fcz14I+h/di4H0NFvwSxAo+CtsanP+qOkX5xaEfHyZE6QW
 cDz8oTRwtk5qckeYzBbp21SjK+OEaxXrtpRAUmpVm7mAMR7ba7z3PhIgZW5G+lk1
 Yw+yD0RIGjDyG3PAQ9Qb/WJp8q/h7VluDKdddDrSqtFYbPAJS1w/3JzJJOeTpRfR
 aDuiFJGVmS/uDFP8GcugCllVqfCsAQJQqL0HKPNo8W5F14DbnX87IoUMz38HVdjb
 xv0cr1NHGaZnAhJsu8Tq+gGLuenqzDgOQgNCr0DNOitqu51RfXtS0OgzYDEDllwb
 xcGWQEGMe2B/QIFasdZt0JHTjKWbhnfzZ2afneEwJvRUx+9BTtAbayR3zxpg/LT8
 qy1Ipk6OgGy39N61n0BxFtdJzPEF3Se4f3nJm+67LQp1iLjOnkXSsZmVhdXGikb6
 SICPj5xVNzSv
 =Jztt
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20181012' into staging

More s390x updates:
- introduce support for vfio-ap (s390 crypto devices), including a
  Linux headers update to get the new interfaces
- the usual fixing + cleanup

# gpg: Signature made Fri 12 Oct 2018 10:54:38 BST
# gpg:                using RSA key DECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20181012:
  hw/s390x: Include the tod-qemu also for builds with --disable-tcg
  s390: doc: detailed specifications for AP virtualization
  s390x/vfio: ap: Introduce VFIO AP device
  s390x/ap: base Adjunct Processor (AP) object model
  s390x/kvm: enable AP instruction interpretation for guest
  s390x/cpumodel: Set up CPU model for AP device support
  linux-headers: update
  target/s390x/excp_helper: Remove DPRINTF() macro

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-12 12:40:04 +01:00
Thomas Huth
0161215d43 hw/s390x: Include the tod-qemu also for builds with --disable-tcg
The device is required for running qtests, see hw/s390x/tod.c:

void s390_init_tod(void)
{
    Object *obj;

    if (kvm_enabled()) {
        obj = object_new(TYPE_KVM_S390_TOD);
    } else {
        obj = object_new(TYPE_QEMU_S390_TOD);
    }
    [...]
  }

During qtests, we're running without kvm, so TYPE_QEMU_S390_TOD is
required to avoid that QEMU aborts here.

Fixes: 8046f374a6 ("s390x/tod: factor out TOD into separate device")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1539264723-741-1-git-send-email-thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-12 11:32:19 +02:00
Tony Krowiak
2fe2942cd6 s390x/vfio: ap: Introduce VFIO AP device
Introduces a VFIO based AP device. The device is defined via
the QEMU command line by specifying:

    -device vfio-ap,sysfsdev=<path-to-mediated-matrix-device>

There may be only one vfio-ap device configured for a guest.

The mediated matrix device is created by the VFIO AP device
driver by writing a UUID to a sysfs attribute file (see
docs/vfio-ap.txt). The mediated matrix device will be named
after the UUID. Symbolic links to the $uuid are created in
many places, so the path to the mediated matrix device $uuid
can be specified in any of the following ways:

/sys/devices/vfio_ap/matrix/$uuid
/sys/devices/vfio_ap/matrix/mdev_supported_types/vfio_ap-passthrough/devices/$uuid
/sys/bus/mdev/devices/$uuid
/sys/bus/mdev/drivers/vfio_mdev/$uuid

When the vfio-ap device is realized, it acquires and opens the
VFIO iommu group to which the mediated matrix device is
bound. This causes a VFIO group notification event to be
signaled. The vfio_ap device driver's group notification
handler will get called at which time the device driver
will configure the the AP devices to which the guest will
be granted access.

Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
Tested-by: Pierre Morel <pmorel@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Pierre Morel <pmorel@linux.ibm.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20181010170309.12045-6-akrowiak@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
[CH: added missing g_free and device category]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-12 11:32:18 +02:00
Tony Krowiak
a51b31535a s390x/ap: base Adjunct Processor (AP) object model
Introduces the base object model for virtualizing AP devices.

Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
Tested-by: Pierre Morel <pmorel@linux.ibm.com>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20181010170309.12045-5-akrowiak@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-12 11:32:18 +02:00
Denis V. Lunev
18613dc6d9 qmp, hmp: make subsystem/system-vendor identities optional
According to PCI specification, subsystem id and subsystem vendor id
are present only in type 0 and type 2 headers (at different offsets),
but not in type 1 headers.

Thus we should make this data optional in struct PciDeviceId and skip
reporting them via HMP if the information is not available.

Additional (wrong information) about PCI bridges (Type1 devices) has been
added in 5383a705 and fortunately not released. This patch fixes that
problem. The problem was spotted by Markus.

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
CC: Eric Blake <eblake@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Message-Id: <20181002135538.12113-1-den@openvz.org>
Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2018-10-11 19:58:26 +01:00
Ilya Maximets
5ce43896e1 vhost-user: Don't ask for reply on postcopy mem table set
According to documentation, NEED_REPLY_MASK should not be set
for VHOST_USER_SET_MEM_TABLE request in postcopy mode.
This restriction was mistakenly applied to 'reply_supported'
variable, which is local and used only for non-postcopy case.

CC: Dr. David Alan Gilbert <dgilbert@redhat.com>
Fixes: 9bb3801994 ("vhost+postcopy: Send address back to qemu")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Message-Id: <20181002140947.4107-1-i.maximets@samsung.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2018-10-11 19:58:26 +01:00
Ilya Maximets
c4f753859a vhost-user: Fix userfaultfd leak
'fd' received from the vhost side is never freed.
Also, everything (including 'postcopy_listen' state) should be
cleaned up on vhost cleanup.

Fixes: 46343570c0 ("vhost+postcopy: Wire up POSTCOPY_END notify")
Fixes: f82c11165f ("vhost+postcopy: Register shared ufd with postcopy")
Cc: qemu-stable@nongnu.org
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Message-Id: <20181008160536.6332-3-i.maximets@samsung.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2018-10-11 19:58:26 +01:00
Markus Armbruster
b266f1d112 ivshmem: Fix unplug of device "ivshmem-plain"
Commit 2aece63c8a "hostmem: detect host backend memory is being used
properly" fixed "ivshmem-plain" to reject memory backends that are
already in use, and to block their deletion while in use.  Two bugs
escaped review:

* New ivshmem_plain_exit() fails to call ivshmem_exit().  This breaks
  unplug.  Reproducer: migration after unplug still fails with
  "Migration is disabled when using feature 'peer mode' in device
  'ivshmem'".

* It failed to update legacy "ivshmem".  Harmless, because it creates
  the memory backend itself, and nothing else should use it.

Fix by moving the two host_memory_backend_set_mapped() calls into
ivshmem_common_realize() and ivshmem_exit(), guarded by s->hostmem.

Fixes: 2aece63c8a
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180926163709.22876-1-armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-10 08:01:36 +02:00
Peter Maydell
74e2e59b8d hw/display/bcm2835_fb: Silence Coverity warning about multiply overflow
Coverity complains (CID 1395628) that the multiply in the calculation
of the framebuffer base is performed as 32x32 but then used in a
context that takes a 64-bit hwaddr. This can't actually ever
overflow the 32-bit result, because of the constraints placed on
the s->config values in bcm2835_fb_validate_config(). But we
can placate Coverity anyway, by explicitly casting one of the
inputs to a hwaddr, so the whole expression is calculated with
64-bit arithmetic.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20181005133012.26490-1-peter.maydell@linaro.org
2018-10-08 14:55:05 +01:00
Peter Maydell
846690dee8 virt: Suppress external aborts on virt-2.10 and earlier
In commit c79c0a314c we enabled emulation of external aborts
when the guest attempts to access a physical address with no
mapped device. In commit 4672cbd7be we suppress this for
most legacy boards to prevent breakage of previously working
guests, but we didn't suppress it in the 'virt' board, with
the rationale "we know that guests won't try to prod devices
that we don't describe in the device tree or ACPI tables". This
is mostly true, but we've had a report of a Linux guest image
that this did break. The problem seems to be that the guest
is (incorrectly) configured with a DEBUG_UART_PHYS value that
tells it there is a uart at 0x10009000 (which is true for
vexpress but not for virt), so in early bootup the kernel
probes this bogus address.

This is a misconfigured guest, so we don't need to worry
about it too much, but we can arrange that guests that ran
on QEMU v2.10 (before c79c0a314c) will still run on
the "virt-2.10" board model, by suppressing external aborts
only for that version and earlier. This seems a reasonable
compromise: "virt-2.10" is supposed to behave the same way
that "virt" did in the 2.10 release, and making it do that
provides a usable workaround for guests with bugs like this.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180925144127.31965-1-peter.maydell@linaro.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2018-10-08 14:55:02 +01:00
Peter Maydell
e2e3436add vga: edid fixes, qxl clang workaround, vga mmio subregion fix.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJbt0bsAAoJEEy22O7T6HE44oEP/AisWyCoubdZuUv6U1/5HWJl
 ow/1Hsum9RUz2Y278TRH8wVjJ8RdTpY7mFhFG8bQYreishmGmlVWyl+SSxaOgeaA
 gOoWc3k+Z7jAToZC+l3eiRVoDPPDa7yb8ezmTB+MOlhImDZMCQpCsrorQYgicobc
 xo7BVsXddOBLipZWtO6HK28LR1CdOonp4fOJHsQAqCLNG4xIpjXMqjTkrG5G4wn9
 hsS/PNVr+ZTSsCtTKmqIyvWIJimqXlkcLTkTPuD16SmyedQR/cr0EIUgRZgJoTh9
 0Qg3T7hp6l1ZQDWxTgKhZlhuOkH6uqLAcBDBqKTHn47XYrxNPkK7c769aR/F4ZOi
 oDfj5PeR3lx0vNo2tE2tcGzExjqdRKk2MsUhc+ww+Yypaflzc8lgAdwKH5fTJ7PU
 qayAkkpzSW6rLkMUniscr0a7a7AZlMqGFJ/pZbPx6b6tGTU0pyWMM74Ait09nwxe
 lbg2wW6hC6VRwYyLeYSzFh0khQ856G3/jhKNYDB15/GNeMqbv/4DXcIMycM76+aZ
 RkEpdsb/cR+yTtOCQMzD4pLR/XOPdPco8rF7P0o26rWyRCR6qljd4jg8caogm3bA
 vF7N6H7QwmzICEPkDNqV2luYOEQaiszedYj306j9b1qGYdu6bPbvgJU1bzYMH7oy
 d+RKYhYBaOyX//qs2t9W
 =Uq7Q
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20181005-pull-request' into staging

vga: edid fixes, qxl clang workaround, vga mmio subregion fix.

# gpg: Signature made Fri 05 Oct 2018 12:11:40 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20181005-pull-request:
  edid: fix vendor default
  secondary-vga: delete mmio subregions upon exit
  hw/display/qxl: Suppress clang-7 warning about misaligned atomic operation
  edid: Ignore built binary

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-05 18:52:58 +01:00
Peter Maydell
ae7a4c0a46 Various s390x updates:
- fix several struct definitions so that sparc hosts do not trip over
   unaligned accesses
 - fence enabling huge pages for pre-3.1 machines
 - sysbus init -> realize conversion
 - fixes and improvements in tcg (instruction flags and AFP registers)
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAlu2MCwSHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+v4dcP/2XM7rY1s67EXgbj441n+Vj4BbXR+SLw
 rmbO6WNrOhK1NvhN96N2GveawgxA7jWU9LqTYJZPdOVZmG3ZJmDF+hnJZ6DY2pKR
 R5x0OknVtkPbkHci/uYtEfUVuvaBzCC2b4/o7Oo+9UMyyRRImxMYjSJj9YhYgtbL
 hnpa1ogLB8wJDQRjOHxvsAVM/68wFpgnh5lGTXgH0bt7tPeShWpxpWaM6e9OlHB1
 i2en+ImKHK3gLKmCvJ7UR0DCxALVDL2I4KPw0c/aqeYWNlf9HtIv7VS+EfcsqMSn
 PO9t77c1HHjXIpELuQqsm1KLxsYXYfjDF3w/iQB4hKFHxLpCIfqDEJ8rQkIIYWY4
 ad7qhu3O0OgQreeFdWJIBGfZSZfmXb89bMX4O0YiyNK0eDZ8S4Y3I2+iZQVhWhZJ
 B74OpdWmMXkzBDjbP8dkCsF045eDmu+d3aLEe0KIjuLdIDBxQgFK73xe4K0JKlvx
 SLk24rXkhCCCFPgyqfgllIHqvUWJvdKXbr/SuD+Wy09geURKxtDC3+mRuL2swGos
 YPueLsfDz282VSdcFhjxTweGEURimSW+EQF18lCHOlei1HCbscV2CNP5L3WKQ8U+
 K45lD8LOs0U6qS0QAos6c96oEBWJXMkNCP6oTreDyAvcEeYNOm2eLx2/JyGSBDJx
 Zi+IRr0kkYFG
 =0e7K
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20181004' into staging

Various s390x updates:
- fix several struct definitions so that sparc hosts do not trip over
  unaligned accesses
- fence enabling huge pages for pre-3.1 machines
- sysbus init -> realize conversion
- fixes and improvements in tcg (instruction flags and AFP registers)

# gpg: Signature made Thu 04 Oct 2018 16:22:20 BST
# gpg:                using RSA key DECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20181004:
  hw/s390x/s390-pci-bus: Convert sysbus init function to realize function
  s390x/tcg: refactor specification checking
  s390x/tcg: fix FP register pair checks
  s390x/tcg: handle privileged instructions via flags
  s390x/tcg: check for AFP-register, BFP and DFP data exceptions
  s390x/tcg: add instruction flags for floating point instructions
  s390x/tcg: support flags for instructions
  s390x/tcg: store in the TB flags if AFP is enabled
  s390x/tcg: factor out and fix DATA exception injection
  s390x: move tcg_s390_program_interrupt() into TCG code and mark it noreturn
  target/s390x: exception on non-aligned LPSW(E)
  s390x: Fence huge pages prior to 3.1
  hw/s390x/ioinst: Fix alignment problem in struct SubchDev
  hw/s390x/css: Remove QEMU_PACKED from struct SenseId
  hw/s390x/ipl: Fix alignment problems of S390IPLState members

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-05 16:05:06 +01:00
Gerd Hoffmann
edbc4b24bb edid: fix vendor default
"EMU" actually is "Emulex Corporation", so not a good idea to use that
by default.  Lets use the Red Hat vendor id instead, which is in line
with the pci ids which are allocated from Red Hat vendor ids too.

Vendor list is available from http://www.uefi.org/pnp_id_list

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20181005091934.12143-1-kraxel@redhat.com
2018-10-05 11:26:56 +02:00
remy.noel
0ab90e6170 secondary-vga: delete mmio subregions upon exit
93abfc88bd introduced a reference cycle in
the vga-pci devices, preventing cleanup of the object upon hotblug.

This patch allows to break the cycle.

Signed-off-by: remy.noel <remy.noel@blade-group.com>
Message-id: 20181002121935.23706-1-remy.noel@blade-group.com

[ kraxel: delete the recently added edid region too ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-10-05 11:23:37 +02:00
Peter Maydell
5a358b39f5 hw/display/qxl: Suppress clang-7 warning about misaligned atomic operation
If QEMU is compiled with clang-7 it results in the warning:

hw/display/qxl.c:1884:19: error: misaligned or large atomic operation
may incur significant performance penalty [-Werror,-Watomic-alignment]
    old_pending = atomic_fetch_or(&d->ram->int_pending, le_events);
                  ^

This is because the Spice headers forgot to define the QXLRam struct
with the '__aligned__(4)' attribute.  clang 7 and newer will thus
warn that the access here to int_pending might not be 4-aligned
(because the QXLRam object d->ram points at might start at a
misaligned address).  In fact we set up d->ram in init_qxl_ram() so
it always starts at a 4K boundary, so we know the atomic access here
is OK.

Newer Spice versions (with Spice commit
beda5ec7a6848be20c0cac2a9a8ef2a41e8069c1) will fix the bug;
for older Spice versions, work around it by telling the compiler
explicitly that the alignment is OK using __builtin_assume_aligned().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180927155538.699-1-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-10-05 11:21:17 +02:00
Thomas Huth
b576d582ea hw/s390x/s390-pci-bus: Convert sysbus init function to realize function
The SysBusDeviceClass->init() interface is considered as a legacy interface
and there are currently some efforts going on to get rid of it. Thus let's
convert the init function in the s390x code to realize() instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1538466491-2073-1-git-send-email-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04 12:10:40 +02:00
Janosch Frank
28221f9c99 s390x: Fence huge pages prior to 3.1
As the kernel has no way of disallowing the start of a huge page
backed VM, we can migrate a running huge backed VM to a host that has
no huge page KVM support.

Let's glue huge page support support to the 3.1 machine, so we do not
migrate to a destination host that doesn't have QEMU huge page support
and can stop migration if KVM doesn't indicate support.

Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Message-Id: <20180928093435.198573-1-frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04 10:32:39 +02:00
Thomas Huth
729315ebca hw/s390x/css: Remove QEMU_PACKED from struct SenseId
The uint16_t member cu_type of struct SenseId is not naturally aligned,
and since the struct is marked with QEMU_PACKED, this can lead to
unaligned memory accesses - which does not work on architectures like
Sparc. Thus remove the QEMU_PACKED here and rather copy the struct
byte by byte when we do copy_sense_id_to_guest().

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1538036615-32542-3-git-send-email-thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04 10:32:38 +02:00
Thomas Huth
3b8afb41bc hw/s390x/ipl: Fix alignment problems of S390IPLState members
The IplParameterBlock and QemuIplParameters structures are declared with
QEMU_PACKED, so the compiler assumes that the structures do not need to
be aligned in memory. Since the are listed after a "bool" within the
S390IPLState, the IplParameterBlock and QemuIplParameters are also indeed
mis-aligned in memory. This causes problems on Sparc during migration, since
we use VMSTATE_UINT16 in vmstate_iplb to access the devno member for example,
and the corresponding migration functions (like qemu_get_be16s) then try to
access a 16-bit value from a misaligned memory address.
The easiest solution to fix this problem is to move the packed structures
to the beginning of the S390IPLState, right after the DeviceState of course
which has to stay first for QOM reasons. But since DeviceState is a non-packed
struct, we can be sure that it will be padded to the correct alignment at the
end. If not, the QEMU_BUILD_BUG_MSG in this patch will tell us.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1538036615-32542-2-git-send-email-thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04 10:32:38 +02:00
Marc-André Lureau
95e30b2a13 chardev: mark the calls that allow an implicit mux monitor
This is mostly for readability of the code. Let's make it clear which
callers can create an implicit monitor when the chardev is muxed.

This will also enforce a safer behaviour, as we don't really support
creating monitor anywhere/anytime at the moment. Add an assert() to
make sure the programmer explicitely wanted that behaviour.

There are documented cases, such as: -serial/-parallel/-virtioconsole
and to less extent -debugcon.

Less obvious and questionable ones are -gdb, SLIRP -guestfwd and Xen
console. Add a FIXME note for those, but keep the support for now.

Other qemu_chr_new() callers either have a fixed parameter/filename
string or do not need it, such as -qtest:

* qtest.c: qtest_init()
  Afaik, only used by tests/libqtest.c, without mux. I don't think we
  support it outside of qemu testing: drop support for implicit mux
  monitor (qemu_chr_new() call: no implicit mux now).

* hw/
  All with literal @filename argument that doesn't enable mux monitor.

* tests/
  All with @filename argument that doesn't enable mux monitor.

On a related note, the list of monitor creation places:

- the chardev creators listed above: all from command line (except
  perhaps Xen console?)

- -gdb & hmp gdbserver will create a "GDB monitor command" chardev
  that is wired to an HMP monitor.

- -mon command line option

From this short study, I would like to think that a monitor may only
be created in the main thread today, though I remain skeptical :)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2018-10-03 14:45:05 +04:00
Peter Maydell
9786650866 hw/scsi/mptendian: Avoid taking address of fields in packed structs
Taking the address of a field in a packed struct is a bad idea, because
it might not be actually aligned enough for that pointer type (and
thus cause a crash on dereference on some host architectures). Newer
versions of clang warn about this. Avoid the bug by not using the
"modify in place" byte swapping functions.

This patch was produced with the following simple spatch script:
@@
expression E;
@@
-le16_to_cpus(&E);
+E = le16_to_cpu(E);
@@
expression E;
@@
-le32_to_cpus(&E);
+E = le32_to_cpu(E);
@@
expression E;
@@
-le64_to_cpus(&E);
+E = le64_to_cpu(E);
@@
expression E;
@@
-cpu_to_le16s(&E);
+E = cpu_to_le16(E);
@@
expression E;
@@
-cpu_to_le32s(&E);
+E = cpu_to_le32(E);
@@
expression E;
@@
-cpu_to_le64s(&E);
+E = cpu_to_le64(E);

followed by some minor tidying of overlong lines and bad indent.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20180927134852.21490-1-peter.maydell@linaro.org>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:09:14 +02:00
Peter Maydell
695e2fc2d6 hw/nvram/fw_cfg: Use memberwise copy of MemoryRegionOps struct
We've now removed the 'old_mmio' member from MemoryRegionOps,
so we can perform the copy as a simple struct copy rather
than having to do it via a memberwise copy.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20180824170422.5783-3-peter.maydell@linaro.org>
Based-on: <20180802174042.29234-1-peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:09:14 +02:00
Paolo Bonzini
d41ca5afe3 virtio: do not take address of packed members
The address of a packed member is not packed, which may cause accesses
to unaligned pointers.  Avoid this by reading the packed value before
passing it to another function.

Cc: Jason Wang <jasowang@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:09:13 +02:00
Pavel Dovgalyuk
b255df7e6e replay: replay BH for IDE trim operation
This patch makes IDE trim BH deterministic, because it affects
the device state. Therefore its invocation should be replayed
instead of running at the random moment.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20180912081950.3228.68987.stgit@pasha-VirtualBox>
Acked-by: John Snow <jsnow@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:09:13 +02:00
Mark Cave-Ayland
c921370b22 lsi53c895a: convert to trace-events
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20180917053229.4853-1-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:09:13 +02:00
Fam Zheng
51f43d5792 scsi-block: Deprecate rotation_rate
This option is added together with scsi-disk but is never honoured,
becuase we don't emulate the VPD page for scsi-block. We could intercept
and inject the user specified value like for max xfer len, but it's
probably not helpful since the intent of 070f80095a was for random
entropy aspects, not for performance. If emulated rotation rate is
desired, scsi-hd is more suitable.

Signed-off-by: Fam Zheng <famz@redhat.com>

Message-Id: <20180917083138.3948-1-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:09:13 +02:00
Yongji Xie
4c3e250627 kvmclock: run KVM_KVMCLOCK_CTRL ioctl in vcpu thread
According to KVM API Documentation, we should only
run vcpu ioctls from the same thread that was used
to create the vcpu. This patch makes KVM_KVMCLOCK_CTRL
ioctl consistent with the Documentation.

No functional change.

Signed-off-by: Yongji Xie <xieyongji@baidu.com>
Signed-off-by: Chai Wen <chaiwen@baidu.com>
Message-Id: <1531315364-2551-1-git-send-email-xieyongji@baidu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Yongji Xie <elohimes@gmail.com>
2018-10-02 19:09:13 +02:00
Li Qiang
8371158bba hw: edu: replace device name with macro
Just as other devices do.

Signed-off-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <1536901871-2729-1-git-send-email-liq3ea@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:09:12 +02:00
Li Qiang
e9b6be9260 hw: hyperv_testdev: add read callback
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <20180912160118.21158-4-liq3ea@163.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:09:10 +02:00
Li Qiang
57cdec5e5f hw: pc-testdev: add read memory region callback
Also change the write callback name.

Signed-off-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <20180912160118.21158-5-liq3ea@163.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:09:10 +02:00
Li Qiang
af71743ad6 hw: debugexit: add read callback
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <20180912160118.21158-3-liq3ea@163.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:09:03 +02:00
Li Qiang
2247936a04 fw_cfg_mem: add read memory region callback
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <20180912160118.21158-2-liq3ea@163.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:09:02 +02:00
Li Zhijian
f3839fda57 change get_image_size return type to int64_t
Previously, if the size of initrd >=2G, qemu exits with error:
root@haswell-OptiPlex-9020:/home/lizj# /home/lizhijian/lkp/qemu-colo/x86_64-softmmu/qemu-system-x86_64 -kernel ./vmlinuz-4.16.0-rc4 -initrd large.cgz -nographic
qemu: error reading initrd large.cgz: No such file or directory
root@haswell-OptiPlex-9020:/home/lizj# du -sh large.cgz
2.5G	large.cgz

this patch changes the caller side that use this function to calculate
size of initrd file as well.

v2: update error message and int64_t printing format

Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Message-Id: <1536833233-14121-1-git-send-email-lizhijian@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 19:08:49 +02:00
Paolo Bonzini
61a9346f60 serial: fix DLL writes
Commit 0147883450 tries to handle
word-sized writes to DLL/DLH, but due to a typo,
this patch is causing tracebacks in all Linux kernels running the PXA
serial driver, due to an unexpected DLL register value. Here is the
surrounding code from drivers/tty/serial/pxa.c:

	serial_out(up, UART_DLL, quot & 0xff);		/* LS of divisor */

	/*
	 * work around Errata #75 according to Intel(R) PXA27x
	 * Processor Family Specification Update (Nov 2005)
	 */
	dll = serial_in(up, UART_DLL);
	WARN_ON(dll != (quot & 0xff));	// <-- warning

Reported-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Fixes: 0147883450
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Geert Uytterhoeven
71bb4ce1b5 hw/char/sh_serial: Add timeout handling to unbreak serial input
As of commit 18e8cf159177100e ("serial: sh-sci: increase RX FIFO trigger
defaults for (H)SCIF") in Linux v4.11-rc1, the serial console on the
QEMU SH4 target is broken: it delays serial input until enough data has
been received.

Since aforementioned commit, the Linux SCIF driver programs the Receive
FIFO Data Count Trigger bits in the FIFO Control Register, to postpone
generating a receive interrupt until:
  1. At least the receive trigger count of bytes of data are available
     in the receive FIFO, OR
  2. No further data has been received for at least 15 etu after the
     last received data.

While QEMU implements the former, it does not implement the latter.
Hence the receive interrupt is not generated until the former condition
is met.

Fix this by adding basic timeout handling.  As the QEMU SCIF emulation
ignores any serial speed programming, the timeout value used conforms to
a default speed of 9600 bps, which is fine for any interactive console.

Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Ulrich Hecht <uli@fpond.eu>
Tested-by: Rob Landley <rob@landley.net>
Tested-by: Rich Felker <dalias@libc.org>
Message-Id: <20180905131125.12635-1-geert+renesas@glider.be>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Pavel Dovgalyuk
a1f2ed2ad8 ps2: prevent changing irq state on save and load
Commit 2858ab09e6 changed
PS/2 keyboard/mouse buffers to the standard size. However, its state
may change when migrating from the old buffer size and therefore irq needs
updating. But this change made wrong, because it throws the whole queue
if there are too much data instead of cropping it.

That commit also updates irq (because the queue state may change).
But updating the irq may change the VM state (and determinism of
the execution). E.g., when replaying the execution, one may save
the VM state and the state of the interrupt controller will be updated
at the moment of saving, instead of using the recorded update events.

This patch makes the queue update deterministic: it removes the update_irq
call and crops the queue to prevent losing the characters and changing
the required irq status.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Message-Id: <20180511081601.14610.39946.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Paolo Bonzini
cf9270e522 es1370: fix ADC_FRAMEADR and ADC_FRAMECNT
They are not consecutive with DAC1_FRAME* and DAC2_FRAME*.

Fixes: 154c1d1f96
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Fam Zheng
2d1df85910 virtio: Return true from virtio_queue_empty if broken
Both virtio-blk and virtio-scsi use virtio_queue_empty() as the
loop condition in VQ handlers (virtio_blk_handle_vq,
virtio_scsi_handle_cmd_vq). When a device is marked broken in
virtqueue_pop, for example if a vIOMMU address translation failed, we
want to break out of the loop.

This fixes a hanging problem when booting a CentOS 3.10.0-862.el7.x86_64
kernel with ATS enabled:

  $ qemu-system-x86_64 \
    ... \
    -device intel-iommu,intremap=on,caching-mode=on,eim=on,device-iotlb=on \
    -device virtio-scsi-pci,iommu_platform=on,ats=on,id=scsi0,bus=pci.4,addr=0x0

The dead loop happens immediately when the kernel boots and initializes
the device, where virtio_scsi_data_plane_handle_cmd will not return:

    > ...
    > #13 0x00005586602b7793 in virtio_scsi_handle_cmd_vq
    > #14 0x00005586602b8d66 in virtio_scsi_data_plane_handle_cmd
    > #15 0x00005586602ddab7 in virtio_queue_notify_aio_vq
    > #16 0x00005586602dfc9f in virtio_queue_host_notifier_aio_poll
    > #17 0x00005586607885da in run_poll_handlers_once
    > #18 0x000055866078880e in try_poll_mode
    > #19 0x00005586607888eb in aio_poll
    > #20 0x0000558660784561 in aio_wait_bh_oneshot
    > #21 0x00005586602b9582 in virtio_scsi_dataplane_stop
    > #22 0x00005586605a7110 in virtio_bus_stop_ioeventfd
    > #23 0x00005586605a9426 in virtio_pci_stop_ioeventfd
    > #24 0x00005586605ab808 in virtio_pci_common_write
    > #25 0x0000558660242396 in memory_region_write_accessor
    > #26 0x00005586602425ab in access_with_adjusted_size
    > #27 0x0000558660245281 in memory_region_dispatch_write
    > #28 0x00005586601e008e in flatview_write_continue
    > #29 0x00005586601e01d8 in flatview_write
    > #30 0x00005586601e04de in address_space_write
    > #31 0x00005586601e052f in address_space_rw
    > #32 0x00005586602607f2 in kvm_cpu_exec
    > #33 0x0000558660227148 in qemu_kvm_cpu_thread_fn
    > #34 0x000055866078bde7 in qemu_thread_start
    > #35 0x00007f5784906594 in start_thread
    > #36 0x00007f5784639e6f in clone

With this patch, virtio_queue_empty will now return 1 as soon as the
vdev is marked as broken, after a "virtio: zero sized buffers are not
allowed" error.

To be consistent, update virtio_queue_empty_rcu as well.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <20180910145616.8598-2-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Peter Maydell
24c3833717 usb: fixes for mtp, hub and ohci.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJbsejEAAoJEEy22O7T6HE4PMkP+wSKv+1IXRAQUJOzGaptirnM
 saRNuglceC5Y4WXqKtoMe0J55J1d5HUrKoxuBULyLxXZmJB8lkiFUyzkgIwcNJEX
 MNsKeympva74EX4/JGz6CnbqcBleeuHT8pZfTwE7KlN3yyPRC2lQ0HmR1VMz9S/e
 kEALeQWGF9fcF0SIcoNSJgmF02JsElTi67YlK+1GIecdvsfUvEY1X9KyVEFk45RX
 fWLoUmz2hZlVzVVNq3+ZWbb53a9dMpPUXZgLWb5BRV12f8wh4tdH2s5i3QE5xYY8
 wgfnVkGsVMCks4qBKRsMysNpJkbm6YTxH3P8I07SselQi0rl2n7y0QU21Jeeoi5p
 7Bv7U0ECa66vi+/hjJ15FfvLfgPwNEkAUqyO66hKgQXlr+huGgYnpc9GEbpYYH6N
 9fyljOk/RJ5erjk/vFVmnSuhP9cv2vFqti0jOXRyHxvfL1oSTx/EZ2pXYWApa4UJ
 qngS/P5EtJS7qKdD36VAt/eo53toypxole8ULgSdgUwa8bk6E+RCPENMRg2XInqs
 i+ia0IktOlfV3DTAhMLwEs6heqi3b29/rxTcWmrfxmhrUnV/LpcAK8KenvTj+AsD
 MhRi5kFLaC5k5bwTFz/lG2UaO7dbhqW5/7XZKzNkhfAfdiTIrboj2jTE6IHz4ekH
 dWTQvZtNtuBkrnA5XEx5
 =hIG+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20181001-pull-request' into staging

usb: fixes for mtp, hub and ohci.

# gpg: Signature made Mon 01 Oct 2018 10:28:36 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20181001-pull-request:
  ohci: set effectively usb frame rate to 1kHz
  usb-hub: clear suspend on detach
  usb-mtp: reset ObjectInfo dataset size on cleanup
  doc: replace x-root with rootdir for usb-mtp
  usb-mtp: fix error conditions for write operation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-01 12:33:18 +01:00
Peter Maydell
cc28dce2ec vga: add edid support, qxl bugfixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJbrILgAAoJEEy22O7T6HE4y9UP/isFQYYHjotebzYR8yNX9ukD
 JjtQt2yIMPSb6k/93UK+MvKxrURH/jNXLGYC68YY74YJGx612cEhjiDdUdW6yf1T
 Qs3Y8Qz5EEQ7yO0Sv4uPp3IoZTMCRrnAri8J8r5N1z7Exm6CMlCQwmTuxA+UYOEA
 JJ6Lz4h9zw8eyM+wLUPc4jkbw9juyEhV3yhzXrH3iELanxVxano6umn/SkTTcLXh
 qydCvHyHYnLF6tUJQSssIBjQuUySiA6yCzzM1cinjYqu8Dm37kFPpgWg/uPclqbe
 cQ0CPeyGdFU+ZQpfWRwQiFe498U3QLG/fTdO82XMgoItZa29Vr47fO1WyOly8SGs
 bcGNrzcgToyRasLXHoGQrRpr7PK+0PCUJrPmrpejkviAaX6R4sBZ4xuuirW69UQR
 AgG7BxbpgjCl+A8+sjJgjn1vTR9bT0sb8DG875j58osAVje3ZFf7Ln6I3CTQrrRf
 wrjldNT0/nOV4WK1QAPE085aEihFzO1MHDaoSDT+AkNv0idrJjGxx/HjCpY8mF4u
 YfKBjhxCDmvgVtT+mG9akv7VDfyReD+iqhoDA1hovWamH7E/QMgvl5rNpie7r0Qf
 914mcojOxIKG8OlbBhWVkpvTTCh1Qfzlgb7jffCwU+1RUZ/9lC41aIXmyuUoB2Ld
 G4qtPXaDJzpdZKaUieD9
 =P3hQ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180927-pull-request' into staging

vga: add edid support, qxl bugfixes.

# gpg: Signature made Thu 27 Sep 2018 08:12:32 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20180927-pull-request:
  qxl: support mono cursors with inverted colors
  qxl: use guest_monitor_config for local renderer.
  display/stdvga: add edid support.
  display/edid: add DEFINE_EDID_PROPERTIES
  display/edid: add region helper.
  display/edid: add qemu_edid_size()
  display/edid: add edid generator to qemu.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-01 11:33:16 +01:00
Miguel GAIO
a60f39a468 ohci: set effectively usb frame rate to 1kHz
USB frame rate is slightly lower than 1kHz: ie. ~950Hz.
Thus usb-audio device is not able to perform a simple audio playback
without underruns on audio backend.
eg. "-device pci-ohci,id=ohci -device usb-audio,bus=ohci.0" vs PulseAudio
backend. more than 50 underruns are observed per second.

Update ohci_sof_time computation, using QEMU_CLOCK_VIRTUAL in
ohci_usb_start(), and increment by usb_frame_time in ohci_sof()
makes USB frame rate close to 1kHz.
This way, no audio underrun are observed during audio playback.

Signed-off-by: Miguel GAIO <mgaio35@gmail.com>
Message-Id: <20180927151936.3647-1-mgaio35@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-10-01 10:49:54 +02:00
Gerd Hoffmann
3e9191acb7 usb-hub: clear suspend on detach
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20180912114012.6034-1-kraxel@redhat.com
2018-10-01 10:49:54 +02:00
Bandan Das
f7c36a754c usb-mtp: reset ObjectInfo dataset size on cleanup
Stale values in this field may result in qemu
expecting more data on the next operation

Signed-off-by: Bandan Das <bsd@redhat.com>
Message-id: 20180907220851.9658-4-bsd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-10-01 10:49:54 +02:00
Bandan
44dd419680 usb-mtp: fix error conditions for write operation
Return STORE_FULL if we can't write all the bytes but
return incomplete transfer if data received is less then
what was specified in the metadata. Also, use d->offset
as the file size which is valid for all file sizes.

Signed-off-by: Bandan <bsd@redhat.com>
Message-id: 20180907220851.9658-2-bsd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-10-01 10:49:53 +02:00
Peter Wu
36ffc122dc qxl: support mono cursors with inverted colors
Monochrome cursors are still used by Windows guests with the
QXL-WDDM-DOD driver. Such cursor types have one odd feature, inversion
of colors. GDK does not seem to support it, so implement an alternative
solution: fill the inverted pixels and add an outline to make the cursor
more visible. Tested with the text cursor in Notepad and Windows 10.

cursor_set_mono is also used by the vmware GPU, so add a special check
to avoid breaking its 32bpp format (tested with Kubuntu 14.04.4). I was
unable to find a guest which supports the 1bpp format with a vmware GPU.

The old implementation was buggy and removed in v2.10.0-108-g79c5a10cdd
("qxl: drop mono cursor support"), this version improves upon that by
adding bounds validation, clarifying the semantics of the two masks and
adds a workaround for inverted colors support.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1611984
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Message-id: 20180903145447.17142-1-peter@lekensteyn.nl

[ kraxel: minor codestyle fix ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-09-27 08:10:07 +02:00
Gerd Hoffmann
979f7ef896 qxl: use guest_monitor_config for local renderer.
When processing monitor config from guest store head0 width and height
for single-head configurations.  Use these when creating the
DisplaySurface in the local renderer.

This fixes a rendering issue with wayland.  Wayland rounds up the
framebuffer width and height to a multiple of 64, so with odd
resolutions (800x600 for example) the framebuffer is larger than the
actual screen.  The monitor config has the actual screen size though.

This fixes guest display for anything using the local renderer
(non-spice UI, screendump monitor command).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20180919103057.9666-1-kraxel@redhat.com
2018-09-27 08:08:07 +02:00
Gerd Hoffmann
d46b40fce2 display/stdvga: add edid support.
This patch adds edid support to the qemu stdvga.  It is turned off by
default and can be enabled with the new edid property.  The patch also
adds xres and yres properties to specify the video mode you want the
guest use.  Works only with edid enabled and updated guest driver.

The mmio bar of the stdvga has some unused address space at the start.
It was reserved just in case it'll be needed for virtio, but it turned
out to not be needed for that.  So let's use that region to place the
EDID data block there.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20180925075646.25114-6-kraxel@redhat.com
2018-09-27 08:07:51 +02:00
Gerd Hoffmann
97917e9e02 display/edid: add region helper.
Create a io region for an EDID data block.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180925075646.25114-4-kraxel@redhat.com
2018-09-27 08:07:51 +02:00
Gerd Hoffmann
e7992fc5a0 display/edid: add qemu_edid_size()
Helper function to figure the size of a edid blob, by checking how many
extensions are present.  Both the base edid blob and the extensions are
128 bytes in size.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20180925075646.25114-3-kraxel@redhat.com
2018-09-27 08:07:51 +02:00
Gerd Hoffmann
72d277a70e display/edid: add edid generator to qemu.
EDID is a metadata format to describe monitors.  On physical hardware
the monitor has an eeprom with that data block which can be read over
i2c bus.

On a linux system you can usually find the EDID data block in
/sys/class/drm/$card/$connector/edid.  xorg ships a edid-decode utility
which you can use to turn the blob into readable form.

I think it would be a good idea to use EDID for virtual displays too.
Needs changes in both qemu and guest kms drivers.  This patch is the
first step, it adds an generator for EDID blobs to qemu.  Comes with a
qemu-edid test tool included.

With EDID we can pass more information to the guest.  Names and serial
numbers, so the guests display configuration has no boring "Unknown
Monitor".  List of video modes.  Display resolution, pretty important
in case we want add HiDPI support some day.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20180925075646.25114-2-kraxel@redhat.com
2018-09-27 08:07:51 +02:00
Peter Maydell
866ba83854 - Deprecate the usage of a network backend via "name" instead of "id"
- Deprecate the "enforce-config-section" machine parameter
 - Re-enable the wdt_ib700, endianness and vmxnet3 qtests
 - Some trivial fixes and doc update patches that crossed my way
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJbqlsyAAoJEC7Z13T+cC21RbAP/3IvGfBxuRm6rBWoghjQgbl8
 KU8nPnlZUtqjxmfUTILO/h+pJ3na5MQ8hh7v8JHi+xlQ2DPkECW21DtnfdxntVjw
 +b+N5Ap6J22GHyEq4HJXPWAk2rDInqkU966DvL40RiMvOTfXdg9EO0TDX0VsVgZv
 BR1r7/t3T0P7hiQ0XWb9U2JchRIC+Zgk34gXZPSTpoIv89fUhzNoK5LvAA6yV1FQ
 TvE8VTKJm4wkqThH1ShtbJCBKjHjW/W8LYZr3YMothcs8vGjEdEcDL4BoJZDn3bF
 h4VTkU+k8lp7W9LmlnPnu1WH/5ezhzdwJTeFaPJt4U10WKJptAS4vbK03DXlds9O
 9d2BOXKrima2kSr1ejSe1f0kcE8fis1XFmSuhF61Nbw6ngT5+pP2JSc1XwFazd2K
 zQwV4GXBLzAGnd4F2Ec+5TKzbGFVfczxeBDiBkkVmG+XdX/UXJpkpPYGAaw7DDiK
 JwKVVYIPk1ll6MAbR6qEGsvE/adHNEm8lUdjXqwgbQlIeUZ2H0hCu9lJ0X81mtoQ
 WZP+nMa/87COnlPX6VPVgxM2TXQOH/UbGz/WmYzZ6/gPKTX+gfwrHQGdp7Tjl33U
 KxFKWioFnoqGuyWasvTtKEK67/IlrY+w1nXuuqKJg8J2/qx1SVtx45FHkRkxkIDx
 4boRpx0XUqpDVdf8VhRB
 =dXgp
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2018-09-25' into staging

- Deprecate the usage of a network backend via "name" instead of "id"
- Deprecate the "enforce-config-section" machine parameter
- Re-enable the wdt_ib700, endianness and vmxnet3 qtests
- Some trivial fixes and doc update patches that crossed my way

# gpg: Signature made Tue 25 Sep 2018 16:58:42 BST
# gpg:                using RSA key 2ED9D774FE702DB5
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>"
# gpg:                 aka "Thomas Huth <thuth@redhat.com>"
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>"
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>"
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2018-09-25:
  Revert "check: Move VMXNET3 test to common"
  Revert "check: Move endianess test to common"
  Revert "check: Move wdt_ib700 test to common"
  tests/migration: Speed up the test on ppc64
  hw/qdev-core: Fix description of instance_init
  qdev: fix a typo in comment
  docs: Fix some typos (most found by codespell)
  trivial: Make bios files and source files non-executable
  memfd: fix possible usage of the uninitialized file descriptor
  hw/core/machine: Officially deprecate the enforce-config-section parameter
  net/slirp: Deprecate the [hub_id name] parameter tuple
  net: Deprecate the "name" parameter of -net
  Makefile: Add missing dependency for qemu-deprecated.texi

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 18:09:52 +01:00
Li Qiang
6871a0d01f qdev: fix a typo in comment
Found by reading code.

Signed-off-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2018-09-25 17:26:18 +02:00
Thomas Huth
91c082ad86 hw/core/machine: Officially deprecate the enforce-config-section parameter
Commit 16f7244842 added this parameter
to the documentation, including a note that it is deprecated. But it
has never been added to the "Deprecated features" appendix, which is
our official way to deprecate legacy parameters. So let's do this now.

Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2018-09-25 17:26:17 +02:00
Peter Maydell
0a736f7ab8 HMP pull 2018-09-25
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbqkH9AAoJEAUWMx68W/3nqh4P/2Ip8VUzK7aDKpqZgRHTMbI5
 78x1iT3fClv008oThRcpoHiqH9DNrq0EXW4TixUXhqIhwxJaNmr2r54WsaNJeTVZ
 ww8m4Z3BAiFp9GSWQa8Mb6mMNnBVj2KNkSo6NFttmHUZbkafROBGqumer1Nbid3U
 X68mvy/y3dECRVfqGf3PzSIz5K+pSxgXFGzlbtjSX9CJO/a/o+YsuHLlk4CiVDq6
 txYNJ5hgyFieYxgUE03P2PAC+bHbv6hvwSB3sWDfdcTZZmeLxUM6CGG4WdbWqm3r
 ylmKVwBnrD13YbbWmPNpSFJKXg9Qf9KklKshag4+AhZ3HQDj4HGxQaB8m7lRQwII
 dw2LaO5wP6011fZ54cvYGMq87xYtqkLWUHD2Et39lSukfLuHtEQ4erSa99MVRrMK
 svuIfTe7uqfatgC6y0IugxlThqjkQiftG+CVL20nje+h5MFB/huh7eDE9kNrgUSg
 q6yxO67OgRuSy5vWUrQ4U+WZtiNIh3HjXf/SWUfsTxQk6SweIVuknyLPUxropLYe
 Zj0G/8sInxSTZQArpe0cXbZL279ppQ0xCwcKRxAO/UMLNqh+7diUQurAWBl80Exb
 qnW2wCrVB9W/EFDkjdFcAdW5SMxEpaKg45U6tdYqngC+p7yjVNlyltFP/Ew2eHKr
 uvO+ylONOJZtYwkjhLEJ
 =Pwfd
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgilbert/tags/pull-hmp-20180925' into staging

HMP pull 2018-09-25

# gpg: Signature made Tue 25 Sep 2018 15:11:09 BST
# gpg:                using RSA key 0516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>"
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert/tags/pull-hmp-20180925:
  qmp, hmp: add PCI subsystem id and vendor id to PCI info
  hmp: fix migrate status timer leak
  monitor: print message when using 'help' with an unknown command

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 15:49:25 +01:00
Cédric Le Goater
b3d6b8f5af aspeed/smc: fix some alignment issues
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180921161939.822-6-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 15:13:24 +01:00
Cédric Le Goater
fca9ca1b13 hw/arm/aspeed: Add an Aspeed machine class
The code looks better, it removes duplicated lines and it will ease
the introduction of common properties for the Aspeed machines.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180921161939.822-4-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 15:13:24 +01:00
Cédric Le Goater
3d9bada240 hw/arm/aspeed: change the FMC flash model of the AST2500 evb
The AST2500 evb is shipped with a W25Q256 which has a non volatile bit
to make the chip operate in 4 Byte address mode at power up. This
should be an interesting feature to model as it will exercise a bit
more the SMC controllers and MMIO execution at boot time.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20180921161939.822-3-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 15:13:24 +01:00
Cédric Le Goater
03f1d7201a aspeed/timer: fix compile breakage with clang 3.4.2
In file included from /home/thuth/devel/qemu/hw/timer/aspeed_timer.c:16:
/home/thuth/devel/qemu/include/hw/misc/aspeed_scu.h:37:3: error:
redefinition of typedef 'AspeedSCUState' is a C11 feature
      [-Werror,-Wtypedef-redefinition]
} AspeedSCUState;
  ^
/home/thuth/devel/qemu/include/hw/timer/aspeed_timer.h:27:31: note:
previous definition is here
typedef struct AspeedSCUState AspeedSCUState;

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180921161939.822-2-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 15:13:24 +01:00
Peter Maydell
3e1dd459cb hw/timer/cmsdk-apb-dualtimer: Add missing 'break' statements
Add 'break' statements missing from a switch in the APB dual-timer
write function. Spotted by Coverity as CID 1395626 and 1395633.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180924123122.14549-1-peter.maydell@linaro.org
2018-09-25 15:13:24 +01:00
Peter Maydell
b187e20f9b hw/net/pcnet-pci: Unify pcnet_ioport_read/write and pcnet_mmio_read/write
The only difference between our implementation of the pcnet ioport
accessors and the mmio accessors is that the former check BCR_DWIO to
see what access widths are permitted for addresses in the aprom range
(0x0..0xf). In fact our failure to do this in the mmio accessors
is a bug (one which was fixed for the ioport accessors in
commit 7ba7974197 in 2011).

The data sheet for the Am79C970A does not describe the DWIO
bit as only applying for I/O space mapped I/O resources and
not memory mapped I/O resources, and our MMIO accessors already
honour DWIO for accesses in the 0x10..0x1f range (since the
pcnet_ioport_{read,write}{w,l} functions check it).

The data sheet for the later but compatible Am79C976 is clearer:
it states specifically "DWIO mode applies to both I/O- and
memory-mapped acceses." This seems to be reasonable evidence
in favour of interpretating the Am79C970A spec as being the same.

(NB: Linux's pcnet driver only supports I/O accesses, so the
MMIO access part of this device is probably untested anyway.)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 15:13:24 +01:00
Peter Maydell
5d026de8b6 hw/net/pcnet-pci: Convert away from old_mmio accessors
Convert the pcnet-pci device away from using the old_mmio
MemoryRegionOps accessor functions.

This commit is a no-behaviour-change API conversion.
(Since PCNET_PNPMMIO_SIZE is 0x20, the old "addr & 0x10"
check and the new "addr < 0x10" check are exact opposites;
the new code is phrased to be parallel with the
pcnet_io_read/write functions.)

I have left a TODO comment marker because the similarity
between the MMIO and IO accessor behaviour is suspicious
and they could be combined, but this will be left to a
different patch.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 15:13:24 +01:00
Peter Maydell
b6e6c65151 hw/intc/arm_gic: Drop GIC_BASE_IRQ macro
The GIC_BASE_IRQ macro is a leftover from when we shared code
between the GICv2 and the v7M NVIC. Since the NVIC is now
split off, GIC_BASE_IRQ is always 0, and we can just delete it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180824161819.11085-1-peter.maydell@linaro.org
2018-09-25 15:13:24 +01:00
Eric Auger
9f4d2a1316 hw/arm/smmuv3: fix eventq recording and IRQ triggerring
The event queue management is broken today. Event records
are not properly written as EVT_SET_* macro was not updating
the actual event record. Also the event queue interrupt
is not correctly triggered.

Fixes: bb981004ea ("hw/arm/smmuv3: Event queue recording helper")
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20180921070138.10114-3-eric.auger@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 15:13:24 +01:00
Denis V. Lunev
5383a70520 qmp, hmp: add PCI subsystem id and vendor id to PCI info
This is a long story. Red Hat has relicensed Windows KVM device drivers
in 2018 and there was an agreement that to avoid WHQL driver conflict
software manufacturers should set proper PCI subsystem vendor ID in
their distributions. Thus PCI subsystem vendor id becomes actively used.

The problem is that this field is applied by us via hardware compats.
Thus technically it could be lost.

This patch adds PCI susbsystem id and vendor id to exportable parameters
for validation.

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
CC: Eric Blake <eblake@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180918095852.28422-1-den@openvz.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2018-09-25 14:48:44 +01:00
Eric Auger
6ce9297be6 hw/arm/smmu-common: Fix the name of the iommu memory regions
At the point smmu_find_add_as() gets called, the bus number might
not be computed. Let's change the name of IOMMU memory region and
just use the devfn and an incrementing index.

The name only is used for debug.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20180921070138.10114-2-eric.auger@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: changed 'uint' to 'unsigned int']
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 14:14:07 +01:00
Guenter Roeck
bb626e5b43 aspeed/i2c: Fix receive done interrupt handling
The AST2500 datasheet says:

I2CD10 Interrupt Status Register
       bit 2 Receive Done Interrupt status
             S/W needs to clear this status bit to allow next data receiving

The Rx interrupt done interrupt status bit needs to be cleared
explicitly before the next byte can be received, and must therefore
not be auto-cleared. Also, receiving the next byte must be delayed
until the bit has been cleared.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20180914063506.20815-4-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 14:14:07 +01:00
Guenter Roeck
7bd9c60d4e aspeed/i2c: Handle receive command in separate function
Receive command handling may have to be deferred if a previous receive
done interrupt was not yet acknowledged. Move receive command handling
into a separate function to prepare for the necessary changes.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20180914063506.20815-3-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 14:14:07 +01:00
Cédric Le Goater
5540cb97f7 aspeed/i2c: interrupts should be cleared by software only
aspeed i2c interrupts should be cleared by software only, and the bus
interrupt should be lowered when all interrupts have been cleared.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20180914063506.20815-2-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: drop TODO comment describing an issue which is
 fixed later in the patch series, and clean up commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 14:14:07 +01:00
Joel Stanley
b148ed4665 arm: Add BBC micro:bit machine
This adds the base for a machine model of the BBC micro:bit:

  https://en.wikipedia.org/wiki/Micro_Bit

This is a system with a nRF51 SoC containing the main processor, with
various peripherals on board.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-id: 20180831220920.27113-4-joel@jms.id.au
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 14:14:07 +01:00
Joel Stanley
673b2d42a8 arm: Add Nordic Semiconductor nRF51 SoC
The nRF51 is a Cortex-M0 microcontroller with an on-board radio module,
plus other common ARM SoC peripherals.

 http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf

This defines a basic model of the CPU and memory, with no peripherals
implemented at this stage.

Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-id: 20180831220920.27113-3-joel@jms.id.au
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: wrapped a few long lines]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 14:14:07 +01:00
Shannon Zhao
66c353cea6 hw/arm/virt-acpi-build: Add a check for memory-less NUMA nodes
Like commit 16b4226(hw/acpi-build: Add a check for memory-less NUMA node
), it also needs to check memory length for NUMA nodes on ARM.

Signed-off-by: Shannon Zhao <shannon.zhaosl@gmail.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 20180911112643.19296-1-shenglong.zsl@alibaba-inc.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 14:14:07 +01:00
Bartlomiej Zolnierkiewicz
5561adf062 hw/arm/exynos4210: fix Exynos4210 UART support
commit 97274d0c05 ("hw/char/exynos4210_uart.c: Remove unneeded
handling of NULL chardev") broke Exynos4210 support as it removed
NULL 'Chardev *chr' handling from exynos4210_uart_create() and
currently exynos4210_init() always passes NULL as 'Chardev *chr'
argument to exynos4210_uart_create() calls. Fix it by adding
missing serial_hd() calls to exynos4210_init().

Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 9310418.Wg32kryeWE@amdc3058
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 14:14:07 +01:00
Peter Maydell
506e4a00de ppc patch queue 2018-09-25
Here are the accumulated ppc target patches for the last several
 weeks. Highlights are:
    * A number of 40p / PReP cleanups
    * Preliminary irq rework on the pseries machine towards the new
      XIVE interrupt controller
 
 There are a few patches which make small changes to generic device and
 arm code as prerequisites to the 40p interrupt routing cleanup.  They
 have acks from the relevant maintainers.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAlup3PYACgkQbDjKyiDZ
 s5IcYQ//fp79LhIXUKfJuGasVg1K8X795s3nD8vZ76z7FV2kNyHvOCcTsLn0Ccrp
 WJLdXdZ0ErY87vJPfHckii9pXOX8J38nV5EFCElSLslx6gCndQZdQX2WY3luwIzq
 afiKMERwTkCcqFXXPgweijhhuAU+roay8xdO/ZBO52ogzGaZalTFjG4l9a0DZMSm
 ZceDrLrKw6GOaxntLptcn2+Ncuwpm0WSpLyL+bGNAzSAbqdn1dhHQ9UBrcSMteWj
 df8J7CX63CFL2MwbQE3RyXeKaomdHabG+QgEVMlS4dpXVUx++ciMtrwZTX1mMDlI
 DA9+5u6TcRMz34hN8lWk2O05scOVp8965BcfdeRBYAOTDS4ztiZJ9spKkIV0lHfe
 rkgo7F1OsqoQhs9QrLYp0zZYn1OIhHWrbhk/DQptCJMRHk8mct4v2FcyGecU0e1Z
 7SlJErxHXmar83PCCJXhtYHthDxN+dTHUW0bbrF4IjysfK+poX5hvvFEjyHGPIJL
 duytwgEnnrBOFM7f7mdfH1LKeKzm1ji8nu7g2IsPAXC0xuFaq+d0fZWUWjymSPku
 k5k5UUPs8KLtP9XY2qhO0vxBWl5d+CTam19FWVqHjRAp5WqjmoLxWnkofupcT0Yv
 LcoHH2Ad9K8e0F4nA4UCYdJwfGH3qO+eBzmBR4+HZOuT1gVvRuw=
 =A62f
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-3.1-20180925' into staging

ppc patch queue 2018-09-25

Here are the accumulated ppc target patches for the last several
weeks. Highlights are:
   * A number of 40p / PReP cleanups
   * Preliminary irq rework on the pseries machine towards the new
     XIVE interrupt controller

There are a few patches which make small changes to generic device and
arm code as prerequisites to the 40p interrupt routing cleanup.  They
have acks from the relevant maintainers.

# gpg: Signature made Tue 25 Sep 2018 08:00:06 BST
# gpg:                using RSA key 6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-3.1-20180925:
  40p: add fixed IRQ routing for LSI SCSI device
  lsi53c895a: add optional external IRQ via qdev
  scsi: remove unused lsi53c895a_create() and lsi53c810_create() functions
  scsi: move lsi53c8xx_create() callers to lsi53c8xx_handle_legacy_cmdline()
  scsi: add lsi53c8xx_handle_legacy_cmdline() function
  sm501: Adjust endianness of pixel value in rectangle fill
  spapr_pci: add an extra 'nr_msis' argument to spapr_populate_pci_dt
  spapr: increase the size of the IRQ number space
  spapr: introduce a spapr_irq class 'nr_msis' attribute
  40p: use OR gate to wire up raven PCI interrupts
  raven: some minor IRQ-related tidy-ups
  hw/ppc: on 40p machine, change default firmware to OpenBIOS
  target/ppc/cpu-models: Re-group the 970 CPUs together again
  Record history of ppcemb target in common.json

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 13:30:45 +01:00
Peter Maydell
2f831d0498 Error reporting & miscellaneous patches for 2018-09-24
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbqP/iAAoJEDhwtADrkYZTDTQP/jidzPBq+9SbQTkP3/6DNdyq
 3amvEA0lNlowGz+VQtTPjG1Sw+wr5PRFFjthueX4EXCgTih9db5Rd6Daiqt9uuh4
 ipep7OVTcyMOErHzyosIIwQAte2ERiunpwXOAcahxInJ4XBlxyJAiJTZXHQb1v+u
 zKa3PpKi3fLcqBs3wKn8AJmp5HLTYOM6/LK870S65Rzx20AbifBH/6yQPkdrMAL2
 lw204RasdYCiJo045n6pwZ0mBMT1d33VAmSqPUaeoOWabLCzmbZvcQNwUqtVleh6
 5IoAxjFhrixksdg67+HMyFyJH5Nt8SkTeOpqN4D+dpj7y3BLGSUzvV3mBEBSfinm
 nvyfjVkxX4xRNw4mgm03H2qg5g3FACDQVz+g5uLDAZELlz9POCnOTFJuf/n++u3q
 zcxOqCg2U99KiyF51PMRu9yPH/zDNNFxmrEY7dFkuAycS3EWk+VK63pXnNUkx3xe
 0T8uZA4Cvhn84hLNDFyX/DzILKFb0bRSUw6zAhUYb44oD6roFlp8rgTauNECa9CO
 GcgvJKXyk6mMDEHkSKSWy51doVEn0vqqzEc9w6/QPwxsXNMUWXEQAv/BVaK7To/J
 JlSxC/C/jda4pt6zDFks6grac8AT6LBIFUrp6HpF84gSldEF4OuFbJhg9iuTyarz
 ea5pvvZGJHQvnLATg5kK
 =2oaJ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2018-09-24' into staging

Error reporting & miscellaneous patches for 2018-09-24

# gpg: Signature made Mon 24 Sep 2018 16:16:50 BST
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-error-2018-09-24:
  MAINTAINERS: Fix F: patterns that don't match anything
  Drop "qemu:" prefix from error_report() arguments
  qemu-error: make use of {error, warn}_report_once_cond
  qemu-error: add {error, warn}_report_once_cond

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-09-25 11:37:39 +01:00