Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Avoid truncation of a 64-bit long to a 32-bit int, and check for errno
(especially ERANGE).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
When requesting a size which cannot be read, the error message shows
a different address which is misleading to the user and it looks like
something's wrong with the address parsing. This is because the input
@addr variable is incremented in the memory dumping loop:
(qemu) memsave 0xffffffff8418069c 0xb00000 mem
Invalid addr 0xffffffff849ffe9c specified
Fix that by saving the original address and size and use them in the
error message:
(qemu) memsave 0xffffffff8418069c 0xb00000 mem
Invalid addr 0xffffffff8418069c/size 11534336 specified
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The "fall through" added by the commit is clearly intentional. Mark
it so. Hushes up Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The array length of s->real_device.io_regions[] is
"PCI_NUM_REGIONS - 1".
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Coverity spot:
Function xen_pt_bar_offset_to_index() may return a negative
value (-1) which is used as an index to d->io_regions[] down
the line.
Let's pass index directly as an argument to
xen_pt_bar_reg_parse().
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
On softmuu, instead of setting APIC ID automatically when creating a
X86CPU, require the property to be set before realizing the object
(which is already done by the CPU creation code on PC).
Keep apic_id = 0 by default on *-user so it can simply create a new CPU
object and realize it without extra steps (so target-i386 will be able
to use cpu_generic_init() eventually).
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
The APIC ID compatibility code is required only for PC, and now that
x86_cpu_initfn() doesn't use x86_cpu_apic_id_from_index() anymore, that
code can be moved to pc.c.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
The field doesn't need to be inside CPUX86State, and it is not specific
for the CPUID instruction, so move and rename it.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
The existing apic_id = cpu_index code has no visible effect: the PC code
already initializes the APIC ID according to the topology on
pc_new_cpu(), and linux-user memcpy()s the CPU state (including
cpuid_apic_id) on cpu_copy().
Remove the dead code and simply let APIC ID to to be 0 by default. This
doesn't change behavior of PC because apic-id is already explicitly set,
and doesn't affect linux-user because APIC ID was already always 0.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
The function was used in only two places. In one of them, the function
made the code less readable by requiring temporary te[bcd]x variables.
In the other one we can simply inline the existing code.
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
listflags() had lots of unnecessary complexity. Instead of printing to a
buffer that will be immediately printed, simply call the printing
function directly. Also, remove the fbits and flags arguments that were
always set to the same value. Also, there's no need to list the flags in
reverse order.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
This will allow the PC code to use the header, and lets us eliminate the
QEMU_INCLUDES hack inside tests/Makefile.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
This is my current patch queue for 2.3. Highlights include:
* pseries: 2.3 machine
* pseries: Export RTC via QOM
* pseries: EEH support
* mac: save/restore support
* fix POWER5 hosts
* random bug fixes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQIcBAABAgAGBQJU/aeVAAoJECszeR4D/txgvckP/RuGGwTAEjxeR0ejGez8e2PP
Ph/ZOgAXpvHN1LuKhqiMhkk5mPc9g4j4YlcgjLqlWjk3G+DPtb7pR0V+gZ0LP2k0
TIOAU9Pyepkswry4FHBlBdPlWpL/RYx4Y9073+TmZvf7C3JXPkxbFPPY8xqIdrZ+
pIS2C/NeMkva9c8LC9Z16u8Nhv8d09SZhp0hjKV1lthceVakcjwFcn57K/YQhpQJ
XTSH4XwrjrdGrQF8hGWUxqhqMd3jG21XRo678wXuyEwhU+hvn3tHzrImuvtObGIn
cJ0xwA2h+yu2T5q/Y9BRHbHjRtIZ5OwuZ8/xl7JY1lyKozzF3AfrqXg6lety3tNK
F7T/xDAPX364vng4mKSxbdCqJ+3U7pThClF7juWluXWAywF3oeuXBvSm6YTTl1pK
4t5v1p9tIvMHxNmEYPof0l4yU5qnP8E6msAyGef5IG7J3K8p1Gxt2mvXazKbSC+Y
HWL+lSJ8TMW/ALH6XfUYwxdail0dgby2HubWT1yIVvzLTzgVQoLvYculb7fitKv6
huDBOgMUrCx4Lr8ZFsH11aPvWzbAQjxBsKolOO8MpCKzg99bq3OQHWgyxDQ/6JFo
UZmCZSF4PPHSYBQOAuxfIkbjMZ6dHQ6SMYG+WLfM3LzfDYCjexRgYVsB7LjAKMBT
5Vzmqw3lAgI949rzA6d+
=Erps
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging
Patch queue for ppc - 2015-03-09
This is my current patch queue for 2.3. Highlights include:
* pseries: 2.3 machine
* pseries: Export RTC via QOM
* pseries: EEH support
* mac: save/restore support
* fix POWER5 hosts
* random bug fixes
# gpg: Signature made Mon Mar 9 14:00:53 2015 GMT using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg: aka "Alexander Graf <alex@csgraf.de>"
* remotes/agraf/tags/signed-ppc-for-upstream: (38 commits)
target-ppc: Fix warnings from Sparse
sPAPR: Implement sPAPRPHBClass EEH callbacks
sPAPR: Implement EEH RTAS calls
target-ppc: Add versions to server CPU descriptions
PPC: Introduce the Virtual Time Base (VTB) SPR register
PPC: Remove duplicate OPENPIC defines in default-configs
ppc64-softmmu: Remove duplicated OPENPIC from config
Revert "default-configs/ppc64: add all components of i82378 SuperIO chip used by prep"
spapr_vio: Convert to realize()
openpic: convert to vmstate
openpic: switch IRQQueue queue from inline to bitmap
openpic: fix up loadvm under -M mac99
openpic: fix segfault on -M mac99 savevm
target-ppc: force update of msr bits in cpu_post_load
target-ppc: move sdr1 value change detection logic to helper_store_sdr1()
cuda.c: include adb_poll_timer in VMStateDescription
adb.c: include ADBDevice parent state in KBDState and MouseState
macio.c: include parent PCIDevice state in VMStateDescription
display cpu id dump state
Openpic: check that cpu id is within the number of cpus
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The patch implements sPAPRPHBClass EEH callbacks so that the EEH
RTAS requests can be routed to VFIO for further handling.
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The emulation for EEH RTAS requests from guest isn't covered
by QEMU yet and the patch implements them.
The patch defines constants used by EEH RTAS calls and adds
callbacks sPAPRPHBClass::{eeh_set_option, eeh_get_state, eeh_reset,
eeh_configure}, which are going to be used as follows:
* RTAS calls are received in spapr_pci.c, sanity check is done
there.
* RTAS handlers handle what they can. If there is something it
cannot handle and the corresponding sPAPRPHBClass callback is
defined, it is called.
* Those callbacks are only implemented for VFIO now. They do ioctl()
to the IOMMU container fd to complete the calls. Error codes from
that ioctl() are transferred back to the guest.
[aik: defined RTAS tokens for EEH RTAS calls]
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
5b79b1c "target-ppc: Create versionless CPU class per family if KVM" added
a dynamic CPU class registration with the name of the CPU family which
QEMU is running on. For example, this allowed specifying "-cpu POWER7"
on every version of POWER7 machine, not just the one which POWER7 was
an alias of. I.e. before 5b79b1c, "-cpu POWER7" would not work on real
POWER7 2.1 and would work on POWER7 2.3 only. The same story for POWER8.
However that patch broke POWER5+ support as POWER5+ CPU uses the same
name as the CPU class so dynamic registering of the POWER5+ class failed.
This redefines POWER5+ server CPUs by adding a version to them and adding
an alias for TCG case. KVM will use dynamically registered CPUs.
While we are here, do the same for 970 CPU.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds basic support for the VTB.
PowerISA:
The Virtual Time Base (VTB) is a 64-bit incrementing counter.
Virtual Time Base increments at the same rate as the Time Base until its value
becomes 0xFFFF_FFFF_FFFF_FFFF (2 64 - 1); at the next increment its value
becomes 0x0000_0000_0000_0000. There is no interrupt or other indication when
this occurs.
The operation of the Virtual Time Base has the following additional
properties.
1. Loading a GPR from the Virtual Time Base has no effect on the accuracy of
the Virtual Time Base.
2. Copying the contents of a GPR to the Virtual Time Base replaces the
contents of the Virtual Time Base with the contents of the GPR.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This reverts commit 9c9984242c as even when
it was applied, all supposedly new config options were already enabled.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Bonus fix: always set an error on failure. Some failures were silent
before, except for the generic error set by device_realize().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This is in preparation for using VMSTATE_BITMAP in a followup vmstate
migration patch.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Issuing loadvm under -M mac99 would fail for two reasons: firstly an incorrect
version number for openpic would cause openpic_load() to abort, and secondly
a cut/paste error when restoring the IVPR and IDR registers caused subsequent
vmstate sections to become misaligned and abort early.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
A simple copy/paste error causes savevm on -M mac99 to segfault.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Since env->msr has already been restored by the time cpu_post_load is called,
make sure that ppc_store_msr() is explicitly called with all msr bits except
MSR_TGPR marked as invalid.
This solves the issue where MSR flags aren't set correctly when restoring a VM
snapshot, in particular the internal env->excp_prefix value when MSR_EP has
been altered by a guest.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Otherwise when cpu_post_load calls ppc_store_sdr1() when restoring a VM
snapshot the value is deemed unchanged and so the internal env->htab*
variables aren't set correctly.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Make sure that we include the adb_poll_timer when saving the VM state for
client OSs that use it, e.g. Darwin.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
The parent ADBDevice contains the device id on the ADB bus. Make sure that
this state is included in both its subclasses since some clients (such as
OpenBIOS) reprogram each device id after enumeration.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
This ensures that the macio PCI device is correctly configured when restoring
from a VM snapshot.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
When the guest switches the interrupt endian mode, which essentially
means a global machine endian switch, we want to change the VGA
framebuffer endian mode as well in order to be backward compatible
with existing guests who don't know about the new endian control
register.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The VGA device model now supports having the framebuffer in either endian,
and can be switched between these by the guest via a register in the qext
region.
However, in some cases (e.g. LE OS on the pseries machine) we have
existing guest that don't know about the endian switch register, but other
parts of the qemu code have better information to set a default endianness
than the VGA code does of itself.
In order to allow them to set a correct default endianness in these cases,
without breaking abstraction walls, this patch exposes the VGA framebuffer
endianness via a writable QOM property.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
[agraf: use instance_init for property exposure]
Signed-off-by: Alexander Graf <agraf@suse.de>
We call try_create_xics() to create a "xics-kvm". If it fails, we
call it again to fall back to plain "xics".
try_create_xics() uses qdev_init(). qdev_init()'s error handling has
an unwanted side effect: it calls qerror_report_err(), which prints to
stderr. Looks like an error, but isn't.
In QMP context, it would stash the error in the monitor instead,
making the QMP command fail. Fortunately, it's only called from board
initialization, never in QMP context.
Clean up by cutting out the qdev_init() middle-man: set property
"realized" directly.
While there, improve the error message when we can't satisfy an
explicit user request for "xics-kvm", and exit(1) instead of abort().
Simplify the abort when we can't create "xics".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
[agraf: squash in fix for uninitialized variable from mdroth]
Signed-off-by: Alexander Graf <agraf@suse.de>
We call ppce500_init_mpic_kvm() to create a "kvm-openpic". If it
fails, we call ppce500_init_mpic_qemu() to fall back to plain
"openpic".
ppce500_init_mpic_kvm() uses qdev_init(). qdev_init()'s error
handling has an unwanted side effect: it calls qerror_report_err(),
which prints to stderr. Looks like an error, but isn't.
In QMP context, it would stash the error in the monitor instead,
making the QMP command fail. Fortunately, it's only called from board
initialization, never in QMP context.
Clean up by cutting out the qdev_init() middle-man: set property
"realized" directly.
While there, improve the error message when we can't satisfy an
explicit user request for "kvm-openpic", and exit(1) instead of
abort().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
On x86, the guest's RTC can be read with QMP, either from the RTC device's
"date" property or via the "rtc-time" property on the machine (which is an
alias to the former). This is set up in the mc146818rtc driver, and
doesn't work on other targets.
This patch adds a similar "date" property to the pseries machine's RTAS RTC
and adds a compatible alias to the machine.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The initial creation of the PAPR RTC qdev class left a wart - the rtc's
offset was left in the sPAPREnvironment structure, accessed via a global.
This patch moves it into the RTC device's own state structure, were it
belongs. This requires a small change to the migration stream format. In
order to handle incoming streams from older versions, we also need to
retain the rtc_offset field in the sPAPREnvironment structure, so that it
can be loaded into via the vmsd, then pushed into the RTC device.
Since we're changing the migration format, this also takes the opportunity
to:
* Change the rtc offset from a value in seconds to a value in
nanoseconds, allowing nanosecond offsets between host and guest
rtc time, if desired.
* Remove both the already unused "next_irq" field and now unused
"rtc_offset" field from the new version of the spapr migration
stream
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
At present the PAPR RTC isn't a "device" as such - it's accessed only via
firmware/hypervisor calls, and is handled in the sPAPR core code. This
becomes inconvenient as we extend it in various ways.
This patch makes the PAPR RTC a separate device in the qemu device model.
For now, the only piece of device state - the rtc_offset - is still kept in
the global sPAPREnvironment structure. That's clearly wrong, but leaving
it to be fixed in a following patch makes for a clearer separation between
the internal re-organization of the device, and the behavioural changes
(because the migration stream format needs to change slightly when the
offset is moved into the device's own state).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>