Commit Graph

31340 Commits

Author SHA1 Message Date
Peter Maydell
73795cea96 Updates include:
- Coverify fixes for vfio & pci-assign (Markus)
  - VFIO blacklisting support for known brokwn PCI option ROMs (Bandan)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJTDi9AAAoJECObm247sIsi5nwP/2hwA3YVzx4eamWWAK4IDuZO
 8Umga2wYQcpFkyb5zEDfZgYIQ+YcLFLVO0R9Uszlkl4Lmlu8Nl0Xoknn41NTEghH
 V9wGwlVfAcsnF2bP5aMN26Yd6pQditfL4Oj+o+kM6Vz63u7k3tCtiH+gDN0YYc/A
 wvyCmfv9nZGCKmtRljbeuSi7cYrDHld4LDXMeXkQCkc/x3BdsmyiCmw6uMuMPLP3
 LD8eCu6j08YowoPrQXSbJOw0kbYmWn/7pXMWdDZxswNQhNgBO+zt7niaEPTnql+s
 grxMzCABP3C1QIG/tMF1HM2CjSitM1qZJnO1W0UWup5+BrjdweZ5qnTTDmYi/XmT
 bne24I0zsLVIlEOTZeIZybeEnfbqHM2LfkyUJP/jwF8L1K+hsSdx0X6h1SJ+2PlV
 0hUBovhqvln1n9SH6WQ0e/bTfeERUr9QF9TfKZNIFpDSg2a+TQqQYFBtx/2I6wV6
 7BYRULG4/ykMEPu801iuxbLLgzXqSuY4HR775j0jVzqJp7jsO5a6mRiHqWHd2Rok
 r2jA/KA/9uWeeey+AumndL1olTMxBTlhTCKiX87bPCn/rYjld2oioIpft6JSVc9U
 PXoS5h16iyY4SWwCV9OkvluPYzx6o++Tb0rWdvnTyHPebf8EoDQeaKgxjU1bUpDa
 kYxTBa5mC03lNEoZ2XmQ
 =d8HV
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-pci-for-qemu-20140226.0' into staging

Updates include:
 - Coverify fixes for vfio & pci-assign (Markus)
 - VFIO blacklisting support for known brokwn PCI option ROMs (Bandan)

# gpg: Signature made Wed 26 Feb 2014 18:15:28 GMT using RSA key ID 3BB08B22
# gpg: Can't check signature: public key not found

* remotes/awilliam/tags/vfio-pci-for-qemu-20140226.0:
  vfio: blacklist loading of unstable roms
  qdev-monitor: set DeviceState opts before calling realize
  pci-assign: Fix potential read beyond buffer on -EBUSY
  vfio: Fix overrun after readlink() fills buffer completely

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-27 11:31:52 +00:00
Mark Cave-Ayland
af87bf290f sun4m: Add Sun CG3 framebuffer initialisation function
In order to allow the user to choose the framebuffer for sparc-softmmu, add
-vga tcx and -vga cg3 options to the QEMU command line. If no option is
specified, the default TCX framebuffer is used.

Since proprietary FCode ROMs use a resolution of 1152x900, slightly relax the
validation rules to allow both displays to be initiated at the higher
resolution used by these ROMs upon request (OpenBIOS FCode ROMs default to
the normal QEMU sun4m default resolution of 1024x768).

Finally move any fprintf(stderr ...) statements in the areas affected by this
patch over to the new error_report() function.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Blue Swirl <blauwirbel@gmail.com>
CC: Anthony Liguori <aliguori@amazon.com>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Bob Breuer <breuerr@mc.net>
CC: Artyom Tarasenko <atar4qemu@gmail.com>
2014-02-27 10:01:41 +00:00
Mark Cave-Ayland
9eb08a435a sun4m: Add Sun CG3 framebuffer and corresponding OpenBIOS FCode ROM
The CG3 framebuffer is a simple 8-bit framebuffer for use with operating
systems such as early Solaris that do not have drivers for TCX.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Blue Swirl <blauwirbel@gmail.com>
CC: Anthony Liguori <aliguori@amazon.com>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Bob Breuer <breuerr@mc.net>
CC: Artyom Tarasenko <atar4qemu@gmail.com>
2014-02-27 10:01:41 +00:00
Mark Cave-Ayland
ead4cf04f8 sun4m: fix slavio timer RUN/STOP bit
The sun4m architecture has one 'system' timer and one timer per CPU.
The CPU timers can be configured in two modes:

  * 22 bits Counter/Timer. Periodic interrupts.
  * 54 bits User timer. For profiling. In this mode, the Run/Stop bit
    controls the timer.

The run/stop bit controls the timer only when it is in "User" mode, but
its state shall be persistent.

Signed-off-by: Olivier Danet <odanet@caramail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-02-27 10:01:41 +00:00
Mark Cave-Ayland
f9681f116c sun4m: Set HostID in NVRAM
On SparcStations, the HostID field in the NVRAM is equal to the last
three bytes of the MAC address (which is also stored in the NVRAM).

This constant is used as an identification/serial number on Solaris.

Signed-off-by: Olivier Danet <odanet@caramail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-02-27 10:01:40 +00:00
Thomas Huth
7f00eb30fe s390x/ipl: Fix crash of ELF images with arbitrary entry points
When loading S390 kernels, the current code expects an ELF file with the
start address 0x10000. Other ELF files cause a segmentation fault. To avoid
these crashes, we should get the start address from the ELF file instead
of always using a hard-coded address.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:26 +01:00
Frank Blaschka
1eecf41b3e s390x/kvm: Rework priv instruction handlers
The current implementation uses the second byte of the instruction
to identify the instruction handler. This is not sufficient to
support instructions not starting with 0xb2. This patch
adds separate handlers for 0xb2, 0xb9 and 0xeb to be able to
support the full instruction set.

Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:26 +01:00
Thomas Huth
04c2b5168e s390x/kvm: Add missing SIGP CPU RESET order
The SIGP order CPU RESET was still missing in the list of our
supported handler. This patch now adds a simple implementation,
by using the cpu_reset() function that is already available in
target-s390x/cpu.c.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:26 +01:00
Thomas Huth
f7d3e46676 s390x/kvm: Rework SIGP INITIAL CPU RESET handler
The s390_cpu_initial_reset() function had two deficiencies: First, it
used an ioctl for the destination CPU, and this ioctl could block
nearly forever, as long as the destination CPU was running in the SIE
loop. Second, it also cleared the general purpose registers - something
it should not do according to the Principles of Operations.
Since we've already got another function for the initial CPU reset in
cpu.c, we can also use that function instead. And by using run_on_cpu()
for executing this code, we make sure that the destination CPU is
correctly kicked out of kernel mode now.

Suggested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:26 +01:00
Thomas Huth
49f5c9e98a s390x/cpu: Use ioctl to reset state in the kernel
Some of the state in the kernel can not be reset from QEMU yet.
For this we've got to use the KVM_S390_INITIAL_RESET ioctl to make
sure that the state in the kernel is set to the right values during
initial CPU reset, too.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:26 +01:00
Christian Borntraeger
0ca3611221 s390-ccw.img: new binary rom to match latest fixes
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:26 +01:00
Christian Borntraeger
5d739a4787 s390-ccw.img: Fix sporadic errors with ccw boot image - initialize css
We have to set the cssid to 0, otherwise the stsch code will
return an operand exception without the m bit. In the same way
we should set m=0.

This case was triggered in some cases during reboot, if for some
reason the location of blk_schid.cssid contains 1 and m was 0.
Turns out that the qemu elf loader does not zero out the bss section
on reboot.

The symptom was an dump of the old kernel with several areas
overwritten. The bootloader does not register a program check
handler, so bios exception jumped back into the old kernel.

Lets just use a local struct with a designed initializer. That
will guarantee that all other subelements are initialized to 0.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-02-27 09:51:26 +01:00
Christian Borntraeger
d1028f1b5b s390-ccw.img: Fix sporadic reboot hangs: Initialize next_idx
The current code does not initialize next_idx in the virtio ring.
As the ccw bios will always use guest memory at a fixed location,
this queue might != 0 after a reboot.
Lets make the initialization explicit.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-02-27 09:51:25 +01:00
Heinz Graalfs
c804c2a717 s390x/event-facility: exploit realize/unrealize
init/exit functionality of abstract SCLPEvent class is now exploiting
realize/unrealize.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Heinz Graalfs
6fbef18a4c s390x/event-facility: add support for live migration
Add support for live migration using VMStateDescription.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Heinz Graalfs
477a72a1ef s390x/event-facility: code restructure
Code restructure in order to simplify class hierarchy
  - remove S390SCLPDevice abstract base class
    and move function pointers into new SCLPEventFacilityClass
  - implement SCLPEventFacility as SysBusDevice
  - use define constants for instance creation strings

The following ascii-art shows the class structure wrt the SCLP EventFacility
before (CURRENT) and after the restructure (NEW):

----
CURRENT:

   "s390-sclp-events-bus"
   +-------------------------+
   |      SCLPEventsBus      |
   |-------------------------|
   |BusState qbus            |
   +-------------------------+

   +-------------------------+
   |   SCLPEventFacility     |  - to be replaced by new SCLPEventFacility,
   |-------------------------|    which will be a SysBusDevice
   |SCLPEventsBus sbus       |
   |DeviceState *qdev        |
   |unsigned int receive_mask|
   +-------------------------+

   +-------------------------+
   |   S390SCLPDeviceClass   |  - to be replaced by new SCLPEventFacilityClass
   |-------------------------|
   |DeviceClass qdev         |
   |*(init)()                |
   +-------------------------+

   "s390-sclp-event-facility"
             |
         instance-of
             |
             V
   "s390-sclp-device"           - this is an abstract class
   +-------------------------+
   |     S390SCLPDevice   (A)|  - to be replaced by new SCLPEventFacility
   |-------------------------|
   |SysBusDevice busdev      |
   |SCLPEventFacility *ef    |
   |                         |
   |*(sclp_command_handler)()|  - these 2 go to new SCLPEventFacilityClass
   |*(event_pending)()       |
   +-------------------------+

----
NEW:

   "s390-sclp-events-bus"
   +-------------------------+
   |      SCLPEventsBus      |
   |-------------------------|
   |BusState qbus            |
   +-------------------------+

   +-------------------------+
   | SCLPEventFacilityClass  |
   |-------------------------|
   |DeviceClass parent_class |
   |                         |
   |*(init)()                |
   |*(command_handler)()     |
   |*(event_pending)()       |
   +-------------------------+

   "s390-sclp-event-facility"
   +-------------------------+
   |   SCLPEventFacility     |
   |-------------------------|
   |SysBusDevice parent_class|
   |SCLPEventsBus sbus       |
   |unsigned int receive_mask|
   +-------------------------+

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Heinz Graalfs
65e526c24e s390x/event-facility: some renaming
Do some renaming to shorten some identifiers and to emphasize sclp.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Thomas Huth
e8803d93df s390x/sclp: Fixed setting of condition code register
In the SCLP handler function, the condition code register must
only be set if no exception occured.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Thomas Huth
6e25280216 s390x/sclp: Add missing checks to SCLP handler
If the 51 most significant bits of the SCCB address are zero or equal to
the prefix, we should throw an specification exception, too.
Also moved the check for privileged mode to sclp_service_call() to have
all program checks in one place now.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Thomas Huth
a0fa2cb8cc s390x/sclp: Fixed the size of sccb and code parameter
The pointer to the SCCB should not be limited to 32 bits only.
In contrast to this, the command word parameter is only 32 bits
(the upper 32 bits should be ignored).

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Christian Borntraeger
9da45bb217 s390x/eventfacility: mask out commands
As a followup to commit 5f04c14a10
(s390-sclp: Define New SCLP Codes) we should mask the sclp command
not only in base sclp, but also in the event facility.

Based on an initial patch from Ralf Hoppe.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Thomas Huth
77319f2263 s390x/virtio-hcall: Specification exception for illegal subcodes
So far, the DIAG 500 hypervisor call was only setting -EINVAL in
R2 when a guest tried to call this function with an illegal subcode.
This patch now changes the behavior so that a specification exception
is thrown instead, since this is the common behavior of other DIAG
functions (and other CPU instructions) when being called with illegal
parameters.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Thomas Huth
f2c55d1735 s390x/virtio-hcall: Add range check for hypervisor call
The handler for diag 500 did not check whether the requested function
was in the supported range, so illegal values could crash QEMU in the
worst case.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: qemu-stable@nongnu.org
2014-02-27 09:51:25 +01:00
Thomas Huth
0788082a4b s390x/kvm: Fixed bad SIGP SET-ARCHITECTURE handler
The SET-ARCHITECTURE handler in QEMU caused a program interruption.
This is wrong according to the "Principles of Operations" specification
(since SIGP should never cause a program interrupt) and was likely only
introduced for debugging purposes. Since we handle SET-ARCHITECTURE in
the kernel already and only dropped to user space in case of bad mode
parameters, we should just report INVALID PARAMETER in QEMU instead.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Dominik Dingel
819bd3091e s390x/async_pf: Check for apf extension and enable pfault
S390 can also use async page faults, to enhance guest scheduling.
In case of live migration we want to disable the feature and let
all pending request finish.

Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Jens Freimann
3a553fc658 s390x/kvm: implement floating-interrupt controller device
This patch implements a floating-interrupt controller device (flic)
which interacts with the s390 flic kvm_device.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:51:25 +01:00
Christian Borntraeger
216db403d0 update linux headers to kvm/next
This updates the kvm headers to
commit d3714010c307d26df251c45be9cd12ab6d41f0c4
    KVM: x86: emulator_cmpxchg_emulated should mark_page_dirty
in kvm/next.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-02-27 09:50:45 +01:00
Peter Maydell
2ce5868ca1 target-arm queue:
* fixes for various Coverity-spotted bugs
  * support new KVM device control API for VGIC
  * support KVM VGIC save/restore/migration
  * more AArch64 system mode foundations
  * support ARMv8 CRC instructions for A32/T32
  * PL330 minor fixes and cleanup
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABCAAGBQJTDimkAAoJEDwlJe0UNgzeJckQAIgv++tjcGk9d5gl0QQMyHJJ
 GNb0raWPHSvVqsuGJzdzgfd5dt0FN3fvqKs4ThtstLjcmkiIqDoIaDuDDFdU/Zt0
 YAMA07cQ7xZNoVB8x8zqMD/yrLV99CKZlC5/Cr4yq8SPNrOKZkpnFViSC2wgrrDt
 JyCRjc6GIv3SofkOP8sCF3Fg7JMi0J9qFCCw2fGWrRBq1TEMYlaCn5rSO4O9jiW3
 g8YMVUeYFjKkLUnoNOA93NQhhkrQNl5xkXmCo+JF7TPL9w2lH/G76RWmLtaPGLuh
 IkwfG+7/AVbtoK8Njp9scsmu56hau1RkNip/yquLM1ONb2H7h94AkpRCGQXOXBW3
 rEocDKR3cR7quvLHtQ54blR5/TJMhFZfchX5cvGYT4pH2+8yxyP0UeFpNVJawoLO
 Bb1zYTswjXfAfe0jk/nr91P5lSNa6lkk42mh7k7Shc7bvCjkaLQDbNRDBB1B6gLr
 0b0vj73U8+Gz+5WoWbu0GJhuR5NdWxnAiuTYXEJ8roTaZL2AP6fuef4OZ+Nnpw/K
 dBRoO6NWrKT04ZaYu6tB/q31sa6ff6S+hRpqr8lp/S8PGFWC0Pni8Pz0rYLpyhVh
 yZRqkY7C6FRE5EmXSWt0ZkpSkykwnibL/xXigHIvmGEBiohR0f4SGSIDLqTGkYqQ
 HWtue+3jyM/1kirp2QLx
 =1X50
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140226' into staging

target-arm queue:
 * fixes for various Coverity-spotted bugs
 * support new KVM device control API for VGIC
 * support KVM VGIC save/restore/migration
 * more AArch64 system mode foundations
 * support ARMv8 CRC instructions for A32/T32
 * PL330 minor fixes and cleanup

# gpg: Signature made Wed 26 Feb 2014 17:51:32 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20140226: (45 commits)
  dma/pl330: implement dmaadnh instruction
  dma/pl330: Fix buffer depth
  dma/pl330: Add event debugging printfs
  dma/pl330: Rename parent_obj
  dma/pl330: printf format type sweep.
  dma/pl330: Fix misleading type
  dma/pl330: Delete overly verbose debug printf
  target-arm: Add support for AArch32 ARMv8 CRC32 instructions
  include/qemu/crc32c.h: Rename include guards to match filename
  target-arm: Add utility function for checking AA32/64 state of an EL
  target-arm: Implement AArch64 view of CPACR
  target-arm: A64: Implement MSR (immediate) instructions
  target-arm: Store AIF bits in env->pstate for AArch32
  target-arm: A64: Implement WFI
  target-arm: Get MMU index information correct for A64 code
  target-arm: Implement AArch64 OSLAR_EL1 sysreg as WI
  target-arm: Implement AArch64 dummy breakpoint and watchpoint registers
  target-arm: Implement AArch64 ID and feature registers
  target-arm: Implement AArch64 generic timers
  target-arm: Implement AArch64 MPIDR
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 22:53:51 +00:00
Peter Maydell
6f6831f61a migration/next for 20140225
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJTDKLvAAoJEPSH7xhYctcjhA8QAKDslw9iovAHU4c0NgQxp3yE
 08dAD6bznHPkc6ENZEbV4+Yx9AvtGwYeKE4IlVqxDaSCBQ1T/lGr6Di/X/Yuwjo9
 80/av6cFpFsO9fw4fhFRNjU0n8xKeN2S/kjCQhz07Zky2mD2fEoLnTrhmjBRCsVN
 tVCWOYzbkNbIFUCsJB0OBfC/qH0r5RuB2/SuNnwk4NwT5r7+UxMtfZ+BIE4Kez3n
 l6G4L1XO3julErp/8BQmIChnHH7QtTfQzBahJIlBsiLiqHhX1f1v6Q0CRln+A9S1
 jfAK/1zqpYVOAb59R2u0FCgB793sV0P+aa71ORRP1g57lFC5KsGJghQq0OoWr1YA
 OHrOFPm2YHdTBsU7BG3ndMSbNgZspVAxns6mcSkcDWEH0JDv+FhK08+45tDqkAOu
 9hWuYA5p6hodOEBLprNit7lK+7coAKDCkIM4hzPMVZxGCucDqRmtI0oHadjar1Wi
 nTbxeDqsh67mr6+QXSR8PRQ3y0TDsuBS6Sm2+Bchv1Nt5GiAKaMySiPuXGQlMSS1
 3ohy77Ltz42ci1+mFSp6aVaZO8hEkakaN8Hg53T57IVTSqy4B9t/R3bvi+SsysCt
 BMaHONUnOuloKtA5dnOd6Q+hLE8tw3UNGFB71VZoj1tEbXj48WpIZ1IpQYbVAoyQ
 DR2+Wccft0O3GVAgLAo0
 =yrmU
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140225' into staging

migration/next for 20140225

# gpg: Signature made Tue 25 Feb 2014 14:04:31 GMT using RSA key ID 5872D723
# gpg: Can't check signature: public key not found

* remotes/juanquintela/tags/migration/20140225:
  rdma: rename 'x-rdma' => 'rdma'
  Fix two XBZRLE corruption issues
  Fix vmstate_info_int32_le comparison/assign
  qemu_file: use fwrite() correctly

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 22:31:10 +00:00
Peter Maydell
bc3fbad816 Net patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTDJtxAAoJEJykq7OBq3PIEBAH/0Fh1TUsHpLGwtVC+HObl4HF
 19KJpaXfG3L1x5pV4qbRvsmgXDNjnm8sSAbAvINn5uKJqk371qshvgssaIyLOA/o
 VD+9lR1mwE9mwiktCfFniddoZmTsMyGxsbE4i1dZAxsGuuiJ3x2zRotpQCLjmWMJ
 OSIdy1v657tR0EnhjI19g4fNvCpfOwX3tvMt20vgL6/x9AuNjMfFeP6S/KNuxBBC
 6vflVNmN0AIc/tIbR5bql5/wcDixJcxobFXHxAmIbaaJTNtFXq0PNpo0kfLi5Zzx
 s6iVoYVXNMx1xqpegBEVLyIvtcX7SCggO8FT+bhzaOfPVL8NaSXRJMRjH22V+D0=
 =UA+s
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging

Net patches

# gpg: Signature made Tue 25 Feb 2014 13:32:33 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/net-pull-request:
  virtio-net: use qemu_get_queue() where possible
  vhost_net: use offload API instead of bypassing it
  net: remove implicit peer from offload API
  net: Disable netmap backend when not supported
  net: add offloading support to netmap backend
  net: make tap offloading callbacks static
  net: virtio-net and vmxnet3 use offloading API
  net: TAP uses NetClientInfo offloading callbacks
  net: extend NetClientInfo for offloading
  net: change vnet-hdr TAP prototypes
  opencores_eth: flush queue whenever can_receive can go from false to true

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 20:04:37 +00:00
Peter Maydell
28c05edff5 hda-audio: qom cleanups
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTCzjkAAoJEEy22O7T6HE4eqcP/2mtgvuyVQ9xl8Zyk/cp/Uy+
 14n6lsnyHQ9ZXw+YwnmLqyVhyoAfM4zJ7N2IvZDQxKcW56GUishV4BbrNW9+ldvm
 9rQP7ODQviN2RrKNtxoJGYsBqxkM9p2gZ0rhs9W1/MD7CvwbrOH0xO1dDWuz9YvC
 W68lioEwBNLu9YPvNqBZVAiQf57ez1pf8CPrVilcCWw2K33l0Owk+Y0uIYWkqu35
 jJE3fBdHXFbdYxT5Lof4mvYMo4m1pI7pYWVAUN3iYyQnFaLSYqLtglyJTPUrx+dc
 Vwb1bsWredAtBkzPbsAzVU++kylRsS6AI36MqXi/UvpD3SlmRE3q8gIGXoBEKUHP
 Ab+ozjNNGQYlRysmeEowmjkVfjDelbd9Rd3rfi5v1XYlKR96I5j49c4U7SNotUL2
 UcVWxSGwQ+tSvCWHfBfxhLom8oWPMUpXUVucYgV84GpQyqoZGXxKotVko/zXvrss
 q64OIJO7Db6bJHjn0tvrqO3mA+B9gkHO5m7ow41EFAquwevTiOKqUP1gjD8an8hN
 eqe4LFs6APDEvMyoPPPrrR5u18wW4nkEgFgpZA/QcYHajOWggb5S7tH6Howlf486
 +2GSWwQAF5Nwg7WXkm7HiDslj2fZIcjbBH8yOV9b511lNaTAhr/Z0MOsOoXLnxzf
 yq38KN0SArsYirT9F+3F
 =FdLD
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-3' into staging

hda-audio: qom cleanups

# gpg: Signature made Mon 24 Feb 2014 12:19:48 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-audio-3:
  hda-audio: qom cleanups

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 18:22:11 +00:00
Bandan Das
4b9430294e vfio: blacklist loading of unstable roms
Certain cards such as the Broadcom BCM57810 have rom quirks
that exhibit unstable system behavior duing device assignment. In
the particular case of 57810, rom execution hangs and if a FLR
follows, the device becomes inoperable until a power cycle. This
change blacklists loading of rom for such cards unless the user
specifies a romfile or rombar=1 on the cmd line

Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-02-26 10:33:45 -07:00
Bandan Das
52aa17cbd8 qdev-monitor: set DeviceState opts before calling realize
Setting opts before the realize property is set allows the
following patch to make decisions based on whether the user
specified "rombar". This also avoids having to create a new
tristate property especially for this purpose

Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-02-26 10:32:40 -07:00
Markus Armbruster
82d0794565 pci-assign: Fix potential read beyond buffer on -EBUSY
readlink() doesn't write a terminating null byte.
assign_failed_examine() passes the unterminated string to strrchr().
Oops.  Terminate it.

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-02-26 10:30:03 -07:00
Markus Armbruster
13665a2d2f vfio: Fix overrun after readlink() fills buffer completely
readlink() returns the number of bytes written to the buffer, and it
doesn't write a terminating null byte.  vfio_init() writes it itself.
Overruns the buffer when readlink() filled it completely.

Fix by treating readlink() filling the buffer completely as error,
like we do in pci-assign.c's assign_failed_examine().

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-02-26 10:28:36 -07:00
Peter Crosthwaite
c04018e933 dma/pl330: implement dmaadnh instruction
Implement the missing DMAADNH instruction. This is a minor variant
of the DMAADDH instruction, so factor out to a common implementation
for both (dmaadxh).

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 73ab13532a7cae53441da89b46c279b5f50785e3.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:09 +00:00
Peter Crosthwaite
a5ae7e3984 dma/pl330: Fix buffer depth
This is the product of the data-width and the depth arguments, I.e the
depth of the FIFO is in terms of data entries and not bytes (which is
what the original implementation was suggesting). Fix.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: c34de31031511538ccdb3164b48ee8a6a973ebd4.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:08 +00:00
Peter Crosthwaite
432a0a130e dma/pl330: Add event debugging printfs
These are helpful to anyone trying to debug event sequencing.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: e82a0ad804db3de4f46839e55a9d287735ef870d.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:08 +00:00
Peter Crosthwaite
1c8be73d4e dma/pl330: Rename parent_obj
As per current QOM conventions.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: abb137347ea1ee9c31487b544f3d5435fb17f6a4.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:08 +00:00
Peter Crosthwaite
c3143ba877 dma/pl330: printf format type sweep.
Use PRI formats as appropriate rather than raw %x and %d. This fixes
debug printfery on some host platforms. Fix types of debug only
variables as appropriate.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: dbb5f5fd048b2d4a3cb5c6357577d11211a7a585.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:08 +00:00
Peter Crosthwaite
024c6e2ea5 dma/pl330: Fix misleading type
This type really should just be a regular int as no usages rely on it's
32 bitness (it's only meaningful as a bit position and not a bit mask).
This also fixes a printf which uses the variable with a regular %d.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 2a99d31f377aee371476d9da8fd0d1b7efa30f63.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:08 +00:00
Peter Crosthwaite
63a31905cb dma/pl330: Delete overly verbose debug printf
When using event synchronisation, this particular debug printf floods.
Just delete it.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: dd94d19493f97c47497b9d8caf74ca43e70d58fd.1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:07 +00:00
Will Newton
eb0ecd5ad9 target-arm: Add support for AArch32 ARMv8 CRC32 instructions
Add support for AArch32 CRC32 and CRC32C instructions added in ARMv8
and add a CPU feature flag to enable these instructions.

The CRC32-C implementation used is the built-in qemu implementation
and The CRC-32 implementation is from zlib. This requires adding zlib
to LIBS to ensure it is linked for the linux-user binary.

Signed-off-by: Will Newton <will.newton@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1393411566-24104-3-git-send-email-will.newton@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:07 +00:00
Will Newton
0956ff5a4e include/qemu/crc32c.h: Rename include guards to match filename
Signed-off-by: Will Newton <will.newton@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1393411566-24104-2-git-send-email-will.newton@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26 17:20:07 +00:00
Peter Maydell
1f79ee32b5 target-arm: Add utility function for checking AA32/64 state of an EL
There are various situations where we need to behave differently
depending on whether a given exception level is in AArch64 or
AArch32 state. The state of the current exception level is stored
in env->aarch64, but there's no equivalent guest-visible architected
state bits for the status of the exception levels "above" the
current one which may still affect execution. At the moment we
only support EL1 (ie no EL2 or EL3) and insist that AArch64
capable CPUs run with EL1 in AArch64 state, but these may change
in the future, so abstract out the "what state is this?" check
into a utility function which can be enhanced later if necessary.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-02-26 17:20:07 +00:00
Peter Maydell
34222fb810 target-arm: Implement AArch64 view of CPACR
Implement the AArch64 view of the CPACR. The AArch64
CPACR is defined to have a lot of RES0 bits, but since
the architecture defines that RES0 bits may be implemented
as reads-as-written and we know that a v8 CPU will have
no registered coprocessors for cp0..cp13 we can safely
implement the whole register this way.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-02-26 17:20:06 +00:00
Peter Maydell
9cfa0b4e4c target-arm: A64: Implement MSR (immediate) instructions
Implement the MSR (immediate) instructions, which can update the
PSTATE SP and DAIF fields.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-02-26 17:20:06 +00:00
Peter Maydell
4cc35614a0 target-arm: Store AIF bits in env->pstate for AArch32
To avoid complication in code that otherwise would not need to
care about whether EL1 is AArch32 or AArch64, we should store
the interrupt mask bits (CPSR.AIF in AArch32 and PSTATE.DAIF
in AArch64) in one place consistently regardless of EL1's mode.
Since AArch64 has an extra enable bit (D for debug exceptions)
which isn't visible in AArch32, this means we need to keep
the enables in env->pstate. (This is also consistent with the
general approach we're taking that we handle 32 bit CPUs as
being like AArch64/ARMv8 CPUs but which only run in 32 bit mode.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-02-26 17:20:06 +00:00
Peter Maydell
1ed69e82b8 target-arm: A64: Implement WFI
Implement the WFI instruction for A64; this just involves wiring
up the instruction, and adding a gen_a64_set_pc_im() which was
accidentally omitted from the A64 decoder top loop.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-02-26 17:20:06 +00:00
Peter Maydell
d9ea7d290b target-arm: Get MMU index information correct for A64 code
Emit the correct MMU index information for loads and stores from
A64 code, rather than hardwiring it to "always kernel mode",
by storing the exception level in the TB flags, and make
cpu_mmu_index() return the right answer when the CPU is in
AArch64 mode.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-02-26 17:20:05 +00:00