Commit Graph

13879 Commits

Author SHA1 Message Date
Michael S. Tsirkin
b150613200 vhost_net: add version_1 feature
Add VERSION_1 to list of features that we should
test at the backend.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-10 18:15:04 +02:00
Cornelia Huck
df91055db5 virtio-net: enable virtio 1.0
virtio-net (non-vhost) now should have everything in place to support
virtio 1.0: let's enable the feature bit for it.

Note that VIRTIO_F_VERSION_1 is technically a transport feature; once
every device is ready for virtio 1.0, we can move setting this
feature bit out of the individual devices.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-10 18:15:04 +02:00
Cornelia Huck
bb9d17f831 virtio-net: support longer header
virtio-1 devices always use num_buffers in the header, even if
mergeable rx buffers have not been negotiated.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-10 18:15:04 +02:00
Cornelia Huck
b6a3cddb22 virtio-net: no writeable mac for virtio-1
Devices operating as virtio 1.0 may not allow writes to the mac
address in config space.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-10 18:15:04 +02:00
Cornelia Huck
0b352fd680 virtio: allow to fail setting status
virtio-1 allow setting of the FEATURES_OK status bit to fail if
the negotiated feature bits are inconsistent: let's fail
virtio_set_status() in that case and update virtio-ccw to post an
error to the guest.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-10 18:15:04 +02:00
Cornelia Huck
6c0196d702 virtio: disallow late feature changes for virtio-1
For virtio-1 devices, the driver must not attempt to set feature bits
after it set FEATURES_OK in the device status. Simply reject it in
that case.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-10 18:15:04 +02:00
Cornelia Huck
f5a5628cf0 dataplane: allow virtio-1 devices
Handle endianness conversion for virtio-1 virtqueues correctly.

Note that dataplane now needs to be built per-target.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-10 18:15:04 +02:00
Cornelia Huck
ab223c9518 virtio: allow virtio-1 queue layout
For virtio-1 devices, we allow a more complex queue layout that doesn't
require descriptor table and rings on a physically-contigous memory area:
add virtio_queue_set_rings() to allow transports to set this up.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-10 18:15:04 +02:00
Cornelia Huck
3c185597c8 virtio: endianness checks for virtio 1.0 devices
Add code that checks for the VERSION_1 feature bit in order to make
decisions about the device's endianness. This allows us to support
transitional devices.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-10 18:15:04 +02:00
Peter Maydell
3974c9d8cc fw_cfg: drop write support, qemu cmdline support, bugfixes.
bios-tables-test: fix smbios test.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJVd9lhAAoJEEy22O7T6HE41aEP/Avmt5hKB3h83U2BRAZRtta1
 s1CO6AqM94h/NiZlOInZIlH05fn87Aycp5HzyyGsl9Gjjve8/ZUNYYpbl5LPylq0
 Fbm8oOO1R3QjhOEnHCBO0WJStkzbk3U8lNNIO6xhhNFho3FgYkdGvNs1f81vG2iV
 gnCQBQI90BpqzMZA7Hr/5iAXgAmX0fo8gd/iN2LCX9rMpJfjZLCfKYzb5KaFu+Ha
 WI6gxFCLwrQz94P4hA8KsEGgGZv9C3ZEVCmRL0RDDCwTsI1VYfeQvUNwmWOumD9g
 kLEnIRj561hD+UV/b/kzpeLZw7QszluAm4aO8/0dmDvKi3/h19BIXFht3QB4BmEd
 1J4KbWYvWW2xBYe6OnpnGYs+xG9L+8qnYTNg/+/ng7Akev1nGBsccPwlOCijCojL
 jvTF7jCiQLPvGWM2ImRPwTxV09Ys644lJfoRQ8euy1yrpAKT8mAXGthKfLcprk1j
 MJ8GSmqJHKt71svtLqKquWcXX/IdK/ZTQdsAKUwffUKJ40iFpMjx2NLq22yZtoYj
 Gcec54acjf/Ej0rA09J8SG+jnEPFJqaVEAn3XcQZ99V5I3LOlOZoSy84/xjB0QTl
 bcJN4P8S3srgqIWN+j82VkjoL/D3qqYnJaEgB0LjMXiUkTbYHxJtL32sgYJhUOy/
 VDi6MmPkyrZHcyuTYbNs
 =ZUVk
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-fw_cfg-20150610-1' into staging

fw_cfg: drop write support, qemu cmdline support, bugfixes.
bios-tables-test: fix smbios test.

# gpg: Signature made Wed Jun 10 07:29:53 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-fw_cfg-20150610-1:
  bios-tables-test: handle false-positive smbios signature matches
  fw_cfg: insert fw_cfg file blobs via qemu cmdline
  fw_cfg: prohibit insertion of duplicate fw_cfg file names
  fw_cfg: prevent selector key conflict
  fw_cfg: remove support for guest-side data writes
  fw_cfg: fix FW_CFG_BOOT_DEVICE update on ppc and sparc
  fw_cfg: add fw_cfg_modify_i16 (update) method
  QemuOpts: increase number of vm_config_groups

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-10 16:52:35 +01:00
Peter Maydell
eed8a8f572 Initial VFIO platform device support, v2 (Eric Auger, et al.)
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIbBAABAgAGBQJVdvdkAAoJECObm247sIsiuf8P92p6f53BdexSdumBnWsGiAjB
 AHKCYSzp8QaAD++PiMJ7g9PGX8rPrRlTZ8SmE4tOX27hmm8LMlQX7meHLfmu5ZBx
 f9W+dGqR7g+F6am5fOr+QfdAG+qmZGCsi5jUO8Q+RyQD1B80dPWWc5g0HqgB4sJY
 JZ+TKO6gyMkk1+Uf7ye23R7JAtqAkbJAyWjHmGCHw4jOUqo250FPTuaRoburG8ED
 dw9AHviBt5co4b2Ut5Tc69E/TLE8RK+egXeIQdVx2YAV4U0J1wVwXkAFsjtQo6Vi
 5AlGDh3el4PhJwEMsaMk+WVxyvQlFOQq9VSe0smnZrRewwrNbXTfaHRVW7mv6v6E
 kaKfQ0Djlxy26jlbtW1hSfO+xYAEpnUDV94CUgRUHYYBUEZn16NPBTvbiMIW/re0
 kpj6Ho0TVboHCIKR2vJxG/AA5ezAJ3g8nSGpMr33FBwY/3eZmE3Tz+fVzB3ilX8h
 aODq+r9uNiffspjDXsIGwazhBvBW/xH1Z3tyc8PsdVS2r0mJ+tITNBKOX25mrN/b
 12Bhy1OTgO/xfU+mOzchEWR3mLQKs9/+uWdeNgKwswv1zrql83wZRSvvdUvykiTy
 mdTwgNl/nG4QOGippXbJBwjBRArwVdheLP6GHBeIWOmoYYMW7wTvMLZgIHO2GxBT
 GoFgSBBW/AageH/XCFM=
 =8dnK
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150609.0' into staging

Initial VFIO platform device support, v2 (Eric Auger, et al.)

# gpg: Signature made Tue Jun  9 15:25:40 2015 BST using RSA key ID 3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"

* remotes/awilliam/tags/vfio-update-20150609.0:
  hw/vfio/platform: calxeda xgmac device
  hw/vfio/platform: add irq assignment
  hw/vfio/platform: vfio-platform skeleton

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-10 15:46:39 +01:00
Petr Matousek
9f7c594c00 pcnet: force the buffer access to be in bounds during tx
4096 is the maximum length per TMD and it is also currently the size of
the relay buffer pcnet driver uses for sending the packet data to QEMU
for further processing. With packet spanning multiple TMDs it can
happen that the overall packet size will be bigger than sizeof(buffer),
which results in memory corruption.

Fix this by only allowing to queue maximum sizeof(buffer) bytes.

This is CVE-2015-3209.

[Fixed 3-space indentation to QEMU's 4-space coding standard.
--Stefan]

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reported-by: Matt Tait <matttait@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-10 15:03:02 +01:00
Jason Wang
24bfa207ef vhost: put log correctly in vhost_dev_start()
We allocate an dummy log even if the size is zero. So we should put it
unconditionally too.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-10 16:00:08 +02:00
Gerd Hoffmann
62232bf484 virtio-gpu/2d: add virtio gpu core code
This patch adds the core code for virtio gpu emulation,
covering 2d support.

Written by Dave Airlie and Gerd Hoffmann.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-10 11:02:00 +02:00
Gerd Hoffmann
220869e12d stdvga: factor out mmio subregion init
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-10 11:02:00 +02:00
Gerd Hoffmann
cf45ec6a52 stdvga: pass VGACommonState instead of PCIVGAState
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-10 11:01:59 +02:00
Gerd Hoffmann
24cdff7c82 stdvga: fix offset in pci_vga_ioport_read
Simliar to pci_vga_ioport_write.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-10 11:01:59 +02:00
Gabriel L. Somlo
0eb973f915 fw_cfg: prohibit insertion of duplicate fw_cfg file names
Exit with an error (instead of simply logging a trace event)
whenever the same fw_cfg file name is added multiple times via
one of the fw_cfg_add_file[_callback]() host-side API calls.

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-10 08:00:37 +02:00
Gabriel L. Somlo
0f9b214139 fw_cfg: prevent selector key conflict
Enforce a single assignment of data for each distinct selector key.

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-10 08:00:37 +02:00
Gabriel L. Somlo
023e314856 fw_cfg: remove support for guest-side data writes
From this point forward, any guest-side writes to the fw_cfg
data register will be treated as no-ops. This patch also removes
the unused host-side API function fw_cfg_add_callback(), which
allowed the registration of a callback to be executed each time
the guest completed a full overwrite of a given fw_cfg data item.

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-10 08:00:37 +02:00
Gabriel L. Somlo
48779e5018 fw_cfg: fix FW_CFG_BOOT_DEVICE update on ppc and sparc
On ppc, sparc, and sparc64, the value of the FW_CFG_BOOT_DEVICE 16bit
fw_cfg entry is repeatedly modified from a series of callbacks, which
currently results in the previous value's dynamically allocated memory
being leaked.

This patch switches updating to the new fw_cfg_modify_i16() call, which
does not cause memory leaks.

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-10 08:00:37 +02:00
Gabriel L. Somlo
1edd34b638 fw_cfg: add fw_cfg_modify_i16 (update) method
Allow the ability to modify the value of an existing 16-bit integer
fw_cfg item.

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-10 08:00:37 +02:00
Eric Auger
7a8d15d770 hw/vfio/platform: calxeda xgmac device
The platform device class has become abstract. This patch introduces
a calxeda xgmac device that derives from it.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-06-09 08:17:17 -06:00
Peter Maydell
44ee94e486 s390x/virtio-ccw: migration and virtio for 2.4
1. Migration fixups
 2. virtio 9pfs
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJVdp0FAAoJEBF7vIC1phx8oZcP/RVDTZ8OOz+OkSqDQITTezmM
 yziWEjoWqFsGWBuwZp8eztQKdF/Jpx+YgE3XnFFFFFiH+HvsBhG8dJIHjKEPqP5W
 vdd2ZgO0VeXH8v5PW8TbZG6jUBjoNWjNGeFwxIunqbyViUXI98rwEIHj0ntXkPRR
 KhPuiPTpE4/cZOdGmC3qLC3m1nFVTTfnaXiVJGedcATkjJeDs5VbgstZd6YgXRkG
 HfUDJzkvD8FpdYW9/XBChfKPPWYvFa1wabGdrC/FJYmrcPuJUDWHpERsyAM8vF7F
 daAuYG2iF6EGv7H+XKJb4ZLnSkfHA3OCeGeMYApo/DIyWb3w6jwU0xjv2PVatSPa
 KMWOFq8um5pM9fV1+TQIbh2sFSq6aHcpG6r/vdt6cpbO2c9O3Xt/W8DgTNFMyBaC
 NUTs+8mKp165EzwbLZvAztcBE+2frHlXas+jFwLJm2S70pZTAw3uv4MbyLAePzd1
 2cn2zmDGxpmgwCrjSZA8mNq/DPVXtc1/ACFv6ymYItz5Cnrls+SRdOmbwwZZRyXo
 SNmUyQxQCm+C8J52pVMC7hGZYiegSJjZRJYsR9zpUKzB/Y8ghoFTDPSTw8llWtLD
 wxiAOxPTo8gql1IpCdpPSLQqyxOvgKIhxU5yRs1H2b3xov65amc3CyYAS+DdJQ2g
 XHTKOR31driw82O6glu9
 =s6YP
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20150609' into staging

s390x/virtio-ccw: migration and virtio for 2.4

1. Migration fixups
2. virtio 9pfs

# gpg: Signature made Tue Jun  9 09:00:05 2015 BST using RSA key ID B5A61C7C
# gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>"

* remotes/borntraeger/tags/s390x-20150609:
  s390x/migration: add comment about floating point migration
  s390x/kvm: always ignore empty vcpu interrupt state
  virtio-ccw/migration: Migrate config vector for virtio devices
  virtio-ccw: add support for 9pfs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-09 11:07:41 +01:00
Markus Armbruster
28d0de7a4f QemuOpts: Convert qemu_opts_foreach() to Error
Retain the function value for now, to permit selective conversion of
its callers.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
2015-06-09 07:37:37 +02:00
Markus Armbruster
a4c7367f7d QemuOpts: Drop qemu_opts_foreach() parameter abort_on_failure
When the argument is non-zero, qemu_opts_foreach() stops on callback
returning non-zero, and returns that value.

When the argument is zero, it doesn't stop, and returns the bit-wise
inclusive or of all the return values.  Funky :)

The callers that pass zero could just as well pass one, because their
callbacks can't return anything but zero:

* qemu_add_globals()'s callback qdev_add_one_global()

* qemu_config_write()'s callback config_write_opts()

* main()'s callbacks default_driver_check(), drive_enable_snapshot(),
  vnc_init_func()

Drop the parameter, and always stop.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
2015-06-08 19:33:20 +02:00
Eric Auger
38559979bf hw/vfio/platform: add irq assignment
This patch adds the code requested to assign interrupts to
a guest. The interrupts are mediated through user handled
eventfds only.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Tested-by: Vikram Sethi <vikrams@codeaurora.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-06-08 09:25:26 -06:00
Eric Auger
0ea2730bef hw/vfio/platform: vfio-platform skeleton
Minimal VFIO platform implementation supporting register space
user mapping but not IRQ assignment.

Signed-off-by: Kim Phillips <kim.phillips@linaro.org>
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Tested-by: Vikram Sethi <vikrams@codeaurora.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-06-08 09:25:25 -06:00
Peter Maydell
ee09f84e6b * KVM error improvement from Laurent
* CONFIG_PARALLEL fix from Mirek
 * Atomic/optimized dirty bitmap access from myself and Stefan
 * BUILD_DIR convenience/bugfix from Peter C
 * Memory leak fix from Shannon
 * SMM improvements (though still TCG only) from myself and Gerd, acked by mst
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJVceAwAAoJEL/70l94x66Dyz4H/RHS/OUGo6HOwG1FZ4l8RxRl
 FY+pwJqinxFyGySmMLVHEeQCsIfxgi8bOmuWblG7sdt245nhMIj2jglyEOCUA3RN
 Q9qxQr6QyXBWiwK4bfB7xI1z3/mc8cVvuxjtkLaBMa16A4MXMunWCDcyhsX9/0Vw
 VySgTgBbn5AyY5x58TbkB7Tl6hMZgxF0yNwU6IGQvP079dgREAL2tzR1Wk8kPC80
 ltLWlrwTAzF2km5m6rmstpMeZ/XIaq3DD2LU03SyUhefMsYowGKK+7Boo4lHpVm9
 XAlxflahN7VGtQuno5RpYNNSzGqSJgqu5X5JxCMnbWdPi4sX3bijQdcUhW3/0oo=
 =KPIz
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* KVM error improvement from Laurent
* CONFIG_PARALLEL fix from Mirek
* Atomic/optimized dirty bitmap access from myself and Stefan
* BUILD_DIR convenience/bugfix from Peter C
* Memory leak fix from Shannon
* SMM improvements (though still TCG only) from myself and Gerd, acked by mst

# gpg: Signature made Fri Jun  5 18:45:20 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (62 commits)
  update Linux headers from kvm/next
  atomics: add explicit compiler fence in __atomic memory barriers
  ich9: implement SMI_LOCK
  q35: implement TSEG
  q35: add test for SMRAM.D_LCK
  q35: implement SMRAM.D_LCK
  q35: add config space wmask for SMRAM and ESMRAMC
  q35: fix ESMRAMC default
  q35: implement high SMRAM
  hw/i386: remove smram_update
  target-i386: use memory API to implement SMRAM
  hw/i386: add a separate region that tracks the SMRAME bit
  target-i386: create a separate AddressSpace for each CPU
  vl: run "late" notifiers immediately
  qom: add object_property_add_const_link
  vl: allow full-blown QemuOpts syntax for -global
  pflash_cfi01: add secure property
  pflash_cfi01: change to new-style MMIO accessors
  pflash_cfi01: change big-endian property to BIT type
  target-i386: wake up processors that receive an SMI
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-08 15:57:41 +01:00
Peter Maydell
2e29dd7c44 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQIcBAABAgAGBQJVcf+LAAoJEH3vgQaq/DkOMGYP/i/LxItDxCgfi+n6a1TIhgvs
 shp6FkatH50f0b4EoimmMhZJWZBU9GoTgNhULgreTm0fgv9d87ciFkabUZhJLO7e
 Sck+qMJYUpdB6goyVFC3efq7LpuwoGGBhekiQjMBe/a0f64BlYi8tL6hLpN/K3Cu
 i51ASrAD0rJvp58xAX9/Tgsopi8+++FPaOQzpUL81Zz6z6AGACkpepTndgxkt5DA
 +s5KHIod0+pUDVa6wjLxA3cWUPx8nA9emoRwl1eu98bwVPa/DX+TAa5ubLliIHtG
 CGwGZ97W0fHufmZbSCaCYsaHrRVKLBpmGQNorsZVcV/053yW8o5GKFcXMlH797sb
 dzcNvKPkHNlPJdPgU5akGeEtufesSWDqErOtlruoxR5HmBNHVkB4zFFpovAtrfGY
 YbpjrYk87W9OixQWOW6toHG3gE87jZnxj3GAIlWqJh1vSVqWWC2PNZTFqtQPu3lp
 gu3fv3kaa/EbLujmlfq6uD4MFQZlYjJG6JelLydLdimTnr/ad43vABbXGfgaDKAT
 X++CN9tst0hiuj3n/dJcDkox//U+yCbnPRk00H1bjT//YYJULtCeZk7Y0hVaB5mZ
 36PrTAK2FlTZ5caK7KrEtwzsRL4b61mrhzFi7E+Gd31wEiZA30fDu16sX0f+8+ex
 BqwG0voyXrQp1yx+M8cH
 =TBeO
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Fri Jun  5 20:59:07 2015 BST using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/ide-pull-request:
  macio: remove remainder_len DBDMA_io property
  macio: update comment/constants to reflect the new code
  macio: switch pmac_dma_write() over to new offset/len implementation
  macio: switch pmac_dma_read() over to new offset/len implementation
  fdc-test: Test state for existing cases more thoroughly
  fdc: Fix MSR.RQM flag
  fdc: Disentangle phases in fdctrl_read_data()
  fdc: Code cleanup in fdctrl_write_data()
  fdc: Use phase in fdctrl_write_data()
  fdc: Introduce fdctrl->phase
  fdc: Rename fdctrl_set_fifo() to fdctrl_to_result_phase()
  fdc: Rename fdctrl_reset_fifo() to fdctrl_to_command_phase()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-08 14:07:32 +01:00
Gerd Hoffmann
11e66a15a0 ich9: implement SMI_LOCK
Add write mask for the smi enable register, so we can disable write
access to certain bits.  Open all bits on reset.  Disable write access
to GBL_SMI_EN when SMI_LOCK (in ich9 lpc pci config space) is set.
Write access to SMI_LOCK itself is disabled too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 19:45:13 +02:00
Gerd Hoffmann
bafc90bdc5 q35: implement TSEG
TSEG provides larger amounts of SMRAM than the 128 KB available with
legacy SMRAM and high SMRAM.

Route access to tseg into nowhere when enabled, for both cpus and
busmaster dma, and add tseg window to smram region, so cpus can access
it in smm mode.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 19:45:13 +02:00
Gerd Hoffmann
68c77acfb1 q35: implement SMRAM.D_LCK
Once the SMRAM.D_LCK bit has been set by the guest several bits in SMRAM
and ESMRAMC become readonly until the next machine reset.  Implement
this by updating the wmask accordingly when the guest sets the lock bit.
As the lock it itself is locked down too we don't need to worry about
the guest clearing the lock bit.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:36:40 +02:00
Gerd Hoffmann
b66a67d751 q35: add config space wmask for SMRAM and ESMRAMC
Not all bits in SMRAM and ESMRAMC can be changed by the guest.
Add wmask defines accordingly and set them in mch_reset().

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:36:39 +02:00
Gerd Hoffmann
7744752402 q35: fix ESMRAMC default
The cache bits in ESMRAMC are hardcoded to 1 (=disabled) according to
the q35 mch specs.  Add and use a define with this default.

While being at it also update the SMRAM default to use the name (no code
change, just makes things a bit more readable).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:36:39 +02:00
Paolo Bonzini
64130fa4a1 q35: implement high SMRAM
When H_SMRAME is 1, low memory at 0xa0000 is left alone by
SMM, and instead the chipset maps the 0xa0000-0xbffff window at
0xfeda0000-0xfedbffff.  This affects both the "non-SMM" view controlled
by D_OPEN and the SMM view controlled by G_SMRAME, so add two new
MemoryRegions and toggle the enabled/disabled state of all four
in mch_update_smram.

Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:36:39 +02:00
Paolo Bonzini
3de70c0899 hw/i386: remove smram_update
It's easier to inline it now that most of its work is done by the CPU
(rather than the chipset) through /machine/smram and the memory API.

Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:36:39 +02:00
Paolo Bonzini
f809c60512 target-i386: use memory API to implement SMRAM
Remove cpu_smm_register and cpu_smm_update.  Instead, each CPU
address space gets an extra region which is an alias of
/machine/smram.  This extra region is enabled or disabled
as the CPU enters/exits SMM.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:36:39 +02:00
Paolo Bonzini
fe6567d5fd hw/i386: add a separate region that tracks the SMRAME bit
This region is exported at /machine/smram.  It is "empty" if
SMRAME=0 and points to SMRAM if SMRAME=1.  The CPU will
enable/disable it as it enters or exits SMRAM.

While touching nearby code, the existing memory region setup was
slightly inconsistent.  The smram_region is *disabled* in order to open
SMRAM (because the smram_region shows the low VRAM instead of the RAM
at 0xa0000).  Because SMRAM is closed at startup, the smram_region must
be enabled when creating the i440fx or q35 devices.

Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:36:39 +02:00
Paolo Bonzini
f71e42a5c9 pflash_cfi01: add secure property
When this property is set, MMIO accesses are only allowed with the
MEMTXATTRS_SECURE attribute.  This is used for secure access to UEFI
variables stored in flash.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:36:39 +02:00
Paolo Bonzini
5aa113f0a2 pflash_cfi01: change to new-style MMIO accessors
This is a required step to implement read_with_attrs and write_with_attrs.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:36:39 +02:00
Paolo Bonzini
e98094221e pflash_cfi01: change big-endian property to BIT type
Make this consistent with the secure property, added in the next patch.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:36:31 +02:00
Paolo Bonzini
d55d42078b framebuffer: check memory_region_is_logging
framebuffer.c expects DIRTY_MEMORY_VGA logging to be always on, but that
will not be the case soon.  Because framebuffer.c computes the memory
region on the fly for every update (with memory_region_find), it cannot
enable/disable logging by itself.

Instead, always treat updates as invalidations if dirty logging is
not enabled, assuming that the board will enable logging on the
RAM region that includes the framebuffer.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:09:59 +02:00
Paolo Bonzini
b2dfd71c48 memory: prepare for multiple bits in the dirty log mask
When the dirty log mask will also cover other bits than DIRTY_MEMORY_VGA,
some listeners may be interested in the overall zero/non-zero value of
the dirty log mask; others may be interested in the value of single bits.

For this reason, always call log_start/log_stop if bits have respectively
appeared or disappeared, and pass the old and new values of the dirty log
mask so that listeners can distinguish the kinds of change.

For example, KVM checks if dirty logging used to be completely disabled
(in log_start) or is now completely disabled (in log_stop).  On the
other hand, Xen has to check manually if DIRTY_MEMORY_VGA changed,
since that is the only bit it cares about.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:09:59 +02:00
Paolo Bonzini
2d1a35bef0 memory: differentiate memory_region_is_logging and memory_region_get_dirty_log_mask
For now memory regions only track DIRTY_MEMORY_VGA individually, but
this will change soon.  To support this, split memory_region_is_logging
in two functions: one that returns a given bit from dirty_log_mask,
and one that returns the entire mask.  memory_region_is_logging gets an
extra parameter so that the compiler flags misuse.

While VGA-specific users (including the Xen listener!) will want to keep
checking that bit, KVM and vhost check for "any bit except migration"
(because migration is handled via the global start/stop listener
callbacks).

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:09:58 +02:00
Paolo Bonzini
5299c0f2cf display: add memory_region_sync_dirty_bitmap calls
These are strictly speaking only needed for KVM and Xen, but it's still
nice to be consistent.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:09:58 +02:00
Paolo Bonzini
74259ae55b display: enable DIRTY_MEMORY_VGA tracking explicitly
This will be required soon by the memory core.

Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:09:58 +02:00
Paolo Bonzini
086f90e890 g364fb: remove pointless call to memory_region_set_coalescing
Coalescing work on MMIO, not RAM, thus this call has no effect.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:09:58 +02:00
Miroslav Rezanina
9157eee1b1 Move parallel_hds_isa_init to hw/isa/isa-bus.c
Disabling CONFIG_PARALLEL cause removing parallel_hds_isa_init defined in
parallel.c. This function is called during initialization of some boards so
disabling CONFIG_PARALLEL cause build failure.

This patch moves parallel_hds_isa_init to hw/isa/isa-bus.c so it is included
in case of disabled CONFIG_PARALLEL. Build is successful but qemu will abort
with "Unknown device" error when function is called.

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-Id: <1431509970-32154-1-git-send-email-mrezanin@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05 17:09:58 +02:00
Mark Cave-Ayland
0ba98885a0 macio: remove remainder_len DBDMA_io property
Since the block alignment code is now effectively independent of the DMA
implementation, this variable is no longer required and can be removed.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1433455177-21243-5-git-send-email-mark.cave-ayland@ilande.co.uk
Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-04 20:25:39 -04:00
Mark Cave-Ayland
b01d44cd06 macio: update comment/constants to reflect the new code
With the offset/len functions taking care of all of the alignment mapping
in isolation from the DMA tranasaction, many comments are now unnecessary.
Remove these and tidy up a few constants at the same time.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1433455177-21243-4-git-send-email-mark.cave-ayland@ilande.co.uk
Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-04 20:25:39 -04:00
Mark Cave-Ayland
ac58fe7b2c macio: switch pmac_dma_write() over to new offset/len implementation
In particular, this fixes a bug whereby chains of overlapping head/tail chains
would incorrectly write over each other's remainder cache. This is the access
pattern used by OS X/Darwin and fixes an issue with a corrupt Darwin
installation in my local tests.

While we are here, rename the DBDMA_io struct property remainder to
head_remainder for clarification.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1433455177-21243-3-git-send-email-mark.cave-ayland@ilande.co.uk
Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-04 20:25:39 -04:00
Mark Cave-Ayland
0389b8f8c7 macio: switch pmac_dma_read() over to new offset/len implementation
For better handling of unaligned block device accesses.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1433455177-21243-2-git-send-email-mark.cave-ayland@ilande.co.uk
Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-04 20:25:39 -04:00
Peter Maydell
d6688ba17b pc, acpi, virtio, tpm
This includes pxb support by Marcel, as well as multiple enhancements all over
 the place.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVcC2WAAoJECgfDbjSjVRpwgcH/3mvFP3UmvmXyzf8mYtQ/1fR
 ikvdTGHl2DR7TMQszNeCJn/p6NgH3oXRbXh39xM1xl9D2/dsZH9o1cUyFE04K9LK
 am0cTmlty1OEyFN8BX1TtpngUxa5mpRA/+NYuWbh1FoTp6RoEPM6P+L1zLqtXYn1
 REF++ehrsQI2Az2pibf4nul8bwuTWJLJeMS6TcCVCRGoaHsCESiVMu2sQrzEbWEW
 E8ZWaXaiycLxLkW0/oU8BmZyrAk1PHdHwgbMUINV0kV5E2u+ZU+3KY79ezC2FyHW
 NV7G9Rhh/5H828/cB6UP4CPZ4AYIYmg02iz5XBGKbd8WS9oPrJVK7EoqfU3oZfc=
 =5AmP
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc, acpi, virtio, tpm

This includes pxb support by Marcel, as well as multiple enhancements all over
the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Thu Jun  4 11:51:02 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream: (28 commits)
  vhost: logs sharing
  hw/acpi: piix4_pm_init(): take fw_cfg object no more
  hw/acpi: move "etc/system-states" fw_cfg file from PIIX4 to core
  hw/acpi: acpi_pm1_cnt_init(): take "disable_s3" and "disable_s4"
  pc-dimm: don't assert if pc-dimm alignment != hotpluggable mem range size
  docs: Add PXB documentation
  apci: fix PXB behaviour if used with unsupported BIOS
  hw/pxb: add numa_node parameter
  hw/pci: add support for NUMA nodes
  hw/pxb: add map_irq func
  hw/pci: inform bios if the system has extra pci root buses
  hw/pci: introduce PCI Expander Bridge (PXB)
  hw/pci: removed 'rootbus nr is 0' assumption from qmp_pci_query
  hw/acpi: remove from root bus 0 the crs resources used by other buses.
  hw/acpi: add _CRS method for extra root busses
  hw/apci: add _PRT method for extra PCI root busses
  hw/acpi: add support for i440fx 'snooping' root busses
  hw/pci: extend PCI config access to support devices behind PXB
  hw/i386: query only for q35/pc when looking for pci host bridge
  hw/pci: made pci_bus_num a PCIBusClass method
  ...

Conflicts:
	hw/i386/pc_piix.c

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-04 18:33:24 +01:00
Peter Maydell
3b730f570c Patch queue for ppc - 2015-06-03
Highlights this time around:
 
   - sPAPR: endian fixes, speedups, bug fixes, hotplug basics
   - add default ram size capability for machines (sPAPR defaults to 512MB now)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJVb3itAAoJECszeR4D/txgGncQAIz7tPRvMlCJyaGdYIkySUh4
 vbwAf4Z2Ddjv/gA/3G3oY1lC5RnhOJucxCbobzdayKecrdkdAJa/O/6RbKij4zMD
 svXseSpk8aKr4yrfNItxrjysJsp4cMS7APim7HcF5mOBJJqp0COkr1q97VteTfY1
 AdiSfBU5IEj0RZ+J1pSnMVf837gLiKSv+L2gTyGkb66VBMqZOZzu5UuoUhIOfa+R
 /tlm2VMRKe7vrU7Q4TL8Syn9UZnB03aNrKIXYN0VJy5WTePSMWPSQ6fbImTELEQB
 En87DGYt/QVs0eB7XNwzhF0REFblHECOzFhbOovCrvGZIa4xai8HJaJHMeaxQfkx
 4Aiby7Kv8wJgjn13OuBTvG7YWtw3hJcO1i0ePs2MmGz9sJNzhz0tyRSRglc3xN1Q
 RBrqyl3lOsnvNRzj/py7kYxCKtG8xlkaTSkO6FfXmt9UMW91pqWo4/2LCTON0zkx
 +gd2UW7JPw2u6ttzCu+b8BZv1ATovHoj2wXPP4iEYpe1sGT6qp4moZZ6CtWex/O3
 4Lhd9jJVJurMZl6e1pn/4bkcEhNvT2B484GmmerrZXrtlKm9wcepqMJC2bVCtzjT
 JBLNGTk6z8QKN5WRD+LWD3LgEjAEqV6nvqrmiwovMUtC0lJSHJTTAoeurM3h6jJn
 eaR4tzdEqHgDhzkOCHux
 =zWZp
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging

Patch queue for ppc - 2015-06-03

Highlights this time around:

  - sPAPR: endian fixes, speedups, bug fixes, hotplug basics
  - add default ram size capability for machines (sPAPR defaults to 512MB now)

# gpg: Signature made Wed Jun  3 22:59:09 2015 BST using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg:                 aka "Alexander Graf <alex@csgraf.de>"

* remotes/agraf/tags/signed-ppc-for-upstream: (40 commits)
  softmmu: support up to 12 MMU modes
  tcg: add TCG_TARGET_TLB_DISPLACEMENT_BITS
  tci: do not use CPUArchState in tcg-target.h
  Add David Gibson for sPAPR in MAINTAINERS file
  pseries: Enable in-kernel H_LOGICAL_CI_{LOAD, STORE} implementations
  spapr: override default ram size to 512MB
  machine: add default_ram_size to machine class
  spapr_pci: emit hotplug add/remove events during hotplug
  spapr_pci: enable basic hotplug operations
  pci: make pci_bar useable outside pci.c
  spapr_pci: create DRConnectors for each PCI slot during PHB realize
  spapr_pci: add dynamic-reconfiguration option for spapr-pci-host-bridge
  spapr_drc: add spapr_drc_populate_dt()
  spapr_events: event-scan RTAS interface
  spapr_events: re-use EPOW event infrastructure for hotplug events
  spapr_rtas: add ibm, configure-connector RTAS interface
  spapr: add rtas_st_buffer_direct() helper
  spapr_rtas: add get-sensor-state RTAS interface
  spapr_rtas: add set-indicator RTAS interface
  spapr_rtas: add get/set-power-level RTAS interfaces
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-04 14:04:14 +01:00
Peter Maydell
2700a976db trivial patches for 2015-06-03
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVbvwjAAoJEL7lnXSkw9fbaFwIAIh6PN5v6fvuEjnPX5ijHZC2
 7iJoFd0I2cYrxgLe4xONFX9qzV5vgdEAJfXCljVCKAmzu5RK7G0ZSW81sJ3t6Mp8
 kA8buJeyTp2UcTlDrC3qji8ScEIj+g8I9tKGflNVI2uDAVumMBPqnJNSFhbaqYlu
 SEq+4y/D3J6xPzr7NhyHliG0NmxJrIn6QCtux5djj3xO4KXfp1j2YQCPKhYjkRlW
 wHfqeD7x9LX6875FX3csgfPsYIycW0WYtba2adTe0vbTsclOY0CU3ho8HPeXgHE6
 WQj6KYGT8Fo0zmK8UV0Jmok7+hZoxXXInf6vY+sSY58oe71FgdxNwLvIC6N0eQc=
 =AALk
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2015-06-03' into staging

trivial patches for 2015-06-03

# gpg: Signature made Wed Jun  3 14:07:47 2015 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"

* remotes/mjt/tags/pull-trivial-patches-2015-06-03: (30 commits)
  configure: postfix --extra-cflags to QEMU_CFLAGS
  cadence_gem: Fix Rx buffer size field mask
  slirp: use less predictable directory name in /tmp for smb config (CVE-2015-4037)
  translate-all: delete prototype for non-existent function
  Add -incoming help text
  hw/display/tc6393xb.c: Fix misusing qemu_allocate_irqs for single irq
  hw/arm/nseries.c: Fix misusing qemu_allocate_irqs for single irq
  hw/alpha/typhoon.c: Fix misusing qemu_allocate_irqs for single irq
  hw/unicore32/puv3.c: Fix misusing qemu_allocate_irqs for single irq
  hw/lm32/milkymist.c: Fix misusing qemu_allocate_irqs for single irq
  hw/lm32/lm32_boards.c: Fix misusing qemu_allocate_irqs for single irq
  hw/ppc/prep.c: Fix misusing qemu_allocate_irqs for single irq
  hw/sparc/sun4m.c: Fix misusing qemu_allocate_irqs for single irq
  hw/timer/arm_timer.c: Fix misusing qemu_allocate_irqs for single irq
  hw/isa/i82378.c: Fix misusing qemu_allocate_irqs for single irq
  hw/isa/lpc_ich9.c: Fix misusing qemu_allocate_irqs for single irq
  hw/i386/pc: Fix misusing qemu_allocate_irqs for single irq
  hw/intc/exynos4210_gic.c: Fix memory leak by adjusting order
  hw/arm/omap_sx1.c: Fix memory leak spotted by valgrind
  hw/ppc/e500.c: Fix memory leak
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-04 12:49:15 +01:00
Jason Wang
309750fad5 vhost: logs sharing
Currently we allocate one vhost log per vhost device. This is sub
optimal when:

- Guest has several device with vhost as backend
- Guest has multiqueue devices

In the above cases, we can avoid the memory allocation by sharing a
single vhost log among all the vhost devices. This is done through:

- Introducing a new vhost_log structure with refcnt inside.
- Using a global pointer to vhost_log structure that will be used. And
  introduce helper to get the log with expected log size and helper to
- drop the refcnt to the old log.
- Each vhost device still keep track of a pointer to the log that was
  used.

With above, if no resize happens, all vhost device will share a single
vhost log. During resize, a new vhost_log structure will be allocated
and made for the global pointer. And each vhost devices will drop the
refcnt to the old log.

Tested by doing scp during migration for a 2 queues virtio-net-pci.

Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-04 12:44:49 +02:00
Peter Maydell
6fa6b31276 X86 queue 2015-06-02
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJVbgItAAoJECgHk2+YTcWmGhYP/RMNvcoOQzfRZ1xqztQlm2cp
 WRSnsQm2+16omGypuEGTgjr/pojlD/xRllhFMJqYPGt0ZSmwsd6AgZtU5hLnHGRb
 HJdq1js7GPsduR8/DPoBCAD6nA8wsrdjBt5WZkCf35WU4CaPFDTx1w35KdekdzVS
 0guhSypAQdrxIULvPteJw/S6u6OA42nads2xClfvmzE3kKnedeBcLLE/GzrrkIc3
 5aFjS1ndVK9rtOBldnIqq10q89c7ug60wuZi0SFqf1r4Do9cZqQgmXU7c0OiJu1G
 05F0racvGaCMNp1JyH6z5pvPVjImZfu06Wz0+433hKSHvNqh25mJ4lZVGcqfHFoB
 Ek2+iam6xej1+I2Wbt3NOBR8K0ldDMtnVpUiXMUvT2j4AUQBc2Cs79rXBgY8Qz3P
 48fI2xMlOY0TFIQTra38ZomX4Jkukhu38BRixed2/CGi1mo6N9GT5OCYBBsy2MgW
 o4yFmnzJD8eCopWXFXc93Pvdvrpn5/NJsmiNDFO66lxfQr+VfqzlG6eWpxQ7wXpR
 /JY8k21R0gHB02v7B2Kyqdj9UXmunYWS28P6LJ/z5UtCCivr/+szUTdKDOvKXt42
 HrVGgpEscs0huvsUPzJRtCYYsgKIEZB7UTxOxHiAPmBOBBnB/pLiOrkoZuQIiQee
 KxjJWNd9wMOyx90t54AI
 =VKFL
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging

X86 queue 2015-06-02

# gpg: Signature made Tue Jun  2 20:21:17 2015 BST using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-pull-request:
  arch_init: Drop target-x86_64.conf
  target-i386: Register QOM properties for feature flags
  apic: convert ->busdev.qdev casts to C casts
  target-i386: Fix signedness of MSR_IA32_APICBASE_BASE
  pc: Ensure non-zero CPU ref count after attaching to ICC bus

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-04 11:44:32 +01:00
Laszlo Ersek
6e7d82497d hw/acpi: piix4_pm_init(): take fw_cfg object no more
This PIIX4 init function has no more reason to receive a pointer to the
FwCfg object. Remove the parameter from the prototype, and update callers.

As a result, the pc_init1() function no longer needs to save the return
value of pc_memory_init() and xen_load_linux(), which makes it more
similar to pc_q35_init().

The return type & value of pc_memory_init() and xen_load_linux() are not
changed themselves; maybe we'll need their return values sometime later.

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1204696
Cc: Amit Shah <amit.shah@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2015-06-04 11:25:42 +02:00
Laszlo Ersek
e3845e7c47 hw/acpi: move "etc/system-states" fw_cfg file from PIIX4 to core
The acpi_pm1_cnt_init() core function is responsible for setting up the
register block that will ultimately react to S3 and S4 requests (see
acpi_pm1_cnt_write()). It makes sense to advertise this configuration to
the guest firmware via an easy to parse fw_cfg file (ACPI is too complex
for firmware to parse), and indeed PIIX4 does that. However, since
acpi_pm1_cnt_init() is not specific to PIIX4, neither should be the fw_cfg
file.

This patch makes "etc/system-states" appear on all chipsets modified in
the previous patch, not just PIIX4 (assuming they have fw_cfg at all).

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1204696
Cc: Amit Shah <amit.shah@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2015-06-04 11:25:42 +02:00
Laszlo Ersek
9a10bbb4e8 hw/acpi: acpi_pm1_cnt_init(): take "disable_s3" and "disable_s4"
This patch only modifies the function prototype and updates all chipset
code that calls acpi_pm1_cnt_init() to pass in their own disable_s3 and
disable_s4 settings. vt82c686 is assumed to be fixed "S3 and S4 enabled".

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1204696
Cc: Amit Shah <amit.shah@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2015-06-04 11:25:42 +02:00
Peter Maydell
d2ceeb1d68 target-arm queue:
* more EL2 preparation patches
  * revert a no-longer-necessary workaround for old glib versions
  * add GICv2m support to virt board (MSI support)
  * pl061: fix wrong calculation of GPIOMIS register
  * support MSI via irqfd
  * remove a confusing v8_ prefix from some variable names
  * add dynamic sysbus device support to the virt board
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJVbdouAAoJEDwlJe0UNgzeQSYP/iXkogCzrNAqkcAGNzzVox5o
 54HFUMBFC05hnOBQxxUcGwXDetidYIEFuSt2uUooZapWYzL6ProIDXcgYMoVJTzL
 XaYUzuV3M3pxl8A7DtKRv39e9HTDL4EmT+dd8mNuRHfbhmvlFlWw3TzO/DHxl29e
 iOIrNDaLAPjI4QyFR0k5kHTmijTm13Sd5/Un/8m6bjKtrKst8k2HmqemtsjcrVUK
 +/9k+60+uTYJb4xKKcCY7w0zbbJGvlW9216bf3ccfAvGAbaGDxH+hRn0E1xd2BoR
 JmXofWYL55tT8cQxO7ZjCDMzhiJsQ/hFlo1ds5DkdcYuaYXUHiRB62mleSb2zc+T
 kcLFWCBQp/YWULpngZrnu5bzKUN0BwFtTOoMMv5WGR/N4hAcj6rgIIEaGeRsGrhV
 XrGeLmk25IwrIvn4Nwr0Ve70g6rdL5NauVYq21Bx2GLK18NEXXsUR1Z0X38WSVrN
 HXBNFHFECf0S1CNp8KVcyyfE+XZx2Cb5jFpS2jiy648KoXHgHYZUjCqJd4JzRAQB
 dEjoNKA6yod72UkgpoeaOTHsF9razOpqG+ymJzsVTiDBpg/eE6ZT/0jCBZ+92NqN
 qf2IUwubQH9jAFcxDuzoHDx+XCycdkYVEnoBGtBcS2QfaJd4dwfJkFAOOHR70XkH
 Kvj419eJjO0uhItsEODA
 =s7uF
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150602' into staging

target-arm queue:
 * more EL2 preparation patches
 * revert a no-longer-necessary workaround for old glib versions
 * add GICv2m support to virt board (MSI support)
 * pl061: fix wrong calculation of GPIOMIS register
 * support MSI via irqfd
 * remove a confusing v8_ prefix from some variable names
 * add dynamic sysbus device support to the virt board

# gpg: Signature made Tue Jun  2 17:30:38 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20150602: (22 commits)
  hw/arm/virt: change indentation in a15memmap
  hw/arm/virt: add dynamic sysbus device support
  hw/arm/boot: arm_load_kernel implemented as a machine init done notifier
  hw/arm/sysbus-fdt: helpers for platform bus nodes addition
  target-arm: Remove v8_ prefix from names of non-v8-specific cpreg arrays
  arm_gicv2m: set kvm_gsi_direct_mapping and kvm_msi_via_irqfd_allowed
  kvm: introduce kvm_arch_msi_data_to_gsi
  pl061: fix wrong calculation of GPIOMIS register
  target-arm: Add the GICv2m to the virt board
  target-arm: Extend the gic node properties
  arm_gicv2m: Add GICv2m widget to support MSIs
  target-arm: Add GIC phandle to VirtBoardInfo
  Revert "target-arm: Avoid g_hash_table_get_keys()"
  target-arm: Add TLBI_VAE2{IS}
  target-arm: Add TLBI_ALLE2
  target-arm: Add TLBI_ALLE1{IS}
  target-arm: Add TTBR0_EL2
  target-arm: Add TPIDR_EL2
  target-arm: Add SCTLR_EL2
  target-arm: Add TCR_EL2
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-04 10:21:52 +01:00
Igor Mammedov
b5d3b03922 pc-dimm: don't assert if pc-dimm alignment != hotpluggable mem range size
Drop superfluous pc-dimm alignment on hot-pluggable mem
range size assert, since it causes QEMU crash during hotplug
when hotplugging pc-dimm with alignment bigger than
an alignment of hot-pluggable mem range size.

Instead allow pc_dimm_get_free_addr() find free address
and bail out gracefully later in that function during
checking if pc-dimm will fit in hot-pluggable mem range.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-04 11:20:34 +02:00
David Gibson
026bfd89cb pseries: Enable in-kernel H_LOGICAL_CI_{LOAD, STORE} implementations
qemu currently implements the hypercalls H_LOGICAL_CI_LOAD and
H_LOGICAL_CI_STORE as PAPR extensions.  These are used by the SLOF firmware
for IO, because performing cache inhibited MMIO accesses with the MMU off
(real mode) is very awkward on POWER.

This approach breaks when SLOF needs to access IO devices implemented
within KVM instead of in qemu.  The simplest example would be virtio-blk
using an iothread, because the iothread / dataplane mechanism relies on
an in-kernel implementation of the virtio queue notification MMIO.

To fix this, an in-kernel implementation of these hypercalls has been made,
(kernel commit 99342cf "kvmppc: Implement H_LOGICAL_CI_{LOAD,STORE} in KVM"
however, the hypercalls still need to be enabled from qemu.  This performs
the necessary calls to do so.

It would be nice to provide some warning if we encounter a problematic
device with a kernel which doesn't support the new calls.  Unfortunately,
I can't see a way to detect this case which won't either warn in far too
many cases that will probably work, or which is horribly invasive.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:55 +02:00
Nikunj A Dadhania
a34944fe2e spapr: override default ram size to 512MB
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:55 +02:00
Nikunj A Dadhania
076b35b5a5 machine: add default_ram_size to machine class
Machines types can have different requirement for default ram
size. Introduce a member in the machine class and set the current
default_ram_size to 128MB.

For QEMUMachine types override the value during the registration of
the machine and for MachineClass introduce the generic class init
setting the default_ram_size.

Add helpers [K,M,G,T,P,E]_BYTE for better readability and easy usage

Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:55 +02:00
Tyrel Datwyler
c5bc152bc3 spapr_pci: emit hotplug add/remove events during hotplug
This uses extension of existing EPOW interrupt/event mechanism
to notify userspace tools like librtas/drmgr to handle
in-guest configuration/cleanup operations in response to
device_add/device_del.

Userspace tools that don't implement this extension will need
to be run manually in response/advance of device_add/device_del,
respectively.

Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:55 +02:00
Michael Roth
7454c7af91 spapr_pci: enable basic hotplug operations
This enables hotplug of PCI devices to a PHB. Upon hotplug we
generate the OF-nodes required by PAPR specification and
IEEE 1275-1994 "PCI Bus Binding to Open Firmware" for the
device.

We associate the corresponding FDT for these nodes with the DRC
corresponding to the slot, which will be fetched via
ibm,configure-connector RTAS calls by the guest as described by PAPR
specification.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:54 +02:00
Michael Roth
cf8c704d5a pci: make pci_bar useable outside pci.c
We need to work with PCI BARs to generate OF properties
during PCI hotplug for sPAPR guests.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:54 +02:00
Michael Roth
62083979b0 spapr_pci: create DRConnectors for each PCI slot during PHB realize
These will be used to support hotplug/unplug of PCI devices to the PCI
bus associated with a particular PHB.

We also set up device-tree properties in each PHBs initial FDT to
describe the DRCs associated with them. This advertises to guests that
each PHB is DR-capable device with physical hotpluggable slots, each
managed by the corresponding DRC. This is necessary for allowing
hotplugging of devices to it later via bus rescan or guest rpaphp
hotplug module.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:54 +02:00
Michael Roth
7619c7b00c spapr_pci: add dynamic-reconfiguration option for spapr-pci-host-bridge
This option enables/disables PCI hotplug for a particular PHB.

Also add machine compatibility code to disable it by default for machine
types prior to pseries-2.4.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[agraf: move commas for compat fields]
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:54 +02:00
Michael Roth
e4b798bb53 spapr_drc: add spapr_drc_populate_dt()
This function handles generation of ibm,drc-* array device tree
properties to describe DRC topology to guests. This will by used
by the guest to direct RTAS calls to manage any dynamic resources
we associate with a particular DR Connector as part of
hotplug/unplug.

Since general management of boot-time device trees are handled
outside of sPAPRDRConnector, we insert these values blindly given
an FDT and offset. A mask of sPAPRDRConnector types is given to
instruct us on what types of connectors entries should be generated
for, since descriptions for different connectors may live in
different parts of the device tree.

Based on code originally written by Nathan Fontenot.

Signed-off-by: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:54 +02:00
Tyrel Datwyler
79853e18d9 spapr_events: event-scan RTAS interface
We don't actually rely on this interface to surface hotplug events, and
instead rely on the similar-but-interrupt-driven check-exception RTAS
interface used for EPOW events. However, the existence of this interface
is needed to ensure guest kernels initialize the event-reporting
interfaces which will in turn be used by userspace tools to handle these
events, so we implement this interface here.

Since events surfaced by this call are mutually exclusive to those
surfaced via check-exception, we also update the RTAS event queue code
to accept a boolean to mark/filter for events accordingly.

Events of this sort are not currently generated by QEMU, but the interface
has been tested by surfacing hotplug events via event-scan in place
of check-exception.

Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:53 +02:00
Nathan Fontenot
31fe14d15d spapr_events: re-use EPOW event infrastructure for hotplug events
This extends the data structures currently used to report EPOW events to
guests via the check-exception RTAS interfaces to also include event types
for hotplug/unplug events.

This is currently undocumented and being finalized for inclusion in PAPR
specification, but we implement this here as an extension for guest
userspace tools to implement (existing guest kernels simply log these
events via a sysfs interface that's read by rtas_errd, and current
versions of rtas_errd/powerpc-utils already support the use of this
mechanism for initiating hotplug operations).

We also add support for queues of pending RTAS events, since in the
case of hotplug there's chance for multiple events being in-flight
at any point in time.

Signed-off-by: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:53 +02:00
Michael Roth
46503c2bc0 spapr_rtas: add ibm, configure-connector RTAS interface
This interface is used to fetch an OF device-tree nodes that describes a
newly-attached device to guest. It is called multiple times to walk the
device-tree node and fetch individual properties into a 'workarea'/buffer
provided by the guest.

The device-tree is generated by QEMU and passed to an sPAPRDRConnector during
the initial hotplug operation, and the state of these RTAS calls is tracked by
the sPAPRDRConnector. When the last of these properties is successfully
fetched, we report as special return value to the guest and transition
the device to a 'configured' state on the QEMU/DRC side.

See docs/specs/ppc-spapr-hotplug.txt for a complete description of
this interface.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:53 +02:00
Mike Day
886445a6ee spapr_rtas: add get-sensor-state RTAS interface
This interface allows a guest to read various platform/device sensors.
initially, we only implement support necessary to support hotplug:
reading of the dr-entity-sense sensor, which communicates the state of
a hotplugged resource/device to the guest (EMPTY/PRESENT/UNUSABLE).

See docs/specs/ppc-spapr-hotplug.txt for a complete description of
this interface.

Signed-off-by: Mike Day <ncmike@ncultra.org>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:53 +02:00
Mike Day
8c8639df32 spapr_rtas: add set-indicator RTAS interface
This interface allows a guest to control various platform/device
sensors. Initially, we only implement support necessary to control
sensors that are required for hotplug: DR connector indicators/LEDs,
resource allocation state, and resource isolation state.

See docs/specs/ppc-spapr-hotplug.txt for a complete description of
this interface.

Signed-off-by: Mike Day <ncmike@ncultra.org>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:53 +02:00
Nathan Fontenot
094d20585e spapr_rtas: add get/set-power-level RTAS interfaces
These interfaces manage the power domains that guest devices are
assigned to and are used to power on/off devices. Currently we
only utilize 1 power domain, the 'live-insertion' domain, which
automates power management of plugged/unplugged devices, essentially
making these calls no-ops, but the RTAS interfaces are still required
by guest hotplug code and PAPR+.

See docs/specs/ppc-spapr-hotplug.txt for a complete description of
these interfaces.

Signed-off-by: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:52 +02:00
Michael Roth
bbf5c878ab spapr_drc: initial implementation of sPAPRDRConnector device
This device emulates a firmware abstraction used by pSeries guests to
manage hotplug/dynamic-reconfiguration of host-bridges, PCI devices,
memory, and CPUs. It is conceptually similar to an SHPC device,
complete with LED indicators to identify individual slots to physical
physical users and indicate when it is safe to remove a device. In
some cases it is also used to manage virtualized resources, such a
memory, CPUs, and physical-host bridges, which in the case of pSeries
guests are virtualized resources where the physical components are
managed by the host.

Guests communicate with these DR Connectors using RTAS calls,
generally by addressing the unique DRC index associated with a
particular connector for a particular resource. For introspection
purposes we expose this state initially as QOM properties, and
in subsequent patches will introduce the RTAS calls that make use of
it. This constitutes to the 'guest' interface.

On the QEMU side we provide an attach/detach interface to associate
or cleanup a DeviceState with a particular sPAPRDRConnector in
response to hotplug/unplug, respectively. This constitutes the
'physical' interface to the DR Connector.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:52 +02:00
Thomas Huth
730fce593b hw/ppc/spapr: Use error_report() instead of hw_error()
hw_error() is designed for printing CPU-related error messages
(e.g. it also prints a full CPU register dump). For error messages
that are not directly related to CPU problems, a function like
error_report() should be used instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:52 +02:00
Thomas Huth
68fea5a0d7 hw/ppc/spapr: Fix error message when firmware could not be loaded
When specifying a non-existing file with the "-bios" parameter, QEMU
complained that it "could not find LPAR rtas". That's obviously a
copy-n-paste bug from the code which loads the spapr-rtas.bin, it
should complain about a missing firmware file instead.
Additionally the error message was printed with hw_error() - which
also dumps the whole CPU state. However, this does not make much
sense here since the CPU is not running yet and thus the registers
only contain zeroes. So let's use error_report() here instead.
And while we're at it, let's also bail out if the firmware file
had zero length.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:52 +02:00
David Gibson
a1a4561243 pseries: Add pseries-2.4 machine type
Now that 2.4 development has opened, create a new pseries machine type
variant.  For now it is identical to the pseries-2.3 machine type, but
a number of new features are coming that will need to set backwards
compatibility options.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:52 +02:00
Thomas Huth
f9ce8e0aa3 hw/ppc/spapr_iommu: Fix the check for invalid upper bits in liobn
The check "liobn & 0xFFFFFFFF00000000ULL" in spapr_tce_find_by_liobn()
is completely useless since liobn is only declared as an uint32_t
parameter. Fix this by using target_ulong instead (this is what most
of the callers of this function are using, too).

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:51 +02:00
Alexey Kardashevskiy
dea1b3ce75 spapr_iommu: Give unique QOM name to TCE table
Useful for debugging.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:51 +02:00
Alexey Kardashevskiy
ccf9ff8527 spapr_pci: Rework device-tree rendering
This replaces object_child_foreach() and callback with existing
SPAPR_PCI_LIOBN() and spapr_tce_find_by_liobn() to make the code easier
to read.

This is a mechanical patch so no behaviour change is expected.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:51 +02:00
Alexey Kardashevskiy
fae807a2b1 spapr_iommu: Make spapr_tce_find_by_liobn() public
At the moment spapr_tce_find_by_liobn() is used by H_PUT_TCE/...
handlers to find an IOMMU by LIOBN.

We are going to implement Dynamic DMA windows (DDW), new code
will go to a new file and we will use spapr_tce_find_by_liobn()
there too so let's make it public.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:51 +02:00
Alexey Kardashevskiy
46c5874e9c spapr_pci: Make find_phb()/find_dev() public
This makes find_phb()/find_dev() public and changed its names
to spapr_pci_find_phb()/spapr_pci_find_dev() as they are going to
be used from other parts of QEMU such as VFIO DDW (dynamic DMA window)
or VFIO PCI error injection or VFIO EEH handling - in all these
cases there are RTAS calls which are addressed to BUID+config_addr
in IEEE1275 format.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:51 +02:00
Alexey Kardashevskiy
d9d96a3cc7 spapr_iommu: Add separate trace points for PCI DMA operations
This is to reduce VIO noise while debugging PCI DMA.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:51 +02:00
Alexey Kardashevskiy
3e1a01cb55 spapr_pci: Define default DMA window size as a macro
This gets rid of a magic constant describing the default DMA window size
for an emulated PHB.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:50 +02:00
Alexey Kardashevskiy
4290ca49ee spapr_vio: Introduce a liobn number generating macros
This introduces a macro which makes up a LIOBN from fixed prefix and
VIO device address (@reg property).

This is to keep LIOBN macros rendering consistent - the same macro for
PCI has been added by the previous patch.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:50 +02:00
Alexey Kardashevskiy
c8545818b3 spapr_pci: Introduce a liobn number generating macros
We are going to have multiple DMA windows per PHB and we want them to
migrate so we need a predictable way of assigning LIOBNs.

This introduces a macro which makes up a LIOBN from fixed prefix,
PHB index (unique PHB id) and window number.

This introduces a SPAPR_PCI_DMA_WINDOW_NUM() to know the window number
from LIOBN. It is used to distinguish the default 32bit windows from
dynamic windows and avoid picking default DMA window properties from
a wrong TCE table.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:50 +02:00
Alexey Kardashevskiy
f1215ea702 spapr_iommu: Make H_PUT_TCE_INDIRECT endian-safe
PAPR is defined as big endian so TCEs need an adjustment so
does this patch.

This changes code to have ldq_be_phys() in one place.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:50 +02:00
Alexey Kardashevskiy
12fd285358 spapr_iommu: Disable in-kernel IOMMU tables for >4GB windows
The existing KVM_CREATE_SPAPR_TCE ioctl only support 4G windows max as
the window size parameter to the kernel ioctl() is 32-bit so
there's no way of expressing a TCE window > 4GB.

We are going to add huge DMA windows support so this will create small
window and unexpectedly fail later.

This disables KVM_CREATE_SPAPR_TCE for windows bigger that 4GB.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:50 +02:00
David Gibson
421b1b27f6 spapr_pci: Fix unsafe signed/unsigned comparisons
spapr_pci.c contains a number of expressions of the form (uval == -1) or
(uval != -1), where 'uval' is an unsigned value.

This mostly works in practice, because as long as the width of uval is
greater or equal than that of (int), the -1 will be promoted to the
unsigned type, which is the expected outcome.

However, at least for the cases where uval is uint32_t, this would break
on platforms where sizeof(int) > 4 (and a few such do exist), because then
the uint32_t value would be promoted to the larger int type, and never be
equal to -1.

This patch fixes these errors.  The fixes for the (uint32_t) cases are
necessary as described above.  I've made similar fixes to (uint64_t) and
(hwaddr) cases.  Those are strictly theoretical, since I don't know of any
platforms where sizeof(int) > 8, but hey, it's not that hard so we might
as well be strictly C standard compliant.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:50 +02:00
Markus Armbruster
62e9cd771c macio: Convert to realize()
Convert device models "macio-oldworld" and "macio-newworld".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:49 +02:00
Marcel Apfelbaum
0f6dd8e1d5 apci: fix PXB behaviour if used with unsupported BIOS
PXB does not work with unsupported bioses, but should
not interfere with normal OS operation.
We don't ship them anymore, but it's reasonable
to keep the work-around until we update the bios in qemu.

Fix this by not adding PXB mem/IO chunks to _CRS
if they weren't configured by BIOS.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:18 +02:00
Marcel Apfelbaum
0e79e51a7d hw/pxb: add numa_node parameter
The pxb can be attach to and existing numa node by specifying
numa_node option that equals the desired numa nodeid.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:18 +02:00
Marcel Apfelbaum
6a3042b23b hw/pci: add support for NUMA nodes
PCI root buses can be attached to a specific NUMA node.
PCI buses are not attached by default to a NUMA node.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:18 +02:00
Marcel Apfelbaum
0639b00d05 hw/pxb: add map_irq func
The bios does not index the pxb slot number when
it computes the IRQ because it resides on bus 0
and not on the current bus.
However Qemu routes the irq through bus 0 and adds
the pxb slot to the IRQ computation of the PXB device.

Synchronize between bios and Qemu by canceling
pxb's effect.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:18 +02:00
Marcel Apfelbaum
2118196bb3 hw/pci: inform bios if the system has extra pci root buses
The bios looks for 'etc/extra-pci-roots' to decide if
is going to scan further buses after bus 0 tree.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:18 +02:00
Marcel Apfelbaum
40d14bef80 hw/pci: introduce PCI Expander Bridge (PXB)
PXB is a "light-weight" host bridge whose purpose is to enable
the main host bridge to support multiple PCI root buses
for pc machines.

As oposed to PCI-2-PCI bridge's secondary bus, PXB's bus
is a primary bus and can be associated with a NUMA node
(different from the main host bridge) allowing the guest OS
to recognize the proximity of a pass-through device to
other resources as RAM and CPUs.

The PXB is composed from:
 - A primary PCI bus (can be associated with a NUMA node)
   Acts like a normal pci bus and from the functionality point
   of view is an "expansion" of the bus behind the
   main host bridge.
 - A pci-2-pci bridge behind the primary PCI bus where the actual
   devices will be attached.
 - A host-bridge PCI device
   Situated on the bus behind the main host bridge, allows
   the BIOS to configure the bus number and IO/mem resources.
   It does not have its own config/data register for configuration
   cycles, this being handled by the main host bridge.
-  A host-bridge sysbus to comply with QEMU current design.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:18 +02:00
Marcel Apfelbaum
cb2ed8b3c6 hw/pci: removed 'rootbus nr is 0' assumption from qmp_pci_query
Use the newer pci_bus_num to correctly get the root bus number.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:17 +02:00
Marcel Apfelbaum
dcdca29655 hw/acpi: remove from root bus 0 the crs resources used by other buses.
If multiple root buses are used, root bus 0 cannot use all the
pci holes ranges. Remove the IO/mem ranges used by the other
primary buses.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:17 +02:00
Marcel Apfelbaum
a43c6e2762 hw/acpi: add _CRS method for extra root busses
Save the IO/mem/bus numbers ranges assigned to the extra root busses
to be removed from the root bus 0 range.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:17 +02:00
Marcel Apfelbaum
0d8935e337 hw/apci: add _PRT method for extra PCI root busses
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:17 +02:00
Marcel Apfelbaum
a4894206e3 hw/acpi: add support for i440fx 'snooping' root busses
If the machine has extra root busses that are snooping to
the i440fx host bridge, we need to add them to
acpi in order to be properly detected by guests.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:17 +02:00
Marcel Apfelbaum
09e5b81922 hw/pci: extend PCI config access to support devices behind PXB
PXB buses are assumed to be children of bus 0. Look for them
while scanning the buses.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:17 +02:00
Marcel Apfelbaum
ca6c18556c hw/i386: query only for q35/pc when looking for pci host bridge
Because of the PXB hosts we cannot simply query TYPE_PCI_HOST_BRIDGE anymore.
On i386 arch we only have two pci hosts, so we can look only for them.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:16 +02:00
Marcel Apfelbaum
602141d997 hw/pci: made pci_bus_num a PCIBusClass method
Refactoring it as a method of PCIBusClass will allow
different implementations for subclasses.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:16 +02:00
Marcel Apfelbaum
ce6a28ee05 hw/pci: made pci_bus_is_root a PCIBusClass method
Refactoring it as a method of PCIBusClass will allow
different implementations for subclasses.

Removed the assumption that the root bus does not
have a parent device because is specific only
to the default class implementation.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:16 +02:00
Marcel Apfelbaum
32d9ca15ba acpi: add implementation of aml_while() term
Commit 68e6b0af7 (acpi: add aml_while() term) added
the definition of aml_while without the actual implementation.
Implement the term.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-06-03 18:19:16 +02:00
Zhu Guihua
ca9b46bcec acpi: add acpi_send_gpe_event() to rise sci for hotplug
Add a new API named acpi_send_gpe_event() to send hotplug SCI.
This API can be used by pci, cpu and memory hotplug.

This patch is rebased on master.

Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2015-06-03 18:19:16 +02:00
Gerd Hoffmann
d5aaa1b045 virtio: 64bit features fixups.
Commit "019a3ed virtio: make features 64bit wide" missed a few changes,
as I've noticed while trying to rebase the virtio-1 branch to latest
master.  This patch adds them.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-03 18:19:16 +02:00
Jason Wang
6652d0811c virtio-pci: don't try to mask or unmask vqs without notifiers
We should validate the vq index against nvqs_with_notifiers. Otherwise we may
try to mask or unmask vector for vqs without notifiers (e.g control vq). This
will lead qemu abort on kvm_irqchip_commit_routes() when trying to boot win8.1
guest.

Fixes 851c2a75a6 ("virtio-pci: speedup MSI-X
masking and unmasking")

Reported-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-03 18:19:15 +02:00
Marcel Apfelbaum
557772f26b hw/q35: fix floppy controller definition in ich9
In DSDT FDC0 declares the IO region as IO(Decode16, 0x03F2, 0x03F2, 0x00, 0x04).
Use the same in lpc_ich9 initialization code.
Now the floppy drive is detected correctly on Windows.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-03 18:19:15 +02:00
Michael S. Tsirkin
cb3d37a93c acpi: add missing ssdt
commit 5cb18b3d7b
    TPM2 ACPI table support

was missing a file, so build with iasl fails
(build without iasl works since it uses the generated
 hex files).

Reported-by: "Daniel P. Berrange" <berrange@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-03 18:19:15 +02:00
Jason J. Herne
2a72ea5f66 virtio-ccw/migration: Migrate config vector for virtio devices
virtio_ccw_{save|load}_config are missing code to save and restore a vdev's
config_vector value. This causes some virtio devices to become disabled
following a migration.

This patch fixes a bug whereby the qmp/hmp balloon command (virsh setmem)
silently fails to update the guest's available memory because the device was not
properly migrated.

This will break compatibility, but vmstate_s390_cpu was bumped from
version 2 to version 4 between v2.3.0 and v2.4.0 without a compat
handler. Furthermore, there is no production environment yet so
migration is fenced anyway between any relevant version of 2.3 and 2.4.

Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Message-Id: <1433343843-803-1-git-send-email-jjherne@linux.vnet.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2015-06-03 18:07:05 +02:00
Pierre Morel
de6a92185e virtio-ccw: add support for 9pfs
This patch adds 9pfs support for virtio-ccw
by registering the virtio_ccw_9p_info type
and adding associated callbacks.

Signed-off-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2015-06-03 18:06:45 +02:00
Sai Pavan Boddu
2801339f2f cadence_gem: Fix Rx buffer size field mask
This patch corrects the Rx buffer size field mask to mask bits 23 to 16
to match Xilinx UG585 documentation.

Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 16:03:03 +03:00
Shannon Zhao
26c8acb3f3 hw/display/tc6393xb.c: Fix misusing qemu_allocate_irqs for single irq
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
294972ce54 hw/arm/nseries.c: Fix misusing qemu_allocate_irqs for single irq
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
5429273615 hw/alpha/typhoon.c: Fix misusing qemu_allocate_irqs for single irq
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
2c85fad022 hw/unicore32/puv3.c: Fix misusing qemu_allocate_irqs for single irq
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
a9c8a0d8d4 hw/lm32/milkymist.c: Fix misusing qemu_allocate_irqs for single irq
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
d4ef00af25 hw/lm32/lm32_boards.c: Fix misusing qemu_allocate_irqs for single irq
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
aaaee0b273 hw/ppc/prep.c: Fix misusing qemu_allocate_irqs for single irq
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
ca43b97b5f hw/sparc/sun4m.c: Fix misusing qemu_allocate_irqs for single irq
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
b64127244d hw/timer/arm_timer.c: Fix misusing qemu_allocate_irqs for single irq
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
5105505e65 hw/isa/i82378.c: Fix misusing qemu_allocate_irqs for single irq
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
aff0d5e57a hw/isa/lpc_ich9.c: Fix misusing qemu_allocate_irqs for single irq
Since ich9_lpc_pm_init only requests one irq, so let it just call
qemu_allocate_irq.

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
0b0cc076b7 hw/i386/pc: Fix misusing qemu_allocate_irqs for single irq
Since pc_allocate_cpu_irq only requests one irq, so let it just call
qemu_allocate_irq.

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
9ff7f5bddb hw/intc/exynos4210_gic.c: Fix memory leak by adjusting order
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
9f9b026dc6 hw/arm/omap_sx1.c: Fix memory leak spotted by valgrind
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
f19377bf23 hw/ppc/e500.c: Fix memory leak
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
c18f855697 hw/alpha/dp264.c: Fix memory leak spotted by valgrind
valgrind complains about:
==7055== 58 bytes in 1 blocks are definitely lost in loss record 1,471 of 2,192
==7055==    at 0x4C2845D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7055==    by 0x24410F: malloc_and_trace (vl.c:2556)
==7055==    by 0x64C770E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3600.3)
==7055==    by 0x64DEFD7: g_strndup (in /usr/lib64/libglib-2.0.so.0.3600.3)
==7055==    by 0x650181A: g_vasprintf (in /usr/lib64/libglib-2.0.so.0.3600.3)
==7055==    by 0x64DF0CC: g_strdup_vprintf (in /usr/lib64/libglib-2.0.so.0.3600.3)
==7055==    by 0x64DF188: g_strdup_printf (in /usr/lib64/libglib-2.0.so.0.3600.3)
==7055==    by 0x242F81: qemu_find_file (vl.c:2121)
==7055==    by 0x217A32: clipper_init (dp264.c:105)
==7055==    by 0x2484DA: main (vl.c:4249)

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
d370dfa9f3 hw/i386/acpi-build: decref after use
valgrind complains about:
==16447== 48 bytes in 2 blocks are definitely lost in loss record 2,033 of 3,310
==16447==    at 0x4C2845D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==16447==    by 0x2E4FD7: malloc_and_trace (vl.c:2546)
==16447==    by 0x64C770E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3600.3)
==16447==    by 0x53EC3F: qint_from_int (qint.c:33)
==16447==    by 0x53B426: qmp_output_type_int (qmp-output-visitor.c:162)
==16447==    by 0x539257: visit_type_uint32 (qapi-visit-core.c:147)
==16447==    by 0x471D07: property_get_uint32_ptr (object.c:1651)
==16447==    by 0x47000C: object_property_get (object.c:822)
==16447==    by 0x472428: object_property_get_qobject (qom-qobject.c:37)
==16447==    by 0x25701A: build_append_pci_bus_devices (acpi-build.c:520)
==16447==    by 0x25902E: build_ssdt (acpi-build.c:1004)
==16447==    by 0x25A0A8: acpi_build (acpi-build.c:1420)

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
6e38a4ba78 hw/ide/pci: Fix memory leak
valgrind complains about:
==16447== 16 bytes in 2 blocks are definitely lost in loss record 1,304 of 3,310
==16447==    at 0x4C2845D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==16447==    by 0x2E4FD7: malloc_and_trace (vl.c:2546)
==16447==    by 0x64C770E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3600.3)
==16447==    by 0x36FB47: qemu_extend_irqs (irq.c:55)
==16447==    by 0x36FBD3: qemu_allocate_irqs (irq.c:64)
==16447==    by 0x3B4B44: bmdma_init (pci.c:464)
==16447==    by 0x3B547B: pci_piix_init_ports (piix.c:144)
==16447==    by 0x3B55D2: pci_piix_ide_realize (piix.c:164)
==16447==    by 0x3EAEC6: pci_qdev_realize (pci.c:1790)
==16447==    by 0x36C685: device_set_realized (qdev.c:1058)
==16447==    by 0x47179E: property_set_bool (object.c:1514)
==16447==    by 0x470098: object_property_set (object.c:837)

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:24 +03:00
Shannon Zhao
2ba154cf4e hw/i386/pc_piix: Fix memory leak
valgrind complains about:
==16447== 8 bytes in 1 blocks are definitely lost in loss record 552 of 3,310
==16447==    at 0x4C2845D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==16447==    by 0x2E4FD7: malloc_and_trace (vl.c:2546)
==16447==    by 0x64C770E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3600.3)
==16447==    by 0x36FB47: qemu_extend_irqs (irq.c:55)
==16447==    by 0x36FBD3: qemu_allocate_irqs (irq.c:64)
==16447==    by 0x24E622: pc_init1 (pc_piix.c:287)
==16447==    by 0x24E76A: pc_init_pci (pc_piix.c:310)
==16447==    by 0x2E9360: main (vl.c:4226)

==16447== 128 bytes in 1 blocks are definitely lost in loss record 2,569 of 3,310
==16447==    at 0x4C2845D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==16447==    by 0x2E4FD7: malloc_and_trace (vl.c:2546)
==16447==    by 0x64C770E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3600.3)
==16447==    by 0x36FB47: qemu_extend_irqs (irq.c:55)
==16447==    by 0x36FBD3: qemu_allocate_irqs (irq.c:64)
==16447==    by 0x25BEB2: kvm_i8259_init (i8259.c:133)
==16447==    by 0x24E1F1: pc_init1 (pc_piix.c:219)
==16447==    by 0x24E76A: pc_init_pci (pc_piix.c:310)
==16447==    by 0x2E9360: main (vl.c:4226)

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 14:21:23 +03:00
Zhu Guihua
be9f8a0872 apic: convert ->busdev.qdev casts to C casts
Use C casts to avoid accessing ICCDevice's qdev field
directly.

Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-06-02 15:15:52 -03:00
Andreas Färber
0e3bd56294 pc: Ensure non-zero CPU ref count after attaching to ICC bus
Setting the parent bus of a device increases its ref count, which we
ultimately want to level out. However it is only safe to do so after the
last reference to the device in local code, as qom-set or similar operations
might decrease the ref count.

Therefore move the object_unref() from pc_new_cpu() into its callers.

The APIC operations on the last CPU in pc_cpus_init() are still potentially
insecure, but that is beyond the scope of this code movement.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-06-02 15:15:52 -03:00
Kevin Wolf
6cc8a11c84 fdc: Fix MSR.RQM flag
The RQM bit in MSR should be set whenever the guest is supposed to
access the FIFO, and it should be cleared in all other cases. This is
important so the guest can't continue writing/reading the FIFO beyond
the length that it's suppossed to access (see CVE-2015-3456).

Commit e9077462 fixed the CVE by adding code that avoids the buffer
overflow; however it doesn't correct the wrong behaviour of the floppy
controller which should already have cleared RQM.

Currently, RQM stays set all the time and during all phases while a
command is being processed. This is error-prone because the command has
to explicitly clear the flag if it doesn't need data (and indeed, the
two buggy commands that are the culprits for the CVE just forgot to do
that).

This patch clears RQM immediately as soon as all bytes that are expected
have been received. If the the FIFO is used in the next phase, the flag
has to be set explicitly there.

It also clear RQM after receiving all bytes even if the phase transition
immediately sets it again. While it's technically not necessary at the
moment because the state between clearing and setting RQM is not
observable by the guest, this is more explicit and matches how real
hardware works. It will actually become necessary in qemu once
asynchronous code paths are introduced.

This alone should have been enough to fix the CVE, but now we have two
lines of defense - even better.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1432214378-31891-8-git-send-email-kwolf@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02 13:34:44 -04:00
Kevin Wolf
f6c2d1d842 fdc: Disentangle phases in fdctrl_read_data()
This commit makes similar improvements as have already been made to the
write function: Instead of relying on a flag in the MSR to distinguish
controller phases, use the explicit phase that we store now. Assertions
of the right MSR flags are added.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1432214378-31891-7-git-send-email-kwolf@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02 13:34:44 -04:00
Kevin Wolf
d275b33d76 fdc: Code cleanup in fdctrl_write_data()
Factor out a few common lines of code, reformat, improve comments.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1432214378-31891-6-git-send-email-kwolf@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02 13:34:44 -04:00
Kevin Wolf
5b0a25e8d2 fdc: Use phase in fdctrl_write_data()
Instead of relying on a flag in the MSR to distinguish controller phases,
use the explicit phase that we store now. Assertions of the right MSR
flags are added.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1432214378-31891-5-git-send-email-kwolf@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02 13:34:44 -04:00
Kevin Wolf
85d291a08c fdc: Introduce fdctrl->phase
The floppy controller spec describes three different controller phases,
which are currently not explicitly modelled in our emulation. Instead,
each phase is represented by a combination of flags in registers.

This patch makes explicit in which phase the controller currently is.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: John Snow <jsnow@redhat.com>
Message-id: 1432214378-31891-4-git-send-email-kwolf@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02 13:34:44 -04:00
Kevin Wolf
83a260135f fdc: Rename fdctrl_set_fifo() to fdctrl_to_result_phase()
What callers really do with this function is to switch from execution
phase (including data transfers) to result phase where the guest can
read out one or more status bytes from the FIFO (the number depends on
the command).

Rename the function accordingly.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1432214378-31891-3-git-send-email-kwolf@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02 13:34:44 -04:00
Kevin Wolf
07e415f239 fdc: Rename fdctrl_reset_fifo() to fdctrl_to_command_phase()
What all callers of fdctrl_reset_fifo() really want to do is to start
the command phase, where writes to the data port initiate a new command.

The function doesn't only clear the FIFO, but also sets up the state so
that a new command can be received. Rename it to reflect this.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1432214378-31891-2-git-send-email-kwolf@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02 13:34:44 -04:00
Peter Maydell
a67bfbb9e4 Monitor patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVbWZHAAoJEDhwtADrkYZTQ6oQAIv3FRNj0buUSwh8Gwx8NrxJ
 DHz/NgdtoRV/olk2ZPYSmKUooTdKFcH1XsR7oYBoznh2m/CgiQXGeJQ7tTTcrWAj
 hw4vt4Uq0bMGPNFYNOBgsVC5cejiZo53YfXybRBLAcUJvOlbnPVJ+g7ru8mg3qaC
 rX0ZI8Cu0QmQWsGXHuKArVRGSsc+CN4SbXWyI4WmMH3g9OzTVjKVDkZekcU3NbXj
 GZq1mJBeVUsDT6wzRLGXe3qxkDAhK9THLoRd999/aQDWSpvUabNtotyZew5JG5Ey
 WKkmhSZsi0RgJTuPUcf5i83QKrWVN8EaADn67J5GkrnYYVPLdWuk/PhRgFiiWlVk
 mHFxEVyfQL7neTbb8dcwcREHIaSSb4BBF4+dyFk5921Idxs3kzw/5l20SwNi6bQy
 y23Tq/tBvbsie89O1gdXipZm3pz9xM9/9FtODjGnnVO9zb9Fi9TAyMMi8RmiS15k
 YL649rCgk9cwKOlwsMLSUajXGq0G1cOzou7M5DeDOLw5db5YEMMZkcpmETKNLaXk
 DWiX1E1K6PsDHDQkAipi9lmP9izVmpfXS4EWNVLaVCP3ht27VHgsZx4TaAAr8AVD
 NdA4wq/GEcUMcJI+erJe3YxZgPofO+Ja8whwyqwhvLM4g6g8gQgy7PNKM+FodXY1
 Z5+Ou90aprDpWjPIUHOv
 =ySet
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2015-06-02' into staging

Monitor patches

# gpg: Signature made Tue Jun  2 09:16:07 2015 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-monitor-2015-06-02: (21 commits)
  monitor: Change return type of monitor_cur_is_qmp() to bool
  monitor: Rename monitor_ctrl_mode() to monitor_is_qmp()
  monitor: Turn int command_mode into bool in_command_mode
  monitor: Drop do_qmp_capabilities()'s superfluous QMP check
  monitor: Unbox Monitor member mc and rename to qmp
  monitor: Rename monitor_control_read(), monitor_control_event()
  monitor: Rename handle_user_command() to handle_hmp_command()
  monitor: Limit QError use to command handlers
  monitor: Inline monitor_has_error() into its only caller
  monitor: Wean monitor_protocol_emitter() off mon->error
  monitor: Propagate errors through invalid_qmp_mode()
  monitor: Propagate errors through qmp_check_input_obj()
  monitor: Propagate errors through qmp_check_client_args()
  monitor: Drop unused "new" HMP command interface
  monitor: Use trad. command interface for HMP pcie_aer_inject_error
  monitor: Use traditional command interface for HMP device_add
  monitor: Use traditional command interface for HMP drive_del
  monitor: Convert client_migrate_info to QAPI
  monitor: Improve and document client_migrate_info protocol error
  monitor: Clean up after previous commit
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-02 18:23:28 +01:00
Eric Auger
94edf02c4c hw/arm/virt: change indentation in a15memmap
Re-indent in a15memmap after VIRT_PLATFORM_BUS introduction

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org>
Message-id: 1433244554-12898-5-git-send-email-eric.auger@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-02 16:31:18 +01:00
Eric Auger
5f7a5a0edc hw/arm/virt: add dynamic sysbus device support
Allows sysbus devices to be instantiated from command line by
using -device option. Machvirt creates a platform bus at init.
The dynamic sysbus devices are attached to this platform bus device.

The platform bus device registers a machine init done notifier
whose role will be to bind the dynamic sysbus devices. Indeed
dynamic sysbus devices are created after machine init.

machvirt also registers a notifier that will build the device
tree nodes for the platform bus and its children dynamic sysbus
devices.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1433244554-12898-4-git-send-email-eric.auger@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-02 16:31:18 +01:00