Commit Graph

64161 Commits

Author SHA1 Message Date
Paolo Bonzini
61a9346f60 serial: fix DLL writes
Commit 0147883450 tries to handle
word-sized writes to DLL/DLH, but due to a typo,
this patch is causing tracebacks in all Linux kernels running the PXA
serial driver, due to an unexpected DLL register value. Here is the
surrounding code from drivers/tty/serial/pxa.c:

	serial_out(up, UART_DLL, quot & 0xff);		/* LS of divisor */

	/*
	 * work around Errata #75 according to Intel(R) PXA27x
	 * Processor Family Specification Update (Nov 2005)
	 */
	dll = serial_in(up, UART_DLL);
	WARN_ON(dll != (quot & 0xff));	// <-- warning

Reported-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Fixes: 0147883450
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Marc-André Lureau
35f7f3fb5c util: use fcntl() for qemu_write_pidfile() locking
Daniel Berrangé suggested to use fcntl() locks rather than lockf().

'man lockf':

   On Linux, lockf() is just an interface on top of fcntl(2) locking.
   Many other systems implement lockf() in this way, but note that
   POSIX.1 leaves the relationship between lockf() and fcntl(2) locks
   unspecified.  A portable application should probably avoid mixing
   calls to these interfaces.

IOW, if its just a shim around fcntl() on many systems, it is clearer
if we just use fcntl() directly, as we then know how fcntl() locks will
behave if they're on a network filesystem like NFS.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180831145314.14736-3-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Marc-André Lureau
9e6bdef224 util: add qemu_write_pidfile()
There are variants of qemu_create_pidfile() in qemu-pr-helper and
qemu-ga. Let's have a common implementation in libqemuutil.

The code is initially based from pr-helper write_pidfile(), with
various improvements and suggestions from Daniel Berrangé:

  QEMU will leave the pidfile existing on disk when it exits which
  initially made me think it avoids the deletion race. The app
  managing QEMU, however, may well delete the pidfile after it has
  seen QEMU exit, and even if the app locks the pidfile before
  deleting it, there is still a race.

  eg consider the following sequence

        QEMU 1        libvirtd        QEMU 2

  1.    lock(pidfile)

  2.    exit()

  3.                 open(pidfile)

  4.                 lock(pidfile)

  5.                                  open(pidfile)

  6.                 unlink(pidfile)

  7.                 close(pidfile)

  8.                                  lock(pidfile)

  IOW, at step 8 the new QEMU has successfully acquired the lock, but
  the pidfile no longer exists on disk because it was deleted after
  the original QEMU exited.

  While we could just say no external app should ever delete the
  pidfile, I don't think that is satisfactory as people don't read
  docs, and admins don't like stale pidfiles being left around on
  disk.

  To make this robust, I think we might want to copy libvirt's
  approach to pidfile acquisition which runs in a loop and checks that
  the file on disk /after/ acquiring the lock matches the file that
  was locked. Then we could in fact safely let QEMU delete its own
  pidfiles on clean exit..

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180831145314.14736-2-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Geert Uytterhoeven
71bb4ce1b5 hw/char/sh_serial: Add timeout handling to unbreak serial input
As of commit 18e8cf159177100e ("serial: sh-sci: increase RX FIFO trigger
defaults for (H)SCIF") in Linux v4.11-rc1, the serial console on the
QEMU SH4 target is broken: it delays serial input until enough data has
been received.

Since aforementioned commit, the Linux SCIF driver programs the Receive
FIFO Data Count Trigger bits in the FIFO Control Register, to postpone
generating a receive interrupt until:
  1. At least the receive trigger count of bytes of data are available
     in the receive FIFO, OR
  2. No further data has been received for at least 15 etu after the
     last received data.

While QEMU implements the former, it does not implement the latter.
Hence the receive interrupt is not generated until the former condition
is met.

Fix this by adding basic timeout handling.  As the QEMU SCIF emulation
ignores any serial speed programming, the timeout value used conforms to
a default speed of 9600 bps, which is fine for any interactive console.

Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Ulrich Hecht <uli@fpond.eu>
Tested-by: Rob Landley <rob@landley.net>
Tested-by: Rich Felker <dalias@libc.org>
Message-Id: <20180905131125.12635-1-geert+renesas@glider.be>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Daniel P. Berrangé
e811da7fe2 configure: preserve various environment variables in config.status
The config.status script is auto-generated by configure upon
completion. The intention is that config.status can be later invoked by
the developer directly, or by make indirectly, to re-detect the same
environment that configure originally used.

The current config.status script, however, only contains a record of the
command line arguments to configure. Various environment variables have
an effect on what configure will find. In particular PKG_CONFIG_LIBDIR &
PKG_CONFIG_PATH vars will affect what libraries pkg-config finds. The
PATH var will affect what toolchain binaries and XXXX-config scripts are
found. The LD_LIBRARY_PATH var will affect what libraries are
found. Most commands have env variables that will override the name/path
of the default version configure finds.

All these key env variables should be recorded in the config.status script.

Autoconf would also preserve CFLAGS, LDFLAGS, LIBS, CPPFLAGS, but QEMU
deals with those differently, expecting extra flags to be set using
configure args, rather than env variables. At the end of the script we
also don't have the original values of those env vars, as we modify them
during configure.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20180904123603.10016-1-berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-02 18:47:55 +02:00
Jan Kiszka
0ea1472dc5 kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case
The AMD IOMMU does not (yet) support interrupt remapping. But
kvm_arch_fixup_msi_route assumes that all implementations do and crashes
when the AMD IOMMU is used in KVM mode.

Fixes: 8b5ed7dffa ("intel_iommu: add support for split irqchip")
Reported-by: Christopher Goldsworthy <christopher.goldsworthy@outlook.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <48ae78d8-58ec-8813-8680-6f407ea46041@siemens.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Marc-André Lureau
3829640049 hostmem-memfd: add checks before adding hostmem-memfd & properties
Run some memfd-related checks before registering hostmem-memfd &
various properties. This will help libvirt to figure out what the host
is supposed to be capable of.

qemu_memfd_check() is changed to a less optimized version, since it is
used with various flags, it no longer caches the result.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180906161415.8543-1-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Viktor Prutyanov
7184de64a1 dump: fix Windows dump memory run mapping
We should map and use guest memory run by parts if it can't be mapped as
a whole.
After this patch, continuos guest physical memory blocks which are not
continuos in host virtual address space will be processed correctly.

Signed-off-by: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com>
Message-Id: <1535567456-6904-1-git-send-email-viktor.prutyanov@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Emilio G. Cota
c97595d166 cpus: access .qemu_icount_bias with atomic64
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20180910232752.31565-11-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Emilio G. Cota
38adcb6e41 cpus: access .qemu_icount with atomic64
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20180910232752.31565-10-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Paolo Bonzini
9b4e6f4966 cpus: take seqlock across qemu_icount updates
Even though writes of qemu_icount can safely race with reads in
qemu_icount_raw, qemu_icount is also read by icount_adjust, which
runs in the I/O thread.  Therefore, writes do needs protection of
the vm_clock_lock; for simplicity the patch protects it with both
seqlock+spinlock, which we already do for hosts that lack 64-bit atomics.

The bug actually predated the introduction of vm_clock_lock;
cpu_update_icount would have needed the BQL before the spinlock was
introduced.

Reported-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Emilio G. Cota
39fe576c82 test-rcu-list: access n_reclaims and n_nodes_removed with atomic64
To avoid undefined behaviour.

Note that these "atomics" are atomic in the "access once" sense.
The variables are updated by a single thread at a time, so no
"full" atomics are necessary.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20180910232752.31565-6-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Emilio G. Cota
ac8c77486c qsp: use atomic64 accessors
With the seqlock, we either have to use atomics to remain
within defined behaviour (and note that 64-bit atomics aren't
always guaranteed to compile, irrespective of __nocheck), or
drop the atomics and be in undefined behaviour territory.

Fix it by dropping the seqlock and using atomic64 accessors.
This will limit scalability when !CONFIG_ATOMIC64, but those
machines (1) don't have many users and (2) are unlikely to
have many cores.

- With CONFIG_ATOMIC64:
$ tests/atomic_add-bench -n 1 -m -p
 Throughput:         13.00 Mops/s

- Forcing !CONFIG_ATOMIC64:
$ tests/atomic_add-bench -n 1 -m -p
 Throughput:         10.89 Mops/s

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20180910232752.31565-5-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Emilio G. Cota
82fdfcbe64 tests: add atomic64-bench
- With CONFIG_ATOMIC64:
$ tests/atomic64-bench  -n 1
 Throughput:         310.40 Mops/s

- Without:
$ tests/atomic64-bench  -n 1
 Throughput:         149.08 Mops/s

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20180910232752.31565-4-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Emilio G. Cota
782da5b292 util: add atomic64
This introduces read/set accessors for int64_t and uint64_t.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20180910232752.31565-3-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Emilio G. Cota
5fe2103429 cacheinfo: add i/d cache_linesize_log
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20180910232752.31565-2-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Emilio G. Cota
87a09cdc52 cpus: initialize timers_state.vm_clock_lock
We forgot to initialize the spinlock introduced in 94377115b2
("cpus: protect TimerState writes with a spinlock", 2018-08-23).
Fix it.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20180903171831.15446-5-cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Emilio G. Cota
119c440c3c atomic: fix comment s/x64_64/x86_64/
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20180903171831.15446-4-cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Pavel Dovgalyuk
a1f2ed2ad8 ps2: prevent changing irq state on save and load
Commit 2858ab09e6 changed
PS/2 keyboard/mouse buffers to the standard size. However, its state
may change when migrating from the old buffer size and therefore irq needs
updating. But this change made wrong, because it throws the whole queue
if there are too much data instead of cropping it.

That commit also updates irq (because the queue state may change).
But updating the irq may change the VM state (and determinism of
the execution). E.g., when replaying the execution, one may save
the VM state and the state of the interrupt controller will be updated
at the moment of saving, instead of using the recorded update events.

This patch makes the queue update deterministic: it removes the update_irq
call and crops the queue to prevent losing the characters and changing
the required irq status.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Message-Id: <20180511081601.14610.39946.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Paolo Bonzini
cf9270e522 es1370: fix ADC_FRAMEADR and ADC_FRAMECNT
They are not consecutive with DAC1_FRAME* and DAC2_FRAME*.

Fixes: 154c1d1f96
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Paolo Bonzini
07d66672e7 qsp: hide indirect function calls from Coverity
Coverity does not see anymore that qemu_mutex_lock is taking a lock.
Hide all the QSP magic so that static analysis works again.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Fam Zheng
2d1df85910 virtio: Return true from virtio_queue_empty if broken
Both virtio-blk and virtio-scsi use virtio_queue_empty() as the
loop condition in VQ handlers (virtio_blk_handle_vq,
virtio_scsi_handle_cmd_vq). When a device is marked broken in
virtqueue_pop, for example if a vIOMMU address translation failed, we
want to break out of the loop.

This fixes a hanging problem when booting a CentOS 3.10.0-862.el7.x86_64
kernel with ATS enabled:

  $ qemu-system-x86_64 \
    ... \
    -device intel-iommu,intremap=on,caching-mode=on,eim=on,device-iotlb=on \
    -device virtio-scsi-pci,iommu_platform=on,ats=on,id=scsi0,bus=pci.4,addr=0x0

The dead loop happens immediately when the kernel boots and initializes
the device, where virtio_scsi_data_plane_handle_cmd will not return:

    > ...
    > #13 0x00005586602b7793 in virtio_scsi_handle_cmd_vq
    > #14 0x00005586602b8d66 in virtio_scsi_data_plane_handle_cmd
    > #15 0x00005586602ddab7 in virtio_queue_notify_aio_vq
    > #16 0x00005586602dfc9f in virtio_queue_host_notifier_aio_poll
    > #17 0x00005586607885da in run_poll_handlers_once
    > #18 0x000055866078880e in try_poll_mode
    > #19 0x00005586607888eb in aio_poll
    > #20 0x0000558660784561 in aio_wait_bh_oneshot
    > #21 0x00005586602b9582 in virtio_scsi_dataplane_stop
    > #22 0x00005586605a7110 in virtio_bus_stop_ioeventfd
    > #23 0x00005586605a9426 in virtio_pci_stop_ioeventfd
    > #24 0x00005586605ab808 in virtio_pci_common_write
    > #25 0x0000558660242396 in memory_region_write_accessor
    > #26 0x00005586602425ab in access_with_adjusted_size
    > #27 0x0000558660245281 in memory_region_dispatch_write
    > #28 0x00005586601e008e in flatview_write_continue
    > #29 0x00005586601e01d8 in flatview_write
    > #30 0x00005586601e04de in address_space_write
    > #31 0x00005586601e052f in address_space_rw
    > #32 0x00005586602607f2 in kvm_cpu_exec
    > #33 0x0000558660227148 in qemu_kvm_cpu_thread_fn
    > #34 0x000055866078bde7 in qemu_thread_start
    > #35 0x00007f5784906594 in start_thread
    > #36 0x00007f5784639e6f in clone

With this patch, virtio_queue_empty will now return 1 as soon as the
vdev is marked as broken, after a "virtio: zero sized buffers are not
allowed" error.

To be consistent, update virtio_queue_empty_rcu as well.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <20180910145616.8598-2-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02 18:47:55 +02:00
Peter Maydell
3892f1f1a9 Update dtc submodule to v1.4.7
We have some upcoming things planned for ppc that will require some
 newer libfdt features.  In preparation, update the dtc/libfdt
 submodule to upstreasm version v1.4.7.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAluy8s8ACgkQbDjKyiDZ
 s5IGcQ//TbpUXkB9ihNPYuqw23HOfdjcuaBNIv24O3zJ7SwbgDzHmj4lRlfJQNQp
 MNdUREJWy9ywALPy2gfTDh+Eel7t5X1kEOYPtjm1WREt+x1sl5oCm/Q6ag9L5Wcp
 7AWsMN3y1VymfgFugJj9JZaLEa300Gzed24P1wvsbfEYi6coD8mZGe87W9Nh+dW/
 DPRX3Uz1ewsoTphTIWzfphXM7Av5yV/ThGWsFmdh5kpCLusa1DibdyxZOxoERjc6
 1i/aI2h/NKB8S+ruLK6IyqzbMKM0o2QyKLM7Hb5N/akn3GCvmpCOyb5JPIDjorXC
 /v/r7NR9FwyKFd3FtzxT+tbdXGivEuNnTv+nUgZcK1e79OyQHtbcPiNKVaEpRZVl
 C/ftjOFyG1j2cQmkd8THhQRCbRSEvTFUUKQY5hTgZfFA+OW91L1RdLQ3K5/nqlQn
 heSKG73ABo3CiG+NL9n2wKXdKrPrjXqtkNw+bdjXxyKJCRCIetuXEWl3aC4xmhuo
 FQPG1KBrye7/5ohIu1qCmqxGZRDsi4mqTkZru3UlePRYz9L0EAbTUXc6PBgYEM9c
 ijB0ISiip6w93RTBr+QbK4GbxcNZQqb/QJB8MC5qxSXxv/788AV2XnjDx2eArAmZ
 /gxV2MuaxRlnReGu+MKWpqgTfWfM6+wTpeF3CrnZGczw+vzFrT4=
 =O+EV
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/libfdt-20181002' into staging

Update dtc submodule to v1.4.7

We have some upcoming things planned for ppc that will require some
newer libfdt features.  In preparation, update the dtc/libfdt
submodule to upstreasm version v1.4.7.

# gpg: Signature made Tue 02 Oct 2018 05:23:43 BST
# gpg:                using RSA key 6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/libfdt-20181002:
  Update dtc/libfdt submodule to v1.4.7

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-02 09:54:44 +01:00
Peter Maydell
8f09da690f target/xtensa: preparation for FLIX support
Separate generation of per-instruction code (such as raising exceptions
 and terminating TB) from per-opcode code.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEK2eFS5jlMn3N6xfYUfnMkfg/oEQFAluyZAoTHGpjbXZia2Jj
 QGdtYWlsLmNvbQAKCRBR+cyR+D+gRO/JD/0bTPxmqU/8svhNLdlG7woSICG4T/z3
 DIhttiedDqtLBVKpmziqFtC7EK5Mo/Pydpo5R0jxsLUvxuBSHwnlPUdixzrA5L/t
 GY9Xr1VLdjjv2C8i/9SUyIRswMutp++Gxy4DNi93oqBoaxh5fbcMmWEa4CVApn6m
 /7z6MHiVUVtuS3HXqs7uvDl8fKv4//CISMpVRNhZ9aTp99/Oc+Xiwlmg/Gl4SNCG
 1RMI6UzFy0CYfzwZr9YRO58wvWTH5mv+YoYkXsMKiQ2MFYZ5/SWhi7bzANXsMGgh
 u5oFfwbJa6o5//3EHeohmdwg8vuyOMasE352Sx//sSxgVFheBEoU21qJdujQiyKU
 2RNpVWDHd7JTP+nlGvIrc/kpZmVYirn9YUi64S9CunCLrPHTKIexrXHpr7QxS+Pk
 zWcrAAehzZ7nM4R1VWWWcg2g9FECLT+Nuqpvsr3JFJ+fXT7mjgKvDAMuUV+SnYFx
 514Jx0epsoVdbDB7PIwn8J3liiPRfHGiCHew6ZU8OBMBCqnOcTc/l7Ibqcnbtvb8
 PqtkB+1/D8DkbWANLh1hUs8SUnwIrXZ4q7GJbK9+jC4A5i2CVsHQJn0PAIzOVSbr
 3AkumUYalMnAtk7AwJ0IJyuvHY2znqP+IcXLG2Y4GQ/vIpwKnHWK9jJVldYqTMxM
 q8sDFdeQ9/0bvw==
 =u1IL
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/xtensa/tags/20181001-xtensa' into staging

target/xtensa: preparation for FLIX support

Separate generation of per-instruction code (such as raising exceptions
and terminating TB) from per-opcode code.

# gpg: Signature made Mon 01 Oct 2018 19:14:34 BST
# gpg:                using RSA key 51F9CC91F83FA044
# gpg: Good signature from "Max Filippov <filippov@cadence.com>"
# gpg:                 aka "Max Filippov <max.filippov@cogentembedded.com>"
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>"
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20181001-xtensa:
  target/xtensa: extract gen_check_interrupts call
  target/xtensa: make rsr/wsr helpers return void
  target/xtensa: extract unconditional TB termination via slot 0
  target/xtensa: always end TB on CCOUNT access/CCOMPARE write
  target/xtensa: change SR number checks to assertions
  target/xtensa: extract unconditional TB termination
  target/xtensa: extract test for division by zero
  target/xtensa: extract test for cpdisabled exception
  target/xtensa: extract test for alloca exception
  target/xtensa: extract test for window underflow exception
  target/xtensa: extract test for window overflow exception
  target/xtensa: extract test for debug exception
  target/xtensa: extract test for syscall instruction
  target/xtensa: extract test for privileged instruction
  target/xtensa: extract test for an illegal instruction

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-02 09:06:56 +01:00
David Gibson
0b001b3094 Update dtc/libfdt submodule to v1.4.7
dtc v1.4.7 contains a bunch of improvements to make libfdt safer against
handling a corrupted or malicious tree, which is a good thing to have.  It
also includes an explicit fdt checking function that we'll be wanting in
future.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-10-02 13:53:26 +10:00
Max Filippov
d74624e59a target/xtensa: extract gen_check_interrupts call
- mark instructions that affect active IRQ level;
- put call for gen_check_interrupts right after the instruction
  translation; when FLIX is enabled it will need to appear before
  other exits from the TB as well;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:36 -07:00
Max Filippov
c7159acbbe target/xtensa: make rsr/wsr helpers return void
Now that all logic for TB termination is extracted from rsr/wsr their
return value is not used and may be dropped.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:36 -07:00
Max Filippov
bf52510774 target/xtensa: extract unconditional TB termination via slot 0
- mark instructions that require TB termination via slot 0;
- put TB termination right after the instruction translation loop, if
  termination w/o TB linking wasn't requested;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:36 -07:00
Max Filippov
06ec08a0be target/xtensa: always end TB on CCOUNT access/CCOMPARE write
Currently we only end TB in icount mode, because access to CCOUNT or
write to CCOMPARE are IO operations. Simplify the behaviour a bit and
end TB unconditionally.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:36 -07:00
Max Filippov
9dccbd1c69 target/xtensa: change SR number checks to assertions
Opcode decoding with libisa takes care about range of valid group SRs,
like CCOMPARE, IBREAKA, DBREAKA or DBREAKC. Turn range checks in wsr
implementations into assertions.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:36 -07:00
Max Filippov
226444a844 target/xtensa: extract unconditional TB termination
- mark all instructions that exit TB and require dynamic search for the
  next TB;
- put TB termination right after the instruction translation loop;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:36 -07:00
Max Filippov
4a038955da target/xtensa: extract test for division by zero
- mark quos/quou/rems/remu instructions;
- drop parameter 0 from the translate_quou and split translate_remu from
  it;
- put test for division by zero exception right after the coprocessor
  exception test;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:35 -07:00
Max Filippov
582fef0f47 target/xtensa: extract test for cpdisabled exception
- add XtensaOpcodeOps::coprocessor with bitmask of coprocessors used by
  the instruction;
- replace coprocessor id parameter of gen_check_cpenable with the
  bitmask of used coprocessors;
- collect coprocessor IDs used by an instruction in the disassembly
  loop;
- put test for coprocessor disabled exception after the alloca test;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:35 -07:00
Max Filippov
90d6494d13 target/xtensa: extract test for alloca exception
- mark movsp instruction;
- put test for alloca exception right after the test for window
  underflow;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:35 -07:00
Max Filippov
f473019a97 target/xtensa: extract test for window underflow exception
- mark retw and retw.n instructions;
- extract window inderflow test from retw helper;
- put underflow exception check generation right after the overflow
  check;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:35 -07:00
Max Filippov
6416d16f75 target/xtensa: extract test for window overflow exception
- add ps.callinc to the TB flags, that allows testing all instructions
  for window overflow statically;
- drop gen_window_check* functions; replace them with get_window_check
  that accepts bitmask of used registers;
- add XtensaOpcodeOps::test_overflow that returns bitmask of implicitly
  used registers; use it for entry and call{,x}{4,8,12};
- drop window overflow test from the entry helper;
- drop parameter 0 from translate_[di]cache and use translate_nop for
  d/i cache opcodes that don't need memory accessibility check;
- add bitmask XtensaOpcodeOps::windowed_register_op that marks opcode
  arguments that refer to windowed registers;
- translate windowed_register_op mask to a mask of actually used
  registers in the disassembly loop;
- add check for window overflow right after the check for debug
  exception;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:35 -07:00
Max Filippov
1547781942 target/xtensa: extract test for debug exception
- mark break and break.n instructions;
- collect debug cause bits from parameter 0 of instructions marked for
  debug exception;
- put debug exception check right after syscall check;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:35 -07:00
Max Filippov
4c6ec5f3cd target/xtensa: extract test for syscall instruction
- mark syscall instruction;
- put syscall exception check right after privileged exception check;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:35 -07:00
Max Filippov
21a2dad5c4 target/xtensa: extract test for privileged instruction
- mark privileged instructions;
- put single privileged instruction check after disassembly loop;
- translate_[di]cache: drop parameter 0, shift parameters one down;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:35 -07:00
Max Filippov
0946097051 target/xtensa: extract test for an illegal instruction
- TB flags: add XTENSA_TBFLAG_CWOE that corresponds to the architectural
  CWOE state;
- entry: move CWOE check from the helper to the test_ill_entry;
- retw: move CWOE check from the helper to the test_ill_retw;
- separate instruction disassembly loop and translation loop; save
  disassembly results in local array;

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-10-01 11:08:35 -07:00
Peter Maydell
e32e62f253 Block layer patches:
- qcow2 cache option default changes (Linux: 32 MB maximum, limited by
   whatever cache size can be made use of with the specific image;
   default cache-clean-interval of 10 minutes)
 - reopen: Allow specifying unchanged child node references, and changing
   a few generic options (discard, detect-zeroes)
 - Fix werror/rerror defaults for -device drive=<node-name>
 - Test case fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbslavAAoJEH8JsnLIjy/Wi0kP/jU18AzfISoIhcJ2GBXYU2aV
 /FnUdB/L3mjMZOYkIgjDunw/fgfvelLqNdWb7xlijYeDPAiYKNEmJHX+iznE5ieP
 KnpHOxASSe8w5SFlnF8h30rLK05gcy/rg/QcuMX4KkU46E0C8t0rSLBJE5FdYiRU
 HN00jraTNfzyixuFxRVpqyadbhbCCEVwlwjDg3GMjGEML/WRk6jmhOOF5tVX72om
 gmVrzA1lAlzkFnx32Bloevp72iolWFLkyA86oNgPMwIFG0zj9lnK5B/fvnkVTY2v
 MnXGPwEVZUoZnif4nAXA2+bBqKT4Nbo21N8OylJhmNUi8K/rndiZdHH5Kph+yFod
 RGkBI4Pb5KxiI+YDiRKJmyQd/7IiWLarjP1nV3UjvPLnpmuTA54jRjDVmA6AW8OH
 BFu34+jfA4rll2dorVmQAFES4yvvj/brtTsCZfG5VNl60tigdqeLCZrQkNwR188q
 osKGWBEKy7+2SYj5q+s0BSO+caXmU2XLSdcE1gEHFQ51eU0mRZA0OrooNUuUk30E
 42n8BZ77P8EGb7UQBmKqYwWL4hXQPWL3m3i7Mnz19+iwk/m8SHvj2nriouDoiVtf
 gtUwfr7TKvL9JcPLHrS3/j8boC5S4Rm+wlyyIlta8n2rS4bh1e2bGEZuNxZKyKCg
 Y9WO6KxbztbO9X0ZnxFW
 =ai81
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- qcow2 cache option default changes (Linux: 32 MB maximum, limited by
  whatever cache size can be made use of with the specific image;
  default cache-clean-interval of 10 minutes)
- reopen: Allow specifying unchanged child node references, and changing
  a few generic options (discard, detect-zeroes)
- Fix werror/rerror defaults for -device drive=<node-name>
- Test case fixes

# gpg: Signature made Mon 01 Oct 2018 18:17:35 BST
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream: (23 commits)
  tests/test-bdrv-drain: Fix too late qemu_event_reset()
  test-replication: Lock AioContext around blk_unref()
  qcow2: Fix cache-clean-interval documentation
  block-backend: Set werror/rerror defaults in blk_new()
  qcow2: Explicit number replaced by a constant
  qcow2: Set the default cache-clean-interval to 10 minutes
  qcow2: Resize the cache upon image resizing
  qcow2: Increase the default upper limit on the L2 cache size
  qcow2: Assign the L2 cache relatively to the image size
  qcow2: Avoid duplication in setting the refcount cache size
  qcow2: Make sizes more humanly readable
  include: Add a lookup table of sizes
  qcow2: Options' documentation fixes
  block: Allow changing 'detect-zeroes' on reopen
  block: Allow changing 'discard' on reopen
  file-posix: Forbid trying to change unsupported options during reopen
  block: Forbid trying to change unsupported options during reopen
  block: Allow child references on reopen
  block: Don't look for child references in append_open_options()
  block: Remove child references from bs->{options,explicit_options}
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-01 18:22:55 +01:00
Kevin Wolf
dd35315794 tests/test-bdrv-drain: Fix too late qemu_event_reset()
qemu_event_reset() must be called before the AIO request in a different
iothread is submitted. Otherwise the request could be completed before
we do the qemu_event_reset() and the test would hang in
qemu_event_wait().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Tested-by: Max Reitz <mreitz@redhat.com>
2018-10-01 19:13:55 +02:00
Kevin Wolf
90042c6aac test-replication: Lock AioContext around blk_unref()
Recently, the test case has started failing because some job related
functions want to drop the AioContext lock even though it hasn't been
taken:

    (gdb) bt
    #0  0x00007f51c067c9fb in raise () from /lib64/libc.so.6
    #1  0x00007f51c067e77d in abort () from /lib64/libc.so.6
    #2  0x0000558c9d5dde7b in error_exit (err=<optimized out>, msg=msg@entry=0x558c9d6fe120 <__func__.18373> "qemu_mutex_unlock_impl") at util/qemu-thread-posix.c:36
    #3  0x0000558c9d6b5263 in qemu_mutex_unlock_impl (mutex=mutex@entry=0x558c9f3999a0, file=file@entry=0x558c9d6fd36f "util/async.c", line=line@entry=516) at util/qemu-thread-posix.c:96
    #4  0x0000558c9d6b0565 in aio_context_release (ctx=ctx@entry=0x558c9f399940) at util/async.c:516
    #5  0x0000558c9d5eb3da in job_completed_txn_abort (job=0x558c9f68e640) at job.c:738
    #6  0x0000558c9d5eb227 in job_finish_sync (job=0x558c9f68e640, finish=finish@entry=0x558c9d5eb8d0 <job_cancel_err>, errp=errp@entry=0x0) at job.c:986
    #7  0x0000558c9d5eb8ee in job_cancel_sync (job=<optimized out>) at job.c:941
    #8  0x0000558c9d64d853 in replication_close (bs=<optimized out>) at block/replication.c:148
    #9  0x0000558c9d5e5c9f in bdrv_close (bs=0x558c9f41b020) at block.c:3420
    #10 bdrv_delete (bs=0x558c9f41b020) at block.c:3629
    #11 bdrv_unref (bs=0x558c9f41b020) at block.c:4685
    #12 0x0000558c9d62a3f3 in blk_remove_bs (blk=blk@entry=0x558c9f42a7c0) at block/block-backend.c:783
    #13 0x0000558c9d62a667 in blk_delete (blk=0x558c9f42a7c0) at block/block-backend.c:402
    #14 blk_unref (blk=0x558c9f42a7c0) at block/block-backend.c:457
    #15 0x0000558c9d5dfcea in test_secondary_stop () at tests/test-replication.c:478
    #16 0x00007f51c1f13178 in g_test_run_suite_internal () from /lib64/libglib-2.0.so.0
    #17 0x00007f51c1f1337b in g_test_run_suite_internal () from /lib64/libglib-2.0.so.0
    #18 0x00007f51c1f1337b in g_test_run_suite_internal () from /lib64/libglib-2.0.so.0
    #19 0x00007f51c1f13552 in g_test_run_suite () from /lib64/libglib-2.0.so.0
    #20 0x00007f51c1f13571 in g_test_run () from /lib64/libglib-2.0.so.0
    #21 0x0000558c9d5de31f in main (argc=<optimized out>, argv=<optimized out>) at tests/test-replication.c:581

It is yet unclear whether this should really be considered a bug in the
test case or whether blk_unref() should work for callers that haven't
taken the AioContext lock, but in order to fix the build tests quickly,
just take the AioContext lock around blk_unref().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-10-01 19:13:55 +02:00
Leonid Bloch
e3a7b4556e qcow2: Fix cache-clean-interval documentation
Fixing cache-clean-interval documentation following the recent change to
a default of 600 seconds on supported plarforms (only Linux currently).

Signed-off-by: Leonid Bloch <lbloch@janustech.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-10-01 19:13:55 +02:00
Kevin Wolf
cb53460b70 block-backend: Set werror/rerror defaults in blk_new()
Currently, the default values for werror and rerror have to be set
explicitly with blk_set_on_error() by the callers of blk_new(). The only
caller actually doing this is blockdev_init(), which is called for
BlockBackends created using -drive.

In particular, anonymous BlockBackends created with
-device ...,drive=<node-name> didn't get the correct default set and
instead defaulted to the integer value 0 (= BLOCKDEV_ON_ERROR_REPORT).
This is the intended default for rerror anyway, but the default for
werror should be BLOCKDEV_ON_ERROR_ENOSPC.

Set the defaults in blk_new() instead so that they apply no matter what
way the BlockBackend was created.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
2018-10-01 19:13:46 +02:00
Peter Maydell
a2ef4d9e95 ui: some small fixes/improvements.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJbsfoIAAoJEEy22O7T6HE4UzIQAIVt2AqqT1OS5o6nUoJDAE6C
 kfqPVCOkqVoY7EtNrh0wtv342JorZEYhjW9v3FRFWdXY0oopex8a5QHJMC4v4XLQ
 oiueITAs1jv4Qtor+LER4YlS429Hy7ln44tCgcpaUIYIopNrWogJRFn7DwG4xmHC
 T5XN/28QF3CI2Y52pV5gh785cwnCUkzeYor+NI6ya79KvAEl1lTv1uF9oECwxhjL
 jXi6fl3ek+ugSzUL0iKzt4GxsPuyElXryNkB6Ees1QWWk7W814GTD4bE0ND8JIn9
 zvcGCqTrPE4HNFlJa6cWFoNQ1090aKGR+AAZXoZh8HdsVOUd9BO5gBwrFhLFt6UF
 HRw44J3LALtxMQsGZkI35PM+wD9lA8OUrkkr9NrKVGhpyBC67RyqJiNVcH3TxbPk
 2TNVARAMIdFnpG6dRCBgezoFQOS6uS3XhJUt69pkwjsNWql4yy0VnaAqmyjVPK+B
 JrKcOLWkY3JIer4e2ZqLkhdWxWrBytjsbW62XBjHgOoJVi7hkeCyJ2VHk5gAyIit
 jlH69fNF4SiobBj1g/KKb6usI4HNYRgqF52KwPvNdYmLpY9F8RUg9p2nVWIjM7Z1
 zgH42ms9GUAGBr1l39Fm/mY9nQCAVoeXR9Yv+CLu/Jk5pX8wTFkOMW2fLs/dJZBx
 dcEHGMUY4ptkxcSto8bb
 =Ul2P
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20181001-pull-request' into staging

ui: some small fixes/improvements.

# gpg: Signature made Mon 01 Oct 2018 11:42:16 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20181001-pull-request:
  gtk: add zoom-to-fit to gtk options.
  vnc: call sasl_server_init() only when required
  sdl2: show console #0 unconditionally

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-01 15:44:30 +01:00
Peter Maydell
24c3833717 usb: fixes for mtp, hub and ohci.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJbsejEAAoJEEy22O7T6HE4PMkP+wSKv+1IXRAQUJOzGaptirnM
 saRNuglceC5Y4WXqKtoMe0J55J1d5HUrKoxuBULyLxXZmJB8lkiFUyzkgIwcNJEX
 MNsKeympva74EX4/JGz6CnbqcBleeuHT8pZfTwE7KlN3yyPRC2lQ0HmR1VMz9S/e
 kEALeQWGF9fcF0SIcoNSJgmF02JsElTi67YlK+1GIecdvsfUvEY1X9KyVEFk45RX
 fWLoUmz2hZlVzVVNq3+ZWbb53a9dMpPUXZgLWb5BRV12f8wh4tdH2s5i3QE5xYY8
 wgfnVkGsVMCks4qBKRsMysNpJkbm6YTxH3P8I07SselQi0rl2n7y0QU21Jeeoi5p
 7Bv7U0ECa66vi+/hjJ15FfvLfgPwNEkAUqyO66hKgQXlr+huGgYnpc9GEbpYYH6N
 9fyljOk/RJ5erjk/vFVmnSuhP9cv2vFqti0jOXRyHxvfL1oSTx/EZ2pXYWApa4UJ
 qngS/P5EtJS7qKdD36VAt/eo53toypxole8ULgSdgUwa8bk6E+RCPENMRg2XInqs
 i+ia0IktOlfV3DTAhMLwEs6heqi3b29/rxTcWmrfxmhrUnV/LpcAK8KenvTj+AsD
 MhRi5kFLaC5k5bwTFz/lG2UaO7dbhqW5/7XZKzNkhfAfdiTIrboj2jTE6IHz4ekH
 dWTQvZtNtuBkrnA5XEx5
 =hIG+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20181001-pull-request' into staging

usb: fixes for mtp, hub and ohci.

# gpg: Signature made Mon 01 Oct 2018 10:28:36 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20181001-pull-request:
  ohci: set effectively usb frame rate to 1kHz
  usb-hub: clear suspend on detach
  usb-mtp: reset ObjectInfo dataset size on cleanup
  doc: replace x-root with rootdir for usb-mtp
  usb-mtp: fix error conditions for write operation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-01 12:33:18 +01:00
Leonid Bloch
bd016b912c qcow2: Explicit number replaced by a constant
Signed-off-by: Leonid Bloch <lbloch@janustech.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-10-01 12:51:12 +02:00
Leonid Bloch
e957b50b8d qcow2: Set the default cache-clean-interval to 10 minutes
The default cache-clean-interval is set to 10 minutes, in order to lower
the overhead of the qcow2 caches (before the default was 0, i.e.
disabled).

* For non-Linux platforms the default is kept at 0, because
  cache-clean-interval is not supported there yet.

Signed-off-by: Leonid Bloch <lbloch@janustech.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-10-01 12:51:12 +02:00
Leonid Bloch
45b4949c7b qcow2: Resize the cache upon image resizing
The caches are now recalculated upon image resizing. This is done
because the new default behavior of assigning L2 cache relatively to
the image size, implies that the cache will be adapted accordingly
after an image resize.

Signed-off-by: Leonid Bloch <lbloch@janustech.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-10-01 12:51:12 +02:00