Commit Graph

26110 Commits

Author SHA1 Message Date
Klaus Jensen
ca247d3509 hw/block/nvme: fix pin-based interrupt behavior
First, since the device only supports MSI-X or pin-based interrupt, if
MSI-X is not enabled, it should not accept interrupt vectors different
from 0 when creating completion queues.

Secondly, the irq_status NvmeCtrl member is meant to be compared to the
INTMS register, so it should only be 32 bits wide. And it is really only
useful when used with multi-message MSI.

Third, since we do not force a 1-to-1 correspondence between cqid and
interrupt vector, the irq_status register should not have bits set
according to cqid, but according to the associated interrupt vector.

Fix these issues, but keep irq_status available so we can easily support
multi-message MSI down the line.

Fixes: 5e9aa92eb1 ("hw/block: Fix pin-based interrupt behaviour of NVMe")
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Message-Id: <20200609190333.59390-8-its@irrelevant.dk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17 14:53:40 +02:00
Klaus Jensen
b4529c5c3a hw/block/nvme: refactor nvme_addr_read
Pull the controller memory buffer check to its own function. The check
will be used on its own in later patches.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Message-Id: <20200609190333.59390-7-its@irrelevant.dk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17 14:53:40 +02:00
Klaus Jensen
3e829fd438 hw/block/nvme: use constants in identify
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Message-Id: <20200609190333.59390-6-its@irrelevant.dk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17 14:53:40 +02:00
Klaus Jensen
1065abfbf1 hw/block/nvme: move device parameters to separate struct
Move device configuration parameters to separate struct to make it
explicit what is configurable and what is set internally.

Signed-off-by: Klaus Jensen <klaus.jensen@cnexlabs.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20200609190333.59390-5-its@irrelevant.dk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17 14:53:40 +02:00
Klaus Jensen
4920786ee6 hw/block/nvme: remove superfluous breaks
These break statements was left over when commit 3036a626e9 ("nvme:
add Get/Set Feature Timestamp support") was merged.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Message-Id: <20200609190333.59390-4-its@irrelevant.dk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17 14:53:40 +02:00
Klaus Jensen
6f4ee2e9aa hw/block/nvme: rename trace events to pci_nvme
Change the prefix of all nvme device related trace events to 'pci_nvme'
to not clash with trace events from the nvme block driver.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Message-Id: <20200609190333.59390-3-its@irrelevant.dk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17 14:53:39 +02:00
Klaus Jensen
f7e8c23f39 hw/block/nvme: fix pci doorbell size calculation
The size of the BAR is 0x1000 (main registers) + 8 bytes for each
queue. Currently, the size of the BAR is calculated like so:

    n->reg_size = pow2ceil(0x1004 + 2 * (n->num_queues + 1) * 4);

Since the 'num_queues' parameter already accounts for the admin queue,
this should in any case not need to be incremented by one. Also, the
size should be initialized to (0x1000).

    n->reg_size = pow2ceil(0x1000 + 2 * n->num_queues * 4);

This, with the default value of num_queues (64), we will set aside room
for 1 admin queue and 63 I/O queues (4 bytes per doorbell, 2 doorbells
per queue).

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Message-Id: <20200609190333.59390-2-its@irrelevant.dk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17 14:53:39 +02:00
Sergio Lopez
49b44549ac virtio-blk: On restart, process queued requests in the proper context
On restart, we were scheduling a BH to process queued requests, which
would run before starting up the data plane, leading to those requests
being assigned and started on coroutines on the main context.

This could cause requests to be wrongly processed in parallel from
different threads (the main thread and the iothread managing the data
plane), potentially leading to multiple issues.

For example, stopping and resuming a VM multiple times while the guest
is generating I/O on a virtio_blk device can trigger a crash with a
stack tracing looking like this one:

<------>
 Thread 2 (Thread 0x7ff736765700 (LWP 1062503)):
 #0  0x00005567a13b99d6 in iov_memset
     (iov=0x6563617073206f4e, iov_cnt=1717922848, offset=516096, fillc=0, bytes=7018105756081554803)
     at util/iov.c:69
 #1  0x00005567a13bab73 in qemu_iovec_memset
     (qiov=0x7ff73ec99748, offset=516096, fillc=0, bytes=7018105756081554803) at util/iov.c:530
 #2  0x00005567a12f411c in qemu_laio_process_completion (laiocb=0x7ff6512ee6c0) at block/linux-aio.c:86
 #3  0x00005567a12f42ff in qemu_laio_process_completions (s=0x7ff7182e8420) at block/linux-aio.c:217
 #4  0x00005567a12f480d in ioq_submit (s=0x7ff7182e8420) at block/linux-aio.c:323
 #5  0x00005567a12f43d9 in qemu_laio_process_completions_and_submit (s=0x7ff7182e8420)
     at block/linux-aio.c:236
 #6  0x00005567a12f44c2 in qemu_laio_poll_cb (opaque=0x7ff7182e8430) at block/linux-aio.c:267
 #7  0x00005567a13aed83 in run_poll_handlers_once (ctx=0x5567a2b58c70, timeout=0x7ff7367645f8)
     at util/aio-posix.c:520
 #8  0x00005567a13aee9f in run_poll_handlers (ctx=0x5567a2b58c70, max_ns=16000, timeout=0x7ff7367645f8)
     at util/aio-posix.c:562
 #9  0x00005567a13aefde in try_poll_mode (ctx=0x5567a2b58c70, timeout=0x7ff7367645f8)
     at util/aio-posix.c:597
 #10 0x00005567a13af115 in aio_poll (ctx=0x5567a2b58c70, blocking=true) at util/aio-posix.c:639
 #11 0x00005567a109acca in iothread_run (opaque=0x5567a2b29760) at iothread.c:75
 #12 0x00005567a13b2790 in qemu_thread_start (args=0x5567a2b694c0) at util/qemu-thread-posix.c:519
 #13 0x00007ff73eedf2de in start_thread () at /lib64/libpthread.so.0
 #14 0x00007ff73ec10e83 in clone () at /lib64/libc.so.6

 Thread 1 (Thread 0x7ff743986f00 (LWP 1062500)):
 #0  0x00005567a13b99d6 in iov_memset
     (iov=0x6563617073206f4e, iov_cnt=1717922848, offset=516096, fillc=0, bytes=7018105756081554803)
     at util/iov.c:69
 #1  0x00005567a13bab73 in qemu_iovec_memset
     (qiov=0x7ff73ec99748, offset=516096, fillc=0, bytes=7018105756081554803) at util/iov.c:530
 #2  0x00005567a12f411c in qemu_laio_process_completion (laiocb=0x7ff6512ee6c0) at block/linux-aio.c:86
 #3  0x00005567a12f42ff in qemu_laio_process_completions (s=0x7ff7182e8420) at block/linux-aio.c:217
 #4  0x00005567a12f480d in ioq_submit (s=0x7ff7182e8420) at block/linux-aio.c:323
 #5  0x00005567a12f4a2f in laio_do_submit (fd=19, laiocb=0x7ff5f4ff9ae0, offset=472363008, type=2)
     at block/linux-aio.c:375
 #6  0x00005567a12f4af2 in laio_co_submit
     (bs=0x5567a2b8c460, s=0x7ff7182e8420, fd=19, offset=472363008, qiov=0x7ff5f4ff9ca0, type=2)
     at block/linux-aio.c:394
 #7  0x00005567a12f1803 in raw_co_prw
     (bs=0x5567a2b8c460, offset=472363008, bytes=20480, qiov=0x7ff5f4ff9ca0, type=2)
     at block/file-posix.c:1892
 #8  0x00005567a12f1941 in raw_co_pwritev
     (bs=0x5567a2b8c460, offset=472363008, bytes=20480, qiov=0x7ff5f4ff9ca0, flags=0)
     at block/file-posix.c:1925
 #9  0x00005567a12fe3e1 in bdrv_driver_pwritev
     (bs=0x5567a2b8c460, offset=472363008, bytes=20480, qiov=0x7ff5f4ff9ca0, qiov_offset=0, flags=0)
     at block/io.c:1183
 #10 0x00005567a1300340 in bdrv_aligned_pwritev
     (child=0x5567a2b5b070, req=0x7ff5f4ff9db0, offset=472363008, bytes=20480, align=512, qiov=0x7ff72c0425b8, qiov_offset=0, flags=0) at block/io.c:1980
 #11 0x00005567a1300b29 in bdrv_co_pwritev_part
     (child=0x5567a2b5b070, offset=472363008, bytes=20480, qiov=0x7ff72c0425b8, qiov_offset=0, flags=0)
     at block/io.c:2137
 #12 0x00005567a12baba1 in qcow2_co_pwritev_task
     (bs=0x5567a2b92740, file_cluster_offset=472317952, offset=487305216, bytes=20480, qiov=0x7ff72c0425b8, qiov_offset=0, l2meta=0x0) at block/qcow2.c:2444
 #13 0x00005567a12bacdb in qcow2_co_pwritev_task_entry (task=0x5567a2b48540) at block/qcow2.c:2475
 #14 0x00005567a13167d8 in aio_task_co (opaque=0x5567a2b48540) at block/aio_task.c:45
 #15 0x00005567a13cf00c in coroutine_trampoline (i0=738245600, i1=32759) at util/coroutine-ucontext.c:115
 #16 0x00007ff73eb622e0 in __start_context () at /lib64/libc.so.6
 #17 0x00007ff6626f1350 in  ()
 #18 0x0000000000000000 in  ()
<------>

This is also known to cause crashes with this message (assertion
failed):

 aio_co_schedule: Co-routine was already scheduled in 'aio_co_schedule'

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1812765
Signed-off-by: Sergio Lopez <slp@redhat.com>
Message-Id: <20200603093240.40489-3-slp@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17 14:53:39 +02:00
Sergio Lopez
7aa1c247b4 virtio-blk: Refactor the code that processes queued requests
Move the code that processes queued requests from
virtio_blk_dma_restart_bh() to its own, non-static, function. This
will allow us to call it from the virtio_blk_data_plane_start() in a
future patch.

Signed-off-by: Sergio Lopez <slp@redhat.com>
Message-Id: <20200603093240.40489-2-slp@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17 14:53:39 +02:00
Philippe Mathieu-Daudé
ae0cebd712 hw/ide: Make IDEDMAOps handlers take a const IDEDMA pointer
Handlers don't need to modify the IDEDMA structure.
Make it const.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200512194917.15807-1-philmd@redhat.com>
Acked-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17 14:53:39 +02:00
Gerd Hoffmann
9a45729d3b x86: move max-ram-below-4g to pc
Move from X86MachineClass to PCMachineClass so it disappears
from microvm machine type property list.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-id: 20200529073957.8018-4-kraxel@redhat.com
2020-06-17 14:24:22 +02:00
Gerd Hoffmann
3235936e30 microvm: drop max-ram-below-4g support
Not useful for microvm and allows users to shoot themself
into the foot (make ram + mmio overlap).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20200529073957.8018-3-kraxel@redhat.com
2020-06-17 14:24:16 +02:00
Gerd Hoffmann
e289655cea microvm: use 3G split unconditionally
Looks like the logic was copied over from q35.

q35 does this for backward compatibility, there is no reason to do this
on microvm though.  Also microvm doesn't need much mmio space, 1G is
more than enough.  Using an mmio window smaller than 1G is bad for
gigabyte alignment and hugepages though.  So split @ 3G unconditionally.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20200529073957.8018-2-kraxel@redhat.com
2020-06-17 14:24:07 +02:00
Gerd Hoffmann
54cdfe5112 usb-host: workaround libusb bug
libusb seems to no allways call the completion callback for requests
canceled (which it is supposed to do according to the docs).  So add
a limit to avoid qemu waiting forever.

Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20200529072225.3195-1-kraxel@redhat.com>
2020-06-17 09:12:33 +02:00
Gerd Hoffmann
9f815e83e9 usb: add hostdevice property to usb-host
The new property allows to specify usb host device name.  Uses standard
qemu_open(), so both file system path (/dev/bus/usb/$bus/$dev on linux)
and file descriptor passing can be used.

Requires libusb 1.0.23 or newer.  The hostdevice property is only
present in case qemu is compiled against a new enough library version,
so the presence of the property can be used for feature detection.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20200605125952.13113-1-kraxel@redhat.com>
2020-06-17 09:12:22 +02:00
Peter Maydell
5c24bce305 Testing and plugin updates
- clear up dtc warnings
   - add support for --enable-tsan builds
   - re-enable shippable cross builds
   - serialise cirrus check steps
   - fix check-tcg plugin issues
   - add lockstep plugin
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAl7ozhEACgkQ+9DbCVqe
 KkSunwf/T1Bsg9RIIIvWsRDWHndQjh1OJc1WyBdg8ZZslxxhxV7jSRGLw6JtUU40
 yIBjtinNMKIBNGJTExghB6UXDBj9LjB7qjalDO+hpR6UONU11ITwOwHzoRc5R2Zl
 jeqelHImtDaNvRWqyWmdkT/VsHl80GFTTalJZrVyn+EcYK5RPQDzUitdE1V3GUVg
 3we253m+9S/Ao73yn3WPZtIXNUcAR5+vK1BtI8necoNsFuEgI0KRxJAFKAJB3LxN
 pfaXAwfpMJ99AAlNCE/ObNCCQ8zy3dyt8GfYERn4pPPMs5HEhs+lS5vZ+KU4b/Gd
 5rsSO/ELl1C9uiTGvzlLCfu6MvL8zw==
 =NXiy
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-and-plugin-160620-2' into staging

Testing and plugin updates

  - clear up dtc warnings
  - add support for --enable-tsan builds
  - re-enable shippable cross builds
  - serialise cirrus check steps
  - fix check-tcg plugin issues
  - add lockstep plugin

# gpg: Signature made Tue 16 Jun 2020 14:50:09 BST
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-testing-and-plugin-160620-2: (21 commits)
  plugins: new lockstep plugin for debugging TCG changes
  tests/tcg: ensure -cpu max also used for plugin run
  tests/tcg: build plugin list from contents of src directory
  cirrus.yml: serialise make check
  Revert ".shippable: temporaily disable some cross builds"
  tests: Disable select tests under TSan, which hit TSan issue.
  docs: Added details on TSan to testing.rst
  util: Added tsan annotate for thread name.
  include/qemu: Added tsan.h for annotations.
  tests/docker: Added docker build support for TSan.
  thread: add tsan annotations to QemuSpin
  translate-all: call qemu_spin_destroy for PageDesc
  tcg: call qemu_spin_destroy for tb->jmp_lock
  qht: call qemu_spin_destroy for head buckets
  cputlb: destroy CPUTLB with tlb_destroy
  thread: add qemu_spin_destroy
  cpu: convert queued work to a QSIMPLEQ
  configure: add --enable-tsan flag + fiber annotations for coroutine-ucontext
  Makefile: remove old compatibility gunks
  Makefile: dtc: update, build the libfdt target
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-16 14:57:15 +01:00
Emilio G. Cota
0c0fcc2052 cpu: convert queued work to a QSIMPLEQ
We convert queued work to a QSIMPLEQ, instead of
open-coding it.

While at it, make sure that all accesses to the list are
performed while holding the list's lock.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Robert Foley <robert.foley@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200609200738.445-3-robert.foley@linaro.org>
Message-Id: <20200612190237.30436-6-alex.bennee@linaro.org>
2020-06-16 14:49:05 +01:00
Peter Maydell
cb8278cd99 * hw: arm: Set vendor property for IMX SDHCI emulations
* sd: sdhci: Implement basic vendor specific register support
  * hw/net/imx_fec: Convert debug fprintf() to trace events
  * target/arm/cpu: adjust virtual time for all KVM arm cpus
  * Implement configurable descriptor size in ftgmac100
  * hw/misc/imx6ul_ccm: Implement non writable bits in CCM registers
  * target/arm: More Neon decodetree conversion work
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl7olzoZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3kkqD/9UtCpXnSTQemK5ejuUrhnb
 LLtth7ce+XHPIoxyEeaAR89umZkooAjFG5ySnZ5QV5b0FxWrcUyK2saDdBKNHhcG
 En2kWJxebbAbMAw+vvgWx/NgzbpTwGsdYw7h2gmwpJ0RLqjzfMxwXIm4sA3g9kHs
 d2ymitwiDvAhQZHJzJ3nWZQ4QUJyDueWuHy5mjBEjAmU3R1YkOAzNCJisq3zMzFV
 4bLhA48HnqqJc8sfDqiNSk1+NoP9BUhORHtgPmz2V2RVbT6fHsIyP+pAD+vZIPht
 NmEY86RmCbuNWrPfYSnCaqx86Jj0T5ZghFlfOlKwy+AghebsAjlQmV5QvksjR5NA
 1um0usrnsMT5AF0Hmca7wMizc2Y7Dw7OJQC8LYRWhonR78XvLJU3NNL2K+lk5CQa
 lzoBauYOZdcQcwNue+xBNN6vR1g7H0Qq0Rpq9acpuU5enjn9KV/fOTdfq6Xy5h8G
 0MVwKNtH4HuQKVJXFMXKz7eZvguqRn6aKFNa1FYobfyPHX7V9HmRyWo1nKDK2WL6
 oJ3QgH6m2Bumd9GGCDyyWWd/iEn8l+zVHaUZkdEB/msMZdjlqtXMX6AzQMvR54Kd
 Ee2wgli/O01KAfqVhk11+WCV0Xn3sAC0g3/a9Hg4n884Ef42/+pBbSH8/I+HbJiC
 ETJeogXVMrBH8v4DDrKzsQ==
 =UmOR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200616' into staging

 * hw: arm: Set vendor property for IMX SDHCI emulations
 * sd: sdhci: Implement basic vendor specific register support
 * hw/net/imx_fec: Convert debug fprintf() to trace events
 * target/arm/cpu: adjust virtual time for all KVM arm cpus
 * Implement configurable descriptor size in ftgmac100
 * hw/misc/imx6ul_ccm: Implement non writable bits in CCM registers
 * target/arm: More Neon decodetree conversion work

# gpg: Signature made Tue 16 Jun 2020 10:56:10 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200616: (23 commits)
  hw: arm: Set vendor property for IMX SDHCI emulations
  sd: sdhci: Implement basic vendor specific register support
  hw/net/imx_fec: Convert debug fprintf() to trace events
  target/arm/cpu: adjust virtual time for all KVM arm cpus
  Implement configurable descriptor size in ftgmac100
  hw/misc/imx6ul_ccm: Implement non writable bits in CCM registers
  target/arm: Convert Neon VDUP (scalar) to decodetree
  target/arm: Convert Neon VTBL, VTBX to decodetree
  target/arm: Convert Neon VEXT to decodetree
  target/arm: Convert Neon 2-reg-scalar long multiplies to decodetree
  target/arm: Convert Neon 2-reg-scalar VQRDMLAH, VQRDMLSH to decodetree
  target/arm: Convert Neon 2-reg-scalar VQDMULH, VQRDMULH to decodetree
  target/arm: Convert Neon 2-reg-scalar float multiplies to decodetree
  target/arm: Convert Neon 2-reg-scalar integer multiplies to decodetree
  target/arm: Add missing TCG temp free in do_2shift_env_64()
  target/arm: Add 'static' and 'const' annotations to VSHLL function arrays
  target/arm: Convert Neon 3-reg-diff polynomial VMULL
  target/arm: Convert Neon 3-reg-diff saturating doubling multiplies
  target/arm: Convert Neon 3-reg-diff long multiplies
  target/arm: Convert Neon 3-reg-diff VABAL, VABDL to decodetree
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
#	hw/arm/fsl-imx25.c
#	hw/arm/fsl-imx6.c
#	hw/arm/fsl-imx6ul.c
#	hw/arm/fsl-imx7.c
2020-06-16 13:36:31 +01:00
Guenter Roeck
64b397417a hw: arm: Set vendor property for IMX SDHCI emulations
Set vendor property to IMX to enable IMX specific functionality
in sdhci code.

Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200603145258.195920-3-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-16 10:32:29 +01:00
Guenter Roeck
3b2d81766f sd: sdhci: Implement basic vendor specific register support
The Linux kernel's IMX code now uses vendor specific commands.
This results in endless warnings when booting the Linux kernel.

sdhci-esdhc-imx 2194000.usdhc: esdhc_wait_for_card_clock_gate_off:
	card clock still not gate off in 100us!.

Implement support for the vendor specific command implemented in IMX hardware
to be able to avoid this warning.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200603145258.195920-2-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-16 10:32:29 +01:00
Jean-Christophe Dubois
8095508a9d hw/net/imx_fec: Convert debug fprintf() to trace events
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
[PMD: Fixed 32-bit format string using PRIx32/PRIx64]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-16 10:32:29 +01:00
Erik Smit
d7a64d0063 Implement configurable descriptor size in ftgmac100
The hardware supports configurable descriptor sizes, configured in the DBLAC
register.

Most drivers use the default 4 word descriptor, which is currently hardcoded,
but Aspeed SDK configures 8 words to store extra data.

Signed-off-by: Erik Smit <erik.lucas.smit@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
[PMM: removed unnecessary parens]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-16 10:32:29 +01:00
Jean-Christophe Dubois
3d26d7d690 hw/misc/imx6ul_ccm: Implement non writable bits in CCM registers
Some bits of the CCM registers are non writable.

This was left undone in the initial commit (all bits of registers were
writable).

This patch adds the required code to protect the non writable bits.

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 20200608133508.550046-1-jcd@tribudubois.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-16 10:32:28 +01:00
Markus Armbruster
c835fac3f0 qdev: qdev_init_nofail() is now unused, drop
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-58-armbru@redhat.com>
2020-06-15 22:06:04 +02:00
Markus Armbruster
ce189ab230 qdev: Convert bus-less devices to qdev_realize() with Coccinelle
All remaining conversions to qdev_realize() are for bus-less devices.
Coccinelle script:

    // only correct for bus-less @dev!

    @@
    expression errp;
    expression dev;
    @@
    -    qdev_init_nofail(dev);
    +    qdev_realize(dev, NULL, &error_fatal);

    @ depends on !(file in "hw/core/qdev.c") && !(file in "hw/core/bus.c")@
    expression errp;
    expression dev;
    symbol true;
    @@
    -    object_property_set_bool(OBJECT(dev), true, "realized", errp);
    +    qdev_realize(DEVICE(dev), NULL, errp);

    @ depends on !(file in "hw/core/qdev.c") && !(file in "hw/core/bus.c")@
    expression errp;
    expression dev;
    symbol true;
    @@
    -    object_property_set_bool(dev, true, "realized", errp);
    +    qdev_realize(DEVICE(dev), NULL, errp);

Note that Coccinelle chokes on ARMSSE typedef vs. macro in
hw/arm/armsse.c.  Worked around by temporarily renaming the macro for
the spatch run.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-57-armbru@redhat.com>
2020-06-15 22:06:04 +02:00
Markus Armbruster
510ef98dca qdev: Make qdev_realize() support bus-less devices
So far, qdev_realize() supports only devices that plug into a bus:
argument @bus cannot be null.  Extend it to support bus-less devices,
too.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-55-armbru@redhat.com>
2020-06-15 22:06:04 +02:00
Markus Armbruster
1afec9e8ea s390x/event-facility: Simplify creation of SCLP event devices
init_event_facility() creates the SCLP events bus with two SCLP event
devices (sclpquiesce and sclp-cpu-hotplug).  It leaves the devices
unrealized.  A comment explains they will be realized "via the bus".

The bus's realize method sclp_events_bus_realize() indeed realizes all
unrealized devices on this bus.  It carries a TODO comment claiming
this "has to be done in common code".  No other bus realize method
realizes its devices.

The common code in question is bus_set_realized(), which has a TODO
comment asking for recursive realization.  It's been asking for years.

The only devices sclp_events_bus_realize() will ever realize are the
two init_event_facility() puts there.

Simplify as follows:

* Make the devices members of the event facility instance struct, just
  like the bus.  object_initialize_child() is simpler than
  object_property_add_child() and object_unref().

* Realize them in the event facility realize method.

This is in line with how such things are done elsewhere.

Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Halil Pasic <pasic@linux.ibm.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: David Hildenbrand <david@redhat.com>
Cc: qemu-s390x@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-54-armbru@redhat.com>
2020-06-15 22:06:04 +02:00
Markus Armbruster
e9a82986c2 microbit: Eliminate two local variables in microbit_init()
Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-53-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-06-15 22:06:04 +02:00
Markus Armbruster
034b61d79f sysbus: sysbus_init_child_obj() is now unused, drop
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-52-armbru@redhat.com>
2020-06-15 22:06:04 +02:00
Markus Armbruster
7089e0cc46 sysbus: Convert qdev_set_parent_bus() use with Coccinelle, part 4
This is still the same transformation as in the previous commits, but
here the sysbus_init_child_obj() and its matching realize in are in
separate files.  Fortunately, there's just one realize left to
convert.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-51-armbru@redhat.com>
2020-06-15 22:06:04 +02:00
Markus Armbruster
5a147c8c51 sysbus: Convert qdev_set_parent_bus() use with Coccinelle, part 3
These are init/realize pairs produced by the previous commit's
Coccinelle script where the argument test doesn't quite match.  They
need even more careful review.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-50-armbru@redhat.com>
2020-06-15 22:06:04 +02:00
Markus Armbruster
db873cc5d1 sysbus: Convert qdev_set_parent_bus() use with Coccinelle, part 2
This is the same transformation as in the previous commit, except
sysbus_init_child_obj() and realize are too separated for the commit's
Coccinelle script to handle, typically because sysbus_init_child_obj()
is in a device's instance_init() method, and the matching realize is
in its realize() method.

Perhaps a Coccinelle wizard could make it transform that pattern, but
I'm just a bungler, and the best I can do is transforming the two
separate parts separately:

    @@
    expression errp;
    expression child;
    symbol true;
    @@
    -    object_property_set_bool(OBJECT(child), true, "realized", errp);
    +    sysbus_realize(SYS_BUS_DEVICE(child), errp);
    // only correct with a matching sysbus_init_child_obj() transformation!

    @@
    expression errp;
    expression child;
    symbol true;
    @@
    -    object_property_set_bool(child, true, "realized", errp);
    +    sysbus_realize(SYS_BUS_DEVICE(child), errp);
    // only correct with a matching sysbus_init_child_obj() transformation!

    @@
    expression child;
    @@
    -    qdev_init_nofail(DEVICE(child));
    +    sysbus_realize(SYS_BUS_DEVICE(child), &error_fatal);
    // only correct with a matching sysbus_init_child_obj() transformation!

    @@
    expression child;
    expression dev;
    @@
         dev = DEVICE(child);
         ...
    -    qdev_init_nofail(dev);
    +    sysbus_realize(SYS_BUS_DEVICE(dev), &error_fatal);
    // only correct with a matching sysbus_init_child_obj() transformation!

    @@
    expression child;
    identifier dev;
    @@
         DeviceState *dev = DEVICE(child);
         ...
    -    qdev_init_nofail(dev);
    +    sysbus_realize(SYS_BUS_DEVICE(dev), &error_fatal);
    // only correct with a matching sysbus_init_child_obj() transformation!

    @@
    expression parent, name, size, type;
    expression child;
    symbol true;
    @@
    -    sysbus_init_child_obj(parent, name, child, size, type);
    +    sysbus_init_child_XXX(parent, name, child, size, type);

    @@
    expression parent, propname, type;
    expression child;
    @@
    -    sysbus_init_child_XXX(parent, propname, child, sizeof(*child), type)
    +    object_initialize_child(parent, propname, child, type)

    @@
    expression parent, propname, type;
    expression child;
    @@
    -    sysbus_init_child_XXX(parent, propname, &child, sizeof(child), type)
    +    object_initialize_child(parent, propname, &child, type)

This script is *unsound*: we need to manually verify init and realize
conversions are properly paired.

This commit has only the pairs where object_initialize_child()'s
@child and sysbus_realize()'s @dev argument text match exactly within
the same source file.

Note that Coccinelle chokes on ARMSSE typedef vs. macro in
hw/arm/armsse.c.  Worked around by temporarily renaming the macro for
the spatch run.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-49-armbru@redhat.com>
2020-06-15 22:06:04 +02:00
Markus Armbruster
0074fce61f sysbus: Convert qdev_set_parent_bus() use with Coccinelle, part 1
I'm converting from qdev_set_parent_bus()/realize to qdev_realize();
recent commit "qdev: Convert uses of qdev_set_parent_bus() with
Coccinelle" explains why.

sysbus_init_child_obj() is a wrapper around
object_initialize_child_with_props() and qdev_set_parent_bus().  It
passes no properties.

Convert sysbus_init_child_obj()/realize to object_initialize_child()/
qdev_realize().

Coccinelle script:

    @@
    expression parent, name, size, type, errp;
    expression child;
    symbol true;
    @@
    -    sysbus_init_child_obj(parent, name, &child, size, type);
    +    sysbus_init_child_XXX(parent, name, &child, size, type);
         ...
    -    object_property_set_bool(OBJECT(&child), true, "realized", errp);
    +    sysbus_realize(SYS_BUS_DEVICE(&child), errp);

    @@
    expression parent, name, size, type, errp;
    expression child;
    symbol true;
    @@
    -    sysbus_init_child_obj(parent, name, child, size, type);
    +    sysbus_init_child_XXX(parent, name, child, size, type);
         ...
    -    object_property_set_bool(OBJECT(child), true, "realized", errp);
    +    sysbus_realize(SYS_BUS_DEVICE(child), errp);

    @@
    expression parent, name, size, type;
    expression child;
    expression dev;
    expression expr;
    @@
    -    sysbus_init_child_obj(parent, name, child, size, type);
    +    sysbus_init_child_XXX(parent, name, child, size, type);
         ...
         dev = DEVICE(child);
         ... when != dev = expr;
    -    qdev_init_nofail(dev);
    +    sysbus_realize(SYS_BUS_DEVICE(dev), &error_fatal);

    @@
    expression parent, propname, type;
    expression child;
    @@
    -    sysbus_init_child_XXX(parent, propname, child, sizeof(*child), type)
    +    object_initialize_child(parent, propname, child, type)

    @@
    expression parent, propname, type;
    expression child;
    @@
    -    sysbus_init_child_XXX(parent, propname, &child, sizeof(child), type)
    +    object_initialize_child(parent, propname, &child, type)

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-48-armbru@redhat.com>
2020-06-15 22:06:04 +02:00
Markus Armbruster
cfe91404c5 qdev: Drop qdev_realize() support for null bus
The "null @bus means main system bus" convenience feature is no longer
used.  Drop it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-47-armbru@redhat.com>
2020-06-15 22:06:04 +02:00
Markus Armbruster
3c6ef471ee sysbus: Convert to sysbus_realize() etc. with Coccinelle
Convert from qdev_realize(), qdev_realize_and_unref() with null @bus
argument to sysbus_realize(), sysbus_realize_and_unref().

Coccinelle script:

    @@
    expression dev, errp;
    @@
    -    qdev_realize(DEVICE(dev), NULL, errp);
    +    sysbus_realize(SYS_BUS_DEVICE(dev), errp);

    @@
    expression sysbus_dev, dev, errp;
    @@
    +    sysbus_dev = SYS_BUS_DEVICE(dev);
    -    qdev_realize_and_unref(dev, NULL, errp);
    +    sysbus_realize_and_unref(sysbus_dev, errp);
    -    sysbus_dev = SYS_BUS_DEVICE(dev);

    @@
    expression sysbus_dev, dev, errp;
    expression expr;
    @@
         sysbus_dev = SYS_BUS_DEVICE(dev);
         ... when != dev = expr;
    -    qdev_realize_and_unref(dev, NULL, errp);
    +    sysbus_realize_and_unref(sysbus_dev, errp);

    @@
    expression dev, errp;
    @@
    -    qdev_realize_and_unref(DEVICE(dev), NULL, errp);
    +    sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), errp);

    @@
    expression dev, errp;
    @@
    -    qdev_realize_and_unref(dev, NULL, errp);
    +    sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), errp);

Whitespace changes minimized manually.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-46-armbru@redhat.com>
[Conflicts in hw/misc/empty_slot.c and hw/sparc/leon3.c resolved]
2020-06-15 22:05:28 +02:00
Markus Armbruster
496a852562 sysbus: New sysbus_realize(), sysbus_realize_and_unref()
Sysbus devices almost always plug into the main system bus.
qdev_create() even has a convenience feature to make that easy: a null
bus argument gets replaced by the main system bus.  qdev_realize() and
qdev_realize_and_unref() do the same.

We can do better.  Provide convenience wrappers around qdev_realize()
and qdev_realize_and_unref() that don't take a @bus argument.  They
always pass the main system bus.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-45-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
b45ad78889 sysbus: Tidy up sysbus_init_child_obj()'s @childsize arg, part 2
The callers of sysbus_init_child_obj() commonly pass either &child,
sizeof(child), or pchild, sizeof(*pchild).  Tidy up the few that use
something else instead, mostly to keep future commits simpler.

Coccinelle script:

    @@
    expression parent, propname, type;
    expression child;
    type T;
    T proxy;
    @@
    (
         sysbus_init_child_obj(parent, propname, &child, sizeof(child), type)
    |
         sysbus_init_child_obj(parent, propname, child, sizeof(*child), type)
    |
    -    sysbus_init_child_obj(parent, propname, child, sizeof(proxy), type)
    +    sysbus_init_child_obj(parent, propname, child, sizeof(*child), type)
    )

This script is *unsound*: for each change we need to verify the
@childsize argument stays the same.  I did.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-44-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
287f43196d hw/arm/armsse: Pass correct child size to sysbus_init_child_obj()
armsse_init() initializes s->armv7m[i] for all i.  It passes the size
of the entire array instead of the array element to
sysbus_init_child_obj().  Harmless, but fix it anyway.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-43-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
8352a5b8cc sysbus: Tidy up sysbus_init_child_obj()'s @childsize arg, part 1
The callers of sysbus_init_child_obj() commonly pass either &child,
sizeof(child), or pchild, sizeof(*pchild).  Tidy up the few that use
sizeof(child_type) instead, mostly to keep future commits simpler.

Coccinelle script:

    @@
    expression parent, propname, type;
    type T;
    T child;
    @@
    -    sysbus_init_child_obj(parent, propname, &child, sizeof(T), type)
    +    sysbus_init_child_obj(parent, propname, &child, sizeof(child), type)

    @@
    expression parent, propname, type;
    type T;
    T *child;
    @@
    -    sysbus_init_child_obj(parent, propname, child, sizeof(T), type)
    +    sysbus_init_child_obj(parent, propname, child, sizeof(*child), type)

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-42-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
b0d09949fe microbit: Tidy up sysbus_init_child_obj() @child argument
The callers of sysbus_init_child_obj() commonly pass either &child,
sizeof(child), or pchild, sizeof(*pchild).  Tidy up two that don't,
mostly to keep future commits simpler.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-41-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
9bdee7f4a5 sysbus: Drop useless OBJECT() in sysbus_init_child_obj() calls
OBJECT(child) expands to ((Object *)(child)).  sysbus_init_child_obj()
parameter @child is void *.  Pass child instead of OBJECT(child).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-40-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
8fb9cfe762 macio: Eliminate macio_init_child_obj()
macio_init_child_obj() has become a trivial wrapper around
object_initialize_child_with_props().  Eliminate it, since the general
convenience wrapper object_initialize_child() is just as convenient
already.

Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-39-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
f4a0df70a2 macio: Convert use of qdev_set_parent_bus()
Convert qdev_set_parent_bus()/realize to qdev_realize(); recent commit
"qdev: New qdev_new(), qdev_realize(), etc." explains why.

Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-38-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
9fc7fc4d39 qom: Less verbose object_initialize_child()
All users of object_initialize_child() pass the obvious child size
argument.  Almost all pass &error_abort and no properties.  Tiresome.

Rename object_initialize_child() to
object_initialize_child_with_props() to free the name.  New
convenience wrapper object_initialize_child() automates the size
argument, and passes &error_abort and no properties.

Rename object_initialize_childv() to
object_initialize_child_with_propsv() for consistency.

Convert callers with this Coccinelle script:

    @@
    expression parent, propname, type;
    expression child, size;
    symbol error_abort;
    @@
    -    object_initialize_child(parent, propname, OBJECT(child), size, type, &error_abort, NULL)
    +    object_initialize_child(parent, propname, child, size, type, &error_abort, NULL)

    @@
    expression parent, propname, type;
    expression child;
    symbol error_abort;
    @@
    -    object_initialize_child(parent, propname, child, sizeof(*child), type, &error_abort, NULL)
    +    object_initialize_child(parent, propname, child, type)

    @@
    expression parent, propname, type;
    expression child;
    symbol error_abort;
    @@
    -    object_initialize_child(parent, propname, &child, sizeof(child), type, &error_abort, NULL)
    +    object_initialize_child(parent, propname, &child, type)

    @@
    expression parent, propname, type;
    expression child, size, err;
    expression list props;
    @@
    -    object_initialize_child(parent, propname, child, size, type, err, props)
    +    object_initialize_child_with_props(parent, propname, child, size, type, err, props)

Note that Coccinelle chokes on ARMSSE typedef vs. macro in
hw/arm/armsse.c.  Worked around by temporarily renaming the macro for
the spatch run.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
[Rebased: machine opentitan is new (commit fe0fe4735e)]
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-37-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
19dc7e977c qom: Tidy up a few object_initialize_child() calls
The callers of object_initialize_child() commonly  pass either
&child, sizeof(child), or pchild, sizeof(*pchild).  Tidy up the few
that don't, mostly to keep the next commit simpler.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-36-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
cd9ae806cd auxbus: Eliminate aux_create_slave()
aux_create_slave() has become a trivial wrapper around qdev_new().
There's just one user.  Eliminate.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-35-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
2214985408 auxbus: Convert a use of qdev_set_parent_bus()
Convert qdev_set_parent_bus()/qdev_init_nofail() to qdev_realize();
recent commit "qdev: New qdev_new(), qdev_realize(), etc." explains
why.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-34-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
b7a1b5483e auxbus: New aux_bus_realize(), pairing with aux_bus_init()
aux_bus_init() encapsulates the creation of an aux-bus and its
aux-to-i2c-bridge device.

Create aux_bus_realize() to similarly encapsulate their realization.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-33-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
dbe4070e59 auxbus: Rename aux_init_bus() to aux_bus_init()
Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-32-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
2194abd623 qdev: qdev_create(), qdev_try_create() are now unused, drop
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-31-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
535770518f usb: Eliminate usb_try_create_simple()
usb_try_create_simple() is qdev_try_new() and qdev_realize_and_unref()
with more verbose error messages.  Of its two users, one ignores
errors, and the other asserts they are impossible.

Make them use qdev_try_new() and qdev_realize_and_unref() directly,
and eliminate usb_try_create_simple

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-30-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
8cd81a9e55 usb: usb_create() is now unused, drop
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-29-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
590ce74a08 usb: Convert uses of usb_create()
Replace

    dev = usb_create(bus, type_name);
    ...
    object_property_set_bool(OBJECT(dev), true, "realized", &err);

by

    dev = isa_new(type_name);
    ...
    usb_realize_and_unref(dev, bus, &err);

Recent commit "qdev: New qdev_new(), qdev_realize(), etc." explains
why.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-28-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
32aaaebe56 usb: New usb_new(), usb_realize_and_unref()
I'm converting from qdev_create()/qdev_init_nofail() to
qdev_new()/qdev_realize_and_unref(); recent commit "qdev: New
qdev_new(), qdev_realize(), etc." explains why.

USB devices use qdev_create() through usb_create().

Provide usb_new() and usb_realize_and_unref() for converting USB
devices.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-27-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
7ce8d8c8d5 ssi: ssi_create_slave_no_init() is now unused, drop
Cc: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-26-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
7e272a0001 ssi: Convert last use of ssi_create_slave_no_init() manually
Same transformation as in the previous commit.  Manual, because
convincing Coccinelle to transform this case is not worthwhile.

Cc: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-25-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
57d479c9c6 ssi: Convert uses of ssi_create_slave_no_init() with Coccinelle
Replace

    dev = ssi_create_slave_no_init(bus, type_name);
    ...
    qdev_init_nofail(dev);

by

    dev = qdev_new(type_name);
    ...
    qdev_realize_and_unref(dev, bus, &error_fatal);

Recent commit "qdev: New qdev_new(), qdev_realize(), etc." explains
why.

    @@
    type SSIBus;
    identifier bus;
    expression dev, qbus, expr;
    expression list args;
    @@
    -    bus = (SSIBus *)qbus;
    +    bus = qbus; // TODO fix up decl
         ...
    -    dev = ssi_create_slave_no_init(bus, args);
    +    dev = qdev_new(args);
         ... when != dev = expr
    -    qdev_init_nofail(dev);
    +    qdev_realize_and_unref(dev, bus, &error_fatal);

    @@
    expression dev, bus, expr;
    expression list args;
    @@
    -    dev = ssi_create_slave_no_init(bus, args);
    +    dev = qdev_new(args);
         ... when != dev = expr
    -    qdev_init_nofail(dev);
    +    qdev_realize_and_unref(dev, BUS(bus), &error_fatal);

Bus declarations fixed up manually.

Cc: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-24-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
7f16c76e83 ssi: ssi_auto_connect_slaves() never does anything, drop
ssi_auto_connect_slaves(parent, cs_line, bus) iterates over @parent's
QOM children @dev of type TYPE_SSI_SLAVE.  It puts these on @bus, and
sets cs_line[] to qdev_get_gpio_in_named(dev, SSI_GPIO_CS, 0).

Suspicious: there is no protection against overrunning cs_line[].

Turns out it's safe because ssi_auto_connect_slaves() never finds any
such children.  Its called by realize methods of some (but not all)
devices providing an SSI bus, and gets passed the device.

SSI slave devices are always created with ssi_create_slave_no_init(),
optionally via ssi_create_slave().  This adds them to their SSI bus.
It doesn't set their QOM parent.

ssi_create_slave_no_init() is always immediately followed by
qdev_init_nofail(), with no QOM parent assigned, so
device_set_realized() puts the device into the /machine/unattached/
orphanage.  None become QOM children of a device providing an SSI bus.

ssi_auto_connect_slaves() was added in commit b4ae3cfa57 "ssi: Add
slave autoconnect helper".  I can't see which slaves it was supposed
to connect back then.

Cc: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-23-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
bd2f053dc5 isa: isa_create(), isa_try_create() are now unused, drop
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-22-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
c23e05614e isa: Convert uses of isa_create(), isa_try_create() manually
Same transformation as in the previous commit.  Manual, because
convincing Coccinelle to transform these cases is not worthwhile.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-21-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
96927c744f isa: Convert uses of isa_create() with Coccinelle
Replace

    dev = isa_create(bus, type_name);
    ...
    qdev_init_nofail(dev);

by

    dev = isa_new(type_name);
    ...
    isa_realize_and_unref(dev, bus, &error_fatal);

Recent commit "qdev: New qdev_new(), qdev_realize(), etc." explains
why.

Coccinelle script:

    @@
    expression dev, bus, expr;
    expression list args;
    expression d;
    @@
    -    dev = isa_create(bus, args);
    +    dev = isa_new(args);
    (
         d = &dev->qdev;
    |
         d = DEVICE(dev);
    )
         ... when != dev = expr
    -    qdev_init_nofail(d);
    +    isa_realize_and_unref(dev, bus, &error_fatal);

    @@
    expression dev, bus, expr;
    expression list args;
    @@
    -    dev = isa_create(bus, args);
    +    dev = isa_new(args);
         ... when != dev = expr
    -    qdev_init_nofail(DEVICE(dev));
    +    isa_realize_and_unref(dev, bus, &error_fatal);

    @@
    expression dev, bus, expr;
    expression list args;
    @@
    -    dev = DEVICE(isa_create(bus, args));
    +    ISADevice *isa_dev; // TODO move
    +    isa_dev = isa_new(args);
    +    dev = DEVICE(isa_dev);
         ... when != dev = expr
    -    qdev_init_nofail(dev);
    +    isa_realize_and_unref(isa_dev, bus, &error_fatal);

Missing #include "qapi/error.h" added manually, whitespace changes
minimized manually.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-20-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
0fe9d90119 isa: New isa_new(), isa_realize_and_unref() etc.
I'm converting from qdev_create()/qdev_init_nofail() to
qdev_new()/qdev_realize_and_unref(); recent commit "qdev: New
qdev_new(), qdev_realize(), etc." explains why.

ISA devices use qdev_create() through isa_create() and
isa_try_create().

Provide isa_new(), isa_try_new(), and isa_realize_and_unref() for
converting ISA devices.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-19-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
a9cf5c46c6 pci: pci_create(), pci_create_multifunction() are now unused, drop
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-18-armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
db2322469a pci: Convert uses of pci_create() etc. manually
Same transformation as in the previous commit.  Manual, because
convincing Coccinelle to transform these cases is not worthwhile.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-17-armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
9307d06da9 pci: Convert uses of pci_create() etc. with Coccinelle
Replace

    dev = pci_create(bus, type_name);
    ...
    qdev_init_nofail(dev);

by

    dev = pci_new(type_name);
    ...
    pci_realize_and_unref(dev, bus, &error_fatal);

and similarly for pci_create_multifunction().

Recent commit "qdev: New qdev_new(), qdev_realize(), etc." explains
why.

Coccinelle script:

    @@
    expression dev, bus, expr;
    expression list args;
    @@
    -    dev = pci_create(bus, args);
    +    dev = pci_new(args);
         ... when != dev = expr
    -    qdev_init_nofail(&dev->qdev);
    +    pci_realize_and_unref(dev, bus, &error_fatal);

    @@
    expression dev, bus, expr;
    expression list args;
    expression d;
    @@
    -    dev = pci_create(bus, args);
    +    dev = pci_new(args);
    (
         d = &dev->qdev;
    |
         d = DEVICE(dev);
    )
         ... when != dev = expr
    -    qdev_init_nofail(d);
    +    pci_realize_and_unref(dev, bus, &error_fatal);

    @@
    expression dev, bus, expr;
    expression list args;
    @@
    -    dev = pci_create(bus, args);
    +    dev = pci_new(args);
         ... when != dev = expr
    -    qdev_init_nofail(DEVICE(dev));
    +    pci_realize_and_unref(dev, bus, &error_fatal);

    @@
    expression dev, bus, expr;
    expression list args;
    @@
    -    dev = DEVICE(pci_create(bus, args));
    +    PCIDevice *pci_dev; // TODO move
    +    pci_dev = pci_new(args);
    +    dev = DEVICE(pci_dev);
         ... when != dev = expr
    -    qdev_init_nofail(dev);
    +    pci_realize_and_unref(pci_dev, bus, &error_fatal);

    @@
    expression dev, bus, expr;
    expression list args;
    @@
    -    dev = pci_create_multifunction(bus, args);
    +    dev = pci_new_multifunction(args);
         ... when != dev = expr
    -    qdev_init_nofail(&dev->qdev);
    +    pci_realize_and_unref(dev, bus, &error_fatal);

    @@
    expression bus, expr;
    expression list args;
    identifier dev;
    @@
    -    PCIDevice *dev = pci_create_multifunction(bus, args);
    +    PCIDevice *dev = pci_new_multifunction(args);
         ... when != dev = expr
    -    qdev_init_nofail(&dev->qdev);
    +    pci_realize_and_unref(dev, bus, &error_fatal);

    @@
    expression dev, bus, expr;
    expression list args;
    @@
    -    dev = pci_create_multifunction(bus, args);
    +    dev = pci_new_multifunction(args);
         ... when != dev = expr
    -    qdev_init_nofail(DEVICE(dev));
    +    pci_realize_and_unref(dev, bus, &error_fatal);

Missing #include "qapi/error.h" added manually, whitespace changes
minimized manually, @pci_dev declarations moved manually.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-16-armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
7d61226158 hw/ppc: Eliminate two superfluous QOM casts
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-15-armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
7411aa63a5 pci: New pci_new(), pci_realize_and_unref() etc.
I'm converting from qdev_create()/qdev_init_nofail() to
qdev_new()/qdev_realize_and_unref(); recent commit "qdev: New
qdev_new(), qdev_realize(), etc." explains why.

PCI devices use qdev_create() through pci_create() and
pci_create_multifunction().

Provide pci_new(), pci_new_multifunction(), and
pci_realize_and_unref() for converting PCI devices.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-14-armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
6842411228 qdev: Convert uses of qdev_set_parent_bus() manually
Same transformation as in the previous commit.  Manual, because
convincing Coccinelle to transform these cases is somewhere between
not worthwhile and infeasible (at least for me).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-13-armbru@redhat.com>
2020-06-15 22:05:28 +02:00
Markus Armbruster
99ba777e53 qdev: Convert uses of qdev_set_parent_bus() with Coccinelle
In addition to the qdev_create() patterns converted so far, we have a
qdev_set_parent_bus() pattern.  Mostly when we embed a device in a
parent device rather than allocating it on the heap.

This pattern also puts devices in the dangerous "no QOM parent, but
plugged into bus" state I explained in recent commit "qdev: New
qdev_new(), qdev_realize(), etc."

Apply same solution: convert to qdev_realize().  Coccinelle script:

    @@
    expression dev, bus, errp;
    symbol true;
    @@
    -    qdev_set_parent_bus(DEVICE(dev), bus);
         ...
    -    object_property_set_bool(OBJECT(dev), true, "realized", errp);
    +    qdev_realize(DEVICE(dev), bus, errp);

    @ depends on !(file in "qdev-monitor.c") && !(file in "hw/core/qdev.c")@
    expression dev, bus, errp;
    symbol true;
    @@
    -    qdev_set_parent_bus(dev, bus);
         ...
    -    object_property_set_bool(OBJECT(dev), true, "realized", errp);
    +    qdev_realize(dev, bus, errp);

    @@
    expression dev, bus;
    symbol true;
    @@
    -    qdev_set_parent_bus(DEVICE(dev), bus);
         ...
    -    qdev_init_nofail(DEVICE(dev));
    +    qdev_realize(DEVICE(dev), bus, &error_fatal);

Unconverted uses of qdev_set_parent_bus() remain.  They'll be
converted later in this series.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-12-armbru@redhat.com>
[Also convert new hw/virtio/vhost-user-vsock-pci.c]
2020-06-15 22:05:08 +02:00
Markus Armbruster
df70796916 qdev: Convert uses of qdev_create() manually
Same transformation as in the previous commit.  Manual, because
convincing Coccinelle to transform these cases is somewhere between
not worthwhile and infeasible (at least for me).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-11-armbru@redhat.com>
2020-06-15 22:05:08 +02:00
Markus Armbruster
3e80f6902c qdev: Convert uses of qdev_create() with Coccinelle
This is the transformation explained in the commit before previous.
Takes care of just one pattern that needs conversion.  More to come in
this series.

Coccinelle script:

    @ depends on !(file in "hw/arm/highbank.c")@
    expression bus, type_name, dev, expr;
    @@
    -    dev = qdev_create(bus, type_name);
    +    dev = qdev_new(type_name);
         ... when != dev = expr
    -    qdev_init_nofail(dev);
    +    qdev_realize_and_unref(dev, bus, &error_fatal);

    @@
    expression bus, type_name, dev, expr;
    identifier DOWN;
    @@
    -    dev = DOWN(qdev_create(bus, type_name));
    +    dev = DOWN(qdev_new(type_name));
         ... when != dev = expr
    -    qdev_init_nofail(DEVICE(dev));
    +    qdev_realize_and_unref(DEVICE(dev), bus, &error_fatal);

    @@
    expression bus, type_name, expr;
    identifier dev;
    @@
    -    DeviceState *dev = qdev_create(bus, type_name);
    +    DeviceState *dev = qdev_new(type_name);
         ... when != dev = expr
    -    qdev_init_nofail(dev);
    +    qdev_realize_and_unref(dev, bus, &error_fatal);

    @@
    expression bus, type_name, dev, expr, errp;
    symbol true;
    @@
    -    dev = qdev_create(bus, type_name);
    +    dev = qdev_new(type_name);
         ... when != dev = expr
    -    object_property_set_bool(OBJECT(dev), true, "realized", errp);
    +    qdev_realize_and_unref(dev, bus, errp);

    @@
    expression bus, type_name, expr, errp;
    identifier dev;
    symbol true;
    @@
    -    DeviceState *dev = qdev_create(bus, type_name);
    +    DeviceState *dev = qdev_new(type_name);
         ... when != dev = expr
    -    object_property_set_bool(OBJECT(dev), true, "realized", errp);
    +    qdev_realize_and_unref(dev, bus, errp);

The first rule exempts hw/arm/highbank.c, because it matches along two
control flow paths there, with different @type_name.  Covered by the
next commit's manual conversions.

Missing #include "qapi/error.h" added manually.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-10-armbru@redhat.com>
[Conflicts in hw/misc/empty_slot.c and hw/sparc/leon3.c resolved]
2020-06-15 22:00:10 +02:00
Markus Armbruster
dc3edf8d8a qdev: Convert to qdev_unrealize() manually
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-9-armbru@redhat.com>
2020-06-15 21:36:30 +02:00
Markus Armbruster
981c3dcd94 qdev: Convert to qdev_unrealize() with Coccinelle
For readability, and consistency with qbus_realize().

Coccinelle script:

    @ depends on !(file in "hw/core/qdev.c")@
    typedef DeviceState;
    DeviceState *dev;
    symbol false, error_abort;
    @@
    -    object_property_set_bool(OBJECT(dev), false, "realized", &error_abort);
    +    qdev_unrealize(dev);

    @ depends on !(file in "hw/core/qdev.c") && !(file in "hw/core/bus.c")@
    expression dev;
    symbol false, error_abort;
    @@
    -    object_property_set_bool(OBJECT(dev), false, "realized", &error_abort);
    +    qdev_unrealize(DEVICE(dev));

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-8-armbru@redhat.com>
2020-06-15 21:36:30 +02:00
Markus Armbruster
f1483b466d qdev: Convert to qbus_realize(), qbus_unrealize()
I'm going to convert device realization to qdev_realize() with the
help of Coccinelle.  Convert bus realization to qbus_realize() first,
to get it out of Coccinelle's way.  Readability improves.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-7-armbru@redhat.com>
2020-06-15 21:36:30 +02:00
Markus Armbruster
4e3a6778b0 qdev: Put qdev_new() to use with Coccinelle
Let's start simple and put qdev_new() to use.  Coccinelle script:

    @ depends on !(file in "hw/core/qdev.c")@
    expression type_name;
    @@
    -    DEVICE(object_new(type_name))
    +    qdev_new(type_name)

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-6-armbru@redhat.com>
2020-06-15 21:36:30 +02:00
Markus Armbruster
9940b2cfbc qdev: New qdev_new(), qdev_realize(), etc.
We commonly plug devices into their bus right when we create them,
like this:

    dev = qdev_create(bus, type_name);

Note that @dev is a weak reference.  The reference from @bus to @dev
is the only strong one.

We realize at some later time, either with

    object_property_set_bool(OBJECT(dev), true, "realized", errp);

or its convenience wrapper

    qdev_init_nofail(dev);

If @dev still has no QOM parent then, realizing makes the
/machine/unattached/ orphanage its QOM parent.

Note that the device returned by qdev_create() is plugged into a bus,
but doesn't have a QOM parent, yet.  Until it acquires one,
unrealizing the bus will hang in bus_unparent():

    while ((kid = QTAILQ_FIRST(&bus->children)) != NULL) {
        DeviceState *dev = kid->child;
        object_unparent(OBJECT(dev));
    }

object_unparent() does nothing when its argument has no QOM parent,
and the loop spins forever.

Device state "no QOM parent, but plugged into bus" is dangerous.

Paolo suggested to delay plugging into the bus until realize.  We need
to plug into the parent bus before we call the device's realize
method, in case it uses the parent bus.  So the dangerous state still
exists, but only within realization, where we can manage it safely.

This commit creates infrastructure to do this:

    dev = qdev_new(type_name);
    ...
    qdev_realize_and_unref(dev, bus, errp)

Note that @dev becomes a strong reference here.
qdev_realize_and_unref() drops it.  There is also plain
qdev_realize(), which doesn't drop it.

The remainder of this series will convert all users to this new
interface.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Alistair Francis <alistair@alistair23.me>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-5-armbru@redhat.com>
2020-06-15 21:36:30 +02:00
Markus Armbruster
da9630c57e Revert "hw/versatile: realize the PCI root bus as part of the versatile init"
This reverts commit b1af7959a6.

Realizing a device automatically realizes its buses, in
device_set_realized().  Realizing them in realize methods is
redundant, unless the methods themselves require them to be realized
early.  pci_vpb_realize() doesn't.  Drop the redundant bus
realization.

Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-4-armbru@redhat.com>
2020-06-15 21:36:30 +02:00
Markus Armbruster
9e1b990c2e Revert "hw/prep: realize the PCI root bus as part of the prep init"
This reverts commit 685f9a3428.

Realizing a device automatically realizes its buses, in
device_set_realized().  Realizing them in realize methods is
redundant, unless the methods themselves require them to be realized
early.  raven_pcihost_realizefn() doesn't.  Drop the redundant bus
realization.

Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-3-armbru@redhat.com>
2020-06-15 21:36:30 +02:00
Markus Armbruster
30884d1b83 qdev: Rename qbus_realize() to qbus_init()
qbus_realize() does not actually realize.  Rename it to qbus_init().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-2-armbru@redhat.com>
2020-06-15 21:36:30 +02:00
Markus Armbruster
dfe8c79c44 qdev: Assert onboard devices all get realized properly
This would have caught some of the bugs I just fixed.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200609122339.937862-25-armbru@redhat.com>
2020-06-15 21:36:30 +02:00
Markus Armbruster
007d1dbf72 sd: Hide the qdev-but-not-quite thing created by sd_init()
Commit 260bc9d8aa "hw/sd/sd.c: QOMify" QOMified only the device
itself, not its users.  It kept sd_init() around for non-QOMified
users.

More than four years later, three such users remain: omap1 (machines
cheetah, sx1, sx1-v1) and omap2 (machines n800, n810) are not
QOMified, and pl181 (machines integratorcp, realview-eb,
realview-eb-mpcore, realview-pb-a8 realview-pbx-a9, versatileab,
versatilepb, vexpress-a15, vexpress-a9) is not QOMified properly.

The issue I presently have with this: an "sd-card" device should plug
into an "sd-bus" (its DeviceClass member bus_type says so), but
sd_init() leaves it unplugged.  This is normally a bug (I just fixed
some instances), and I'd like to assert proper pluggedness to prevent
regressions.  However, the qdev-but-not-quite thing returned by
sd_init() would fail the assertion.  Meh.

Make sd_init() hide it from QOM/qdev.  Visible in "info qom-tree",
here's the change for cheetah:

     /machine (cheetah-machine)
       [...]
       /unattached (container)
         [...]
         /device[5] (serial-mm)
           /serial (serial)
           /serial[0] (qemu:memory-region)
    -    /device[6] (sd-card)
    -    /device[7] (omap-gpio)
    +    /device[6] (omap-gpio)
         [rest of device[*] renumbered...]

Cc: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200609122339.937862-24-armbru@redhat.com>
2020-06-15 21:36:30 +02:00
Markus Armbruster
81cb05732e qdev: Assert devices are plugged into a bus that can take them
This would have caught some of the bugs I just fixed.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20200609122339.937862-23-armbru@redhat.com>
2020-06-15 21:36:30 +02:00
Markus Armbruster
d6b78ac8ec sparc/leon3: Fix to put grlib,* devices on sysbus
leon3_generic_hw_init() creates a "grlib,ahbpnp" and a "grlib,apbpnp"
sysbus device in a way that leaves them unplugged.

Create them the common way that puts them into the main system bus.
Affects machine leon3_generic.  Visible in "info qtree":

     bus: main-system-bus
       type System
    +  dev: grlib,ahbpnp, id ""
    +    mmio 00000000fffff000/0000000000001000
    +  dev: grlib,apbpnp, id ""
    +    mmio 00000000800ff000/0000000000001000
       dev: grlib,irqmp, id ""

Cc: Fabien Chouteau <chouteau@adacore.com>
Cc: KONRAD Frederic <frederic.konrad@adacore.com>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200609122339.937862-22-armbru@redhat.com>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
2020-06-15 21:36:21 +02:00
Markus Armbruster
75a6ed875f riscv: Fix to put "riscv.hart_array" devices on sysbus
riscv_sifive_e_soc_init(), riscv_sifive_u_soc_init(),
spike_board_init(), spike_v1_10_0_board_init(),
spike_v1_09_1_board_init(), and riscv_virt_board_init() create
"riscv-hart_array" sysbus devices in a way that leaves them unplugged.

Create them the common way that puts them into the main system bus.
Affects machines sifive_e, sifive_u, spike, spike_v1.10, spike_v1.9.1,
and virt.  Visible in "info qtree", here's the change for sifive_e:

     bus: main-system-bus
       type System
    +  dev: riscv.hart_array, id ""
    +    num-harts = 1 (0x1)
    +    hartid-base = 0 (0x0)
    +    cpu-type = "sifive-e31-riscv-cpu"
       dev: sifive_soc.gpio, id ""

Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Alistair Francis <Alistair.Francis@wdc.com>
Cc: Sagar Karandikar <sagark@eecs.berkeley.edu>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Cc: qemu-riscv@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20200609122339.937862-20-armbru@redhat.com>
2020-06-15 21:36:21 +02:00
Markus Armbruster
734a591433 display/sm501 display/ati: Fix to realize "i2c-ddc"
sm501_init() and ati_vga_realize() create an "i2c-ddc" device, but
neglect to realize it.  Affects machines sam460ex, shix, r2d, and
fulong2e.

In theory, a device becomes real only on realize.  In practice, the
transition from unreal to real is a fuzzy one.  The work to make a
device real can be spread between realize methods (fine),
instance_init methods (wrong), and board code wiring up the device
(fine as long as it effectively happens on realize).  Depending on
what exactly is done where, a device can work even when we neglect
to realize it.

This one appears to work.  Nevertheless, it's a clear misuse of the
interface.  Even when it works today (more or less by chance), it can
break tomorrow.

Fix by realizing it right away.  Visible in "info qom-tree"; here's
the change for sam460ex:

     /machine (sam460ex-machine)
       [...]
       /unattached (container)
         [...]
    -    /device[14] (sii3112)
    +    /device[14] (i2c-ddc)
    +    /device[15] (sii3112)
         [rest of device[*] renumbered...]

Fixes: 4a1f253adb
Fixes: c82c7336de
Cc: BALATON Zoltan <balaton@eik.bme.hu>
Cc: qemu-ppc@nongnu.org
Cc: Magnus Damm <magnus.damm@gmail.com>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200609122339.937862-19-armbru@redhat.com>
2020-06-15 21:36:21 +02:00
Markus Armbruster
2f35254aa0 pnv/psi: Correct the pnv-psi* devices not to be sysbus devices
pnv_chip_power8_instance_init() creates a "pnv-psi-POWER8" sysbus
device in a way that leaves it unplugged.
pnv_chip_power9_instance_init() and pnv_chip_power10_instance_init()
do the same for "pnv-psi-POWER9" and "pnv-psi-POWER10", respectively.

These devices aren't actually sysbus devices.  Correct that.

Cc: "Cédric Le Goater" <clg@kaod.org>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200609122339.937862-18-armbru@redhat.com>
2020-06-15 21:36:21 +02:00
Markus Armbruster
9354eaaf16 ppc/pnv: Put "*-pnv-chip" and "pnv-xive" on the main system bus
pnv_init() creates "power10_v1.0-pnv-chip", "power8_v2.0-pnv-chip",
"power8e_v2.1-pnv-chip", "power8nvl_v1.0-pnv-chip", or
"power9_v2.0-pnv-chip" sysbus devices in a way that leaves them
unplugged.

pnv_chip_power9_instance_init() creates a "pnv-xive" sysbus device in
a way that leaves it unplugged.

Create them the common way that puts them into the main system bus.
Affects machines powernv8, powernv9, and powernv10.  Visible in "info
qtree".  Here's the change for powernv9:

     bus: main-system-bus
       type System
    +  dev: power9_v2.0-pnv-chip, id ""
    +    chip-id = 0 (0x0)
    +    ram-start = 0 (0x0)
    +    ram-size = 1879048192 (0x70000000)
    +    nr-cores = 1 (0x1)
    +    cores-mask = 72057594037927935 (0xffffffffffffff)
    +    nr-threads = 1 (0x1)
    +    num-phbs = 6 (0x6)
    +    mmio 000603fc00000000/0000000400000000
    [...]
    +  dev: pnv-xive, id ""
    +    ic-bar = 1692157036462080 (0x6030203100000)
    +    vc-bar = 1689949371891712 (0x6010000000000)
    +    pc-bar = 1690499127705600 (0x6018000000000)
    +    tm-bar = 1692157036986368 (0x6030203180000)

Cc: "Cédric Le Goater" <clg@kaod.org>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200609122339.937862-17-armbru@redhat.com>
2020-06-15 21:36:21 +02:00
Markus Armbruster
6741a3430b macio: Fix macio-bus to be a subtype of System bus
The devices we plug into the macio-bus are all sysbus devices
(DeviceClass member bus_type is TYPE_SYSTEM_BUS), but macio-bus does
not derive from TYPE_SYSTEM_BUS.  Fix that.

"info qtree" now shows the devices' mmio ranges, as it should

Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200609122339.937862-16-armbru@redhat.com>
2020-06-15 21:36:21 +02:00
Markus Armbruster
514db7710b macio: Put "macio-nvram" device on the macio bus
macio_oldworld_init() creates a "macio-nvram", sysbus device, but
neglects to but it on a bus.

Put it on the macio bus.  Affects machine g3beige.  Visible in "info
qtree":

             bus: macio.0
               type macio-bus
               [...]
    +          dev: macio-nvram, id ""
    +            size = 8192 (0x2000)
    +            it_shift = 4 (0x4)

This also makes it a QOM child of macio-oldworld.  Visible in "info
qom-tree":

     /machine (g3beige-machine)
       [...]
       /unattached (container)
         [...]
         /device[6] (macio-oldworld)
           [...]
    -    /device[7] (macio-nvram)
    -      /macio-nvram[0] (qemu:memory-region)
    +      /nvram (macio-nvram)
    +        /macio-nvram[0] (qemu:memory-region)
         [rest of device[*] renumbered...]

Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200609122339.937862-15-armbru@redhat.com>
2020-06-15 21:36:21 +02:00
Markus Armbruster
b15fe4a018 ppc4xx: Drop redundant device realization
object_property_set_bool(OBJECT(dev), true, "realized", ...) right
after qdev_init_nofail(dev) does nothing, because qdev_init_nofail()
already realizes.  Drop.

Cc: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200609122339.937862-14-armbru@redhat.com>
2020-06-15 21:36:21 +02:00
Markus Armbruster
efa0559547 pnv/phb4: Delete unused "pnv-phb4-pec-stack" devices
The number of stacks is controlled by property "num-stacks".
pnv_pec_instance_init() creates the maximum supported number, because
the property has not been set then.  pnv_pec_realize() realizes only
the wanted number.  Works, although it can leave unrealized devices
hanging around in the QOM composition tree.  Affects machine powernv9.

Delete the unused devices by making pnv_pec_realize() unparent them.
Visible in "info qom-tree":

     /machine (powernv9-machine)
       /chip[0] (power9_v2.0-pnv-chip)
         [...]
         /pec[0] (pnv-phb4-pec)
           /stack[0] (pnv-phb4-pec-stack)
             [...]
    -      /stack[1] (pnv-phb4-pec-stack)
    -        /phb (pnv-phb4)
    -          /pcie-mmcfg-mmio[0] (qemu:memory-region)
    -          /root (pnv-phb4-root-port)
    -          /source (xive-source)
    -      /stack[2] (pnv-phb4-pec-stack)
    -        /phb (pnv-phb4)
    -          /pcie-mmcfg-mmio[0] (qemu:memory-region)
    -          /root (pnv-phb4-root-port)
    -          /source (xive-source)
           /xscom-pec-0.0-nest[0] (qemu:memory-region)
           /xscom-pec-0.0-pci[0] (qemu:memory-region)
         /pec[1] (pnv-phb4-pec)
           /stack[0] (pnv-phb4-pec-stack)
             [...]
           /stack[1] (pnv-phb4-pec-stack)
             [...]
    -      /stack[2] (pnv-phb4-pec-stack)
    -        /phb (pnv-phb4)
    -          /pcie-mmcfg-mmio[0] (qemu:memory-region)
    -          /root (pnv-phb4-root-port)
    -          /source (xive-source)
           /xscom-pec-0.1-nest[0] (qemu:memory-region)
           /xscom-pec-0.1-pci[0] (qemu:memory-region)
         /pec[2] (pnv-phb4-pec)
           /stack[0] (pnv-phb4-pec-stack)
             [...]
           /stack[1] (pnv-phb4-pec-stack)
             [...]
           /stack[2] (pnv-phb4-pec-stack)
             [...]

Cc: Cédric Le Goater <clg@kaod.org>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200609122339.937862-12-armbru@redhat.com>
2020-06-15 21:36:21 +02:00
Markus Armbruster
33208432f5 macio: Delete unused "macio-gpio" devices
These devices go with the "via-pmu" device, which is controlled by
property "has-pmu".  macio_newworld_init() creates it unconditionally,
because the property has not been set then.  macio_newworld_realize()
realizes it only when the property is true.  Works, although it can
leave an unrealized device hanging around in the QOM composition tree.
Affects machine mac99 with via=cuda (default).

Delete the unused device by making macio_newworld_realize() unparent
it.  Visible in "info qom-tree":

     /machine (mac99-machine)
       [...]
       /unattached (container)
         /device[9] (macio-newworld)
           [...]
           /escc-legacy-port[8] (qemu:memory-region)
           /escc-legacy-port[9] (qemu:memory-region)
           /escc-legacy[0] (qemu:memory-region)
    -      /gpio (macio-gpio)
    -        /gpio[0] (qemu:memory-region)
           /ide[0] (macio-ide)
             /ide.0 (IDE)
             /pmac-ide[0] (qemu:memory-region)

Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20200609122339.937862-11-armbru@redhat.com>
2020-06-15 21:36:21 +02:00
Markus Armbruster
3d81f594fd macio: Fix to realize "mos6522-cuda" and "mos6522-pmu" devices
cuda_init() creates a "mos6522-cuda" device, but it's never realized.
Affects machines mac99 with via=cuda (default) and g3beige.

pmu_init() creates a "mos6522-pmu" device, but it's never realized.
Affects machine mac99 with via=pmu and via=pmu-adb,

In theory, a device becomes real only on realize.  In practice, the
transition from unreal to real is a fuzzy one.  The work to make a
device real can be spread between realize methods (fine),
instance_init methods (wrong), and board code wiring up the device
(fine as long as it effectively happens on realize).  Depending on
what exactly is done where, a device can work even when we neglect
to realize it.

These two appear to work.  Nevertheless, it's a clear misuse of the
interface.  Even when it works today (more or less by chance), it can
break tomorrow.

Fix by realizing them in cuda_realize() and pmu_realize(),
respectively.

Fixes: 6dca62a000
Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200609122339.937862-10-armbru@redhat.com>
2020-06-15 21:36:21 +02:00
Markus Armbruster
5e769ecf50 mac_via: Fix to realize "mos6522-q800-via*" devices
mac_via_realize() creates a "mos6522-q800-via1" and a
"mos6522-q800-via2" device, but neglects to realize them.  Affects
machine q800.

In theory, a device becomes real only on realize.  In practice, the
transition from unreal to real is a fuzzy one.  The work to make a
device real can be spread between realize methods (fine),
instance_init methods (wrong), and board code wiring up the device
(fine as long as it effectively happens on realize).  Depending on
what exactly is done where, a device can work even when we neglect
to realize it.

These two appear to work.  Nevertheless, it's a clear misuse of the
interface.  Even when it works today (more or less by chance), it can
break tomorrow.

Fix by realizing them right away.

Fixes: 6dca62a000
Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20200609122339.937862-9-armbru@redhat.com>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Acked-by: Laurent Vivier <laurent@vivier.eu>
2020-06-15 21:36:09 +02:00
Markus Armbruster
6b888ee28c auxbus: Fix aux-to-i2c-bridge to be a subtype of aux-slave
We plug aux-to-i2c-bridge into the aux-bus, even though its
DeviceClass member bus_type is null, not TYPE_AUX_BUS.  Fix that by
deriving it from TYPE_AUX_SLAVE instead of TYPE_DEVICE.

Cc: KONRAD Frederic <fred.konrad@greensocs.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200609122339.937862-8-armbru@redhat.com>
2020-06-15 21:36:09 +02:00
Markus Armbruster
210d18674a armv7m: Delete unused "ARM,bitband-memory" devices
These devices are optional, and enabled by property "enable-bitband".
armv7m_instance_init() creates them unconditionally, because the
property has not been set then.  armv7m_realize() realizes them only
when the property is true.  Works, although it leaves unrealized
devices hanging around in the QOM composition tree.  Affects machines
microbit, mps2-an505, mps2-an521, musca-a, and musca-b1.

Delete the unused devices by making armv7m_realize() unparent them.
Visible in "info qom-tree"; here's the change for microbit:

     /machine (microbit-machine)
       /microbit.twi (microbit.i2c)
         /microbit.twi[0] (qemu:memory-region)
       /nrf51 (nrf51-soc)
         /armv6m (armv7m)
           /armv7m-container[0] (qemu:memory-region)
    -      /bitband[0] (ARM,bitband-memory)
    -        /bitband[0] (qemu:memory-region)
    -      /bitband[1] (ARM,bitband-memory)
    -        /bitband[0] (qemu:memory-region)
           /cpu (cortex-m0-arm-cpu)

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200609122339.937862-7-armbru@redhat.com>
2020-06-15 21:36:09 +02:00
Cédric Le Goater
d3bad7e7c4 arm/aspeed: Rework NIC attachment
The number of MACs supported by an Aspeed SoC is defined by "macs_num"
under the SoC model, that is two for the AST2400 and AST2500 and four
for the AST2600. The model initializes the maximum number of supported
MACs but the number of realized devices is capped by the number of
network device back-ends defined on the command line. This can leave
unrealized devices hanging around in the QOM composition tree.

To get virtual hardware that matches the physical hardware, you have
to pass exactly as many -nic options as there are MACs, and some of
them must be -nic none:

* Machines ast2500-evb, palmetto-bmc, romulus-bmc, sonorapass-bmc,
  swift-bmc, and witherspoon-bmc: two -nic, and the second one must be
  -nic none.

* Machine ast2600-evb: four -nic, the first one must be -nic none.

* Machine tacoma-bmc: four nic, the first two and the last one must be
  -nic none.

Modify the machine initialization to define which MACs are attached to
a network device back-end using a bit-field property "macs-mask" and
let the SoC realize all network devices.

The default setting of "macs-mask" is "use MAC0" only, which works for
all our AST2400 and AST2500 machines. The AST2600 machines have
different configurations. The AST2600 EVB machine activates MAC1, MAC2
and MAC3 and the Tacoma BMC machine activates MAC2.

Incompatible CLI change: -nic options now apply to *active* MACs:
MAC1, MAC2, MAC3 for ast2600-evb, MAC2 for tacoma-bmc, and MAC0 for
all the others.

The machines now always get all MACs as they should. Visible in "info
qom-tree", here's the change for tacoma-bmc:

     /machine (tacoma-bmc-machine)
       /peripheral (container)
       /peripheral-anon (container)
       /soc (ast2600-a1)
         [...]
         /ftgmac100[0] (ftgmac100)
           /ftgmac100[0] (qemu:memory-region)
         /ftgmac100[1] (ftgmac100)
    +      /ftgmac100[0] (qemu:memory-region)
         /ftgmac100[2] (ftgmac100)
    +      /ftgmac100[0] (qemu:memory-region)
         /ftgmac100[3] (ftgmac100)
    +      /ftgmac100[0] (qemu:memory-region)
         [...]
         /mii[0] (aspeed-mmi)
           /aspeed-mmi[0] (qemu:memory-region)
         /mii[1] (aspeed-mmi)
    +      /aspeed-mmi[0] (qemu:memory-region)
         /mii[2] (aspeed-mmi)
    +      /aspeed-mmi[0] (qemu:memory-region)
         /mii[3] (aspeed-mmi)
    +      /aspeed-mmi[0] (qemu:memory-region)

Also visible in "info qtree"; here's the change for tacoma-bmc:

       dev: ftgmac100, id ""
         gpio-out "sysbus-irq" 1
         aspeed = true
    -    mac = "52:54:00:12:34:56"
    -    netdev = "hub0port0"
    +    mac = "52:54:00:12:34:57"
    +    netdev = ""
         mmio 000000001e660000/0000000000002000
       dev: ftgmac100, id ""
    -    aspeed = false
    -    mac = "00:00:00:00:00:00"
    +    gpio-out "sysbus-irq" 1
    +    aspeed = true
    +    mac = "52:54:00:12:34:58"
         netdev = ""
    +    mmio 000000001e680000/0000000000002000
       dev: ftgmac100, id ""
    -    aspeed = false
    -    mac = "00:00:00:00:00:00"
    -    netdev = ""
    +    gpio-out "sysbus-irq" 1
    +    aspeed = true
    +    mac = "52:54:00:12:34:56"
    +    netdev = "hub0port0"
    +    mmio 000000001e670000/0000000000002000
       dev: ftgmac100, id ""
    -    aspeed = false
    -    mac = "00:00:00:00:00:00"
    +    gpio-out "sysbus-irq" 1
    +    aspeed = true
    +    mac = "52:54:00:12:34:59"
         netdev = ""
    +    mmio 000000001e690000/0000000000002000
       [...]
       dev: aspeed-mmi, id ""
         mmio 000000001e650000/0000000000000008
       dev: aspeed-mmi, id ""
    +    mmio 000000001e650008/0000000000000008
       dev: aspeed-mmi, id ""
    +    mmio 000000001e650010/0000000000000008
       dev: aspeed-mmi, id ""
    +    mmio 000000001e650018/0000000000000008

Inactive MACs will have no peer and QEMU may warn the user with :

    qemu-system-arm: warning: nic ftgmac100.0 has no peer
    qemu-system-arm: warning: nic ftgmac100.1 has no peer
    qemu-system-arm: warning: nic ftgmac100.3 has no peer

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
[Commit message expanded]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200609122339.937862-6-armbru@redhat.com>
2020-06-15 21:36:09 +02:00
Cédric Le Goater
b7f1a0cb76 arm/aspeed: Compute the number of CPUs from the SoC definition
Commit ece09beec4 ("aspeed: introduce a configurable number of CPU
per machine") was a convient change during bringup but the Aspeed SoCs
have a fixed number of CPUs : one for the AST2400 and AST2500, and two
for the AST2600.

When the number of CPUs configured with -smp is less than the SoC's
fixed number, the "unconfigured" CPUs are left unrealized. This can
happen for machines ast2600-evb and tacoma-bmc, where the SoC's fixed
number is 2. To get virtual hardware that matches the physical
hardware, you have to pass -smp cpus=2 (or its sugared form -smp 2).

We normally reject -smp cpus=N when N exceeds the machine's limit.
Except we ignore cpus=2 (and only cpus=2) with a warning for machines
ast2500-evb, palmetto-bmc, romulus-bmc, sonorapass-bmc, swift-bmc, and
witherspoon-bmc.

Remove the "num-cpu" property from the SoC state and use the fixed
number of CPUs defined in the SoC class instead. Compute the default,
min, max number of CPUs of the machine directly from the SoC class
definition.

Machines ast2600-evb and tacoma-bmc now always get their second CPU as
they should. Visible in "info qom-tree"; here's the change for
ast2600-evb:

     /machine (ast2600-evb-machine)
       /peripheral (container)
       /peripheral-anon (container)
       /soc (ast2600-a1)
         /a7mpcore (a15mpcore_priv)
           /a15mp-priv-container[0] (qemu:memory-region)
           /gic (arm_gic)
             /gic_cpu[0] (qemu:memory-region)
             /gic_cpu[1] (qemu:memory-region)
    +        /gic_cpu[2] (qemu:memory-region)
             /gic_dist[0] (qemu:memory-region)
             /gic_vcpu[0] (qemu:memory-region)
             /gic_viface[0] (qemu:memory-region)
             /gic_viface[1] (qemu:memory-region)
    +        /gic_viface[2] (qemu:memory-region)
             /unnamed-gpio-in[0] (irq)
             [...]
    +        /unnamed-gpio-in[160] (irq)
             [same for 161 to 190...]
    +        /unnamed-gpio-in[191] (irq)

Also visible in "info qtree"; here's the change for ast2600-evb:

     bus: main-system-bus
       type System
       dev: a15mpcore_priv, id ""
         gpio-in "" 128
    -    gpio-out "sysbus-irq" 5
    -    num-cpu = 1 (0x1)
    +    gpio-out "sysbus-irq" 10
    +    num-cpu = 2 (0x2)
         num-irq = 160 (0xa0)
         mmio 0000000040460000/0000000000008000
       dev: arm_gic, id ""
    -    gpio-in "" 160
    -    num-cpu = 1 (0x1)
    +    gpio-in "" 192
    +    num-cpu = 2 (0x2)
         num-irq = 160 (0xa0)
         revision = 2 (0x2)
         has-security-extensions = true
         has-virtualization-extensions = true
         num-priority-bits = 8 (0x8)
         mmio ffffffffffffffff/0000000000001000
         mmio ffffffffffffffff/0000000000002000
         mmio ffffffffffffffff/0000000000001000
         mmio ffffffffffffffff/0000000000002000
         mmio ffffffffffffffff/0000000000000100
    +    mmio ffffffffffffffff/0000000000000100
    +    mmio ffffffffffffffff/0000000000000200
         mmio ffffffffffffffff/0000000000000200

The other machines now reject -smp cpus=2 just like -smp cpus=3 and up.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message expanded]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200609122339.937862-5-armbru@redhat.com>
2020-06-15 21:36:09 +02:00
Markus Armbruster
71e5770b61 sd/pxa2xx_mmci: Fix to realize "pxa2xx-mmci" device
pxa2xx_mmci_init() creates a "pxa2xx-mmci" device, but neglects to
realize it.  Affects machines akita, borzoi, connex, mainstone, spitz,
terrier, tosa, verdex, and z2.

In theory, a device becomes real only on realize.  In practice, the
transition from unreal to real is a fuzzy one.  The work to make a
device real can be spread between realize methods (fine),
instance_init methods (wrong), and board code wiring up the device
(fine as long as it effectively happens on realize).  Depending on
what exactly is done where, a device can work even when we neglect
to realize it.

This one appears to work.  Nevertheless, it's a clear misuse of the
interface.  Even when it works today (more or less by chance), it can
break tomorrow.

Fix by realizing it right away.  Visible in "info qom-tree"; here's
the change for akita:

     /machine (akita-machine)
       [...]
       /unattached (container)
         [...]
    +    /device[5] (pxa2xx-mmci)
    +      /pxa2xx-mmci[0] (qemu:memory-region)
    +      /sd-bus (pxa2xx-mmci-bus)
         [rest of device[*] renumbered...]

Fixes: 7a9468c925
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200609122339.937862-4-armbru@redhat.com>
2020-06-15 21:36:09 +02:00
Markus Armbruster
f6a1f93d6a display/xlnx_dp: Fix to realize "i2c-ddc" and "aux-to-i2c-bridge"
xlnx_dp_init() creates these two devices, but they're never realized.
Affects machine xlnx-zcu102.

In theory, a device becomes real only on realize.  In practice, the
transition from unreal to real is a fuzzy one.  The work to make a
device real can be spread between realize methods (fine),
instance_init methods (wrong), and board code wiring up the device
(fine as long as it effectively happens on realize).  Depending on
what exactly is done where, a device can work even when we neglect to
realize it.

These two appear to work.  Nevertheless, it's a clear misuse of the
interface.  Even when it works today (more or less by chance), it can
break tomorrow.

Fix by realizing them in xlnx_dp_realize().

Fixes: 58ac482a66
Cc: KONRAD Frederic <fred.konrad@greensocs.com>
Cc: Alistair Francis <alistair@alistair23.me>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20200609122339.937862-3-armbru@redhat.com>
2020-06-15 21:36:09 +02:00
Markus Armbruster
2fb1f7d299 arm/stm32f405: Fix realization of "stm32f2xx-adc" devices
stm32f405_soc_initfn() creates six such devices, but
stm32f405_soc_realize() realizes only one.  Affects machine
netduinoplus2.

In theory, a device becomes real only on realize.  In practice, the
transition from unreal to real is a fuzzy one.  The work to make a
device real can be spread between realize methods (fine),
instance_init methods (wrong), and board code wiring up the device
(fine as long as it effectively happens on realize).  Depending on
what exactly is done where, a device can work even when we neglect
to realize it.

The five unrealized devices appear to stay unreal: neither MMIO nor
IRQ get wired up.

Fix stm32f405_soc_realize() to realize and wire up all six.  Visible
in "info qtree":

     bus: main-system-bus
       type System
       dev: stm32f405-soc, id ""
         cpu-type = "cortex-m4-arm-cpu"
       dev: stm32f2xx-adc, id ""
         gpio-out "sysbus-irq" 1
    -    mmio ffffffffffffffff/00000000000000ff
    +    mmio 0000000040012000/00000000000000ff
       dev: stm32f2xx-adc, id ""
         gpio-out "sysbus-irq" 1
    -    mmio ffffffffffffffff/00000000000000ff
    +    mmio 0000000040012100/00000000000000ff
       dev: stm32f2xx-adc, id ""
         gpio-out "sysbus-irq" 1
    -    mmio ffffffffffffffff/00000000000000ff
    +    mmio 0000000040012200/00000000000000ff
       dev: stm32f2xx-adc, id ""
         gpio-out "sysbus-irq" 1
    -    mmio ffffffffffffffff/00000000000000ff
    +    mmio 0000000040012300/00000000000000ff
       dev: stm32f2xx-adc, id ""
         gpio-out "sysbus-irq" 1
    -    mmio 0000000040012000/00000000000000ff
    +    mmio 0000000040012400/00000000000000ff
       dev: stm32f2xx-adc, id ""
         gpio-out "sysbus-irq" 1
    -    mmio ffffffffffffffff/00000000000000ff
    +    mmio 0000000040012500/00000000000000ff
       dev: armv7m, id ""

Fixes: 529fc5fd3e
Cc: Alistair Francis <alistair@alistair23.me>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200609122339.937862-2-armbru@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-15 21:35:52 +02:00
Peter Maydell
7d3660e798 * Miscellaneous fixes and feature enablement (many)
* SEV refactoring (David)
 * Hyper-V initial support (Jon)
 * i386 TCG fixes (x87 and SSE, Joseph)
 * vmport cleanup and improvements (Philippe, Liran)
 * Use-after-free with vCPU hot-unplug (Nengyuan)
 * run-coverity-scan improvements (myself)
 * Record/replay fixes (Pavel)
 * -machine kernel_irqchip=split improvements for INTx (Peter)
 * Code cleanups (Philippe)
 * Crash and security fixes (PJP)
 * HVF cleanups (Roman)
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAl7jpdAUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroMfjwf/X7+0euuE9dwKFKDDMmIi+4lRWnq7
 gSOyE1BYSfDIUXRIukf64konXe0VpiotNYlyEaYnnQjkMdGm5E9iXKF+LgEwXj/t
 NSGkfj5J3VeWRG4JJp642CSN/aZWO8uzkenld3myCnu6TicuN351tDJchiFwAk9f
 wsXtgLKd67zE8MLVt8AP0rNTbzMHttPXnPaOXDCuwjMHNvMEKnC93UeOeM0M4H5s
 3Dl2HvsNWZ2SzUG9mAbWp0bWWuoIb+Ep9//87HWANvb7Z8jratRws18i6tYt1sPx
 8zOnUS87sVnh1CQlXBDd9fEcqBUVgR9pAlqaaYavNhFp5eC31euvpDU8Iw==
 =F4sU
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Miscellaneous fixes and feature enablement (many)
* SEV refactoring (David)
* Hyper-V initial support (Jon)
* i386 TCG fixes (x87 and SSE, Joseph)
* vmport cleanup and improvements (Philippe, Liran)
* Use-after-free with vCPU hot-unplug (Nengyuan)
* run-coverity-scan improvements (myself)
* Record/replay fixes (Pavel)
* -machine kernel_irqchip=split improvements for INTx (Peter)
* Code cleanups (Philippe)
* Crash and security fixes (PJP)
* HVF cleanups (Roman)

# gpg: Signature made Fri 12 Jun 2020 16:57:04 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (116 commits)
  target/i386: Remove obsolete TODO file
  stubs: move Xen stubs to accel/
  replay: fix replay shutdown for console mode
  exec/cpu-common: Move MUSB specific typedefs to 'hw/usb/hcd-musb.h'
  hw/usb: Move device-specific declarations to new 'hcd-musb.h' header
  exec/memory: Remove unused MemoryRegionMmio type
  checkpatch: reversed logic with acpi test checks
  target/i386: sev: Unify SEVState and SevGuestState
  target/i386: sev: Remove redundant handle field
  target/i386: sev: Remove redundant policy field
  target/i386: sev: Remove redundant cbitpos and reduced_phys_bits fields
  target/i386: sev: Partial cleanup to sev_state global
  target/i386: sev: Embed SEVState in SevGuestState
  target/i386: sev: Rename QSevGuestInfo
  target/i386: sev: Move local structure definitions into .c file
  target/i386: sev: Remove unused QSevGuestInfoClass
  xen: fix build without pci passthrough
  i386: hvf: Drop HVFX86EmulatorState
  i386: hvf: Move mmio_buf into CPUX86State
  i386: hvf: Move lazy_flags into CPUX86State
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
#	hw/i386/acpi-build.c
2020-06-12 23:06:22 +01:00
Philippe Mathieu-Daudé
efb22b2f98 exec/cpu-common: Move MUSB specific typedefs to 'hw/usb/hcd-musb.h'
The CPUReadMemoryFunc/CPUWriteMemoryFunc typedefs are legacy
remnant from before the conversion to MemoryRegions.
Since they are now only used in tusb6010.c and hcd-musb.c,
move them to "hw/usb/musb.h" and rename them appropriately.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200601141536.15192-4-f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:20:15 -04:00
Philippe Mathieu-Daudé
2c89d91195 hw/usb: Move device-specific declarations to new 'hcd-musb.h' header
Move the declarations for the MUSB-HDRC USB2.0 OTG compliant core
into a separate header.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200601141536.15192-3-f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:20:14 -04:00
Anthony PERARD
acd0c9416d xen: fix build without pci passthrough
Xen PCI passthrough support may not be available and thus the global
variable "has_igd_gfx_passthru" might be compiled out. Common code
should not access it in that case.

Unfortunately, we can't use CONFIG_XEN_PCI_PASSTHROUGH directly in
xen-common.c so this patch instead move access to the
has_igd_gfx_passthru variable via function and those functions are
also implemented as stubs. The stubs will be used when QEMU is built
without passthrough support.

Now, when one will want to enable igd-passthru via the -machine
property, they will get an error message if QEMU is built without
passthrough support.

Fixes: 46472d8232 ('xen: convert "-machine igd-passthru" to an accelerator property')
Reported-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20200603160442.3151170-1-anthony.perard@citrix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:20:12 -04:00
Peter Maydell
9e3903136d virtio,acpi,pci: features, fixes, cleanups, tests
Max slots negotiation for vhost-user.
 Free page reporting for balloon.
 Partial TPM2 ACPI support for ARM.
 Support for NVDIMMs having their own proximity domains.
 New vhost-user-vsock device.
 
 Fixes, cleanups in ACPI, PCI, virtio.
 New tests for TPM ACPI.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAl7jjpwPHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRp9AEH/RH+o9fT+Jvwv1yiCF44kjrfQ9MHzT+hDo96
 vd6Ynj6O49M+ObL3f9fI5ICYHAmZQFzouJ671/FcQQF/CrMot1HBnHAWAzS2YoFu
 3iNOA6PmWn0fWoVAuIfmhtE0PKNJdsuyyJMbcKY5d5bSPugO3b/bIPvo8oVAIXiM
 3xf0KbicB6m0z24ssZoI7KP7PSJcacDViFXUJkgCIMce68od4CDEQ8TGi6jBmAzQ
 VdriGnOCJ9Wo60GC4KL4v8HKZWnq4Nz4qfwQtHdY/MUL30eFDjYcgF0AMYLHrymy
 DInh/GRQMxtD0VvOxtq1BUV0tHk/qH4XyEohSyBOrIrH+ifnjds=
 =hh+M
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio,acpi,pci: features, fixes, cleanups, tests

Max slots negotiation for vhost-user.
Free page reporting for balloon.
Partial TPM2 ACPI support for ARM.
Support for NVDIMMs having their own proximity domains.
New vhost-user-vsock device.

Fixes, cleanups in ACPI, PCI, virtio.
New tests for TPM ACPI.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Fri 12 Jun 2020 15:18:04 BST
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream: (58 commits)
  virtio-pci: fix queue_enable write
  pci: Display PCI IRQ pin in "info pci"
  Fix parameter type in vhost migration log path
  acpi: ged: rename event memory region
  acpi: fadt: add hw-reduced sleep register support
  acpi: madt: skip pci override on pci-less systems.
  acpi: create acpi-common.c and move madt code
  acpi: make build_madt() more generic.
  virtio: add vhost-user-vsock-pci device
  virtio: add vhost-user-vsock base device
  vhost-vsock: add vhost-vsock-common abstraction
  hw/pci: Fix crash when running QEMU with "-nic model=rocker"
  libvhost-user: advertise vring features
  Lift max ram slots limit in libvhost-user
  Support individual region unmap in libvhost-user
  Support adding individual regions in libvhost-user
  Support ram slot configuration in libvhost-user
  Refactor out libvhost-user fault generation logic
  Lift max memory slots limit imposed by vhost-user
  Transmit vhost-user memory regions individually
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-12 15:53:49 +01:00
Jason Wang
10d35e5819 virtio-pci: fix queue_enable write
Spec said: The driver uses this to selectively prevent the device from
executing requests from this virtqueue. 1 - enabled; 0 - disabled.

Though write 0 to queue_enable is forbidden by the spec, we should not
assume that the value is 1.

Fix this by ignore the write value other than 1.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20200610054351.15811-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-12 10:17:06 -04:00
Peter Xu
12fcf49c1a pci: Display PCI IRQ pin in "info pci"
Sometimes it would be good to be able to read the pin number along
with the IRQ number allocated.  Since we'll dump the IRQ number, no
reason to not dump the pin information.  For example, the vfio-pci
device will overwrite the pin with the hardware pin number.  It would
be nice to know the pin number of one assigned device from QMP/HMP.

CC: Dr. David Alan Gilbert <dgilbert@redhat.com>
CC: Alex Williamson <alex.williamson@redhat.com>
CC: Michael S. Tsirkin <mst@redhat.com>
CC: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
CC: Julia Suvorova <jusual@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20200317195908.283800-1-peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
2020-06-12 10:17:06 -04:00
Raphael Norwitz
62925fd2b8 Fix parameter type in vhost migration log path
The ‘enable’ parameter to the vhost_migration_log() function is given as
an int, but "true"/"false" values are passed in wherever it is invoked.
Inside the function itself it is only ever compared with bool values.
Therefore the parameter value itself should be changed to bool.

Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <CAFubqFtqNZw=Y-ar3N=3zTQi6LkKg_G-7W7OOHHbE7Y1fV7HAQ@mail.gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-12 10:17:06 -04:00
Gerd Hoffmann
32905fc95c acpi: ged: rename event memory region
Rename memory region and callbacks and ops to carry "evt" in the name
because a second region will be added shortly.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20200520132003.9492-10-kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Igor Mammedow <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-12 10:17:06 -04:00
Gerd Hoffmann
c8ed8f57cc acpi: fadt: add hw-reduced sleep register support
Add fields to struct AcpiFadtData and update build_fadt() to properly
generate sleep register entries.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200520132003.9492-9-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-12 10:17:06 -04:00
Gerd Hoffmann
5794d34a13 acpi: madt: skip pci override on pci-less systems.
Needed for microvm.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200520132003.9492-8-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-12 10:17:06 -04:00
Gerd Hoffmann
eb66ffabc0 acpi: create acpi-common.c and move madt code
We'll need madt support for microvm.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200520132003.9492-7-kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-12 10:17:06 -04:00
Gerd Hoffmann
1dc32f9aeb acpi: make build_madt() more generic.
Remove PCMachineState dependency from build_madt().
Pass AcpiDeviceIf as separate argument instead of
depending on PCMachineState->acpi_dev.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200520132003.9492-6-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-12 10:17:06 -04:00
Stefano Garzarella
9b83bb2747 virtio: add vhost-user-vsock-pci device
Add the PCI version of vhost-user-vsock

Launch QEMU like this:

  qemu -chardev socket,path=/tmp/vm.vsock,id=chr0 \
       -device vhost-user-vsock-pci,chardev=chr0

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20200522122512.87413-4-sgarzare@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-12 10:17:06 -04:00
Stefano Garzarella
5fe97d8829 virtio: add vhost-user-vsock base device
This patch introduces a vhost-user device for vsock, using the
vhost-vsock-common parent class.

The vhost-user-vsock device can be used to implement the virtio-vsock
device emulation in user-space.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20200522122512.87413-3-sgarzare@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-12 10:17:06 -04:00
Stefano Garzarella
c6136ec0c6 vhost-vsock: add vhost-vsock-common abstraction
This patch prepares the introduction of vhost-user-vsock, moving
the common code usable for both vhost-vsock and vhost-user-vsock
devices, in the new vhost-vsock-common parent class.

While moving the code, fixed checkpatch warnings about block comments.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20200522122512.87413-2-sgarzare@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-12 10:17:06 -04:00
Thomas Huth
00823980b2 hw/pci: Fix crash when running QEMU with "-nic model=rocker"
QEMU currently aborts when being started with "-nic model=rocker" or with
"-net nic,model=rocker". This happens because the "rocker" device is not
a normal NIC but a switch, which has different properties. Thus we should
only consider real NIC devices for "-nic" and "-net". These devices can
be identified by the "netdev" property, so check for this property before
adding the device to the list.

Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Fixes: 52310c3fa7 ("net: allow using any PCI NICs in -net or -nic")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200527153152.9211-1-thuth@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-12 10:17:06 -04:00
Raphael Norwitz
27598393a2 Lift max memory slots limit imposed by vhost-user
Historically, sending all memory regions to vhost-user backends in a
single message imposed a limitation on the number of times memory
could be hot-added to a VM with a vhost-user device. Now that backends
which support the VHOST_USER_PROTOCOL_F_CONFIGURE_SLOTS send memory
regions individually, we no longer need to impose this limitation on
devices which support this feature.

With this change, VMs with a vhost-user device which supports the
VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS can support a configurable
number of memory slots, up to the maximum allowed by the target
platform.

Existing backends which do not support
VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS are unaffected.

Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com>
Suggested-by: Mike Cui <cui@nutanix.com>
Message-Id: <1588533678-23450-6-git-send-email-raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-06-12 10:17:06 -04:00
Raphael Norwitz
f1aeb14b08 Transmit vhost-user memory regions individually
With this change, when the VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS
protocol feature has been negotiated, Qemu no longer sends the backend
all the memory regions in a single message. Rather, when the memory
tables are set or updated, a series of VHOST_USER_ADD_MEM_REG and
VHOST_USER_REM_MEM_REG messages are sent to transmit the regions to map
and/or unmap instead of sending send all the regions in one fixed size
VHOST_USER_SET_MEM_TABLE message.

The vhost_user struct maintains a shadow state of the VM’s memory
regions. When the memory tables are modified, the
vhost_user_set_mem_table() function compares the new device memory state
to the shadow state and only sends regions which need to be unmapped or
mapped in. The regions which must be unmapped are sent first, followed
by the new regions to be mapped in. After all the messages have been
sent, the shadow state is set to the current virtual device state.

Existing backends which do not support
VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS are unaffected.

Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Signed-off-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com>
Suggested-by: Mike Cui <cui@nutanix.com>
Message-Id: <1588533678-23450-5-git-send-email-raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-06-12 10:17:06 -04:00
Raphael Norwitz
6b0eff1a4e Add VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS
This change introduces a new feature to the vhost-user protocol allowing
a backend device to specify the maximum number of ram slots it supports.

At this point, the value returned by the backend will be capped at the
maximum number of ram slots which can be supported by vhost-user, which
is currently set to 8 because of underlying protocol limitations.

The returned value will be stored inside the VhostUserState struct so
that on device reconnect we can verify that the ram slot limitation
has not decreased since the last time the device connected.

Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com>
Message-Id: <1588533678-23450-4-git-send-email-raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-06-12 10:17:06 -04:00
Peter Maydell
eea8f5df4e VFIO update 2020-06-11
- Fix IGD split, include header to honor Kconfig (Thomas Huth)
 
  - New VMD device paravirt quirk (Jon Derrick)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJe4n7XAAoJECObm247sIsiBfQP/3mJJCJu/H/vfftpc1M8dpC4
 MVQew0rpC5ZWRpiE2SYAF5yIVbHW83BUZIzUeO6wEhscxHQymj76gQesFrG4pt5P
 ZyrfEMQGym8lPYz09ZgEKQN4gCN7xBgMUc+LM/rLYCBr7CbQCNkOLjM6km7JN1aq
 rF8m3wNfrLVTLR33lsFXuNq3RfrxXigX/7E+v/vPh7JmqehUINc+aLzXZEAVu24v
 ntQqXIgWcgYQpz48aGSENfsf6oG8fUY2ZWjP4L+9+EA4SUwlLilBMXCWOHJB3v6C
 mQkoo+OsQ40RRzc49m8dOaSNUUXKRTwz2H+Kw/VlrxoVCU8gcWjuY+wZ536623JY
 zHrzih86uQRYOO2pJoqOFJ0vxvBC8ule6srupF5ZvTAO7x/JO3o2YUHUSt9amzwt
 TX+yh6t9NFZGmzxMvwzU0DeoHFsmRXGMOkmbWjqGPOY3bB4G1lK+tQtE5qCnLvtu
 A6/wHNT5BIN/YeNSoXlJuE6Ty2CpNBtzCXQ3KqkfDTbPioYs22Huxpg9GwcpBwh0
 z8xHvRM020dbFDSY5T5kDnAfP7omPc/zqajDPbw9OBcQUE3B361v95sCTAeOoXef
 +toB3m84WlYbLHiKQBJhNUx+1eDo8qfMytkq67b47dyER/uzDCx6C7btEuFXJOJ1
 IkTs9KjhL2a08hcDCeW/
 =oPeB
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20200611.0' into staging

VFIO update 2020-06-11

 - Fix IGD split, include header to honor Kconfig (Thomas Huth)

 - New VMD device paravirt quirk (Jon Derrick)

# gpg: Signature made Thu 11 Jun 2020 19:58:31 BST
# gpg:                using RSA key 239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" [full]
# gpg:                 aka "Alex Williamson <alex@shazbot.org>" [full]
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>" [full]
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>" [full]
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* remotes/awilliam/tags/vfio-update-20200611.0:
  hw/vfio/pci-quirks: Fix broken legacy IGD passthrough
  hw/vfio: Add VMD Passthrough Quirk

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-11 22:36:28 +01:00
Peter Maydell
77c9e078b4 Trivial branch pull request 20200610
Convert DPRINTF() to traces or qemu_logs
 Use IEC binary prefix definitions
 Use qemu_semihosting_log_out() in target/unicore32
 Some code and doc cleanup
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAl7g21QSHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L7484YgP/jxlYNoSz3574j//OWJQnaprEjpI0EWT
 MWkLb2sKnVAUyoJYLFGRuYl/aAOQvHqGcBUAsUzGWWUdq2HhTI1WlP1pIcxOodsm
 aM0X6UOhuRs7zQDqZHPLUYoNEb/hpxj7RP0pUgh1JXaWucPoCznyZImPLJKIwkDz
 bCS+H1HPRWc9IIb2wkMSfRMGy1gz+bP6Z/uaWLdwwWo/q2uoZ8LZVFmJ5owe5HPG
 eA6alLdG1ZDn8XvUZYUoRZENFRxAz/gDtX2S1e3huej582sBNxfwH65+Y9dMs1Bo
 FoihF1nKRjHejCyyO76QxkEuzgDxnw2w87WrEYBLUsWP1XeZfpb73wMO+1Z++IDL
 8oLYZv310wQv7LJtlmKFb4tlFWJ5DLqwV7J0L03zUQ6zgZRMzQiDlogvJiWMKvv9
 JLKQzUZsoKr9BjVUjYGO1PFW90koKDROHKM+ifBml8L1aIYbyOkq93b64qogik0L
 Vt7n5nPK8ATD0QzZSmwaQL7Fj2ATh6KRdA1CWya3i4YvP91p5o0n87+k0IMbOXgT
 aqB+d6nr8+CQDe6tudvmg8I45CV9uN9x4dnrKS+NVJrK/cogpOXiYovJ275FJkTE
 Cu77eOWFYgImVxScAI2qvmvNqEzaLS9pSRNfOqGVz0JiTb/rWIRSugz7cvHdgQ2U
 4OdHx1J3tupw
 =jkE3
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-5.1-pull-request' into staging

Trivial branch pull request 20200610

Convert DPRINTF() to traces or qemu_logs
Use IEC binary prefix definitions
Use qemu_semihosting_log_out() in target/unicore32
Some code and doc cleanup

# gpg: Signature made Wed 10 Jun 2020 14:08:36 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/trivial-branch-for-5.1-pull-request:
  semihosting: remove the pthread include which seems unused
  hw/openrisc/openrisc_sim: Add assertion to silence GCC warning
  target/unicore32: Prefer qemu_semihosting_log_out() over curses
  target/unicore32: Replace DPRINTF() by qemu_log_mask(GUEST_ERROR)
  target/unicore32: Remove unused headers
  target/i386/cpu: Use the IEC binary prefix definitions
  hw/i386/xen/xen-hvm: Use the IEC binary prefix definitions
  hw/hppa/dino: Use the IEC binary prefix definitions
  hw/arm/aspeed: Correct DRAM container region size
  qemu-img: Fix doc typo for 'bitmap' subcommand
  hw/misc/auxbus: Use qemu_log_mask(UNIMP) instead of debug printf
  hw/isa/apm: Convert debug printf()s to trace events
  hw/unicore32/puv3: Use qemu_log_mask(ERROR) instead of debug printf()
  .mailmap: Update Fred Konrad email address
  net: Do not include a newline in the id of -nic devices
  Fix parameter type in vhost migration log path

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
#	.mailmap
2020-06-11 19:22:52 +01:00
Thomas Huth
643a4eacef hw/vfio/pci-quirks: Fix broken legacy IGD passthrough
The #ifdef CONFIG_VFIO_IGD in pci-quirks.c is not working since the
required header config-devices.h is not included, so that the legacy
IGD passthrough is currently broken. Let's include the right header
to fix this issue.

Buglink: https://bugs.launchpad.net/qemu/+bug/1882784
Fixes: 29d62771c8 ("hw/vfio: Move the IGD quirk code to a separate file")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2020-06-11 11:36:40 -06:00
Jon Derrick
ee7932b0bb hw/vfio: Add VMD Passthrough Quirk
The VMD endpoint provides a real PCIe domain to the guest, including
bridges and endpoints. Because the VMD domain is enumerated by the guest
kernel, the guest kernel will assign Guest Physical Addresses to the
downstream endpoint BARs and bridge windows.

When the guest kernel performs MMIO to VMD sub-devices, MMU will
translate from the guest address space to the physical address space.
Because the bridges have been programmed with guest addresses, the
bridges will reject the transaction containing physical addresses.

VMD device 28C0 natively assists passthrough by providing the Host
Physical Address in shadow registers accessible to the guest for bridge
window assignment. The shadow registers are valid if bit 1 is set in VMD
VMLOCK config register 0x70.

In order to support existing VMDs, this quirk provides the shadow
registers in a vendor-specific PCI capability to the vfio-passthrough
device for all VMD device ids which don't natively assist with
passthrough. The Linux VMD driver is updated to check for this new
vendor-specific capability.

Signed-off-by: Jon Derrick <jonathan.derrick@intel.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2020-06-11 11:36:39 -06:00
Wei Huang
2356ff8500 hw/i386/amd_iommu: Fix the reserved bits definition of IOMMU commands
Many reserved bits of amd_iommu commands are defined incorrectly in QEMU.
Because of it, QEMU incorrectly injects lots of illegal commands into guest
VM's IOMMU event log.

Signed-off-by: Wei Huang <wei.huang2@amd.com>
Message-Id: <20200418042845.596457-1-wei.huang2@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:46 -04:00
Peter Xu
c82d9d43ed KVM: Kick resamplefd for split kernel irqchip
This is majorly only for X86 because that's the only one that supports
split irqchip for now.

When the irqchip is split, we face a dilemma that KVM irqfd will be
enabled, however the slow irqchip is still running in the userspace.
It means that the resamplefd in the kernel irqfds won't take any
effect and it will miss to ack INTx interrupts on EOIs.

One example is split irqchip with VFIO INTx, which will break if we
use the VFIO INTx fast path.

This patch can potentially supports the VFIO fast path again for INTx,
that the IRQ delivery will still use the fast path, while we don't
need to trap MMIOs in QEMU for the device to emulate the EIOs (see the
callers of vfio_eoi() hook).  However the EOI of the INTx will still
need to be done from the userspace by caching all the resamplefds in
QEMU and kick properly for IOAPIC EOI broadcast.

This is tricky because in this case the userspace ioapic irr &
remote-irr will be bypassed.  However such a change will greatly boost
performance for assigned devices using INTx irqs (TCP_RR boosts 46%
after this patch applied).

When the userspace is responsible for the resamplefd kickup, don't
register it on the kvm_irqfd anymore, because on newer kernels (after
commit 654f1f13ea56, 5.2+) the KVM_IRQFD will fail if with both split
irqchip and resamplefd.  This will make sure that the fast path will
work for all supported kernels.

https://patchwork.kernel.org/patch/10738541/#22609933

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20200318145204.74483-5-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:33 -04:00
Peter Xu
97a3757616 vfio/pci: Use kvm_irqchip_add_irqfd_notifier_gsi() for irqfds
VFIO is currently the only one left that is not using the generic
function (kvm_irqchip_add_irqfd_notifier_gsi()) to register irqfds.
Let VFIO use the common framework too.

Follow up patches will introduce extra features for kvm irqfd, so that
VFIO can easily leverage that after the switch.

Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20200318145204.74483-3-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:28 -04:00
Philippe Mathieu-Daudé
c781a2cc42 hw/i386/vmport: Allow QTest use without crashing
Trying libFuzzer on the vmport device, we get:

  AddressSanitizer:DEADLYSIGNAL
  =================================================================
  ==29476==ERROR: AddressSanitizer: SEGV on unknown address 0x000000008840 (pc 0x56448bec4d79 bp 0x7ffeec9741b0 sp 0x7ffeec9740e0 T0)
  ==29476==The signal is caused by a READ memory access.
    #0 0x56448bec4d78 in vmport_ioport_read (qemu-fuzz-i386+0x1260d78)
    #1 0x56448bb5f175 in memory_region_read_accessor (qemu-fuzz-i386+0xefb175)
    #2 0x56448bb30c13 in access_with_adjusted_size (qemu-fuzz-i386+0xeccc13)
    #3 0x56448bb2ea27 in memory_region_dispatch_read1 (qemu-fuzz-i386+0xecaa27)
    #4 0x56448bb2e443 in memory_region_dispatch_read (qemu-fuzz-i386+0xeca443)
    #5 0x56448b961ab1 in flatview_read_continue (qemu-fuzz-i386+0xcfdab1)
    #6 0x56448b96336d in flatview_read (qemu-fuzz-i386+0xcff36d)
    #7 0x56448b962ec4 in address_space_read_full (qemu-fuzz-i386+0xcfeec4)

This is easily reproducible using:

  $ echo inb 0x5658 | qemu-system-i386 -M isapc,accel=qtest -qtest stdio
  [I 1589796572.009763] OPENED
  [R +0.008069] inb 0x5658
  Segmentation fault (core dumped)

  $ coredumpctl gdb -q
  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x00005605b54d0f21 in vmport_ioport_read (opaque=0x5605b7531ce0, addr=0, size=4) at hw/i386/vmport.c:77
  77          eax = env->regs[R_EAX];
  (gdb) p cpu
  $1 = (X86CPU *) 0x0
  (gdb) bt
  #0  0x00005605b54d0f21 in vmport_ioport_read (opaque=0x5605b7531ce0, addr=0, size=4) at hw/i386/vmport.c:77
  #1  0x00005605b53db114 in memory_region_read_accessor (mr=0x5605b7531d80, addr=0, value=0x7ffc9d261a30, size=4, shift=0, mask=4294967295, attrs=...) at memory.c:434
  #2  0x00005605b53db5d4 in access_with_adjusted_size (addr=0, value=0x7ffc9d261a30, size=1, access_size_min=4, access_size_max=4, access_fn=
      0x5605b53db0d2 <memory_region_read_accessor>, mr=0x5605b7531d80, attrs=...) at memory.c:544
  #3  0x00005605b53de156 in memory_region_dispatch_read1 (mr=0x5605b7531d80, addr=0, pval=0x7ffc9d261a30, size=1, attrs=...) at memory.c:1396
  #4  0x00005605b53de228 in memory_region_dispatch_read (mr=0x5605b7531d80, addr=0, pval=0x7ffc9d261a30, op=MO_8, attrs=...) at memory.c:1424
  #5  0x00005605b537c80a in flatview_read_continue (fv=0x5605b7650290, addr=22104, attrs=..., ptr=0x7ffc9d261b4b, len=1, addr1=0, l=1, mr=0x5605b7531d80) at exec.c:3200
  #6  0x00005605b537c95d in flatview_read (fv=0x5605b7650290, addr=22104, attrs=..., buf=0x7ffc9d261b4b, len=1) at exec.c:3239
  #7  0x00005605b537c9e6 in address_space_read_full (as=0x5605b5f74ac0 <address_space_io>, addr=22104, attrs=..., buf=0x7ffc9d261b4b, len=1) at exec.c:3252
  #8  0x00005605b53d5a5d in address_space_read (len=1, buf=0x7ffc9d261b4b, attrs=..., addr=22104, as=0x5605b5f74ac0 <address_space_io>) at include/exec/memory.h:2401
  #9  0x00005605b53d5a5d in cpu_inb (addr=22104) at ioport.c:88

X86CPU is NULL because QTest accelerator does not use CPU.
Fix by returning default values when QTest accelerator is used.

Reported-by: Clang AddressSanitizer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:27 -04:00
Prasad J Pandit
2b151297e4 megasas: use unsigned type for positive numeric fields
Use unsigned type for the MegasasState fields which hold positive
numeric values.

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20200513192540.1583887-4-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:15 -04:00
Prasad J Pandit
fd69185567 megasas: avoid NULL pointer dereference
While in megasas_handle_frame(), megasas_enqueue_frame() may
set a NULL frame into MegasasCmd object for a given 'frame_addr'
address. Add check to avoid a NULL pointer dereference issue.

Reported-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: https://bugs.launchpad.net/qemu/+bug/1878259
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20200513192540.1583887-3-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:12 -04:00
Prasad J Pandit
f50ab86a26 megasas: use unsigned type for reply_queue_head and check index
A guest user may set 'reply_queue_head' field of MegasasState to
a negative value. Later in 'megasas_lookup_frame' it is used to
index into s->frames[] array. Use unsigned type to avoid OOB
access issue.

Also check that 'index' value stays within s->frames[] bounds
through the while() loop in 'megasas_lookup_frame' to avoid OOB
access.

Reported-by: Ren Ding <rding@gatech.edu>
Reported-by: Hanqing Zhao <hanqing@gatech.edu>
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200513192540.1583887-2-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:12 -04:00
Philippe Mathieu-Daudé
da278d58a0 accel: Move Xen accelerator code under accel/xen/
This code is not related to hardware emulation.
Move it under accel/ with the other hypervisors.

Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200508100222.7112-1-philmd@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:56 -04:00
Liran Alon
23accdf162 hw/i386/vmport: Assert vmport initialized before registering commands
vmport_register() is also called from other modules such as vmmouse.
Therefore, these modules rely that vmport is realized before those call
sites. If this is violated, vmport_register() will NULL-deref.

To make such issues easier to debug, assert in vmport_register() that
vmport is already realized.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-17-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:54 -04:00
Liran Alon
d6048bfd12 hw/i386/vmport: Add support for CMD_GETHZ
This command returns to guest information on LAPIC bus frequency and TSC
frequency.

One can see how this interface is used by Linux vmware_platform_setup()
introduced in Linux commit 88b094fb8d4f ("x86: Hypervisor detection and
get tsc_freq from hypervisor").

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-16-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:53 -04:00
Liran Alon
7f9114b77c hw/i386/vmport: Allow x2apic without IR
Signal to guest that hypervisor supports x2apic without VT-d/IOMMU
Interrupt-Remapping support. This allows guest to use x2apic in
case all APIC IDs fits in 8-bit (i.e. Max APIC ID < 255).

See Linux kernel commit 4cca6ea04d31 ("x86/apic: Allow x2apic
without IR on VMware platform") and Linux try_to_enable_x2apic()
function.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-14-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:50 -04:00
Liran Alon
acacd3550b hw/i386/vmport: Add support for CMD_GET_VCPU_INFO
Command currently returns that it is unimplemented by setting
the reserved-bit in it's return value.

Following patches will return various useful vCPU information
to guest.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-13-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:47 -04:00
Liran Alon
aaacf1c15a hw/i386/vmport: Add support for CMD_GETBIOSUUID
This is VMware documented functionallity that some guests rely on.
Returns the BIOS UUID of the current virtual machine.

Note that we also introduce a new compatability flag "x-cmds-v2" to
make sure to expose new VMPort commands only to new machine-types.
This flag will also be used by the following patches that will introduce
additional VMPort commands.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-10-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:47 -04:00
Liran Alon
dcd938f032 hw/i386/vmport: Define enum for all commands
No functional change.

Defining an enum for all VMPort commands have the following advantages:
* It gets rid of the error-prone requirement to update VMPORT_ENTRIES
when new VMPort commands are added to QEMU.
* It makes it clear to know by looking at one place at the source, what
are all the VMPort commands supported by QEMU.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200312165431.82118-9-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:46 -04:00
Liran Alon
d8f23d619c hw/i386/vmport: Introduce vmport.h
No functional change. This is mere refactoring.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200312165431.82118-8-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:45 -04:00
Liran Alon
f8bdc55037 hw/i386/vmport: Report vmware-vmx-type in CMD_GETVERSION
As can be seen from VmCheck_GetVersion() in open-vm-tools code,
CMD_GETVERSION should return vmware-vmx-type in ECX register.

Default is to fake host as VMware ESX server. But user can control
this value by "-global vmport.vmware-vmx-type=X".

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-7-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:45 -04:00
Liran Alon
2fd2f799f8 hw/i386/vmport: Introduce vmware-vmx-version property
vmware-vmx-version is a number returned from CMD_GETVERSION which specifies
to guest VMware Tools the the host VMX version. If the host reports a number
that is different than what the guest VMware Tools expects, it may force
guest to upgrade VMware Tools. (See comment above VERSION_MAGIC and
VmCheck_IsVirtualWorld() function in open-vm-tools open-source code).

For better readability and allow maintaining compatability for guests
which may expect different vmware-vmx-version, make vmware-vmx-version a
VMPort object property. This would allow user to control it's value via
"-global vmport.vmware-vmx-version=X".

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200312165431.82118-6-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:44 -04:00
Liran Alon
0342ee761e hw/i386/vmport: Set EAX to -1 on failed and unsupported commands
This is used as a signal for VMware Tools to know if a command it
attempted to invoke, failed or is unsupported. As a result, VMware Tools
will either report failure to user or fallback to another backdoor command
in attempt to perform some operation.

A few examples:
* open-vm-tools TimeSyncReadHost() function fallbacks to
CMD_GETTIMEFULL command when CMD_GETTIMEFULL_WITH_LAG
fails/unsupported.
* open-vm-tools Hostinfo_NestingSupported() function verifies
EAX != -1 to check for success.
* open-vm-tools Hostinfo_VCPUInfoBackdoor() functions checks
if reserved-bit is set to indicate command is unimplemented.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-5-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:44 -04:00
Liran Alon
b889212973 hw/i386/vmport: Propagate IOPort read to vCPU EAX register
vmport_ioport_read() returns the value that should propagate to vCPU EAX
register when guest reads VMPort IOPort (i.e. By x86 IN instruction).

However, because vmport_ioport_read() calls cpu_synchronize_state(), the
returned value gets overridden by the value in QEMU vCPU EAX register.
i.e. cpu->env.regs[R_EAX].

To fix this issue, change vmport_ioport_read() to explicitly override
cpu->env.regs[R_EAX] with the value it wish to propagate to vCPU EAX
register.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-4-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:43 -04:00
Liran Alon
c9ab24cef8 hw/i386/vmport: Add device properties
No functional change.

This is done as a preparation for the following patches that will
introduce several device properties.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200312165431.82118-3-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:43 -04:00
Liran Alon
29282253b7 hw/i386/vmport: Add reference to VMware open-vm-tools
This official VMware open-source project can be used as reference to
understand how guest code interacts with VMPort virtual device. Thus,
providing understanding on how device is expected to behave.

Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-2-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:43 -04:00
Jon Doron
4dd8a7064b vmbus: add infrastructure to save/load vmbus requests
This can be allow to include controller-specific data while
saving/loading in-flight scsi requests of the vmbus scsi controller.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Signed-off-by: Jon Doron <arilou@gmail.com>
Message-Id: <20200424123444.3481728-7-arilou@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:41 -04:00
Jon Doron
6775d15de1 i386: Hyper-V VMBus ACPI DSDT entry
Guest OS uses ACPI to discover VMBus presence.  Add a corresponding
entry to DSDT in case VMBus has been enabled.

Experimentally Windows guests were found to require this entry to
include two IRQ resources. They seem to never be used but they still
have to be there.

Make IRQ numbers user-configurable via corresponding properties; use 7
and 13 by default.

Signed-off-by: Evgeny Yakovlev <eyakovlev@virtuozzo.com>
Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Signed-off-by: Jon Doron <arilou@gmail.com>
Message-Id: <20200424123444.3481728-6-arilou@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:41 -04:00
Jon Doron
cab78e7cb2 i386:pc: whitelist dynamic vmbus-bridge
As vmbus-bridge is derived from sysbus device, it has to be whitelisted
to be allowed to be created with -device.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Signed-off-by: Jon Doron <arilou@gmail.com>
Message-Id: <20200424123444.3481728-5-arilou@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:40 -04:00
Jon Doron
0d71f7082d vmbus: vmbus implementation
Add the VMBus infrastructure -- bus, devices, root bridge, vmbus state
machine, vmbus channel interactions, etc.

VMBus is a collection of technologies.  At its lowest layer, it's a message
passing and signaling mechanism, allowing efficient passing of messages to and
from guest VMs.  A layer higher, it's a mechanism for defining channels of
communication, where each channel is tagged with a type (which implies a
protocol) and a instance ID.  A layer higher than that, it's a bus driver,
serving as the basis of device enumeration within a VM, where a channel can
optionally be exposed as a paravirtual device.  When a server-side (paravirtual
back-end) component wishes to offer a channel to a guest VM, it does so by
specifying a channel type, a mode, and an instance ID.  VMBus then exposes this
in the guest.

More information about VMBus can be found in the file
vmbuskernelmodeclientlibapi.h in Microsoft's WDK.

TODO:
 - split into smaller palatable pieces
 - more comments
 - check and handle corner cases

Kudos to Evgeny Yakovlev (formerly eyakovlev@virtuozzo.com) and Andrey
Smetatin (formerly asmetanin@virtuozzo.com) for research and
prototyping.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Signed-off-by: Jon Doron <arilou@gmail.com>
Message-Id: <20200424123444.3481728-4-arilou@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:40 -04:00
Jon Doron
d42cd96100 hyperv: expose API to determine if synic is enabled
Signed-off-by: Jon Doron <arilou@gmail.com>
Message-Id: <20200424123444.3481728-2-arilou@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:39 -04:00
Philippe Mathieu-Daudé
ca27b5eb7c qom/object: Move Object typedef to 'qemu/typedefs.h'
We use the Object type all over the place.
Forward declare it in "qemu/typedefs.h".

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200504115656.6045-2-f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:36 -04:00
Igor Mammedov
ea81f98bce numa: prevent usage of -M memory-backend and -numa memdev at the same time
Options -M memory-backend and -numa memdev are mutually exclusive,
and if used together, it might lead to a crash in the worst case.
For example when the same backend is used with these options together:
  -m 4G \
  -object memory-backend-ram,id=mem0,size=4G \
  -M pc,memory-backend=mem0 \
  -numa node,memdev=mem0
QEMU will abort with:
   exec.c:2006: qemu_ram_set_idstr: Assertion `!new_block->idstr[0]' failed.

and following backtrace:
    abort ()
    qemu_ram_set_idstr ()
    vmstate_register_ram ()
    vmstate_register_ram_global ()
    machine_consume_memdev ()
    numa_init_memdev_container ()
    numa_complete_configuration ()
    machine_run_board_init ()

add a check to error out in case the user tries to use both options at
the same time.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200511141103.43768-3-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:34 -04:00
KONRAD Frederic
fe18e6eecd semihosting: remove the pthread include which seems unused
This have been introduced by:
  8de702cb67

It doesn't seem to be used so remove it.

Signed-off-by: KONRAD Frederic <frederic.konrad@adacore.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <1589806958-23511-1-git-send-email-frederic.konrad@adacore.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-10 11:29:44 +02:00
Philippe Mathieu-Daudé
1db889c71f hw/openrisc/openrisc_sim: Add assertion to silence GCC warning
When compiling with GCC 10 (Fedora 32) using CFLAGS=-O2 we get:

    CC      or1k-softmmu/hw/openrisc/openrisc_sim.o
  hw/openrisc/openrisc_sim.c: In function ‘openrisc_sim_init’:
  hw/openrisc/openrisc_sim.c:87:42: error: ‘cpu_irqs[0]’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
     87 |         sysbus_connect_irq(s, i, cpu_irqs[i][irq_pin]);
        |                                  ~~~~~~~~^~~

While humans can tell smp_cpus will always be in the [1, 2] range,
(openrisc_sim_machine_init sets mc->max_cpus = 2), the compiler
can't.

Add an assertion to give the compiler a hint there's no use of
uninitialized data.

Buglink: https://bugs.launchpad.net/qemu/+bug/1874073
Reported-by: Martin Liška <mliska@suse.cz>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Stafford Horne <shorne@gmail.com>
Message-Id: <20200608160611.16966-1-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-10 11:29:12 +02:00
Peter Maydell
9e7f1469b9 Various testing and misc fixes:
- header cleanups for plugins
   - support wider watchpoints
   - tweaks for unreliable and broken CI
   - docker image fixes and verion bumps
   - linux-user guest_base fixes
   - remove flex/bison from various test images
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAl7eZFMACgkQ+9DbCVqe
 KkQ5IAf/f7icxRp2EK5+Tt1g2nP9/h1T5Vg7Lu76dPm+i8a4f1D/pKyimGMiMYbc
 bGSQn+4rRohocdAS8rTkPfpBYauFvBxFMUCZThseeW4xYM2YcasvPAvsnQlauNy+
 NrIkg6Ptaw7OSG6ecNJ+0qDiNvOzGz0l4+r+JvhF9LjfPmKlOhipnUY3huzreq2c
 4nvlWPxNVx/Bc+bIVPO3F/zMwwyvZkcthCYZij7cBKN3y8LiP31khsR1GbVu7qxy
 G1hl9j+2oJwzY9RpJBr8eVOrcn5OogIiXH22fBOn1SKAaxbg8m2quNy1iNGZuKNa
 A7I+otZJtHbErWscNAdmtDPKUgepeg==
 =LZKS
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-and-misc-080620-1' into staging

Various testing and misc fixes:

  - header cleanups for plugins
  - support wider watchpoints
  - tweaks for unreliable and broken CI
  - docker image fixes and verion bumps
  - linux-user guest_base fixes
  - remove flex/bison from various test images

# gpg: Signature made Mon 08 Jun 2020 17:16:19 BST
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-testing-and-misc-080620-1:
  scripts/coverity-scan: Remove flex/bison packages
  cirrus-ci: Remove flex/bison packages
  tests/vm: Remove flex/bison packages
  tests/docker: Remove flex/bison packages
  linux-user: detect overflow of MAP_FIXED mmap
  tests/tcg: add simple commpage test case
  linux-user: deal with address wrap for ARM_COMMPAGE on 32 bit
  linux-user: provide fallback pgd_find_hole for bare chroots
  hw/virtio/vhost: re-factor vhost-section and allow DIRTY_MEMORY_CODE
  docker: update Ubuntu to 20.04
  tests/docker: fix pre-requisite for debian-tricore-cross
  .shippable: temporaily disable some cross builds
  .travis.yml: allow failure for unreliable hosts
  exec: flush the whole TLB if a watchpoint crosses a page boundary
  tests/plugin: correctly honour io_count
  scripts/clean-includes: Mark 'qemu/qemu-plugin.h' as special header
  qemu-plugin.h: add missing include <stddef.h> to define size_t

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-09 21:30:00 +01:00
Raphael Norwitz
23374a84c5 Add vhost-user helper to get MemoryRegion data
When setting the memory tables, qemu uses a memory region's userspace
address to look up the region's MemoryRegion struct. Among other things,
the MemoryRegion contains the region's offset and associated file
descriptor, all of which need to be sent to the backend.

With VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS, this logic will be
needed in multiple places, so before feature support is added it
should be moved to a helper function.

This helper is also used to simplify the vhost_user_can_merge()
function.

Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <1588533678-23450-3-git-send-email-raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-06-09 14:18:04 -04:00
Raphael Norwitz
ece99091c2 Add helper to populate vhost-user message regions
When setting vhost-user memory tables, memory region descriptors must be
copied from the vhost_dev struct to the vhost-user message. To avoid
duplicating code in setting the memory tables, we should use a helper to
populate this field. This change adds this helper.

Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <1588533678-23450-2-git-send-email-raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-06-09 14:18:04 -04:00
Dima Stepanov
4bcad76f4c vhost-user-blk: delay vhost_user_blk_disconnect
A socket write during vhost-user communication may trigger a disconnect
event, calling vhost_user_blk_disconnect() and clearing all the
vhost_dev structures holding data that vhost-user functions expect to
remain valid to roll back initialization correctly. Delay the cleanup to
keep vhost_dev structure valid.
There are two possible states to handle:
1. RUN_STATE_PRELAUNCH: skip bh oneshot call and perform disconnect in
the caller routine.
2. RUN_STATE_RUNNING: delay by using bh

BH changes are based on the similar changes for the vhost-user-net
device:
  commit e7c83a885f
  "vhost-user: delay vhost_user_stop"

Signed-off-by: Dima Stepanov <dimastep@yandex-team.ru>
Message-Id: <69b73b94dcd066065595266c852810e0863a0895.1590396396.git.dimastep@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Li Feng <fengli@smartx.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
2020-06-09 14:18:04 -04:00
Philippe Mathieu-Daudé
51eae1e7e4 hw/pci-host: Use the IEC binary prefix definitions
IEC binary prefixes ease code review: the unit is explicit.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200601142930.29408-6-f4bug@amsat.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-09 14:18:04 -04:00
Philippe Mathieu-Daudé
37e7211cae hw/pci/pci_bridge: Use the IEC binary prefix definitions
IEC binary prefixes ease code review: the unit is explicit.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200601142930.29408-5-f4bug@amsat.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-09 14:18:04 -04:00
Philippe Mathieu-Daudé
2dc48da255 hw/pci/pci_bridge: Correct pci_bridge_io memory region size
memory_region_set_size() handle the 16 Exabytes limit by
special-casing the UINT64_MAX value. This is not a problem
for the 32-bit maximum, 4 GiB.
By using the UINT32_MAX value, the pci_bridge_io MemoryRegion
ends up missing 1 byte:

  (qemu) info mtree
  memory-region: pci_bridge_io
    0000000000000000-00000000fffffffe (prio 0, i/o): pci_bridge_io
      0000000000000060-0000000000000060 (prio 0, i/o): i8042-data
      0000000000000064-0000000000000064 (prio 0, i/o): i8042-cmd
      00000000000001ce-00000000000001d1 (prio 0, i/o): vbe
      0000000000000378-000000000000037f (prio 0, i/o): parallel
      00000000000003b4-00000000000003b5 (prio 0, i/o): vga
      ...

Fix by using the correct value. We now have:

  memory-region: pci_bridge_io
    0000000000000000-00000000ffffffff (prio 0, i/o): pci_bridge_io
      0000000000000060-0000000000000060 (prio 0, i/o): i8042-data
      0000000000000064-0000000000000064 (prio 0, i/o): i8042-cmd
      ...

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200601142930.29408-4-f4bug@amsat.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-09 14:18:04 -04:00
Philippe Mathieu-Daudé
ea2fe4dfe4 hw/pci-host/prep: Correct RAVEN bus bridge memory region size
memory_region_set_size() handle the 16 Exabytes limit by
special-casing the UINT64_MAX value. This is not a problem
for the 32-bit maximum, 4 GiB.
By using the UINT32_MAX value, the bm-raven MemoryRegion
ends up missing 1 byte:

  $ qemu-system-ppc -M prep -S -monitor stdio -usb
  memory-region: bm-raven
    0000000000000000-00000000fffffffe (prio 0, i/o): bm-raven
      0000000000000000-000000003effffff (prio 0, i/o): alias bm-pci-memory @pci-memory 0000000000000000-000000003effffff
      0000000080000000-00000000ffffffff (prio 0, i/o): alias bm-system @system 0000000000000000-000000007fffffff

Fix by using the correct value. We now have:

  memory-region: bm-raven
    0000000000000000-00000000ffffffff (prio 0, i/o): bm-raven
      0000000000000000-000000003effffff (prio 0, i/o): alias bm-pci-memory @pci-memory 0000000000000000-000000003effffff
      0000000080000000-00000000ffffffff (prio 0, i/o): alias bm-system @system 0000000000000000-000000007fffffff

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200601142930.29408-3-f4bug@amsat.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-09 14:18:04 -04:00
Prasad J Pandit
f7d6a635fa pci: assert configuration access is within bounds
While accessing PCI configuration bytes, assert that
'address + len' is within PCI configuration space.

Generally it is within bounds. This is more of a defensive
assert, in case a buggy device was to send 'address' which
may go out of bounds.

Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20200604113525.58898-1-ppandit@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-09 14:18:04 -04:00
Julia Suvorova
0dabc0f654 hw/pci/pcie: Move hot plug capability check to pre_plug callback
Check for hot plug capability earlier to avoid removing devices attached
during the initialization process.

Run qemu with an unattached drive:
  -drive file=$FILE,if=none,id=drive0 \
  -device pcie-root-port,id=rp0,slot=3,bus=pcie.0,hotplug=off
Hotplug a block device:
  device_add virtio-blk-pci,id=blk0,drive=drive0,bus=rp0
If hotplug fails on plug_cb, drive0 will be deleted.

Fixes: 0501e1aa1d ("hw/pci/pcie: Forbid hot-plug if it's disabled on the slot")

Acked-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Julia Suvorova <jusual@redhat.com>
Message-Id: <20200604125947.881210-1-jusual@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-09 14:18:04 -04:00
Alexander Duyck
91b867191d virtio-balloon: Provide an interface for free page reporting
Add support for free page reporting. The idea is to function very similar
to how the balloon works in that we basically end up madvising the page as
not being used. However we don't really need to bother with any deflate
type logic since the page will be faulted back into the guest when it is
read or written to.

This provides a new way of letting the guest proactively report free
pages to the hypervisor, so the hypervisor can reuse them. In contrast to
inflate/deflate that is triggered via the hypervisor explicitly.

Acked-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Message-Id: <20200527041407.12700.73735.stgit@localhost.localdomain>
2020-06-09 14:18:04 -04:00
Alexander Duyck
7483cbbaf8 virtio-balloon: Implement support for page poison reporting feature
We need to make certain to advertise support for page poison reporting if
we want to actually get data on if the guest will be poisoning pages.

Add a value for reporting the poison value being used if page poisoning is
enabled in the guest. With this we can determine if we will need to skip
free page reporting when it is enabled in the future.

The value currently has no impact on existing balloon interfaces. In the
case of existing balloon interfaces the onus is on the guest driver to
reapply whatever poison is in place.

When we add free page reporting the poison value is used to determine if
we can perform in-place page reporting. The expectation is that a reported
page will already contain the value specified by the poison, and the
reporting of the page should not change that value.

Acked-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Message-Id: <20200527041400.12700.33251.stgit@localhost.localdomain>
2020-06-09 14:18:04 -04:00
David Hildenbrand
105aef9c94 virtio-balloon: unref the iothread when unrealizing
We took a reference when realizing, so let's drop that reference when
unrealizing.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Fixes: c13c4153f7 ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
Cc: qemu-stable@nongnu.org
Cc: Wei Wang <wei.w.wang@intel.com>
Cc: Alexander Duyck <alexander.duyck@gmail.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20200520100439.19872-4-david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-09 14:18:04 -04:00
David Hildenbrand
49b01711b8 virtio-balloon: fix free page hinting check on unrealize
Checking against guest features is wrong. We allocated data structures
based on host features. We can rely on "free_page_bh" as an indicator
whether to un-do stuff instead.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Fixes: c13c4153f7 ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
Cc: qemu-stable@nongnu.org
Cc: Wei Wang <wei.w.wang@intel.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Alexander Duyck <alexander.duyck@gmail.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20200520100439.19872-3-david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-09 14:18:04 -04:00
David Hildenbrand
12fc8903a8 virtio-balloon: fix free page hinting without an iothread
In case we don't have an iothread, we mark the feature as abscent but
still add the queue. 'free_page_bh' remains set to NULL.

qemu-system-i386 \
        -M microvm \
        -nographic \
        -device virtio-balloon-device,free-page-hint=true \
        -nographic \
        -display none \
        -monitor none \
        -serial none \
        -qtest stdio

Doing a "write 0xc0000e30 0x24
0x030000000300000003000000030000000300000003000000030000000300000003000000"

We will trigger a SEGFAULT. Let's move the check and bail out.

While at it, move the static initializations to instance_init().
free_page_report_status and block_iothread are implicitly set to the
right values (0/false) already, so drop the initialization.

Reviewed-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Fixes: c13c4153f7 ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Cc: qemu-stable@nongnu.org
Cc: Wei Wang <wei.w.wang@intel.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Alexander Duyck <alexander.duyck@gmail.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20200520100439.19872-2-david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-09 14:18:04 -04:00
Philippe Mathieu-Daudé
039a93b02f hw/i386/xen/xen-hvm: Use the IEC binary prefix definitions
IEC binary prefixes ease code review: the unit is explicit.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200601142930.29408-8-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-09 19:58:53 +02:00
Philippe Mathieu-Daudé
94c1253e3e hw/hppa/dino: Use the IEC binary prefix definitions
IEC binary prefixes ease code review: the unit is explicit.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200601142930.29408-7-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-09 19:58:53 +02:00
Philippe Mathieu-Daudé
7df9f02839 hw/arm/aspeed: Correct DRAM container region size
memory_region_set_size() handle the 16 Exabytes limit by
special-casing the UINT64_MAX value. This is not a problem
for the 32-bit maximum, 4 GiB.
By using the UINT32_MAX value, the aspeed-ram-container
MemoryRegion ends up missing 1 byte:

 $ qemu-system-arm -M ast2600-evb -S -monitor stdio
 (qemu) info mtree

  address-space: aspeed.fmc-ast2600-dma-dram
    0000000080000000-000000017ffffffe (prio 0, i/o): aspeed-ram-container
      0000000080000000-00000000bfffffff (prio 0, ram): ram
      00000000c0000000-ffffffffffffffff (prio 0, i/o): max_ram

Fix by using the correct value. We now have:

  address-space: aspeed.fmc-ast2600-dma-dram
    0000000080000000-000000017fffffff (prio 0, i/o): aspeed-ram-container
      0000000080000000-00000000bfffffff (prio 0, ram): ram
      00000000c0000000-ffffffffffffffff (prio 0, i/o): max_ram

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200601142930.29408-2-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-09 19:58:53 +02:00
Philippe Mathieu-Daudé
d263425bce hw/misc/auxbus: Use qemu_log_mask(UNIMP) instead of debug printf
Replace a deprecated DPRINTF() call by qemu_log_mask(LOG_UNIMP).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200606070216.30952-1-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-09 19:14:47 +02:00
Philippe Mathieu-Daudé
18cdeb72bb hw/isa/apm: Convert debug printf()s to trace events
Convert APM_DPRINTF() to trace events and remove ifdef'ry.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200524164806.12658-1-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-09 19:05:20 +02:00
Philippe Mathieu-Daudé
3b34ee6780 hw/unicore32/puv3: Use qemu_log_mask(ERROR) instead of debug printf()
Replace some debug printf() calls by qemu_log_mask(LOG_GUEST_ERROR).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200524164503.11944-1-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-09 19:01:56 +02:00
Eric Auger
80bde69353 arm/acpi: TPM2 ACPI table support
Add a TPM2 ACPI table if a TPM2.0 sysbus device has been
dynamically instantiated.

Signed-off-by: Eric Auger <eric.auger@redhat.com>

Message-Id: <20200601095737.32671-4-eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-09 12:46:45 -04:00
Eric Auger
4338416064 acpi: Move build_tpm2() in the generic part
We plan to build the TPM2 table on ARM too. In order to reuse the
generation code, let's move build_tpm2() to aml-build.c.

No change in the implementation.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-Id: <20200601095737.32671-3-eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-09 12:46:45 -04:00
Eric Auger
04b778610a acpi: Convert build_tpm2() to build_append* API
In preparation of its move to the generic acpi code,
let's convert build_tpm2() to use build_append API. This
latter now is prefered in place of direct ACPI struct field
settings with manual endianness conversion.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-Id: <20200601095737.32671-2-eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-09 12:46:45 -04:00
Stefan Berger
7e7c1b84ca acpi: tpm: Do not build TCPA table for TPM 2
Do not build a TCPA table for TPM 2 anymore but create the log area when
building the TPM2 table. The TCPA table is only needed for TPM 1.2.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-09 12:46:45 -04:00
Gerd Hoffmann
ed003c8c77 acpi: move aml builder code for parallel device
Also adds support for multiple LPT devices.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200515150421.25479-8-kraxel@redhat.com>
2020-06-09 12:46:45 -04:00
Gerd Hoffmann
3e824d3825 acpi: parallel: don't use _STA method
The _STA method dates back to the days where we had a static DSDT.  The
device is listed in the DSDT table unconditionally and the _STA method
checks a bit in the isa bridge pci config space to figure whenever a
given is isa device is present or not, then evaluates to 0x0f (present)
or 0x00 (absent).

These days the DSDT is generated by qemu anyway, so if a device is not
present we can simply drop it from the DSDT instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200515150421.25479-7-kraxel@redhat.com>
2020-06-09 12:46:45 -04:00
Gerd Hoffmann
dcdbfaafe9 acpi: move aml builder code for serial device
The code uses the isa_serial_io array to figure what the device uid is.
Side effect is that acpi antries are not limited to port 1+2 any more,
we'll also get entries for ports 3+4.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200515150421.25479-6-kraxel@redhat.com>
2020-06-09 12:46:45 -04:00
Gerd Hoffmann
4b8e369b91 acpi: serial: don't use _STA method
The _STA method dates back to the days where we had a static DSDT.  The
device is listed in the DSDT table unconditionally and the _STA method
checks a bit in the isa bridge pci config space to figure whenever a
given is isa device is present or not, then evaluates to 0x0f (present)
or 0x00 (absent).

These days the DSDT is generated by qemu anyway, so if a device is not
present we can simply drop it from the DSDT instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200515150421.25479-5-kraxel@redhat.com>
2020-06-09 12:46:45 -04:00
Gerd Hoffmann
f592b94f3c acpi: rtc: use a single crs range
Use a single io range for _CRS instead of two,
following what real hardware does.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200515150421.25479-4-kraxel@redhat.com>
2020-06-09 12:46:45 -04:00
Gerd Hoffmann
df9b9b42cd acpi: move aml builder code for rtc device
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200515150421.25479-3-kraxel@redhat.com>
2020-06-09 12:46:45 -04:00
Raphael Norwitz
705f7f2fce Fix parameter type in vhost migration log path
The ‘enable’ parameter to the vhost_migration_log() function is given as
an int, but "true"/"false" values are passed in wherever it is invoked.
Inside the function itself it is only ever compared with bool values.
Therefore the parameter value itself should be changed to bool.

Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <CAFubqFtqNZw=Y-ar3N=3zTQi6LkKg_G-7W7OOHHbE7Y1fV7HAQ@mail.gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-09 18:46:41 +02:00
Vishal Verma
c3b0cf6e7d hw/acpi/nvdimm: add a helper to augment SRAT generation
NVDIMMs can belong to their own proximity domains, as described by the
NFIT. In such cases, the SRAT needs to have Memory Affinity structures
in the SRAT for these NVDIMMs, otherwise Linux doesn't populate node
data structures properly during NUMA initialization. See the following
for an example failure case.

https://lore.kernel.org/linux-nvdimm/20200416225438.15208-1-vishal.l.verma@intel.com/

Introduce a new helper, nvdimm_build_srat(), and call it for both the
i386 and arm versions of 'build_srat()' to augment the SRAT with
memory affinity information for NVDIMMs.

The relevant command line options to exercise this are below. Nodes 0-1
contain CPUs and regular memory, and nodes 2-3 are the NVDIMM address
space.

    -object memory-backend-ram,id=mem0,size=2048M
    -numa node,nodeid=0,memdev=mem0,
    -numa cpu,node-id=0,socket-id=0
    -object memory-backend-ram,id=mem1,size=2048M
    -numa node,nodeid=1,memdev=mem1,
    -numa cpu,node-id=1,socket-id=1
    -numa node,nodeid=2,
    -object memory-backend-file,id=nvmem0,share,mem-path=nvdimm-0,size=16384M,align=1G
    -device nvdimm,memdev=nvmem0,id=nv0,label-size=2M,node=2
    -numa node,nodeid=3,
    -object memory-backend-file,id=nvmem1,share,mem-path=nvdimm-1,size=16384M,align=1G
    -device nvdimm,memdev=nvmem1,id=nv1,label-size=2M,node=3

Cc: Jingqi Liu <jingqi.liu@intel.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Jingqi Liu <jingqi.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
Message-Id: <20200606000911.9896-3-vishal.l.verma@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-09 11:17:59 -04:00
Michael S. Tsirkin
191f90cbea msix: allow qword MSI-X table accesses
PCI spec says:

For all accesses to MSI-X Table and MSI-X PBA fields, software must use
aligned full DWORD or aligned full QWORD transactions; otherwise, the
result is undefined.

However, since MSI-X was converted to use memory API, QEMU
started blocking qword transactions, only allowing DWORD
ones. Guests do not seem to use QWORD accesses, but let's
be spec compliant.

Fixes: 95524ae8dc ("msix: convert to memory API")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-06-09 09:31:34 -04:00
Philippe Mathieu-Daudé
8e071cd401 hw/timer/grlib_gptimer: Display frequency in decimal
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20200331105048.27989-6-f4bug@amsat.org>
2020-06-09 09:21:10 +02:00
Philippe Mathieu-Daudé
d15188ddcf hw/misc/grlib_ahb_apb_pnp: Add trace events on read accesses
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20200331105048.27989-5-f4bug@amsat.org>
2020-06-09 09:21:10 +02:00
Philippe Mathieu-Daudé
1a5a557088 hw/misc/grlib_ahb_apb_pnp: Fix AHB PnP 8-bit accesses
The Plug & Play region of the AHB/APB bridge can be accessed
by various word size, however the implementation is clearly
restricted to 32-bit:

  static uint64_t grlib_ahb_pnp_read(void *opaque, hwaddr offset, unsigned size)
  {
      AHBPnp *ahb_pnp = GRLIB_AHB_PNP(opaque);

      return ahb_pnp->regs[offset >> 2];
  }

Similarly to commit 0fbe394a64 with the APB PnP registers,
set the MemoryRegionOps::impl min/max fields to 32-bit, so
memory.c::access_with_adjusted_size() can adjust when the
access is not 32-bit.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20200331105048.27989-4-f4bug@amsat.org>
2020-06-09 09:21:10 +02:00
Philippe Mathieu-Daudé
bb15013ef3 hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to AHB PnP registers
Similarly to commit 158b659451 with the APB PnP registers, guests
can crash QEMU when writting to the AHB PnP registers:

  $ echo 'writeb 0xfffff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
  [I 1571938309.932255] OPENED
  [R +0.063474] writeb 0xfffff042 69
  Segmentation fault (core dumped)

  (gdb) bt
  #0  0x0000000000000000 in  ()
  #1  0x0000562999110df4 in memory_region_write_with_attrs_accessor
      (mr=mr@entry=0x56299aa28ea0, addr=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, shift=<optimized out>, mask=mask@entry=255, attrs=...) at memory.c:503
  #2  0x000056299911095e in access_with_adjusted_size
      (addr=addr@entry=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=access_fn@entry=
      0x562999110d70 <memory_region_write_with_attrs_accessor>, mr=0x56299aa28ea0, attrs=...) at memory.c:539
  #3  0x0000562999114fba in memory_region_dispatch_write (mr=mr@entry=0x56299aa28ea0, addr=66, data=<optimized out>, op=<optimized out>, attrs=attrs@entry=...) at memory.c:1482
  #4  0x00005629990c0860 in flatview_write_continue
      (fv=fv@entry=0x56299aa7d8a0, addr=addr@entry=4294963266, attrs=..., ptr=ptr@entry=0x7fff6abe1540, len=len@entry=1, addr1=<optimized out>, l=<optimized out>, mr=0x56299aa28ea0)
      at include/qemu/host-utils.h:164
  #5  0x00005629990c0a76 in flatview_write (fv=0x56299aa7d8a0, addr=4294963266, attrs=..., buf=0x7fff6abe1540, len=1) at exec.c:3165
  #6  0x00005629990c4c1b in address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., attrs@entry=..., buf=buf@entry=0x7fff6abe1540, len=len@entry=1) at exec.c:3256
  #7  0x000056299910f807 in qtest_process_command (chr=chr@entry=0x5629995ee920 <qtest_chr>, words=words@entry=0x56299acfcfa0) at qtest.c:437

Instead of crashing, log the access as unimplemented.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20200331105048.27989-3-f4bug@amsat.org>
2020-06-09 09:21:10 +02:00
Philippe Mathieu-Daudé
aceeb71306 hw/sparc64/niagara: Remove duplicated NIAGARA_UART_BASE definition
NIAGARA_UART_BASE is already defined few lines earlier.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200608172144.20461-3-f4bug@amsat.org>
2020-06-09 09:21:10 +02:00
Philippe Mathieu-Daudé
bec6e07afd hw/sparc64/niagara: Map the UART device unconditionally
The UART is present on the machine regardless there is a
character device connected to it. Map it unconditionally.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200608172144.20461-4-f4bug@amsat.org>
2020-06-09 09:21:10 +02:00
Philippe Mathieu-Daudé
acd2a001e0 hw/sparc/leon3: Map the UART device unconditionally
The UART is present on the chipset regardless there is a
character device connected to it. Map it unconditionally.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20200608172144.20461-2-f4bug@amsat.org>
2020-06-09 09:21:10 +02:00
Philippe Mathieu-Daudé
28c78fe818 hw/misc/empty_slot: Name the slots when created
Directly set the slot name when creating the device,
to display the device name in trace events.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-8-f4bug@amsat.org>
2020-06-09 06:59:44 +02:00
Philippe Mathieu-Daudé
6007523a80 hw/misc/empty_slot: Move the 'hw/misc' and cover in MAINTAINERS
Add an entry for the 'empty_slot' device.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-7-f4bug@amsat.org>
2020-06-09 06:59:44 +02:00
Philippe Mathieu-Daudé
c0e43084dd hw/misc/empty_slot: Convert debug printf() to trace event
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-6-f4bug@amsat.org>
2020-06-09 06:59:44 +02:00
Philippe Mathieu-Daudé
07ddf5cbe2 hw/misc/empty_slot: Add a 'name' qdev property
Add a 'name' qdev property so when multiple slots are
accessed, we can notice which one is accessed.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-5-f4bug@amsat.org>
2020-06-09 06:59:44 +02:00
Philippe Mathieu-Daudé
4bbadef0e3 hw/misc/empty_slot: Convert 'size' field as qdev property
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-4-f4bug@amsat.org>
2020-06-09 06:59:44 +02:00
Philippe Mathieu-Daudé
6c339493c8 hw/misc/empty_slot: Lower address space priority
Empty slots model RAZ/WI access on a bus. Since we can still
(hot) plug devices on the bus, lower the slot priority, so
device added later is accessed first.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-3-f4bug@amsat.org>
2020-06-09 06:59:44 +02:00
Philippe Mathieu-Daudé
077f0f3dad hw/sparc/sun4m: Use UnimplementedDevice for I/O devices
These devices are not slots on a bus, but real I/O devices
that we do not implement. As the ISDN ROM would be a ROMD
device, also model it as UnimplementedDevice.

Reviewed-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-2-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-06-09 06:59:34 +02:00
Alex Bennée
083b9bd7a1 hw/virtio/vhost: re-factor vhost-section and allow DIRTY_MEMORY_CODE
The purpose of vhost_section is to identify RAM regions that need to
be made available to a vhost client. However when running under TCG
all RAM sections have DIRTY_MEMORY_CODE set which leads to problems
down the line.

Re-factor the code so:

  - steps are clearer to follow
  - reason for rejection is recorded in the trace point
  - we allow DIRTY_MEMORY_CODE

We expand the comment to explain that kernel based vhost has specific
support for migration tracking.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Fabiano Rosas <farosas@linux.ibm.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20200605154929.26910-11-alex.bennee@linaro.org>
2020-06-08 17:04:19 +01:00
Peter Maydell
49ee115552 linux-user pull request 20200605-v2
Implement F_OFD_ fcntl() command, /proc/cpuinfo for hppa
 Fix socket(), prnctl() error codes, underflow in target_mremap,
     epoll_create() strace, oldumount for alpha
 User-mode build dependencies improvement
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAl7blvgSHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748Nf0P/1QF1Y4A2I/SI53TksSWS55wlWCfV/wd
 SXUSjTmM1W4Y/tKScwkjooClYeVV59Ie5VL7WMdLO0YGxTQC7jqBONHAuaxSb4ky
 qNI5pvW0fpfl4i1ThC7XIlihOn49WlzEczTZqLRMuOh28nr3gJQCWweo/QIQoyUl
 KNcCLgQiY3raBi7nykC26dRc8DvV6sSu+qcoTk8A0FRbEfUDf+sj/njY3Xh8AZN7
 FAn4iscV/UIAnGM6VGQzGfUHfBBL28rkmg/++oQrnvnH8blx0O1NrdDsgiHuKT7P
 /OC4tzpp6IkBzOy+sL3V/QdjKoxmMPadDj39rGLnZTQ6GZFXRZgVckknVdupTZD6
 77lmnvbQMKmsKJWwn8zrd3RtwG2L6tWHgm16ZUXXaU+lFDa/xn55o4KnMdgZXEGP
 +7EHf2IfkZfiFmblBWiJi7OMg2wzSDQaAIBTMr43nJfDwZUvKGnAHccuVLQitpGe
 4dRN6lCT0K1h6WwNhLRH/Fqqhi9vN7o3sSUQVm128XzYOOPDRyau/R4F1AQNbNdU
 +ZyrZqSvQxSxH0VNeu5wHRiwOym3bFJTVmGd5cWMzXs1kb+vmMG5ZjGBfxFr6gbC
 9bVwDMxJ9vU5ExIZfUg4J/dOtWccJuADj11QPDcm8et3Tbqy1iiV9Py2k5IsIgqM
 BCsqBl3i+ekz
 =5q4d
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.1-pull-request' into staging

linux-user pull request 20200605-v2

Implement F_OFD_ fcntl() command, /proc/cpuinfo for hppa
Fix socket(), prnctl() error codes, underflow in target_mremap,
    epoll_create() strace, oldumount for alpha
User-mode build dependencies improvement

# gpg: Signature made Sat 06 Jun 2020 14:15:36 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-5.1-pull-request:
  stubs: Restrict ui/win32-kbd-hook to system-mode
  hw/core: Restrict CpuClass::get_crash_info() to system-mode
  target/s390x: Restrict CpuClass::get_crash_info() to system-mode
  target/i386: Restrict CpuClass::get_crash_info() to system-mode
  arch_init: Remove unused 'qapi-commands-misc.h' include
  exec: Assert CPU migration is not used on user-only build
  target/riscv/cpu: Restrict CPU migration to system-mode
  stubs/Makefile: Reduce the user-mode object list
  util/Makefile: Reduce the user-mode object list
  tests/Makefile: Restrict some softmmu-only tests
  tests/Makefile: Only display TCG-related tests when TCG is available
  configure: Avoid building TCG when not needed
  Makefile: Only build virtiofsd if system-mode is enabled
  linux-user: implement OFD locks
  linux-user/mmap.c: fix integer underflow in target_mremap
  linux-user/strace.list: fix epoll_create{,1} -strace output
  linux-user: Add support for /proc/cpuinfo on hppa platform
  linux-user: return target error codes for socket() and prctl()
  linux-user, alpha: fix oldumount syscall

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-08 11:04:57 +01:00
Peter Maydell
5a922419fe target-arm queue:
hw/ssi/imx_spi: Handle tx burst lengths other than 8 correctly
  hw/input/pxa2xx_keypad: Replace hw_error() by qemu_log_mask()
  hw/arm/pxa2xx: Replace printf() call by qemu_log_mask()
  target/arm: Convert crypto insns to gvec
  hw/adc/stm32f2xx_adc: Correct memory region size and access size
  tests/acceptance: Add a boot test for the xlnx-versal-virt machine
  docs/system: Document Aspeed boards
  raspi: Add model of the USB controller
  target/arm: Convert 2-reg-and-shift and 1-reg-imm Neon insns to decodetree
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl7ad2cZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3gWhD/4q680AQzGxQrPclC7fPM0M
 pdgmfXWvL5EpbVYDsERjmQU7pYZ0D7vPy2+dRsKsI/V219RC/b+FttbO9UG0gGxy
 KBHQ2AHfv7QPdLcpXTQOVxfhEBiSU9Ij6Gi8YEF5aPhC8FaGZPMSuum97fWBqOfV
 zcFps9gT39HNQvwzdqeY+dJ8zcwNLw5ssGYjuh/7pcEWC+i622O9t7aO88ZNIhL+
 rz/zD6YUGhtgXPgowzy7DjFZbPFzxXQpvHGJ6vTBZCIA2/66vqFE3Nf99IJlKtNs
 APtYqAVKJ6JCyqlw5xTjL4rO/9rXnb98kruxJaLb7XJpB41Jfyap+Cn5WrxZ91mw
 QsXL2AtOePQsLCLutDGbXj+9nZ2Ps3tjzRX/50KyqQXJDSsgYK6NQillMWrKzYKe
 agNtSRw2100kKh6/31OL5UnaAD3LUiayu6q3DA4jNYryKuRXI2lNJdl9bvsY3vmn
 G8IoFIirH5L5rUqVx/HgMLkur9IH60YkCGGzaLPBCwC2FIPT8Z9YoPYSY0aXicKd
 YBgEVWs9yzXgOYc0Nli9HzIqNw3diAezZfZxs/hOFoE1S+n9L9VeEBTXnhw4kXDN
 nHyIUhSR0DuCd7M6OqOgebkyyR8iwIl6gZta0UmbuWb5hSIQnt5Ero5G85prAI9L
 8vUbk/xJGnTfQ/RZmjVKRA==
 =rGLT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200605' into staging

target-arm queue:
 hw/ssi/imx_spi: Handle tx burst lengths other than 8 correctly
 hw/input/pxa2xx_keypad: Replace hw_error() by qemu_log_mask()
 hw/arm/pxa2xx: Replace printf() call by qemu_log_mask()
 target/arm: Convert crypto insns to gvec
 hw/adc/stm32f2xx_adc: Correct memory region size and access size
 tests/acceptance: Add a boot test for the xlnx-versal-virt machine
 docs/system: Document Aspeed boards
 raspi: Add model of the USB controller
 target/arm: Convert 2-reg-and-shift and 1-reg-imm Neon insns to decodetree

# gpg: Signature made Fri 05 Jun 2020 17:48:39 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200605: (29 commits)
  target/arm: Convert Neon one-register-and-immediate insns to decodetree
  target/arm: Convert VCVT fixed-point ops to decodetree
  target/arm: Convert Neon VSHLL, VMOVL to decodetree
  target/arm: Convert Neon narrowing shifts with op==9 to decodetree
  target/arm: Convert Neon narrowing shifts with op==8 to decodetree
  target/arm: Convert VQSHLU, VQSHL 2-reg-shift insns to decodetree
  target/arm: Convert Neon VSRA, VSRI, VRSHR, VRSRA 2-reg-shift insns to decodetree
  target/arm: Convert Neon VSHR 2-reg-shift insns to decodetree
  target/arm: Convert Neon VSHL and VSLI 2-reg-shift insn to decodetree
  raspi2 acceptance test: add test for dwc-hsotg (dwc2) USB host
  wire in the dwc-hsotg (dwc2) USB host controller emulation
  usb: add short-packet handling to usb-storage driver
  dwc-hsotg (dwc2) USB host controller emulation
  dwc-hsotg (dwc2) USB host controller state definitions
  dwc-hsotg (dwc2) USB host controller register definitions
  raspi: add BCM2835 SOC MPHI emulation
  docs/system: Document Aspeed boards
  tests/acceptance: Add a boot test for the xlnx-versal-virt machine
  hw/adc/stm32f2xx_adc: Correct memory region size and access size
  target/arm: Split helper_crypto_sm3tt
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 23:31:31 +01:00
Philippe Mathieu-Daudé
cfe35d4889 hw/core: Restrict CpuClass::get_crash_info() to system-mode
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200522172510.25784-13-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-05 21:23:22 +02:00
Peter Maydell
175198ad91 s390x update:
- enhance s390x documentation
 - allow ORBs without prefetch specified for vfio-ccw
 - various cleanups and enhancements
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAl7aZZsSHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vf2MP/Rzvi7vVtykq/nA8oX6tQ7gNm+eF8pF/
 URZ5eM11lDFsp4QE8SfTx548uTrr97NniI8AZZPSZSDozcdw7pM8DEqjutgq40eB
 nrYiXma9p5i2f6QTGsirD9A8Tsyi6vNONVRL1KRr/Ihd/B9V3o7eBLvDLh3xKrj8
 2TxdXWaVwZrG8jvKjH+wDRGB1GktDL9q7vYaEowYvXf7P48kPCP7QiE9pw8O9XAh
 0rdR+eCVg6IzM5LxxyUu60v+b1bOvxE0wvEgKpFpS+oKVlTt8GPwjDzOMZMvlI61
 qGfJRg5+dr1c587QFtfT7oSlNHdI5AoeEUtEgFrUwR4WKKc8J5FA8DhTBQm154OZ
 kk3tFOYJ1LKWTP7Q486Jn3yPE9qy2MdnHod4GY3LFrCuPWPEsySR4l4gs28BPPu3
 7j0QuqZk/J4xoHMCdIwn7tk7XNYTG3ggLCGu5EmkWtYl8+Lqo3QtYgNLno/PijwU
 PutLRb5y1/0Jku3WS1o5FjGRIq8QMacekJlME2k6/KyPpjXT2T5/WReTftnbYi1O
 q67wlIf7FVc+/eWEh4BqQFwtWJ1u1sHLelj5vdl17Nrmf8dY+ED8v0QtlT1CauOi
 OJRCKtV//uKHNFIC1ZXuuo3FA7gyM55ws96kaMjbXpS2a1Xgan4R3eT+BZwcRvhZ
 80jjQ/yjtLY+
 =O5n4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200605' into staging

s390x update:
- enhance s390x documentation
- allow ORBs without prefetch specified for vfio-ccw
- various cleanups and enhancements

# gpg: Signature made Fri 05 Jun 2020 16:32:43 BST
# gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [marginal]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [marginal]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [marginal]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20200605:
  target/s390x: Restrict system-mode declarations
  target/s390x/helper: Clean ifdef'ry
  target/s390x: Only compile decode_basedisp() on system-mode
  MAINTAINERS: add Thomas as additional s390x maintainer
  docs/s390x: document vfio-ccw
  vfio-ccw: allow non-prefetch ORBs
  docs/s390x: document 3270
  docs/s390x: document the virtual css
  s390x: pv: Fix KVM_PV_PREP_RESET command wrapper name
  s390x/kvm: help valgrind in several places

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:45:59 +01:00
Paul Zimmerman
60bf734e64 wire in the dwc-hsotg (dwc2) USB host controller emulation
Wire the dwc-hsotg (dwc2) emulation into Qemu

Signed-off-by: Paul Zimmerman <pauldzim@gmail.com>
Reviewed-by: Philippe Mathieu-Daude <f4bug@amsat.org>
Message-id: 20200520235349.21215-7-pauldzim@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Paul Zimmerman
7ad3d51ebb usb: add short-packet handling to usb-storage driver
The dwc-hsotg (dwc2) USB host depends on a short packet to
indicate the end of an IN transfer. The usb-storage driver
currently doesn't provide this, so fix it.

I have tested this change rather extensively using a PC
emulation with xhci, ehci, and uhci controllers, and have
not observed any regressions.

Signed-off-by: Paul Zimmerman <pauldzim@gmail.com>
Message-id: 20200520235349.21215-6-pauldzim@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Paul Zimmerman
153ef1662c dwc-hsotg (dwc2) USB host controller emulation
Add the dwc-hsotg (dwc2) USB host controller emulation code.
Based on hw/usb/hcd-ehci.c and hw/usb/hcd-ohci.c.

Note that to use this with the dwc-otg driver in the Raspbian
kernel, you must pass the option "dwc_otg.fiq_fsm_enable=0" on
the kernel command line.

Emulation of slave mode and of descriptor-DMA mode has not been
implemented yet. These modes are seldom used.

I have used some on-line sources of information while developing
this emulation, including:

http://www.capital-micro.com/PDF/CME-M7_Family_User_Guide_EN.pdf
which has a pretty complete description of the controller starting
on page 370.

https://sourceforge.net/p/wive-ng/wive-ng-mt/ci/master/tree/docs/DataSheets/RT3050_5x_V2.0_081408_0902.pdf
which has a description of the controller registers starting on
page 130.

Thanks to Felippe Mathieu-Daude for providing a cleaner method
of implementing the memory regions for the controller registers.

Signed-off-by: Paul Zimmerman <pauldzim@gmail.com>
Message-id: 20200520235349.21215-5-pauldzim@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Paul Zimmerman
104a010f24 dwc-hsotg (dwc2) USB host controller state definitions
Add the dwc-hsotg (dwc2) USB host controller state definitions.
Mostly based on hw/usb/hcd-ehci.h.

Signed-off-by: Paul Zimmerman <pauldzim@gmail.com>
Message-id: 20200520235349.21215-4-pauldzim@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Paul Zimmerman
3d46938bbb raspi: add BCM2835 SOC MPHI emulation
Add BCM2835 SOC MPHI (Message-based Parallel Host Interface)
emulation. It is very basic, only providing the FIQ interrupt
needed to allow the dwc-otg USB host controller driver in the
Raspbian kernel to function.

Signed-off-by: Paul Zimmerman <pauldzim@gmail.com>
Acked-by: Philippe Mathieu-Daude <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200520235349.21215-2-pauldzim@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Philippe Mathieu-Daudé
d04bf49c9e hw/adc/stm32f2xx_adc: Correct memory region size and access size
The ADC region size is 256B, split as:
 - [0x00 - 0x4f] defined
 - [0x50 - 0xff] reserved

All registers are 32-bit (thus when the datasheet mentions the
last defined register is 0x4c, it means its address range is
0x4c .. 0x4f.

This model implementation is also 32-bit. Set MemoryRegionOps
'impl' fields.

See:
  'RM0033 Reference manual Rev 8', Table 10.13.18 "ADC register map".

Reported-by: Seth Kintigh <skintigh@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200603055915.17678-1-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Philippe Mathieu-Daudé
fc417e5b57 hw/arm/pxa2xx: Replace printf() call by qemu_log_mask()
Replace printf() calls by qemu_log_mask(), which is disabled
by default. This avoid flooding the terminal when fuzzing the
device.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200525114123.21317-3-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:08 +01:00
Philippe Mathieu-Daudé
3a37f23979 hw/input/pxa2xx_keypad: Replace hw_error() by qemu_log_mask()
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.

When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask()
(missed in commit 5a0001ec7e).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200525114123.21317-2-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:08 +01:00
Eden Mikitas
6d686145c8 hw/ssi/imx_spi: Removed unnecessary cast of rx data received from slave
When inserting the value retrieved (rx) from the spi slave, rx is pushed to
rx_fifo after being cast to uint8_t. rx_fifo is a fifo32, and the rx
register the driver uses is also 32 bit. This zeroes the 24 most
significant bits of rx. This proved problematic with devices that expect to
use the whole 32 bits of the rx register.

Signed-off-by: Eden Mikitas <e.mikitas@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:08 +01:00
Eden Mikitas
9c49c83e4b hw/ssi/imx_spi: changed while statement to prevent underflow
The while statement in question only checked if tx_burst is not 0.
tx_burst is a signed int, which is assigned the value put by the
guest driver in ECSPI_CONREG. The burst length can be anywhere
between 1 and 4096, and since tx_burst is always decremented by 8
it could possibly underflow, causing an infinite loop.

Signed-off-by: Eden Mikitas <e.mikitas@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:08 +01:00
Jared Rossi
24e58a7b1d vfio-ccw: allow non-prefetch ORBs
Remove the explicit prefetch check when using vfio-ccw devices.
This check does not trigger in practice as all Linux channel programs
are intended to use prefetch.

Newer Linux kernel versions do not require to force the PFCH flag with
vfio-ccw devices anymore.

Signed-off-by: Jared Rossi <jrossi@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20200512181535.18630-2-jrossi@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-06-05 17:13:11 +02:00
Janosch Frank
9a43259762 s390x: pv: Fix KVM_PV_PREP_RESET command wrapper name
s390_pv_perf_clear_reset() is not a very helpful name since that
function needs to be called for a normal and a clear reset via
diag308.

Let's instead name it s390_pv_prep_reset() which reflects the purpose
of the function a bit better.

Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20200505124159.24099-1-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-06-05 17:13:11 +02:00
Peter Maydell
5d2f557b47 vga: ati security fix, cirrus cleanup.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJe2iwRAAoJEEy22O7T6HE4BXYP/jT6RaTnw0NhgyNtD3Eq/943
 0391Ihv019M3bnNlYu5rF9N1B8fRYfgODCsvOxkWTCjJl1evsHe9T0xuZKLFIcvB
 clJznEQ02FuPbt3jFC+JltqRg8pv/GleLeF45El8xgkckaIXgAhqQ4g6ApXkXIzi
 3s9ENKyKYogNxpl7/XPUVzGol8Fhrch2wnIS4pQ+SeH9ieYv8f47YWYVljG189ZX
 9o0vzKZmMTmW9sqCOO5DI50x4A1RrFzLjCIdnroLl2NKnAopxi5no2oSGhmMe55a
 5z9AHaLdlVrh2aHSfYrucs78/NiN6LtMrCt3yJ7eHkHBHL/RNN6rMrpI9A0UyI41
 P/xqUUerd9+dxzZkTbyqAvwhAitJffBq6eeFkt7sRESA9GyHudxomTj+nMtkGgRV
 9pvsjnr7+IOav+TT4MLmwyKBeKxad7mhNSoNPCCmt4Ek/FwP+EzeH5Ix4b3hQFa9
 NjsicruiBDwkZmHpY/6qSuEpWabITMcquN/iiAnkOTXnRMXnh62zcFQQUU/3riiB
 iCuaBXMRFLDtbpb6ILGZeY27PeY5Il8vJ+3brFzMuaMp8TtkWy3mnWysRjEfvo6c
 TJDvVbWJRx5BGq6Ja3RLwTFGaxbpM2oVmbW6/dSTCVeu4Jijhf9aQ5vyeJvJp4cS
 0zXW+1Zd7778bBFyei4P
 =NNSV
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20200605-pull-request' into staging

vga: ati security fix, cirrus cleanup.

# gpg: Signature made Fri 05 Jun 2020 12:27:13 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20200605-pull-request:
  hw/display/cirrus_vga: Fix code mis-indentation
  ati-vga: check mm_index before recursive call (CVE-2020-13800)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 13:53:05 +01:00
Philippe Mathieu-Daudé
bc2a2364b8 hw/block: Let the NVMe emulated device be target-agnostic
Now than the non-target specific memory_region_msync() function
is available, use it to make this device target-agnostic.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20200508062456.23344-4-philmd@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-06-05 09:54:48 +01:00
Philippe Mathieu-Daudé
ae3887e6f0 hw/display/cirrus_vga: Fix code mis-indentation
While replacing fprintf() by qemu_log_mask() in commit
2b55f4d350, we incorrectly used a 'tab = 4 spaces'
alignment, leading to misindented new code. Fix now.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200529165436.23573-1-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-06-05 09:17:23 +02:00
Prasad J Pandit
a98610c429 ati-vga: check mm_index before recursive call (CVE-2020-13800)
While accessing VGA registers via ati_mm_read/write routines,
a guest may set 's->regs.mm_index' such that it leads to infinite
recursion. Check mm_index value to avoid such recursion. Log an
error message for wrong values.

Reported-by: Ren Ding <rding@gatech.edu>
Reported-by: Hanqing Zhao <hanqing@gatech.edu>
Reported-by: Yi Ren <c4tren@gmail.com>
Message-id: 20200604090830.33885-1-ppandit@redhat.com
Suggested-by: BALATON Zoltan <balaton@eik.bme.hu>
Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-06-05 09:14:40 +02:00
Alistair Francis
fe0fe4735e riscv: Initial commit of OpenTitan machine
This adds a barebone OpenTitan machine to QEMU.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
2020-06-03 09:11:51 -07:00
Alistair Francis
0869490b1c riscv: sifive_e: Manually define the machine
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com>
2020-06-03 09:11:51 -07:00
Alistair Francis
26cd0362dd hw/riscv: spike: Remove deprecated ISA specific machines
The ISA specific Spike machines have been deprecated in QEMU since 4.1,
let's finally remove them.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
2020-06-03 09:11:51 -07:00
Bin Meng
b2a3a071f7 hw/riscv: virt: Remove the riscv_ prefix of the machine* functions
Remove the riscv_ prefix of the machine* functions.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1590072147-13035-2-git-send-email-bmeng.cn@gmail.com
Message-Id: <1590072147-13035-2-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-03 09:11:51 -07:00
Bin Meng
139177b1d4 hw/riscv: sifive_u: Remove the riscv_ prefix of the soc* functions
To keep consistency with the machine* functions, remove the riscv_
prefix of the soc* functions.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1590072147-13035-1-git-send-email-bmeng.cn@gmail.com
Message-Id: <1590072147-13035-1-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-03 09:11:51 -07:00
Bin Meng
087a424674 riscv: Change the default behavior if no -bios option is specified
Per QEMU deprecated doc, QEMU 4.1 introduced support for the -bios
option in QEMU for RISC-V for the virt machine and sifive_u machine.
The default behavior has been that QEMU does not automatically load
any firmware if no -bios option is included.

Now 2 releases passed, it's time to change the default behavior to
load the default OpenSBI firmware automatically. The firmware is
included with the QEMU release and no user interaction is required.
All a user needs to do is specify the kernel they want to boot with
the -kernel option.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1588335545-649-1-git-send-email-bmeng.cn@gmail.com
Message-Id: <1588335545-649-1-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-03 09:11:51 -07:00
Bin Meng
ac5f7246d7 riscv: Suppress the error report for QEMU testing with riscv_find_firmware()
We only ship plain binary bios images in the QEMU source. With Spike
machine that uses ELF images as the default bios, running QEMU test
will complain hence let's suppress the error report for QEMU testing.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Message-Id: <1588348254-7241-6-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-03 09:11:51 -07:00
Huacai Chen
a08d60bc6c hw/mips: fuloong2e: Set preferred page size to 16KB
Loongson processor prefers 16KB page size in system emulator, so let's
define mc->minimum_page_bits to 14.

Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <1586337380-25217-2-git-send-email-chenhc@lemote.com>
2020-06-01 13:28:21 +02:00
Huacai Chen
c3173a35bc hw/mips: Add CPU IRQ3 delivery for KVM
Currently, KVM/MIPS only deliver I/O interrupt via IP2, this patch add
IP3 delivery as well, because Loongson-3 based machine use both IRQ2
(CPU's IP2) and IRQ3 (CPU's IP3).

Signed-off-by: Huacai Chen <chenhc@lemote.com>
Co-developed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <1588501221-1205-4-git-send-email-chenhc@lemote.com>
2020-06-01 13:28:21 +02:00
Philippe Mathieu-Daudé
b809667808 hw/m68k/mcf52xx: Replace hw_error() by qemu_log_mask()
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.

When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200526094052.1723-3-f4bug@amsat.org>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2020-05-30 09:17:46 +02:00
Philippe Mathieu-Daudé
ccff1ae4df hw/m68k/mcf5206: Reduce m5206_mbar_read/write() offset arg to 16-bit
All calls to m5206_mbar_read/m5206_mbar_write are used with
'offset = hwaddr & 0x3ff', so we are sure the offset fits
in 16-bit.

Suggested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200526094052.1723-2-f4bug@amsat.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2020-05-30 09:16:28 +02:00
Peter Maydell
b8bee16e94 hw/dispaly/sm501: bugfixes, add sanity checks.
hw/display: use tracepoints, misc cleanups.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJez7AUAAoJEEy22O7T6HE4JvgQAKtszLGyFKlkFv1RDuUc35NY
 hWsEbglGPesn2jFMxL1TI7hr+yb7qyaakbsv1WBhRpmI22BXJcNRjGv9XlWDzp7i
 LnE2Zm5WwJ6Z53G70inybzIp1sRLvZXl8c0218/bCiH1i37OR+dwXGmg8lMhU13P
 QcVmzPYSVqj8/qkS6zmZHMbkVk2jonOp7S0wqxI7GHgAclB5K4BZHy4i+s0V2zYK
 KesIvVdyFvgqzIWvR3CwJC7HKVDBz4whDwzASNdICUbEj+C99wq4euZY7idsonoM
 NEbxIXK23iAKwl75hLiN9KDaXWTzo7wBpQze/6PDtz+l4n6zj0Ig9SRGIXAQ3+NW
 HjRDUBn0gXA0TTrSzP9F7/3nHX7khHjD87NxguFjiYRJCuEWNCIgqMkVb1Rgrag0
 WOlH+Rn0BJM0dedBRgdGvGnwvZouDpEdqimvQ0JD93PEun/x1yFy4t/U4EWI+RM7
 V9QiZ2kIgH/EbF4fkt7R+9Y86w5ZNn4YNbyP42zx5b/x0gcWzcU/yP/JPhsAP7gM
 EgzbTKW6KDqUQQtKn/7taHgpje/XK5AVtcqt7HbM46tF6koIUqTncSrEqnV7tAHy
 yagAqn4pQjs7m4Yd2Vk6jhVXM5x5vGqrRZUHQjroeX++vmetTjclNyMd6P9DIP+j
 +kCoG85UpPraCLHiQcu9
 =WVh1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20200528-pull-request' into staging

hw/dispaly/sm501: bugfixes, add sanity checks.
hw/display: use tracepoints, misc cleanups.

# gpg: Signature made Thu 28 May 2020 13:35:32 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20200528-pull-request: (21 commits)
  sm501: Remove obsolete changelog and todo comment
  sm501: Optimize small overlapping blits
  sm501: Replace hand written implementation with pixman where possible
  sm501: Clean up local variables in sm501_2d_operation
  sm501: Use BIT(x) macro to shorten constant
  sm501: Shorten long variable names in sm501_2d_operation
  sm501: Convert printf + abort to qemu_log_mask
  hw/display/pxa2xx_lcd: Replace printf() call by qemu_log_mask()
  hw/display/omap_dss: Replace fprintf() call by qemu_log_mask(LOG_UNIMP)
  hw/display/exynos4210_fimd: Use qemu_log_mask(GUEST_ERROR)
  hw/display/vmware_vga: Let the PCI device own its I/O MemoryRegion
  hw/display/vmware_vga: Replace printf() calls by qemu_log_mask(ERROR)
  hw/display/xlnx_dp: Replace disabled DPRINTF() by error_report()
  hw/display/dpcd: Convert debug printf()s to trace events
  hw/display/dpcd: Fix memory region size
  hw/display/cirrus_vga: Convert debug printf() to trace event
  hw/display/cirrus_vga: Use qemu_log_mask(ERROR) instead of debug printf
  hw/display/cirrus_vga: Use qemu_log_mask(UNIMP) instead of debug printf
  hw/display/cirrus_vga: Convert debug printf() to trace event
  hw/display/cg3: Convert debug printf()s to trace events
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-28 18:13:20 +01:00
Peter Maydell
aacc7c8be2 Error reporting patches for 2020-05-27
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAl7N/xISHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTdJYP/j0mnss0or9ZuchxNpFLTV1lBd0wuKqL
 79279BWsJ8AObmYPs0oXe1cfcq76NA7d6tVYrmz0pZ7BkYmXY0VgbBKeYXozcX5z
 6MJ+7+7wOJ1hO4oSTz9Jo1ZSpr8g0Be4m4DweHSyC9Uz6jCNAw3yJlPNsZ295jvk
 w2QD4ApwaofhF8SkNw5s4DE1piLpr8+IbGhY7YTKASQv3dIqTfjGSoz9MCKI4ZCA
 KHLLLkgV3NvCgxRKP2JclWUSsX6Er8joN2zUGlU1xBm6yTZqjWPLMxSysVkl+vcA
 1qx4GggDZ/zMcfyGBdXW8EAtT1QMfHU6zh9ED9toYbBohWFewTVCqkSaA2yVQZWx
 D69L6Q1KT/RIbrH6zEQaIEYcMmzvZWLy6EumKD9pgOAwDQlHv5QPT5hp6gonF/kI
 D8ZdT0jQ6JQqo42zi4J4hW4eH0r0Kf+79XsVz7wxe26YK762ZVnJLK/q7Fu1vb/u
 bBMJBYh/xdRO1GDE9JsomVq3mdXlz4ywQM+SFUiCj+peiO0C9JdDxE+PII1RaDqV
 wlJ7HW1eoKs4OG0gBjrJM2tn4q3BNpyr2BLSQONBSJEfWi6Z4OnimN45K5cEEJHj
 et2OCQetRt1zXmdrFdvX3Zn87PMZKfPmdaZrxzRvxk/VIP1f4vRgJ3D2FGP+E82H
 S/GWWRkw8pZy
 =b99a
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2020-05-27' into staging

Error reporting patches for 2020-05-27

# gpg: Signature made Wed 27 May 2020 06:48:02 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-error-2020-05-27:
  i386: Fix x86_cpu_load_model() error API violation
  arm/sabrelite: Consistently use &error_fatal in sabrelite_init()
  mips/boston: Plug memory leak in boston_mach_init()
  mips/boston: Fix boston_mach_init() error handling
  mips/malta: Fix create_cps() error handling
  error: Use error_reportf_err() where appropriate
  tests/migration: Tighten error checking
  s390x/cpumodel: Fix harmless misuse of visit_check_struct()
  xen: Fix and improve handling of device_add usb-host errors
  nvdimm: Plug memory leak in uuid property setter

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-28 11:21:30 +01:00
BALATON Zoltan
fa0013a1bc sm501: Remove obsolete changelog and todo comment
Also update copyright year for latest changes

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 1392cad2ad1315a5a50409970e0af061821462e6.1590089984.git.balaton@eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
BALATON Zoltan
fa70c2871f sm501: Optimize small overlapping blits
AmigaOS tends to do a lot of small blits (even 1 pixel). Avoid malloc
overhead by keeping around a buffer for this and only alloc when
blitting larger areas.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 7946852258d528497e85f465327fc90b5c3b59fb.1590089984.git.balaton@eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
BALATON Zoltan
b15a22bbcb sm501: Replace hand written implementation with pixman where possible
Besides being faster this should also prevent malicious guests to
abuse 2D engine to overwrite data or cause a crash.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 58666389b6cae256e4e972a32c05cf8aa51bffc0.1590089984.git.balaton@eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
BALATON Zoltan
3d0b096298 sm501: Clean up local variables in sm501_2d_operation
Make variables local to the block they are used in to make it clearer
which operation they are needed for.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: ae59f8138afe7f6a5a4a82539d0f61496a906b06.1590089984.git.balaton@eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
BALATON Zoltan
2824809b7f sm501: Use BIT(x) macro to shorten constant
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 124bf5de8d7cf503b32b377d0445029a76bfbd49.1590089984.git.balaton@eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
BALATON Zoltan
6f8183b5dc sm501: Shorten long variable names in sm501_2d_operation
This increases readability and cleans up some confusing naming.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: b9b67b94c46e945252a73c77dfd117132c63c4fb.1590089984.git.balaton@eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
BALATON Zoltan
e29da77e5f sm501: Convert printf + abort to qemu_log_mask
Some places already use qemu_log_mask() to log unimplemented features
or errors but some others have printf() then abort(). Convert these to
qemu_log_mask() and avoid aborting to prevent guests to easily cause
denial of service.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 305af87f59d81e92f2aaff09eb8a3603b8baa322.1590089984.git.balaton@eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Philippe Mathieu-Daudé
b3a7e2416f hw/display/pxa2xx_lcd: Replace printf() call by qemu_log_mask()
Replace printf() calls by qemu_log_mask(UNIMP), which is
disabled by default. This avoid flooding the terminal when
fuzzing the device.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200526062252.19852-15-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Philippe Mathieu-Daudé
00a946a3cb hw/display/omap_dss: Replace fprintf() call by qemu_log_mask(LOG_UNIMP)
Replace fprintf() call by qemu_log_mask(LOG_UNIMP), which is
disabled by default. This avoid flooding the terminal when
fuzzing the device.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200526062252.19852-14-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Philippe Mathieu-Daudé
b3caeaf2c8 hw/display/exynos4210_fimd: Use qemu_log_mask(GUEST_ERROR)
Replace DPRINT_ERROR() by qemu_log_mask(GUEST_ERROR).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200526062252.19852-13-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Philippe Mathieu-Daudé
becce5e90a hw/display/vmware_vga: Let the PCI device own its I/O MemoryRegion
To avoid the orphan I/O memory region being added in the /unattached
QOM container, register the PCI device as its owner.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200526062252.19852-12-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Philippe Mathieu-Daudé
aa0fd16d00 hw/display/vmware_vga: Replace printf() calls by qemu_log_mask(ERROR)
Avoid flooding stdio by converting printf() calls to
qemu_log_mask(GUEST_ERROR), which are disabled by default.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200526062252.19852-11-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Philippe Mathieu-Daudé
7bbdf0f892 hw/display/xlnx_dp: Replace disabled DPRINTF() by error_report()
DPRINTF() calls are disabled by default, so when unexpected
data is used, the whole process abort without information.

Display a bit of information with error_report() before crashing.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200526062252.19852-10-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00