Commit Graph

39611 Commits

Author SHA1 Message Date
Peter Maydell
f754c3c9cc Patch queue for s390 - 2015-06-17
This is a special one. Two awesome features in one pull request:
 
   - CCW support for TCG
   - Watchpoint support for TCG
 
 To celebrate this, we also switch the default machine model from s390-virtio
 to s390-ccw and give users a fully working s390x model again!
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.9 (GNU/Linux)
 
 iQIcBAABAgAGBQJVgU8SAAoJECszeR4D/txgtzEP/R48c1FBYVPf2hg1DnGtDV7N
 YEsymqymRXXi2Esdnfj+5Hs97BLKis0Fr0AX15tp5uhK15lntgLLqfZeGjguX3pD
 5dSn9uJeRpzkf05eCnJo7/nV5w5iWgJhKNt2lyt7+mQWUdrdYQ6XzfLbBUhHkFJp
 ev4SU7LilcL4sNAM8pQKQBLOT3djdy2KAwE4PdeqZxSngkRcePWDMBt4axyGX9t5
 esKpWS3tQ9b9AgTkGB/XHtPIimQDpbsvi/MGI6A57Xd13hLn4NDKjjfFHhx/RMyW
 UVeJl9+ndlp1DdsIRKaUOWGBaWKZB/sxCk6rt1W46WyQ8JoHWni2b2pfjn2k5NTk
 xmGpUk91GlV56OUd5K+9W6wwdkOjpf8Ps79+s6z+w5yz5NJ2L+vLwUZjs13UDMYs
 UZbHDCOI9wCZ2G8jwRBOkEyaXgRMAbBLefeBfr+Zlbnx/U/rBhioUFtmody9F0er
 MfQjSYeDoC3I4v0KdS15li+ndpyCE5CwYUMBEajsoC5A5l6N/zK+y9ZY1NfPKKJi
 kkvtbHaFtlz/UluOSgA8EN62AAu/nFAfJcZkG20qfumg0oIIs3kX/BsDvwKSoeSU
 D6cpaw+q65/a2M5wsPnXJojXP6zZyC9Oxnv41l6c8vFqWt6vjfcESCZ6/QzFv16T
 jCzNsC4T+tOSf+nHqyns
 =PPD5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/agraf/tags/signed-s390-for-upstream' into staging

Patch queue for s390 - 2015-06-17

This is a special one. Two awesome features in one pull request:

  - CCW support for TCG
  - Watchpoint support for TCG

To celebrate this, we also switch the default machine model from s390-virtio
to s390-ccw and give users a fully working s390x model again!

# gpg: Signature made Wed Jun 17 11:42:26 2015 BST using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg:                 aka "Alexander Graf <alex@csgraf.de>"

* remotes/agraf/tags/signed-s390-for-upstream: (26 commits)
  s390x: Switch to s390-ccw machine as default
  target-s390x: PER: add Breaking-Event-Address register
  target-s390x: PER instruction-fetch nullification event support
  target-s390x: PER store-using-real-address event support
  target-s390x: PER storage-alteration event support
  translate-all: fix watchpoints if retranslation not possible
  target-s390x: PER instruction-fetch event support
  target-s390x: PER successful-branching event support
  target-s390x: basic PER event handling
  target-s390x: add get_per_in_range function
  target-s390x: add get_per_atmid function
  target-s390x: add PER related constants
  target-s390x: mvc_fast_memmove: access memory through softmmu
  target-s390x: mvc_fast_memset: access memory through softmmu
  target-s390x: function to adjust the length wrt page boundary
  softmmu: provide tlb_vaddr_to_host function for user mode
  target-s390x: wire up I/O instructions in TCG mode
  target-s390x: wire up DIAG REIPL in TCG mode
  target-s390x: wire up DIAG IPL in TCG mode
  target-s390x: fix s390_cpu_initial_reset
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-17 12:43:26 +01:00
Alexander Graf
1f68f1d36c s390x: Switch to s390-ccw machine as default
We now finally have TCG support for the basic set of instructions necessary
to run the s390-ccw machine. That means in any aspect possible that machine
type is now superior to the legacy s390-virtio machine.

Switch over to the ccw machine as default. That way people don't get a halfway
broken machine with the s390x target.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
2015-06-17 12:40:52 +02:00
Aurelien Jarno
3da0ab3529 target-s390x: PER: add Breaking-Event-Address register
This patch adds support for PER Breaking-Event-Address register. Like
real hardware, it save the current PSW address when the PSW address is
changed by an instruction. We have to take care of optimizations QEMU
does, a branch to the next instruction is still a branch.

This register is copied to low core memory when a program exception
happens.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:52 +02:00
Aurelien Jarno
83bb161299 target-s390x: PER instruction-fetch nullification event support
For the instruction-fetch nullification event, we just reuse the
existing instruction-fetch code and trigger the exception immediately
in that case.

There is no need to save the CPU state in the TCG code as it has been
saved by the previous instruction before calling the per_check_exception
helper.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:52 +02:00
Aurelien Jarno
2f54394997 target-s390x: PER store-using-real-address event support
This PER event happens each time the STURA or STURG instructions are
used. As they use helpers, we can just save the event in the PER code
there, if enabled.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:52 +02:00
Aurelien Jarno
311918b979 target-s390x: PER storage-alteration event support
For the PER storage-alteration event we can use the QEMU watchpoint
infrastructure. When PER is enabled or PER control register changed we
enable the corresponding watchpoints. When a watchpoint arises we can
save the event. Unfortunately the current code does not provide the
address space used to trigger the watchpoint. For now we assume it comes
from the default ASC.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:52 +02:00
Aurelien Jarno
8d302e7675 translate-all: fix watchpoints if retranslation not possible
The tb_check_watchpoint function currently assumes that all memory
access is done either directly through the TCG code or through an
helper which knows its return address. This is obviously wrong as the
helpers use cpu_ldxx/stxx_data functions to access the memory.

Instead of aborting in that case, don't try to retranslate the code, but
assume that the CPU state (and especially the program counter) has been
saved before calling the helper. Then invalidate the TB based on this
address.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:52 +02:00
Aurelien Jarno
f0e0d817c2 target-s390x: PER instruction-fetch event support
For the PER instruction-fetch, we can't use the QEMU breakpoint
infrastructure as it triggers for a single address and not a full
address range, and as it actually stop before the instruction and
not before.

We therefore call an helper with the just fetched instruction address,
which check if the address is within the PER address range. If it is
the case, an event is recorded and will be signaled through an
exception.

Note that we implement here the PER-3 behaviour, that is an invalid
opcode is not considered as an instruction fetch. Without PER-3 this
behavious is undefined.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:52 +02:00
Aurelien Jarno
2c2275eb41 target-s390x: PER successful-branching event support
For the PER successful-branching event support, we can't rely on any
QEMU infrastucture. We therefore call an helper in all places where
a branch can be taken. We have to pay attention to the branch to next
case, as it's still a taken branch.

We don't need to care about the cases using goto_tb, as we have disabled
them in the previous patch.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:52 +02:00
Aurelien Jarno
777c98c32c target-s390x: basic PER event handling
This patch add basic support to generate PER exceptions. It adds two
fields to the cpu structure to record for the PER address and PER
code & ATMID values. When an exception is triggered and a PER event is
pending, the two PER values are copied to the lowcore area.

At the end of an instruction, an helper is checking for a possible
pending PER event and triggers an exception in that case. For that to
work with branches, we need to disable TB chaining when PER is
activated. Fortunately it's already in the TB flags.

Finally in case of a SERVICE CALL exception, we need to trigger the PER
exception immediately after.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:52 +02:00
Aurelien Jarno
d453d10383 target-s390x: add get_per_in_range function
This function checks if an address is in between the PER starting
address and the PER ending address, taking care of a possible
address range loop.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:52 +02:00
Aurelien Jarno
a8f931a931 target-s390x: add get_per_atmid function
This function returns the ATMID field that is stored in the
per_perc_atmid lowcore entry.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:51 +02:00
Aurelien Jarno
fb01bf4c6b target-s390x: add PER related constants
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:51 +02:00
Aurelien Jarno
6da528d14d target-s390x: mvc_fast_memmove: access memory through softmmu
mvc_fast_memmove is bypassing the softmmu functions, getting the
physical source and destination addresses using the mmu_translate
function and accessing the corresponding physical memory. This
prevents watchpoints to work correctly.

Instead use the tlb_vaddr_to_host function to get the host addresses
corresponding to the guest source and destination addresses through the
softmmu code and fallback to the byte level code in case the
corresponding address are not in the QEMU TLB or being examined through
a watchpoint. As a bonus it works even for area crossing pages by
splitting the are into chunks contained in a single page, bringing some
performances improvements. We can therefore remove the 8-byte
loads/stores method, as it is now quite unlikely to be used.

At the same time change the name of the function to fast_memmove as it's
not specific to mvc and use the same argument order as the C memmove
function.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:51 +02:00
Aurelien Jarno
fc89efe693 target-s390x: mvc_fast_memset: access memory through softmmu
mvc_fast_memset is bypassing the softmmu functions, getting the
physical address using the mmu_translate function and accessing the
corresponding physical memory. This prevents watchpoints to work
correctly.

Instead use the tlb_vaddr_to_host function to get the host address
corresponding to the guest address through the softmmu code and fallback
to the byte level code in case the corresponding address is not in the
QEMU TLB or being examined through a watchpoint. As a bonus it works
even for area crossing pages by splitting the are into chunks contained
in a single page, bringing some performances improvements.

At the same time change the name of the function to fast_memset as it's
not specific to mvc and use the same argument order as the C memset
function.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:51 +02:00
Aurelien Jarno
d7ce6b7a0b target-s390x: function to adjust the length wrt page boundary
This patch adds a function to adjust the length of a transfer so that
it doesn't cross a page boundary in softmmu mode. It does nothing in
user mode.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:51 +02:00
Aurelien Jarno
2e83c49626 softmmu: provide tlb_vaddr_to_host function for user mode
To avoid to many #ifdef in target code, provide a tlb_vaddr_to_host for
both user and softmmu modes. In the first case the function always
succeed and just call the g2h function.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:51 +02:00
Alexander Graf
ad8a4570ad target-s390x: wire up I/O instructions in TCG mode
The code handling the I/O instructions for KVM decodes the instruction
itself. In TCG mode also pass the full instruction word to the helpers.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:50 +02:00
Aurelien Jarno
2ecacb0b4b target-s390x: wire up DIAG REIPL in TCG mode
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:50 +02:00
Aurelien Jarno
8df7eef305 target-s390x: wire up DIAG IPL in TCG mode
DIAG IPL is already implemented for KVM, but not wired from TCG. For
that change the format of the instruction so that we can get R1 and R3
numbers in addition to the function code.

The diag function can change plenty of things, including CC, so we
should enter with a static CC. Also it doesn't set the value of general
register 2 to 0 as in the current code. We also need to exit the CPU
loop after a reset, which means a new PSW.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:50 +02:00
Aurelien Jarno
cbed0ba78f target-s390x: fix s390_cpu_initial_reset
The s390_cpu_initial_reset function zeroes a big part of the CPU state
structure, including CPU_COMMON, and thus the QEMU TLB structure. As
they should not be initialized with zeroes only, we need to call the
tlb_flush to initialize it correctly.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:50 +02:00
Aurelien Jarno
cc0d079d45 target-s390x: initialize I/O interrupt queue
env->io_index[] should be set to -1 during CPU reset to mark the
I/O interrupt queue as empty.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:50 +02:00
Aurelien Jarno
7107e5a756 target-s390x: correctly initialize ext interrupt queue
env->ext_index should be initialized to -1 to mark the external
interrupt queue as emtpy. This should not be done in s390_cpu_initfn
as all the interrupt fields are later reset to 0 by the memset in
s390_cpu_initial_reset or s390_cpu_full_reset. Move the initialization
there.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:50 +02:00
Aurelien Jarno
06e3c077da target-s390x: fix setcc in TCG mode
In TCG mode we should store the CC value in env->cc_op. However do it
inconditionnaly because:
- the tcg_enabled function is not inlined
- it's probably faster to always store the value, especially given it
  is likely in the same cache line than env->psw.mask.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:50 +02:00
Aurelien Jarno
a499973ff3 virtio-ccw: disable ioevent bit when ioeventfds are not enabled
This remove the corresponding error messages in TCG mode, and allow to
simplify the s390_assign_subch_ioeventfd() function.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:50 +02:00
Alexander Graf
d49f4ab48e s390/ioinst: fix endianness in ioinst_schib_valid
The ioinst_schib_valid gets a SCHIB in guest endianness, we should
byteswap the fields we access.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:50 +02:00
Aurelien Jarno
ae52e585bf s390/ioinst: fix IO_INT_WORD_ISC macro
The I/O-Interruption Subclass field corresponds to bits 2 to 5 (BE
notation) of the Interruption-Identification Word. The value should
be shift by 27 instead of 24.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17 12:40:50 +02:00
Peter Maydell
a09f4a9d19 update seabios to release 1.8.2
add vgabios for virtio-vga
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJVgSL+AAoJEEy22O7T6HE4C/kQALAYqJNirzUnIJfJdLiLP10C
 KztWq38zuU14unbr1rtEHK6hD/P6osevEaJebaAWDCbCODkJThcPg9mXBvfOrNsw
 fh5+N5hHwISieONFJDgTRnEEg0XpOydpkzpPc6aHiyWsLpdNvYPVBOTw6cGvX8k9
 omPBTPTjkRGq8y8Z1Nz6z9K3QrFHqWJn/ZlEVAdpzTOCn0X7ztZj+0t0AgnZyZuX
 5herIpDmVfh4I0bLb5IE/9KpZybNJWP63D0SEdYAkf2XFIgEywcG9UkNgLXplrPc
 G/kY+EVi0mmLhgyewKO/X0vdwxrinljUhyNLnlQ8n2WeJTGS6SYszG//NLdU1xou
 dqWJ9+C2I9I2zLeR94Et+khGWzPC8UT52c+dCag+jmZgIUXeEbgjPEDWhM1BRf8F
 VXM/0ESVory6X1G104RMBj7Dfg8umN9jQutWNZtogrriUDPlnmSaYLEqHcwUbWFc
 897efot63GOUyPuT8veOmu1NS3REHuc41/skuxwTb1zxW8ihuidf+9h0Rsg39pIH
 ps/5zeoNkZrmM7hR2wC61XBLYhXlLiVEm4chJksuQ/Ri1/kyp43cRmKud0zHVhs7
 +cZsbMd1JvuvhvDI4GI6pqcqvlLR0RsLv/cXBFocrAcNUJO3Ob4Sk/PIar4P0WiU
 J81TGStBrJTqFbsu7Q1a
 =KWWa
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-seabios-1.8.2-20150617-1' into staging

update seabios to release 1.8.2
add vgabios for virtio-vga

# gpg: Signature made Wed Jun 17 08:34:22 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-seabios-1.8.2-20150617-1:
  update seabios and vgabios binaries
  tag our seabios builds
  update seabios submodule to release 1.8.2

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-17 11:12:35 +01:00
Peter Maydell
8c29f8d6b9 VirtFS update:
* Fix for virtfs-proxy-helper crash
 * Gracefully handle the error condition on input validation in virtfs-proxy-helper
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVgD74AAoJEN5BpP4ExOI6TRgP/iIqwdimXCBlR2tbU1tr7WMp
 uThQ77HQ0C1zfn6Zkl1Kq7+U6XtVnYedY/EeXpDQEnT2wxl5s7yKca01VUrcAwEM
 W1/WDRYauqoRVcJW0IzJHgCb/fGvdroJSX+YY3+ITgVtbE3yfPsGEBYKG8oW4znF
 xzkO1yemzd2qmBKruILyQrKYlByFZdxjtvuRGQcfXIm9JJ68Rb6H73BbwDW5Rdy2
 IzYqisnjgjF/6t3KYSURc19+vyJIQTeZZdCkG9yJCxo1OrfiEVmeePfcxPv08BBs
 3/bNYAoQHs+S1Fb3fLOSEulex7oqmDJ/exLfaUrnWIwErcWPgWEz2xlxD1rs8Hq5
 fY4As02r9t0aJTFc5kbWxYEpFeQ4fVbN1zNRKPMPnpi0bjPy5m2czp2XYB4J6Toc
 iaTFFvycZPhI533/0Is6joO8uDLfREWgsxCnYOIS3YIcliiHKn4H616PoiHrmKZP
 QzmQ7Dd43QgDAo0mhZXz32itHALPodKv1v7RsDvzlUkXqZEr2RFjrOmlzYKwqMrT
 PLXaWRsgV6sOXEOWN15AJYBzAkXW6mvBLCjRIcxEbgK90Z9dbNMK4cvHeAS2vatZ
 tdjC6nxj3upzK83aI9yy59AramuQHS/z+NDPaD55j1oosQJwJ9PBuNUHeyJuwZzp
 oNcqDzt9GLnKxGCUtTzU
 =S8oz
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kvaneesh/tags/for-upstream-signed' into staging

VirtFS update:

* Fix for virtfs-proxy-helper crash
* Gracefully handle the error condition on input validation in virtfs-proxy-helper

# gpg: Signature made Tue Jun 16 16:21:28 2015 BST using RSA key ID 04C4E23A
# gpg: Good signature from "Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4846 9DE7 1860 360F A6E9  968C DE41 A4FE 04C4 E23A

* remotes/kvaneesh/tags/for-upstream-signed:
  virtfs-proxy-helper: fail gracefully if socket path is too long
  virtfs-proxy-helper: add missing long option terminator

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-17 10:13:40 +01:00
Gerd Hoffmann
f3bcd42683 update seabios and vgabios binaries
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-17 09:28:03 +02:00
Gerd Hoffmann
7edf2f0ec4 tag our seabios builds
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-17 09:24:55 +02:00
Gerd Hoffmann
10500ce260 update seabios submodule to release 1.8.2
git shortlog rel-1.8.1..rel-1.8.2
=================================

Gerd Hoffmann (1):
      vga: rework virtio-vga support

Kevin O'Connor (5):
      vgabios: Add config option for assembler fixups
      vgabios: Emulate "leal" instruction
      build: Support "make VERSION=xyz" to override the default build version
      build: CONFIG_VGA_FIXUP_ASM should depend on CONFIG_BUILD_VGABIOS
      vgabios: On bda_save_restore() the saved vbe_mode also has flags in it

Paolo Bonzini (1):
      smm: ignore bits 16,18-31 of SMM revision ID

Vladimir Serbinenko (1):
      ahci: Ignore max_ports.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-17 09:20:36 +02:00
Stefan Hajnoczi
f8d30a4f96 virtfs-proxy-helper: fail gracefully if socket path is too long
Replace the assertion check with graceful failure when the socket path
is too long.  Programs should not crash on invalid input.  Print an
error message and exit properly.

Cc: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2015-06-16 20:32:29 +05:30
Stefan Hajnoczi
bf6667d63e virtfs-proxy-helper: add missing long option terminator
The getopt_long(3) long options array must have a zeroed terminator.

This patch solves a segmentation fault when an unknown command-line
option is encountered:

  $ fsdev/virtfs-proxy-helper --help
  Segmentation fault (core dumped)

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2015-06-16 20:32:29 +05:30
Peter Maydell
93f6d1c160 virtio-gpu: pci support bits and virtio-vga.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJVfss3AAoJEEy22O7T6HE4gw8P/Az+6M0I6RRGoavyfC+Um1sy
 hD1VVFI34eLKxAgUupuwDMxnyXuZBbV0BZvyz46GucfcpsC038WCclIAQU50coF+
 CiVlFY2pAlwp1/wS0k+MeDa5cypsCik9Jl1vaDhgNsDlRhLgztOrgTk+fe+AFVoH
 iiLb0baENGWrgMDd8ZN9hcNbJCzBBUQ7MMkuFHZkdRx829L8yuTbCoP0tNXAuQDz
 DCcAtdt6Xm4h0NUDLFSf7CnpaWzV5WgpSPkGCYaWtmJNpxNshrkm+vFRdBHvWnhN
 Vz/2E9q1aMoSbfmnj36RhGeS37g1gAO73souDJd/LRtrk5aF1aPeWN9DGEMTTYWn
 6FNIo63v86V4kcuYxNzup5+d0A+t0aqkTFHcNrKAIvtGNTDmaCIBso1HGJud3rcA
 Rujgytbr3PpxZcJFxIzXZtTlNAHE+wwzzbdS9zaQy1l//oNIXswboJBMTHbJq6Ql
 eit+MDVrILiRcd+DviRmsTQBMRs/VlW2bHHfmgw3DvgxreyTGbR8qZKKzvGuF8Dn
 b6ODQ7Y12uUZJaytiB2SyiPNx/u7Axg1IP1w+9TVrtNONx1VSKn2aGpILYqmH1CG
 zTdgTTlWtYwLEs/tZxKHxeVZK6wlzKkc+jT259Ah57bJchzndoKCrnQ80GirdZfL
 bnMgCL2ju6Xv3A3Yn3wY
 =jnEv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20150615-1' into staging

virtio-gpu: pci support bits and virtio-vga.

# gpg: Signature made Mon Jun 15 13:55:19 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vga-20150615-1:
  virtio-vga: add vgabios configuration
  virtio-vga: add '-vga virtio' support
  virtio-vga: add virtio gpu device with vga compatibility
  virtio-gpu-pci: add virtio pci support
  virtio-gpu: fix error message

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-16 10:35:43 +01:00
Peter Maydell
4316536bf4 linux-user patches for 2.4 softfreeze
second spin with ioctl patch refreshed
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAVX/KMrRIkN7ePJvAAQg02g/+Ny0e+7sZd1ALgLcbxnP8qUgAYKIR0xbl
 4iwfJjO8YWeD2x6EkEcb62nPD+ozL6of7DcuoYMeo6BFgZkxkUsGwO+W5N81AJJF
 pF9eH/DQwQa6kOUbB2aUIdxR/q1pJ62UKEK8jqfqAtGkSL7r1a4cOQgW8gOPIorv
 +lKbN+NYjZM/Ub11wYiqW579d3vfsFqrFeLjDqLv5qRyIY+O/Jr8LgqokAurJH05
 WcRuw2mtLWEQZESNdMox2G3UQ6dqZUk6j/ipIVduzfHkmZZqAUrJeKHV2ZTu9rWs
 7+Daihremp46ZLGGMgarG6/arDrqplmkWOshT60bm9J6SDiE20QyWJ6YymukGUre
 rGbyk9RFBvamzMLns4jdVduFMOFWzgedVSA0cbo/VvuZriRxkzq8fW0o6I72Vlpf
 OoEoY+t1M2CJOnOvjuU3z2iu0AwizJ9Xz18pOVHCovSPTWMmItfOt9CVexJIvLKH
 DwqsaoaEdao5r5SoxBOM+l0vrh4QK6vLldBQaF46OhEyH3xySMD80cEsSM9lJWQg
 lcGFmyQloc57TF0bLeJ5vxBwFBNRUYaKK698PJCG4wqhF+X0DxbFnY5q1QpfUZWv
 tlabnqGt9sadYbjJmEHlc9dhXzXa76fvRgIhjlK014g9jL3KAnVWA2q4w2nQOGk0
 Yws7IBXoynA=
 =tTJW
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20150616' into staging

linux-user patches for 2.4 softfreeze
second spin with ioctl patch refreshed

# gpg: Signature made Tue Jun 16 08:03:14 2015 BST using RSA key ID DE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg:                 aka "Riku Voipio <riku.voipio@linaro.org>"

* remotes/riku/tags/pull-linux-user-20150616:
  linux-user: ioctl() command type is int
  linux-user: fix the breakpoint inheritance in spawned threads
  linux-user: use __get_user and __put_user in cmsg conversions
  linux-user: Fix length handling in host_to_target_cmsg
  linux-user: Use abi_ulong for TARGET_ELF_PAGESTART
  linux-user: Allocate thunk size dynamically

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-16 09:07:22 +01:00
Laurent Vivier
45c874ebba linux-user: ioctl() command type is int
When executing a 64bit target chroot on 64bit host,
the ioctl() command can mismatch.

It seems the previous commit doesn't solve the problem in
my case:

    9c6bf9c7 linux-user: Fix ioctl cmd type mismatch on 64-bit targets

For example, a ppc64 chroot on an x86_64 host:

bash-4.3# ls
Unsupported ioctl: cmd=0x80087467
Unsupported ioctl: cmd=0x802c7415

The origin of the problem is in syscall.c:do_ioctl().

    static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)

In this case (ppc64) abi_long is long (on the x86_64), and

    cmd = 0x0000000080087467

then
    if (ie->target_cmd == cmd)

target_cmd is int, so target_cmd = 0x80087467
and to compare an int with a long, the sign is extended to 64bit,
so the comparison is:

    if (0xffffffff80087467 == 0x0000000080087467)

which doesn't match whereas it should.

This patch uses int in the case of the target command type
instead of abi_long.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2015-06-16 09:37:17 +03:00
Thierry Bultel
1d085f6cae linux-user: fix the breakpoint inheritance in spawned threads
When a thread is spawned, cpu_copy re-initializes
the bp & wp lists of current thread, instead of the ones
of the new thread.
The effect is that breakpoints are no longer hit.

Signed-off-by: Thierry Bultel <thierry.bultel@basystemes.fr>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2015-06-16 08:21:02 +03:00
Peter Maydell
876e23cb2e linux-user: use __get_user and __put_user in cmsg conversions
The target payloads in cmsg conversions may not have the alignment
required by the host. Using the get_user and put_user functions is
the easiest way to handle this and also do the byte-swapping we
require.

(Note that prior to this commit target_to_host_cmsg was incorrectly
using __put_user() rather than __get_user() for the SCM_CREDENTIALS
conversion, which meant it wasn't getting the benefit of the
misalignment handling.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2015-06-16 08:21:01 +03:00
Peter Maydell
c2aeb2586b linux-user: Fix length handling in host_to_target_cmsg
The previous code for handling payload length when converting
cmsg structures from host to target had a number of problems:
 * we required the msg->msg_controllen to declare the buffer
   to have enough space for final trailing padding (we were
   checking against CMSG_SPACE), whereas the kernel does not
   require this, and common userspace code assumes this. (In
   particular, glibc's "try to talk to nscd" code that it will
   run on startup will receive a cmsg with a 4 byte payload and
   only allocate 4 bytes for it, which was causing us to do
   the wrong thing on architectures that need 8-alignment.)
 * we weren't correctly handling the fact that the SO_TIMESTAMP
   payload may be larger for the target than the host
 * we weren't marking the messages with MSG_CTRUNC when we did
   need to truncate a message that wasn't truncated by the host,
   but were instead logging a QEMU message; since truncation is
   always the result of a guest giving us an insufficiently
   sized buffer, we should report it to the guest as the kernel
   does and don't log anything

Rewrite the parts of the function that deal with length to
fix these issues, and add a comment in target_to_host_cmsg
to explain why the overflow logging it does is a QEMU bug,
not a guest issue.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2015-06-16 08:21:01 +03:00
Peter Maydell
1dfe73b94d target-arm queue:
* Handle "extended small page" descriptors correctly
  * Use extended address bits from supersection short descriptors
  * Update interrupt status for all cores in gic_update
  * Fix off-by-one in exynos4210_fimd bit-swap code
  * Remove stray unused 'pending_exception' field
  * Add Cortex-A53 KVM support
  * Fix reset value of REVIDR
  * Add AArch32 MIDR aliases for ARMv8 cores
  * MAINTAINERS update for ARM ACPI code
  * Trust the kernel's value of MPIDR if we're using KVM
  * Various pxa2xx device updates to avoid old APIs
  * Mark pxa2xx copro registers as ARM_CP_IO so -icount works
  * Correctly UNDEF Thumb2 DSP insns on Cortex-M3
  * Initial work towards implementing PMSAv7
  * Fix a reset order bug introduced recently
  * Correct "preferred return address" for cpreg access exceptions
  * Add ACPI SPCR table for the virt board
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJVfwkmAAoJEDwlJe0UNgzeEs0P/jxgYWPOJeSms0VWIKYC/NqZ
 p8v3nT2B/U85Pa/MyJawGNfWsbBl9QrtgOVQmBucKp1RL73bwGDrxYM3UJ1vrCtw
 KIC1Oy7c8ujwmbqc7eWxQbSni5Z6khRrCsiXOAQDKlYPDoOO01YRQHFkcNMK/CoK
 MlSEaaQqlX15s2yJKnFKAn5W1MsweZ7UWNa1ZZ8rJRJvdE/9kGPW2G8Sbfn/MQ1z
 hy74lCyA1zejz4aVgrt7Yybl/Gs3OXEBAstlUwLrv+sNFaivBIaIOgdLJRG8+PA6
 VKQ9cOA+oO2Aa2EeAiEKuTR+6CdWh1UOUuNobNIibAPYOxeODNOmq7YaiguVietb
 7SmQ1zsIEaFTgg22apDl/sCP5/BgOX5kwz2cDkbv/bKdnfO7itcM858LJ+/7JAHL
 hg1MXM303IPZIky3+JhOT06wGuCdmr4SyDuRTM2j/e5Pn/u3emWS6ylNObSxoRtX
 nIaktkxTumH7rp++PQ4DzdqAUWYAwHqoP7iKEf5DTqGydhD3XbUFIDgwXorsHVR3
 xW19SqLlVoGjuvAa20ahAuxcQO3ifdEc8HuKIS1zOmTVaM+rNskt4fDvmmm7CTJe
 XJAzsLfZA0mTuLNLg9ZItCtiBCHBrE2X9VSN2VPUooTTVr7AUWzYY2pl784VML15
 0jd6k+oxGi0waZ4xor1H
 =m0HJ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150615' into staging

target-arm queue:
 * Handle "extended small page" descriptors correctly
 * Use extended address bits from supersection short descriptors
 * Update interrupt status for all cores in gic_update
 * Fix off-by-one in exynos4210_fimd bit-swap code
 * Remove stray unused 'pending_exception' field
 * Add Cortex-A53 KVM support
 * Fix reset value of REVIDR
 * Add AArch32 MIDR aliases for ARMv8 cores
 * MAINTAINERS update for ARM ACPI code
 * Trust the kernel's value of MPIDR if we're using KVM
 * Various pxa2xx device updates to avoid old APIs
 * Mark pxa2xx copro registers as ARM_CP_IO so -icount works
 * Correctly UNDEF Thumb2 DSP insns on Cortex-M3
 * Initial work towards implementing PMSAv7
 * Fix a reset order bug introduced recently
 * Correct "preferred return address" for cpreg access exceptions
 * Add ACPI SPCR table for the virt board

# gpg: Signature made Mon Jun 15 18:19:34 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20150615: (28 commits)
  hw/arm/virt-acpi-build: Add SPCR table
  ACPI: Add definitions for the SPCR table
  target-arm: Correct "preferred return address" for cpreg access exceptions
  hw/arm/boot: fix rom_reset notifier registration order
  arm: helper: rename get_phys_addr_mpu
  arm: Add has-mpu property
  arm: Implement uniprocessor with MP config
  arm: Refactor get_phys_addr FSR return mechanism
  arm: helper: Factor out CP regs common to [pv]msa
  arm: Don't add v7mp registers in MPU systems
  arm: Do not define TLBTR in PMSA systems
  target-arm: Add the THUMB_DSP feature
  hw/sd/pxa2xx_mmci: Stop using old_mmio in MemoryRegionOps
  hw/arm/pxa2xx: Convert pxa2xx-ssp to VMState
  hw/arm/pxa2xx: Add reset method for pxa2xx_ssp
  hw/arm/pxa2xx: Convert pxa2xx-fir to QOM and VMState
  hw/arm/pxa2xx: Mark coprocessor registers as ARM_CP_IO
  target-arm: Use the kernel's idea of MPIDR if we're using KVM
  MAINTAINERS: Add myself as ARM ACPI Subsystem maintainer
  target-arm: add AArch32 MIDR aliases in ARMv8
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-15 18:43:09 +01:00
Andrew Jones
f264d51d8a hw/arm/virt-acpi-build: Add SPCR table
Signed-off-by: Andrew Jones <drjones@redhat.com>
Tested-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1433929959-29530-3-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-15 18:06:11 +01:00
Andrew Jones
b8a0d75ef8 ACPI: Add definitions for the SPCR table
SPCR is the Serial Port Console Redirection Table. See the document
linked from http://uefi.org/acpi. For serial port types, "Interface
Type", see the documentation for the Debug Port Table 2 (DBG2).

Signed-off-by: Andrew Jones <drjones@redhat.com>
Tested-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1433929959-29530-2-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-15 18:06:11 +01:00
Peter Maydell
3977ee5d7a target-arm: Correct "preferred return address" for cpreg access exceptions
The architecture defines that when taking an exception trying to
access a coprocessor register, the "preferred return address" for
the exception is the address of the instruction that caused the
exception. Correct an off-by-4 error which meant we were returning
the address after the instruction for traps which happened because
of a failure of a runtime access-check function on an AArch32
register. (Traps caused by translate-time checkable permissions
failures had the correct address, as did traps on AArch64 registers.)

This fixes https://bugs.launchpad.net/qemu/+bug/1463338

Reported-by: Robert Buhren <robert@robertbuhren.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1433861440-30133-1-git-send-email-peter.maydell@linaro.org
2015-06-15 18:06:11 +01:00
Eric Auger
63a183ed0e hw/arm/boot: fix rom_reset notifier registration order
commit ac9d32e396 had the consequence to
register the do_cpu_reset after the rom_reset one. Hence they get
executed in the wrong order. This commit restores the registration of
do_cpu_reset in arm_load_kernel.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reported-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Tested-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1434111582-9325-1-git-send-email-eric.auger@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-15 18:06:11 +01:00
Peter Crosthwaite
13689d4364 arm: helper: rename get_phys_addr_mpu
This get_phys_addr is really for pmsav5. Rename it accordingly.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: bf4b019aa87d682a45998105ef8e4d4e97a5e117.1434066412.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-15 18:06:10 +01:00
Peter Crosthwaite
8f325f568f arm: Add has-mpu property
For processors that support MPUs, add a property to de-feature it. This
is similar to the implementation of the EL3 feature.

The processor definition in init sets ARM_FEATURE_MPU if it can support
an MPU. post_init exposes the property, defaulting to true. If cleared
by the instantiator, ARM_FEATURE_MPU is then removed at realize time.

This is to support R profile processors that may or may-not have an MPU
configured.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 632918cc48786e868ea18aa6bd12f70597994cad.1434066412.git.peter.crosthwaite@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-15 18:06:10 +01:00
Peter Crosthwaite
a8e81b319d arm: Implement uniprocessor with MP config
Add a boolean for indicating uniprocessors with MP extensions. This
drives the U bit in MPIDR. Prepares support for Cortex-R5.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: a70a80583df265e0174f01fa1fc92b33ea6d1db5.1434066412.git.peter.crosthwaite@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-15 18:06:10 +01:00
Peter Crosthwaite
b7cc4e82f0 arm: Refactor get_phys_addr FSR return mechanism
Currently, the return code for get_phys_addr is overloaded for both
success/fail and FSR value return. This doesn't handle the case where
there is an error with a 0 FSR. This case exists in PMSAv7.

So rework get_phys_addr and friends to return a success/failure boolean
return code and populate the FSR via a caller provided uint32_t
pointer.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: a209e3d8ae00cda55260c970891f520210e26bad.1434066412.git.peter.crosthwaite@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-15 18:06:10 +01:00
Peter Crosthwaite
8e5d75c950 arm: helper: Factor out CP regs common to [pv]msa
V6+ PMSA and VMSA share some common registers that are currently
in the VMSA definition block. Split them out into a new def that can
be shared to PMSA.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 284db78a43c63c9bfbb60de539672c361bcb6af8.1434066412.git.peter.crosthwaite@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-15 18:06:10 +01:00