Commit Graph

15520 Commits

Author SHA1 Message Date
Vincenzo Maffione
b796fcd1bf virtio: cache used_idx in a VirtQueue field
Accessing used_idx in the VQ requires an expensive access to
guest physical memory. Before this patch, 3 accesses are normally
done for each pop/push/notify call. However, since the used_idx is
only written by us, we can track it in our internal data structure.

Signed-off-by: Vincenzo Maffione <v.maffione@gmail.com>
Message-Id: <3d062ec54e9a7bf9fb325c1fd693564951f2b319.1450218353.git.v.maffione@gmail.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-02-06 20:44:08 +02:00
Paolo Bonzini
aa570d6fb6 virtio: combine the read of a descriptor
Compared to vring, virtio has a performance penalty of 10%.  Fix it
by combining all the reads for a descriptor in a single address_space_read
call.  This also simplifies the code nicely.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-02-06 20:44:08 +02:00
Paolo Bonzini
5dba97ebdc vring: slim down allocation of VirtQueueElements
Build the addresses and s/g lists on the stack, and then copy them
to a VirtQueueElement that is just as big as required to contain this
particular s/g list.  The cost of the copy is minimal compared to that
of a large malloc.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-02-06 20:44:08 +02:00
Paolo Bonzini
3b3b062821 virtio: slim down allocation of VirtQueueElements
Build the addresses and s/g lists on the stack, and then copy them
to a VirtQueueElement that is just as big as required to contain this
particular s/g list.  The cost of the copy is minimal compared to that
of a large malloc.

When virtqueue_map is used on the destination side of migration or on
loadvm, the iovecs have already been split at memory region boundary,
so we can just reuse the out_num/in_num we find in the file.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-02-06 20:44:08 +02:00
Paolo Bonzini
3724650db0 virtio: introduce virtqueue_alloc_element
Allocate the arrays for in_addr/out_addr/in_sg/out_sg outside the
VirtQueueElement.  For now, virtqueue_pop and vring_pop keep
allocating a very large VirtQueueElement.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-02-06 20:44:08 +02:00
Paolo Bonzini
ab281c1781 virtio: introduce qemu_get/put_virtqueue_element
Move allocation to virtio functions also when loading/saving a
VirtQueueElement.  This will also let the load/save functions
keep backwards compatibility when the VirtQueueElement layout
is changed.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-02-06 20:44:08 +02:00
Paolo Bonzini
51b19ebe43 virtio: move allocation to virtqueue_pop/vring_pop
The return code of virtqueue_pop/vring_pop is unused except to check for
errors or 0.  We can thus easily move allocation inside the functions
and just return a pointer to the VirtQueueElement.

The advantage is that we will be able to allocate only the space that
is needed for the actual size of the s/g list instead of the full
VIRTQUEUE_MAX_SIZE items.  Currently VirtQueueElement takes about 48K
of memory, and this kind of allocation puts a lot of stress on malloc.
By cutting the size by two or three orders of magnitude, malloc can
use much more efficient algorithms.

The patch is pretty large, but changes to each device are testable
more or less independently.  Splitting it would mostly add churn.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-02-06 20:39:07 +02:00
Paolo Bonzini
6aa46d8ff1 virtio: move VirtQueueElement at the beginning of the structs
The next patch will make virtqueue_pop/vring_pop allocate memory for
the VirtQueueElement. In some cases (blk, scsi, gpu) the device wants
to extend VirtQueueElement with device-specific fields and, until now,
the place of the VirtQueueElement within the containing struct didn't
matter. When allocating the entire block in virtqueue_pop/vring_pop,
however, the containing struct must basically be a "subclass" of
VirtQueueElement, with the VirtQueueElement as the first field. Make
that the case for blk and scsi; gpu is already doing it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-02-04 19:53:02 +02:00
Igor Mammedov
41fa5c0410 pc: acpi: merge SSDT into DSDT
Since both tables are built dynamically now,
there is no point in keeping ASL in them in separate
tables.
So do the same as we do for ARM where we have only
DSDT table, i.e. move SSDT ASL into DSDT and
drop SSDT altogether.
This patch doesn't change moved SSDT ASL in any way,
but it opens a way to relatively independently simplify
generated ASL on per device/subsystem basis in
followup series.
It also simplifies bios-tables-test where expected
SSDT blobs could be dropped and only DSDT ones
have to be maintained.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-02-04 19:53:02 +02:00
Dr. David Alan Gilbert
3e996cc583 Fix virtio migration
I misunderstood the vmstate macro definition when I reworked the
virtio .get/.put.
The VMSTATE_STRUCT_VARRAY_KNOWN, was described as being for "a
variable length array (i.e. _type *_field) but we know the
length".  However it actually specified operation for arrays embedded in
the struct (i.e. _type _field[]) since it lacked the VMS_POINTER
flag. This caused offset calculation to be completely off, examining and
potentially sending random data instead of the VirtQueue content.

Replace the otherwise unused VMSTATE_STRUCT_VARRAY_KNOWN with a
VMSTATE_STRUCT_VARRAY_POINTER_KNOWN that includes the VMS_POINTER flag
(so now actually doing what it advertises) and use it in the virtio
migration code.

Fixes and description as per Sascha's suggestions/debug.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reported-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Tested-By: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-By: Sascha Silbe <silbe@linux.vnet.ibm.com>

Fixes: 50e5ae4dc3
Fixes: 2cf0148674
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-02-04 19:53:02 +02:00
Peter Maydell
bac8e20367 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJWswswAAoJEO8Ells5jWIRmuAIAKfexolRpauVFoMt2w69Yrk4
 0XhaAuSaazsfU06azXKjrchBUgXbw4Y6lw3tkTos4lnd8m1ovfAzSTS4q28rZ+Tf
 u5M06Fi13oyhEViGS4gt6gTwmYPTx2FTBDMCL1OZvka7GPbVsweQn0IS18j1Q2xL
 ps2kruNTad7mUa2EypuBugm3woL8kGupLUX63aWKmnvqobwFDNTKJLWiFn5eXlbg
 Zq7LxmC4R3A5K9rD8wN16ScaK3RH2x83DXaRoddtSIRwdldxG9ZCv2oFKPZrr6WA
 HsJIjurMTXhaRxNL3PsGMd/MbT7gmNF5muq8kZnkORmGxfMvi3RUuBdyhrq1I0w=
 =2Uz/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Thu 04 Feb 2016 08:26:24 GMT using RSA key ID 398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  net/filter: Fix the output information for command 'info network'
  net: always walk through filters in reverse if traffic is egress
  net: netmap: use nm_open() to open netmap ports
  e1000: eliminate infinite loops on out-of-bounds transfer start
  slirp: Adding family argument to tcp_fconnect()
  slirp: Make udp_attach IPv6 compatible
  slirp: Add sockaddr_equal, make solookup family-agnostic
  slirp: Factorizing and cleaning solookup()
  slirp: Factorizing address translation
  slirp: Make Socket structure IPv6 compatible
  slirp: Adding address family switch for produced frames
  slirp: Generalizing and neutralizing ARP code
  slirp: goto bad in udp_input if sosendto fails
  cadence_gem: fix buffer overflow
  net: cadence_gem: check packet size in gem_recieve
  qemu-doc: Do not promote deprecated -smb and -redir options
  net/slirp: Tell the users when they are using deprecated options

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-04 14:17:11 +00:00
Peter Maydell
ae533a46a1 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQIcBAABAgAGBQJWsmNCAAoJEH3vgQaq/DkOQAEP/AwDY/JkKRQuTA2j8xvqxsrF
 ilzQhjvGva1WBU8iKP4L0ILvMbjzNrQh4LE31amY0Er+TDjRfqZkz7vc+/6cQ3uY
 FzXVKYySHbO3hbcamarr+sYu+T7D/6o4uvH04Vj0VDYiGJWcfKitBq2nfXbB55WW
 M9AgKLyMwvRPjfHu9Hp8BIIvQbQvzCnz0lB6q2Bzb4Gb/zR6qmXXXSLsTwXnfmD+
 LDLi/sN/hhdX2yMqNpDmNDqmGoX+NsK2C2AN0X9uEvQ0ePUcIScI338GfP9OeCGs
 To55rYGhyGCYdhEIGh8qdY47r87KrNxFtZXCMcv+oBbXuPIlpxZNESc+b5hzsWFp
 nAJq2FqVH0e69RDV/jl0TviNE8FO2auOZroD/VwWpY6Pk2rhYVUbc6dN13R69Bs5
 iGNEOBC1UI8eFOEEEoyHE+IHXCRodGUpDGa1oNzYvsPir1LKXoYqwwMjMCzDUUMA
 DEPdhQdj7Q9VzYI8GtTEuysunPfOGrjBsaMXvOgJMbU1wZqvqQU4gw5itJGeLGNC
 oc6yfIhmkv8j5N5l3qBzIOcU0iJGRlX2Z8pMPKjtvuLkkw6TBAm2Jal7Xkx8C3TX
 AGXE05khcq8y8wD3jtZJfpLlSkJoJpcD1BaAxig1H1t8hrtntUNnAQ9OfUnAuAZ5
 yjN4MOqG+rPelBqEaMMj
 =UnwI
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Wed 03 Feb 2016 20:29:54 GMT using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"

* remotes/jnsnow/tags/ide-pull-request:
  dma: remove now useless DMA_* functions
  sb16: use IsaDma interface instead of global DMA_* functions
  gus: use IsaDma interface instead of global DMA_* functions
  cs4231a: use IsaDma interface instead of global DMA_* functions
  fdc: use IsaDma interface instead of global DMA_* functions
  sparc64: disable floppy DMA
  sparc: disable floppy DMA
  magnum: disable floppy DMA for now
  i8257: implement the IsaDma interface
  isa: add an ISA DMA interface, and store it within the ISA bus
  i8257: move state definition to new independent header
  i8257: QOM'ify
  i8257: add missing const
  i8257: make the DMA running method per controller
  i8257: rename functions to start with i8257_ prefix
  i8257: rename struct dma_regs to I8257Regs
  i8257: rename struct dma_cont to I8257State
  i8257: pass ISA bus to DMA_init() function
  i82374: device only existed as ISA device, so simplify device
  fdc: fix detection under Linux

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-04 12:50:43 +00:00
Peter Maydell
071aacc9c9 target-arm queue:
* virt-acpi-build: add always-on property for timer
  * various fixes for EL2 and EL3 behaviour
  * arm: virt-acpi: each MADT.GICC entry as enabled unconditionally
  * target-arm: Don't report presence of EL2 if it doesn't exist
  * raspi: add raspberry pi 2 machine
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJWsk26AAoJEDwlJe0UNgzeWwAP/j5AWKgqsi9hpskq1BVtjc8P
 yZZlsRcSN8oyKMRoCXUCXztQhiBSYVABeeABH5JWsoxCK1CA6vBqkOl89ENfhwNZ
 TmeRh4BLCwfW+YIb9OG84JoVpCbvt6M7KYpCA3DJBy5GLOsO5vxd3E3BLN7O+dKH
 ljEcF0l+SlJAupK692A34nyS01dCs91xwP/kigOSPoVjpkUBOmSHrQhD4wTHjunr
 xj6fgc6rLqnG9TrNUkTn8aIB8lZ1j9VmJUetbp0x/Zo7TKcC8KObh+pYk3hik7JK
 PLhNJU0tPe55PEx+RLi8i6vYZp8Fqsl5qskjshl3uBtvK5TR0doxbIAu89raapWL
 Bg7xesN2H6Z+w0tq6TRLU4FhL+MtN0+wQy6PJ55NOkHVgZv9/i5keH4Xe/vZwMZd
 YGVhhrSSjfGmR878Rh6s7v1ZNFhAJenti4icd66e82InPl6UHf2SC34dLBpzW6SF
 qnmIt3BCHIDruwJKmWF71RAjmd9eR4xSEw1wcqoZF7UqghnQOBSuszEv8dlvRmES
 zNYgDqOjxQ79X3zmtXLKQ8UFoGQqhy3E2DF6lsHgxHCwcwHKKuro6Q3LQWnLZvau
 e5CVQShK2lU8o2dwMLmXakjoFGleCG0OsJBz9Ls89w1YV/c4X/UPFXwAJMhJ5P9v
 cYtw9ol7WJmT5yLxQGtI
 =Ul6h
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160203' into staging

target-arm queue:
 * virt-acpi-build: add always-on property for timer
 * various fixes for EL2 and EL3 behaviour
 * arm: virt-acpi: each MADT.GICC entry as enabled unconditionally
 * target-arm: Don't report presence of EL2 if it doesn't exist
 * raspi: add raspberry pi 2 machine

# gpg: Signature made Wed 03 Feb 2016 18:58:02 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"

* remotes/pmaydell/tags/pull-target-arm-20160203:
  raspi: add raspberry pi 2 machine
  arm/boot: move highbank secure board setup code to common routine
  bcm2836: add bcm2836 SoC device
  bcm2836_control: add bcm2836 ARM control logic
  bcm2835_peripherals: add rollup device for bcm2835 peripherals
  bcm2835_ic: add bcm2835 interrupt controller
  bcm2835_property: add bcm2835 property channel
  bcm2835_mbox: add BCM2835 mailboxes
  target-arm: Don't report presence of EL2 if it doesn't exist
  libvixl: Avoid std::abs() of 64-bit type
  arm: virt-acpi: each MADT.GICC entry as enabled unconditionally
  target-arm: Implement the S2 MMU inputsize > pamax check
  target-arm: Rename check_s2_startlevel to check_s2_mmu_setup
  target-arm: Apply S2 MMU startlevel table size check to AArch64
  hw/arm: Setup EL1 and EL2 in AArch64 mode for 64bit Linux boots
  target-arm: Make various system registers visible to EL3
  virt-acpi-build: add always-on property for timer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-04 11:06:35 +00:00
Laszlo Ersek
dd793a7488 e1000: eliminate infinite loops on out-of-bounds transfer start
The start_xmit() and e1000_receive_iov() functions implement DMA transfers
iterating over a set of descriptors that the guest's e1000 driver
prepares:

- the TDLEN and RDLEN registers store the total size of the descriptor
  area,

- while the TDH and RDH registers store the offset (in whole tx / rx
  descriptors) into the area where the transfer is supposed to start.

Each time a descriptor is processed, the TDH and RDH register is bumped
(as appropriate for the transfer direction).

QEMU already contains logic to deal with bogus transfers submitted by the
guest:

- Normally, the transmit case wants to increase TDH from its initial value
  to TDT. (TDT is allowed to be numerically smaller than the initial TDH
  value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe
  that QEMU currently has here is a check against reaching the original
  TDH value again -- a complete wraparound, which should never happen.

- In the receive case RDH is increased from its initial value until
  "total_size" bytes have been received; preferably in a single step, or
  in "s->rxbuf_size" byte steps, if the latter is smaller. However, null
  RX descriptors are skipped without receiving data, while RDH is
  incremented just the same. QEMU tries to prevent an infinite loop
  (processing only null RX descriptors) by detecting whether RDH assumes
  its original value during the loop. (Again, wrapping from RDLEN to 0 is
  normal.)

What both directions miss is that the guest could program TDLEN and RDLEN
so low, and the initial TDH and RDH so high, that these registers will
immediately be truncated to zero, and then never reassume their initial
values in the loop -- a full wraparound will never occur.

The condition that expresses this is:

  xdh_start >= s->mac_reg[XDLEN] / sizeof(desc)

i.e., TDH or RDH start out after the last whole rx or tx descriptor that
fits into the TDLEN or RDLEN sized area.

This condition could be checked before we enter the loops, but
pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for
bogus DMA addresses, so we just extend the existing failsafes with the
above condition.

This is CVE-2016-1981.

Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Prasad Pandit <ppandit@redhat.com>
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: qemu-stable@nongnu.org
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04 14:13:11 +08:00
Michael S. Tsirkin
d7f053652f cadence_gem: fix buffer overflow
gem_transmit copies a packet from guest into an tx_packet[2048]
array on stack, with size limited by descriptor length set by guest.  If
guest is malicious and specifies a descriptor length that is too large,
and should packet size exceed array size, this results in a buffer
overflow.

Reported-by: 刘令 <liuling-it@360.cn>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04 13:22:06 +08:00
Prasad J Pandit
244381ec19 net: cadence_gem: check packet size in gem_recieve
While receiving packets in 'gem_receive' routine, if Frame Check
Sequence(FCS) is enabled, it copies the packet into a local
buffer without checking its size. Add check to validate packet
length against the buffer size to avoid buffer overflow.

Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04 13:22:06 +08:00
Peter Maydell
382d34ff9f -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJWsiEWAAoJEJykq7OBq3PIGXYIALsxSU9HYOBqt/7J5E07EUxS
 ef3pu/CnMSHw3I/oLVe+pdpwyKMEhRRa75t8DSl4+UodsPXyZ/YtuBTm2v7J+FXD
 tjOoDYimAuDqeJU+km4O3PRUKSUKIlo0V4g7DRWF1qCCC4xw8SwmkBvfax7oFf3a
 ew3s0Lw/v11/foe5lKTkgTBgoXKk/Oc1E3rhSsOb7WvZq0CbrhRV3R5Lp0jbXkjF
 1LMijbsQvzQY7v07r4FcZ2vwhdI5eUXQOKg6sHMBqBbNdrR0zEQeylgdXq7H2rqm
 RhdkK4Dd1bs4K1gk4TXNhysd7/U5gRJhGqeBkYCI12lNY9AJwyH0OBcBxGZBV6U=
 =pTqw
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

# gpg: Signature made Wed 03 Feb 2016 15:47:34 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/tracing-pull-request:
  log: add "-d trace:PATTERN"
  trace: switch default backend to "log"
  trace: convert stderr backend to log
  log: move qemu-log.c into util/ directory
  log: do not unnecessarily include qom/cpu.h
  trace: add "-trace help"
  trace: add "-trace enable=..."
  trace: no need to call trace_backend_init in different branches now
  trace: split trace_init_file out of trace_init_backends
  trace: split trace_init_events out of trace_init_backends
  trace: fix documentation
  trace: track enabled events in a separate array
  trace: count number of enabled events

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 19:00:33 +00:00
Hervé Poussineau
ba0a71022c dma: remove now useless DMA_* functions
Keep only DMA_init function as a wrapper around DMA controllers creation.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-20-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:58 -05:00
Hervé Poussineau
f203c16ea2 sb16: use IsaDma interface instead of global DMA_* functions
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-19-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:58 -05:00
Hervé Poussineau
467be5f2f0 gus: use IsaDma interface instead of global DMA_* functions
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-18-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:58 -05:00
Hervé Poussineau
2d01109133 cs4231a: use IsaDma interface instead of global DMA_* functions
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-17-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:58 -05:00
Hervé Poussineau
c8a35f1cf0 fdc: use IsaDma interface instead of global DMA_* functions
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-16-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:58 -05:00
Hervé Poussineau
c3ae40e12c sparc64: disable floppy DMA
All functions relative to DMA (DMA_*() functions) are stubs on sparc64 platform.
Disable the DMA of the floppy controller, instead of calling these stubs.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-15-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:57 -05:00
Hervé Poussineau
dd446051b7 sparc: disable floppy DMA
All functions relative to DMA (DMA_*() functions) are stubs on sparc platform.
Disable the DMA in the floppy controller, instead of calling these stubs.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-14-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:57 -05:00
Hervé Poussineau
020e298699 magnum: disable floppy DMA for now
Floppy uses the DMA controller in rc4030 chipset, and not the i8259 from the ISA bus.
It's better to disable DMA than to call the wrong DMA controller.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-13-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:57 -05:00
Hervé Poussineau
16ffe36360 i8257: implement the IsaDma interface
Rewrite the global DMA_*() functions to use the IsaDma interface.
Note that these functions will be deleted in a few commits.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-12-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:57 -05:00
Hervé Poussineau
5484f30b2c isa: add an ISA DMA interface, and store it within the ISA bus
This will permit to deprecate global DMA_*() functions.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-11-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:57 -05:00
Hervé Poussineau
f5f19ee2e4 i8257: move state definition to new independent header
We will now be able to embed the i8257 interrupt controller in another object.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-10-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:56 -05:00
Hervé Poussineau
340e19ebf2 i8257: QOM'ify
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-9-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:56 -05:00
Hervé Poussineau
8d3c4c81f3 i8257: add missing const
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-8-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:56 -05:00
Hervé Poussineau
b9ebd28c62 i8257: make the DMA running method per controller
This removes some static/global variables, and we're now running only the
required controller (master or slave)

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-7-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:56 -05:00
Hervé Poussineau
74c47de010 i8257: rename functions to start with i8257_ prefix
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-6-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:56 -05:00
Hervé Poussineau
0eee6d6262 i8257: rename struct dma_regs to I8257Regs
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-5-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:55 -05:00
Hervé Poussineau
6a128b1330 i8257: rename struct dma_cont to I8257State
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-4-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:55 -05:00
Hervé Poussineau
5714694192 i8257: pass ISA bus to DMA_init() function
i8257 DMA controller exists on one ISA bus, so let's specify it at initialization.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-3-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:55 -05:00
Hervé Poussineau
449ae7eca9 i82374: device only existed as ISA device, so simplify device
Merge ISAi82374State fields into parent structure I82374State.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-2-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-02-03 11:28:55 -05:00
John Snow
fd9bdbd345 fdc: fix detection under Linux
Accidentally, I removed a "feature" where empty drives had geometry
values applied to them, which allows seek on empty drives to work
"by accident," as QEMU actually tries to disallow that.

Seeks on empty drives should work, though, but the easiest thing is to
restore the misfeature where empty drives have non-zero geometries
applied.

Document the hack accordingly.

[Maintainer edit]

This fix corrects a regression introduced in d5d47efc, where
pick_geometry was modified such that it would not operate on empty
drives, and as a result if there is no diskette inserted, QEMU
no longer populates it with geometry bounds. As a result, seek fails
when QEMU denies to move the current track, but reports success anyway.
This can confuse the guest, leading to kernel panics in the guest.


Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1454106932-17236-1-git-send-email-jsnow@redhat.com
2016-02-03 11:28:55 -05:00
Andrew Baumann
1df7d1f930 raspi: add raspberry pi 2 machine
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 15:00:47 +00:00
Andrew Baumann
716536a9b6 arm/boot: move highbank secure board setup code to common routine
The new version is slightly different, to support Rasbperry Pi (in
particular, Pi1's arm11 core which doesn't support v7 instructions
such as MOVW).

Tested-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 15:00:46 +00:00
Andrew Baumann
bad5623690 bcm2836: add bcm2836 SoC device
This is the SoC for Raspberry Pi 2.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 15:00:46 +00:00
Andrew Baumann
cc28296d82 bcm2836_control: add bcm2836 ARM control logic
This module is specific to the bcm2836 (Pi2). It implements the top
level interrupt controller, and mailboxes used for inter-processor
synchronisation.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 15:00:45 +00:00
Andrew Baumann
7c62aeb82a bcm2835_peripherals: add rollup device for bcm2835 peripherals
This device maintains all the non-CPU peripherals on bcm2835 (Pi1)
which are also present on bcm2836 (Pi2). It also implements the
private address spaces used for DMA and mailboxes.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 15:00:45 +00:00
Andrew Baumann
e3ece3e34d bcm2835_ic: add bcm2835 interrupt controller
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 15:00:44 +00:00
Andrew Baumann
04f1ab15b9 bcm2835_property: add bcm2835 property channel
This sits behind the mailbox interface, and implements
request/response queries for system properties. The
framebuffer-related properties will be added in a later patch.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 15:00:44 +00:00
Andrew Baumann
99494e696e bcm2835_mbox: add BCM2835 mailboxes
This adds the system mailboxes which are used to communicate with a
number of GPU peripherals on Pi/Pi2.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 14:56:32 +00:00
Igor Mammedov
6d152ebaf4 arm: virt-acpi: each MADT.GICC entry as enabled unconditionally
in current impl. condition

build_madt() {
  ...
  if (test_bit(i, cpuinfo->found_cpus))

is always true since loop handles only present CPUs
in range [0..smp_cpus).
But to fill usless cpuinfo->found_cpus we do unnecessary
scan over QOM tree to find the same CPUs.
So mark GICC as present always and drop not needed
code that fills cpuinfo->found_cpus.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org>
Message-id: 1454323689-248759-1-git-send-email-imammedo@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 13:46:34 +00:00
Edgar E. Iglesias
48d21a576a hw/arm: Setup EL1 and EL2 in AArch64 mode for 64bit Linux boots
When booting Linux on AArch64 enabled cores, setup EL1 and
EL2 to use AArch64.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 13:46:33 +00:00
Andrew Jones
a43e68a08b virt-acpi-build: add always-on property for timer
This patch is the ACPI equivalent of "hw/arm/virt: Add always-on
property to the virt board timer". The timer is always on, and
thus setting this informs Linux that it may switch off the periodic
timer. Switching off the periodic timer substantially reduces the
number of interrupts the host needs to inject.

Testing note: AArch64 guests (the only ones currently booting with
ACPI) do not actually need this patch to determine it can turn the
periodic timer off. I therefore used a hacked guest kernel to ensure
this patch works as the equivalent DT patch does.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org>
Message-id: 1453380893-26174-1-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03 13:46:32 +00:00
Gerd Hoffmann
321c9adba5 virtio-gpu: block any rendering until client (ui) is done
Wire up gl_block callback, so ui code can request to stop
virtio-gpu rendering.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-03 10:41:36 +01:00
Gerd Hoffmann
0c55a1cfd3 virtio-gpu: add support to enable/disable command processing
So we can stop rendering for a while in case we have to.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2016-02-03 10:41:36 +01:00
Gerd Hoffmann
3eb769fd1c virtio-gpu: maintain command queue
We'll go take out the commands we receive out of the virt queue and put
them into a linked list, to decouple virtio queue handling from actual
command processing.

Also move cmd processing to new virtio_gpu_handle_ctrl func, so we can
easily kick it from different places.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-03 10:41:36 +01:00
Gerd Hoffmann
8d94c1ca53 virtio-gpu: fix memory leak in error path
Found by Coverity Scan, buf not freed on error.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2016-02-03 10:41:36 +01:00
Paolo Bonzini
508127e243 log: do not unnecessarily include qom/cpu.h
Split the bits that require it to exec/log.h.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-id: 1452174932-28657-8-git-send-email-den@openvz.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-02-03 09:19:10 +00:00
Peter Maydell
c65db7705b Block patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJWsOYgAAoJEDuxQgLoOKyt/DUH/1hIzxS+qyh3iko0B5O0aWny
 PJObgy4004T9yClYDOPRvoNfoFAw63iOkfnMArnzTETEaPR94DJXYM0uTLY8Pyht
 wNcAZm44FlYKhEOOXqFslE6Z1arOR2s2wTYGn4s6BvkGbGlHCWr7N7n5trMpLAMJ
 /jAT+PNAgJrxlI/vVDeitFhQYABwXmBdPpf1kgn28IepBAI62de1rJubX27WoWuQ
 j1+VwhbKCWFwE4PqDHVVo2Wm+Gv5A53alB6Adpx6+5xXYLWBBq/nNg1SwDXfD0+q
 gk7Qiwso+7fFWMX6mx2qgvdXBI2R4NlLoQAzA6sjWF1v4hf76/wjNQLsg+1+qXo=
 =BEb2
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-for-peter-2016-02-02' into staging

Block patches

# gpg: Signature made Tue 02 Feb 2016 17:23:44 GMT using RSA key ID E838ACAD
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>"

* remotes/maxreitz/tags/pull-block-for-peter-2016-02-02: (50 commits)
  block: qemu-iotests - add test for snapshot, commit, snapshot bug
  block: set device_list.tqe_prev to NULL on BDS removal
  iotests: Add "qemu-img map" test for VMDK extents
  qemu-img: Make MapEntry a QAPI struct
  qemu-img: In "map", use the returned "file" from bdrv_get_block_status
  block: Use returned *file in bdrv_co_get_block_status
  vmdk: Return extent's file in bdrv_get_block_status
  vmdk: Fix calculation of block status's offset
  vpc: Assign bs->file->bs to file in vpc_co_get_block_status
  vdi: Assign bs->file->bs to file in vdi_co_get_block_status
  sheepdog: Assign bs to file in sd_co_get_block_status
  qed: Assign bs->file->bs to file in bdrv_qed_co_get_block_status
  parallels: Assign bs->file->bs to file in parallels_co_get_block_status
  iscsi: Assign bs to file in iscsi_co_get_block_status
  raw: Assign bs to file in raw_co_get_block_status
  qcow2: Assign bs->file->bs to file in qcow2_co_get_block_status
  qcow: Assign bs->file->bs to file in qcow_co_get_block_status
  block: Add "file" output parameter to block status query functions
  block: acquire in bdrv_query_image_info
  iotests: Add test for block jobs and BDS ejection
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-02 18:04:04 +00:00
Peter Maydell
3bb1e822ca usb: two ehci fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJWsKsgAAoJEEy22O7T6HE4gPUP/2KhBKSoLh+sxuyDYtlSV28c
 GZXAEKTed9BK+aCFKQl63Nlu8mJUEIxkqokSBKYdY/rXrGTeyYZoLHQ4yU/8PmcF
 zThQrOOKHMv0B5m3ZfU3pjuD8bkzT3ao3ZwpLNooQvr71nKsLTfi2HlV4B0kKQWg
 wJqu8HXFBcsaTn4fxzCSw613ZtU6jOIXIm1MaIq3U3DMS5L7qiT/eOpbgUGJK110
 V9mzvCYovKK5hYkdkwHXEVHcN+uRLPxDyxXyOBCuAQrB2+7SFFTtff+OFqb0+Txw
 VheZfRuHmWUj/YhevzorntYgu8L2OcVuRZm0LGwOkTikx/FgSzfl3LLbL5pxChVi
 0CYKez4ZHA5o2T1s40kg+y78o9Ko+8o1YOaPVzvR9JM8cMG9LhRblmaORDjoQiWB
 Z6XUzoT8138kG+d8gXlhAFcuHar3uei9XYnPXfNg+dRnf7KjofRVintYQJbmNkBV
 8tvGyRBIlZ/TkW0fF4YFGxRjRfT/zbTPhjUZP6n8umh5pRkhKRuTKtJXMKKMT8J5
 xpFY8j63OVfkhrQPxplZcwJfessZTmpimrlm+LjJQzSEclM5kVoAzCNoYGnRTYf0
 CkQeSKJBFLQa94HNxmGiYjTiYIJsycfF7x8VTcMLavQAuiOjb3wc2Fji15dCrb4Y
 3I2cSNiltVGLUkqulDAz
 =ys3c
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160202-1' into staging

usb: two ehci fixes.

# gpg: Signature made Tue 02 Feb 2016 13:12:00 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-usb-20160202-1:
  ehci: update irq on reset
  usb: check page select value while processing iTD

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-02 17:01:56 +00:00
Max Reitz
5b9e0e4693 virtio-scsi: Catch BDS-BB removal/insertion
Make use of the BDS-BB removal and insertion notifiers to remove or set
up, respectively, virtio-scsi's op blockers.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-02-02 17:50:46 +01:00
Max Reitz
1b1e0659a4 virtio-blk: Functions for op blocker management
Put the code for setting up and removing op blockers into an own
function, respectively. Then, we can invoke those functions whenever a
BDS is removed from an virtio-blk BB or inserted into it.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-02-02 17:50:46 +01:00
Max Reitz
abb3e55b5b Revert "hw/block/fdc: Implement tray status"
This reverts the changes that commit
2e1280e8ff applied to hw/block/fdc.c;
also, an additional case of drv->media_inserted use has crept in since,
which is replaced by a call to blk_is_inserted().

That commit changed tests/fdc-test.c, too, because after it, one less
TRAY_MOVED event would be emitted when executing 'change' on an empty
drive. However, now, no TRAY_MOVED events will be emitted at all, and
the tray_open status returned by query-block will always be false,
necessitating (different) changes to tests/fdc-test.c and iotest 118,
which is why this patch is not a pure revert of said commit.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 1454096953-31773-4-git-send-email-mreitz@redhat.com
Reviewed-by: Eric Blake <eblake@redhat.com>
2016-02-02 17:47:04 +01:00
Peter Maydell
958e369360 audio: Clean up includes
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJWsKfeAAoJEEy22O7T6HE4Z74QAI+wj9IfERD0CX2ZQOuxLtDZ
 cH8OlhfTX7A38yIay+xrRDnW2ZfFGHqxcPh8BtkP2h7jTojKl0HVuS5HDllkReqa
 sVY5g0sk7bdcO2nhA57XCKK0uW8hv9NcxLhX6LwNMrvNKIw9SAoo+oT+7GxRHfra
 tmY4+gm65KEPxy/htP7nrq/ClD4N6W6tjQ5yShataDEBRKd2LJ/60erPPXjVRQ69
 iH0iw2QSRGljpZKNT76/MvVHcH0PvshEFpKbcmO75X/unLvbUCfa6q9jlHUv1r9u
 0afdogq/enBwBCgnvC1gC47KogyHxTQznPUnHcU50CHO6/iVOi0C9QaVRq7xbBdY
 ct4lnZ7FmGbmAgxXUNNES8F5wlMX6HEo7nv8Md8tZK/+hW0X1OFHHRlp+G641RgQ
 D0ByO29nTVKX3rgtoJsSnVt9NCtubjYr9Pv/c1lIbeOZdc1qDG53W9o/fv7CUlEu
 5sz8UJOKWdMjaS0PPF+m03IJ4o3QuWGGjexQTJ6WmAduYtbdGRIpSj6O0Oem0+sY
 8ZFhoMZ9GConX0+kkmt9IXcbgFEZQsBgEseKTJums8TQNsv1omLBz1rkaQN32w50
 zTB+1zV38A6d1gx/GJzqxGZdagbtxZn4yPDwyUpMmqqX36dQBkq6Qakqo+HgKLWp
 nSARa1vZf9GC6kifUNx9
 =jOlf
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-20160202-1' into staging

audio: Clean up includes

# gpg: Signature made Tue 02 Feb 2016 12:58:06 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-audio-20160202-1:
  audio: Clean up includes

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-02 14:55:01 +00:00
Peter Maydell
dce0238c74 nvme: generate OpenFirmware device path in the "bootorder" fw_cfg file
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJWsKbsAAoJEEy22O7T6HE4e58QAITA++LhG9ulH0YBtWbY5pnF
 7eTbO/QiDKjepV+/P92SbBVhv7gFROCJdUFqqGs+b8aGolxcyzghZafUE0HWYirR
 JQ8vtF2yHTUN9IAdq/qv2xlukci78PtuDnC2tybXNbIqcOXGOllPq6hVcRSrt8lE
 t5tfF7+Jc0QwTIvLhj5FcMa2kChz5rbp0UAF9hjSufRwfqukFVDhFb3zxJze5226
 V1kpeSAA2WhPnyi+F77NRl7ucOKhfdN816Wkj8xpSCpIrfiuCtTVlKXD+M0FuPU8
 BH6VrQZqGu2WFY5RldKjnMpw2wUTJuavLd/IEfGDC6XgRQUtyTIcNBFxFg02HWM7
 WL5T/BApoRcadzl5MToIRMeEKwaAnmWkGctHY26TfOsbk2dQhXTHzhAYcTRPT/WM
 ag3Vsorr6k8Iwn/yWkGSBGz6LBejh9zq/DsGjeJepFxkQLd4Dw39DzgsBwoLhUcM
 zBRib/p5dF1GFPdpcAOjK1GV4a/rpQYpKJ7DjIjtkA865ocKoEW2fVA8ApRqUh2K
 +JDRnFI7LMG4izshSrNLQbWswaqsuRwcSjU11DepJquGglRBdhvfgKhL3yKXpna7
 a4+XbgrrwMCURNictcgi6WD+Gncw92OMfonki61CrLZhkqhye/TQfseucKYvru7g
 lcvRDp54suBPxviT9OZa
 =tAQf
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-fwcfg-20160202-1' into staging

nvme: generate OpenFirmware device path in the "bootorder" fw_cfg file

# gpg: Signature made Tue 02 Feb 2016 12:54:04 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-fwcfg-20160202-1:
  nvme: generate OpenFirmware device path in the "bootorder" fw_cfg file

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-02 14:27:12 +00:00
Gerd Hoffmann
5a8660741a ehci: update irq on reset
After clearing the status register we also have to update the irq line
status.  Otherwise a irq which happends to be pending at reset time
causes a interrupt storm.  And the guest can't stop as the status
register doesn't indicate any pending interrupt.

Both NetBSD and FreeBSD hang on shutdown because of that.

Cc: qemu-stable@nongnu.org
Reported-by: Andrey Korolyov <andrey@xdel.ru>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1453203884-4125-1-git-send-email-kraxel@redhat.com
2016-02-02 14:11:01 +01:00
Prasad J Pandit
49d925ce50 usb: check page select value while processing iTD
While processing isochronous transfer descriptors(iTD), the page
select(PG) field value could lead to an OOB read access. Add
check to avoid it.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1453233406-12165-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-02 14:11:01 +01:00
Peter Maydell
6086a565b0 audio: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453138432-8324-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-02 13:57:31 +01:00
Marc-André Lureau
9940c3236f ivshmem: use a single eventfd callback, get rid of CharDriver
Simplify the interrupt handling by having a single callback on irq&msi
cases. Remove usage of CharDriver, replace it with
qemu_set_fd_handler(). Use event_notifier_test_and_clear() to read the
eventfd.

Before this patch, ivshmem writes the first byte received to
s->intrstatus. But ivshmem_device_spec.txt says "The status register is
set to 1 when an interrupt occurs." Fortunately, the byte usually comes
from another ivshmem device, and those always write 1.

After this commit, follows the specification, set to 1 when an interrupt
occurs.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
2016-02-02 13:28:58 +01:00
Marc-André Lureau
fd47bfe5ad ivshmem: generalize ivshmem_setup_interrupts
Call ivshmem_setup_interrupts() with or without MSI, always allocate
msi_vectors that is going to be used in all case in the following patch.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-02-02 13:28:58 +01:00
Marc-André Lureau
47213eb110 ivshmem: remove redundant assignment, fix crash with msi=off
Fix crash when msi=false introduced in 660c97ee (msi_vectors is NULL in
this case)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-02-02 13:28:58 +01:00
Marc-André Lureau
2c64846972 ivshmem: no need for opaque argument
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-02-02 13:28:58 +01:00
Laszlo Ersek
a907ec52cc nvme: generate OpenFirmware device path in the "bootorder" fw_cfg file
Background on QEMU boot indices
-------------------------------

Normally, the "bootindex" property is configured for bootable devices
with:

  DEVICE_instance_init()
    device_add_bootindex_property(..., "bootindex", ...)
      object_property_add(..., device_get_bootindex,
                          device_set_bootindex, ...)

and when the bootindex is set on the QEMU command line, with

  -device DEVICE,...,bootindex=N

the setter that was configured above is invoked:

  device_set_bootindex()
    /* parse boot index */
    visit_type_int32()

    /* verify unicity */
    check_boot_index()

    /* store parsed boot index */
    ...

    /* insert device path to boot order */
    add_boot_device_path()

In the last step, add_boot_device_path() ensures that an OpenFirmware
device path will show up in the "bootorder" fw_cfg file, at a position
corresponding to the device's boot index. Thus guest firmware (SeaBIOS and
OVMF) can try to boot off the device with the right priority.

NVMe boot index
---------------

In QEMU commit 33739c7129,

  nvma: ide: add bootindex to qom property

the following generic setters / getters:
- device_set_bootindex()
- device_get_bootindex()

were open-coded for NVMe, under the names
- nvme_set_bootindex()
- nvme_get_bootindex()

Plus nvme_instance_init() was added to configure the "bootindex" property
manually, designating the open-coded getter & setter, rather than calling
device_add_bootindex_property().

Crucially, nvme_set_bootindex() avoided the final add_boot_device_path()
call. This fact is spelled out in the message of commit 33739c7129, and
it was presumably the entire reason for all of the code duplication.

Now, Vladislav filed an RFE for OVMF
<https://github.com/tianocore/edk2/issues/48>; OVMF should boot off NVMe
devices. It is simple to build edk2's existent NvmExpressDxe driver into
OVMF, but the boot order matching logic in OVMF can only handle NVMe if
the "bootorder" fw_cfg file includes such devices.

Therefore this patch converts the NVMe device model to
device_set_bootindex() all the way.

Device paths
------------

device_set_bootindex() accepts an optional parameter called "suffix". When
present, it is expected to take the form of an OpenFirmware device path
node, and it gets appended as last node to the otherwise auto-generated
OFW path.

For NVMe, the auto-generated part is

  /pci@i0cf8/pci8086,5845@6[,1]
       ^     ^            ^  ^
       |     |            PCI slot and (present when nonzero)
       |     |            function of the NVMe controller, both hex
       |     "driver name" component, built from PCI vendor & device IDs
       PCI root at system bus port, PIO

to which here we append the suffix

  /namespace@1,0
             ^ ^
             | big endian (MSB at lowest address) numeric interpretation
             | of the 64-bit IEEE Extended Unique Identifier, aka EUI-64,
             | hex
             32-bit NVMe namespace identifier, aka NSID, hex

resulting in the OFW device path

  /pci@i0cf8/pci8086,5845@6[,1]/namespace@1,0

The reason for including the NSID and the EUI-64 is that an NVMe device
can in theory produce several different namespaces (distinguished by
NSID). Additionally, each of those may (optionally) have an EUI-64 value.

For now, QEMU only provides namespace 1.

Furthermore, QEMU doesn't even represent the EUI-64 as a standalone field;
it is embedded (and left unused) inside the "NvmeIdNs.res30" array, at the
last eight bytes. (Which is fine, since EUI-64 can be left zero-filled if
unsupported by the device.)

Based on the above, we set the "unit address" part of the last
("namespace") node to fixed "1,0".

OVMF will then map the above OFW device path to the following UEFI device
path fragment, for boot order processing:

  PciRoot(0x0)/Pci(0x6,0x1)/NVMe(0x1,00-00-00-00-00-00-00-00)
          ^        ^   ^    ^    ^   ^
          |        |   |    |    |   octets of the EUI-64 in address order
          |        |   |    |    NSID
          |        |   |    NVMe namespace messaging device path node
          |        PCI slot and function
          PCI root bridge

Cc: Keith Busch <keith.busch@intel.com> (supporter:nvme)
Cc: Kevin Wolf <kwolf@redhat.com> (supporter:Block layer core)
Cc: qemu-block@nongnu.org (open list:nvme)
Cc: Gonglei <arei.gonglei@huawei.com>
Cc: Vladislav Vovchenko <vladislav.vovchenko@sk.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Keith Busch <keith.busch@intel.com>
Tested-by: Vladislav Vovchenko <vladislav.vovchenko@sk.com>
Message-id: 1453850483-27511-1-git-send-email-lersek@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-02 12:45:01 +01:00
David Gibson
1114e712c9 target-ppc: Helper to determine page size information from hpte alone
h_enter() in the spapr code needs to know the page size of the HPTE it's
about to insert.  Unlike other paths that do this, it doesn't have access
to the SLB, so at the moment it determines this with some open-coded
tests which assume POWER7 or POWER8 page size encodings.

To make this more flexible add ppc_hash64_hpte_page_shift_noslb() to
determine both the "base" page size per segment, and the individual
effective page size from an HPTE alone.

This means that the spapr code should now be able to handle any page size
listed in the env->sps table.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30 23:49:27 +11:00
David Gibson
61a36c9b5a target-ppc: Add new TLB invalidate by HPTE call for hash64 MMUs
When HPTEs are removed or modified by hypercalls on spapr, we need to
invalidate the relevant pages in the qemu TLB.

Currently we do that by doing some complicated calculations to work out the
right encoding for the tlbie instruction, then passing that to
ppc_tlb_invalidate_one()... which totally ignores the argument and flushes
the whole tlb.

Avoid that by adding a new flush-by-hpte helper in mmu-hash64.c.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30 23:49:27 +11:00
David Gibson
7ef23068bf target-ppc: Convert mmu-hash{32,64}.[ch] from CPUPPCState to PowerPCCPU
Like a lot of places these files include a mixture of functions taking
both the older CPUPPCState *env and newer PowerPCCPU *cpu.  Move a step
closer to cleaning this up by standardizing on PowerPCCPU, except for the
helper_* functions which are called with the CPUPPCState * from tcg.

Callers and some related functions are updated as well, the boundaries of
what's changed here are a bit arbitrary.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30 23:37:38 +11:00
Programmingkid
98ae3b27d5 uninorth.c: add support for UniNorth kMacRISCPCIAddressSelect (0x48) register
Darwin/OS X use the undocumented kMacRISCPCIAddressSelect (0x48) to
configure PCI memory space size for mac99 machines. Without this
register, warnings similar to below are emitted to the console during boot:

AppleMacRiscPCI: bad range 2(80000000:01000000)
AppleMacRiscPCI: bad range 2(81000000:00001000)
AppleMacRiscPCI: bad range 2(81080000:00080000)

Based upon the algorithm in Darwin's AppleMacRiscPCI.cpp driver, set the
kMacRISCPCIAddressSelect register so that Darwin considers the PCI
memory space to be at 0x80000000 (size 0x10000000) which matches that
currently used by QEMU and OpenBIOS.

Signed-off-by: John Arbuckle <programmingkidx@gmail.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
[commit message and comment revised as suggested by Mark Cave-Ayland]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-30 23:37:38 +11:00
Alyssa Milburn
ff472a5bad cuda.c: return error for unknown commands
This avoids MacsBug hanging at startup in the absence of ADB mouse
input, by replying with an error (which is also what MOL does) when
it sends an unknown command (0x1c).

Signed-off-by: Alyssa Milburn <fuzzie@fuzzie.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-30 23:37:38 +11:00
David Gibson
ecbc25fa86 pseries: Allow TCG h_enter to work with hotplugged memory
The implementation of the H_ENTER hypercall for PAPR guests needs to
enforce correct access attributes on the inserted HPTE.  This means
determining if the HPTE's real address is a regular RAM address (which
requires attributes for coherent access) or an IO address (which requires
attributes for cache-inhibited access).

At the moment this check is implemented with (raddr < machine->ram_size),
but that only handles addresses in the base RAM area, not any hotplugged
RAM.

This patch corrects the problem with a new helper.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2016-01-30 23:37:38 +11:00
David Gibson
98a5d100c2 pseries: Clean up error reporting in htab migration functions
The functions for migrating the hash page table on pseries machine type
(htab_save_setup() and htab_load()) can report some errors with an
explicit fprintf() before returning an appropriate error code.  Change some
of these to use error_report() instead. htab_save_setup() is omitted for
now to avoid conflicts with some other in-progress work.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-01-30 23:37:37 +11:00
David Gibson
d54e4d7659 pseries: Clean up error reporting in ppc_spapr_init()
This function includes a number of explicit fprintf()s for errors.
Change these to use error_report() instead.

Also replace the single exit(EXIT_FAILURE) with an explicit exit(1), since
the latter is the more usual idiom in qemu by a large margin.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-01-30 23:37:37 +11:00
David Gibson
1e49182d05 pseries: Clean up error handling in xics_system_init()
Use the error handling infrastructure to pass an error out from
try_create_xics() instead of assuming &error_abort - the caller is in a
better position to decide on error handling policy.

Also change the error handling from an &error_abort to &error_fatal, since
this occurs during the initial machine construction and could be triggered
by bad configuration rather than a program error.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-01-30 23:37:37 +11:00
David Gibson
adf9ac50db pseries: Clean up error handling in spapr_rtas_register()
The errors detected in this function necessarily indicate bugs in the rest
of the qemu code, rather than an external or configuration problem.

So, a simple assert() is more appropriate than any more complex error
reporting.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-01-30 23:37:37 +11:00
David Gibson
14c6a89497 pseries: Clean up error handling in spapr_vga_init()
Use error_setg() to return an error rather than an explicit exit().
Previously it was an exit(0) instead of a non-zero exit code, which was
simply a bug.  Also improve the error message.

While we're at it change the type of spapr_vga_init() to bool since that's
how we're using it anyway.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-01-30 23:37:37 +11:00
David Gibson
7c150d6f04 pseries: Clean up error handling in spapr_validate_node_memory()
Use error_setg() and return an error, rather than using an explicit exit().

Also improve messages, and be more explicit about which constraint failed.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-01-30 23:37:37 +11:00
David Gibson
569f49671d pseries: Clean up error handling of spapr_cpu_init()
Currently spapr_cpu_init() is hardcoded to handle any errors as fatal.
That works for now, since it's only called from initial setup where an
error here means we really can't proceed.

However, we'll want to handle this more flexibly for cpu hotplug in future
so generalize this using the error reporting infrastructure.  While we're
at it make a small cleanup in a related part of ppc_spapr_init() to use
error_report() instead of an old-style explicit fprintf().

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-01-30 23:37:37 +11:00
David Gibson
f9ab1e87ed ppc: Clean up error handling in ppc_set_compat()
Current ppc_set_compat() returns -1 for errors, and also (unconditionally)
reports an error message.  The caller in h_client_architecture_support()
may then report it again using an outdated fprintf().

Clean this up by using the modern error reporting mechanisms.  Also add
strerror(errno) to the error message.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-01-30 23:37:37 +11:00
Bharata B Rao
16c25aef53 spapr: Don't create ibm,dynamic-reconfiguration-memory w/o DR LMBs
If guest doesn't have any dynamically reconfigurable (DR) logical memory
blocks (LMB), then we shouldn't create ibm,dynamic-reconfiguration-memory
device tree node.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-30 23:37:37 +11:00
David Gibson
27ac3e06d5 spapr: Remove abuse of rtas_ld() in h_client_architecture_support
h_client_architecture_support() uses rtas_ld() for general purpose memory
access, despite the fact that it's not an RTAS routine at all and rtas_ld
makes things more awkward.

Clean this up by replacing rtas_ld() calls with appropriate ldXX_phys()
calls.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2016-01-30 23:37:36 +11:00
David Gibson
f201987b84 spapr: Remove rtas_st_buffer_direct()
rtas_st_buffer_direct() is a not particularly useful wrapper around
cpu_physical_memory_write().  All the callers are in
rtas_ibm_configure_connector, where it's better handled by local helper.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2016-01-30 23:37:36 +11:00
David Gibson
c920f7b42f spapr: Small fixes to rtas_ibm_get_system_parameter, remove rtas_st_buffer
rtas_st_buffer() appears in spapr.h as though it were a widely used helper,
but in fact it is only used for saving data in a format used by
rtas_ibm_get_system_parameter().  This changes it to a local helper more
specifically for that function.

While we're there fix a couple of small defects in
rtas_ibm_get_system_parameter:
  - For the string value SPLPAR_CHARACTERISTICS, it wasn't including the
    terminating \0 in the length which it should according to LoPAPR
    7.3.16.1
  - It now checks that the supplied buffer has at least enough space for
    the length of the returned data, and returns an error if it does not.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2016-01-30 23:37:36 +11:00
Mark Cave-Ayland
ff57eae5f1 cuda: add missing fields to VMStateDescription
Include some fields missed from the previous VMState conversion to the
migration stream, as well as the new SR_INT delay timer.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-30 23:37:36 +11:00
Mark Cave-Ayland
627be2f283 mac_dbdma: add DBDMA controller state to VMStateDescription
Make sure that we include the DBDMA controller state in the migration
stream.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-30 23:37:36 +11:00
Mark Cave-Ayland
bb37a8e8a3 macio: add dma_active to VMStateDescription
Make sure that we include the value of dma_active in the migration stream.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: John Snow <jsnow@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-30 23:37:36 +11:00
Mark Cave-Ayland
03c1280bf5 macio: use the existing IDEDMA aiocb to hold the active DMA aiocb
Currently the aiocb is held within MACIOIDEState, however the IDE core code
assumes that the current actvie DMA aiocb is held in aiocb in a few places,
e.g. ide_bus_reset() and ide_reset().

Switch over to using IDEDMA aiocb to store the aiocb for the current active
DMA request so that bus resets and restarts are handled correctly. As a
consequence we can now use ide_set_inactive() rather than handling its
functionality ourselves.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-01-30 23:37:25 +11:00
Peter Maydell
0430891ce1 hw: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-38-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:25 +00:00
Peter Maydell
18c86e2b9d hw/core: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-37-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:25 +00:00
Peter Maydell
17b7f2dbbc arm devices: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-36-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:25 +00:00
Peter Maydell
61d9f32b50 tricore: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-34-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:25 +00:00
Peter Maydell
d24688fb85 moxie: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-33-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:25 +00:00
Peter Maydell
23b0d7dfe5 cris: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-32-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
d841666577 m68k: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-31-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
ed2decc6a5 openrisc: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-30-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
09aae23d8f xtensa: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-29-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
9d4c9946ee sh4: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-28-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
90191d07a6 hw/intc: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-27-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
282bc81efb hw/timer: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-26-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
0d1c9782a1 hw/misc: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-25-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
a4ab4792a7 hw/scsi: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-24-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
97d5408f99 pci: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-23-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
c6eacb1ac0 hw/vfio: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-22-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
47df5154c3 hw/display: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-21-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:24 +00:00
Peter Maydell
e532b2e008 usb: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-20-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:23 +00:00
Peter Maydell
e8d4046559 hw/net: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-19-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:23 +00:00
Peter Maydell
fbc0412709 9pfs: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-18-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:23 +00:00
Peter Maydell
532392622c ide: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-17-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:23 +00:00
Peter Maydell
9b8bfe21be virtio: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-15-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:23 +00:00
Peter Maydell
21cbfe5f37 xen: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-14-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:23 +00:00
Peter Maydell
8ef94f0bc9 arm: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-13-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:23 +00:00
Peter Maydell
e2e5e11462 alpha: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-12-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:23 +00:00
Peter Maydell
b6a0aa0537 x86: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-11-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:22 +00:00
Peter Maydell
5af98cc573 unicore: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-9-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:22 +00:00
Peter Maydell
9615495afc s390: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-id: 1453832250-766-8-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:22 +00:00
Peter Maydell
db5ebe5f41 sparc: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-7-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:22 +00:00
Peter Maydell
0d75590d91 ppc: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-6-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:22 +00:00
Peter Maydell
ea99dde191 lm32: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-5-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:22 +00:00
Peter Maydell
357e81c7e8 Mostly bugfixes and small improvements; and the gdb target.xml
patch.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJWqfU2AAoJEN7Pa5PG8C+vxhQQAIYOS/ipBececOJv/nMGBDVH
 nXZs7T/QPV0b0cYeqb4r0g+Dbg4bywdbF7/bdULJtOsygK7Y9U4FlL+S1wL7D3x1
 YcqrXCwX8xSqqd51wzYshIwbRO/22G/7pyGa2jSvHTiPJlLJUsPF09z5otSZ3p8g
 4JW2Xmfx3MF20IBMQgazB4dd/Lz6EKy8MJbqrcQUc9+mpsstL3I4L5AUF59jlARY
 0e73OYbBRUZaHmGpI24uRO2OLhYWKwmVkaUo8FfZB3W94k0PXcsQ/Kg8UJbqlwY/
 PTYDhhSm6JycLyLp/0MnlHuyHiKtCnQyl+4O27lWOiQWUzKELiereO9MFlUwRg5L
 N6f4IwpDqTGU2tmj1ujLbzI2kaVEuVu++gIaBe+LL8BYNtcf25/3eVQ71WL1ioQV
 YRooC3eWAVQtLgjM04+F5fiMgxXSklowb29ONwm/M6dfYl0mXhKoPuE9rkRSUKfZ
 jPsK7HM4hHM2nHY+JQZnoAWV0DMBT0d4Ehe1pDrQ2lu5XDMNYip3buW/VEzqZTzF
 Buk2tIhJFA6EriU2OAj+6+ENqia/7PMWpPry/0wi2Tmgt1ksu8DFyfati4PP31Or
 A/jYo10mzn4cZtrgI9kavg1Ij5c8Ij9h3oNg2pVDZfXKQmIxIqxgPq8/puwK3ywU
 DOBAAglu8nLgHv+EJTNz
 =lF/D
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20160128' into staging

Mostly bugfixes and small improvements; and the gdb target.xml
patch.

# gpg: Signature made Thu 28 Jan 2016 11:02:14 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"

* remotes/cohuck/tags/s390x-20160128:
  s390x: s390_cpu_get_phys_page_debug has to return -1
  gdb: provide the name of the architecture in the target.xml
  s390x/css: fix control flags during csch
  watchdog/diag288: don't reset for action=none|debug|pause
  watchdog: introduction of get_watchdog_action
  s390x: fix generation of event information crw
  s390x/ioinst: set type and len for SEI response
  s390x/sclp: add device to the sysbus in sclp_realize
  s390x/machine: make addon register fields static
  s390x/skeys: Fix instance and class size

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-28 11:46:34 +00:00
Peter Maydell
8fd9dece65 microblaze: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1453831531-667-3-git-send-email-peter.maydell@linaro.org
2016-01-28 11:13:13 +00:00
Halil Pasic
4c6bf79a22 s390x/css: fix control flags during csch
From the beginning, css support contained an error in csch handling:
instead of setting the clear bit in the function control bits twice, we
need to set the clear pending bit in the activity control bits. Let's
fix this.

Cc: qemu-stable@nongnu.org
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-01-27 15:34:48 +01:00
Bo Tu
fba9110fee watchdog/diag288: don't reset for action=none|debug|pause
If the watchdog expires and the guest is not notified (NONE, DEBUG, PAUSE),
we must not reset the watchdog device, otherwise watchdog_ping() and
watchdog_stop() will fail when triggered by the guest. This reset behavior
matches to the z/VM behavior when a custom command is to be executed
on expiry.

Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Bo Tu <tubo@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-01-27 15:34:47 +01:00
Bo Tu
0d035b6c5e watchdog: introduction of get_watchdog_action
Add get_watchdog_action(void) to allow access to the configured action.

Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Bo Tu <tubo@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-01-27 15:34:47 +01:00
Song Shan Gong
c81b4f896f s390x: fix generation of event information crw
Only one channel report word (crw) may be pending if there is
event-information pending.

This patch introduces a bool-type field 'sei_pending' for the
channel subsystem, which indicates whether there are pending events.
It is set when event information is made pending and the crw
generated, and cleared after the guest has collected all pending
event information. A crw is not generated if this flag had already
been set.

Signed-off-by: Song Shan Gong <gongss@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-01-27 15:34:47 +01:00
David Hildenbrand
8b638c43af s390x/sclp: add device to the sysbus in sclp_realize
The init of a device should have no side effects. Therefore move
registering of the event facility into the realize function, so
multiple instances of the SCLP device can be created e.g. for
introspection.

Add some more detail as to why we have to add it to the sysbus
at all.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-01-27 15:34:47 +01:00
Christian Borntraeger
2f2b0c66d9 s390x/skeys: Fix instance and class size
fix a typo that messes up instance and class size.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-01-27 15:34:47 +01:00
Ian Campbell
64a7ad6fe3 xen: make it possible to build without the Xen PV domain builder
Until the previous patch this relied on xc_fd(), which was only
implemented for Xen 4.0 and earlier.

Given this wasn't working since Xen 4.0 I have marked this as disabled
by default.

Removing this support drops the use of a bunch of symbols from
libxenctrl, specifically:

  - xc_domain_create
  - xc_domain_destroy
  - xc_domain_getinfo
  - xc_domain_max_vcpus
  - xc_domain_setmaxmem
  - xc_domain_unpause
  - xc_evtchn_alloc_unbound
  - xc_linux_build

This is another step towards only using Xen libraries which provide a
stable inteface.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-26 17:19:44 +00:00
Ian Campbell
228df5c91c xen: domainbuild: reopen libxenctrl interface after forking for domain watcher.
Using an existing libxenctrl handle after a fork was never
particularly safe (especially if foreign mappings existed at the time
of the fork) and the xc fd has been unavailable for many releases.

Reopen the handle after fork and therefore do away with xc_fd().

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-26 17:19:41 +00:00
Ian Campbell
e0cb42ae4b xen: Switch uses of xc_map_foreign_{pages,bulk} to use libxenforeignmemory API.
In Xen 4.7 we are refactoring parts libxenctrl into a number of
separate libraries which will provide backward and forward API and ABI
compatiblity.

One such library will be libxenforeignmemory which provides access to
privileged foreign mappings and which will provide an interface
equivalent to xc_map_foreign_{pages,bulk}.

The new xenforeignmemory_map() function behaves like
xc_map_foreign_pages() when the err argument is NULL and like
xc_map_foreign_bulk() when err is non-NULL, which maps into the shim
here onto checking err == NULL and calling the appropriate old
function.

Note that xenforeignmemory_map() takes the number of pages before the
arrays themselves, in order to support potentially future use of
variable-length-arrays in the prototype (in the future, when Xen's
baseline toolchain requirements are new enough to ensure VLAs are
supported).

In preparation for adding support for libxenforeignmemory add support
to the <=4.0 and <=4.6 compat code in xen_common.h to allow us to
switch to using the new API. These shims will disappear for versions
of Xen which include libxenforeignmemory.

Since libxenforeignmemory will have its own handle type but for <= 4.6
the functionality is provided by using a libxenctrl handle we
introduce a new global xen_fmem alongside the existing xen_xc. In fact
we make xen_fmem a pointer to the existing xen_xc, which then works
correctly with both <=4.0 (xc handle is an int) and <=4.6 (xc handle
is a pointer). In the latter case xen_fmem is actually a double
indirect pointer, but it all falls out in the wash.

Unlike libxenctrl libxenforeignmemory has an explicit unmap function,
rather than just specifying that munmap should be used, so the unmap
paths are updated to use xenforeignmemory_unmap, which is a shim for
munmap on these versions of xen. The mappings in xen-hvm.c do not
appear to be unmapped (which makes sense for a qemu-dm process)

In fb_disconnect this results in a change from simply mmap over the
existing mapping (with an implicit munmap) to expliclty unmapping with
xenforeignmemory_unmap and then mapping the required anonymous memory
in the same hole. I don't think this is a problem since any other
thread which was racily touching this region would already be running
the risk of hitting the mapping halfway through the call. If this is
thought to be a problem then we could consider adding an extra API to
the libxenforeignmemory interface to replace a foreign mapping with
anonymous shared memory, but I'd prefer not to.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-26 17:19:35 +00:00
Ian Campbell
9ed257d1d1 xen: Switch uses of xc_map_foreign_range into xc_map_foreign_pages
In Xen 4.7 we are refactoring parts libxenctrl into a number of
separate libraries which will provide backward and forward API and ABI
compatiblity.

One such library will be libxenforeignmemory which provides access to
privileged foreign mappings and which will provide an interface
equivalent to xc_map_foreign_{pages,bulk}.

In preparation for this switch all uses of xc_map_foreign_range to
xc_map_foreign_pages. This is trivial because size was always
XC_PAGE_SIZE so the necessary adjustments are trivial:

  * Pass &mfn (an array of length 1) instead of mfn. The function
    takes a pointer to const, so there is no possibily of mfn changing
    due to this change.
  * Pass nr_pages=1 instead of size=XC_PAGE_SIZE

There is one wrinkle in xen_console.c:con_initialise() where
con->ring_ref is an int but can in some code paths (when !xendev->dev)
be treated as an mfn. I think this is an existing latent truncation
hazard on platforms where xen_pfn_t is 64-bit and int is 32-bit (e.g.
amd64, both arm* variants). I'm unsure under what circumstances
xendev->dev can be NULL or if anything elsewhere ensures the value
fits into an int. For now I just use a temporary xen_pfn_t to in
effect upcast the pointer from int* to xen_pfn_t*.

In xenfb.c:common_bind we now explicitly launder the mfn into a
xen_pfn_t, so it has the correct type to be passed to
xc_map_foreign_pages and doesn't provoke warnings on 32-bit x86.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-26 17:19:32 +00:00
Ian Campbell
c1345a8878 xen: Switch to libxengnttab interface for compat shims.
In Xen 4.7 we are refactoring parts libxenctrl into a number of
separate libraries which will provide backward and forward API and ABI
compatiblity.

One such library will be libxengnttab which provides access to grant
tables.

In preparation for this switch the compatibility layer in xen_common.h
(which support building with older versions of Xen) to use what will
be the new library API. This means that the gnttab shim will disappear
for versions of Xen which include libxengnttab.

To simplify things for the <= 4.0.0 support we wrap the int fd in a
malloc(sizeof int) such that the handle is always a pointer. This
leads to less typedef headaches and the need for
XC_HANDLER_INITIAL_VALUE etc for these interfaces.

Note that this patch does not add any support for actually using
libxengnttab, it just adjusts the existing shims.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-26 17:19:28 +00:00
Ian Campbell
a2db2a1edd xen: Switch to libxenevtchn interface for compat shims.
In Xen 4.7 we are refactoring parts libxenctrl into a number of
separate libraries which will provide backward and forward API and ABI
compatiblity.

One such library will be libxenevtchn which provides access to event
channels.

In preparation for this switch the compatibility layer in xen_common.h
(which support building with older versions of Xen) to use what will
be the new library API. This means that the evtchn shim will disappear
for versions of Xen which include libxenevtchn.

To simplify things for the <= 4.0.0 support we wrap the int fd in a
malloc(sizeof int) such that the handle is always a pointer. This
leads to less typedef headaches and the need for
XC_HANDLER_INITIAL_VALUE etc for these interfaces.

Note that this patch does not add any support for actually using
libxenevtchn, it just adjusts the existing shims.

Note that xc_evtchn_alloc_unbound functionality remains in libxenctrl,
since that functionality is not exposed by /dev/xen/evtchn.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-26 17:19:24 +00:00
Ian Campbell
549e9bcabc xen_console: correctly cleanup primary console on teardown.
All of the work in con_disconnect applies to the primary console case
(when xendev->dev is NULL). Therefore remove the early check and bail
and allow it to fall through. All of the existing code is correctly
conditional already.

The ->dev and ->gnttabdev handles are either both set or neither. For
consistency with con_initialise() with to the former here too.

With this con_initialise and con_disconnect now mirror each other.

Fix up a hard tab in the function while editing.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-26 17:19:16 +00:00
John Snow
4812fa27fa fdc: change auto fallback drive for ISA FDC to 288
The 2.88 drive is more suitable as a default because
it can still read 1.44 images correctly, but the reverse
is not true.

Since there exist virtio-win drivers that are shipped on
2.88 floppy images, this patch will allow VMs booted without
a floppy disk inserted to later insert a 2.88MB floppy and
have that work.

This patch has been tested with msdos, freedos, fedora,
windows 8 and windows 10 without issue: if problems do
arise for certain guests being unable to cope with 2.88MB
drives as the default, they are in the minority and can use
type=144 as needed (or insert a proper boot medium and omit
type=144/288 or use type=auto) to obtain different drive types.

As icing, the default will remain auto/144 for any pre-2.6
machine types, hopefully minimizing the impact of this change
in legacy hw to basically zero.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1453495865-9649-13-git-send-email-jsnow@redhat.com
2016-01-25 14:36:01 -05:00
John Snow
f31937aa8c fdc: rework pick_geometry
This one is the crazy one.

fd_revalidate currently uses pick_geometry to tell if the diskette
geometry has changed upon an eject/insert event, but it won't allow us
to insert a 1.44MB diskette into a 2.88MB drive. This is inflexible.

The new algorithm applies a new heuristic to guessing disk geometries
that allows us to switch diskette types as long as the physical size
matches before falling back to the old heuristic.

The old one is roughly:
 - If the size (sectors) and type matches, choose it.
 - Fall back to the first geometry that matched our type.

The new one is:
 - If the size (sectors) and type matches, choose it.
 - If the size (sectors) and physical size match, choose it.
 - Fall back to the first geometry that matched our type.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1453495865-9649-11-git-send-email-jsnow@redhat.com
2016-01-25 14:35:24 -05:00
John Snow
109c17bc20 fdc: add physical disk sizes
2.88MB capable drives can accept 1.44MB floppies,
for instance. To rework the pick_geometry function,
we need to know if our current drive can even accept
the type of disks we're considering.

NB: This allows us to distinguish between all of the
"total sectors" collisions between 1.20MB and 1.44MB
diskette types, by using the physical drive size as a
differentiator.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1453495865-9649-10-git-send-email-jsnow@redhat.com
2016-01-25 14:35:23 -05:00
John Snow
fff4687b9e fdc: add drive type option
This patch adds a new explicit Floppy Drive Type option. The existing
behavior in QEMU is to automatically guess a drive type based on the
media inserted, or if a diskette is not present, arbitrarily assign one.

This behavior can be described as "auto." This patch adds the option
to pick an explicit behavior: 120, 144, 288 or none. The new "auto"
option is intended to mimic current behavior, while the other types
pick one explicitly.

Set the type given by the CLI during fd_init. If the type remains the
default (auto), we'll attempt to scan an inserted diskette if present
to determine a type. If auto is selected but no diskette is present,
we fall back to a predetermined default (currently 1.44MB to match
legacy QEMU behavior.)

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1453495865-9649-9-git-send-email-jsnow@redhat.com
2016-01-25 14:35:23 -05:00
John Snow
a73275dd6f fdc: Add fallback option
Currently, QEMU chooses a drive type automatically based on the inserted
media. If there is no disk inserted, it chooses a 1.44MB drive type.

Change this behavior to be configurable, but leave it defaulted to 1.44.

This is not earnestly intended to be used by a user or a management
library, but rather exists so that pre-2.6 board types can configure it
to be a legacy value.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1453495865-9649-8-git-send-email-jsnow@redhat.com
2016-01-25 14:35:23 -05:00
John Snow
d5d47efc85 fdc: add pick_drive
Split apart pick_geometry by creating a pick_drive routine that will only
ever called during device bring-up instead of relying on pick_geometry to
be used in both cases.

With this change, the drive field is changed to be 'write once'. It is
not altered after the initialization routines exit.

media_validated does not need to be migrated. The target VM
will just revalidate the media on post_load anyway.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1453495865-9649-7-git-send-email-jsnow@redhat.com
2016-01-25 14:35:23 -05:00
John Snow
69ce1ac26d fdc: Throw an assertion on misconfigured fd_formats table
pick_geometry is a convoluted function that makes it difficult to tell
at a glance what QEMU's current behavior for choosing a floppy drive
type is when it can't quite identify the diskette.

The code iterates over all entries in the candidate geometry table
("fd_formats") and if our specific drive type matches a row in the table,
then either "match" is set to that entry (an exact match) and the loop
exits, or "first_match" will be non-negative (the first such entry that
shares the same drive type), and the loop continues. If our specific
drive type is NONE, then all drive types in the candidate geometry table
are considered. After iteration, if "match" was not set, we fall back to
"first match".

This means that either "match" was set, or we exited the loop without an
exact match, in which case:

- If drive type is NONE, the default is truly fd_formats[0], a 1.44MB
  type, because "first_match" will always get set to the first item.

- If drive type is not NONE, pick_geometry's iteration was fussier and
  only looked at rows that matched our drive type. However, since all
  possible drive types are represented in the table, we still know that
  "first match" was set.

- If drive type is not NONE and the fd_formats table lists no options for
  our drive type, we choose fd_formats[1], an incomprehensibly bizarre
  choice that can never happen anyway.

Correct this: If first_match is -1, it can ONLY mean we didn't edit our
fd_formats table correctly. Throw an assertion instead.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1453495865-9649-6-git-send-email-jsnow@redhat.com
2016-01-25 14:35:23 -05:00
John Snow
16c1e3ece4 fdc: add disk field
Currently, 'drive' is used both to represent the current diskette
type as well as the current drive type.

This patch adds a 'disk' field that is updated explicitly to match
the type of the disk.

As of this patch, disk and drive are always the same, but forthcoming
patches to change the behavior of pick_geometry will invalidate this
assumption.

disk does not need to be migrated because it is not user-visible state
nor is it currently used for any calculations. It is purely informative,
and will be rebuilt automatically via fd_revalidate on the new host.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1453495865-9649-5-git-send-email-jsnow@redhat.com
2016-01-25 14:35:23 -05:00
John Snow
2da44dd0c6 fdc: add drive type qapi enum
Change the floppy drive type to a QAPI enum type, to allow us to
specify the floppy drive type from the CLI in a forthcoming patch.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1453495865-9649-4-git-send-email-jsnow@redhat.com
2016-01-25 14:35:23 -05:00
John Snow
21862658fd fdc: reduce number of pick_geometry arguments
Modify this function to operate directly on FDrive objects instead of
unpacking and passing all of those parameters manually. Reduces the
complexity in the caller and reduces the number of args to just one.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1453495865-9649-3-git-send-email-jsnow@redhat.com
2016-01-25 14:35:23 -05:00
John Snow
9a97223399 fdc: move pick_geometry
Code motion: I want to refactor this function to work with FDrive
directly, so shuffle it below that definition.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1453495865-9649-2-git-send-email-jsnow@redhat.com
2016-01-25 14:35:23 -05:00
Shmulik Ladkani
4f08699482 ide: Correct the CHS 'cyls_max' limit to be 65535
In b7eb0c9:
  hw/block-common: Factor out fall back to legacy -drive cyls=...
'blkconf_geometry()' was introduced, factoring out CHS limit validation
code that was repeated in ide, scsi, virtio-blk.

The original IDE CHS limit prior b7eb0c9 was 65535,16,255 (as per ATA
CHS addressing).
However the 'cyls_max' argument passed to 'blkconf_geometry' in the
ide_dev_initfn case was accidentally set to 65536 instead of 65535.

Fix, providing the correct 'cyls_max'.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1453112371-29760-1-git-send-email-shmulik.ladkani@ravellosystems.com
Signed-off-by: John Snow <jsnow@redhat.com>
2016-01-25 14:34:40 -05:00
Peter Maydell
c684822ad2 mips: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2016-01-23 14:30:04 +00:00
Peter Maydell
d341d9f306 fpu: Replace uint8 typedef with uint8_t
Replace the uint8 softfloat-specific typedef with uint8_t.
This change was made with

find include hw fpu target-* -name '*.[ch]' | xargs sed -i -e 's/\buint8\b/uint8_t/g'

together with manual removal of the typedef definition and
manual fixing of more erroneous uses found via test compilation.

It turns out that the only code using this type is an accidental
use where uint8_t was intended anyway...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Acked-by: Leon Alrae <leon.alrae@imgtec.com>
Acked-by: James Hogan <james.hogan@imgtec.com>
Message-id: 1452603315-27030-7-git-send-email-peter.maydell@linaro.org
2016-01-22 15:09:21 +00:00
Peter Maydell
3a87d00910 fpu: Replace uint32 typedef with uint32_t
Replace the uint32 softfloat-specific typedef with uint32_t.
This change was made with

find include hw fpu target-* -name '*.[ch]' | xargs sed -i -e 's/\buint32\b/uint32_t/g'

together with manual removal of the typedef definition,
manual undoing of various mis-hits, and another couple of
fixes found via test compilation.

All the uses in hw/ were using the wrong type by mistake.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Acked-by: Leon Alrae <leon.alrae@imgtec.com>
Acked-by: James Hogan <james.hogan@imgtec.com>
Message-id: 1452603315-27030-5-git-send-email-peter.maydell@linaro.org
2016-01-22 15:09:21 +00:00
Peter Maydell
f4014512cd fpu: Replace int32 typedef with int32_t
Replace the int32 softfloat-specific typedef with int32_t.
This change was made with

find hw include fpu target-* -name '*.[ch]' | xargs sed -i -e 's/\bint32\b/int32_t/g'

together with manual removal of the typedef definition, and
manual undoing of some mis-hits where macro arguments were
being used for token pasting rather than as a type.

The uses in hw/ipmi/ should not have been using this type at all.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Acked-by: Leon Alrae <leon.alrae@imgtec.com>
Acked-by: James Hogan <james.hogan@imgtec.com>
Message-id: 1452603315-27030-4-git-send-email-peter.maydell@linaro.org
2016-01-22 15:09:21 +00:00
Greg Kurz
63325b181f 9pfs: use error_report() instead of fprintf(stderr)
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-01-22 15:12:17 +01:00
Peter Maydell
0b0571dd24 Xen 2016/01/21
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJWoQ5KAAoJEIlPj0hw4a6QP6sP/01U66Fv7ZzqxnV6U/6hJkOG
 X11S6KUHVdNoLyMB4RCyOV/zsF16ODZ9A1PI+qeq/1Po4zNLASWYAdWR7OinCiis
 ad5QGmHY2JmzLm2x8ivWZR1ZqQ+PTRWFH7eEFEROaI/IEyG1wL4bTkMLB0L6Ih74
 SMnMJg3Rkl8XhxdvVuE5JZ4f4ZTyPIk+0daMXIH9Q58XspblVNRjKAbotjte/zrj
 XmCIxVfu29NOIKD3F1n0Cw29OqCuyofbxWHk+SwT68fM8M8KcdnX1WGmfOXylXod
 JP0j2NRN07LgMfJv1K+QXPSNlFOZAMlzzXpOAnbb2AJceTTMMwTdkQb6aahFfMEL
 eyWabU+ZI8gemFePgWWdOipkrqtWlGvdyFLKLv42CR9jhVGNck8SBt01njLcOEsf
 TZjsuzPVxMmQvSYr7xcZgIFKwWkt3yUpOAKl6KS5PlerIezpJ1MtmB1ZmFF+Caui
 kGpC1tfIgdu3VHdlqASlc50BsAeqTdGzXI+KxTE/6raOnn+aUVIXrUzcdgV+Tgby
 52Fd9y83X65RXIgasNIvNpUEX+jc7FYdrBaO2graSBzpCWAzituyypOk4WEpHxIn
 da64hN9Z3i4BzLDZtaC05B8A0iWpckLOwbVWK1zblsdiJJAaOFVAU9cNl2Plxm8j
 cy8WC0FdEqLZxXpU0deB
 =+hRh
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20160121' into staging

Xen 2016/01/21

# gpg: Signature made Thu 21 Jan 2016 16:58:50 GMT using RSA key ID 70E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"

* remotes/sstabellini/tags/xen-20160121:
  Xen PCI passthru: convert to realize()
  Add Error **errp for xen_pt_config_init()
  Add Error **errp for xen_pt_setup_vga()
  Add Error **errp for xen_host_pci_device_get()
  Xen: use qemu_strtoul instead of strtol
  Change xen_host_pci_sysfs_path() to return void
  xen-pvdevice: convert to realize()
  xen-hvm: Clean up xen_ram_alloc() error handling
  xen-hvm: Clean up xen_hvm_init() error handling
  xenfb.c: avoid expensive loops when prod <= out_cons
  MAINTAINERS: update Xen files

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 17:21:08 +00:00
Cao jin
5a11d0f754 Xen PCI passthru: convert to realize()
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-21 16:45:54 +00:00
Cao jin
d50a6e58e8 Add Error **errp for xen_pt_config_init()
To catch the error message. Also modify the caller

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-21 16:45:47 +00:00
Cao jin
5226bb59f7 Add Error **errp for xen_pt_setup_vga()
To catch the error message. Also modify the caller

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-21 16:45:41 +00:00
Cao jin
376ba75f88 Add Error **errp for xen_host_pci_device_get()
To catch the error message. Also modify the caller

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2016-01-21 16:45:34 +00:00
Cao jin
f524bc3b3d Xen: use qemu_strtoul instead of strtol
No need to roll our own (with slightly incorrect handling of errno),
when we can use the common version.

Change signed parsing to unsigned, because what it read are values in
PCI config space, which are non-negative.

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2016-01-21 16:45:27 +00:00
Cao jin
599d0c4561 Change xen_host_pci_sysfs_path() to return void
And assert the snprintf() error, because user can do nothing in case of
snprintf() fail.

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2016-01-21 16:45:12 +00:00
Peter Maydell
83446463dd X86 queue, 2016-01-21
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJWoPR4AAoJECgHk2+YTcWm3CYP/iSuJuvnYUGBnwJIUwHs9m7z
 HNvzwxalVkhfFSiV563Mk8bTrt3baBt4Ib81uu6M//sOFhuu0DRDEGRzXwvwMUUr
 jHHKlyNgmXqBSTYt9+1DpFkJ+wmcO5mpBfzjGIOFPgp5H8E61FsxWEhRCvu4bTP+
 i1EqcWgE9LNGeyDmajqfXy0FtgRzW1Nl+YtpnM8zJLr8BD2JfMlNkh8+N5WTzSVK
 et82dLqxvNvCN9Jnobg84Uwhp1i/1G70RVcv+6lkgqUYuQiF2LfFG91sa2B10/bU
 DOyp08M52Mxwp1ncnMCOlLZUNjb0z2ID+/wZlFgRnaAeYIg/jV7QNc55/eK1p6AP
 ZXZtuZ9EjyebmBJ+OZfxCZoN7MTMvc3zhfU/rbIb+xomVJQXr+g99SSYewkt9SHh
 Jy/yGMTkZddgG4nDlpzB5JIeH5UUWucopVqZCk8C6lbXoKHHdzW9ZZHUCfaZnJnw
 xUlvK8XMFD9gr7RyvOLwoJU/Yb8KJgvEttcOXN9E80HWQli6Subk6x3CAFBSHIlm
 WXtdOQKK/aa7FWYiYPvKZUvrKriUhTys8F+gSt77KUzu3J/8qDJMWwe0jawVw7Vy
 orqNKp93WwE9cHknZy0Q1ym0l1iX38cFqy7kaIoMBmqlMHtF5lYpNglpQjVptmO4
 Q8cdQn4egyqHKWC0iKVR
 =hDEn
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging

X86 queue, 2016-01-21

# gpg: Signature made Thu 21 Jan 2016 15:08:40 GMT using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"

* remotes/ehabkost/tags/x86-pull-request:
  target-i386: Add PKU and and OSPKE support
  target-i386: Add support to migrate vcpu's TSC rate
  target-i386: Reorganize TSC rate setting code
  target-i386: Fallback vcpu's TSC rate to value returned by KVM
  target-i386: Add suffixes to MMReg struct fields
  target-i386: Define MMREG_UNION macro
  target-i386: Define MMXReg._d field
  target-i386: Rename XMM_[BWLSDQ] helpers to ZMM_*
  target-i386: Rename struct XMMReg to ZMMReg
  target-i386: Use a _q array on MMXReg too
  target-i386/ops_sse.h: Use MMX_Q macro
  target-i386: Rename optimize_flags_init()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 15:53:25 +00:00
Cao jin
c6b14aed77 xen-pvdevice: convert to realize()
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-21 15:45:22 +00:00
Haozhong Zhang
36f96c4b6b target-i386: Add support to migrate vcpu's TSC rate
This patch enables migrating vcpu's TSC rate. If KVM on the
destination machine supports TSC scaling, guest programs will
observe a consistent TSC rate across the migration.

If TSC scaling is not supported on the destination machine, the
migration will not be aborted and QEMU on the destination will
not set vcpu's TSC rate to the migrated value.

If vcpu's TSC rate specified by CPU option 'tsc-freq' on the
destination machine is inconsistent with the migrated TSC rate,
the migration will be aborted.

For backwards compatibility, the migration of vcpu's TSC rate is
disabled on pc-*-2.5 and older machine types.

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
[ehabkost: Rewrote comment at kvm_arch_put_registers()]
[ehabkost: Moved compat code to pc-2.5]
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-01-21 12:47:16 -02:00
Alistair Francis
3355c36053 arm_gic: Update ID registers based on revision
Update the GIC ID registers (registers above 0xfe0) based on the GIC
revision instead of using the sames values for all GIC implementations.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Tested-by: Sören Brinkmann <soren.brinkmann@xilinx.com>
Message-id: 629e7fa5d47f2800e51cc1f18d12635f1eece349.1453333840.git.alistair.francis@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 14:15:08 +00:00
Christoffer Dall
caa49adbcc hw/arm/virt: Add always-on property to the virt board timer
The virt board has an arch timer, which is always on.  Emit the
"always-on" property to indicate to Linux that it can switch off the
periodic timer and reduces the amount of interrupts injected into a
guest.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 1453204158-11412-1-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 14:15:07 +00:00
Peter Maydell
3df708eb48 hw/arm/virt: add secure memory region and UART
Add a secure memory region to the virt board, which is the
same as the nonsecure memory region except that it also has
a secure-only UART in it. This is only created if the
board is started with the '-machine secure=on' property.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2016-01-21 14:15:07 +00:00
Peter Maydell
1d939a68af hw/arm/virt: Wire up memory region to CPUs explicitly
Wire up the system memory region to the CPUs explicitly
by setting the QOM property. This doesn't change anything
over letting it default, but will be needed for adding
a secure memory region later.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2016-01-21 14:15:07 +00:00
Peter Crosthwaite
4a94fc9bf2 misc: zynq-xadc: Fix off-by-one
This bounds check was off-by-one. Fix.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1453101737-11255-1-git-send-email-crosthwaite.peter@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 14:15:04 +00:00
Alistair Francis
a4b26335c8 xlnx-ep108: Connect the SPI Flash
Connect the sst25wf080 SPI flash to the EP108 board.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
[PMM: free string when finished with it]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 14:15:04 +00:00
Alistair Francis
02d07eb494 xlnx-zynqmp: Connect the SPI devices
Connect the Xilinx SPI devices to the ZynqMP model.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
[ PC changes
 * Use QOM alias for bus connectivity on SoC level
]
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
[PMM: free the g_strdup_printf() string when finished with it]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 14:15:03 +00:00
Alistair Francis
6363235b2b xilinx_spips: Separate the state struct into a header
Separate out the XilinxSPIPS struct into a separate header
file.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 14:15:03 +00:00
Alistair Francis
8fd06719e7 ssi: Move ssi.h into a separate directory
Move the ssi.h include file into the ssi directory.

While touching the code also fix the typdef lines as
checkpatch complains.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 14:15:03 +00:00
Alistair Francis
d857c4c023 m25p80.c: Add sst25wf080 SPI flash device
Add the sst25wf080 SPI flash device.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 14:15:03 +00:00
Peter Crosthwaite
f698c8ba48 qdev: get_child_bus(): Use QOM lookup if available
qbus_realize() adds busses as a QOM child of the device in addition to
adding it to the qdev bus list. Change get_child_bus() to use the QOM
child if it is available. This takes priority over the bus-list, but
the child object is checked for type correctness.

This prepares support for aliasing of buses. The use case is SoCs,
where a SoC container needs to present buses to the board level, but
the buses are implemented by controller IP we already model as self
contained qbus-containing devices.

Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Acked-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 14:15:03 +00:00
Peter Maydell
3c9331c47f Block layer patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJWn6nVAAoJEH8JsnLIjy/WrvcP/1+v+5xtO/isl/sBnQGVwDAt
 kufea4dveMQ0r1lK9YhSmGb5yVBjGwry2LCH3YFkaYkKvRJ/gU+kVjB1V1Vw9YAD
 eHmF9EPxJ8PUhMaFFYzT7Rp7fHPyqVrmFpAGIB4PRZVX2dBeIuFKQAI0K9AD6FdM
 FZGTDZRFOa8fJdxlttfSzD6q0Auwgs+BBZ2SCOk/l66cELvug94AlJzdnG7L83FR
 /49jYCN5IOBAI00Xo2wCeLIR33juJorD3ePHD/+RgM51/1hpd9+mX6wwcMSJNOTH
 pMpDVgByyuV1ozsy/QrHHzdaKnasoco9p24KxDvgtHSdVj2wR2trh5A4UUyXetEn
 WNorSaaNSx1mtKlxjquzqPGALFKugTdgCOLJ2Gj4c8rbvNkvzHZq25dTndgJqCvb
 40xCuDolByGzju5Q0SVQZ8u9eD0O5IB1jB7hawcA92U2HQb9LQx4QrP/hrzwh3zC
 6eoRDAsbrrnZW+oU3EiIGs1RQQ9/GeaJ3XK4rqLfLj53gQORjLVz7/pjL07ZbArR
 NqyAD1NVFwtGJ9C7yf3tCiX4qYNQSFQgj394fSfigwnonzKetcqmZayILtH4NAoC
 bljfPDhgGuwRMo7vOJYW77Gc3MhWFiwo/nDZ7qGT1JtP/ATxTphXY2SW8G7dkl+7
 aVjYcGd10VgUm4wvmKVG
 =Me52
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches

# gpg: Signature made Wed 20 Jan 2016 15:37:57 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  iotests: Test that throttle values ranges
  blockdev: Error out on negative throttling option values
  vmdk: Create streamOptimized as version 3
  qcow2: Make image inaccessible after failed qcow2_invalidate_cache()
  qcow2: Fix BDRV_O_INACTIVE handling in qcow2_invalidate_cache()
  qcow2: Implement .bdrv_inactivate
  block: Inactivate BDS when migration completes
  block: Rename BDRV_O_INCOMING to BDRV_O_INACTIVE
  block: Fix error path in bdrv_invalidate_cache()
  block: Assert no write requests under BDRV_O_INCOMING
  qcow2: Write full header on image creation
  qcow2: Write feature table only for v3 images
  block: Clean up includes
  qemu-iotests: Reduce racy output in 028
  qemu-img: Speed up comparing empty/zero images
  block/raw-posix: avoid bogus fixup for cylinders on DASD disks
  block: Fix .bdrv_open flags

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 13:09:47 +00:00
Peter Maydell
80c71a241a block: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-01-20 13:36:23 +01:00
Alex Williamson
95239e1625 vfio/pci: Lazy PBA emulation
The PCI spec recommends devices use additional alignment for MSI-X
data structures to allow software to map them to separate processor
pages.  One advantage of doing this is that we can emulate those data
structures without a significant performance impact to the operation
of the device.  Some devices fail to implement that suggestion and
assigned device performance suffers.

One such case of this is a Mellanox MT27500 series, ConnectX-3 VF,
where the MSI-X vector table and PBA are aligned on separate 4K
pages.  If PBA emulation is enabled, performance suffers.  It's not
clear how much value we get from PBA emulation, but the solution here
is to only lazily enable the emulated PBA when a masked MSI-X vector
fires.  We then attempt to more aggresively disable the PBA memory
region any time a vector is unmasked.  The expectation is then that
a typical VM will run entirely with PBA emulation disabled, and only
when used is that emulation re-enabled.

Reported-by: Shyam Kaushik <shyam.kaushik@gmail.com>
Tested-by: Shyam Kaushik <shyam.kaushik@gmail.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-01-19 11:33:42 -07:00
Alex Williamson
f5793fd9e1 vfio/pci-quirks: Only quirk to size of PCI config space
For quirks that support the full PCIe extended config space, limit the
quirk to only the size of config space available through vfio.  This
allows host systems with broken MMCONFIG regions to still make use of
these quirks without generating bad address faults trying to access
beyond the end of config space exposed through vfio.  This may expose
direct access to the mirror of extended config space, only trapping
the sub-range of standard config space, but allowing this makes the
quirk, and thus the device, functional.  We expect that only device
specific accesses make use of the mirror, not general extended PCI
capability accesses, so any virtualization in this space is likely
unnecessary anyway, and the device is still IOMMU isolated, so it
should only be able to hurt itself through any bogus configurations
enabled by this space.

Link: https://www.redhat.com/archives/vfio-users/2015-November/msg00192.html
Reported-by: Ronnie Swanink <ronnie@ronnieswanink.nl>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-01-19 11:33:41 -07:00
Peter Maydell
3db34bf64a QOM infrastructure fixes and device conversions
* Dynamic class properties
 * Property iterator cleanup
 * Device hot-unplug ID race fix
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJWnSBlAAoJEPou0S0+fgE/qHgP/2nhaUf0kCyKODCrl4DoJ5gz
 0+33lxm0woIdYFyejW3YSiu+S0pwXtU0YwdGqLsIW5gMxEWTBFuguJgKgQuA7eOH
 kyyyjCssiwTPxre7A/cf3O/JjGMpuqdQEeXRmYdISv50QhiczF80RtJgV3Lj8CVb
 aFzIiaIOaNULMkeLtBfVJcQnvi5ZUCY2rw/rMUfUP2jlLRzfFb6BD/s/NU6rxYVB
 g8DOHhQKjc28xTBKAxAQWDeWGSZa388OeJO9q4zirYWNt3MNpU4GNM3f16aro21h
 1WVMCeY9ZBvvQX0mq/ricE4hVpSP1iienvt2SnHMLhz3tzqw2CeaRw0kJ4wwtv6R
 poczKD9AVJtbdn1CEwFeqkKsH41vlxNbR3FnDBN7MtPHtgPg1GYOdQOVijcIO/0q
 DpzYnw+mZtSOcDaZMZ0gmxGHTohQ8ifQTkD00j0/KxHHudxDEkfQt7t/yTorlbU+
 tZ4KazbGxwdyQkQCnocBUtFGPAqfge7ccnMhf5guv4ByyX273K4MHYfm5qGijYxj
 UycvUx0u5J7sqqVZJIa9dTdEYD4cQx1MNJdK/sQGinf7jmc41roI+rcD1OF3vpJ8
 dCmotCHJ4siNW/kBcAuyY1pHu9ZF/398/D4ndm+TsmQKkuTXBZ8OMnnAv3V0SSsR
 ylCAwbujpWYCqVPJYX0E
 =P8kY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging

QOM infrastructure fixes and device conversions

* Dynamic class properties
* Property iterator cleanup
* Device hot-unplug ID race fix

# gpg: Signature made Mon 18 Jan 2016 17:27:01 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-peter:
  MAINTAINERS: Fix sPAPR entry heading
  qdev: Free QemuOpts when the QOM path goes away
  qom: Change object property iterator API contract
  qom: Allow properties to be registered against classes

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-18 17:40:50 +00:00
Paolo Bonzini
abed886ec6 qdev: Free QemuOpts when the QOM path goes away
Otherwise there is a race where the DEVICE_DELETED event has been sent but
attempts to reuse the ID will fail.

Note that similar races exist for other QemuOpts, which this patch
does not attempt to fix.

For example, if the device is a block device, then unplugging it also
deletes its backend.  However, this backend's get deleted in
drive_info_del(), which is only called when properties are
destroyed.  Just like device_finalize(), drive_info_del() is called
some time after DEVICE_DELETED is sent.  A separate patch series has
been sent to plug this other bug.  Character devices also have yet to
be fixed.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2016-01-18 17:47:58 +01:00
Daniel P. Berrange
7746abd8e9 qom: Change object property iterator API contract
Currently the ObjectProperty iterator API works as follows:

  ObjectPropertyIterator *iter;

  iter = object_property_iter_init(obj);
  while ((prop = object_property_iter_next(iter))) {
     ...
  }
  object_property_iter_free(iter);

This has the benefit that the ObjectPropertyIterator struct
can be opaque, but has the downside that callers need to
explicitly call a free function. It is also not in keeping
with iterator style used elsewhere in QEMU/GLib2.

This patch changes the API to use stack allocation instead:

  ObjectPropertyIterator iter;

  object_property_iter_init(&iter, obj);
  while ((prop = object_property_iter_next(&iter))) {
     ...
  }

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[AF: Fused ObjectPropertyIterator struct with typedef]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2016-01-18 17:47:58 +01:00
Peter Maydell
12b167226f hw/arm: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1449505425-32022-4-git-send-email-peter.maydell@linaro.org
2016-01-18 16:33:32 +00:00
Peter Maydell
4aaddc2976 qemu-sparc update
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJWmjhGAAoJEFvCxW+uDzIfqKQH/2EufdrY9s1mxc1cUwrViBex
 ZmCPqQLRU6rwMYsLwG9IKZO1dMujSMJRRqxb2l7I1eL/qNBoNfxD7sm8GzjqW1Rk
 T8V4ItMtSdxAQVLZUS02NgdioXWI2KCkK5iw6Bev4OX9IKOyncnaVd+0J3ICQaDx
 oADkvRCBi7qU+CEbPz+qVfmkZHoPLlkBWLX8LthKrlOdPMhXR4Sm9TpQhLGfoOOD
 ro4DS2EtfFy/cSUJ/vd3jzBdRZ1s7Wb81lF37hZVlJf0zXemit0eMYS3LnldysnX
 8OUCgDl8ezqD58JNHnpbR1gNx+p/E41ereJhHpBlwfB6ujDI0ladzMDR4dk/iX4=
 =NQ/Z
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging

qemu-sparc update

# gpg: Signature made Sat 16 Jan 2016 12:32:06 GMT using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"

* remotes/mcayland/tags/qemu-sparc-signed:
  target-sparc: Migrate CWP and PIL for SPARC64
  target-sparc: Use VMState arrays for SPARC64 TLB/MMU state
  target-sparc: Convert to VMStateDescription
  target-sparc: Don't flush TLB in cpu_load function
  target-sparc: Split cpu_put_psr into side-effect and no-side-effect parts
  vmstate: define vmstate_info_uinttl
  vmstate: Introduce VMSTATE_VARRAY_MULTPLY
  vmstate: introduce CPU_DoubleU arrays

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-18 09:33:36 +00:00
Juan Quintela
df32c8d436 target-sparc: Convert to VMStateDescription
Convert the SPARC CPU from cpu_load/save functions to VMStateDescription.
We preserve migration compatibility with the previous version
(required for SPARC32 but not necessarily for SPARC64).

Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM:
 * Rebase and update to apply to master
 * VMSTATE_STRUCT_POINTER now takes type, not pointer-to-type
 * QEMUTimer* are migrated via VMSTATE_TIMER_PTR
 * Put CPUTimer vmstate struct inside TARGET_SPARC64 ifdef
 * Convert handling of PSR to use a vmstate_psr, like Alpha and ARM
]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-01-16 12:01:23 +00:00
Cao jin
e1dc68155c SCSI device: fix to incomplete QOMify
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <1452073066-28319-1-git-send-email-caoj.fnst@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:01 +01:00
Daniel P. Berrange
46f296cd3a qemu-char: delete send_all/recv_all helper methods
The qemu-char.c contains two helper methods send_all
and recv_all. These are in fact declared in sockets.h
so ought to have been in util/qemu-sockets.c. For added
fun the impl of recv_all is completely missing on Win32.

Fortunately there is only a single caller of these
methods, the TPM passthrough code, which is only
ever compiled on Linux. With only a single caller
these helpers are not compelling enough to keep so
inline them in the TPM code, avoiding the need to
fix the missing recv_all on Win32.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1450879144-17111-1-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:01 +01:00
P J P
36fef36b91 scsi: initialise info object with appropriate size
While processing controller 'CTRL_GET_INFO' command, the routine
'megasas_ctrl_get_info' overflows the '&info' object size. Use its
appropriate size to null initialise it.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: P J P <ppandit@redhat.com>
2016-01-15 18:58:01 +01:00
P J P
4c1396cb57 i386: avoid null pointer dereference
Hello,

A null pointer dereference issue was reported by Mr Ling Liu, CC'd here. It
occurs while doing I/O port write operations via hmp interface. In that,
'current_cpu' remains null as it is not called from cpu_exec loop, which
results in the said issue.

Below is a proposed (tested)patch to fix this issue; Does it look okay?

===
From ae88a4947fab9a148cd794f8ad2d812e7f5a1d0f Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri, 18 Dec 2015 11:16:07 +0530
Subject: [PATCH] i386: avoid null pointer dereference

When I/O port write operation is called from hmp interface,
'current_cpu' remains null, as it is not called from cpu_exec()
loop. This leads to a null pointer dereference in vapic_write
routine. Add check to avoid it.

Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <alpine.LFD.2.20.1512181129320.9805@wniryva>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: P J P <ppandit@redhat.com>
2016-01-15 18:58:01 +01:00
Paolo Bonzini
3daa41078a scsi: revert change to scsi_req_cancel_async and add assertions
Fam Zheng noticed that the change in commit 36896bf ("scsi: always call
notifier on async cancellation", 2015-12-16) could cause a leak of
the request; scsi_req_cancel_async now calls scsi_req_ref
multiple times for multiple cancellations, but there is only
one call to scsi_req_cancel_complete.

So revert the patch and instead assert that the problematic case (a call
to scsi_req_cancel_async after the aiocb has been completed) cannot
happen.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:57:32 +01:00
Shannon Zhao
67736a25f8 ARM: virt: Don't generate RTC ACPI device when using UEFI
When booting the VM with UEFI, UEFI takes ownership of the RTC hardware.
While UEFI can use libfdt to disable the RTC device node in the DTB that
it passes to the OS, it cannot modify AML. Therefore, we won't generate
the RTC ACPI device at all when using UEFI.

Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 1452867091-4023-1-git-send-email-shannon.zhao@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:55:16 +00:00
Alistair Francis
dc3b89ef87 xlnx-zynqmp: Add support for high DDR memory regions
The Xilinx ZynqMP SoC and EP108 board supports three memory regions:
 - A 2GB region starting at 0
 - A 32GB region starting at 32GB
 - A 256GB region starting at 768GB

This patch adds support for the first two memory regions, which is
automatically created based on the size specified by the QEMU memory
command line argument.

On hardware the physical memory region is one continuous region, it is then
mapped into the three different regions by the DDRC. As we don't model the
DDRC this is done at startup by QEMU. The board creates the memory region and
then passes that memory region to the SoC. The SoC then maps the memory
regions.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: a1e47db941d65733724a300fcd98b74fbeeaaf22.1452637205.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:34:54 +00:00
Markus Armbruster
dced4d2fcb xen-hvm: Clean up xen_hvm_init() error handling
xen_hvm_init() returns -1 without cleaning up on some errors (harmless
long as the caller exit()s on error), dies with hw_error() on others.
hw_error() isn't approprate here.  Clean up to exit() on all errors.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-14 16:49:36 +00:00
Stefano Stabellini
ac0487e1d2 xenfb.c: avoid expensive loops when prod <= out_cons
If the frontend sets out_cons to a value higher than out_prod, it will
cause xenfb_handle_events to loop about 2^32 times. Avoid that by using
better checks at the beginning of the function.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reported-by: Ling Liu <liuling-it@360.cn>
2016-01-14 16:49:11 +00:00
Peter Maydell
17c8a21978 Error reporting patches for 2016-01-13
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWll18AAoJEDhwtADrkYZTLL8QAKB2zTF8/9QwIA46T/nNuQKV
 ZckiADC6Aeh0Ksu5DAS7fZmfgPDmlwYYCN3x5KGeKGKIIPiVrddEYwyHqa6eTCOu
 pbJBu5WeVamre8/9SH7u2VC/RMU0OZ+OhhJJf174Fc2mTALDtK1JJO4kXCzSUA5V
 Iop04YtliH5dnDhCdIHH2tByDLMf1Iaq8NYJ0xWb3btNGX6iIT8F3EsbD9rGiE1m
 c+F0qPRFDIrE+OseafrTHeKy/4D9biWnP9CmOGv49m+OxqYs33B26DhaIq41TvYv
 /1sECCz2GmIFbpL1B0MvxNjKtj08btrz4EkpU4YBHxK+8EhOX2nJdfrZEhcone7A
 c92esN8ATFbsG3AP1Vnt/dxG0YzQB8/azGP/MgVczYaj0m7WZ89etqendj1GeYAZ
 2xXewICcmexBeMOodxthHxyQaUQ9oZyk8+sK5T9O6JKvb3uCHKJ6MeRwurHUEtL8
 rzPLzKw8Tdalfa7AhQevVquH0QCmm4IEUC7xalHmfsFuqqTU95zfLa+DbdhzdIG+
 KdRkCv4+yX8//kUM5LwiqSd7ruMDEMQPQz3pbegrKrUJDCcTt5TccZ6NxiccCpC3
 6YXaUG2HqBNH5hznhR1Lf+gRdLeCW8WjI3fWHsAuyTGvl6z8qHm5/Q944UrIlJ8A
 Ea1BUSMwgFqx5xp6KYjB
 =OVhB
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2016-01-13' into staging

Error reporting patches for 2016-01-13

# gpg: Signature made Wed 13 Jan 2016 14:21:48 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-error-2016-01-13: (41 commits)
  checkpatch: Detect newlines in error_report and other error functions
  error: Consistently name Error * objects err, and not errp
  s390/sclp: Simplify control flow in sclp_realize()
  hw/s390x: Rename local variables Error *l_err to just err
  error: Clean up errors with embedded newlines (again)
  vhdx: Fix "log that needs to be replayed" error message
  pci-assign: Clean up "Failed to assign" error messages
  vmdk: Clean up "Invalid extent lines" error message
  vmdk: Clean up control flow in vmdk_parse_extents() a bit
  error: Strip trailing '\n' from error string arguments (again)
  qemu-io qemu-nbd: Use error_report() etc. instead of fprintf()
  migration: Use error_reportf_err() instead of monitor_printf()
  spapr: Use error_reportf_err()
  error: Use error_prepend() where it makes obvious sense
  error: Use error_reportf_err() where it makes obvious sense
  error: Don't decorate original error message when adding to it
  error: New error_prepend(), error_reportf_err()
  test-throttle: Simplify qemu_init_main_loop() error handling
  qemu-nbd: Clean up "Failed to load snapshot" error message
  block: Clean up "Could not create temporary overlay" error message
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-14 13:07:38 +00:00
Peter Maydell
cd0b19a20b This first round of s390x patches includes:
- new compat machine
 - remove the old s390-virtio machine
 - fixes and some cleanup
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJWlmV7AAoJEN7Pa5PG8C+vou4P/2wrHV9QclzcNXUcq/IGIdRt
 iqoL4WpcwOgh4loOX73t/1gEIQV7gS1CQSiAzQN2uzZO8BK49wxL1hI/Sni7sZY7
 2VdkyasU15ecFQr+FiP7dBg/nD2RnbcDBpcy45fE3yLXZUemkNjG8OjCsg+YHOZh
 GB2GA6BfrDV7vkzs1KvuSki/63kChjJFvO98VH05v5ElGlfRH3Bx2YsfowczqCJv
 NS2nTLngmhsr5sVRxWab3oCv4lJbJZBh/RROdL/huhyzv0azk/3E+AVZsV/N2+LR
 zYvBrz8Qnpcfq3aqeE+nfWkafmvazQaJ3tvkedST95F1KD5yehD+Y2x9ktrgOcTO
 LcgqeaeAwctQeXGjJ0NEnLknMbEwGqOLvNGRjL8WyeLEpmY9ZkLrr2JatVVwzdTf
 oBapr5zkRmA3p2ftL70QUYsjM/3mxVB9eP2V6rX3jxKIGa8XxxR1qTiZuWWsGx0Z
 4hQK1wLw37RCP26H/lpsVk9EzFYJ1nFSifw4pWrK+85JfC9iHdhUQlRf3svgkSk7
 ApPOh9NA9kVGx/Qqq+dCOAdSd2GsLPvDe7FoTCl/VMsO1lfCguQr5xS/r1nsZv1N
 TGqhNxT9v2lSiPN2yCzz80af2Yh6277HMuOFHdQTlRRRNdH7ZdCvk/CNnr5289hr
 tKV3c+/vXn9iVNHg0bFN
 =BUUK
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20160113' into staging

This first round of s390x patches includes:
- new compat machine
- remove the old s390-virtio machine
- fixes and some cleanup

# gpg: Signature made Wed 13 Jan 2016 14:55:55 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"

* remotes/cohuck/tags/s390x-20160113:
  s390x/pci: return real state during listing PCI
  virtio-ccw: fix sanity check for vector
  s390: Introduce CCW_COMPAT_2_5
  s390x/virtio: use qemu_check_nic_model()
  s390x/pci: code cleanup
  s390x/pci: reject some operations to disabled PCI function
  s390x: remove s390-virtio devices
  s390x: remove s390-virtio machine
  s390x: add 2.6 compat machine

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-14 12:42:08 +00:00
Markus Armbruster
533fdaedeb error: Consistently name Error * objects err, and not errp
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1450452927-8346-25-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2016-01-13 15:16:19 +01:00
Markus Armbruster
24da21f265 s390/sclp: Simplify control flow in sclp_realize()
Suggested-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1450452927-8346-24-git-send-email-armbru@redhat.com>
2016-01-13 15:16:19 +01:00
Markus Armbruster
e6da780d5f hw/s390x: Rename local variables Error *l_err to just err
Let's follow established naming practice here as well.

Cc: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Markus Armbruster <armbru@pond.sub.org>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1450452927-8346-23-git-send-email-armbru@redhat.com>
2016-01-13 15:16:19 +01:00
Markus Armbruster
433672b0d5 error: Clean up errors with embedded newlines (again)
The arguments of error_report() should yield a short error string
without newlines.

A few places try to print additional help after the error message by
embedding newlines in the error string.  That's nice, but let's do it
the right way.  Commit 474c213 cleaned up some, but they keep coming
back.  Offenders tracked down with the Coccinelle semantic patch from
commit 312fd5f.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Pavel Fedin <p.fedin@samsung.com>
Signed-off-by: Markus Armbruster <armbru@pond.sub.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-01-13 15:16:18 +01:00
Markus Armbruster
c3d2d68ad6 pci-assign: Clean up "Failed to assign" error messages
The arguments of error_setg() & friends should yield a short error
string without newlines.

Two places try to append additional help to the error message by
embedding newlines in the error string.  That's nice, but let's do it
the right way, with error_append_hint().

Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1450452927-8346-20-git-send-email-armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2016-01-13 15:16:18 +01:00