Commit Graph

22870 Commits

Author SHA1 Message Date
Peter Maydell 47994e16b1 target-arm queue:
* Implement Armv8.5-BTI extension for system emulation mode
  * Implement the PR_PAC_RESET_KEYS prctl() for linux-user mode's Armv8.3-PAuth support
  * Support TBI (top-byte-ignore) properly for linux-user mode
  * gdbstub: allow killing QEMU via vKill command
  * hw/arm/boot: Support DTB autoload for firmware-only boots
  * target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAlxZwhYZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3uoCEACm4ds3KGV+bA1dtC367Th7
 UKsxiVJ6xD7d1BaN3TyofkLTp0aJZgaYKqFjFhnagP8JoDgerdbno0xZ/9Wu2xIC
 CFopSO9MP373wdBy/fbIoYoiSle0P/Gofk40C8HnbRb+C4mj2X0oft33DVlo50RK
 p7JZSvHUqvCGrWLqeIKjJ1R+U31/dBx9Xprcg75EOiGGc+9Urb9w3Zmj11QE/eHh
 X6cFMM6xUn2aDYLRkbyHNjSOADHehtC/UhnHOpnsiQSnIfkYudF/pwDOPuBjmZkm
 9rv8DzR9KvAy2ybbD4lrywH7W00QAnS2COVmpcFidWe9ur+glPMCk2XAuuWOK5J3
 +WFsWxCg3VuZ74PL/DclKNp7QqgKhloTV0Q1TPp0z894HYca8faIXEJLoLtHSR7+
 2cAFJ7vaj9FMw4wn6XGrcx7olhPy81BhzM2g0eTSOb8T8Fe1mje0Q9Zg5Sc+sTYj
 5vIjl37fHclBjxhnD3+F+ZQ+P2GK4/5gFPY9gezXPQWJAtD80MLBn6h/fvT8tTJm
 DlaMqFrIiQatllQDm9DmhNJg8707t6m8A6FIjhRDbfjS8Uw45Q+H2KdUfnVQJP8N
 1ZCbTGRfhl4qwUy3jigYM448W10/T1l4/0BFcXdt/qc6C3QSjsqfHPlsft4XIaRf
 rUgbqfNBHr/i1n+SN5L4KQ==
 =XEy2
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190205' into staging

target-arm queue:
 * Implement Armv8.5-BTI extension for system emulation mode
 * Implement the PR_PAC_RESET_KEYS prctl() for linux-user mode's Armv8.3-PAuth support
 * Support TBI (top-byte-ignore) properly for linux-user mode
 * gdbstub: allow killing QEMU via vKill command
 * hw/arm/boot: Support DTB autoload for firmware-only boots
 * target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI

# gpg: Signature made Tue 05 Feb 2019 17:04:22 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20190205: (22 commits)
  target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI
  hw/arm/boot: Support DTB autoload for firmware-only boots
  hw/arm/boot: Clarify why arm_setup_firmware_boot() doesn't set env->boot_info
  hw/arm/boot: Factor out "set up firmware boot" code
  hw/arm/boot: Factor out "direct kernel boot" code into its own function
  hw/arm/boot: Fix block comment style in arm_load_kernel()
  gdbstub: allow killing QEMU via vKill command
  target/arm: Enable TBI for user-only
  target/arm: Compute TB_FLAGS for TBI for user-only
  target/arm: Clean TBI for data operations in the translator
  target/arm: Add TBFLAG_A64_TBID, split out gen_top_byte_ignore
  tests/tcg/aarch64: Add pauth smoke test
  linux-user: Implement PR_PAC_RESET_KEYS
  target/arm: Enable BTI for -cpu max
  target/arm: Set btype for indirect branches
  target/arm: Reset btype for direct branches
  target/arm: Default handling of BTYPE during translation
  target/arm: Cache the GP bit for a page in MemTxAttrs
  exec: Add target-specific tlb bits to MemTxAttrs
  target/arm: Add BT and BTYPE to tb->flags
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-05 18:25:07 +00:00
Peter Maydell 9669c97562 Fixes and improvements in tcg and the zPCI code.
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAlxZu3kSHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vDEAP/i/o+KhHpQUxx2bG33TxqjnMvFql9Rry
 7nAEvRpz6WwA9PsX6ZoW2teyu+HvqMG/7SDcbjaEAinWoGdmd8Nw476UnOBGInGW
 aw/JsDujyntM+V58ZbJZlaiimzv3nqCx0+L0vf9M/6gcRjFH0gTzQ/TxBwWbS1SL
 yU1qbSMQy8RzNJLJ2opHX38QK+ZQVNPUuR0xKuWTV4RCxnlimfrmGZWp0h4k56NA
 HvQJfbqqTAbEgEZvdOlqxBqed0SU4whCQdS92gzTVHqQmh+FIS2XkHwao7qzrOMu
 S+AivuzqU5yeROszYvnartrD3vvYiAQdFHQ4/xVYR8Sbr1LWuxKkTmjO7dZpTpzU
 lXxy+ZXlYchfnyLAdtDXU3TAjiaw0dWtW16WeDu4Jfbt5vV/lQwxbaV2zzJWqeD7
 Bik9OvwdUjOW216cTz1z3g/1QxWmetE4vgTPJRkrDhBgb2fKF9hm3eD/SdKC6laD
 HxhG6D4FQ6McAlzm1ES+SPQ4zOByQL7uZGuCO0F3mogUrsa0LIpW6HBRtIU6L1qR
 1M8RkMdBqSrpUhbjIsj/ic/42ykPKpuLs2E9wFMhv06voyzDiUWIkclai/vgJnwx
 pPQjQayqL39iACp4YxYqoe9Cf7hn5YkQcQZfv+vWw4OYX4PO4lP1SuPMOhnYFLE0
 Cz2ghigKsJ2O
 =E3i4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20190205' into staging

Fixes and improvements in tcg and the zPCI code.

# gpg: Signature made Tue 05 Feb 2019 16:36:09 GMT
# gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [unknown]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [unknown]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20190205:
  s390x/pci: Unplug remaining requested devices on pcihost reset
  s390x/pci: Warn when adding PCI devices without the 'zpci' feature
  s390x/pci: Fix hotplugging of PCI bridges
  s390x/pci: Fix primary bus number for PCI bridges
  s390x/tcg: Don't model FP registers as globals
  s390x/pci: mark zpci devices as unmigratable
  s390x/pci: Drop release timer and replace it with a flag
  s390x/pci: Introduce unplug requests and split unplug handler
  s390x: remove direct reference to mem_path global from s390x code
  target/s390x: define TCG_GUEST_DEFAULT_MO for MTTCG

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-05 17:39:15 +00:00
Peter Maydell 5614ca800e hw/arm/boot: Support DTB autoload for firmware-only boots
The arm_boot_info struct has a skip_dtb_autoload flag: if this is
set to true by the board code then arm_load_kernel() will not
load the DTB itself, but will leave this for the board code to
do itself later. However, the check for this is done in a
code path which is only executed for the case where we load
a kernel image file. If we're taking the "boot via firmware"
code path then the flag isn't honoured and the DTB is never
loaded.

We didn't notice this because the only real user of "boot
via firmware" that cares about the DTB is the virt board
(for UEFI boot), and that always wants skip_dtb_autoload
anyway. But the SBSA reference board model we're planning to
add will want the flag to behave correctly.

Now we've refactored the arm_load_kernel() function, the
fix is simple: drop the early 'return' so we fall into
the same "load the DTB" code the boot-direct-kernel path uses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20190131112240.8395-6-peter.maydell@linaro.org
2019-02-05 16:52:42 +00:00
Peter Maydell 2a5bdfc8d5 hw/arm/boot: Clarify why arm_setup_firmware_boot() doesn't set env->boot_info
The code path for booting firmware doesn't set env->boot_info. At
first sight this looks odd, so add a comment saying why we don't.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20190131112240.8395-5-peter.maydell@linaro.org
2019-02-05 16:52:42 +00:00
Peter Maydell 4c0f268731 hw/arm/boot: Factor out "set up firmware boot" code
Factor out the "boot via firmware" code path from arm_load_kernel()
into its own function.

This commit only moves code around; no semantic changes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20190131112240.8395-4-peter.maydell@linaro.org
2019-02-05 16:52:42 +00:00
Peter Maydell d33774ee44 hw/arm/boot: Factor out "direct kernel boot" code into its own function
Factor out the "direct kernel boot" code path from arm_load_kernel()
into its own function; this function is getting long enough that
the code flow is a bit confusing.

This commit only moves code around; no semantic changes.

We leave the "load the dtb" code in arm_load_kernel() -- this
is currently only used by the "direct kernel boot" path, but
this is a bug which we will fix shortly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20190131112240.8395-3-peter.maydell@linaro.org
2019-02-05 16:52:41 +00:00
Peter Maydell c3a42358e3 hw/arm/boot: Fix block comment style in arm_load_kernel()
Fix the block comment style in arm_load_kernel() to QEMU's
current style preferences. This will allow us to do some
refactoring of this function without checkpatch complaining
about the code-motion patches.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20190131112240.8395-2-peter.maydell@linaro.org
2019-02-05 16:52:41 +00:00
Peter Maydell 68df0c30ed pci, pc, virtio: fixes, cleanups, features
vhost user blk discard/write zeroes features
 misc cleanups and fixes all over the place
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJcWbMUAAoJECgfDbjSjVRp2acH+wa8abfyQIpVMji+cdvcw7Wo
 yJjCoPxX0y+tm7FGp6YjyyQhSzjUYRS+71NL6xkZVxs8yh4ZCbb/xDRYmrVG2cb6
 6tUcqp1zlMp+w+kVKS4m4WTb0Z1bIODOi99tNBXxYjWY9lXF/hjZbhRpt6vL/NaP
 hqYtp+wlhyjxsY/GFn5XZLY7F6+QKq/lsMJD80FvbtHBh/ngqmgyoouNwYzg1faW
 M3wD5A3IOXLzU+MGK6uCtKK0+t3xzvaVJL7zChimKkn+y+Pg9T+s04zQS739bJRg
 dYYrVK3IOt2tvVxBZnnUm9eBIxxElAxRssmERPe2i0mBRSXYKomuVZrXJ6ROhjA=
 =TxWc
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pci, pc, virtio: fixes, cleanups, features

vhost user blk discard/write zeroes features
misc cleanups and fixes all over the place

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 05 Feb 2019 16:00:20 GMT
# gpg:                using RSA key 281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  contrib/libvhost-user: cleanup casts
  r2d: fix build on mingw
  mmap-alloc: fix hugetlbfs misaligned length in ppc64
  mmap-alloc: unfold qemu_ram_mmap()
  i386, acpi: cleanup build_facs by removing second unused argument
  fw_cfg: fix the life cycle and the name of "qemu_extra_params_fw"
  acpi: Make TPM 2.0 with TIS available as MSFT0101
  hw/virtio: Use CONFIG_VIRTIO_PCI switch instead of CONFIG_PCI
  vhost-user-blk: add discard/write zeroes features support
  contrib/vhost-user-blk: fix the compilation issue
  pci/msi: export msi_is_masked()
  intel_iommu: reset intr_enabled when system reset
  intel_iommu: fix operator in vtd_switch_address_space
  hw: virtio-pci: drop DO_UPCAST
  include: update Linux headers to 4.21-rc1/5.0-rc1
  scripts/update-linux-headers.sh: adjust for Linux 4.21-rc1 (or 5.0-rc1)
  contrib/libvhost-user: switch to uint64_t
  virtio: add checks for the size of the indirect table

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-05 16:52:19 +00:00
Michael S. Tsirkin 7de7b6087e r2d: fix build on mingw
Comment near strncpy explains kernel_cmdline does
not need to be 0-terminated.

Accordingly mark it as QEMU_NONSTRING.

Without this, gcc warns:
    'strncpy' specified bound 256 equals destination size

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-02-05 10:58:33 -05:00
Wei Yang 009180bd49 i386, acpi: cleanup build_facs by removing second unused argument
The second argument of build_facs() is not used, just remove it.

Signed-off-by: Wei Yang <richardw.yang@linux.intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-02-05 10:58:33 -05:00
Laszlo Ersek 3b3df3e52d fw_cfg: fix the life cycle and the name of "qemu_extra_params_fw"
Commit 19bcc4bc32 ("fw_cfg: Make qemu_extra_params_fw locally",
2019-01-04) changed the storage duration of the "qemu_extra_params_fw"
array from static to automatic. This broke the interface contract on the
fw_cfg_add_file() function, which is documented as follows, in
"include/hw/nvram/fw_cfg.h":

> [...] The data referenced by the starting pointer is only linked, NOT
> copied, into the data structure of the fw_cfg device. [...]

As a result, when guest firmware fetches the "etc/boot-menu-wait" fw_cfg
file, it now sees garbage. Fix the regression by changing the storage
duration to allocated. (The call is reached at most once, on the realize
path of the board-specific fw_cfg sysbus device.)

While at it, clean up the name and the assignment of the object as well.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Fixes: 19bcc4bc32
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-02-05 10:58:33 -05:00
Stefan Berger 24cf5413aa acpi: Make TPM 2.0 with TIS available as MSFT0101
This patch makes the a TPM 2.0 with TIS interface available under the
HID 'MSF0101'. This is supported by Linux and also Windows now
recognizes the TPM 2.0 with TIS interface. Leave the TPM 1.2 as before.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2019-02-05 10:58:33 -05:00
Thomas Huth 87593a4751 hw/virtio: Use CONFIG_VIRTIO_PCI switch instead of CONFIG_PCI
For downstream s390x builds, we'd like to be able to build QEMU with
CONFIG_VIRTIO_PCI disabled (since virtio-ccw is used here instead),
but still with CONFIG_PCI enabled. This currently fails since the
virtio-*-pci.o files are still included in the build, but virtio-pci.o
is missing. Use the right config switch CONFIG_VIRTIO_PCI to exclude
the virtio-*-pci.o files from the build.

Reported-by: Miroslav Rezanina <mrezanin@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-02-05 10:58:33 -05:00
Changpeng Liu caa1ee4313 vhost-user-blk: add discard/write zeroes features support
Linux commit 1f23816b8 "virtio_blk: add discard and write zeroes support"
added the support in the Guest kernel, while here also enable the features
support with vhost-user-blk driver. Also enable the test example utility
with DISCARD and WRITE ZEROES commands.

Signed-off-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-02-05 10:58:33 -05:00
Peter Xu afa26ecc30 pci/msi: export msi_is_masked()
It is going to be used later on outside MSI code to detect whether one
MSI vector is masked out.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-02-05 10:58:33 -05:00
Peter Xu d7bb469afa intel_iommu: reset intr_enabled when system reset
This is found when I was debugging another problem.  Until now no bug
is reported with this but we'd better reset the IR status correctly
after a system reset.

Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-02-05 10:58:33 -05:00
Peter Xu 2a078b1080 intel_iommu: fix operator in vtd_switch_address_space
When calculating use_iommu, we wanted to first detect whether DMAR is
enabled, then check whether PT is enabled if DMAR is enabled.  However
in the current code we used "&" rather than "&&" so the ordering
requirement is lost (instead it'll be an "AND" operation).  This could
introduce errors dumped in QEMU console when rebooting a guest with
both assigned device and vIOMMU, like:

  qemu-system-x86_64: vtd_dev_to_context_entry: invalid root entry:
  rsvd=0xf000ff53f000e2c3, val=0xf000ff53f000ff53 (reserved nonzero)

Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-02-05 10:58:33 -05:00
Li Qiang 3f262b26b8 hw: virtio-pci: drop DO_UPCAST
Use VIRTIO_PCI MACRO instead.

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-02-05 10:58:33 -05:00
Laurent Vivier 5685349864 scsi-generic: Convert from DPRINTF() macro to trace events
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20181211163105.31834-3-lvivier@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:21 +01:00
Laurent Vivier 59ee950002 scsi-disk: Convert from DPRINTF() macro to trace events
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20181211163105.31834-2-lvivier@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:21 +01:00
David Hildenbrand 473ac56706 pc: Use hotplug_handler_(plug|unplug|unplug_request)
Let's avoid manually looking up the hotplug handler class. Use the
existing wrappers instead.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181212095707.19358-1-david@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:21 +01:00
Paolo Bonzini f5ce0a5f5a hw/vfio/Makefile.objs: Create new CONFIG_* variables for VFIO core and PCI
Make hw/vfio configurable and add new CONFIG_VFIO_* to the
default-configs/s390x*-softmmu.mak.  This allow a finer-grain
selection of the various VFIO backends.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-28-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:21 +01:00
Paolo Bonzini 8e6578831b hw/i2c/Makefile.objs: Create new CONFIG_* variables for EEPROM and ACPI controller
Create separate variables for these components, they are
used in many boards but not all.  This allows finer-grain
selection of the included code with default-configs/*.mak.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-27-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:21 +01:00
Yang Zhong 85e4dcf18d hw/tricore/Makefile.objs: Create CONFIG_* for tricore
Add the new configs to default-configs/tricore-sofmmu.mak.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-26-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:21 +01:00
Yang Zhong 4575bbb4c8 hw/openrisc/Makefile.objs: Create CONFIG_* for openrisc
Add the new configs to default-configs/or1k-sofmmu.mak.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-25-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:21 +01:00
Yang Zhong f0975e8f20 hw/moxie/Makefile.objs: Conditionally build moxie
CONFIG_MOXIE added for moxiesim board.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-24-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Yang Zhong 714e74621e hw/hppa/Makefile.objs: Create CONFIG_* for hppa
Add the new configs to default-configs/hppa-sofmmu.mak.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20190202072456.6468-23-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Yang Zhong 034c344e30 hw/cris/Makefile.objs: Create CONFIG_* for cris
Add the new configs to default-configs/cris-sofmmu.mak.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-22-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Yang Zhong 31be0a43b9 hw/alpha/Makefile.objs: Create CONFIG_* for alpha
Add the new configs to default-configs/alpha-sofmmu.mak.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20190202072456.6468-21-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Yang Zhong 04aa5abc6a hw/sparc64/Makefile.objs: Create CONFIG_* for sparc64
Add the new configs to default-configs/sparc64-sofmmu.mak.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-20-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Yang Zhong 3fa86eb366 hw/riscv/Makefile.objs: Create CONFIG_* for riscv boards
Add the new configs to default-configs/riscv*-sofmmu.mak.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-19-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Yang Zhong fa83f64855 hw/nios2/Makefile.objs: Conditionally build nios2
CONFIG_NIOS2_10M50 added for 10m50 dev board.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-18-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Ákos Kovács d84929da9a hw/xtensa/Makefile.objs: Build xtensa_sim and xtensa_fpga conditionally
Add the new CONFIG_* values to default-config/xtensa*-softmmu.mak.

Signed-off-by: Ákos Kovács <akoskovacs@gmx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Message-Id: <20190202072456.6468-17-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Ákos Kovács 27f3ac3fa6 hw/lm32/Makefile.objs: Conditionally build lm32 and milkmyst
CONFIG_LM32 and CONFIG_MILKYMIST added for lm32 and milkmyst build.

Signed-off-by: Ákos Kovács <akoskovacs@gmx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-16-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Ákos Kovács f96c37821f hw/sparc/Makefile.objs: CONFIG_* for sun4m and leon3 created
CONFIG_LEON3 added to default-configs/sparc-softmmu.mak.

Signed-off-by: Ákos Kovács <akoskovacs@gmx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-15-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Paolo Bonzini bc0c93eab2 hw/s390/Makefile.objs: Create new CONFIG_* variables for s390x boards and devices
Make hw/s390x configurable and add new CONFIG_* to the
default-configs/s390x*-softmmu.mak. This will be used to
enable/disable vfio-ccw.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-14-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Ákos Kovács 774afd9f50 hw/sh4/Makefile.objs: New CONFIG_* varibales created for sh4 boards and device
Make hw/sh4 configurable and add new CONFIG_* to the
default-configs/sh4*-softmmu.mak.

Signed-off-by: Ákos Kovács <akoskovacs@gmx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-13-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Ákos Kovács ee279c4608 hw/ppc/Makefile.objs: Build all boards conditinally with CONFIG_*
CONFIG_PPC405, CONFIG_PPC440, CONFIG_MAC_OLDWORLD, CONFIG_MAX_NEWWORLD
and CONFIG_VIRTEX configuration options created for
default-configs/ppc*-softmmu.mak.

Signed-off-by: Ákos Kovács <akoskovacs@gmx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-12-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:20 +01:00
Ákos Kovács ebd76795d4 hw/mips/Makefile.objs: Create CONFIG_* for r4k, malta, mipssim boards
Add the new configs to default-configs/mips*-sofmmu.mak.

Signed-off-by: Ákos Kovács <akoskovacs@gmx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-11-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:19 +01:00
Ákos Kovács 268dfefa69 hw/microblaze/Makefile.objs: Create configs for petalogix and xilinx boards
CONFIG_PETALOGIX_* and CONFIG_XLNX_*  configs added to
default-configs/microblaze-softmmu.mak and
default-configs/microblazeel-softmmu.mak.

Signed-off-by: Ákos Kovács <akoskovacs@gmx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-10-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:19 +01:00
Ákos Kovács 48a166cf1d hw/m68k/Makefile.objs: Conditionally build boards
CONFIG_AN5206, CONFIG_MCF5206 and CONFIG_MCF5208 make
variables created for m68k boards, and added to
default-configs/m86k-softmmu.mak.

Signed-off-by: Ákos Kovács <akoskovacs@gmx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-9-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:19 +01:00
Yang Zhong abab3fdeef hw/arm/Makefile.objs: CONFIG_ARM_VIRT created for virt board
Make ARM virt code configurable and the new CONFIG_ARM_VIRT
definitions added to the default-configs/arm-softmmu.mak.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-8-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:19 +01:00
Paolo Bonzini 80500ce637 hw/i386/Makefile.objs: Build pc_piix* and pc_q35 boards
CONFIG_PIIX and CONFIG_Q35 created for the pc board object files. These
are enabled automatically at default-configs/i386-softmmu.mak and
default-configs/x86_64-softmmu.mak

Signed-off-by: Ákos Kovács <akoskovacs@gmx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-7-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:19 +01:00
Paolo Bonzini 91b82fec16 build: actually use CONFIG_PAM
Do not link it unconditionally into all binaries.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-6-yang.zhong@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:19 +01:00
Yang Zhong 5afdd57ca0 hw/pci-host/Makefile.objs: make CONFIGS clear for PCI EXPRESS
Change the CONFIGs for PCI EXPRESS and make module name more
clear for code files.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-5-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:19 +01:00
Paolo Bonzini e01ee04f8b vfio: move conditional up to hw/Makefile.objs
Instead of wrapping the entire Makefile.objs with an ifeq/endif, just
include the directory only for Linux.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-4-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:19 +01:00
Paolo Bonzini 83d14054f9 ide: split ioport registration to a separate file
This is not needed on ARM, and brings in ISA bus code which is otherwise not
necessary.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190202072456.6468-3-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:19 +01:00
Paolo Bonzini e909ff9369 scsi-generic: avoid possible out-of-bounds access to r->buf
Whenever the allocation length of a SCSI request is shorter than the size of the
VPD page list, page_idx is used blindly to index into r->buf.  Even though
the stores in the insertion sort are protected against overflows, the same is not
true of the reads and the final store of 0xb0.

This basically does the same thing as commit 57dbb58d80 ("scsi-generic: avoid
out-of-bounds access to VPD page list", 2018-11-06), except that here the
allocation length can be chosen by the guest.  Note that according to the SCSI
standard, the contents of the PAGE LENGTH field are not altered based
on the allocation length.

The code was introduced by commit 6c219fc8a1 ("scsi-generic: keep VPD
page list sorted", 2018-11-06) but the overflow was already possible before.

Reported-by: Kevin Wolf <kwolf@redhat.com>
Fixes: a71c775b24
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:19 +01:00
Li Zhijian aab50e5344 i386: allow to load initrd below 4 GB for recent linux
Since linux commit: cf8fa920cb42 ("i386: handle an initrd in highmem (version 2)")
linux has supported initrd up to 4 GB, but the header field
ramdisk_max is still set to 2 GB to avoid "possible bootloader bugs".

When use '-kernel vmlinux -initrd initrd.cgz' to launch a VM,
the firmware(it could be linuxboot_dma.bin) helps to read initrd
contents into guest memory(below ramdisk_max) and jump to kernel.
that's similar with what bootloader does, like grub.

In addition, initrd_max is uint32_t simply because QEMU doesn't support
the 64-bit boot protocol (specifically the ext_ramdisk_image field).

Therefore here just limit initrd_max to UINT32_MAX simply as well to
allow initrd to be loaded below 4 GB.

NOTE: it's possible that linux protocol within [0x208, 0x20c]
supports up to 4 GB initrd as well.

CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Richard Henderson <rth@twiddle.net>
CC: Eduardo Habkost <ehabkost@redhat.com>
CC: "Michael S. Tsirkin" <mst@redhat.com>
CC: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:18 +01:00
Li Zhijian 06e0259a7c i386: import & use bootparam.h
it's from v4.20-rc5.

CC: Stefano Garzarella <sgarzare@redhat.com>
CC: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:18 +01:00
Li Zhijian 1f40547f5c hw/core/loader.c: Read as long as possible in load_image_size()
Don't expect read(2) can always read as many as it's told.

CC: Richard Henderson <richard.henderson@linaro.org>
CC: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:18 +01:00
Stefano Garzarella fda672b50e hw/i386/pc: enable PVH only for machine type >= 4.0
In order to avoid migration issues, we enable PVH only for
machine type >= 4.0

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:17 +01:00
Stefano Garzarella 1fb0d70990 hw/i386/pc: use PVH option rom
Use pvh.bin option rom when we are booting an uncompressed
kernel using the x86/HVM direct boot ABI.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Based-on: <1547554687-12687-1-git-send-email-liam.merwick@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:17 +01:00
Stefano Garzarella c5bf7847b7 pvh: load initrd and expose it through fw_cfg
When initrd is specified, load and expose it to the guest firmware
through fw_cfg. The firmware will fill the hvm_start_info for the
kernel.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Based-on: <1545422632-24444-5-git-send-email-liam.merwick@oracle.com>
Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:16 +01:00
Liam Merwick ab969087da pvh: Boot uncompressed kernel using direct boot ABI
These changes (along with corresponding Linux kernel and qboot changes)
enable a guest to be booted using the x86/HVM direct boot ABI.

This commit adds a load_elfboot() routine to pass the size and
location of the kernel entry point to qboot (which will fill in
the start_info struct information needed to to boot the guest).
Having loaded the ELF binary, load_linux() will run qboot
which continues the boot.

The address for the kernel entry point is read from an ELF Note
in the uncompressed kernel binary by a helper routine passed
to load_elf().

Co-developed-by: George Kennedy <George.Kennedy@oracle.com>
Signed-off-by: George Kennedy <George.Kennedy@oracle.com>
Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:16 +01:00
Liam Merwick 4366e1db16 elf: Add optional function ptr to load_elf() to parse ELF notes
This patch adds an optional function pointer, 'elf_note_fn', to
load_elf() which causes load_elf() to additionally parse any
ELF program headers of type PT_NOTE and check to see if the ELF
Note is of the type specified by the 'translate_opaque' arg.
If a matching ELF Note is found then the specfied function pointer
is called to process the ELF note.

Passing a NULL function pointer results in ELF Notes being skipped.

The first consumer of this functionality is the PVHboot support
which needs to read the XEN_ELFNOTE_PHYS32_ENTRY ELF Note while
loading the uncompressed kernel binary in order to discover the
boot entry address for the x86/HVM direct boot ABI.

Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05 16:50:16 +01:00
Peter Maydell 9ae805637a target/xtensa: SMP updates and various fixes
- fix CPU wakeup on runstall changes; expose runstall as an IRQ line;
 - place mini-bootloader at the BSP reset vector;
 - expose CPU core frequency in XTFPGA board FPGA register;
 - rearrange access to external interrupts of xtensa cores;
 - add MX interrupt distributor and use it on SMP XTFPGA boards;
 - add test_mmuhifi_c3 xtensa core variant;
 - raise number of CPUs that can be instantiated on XTFPGA boards.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEK2eFS5jlMn3N6xfYUfnMkfg/oEQFAlxYi5QTHGpjbXZia2Jj
 QGdtYWlsLmNvbQAKCRBR+cyR+D+gRCyJEACR/IQ7LVFYBczo450yLOoAPWU/8/iU
 BmmeqM/BKZHBZN5HyS7zdBbDGHe/aQd+hlwG3hnxaJTfqTSOW0QxOmXkI2U5yQrl
 SfGErboON0FnDreQuLlsRN0QQYI7pFJiwpUj5sqOYYghfbEfwmefUNzWlJr17AyC
 AusLrGe3SBJuv40S78C+S7e4XlaGxPn5OwCvpvH+o8iDj9TCP7+vXV8N4fdackH+
 i323F9OdNSmtKXL/lDVG2bf5eFw+koLOGPsqjdT/WIfRVg45VXd7ZFQeMZxuQrh4
 8NwlQx9bxM4rbPBrUpsPDulic5udmMJvJ31CFe3YXu48skG90E3NxtOmUBGvTgMl
 lpM9RzZfCZTAIfPqw0LHiQ4kaioMlAO40wtCNxqm78R5UL/FseuzNUN+eLz7qCL1
 rTBKOQ5CJMFZWDkQjcwIYz54vi8QCt0jMWD4MzzIaU3Nf3Ak5uAaeEQE+b48lBvQ
 0EhUzwh1Ea9An2JAyhAqlNqifs+0HsG4M5tqhVj+9IITlzbZe/zLswgYaHd5D75v
 ElGoFov9Gi/GM5LxFzNRN1HwFCFWeHTt6sIHIo2oR1+mPrNhS+MJyqrnkKgIYOA/
 plSJqO//iyS8wGL7c7UXVV3cixGOv7SSZDtSKFZb+sD7aML/y3DJnFTmABOl4kdt
 OBYFg8+jcrma3g==
 =8D60
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/xtensa/tags/20190204-xtensa' into staging

target/xtensa: SMP updates and various fixes

- fix CPU wakeup on runstall changes; expose runstall as an IRQ line;
- place mini-bootloader at the BSP reset vector;
- expose CPU core frequency in XTFPGA board FPGA register;
- rearrange access to external interrupts of xtensa cores;
- add MX interrupt distributor and use it on SMP XTFPGA boards;
- add test_mmuhifi_c3 xtensa core variant;
- raise number of CPUs that can be instantiated on XTFPGA boards.

# gpg: Signature made Mon 04 Feb 2019 18:59:32 GMT
# gpg:                using RSA key 2B67854B98E5327DCDEB17D851F9CC91F83FA044
# gpg:                issuer "jcmvbkbc@gmail.com"
# gpg: Good signature from "Max Filippov <filippov@cadence.com>" [unknown]
# gpg:                 aka "Max Filippov <max.filippov@cogentembedded.com>" [full]
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>" [full]
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20190204-xtensa:
  hw/xtensa: xtfpga: raise CPU number limit
  target/xtensa: add test_mmuhifi_c3 core
  hw/xtensa: xtfpga: use MX PIC for SMP
  target/xtensa: add MX interrupt controller
  target/xtensa: expose core runstall as an IRQ line
  target/xtensa: rearrange access to external interrupts
  target/xtensa: drop function xtensa_timer_irq
  target/xtensa: fix access to the INTERRUPT SR
  hw/xtensa: xtfpga: use core frequency
  hw/xtensa: xtfpga: fix bootloader placement in SMP
  target/xtensa: add qemu_cpu_kick to xtensa_runstall

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-05 09:35:53 +00:00
David Hildenbrand 2313a88fe6 s390x/pci: Unplug remaining requested devices on pcihost reset
When resetting the guest we should unplug and remove all devices that
are still pending.

With this patch, the requested device will be unplugged on reboot
(S390_RESET_EXTERNAL and S390_RESET_REIPL, which reset the pcihost bridge
via qemu_devices_reset()).

This approach is similar to what's done for acpi PCI hotplug in
acpi_pcihp_reset() -> acpi_pcihp_update() ->
acpi_pcihp_update_hotplug_bus() -> acpi_pcihp_eject_slot().

s390_pci_generate_plug_event()'s will still be generated, I guess this
is not an issue. The same thing would happen right now when unplugging
a device just before starting the guest.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190130155733.32742-7-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-02-05 10:34:06 +01:00
David Hildenbrand 703fef6fcf s390x/pci: Warn when adding PCI devices without the 'zpci' feature
We decided to always create the PCI host bridge, even if 'zpci' is not
enabled (due to migration compatibility). This however right now allows
to add zPCI/PCI devices to a VM although the guest will never actually see
them, confusing people that are using a simple CPU model that has no
'zpci' enabled - "Why isn't this working" (David Hildenbrand)

Let's check for 'zpci' and at least print a warning that this will not
work as expected. We could also bail out, however that might break
existing QEMU commandlines.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190130155733.32742-4-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-02-05 10:32:35 +01:00
David Hildenbrand 150f462538 s390x/pci: Fix hotplugging of PCI bridges
When hotplugging a PCI bridge right now to the root port, we resolve
pci_get_bus(pdev)->parent_dev, which results in a SEGFAULT. Hotplugging
really only works right now when hotplugging to another bridge.

Instead, we have to properly check if we are already at the root.

Let's cleanup the code while at it a bit and factor out updating the
subordinate bus number into a separate function. The check for
"old_nr < nr" is right now not strictly necessary, but makes it more
obvious what is actually going on.

Most probably fixing up the topology is not our responsibility when
hotplugging. The guest has to sort this out. But let's keep it for now
and only fix current code to not crash.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190130155733.32742-3-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-02-05 10:16:59 +01:00
David Hildenbrand d30a7507ed s390x/pci: Fix primary bus number for PCI bridges
The primary bus number corresponds always to the bus number of the
bus the bridge is attached to.

Right now, if we have two bridges attached to the same bus (e.g. root
bus) this is however not the case. The first bridge will have primary
bus 0, the second bridge primary bus 1, which is wrong. Fix the assignment.

While at it, drop setting the PCI_SUBORDINATE_BUS temporarily to 0xff.
Setting it temporarily to that value (as discussed e.g. in [1]), is
only relevant for a running system that probes the buses. The value is
effectively unused for us just doing a DFS.

Also add a comment why we have to reassign during every reset (which I
found to be surprising.

Please note that hotplugging of bridges is in general still broken, will
be fixed next.

[1] http://www.science.unitn.it/~fiorella/guidelinux/tlk/node76.html

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190130155733.32742-2-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-02-05 10:15:12 +01:00
Peter Maydell f3b4d5ca67 Xen queue
* xen-block, the Xen PV backend, now handles resize.
 * configure cleanup.
 * xen-bus fix.
 -----BEGIN PGP SIGNATURE-----
 
 iQFOBAABCgA4FiEE+AwAYwjiLP2KkueYDPVXL9f7Va8FAlxYHv0aHGFudGhvbnku
 cGVyYXJkQGNpdHJpeC5jb20ACgkQDPVXL9f7Va/eNggA7+BEVvd8algSlGz4L9hQ
 5t0rL/Tvd9q5i5N34cnlIUSr59U6f0+QtiX0c/FQThn6ItbTvLwqW+vK8R2jcYee
 GRenH792FQtkjldN2KaWopT9qyHbowjwAIfPEP2MpW2LZGYYsviNkivvsfwEHWwo
 RTVCAR6RYM+q7CERNVD0xxHdjZQ5/A4xOPDOjCnSWyg6MNxwFHZv7anZFT8ZlH/Z
 h8uPBP41cknuVWPzZz3JTZqv5oJCfCNPYxOX6Zs1AYl/yyoLja/JiM85SOxfQttY
 wGLbXrCxGTdnB40obNceNRdwY9w9/xXnCYglLXzitmnBUPPuuHt34aPaS4MMBGnc
 xg==
 =n2fc
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20190204' into staging

Xen queue

* xen-block, the Xen PV backend, now handles resize.
* configure cleanup.
* xen-bus fix.

# gpg: Signature made Mon 04 Feb 2019 11:16:13 GMT
# gpg:                using RSA key F80C006308E22CFD8A92E7980CF5572FD7FB55AF
# gpg:                issuer "anthony.perard@citrix.com"
# gpg: Good signature from "Anthony PERARD <anthony.perard@gmail.com>" [marginal]
# gpg:                 aka "Anthony PERARD <anthony.perard@citrix.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5379 2F71 024C 600F 778A  7161 D8D5 7199 DF83 42C8
#      Subkey fingerprint: F80C 0063 08E2 2CFD 8A92  E798 0CF5 572F D7FB 55AF

* remotes/aperard/tags/pull-xen-20190204:
  xen-block: handle resize callback
  xen: fix xen-bus state model to allow frontend re-connection
  configure: Don't add Xen's libs to LDFLAGS
  configure: xen: Stop build-testing for xc_domain_create

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-04 12:57:26 +00:00
Cornelia Huck aede5d5dfc s390x/pci: mark zpci devices as unmigratable
We currently don't migrate any state for zpci devices, which are
coupled with standard pci devices. This means funny things happen
when we e.g. try to migrate with a virtio-pci device but the s390x-
specific zpci state is not migrated (vfio-pci is not affected, as
it is not migratable anyway.)

Until this is fixed, mark zpci devices as unmigratable.

Reported-by: David Hildenbrand <david@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-02-04 13:47:50 +01:00
David Hildenbrand 9f2a46b111 s390x/pci: Drop release timer and replace it with a flag
Let's handle it similar to x86 ACPI PCI code and don't use a timer.
Instead, remember if an unplug request is pending and keep it pending
for eternity. (a follow up patch will process the request on
reboot).

We expect that a guest that is up and running, will process the unplug
request and trigger the unplug. This is normal operation, no timer needed.

If the guest does not react, this usually means something in the guest
is going wrong. Simply removing the device after 30 seconds does not
really sound like a good idea. It might sometimes be wanted, but I
consider this rather an "opt-in" decision as it might harm a guest not
prepared for it.

If we ever actually want a "forced/surprise removal", we will have to
implement something on top of the existing "device_del" framework. E.g.
also x86 might want to do a forced/surprise removal of PCI devices under
some conditions. "device_del X, forced=true" could be an option and will
require changes to the hotplug handler infrastructure.

This will then move the responsibility on when to do a forced removal
to a higher level. Doing a forced removal right now over-complicates
things and doesn't really seem to be required.

Let's allow to send multiple requests.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190130155733.32742-6-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-02-04 13:47:50 +01:00
David Hildenbrand e0998fe891 s390x/pci: Introduce unplug requests and split unplug handler
PCI on s390x is really weird and how it was modeled in QEMU might not have
been the right choice. Anyhow, right now it is the case that:
- Hotplugging a PCI device will silently create a zPCI device
  (if none is provided)
- Hotunplugging a zPCI device will unplug the PCI device (if any)
- Hotunplugging a PCI device will unplug also the zPCI device
As far as I can see, we can no longer change this behavior. But we
should fix it.

Both device types are handled via a single hotplug handler call. This
is problematic for various reasons:
1. Unplugging via the zPCI device allows to unplug devices that are not
   hot removable. (check performed in qdev_unplug()) - bad.
2. Hotplug handler chains are not possible for the unplug case. In the
   future, the machine might want to override hotplug handlers, to
   process device specific stuff and to then branch off to the actual
   hotplug handler. We need separate hotplug handler calls for both the
   PCI and zPCI device to make this work reliably. All other PCI
   implementations are already prepared to handle this correctly, only
   s390x is missing.

Therefore, introduce the unplug_request handler and properly perform
unplug checks by redirecting to the separate unplug_request handlers.
When finally unplugging, perform two separate hotplug_handler_unplug()
calls, first for the PCI device, followed by the zPCI device. This now
nicely splits unplugging paths for both devices.

The redirect part is a little hairy, as the user is allowed to trigger
unplug either via the PCI or the zPCI device. So redirect always to the
PCI unplug request handler first and remember if that check has been
performed in the zPCI device. Redirect then to the zPCI device unplug
request handler to perform the magic. Remembering that we already
checked the PCI device breaks the redirect loop.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190130155733.32742-5-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-02-04 13:47:50 +01:00
Paul Durrant 3149f183d7 xen-block: handle resize callback
Some frontend drivers will handle dynamic resizing of PV disks, so set up
the BlockDevOps resize_cb() method during xen_block_realize() to allow
this to be done.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-02-04 11:04:49 +00:00
Paul Durrant 67bc8e00f7 xen: fix xen-bus state model to allow frontend re-connection
There is a flaw in the xen-bus state model. To allow a frontend to re-
connect the backend state of an online XenDevice is transitioned from
Closed to InitWait, but this is currently done unilaterally which is
incorrect. The backend state should remain Closed until the frontend state
transitions to Initialising.

This patch removes the automatic backend state transition from
xen_device_backend_state_changed() and, instead, adds an extra check in
xen_device_frontend_state_changed() to determine whether a frontend is
trying to re-connect to a previously Closed XenDevice. Only if this is
found to be the case is the backend state transitioned from Closed to
InitWait. Note that this transition will be common amongst all XenDevice
classes and hence xen_device_frontend_state_changed() returns immediately
afterwards without calling into the XenDeviceClass frontend_changed()
method.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-02-04 11:04:49 +00:00
Thomas Huth eac57b405a hw/ppc: Don't include m48t59.h if it is not necessary
These files don't use anything from m48t59.h, so no need to include
this header here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:20 +11:00
Alexey Kardashevskiy 382b6f2225 spapr_pci: Fix endianness in assigned-addresses property
reg->phys_hi and assigned->phys_hi are big endian but we do an extra
byteswap anyway when copying reg->phys_hi to assigned->phys_hi.
To make things slightly more messy, we also add a relocatable bit (b_n())
although in the right endianness.

This fixes endianness of assigned->phys_hi.

This is unlikely to produce any visible difference though as we should end up
there only in the case of PCI hotplug and even then I am not sure if
(d->io_regions[i].addr == PCI_BAR_UNMAPPED) == true.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:20 +11:00
Thomas Huth 6e66d0c648 hw/ppc/spapr: Add support for "-vga cirrus"
The cirrus VGA card has been enabled in the PPC builds with
commit 29f9cef39e ("ppc: Include vga cirrus card into
the compiling process") last year. It also works on the pseries
machine, even SLOF contains support for this card, so we can
also support this for the "-vga" parameter here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:19 +11:00
Alexey Kardashevskiy df269271a9 spapr: Drop unused parameters from fdt building helper
spapr_load_rtas() handles now RTAS address and size information in the FDT
so drop them from spapr_build_fdt().

While we are here, fix a small typo.

Fixes: 3f5dabceba "pseries: Consolidate construction of /rtas device tree node"
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:19 +11:00
Thomas Huth 52144b69e4 hw/ppc: Move ppc40x_*reset() functions from ppc405_uc.c to ppc.c
Currently, it is not possible to build a QEMU binary without the
ppc405_uc.c file, even if you do not want to have the embedded machines
in the binary. This is bad since it's quite a bit of code and this code
pulls in some more dependencies (e.g. via the usage of serial_mm_init())
which would not be needed otherwise - especially with the upcoming
Kconfig-style configuration system for QEMU.

The only functions from this file which are really always required for
linking are the ppc40x_*reset() functions, so move these functions to
ppc.c, close to the ppc40x_set_irq() function that calls them. Now we
can flag ppc405_uc.c and ppc4xx_devs.c with the CONFIG_PPC4XX config
switch, too.

And while we're at it, replace the printf()s in these ppc40x_*reset()
functions with proper calls to qemu_log_mask().

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:18 +11:00
Cédric Le Goater a28b9a5a8d spapr: move the interrupt presenters under machine_data
Next step is to remove them from under the PowerPCCPU

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:18 +11:00
Cédric Le Goater 8907fc25cf ppc/pnv: introduce a CPU machine_data
Include the interrupt presenter under the machine_data as we plan to
remove it from under PowerPCCPU

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:18 +11:00
Cédric Le Goater 40a5056c41 xive: add a get_tctx() method to the XiveRouter
It provides a mean to retrieve the XiveTCTX of a CPU. This will become
necessary with future changes which move the interrupt presenter
object pointers under the PowerPCCPU machine_data.

The PowerNV machine has an extra requirement on TIMA accesses that
this new method addresses. The machine can perform indirect loads and
stores on the TIMA on behalf of another CPU. The PIR being defined in
the controller registers, we need a way to peek in the controller
model to find the PIR value.

The XiveTCTX is moved above the XiveRouter definition to avoid forward
typedef declarations.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:18 +11:00
David Hildenbrand d8e81d6e60 spapr/pci: Fix primary bus number for PCI bridges
While looking at the s390x implementation, looks like spapr has a
similar BUG when building the topology.

The primary bus number corresponds always to the bus number of the
bus the bridge is attached to.

Right now, if we have two bridges attached to the same bus (e.g. root
bus) this is however not the case. The first bridge will have primary
bus 0, the second bridge primary bus 1, which is wrong. Fix the assignment.

While at it, drop setting the PCI_SUBORDINATE_BUS temporarily to 0xff.
Setting it temporarily to that value (as discussed e.g. in [1]), is
only relevant for a running system that probes the buses. The value is
effectively unused for us just doing a DFS.

[1] http://www.science.unitn.it/~fiorella/guidelinux/tlk/node76.html

Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:18 +11:00
Greg Kurz 21df5e4ffa spapr: Forbid setting ic-mode for old machine types
Machine types 3.0 and older only know about the legacy XICS backend.
Make it clear by erroring out if the user tries to set ic-mode on
such machines.

Signed-off-by: Greg Kurz <groug@kaod.org>
Tested-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:18 +11:00
Thomas Huth 1ac24c91bb hw/ppc/spapr: Encode the SCSI channel (bus) in the SRP LUNs
In hw/scsi/spapr_vio.c we declare that the controller supports multiple
buses by specifying "max_channel = 7" there. So in the code that fixes
up the device tree nodes, we must encode the channel number (a.k.a. bus
number in the "Logical unit addressing format" table of SAM5) into the
64-bit LUN, too.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1663160
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:18 +11:00
Cédric Le Goater 4882206430 spapr/vio: remove the "irq" property"
commit efe2add7cb ("spapr/vio: deprecate the "irq" property") was
merged in QEMU version 3.0. The "irq" property" can be removed for
QEMU version 4.0.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:17 +11:00
BALATON Zoltan 4f10ed277d ppc440: Avoid reporting error when reading non-existent RAM slot
When reading base register of RAM slot with no RAM we should not try
to calculate register value because that will result printing an error
due to invalid RAM size. Just return 0 without the error in this case.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:17 +11:00
Cédric Le Goater 6bf6f3a1d1 ppc/xive: fix remaining XiveFabric names
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:17 +11:00
BALATON Zoltan 6a9938a379 sam460ex: Fix support for memory larger than 1GB
Fix the encoding of larger memory modules in the SoC registers which
allows specifying more than 1GB memory for sam460ex. Well, only 2GB
due to SoC and firmware restrictions which was the only missing value
compared to what the real hardware supports. The SoC should support up
to 4GB but when setting that the firmware hangs during memory test.
This may be an overflow bug in the firmware which I did not try to
debug but this may affect real hardware as well.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:17 +11:00
BALATON Zoltan 70812bf709 ppc4xx: Pass array index to function instead of pointer into the array
The sdram_set_bcr() function in ppc440_uc.c takes a pointer into an
array then calculates its index from that. It's simpler and easier to
just pass the index which simplifies both the function and its callers.
Do similar cleanup in ppc4xx_devs.c to similar function.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:17 +11:00
BALATON Zoltan 0a57fbee20 ppc4xx: Rename ppc4xx_sdram_t in ppc440_uc.c to ppc440_sdram_t
There's already a struct with the same name in ppc4xx_devs.c. They are
not used outside their files so don't clash but they are also not
identical so rename the ppc440 specific one to distinguish them.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:17 +11:00
BALATON Zoltan 7d8ccf58d5 ppc4xx: Use ram_addr_t in ppc4xx_sdram_adjust()
To avoid overflow if larger values are added later use ram_addr_t for
the sdram_bank_sizes parameter to match ram_size to which it is compared.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:17 +11:00
BALATON Zoltan 08fd99179a sam460ex: Clean up SPD EEPROM creation
Get rid of code from MIPS Malta board used to create SPD EEPROM data
(parts of which was not even needed for sam460ex) and use the generic
spd_data_generate() function to simplify this.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:17 +11:00
BALATON Zoltan b296b664ab smbus: Add a helper to generate SPD EEPROM data
There are several boards with SPD EEPROMs that are now using
duplicated or slightly different hard coded data. Add a helper to
generate SPD data for a memory module of given type and size that
could be used by these boards (either as is or with further changes if
needed) which should help cleaning this up and avoid further duplication.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-04 18:44:17 +11:00
Dima Stepanov 7423192912 virtio: add checks for the size of the indirect table
The virtqueue_pop() and virtqueue_get_avail_bytes() routines can use the
INDIRECT table to get the data. It is possible to create a packet which
will lead to the assert message like:
  include/exec/memory.h:1995: void
  address_space_read_cached(MemoryRegionCache *, hwaddr, void *, int):
  Assertion `addr < cache->len && len <= cache->len - addr' failed.
  Aborted
To do it the first descriptor should have a link to the INDIRECT table
and set the size of it to 0. It doesn't look good that the guest should
be able to trigger the assert in qemu. Add additional check for the size
of the INDIRECT table, which should not be 0.

Signed-off-by: Dima Stepanov <dimastep@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-02-01 17:30:53 -05:00
Peter Maydell b3fc0af1ff Block layer patches:
- vmdk: Support for blockdev-create
 - block: Apply auto-read-only for ro-whitelist drivers
 - virtio-scsi: Fixes related to attaching/detaching iothreads
 - scsi-disk: Fixed erroneously detected multipath setup with multiple
   disks created with node-names. Added device_id property.
 - block: Fix hangs in synchronous APIs with iothreads
 - block: Fix invalidate_cache error path for parent activation
 - block-backend, mirror, qcow2, vpc, vdi, qemu-iotests:
   Minor fixes and code improvements
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcVGReAAoJEH8JsnLIjy/WyXAQAMYGNa5sBndKTsRWvNfwn8p8
 GwiLrmhHreEGQrEoMrBl4O2uVq7B37j6yWRYeP5ZNboex/eLGgk8tnM6BxlIBldb
 ffi9g7o7cLPOFuJxGvJMR6q38TG7yEr4Mp/QkI6hZRq3brAwBsQaVmBCtgGsOaW6
 UBayRY5K/yfTdt21bZZd/78UwRz60v5YHUQYjbq5CBWeJv5WLlgwC+8k0cIeUl1f
 l/dNB21ZyVxBHpZRlqonJ0YyvW6JxMQ/93btVBwFS+D60Y0jUvlExtnEbMojozfp
 fcEPicByjRFK/jUUkXVlC0BJnBjhPNo2pMWgbMvCvOCMvMYT5JuKTXsdljs1Y2Gs
 UHJePa8GLp1Z1ZvMQOWRFb7NpTdGlbTv7FgngY6bkSLZuQ15Dc/OGpBpnYxq3y+j
 u7JbZJ+00ivygw51GwsQhu1pcgasOFxG2PJtV797+imtKnMk69wixAu25aC64sz5
 1LEiLNrnJqBhxy5k4OJSOFPH/UEzP4lcH6wjH8VMz7yvIUfMG1hqk040b7bWzRCQ
 c5ZRhvI530LGAgXRMlUmP4d7RUvzz3HFA5qA1DuGmnhA+qn3MGzvWHOurM98SDrL
 yzNXoaMt8pqQ8RgSbB6cNmRcV7anr+VES8tbffo+tbLMM7GcKYvgsioXfI8t6d+m
 Eahd3giMhdIXgEQ2LCkV
 =oaAn
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- vmdk: Support for blockdev-create
- block: Apply auto-read-only for ro-whitelist drivers
- virtio-scsi: Fixes related to attaching/detaching iothreads
- scsi-disk: Fixed erroneously detected multipath setup with multiple
  disks created with node-names. Added device_id property.
- block: Fix hangs in synchronous APIs with iothreads
- block: Fix invalidate_cache error path for parent activation
- block-backend, mirror, qcow2, vpc, vdi, qemu-iotests:
  Minor fixes and code improvements

# gpg: Signature made Fri 01 Feb 2019 15:23:10 GMT
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream: (27 commits)
  scsi-disk: Add device_id property
  scsi-disk: Don't use empty string as device id
  qtest.py: Wait for the result of qtest commands
  block: Fix invalidate_cache error path for parent activation
  iotests/236: fix transaction kwarg order
  iotests: Filter second BLOCK_JOB_ERROR from 229
  virtio-scsi: Forbid devices with different iothreads sharing a blockdev
  scsi-disk: Acquire the AioContext in scsi_*_realize()
  virtio-scsi: Move BlockBackend back to the main AioContext on unplug
  block: Eliminate the S_1KiB, S_2KiB, ... macros
  block: Remove blk_attach_dev_legacy() / legacy_dev code
  block: Apply auto-read-only for ro-whitelist drivers
  uuid: Make qemu_uuid_bswap() take and return a QemuUUID
  block/vdi: Don't take address of fields in packed structs
  block/vpc: Don't take address of fields in packed structs
  vmdk: Reject excess extents in blockdev-create
  iotests: Add VMDK tests for blockdev-create
  iotests: Filter cid numbers in VMDK extent info
  vmdk: Implement .bdrv_co_create callback
  vmdk: Refactor vmdk_create_extent
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-01 17:58:27 +00:00
Peter Maydell e83d74286c target-arm queue:
* New machine mps2-an521 -- this is a model of the AN521 FPGA image for the MPS2 devboard
  * Fix various places where we failed to UNDEF invalid A64 instructions
  * Don't UNDEF a valid FCMLA on 32-bit inputs
  * Fix some bugs in the newly-added PAuth implementation
  * microbit: Implement NVMC non-volatile memory controller
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAlxUbmsZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3ubXD/9PJxn0RnOkxpEmnba1QYbj
 mq1c9d9t2Ewd5wVLPWUZSlVjhLENUtPd6F5+CXGNwo+GpJgIG04tg4EhSXAAJtlF
 msdvtVJLVhp2O/uoaLx4HilyzJjwMk3RExE4nE9czZ0B3bbfRCpeNV7wwlU8Q+ty
 fbeK0zsjLmqYJ1J5nXhVbBxUsfpqFeOy0pH3S+9CWg9zxvbORmERFVyp31SgIB5r
 mctU6IUH9wekNGQfGMKFazLjKLOnCYc39O3e1DuLGaK9ouA1alsfzl+GRiveYp1A
 royrZjLBO995L5mVt8KcSYvpUaw8AzKZgchJ6KmM68pMGCsabmNHDbwtUtquLjir
 7Ik64RovlRYDQeF2ee+giJF+sVH4fKFa7onFIl955Rv4SyEoyvJxEvd8gby3gwAa
 +JiWY4IDZCpnUvbWP7gdnKMTH5T50srE5PiYCbQ+raBGRGgH3s2Ogt1NVBOKVFv5
 YycWbt8Px+c+kSz3vT3ohQshoVUtTzFAWPR0s7+m83oxTqOBZ/wf1VipmgU05NWl
 j0aJZhIS/5aOmKf+8+iLmfOYQ/8yq2guUnLDUWtN2F0f+7KysZhnauF7iTp/hIGQ
 rDd74ktQoPFvr6Q2komFisQ5vgmLKaMM6mQUPpObhIwTw7Oz3anwvQDNgMCRB1JU
 5PKH8pS1XHVhX4iM3FHv9g==
 =ak3S
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190201' into staging

target-arm queue:
 * New machine mps2-an521 -- this is a model of the AN521 FPGA image for the MPS2 devboard
 * Fix various places where we failed to UNDEF invalid A64 instructions
 * Don't UNDEF a valid FCMLA on 32-bit inputs
 * Fix some bugs in the newly-added PAuth implementation
 * microbit: Implement NVMC non-volatile memory controller

# gpg: Signature made Fri 01 Feb 2019 16:06:03 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20190201: (47 commits)
  tests/microbit-test: Add tests for nRF51 NVMC
  arm: Instantiate NRF51 special NVM's and NVMC
  hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories
  target/arm: fix decoding of B{,L}RA{A,B}
  target/arm: fix AArch64 virtual address space size
  linux-user: Initialize aarch64 pac keys
  aarch64-linux-user: Enable HWCAP bits for PAuth
  aarch64-linux-user: Update HWCAP bits from linux 5.0-rc1
  target/arm: Always enable pac keys for user-only
  arm: Clarify the logic of set_pc()
  target/arm: Enable API, APK bits in SCR, HCR
  target/arm: Add a timer to predict PMU counter overflow
  target/arm: Send interrupts on PMU counter overflow
  target/arm/translate-a64: Fix mishandling of size in FCMLA decode
  target/arm/translate-a64: Fix FCMLA decoding error
  exec.c: Don't reallocate IOMMUNotifiers that are in use
  target/arm/translate-a64: Don't underdecode SDOT and UDOT
  target/arm/translate-a64: Don't underdecode FP insns
  target/arm/translate-a64: Don't underdecode add/sub extended register
  target/arm/translate-a64: Don't underdecode SIMD ld/st single
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-01 16:39:17 +00:00
Steffen Görtz 4d744b25d3 arm: Instantiate NRF51 special NVM's and NVMC
Instantiates UICR, FICR, FLASH and NVMC in nRF51 SOC.

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190201023357.22596-3-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-01 15:32:17 +00:00
Steffen Görtz c0d4eb8352 hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories
The nRF51 contains three regions of non-volatile memory (NVM):
- CODE (R/W): contains code
- FICR (R): Factory information like code size, chip id etc.
- UICR (R/W): Changeable configuration data. Lock bits, Code
  protection configuration, Bootloader address, Nordic SoftRadio
  configuration, Firmware configuration.

Read and write access to the memories is managed by the
Non-volatile memory controller.

Memory schema:
 [ CPU ] -+- [ NVM, either FICR, UICR or CODE ]
          |      |
          \- [ NVMC ]

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190201023357.22596-2-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-01 15:31:26 +00:00
Julia Suvorova 42f6ed9193 arm: Clarify the logic of set_pc()
Until now, the set_pc logic was unclear, which raised questions about
whether it should be used directly, applying a value to PC or adding
additional checks, for example, set the Thumb bit in Arm cpu. Let's set
the set_pc logic for “Configure the PC, as was done in the ELF file”
and implement synchronize_with_tb hook for preserving PC to cpu_tb_exec.

Signed-off-by: Julia Suvorova <jusual@mail.ru>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190129121817.7109-1-jusual@mail.ru
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-01 14:55:46 +00:00
Peter Maydell 23f9242332 hw/arm/mps2-tz: Add mps2-an521 model
Add a model of the MPS2 FPGA image described in Application Note
AN521. This is identical to the AN505 image, except that it uses
the SSE-200 rather than the IoTKit and so has two Cortex-M33 CPUs.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-24-peter.maydell@linaro.org
2019-02-01 14:55:44 +00:00
Peter Maydell 4a30dc1c23 hw/arm/mps2-tz: Add IRQ infrastructure to support SSE-200
In preparation for adding support for the AN521 MPS2 image, we need
to handle wiring up the MPS2 device interrupt lines to both CPUs in
the SSE-200, rather than just the one that the IoTKit has.

Abstract out a "connect to the IoTKit interrupt line" function
and make it connect to a splitter which feeds both sets of inputs
for the SSE-200 case.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-23-peter.maydell@linaro.org
2019-02-01 14:55:43 +00:00
Peter Maydell 0829d24e66 hw/arm/armsse: Add SSE-200 model
Add a model of the SSE-200, now we have put in all
the code that lets us make it different from the IoTKit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-22-peter.maydell@linaro.org
2019-02-01 14:55:43 +00:00
Peter Maydell ade67dcd4a hw/arm/armsse: Add CPU_IDENTITY block to SSE-200
Instantiate a copy of the CPU_IDENTITY register block for each CPU
in an SSE-200.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-21-peter.maydell@linaro.org
2019-02-01 14:55:43 +00:00
Peter Maydell 5aeb368966 hw/misc/armsse-cpuid: Implement SSE-200 CPU_IDENTITY register block
The SSE-200 has a CPU_IDENTITY register block, which is a set of
read-only registers. As well as the usual PID/CID registers, there
is a single CPUID register which indicates whether the CPU is CPU 0
or CPU 1. Implement a model of this register block.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-20-peter.maydell@linaro.org
2019-02-01 14:55:43 +00:00
Peter Maydell c1f572579e hw/arm/armsse: Add unimplemented-device stub for CPU local control registers
The SSE-200 has a "CPU local security control" register bank; add an
unimplemented-device stub for it. (The register bank has only one
interesting register, which allows the guest to lock down changes
to various CPU registers so they cannot be modified further. We
don't support that in our Cortex-M33 model anyway.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-19-peter.maydell@linaro.org
2019-02-01 14:55:43 +00:00
Peter Maydell 2357bca532 hw/arm/armsse: Add unimplemented-device stub for cache control registers
The SSE-200 gives each CPU a register bank to use to control its
L1 instruction cache. Put in an unimplemented-device stub for this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-18-peter.maydell@linaro.org
2019-02-01 14:55:43 +00:00
Peter Maydell e0b00f1b92 hw/arm/armsse: Add unimplemented-device stubs for PPUs
Add unimplemented-device stubs for the various Power Policy Unit
devices that the SSE-200 has.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-17-peter.maydell@linaro.org
2019-02-01 14:55:43 +00:00
Peter Maydell f8574705f6 hw/arm/armsse: Add unimplemented-device stubs for MHUs
The SSE-200 has two Message Handling Units (MHUs), which sit behind
the APB PPC0. Wire up some unimplemented-device stubs for these,
since we don't yet implement a real model of this device.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-16-peter.maydell@linaro.org
2019-02-01 14:55:43 +00:00
Peter Maydell dde0c49103 iotkit-sysinfo: Make SYS_VERSION and SYS_CONFIG configurable
The SYS_VERSION and SYS_CONFIG register values differ between the
IoTKit and SSE-200. Make them configurable via QOM properties rather
than hard-coded, and set them appropriately in the ARMSSE code that
instantiates the IOTKIT_SYSINFO device.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-15-peter.maydell@linaro.org
2019-02-01 14:55:42 +00:00
Peter Maydell 7cd3a2e0d5 hw/arm/armsse: Put each CPU in its own cluster object
Create a cluster object to hold each CPU in the SSE. They are
logically distinct and may be configured differently (for instance
one may not have an FPU where the other does).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-14-peter.maydell@linaro.org
2019-02-01 14:55:42 +00:00
Peter Maydell d847ca5128 hw/arm/armsse: Give each CPU its own view of memory
Give each CPU its own container memory region. This is necessary
for two reasons:
 * some devices are instantiated one per CPU and the CPU sees only
   its own device
 * since a memory region can only be put into one container, we must
   give each armv7m object a different MemoryRegion as its 'memory'
   property, or a dual-CPU configuration will assert on realize when
   the second armv7m object tries to put the MR into a container when
   it is already in the first armv7m object's container

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-13-peter.maydell@linaro.org
2019-02-01 14:55:42 +00:00
Peter Maydell 91c1e9fcbd hw/arm/armsse: Support dual-CPU configuration
The SSE-200 has two Cortex-M33 CPUs. These see the same view
of memory, with the exception of the "private CPU region" which
has per-CPU devices. Internal device interrupts for SSE-200
devices are mostly wired up to both CPUs, with the exception of
a few per-CPU devices. External GPIO inputs on the SSE-200
device are provided for the second CPU's interrupts above 32,
as is already the case for the first CPU.

Refactor the code to support creation of multiple CPUs.
For the moment we leave all CPUs with the same view of
memory: this will not work in the multiple-CPU case, but
we will fix this in the following commit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-12-peter.maydell@linaro.org
2019-02-01 14:55:42 +00:00
Peter Maydell 4b635cf7a9 hw/arm/armsse: Make SRAM bank size configurable
For the IoTKit the SRAM bank size is always 32K (15 bits); for the
SSE-200 this is a configurable parameter, which defaults to 32K but
can be changed when it is built into a particular SoC. For instance
the Musca-B1 board sets it to 128K (17 bits).

Make the bank size a QOM property. We follow the SSE-200 hardware in
naming the parameter SRAM_ADDR_WIDTH, which specifies the number of
address bits of a single SRAM bank.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-11-peter.maydell@linaro.org
2019-02-01 14:55:42 +00:00
Peter Maydell f0cab7fe88 hw/arm/armsse: Make number of SRAM banks parameterised
The SSE-200 has four banks of SRAM, each with its own
Memory Protection Controller, where the IoTKit has only one.
Make the number of SRAM banks a field in ARMSSEInfo.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-10-peter.maydell@linaro.org
2019-02-01 14:55:42 +00:00
Peter Maydell 0a78d7ebf8 hw/misc/iotkit-secctl: Support 4 internal MPCs
The SSE-200 has 4 banks of SRAM, each with its own internal
Memory Protection Controller. The interrupt status for these
extra MPCs appears in the same security controller SECMPCINTSTATUS
register as the MPC for the IoTKit's single SRAM bank. Enhance the
iotkit-secctl device to allow 4 MPCs. (If the particular IoTKit/SSE
variant in use does not have all 4 MPCs then the unused inputs will
simply result in the SECMPCINTSTATUS bits being zero as required.)

The hardcoded constant "1"s in armsse.c indicate the actual number
of SRAM MPCs the IoTKit has, and will be replaced in the following
commit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-9-peter.maydell@linaro.org
2019-02-01 14:55:42 +00:00
Peter Maydell 6eee5d241a hw/arm/iotkit: Rename files to hw/arm/armsse.[ch]
Rename the files that used to be iotkit.[ch] to
armsse.[ch] to reflect the fact they new cover
multiple Arm subsystems for embedded.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-8-peter.maydell@linaro.org
2019-02-01 14:55:42 +00:00
Peter Maydell 13628891b3 hw/arm/iotkit: Rename 'iotkit' local variables and functions
Rename various internal uses of 'iotkit' in hw/arm/iotkit.c to
'armsse', for consistency. The remaining occurences are:
 * related to the devices TYPE_IOTKIT_SYSCTL, TYPE_IOTKIT_SYSINFO,
   etc, which this refactor is not touching
 * references that apply specifically to the IoTKit (like
   the lack of a private CPU region)
 * the vmstate, which keeps its old "iotkit" name for
   migration compatibility reasons

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-7-peter.maydell@linaro.org
2019-02-01 14:55:41 +00:00
Peter Maydell 4c3690b591 hw/arm/iotkit: Refactor into abstract base class and subclass
The Arm SSE-200 Subsystem for Embedded is a revised and
extended version of the older IoTKit SoC. Prepare for
adding a model of it by refactoring the IoTKit code into
an abstract base class which contains the functionality,
driven by a class data block specific to each subclass.
(This is the same approach used by the existing bcm283x
SoC family implementation.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-6-peter.maydell@linaro.org
2019-02-01 14:55:41 +00:00
Peter Maydell 93dbd10347 hw/arm/iotkit: Rename IoTKit to ARMSSE
The Arm IoTKit was effectively the forerunner of a series of
subsystems for embedded SoCs, named the SSE-050, SSE-100 and SSE-200:
https://developer.arm.com/products/system-design/subsystems
These are generally quite similar, though later iterations have
extra devices that earlier ones do not.

We want to add a model of the SSE-200, which means refactoring the
IoTKit code into an abstract base class and subclasses (using the
same design that the bcm283x SoC and Aspeed SoC family
implementations do). As a first step, rename the IoTKit struct and
QOM macros to ARMSSE, which is what we're going to name the base
class. We temporarily retain TYPE_IOTKIT to avoid changing the
code that instantiates a TYPE_IOTKIT device here and then changing
it back again when it is re-introduced as a subclass.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-5-peter.maydell@linaro.org
2019-02-01 14:55:41 +00:00
Peter Maydell 66647809f5 armv7m: Pass through start-powered-off CPU property
Expose "start-powered-off" as a property of the ARMv7M container,
which we just pass through to the CPU object in the same way that we
do for "init-svtor" and "idau". (We want this for the SSE-200, which
powers up only the first CPU at reset and leaves the second powered
down.)

As with the other CPU properties here, we can't just use alias
properties, because the CPU QOM object is not created until armv7m
realize time.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-4-peter.maydell@linaro.org
2019-02-01 14:55:41 +00:00
Peter Maydell e4c81e3a45 armv7m: Make cpu object a child of the armv7m container
Rather than just creating the CPUs with object_new, make them child
objects of the armv7m container. This will allow the cluster code to
find the CPUs if an armv7m object is made a child of a cluster object.
object_new_with_props() will do the parenting for us.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-3-peter.maydell@linaro.org
2019-02-01 14:55:41 +00:00
Peter Maydell 3693f217d3 armv7m: Don't assume the NVIC's CPU is CPU 0
Currently the ARMv7M NVIC object's realize method assumes that the
CPU the NVIC is attached to is CPU 0, because it thinks there can
only ever be one CPU in the system. To allow a dual-Cortex-M33
setup we need to remove this assumption; instead the armv7m
wrapper object tells the NVIC its CPU, in the same way that it
already tells the CPU what the NVIC is.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190121185118.18550-2-peter.maydell@linaro.org
2019-02-01 14:55:41 +00:00
kumar sourav 287a7f6e39 hw/arm/nrf51_soc: set object owner in memory_region_init_ram
set object owner in memory_region_init_ram() instead
of NULL.

Signed-off-by: kumar sourav <sourav.jb1988@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190125155630.17430-1-sourav.jb1988@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-01 14:55:41 +00:00
Peter Maydell a1bc3e7dc8 ui: fix build with SDL disabled, drop SDL1 support.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcVDv3AAoJEEy22O7T6HE4Q2IQAIKbBCZ03yEmYoPwZhmGPZHE
 CV+R4poHE+eCC0kau3wbimGnO3895gym/FDTxyVhdki5xvsLQKwh7bNmzamrkM9N
 Bmr/SCnYdxlC07cdIFJXGbW83y57rQwCmEZTg8HGbpsDNsB+eaxZoBT1hkWUS88m
 jewyhRNnDG+JPGrNOWHT1wpJSVD0VDlg82CfnfxXL/ff7n30vHGMgWvjr3dHyj95
 NjiDHpXR/2NVRrdKHj5ZHB/rJmwWFMbzerzLfr06WmYylcGuCHxPmnz0152ORRCF
 UqCmj8eLdWfQ1iDHI1k+RYE9HRG26fZmSgRqFBPC7YFy9BWU5BM8YqRn2iHX9vA7
 r7KVIot7QJAg15/qnmBd9XjBtDsjr26+xDjBEJc0e9/3UQi3tLNtiI4b/PFHUZIw
 W4POYPP+NPBKVxufFUD7g02BN+3a0kcXNia7U7916JWeanBmQBn5OUNzGavM0QEn
 uqhHIch9bTN/mMoLBLbOAGKly9SQUEEkkXiCP2qH61arjNXw9EsZj0JRM7JNHllC
 +1+Y5DvKZXl2hc3MebLbBDO0p7w6+gN+XK4u8tqcYHGkdozvnZfVBB74Y7d0xBlz
 j58a8/yC4MiqkdWLujAXiQlpIuz3FmMlm0STn+aburBwjk3x/NP/BOxLbNV++YTv
 sCFWFRQ13DPFXSEMTDqM
 =SZn0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190201-pull-request' into staging

ui: fix build with SDL disabled, drop SDL1 support.

# gpg: Signature made Fri 01 Feb 2019 12:30:47 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20190201-pull-request:
  ui: remove support for SDL1.2 in favour of SDL2
  hw/display/milkymist-tmu2: Move inlined code from header to source
  hw/display/milkymist-tmu2: Explicit the dependency to both X11 / OpenGL
  configure: LM32 Milkymist Texture Mapping Unit (tmu2) also depends of X11
  hw/display: Move Milkymist specific hardware out of common-obj list

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-01 13:15:10 +00:00
Kevin Wolf 7471a649fc scsi-disk: Add device_id property
The new device_id property specifies which value to use for the vendor
specific designator in the Device Identification VPD page.

In particular, this is necessary for libvirt to maintain guest ABI
compatibility when no serial number is given and a VM is switched from
-drive (where the BlockBackend name is used) to -blockdev (where the
vendor specific designator is left out by default).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-02-01 13:48:11 +01:00
Kevin Wolf a8f58afcdb scsi-disk: Don't use empty string as device id
scsi-disk includes in the Device Identification VPD page, depending on
configuration amongst others, a vendor specific designator that consists
either of the serial number if given or the BlockBackend name (which is
a host detail that better shouldn't have been leaked to the guest, but
now we have to maintain it for compatibility).

With anonymous BlockBackends, i.e. scsi-disk devices constructed with
drive=<node-name>, and no serial number explicitly specified, this ends
up as an empty string. If this happens to more than one disk, we have
accidentally signalled to the OS that this is a multipath setup, which
is obviously not what was intended.

Instead of using an empty string for the vendor specific designator,
simply leave out that designator, which makes Linux detect such setups
as separate disks again.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-02-01 13:47:09 +01:00
Alberto Garcia eb97813ff5 virtio-scsi: Forbid devices with different iothreads sharing a blockdev
This patch forbids attaching a disk to a SCSI device if its using a
different AioContext. Test case included.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-02-01 13:46:45 +01:00
Alberto Garcia 3ff35ba391 scsi-disk: Acquire the AioContext in scsi_*_realize()
This fixes a crash when attaching two disks with the same blockdev to
a SCSI device that is using iothreads. Test case included.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-02-01 13:46:45 +01:00
Alberto Garcia a6f230c8d1 virtio-scsi: Move BlockBackend back to the main AioContext on unplug
This fixes a crash when attaching a disk to a SCSI device using
iothreads, then detaching it and reattaching it again. Test case
included.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-02-01 13:46:45 +01:00
Peter Maydell 1324f06384 uuid: Make qemu_uuid_bswap() take and return a QemuUUID
Currently qemu_uuid_bswap() takes a pointer to the QemuUUID to
be byte-swapped. This means it can't be used when the UUID
to be swapped is in a packed member of a struct. It's also
out of line with the general bswap*() functions we provide
in bswap.h, which take the value to be swapped and return it.

Make qemu_uuid_bswap() take a QemuUUID and return the swapped version.

This fixes some clang warnings about taking the address of
a packed struct member in block/vdi.c.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-02-01 13:46:45 +01:00
Philippe Mathieu-Daudé 70cc0c1fb0 hw/display/milkymist-tmu2: Move inlined code from header to source
Move the complexity of milkymist_tmu2_create() into the
source file. Doing so we avoid to include the X11/OpenGL
headers in all LM32 devices, and we also avoid the duplicate
declaration of glx_fbconfig_attr[] (it is already declared
in hw/display/milkymist-tmu2.c).
Since TYPE_MILKYMIST_TMU2 is now accessible, use it.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190130120005.23123-5-philmd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-01 11:58:50 +01:00
Philippe Mathieu-Daudé 57d434407a hw/display/milkymist-tmu2: Explicit the dependency to both X11 / OpenGL
The TMU device requires both X11 and OpenGL.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190130120005.23123-4-philmd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-01 11:58:50 +01:00
Philippe Mathieu-Daudé 3a831fc0df hw/display: Move Milkymist specific hardware out of common-obj list
The Milkymist specific hardware is only used by the LM32 target,
it is pointless to compile those objects in other targets.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190130120005.23123-2-philmd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-01 11:58:50 +01:00
Peter Maydell cfe6c54769 Block patches:
- New debugging QMP command to explore block graphs
 - Converted DPRINTF()s to trace events
 - Fixed qemu-io's use of getopt() for systems with optreset
 - Minor NVMe emulation fixes
 - An iotest fix
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJcUkaiAAoJEPQH2wBh1c9AHsEIAIU0+FNjtdz7lNgyeBCSFCFa
 /qWNk4+w6QBfhTTx/N0hGwh5/FvNYQhby8VHtZitE4/QcLbJwHYgWf14pwce3tP3
 3qNB87AdQpKMpbajQM2x2Xy8lnlPeM7fe21Q/12vuX7AlEDT3gH+W9rg94bw2oFN
 r+xBk6H5F2aVElw3CwMM7eary4+dPnnCQwAnoqM+g5hdpL+0scrIyARGw7v0hmSn
 LDWESCM4a55lEYmwj1wS3J3uj6Fj00yzBvcEuCcT1GO+lXlV8/ciO9r2HqxVKwgz
 4GAi/BERoMKjfn+/77/yI5flprPx2voNGgkyBY4C3z9ncnN6u02QBZSusBIWpSg=
 =Kt4r
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/xanclic/tags/pull-block-2019-01-31' into staging

Block patches:
- New debugging QMP command to explore block graphs
- Converted DPRINTF()s to trace events
- Fixed qemu-io's use of getopt() for systems with optreset
- Minor NVMe emulation fixes
- An iotest fix

# gpg: Signature made Thu 31 Jan 2019 00:51:46 GMT
# gpg:                using RSA key F407DB0061D5CF40
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/xanclic/tags/pull-block-2019-01-31:
  iotests: Allow 147 to be run concurrently
  iotests: Bind qemu-nbd to localhost in 147
  iotests.py: Add qemu_nbd_pipe()
  nvme: use pci_dev directly in nvme_realize
  nvme: ensure the num_queues is not zero
  nvme: use TYPE_NVME instead of constant string
  qemu-io: Add generic function for reinitializing optind.
  block/sheepdog: Convert from DPRINTF() macro to trace events
  block/file-posix: Convert from DPRINTF() macro to trace events
  block/curl: Convert from DPRINTF() macro to trace events
  block/ssh: Convert from DPRINTF() macro to trace events
  scripts: add render_block_graph function for QEMUMachine
  qapi: add x-debug-query-block-graph

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-31 19:26:09 +00:00
Peter Maydell e8977901b7 - add device category (edu, i8042, sd memory card)
- code clean-up
 - LGPL information clean-up
 - fix typo (acpi)
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcUaTuAAoJEPMMOL0/L748/ZMP/AwJM0P7AjFSuPxC5ETNK2Nn
 kJSMOMhAYs4oZppwQ25tphHNFd7xEzQd1JBS5aT4svp5qN0kzoUoPY6IpxvfXueW
 aFmXJPgCZvWPvD8xebHYPiH1wr0ITeRKDjZBV+YykCwIOiigg5RraMslon+Djf2f
 WNB7L/abhb4eTf5vNvS7cpCLOSXbslYYtj4Z5WcSARRAFlvBzHczooiYMuovMhtP
 zCOhG7tW9scqoEJyIW2Bxmw4QqHAuOtrDnqN3DHseM1Eh4PoJCNLVf4lTU8qWhF4
 W8IGysjQQot2V2JIkD9XkNcfGlQNniwNj/vYhpKCDLACE65ztZ42DV7j+oe2SDB2
 ljqTc2Vi4pmqEuIGcT3MykBKdsjdLOS3KBP3S6fgMV7/R347xeRf85bGcZQb/AnS
 rsL5MLA4nkd0xdztpuvHcqJdxhk+SbwsY8Zlj4agSELhFuIuEKz4VLd/WrxQvAhp
 yimX2+m7dHvIsHWpRduZ8I5nR2U0O+sxmIhPbaQNCcHTU/JZjtZEKxU0kpCHkBtd
 AdMVXf8NMGe8NecY8n9Y80Veencpq+nCthGtRRJwWOptlXXYdR5aYHaX6IlJaVFV
 jmVZITn1HxddPsVqGW0ZAJip78xVi8eYHiMvQO4+dfECLAH6m7TyLRKh8MyIyCHD
 VJ6roxeKSgosPaw1tzc2
 =1OOM
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-pull-request' into staging

- add device category (edu, i8042, sd memory card)
- code clean-up
- LGPL information clean-up
- fix typo (acpi)

# gpg: Signature made Wed 30 Jan 2019 13:21:50 GMT
# gpg:                using RSA key F30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/trivial-branch-pull-request:
  virtio-blk: remove duplicate definition of VirtIOBlock *s pointer
  hw/block: clean up stale xen_disk trace entries
  target/m68k: Fix LGPL information in the file headers
  target/s390x: Fix LGPL version in the file header comments
  tcg: Fix LGPL version number
  target/tricore: Fix LGPL version number
  target/openrisc: Fix LGPL version number
  COPYING.LIB: Synchronize the LGPL 2.1 with the version from gnu.org
  Don't talk about the LGPL if the file is licensed under the GPL
  hw: sd: set category of the sd memory card
  hw: input: set category of the i8042 device
  typo: apci->acpi
  hw: edu: set category of the edu device

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-31 15:40:39 +00:00
Peter Maydell aefcd28366 usb: xhci: fix iso transfers.
usb: mtp: break up writes, bugfixes.
 usb: fix lgpl info in headers.
 usb: hid: unique serials.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcUVNBAAoJEEy22O7T6HE4awkQAKk1eaOPj5/9GdU5mioCAbGM
 zaYMuBvjfJqLragSfKDHEX2k7tTpQjkp48AklVOiKF2GZly+AqvCxAUjja9H4W8x
 TrXbnLe5No4aX5tHUzHmfDocfgDkuTi2aysQrAmUcJjChG1rMwj+fczr82L0Pbc2
 1pNw0Z+0Cu+2i2WNawTF9tiRwJobrCACrTgdRMhgorfIR/TCKtgFlEnMzkXZIZ5k
 awf7GRmYYHCFQffQK4gENPEmYVjiHLB0kpIO4m8As5F0Ex49Lg0rbZiCh+GLy014
 HF0eEVlIS3EEKsu3BxgeJtLTtxvRC4h4o1esbBGcaClvdPaD2DOphuilCMXiY8KL
 v8Z7r5qqfAiBHBkUAEGlahwjpsD52POz+OYQ7FgsUbQJ4hN34zrI4t7+o4ThoDV7
 MTegpOiKxt5xqmj19+bkl6zR/hIafuJxUVOhLk2Rt8YwusYdrRYZUDmGxfnQMBeI
 5VShYN1wCGkC/AvtCtnB2EruA7hYQZ2gOo6W9yZco4vwX+EHJKRx8H5L6MY1yIp+
 O5ksYZbVOqNp0dTZSSZBYeNwHSjGhAlgwzlJ3gj4jSKBaCv2bwnasCq02MW36VZA
 3tOoIDtSPXyB9n2AVxcwycce7t5fa3SRtbto8CU+IvrYi6AR0GQzoKp4pTI7H4Sw
 8bF4w5Ah9qC1on8/Ivfv
 =ilkX
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20190130-pull-request' into staging

usb: xhci: fix iso transfers.
usb: mtp: break up writes, bugfixes.
usb: fix lgpl info in headers.
usb: hid: unique serials.

# gpg: Signature made Wed 30 Jan 2019 07:33:21 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20190130-pull-request:
  usb-mtp: replace the homebrew write with qemu_write_full
  usb-mtp: breakup MTP write into smaller chunks
  usb-mtp: Reallocate buffer in multiples of MTP_WRITE_BUF_SZ
  usb: implement XHCI underrun/overrun events
  usb: XHCI shall not halt isochronous endpoints
  hw/usb: Fix LGPL information in the file headers
  usb: dev-mtp: close fd in usb_mtp_object_readdir()
  usb: assign unique serial numbers to hid devices

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-31 12:53:21 +00:00
Peter Maydell 460da1005d Pull request
User-visible changes:
  * The new qemu-trace-stap script makes it convenient to collect traces without
    writing SystemTap scripts.  See "man qemu-trace-stap" for details.
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJcURdlAAoJEJykq7OBq3PIPqAH/iSkYDDeWLQy4eqeTPpbsxd4
 U6mUYC/m2g1bevj1TxdFmr2g5LReGTd4w35w6/SUaLMHsu701T7gK+0z1gP2/N/D
 qzJiM9xxF6xYq1P4hWJGf+XsbJ0OVf7oRwn1j8qXVBxjIxERX98z0ZUtbk/aulGi
 wnNXycBufpKGk2PkQC+pBfhU2775dMqpUV49z9mqyVzsiZQlzbx8WMDQj1Ic1fbe
 ZcAvX5D350HJjB3Z+9wJ1V2pC9Gu+z3TIup+YR1Bkch0ywyTCVTqcepoOXwzQamm
 84bifPdObBm7SbbwtrwoVKYLrdIrbb3PTWaOlWVUKruKIIf8hzn5BxC3wChb2Qk=
 =bex6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

Pull request

User-visible changes:
 * The new qemu-trace-stap script makes it convenient to collect traces without
   writing SystemTap scripts.  See "man qemu-trace-stap" for details.

# gpg: Signature made Wed 30 Jan 2019 03:17:57 GMT
# gpg:                using RSA key 9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/tracing-pull-request:
  trace: rerun tracetool after ./configure changes
  trace: improve runstate tracing
  trace: add ability to do simple printf logging via systemtap
  trace: forbid use of %m in trace event format strings
  trace: enforce that every trace-events file has a final newline
  display: ensure qxl log_buf is a nul terminated string

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-31 12:03:40 +00:00
Li Qiang a3d25ddd6f nvme: use pci_dev directly in nvme_realize
There is no need to make another reference.

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190120055558.32984-4-liq3ea@163.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-01-31 00:38:19 +01:00
Li Qiang 2410e133ec nvme: ensure the num_queues is not zero
When it is zero, it causes segv.
Using following command:

"-drive file=//home/test/test1.img,if=none,id=id0
-device nvme,drive=id0,serial=test,num_queues=0"
causes following Backtrack:

Thread 4 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe9735700 (LWP 30952)]
0x0000555555a7a77c in nvme_start_ctrl (n=0x5555577473f0) at hw/block/nvme.c:825
825	    if (unlikely(n->cq[0])) {
(gdb) bt
0  0x0000555555a7a77c in nvme_start_ctrl (n=0x5555577473f0)
    at hw/block/nvme.c:825
1  0x0000555555a7af7f in nvme_write_bar (n=0x5555577473f0, offset=20,
    data=4587521, size=4) at hw/block/nvme.c:969
2  0x0000555555a7b81a in nvme_mmio_write (opaque=0x5555577473f0, addr=20,
    data=4587521, size=4) at hw/block/nvme.c:1163
3  0x0000555555869236 in memory_region_write_accessor (mr=0x555557747cd0,
    addr=20, value=0x7fffe97320f8, size=4, shift=0, mask=4294967295, attrs=...)
    at /home/test/qemu1/qemu/memory.c:502
4  0x0000555555869446 in access_with_adjusted_size (addr=20,
    value=0x7fffe97320f8, size=4, access_size_min=2, access_size_max=8,
    access_fn=0x55555586914d <memory_region_write_accessor>,
    mr=0x555557747cd0, attrs=...) at /home/test/qemu1/qemu/memory.c:568
5  0x000055555586c479 in memory_region_dispatch_write (mr=0x555557747cd0,
    addr=20, data=4587521, size=4, attrs=...)
    at /home/test/qemu1/qemu/memory.c:1499
6  0x00005555558030af in flatview_write_continue (fv=0x7fffe0061130,
    addr=4273930260, attrs=..., buf=0x7ffff7ff0028 "\001", len=4, addr1=20,
    l=4, mr=0x555557747cd0) at /home/test/qemu1/qemu/exec.c:3234
7  0x00005555558031f9 in flatview_write (fv=0x7fffe0061130, addr=4273930260,
    attrs=..., buf=0x7ffff7ff0028 "\001", len=4)
    at /home/test/qemu1/qemu/exec.c:3273
8  0x00005555558034ff in address_space_write (
---Type <return> to continue, or q <return> to quit---
    as=0x555556758480 <address_space_memory>, addr=4273930260, attrs=...,
    buf=0x7ffff7ff0028 "\001", len=4) at /home/test/qemu1/qemu/exec.c:3363
9  0x0000555555803550 in address_space_rw (
    as=0x555556758480 <address_space_memory>, addr=4273930260, attrs=...,
    buf=0x7ffff7ff0028 "\001", len=4, is_write=true)
    at /home/test/qemu1/qemu/exec.c:3374
10 0x00005555558884a1 in kvm_cpu_exec (cpu=0x555556920e40)
    at /home/test/qemu1/qemu/accel/kvm/kvm-all.c:2031
11 0x000055555584cd9d in qemu_kvm_cpu_thread_fn (arg=0x555556920e40)
    at /home/test/qemu1/qemu/cpus.c:1281
12 0x0000555555dbaf6d in qemu_thread_start (args=0x5555569438a0)
    at util/qemu-thread-posix.c:502
13 0x00007ffff5dc86db in start_thread (arg=0x7fffe9735700)
    at pthread_create.c:463
14 0x00007ffff5af188f in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190120055558.32984-3-liq3ea@163.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-01-31 00:38:19 +01:00
Li Qiang 08db59e188 nvme: use TYPE_NVME instead of constant string
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190120055558.32984-2-liq3ea@163.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-01-31 00:38:19 +01:00
Stefano Garzarella 95b3c9cfd5 virtio-blk: remove duplicate definition of VirtIOBlock *s pointer
VirtIOBlock *s is already defined and initialized with req->dev
on top of virtio_blk_handle_request(), so we can remove it from
the code block of VIRTIO_BLK_T_GET_ID case.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190130095231.42081-1-sgarzare@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-30 14:20:18 +01:00
Paul Durrant 36f1f0d26e hw/block: clean up stale xen_disk trace entries
This should have been removed then xen_disk.c was removed but I missed them.

Fixes: 19f87870ba
       xen: remove the legacy 'xen_disk' backend
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190122145132.12571-1-paul.durrant@citrix.com>
[lv: s/stake/stale/ and add "Fixes" tag]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-30 14:20:18 +01:00
kumar sourav 2bbf3a91eb hw: sd: set category of the sd memory card
Sets the category of the sd memory card as DEVICE_CATEGORY_STORAGE.
Devices should be assigned to one of DEVICE_CATEGORY_XXXX.

Signed-off-by: kumar sourav <sourav.jb1988@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190124162045.10474-1-sourav.jb1988@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-30 10:24:20 +01:00
kumar sourav cbe9ed73f9 hw: input: set category of the i8042 device
Sets the category of i8042 device as DEVICE_CATEGORY_INPUT
Devices should be assigned to one of DEVICE_CATEGORY_XXXX.

Signed-off-by: kumar sourav <sourav.jb1988@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20190125151440.13794-1-sourav.jb1988@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-30 10:19:32 +01:00
Dr. David Alan Gilbert 89cb0c0403 typo: apci->acpi
apci_1_compatible should be acpi_1_compatible.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190125094047.22276-1-dgilbert@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-30 10:16:58 +01:00
kumar sourav aae049073c hw: edu: set category of the edu device
Sets the category of edu device as DEVICE_CATEGORY_MISC.
Devices should be assigned to one of DEVICE_CATEGORY_XXXX.

Signed-off-by: kumar sourav <sourav.jb1988@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190124144606.4352-1-sourav.jb1988@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-30 10:16:00 +01:00
Bandan Das 49f9e8d660 usb-mtp: replace the homebrew write with qemu_write_full
qemu_write_full takes care of partial blocking writes,
as in cases of larger file sizes

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bandan Das <bsd@redhat.com>
Message-id: 20190129131908.27924-4-bsd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-30 06:47:52 +01:00
Bandan Das c1ef0f2519 usb-mtp: breakup MTP write into smaller chunks
For every MTP_WRITE_BUF_SZ copied, this patch writes it to file before
getting the next block of data. The file is kept opened for the
duration of the operation but the sanity checks on the write operation
are performed only once when the write operation starts. Additionally,
we also update the file size in the object metadata once the file has
completely been written.

Suggested-by: Gerd Hoffman <kraxel@redhat.com>
Signed-off-by: Bandan Das <bsd@redhat.com>
Message-id: 20190129131908.27924-3-bsd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-30 06:47:52 +01:00
Bandan Das 179fcf8a83 usb-mtp: Reallocate buffer in multiples of MTP_WRITE_BUF_SZ
This is a "pre-patch" to breaking up the write buffer for
MTP writes. Instead of allocating a mtp buffer equal to size
sent by the initiator, we start with a small size and reallocate
multiples (of that small size) as needed.

Signed-off-by: Bandan Das <bsd@redhat.com>
Message-id: 20190129131908.27924-2-bsd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-30 06:47:52 +01:00
Yuri Benditovich b4329d1a2a usb: implement XHCI underrun/overrun events
Implement underrun/overrun events of isochronous endpoints
according to XHCI spec (4.10.3.1)
Guest software restarts data streaming when receives these events.
The XHCI reports these events using interrupter assigned
to the slot (as these events do not have TRB), so current
commit adds the field of assigned interrupter to the
XHCISlot structure. Guest software assigns interrupter to the
slot on 'Address Device' and 'Evaluate Context' commands.

Signed-off-by: Yuri Benditovich <yuri.benditovich@janustech.com>
Message-id: 20190128200444.5128-3-yuri.benditovich@janustech.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-30 06:47:52 +01:00
Yuri Benditovich a587c832a3 usb: XHCI shall not halt isochronous endpoints
According to the XHCI spec (4.10.2) the controller
never halts isochronous endpoints. This commit prevent
stop of isochronous streaming when sporadic errors
status received from backends.

Signed-off-by: Yuri Benditovich <yuri.benditovich@janustech.com>
Message-id: 20190128200444.5128-2-yuri.benditovich@janustech.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-30 06:47:52 +01:00
Thomas Huth 75a49fc61a hw/usb: Fix LGPL information in the file headers
It's either "GNU *Library* General Public version 2" or "GNU Lesser
General Public version *2.1*", but there was no "version 2.0" of the
"Lesser" library. So assume that version 2.1 is meant here.
Additionally, suggest that the user should have received a copy of
the LGPL, and not the GPL here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1548254454-7659-1-git-send-email-thuth@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-30 06:47:52 +01:00
Li Qiang 6e3c1a68f9 usb: dev-mtp: close fd in usb_mtp_object_readdir()
Spotted by Coverity: CID 1397070

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190103133113.49599-1-liq3ea@163.com

[ kraxel: dropped chunk which adds close() after successful
          fdopendir() call, that is not needed according to
          POSIX even though Coverity flags it as bug ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-30 06:47:52 +01:00
Gerd Hoffmann b63e10508b usb: assign unique serial numbers to hid devices
Windows guests have trouble dealing with usb devices having identical
serial numbers.  So, assign unique serial numbers to usb hid devices.
All other usb devices have this already.

In the past the fixed serial number has been used to indicate working
remote setup to linux guests.  Here is a bit of history:

 * First there was nothing.
 * Then I added a rule to udev checking for serial == 42.
   (this is in rhel-6).
 * Then systemd + udev merged.
 * Then I changed the rule to check for serial != 1 instead, so we can
   use any serial but "1" which is the one the old broken devices had
   (this is in rhel-7).  March 2014 in upstream systemd.
 * Then all usb power management rules where dropped from systemd (June
   2015).  Which I figured today (Sept 2018), after wondering that the
   rules are gone in fedora 28.

So, three years ago the serial number check was dropped upstream, yet I
hav't seen a single report about autosuspend issues (or cpu usage for
usb emulation going up, which is the typical symtom).

So I figured I can stop worring that changing the serial number will
break things and just do it.

And even if it turns out autosuspend is still an issue:  I think
meanwhile we can really stop worrying about guests running in old qemu
versions with broken usb suspend (fixed in 0.13 !).  If needed we can
enable autosuspend unconditionally in guests.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190110125108.22834-1-kraxel@redhat.com
2019-01-30 06:47:52 +01:00
Peter Maydell 13c2361b91 x86 queue, 2019-01-28
Two small CPU model updates:
 * Enable NPT and NRIPSAVE on AMD CPUs
 * Update stepping of Cascadelake-Server
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJcT1nUAAoJECgHk2+YTcWmMrIP/37Yh9Q3p6Erbpqee3jPNhyC
 ih42LJ6jO1w34X6PFqtVS9uTWAI1P3LwoXq5bNT4JeMy37QDujph5LWP3+GXXuCa
 cB8AkgaeL5GwQMSBujJEacJiZ69iI3zAQZHKXkailuApCSKOXZf89dW3Ao8S7Qgr
 TVjcnJgECoiaDLD2FMWafmSP4d5YSNRkuGZ5f5NsFV8BztKptnT2DLXIBjuz/oCT
 0+VqV6HEo7s19QFzYV4G59Afwk306iU1INV0NeNz770SbgKc3Oi80GAaYr0V+oLW
 2Lr+dgbYPUw7ZwVhK0md6/h8ZbgRSpHhxke5i8p++AC4NCWC+xTIEgIaH6AT75Rn
 6GcgG/6zWOPqJphHROYR78P38156KkNVQI46chsLm2DwSL8HFk17wyIWCQoEWJyt
 AgiZosWA0/92V95Lzd5zX+Y6v+OBR+aJOEdcDn2ic8WPxkyM5G01SeWLPP4C5Tux
 R6oJ3zozn4OqxIqslihkqzxiJoeap4qgJKLzcq1JR1nlQ+yoBVktqAF5+ogytb2e
 ybnef3fLqf/qHi4JDLJXQdCPjIccrEVIzTs90wEgsQ9hbYtGxoeRUW2f4IemBvU2
 +Jwqs1n6aFo+AlETdrTGEDlnaqphy9FOnwncrgai0eTuoHOQPI9+RuiM5K/BEEuy
 qzMdXK85dZSP+f9IQrqx
 =Nh3Q
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging

x86 queue, 2019-01-28

Two small CPU model updates:
* Enable NPT and NRIPSAVE on AMD CPUs
* Update stepping of Cascadelake-Server

# gpg: Signature made Mon 28 Jan 2019 19:36:52 GMT
# gpg:                using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-next-pull-request:
  i386: Enable NPT and NRIPSAVE for AMD CPUs
  i386: Update stepping of Cascadelake-Server

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-29 14:10:54 +00:00
Peter Maydell 7ea7b9ad53 qom/cpu: Add cluster_index to CPUState
For TCG we want to distinguish which cluster a CPU is in, and
we need to do it quickly. Cache the cluster index in the CPUState
struct, by having the cluster object set cpu->cluster_index for
each CPU child when it is realized.

This means that board/SoC code must add all CPUs to the cluster
before realizing the cluster object. Regrettably QOM provides no
way to prevent adding children to a realized object and no way for
the parent to be notified when a new child is added to it, so
we don't have any way to enforce/assert this constraint; all
we can do is document it in a comment. We can at least put in a
check that the cluster contains at least one CPU, which should
catch the typical cases of "realized cluster too early" or
"forgot to parent the CPUs into it".

The restriction on how many clusters can exist in the system
is imposed by TCG code which will be added in a subsequent commit,
but the check to enforce it in cluster.c fits better in this one.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20190121152218.9592-3-peter.maydell@linaro.org
2019-01-29 11:46:05 +00:00
Peter Maydell fa43442465 hw/arm/xlnx-zynqmp: Realize cluster after putting RPUs in it
Currently the cluster implementation doesn't have any constraints
on the ordering of realizing the TYPE_CPU_CLUSTER and populating it
with child objects. We want to impose a constraint that realize
must happen only after all the child objects are added, so move
the realize of rpu_cluster. (The apu_cluster is already
realized after child population.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20190121152218.9592-2-peter.maydell@linaro.org
2019-01-29 11:46:05 +00:00
Cédric Le Goater f95c4bffdc aspeed/smc: snoop SPI transfers to fake dummy cycles
The m25p80 models dummy cycles using byte transfers. This works well
when the transfers are initiated by the QEMU model of a SPI controller
but when these are initiated by the OS, it breaks emulation.

Snoop the SPI transfer to catch commands requiring dummy cycles and
replace them with byte transfers compatible with the m25p80 model.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: 20190124140519.13838-5-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-29 11:46:05 +00:00
Cédric Le Goater 9149af2a2d aspeed/smc: Add dummy data register
The SMC controllers have a register containing the byte that will be
used as dummy output. It can be modified by software.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20190124140519.13838-4-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-29 11:46:05 +00:00
Cédric Le Goater 597d6bb3e8 aspeed/smc: define registers for all possible CS
The model should expose one control register per possible CS. When
testing the validity of the register number in the read operation,
replace 's->num_cs' by 'ctrl->max_slaves' which represents the maximum
number of flash devices a controller can handle.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20190124140519.13838-3-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-29 11:46:05 +00:00
Cédric Le Goater b617ca9223 aspeed/smc: fix default read value
0xFFFFFFFF should be returned for non implemented registers.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20190124140519.13838-2-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-29 11:46:05 +00:00
Peter Maydell e5b517536c xlnx-zynqmp: Don't create rpu-cluster if there are no RPUs
If we aren't going to create any RPUs, then don't create the
rpu-cluster unit. This allows us to add an assertion to the
cluster object that it contains at least one CPU, which helps
to avoid bugs in creating clusters and putting CPUs in them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190121184314.14311-1-peter.maydell@linaro.org
2019-01-29 11:46:05 +00:00
Steffen Görtz 9d68bf564e arm: Stub out NRF51 TWI magnetometer/accelerometer detection
Recent microbit firmwares panic if the TWI magnetometer/accelerometer
devices are not detected during startup.  We don't implement TWI (I2C)
so let's stub out these devices just to let the firmware boot.

Signed-off by: Steffen Görtz <contrib@steffen-goertz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190110094020.18354-2-stefanha@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: fixed comment style]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-29 11:46:03 +00:00
Max Filippov 174e09b73a hw/xtensa: xtfpga: raise CPU number limit
MX PIC can support up to 32 CPUs on xtfpga boards, raise per-board
limit accordingly.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-28 11:55:20 -08:00
Max Filippov 1acd90bff2 hw/xtensa: xtfpga: use MX PIC for SMP
Create and use MX PIC as a peripheral interrupt controller when more
than 1 processor is enabled on xtfpga board. Connect xtensa CPU cores to
the MX PIC and select secondary reset vector on all cores except the
first one.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-28 11:55:20 -08:00
Max Filippov 10df8ff146 target/xtensa: add MX interrupt controller
MX interrupt controller is a collection of the following devices
accessible through the external registers interface:
- interrupt distributor can route each external IRQ line to the
  corresponding external IRQ pin of selected subset of connected xtensa
  cores. It has per-CPU and per-IRQ enable signals and per-IRQ software
  assert signals;
- IPI controller has 16 per-CPU IPI signals that may be routed to a
  combination of 3 designated external IRQ pins of connected xtensa
  cores;
- cache coherecy register controls core L1 cache participation in the
  SMP cluster cache coherency protocol;
- runstall register lets BSP core stall and unstall AP cores.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-28 11:55:20 -08:00
Max Filippov 17a86b0e9f target/xtensa: expose core runstall as an IRQ line
Runstall signal looks very much like a level-triggered IRQ line. Provide
xtensa_get_runstall function that returns runstall IRQ.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-28 11:55:20 -08:00
Max Filippov 66f03d7e13 target/xtensa: rearrange access to external interrupts
Replace xtensa_get_extint that returns single external IRQ descriptor
with xtensa_get_extints that returns a vector of all external IRQs.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-28 11:54:54 -08:00
Max Filippov 3f75038a33 target/xtensa: drop function xtensa_timer_irq
It's a one-liner used in a single place, move its implementation there
and remove its declaration.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-28 11:54:42 -08:00
Vitaly Kuznetsov 9fe8b7be17 i386: Enable NPT and NRIPSAVE for AMD CPUs
Modern AMD CPUs support NPT and NRIPSAVE features and KVM exposes these
when present. NRIPSAVE apeared somewhere in Opteron_G3 lifetime (e.g.
QuadCore AMD Opteron 2378 has is but QuadCore AMD Opteron HE 2344 doesn't),
NPT was introduced a bit earlier.

Add the FEAT_SVM leaf to Opteron_G4/G5 and EPYC/EPYC-IBPB cpu models.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20190121155051.5628-1-vkuznets@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-28 15:51:54 -02:00
Tao Xu b0a1980384 i386: Update stepping of Cascadelake-Server
Update the stepping from 5 to 6, in order that
the Cascadelake-Server CPU model can support AVX512VNNI
and MSR based features exposed by ARCH_CAPABILITIES.

Signed-off-by: Tao Xu <tao3.xu@intel.com>
Message-Id: <20181227024304.12182-2-tao3.xu@intel.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-28 15:51:54 -02:00
BALATON Zoltan 4ea98d317e ide/via: Implement and use native PCI IDE mode
This device only implemented ISA compatibility mode and native PCI IDE
mode was missing but no clients actually need ISA mode but to the
contrary, they usually want to switch to and use device in native
PCI IDE mode. Therefore implement native PCI mode and switch default
to that.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: c323f08c59b9931310c5d92503d370f77ce3a557.1548160772.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:12 -05:00
BALATON Zoltan 7dd687ba1b ide/via: Rename functions to match device name
The device is called via-ide and the modelled IDE controller is not
specific to 82C686B but is also usable independently. Therefore, change
function name prefixes accordingly to match device name.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 2905ced862c8d2ad509d73152171ce2472d72605.1548160772.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:12 -05:00
BALATON Zoltan 0252e66c5a ide/via: Remove vt82c686b_init_ports() function
This function is only called once from vt82c686b_ide_realize() and its
content is simple enough to not need a separate function but be
included in realize directly (as done in other IDE models except PIIX
currently).

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 47d854e0fa41dad6861107eac61327c247965566.1548160772.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
BALATON Zoltan 4eefdf7c1b sii3112: Remove duplicated code and use PCI IDE ops instead
Parts of the SiI3112 mmio are identical to PCI IDE registers so we can
use the corresponding functions that were factored out into ide/pci.c.
This removes code duplication and simplifies the SiI3112 model which
also helped to spot a copy paste error where reading status of the
2nd channel read the 1st channel instead. This is also fixed here.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 793b6a7934ef2bba26b8d066bec446019efa6c5d.1547166960.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
BALATON Zoltan 8ac98d1a97 ide: Get rid of CMD646BAR struct
Now that no CMD646 specific parts are left in CMD646BAR (all remaining
members are really PCI IDE specific) this struct can be deleted moving
the memory regions for PCI IDE BARs to PCIIDEState where they better
belong. The CMD646 PCI IDE model is adjusted accordingly.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 4b6cb2ae150dc0d21178209e4beb1e35140a7325.1547166960.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
BALATON Zoltan c9ebc75dc2 cmd646: Move PCI IDE specific functions to ide/pci.c
The io mem ops callbacks are not specific to CMD646 but really follow
the PCI IDE spec so move these from cmd646.c to pci.c to allow other
PCI IDE implementations to use them.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: a2b1b2b74afdc78330b8b75605687f683a249635.1547166960.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
BALATON Zoltan e210ec87b9 cmd646: Remove IDEBus from CMD646BAR
The cmd646 io mem ops callbacks only need the IDEBus which is
currently passed via a CMD646BAR struct. No need to wrap it up like
that, we can pass it directly to these callbacks which then allows to
drop the IDEBus from the CMD646BAR.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 7a31c155c9899869794499d841d30c7ef32aae47.1547166960.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
BALATON Zoltan 2ab2ef0785 cmd646: Remove unused variable
There was a pointer to PCIIDEState in CMD646BAR which was set but
not used afterwards. Get rid of this unused variable.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1e352f091aa601fb2e19771aac46529fe278dd91.1547166960.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
Peter Maydell 87f6a866f1 audio: pc speaker init fix, rework driver probing
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcSbt4AAoJEEy22O7T6HE4sQcQAI9luAsbiv9IVEjZwCMd/j0U
 4ekmDZVZ7WJhVSYtHNwMtccxADzlTpCEJi9+sPuYg20guzT5gGBwxCYTpQFgx3ta
 g5g3gF+OXJdCG8E9Nu3N/wloYKLreB1nESk2IWC3hpzsfFW0BCMYQ44EoJ+CPJoV
 sTyNj7/krCZZU1E7BGv4A74u2l2vUQFXZMADLnrhtvu8ZtXahhI3B+wbD5swYjGK
 flibJTyak/msqv0xDgwRJmudO2l1reGYyf6y/d/IQRFhoV/RmxRu7P0WAwOkDkYY
 cG89NdjIyq0pltLGpyWedlUqZvvJty3hQYvP6rQXcZLAj6UXz9EVwSYlW+Cd1ybg
 Qqw3gJY+6EraFksddbe10fvj1IZWZ/5hHWRfQZHSZjKN3Ex9sR9EjKfMVUBk7/6A
 ewkxMRO6J2qwtBQvB8Al9ISa/vkLQlZ02Hjg4VWX3SH3hrclDQtOmYio7wSa0UZ2
 qatTUrmxOmAiODxyHE3DEoZbsHI7hxpboONHR8uyvvk/mwnmhaEgxZxRxhnyQcEP
 PBDALkvYzwLCtMUZwbKynebruZ8+mFVqhccyt3wkWu6FyPv8r6ZCPjXoprvy5jAy
 rkiYL0nCjDU0tW+2RsNLmwiv+b8gPyZJwctsdTJRwcN0MqtFYUGbWoqy8E9ALVjk
 M6AlVTjnORmX3c4SGGF5
 =EUbq
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/audio-20190124-pull-request' into staging

audio: pc speaker init fix, rework driver probing

# gpg: Signature made Thu 24 Jan 2019 13:19:52 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20190124-pull-request:
  audio: probe audio drivers by default
  audio: error message tweak
  audio: check for pulseaudio daemon pidfile
  audio: use try-sdl for openbsd
  audio: allow optional audio drivers.
  audio: use pkg-config
  audio: fix pc speaker init

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-25 10:38:03 +00:00
Max Filippov fa92bd4af7 target/xtensa: fix access to the INTERRUPT SR
INTERRUPT special register may be changed both by the core (by writing
to INTSET and INTCLEAR registers) and by external events (by triggering
and clearing HW IRQs). In MTTCG this state must be protected from
concurrent access, otherwise interrupts may be lost or spurious
interrupts may be detected.

Use atomic operations to change INTSET SR.
Fix wsr.intset so that it soesn't clear any bits.
Fix wsr.intclear so that it doesn't clear bit that corresponds to NMI.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-24 10:44:26 -08:00
Max Filippov fff7bf1450 hw/xtensa: xtfpga: use core frequency
XTFPGA board FPGA peripheral exposes hard-coded 10MHz frequency
regardless of the actual used core frequency. Expose actual core
frequency instead.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-24 10:44:25 -08:00
Max Filippov 288a3f2ed7 hw/xtensa: xtfpga: fix bootloader placement in SMP
Use BSP reset PC as a place for the mini-bootloader because in SMP
configurations APs and BSP may have different boot addresses.
This fixes SMP linux uImage boot on xtfpga boards.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-24 10:44:25 -08:00
Daniel P. Berrangé 772f1b3721 trace: forbid use of %m in trace event format strings
The '%m' format instructs glibc's printf()/syslog() implementation to
insert the contents of strerror(errno). Since this is a glibc extension
it should generally be avoided in QEMU due to need for portability to a
variety of platforms.

Even though vfio is Linux-only code that could otherwise use "%m", it
must still be avoided in trace-events files because several of the
backends do not use the format string and so this error information is
invisible to them.

The errno string value should be given as an explicit trace argument
instead, making it accessible to all backends. This also allows it to
work correctly with future patches that use the format string with
systemtap's simple printf code.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190123120016.4538-4-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-01-24 14:16:56 +00:00
Daniel P. Berrangé 7760636309 trace: enforce that every trace-events file has a final newline
When generating the trace-events-all file, the build system simply
concatenates all the individual trace-events files. If any one of those
files does not have a final newline, the printf format string will have
the contents of the first line of the next file appended to it, which is
usually a '#' comment.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190123120016.4538-3-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-01-24 14:16:56 +00:00
Daniel P. Berrangé 00f4269743 display: ensure qxl log_buf is a nul terminated string
The QXL_IO_LOG command allows the guest to send log messages to the host
via a buffer in the QXLRam struct. QEMU prints these to the console if
the qxl 'guestdebug' option is set to non-zero. It will also feed them
to the trace subsystem if any backends are built-in.

In both cases the log_buf data will get treated as being as a nul
terminated string, by the printf '%s' format specifier and / or other
code reading the buffer.

QEMU does nothing to guarantee that the log_buf really is nul terminated,
so there is potential for out of bounds array access.

This would affect any QEMU which has the log, syslog or ftrace trace
backends built into QEMU. It can only be triggered if the 'qxl_io_log'
trace event is enabled, however, so they are not vulnerable without
specific administrative action to enable this.

It would also affect QEMU if the 'guestdebug' parameter is set to a
non-zero value, which again is not the default and requires explicit
admin opt-in.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190123120016.4538-2-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-01-24 14:16:56 +00:00
Wei Yang 285816d76f hw/i386/pc.c: fix one typo in function name
Rename pc_get_hotpug_handler to pc_get_hotplug_handler.

No functional change.

Signed-off-by: Wei Yang <richardw.yang@linux.intel.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20190124073626.20534-1-richardw.yang@linux.intel.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-24 13:34:20 +01:00
Gerd Hoffmann bd56d37884 audio: fix pc speaker init
Get rid of the pcspk_state global, allow pc speaker
be added using "-device isa-pcspk".

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190124110810.1040-1-kraxel@redhat.com
2019-01-24 13:10:19 +01:00
Peter Maydell fcb700b729 Pullreq 2019-01-22
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEErET+3BT38evtv0FRKcWWeA9ryoMFAlxHAbEACgkQKcWWeA9r
 yoOp2gf/XGejQjPdTdaWuDxRcGxkFGQVl0frZZs403ePw8Pm24jroKJjCJhg4Pxg
 GplcqMINDeuoIyBrwiftzaE1N8v2ysSoilV2la2+61MdjN3e7sJ1kwwU4YVzYdNt
 UbzVJ4O0a8WCPOdys6lTP/OwMyy1ELdyVFauxF9LcdJdVjHVmSPWDRRXNGHIMkSR
 jO/luwMAECF91Dus7yWVAZh+dcr4arC66+T9mo0WhtHsYaEnVo664+zalNOfUQoS
 T7G43ssOo8TbzV1MH2fLe20zkdtEi6kXHXTA067yBX/YVOULhi1L/oyV9QY9BXUa
 vHnGVgVQdQA1GkGhqFBSnqPvR1zojw==
 =a8zY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/edgar/tags/edgar/xilinx-next-2019-01-22.for-upstream' into staging

Pullreq 2019-01-22

# gpg: Signature made Tue 22 Jan 2019 11:42:41 GMT
# gpg:                using RSA key 29C596780F6BCA83
# gpg: Good signature from "Edgar E. Iglesias (Xilinx key) <edgar.iglesias@xilinx.com>"
# gpg:                 aka "Edgar E. Iglesias <edgar.iglesias@gmail.com>"
# Primary key fingerprint: AC44 FEDC 14F7 F1EB EDBF  4151 29C5 9678 0F6B CA83

* remotes/edgar/tags/edgar/xilinx-next-2019-01-22.for-upstream:
  target/microblaze: Add props enabling exceptions on failed bus accesses
  hw/microblaze: s3adsp1800: Create an unimplemented GPIO area
  target/microblaze: Switch to transaction_failed hook

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-23 11:59:42 +00:00
Edgar E. Iglesias 619ddf5b1a hw/microblaze: s3adsp1800: Create an unimplemented GPIO area
Create an unimplemented GPIO area instead of leaving it unassigned.

Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2019-01-22 03:16:32 -08:00
Peter Maydell 851aa0a5a8 - Use more CONFIG Makefile switches for qtests
- Get rid of global_qtests in some more qtests
 - typedef cleanups
 - Fixes for compiling with Clang
 - Force C standard to gnu99
 - Don't use -nographic in qtests
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcRrXBAAoJEC7Z13T+cC21wq0P/jpawNBkGvBje8wEi/8hcAzw
 iacZePdBjbVUhSAE7JAc+SqZQgvirjYVP3j6f1u15S5FmTpGNhbcyKUrQbtFn9cg
 inOr5kYtoj3k9g6YPb2WD7zXX5RW6AzgjORTZnlRi0eWemfW0BKPHV0TLs9JxtAR
 08k4JgGksx4itrh+Y7h9T0iorBByCvnevFPiRQThcf82DP3J9HhdKCtOAN/jVIb6
 HDb5dNMMkvy4lO7tgYZUHWVwO4t2Hh/5upDsp28Tlsx3Bw3e0vdPm2fkGpmp77U2
 O7GDkxKJrPBw4VvNSxh9piVM8vWovIvO0irPao8H7ZcRFQXBiPsV/DTbmXei2YUV
 j3c7s4TFerbIYHKRphUmY2ok6VClaZQPs+vl7QU6BXQLEgS+aVKfIoLOxHpOOPcq
 x11ppsreWxZ3FQWIBgeV4CicO7l3eS8m/l9qIbesb3ChBeWR8DeriQ+a/lQ7gHLt
 rGemVuvpzIIHDj8vwJhpzOI6ecJB4ucA9aA67dMET57pic74uabS/LnqmNs88vYH
 nHT2gPZbzZCRg2wsP8RcAV4aooYqwMpKvuxBwbXgQC4UUjLtq6NPQIcwRVRr73dF
 6xoB1M9THPr/N5SrCSH4b2mB3exJrzBTu/cjFqwileW62zYF8G2dhgKAVWASghJi
 0ecexmiZOl3XH9GXXbGL
 =X/Yb
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2019-01-22' into staging

- Use more CONFIG Makefile switches for qtests
- Get rid of global_qtests in some more qtests
- typedef cleanups
- Fixes for compiling with Clang
- Force C standard to gnu99
- Don't use -nographic in qtests

# gpg: Signature made Tue 22 Jan 2019 06:18:41 GMT
# gpg:                using RSA key 2ED9D774FE702DB5
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>"
# gpg:                 aka "Thomas Huth <thuth@redhat.com>"
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>"
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>"
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2019-01-22: (26 commits)
  tests: remove rule for nonexisting qdev-monitor-test
  tests/hexloader-test: Don't pass -nographic to the QEMU under test
  configure: Force the C standard to gnu99
  seccomp: Work-around GCC 4.x bug in gnu99 mode
  block: Work-around a bug in libiscsi 1.9.0 when used in gnu99 mode
  linux-user: Fix compilation with clang 3.4
  virtio-net: Fix VirtIONet typedef redefinition
  ppc: Fix duplicated typedefs to be able to compile with Clang in gnu99 mode
  ppc: Move spapr-related prototypes from xics.h into a seperate header file
  ui/console: Remove PixelFormat from qemu/typedefs.h
  ui/console: Remove MouseTransformInfo from qemu/typedefs.h
  ui/console: Remove DisplayState/DisplaySurface from "qemu/typedefs.h"
  ui/console: Remove QemuDmaBuf from "qemu/typedefs.h"
  audio: Remove AudioState from "qemu/typedefs.h"
  hw/i386: Remove PCMachineClass from "qemu/typedefs.h"
  hw/char/serial: Remove SerialState from "qemu/typedefs.h"
  hw/bt: Remove HCIInfo from "qemu/typedefs.h"
  hw/i2c/smbus: Remove SMBusDevice from "qemu/typedefs.h"
  hw/ide/ahci: Remove AllwinnerAHCIState from "qemu/typedefs.h"
  hw/pcmcia: Remove PCMCIACardState from "qemu/typedefs.h"
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-22 09:48:40 +00:00
Thomas Huth a51d5afc69 ppc: Move spapr-related prototypes from xics.h into a seperate header file
When compiling with Clang in -std=gnu99 mode, there is a warning/error:

  CC      ppc64-softmmu/hw/intc/xics_spapr.o
In file included from /home/thuth/devel/qemu/hw/intc/xics_spapr.c:34:
/home/thuth/devel/qemu/include/hw/ppc/xics.h:203:34: error: redefinition of typedef 'sPAPRMachineState' is a C11 feature
      [-Werror,-Wtypedef-redefinition]
typedef struct sPAPRMachineState sPAPRMachineState;
                                 ^
/home/thuth/devel/qemu/include/hw/ppc/spapr_irq.h:25:34: note: previous definition is here
typedef struct sPAPRMachineState sPAPRMachineState;
                                 ^

We have to remove the duplicated typedef here and include "spapr.h" instead.
But "spapr.h" should not be included for the pnv machine files. So move
the spapr-related prototypes into a new file called "xics_spapr.h" instead.

Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2019-01-22 05:14:33 +01:00
Peter Maydell e56b86bc77 RDMA queue
* Clang compilation fix
  * Coverity fix
  * Various fixes for the pvrdma device
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJcQupRAAoJEDbUwPDPL+RtlUkIALWOiY0kCWUrleLBrmlP8iDs
 bsv24vQsttL/2yIjf95p5dlv9mU6WTlhC3PjgqtCti8x7Lfw5zxUrQXX4Pe9kVo/
 Zw5iaRvTtI6A+2w5av4DbBoKhXfegz8my+Q8A10gyRTa2IiFhzZf6tR5yttgZBaI
 89IpCKrMZ1PF/Si8o5JWKItKbv2nF86EgzeorzsQro5fHzbAAuFif8yCGIeev8v6
 aNCLEBYjUBs3opLGCjgwkif2s1Xypknr5/WJQ/MMInkM3pH0Q2kg7ig6RzPXGIAy
 gKV/6hGcbeE38d45GH3/q8cDrjuTno5f+OcUVbwAveuKdbiAbB2dH3tjkoVt6zs=
 =E6e1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/marcel/tags/rdma-pull-request' into staging

RDMA queue
 * Clang compilation fix
 * Coverity fix
 * Various fixes for the pvrdma device

# gpg: Signature made Sat 19 Jan 2019 09:13:53 GMT
# gpg:                using RSA key 36D4C0F0CF2FE46D
# gpg: Good signature from "Marcel Apfelbaum <marcel.apfelbaum@zoho.com>"
# gpg:                 aka "Marcel Apfelbaum <marcel@redhat.com>"
# gpg:                 aka "Marcel Apfelbaum <marcel.apfelbaum@gmail.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B1C6 3A57 F92E 08F2 640F  31F5 36D4 C0F0 CF2F E46D

* remotes/marcel/tags/rdma-pull-request:
  contrib/rdmacm-mux: fix clang compilation
  hw/rdma: modify struct initialization
  contrib/rdmacm-mux: remove Wno-format-truncation flag
  hw: rdma: fix an off-by-one issue
  hw/rdma: Verify that ptr is not NULL before freeing
  hw/pvrdma: Make function pvrdma_qp_send/recv return void.
  hw/pvrdma: Post CQE when receive invalid gid index
  hw/rdma: Delete unused struct member
  hw/pvrdma: Remove max-sge command-line param
  docs/pvrdma: Update rdmacm-mux documentation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21 19:19:47 +00:00
Peter Maydell 166609e607 MIPS queue for January 17, 2019 - v2
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJcQfb3AAoJENSXKoln91plXOkH/Rb+3IUi3ziXLaIo18fvMYcO
 PY4cT/+3Lv9a8aa3/L1QFEYjI8Mu5s8MCQbQbOckifnusPao4bCHrVzhnwrchelb
 DnkccwJcbyMkPAB2EqsUDNIRLiA6EmaXu4d9ve8HEo4mB3uy/OcOUo6YtotaPuV6
 Z9kAyS1lnXOkrlbWU0ZgmEvvw8Mhs/XED3HOtzPpfrOVKnpObPqdMLPsVLqC761k
 LZ6vbrjo2ELBwp+3WVaXDmLrNLF/qXd3NyFKPQ+EI8q3o7+7OpBptXOkuwT9CvAy
 NzAMBFAIsKo90C1PD5hzlyYeoaEkyGBR0Uquiz+FkxUr9NuKs40qOEEjwd5njPg=
 =q6sK
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-january-17-2019-v2' into staging

MIPS queue for January 17, 2019 - v2

# gpg: Signature made Fri 18 Jan 2019 15:55:35 GMT
# gpg:                using RSA key D4972A8967F75A65
# gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01  DD75 D497 2A89 67F7 5A65

* remotes/amarkovic/tags/mips-queue-january-17-2019-v2:
  target/mips: Introduce 32 R5900 multimedia registers
  target/mips: Rename 'rn' to 'register_name'
  target/mips: Add CP0 register MemoryMapID
  target/mips: Amend preprocessor constants for CP0 registers
  target/mips: Update ITU to handle bus errors
  target/mips: Update ITU to utilize SAARI and SAAR CP0 registers
  target/mips: Add field and R/W access to ITU control register ICR0
  target/mips: Provide R/W access to SAARI and SAAR CP0 registers
  target/mips: Add fields for SAARI and SAAR CP0 registers
  target/mips: Use preprocessor constants for 32 major CP0 registers
  target/mips: Add preprocessor constants for 32 major CP0 registers
  target/mips: Move comment containing summary of CP0 registers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21 17:53:28 +00:00
Peter Maydell 5385a5988c hw/virtio/virtio-balloon: zero-initialize the virtio_balloon_config struct
In virtio_balloon_get_config() we initialize a struct virtio_balloon_config
which we then copy to guest memory. However, the local variable is not
zero initialized. This works OK at the moment because we initialize
all the fields in it; however an upcoming kernel header change will
add some new fields. If we don't zero out the whole struct then we
will start leaking a small amount of the contents of QEMU's stack
to the guest as soon as we update linux-headers/ to a set of headers
that includes the new fields.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190118183603.24757-1-peter.maydell@linaro.org
2019-01-21 17:20:36 +00:00
Alex Bennée cce871c504 hw/block/xen: use proper format string for printing sectors
The %lu format string is different depending on the host architecture
which causes builds like the debian-armhf-cross build to fail. Use the
correct PRi64 format string.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190116121350.23863-1-alex.bennee@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21 14:45:49 +00:00
Cédric Le Goater f16c845ade ftgmac100: implement the new MDIO interface on Aspeed SoC
The PHY behind the MAC of an Aspeed SoC can be controlled using two
different MDC/MDIO interfaces. The same registers PHYCR (MAC60) and
PHYDATA (MAC64) are involved but they have a different layout.

BIT31 of the Feature Register (MAC40) controls which MDC/MDIO
interface is active.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20190111125759.31577-1-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21 10:23:11 +00:00
Eric Auger 29bbccc278 hw/arm/virt-acpi-build: Set COHACC override flag in IORT SMMUv3 node
Let's report IO-coherent access is supported for translation
table walks, descriptor fetches and queues by setting the COHACC
override flag. Without that, we observe wrong command opcodes.
The DT description also advertises the dma coherency.

Fixes a703b4f6c1 ("hw/arm/virt-acpi-build: Add smmuv3 node in IORT table")

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reported-by: Shameerali Kolothum Thodi <shameerali.kolothum.thodi@huawei.com>
Tested-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 20190107101041.765-1-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21 10:23:11 +00:00
Philippe Mathieu-Daudé 4076618095 hw/char/stm32f2xx_usart: Do not update data register when device is disabled
When the device is disabled, the internal circuitry keeps the data
register loaded and doesn't update it.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20190104182057.8778-1-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21 10:23:10 +00:00
Marcel Apfelbaum 555b3d67bc hw/rdma: modify struct initialization
Do not initialize structs with {0} since some
CLANG versions do not support it.

Use {} construct instead.

Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
Tested-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20190118124614.24548-3-marcel.apfelbaum@gmail.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
2019-01-19 11:01:33 +02:00
Li Qiang a5fe209d71 hw: rdma: fix an off-by-one issue
In rdma_rm_get_backend_gid_index(), the 'sgid_idx' is used
to index the array 'dev_res->port.gid_tbl' which size is
MAX_PORT_GIDS. Current the 'sgid_idx' may be MAX_PORT_GIDS
thus cause an off-by-one issue.

Spotted by Coverity: CID 1398594

Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20190103131251.49271-1-liq3ea@163.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
2019-01-19 10:57:48 +02:00
Yuval Shaia a1aa88b7dc hw/rdma: Verify that ptr is not NULL before freeing
To cover the case where fini() was called even when init() fails make
sure objects are not NULL before calling to non-null-safe destructors.

Signed-off-by: Yuval Shaia <yuval.shaia@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190116151538.14088-1-yuval.shaia@oracle.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
2019-01-19 10:54:37 +02:00
Yuval Shaia 5bb8b73987 hw/pvrdma: Make function pvrdma_qp_send/recv return void.
The functions handles errors internaly, callers have nothing to do with
the return value.

Signed-off-by: Yuval Shaia <yuval.shaia@oracle.com>
Message-Id: <20190109202140.4051-1-yuval.shaia@oracle.com>
Reviewed-by: Marcel Apfelbaum<marcel.apfelbaum@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
2019-01-19 10:53:16 +02:00
Yuval Shaia 26fd869556 hw/pvrdma: Post CQE when receive invalid gid index
This error should propagate back to guest.

Spotted by Coverity: CID 1398595

Fixes: 2b05705dc8

Reported-by: Li Qiang <liq3ea@163.com>
Signed-off-by: Yuval Shaia <yuval.shaia@oracle.com>
Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
2019-01-19 10:49:40 +02:00
Yuval Shaia 732d948ca5 hw/rdma: Delete unused struct member
This member is used only in init_device_caps function, make it local.

Signed-off-by: Yuval Shaia <yuval.shaia@oracle.com>
Reviewed-by: Marcel Apfelbaum<marcel.apfelbaum@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-01-19 10:45:23 +02:00
Yuval Shaia ffef47754a hw/pvrdma: Remove max-sge command-line param
This parameter has no effect, fix it.

The function init_dev_caps sets the front-end's max-sge to MAX_SGE. Then
it checks backend's max-sge and adjust it accordingly (we can't send
more than what the device supports).

On send and recv we need to make sure the num_sge in the WQE does not
exceeds the backend device capability.
This check is done in pvrdma level so check on rdma level is deleted.

Signed-off-by: Yuval Shaia <yuval.shaia@oracle.com>
Message-Id: <20190109194123.3468-1-yuval.shaia@oracle.com>
Reviewed-by: Marcel Apfelbaum<marcel.apfelbaum@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
2019-01-19 10:31:24 +02:00
Peter Maydell a8d2b06856 s390x updates:
- clang compilation fixes
 - fixes in zpci hotplug code
 - handle unimplemented diag 308 subcodes correctly
 - add common fmb in zpci
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAlxBwuYSHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vjqsQAKm4JODzShFicwwTF9uzFrvK3fE91GX2
 Xr2gIgNL5o8B0D2JXhF5CtK8FsZQVd7DHn3w/wDJYX80Z2fhM8x/RrRKraC/MYmb
 DHQMbeCX3jss/HMkbC401v1P8ocEqdvxbEIh4PSilnomXoXmgS5zGq6EjMgKoRJY
 +mLMoUKHEewHqxpeDt+Y5RWrNtVeMHbFrhC2N/qHMmHv0/dySsGYis8IvYJ9WK0O
 NCuVwNkUgjZ25la69niPYRIuhYiF/kSHVtQ3myAGHqFynN7EmZuJZfpQ+hjIs1T4
 ow6Zcol9bswjVrla3t8vnUR7BjZRClFinLEka3w4Bpy7KCIDvYbrub4dRX8DQhbW
 xj36fgrS/B+Hfd6mpCwj+w3MX8bQWqNhMSbESmQnM5I4r+xyJkg4otR2pgNwHEWN
 3Xgo7LVwNm2atJCagbPwWIHdpN8G8DJ7yAdKToDUow0uD0Q3Zw/Bucqc1XH2rgk/
 T8+deSdxNxLvuwI/ZsfwX4KNpZMDbVVfc6VSl/JapxtV3RITqquctVO6WIzZ6Qgh
 bh1rYd6t5b42IlFkc1zxVHiYn81eCayWN6RdtXp7KGM3Srb8wPLatuaUzZ9+R0zo
 Yt/I2ODV1Cw0MmvUivmH2dmh7fgKYh43zADQXvjEWJKaaL2BplM8HKrQa7d4YA8n
 xMTfZqvGqVcP
 =0S0e
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20190118' into staging

s390x updates:
- clang compilation fixes
- fixes in zpci hotplug code
- handle unimplemented diag 308 subcodes correctly
- add common fmb in zpci

# gpg: Signature made Fri 18 Jan 2019 12:13:26 GMT
# gpg:                using RSA key DECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20190118:
  s390x/pci: add common function measurement block
  s390x/pci: Ignore the unplug call if we already have a release_timer
  s390x/pci: Always delete and free the release_timer
  s390x/pci: Move some hotplug checks to the pre_plug handler
  s390x/pci: Use hotplug_dev instead of looking up the host bridge
  s390x/pci: Set the iommu region size mpcifc request
  s390x/pci: Send correct event on hotplug
  configure: Only build the s390-ccw bios if the compiler supports -march=z900
  s390x: Return specification exception for unimplemented diag 308 subcodes
  pc-bios/s390-ccw: Use proper register names for Clang
  s390: avoid potential null dereference in s390_pcihost_unplug()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-18 16:56:15 +00:00
Yongbok Kim 40cd718052 target/mips: Update ITU to handle bus errors
Update ITU to handle bus errors.

Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com>
Signed-off-by: Yongbok Kim <yongbok.kim@mips.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-18 16:53:28 +01:00
Yongbok Kim 043715d1e0 target/mips: Update ITU to utilize SAARI and SAAR CP0 registers
Update ITU to utilize SAARI and SAAR CP0 registers.

Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com>
Signed-off-by: Yongbok Kim <yongbok.kim@mips.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-18 16:53:28 +01:00
Yongbok Kim e5345d9675 target/mips: Add field and R/W access to ITU control register ICR0
Add field and R/W access to ITU control register ICR0.

Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com>
Signed-off-by: Yongbok Kim <yongbok.kim@mips.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-18 16:53:28 +01:00
Yi Min Zhao 6e92c70c37 s390x/pci: add common function measurement block
Common function measurement block is used to report zPCI internal
counters of successful pcilg/stg/stb and rpcit instructions to
a memory location provided by the program.

This patch introduces a new ZpciFmb structure and schedules a timer
callback to copy the zPCI measures to the FMB in the guest memory
at an interval time set to 4s.

An error while attemping to update the FMB, would generate an error
event to the guest.

The pcilg/stg/stb and rpcit interception handlers increase the
related counter on a successful call.
The guest shall pass a null FMBA (FMB address) in the FIB (Function
Information Block) when it issues a Modify PCI Function Control
instruction to switch off FMB and stop the corresponding timer.

Signed-off-by: Yi Min Zhao <zyimin@linux.ibm.com>
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <1546969050-8884-2-git-send-email-pmorel@linux.ibm.com>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-01-18 11:52:01 +01:00
David Hildenbrand 3549f8c9e4 s390x/pci: Ignore the unplug call if we already have a release_timer
... otherwise two successive calls to qdev_unplug() (e.g. by an impatient
user) will effectively overwrite pbdev->release_timer, resulting in a
memory leak. We are already processing the unplug.

If there is already a release_timer, the unplug will be performed after
the timeout.

Can be easily triggered by
(hmp) device_add virtio-mouse-pci,id=test
(hmp) stop
(hmp) device_del test
(hmp) device_del test

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190114103110.10909-5-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-01-18 11:52:01 +01:00
David Hildenbrand d648a3e62d s390x/pci: Always delete and free the release_timer
We should always get rid of it. I don't see a reason to keep the timer
alive if the devices are going away. This looks like a memory leak.

(hmp) device_add virtio-mouse-pci,id=test
(hmp) device_del test
-> guest notified, timer pending.
-> guest does not react for some reason (e.g. crash)
-> s390_pcihost_timer_cb(). Timer not pending anymore. qmp_unplug().

-> Device deleted. Timer expired (not pending) but not freed.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190114103110.10909-4-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-01-18 11:52:01 +01:00
David Hildenbrand 6069bcdeac s390x/pci: Move some hotplug checks to the pre_plug handler
Let's move most of the checks to the new pre_plug handler. As a PCI
bridge is just a PCI device, we can simplify the code.

Notes: We cannot yet move the MSIX check or device ID creation +
zPCI device creation to the pre_plug handler as both parts are not
fixed before actual device realization (and therefore after pre_plug and
before plug). Once that part is factored out, we can move these parts to
the pre_plug handler, too and therefore remove all possible errors from
the plug handler.

Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190114103110.10909-3-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-01-18 11:52:01 +01:00
David Hildenbrand 19375e9be0 s390x/pci: Use hotplug_dev instead of looking up the host bridge
We directly have it in our hands.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190114103110.10909-2-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-01-18 11:52:01 +01:00
Pierre Morel dbe9cf606c s390x/pci: Set the iommu region size mpcifc request
The size of the accessible iommu memory region in the guest
is given to the IOMMU by the guest through the mpcifc request
specifying the PCI Base Address and the PCI Address Limit.

Let's set the size of the IOMMU region to:
    (PCI Address Limit) - (PCI Base Address) + 1.

Fixes: f7c40aa1e7 ("s390x/pci: fix failures of dma map/unmap")
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <1547125207-16907-2-git-send-email-pmorel@linux.ibm.com>
Acked-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-01-18 11:52:01 +01:00
David Hildenbrand d57d6abc33 s390x/pci: Send correct event on hotplug
Comit 2c28c49057 ("s390x/pci: let pci devices start in configured mode")
changed the initial state of zPCI devices from ZPCI_FS_STANDBY to
ZPCI_FS_DISABLED (a.k.a. configured). However we still only send a
HP_EVENT_RESERVED_TO_STANDBY event to the guest, indicating a wrong
state.

Let's send a HP_EVENT_TO_CONFIGURED event instead, to match the actual
state the device is in.

This fixes hotplugged devices having to be enabled explicitly in the
guest e.g. via echo 1 > /sys/bus/pci/slots/00000000/power.

On real HW, a PCI device always pops up in the STANDBY state. In QEMU,
we decided to let it show up directly in the configured state (as
configuring it is otherwise just an extra burden for the admin). We can
safely bypass the STANDBY state when hotplugging PCI devices to a guest.

Fixes: 2c28c49057 ("s390x/pci: let pci devices start in configured mode")
Reported-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190110210358.24035-1-david@redhat.com>
Tested-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-01-18 11:52:01 +01:00
Li Qiang 6ed675c92a s390: avoid potential null dereference in s390_pcihost_unplug()
When getting the 'pbdev', the if...else has no default branch.
From Coverity, the 'pbdev' maybe null when the 'dev' is not
the TYPE_PCI_BRIDGE/TYPE_PCI_DEVICE/TYPE_S390_PCI_DEVICE.
This patch adds a default branch for device plug and unplug.

Spotted by Coverity: CID 1398593

Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20190108151114.33140-1-liq3ea@163.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-01-18 11:52:00 +01:00
Philippe Mathieu-Daudé 9cbb8eca17 hw/acpi: Use QEMU_NONSTRING for non NUL-terminated arrays
GCC 8 added a -Wstringop-truncation warning:

  The -Wstringop-truncation warning added in GCC 8.0 via r254630 for
  bug 81117 is specifically intended to highlight likely unintended
  uses of the strncpy function that truncate the terminating NUL
  character from the source string.

This new warning leads to compilation failures:

    CC      hw/acpi/core.o
  In function 'acpi_table_install', inlined from 'acpi_table_add' at qemu/hw/acpi/core.c:296:5:
  qemu/hw/acpi/core.c:184:9: error: 'strncpy' specified bound 4 equals destination size [-Werror=stringop-truncation]
           strncpy(ext_hdr->sig, hdrs->sig, sizeof ext_hdr->sig);
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  make: *** [qemu/rules.mak:69: hw/acpi/core.o] Error 1

Use the QEMU_NONSTRING attribute, since ACPI tables don't require the
strings to be NUL-terminated.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-01-17 21:10:57 -05:00
Yang Zhong e674132ae7 hw: acpi: Fix memory hotplug AML generation error
When using the generated memory hotplug AML, the iasl
compiler would give the following error:

dsdt.dsl 266: Return (MOST (_UID, Arg0, Arg1, Arg2))
Error 6080 - Called method returns no value ^

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Marc-André Lureau ffab1be706 tpm: clear RAM when "memory overwrite" requested
Note: the "Platform Reset Attack Mitigation" specification isn't
explicit about NVDIMM, since they could have different usages. It uses
the term "system memory" generally (and also "volatile memory RAM" in
its introduction). For initial support, I propose to consider
non-volatile memory as not being subject to the memory clear. There is
an on-going discussion in the TCG "pcclientwg" working group for
future revisions.

CPU cache clearing is done unconditionally in edk2 since commit
d20ae95a13e851 (edk2-stable201811).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Marc-André Lureau ec86c0f678 acpi: add ACPI memory clear interface
The interface is described in the "TCG Platform Reset Attack
Mitigation Specification", chapter 6 "ACPI _DSM Function". According
to Laszlo, it's not so easy to implement in OVMF, he suggested to do
it in qemu instead.

See specification documentation for more details, and next commit for
memory clear on reset handling.

The underlying TCG specification is accessible from the following
page.

https://trustedcomputinggroup.org/resource/pc-client-work-group-platform-reset-attack-mitigation-specification-version-1-0/

This patch implements version 1.0.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Stefan Berger ac6dd31e3f acpi: build TPM Physical Presence interface
The TPM Physical Presence interface consists of an ACPI part, a shared
memory part, and code in the firmware. Users can send messages to the
firmware by writing a code into the shared memory through invoking the
ACPI code. When a reboot happens, the firmware looks for the code and
acts on it by sending sequences of commands to the TPM.

This patch adds the ACPI code. It is similar to the one in EDK2 but doesn't
assume that SMIs are necessary to use. It uses a similar datastructure for
the shared memory as EDK2 does so that EDK2 and SeaBIOS could both make use
of it. I extended the shared memory data structure with an array of 256
bytes, one for each code that could be implemented. The array contains
flags describing the individual codes. This decouples the ACPI implementation
from the firmware implementation.

The underlying TCG specification is accessible from the following page.

https://trustedcomputinggroup.org/tcg-physical-presence-interface-specification/

This patch implements version 1.30.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
[ Marc-André - ACPI code improvements and windows fixes ]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Stefan Berger 0fe2466903 acpi: expose TPM/PPI configuration parameters to firmware via fw_cfg
To avoid having to hard code the base address of the PPI virtual
memory device we introduce a fw_cfg file etc/tpm/config that holds the
base address of the PPI device, the version of the PPI interface and
the version of the attached TPM.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
[ Marc-André: renamed to etc/tpm/config, made it static, document it ]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Stefan Berger 3b97c01e9c tpm: allocate/map buffer for TPM Physical Presence interface
Implement a virtual memory device for the TPM Physical Presence interface.
The memory is located at 0xFED45000 and used by ACPI to send messages to the
firmware (BIOS) and by the firmware to provide parameters for each one of
the supported codes.

This interface should be used by all TPM devices on x86 and can be
added by calling tpm_ppi_init_io().

Note: bios_linker cannot be used to allocate the PPI memory region,
since the reserved memory should stay stable across reboots, and might
be needed before the ACPI tables are installed.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Marc-André Lureau b6148757f9 tpm: add a "ppi" boolean property
The following patches implement the TPM Physical Presence Interface,
make use of a new memory region and a fw_cfg entry. Enable PPI by
default with >=4.0 machine type, to avoid migration issues.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Fei Li 812e710a96 hw/misc/edu: add msi_uninit() for pci_edu_uninit()
Let's supplement the msi_uninit() when failing to realize
the pci edu device.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Fei Li <shirley17fei@gmail.com>
Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Eduardo Habkost 53921bfdce virtio: Make disable-legacy/disable-modern compat properties optional
The disable-legacy and disable-modern properties apply only to
some virtio-pci devices.  Make those properties optional.

This fixes the crash introduced by commit f6e501a28e ("virtio: Provide
version-specific variants of virtio PCI devices"):

  $ qemu-system-x86_64 -machine pc-i440fx-2.6 \
    -device virtio-net-pci-non-transitional
  Unexpected error in object_property_find() at qom/object.c:1092:
  qemu-system-x86_64: -device virtio-net-pci-non-transitional: can't apply \
  global virtio-pci.disable-modern=on: Property '.disable-modern' not found
  Aborted (core dumped)

Reported-by: Thomas Huth <thuth@redhat.com>
Fixes: f6e501a28e ("virtio: Provide version-specific variants of virtio PCI devices")
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela 7c8681d0d6 virtio: split virtio crypto bits from virtio-pci.h
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela 7ecb381fcf virtio: split virtio gpu bits from virtio-pci.h
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela f386df1744 virtio: split virtio serial bits from virtio-pci
Virtio console and qga tests also depend on CONFIG_VIRTIO_SERIAL.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela cad3cd79a1 virtio: split virtio net bits from virtio-pci
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela ea7af5dba5 virtio: split virtio blk bits from virtio-pci
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela 2f9493984e virtio: split virtio scsi bits from virtio-pci
Notice that we can't still run tests with it disabled.  Both cdrom-test and
drive_del-test use virtio-scsi without checking if it is enabled.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela 7dc7689657 virtio: split vhost scsi bits from virtio-pci
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela 693510dd20 virtio: split vhost user scsi bits from virtio-pci
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela f170c5ef2f virtio: split vhost user blk bits from virtio-pci
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela ddac19f534 virtio: split virtio 9p bits from virtio-pci
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Acked-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela 271458d783 virtio: split virtio balloon bits from virtio-pci
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela 06d97bb63b virtio: split virtio rng bits from virtio-pci
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela 9436b8c62c virtio: split virtio input bits from virtio-pci
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela 7df2c7181a virtio: split virtio input host bits from virtio-pci
For consistency with other devices, rename
virtio_host_{initfn,pci_info} to virtio_input_host_{initfn,info}.

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Juan Quintela ef7e7845b2 virtio: split vhost vsock bits from virtio-pci
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Yuri Benditovich d47e5e31c3 virtio-net: changed VIRTIO_NET_F_RSC_EXT to be 61
Allocated feature bit changed in spec draft per TC request.

Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Yuri Benditovich 2974e916df virtio-net: support RSC v4/v6 tcp traffic for Windows HCK
This commit adds implementation of RX packets
coalescing, compatible with requirements of Windows
Hardware compatibility kit.

The device enables feature VIRTIO_NET_F_RSC_EXT in
host features if it supports extended RSC functionality
as defined in the specification.
This feature requires at least one of VIRTIO_NET_F_GUEST_TSO4,
VIRTIO_NET_F_GUEST_TSO6. Windows guest driver acks
this feature only if VIRTIO_NET_F_CTRL_GUEST_OFFLOADS
is also present.

If the guest driver acks VIRTIO_NET_F_RSC_EXT feature,
the device coalesces TCPv4 and TCPv6 packets (if
respective VIRTIO_NET_F_GUEST_TSO feature is on,
populates extended RSC information in virtio header
and sets VIRTIO_NET_HDR_F_RSC_INFO bit in header flags.
The device does not recalculate checksums in the coalesced
packet, so they are not valid.

In this case:
All the data packets in a tcp connection are cached
to a single buffer in every receive interval, and will
be sent out via a timer, the 'virtio_net_rsc_timeout'
controls the interval, this value may impact the
performance and response time of tcp connection,
50000(50us) is an experience value to gain a performance
improvement, since the whql test sends packets every 100us,
so '300000(300us)' passes the test case, it is the default
value as well, tune it via the command line parameter
'rsc_interval' within 'virtio-net-pci' device, for example,
to launch a guest with interval set as '500000':

'virtio-net-pci,netdev=hostnet1,bus=pci.0,id=net1,mac=00,
guest_rsc_ext=on,rsc_interval=500000'

The timer will only be triggered if the packets pool is not empty,
and it'll drain off all the cached packets.

'NetRscChain' is used to save the segments of IPv4/6 in a
VirtIONet device.

A new segment becomes a 'Candidate' as well as it passed sanity check,
the main handler of TCP includes TCP window update, duplicated
ACK check and the real data coalescing.

An 'Candidate' segment means:
1. Segment is within current window and the sequence is the expected one.
2. 'ACK' of the segment is in the valid window.

Sanity check includes:
1. Incorrect version in IP header
2. An IP options or IP fragment
3. Not a TCP packet
4. Sanity size check to prevent buffer overflow attack.
5. An ECN packet

Even though, there might more cases should be considered such as
ip identification other flags, while it breaks the test because
windows set it to the same even it's not a fragment.

Normally it includes 2 typical ways to handle a TCP control flag,
'bypass' and 'finalize', 'bypass' means should be sent out directly,
while 'finalize' means the packets should also be bypassed, but this
should be done after search for the same connection packets in the
pool and drain all of them out, this is to avoid out of order fragment.

All the 'SYN' packets will be bypassed since this always begin a new'
connection, other flags such 'URG/FIN/RST/CWR/ECE' will trigger a
finalization, because this normally happens upon a connection is going
to be closed, an 'URG' packet also finalize current coalescing unit.

Statistics can be used to monitor the basic coalescing status, the
'out of order' and 'out of window' means how many retransmitting packets,
thus describe the performance intuitively.

Difference between ip v4 and v6 processing:
 Fragment length in ipv4 header includes itself, while it's not
 included for ipv6, thus means ipv6 can carry a real 65535 payload.

Note that main goal of implementing this feature in software
is to create reference setup for certification tests. In such
setups guest migration is not required, so the coalesced packets
not yet delivered to the guest will be lost in case of migration.

Signed-off-by: Wei Xu <wexu@redhat.com>
Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
Li Qiang b0aa77d36d vhost-user: fix ioeventfd_enabled
Currently, the vhost-user-test assumes the eventfd is available.
However it's not true because the accel is qtest. So the
'vhost_set_vring_file' will not add fds to the msg and the server
side of vhost-user-test will be broken. The bug is in 'ioeventfd_enabled'.
We should make this function return true if not using kvm accel.

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-14 19:31:04 -05:00
Jian Wang a5390d9367 qemu: avoid memory leak while remove disk
Memset vhost_dev to zero in the vhost_dev_cleanup function.
This causes dev.vqs to be NULL, so that
vqs does not free up space when calling the g_free function.
This will result in a memory leak. But you can't release vqs
directly in the vhost_dev_cleanup function, because vhost_net
will also call this function, and vhost_net's vqs is assigned by array.
In order to solve this problem, we first save the pointer of vqs,
and release the space of vqs after vhost_dev_cleanup is called.

Signed-off-by: Jian Wang <wangjian161@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-14 19:31:04 -05:00
Thomas Huth 5a0e75f0a9 hw/misc/ivshmem: Remove deprecated "ivshmem" legacy device
It's been marked as deprecated in QEMU v2.6.0 already, so really nobody
should use the legacy "ivshmem" device anymore (but use ivshmem-plain or
ivshmem-doorbell instead). Time to remove the deprecated device now.

Belatedly also update a mention of the deprecated "ivshmem" in the file
docs/specs/ivshmem-spec.txt to "ivshmem-doorbell". Missed in commit
5400c02b90 ("ivshmem: Split ivshmem-plain, ivshmem-doorbell off ivshmem").

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-14 19:31:04 -05:00
Dongli Zhang 17323e8b68 msix: make pba size math more uniform
In msix_exclusive_bar the bar_pba_size is more than what the pba is
expected to have, although this never affects the bar size.

Specifically, the math in msix_init_exclusive_bar allocates too much
memory in some cases.

For example consider nentries = 8.  msix_exclusive_bar will give us
bar_pba_size = 16.  So 16 bytes.  However 8 bytes would be enough - this
is all that the spec requires.

So in practice bar_pba_size sometimes allocates an extra 8 bytes but
never more.

Since each MSIX entry size is 16 bytes, and since we make sure that
table+pba is a power of two, this always leaves a multiple of 16 bytes
for the PBA, so extra 8 bytes have no effect.

However, its ugly to have pba size temporary variable have an incorrect
value.  For consistency switch to the formula used in msix_init.

Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-14 19:31:04 -05:00
David Hildenbrand b9731850d7 pci/pcie: stop plug/unplug if the slot is locked
We better stop right away. For now, errors would be partially ignored
(so the guest might get informed or the device might get unplugged),
although actual plug/unplug will be reported as failed to the user.

While at it, properly move the check to the pre_plug handler for the plug
case, as we can test the slot state before the device will be realized.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-14 19:31:04 -05:00
Peter Maydell 89bd861c2b x86 queue, 2019-01-14
* Reenable RDTSCP support on Opteron_G[345] CPU models CPU models
   (Borislav Petkov)
 * host-phys-bits-limit option for better control of 5-level EPT
   (Eduardo Habkost)
 * Disable MPX support on named CPU models (Paolo Bonzini)
 * expose HV_CPUID_ENLIGHTMENT_INFO.EAX and HV_CPUID_NESTED_FEATURES.EAX
   as feature words (Vitaly Kuznetsov)
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJcPJ3TAAoJECgHk2+YTcWmNlkP/1zlFjCo1em9RLGxeZrkzFna
 ugH/tZxqWQb3MfzNSsj51DGy2NB2WT2BaCtJKWjhzdDTLqveFaFCUKfhGyYETIHU
 OgNbUCjxBkv3vvWJ8c8w7pcc/atPZL7OCqIEbgJ/SwcSl0hF3bJrRJYYuA5dYeWx
 KewMRinFy3VEa+qlTGSAvpyp5C6XxIOPI6COQvu/CVlLmdlj+gURbaTtWHpZ3USU
 tTxSJLjbAPUlULAk57Wh2r5LpEgGzuBts9VosiQWzREz03rqYTk6JPjyxQKEasaz
 2lhjQWriRwcPNpgSSRfdnwMxlKisgLwWf/A9StoNjHWlzcTn6HR7HFP5O6YgKcEV
 EkAhu9UGeltqOHGJPReO6y5J8VHHj7FJZE5PfDE3mYKgmEsn+1O7gOr9amy5PCT9
 a7zozGHWOqJMb05XbB4CxENmgoNRKE9rMhwe5Jjc9dxrHOtgcXoUO9YNYvPE6ZyC
 6GxKdn0rAzZldwuFj8orZZeYLUlfoV0frNWfNKi8FdBad7z5HalVtB7jjaWRw6eI
 mOabTZPV6aaiyHgiR/YGBd3h9kWex9zJWxVDZMoRRFBNFSs8HFKzbVrwv/g6e83B
 2ZUrQ4MLI5cgU8zZ2XdTPx7SVV+Nxr6wWXtx55Sn9LB8IGMdEqZ06W+iZfZgF2PV
 miQR5IsbOapmIBssV1Mo
 =S08V
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging

x86 queue, 2019-01-14

* Reenable RDTSCP support on Opteron_G[345] CPU models CPU models
  (Borislav Petkov)
* host-phys-bits-limit option for better control of 5-level EPT
  (Eduardo Habkost)
* Disable MPX support on named CPU models (Paolo Bonzini)
* expose HV_CPUID_ENLIGHTMENT_INFO.EAX and HV_CPUID_NESTED_FEATURES.EAX
  as feature words (Vitaly Kuznetsov)

# gpg: Signature made Mon 14 Jan 2019 14:33:55 GMT
# gpg:                using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-next-pull-request:
  i386/kvm: add a comment explaining why .feat_names are commented out for Hyper-V feature bits
  x86: host-phys-bits-limit option
  target/i386: Disable MPX support on named CPU models
  target-i386: Reenable RDTSCP support on Opteron_G[345] CPU models CPU models
  i386/kvm: expose HV_CPUID_ENLIGHTMENT_INFO.EAX and HV_CPUID_NESTED_FEATURES.EAX as feature words

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-14 17:35:00 +00:00
Paolo Bonzini ecb85fe48c target/i386: Disable MPX support on named CPU models
MPX support is being phased out by Intel; GCC has dropped it, Linux
is also going to do that.  Even though KVM will have special code
to support MPX after the kernel proper stops enabling it in XCR0,
we probably also want to deprecate that in a few years.  As a start,
do not enable it by default for any named CPU model starting with
the 4.0 machine types; this include Skylake, Icelake and Cascadelake.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20181220121100.21554-1-pbonzini@redhat.com>
Reviewed-by:   Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-14 12:23:36 -02:00
Borislav Petkov 483c6ad426 target-i386: Reenable RDTSCP support on Opteron_G[345] CPU models CPU models
The missing functionality was added ~3 years ago with the Linux commit

  46896c73c1a4 ("KVM: svm: add support for RDTSCP")

so reenable RDTSCP support on those CPU models.

Opteron_G2 - being family 15, model 6, doesn't have RDTSCP support
(the real hardware doesn't have it. K8 got RDTSCP support with the NPT
models, i.e., models >= 0x40).

Document the host's minimum required kernel version, while at it.

Signed-off-by: Borislav Petkov <bp@suse.de>
Message-ID: <20181212200803.GG6653@zn.tnic>
[ehabkost: moved compat properties code to pc.c]
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-14 12:23:36 -02:00
Tim Smith c6025bd197 xen-block: avoid repeated memory allocation
The xen-block dataplane currently allocates memory to hold the data for
each request as that request is used, and frees it afterwards. Because
it requires page-aligned blocks, this interacts poorly with non-page-
aligned allocations and balloons the heap.

Instead, allocate the maximum possible buffer size required for the
protocol, which is BLKIF_MAX_SEGMENTS_PER_REQUEST (currently 11) pages
when the request structure is created, and keep that buffer until it is
destroyed. Since the requests are re-used via a free list, this should
actually improve memory usage.

Signed-off-by: Tim Smith <tim.smith@citrix.com>

Re-based and commit comment adjusted.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Tim Smith bfd0d63660 xen-block: improve response latency
If the I/O ring is full, the guest cannot send any more requests
until some responses are sent. Only sending all available responses
just before checking for new work does not leave much time for the
guest to supply new work, so this will cause stalls if the ring gets
full. Also, not completing reads as soon as possible adds latency
to the guest.

To alleviate that, complete IO requests as soon as they come back.
xen_block_send_response() already returns a value indicating whether
a notify should be sent, which is all the batching we need.

Signed-off-by: Tim Smith <tim.smith@citrix.com>

Re-based and commit comment adjusted.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Tim Smith 6de45f9109 xen-block: improve batching behaviour
When I/O consists of many small requests, performance is improved by
batching them together in a single io_submit() call. When there are
relatively few requests, the extra overhead is not worth it. This
introduces a check to start batching I/O requests via blk_io_plug()/
blk_io_unplug() in an amount proportional to the number which were
already in flight at the time we started reading the ring.

Signed-off-by: Tim Smith <tim.smith@citrix.com>

Re-based and commit comment adjusted.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Anthony PERARD 1077bcaccd xen: Replace few mentions of xend by libxl
xend have been replaced by libxenlight (libxl) for many Xen releases
now.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
2019-01-14 13:45:40 +00:00
Anthony PERARD 6d7c06c213 Remove broken Xen PV domain builder
It is broken since Xen 4.9 [1] and it will not build in Xen 4.12. Also,
it is not built by default since QEMU 2.6.

[1] https://lists.xenproject.org/archives/html/xen-devel/2018-09/msg00313.html

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
2019-01-14 13:45:40 +00:00
Paul Durrant 19f87870ba xen: remove the legacy 'xen_disk' backend
This backend has now been replaced by the 'xen-qdisk' XenDevice.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant db9ff46eeb xen: automatically create XenBlockDevice-s
This patch adds create and destroy function for XenBlockDevice-s so that
they can be created automatically when the Xen toolstack instantiates a new
PV backend via xenstore. When the XenBlockDevice is created this way it is
also necessary to create a 'drive' which matches the configuration that the
Xen toolstack has written into xenstore. This is done by formulating the
parameters necessary for each 'blockdev' layer of the drive and then using
qmp_blockdev_add() to create the layers. Also, for compatibility with the
legacy 'xen_disk' implementation, an iothread is automatically created for
the new XenBlockDevice. This, like the driver layers, will be destroyed
after the XenBlockDevice is unrealized.

The legacy backend scan for 'qdisk' is removed by this patch, which makes
the 'xen_disk' code is redundant. The code will be removed by a subsequent
patch.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant a783f8ad4e xen: add a mechanism to automatically create XenDevice-s...
...that maintains compatibility with existing Xen toolstacks.

Xen toolstacks instantiate PV backends by simply writing information into
xenstore and expecting a backend implementation to be watching for this.

This patch adds a new 'xen-backend' module to allow individual XenDevice
implementations to register create and destroy functions. The creator
will be called when a tool-stack instantiates a new backend in this way,
and the destructor will then be called after the resulting XenDevice
object is unrealized.

To support this it is also necessary to add new watchers into the XenBus
implementation to handle enumeration of new backends and also destruction
of XenDevice-s when the toolstack sets the backend 'online' key to 0.

NOTE: This patch only adds the framework. A subsequent patch will add a
      creator function for xen-block devices.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant b6af8926fb xen: add implementations of xen-block connect and disconnect functions...
...and wire in the dataplane.

This patch adds the remaining code to make the xen-block XenDevice
functional. The parameters that a block frontend expects to find are
populated in the backend xenstore area, and the 'ring-ref' and
'event-channel' values specified in the frontend xenstore area are
mapped/bound and used to set up the dataplane.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant d4683cf952 xen: purge 'blk' and 'ioreq' from function names in dataplane/xen-block.c
This is a purely cosmetic patch that purges remaining use of 'blk' and
'ioreq' in local function names, and then makes sure all functions are
prefixed with 'xen_block_'.

No functional change.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant e7f5b5f841 xen: remove 'ioreq' struct/varable/field names from dataplane/xen-block.c
This is a purely cosmetic patch that purges the name 'ioreq' from struct,
variable and field names. (This name has been problematic for a long time
as 'ioreq' is the name used for generic I/O requests coming from Xen).
The patch replaces 'struct ioreq' with a new 'XenBlockRequest' type and
'ioreq' field/variable names with 'request', and then does necessary
fix-up to adhere to coding style.

Function names are not modified by this patch. They will be dealt with in
a subsequent patch.

No functional change.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant f3b604e31d xen: remove 'XenBlkDev' and 'blkdev' names from dataplane/xen-block
This is a purely cosmetic patch that substitutes the old 'struct XenBlkDev'
name with 'XenBlockDataPlane' and 'blkdev' field/variable names with
'dataplane', and then does necessary fix-up to adhere to coding style.

No functional change.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant fcab2b464e xen: add header and build dataplane/xen-block.c
This patch adds the transformations necessary to get dataplane/xen-block.c
to build against the new XenBus/XenDevice framework. MAINTAINERS is also
updated due to the introduction of dataplane/xen-block.h.

NOTE: Existing data structure names are retained for the moment. These will
      be modified by subsequent patches. A typedef for XenBlockDataPlane
      has been added to the header (based on the old struct XenBlkDev name
      for the moment) so that the old names don't need to leak out of the
      dataplane code.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant ca07280075 xen: remove unnecessary code from dataplane/xen-block.c
Not all of the code duplicated from xen_disk.c is required as the basis for
the new dataplane implementation so this patch removes extraneous code,
along with the legacy #includes and calls to the legacy xen_pv_printf()
function. Error messages are changed to be reported using error_report().

NOTE: The code is still not yet built. Further transformations will be
      required to make it correctly interface to the new XenBus/XenDevice
      framework. They will be delivered in a subsequent patch.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant 4ea7d1a7f1 xen: duplicate xen_disk.c as basis of dataplane/xen-block.c
The new xen-block XenDevice implementation requires the same core
dataplane as the legacy xen_disk implementation it will eventually replace.
This patch therefore copies the legacy xen_disk.c source module into a new
dataplane/xen-block.c source module as the basis for the new dataplane and
adjusts the MAINTAINERS file accordingly.

NOTE: The duplicated code is not yet built. It is simply put into place by
      this patch (just fixing style violations) such that the
      modifications that will need to be made to the code are not
      conflated with code movement, thus making review harder.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant a3d669c8bd xen: add event channel interface for XenDevice-s
The legacy PV backend infrastructure provides functions to bind, unbind
and send notifications to event channnels. Similar functionality will be
required by XenDevice implementations so this patch adds the necessary
support.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>

Patch squashed with:

Patch "xen: add event channel interface for XenDevice-s" makes use of
the type xenevtchn_port_or_error_t, but this isn't avaiable before Xen
4.7. Also the function xen_device_bind_event_channel assign the return
value of xenevtchn_bind_interdomain to channel->local_port but check the
result for error with xendev->local_port.

Fix by:
- removing local_port from struct XenDevice as it isn't use anywere.
- adding a compatibility typedef for xenevtchn_port_or_error_t for Xen
  4.6 and earlier.

As extra, replace the type of XenEventChannel->local_port by
evtchn_port_t.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant 4b34b5b140 xen: add grant table interface for XenDevice-s
The legacy PV backend infrastructure provides functions to map, unmap and
copy pages granted by frontends. Similar functionality will be required
by XenDevice implementations so this patch adds the necessary support.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant 82a29e3048 xen: add xenstore watcher infrastructure
A Xen PV frontend communicates its state to the PV backend by writing to
the 'state' key in the frontend area in xenstore. It is therefore
necessary for a XenDevice implementation to be notified whenever the
value of this key changes.

This patch adds code to do this as follows:

- an 'fd handler' is registered on the libxenstore handle which will be
  triggered whenever a 'watch' event occurs
- primitives are added to xen-bus-helper to add or remove watch events
- a list of Notifier objects is added to XenBus to provide a mechanism
  to call the appropriate 'watch handler' when its associated event
  occurs

The xen-block implementation is extended with a 'frontend_changed' method,
which calls as-yet stub 'connect' and 'disconnect' functions when the
relevant frontend state transitions occur. A subsequent patch will supply
a full implementation for these functions.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant 094a22399f xen: create xenstore areas for XenDevice-s
This patch adds a new source module, xen-bus-helper.c, which builds on
basic libxenstore primitives to provide functions to create (setting
permissions appropriately) and destroy xenstore areas, and functions to
'printf' and 'scanf' nodes therein. The main xen-bus code then uses
these primitives [1] to initialize and destroy the frontend and backend
areas for a XenDevice during realize and unrealize respectively.

The 'xen-block' implementation is extended with a 'get_name' method that
returns the VBD number. This number is required to 'name' the xenstore
areas.

NOTE: An exit handler is also added to make sure the xenstore areas are
      cleaned up if QEMU terminates without devices being unrealized.

[1] The 'scanf' functions are actually not yet needed, but they will be
    needed by code delivered in subsequent patches.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant 1a72d9ae31 xen: introduce 'xen-block', 'xen-disk' and 'xen-cdrom'
This patch adds new XenDevice-s: 'xen-disk' and 'xen-cdrom', both derived
from a common 'xen-block' parent type. These will eventually replace the
'xen_disk' (note the underscore rather than hyphen) legacy PV backend but
it is illustrative to build up the implementation incrementally, along with
the XenBus/XenDevice framework. Subsequent patches will therefore add to
these devices' implementation as new features are added to the framework.

After this patch has been applied it is possible to instantiate new
'xen-disk' or 'xen-cdrom' devices with a single 'vdev' parameter, which
accepts values adhering to the Xen VBD naming scheme [1]. For example, a
command-line instantiation of a xen-disk can be done with an argument
similar to the following:

-device xen-disk,vdev=hda

The implementation of the vdev parameter formulates the appropriate VBD
number for use in the PV protocol.

[1] https://xenbits.xen.org/docs/unstable/man/xen-vbd-interface.7.html

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant 108f7bba15 xen: introduce new 'XenBus' and 'XenDevice' object hierarchy
This patch adds the basic boilerplate for a 'XenBus' object that will act
as a parent to 'XenDevice' PV backends.
A new 'XenBridge' object is also added to connect XenBus to the system bus.

The XenBus object is instantiated by a new xen_bus_init() function called
from the same sites as the legacy xen_be_init() function.

Subsequent patches will flesh-out the functionality of these objects.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Paul Durrant 2d0ed5e642 xen: re-name XenDevice to XenLegacyDevice...
...and xen_backend.h to xen-legacy-backend.h

Rather than attempting to convert the existing backend infrastructure to
be QOM compliant (which would be hard to do in an incremental fashion),
subsequent patches will introduce a completely new framework for Xen PV
backends. Hence it is necessary to re-name parts of existing code to avoid
name clashes. The re-named 'legacy' infrastructure will be removed once all
backends have been ported to the new framework.

This patch is purely cosmetic. No functional change.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Zhao Yan 92dbfcc6d4 xen/pt: allow passthrough of devices with bogus interrupt pin
For some pci device, even its PCI_INTERRUPT_PIN is not 0, it actually
doesn't support INTx mode, so its machine irq read from host sysfs is 0.
In that case, report PCI_INTERRUPT_PIN as 0 to guest and let passthrough
continue.

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Zhao Yan <yan.y.zhao@intel.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Peter Maydell 6c4f984463 hw/xen/xen_pt_graphics: Don't trust the BIOS ROM contents so much
Coverity (CID 796599) points out that xen_pt_setup_vga() trusts
the rom->size field in the BIOS ROM from a PCI passthrough VGA
device, and uses it as an index into the memory which contains
the BIOS image. A corrupt BIOS ROM could therefore cause us to
index off the end of the buffer.

Check that the size is within bounds before we use it.

We are also trusting the pcioffset field, and assuming that
the whole rom_header is present; Coverity doesn't notice these,
but check them too.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2019-01-14 13:45:40 +00:00
Peter Maydell 1fa404b60f vga: enable virtio test, fix ddc oob read
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcOKD0AAoJEEy22O7T6HE40JQP/RrwVqSvaFDu/13tbtkLcJPs
 v7BVCw0YmlOq5xagvtyoWhClxghHGkJNjQr+VGjLKhi03sgTIiE7BxcGz5qVXfwn
 KgZyrvgtgYHsGdRuC48UmsjRt0E0hR5exdaCVY73lpXyngxBJj5iMlr1E2sMePD7
 j03zsc5fsGVi+bQ1zsKd9LWQRrBQYzzAxnRuPWlXC9U4iTwUV2HltYQhT3bpsbLR
 Gc8YgQ0mikgGXFXXlSZ/4Wu1pIiCNVdLPhjOBiUlQrVmD1ukcMS6AQyZ8KeWf10B
 e+GBEd7O5rIDvsxYBg745CXZWTb+OMWRW63GybXNyLbmBSqOFRafYyZLJ5o5vjnf
 omrl1CJhfVl68wgwLBvcPIgFUZk9Gj5X25FW4vpjCkkaFELruCVxOUl6Gq6/jyPU
 XPRAmdpPsAm5qnHrzn1vKwen/bj4+872Qtj97g1DqRkMyXFBz8E8y7DAPRzRfGUh
 kZh4Z6AijG8sEpBY9O+WKaEU8D0nFXi88tahv3NsGYT+rsPGyNXqRwcFbV61H8Cn
 jtWT7iL0LzgykJcTP4WmkGBIApRRuLj0/YSNrVJSttVuRWq77p9f1X28MVta0zE/
 1kBDvPM6JJJBYxd4LJxQDymIaXTKdFFwHTUkXBKPrvRsWAZ8rCzaTts8oK/l+y+k
 XWkx59vOLH13fi/EoRfz
 =MxNk
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20190111-pull-request' into staging

vga: enable virtio test, fix ddc oob read

# gpg: Signature made Fri 11 Jan 2019 13:58:12 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20190111-pull-request:
  i2c-ddc: fix oob read
  tests/display-vga: Enable virtio-vga test

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-11 19:09:14 +00:00
Peter Maydell 15bede5541 * HAX support for Linux hosts (Alejandro)
* esp bugfixes (Guenter)
 * Windows build cleanup (Marc-André)
 * checkpatch logic improvements (Paolo)
 * coalesced range bugfix (Paolo)
 * switch testsuite to TAP (Paolo)
 * QTAILQ rewrite (Paolo)
 * block/iscsi.c cancellation fixes (Stefan)
 * improve selection of the default accelerator (Thomas)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJcOKyMAAoJEL/70l94x66DxKEH/1ho2Xl8ezxCecA6q3HqTgMT
 NJ/ntdqQwVwekKOWzsywnM3/LkEDLH55MxbTeQ8M/Vb1seS8eROz24/gPTzvFrfR
 n/d11rDV1EJfWe0H7nGLLFiRv0MSjxLpG9c3dlOKWhwOYHm25tr48PsdfVFP9Slz
 BK3rwrMeDgArfptHAIsAXt2h1S0EzrG9pMwGDpErCDzziXxBhUESE0Iqfw8LsH1K
 VjMn6rn7Ts1XKlxxwsm+BzHlTJghbj3tWPIfk+6uK2isP4iM3gFCoav3SG9XVXof
 V9+vFyMxdtZKT/0HvajhUS4/1S/uGBNNchZRnCxXlpbueWc5ROtvarhM6Hb0eck=
 =i8E5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* HAX support for Linux hosts (Alejandro)
* esp bugfixes (Guenter)
* Windows build cleanup (Marc-André)
* checkpatch logic improvements (Paolo)
* coalesced range bugfix (Paolo)
* switch testsuite to TAP (Paolo)
* QTAILQ rewrite (Paolo)
* block/iscsi.c cancellation fixes (Stefan)
* improve selection of the default accelerator (Thomas)

# gpg: Signature made Fri 11 Jan 2019 14:47:40 GMT
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (34 commits)
  avoid TABs in files that only contain a few
  remove space-tab sequences
  scripts: add script to convert multiline comments into 4-line format
  hw/watchdog/wdt_i6300esb: remove a unnecessary comment
  checkpatch: warn about qemu/queue.h head structs that are not typedef-ed
  qemu/queue.h: simplify reverse access to QTAILQ
  qemu/queue.h: reimplement QTAILQ without pointer-to-pointers
  qemu/queue.h: remove Q_TAILQ_{HEAD,ENTRY}
  qemu/queue.h: typedef QTAILQ heads
  qemu/queue.h: leave head structs anonymous unless necessary
  vfio: make vfio_address_spaces static
  qemu/queue.h: do not access tqe_prev directly
  test: replace gtester with a TAP driver
  test: execute g_test_run when tests are skipped
  qga: drop < Vista compatibility
  build-sys: build with Vista API by default
  build-sys: move windows defines in osdep.h header
  build-sys: don't include windows.h, osdep.h does it
  scsi: esp: Defer command completion until previous interrupts have been handled
  esp-pci: Fix status register write erase control
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-11 15:46:09 +00:00
Paolo Bonzini 7d37435bd5 avoid TABs in files that only contain a few
Most files that have TABs only contain a handful of them.  Change
them to spaces so that we don't confuse people.

disas, standard-headers, linux-headers and libdecnumber are imported
from other projects and probably should be exempted from the check.
Outside those, after this patch the following files still contain both
8-space and TAB sequences at the beginning of the line.  Many of them
have a majority of TABs, or were initially committed with all tabs.

    bsd-user/i386/target_syscall.h
    bsd-user/x86_64/target_syscall.h
    crypto/aes.c
    hw/audio/fmopl.c
    hw/audio/fmopl.h
    hw/block/tc58128.c
    hw/display/cirrus_vga.c
    hw/display/xenfb.c
    hw/dma/etraxfs_dma.c
    hw/intc/sh_intc.c
    hw/misc/mst_fpga.c
    hw/net/pcnet.c
    hw/sh4/sh7750.c
    hw/timer/m48t59.c
    hw/timer/sh_timer.c
    include/crypto/aes.h
    include/disas/bfd.h
    include/hw/sh4/sh.h
    libdecnumber/decNumber.c
    linux-headers/asm-generic/unistd.h
    linux-headers/linux/kvm.h
    linux-user/alpha/target_syscall.h
    linux-user/arm/nwfpe/double_cpdo.c
    linux-user/arm/nwfpe/fpa11_cpdt.c
    linux-user/arm/nwfpe/fpa11_cprt.c
    linux-user/arm/nwfpe/fpa11.h
    linux-user/flat.h
    linux-user/flatload.c
    linux-user/i386/target_syscall.h
    linux-user/ppc/target_syscall.h
    linux-user/sparc/target_syscall.h
    linux-user/syscall.c
    linux-user/syscall_defs.h
    linux-user/x86_64/target_syscall.h
    slirp/cksum.c
    slirp/if.c
    slirp/ip.h
    slirp/ip_icmp.c
    slirp/ip_icmp.h
    slirp/ip_input.c
    slirp/ip_output.c
    slirp/mbuf.c
    slirp/misc.c
    slirp/sbuf.c
    slirp/socket.c
    slirp/socket.h
    slirp/tcp_input.c
    slirp/tcpip.h
    slirp/tcp_output.c
    slirp/tcp_subr.c
    slirp/tcp_timer.c
    slirp/tftp.c
    slirp/udp.c
    slirp/udp.h
    target/cris/cpu.h
    target/cris/mmu.c
    target/cris/op_helper.c
    target/sh4/helper.c
    target/sh4/op_helper.c
    target/sh4/translate.c
    tcg/sparc/tcg-target.inc.c
    tests/tcg/cris/check_addo.c
    tests/tcg/cris/check_moveq.c
    tests/tcg/cris/check_swap.c
    tests/tcg/multiarch/test-mmap.c
    ui/vnc-enc-hextile-template.h
    ui/vnc-enc-zywrle.h
    util/envlist.c
    util/readline.c

The following have only TABs:

    bsd-user/i386/target_signal.h
    bsd-user/sparc64/target_signal.h
    bsd-user/sparc64/target_syscall.h
    bsd-user/sparc/target_signal.h
    bsd-user/sparc/target_syscall.h
    bsd-user/x86_64/target_signal.h
    crypto/desrfb.c
    hw/audio/intel-hda-defs.h
    hw/core/uboot_image.h
    hw/sh4/sh7750_regnames.c
    hw/sh4/sh7750_regs.h
    include/hw/cris/etraxfs_dma.h
    linux-user/alpha/termbits.h
    linux-user/arm/nwfpe/fpopcode.h
    linux-user/arm/nwfpe/fpsr.h
    linux-user/arm/syscall_nr.h
    linux-user/arm/target_signal.h
    linux-user/cris/target_signal.h
    linux-user/i386/target_signal.h
    linux-user/linux_loop.h
    linux-user/m68k/target_signal.h
    linux-user/microblaze/target_signal.h
    linux-user/mips64/target_signal.h
    linux-user/mips/target_signal.h
    linux-user/mips/target_syscall.h
    linux-user/mips/termbits.h
    linux-user/ppc/target_signal.h
    linux-user/sh4/target_signal.h
    linux-user/sh4/termbits.h
    linux-user/sparc64/target_syscall.h
    linux-user/sparc/target_signal.h
    linux-user/x86_64/target_signal.h
    linux-user/x86_64/termbits.h
    pc-bios/optionrom/optionrom.h
    slirp/mbuf.h
    slirp/misc.h
    slirp/sbuf.h
    slirp/tcp.h
    slirp/tcp_timer.h
    slirp/tcp_var.h
    target/i386/svm.h
    target/sparc/asi.h
    target/xtensa/core-dc232b/xtensa-modules.inc.c
    target/xtensa/core-dc233c/xtensa-modules.inc.c
    target/xtensa/core-de212/core-isa.h
    target/xtensa/core-de212/xtensa-modules.inc.c
    target/xtensa/core-fsf/xtensa-modules.inc.c
    target/xtensa/core-sample_controller/core-isa.h
    target/xtensa/core-sample_controller/xtensa-modules.inc.c
    target/xtensa/core-test_kc705_be/core-isa.h
    target/xtensa/core-test_kc705_be/xtensa-modules.inc.c
    tests/tcg/cris/check_abs.c
    tests/tcg/cris/check_addc.c
    tests/tcg/cris/check_addcm.c
    tests/tcg/cris/check_addoq.c
    tests/tcg/cris/check_bound.c
    tests/tcg/cris/check_ftag.c
    tests/tcg/cris/check_int64.c
    tests/tcg/cris/check_lz.c
    tests/tcg/cris/check_openpf5.c
    tests/tcg/cris/check_sigalrm.c
    tests/tcg/cris/crisutils.h
    tests/tcg/cris/sys.c
    tests/tcg/i386/test-i386-ssse3.c
    ui/vgafont.h

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20181213223737.11793-3-pbonzini@redhat.com>
Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Eric Blake <eblake@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:56 +01:00
Paolo Bonzini 72e21db7ea remove space-tab sequences
There are not many, and they are all simple mistakes that ended up
being committed.  Remove them.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20181213223737.11793-2-pbonzini@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:55 +01:00
Peng Hao 7d2fcebbdc hw/watchdog/wdt_i6300esb: remove a unnecessary comment
The registered memory region of i6300esb is not suitable for coalesced
mmio, because a write for the region may trigger an immediate action
and can't be delayed.

Signed-off-by: Peng Hao <peng.hao2@zte.com.cn>
Message-Id: <1544253511-82742-1-git-send-email-peng.hao2@zte.com.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:55 +01:00
Paolo Bonzini eae3eb3e18 qemu/queue.h: simplify reverse access to QTAILQ
The new definition of QTAILQ does not require passing the headname,
remove it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:55 +01:00
Paolo Bonzini f481ee2d5e qemu/queue.h: typedef QTAILQ heads
This will be needed when we change the QTAILQ head and elem structs
to unions.  However, it is also consistent with the usage elsewhere
in QEMU for other list head structs (see for example FsMountList).

Note that most QTAILQs only need their name in order to do backwards
walks.  Those do not break with the struct->union change, and anyway
the change will also remove the need to name heads when doing backwards
walks, so those are not touched here.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:55 +01:00
Paolo Bonzini b58deb344d qemu/queue.h: leave head structs anonymous unless necessary
Most list head structs need not be given a name.  In most cases the
name is given just in case one is going to use QTAILQ_LAST, QTAILQ_PREV
or reverse iteration, but this does not apply to lists of other kinds,
and even for QTAILQ in practice this is only rarely needed.  In addition,
we will soon reimplement those macros completely so that they do not
need a name for the head struct.  So clean up everything, not giving a
name except in the rare case where it is necessary.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:55 +01:00
Paolo Bonzini 10ca76b4d2 vfio: make vfio_address_spaces static
It is not used outside hw/vfio/common.c, so it does not need to
be extern.

Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:54 +01:00
Peter Maydell e53f7796fb Machine queue, 2019-01-10
* Simplify GlobalProperty array declarations (Eduardo Habkost)
 * Deprecate cpu-add commands (Kashyap Chamarthy)
 * range/memory-device cleanups (David Hildenbrand)
 * Fix -device scsi-hd,help regression (Marc-André Lureau)
 * Fix crash when -global generates multiple warnings (Eduardo
   Habkost)
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJcN1aHAAoJECgHk2+YTcWmi20QALYlChpE/YNh/8RZvpKRRgt4
 4aj8/qOlFq+TeoKQPf6KNCrTy6awvVGWOhOZOLdGcalqNZ/l69ZmKmECU0dqTrEw
 2zo0FxD8bjqVdsBJifLFa925GbUBHFtw/Am87Qv/LO+PV0bqMMIVUyNo5hd0iMej
 AhwlaIKAJxIKlsUiZOXpc2n1siFBjciJWdNapsam+ia8b8Y5jZ5GlkfTCJ3Nve2m
 uHMTPTt6iQao3YmPZ11E2elQENV7F51wM21Ti93Eo90FRpmADzsGw+lnh4wp50Mr
 q2QvaDByxcNEfdhKWOTdjRV6pkVBUh6GZps9SJvFtSGc2vfxqPgpi+HvN6f79uIO
 QV3rbkM0dyR+xveKrBVHA7MjCNEdVdpz5GRsYHDC3kjZC/dpEN/nV5g4TKSMzd6A
 hHQi6sRBi1qiKytsRB8sTElDDJxmoE8t5X1QeW+Wws0hBKVnrlr/BY0u09ip2j4x
 qoR4QG1nrmAXHIKVwsIdn8tiPqX2iq+OPu/Tp8FHlRI/90+3jazSbderT6I/9oCd
 AqnxSGXRoPhK0l0n/57mcPeY478ENtRqdeUkUVDVFSoTG9ys8aYqYzS19CdrRExo
 QsJ1M+NGWqzCal4VxNrdbUHAQoG4b1tVnQJMiFBc9LxS/88Da7huoiXRwAQkwOCd
 Um3orC2vlv78QXTwTho6
 =LNk6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

Machine queue, 2019-01-10

* Simplify GlobalProperty array declarations (Eduardo Habkost)
* Deprecate cpu-add commands (Kashyap Chamarthy)
* range/memory-device cleanups (David Hildenbrand)
* Fix -device scsi-hd,help regression (Marc-André Lureau)
* Fix crash when -global generates multiple warnings (Eduardo
  Habkost)

# gpg: Signature made Thu 10 Jan 2019 14:28:23 GMT
# gpg:                using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/machine-next-pull-request:
  qom: Don't keep error value between object_property_parse() calls
  qdev: fix -device scsi-hd,help regression
  machine: Use shorter format for GlobalProperty arrays
  machine: Eliminate unnecessary stringify() usage
  spapr: Eliminate SPAPR_PCI_2_7_MMIO_WIN_SIZE macro
  memory-device: rewrite address assignment using ranges
  range: add some more functions
  Mention that QMP 'cpu-add' will be deprecated
  Update that HMP 'cpu-add' is deprecated in 4.0
  qemu-deprecated.texi: Rename the HMP section

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-11 13:35:48 +00:00
Guenter Roeck ea84a44250 scsi: esp: Defer command completion until previous interrupts have been handled
The guest OS reads RSTAT, RSEQ, and RINTR, and expects those registers
to reflect a consistent state. However, it is possible that the registers
can change after RSTAT was read, but before RINTR is read, when
esp_command_complete() is called.

Guest OS		qemu
--------		----
[handle interrupt]
Read RSTAT
			esp_command_complete()
			 RSTAT = STAT_ST
			 esp_dma_done()
			  RSTAT |= STAT_TC
			  RSEQ = 0
			  RINTR = INTR_BS

Read RSEQ
Read RINTR		RINTR = 0
			RSTAT &= ~STAT_TC
			RSEQ = SEQ_CD

The guest OS would then try to handle INTR_BS combined with an old
value of RSTAT. This sometimes resulted in lost events, spurious
interrupts, guest OS confusion, and stalled SCSI operations.
A typical guest error log (observed with various versions of Linux)
looks as follows.

scsi host1: Spurious irq, sreg=13.
...
scsi host1: Aborting command [84531f10:2a]
scsi host1: Current command [f882eea8:35]
scsi host1: Queued command [84531f10:2a]
scsi host1:  Active command [f882eea8:35]
scsi host1: Dumping command log
scsi host1: ent[15] CMD val[44] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[00] event[0c]
scsi host1: ent[16] CMD val[01] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[17] CMD val[43] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[18] EVENT val[0d] sreg[92] seqreg[04] sreg2[00] ireg[18] ss[00] event[0c]
...

Defer handling command completion until previous interrupts have been
handled to fix the problem.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2019-01-11 13:57:24 +01:00
Guenter Roeck c2d6eeda01 esp-pci: Fix status register write erase control
Per AM53C974 datasheet, definition of "SCSI Bus and Control (SBAC)"
register:

Bit 24 'STATUS' Write Erase Control

This bit controls the Write Erase feature on bits 3:1 and bit 6 of the DMA
Status Register ((B)+54h). When this bit is programmed to '1', the state
of bits 3:1 are preserved when read. Bits 3:1 are only cleared when a '1'
is written to the corresponding bit location. For example, to clear bit 1,
the value of '0000_0010b' should be written to the register. When the DMA
Status Preserve bit is '0', bits 3:1 are cleared when read.

The status register is currently defined to bit 12, not bit 24.
Also, its implementation is reversed: The status is auto-cleared if
the bit is set to 1, and must be cleared explicitly when the bit is
set to 0. This results in spurious interrupts reported by the Linux
kernel, and in some cases even results in stalled SCSI operations.

Set SBAC_STATUS to bit 24 and reverse the logic to fix the problem.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-Id: <1543442171-24863-1-git-send-email-linux@roeck-us.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 13:57:24 +01:00
Paolo Bonzini 4ec37f9048 pam: wrap MemoryRegion initialization in a transaction
This avoids a few re-rendering of the memory AddressSpace.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 13:57:23 +01:00
Gerd Hoffmann b05b267840 i2c-ddc: fix oob read
Suggested-by: Michael Hanselmann <public@hansmi.ch>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190108102301.1957-1-kraxel@redhat.com
2019-01-11 11:45:00 +01:00
Peter Maydell 291741033f audio: two fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcNw8MAAoJEEy22O7T6HE4cYwP/1tgDp80mGhQeu2ZXb/2a+iV
 rX7ueEofG19rlXeSqpgwrCso2LM4SgY1wSzcPoHTV+ipCVWCQUT1HjPZamIXOq5x
 vt81scPZl+SBwBJRMS8CrArddMcmOh/288upbQy4xXZmwW2M6r9j5O5bRCfgExF6
 khQM7QOqopalmmEB0pbsdyQMbeszvfKXqAL+cch+VZSyULiVB4yFP9J6xroEtqz/
 ka8cVZcFLPwUY2CpXy9GUwQgCMwgYVviPyHU3E8bl3qcdQMqr9AR2QuI89s+kt1M
 9/7KVkmIAK7grim3SkWasHns8cXo8uxaWebmXZsk4yDofEKL5FfsrGrfng9W/OyS
 Ixg9JHwC7OfNq5YY4T/ghA56EVHzhu8eg1iGsnmA8ReoSyRR3/TFf0+oQypgONK3
 BbfMEBr2kr9XyWpThck26NLg0KXsGXgWk/KUPqGDg+QA1LbRw98vyXrPy/stkfbt
 77JwJgIOXviH6rEUA0U8REcg5KrI+tcq/JURiq9NVU+hew46OcGPXNWWlWxLcNJt
 olwnB0hOrXsddrIKSLTwav8FjVsLOT7LJSYmE7S70pWaEyQ6v8ctWc9LICptrLXD
 joVyN4Ktdyrx/zBi38XyPXuQuC7jCTFbuAEfe9rcTz0PjlKz0cN4SGvWPLQdaN3C
 f3AaRAlQj5RPqGPgazTN
 =UooZ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/audio-20190110-pull-request' into staging

audio: two fixes.

# gpg: Signature made Thu 10 Jan 2019 09:23:24 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20190110-pull-request:
  usb-audio: ignore usb packages with wrong size
  hw/audio/marvell: Don't include unnecessary i2c.h header file

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-10 18:45:23 +00:00
Peter Maydell 823dcd58ea ui: bugfixes, drop keymap include support, drop dead code.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcNwaOAAoJEEy22O7T6HE4usIQAKMdl63407uCPDP+k9ySKL2l
 W4O3uRZ0sj+RB7hk8evUJIT/oxGcfD2a4CHQPX6UDn5c5XgZoAuHe/gIzQe4v2QS
 o/Ot7qEbES4QitTSqhkiEuKl6iCp2mY+gchsVRMxfjOFvusU0B/nOl9BZCe57EFc
 jJQyI5sKJb/s6ygDp7yMwA5/qfglIv+wHAbX1GDBAiO6Vuwdk1OOXF/mhI/O1TA3
 T8d71v8cFiC1hWl7vLFecejN5lcXAO/1jVkyuEU9bQfMe1qoZ+BhzJvgzet8XzW+
 j1HrcybNjClvr1Iv0SFkwoRC6w8c2tMOtT10LHtiWF38r/1v8gWcQk36Jeim2Kq3
 RcV9IX56PJWSRTa9Roqvemc3hn3e7WcUkmyQX0PMbNq8obJhjNFuyEFunS1Wo4/G
 ldJ+NSK1n3l90s3ZFRLWiL4DADpYeQy34U3iG4VlC6AYXmKWMjbZCiCyyJCRtawP
 aYLbVQ/+6NsVQol4LaOqlP7uukmOBRiHZIdFTQn9xG3tymJZcEGVM3YSkfuK6InQ
 qTmmRFCUhGi0YPkYupk4BfUyHlSpnecoRGTh4jtetr2CctrhotRCC1L4z45KbzMM
 kWQGaqzCqLGuG7eDSNmwPdrjUKgoqTLWgTikCJhCS+QTFRWR23RigD8PrAq62kGc
 oFNGlDkpqizbdoEAfWOp
 =TcEc
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190110-pull-request' into staging

ui: bugfixes, drop keymap include support, drop dead code.

# gpg: Signature made Thu 10 Jan 2019 08:47:10 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20190110-pull-request:
  spice: Remove unused include
  keymaps: drop support for include files
  keymaps: remove common include
  keymaps: drop nl-be map
  keymaps: remove modifiers include
  ui/console: Remove qemu_create_display_surface_guestmem()
  configure: bump spice-server required version to 0.12.5
  egl-headless: add egl_create_context

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-10 16:29:02 +00:00
Peter Maydell d246ff5d39 Trivial patches for 4.0 (2019-01-09)
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcNfHyAAoJEPMMOL0/L748NakQAKzjmZjQ9Qz2fVS/AUuk1weW
 0ySDiWU/cm+oGRW2E40+OggaoJnfitWrYY8cDSkOKKWlK+kFM2Dlfv8M50pg+JsK
 IhcFWUcOUHEbJjjyMbkKkl2Yl/RIvr9/IJHDt6wB28jpvqN9nlkBaiXeC7yuiLYN
 XAxf4TbuHstKqHEnDBXjFzY+IiaGMn1ffmOoHdItslFhiYeut6ucs8786D+CKWBx
 jcesXidhxGsuu+8zNZy1y7m29ccHgsb7LCZN0Hs6mV8tYD0vQv1UVDTx0jPWzON9
 1+LzdaeLlpk7LZTDa4wCnhoAb0usESQ5mjo3+q4Tq2pjZlYBCzDmFK43BNSlmfUC
 s//XVGUZBB7reeItwwInIoedoiQTubxDNBzTKZIKzKr0y8JhtMJn6nZVQPbRrh9v
 TBzPmU1P+GBB1WAjDXrID6ipffTt0gGOqCFmdHtXeun3Jiy+En2XSX4NTcpkbH7s
 Lyi8DBxCCjq9y242ZuC7f7bseH/0Rle7CUXktbTtjemyAVzo5iVkZi//zb0iGtck
 e9r7hqoUN5mAAkgqKdeCzwfa0/1FCKPrYbnPGHKtpg5FKkd2axDwH6mB4LLbfITh
 APSaNevBPfyeid7cyo/XXldE1WJ2D/Sqaz49ZASDTb338tSQZbr/MIQV2ERb7xGM
 WBYh4N7BLcO46CPkb7yB
 =dgV0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-patches-pull-request' into staging

Trivial patches for 4.0 (2019-01-09)

# gpg: Signature made Wed 09 Jan 2019 13:06:58 GMT
# gpg:                using RSA key F30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>"
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/trivial-patches-pull-request:
  ioapic: use TYPE_FOO MACRO than constant string
  trivial: Don't include isa.h if it is not really necessary
  hw/audio/marvell: Don't include unnecessary i2c.h header file
  qom: Include qemu/fprintf-fn.h in cpu.h
  hw/core: fix whitespace in a sentence
  typedefs: (Re-)sort entries alphabetically

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-10 15:33:28 +00:00
Gerd Hoffmann a7fde1c170 usb-audio: ignore usb packages with wrong size
usb packets with no payload (zero length) seem to happen in practice for
whatever reason.  Add a check and skip the packet then, otherwise we'll
trigger an assert.

Reported-by: Leonardo Soares Müller <leozinho29_eu@hotmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20181211072649.20700-1-kraxel@redhat.com
2019-01-10 09:56:19 +01:00
Thomas Huth 95a38c395d hw/audio/marvell: Don't include unnecessary i2c.h header file
This device does not use I2C, so no need to include the header file here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1546614146-10525-1-git-send-email-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-10 09:51:42 +01:00
Marc-André Lureau 1b63665c2c configure: bump spice-server required version to 0.12.5
Looking at chardev/spice.c code, I realize compilation was broken for
a while with spice-server < 0.12.3. Let's bump required version
to 0.12.5, released May 19 2014, instead of adding more #ifdef.

(this patch combines changes from an early version and some of
Frediano "[PATCH 2/2] spice: Bump required spice-server version to
0.12.6")

According to repology, all the distros that are build target platforms
for QEMU include it:

      RHEL-7: 0.14.0
      Debian (Stretch): 0.12.8
      Debian (Jessie): 0.12.5
      FreeBSD (ports): 0.14.0
      OpenSUSE Leap 15: 0.14.0
      Ubuntu (Xenial): 0.12.6

Note that a previous version of this patch was bumping version to
0.12.6. Unfortunately, Debian Jessie (oldstable) is stuck with spice
server 0.12.5, and QEMU should keep building until after 2y of current
stable (Stretch), which will be around June 17th 2019. Qemu 4.1
should thus be free of bumping to spice-server 0.12.6 during 4.1
development cycle.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20181128155932.16171-1-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-10 08:55:13 +01:00
Marc-André Lureau ab94c6b42f qdev: fix -device scsi-hd,help regression
Since commit ea9ce8934, device_post_init() applies globals directly
from machines and accelerator classes.

There are cases, such as -device scsi-hd,help, where the machine is
setup but there in no accelerator.

Let's skip accelerator globals in this case.

Fixes SEGV:
 #0  0x0000555558ea04ff in object_get_class (obj=0x0) at /home/elmarco/src/qemu/build/../qom/object.c:857
 #1  0x000055555854c797 in object_apply_compat_props (obj=0x616000078980) at /home/elmarco/src/qemu/build/../hw/core/qdev.c:978
 #2  0x000055555854c797 in object_apply_compat_props (obj=0x616000078980) at /home/elmarco/src/qemu/build/../hw/core/qdev.c:973
 #3  0x000055555854c959 in device_post_init (obj=0x616000078980) at /home/elmarco/src/qemu/build/../hw/core/qdev.c:989
 #4  0x0000555558e9e250 in object_post_init_with_type (ti=<optimized out>, obj=0x616000078980) at /home/elmarco/src/qemu/build/../qom/object.c:365
 #5  0x0000555558e9e250 in object_initialize_with_type (data=0x616000078980, size=616, type=<optimized out>) at /home/elmarco/src/qemu/build/../qom/object.c:425
 #6  0x0000555558e9e571 in object_new_with_type (type=0x613000031900) at /home/elmarco/src/qemu/build/../qom/object.c:588
 #7  0x000055555830c048 in qmp_device_list_properties (typename=typename@entry=0x60200000c2d0 "scsi-hd", errp=errp@entry=0x7fffffffc540) at /home/elmarco/src/qemu/qmp.c:519
 #8  0x00005555582c4027 in qdev_device_help (opts=<optimized out>) at /home/elmarco/src/qemu/qdev-monitor.c:283
 #9  0x0000555559378fa2 in qemu_opts_foreach (list=<optimized out>, func=func@entry=0x5555582cfca0 <device_help_func>, opaque=opaque@entry=0x0, errp=errp@entry=0x0) at /home/elmarco/src/qemu/util/qemu-option.c:1171

https://bugzilla.redhat.com/show_bug.cgi?id=1664364

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190109102311.7635-1-marcandre.lureau@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Lukáš Doktor <ldoktor@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-09 22:10:17 -02:00
Eduardo Habkost 6c36bddf53 machine: Use shorter format for GlobalProperty arrays
Instead of verbose arrays with 4 lines for each entry, make each
entry take only one line.  This makes long arrays that couldn't
fit in the screen become short and readable.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20190107193020.21744-4-ehabkost@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-09 22:10:00 -02:00
Eduardo Habkost e0985450e1 machine: Eliminate unnecessary stringify() usage
stringify() is useful when we need to use macros in compat_props
(like when we set virtio-baloon-pci.class=PCI_CLASS_MEMORY_RAM at
pc_i440fx_1_0_machine_options()), but it is pointless when we are
already providing a number literal.

Replace stringify() with string literals when appropriate.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20190107193020.21744-3-ehabkost@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-09 22:10:00 -02:00
Eduardo Habkost b3bcb3cedf spapr: Eliminate SPAPR_PCI_2_7_MMIO_WIN_SIZE macro
The macro is only used in one place, where the purpose of the
value is obvious.  Eliminate the macro so we don't need to rely
on stringify().

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20190107193020.21744-2-ehabkost@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-09 22:10:00 -02:00
David Hildenbrand e3213eb5ec memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.

qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000

Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)

"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-09 22:09:31 -02:00
Li Qiang 34bec7a8d0 ioapic: use TYPE_FOO MACRO than constant string
Make them more QOMConventional.
Cc:qemu-trivial@nongnu.org

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20190105023831.66910-1-liq3ea@163.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-09 11:33:47 +01:00
Thomas Huth 0cd0589ecf trivial: Don't include isa.h if it is not really necessary
These files don't seem to do anything related to ISA directly, so
there is no need to include isa.h here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1546615943-16274-1-git-send-email-thuth@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-09 11:24:35 +01:00
Thomas Huth 29bc0a6072 hw/audio/marvell: Don't include unnecessary i2c.h header file
This device does not use I2C, so no need to include the header file here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1546614146-10525-1-git-send-email-thuth@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-09 11:18:06 +01:00
Wainer dos Santos Moschetta 097f699ce9 hw/core: fix whitespace in a sentence
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20181224154922.3338-1-wainersm@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-09 11:09:31 +01:00