Use the common qemu utility function to parse the memory size.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Remove shm_fd from device state, closing it as early as possible to avoid leaks.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
qpci_msix_pending() writes on pba region, causing qemu to SEGV:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fba8c0 (LWP 25882)]
0x0000000000000000 in ?? ()
(gdb) bt
#0 0x0000000000000000 in ()
#1 0x00005555556556c5 in memory_region_oldmmio_write_accessor (mr=0x5555579f3f80, addr=0, value=0x7fffffffbf68, size=4, shift=0, mask=4294967295, attrs=...) at /home/elmarco/src/qemu/memory.c:434
#2 0x00005555556558e1 in access_with_adjusted_size (addr=0, value=0x7fffffffbf68, size=4, access_size_min=1, access_size_max=4, access=0x55555565563e <memory_region_oldmmio_write_accessor>, mr=0x5555579f3f80, attrs=...) at /home/elmarco/src/qemu/memory.c:506
#3 0x00005555556581eb in memory_region_dispatch_write (mr=0x5555579f3f80, addr=0, data=0, size=4, attrs=...) at /home/elmarco/src/qemu/memory.c:1176
#4 0x000055555560b6f9 in address_space_rw (as=0x555555eff4e0 <address_space_memory>, addr=3759147008, attrs=..., buf=0x7fffffffc1b0 "", len=4, is_write=true) at /home/elmarco/src/qemu/exec.c:2439
#5 0x000055555560baa2 in cpu_physical_memory_rw (addr=3759147008, buf=0x7fffffffc1b0 "", len=4, is_write=1) at /home/elmarco/src/qemu/exec.c:2534
#6 0x000055555564c005 in cpu_physical_memory_write (addr=3759147008, buf=0x7fffffffc1b0, len=4) at /home/elmarco/src/qemu/include/exec/cpu-common.h:80
#7 0x000055555564cd9c in qtest_process_command (chr=0x55555642b890, words=0x5555578de4b0) at /home/elmarco/src/qemu/qtest.c:378
#8 0x000055555564db77 in qtest_process_inbuf (chr=0x55555642b890, inbuf=0x55555641b340) at /home/elmarco/src/qemu/qtest.c:569
#9 0x000055555564dc07 in qtest_read (opaque=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", size=22) at /home/elmarco/src/qemu/qtest.c:581
#10 0x000055555574ce3e in qemu_chr_be_write (s=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", len=22) at qemu-char.c:306
#11 0x0000555555751263 in tcp_chr_read (chan=0x55555642bcf0, cond=G_IO_IN, opaque=0x55555642b890) at qemu-char.c:2876
#12 0x00007ffff64c9a8a in g_main_context_dispatch (context=0x55555641c400) at gmain.c:3122
(without this patch, this can be reproduced with the ivshmem qtest)
Implement an empty mmio write to avoid the crash.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Send a protocol version as the first message from server, clients must
close communication if they don't support this protocol version. Older
QEMUs should be fine with this change in the protocol since they
overrides their own vm_id on reception of an id associated to no
eventfd.
Signed-off-by: David Marchand <david.marchand@6wind.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[use fifo_update_and_get()]
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The interrupt mask is a state value, it should be reset, like the
interrupt status.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The number of eventfd that can be handled per peer is limited by the
number of vectors. Return an error when receiving too many of them.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The terms 'guest' and 'peer' are used sometime interchangeably which may
be confusing. Instead, use 'peer' for the remote instances of ivshmem
clients, and 'guest' for the local VM.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Free all objects owned by the device, making sure the device is free,
fixing hot-unplug.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The server should not change the shm, and this isn't handled by qemu and
we should should verify this in qemu.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
0 is a valid fd value, so change conditions and set -1 value early
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
load_state_old() is used to keep compatibility with version 0.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The common version correctly checks for 0 value case.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Both if branches return, move this out to common end.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Use some more explicit variables to simplify the code.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The server shouldn't send invalid peer id, so print an error if it's the
case.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The test whether the chardev is an AF_UNIX socket rejects
"-chardev socket,id=chr0,path=/tmp/foo,server,nowait -device
ivshmem,chardev=chr0", but fails to explain why.
Use an explicit error on why a chardev may be rejected.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
max_peer isn't really useful, it tracks the maximum received VM id, but
that quickly matches nb_peers, the size of the peers array. Since VM
come and go, there might be sparse peers so it doesn't help much in
general to have this value around.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
There is no peer when device is initialized, do not let doorbell for
inexisting peer 0.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
val isn't used in ivshmem_update_irq() function.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
It simplifies a bit the code to allocate the array when setting the
number of peers instead of lazily when receiving the first vector.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Set the number of peers and array allocation in a single place. Rename
to better reflect the function content.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Limit the maximum number of peers to MAXUINT16. This is more realistic
and better matches the limit of the doorbell register.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Use the latest qemu device modeling API, in particular, convert to
realize to fix the error handling; right now a botched device_add
ivhsmem command kills the VM.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
qemu_chr_fe_get_msgfd() transfers ownership, there is no need to dup the
fd.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Make a new function fifo_update_and_get() that can be reused by other
functions (in next commits).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
If the fifo has 0 bytes, and the read is of size 1, the call to
fifo8_push_all() will copy off boundary data.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
ivshmem_read() only reads sizeof(long) from the input buffer. Accepting
more could lead to fifo8 abort() on 32bit systems if fifo is not empty.
A following patch will change the protocol to 64-bit little-endian
instead.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
They will be excluded by type in the nested event loops in block layer,
so that unwanted events won't be processed there.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
All callers pass in false, and the real external ones will switch to
true in coming patches.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
blk_bs() will not necessarily return a non-NULL value any more (unless
blk_is_available() is true or it can be assumed to otherwise, e.g.
because it is called immediately after a successful blk_new_with_bs() or
blk_new_open()).
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Only call bdrv_add_key() on the BlockDriverState if it is not NULL.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The tray of an FDD is open iff there is no medium inserted (there are
only two states for an FDD: "medium inserted" or "no medium inserted").
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
sPAPR highlights:
* Allow VFIO devices on the spapr-pci-host-bridge
* Allow virtio VGA
* Safer handling of HTAB allocation
* ibm,pa-features device tree property
non-sPAPR highlights:
* Categorization of many ppc specific devices in help output
* Tweaks to MMU type constants
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWKdNsAAoJEGw4ysog2bOSDxsQAKz5SLPmHhRztR8K0BMne0FP
5Yi3zFLAkWHCDA60BUaQPy2hh6jz+EVecxPecWb+nQ/jhQBBFjpkckgorjcHz6jQ
6pUHK1vZOPSq6bmb9/r+h5Po9pX7A2ncKX+wCJfwlceE7pNauDvJDQyKSXtwigPg
IFsM+4TKrjwR7rVBHLoSKabM/2dGW0xxWpKII/xtuU6npfH15tdvadObjMfNLFcC
gfTyggRMtuZwOCAxnyIZz+6tdNGqUbIV8zmzMHoWhpaPc3MBGQA4DrtOyWsWnLL3
VoIqOAVFzR7r2OAM610SZej1jn6Nl7wJtdFIq3NVXtMp/e3xzGjEK7CsVW14wjC3
pbVPwESe3fT91y7vyZVHLoSFlh9dOs+deNGCo58crJTq7gmeg4vDQwjn5Ec2Ch8P
92uZyuhsTGQ/m0xl2QAR29dcapTXytptJugVDUvxZw78UG3xY0DicBiW43cMh22/
JwIVtlmbSyIrL+SqO5j0ylCSPSn7BtE2EjHrcyAqHTM8c6cv4JFIN4p8ZYqqILVH
LoRs6gGbrGey4QCVRDJc2w/pO21q0Xj+BIgZzcaZ8craKkCwarz5wYfJj7L8O4Hf
tzHAl4HjHQ3AZr03ejOKy40Y3CNaAAcU9mTFOq72r6LuoPoenbUh7Sm9Bo9st1Z2
cUjqLvzaL2N04ppVEwsM
=UrXv
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-next-20151023' into staging
ppc patch queue - 2015-10-23
sPAPR highlights:
* Allow VFIO devices on the spapr-pci-host-bridge
* Allow virtio VGA
* Safer handling of HTAB allocation
* ibm,pa-features device tree property
non-sPAPR highlights:
* Categorization of many ppc specific devices in help output
* Tweaks to MMU type constants
# gpg: Signature made Fri 23 Oct 2015 07:27:56 BST using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392
* remotes/dgibson/tags/ppc-next-20151023: (21 commits)
prep: do not use CPU_LOG_IOPORT, convert to tracepoints
openpic: add to misc category
macio-nvram: add to misc category
macio: add to bridge category
uninorth: add to bridge category
macio-ide: add to storage category
cuda: add to bridge category
grackle: add to bridge category
escc: add to input category
cmd646: add to storage category
adb: add to input category
ppc/spapr: Add "ibm,pa-features" property to the device-tree
ppc: Add mmu_model defines for arch 2.03 and 2.07
hw/scsi/spapr_vscsi: Remove superfluous memset
spapr_pci: Allow VFIO devices to work on the normal PCI host bridge
spapr_iommu: Provide a function to switch a TCE table to allowing VFIO
spapr_iommu: Rename vfio_accel parameter
spapr_pci: Allow PCI host bridge DMA window to be configured
spapr: Add "slb-size" property to CPU device tree nodes
spapr: Abort when HTAB of requested size isn't allocated
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fix build breakages when using older gcc.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWKTqnAAoJECgfDbjSjVRpqtIH/2HOjVIcONQKSt6JqcRCqplS
LUm2Y0n/iPOktzdX1PmYF3t6AXoSJ+9LYePgi691aRZR9CyqZkYiOOOT9NIqpK/I
41HxT0qjl2F8RCRQBT8WjUeZNb1XugO6yJ9y+FuNuht00F+1q/M9KjWOzLSPguWF
ri5ygKNVislca8HU//M8Cc30YwpSW2zT1QcQ2u9UQvIxWevB4AXkAz743EV+0liD
gjy9qfRU7cZgraN0fSx25jyO2oT0LZCvTJ3BZc9+K2wjdTSx+4bVzc4X/iB2c5/i
3y3Fhr2nEAjvG3j3KwRD6k1Sz6xLVWVmQSdBbgbx67Fmf8HTcX+Snjqw6V72IQc=
=NyBA
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
vhost: build fix
Fix build breakages when using older gcc.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 22 Oct 2015 20:36:07 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
vhost-user: fix up rhel6 build
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
These messages are disabled by default; a perfect usecase for tracepoints.
Convert them over.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
openpic is a programmable interrupt controller, so
add it to the misc category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The macio nvram is a non volatile RAM, so add it
the misc category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
macio is a bridge between the PCI bus and the Mac nvram,
IDE controller and PIC, so add it to the bridge category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Uninorth is the mac99 PCI host controller, so add
it to the bridge category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
macio-ide is an IDE controller, so add it
to the storage category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Cuda is a bridge between PowerMac system bus and the ADB controller,
real-time clock, pram and the power management unit.
So add it to the bridge category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Grackle is the PCI host controller of oldworld powermac,
so add it to the bridge category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
ESCC is a serial port controller, so add it
to the input category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
cmd646 is an IDE controller, so add it to the
storage category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The Apple Desktop Bus is used to connect a keyboard and a mouse,
so add it to the input category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
LoPAPR defines a "ibm,pa-features" per-CPU device tree property which
describes extended features of the Processor Architecture.
This adds the property to the device tree. At the moment this is the
copy of what pHyp advertises except "I=1 (cache inhibited) Large Pages"
which is enabled for TCG and disabled when running under HV KVM host
with 4K system page size.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[aik: rebased, changed commit log, moved ci_large_pages initialization,
renamed pa_features arrays]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
g_malloc0 already clears the memory, so no need for
the additional memset here.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The core VFIO infrastructure more or less allows VFIO devices to work
on any normal guest PCI host bridge (PHB) without extra logic.
However, the "spapr-pci-host-bridge" device (as opposed to the special
"spapr-pci-vfio-host-bridge" device) breaks this by using a partially
KVM accelerated implementation of the guest kernel IOMMU which won't
work with VFIO devices, without additional kernel support.
This patch allows VFIO devices to work on the spapr-pci-host-bridge,
by having it switch off KVM TCE acceleration when a VFIO device is
added to the PHB (either on startup, or by hotplug).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Because of the way non-VFIO guest IOMMU operations are KVM accelerated, not
all TCE tables (guest IOMMU contexts) can support VFIO devices. Currently,
this is decided at creation time.
To support hotplug of VFIO devices, we need to allow a TCE table which
previously didn't allow VFIO devices to be switched so that it can. This
patch adds an spapr_tce_set_need_vfio() function to do this, by
reallocating the table in userspace if necessary.
Currently this doesn't allow the KVM acceleration to be re-enabled if all
the VFIO devices are removed. That's an optimization for another time.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
The vfio_accel parameter used when creating a new TCE table (guest IOMMU
context) has a confusing name. What it really means is whether we need the
TCE table created to be able to support VFIO devices.
VFIO is relevant, because when available we use in-kernel acceleration of
the TCE table, but that may not work with VFIO devices because updates to
the table are handled in kernel, bypass qemu and so don't hit qemu's
infrastructure for keeping the VFIO host IOMMU state in sync with the guest
IOMMU state.
Rename the parameter to "need_vfio" throughout. This is a cosmetic change,
with no impact on the logic.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
At present the PCI host bridge (PHB) for the pseries machine type has a
fixed DMA window from 0..1GB (in PCI address space) which is mapped to real
memory via the PAPR paravirtualized IOMMU.
For better support of VFIO devices, we're going to want to allow for
different configurations of the DMA window.
Eventually we'll want to allow the guest itself to reconfigure the window
via the PAPR dynamic DMA window interface, but as a preliminary this patch
allows the user to reconfigure the window with new properties on the PHB
device.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
According to a commit message in the Linux kernel (see here
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b60c31d85a2a
for example), the name of the property that carries the information
about the number of SLB entries should be called "slb-size", and
not "ibm,slb-size". The Linux kernel can deal with both names, but
to be on the safe side we should support the official name, too.
[Now that LoPAPR is public, the relevant requirement can be found in
section C.6.1.8 --dwg]
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Terminate the guest when HTAB of requested size isn't allocated by
the host.
When memory hotplug is attempted on a guest that has booted with
less than requested HTAB size, the guest kernel will not be able
to gracefully fail the hotplug request. This patch will ensure that
we never end up in a situation where memory hotplug fails due to
less than requested HTAB size.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Allocate HTAB from ppc_spapr_init() so that we can abort the guest
if requested HTAB size is't allocated by the host. However retain the
htab reset call in spapr_reset_htab() so that HTAB gets reset (and
not allocated) during machine reset.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Build on RHEL6 fails:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=42875
Apparently unnamed unions couldn't use C99 named field initializers.
Let's just name the payload union field.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
New features:
VT-d support for devices behind a bridge
vhost-user migration support
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWKMrnAAoJECgfDbjSjVRpVL0H/iRc31o00QE4nWBRpxUpf8WJ
V5RWE8qKkDgBha5bS5Nt4vs8K4jkkHGXCbmygMidWph96hUPK8/yHy1A/wmpBibB
5hVSPDK8onavNGJwpaWDrkhd9OhKAaKOuu49T6+VWJGZY/uX5ayqmcN934y0NPUa
4EhH5tyxPpYOYeW9i/VOMQ374gCJcpzYBMug4NJZRyFpfz/b2mzAQtoqw3EsPtB0
vpVJ+fKiCyG39HFKQJW7cL12yBeXOoyhjfDxpumLqwLWMfmde+vJwTFx6wbechgV
aU3jIdvUX8wHCNYaB937NsMaDALoGNqUjbpKnf+xD1w7xr9pwTzdyrGH3rpGLEE=
=+G1+
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
vhost, pc, virtio features, fixes, cleanups
New features:
VT-d support for devices behind a bridge
vhost-user migration support
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 22 Oct 2015 12:39:19 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream: (37 commits)
hw/isa/lpc_ich9: inject the SMI on the VCPU that is writing to APM_CNT
i386: keep cpu_model field in MachineState uptodate
vhost: set the correct queue index in case of migration with multiqueue
piix: fix resource leak reported by Coverity
seccomp: add memfd_create to whitelist
vhost-user-test: check ownership during migration
vhost-user-test: add live-migration test
vhost-user-test: learn to tweak various qemu arguments
vhost-user-test: wrap server in TestServer struct
vhost-user-test: remove useless static check
vhost-user-test: move wait_for_fds() out
vhost: add migration block if memfd failed
vhost-user: use an enum helper for features mask
vhost user: add rarp sending after live migration for legacy guest
vhost user: add support of live migration
net: add trace_vhost_user_event
vhost-user: document migration log
vhost: use a function for each call
vhost-user: add a migration blocker
vhost-user: send log shm fd along with log_base
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 4d00636e97 ("ich9: Add the lpc chip", Nov 14 2012) added the
ich9_apm_ctrl_changed() ioport write callback function such that it would
inject the SMI, in response to a write to the APM_CNT register, on the
first CPU, invariably.
Since this register is used by guest code to trigger an SMI synchronously,
the interrupt should be injected on the VCPU that is performing the write.
apm_ioport_writeb() is the .write callback of the "apm_ops"
MemoryRegionOps [hw/isa/apm.c]; it is parametrized to call
ich9_apm_ctrl_changed() by ich9_lpc_init() [hw/isa/lpc_ich9.c], via
apm_init(). Therefore this change affects no other board.
ich9_generate_smi() is an unrelated function that is called by the TCO
watchdog; a watchdog is likely in its right to (asynchronously) inject
interrupts on the first CPU only.
This patch allows the combined edk2/OVMF SMM driver stack to work with
multiple VCPUs on TCG, using both qemu-system-i386 and qemu-system-x86_64.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Update cpu_model in MachineState for i386, so that the field can be used
for cpu hotplug, instead of using a static variable.
This patch is rebased on the latest master.
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Acked-by: Andreas Färber <afaerber@suse.de>
When a live migration is started the log address to mark dirty pages is provided
to the vhost backend through the vhost_dev_set_log function.
This function is called for each queue pairs but the queue index is wrongly set:
always set to the first queue pair. Then vhost backend lost descriptor addresses
of the queue pairs greater than 1 and behaviour of the vhost backend is
unpredictable.
The queue index is computed by taking account of the vq_index (to retrieve the
queue pair index) and calling the vhost_get_vq_index method of the backend.
Signed-off-by: Thibaut Collet <thibaut.collet@6wind.com>
Cc: qemu-stable@nongnu.org
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
config_fd should be closed before return, or there will
be a resource leak error.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
The VHOST_USER_PROTOCOL_FEATURE_MASK will be automatically updated when
adding new features to the enum.
Signed-off-by: Thibaut Collet <thibaut.collet@6wind.com>
[Adapted from mailing list discussion - Marc-André]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
A new vhost user message is added to allow QEMU to ask to vhost user backend to
broadcast a fake RARP after live migration for guest without GUEST_ANNOUNCE
capability.
This new message is sent only if the backend supports the new
VHOST_USER_PROTOCOL_F_RARP protocol feature.
The payload of this new message is the MAC address of the guest (not known by
the backend). The MAC address is copied in the first 6 bytes of a u64 to avoid
to create a new payload message type.
This new message has no equivalent ioctl so a new callback is added in the
userOps structure to send the request.
Upon reception of this new message the vhost user backend must generate and
broadcast a fake RARP request to notify the migration is terminated.
Signed-off-by: Thibaut Collet <thibaut.collet@6wind.com>
[Rebased and fixed checkpatch errors - Marc-André]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
Some vhost user backends are able to support live migration.
To provide this service the following features must be added:
1. Add the VIRTIO_NET_F_GUEST_ANNOUNCE capability to vhost-net when netdev
backend is vhost-user.
2. Provide a nop receive callback to vhost-user.
This callback is called by:
* qemu_announce_self after a migration to send fake RARP to avoid network
outage for peers talking to the migrated guest.
- For guest with GUEST_ANNOUNCE capabilities, guest already sends GARP
when the bit VIRTIO_NET_S_ANNOUNCE is set.
=> These packets must be discarded.
- For guest without GUEST_ANNOUNCE capabilities, migration termination
is notified when the guest sends packets.
=> These packets can be discarded.
* virtio_net_tx_bh with a dummy boot to send fake bootp/dhcp request.
BIOS guest manages virtio driver to send 4 bootp/dhcp request in case of
dummy boot.
=> These packets must be discarded.
Signed-off-by: Thibaut Collet <thibaut.collet@6wind.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
Replace the generic vhost_call() by specific functions for each
function call to help with type safety and changing arguments.
While doing this, I found that "unsigned long long" and "uint64_t" were
used interchangeably and causing compilation warnings, using uint64_t
instead, as the vhost & protocol specifies.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[Fix enum usage and MQ - Thibaut Collet]
Signed-off-by: Thibaut Collet <thibaut.collet@6wind.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
If VHOST_USER_PROTOCOL_F_LOG_SHMFD is not announced, block vhost-user
migration. The blocker is removed in vhost_dev_cleanup().
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
Send the shm for the dirty pages logging if the backend supports
VHOST_USER_PROTOCOL_F_LOG_SHMFD. Wait for a reply to make sure
the old log is no longer used.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
If the backend is requires it, allocate shareable memory.
vhost_log_get() now uses 2 globals "vhost_log" and "vhost_log_shm", that
way there is a common non-shareable log and a common shareable one.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
Check if the backend has VHOST_USER_PROTOCOL_F_LOG_SHMFD feature and
require a shared log.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
Split VHOST_SET_LOG_BASE call in a seperate function callback, so that
type safety works and more arguments can be added in the next patches.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
Don't initialize vhost backend if memslots number exceeds the supported
limit. This prevents failures down the road when backend
is actually started.
[MST: rewrite commit log]
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
it allows safely cancel memory hotplug if vhost backend
doesn't support necessary amount of memory slots and prevents
QEMU crashing in vhost due to hitting vhost limit on amount
of supported memory ranges.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
it will allow for other parts of QEMU check if it's safe
to map memory region during hotplug/runtime.
That way hotplug path will have a chance to cancel
hotplug operation instead of crashing in vhost_commit().
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
XTFPGA FLASH is tied to XTFPGA system IO block. It's not very important
for systems with MMU where system IO block is visible at single
location, but it's important for noMMU systems, where system IO block is
accessible through two separate physical address ranges.
Map XTFPGA FLASH to system IO block and fix offsets used for mapping.
Create and initialize FLASH device with series of qdev_prop_set_* as
that's the preferred interface now. Keep initialization in a separate
function.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
compat and a missed part of the SIMD support. The others contain
optimizations and cleanup.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJWJ2fwAAoJEN7Pa5PG8C+v014QAKCt0c7dEbxPeMkizJ/8Qe27
o8xK0ZzKHtOnb/Xr7d1Us7vKIBs5NvMQMiybfwllllCAyOX/lUB6NWXuX/9guqY2
N8ARtMPqVeX6GFNtTu0tuDNdjyfLamYvpQHv5fISGuqkhvUVKo/NYpdsvDG4j33K
/FceZ+YzM3w/wVTkuXlpjrMEn5AZwr4i/3miqmrr7IfI3hmwwL4+veXhcKE0301w
Mxro25UdFyGt4KDpmMDVMywx+m30lhDf+drsEDD1sCkq+FcSoB5GsBbYOtt9yhDg
ySugfpH8THGzedZfCC6sqI2aXuFjMkKGvRmHhIhUk8pUjxcpo3qvqqA+6pCKR7Bx
zAWHCoiGCdH3PHRwqySlDmQ4HZGRQ7L7/hzigJTETCgOefX/CYQpW5AsbFAh1yyI
LsfKRn9SuDc922vDefi4TXnvcIVcMmrsLpA7g6CKCZD0e7kSKru6k6hq1kV6UDvz
BqOaB2pgrBqo+U2+QhvFPjSLtSaTVHuwyAnLxP/UMTL4m4A7t9DntrZzb8n0UgDe
SwY+ZhyE1t/XfoOFJVT6n7/58Ed1THQfsVb/XUIFFB1e2WWXOL4pMgFyrm89NQrb
ynQyd5kfEcGMeS20pRgw/fo3PeXgdLEY5g9v8Rs6C7NfmjE7fDTmkgqeqBUXx0Th
OoWULjd4q6PcwtgsTpJ2
=Eof7
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20151021-v2' into staging
More s390x patches. The first ones are fixes: A regression, missed
compat and a missed part of the SIMD support. The others contain
optimizations and cleanup.
# gpg: Signature made Wed 21 Oct 2015 11:24:48 BST using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
* remotes/cohuck/tags/s390x-20151021-v2:
s390x/cmma: clean up cmma reset
s390x: reset crypto only on clear reset and QEMU reset
s390x: machine reset function with new ipl cpu handling
s390x/ipl: we always have an ipl device
s390x: unify device reset during subsystem_reset()
s390x: flagify mcic values
s390x/kvm: Fix vector validity bit in device machine checks
s390x/virtio-ccw: fix 2.4 virtio compat
util/qemu-config: fix missing machine command line options
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The cmma reset is per VM, so we don't need a cpu object. We can
directly make use of kvm_state, as it is already available when
the reset is called. By moving the cmma reset in our machine reset
function, we can avoid a manual reset handler.
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Initializing VM crypto in initial cpu reset has multiple problems
1. We call the exact same function #VCPU times, although one time is enough
2. On SIGP initial cpu reset, we exchange the wrapping key while
other VCPUs are running. Bad!
3. It is simply wrong. According to the Pop, a reset happens only during a
clear reset.
So, we have to reset the keys
- on modified clear reset
- on load clear (QEMU reset - via machine reset)
- on qemu start (via machine reset)
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Current implementation depends on the order of resets getting triggered.
If a cpu reset is triggered after the ipl device reset, the CPU is stopped and
the VM will not run. In fact, that hinders us from converting the ipl device
into a TYPE_DEVICE. Let's change that by manually configuring the ipl cpu
during a system reset, so we have full control and can demangle that code.
Also remove the superflous cpu parameter from s390_update_iplstate on the way.
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Both s390 machines unconditionally create an ipl device, so no need to
handle the missing case.
Now we can also change s390_ipl_update_diag308() to return void.
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
We have to manually reset several devices that are not on a bus: Let's
collect them in an array.
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJWJl9qAAoJEL6G67QVEE/fn+gQAI4Y+0CLmds9bb0q3yWUmhwx
QUjnae8Ji11av6i9chSh3Qg1ZLdYl/SbpS/yi+YOfGHo3k8cAU6JqWvCfZW5wSck
541X89b6s6kF2HsknRm1tJchQHsp8kxe4nlNgzJN8lraOcamBNzWH4GngXV6km6t
V15JIOKCW1zW9w13O+Td8buN0MTDFxioe1sbZsdhyNWGoKSGXSlOcWNzr18zE/Ji
SryhHt45hanV7Aiq/jW+rDHgddOjpspA7vSW/f2SCimAtbrVx6+2ZTEvIVnylfj0
VgE4XiH385RZN0wHMT8Gs4wEaB8BM4coRJBDVoRqk0fy6FtEvgK3Z/48KHYiAhkr
rWLQiat/o20cbgRCVRWju5/DPoFwQEM0GStEI+NVMBMUW8sxnQ2ob16Ks60u/FaU
PT8WKApQz1258FxWURjJzs6dObp62CJdNqUjvwJ6kQkSrdxDsqDz07BcMqbQ3D/H
VNP/L5b24eLZQKo9KSAxtfIgUeQuvceN0csZ++Sb1ABnu+tTp8S2P8Y//lugghsq
PvgmZNt2oCySVLMCEenu5a2y+NlavzzPVl64CJRDXdv65uoPUDo7YJjt6z3iwmEu
UUJTr178r3lKZH4bzlwq6bLz/XbM4RMk7KI1HzFP/MPL1AMggdB8zPZZ2J0N7t7X
Xl4kofpluFBmBILt4PKl
=XIOA
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/berrange/tags/io-channel-3-for-upstream' into staging
Merge io-channels-3 partial branch
# gpg: Signature made Tue 20 Oct 2015 16:36:10 BST using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
* remotes/berrange/tags/io-channel-3-for-upstream:
util: pull Buffer code out of VNC module
coroutine: move into libqemuutil.a library
osdep: add qemu_fork() wrapper for safely handling signals
ui: convert VNC startup code to use SocketAddress
sockets: allow port to be NULL when listening on IP address
sockets: move qapi_copy_SocketAddress into qemu-sockets.c
sockets: add helpers for creating SocketAddress from a socket
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The coroutine files are currently referenced by the block-obj-y
variable. The coroutine functionality though is already used by
more than just the block code. eg migration code uses coroutine
yield. In the future the I/O channel code will also use the
coroutine yield functionality. Since the coroutine code is nicely
self-contained it can be easily built as part of the libqemuutil.a
library, making it widely available.
The headers are also moved into include/qemu, instead of the
include/block directory, since they are now part of the util
codebase, and the impl was never in the block/ directory
either.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Check the cursor size more carefully. Also switch to unsigned while
being at it, so they can't be negative.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It works fine with the Linux driver out of the box
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Return a static signature ("QEMU CFG") if the guest does a read to the
DMA address io register.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Enable the fw_cfg DMA interface for all the x86 platforms.
Based on Gerd Hoffman's initial implementation.
Signed-off-by: Marc Marí <markmb@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Enable the fw_cfg DMA interface for the ARM virt machine.
Based on Gerd Hoffman's initial implementation.
Signed-off-by: Marc Marí <markmb@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Based on the specifications on docs/specs/fw_cfg.txt
This interface is an addon. The old interface can still be used as usual.
Based on Gerd Hoffman's initial implementation.
Signed-off-by: Marc Marí <markmb@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The xen-platform code crashes on reset if the xen backend is not
initialized, because it calls xc_hvm_set_mem_type(). Ensure xen-platform
won't be created without initializing the xen backend.
The assert can't be triggered by the user because the device is not
hotpluggable, and the only code creating it (at pc_xen_hvm_init())
already checks xen_enabled().
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Without this check, the xen-platform device will crash on reset
if using the accel option with anything other than xen (e.g.
"-machine xenfv,accel=kvm").
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
* Support for Linux 4.4's new Hyper-V features
* Eliminate g_slice from areas I maintain
* checkpatch fix
* Peter's cpu_reload_memory_map() cleanups
* More changes to MAINTAINERS
* Require Python 2.6
* chardev creation fixes
* PCI requester id for ARM KVM
* cleanups and doc fixes
* Allow customization of the Hyper-V vendor id
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJWJKYWAAoJEL/70l94x66D2yYH/Rw06gj9FFVEhfNODmJozCsK
zRqRREo+VMo/lIGUSwzI+OCX+yUoivxnsJXchqunK0udPuQ5vZ+mVGyKedg8/SU+
uqXzXMK7QgJK/w7qNA1n0OacNYSosZz9MpOwPgzSLPRda8FbtVKqPBOugSEs+Ymg
APtiumz3DGWXUmt+vqRdgdiAvoGkefPODjjPjfSQFukg205KR88tf/b9oN8Z+kDW
LtGqG9dUNS/60ulLNQdFInn3x5WpuGky5kk57f47QHpInNcN4/CH0BiguvYNkA9A
aFFEWj5RsK7xkhcwSw6JIaSoWoTdrQVd4mB6+WTZN4tfGIIaoDeI6fp2MFmVpZU=
=9Tf9
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* KVM page size fix for PPC
* Support for Linux 4.4's new Hyper-V features
* Eliminate g_slice from areas I maintain
* checkpatch fix
* Peter's cpu_reload_memory_map() cleanups
* More changes to MAINTAINERS
* Require Python 2.6
* chardev creation fixes
* PCI requester id for ARM KVM
* cleanups and doc fixes
* Allow customization of the Hyper-V vendor id
# gpg: Signature made Mon 19 Oct 2015 09:13:10 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
* remotes/bonzini/tags/for-upstream: (49 commits)
kvm: Allow the Hyper-V vendor ID to be specified
kvm: Move x86-specific functions into target-i386/kvm.c
kvm: Pass PCI device pointer to MSI routing functions
hw/pci: Introduce pci_requester_id()
kvm: Make KVM_CAP_SIGNAL_MSI globally available
doc/rcu: fix g_free_rcu() usage example
qemu-char: cleanup after completed conversion to cd->create
qemu-char: convert ringbuf backend to data-driven creation
qemu-char: convert vc backend to data-driven creation
qemu-char: convert spice backend to data-driven creation
qemu-char: convert console backend to data-driven creation
qemu-char: convert stdio backend to data-driven creation
qemu-char: convert testdev backend to data-driven creation
qemu-char: convert braille backend to data-driven creation
qemu-char: convert msmouse backend to data-driven creation
qemu-char: convert mux backend to data-driven creation
qemu-char: convert null backend to data-driven creation
qemu-char: convert pty backend to data-driven creation
qemu-char: convert UDP backend to data-driven creation
qemu-char: convert socket backend to data-driven creation
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
In-kernel ITS emulation on ARM64 will require to supply requester IDs.
These IDs can now be retrieved from the device pointer using new
pci_requester_id() function.
This patch adds pci_dev pointer to KVM GSI routing functions and makes
callers passing it.
x86 architecture does not use requester IDs, but hw/i386/kvm/pci-assign.c
also made passing PCI device pointer instead of NULL for consistency with
the rest of the code.
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Message-Id: <ce081423ba2394a4efc30f30708fca07656bc500.1444916432.git.p.fedin@samsung.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
For GICv3 ITS implementation we are going to use requester IDs in KVM IRQ
routing code. This patch introduces reusable convenient way to obtain this
ID from the device pointer. The new function is now used in some places,
where the same calculation was used.
MemTxAttrs.stream_id also renamed to requester_id in order to better
reflect semantics of the field.
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <5814bcb03a297f198e796b13ed9c35059c52f89b.1444916432.git.p.fedin@samsung.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Avoid undefined behaviour from shifting left into the sign bit:
hw/ide/ahci.c:551:36: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
(Unfortunately C's promotion rules mean that in the expression
"some_uint8_t_variable << 24" the LHS gets promoted to signed
int before shifting.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: John Snow <jsnow@redhat.com>
- Use a hash table indexed on bus pointers to store information about buses
instead of using the bus numbers.
Bus pointers are stored in a new VTDBus struct together with the vector
of device address space pointers indexed by devfn.
- The bus number is still used for lookup for selective SID based invalidate,
in which case the bus number is lazily resolved from the bus hash table and
cached in a separate index.
Signed-off-by: Knut Omang <knut.omang@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Currently PCI IO address 0 is not allowed even though
the IO space starts from 0. This update makes PCI IO
address 0 usable.
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Andrew Jones <drjones@redhat.com>
Signed-off-by: Alexander Gordeev <agordeev@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The /4 for offset calculation in MMIO writes was happening twice giving
wrong write offsets. Fix.
While touching the code, change the if-else to be a short returning if
and convert the debug message to a GUEST_ERROR, which is more accurate
for this condition.
Cc: qemu-stable@nongnu.org
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
ARM uses dashes instead of underscores for machine names. Fix imx25_pdk
which has not seen a release yet (so there is no legacy yet).
Cc: Jean-Christophe Dubois <jcd@tribudubois.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1444445785-3648-1-git-send-email-crosthwaite.peter@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: Added change to tests/ds1338-test.c to use new machine name]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* For Collie, Akita, Spitz, Borzoi, Terrier and Tosa PDAs, provide
model numbers and manufacturer (Sharp) information.
Signed-off-by: Ryo ONODERA <ryo_on@yk.rim.or.jp>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
ARM/AArch64 KVM guests don't have any way to identify
themselves as KVM guests (x86 guests use a CPUID leaf). Now, we
could discuss all sorts of reasons why guests shouldn't need to
know that, but then there's always some case where it'd be
nice... Anyway, now that we have SMBIOS tables in ARM guests,
it's easy for the guest to know that it's a QEMU instance. This
patch takes that one step further, also identifying KVM, when
appropriate. Again, we could debate why generally nothing
should care whether it's of type QEMU or QEMU/KVM, but again,
sometimes it's nice to know...
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Wei Huang <wei@redhat.com>
Message-id: 1443017892-15567-1-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There are two bugs here. First, the 16-bit id loses the high 8 bits
when shifted left by 24. Second, the address must be combined with
an "or" or we just get zero.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Simplify memory allocation by sticking with a single API. GSlice
is not that fast anyway (tcmalloc/jemalloc are better).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Version: GnuPG v1
iQEcBAABAgAGBQJWG2e/AAoJEO8Ells5jWIRcYcH/2D11W8cToCBjGDuw/u9K1ht
S3oGyFasOEq3lm3+a3zQE+vDw0RDkjLEMhcTVwNskJQl6k6Ts5JleTZ6wffvUKPM
UCozgPOCt1ZAdGskwdbByc+NhaVBHIiEsmlbDKqP22CENdDx6GWjcFW4brA4tQJQ
AW36EH77j/M+7/KiSukcUfIexILUZJRfN+ICJVyNTpGsqUNJtFqiVPBMPyJhKCEq
3pr3yJ2lf78SAEF5kBeBc9r/PDWUhtqExBsrK0L8Ey1FdrCy8ldqDPGecT4TsxNv
W/KX5AqhKSsMI8DQKdbv/IKaUdjYWNjTRQ2Qjm8Vt0hcW0PhxR0NYi6bV4yjDNM=
=f26Q
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Mon 12 Oct 2015 08:56:47 BST using RSA key ID 398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
tests: add test cases for netfilter object
netfilter: add a netbuffer filter
net/queue: export qemu_net_queue_append_iov
netfilter: print filter info associate with the netdev
netfilter: add an API to pass the packet to next filter
net/queue: introduce NetQueueDeliverFunc
net: merge qemu_deliver_packet and qemu_deliver_packet_iov
netfilter: hook packets before net queue send
init/cleanup of netfilter object
vl.c: init delayed object after net_init_clients
vmxnet3: Add support for VMXNET3_CMD_GET_ADAPTIVE_RING_INFO command
e1000: use alias for default model
vmxnet3: Support reading IMR registers on bar0
net/vmxnet3: Refine l2 header validation
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
It is possible for the guest to set an invalid block
size which is larger then the fifo_buffer[] array. This
could cause a buffer overflow.
To avoid this limit the maximum size of the blksize variable.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reported-by: Intel Security ATR <secure@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: abe4c51f513290bbb85d1ee271cb1a3d463d7561.1444067470.git.alistair.francis@xilinx.com
Suggested-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Reported-by: Intel Security ATR <secure@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Simplify memory allocation by sticking with a single API. GSlice
is not that fast anyway (tcmalloc/jemalloc are better).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Let dataplane allocate different region for the desc/avail/used
ring regions.
Take VIRTIO_RING_F_EVENT_IDX into account to increase the used/avail
rings accordingly.
[Fix 32-bit builds by changing 16lx format specifier to HWADDR_PRIx.
--Stefan]
Signed-off-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Message-id: 1441625636-23773-1-git-send-email-pmorel@linux.vnet.ibm.com
(changed __virtio16 into uint16_t,
map descriptor table and available ring read-only)
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The raw-posix block driver implements Linux AIO batching so multiple
requests can be submitted with a single io_submit(2) system call.
Batching is currently only used by virtio-scsi and
virtio-blk-data-plane.
Enable batching for regular virtio-blk so the number of io_submit(2)
system calls is reduced for workloads with queue depth > 1.
In 4KB random read performance tests with queue depth 32, the CPU
utilization on the host is reduced by 9.4%. The fio job is as follows:
[global]
bs=4k
ioengine=libaio
iodepth=32
direct=1
sync=0
time_based=1
runtime=30
clocksource=gettimeofday
ramp_time=5
[job1]
rw=randread
filename=/dev/vdb
size=4096M
write_bw_log=fio
write_iops_log=fio
write_lat_log=fio
log_avg_msec=1000
This benchmark was run on an raw image on LVM. The disk was an SSD
drive and -drive cache=none,aio=native was used.
Tested-by: Pradeep Surisetty <psuriset@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Commit 19109131 disabled the sdhci-pci support because it used
drive_get_next(). This patch reenables sdhci-pci and changes it to
pass the drive via a qdev property - for example:
-device sdhci-pci,drive=drive0 -drive id=drive0,if=sd,file=myimage
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Some drivers (e.g. vmware-tools) issue the VMXNET3_CMD_GET_ADAPTIVE_RING_INFO
command.
Currently, due to lack of support, a bogus value (-1) is returned.
Support this command, returning the "adaptive-ring disabled" flag.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Instead of duplicating the "e1000-82540em" device model as "e1000",
make the latter an alias for the former.
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Instead of asserting, return the actual IMR register value.
This is aligned with what's returned on ESXi.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Tested-by: Dana Rubin <dana.rubin@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Validation of l2 header length assumed minimal packet size as
eth_header + 2 * vlan_header regardless of the actual protocol.
This caused crash for valid non-IP packets shorter than 22 bytes, as
'tx_pkt->packet_type' hasn't been assigned for such packets, and
'vmxnet3_on_tx_done_update_stats()' expects it to be properly set.
Refine header length validation in 'vmxnet_tx_pkt_parse_headers'.
Check its return value during packet processing flow.
As a side effect, in case IPv4 and IPv6 header validation failure,
corrupt packets will be dropped.
Signed-off-by: Dana Rubin <dana.rubin@ravellosystems.com>
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Several devices don't survive object_unref(object_new(T)): they crash
or hang during cleanup, or they leave dangling pointers behind.
This breaks at least device-list-properties, because
qmp_device_list_properties() needs to create a device to find its
properties. Broken in commit f4eb32b "qmp: show QOM properties in
device-list-properties", v2.1. Example reproducer:
$ qemu-system-aarch64 -nodefaults -display none -machine none -S -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 50, "minor": 4, "major": 2}, "package": ""}, "capabilities": []}}
{ "execute": "qmp_capabilities" }
{"return": {}}
{ "execute": "device-list-properties", "arguments": { "typename": "pxa2xx-pcmcia" } }
qemu-system-aarch64: /home/armbru/work/qemu/memory.c:1307: memory_region_finalize: Assertion `((&mr->subregions)->tqh_first == ((void *)0))' failed.
Aborted (core dumped)
[Exit 134 (SIGABRT)]
Unfortunately, I can't fix the problems in these devices right now.
Instead, add DeviceClass member cannot_destroy_with_object_finalize_yet
to mark them:
* Hang during cleanup (didn't debug, so I can't say why):
"realview_pci", "versatile_pci".
* Dangling pointer in cpus: most CPUs, plus "allwinner-a10", "digic",
"fsl,imx25", "fsl,imx31", "xlnx,zynqmp", because they create such
CPUs
* Assert kvm_enabled(): "host-x86_64-cpu", host-i386-cpu",
"host-powerpc64-cpu", "host-embedded-powerpc-cpu",
"host-powerpc-cpu" (the powerpc ones can't currently reach the
assertion, because the CPUs are only registered when KVM is enabled,
but the assertion is arguably in the wrong place all the same)
Make qmp_device_list_properties() fail cleanly when the device is so
marked. This improves device-list-properties from "crashes, hangs or
leaves dangling pointers behind" to "fails". Not a complete fix, just
a better-than-nothing work-around. In the above reproducer,
device-list-properties now fails with "Can't list properties of device
'pxa2xx-pcmcia'".
This also protects -device FOO,help, which uses the same machinery
since commit ef52358 "qdev-monitor: include QOM properties in -device
FOO, help output", v2.2. Example reproducer:
$ qemu-system-aarch64 -machine none -device pxa2xx-pcmcia,help
Before:
qemu-system-aarch64: .../memory.c:1307: memory_region_finalize: Assertion `((&mr->subregions)->tqh_first == ((void *)0))' failed.
After:
Can't list properties of device 'pxa2xx-pcmcia'
Cc: "Andreas Färber" <afaerber@suse.de>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Anthony Green <green@moxielogic.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: Jia Liu <proljc@gmail.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Cc: Michael Walle <michael@walle.cc>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Richard Henderson <rth@twiddle.net>
Cc: qemu-ppc@nongnu.org
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <1443689999-12182-10-git-send-email-armbru@redhat.com>
DBDMA_init is not idempotent, and calling it from instance_init
breaks a simple object_new/object_unref pair. Work around this,
pending qdev-ification of DBDMA, by moving the call to realize.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1443689999-12182-4-git-send-email-armbru@redhat.com>
This causes the region to outlive the object, because it attaches the
region to /machine. This is not nice for the "realize" method, but
much worse for "instance_init" because it can cause dangling pointers
after a simple object_new/object_unref pair.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1443689999-12182-3-git-send-email-armbru@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
When CONFIG_LINUX is off, devices "virtio-keyboard-device",
"virtio-mouse-device", "virtio-tablet-device" and
"virtio-input-host-device" aren't compiled in, yet
"virtio-keyboard-pci", "virtio-mouse-pci", "virtio-tablet-pci" and
"virtio-input-host-pci" still are. Attempts to introspect them crash,
e.g.
$ qemu-system-x86_64 -device virtio-tablet-pci,help
**
ERROR:/work/armbru/qemu/qom/object.c:333:object_initialize_with_type: assertion failed: (type != NULL)
Broken in commit 710e2d9 and commit 006a5ed.
Fix by compiling the "virtio-FOO-pci" exactly when compiling the
"virtio-FOO-device": compile "virtio-keyboard-device",
"virtio-mouse-device", "virtio-tablet-device" regardless of
CONFIG_LINUX, and compile "virtio-input-host-pci" only for
CONFIG_LINUX.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <1444320700-26260-3-git-send-email-armbru@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWFp75AAoJEL7lnXSkw9fbImgIALGEo20bKy2X624iPgTePuPb
e34TjoRoB7s3rZ2SrVCIZCAsSKPtt+qQcGmJxt1YUtW0yD32aDJWQ3mm7EQTtjc+
6dNZF5eI0322YPMePzAb1SvEc+T4b1otUS/wxENnA4D8s0lBVn1L47Ajt2E8/SP7
rv0XTUnzwc5s4qjNNUqidvrSvmYqj5DhMh3veSb+FDm3DSKlB3Z1eq3yx0+g2ghR
zsa2cUnX/6y26paeMqCMiFOAWSqQa80TBjgDyRiul2jrPeaM/As2Cr657MKugvi9
4vMg9CqmLiwerTkicv5kOsUFAetdLCuvnqNqol3DFRxJ+4bbOp3VQccrBXWtZY0=
=QRsk
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2015-10-08' into staging
trivial patches for 2015-10-08
# gpg: Signature made Thu 08 Oct 2015 17:51:05 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
* remotes/mjt/tags/pull-trivial-patches-2015-10-08:
tests: Unique test path for /string-visitor/output
linux-user: Remove type casts to union type
linux-user: Use g_new() & friends where that makes obvious sense
rocker: Use g_new() & friends where that makes obvious sense
.travis.yml: Run make check for all targets, not just some
hw: char: Remove unnecessary variable
hw: timer: Remove unnecessary variable
qapi: add missing @
MAINTAINERS: Add NSIS file for W32, W64 hosts
target-ppc: Remove unnecessary variable
target-microblaze: Remove unnecessary variable
s/cpu_get_real_ticks/cpu_get_host_ticks/
pc: check for underflow in load_linux
pci-assign: do not include sys/io.h
block/ssh: remove dead code
imx_serial: Generate interrupt on tx empty if enabled
sdhci: Change debug prints to compile unconditionally
sdhci: use PRIx64 for uint64_t type
Add .dir-locals.el file to configure emacs coding style
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.
This commit only touches allocations with size arguments of the form
sizeof(T). Same Coccinelle semantic patchas in commit b45c03f.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Jiri Pirko <jiri@resnulli.us>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This should help clarify the purpose of the function that returns
the host system's CPU cycle count.
Signed-off-by: Christopher Covington <cov@codeaurora.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
ppc portion
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
If (setup_size+1)*512 is small enough, kernel_size -= setup_size can allocate
a huge amount of memory. Avoid that.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This file does not exist on bionic libc and the functions it defines
are in fact not used by pci-assign.c. Remove it.
Reported-by: Houcheng Lin <houcheng@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Generate an interrupt if the tx buffer is empty and the tx empty interrupt
is enabled. This fixes a problem seen when running a Linux image since
Linux commit 55c3cb1358e ("serial: imx: remove unneeded imx_transmit_buffer()
from imx_start_tx()"). Linux now waits for the tx empty interrupt before
starting to send data, causing transmit stalls until there is an interrupt
for another reason.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Conditional compilation hides few type mismatch warnings, fix it to
compile unconditionally.
Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
Suggested-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Fix compile time warnings, because of type mismatch for unsigned long
long type.
Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add virglrenderer library detection. Add 3d mode to virtio-gpu,
wire up virglrenderer library. When in 3d mode render using the
new context management and texture scanout callbacks.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
For symmetry reasons: virtio_gpu_create_mapping_iov() allocates it so
virtio_gpu_cleanup_mapping_iov() should free it, otherwise it's easy to
miss a free() needed and leak memory.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
pc_dimm_realize() validates the NUMA node to which memory hotplug is
being performed only in case of NUMA configuration. Include a check to
fail for invalid nodes in case of non-NUMA configuration too.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Some fixes all over the place:
- ccw bios and gcc 5.1 (avoid floating point ops)
- properly print vector registers
- sclp and sclp-event-facility no longer hang on object_unref(object_new(T))
- better name for io_subsystem_reset
One feature
- the gdb server now exposes several virtualization specific register
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAABAgAGBQJWE6BoAAoJEBF7vIC1phx89zUP/RohjexrA9GZ93mKlP8SdmUO
FP4MmsaInv7PTIfZeUnG1sa0n9CbodwiPypnzlvOedbibQagnZwI+pnpa/W/SxJQ
M6Wh+vamUFEfXcNC4/6zOJJvKUQUBYMDVgbUuDxTgCne4V9yCgVzs8NPWBIfFCVC
3bzUxinzG+mTD6eQLNNrpTa7KSuKhNS1g0hsIId92XAr7iQ3H2SSDCr9w+HOR3eN
Gqr3JdCOVOwqNcrsyfpJK3NYaooqcSbAlIpfNoGaxrc3DldEjBTfr20LLHKoPhcM
ibEAOUi1dtdBlZofo8/OBvHeeR0MPHmCjV9CTxymmgABPWhpIIxEG16vgy8ijZ5R
QcA6D4QlALvE+kDwXGtHfEOZ0rHMHmzD9RUtzLL5ALG4UWM06qrwqtMeHUuAxInU
lRPaEV9J+1fXzQzH708DjRAncOOdTCVUv0SfoYa3VR4wo0ZMx6W/K/FXc/h4q4Jm
6CztpK03HSly+gCkd6gcdZ908Se3OcaB0DTScVvUdVKCUdvM53Uo7L5jI9wk399a
xj/+W4XO9lkLEFnZKAKopS4ea7cgV8oIqUuMpCuZnCiOQCCKpZgrUgJAxvaLomnv
4he7fbiScmMEhUGVI0AvMmbMYCbGd4gVoHm5/kMvslV5w5o898uIVlTrvNf3Z6Fv
9jZSLDLVoHeU+ESOjJy+
=STtO
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20151006' into staging
s390: fixes
Some fixes all over the place:
- ccw bios and gcc 5.1 (avoid floating point ops)
- properly print vector registers
- sclp and sclp-event-facility no longer hang on object_unref(object_new(T))
- better name for io_subsystem_reset
One feature
- the gdb server now exposes several virtualization specific register
# gpg: Signature made Tue 06 Oct 2015 11:20:24 BST using RSA key ID B5A61C7C
# gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>"
* remotes/borntraeger/tags/s390x-20151006:
s390x: rename io_subsystem_reset -> subsystem_reset
s390x/info registers: print vector registers properly
s390x: set missing parent for hotplug and quiesce events
s390x/gdb: expose virtualization specific registers
pc-bios/s390-ccw: avoid floating point operations
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
At present the memory listener used by vfio to keep host IOMMU mappings
in sync with the guest memory image assumes that if a guest IOMMU
appears, then it has no existing mappings.
This may not be true if a VFIO device is hotplugged onto a guest bus
which didn't previously include a VFIO device, and which has existing
guest IOMMU mappings.
Therefore, use the memory_region_register_iommu_notifier_replay()
function in order to fix this case, replaying existing guest IOMMU
mappings, bringing the host IOMMU into sync with the guest IOMMU.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Depending on the host IOMMU type we determine and record the available page
sizes for IOMMU translation. We'll need this for other validation in
future patches.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
The current vfio core code assumes that the host IOMMU is capable of
mapping any IOVA the guest wants to use to where we need. However, real
IOMMUs generally only support translating a certain range of IOVAs (the
"DMA window") not a full 64-bit address space.
The common x86 IOMMUs support a wide enough range that guests are very
unlikely to go beyond it in practice, however the IOMMU used on IBM Power
machines - in the default configuration - supports only a much more limited
IOVA range, usually 0..2GiB.
If the guest attempts to set up an IOVA range that the host IOMMU can't
map, qemu won't report an error until it actually attempts to map a bad
IOVA. If guest RAM is being mapped directly into the IOMMU (i.e. no guest
visible IOMMU) then this will show up very quickly. If there is a guest
visible IOMMU, however, the problem might not show up until much later when
the guest actually attempt to DMA with an IOVA the host can't handle.
This patch adds a test so that we will detect earlier if the guest is
attempting to use IOVA ranges that the host IOMMU won't be able to deal
with.
For now, we assume that "Type1" (x86) IOMMUs can support any IOVA, this is
incorrect, but no worse than what we have already. We can't do better for
now because the Type1 kernel interface doesn't tell us what IOVA range the
IOMMU actually supports.
For the Power "sPAPR TCE" IOMMU, however, we can retrieve the supported
IOVA range and validate guest IOVA ranges against it, and this patch does
so.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
If a DMA mapping operation fails in vfio_listener_region_add() it
checks to see if we've already completed initial setup of the
container. If so it reports an error so the setup code can fail
gracefully, otherwise throws a hw_error().
There are other potential failure cases in vfio_listener_region_add()
which could benefit from the same logic, so move it to its own
fail: block. Later patches can use this to extend other failure cases
to fail as gracefully as possible under the circumstances.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Currently the VFIOContainer iommu_data field contains a union with
different information for different host iommu types. However:
* It only actually contains information for the x86-like "Type1" iommu
* Because we have a common listener the Type1 fields are actually used
on all IOMMU types, including the SPAPR TCE type as well
In fact we now have a general structure for the listener which is unlikely
to ever need per-iommu-type information, so this patch removes the union.
In a similar way we can unify the setup of the vfio memory listener in
vfio_connect_container() that is currently split across a switch on iommu
type, but is effectively the same in both cases.
The iommu_data.release pointer was only needed as a cleanup function
which would handle potentially different data in the union. With the
union gone, it too can be removed.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
In irqfd mode, current code attempts to set a resamplefd whatever
the type of the IRQ. For an edge-sensitive IRQ this attempt fails
and as a consequence, the whole irqfd setup fails and we fall back
to the slow mode. This patch bypasses the resamplefd setting for
non level-sentive IRQs.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
unmask EventNotifier might not be initialized in case of edge
sensitive irq. Using EventNotifier pointers make life simpler to
handle the edge-sensitive irqfd setup.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
With current implementation, eventfd VFIO signaling is first set up and
then irqfd is setup, if supported and allowed.
This start sequence causes several issues with IRQ forwarding setup
which, if supported, is transparently attempted on irqfd setup:
IRQ forwarding setup is likely to fail if the IRQ is detected as under
injection into the guest (active at irqchip level or VFIO masked).
This currently always happens because the current sequence explicitly
VFIO-masks the IRQ before setting irqfd.
Even if that masking were removed, we couldn't prevent the case where
the IRQ is under injection into the guest.
So the simpler solution is to remove this 2-step startup and directly
attempt irqfd setup. This is what this patch does.
Also in case the eventfd setup fails, there is no reason to go farther:
let's abort.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
ICC bus impl has been droped, so all icc related files are not useful
any more; delete them.
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
After CPU hotplug has been converted to BUS-less hot-plug infrastructure,
the only function ICC bus performs is to propagate reset to LAPICs. However
LAPIC could be reset by registering its reset handler after all device are
initialized.
Do so and drop ~30LOC of not needed anymore ICCBus related code.
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
During reset some devices (such as hpet, rtc) might send IRQ to APIC
which changes APIC's state from default one it's supposed to have
at machine startup time.
Fix this by resetting APIC after devices have been reset to cancel
any changes that qemu_devices_reset() might have done to its state.
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
When ICC bus/bridge is removed, APIC MMIO will be left
unmapped since it was mapped into system's address space
indirectly by ICC bridge.
Fix it by moving mapping into APIC code, so it would be
possible to remove ICC bus/bridge code later.
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Convert the kvm_default_features and kvm_default_unset_features arrays
into a simple list of property/value pairs that will be applied to
X86CPU objects when using KVM.
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
In order to simplify arguments of function, introduce a new struct
named X86CPUTopoInfo.
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
mapping DIMMs non contiguously allows to workaround
virtio bug reported earlier:
http://lists.nongnu.org/archive/html/qemu-devel/2015-08/msg00522.html
in this case guest kernel doesn't allocate buffers
that can cross DIMM boundary keeping each buffer
local to a DIMM.
Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
setting gap to TRUE will make sparse DIMM
address auto allocation, leaving gaps between
a new DIMM address and preceeding existing DIMM.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
According to the Pop:
"Subsystem reset operates only on those elements in the configuration
which are not CPUs".
As this is what we actually do, let's simply rename the function.
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Message-Id: <1443689387-34473-6-git-send-email-jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Existing code missed to set a parent for the quiesce and hotplug event.
While this didn't matter in practise, new introspection APIs basically now
do an object_unref(object_new(T)), which loops forever.
When trying to remove the event facility bus, the code tries to
unparent all childs on the bus, so they are properly deleted and therefore removed.
As object_unparent() on these child devices doesn't work, as there is no parent,
we loop forever.
Let's fix this by adding the event facility as a parent. Also switch from
object_initialize to object_new, so the only valid reference is in fact the
parent property. This makes it more obvious when the device (state) is actually
gone (and how the reference counting works).
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Message-Id: <1443689387-34473-4-git-send-email-jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
And do not issue an error_report in that case.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pc_compat_2_4() doesn't exist, and we shouldn't create one. Add a
comment explaining why the function doesn't exist and why pc_compat_*()
functions are deprecated.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When packet is truncated during receiving, we drop the packets but
neither discard the descriptor nor add and signal used
descriptor. This will lead several issues:
- sg mappings are leaked
- rx will be stalled if a lots of packets were truncated
In order to be consistent with vhost, fix by discarding the descriptor
in this case.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch introduces virtqueue_discard() to discard a descriptor and
unmap the sgs. This will be used by the patch that will discard
descriptor when packet is truncated.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Factor out sg unmapping logic. This will be reused by the patch that
can discard descriptor.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Andrew James <andrew.james@hpe.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* IOAPIC fixes (to pass kvm-unit-tests with -machine kernel_irqchip=off)
* NBD API upgrades from Daniel
* strtosz fixes from Marc-André
* improved support for readonly=on on scsi-generic devices
* new "info ioapic" and "info lapic" monitor commands
* Peter Crosthwaite's ELF_MACHINE cleanups
* docs patches from Thomas and Daniel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJWBSAEAAoJEL/70l94x66DeL4H/21YR4GWCqo30f+W5kx24ZNo
by8H2kdZmWKRr/La1JlAReki9GCP1U8Q0cYC8V885gHLKcahWS/75UKwNbw0OSyg
2jj4uREc645TTFAvV5kQ+uAw9F/dchvkXylrVgOoUPipfmYibXY8JLu9AcVnZi6H
X5Rvpqo4Uhp2cbRG7rYWrwgpNL+VZmKc8LDdqdlXrkjjanhuAYO2E9NBKaE+xJQQ
FHcpkV92iSZFEZ0CB535BTIdNdDM/ae6bw1As27EF10YBTfneCQNazSeh13pLO2n
lHit2GZr2VeTSBrPkPsItToY/Gw38duVZK4QM5/wSkHBzyeUJY0ltQrf53veYfk=
=uc+I
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* First batch of MAINTAINERS updates
* IOAPIC fixes (to pass kvm-unit-tests with -machine kernel_irqchip=off)
* NBD API upgrades from Daniel
* strtosz fixes from Marc-André
* improved support for readonly=on on scsi-generic devices
* new "info ioapic" and "info lapic" monitor commands
* Peter Crosthwaite's ELF_MACHINE cleanups
* docs patches from Thomas and Daniel
# gpg: Signature made Fri 25 Sep 2015 11:20:52 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
* remotes/bonzini/tags/for-upstream: (52 commits)
doc: Refresh URLs in the qemu-tech documentation
docs: describe the QEMU build system structure / design
typedef: add typedef for QemuOpts
i386: interrupt poll processing
i386: partial revert of interrupt poll fix
ppc: Rename ELF_MACHINE to be PPC specific
i386: Rename ELF_MACHINE to be x86 specific
alpha: Remove ELF_MACHINE from cpu.h
mips: Remove ELF_MACHINE from cpu.h
sparc: Remove ELF_MACHINE from cpu.h
s390: Remove ELF_MACHINE from cpu.h
sh4: Remove ELF_MACHINE from cpu.h
xtensa: Remove ELF_MACHINE from cpu.h
tricore: Remove ELF_MACHINE from cpu.h
or32: Remove ELF_MACHINE from cpu.h
lm32: Remove ELF_MACHINE from cpu.h
unicore: Remove ELF_MACHINE from cpu.h
moxie: Remove ELF_MACHINE from cpu.h
cris: Remove ELF_MACHINE from cpu.h
m68k: Remove ELF_MACHINE from cpu.h
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
New features:
vhost-user multiqueue support
virtio-ccw virtio 1 support
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWBOxjAAoJECgfDbjSjVRpao8H/1hV55WvPXyEHB9ian+JPVEb
pYFUcKGRO/bWMbXkqWnIBzNPrViPNQHot3zrOcoXtgnBGcuniiteGcAtqj4WEkgb
WSa22AI1QrEPfHIkhR3sYdJAsqte/RppnFKLSDDi9TwKOGUho47OnkzJWfB+vuup
7YM/r8YDCkckdvsvfsCwW4Fbjxv7oKSokFkkdV/NwNDocNvRSBS9iAXsQYFdS7tm
8DIkWK63HQDY9in+fYkk8zoaXK7oZMyi3vHd2g4W0t0mGznxj9dxomrJrMo/4GWZ
ZrnlB9R1QxpOCtoDtozelxkCnLJhEVjd8xYkGPg+xzYjrxl9aHIWjSNGhf5Q9QY=
=5IBX
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio,pc features, fixes
New features:
vhost-user multiqueue support
virtio-ccw virtio 1 support
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri 25 Sep 2015 07:40:35 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
MAINTAINERS: add more devices to the PCI section
MAINTAINERS: add more devices to the PC section
vhost-user: add a new message to disable/enable a specific virt queue.
vhost-user: add multiple queue support
vhost: introduce vhost_backend_get_vq_index method
vhost-user: add VHOST_USER_GET_QUEUE_NUM message
vhost: rename VHOST_RESET_OWNER to VHOST_RESET_DEVICE
vhost-user: add protocol feature negotiation
vhost-user: use VHOST_USER_XXX macro for switch statement
virtio-ccw: enable virtio-1
virtio-ccw: feature bits > 31 handling
virtio-ccw: support ring size changes
virtio: ring sizes vs. reset
pc: Introduce pc-*-2.5 machine classes
q35: Move options common to all classes to pc_i440fx_machine_options()
q35: Move options common to all classes to pc_q35_machine_options()
virtio-net: unbreak self announcement and guest offloads after migration
virtio: right size for virtio_queue_get_avail_size
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Originally, timers were ticks based, and it made sense to
add ticks to current time to know when to trigger an alarm.
But since commit:
7447545 change all other clock references to use nanosecond resolution accessors
All timers use nanoseconds and we need to convert ticks to nanoseconds.
As get_ticks_per_sec() is 10^9,
a = muldiv64(b, get_ticks_per_sec(), 100);
y = muldiv64(x, get_ticks_per_sec(), 1000000);
can be converted to
a = b * 10000000;
y = x * 1000;
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
hpet defines a clock period in femtoseconds but
then converts it to nanoseconds to use the internal
timers.
We can define the period in nanoseconds and use it
directly, this allows to remove muldiv64().
We only need to convert the period to femtoseconds
to put it in internal hpet capability register.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Originally, timers were ticks based, and it made sense to
add ticks to current time to know when to trigger an alarm.
But since commit:
7447545 change all other clock references to use nanosecond resolution accessors
All timers use nanoseconds and we need to convert ticks to nanoseconds, by
doing something like:
y = muldiv64(x, get_ticks_per_sec(), TIMER_FREQ)
where x is the number of device ticks and y the number of system ticks.
y is used as nanoseconds in timer functions,
it works because 1 tick is 1 nanosecond.
(get_ticks_per_sec() is 10^9)
But as openrisc timer frequency is 20 MHz, we can also do:
y = x * 50; /* 20 MHz period is 50 ns */
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Originally, timers were ticks based, and it made sense to
add ticks to current time to know when to trigger an alarm.
But since commit:
7447545 change all other clock references to use nanosecond resolution accessors
All timers use nanoseconds and we need to convert ticks to nanoseconds, by
doing something like:
y = muldiv64(x, get_ticks_per_sec(), TIMER_FREQ)
where x is the number of device ticks and y the number of system ticks.
y is used as nanoseconds in timer functions,
it works because 1 tick is 1 nanosecond.
(get_ticks_per_sec() is 10^9)
But as MIPS timer frequency is 100 MHz, we can also do:
y = x * 10; /* 100 MHz period is 10 ns */
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Originally, timers were ticks based, and it made sense to
add ticks to current time to know when to trigger an alarm.
But since commit:
7447545 change all other clock references to use nanosecond resolution accessors
All timers use nanoseconds and we need to convert ticks to nanoseconds, by
doing something like:
y = muldiv64(x, get_ticks_per_sec(), PCI_FREQUENCY)
where x is the number of device ticks and y the number of system ticks.
y is used as nanoseconds in timer functions,
it works because 1 tick is 1 nanosecond.
(get_ticks_per_sec() is 10^9)
But as PCI frequency is 33 MHz, we can also do:
y = x * 30; /* 33 MHz PCI period is 30 ns */
Which is much more simple.
This implies a 33.333333 MHz PCI frequency,
but this is correct.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Originally, timers were ticks based, and it made sense to
add ticks to current time to know when to trigger an alarm.
But since commit:
7447545 change all other clock references to use nanosecond resolution accessors
All timers use nanoseconds and we need to convert ticks to nanoseconds, by
doing something like:
y = muldiv64(x, get_ticks_per_sec(), PCI_FREQUENCY)
where x is the number of device ticks and y the number of system ticks.
y is used as nanoseconds in timer functions,
it works because 1 tick is 1 nanosecond.
(get_ticks_per_sec() is 10^9)
But as PCI frequency is 33 MHz, we can also do:
y = x * 30; /* 33 MHz PCI period is 30 ns */
Which is much more simple.
This implies a 33.333333 MHz PCI frequency,
but this is correct.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Originally, timers were ticks based, and it made sense to
add ticks to current time to know when to trigger an alarm.
But since commit:
7447545 change all other clock references to use nanosecond resolution accessors
All timers use nanoseconds and we need to convert ticks to nanoseconds, by
doing something like:
y = muldiv64(x, get_ticks_per_sec(), PCI_FREQUENCY)
where x is the number of device ticks and y the number of system ticks.
y is used as nanoseconds in timer functions,
it works because 1 tick is 1 nanosecond.
(get_ticks_per_sec() is 10^9)
But as PCI frequency is 33 MHz, we can also do:
y = x * 30; /* 33 MHz PCI period is 30 ns */
Which is much more simple.
This implies a 33.333333 MHz PCI frequency,
but this is correct.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Rename ELF_MACHINE to be PPC specific. This is used as-is by the
various PPC bootloaders and is locally defined to ELF_MACHINE in linux
user in PPC specific ifdeffery.
This removes another architecture specific definition from the global
namespace (as desired by multi-arch).
Cc: Alexander Graf <agraf@suse.de>
Cc: qemu-ppc@nongnu.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Rename ELF_MACHINE to be I386 specific. This is used as-is by the
multiboot loader.
Linux-user previously used this definition but will not anymore,
falling back to the default bahaviour of using ELF_ARCH as ELF_MACHINE.
This removes another architecture specific definition from the global
namespace.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The only generic code relying on this is linux-user, but linux users'
default behaviour of defaulting ELF_MACHINE to ELF_ARCH will handle
this.
The bootloaders can just pass EM_MIPS directly, as that is
architecture specific code.
This removes another architecture specific definition from the global
namespace.
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The bootloaders can just pass EM_SPARC or EM_SPARCV9 directly, as
they are architecture specific code (to one or the other).
This removes another architecture specific definition from the global
namespace.
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The bootloader can just pass EM_S390 directly, as that
is architecture specific code.
This removes another architecture specific definition from the global
namespace.
Cc: Richard Henderson <rth@twiddle.net>
Cc: Alexander Graf <agraf@suse.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The bootloaders can just pass EM_XTENSA directly, as that
is architecture specific code.
This removes another architecture specific definition from the global
namespace.
Cc: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The bootloader can just pass EM_TRICORE directly, as that
is architecture specific code.
This removes another architecture specific definition from the global
namespace.
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Acked-By: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The only generic code relying on this is linux-user, but linux users'
default behaviour of defaulting ELF_MACHINE to ELF_ARCH will handle
this.
The bootloader can just pass EM_OPENRISC directly, as that is
architecture specific code.
This removes another architecture specific definition from the global
namespace.
Cc: Jia Liu <proljc@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The bootloaders can just pass EM_LATTICEMICO32 directly, as that is
architecture specific code.
This removes another architecture specific definition from the global
namespace.
Cc: Michael Walle <michael@walle.cc>
Acked-By: Michael Walle <michael@walle.cc>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The bootloader can just pass EM_MOXIE directly, as that is architecture
specific code.
This removes another architecture specific definition from the global
namespace.
Cc: Anthony Green <green@moxielogic.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The only generic code relying on this is linux-user, but linux users'
default behaviour of defaulting ELF_MACHINE to ELF_ARCH will handle
this.
The bootloader can just pass EM_CRIS directly, as that is architecture
specific code.
This removes another architecture specific definition from the global
namespace.
Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The only generic code relying on this is linux-user, but linux users'
default behaviour of defaulting ELF_MACHINE to ELF_ARCH will handle
this.
The machine model bootloaders can just pass EM_68K directly, as that
is architecture specific code.
This removes another architecture specific definition from the global
namespace.
Cc: Laurent Vivier <laurent@vivier.eu>
Cc: Greg Ungerer <gerg@uclinux.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Reviewed-by: Greg Ungerer <gerg@uclinux.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The only generic code relying on this is linux-user, but linux-users'
default behaviour or setting ELF_MACHINE to ELF_ARCH will handle this.
The microblaze bootloader can just pass EM_MICROBLAZE directly, as that
is architecture specific code.
This removes another architecture specific definition from the global
namespace.
Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The only generic code relying on this is linux-user. Linux user
already has a lot of #ifdef TARGET_ customisation so instead, define
ELF_ARCH as either EM_ARM or EM_AARCH64 appropriately.
The armv7m bootloader can just pass EM_ARM directly, as that
is architecture specific code. Note that arm_boot already has its own
logic selecting an arm specific elf machine so this makes V7M more
consistent with arm_boot.
This removes another architecture specific definition from the global
namespace.
Cc: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
EM_MOXIE now has a proper assigned elf code. Use it. Register the old
interim value as EM_MOXIE_OLD and accept either in elf loading.
Cc: Anthony Green <green@moxielogic.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Added support emulator for the hmp command "info ioapic"
Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Andreas Färber <afaerber@suse.de>
Message-Id: <1442927901-1084-10-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Added prefix APIC_ for determining the constant of a particular subsystem,
improve the overall readability and match other constant names.
Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Andreas Färber <afaerber@suse.de>
Message-Id: <1442927901-1084-3-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Move apic_get_bit(), apic_set_bit() to apic_internal.h, make the apic_get_ppr
symbol external. It's necessary to work with isr, tmr, irr and ppr outside
hw/intc/apic.c
Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Andreas Färber <afaerber@suse.de>
Message-Id: <1442927901-1084-2-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The arbitration register should read to the same value as the
IOAPIC id register. Fixes kvm-unit-tests ioapic.flat.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If a level-triggered interrupt goes down and back up before the
corresponding EOI, it should be coalesced. This fixes one testcase
in kvm-unit-tests' ioapic.flat.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Replace ad-hoc declarations with the linux header.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1442585920-28373-1-git-send-email-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Passed-through SCSI devices can be opened with the readonly=on option.
When this happens, Linux filters away write commands so that the guest
cannot overwrite the contents of the device.
However, the guest does not know that the device is read-only, and
accepts writes. The writes only fail later when the page cache is
flushed.
This patch modifies scsi-generic to modify the MODE SENSE data and
set the read-only bit in the device-specific parameters, so that
the guest OS treats the disk as write protected.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Add a new message, VHOST_USER_SET_VRING_ENABLE, to enable or disable
a specific virt queue, which is similar to attach/detach queue for
tap device.
virtio driver on guest doesn't have to use max virt queue pair, it
could enable any number of virt queue ranging from 1 to max virt
queue pair.
Signed-off-by: Changchun Ouyang <changchun.ouyang@intel.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Tested-by: Marcel Apfelbaum <marcel@redhat.com>
This patch is initially based a patch from Nikolay Nikolaev.
This patch adds vhost-user multiple queue support, by creating a nc
and vhost_net pair for each queue.
Qemu exits if find that the backend can't support the number of requested
queues (by providing queues=# option). The max number is queried by a
new message, VHOST_USER_GET_QUEUE_NUM, and is sent only when protocol
feature VHOST_USER_PROTOCOL_F_MQ is present first.
The max queue check is done at vhost-user initiation stage. We initiate
one queue first, which, in the meantime, also gets the max_queues the
backend supports.
In older version, it was reported that some messages are sent more times
than necessary. Here we came an agreement with Michael that we could
categorize vhost user messages to 2 types: non-vring specific messages,
which should be sent only once, and vring specific messages, which should
be sent per queue.
Here I introduced a helper function vhost_user_one_time_request(), which
lists following messages as non-vring specific messages:
VHOST_USER_SET_OWNER
VHOST_USER_RESET_DEVICE
VHOST_USER_SET_MEM_TABLE
VHOST_USER_GET_QUEUE_NUM
For above messages, we simply ignore them when they are not sent the first
time.
Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Signed-off-by: Changchun Ouyang <changchun.ouyang@intel.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Tested-by: Marcel Apfelbaum <marcel@redhat.com>
Minusing the idx with the base(dev->vq_index) for vhost-kernel, and
then adding it back for vhost-user doesn't seem right. Here introduces
a new method vhost_backend_get_vq_index() for getting the right vq
index for following vhost messages calls.
Suggested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Tested-by: Marcel Apfelbaum <marcel@redhat.com>
This is for querying how many queues the backend supports if it has mq
support(when VHOST_USER_PROTOCOL_F_MQ flag is set from the quried
protocol features).
vhost_net_get_max_queues() is the interface to export that value, and
to tell if the backend supports # of queues user requested, which is
done in the following patch.
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Tested-by: Marcel Apfelbaum <marcel@redhat.com>
Quote from Michael:
We really should rename VHOST_RESET_OWNER to VHOST_RESET_DEVICE.
Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Tested-by: Marcel Apfelbaum <marcel@redhat.com>
Support a separate bitmask for vhost-user protocol features,
and messages to get/set protocol features.
Invoke them at init.
No features are defined yet.
[ leverage vhost_user_call for request handling -- Yuanhan Liu ]
Signed-off-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Tested-by: Marcel Apfelbaum <marcel@redhat.com>
So that we could let vhost_user_call to handle extented requests,
such as VHOST_USER_GET/SET_PROTOCOL_FEATURES, instead of invoking
vhost_user_read/write and constructing the msg again by ourself.
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Tested-by: Marcel Apfelbaum <marcel@redhat.com>
Let's enable revision 1 for virtio-ccw devices. We can always offer
VERSION_1 as drivers in legacy mode won't be able to see it anyway.
We have to introduce a way to set a lower maximum revision for a device
to accommodate the following cases:
- compat machines (to enforce legacy only)
- virtio-blk with scsi support (version 1 + scsi is fenced by common
code, with a user-configured max revision of 0 we can allow scsi
via not offering VERSION_1)
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
We currently switch off the VERSION_1 feature bit if the guest has
not negotiated at least revision 1. As no feature bits beyond 31 are
valid however unless VERSION_1 has been negotiated, make sure that
legacy guests never see a feature bit beyond 31.
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Wire up changing the ring size for virtio-1 devices.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
We allow guests to change the size of the virtqueue rings by supplying
a number of buffers that is different from the number of buffers the
device was initialized with. Current code has some problems, however,
since reset does not reset the ringsizes to the default values (as this
is not saved anywhere).
Let's extend the core code to keep track of the default ringsizes and
migrate them once the guest changed them for any of the virtqueues
for a device.
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The existing default_machine_opts and default_display settings will
still apply to future machine classes. So it makes sense to move them to
pc_i440fx_machine_options() instead of keeping them in a
version-specific machine_options function.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The existing default_machine_opts, default_display, no_floppy, and
no_tco settings will still apply to future machine classes. So it makes
sense to move them to pc_q35_machine_options() instead of keeping them
in a version-specific machine_options function.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
After commit 019a3edbb2 ("virtio: make
features 64bit wide"). Device's guest_features was actually set after
vdc->load(). This breaks the assumption that device specific load()
function can check guest_features. For virtio-net, self announcement
and guest offloads won't work after migration.
Fixing this by defer them to virtio_net_load() where guest_features
were guaranteed to be set. Other virtio devices looks fine.
Fixes: 019a3edbb2
("virtio: make features 64bit wide")
Cc: qemu-stable@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Being working on dataplane I notice something strange:
virtio_queue_get_avail_size() used a 64bit size index
for the calculation of the available ring size.
It is quite strange but it did work with the old calculation
of the avail ring, at most with performance penalty,
and I wonder where I missed something.
This patch let use a 16bit size as defined in virtio_ring.h
Signed-off-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
While virt machine creates two flash devices with total size 0x08000000,
the ACPI table generation code was wrongly using this total size as the
size of each flash device, so it would overlap other MMIO spaces.
Make each device entry in the table half the total; this brings the
ACPI table into line with the code which generates the device tree
and which creates the flash devices themselves.
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Wei Huang <wei@redhat.com>
Tested-by: Graeme Gregory <graeme.gregory@linaro.org>
Message-id: 1442455041-6596-1-git-send-email-shannon.zhao@linaro.org
[PMM: edited commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add gic_version to VirtMachineState, set it to value of the option
and pass it around where necessary. Instantiate devices and fdt
nodes according to the choice.
max_cpus for virt machine increased to 123 (calculated from redistributor
space available in the memory map). GICv2 compatibility check happens
inside arm_gic_common_realize().
ITS region is added to the memory map too, however currently it not used,
just reserved.
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Tested-by: Ashok kumar <ashoks@broadcom.com>
[PMM: Added missing cpu_to_le* calls, thanks to Shannon Zhao]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This is the initial version of KVM-accelerated GICv3 support.
State load and save are not yet supported, live migration is
not possible.
In order to get correct class name in a simpler way, gicv3_class_name()
function is implemented, similar to gic_class_name().
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Ashok kumar <ashoks@broadcom.com>
Message-id: 69d8f01d14994d7a1a140e96aef59fd332d02293.1441784344.git.p.fedin@samsung.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Some functions previously used only by vGICv2 are useful also for vGICv3
implementation. Untie them from GICState and make accessible from within
other modules:
- kvm_arm_gic_set_irq()
- kvm_gic_supports_attr() - moved to common code and renamed to
kvm_device_check_attr()
- kvm_gic_access() - turned into GIC-independent kvm_device_access().
Data pointer changed to void * because some GICv3 registers are
64-bit wide
Some of these changes are not used right now, but they will be helpful for
implementing live migration.
Actually kvm_dist_get() and kvm_dist_put() could also be made reusable, but
they would require two extra parameters (s->dev_fd and s->num_cpu) as well as
lots of typecasts of 's' to DeviceState * and back to GICState *. This makes
the code very ugly so i decided to stop at this point. I tried also an
approach with making a base class for all possible GICs, but it would contain
only three variables (dev_fd, cpu_num and irq_num), and accessing them through
the rest of the code would be again tedious (either ugly casts or qemu-style
separate object pointer). So i disliked it too.
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Tested-by: Ashok kumar <ashoks@broadcom.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 2ef56d1dd64ffb75ed02a10dcdaf605e5b8ff4f8.1441784344.git.p.fedin@samsung.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This class is to be used by both software and KVM implementations of GICv3
Currently it is mostly a placeholder, but in future it is supposed to hold
qemu's representation of GICv3 state, which is necessary for migration.
The interface of this class is fully compatible with GICv2 one. This is
done in order to simplify integration with existing code.
Signed-off-by: Shlomo Pongratz <shlomo.pongratz@huawei.com>
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Tested-by: Ashok kumar <ashoks@broadcom.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: aff8baaee493cdcab0694b4a1d4dd5ff27c37ed2.1441784344.git.p.fedin@samsung.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
libcacard is now a standalone project hosted with the Spice project (see
the 2.5.0 release announcement), remove it from qemu tree.
Use the library if found during configure or if --enable-smartcard.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Paolo Bonzini <pbonzini@redhat.com>
Specifying an emulated PCI vendor/device ID can be useful for testing
various quirk paths, even though the behavior and functionality of
the device with bogus IDs is fully unsupportable. We need to use a
uint32_t for the vendor/device IDs, even though the registers
themselves are only 16-bit in order to be able to determine whether
the value is valid and user set.
The same support is added for subsystem vendor/device ID, though these
have the possibility of being useful and supported for more than a
testing tool. An emulated platform might want to impose their own
subsystem IDs or at least hide the physical subsystem ID. Windows
guests will often reinstall drivers due to a change in subsystem IDs,
something that VM users may want to avoid. Of course careful
attention would be required to ensure that guest drivers do not rely
on the subsystem ID as a basis for device driver quirks.
All of these options are added using the standard experimental option
prefix and should not be considered stable.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Simplify access to commonly referenced PCI vendor and device ID by
caching it on the VFIOPCIDevice struct.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This is just another quirk, for reset rather than affecting memory
regions. Move it to our new quirks file.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Config windows make use of an address register and a data register.
In VGA cards, these are often used to provide real mode code in the
BIOS an easy way to access MMIO registers since the window often
resides in an I/O port register. When the MMIO register has a mirror
of PCI config space, we need to trap those accesses and redirect them
to emulated config space.
The previous version of this functionality made use of a single
MemoryRegion and single match address. This version uses separate
MemoryRegions for each of the address and data registers and allows
for multiple match addresses. This is useful for Nvidia cards which
have two ranges which index into PCI config space.
The previous implementation is left for the follow-on patch for a more
reviewable diff.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Another rework of this quirk, this time to update to the new quirk
structure. We can handle the address and data registers with
separate MemoryRegions and a quirk specific data structure, making the
code much more understandable.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
The Nvidia 0x3d0 quirk makes use of a two separate registers and gives
us our first chance to make use of separate memory regions for each to
simplify the code a bit.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This is an easy quirk that really doesn't need a data structure if
its own. We can pass vdev as the opaque data and access to the
MemoryRegion isn't required.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
VFIOQuirk hosts a single memory region and a fixed set of data fields
that try to handle all the quirk cases, but end up making those that
don't exactly match really confusing. This patch introduces a struct
intended to provide more flexibility and simpler code. VFIOQuirk is
stripped to its basics, an opaque data pointer for quirk specific
data and a pointer to an array of MemoryRegions with a counter. This
still allows us to have common teardown routines, but adds much
greater flexibility to support multiple memory regions and quirk
specific data structures that are easier to maintain. The existing
VFIOQuirk is transformed into VFIOLegacyQuirk, which further patches
will eliminate entirely.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Create a vendor:device ID helper that we'll also use as we rework the
rest of the quirks. Re-reading the config entries, even if we get
more blacklist entries, is trivial overhead and only incurred during
device setup. There's no need to typedef the blacklist structure,
it's a static private data type used once. The elements get bumped
up to uint32_t to avoid future maintenance issues if PCI_ANY_ID gets
used for a blacklist entry (avoiding an actual hardware match). Our
test loop is also crying out to be simplified as a for loop.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
The default should be to allow mmap and new drivers shouldn't need to
expose an option or set it to other than the allocation default in
their initfn. Take advantage of the experimental flag to change this
option to the correct polarity.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Tracing is more effective when we can completely disable all KVM
bypass paths. Make these runtime rather than build-time configurable.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This allows vfio_msi* tracing. The MSI/X interrupt tracing is also
pulled out of #ifdef DEBUG_VFIO to avoid a recompile for tracing this
path. A few cycles to read the message is hardly anything if we're
already in QEMU.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Rename functions and tracing callbacks so that we can trace vfio_intx*
to see all the INTx related activities.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
With the addition of the Chelsio quirk we have an error path out of
vfio_early_setup_msix() that doesn't free the allocated VFIOMSIXInfo
struct. This doesn't introduce a leak as it still gets freed in the
vfio_put_device() path, but it's complicated and sloppy to rely on
that. Restructure to free the allocated data on error and only link
it into the vdev on success.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reported-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
There's quite a bit of cleanup that can be done to the RTL8168 quirk,
as well as the tracing to prevent a spew of uninteresting accesses
for anything else the driver might choose to use the window registers
for besides the MSI-X table. There should be no functional change,
but it's now possible to get compact and useful traces by enabling
vfio_rtl8168_quirk*, ex:
vfio_rtl8168_quirk_write 0000:04:00.0 [address]: 0x1f000
vfio_rtl8168_quirk_read 0000:04:00.0 [address]: 0x8001f000
vfio_rtl8168_quirk_read 0000:04:00.0 [data]: 0xfee0100c
vfio_rtl8168_quirk_write 0000:04:00.0 [address]: 0x1f004
vfio_rtl8168_quirk_read 0000:04:00.0 [address]: 0x8001f004
vfio_rtl8168_quirk_read 0000:04:00.0 [data]: 0x0
vfio_rtl8168_quirk_write 0000:04:00.0 [address]: 0x1f008
vfio_rtl8168_quirk_read 0000:04:00.0 [address]: 0x8001f008
vfio_rtl8168_quirk_read 0000:04:00.0 [data]: 0x49b1
vfio_rtl8168_quirk_write 0000:04:00.0 [address]: 0x1f00c
vfio_rtl8168_quirk_read 0000:04:00.0 [address]: 0x8001f00c
vfio_rtl8168_quirk_read 0000:04:00.0 [data]: 0x0
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This checks if the PCI device retrieved from the PCI device address
is VFIO PCI device when enabling EEH functionality. If it's not
VFIO PCI device, the EEH functonality isn't enabled.
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This reverts commit 7cb18007 ("sPAPR: Don't enable EEH on emulated
PCI devices") as rtas_ibm_set_eeh_option() isn't the right place
to check if there has the corresponding PCI device for the input
address, which can be PE address, not PCI device address.
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The PAPR interface defines a hypercall to pass high-quality
hardware generated random numbers to guests. Recent kernels can
already provide this hypercall to the guest if the right hardware
random number generator is available. But in case the user wants
to use another source like EGD, or QEMU is running with an older
kernel, we should also have this call in QEMU, so that guests that
do not support virtio-rng yet can get good random numbers, too.
This patch now adds a new pseudo-device to QEMU that either
directly provides this hypercall to the guest or is able to
enable the in-kernel hypercall if available. The in-kernel
hypercall can be enabled with the use-kvm property, e.g.:
qemu-system-ppc64 -device spapr-rng,use-kvm=true
For handling the hypercall in QEMU instead, a "RngBackend" is
required since the hypercall should provide "good" random data
instead of pseudo-random (like from a "simple" library function
like rand() or g_random_int()). Since there are multiple RngBackends
available, the user must select an appropriate back-end via the
"rng" property of the device, e.g.:
qemu-system-ppc64 -object rng-random,filename=/dev/hwrng,id=gid0 \
-device spapr-rng,rng=gid0 ...
See http://wiki.qemu-project.org/Features-Done/VirtIORNG for
other example of specifying RngBackends.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The buffer that is allocated in spapr_populate_drconf_memory()
is used for setting both, the "ibm,dynamic-memory" and the
"ibm,associativity-lookup-arrays" property. However, only the
size of the first one is taken into account when allocating the
memory. So if the length of the second property is larger than
the length of the first one, we run into a buffer overflow here!
Fix it by taking the length of the second property into account,
too.
Fixes: "spapr: Support ibm,dynamic-reconfiguration-memory" patch
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
At present, if guest numa nodes are requested, but the cpus in each node
are not specified, spapr just uses the default behaviour or assigning each
vcpu round-robin to nodes.
If smp_threads != 1, that will assign adjacent threads in a core to
different NUMA nodes. As well as being just weird, that's a configuration
that can't be represented in the device tree we give to the guest, which
means the guest and qemu end up with different ideas of the NUMA topology.
This patch implements mc->cpu_index_to_socket_id in the spapr code to
make sure vcpus get assigned to nodes only at the socket granularity.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Till now memory hotplug used RTAS_LOG_V6_HP_ID_DRC_INDEX hotplug type
which meant that we generated one hotplug type of EPOW event for every
256MB (SPAPR_MEMORY_BLOCK_SIZE). This quickly overruns the kernel
rtas log buffer thus resulting in loss of memory hotplug events. Switch
to RTAS_LOG_V6_HP_ID_DRC_COUNT hotplug type for memory so that we
generate only one event per hotplug request.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Support hotplug identifier type RTAS_LOG_V6_HP_ID_DRC_COUNT that allows
hotplugging of DRCs by specifying the DRC count.
While we are here, rename
spapr_hotplug_req_add_event() to spapr_hotplug_req_add_by_index()
spapr_hotplug_req_remove_event() to spapr_hotplug_req_remove_by_index()
so that they match with spapr_hotplug_req_add_by_count().
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Don't represent non-hotluggable memory under drconf node. With this
we don't have to create DRC objects for them.
The effect of this patch is that we revert back to memory@XXXX representation
for all the memory specified with -m option and represent the cold
plugged memory and hot-pluggable memory under
ibm,dynamic-reconfiguration-memory.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
When NUMA isn't configured explicitly, assume node 0 is present for
the purpose of creating ibm,associativity-lookup-arrays property
under ibm,dynamic-reconfiguration-memory DT node. This ensures that
the associativity index property is correctly updated in ibm,dynamic-memory
for the LMB that is hotplugged.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Currently when user specifies more slots than allowed max of
SPAPR_MAX_RAM_SLOTS (32), we error out like this:
qemu-system-ppc64: unsupported amount of memory slots: 64
Let the user know about the max allowed slots like this:
qemu-system-ppc64: Specified number of memory slots 64 exceeds max supported 32
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Currently PowerPC kernel doesn't allow hot-adding memory to memory-less
node, but instead will silently add the memory to the first node that has
some memory. This causes two unexpected behaviours for the user.
- Memory gets hotplugged to a different node than what the user specified.
- Since pc-dimm subsystem in QEMU still thinks that memory belongs to
memory-less node, a reboot will set things accordingly and the previously
hotplugged memory now ends in the right node. This appears as if some
memory moved from one node to another.
So until kernel starts supporting memory hotplug to memory-less
nodes, just prevent such attempts upfront in QEMU.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Make use of pc-dimm infrastructure to support memory hotplug
for PowerPC.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The hash table size is dependent on ram_size, but since with hotplug
the memory can grow till maxram_size. Hence make hash table size dependent
on maxram_size.
This allows to hotplug huge amounts of memory to the guest.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Parse ibm,architecture.vec table obtained from the guest and enable
memory node configuration via ibm,dynamic-reconfiguration-memory if guest
supports it. This is in preparation to support memory hotplug for
sPAPR guests.
This changes the way memory node configuration is done. Currently all
memory nodes are built upfront. But after this patch, only memory@0 node
for RMA is built upfront. Guest kernel boots with just that and rest of
the memory nodes (via memory@XXX or ibm,dynamic-reconfiguration-memory)
are built when guest does ibm,client-architecture-support call.
Note: This patch needs a SLOF enhancement which is already part of
SLOF binary in QEMU.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Enable memory hotplug for pseries 2.4 and add LMB DR connectors.
With memory hotplug, enforce RAM size, NUMA node memory size and maxmem
to be a multiple of SPAPR_MEMORY_BLOCK_SIZE (256M) since that's the
granularity in which LMBs are represented and hot-added.
LMB DR connectors will be used by the memory hotplug code.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
[spapr_drc_reset implementation]
[since this missed the 2.4 cutoff, changing to only enable for 2.5]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
sPAPR uses hard coded limit of maximum 255 supported CPUs which is
exactly the same as QEMU-wide limit which is MAX_CPUMASK_BITS and also
defined as 255.
This makes use of a global CPU number limit for the "pseries" machine.
In order to anticipate future increase of the MAX_CPUMASK_BITS
(or to help debugging large systems), this also bumps the FDT_MAX_SIZE
limit from 256K to 1M assuming that 1 CPU core needs roughly 512 bytes
in the device tree so the new limit can cover up to 2048 CPU cores.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The dynamic reconfiguration (hotplug) code for the pseries machine type
uses a "DR connector" QOM object for each resource it will be possible
to hotplug. Each of these is added to its owner using
object_property_add_child(owner, "dr-connector[*], ...);
That works ok, mostly, but it means that the property indices are
arbitrary, depending on the order in which the connectors are constructed.
That might line up to something useful, but it doesn't have to.
It will get worse once we add hotplug RAM support. That will add a DR
connector object for every 256MB of potential memory. So if maxmem=2T,
for example, there are 8192 objects under the same parent.
The QOM interfaces aren't really designed for this. In particular
object_property_add() with [*] has O(n^2) time complexity (in the number of
existing children): first it has a linear search through array indices to
find a free slot, each of which is attempted to a recursive call to
object_property_add() with a specific [N]. Those calls are O(n) because
there's a linear search through all properties to check for duplicates.
By using a meaningful index value, which we already know is unique we can
avoid the [*] special behaviour. That lets us reduce the total time for
creating the DR objects from O(n^3) to O(n^2).
O(n^2) is still kind of crappy, but it's enough to reduce the startup time
of qemu (with in-progress memory hotplug support) with maxmem=2T from ~20
minutes to ~4 seconds.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Cc: Bharata B Rao <bharata@linux.vnet.ibm.com>
Tested-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Certain methods in sPAPRDRConnector objects are only ever called by
RTAS and in many cases are responsible for the logic that determines
the RTAS return codes.
Rather than having a level of indirection requiring RTAS code to
re-interpret return values from such methods to determine the
appropriate return code, just pass them through directly.
This requires changing method return types to uint32_t to match the
type of values currently passed to RTAS helpers.
In the case of read accesses like drc->entity_sense() where we weren't
previously reporting any errors, just the read value, we modify the
function to return RTAS return code, and pass the read value back via
reference.
Suggested-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Suggested-by: David Gibson <david@gibson.dropbear.id.au>
Cc: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Initialize a hotplug memory region under which all the hotplugged
memory is accommodated. Also enable memory hotplug by setting
CONFIG_MEM_HOTPLUG.
Modelled on i386 memory hotplug.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Logical resources start with allocation-state:UNUSABLE /
isolation-state:ISOLATED. During hotplug, guests will transition
them to allocation-state:USABLE, and then to
isolation-state:UNISOLATED.
For cases where we cannot transition to allocation-state:USABLE,
in this case due to no device/resource being association with
the logical DRC, we should return an error -3.
For physical DRCs, we default to allocation-state:USABLE and stay
there, so in this case we should report an error -3 when the guest
attempts to make the isolation-state:ISOLATED transition for a DRC
with no device associated.
These are as documented in PAPR 2.7, 13.5.3.4.
We also ensure allocation-state:USABLE when the guest attempts
transition to isolation-state:UNISOLATED to deal with misbehaving
guests attempting to bring online an unallocated logical resource.
This is as documented in PAPR 2.7, 13.7.
Currently we implement no such error logic. Fix this by handling
these error cases as PAPR defines.
Cc: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
PAPR requires ibm,req#msi and ibm,req#msi-x to be present in the
device node to define the number of msi/msi-x interrupts the device
supports, respectively.
Currently we have ibm,req#msi-x hardcoded to a non-sensical constant
that happens to be 2, and are missing ibm,req#msi entirely. The result
of that is that msi-x capable devices get limited to 2 msi-x
interrupts (which can impact performance), and msi-only devices likely
wouldn't work at all. Additionally, if devices expect a minimum that
exceeds 2, the guest driver may fail to load entirely.
SLOF still owns the generation of these properties at boot-time
(although other device properties have since been offloaded to QEMU),
but for hotplugged devices we rely on the values generated by QEMU
and thus hit the limitations above.
Fix this by generating these properties in QEMU as expected by guests.
In the future it may make sense to modify SLOF to pass through these
values directly as we do with other props since we're duplicating SLOF
code.
Cc: qemu-ppc@nongnu.org
Cc: qemu-stable@nongnu.org
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
For setting debug watchpoints, sPAPR guests use H_SET_MODE hypercall.
The existing QEMU H_SET_MODE handler does not support this but
the KVM handler in HV KVM does. However it is not enabled.
This enables the in-kernel H_SET_MODE handler which handles:
- Completed Instruction Address Breakpoint Register
- Watch point 0 registers.
The rest is still handled in QEMU.
Reported-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The device tree presented to pseries machine type guests includes an
ibm,chip-id property which gives essentially the socket number of each
vcpu core (individual vcpu threads don't get a node in the device
tree).
To calculate this, it uses a vcpus_per_socket variable computed as
(smp_cpus / #sockets). This is correct for the usual case where
smp_cpus == smp_threads * smp_cores * #sockets.
However, you can start QEMU with the number of cores and threads
mismatching the total number of vcpus (whether that _should_ be
permitted is a topic for another day). It's a bit hard to say what
the "real" number of vcpus per socket here is, but for most purposes
(smp_threads * smp_cores) will more meaningfully match how QEMU
behaves with respect to socket boundaries.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
When a device is hotplugged, attach() sets "configured" to
false, waiting an action from the OS to configure it and then
to call ibm,configure-connector. On ibm,configure-connector,
the hypervisor sets "configured" to true.
In case of coldplugged device, attach() sets "configured" to
false, but firmware and OS never call the ibm,configure-connector
in this case, so it remains set to false.
It could be harmless, but when we unplug a device, hypervisor
waits the device becomes configured because for it, a not configured
device is a device being configured, so it waits the end of configuration
to unplug it... and it never happens, so it is never unplugged.
This patch set by default coldplugged device to "configured=true",
hotplugged device to "configured=false".
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This introduces rtas_ldq() to load 64-bits parameter from continuous
two 4-bytes memory chunk of RTAS parameter buffer, to simplify the
code.
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
If drmgr is used in the guest to hotplug a device before a device_add
has been issued via the QEMU monitor, QEMU segfaults in configure_connector
call. This occurs due to accessing of NULL FDT which otherwise would have
been created and associated with the DRC during device_add command.
Check for NULL FDT and return failure from configure_connector call.
As per PAPR+, an error value of -9003 seems appropriate for this failure.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
To see the output of the hcall_dprintf statements, you currently have
to enable the DEBUG_SPAPR_HCALLS macro in include/hw/ppc/spapr.h.
This is ugly because a) not every user who wants to debug guest
problems can or wants to recompile QEMU to be able to see such issues,
and b) since this macro is disabled by default, the code in the
hcall_dprintf() brackets tends to bitrot until somebody temporarily
enables that macro again.
Since the hcall_dprintf statements except one indicate guest
problems, let's always use qemu_log_mask(LOG_GUEST_ERROR, ...) for
this macro instead. One spot indicated an unimplemented host feature,
so this is changed into qemu_log_mask(LOG_UNIMP, ...) instead. Now
it's possible to see all those messages by simply adding the CLI
parameter "-d guest_errors,unimp", without the need to re-compile
the binary.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The DRC_INDEX_ID_MASK macro does a left shift on ~0, which is a signed
quantity, and therefore undefined behaviour according to the C spec. In
particular this causes warnings from the clang sanitizer.
This fixes it by calculating the same mask without using ~0 (I think the
new method is a more common idiom for generating masks anyway). For good
measure I also use 1ULL to force the expression's type to unsigned long
long, which should be good for assigning to anything we're going to want
to.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
dumpdtb (-machine dumpdtb=<file>) allows one to inspect the generated
device tree of machine types that generate device trees. This is
useful for a) seeing what's there b) debugging/testing device tree
generator patches. It can be used as follows
$QEMU_CMDLINE -machine dumpdtb=dtb
dtc -I dtb -O dts dtb
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Improve the SPLPAR Characteristics information:
Add MaxPlatProcs: set to max_cpus, the maximum CPUs that could be
addded to the system.
Add DesMem: set to the initial memory of the system.
Add DesProcs: set to smp_cpus, the inital number of CPUs in the
system.
These tokens and values are specified by PAPR.
Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Currently, rtas_ibm_change_msi() always returns four values even if
less are specified.
Correct this by only returning the fourth parameter if it was
requested.
This is specified by PAPR.
Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
QEMU is MSI-X capable and makes it available via ibm,change-msi, so
we should indicate this by adding /rtas/ibm,change-msix-capable to the
device tree.
This is specificed by PAPR.
Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
QEMU has a notion of the guest name, so if it's present we might as
well put that into the device tree as /ibm,partition-name.
This is specificed by PAPR.
Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Add pseries-2.5 machine version.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
[Altered to merge before memory hotplug -- dwg]
[Altered to work with b9f072d01 -- dwg]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Include an error message when migration fails due to mismatch in
htab_shift values at source and target. This should provide a bit more
verbose message in addition to the current migration failure message
that reads like:
qemu-system-ppc64: error while loading state for instance 0x0 of device 'spapr/htab'
After this patch, the failure message will look like this:
qemu-system-ppc64: htab_shift mismatch: source 29 target 24
qemu-system-ppc64: error while loading state for instance 0x0 of device 'spapr/htab'
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
There is a bug in the register mask when reading
the ATMUs registers. As the result some registers
cannot be read, and read is aliased to the other
registers. Fix it.
Signed-off-by: Rudolf Marek <rudolf.marek@sysgo.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The code to flush the DBDMA channel was effectively duplicated in
dbdma_control_write(), except for the fact that the copy executed outside of a
RUN bit transition was broken by not clearing the FLUSH bit once the flush was
complete.
Newer PPC Linux kernels would timeout waiting for the FLUSH bit to clear again
after submitting a FLUSH command. Fix this by always clearing the FLUSH bit
once the channel flush is complete and removing the repeated code.
Reported-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
QEMU does have an I/O thread now, that can be interrupted at any time
because the VCPU thread runs outside the iothread mutex.
Therefore, the kvmppc_timer_hack is obsolete. Remove it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The script used for converting from QEMUMachine had used one
DEFINE_MACHINE() per machine registered. In cases where multiple
machines are registered from one source file, avoid the excessive
generation of module init functions by reverting this unrolling.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Convert all machines to use DEFINE_MACHINE() instead of QEMUMachine
automatically using a script.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
[AF: Style cleanups, convert imx25_pdk machine]
Signed-off-by: Andreas Färber <afaerber@suse.de>
This will make the code follow the same pattern used for other machines,
and will make it easier to automatically convert the code to be
QOM-based.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
We don't need a QEMUMachine array to query max_cpus, if we can get the
corresponding MachineClass.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The code is checking smp_cpus against EXYNOS4210_NCPUS, not against
max_cpus, so use EXYNOS4210_NCPUS in the error message for consistency.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Now all TYPE_MACHINE subclasses use MACHINE_TYPE_NAME to generate the
class name. So instead of requiring each subclass to set
MachineClass::name manually, we can now set it automatically at the
TYPE_MACHINE class_base_init() function.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
[AF/ehabkost: Updated for s390-ccw machines]
[AF: Cleanup of intermediate virt and vexpress name handling]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Now that all non-abstract TYPE_MACHINE subclasses have the -machine
suffix, add an assert to ensure this will be always true.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
It will result in exactly the same class name, but it will make the code
consistent with the other classes.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the
s390-ccw-virtio-2.4 machine class using the MACHINE_TYPE_NAME macro.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
[AF/ehabkost: Updated for 2.5 machine]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the s390-virtio
machine class using the MACHINE_TYPE_NAME macro.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the the pseries
machine classes using the MACHINE_TYPE_NAME macro.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the arm virt
machine class using the MACHINE_TYPE_NAME macro.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the vexpress
machine classes using the MACHINE_TYPE_NAME macro.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
[AF: Introduce VEXPRESS_*_MACHINE_NAME]
Signed-off-by: Andreas Färber <afaerber@suse.de>
The MachineClass::name field won't be ever be used on TYPE_VEXPRESS, as
it is an abstract class and the machine class lookup code explicitly
skips abstract classes. We can remove it to make the code simpler.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Expansion of [*] suffix is very slow because index expansion is done using
trial and error strategy, starting every time from zero and retrying with
the next index until insertion succeeds. With large number of already added
properties this process takes huge amount of time (O(n^2) complexity).
Some architectures (like ARM) use very large amount of IRQ pins in interrupt
controller models. This flaw makes machine startup extremely slow
(~20 seconds for ARM64 with 32 CPUs). This patch decreases this time down to
~10 seconds.
Also in qdev_init_gpio_out_named() memset() is now called only once for the
whole array instead of per-cell cleaning
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
with write_fis_d2h and signature generation tidied up,
let's adjust the initial d2h semantics to make more sense.
The initial d2h is considered delivered if there is guest
memory to save it to.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-5-git-send-email-jsnow@redhat.com
It's no longer used. We used to generate a D2H FIS based
upon the command FIS that prompted the update, but in reality,
the D2H FIS is generated purely from register state.
cmd_fis is vestigial, so get rid of it.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-4-git-send-email-jsnow@redhat.com
The initial register device-to-host FIS no longer needs to specially
set certain fields, as these can be handled generically by setting those
fields explicitly with the signatures we want at port reset time.
(1) Signatures are decomposed into their four component registers and
set upon (AHCI) port reset.
(2) the signature cache register is no longer set manually per-each
device type, but instead just once during ahci_init_d2h.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-3-git-send-email-jsnow@redhat.com
This check is dead due to an earlier conditional.
AHCI does not currently support hotplugging, so
checks to see if devices are present or not are useless.
Remove it.
Reported-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-2-git-send-email-jsnow@redhat.com
We're supposed to abort on transfers like this, unless we fill
Word 125 of our IDENTIFY data with a default transfer size, which
we don't currently do.
This is an ATA error, not a SCSI/ATAPI one.
See ATA8-ACS3 sections 7.17.6.49 or 7.21.5.
If we don't do this, QEMU will loop forever trying to transfer
zero bytes, which isn't particularly useful.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1442253685-23349-2-git-send-email-jsnow@redhat.com
We're a little too lenient with what we'll let an ATAPI drive handle.
Clamp down on the IDE command execution table to remove CD_OK permissions
from commands that are not and have never been ATAPI commands.
For ATAPI command validity, please see:
- ATA4 Section 6.5 ("PACKET Command feature set")
- ATA8/ACS Section 4.3 ("The PACKET feature set")
- ACS3 Section 4.3 ("The PACKET feature set")
ACS3 has a historical command validity table in Table B.4
("Historical Command Assignments") that can be referenced to find when
a command was introduced, deprecated, obsoleted, etc.
The only reference for ATAPI command validity is by checking that
version's PACKET feature set section.
ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4
therefore are assumed to have never been ATAPI commands.
Mandatory commands, as listed in ATA8-ACS3, are:
- DEVICE RESET
- EXECUTE DEVICE DIAGNOSTIC
- IDENTIFY DEVICE
- IDENTIFY PACKET DEVICE
- NOP
- PACKET
- READ SECTOR(S)
- SET FEATURES
Optional commands as listed in ATA8-ACS3, are:
- FLUSH CACHE
- READ LOG DMA EXT
- READ LOG EXT
- WRITE LOG DMA EXT
- WRITE LOG EXT
All other commands are illegal to send to an ATAPI device and should
be rejected by the device.
CD_OK removal justifications:
0x06 WIN_DSM Defined in ACS2. Not valid for ATAPI.
0x21 WIN_READ_ONCE Retired in ATA5. Not ATAPI in ATA4.
0x94 WIN_STANDBYNOW2 Retired in ATA4. Did not coexist with ATAPI.
0x95 WIN_IDLEIMMEDIATE2 Retired in ATA4. Did not coexist with ATAPI.
0x96 WIN_STANDBY2 Retired in ATA4. Did not coexist with ATAPI.
0x97 WIN_SETIDLE2 Retired in ATA4. Did not coexist with ATAPI.
0x98 WIN_CHECKPOWERMODE2 Retired in ATA4. Did not coexist with ATAPI.
0x99 WIN_SLEEPNOW2 Retired in ATA4. Did not coexist with ATAPI.
0xE0 WIN_STANDBYNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE1 WIN_IDLEIMMDIATE Not part of ATAPI in ATA4, ACS or ACS3.
0xE2 WIN_STANDBY Not part of ATAPI in ATA4, ACS or ACS3.
0xE3 WIN_SETIDLE1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE4 WIN_CHECKPOWERMODE1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE5 WIN_SLEEPNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
0xF8 WIN_READ_NATIVE_MAX Obsoleted in ACS3. Not ATAPI in ATA4 or ACS.
This patch fixes a divide by zero fault that can be caused by sending
the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to
attempt to use zeroed CHS values to perform sector arithmetic.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com
CC: qemu-stable@nongnu.org
Commit ef701d7 screwed up handling of out-of-memory conditions.
Before the commit, we report the error and exit(1), in one place. The
commit lifts the error handling up the call chain some, to three
places. Fine. Except it uses &error_abort in these places, changing
the behavior from exit(1) to abort(), and thus undoing the work of
commit 3922825 "exec: Don't abort when we can't allocate guest
memory".
The previous commit fixed up uses of memory_region_init_ram(). One of
them was replaced by memory_region_init_resizeable_ram() [sic!] in
commit a166614, so Coccinelle missed it. Fix it up.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1441983105-26376-4-git-send-email-armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Symptom:
$ qemu-system-x86_64 -m 10000000
Unexpected error in ram_block_add() at /work/armbru/qemu/exec.c:1456:
upstream-qemu: cannot set up guest memory 'pc.ram': Cannot allocate memory
Aborted (core dumped)
Root cause: commit ef701d7 screwed up handling of out-of-memory
conditions. Before the commit, we report the error and exit(1), in
one place, ram_block_add(). The commit lifts the error handling up
the call chain some, to three places. Fine. Except it uses
&error_abort in these places, changing the behavior from exit(1) to
abort(), and thus undoing the work of commit 3922825 "exec: Don't
abort when we can't allocate guest memory".
The three places are:
* memory_region_init_ram()
Commit 4994653 (right after commit ef701d7) lifted the error
handling further, through memory_region_init_ram(), multiplying the
incorrect use of &error_abort. Later on, imitation of existing
(bad) code may have created more.
* memory_region_init_ram_ptr()
The &error_abort is still there.
* memory_region_init_rom_device()
Doesn't need fixing, because commit 33e0eb5 (soon after commit
ef701d7) lifted the error handling further, and in the process
changed it from &error_abort to passing it up the call chain.
Correct, because the callers are realize() methods.
Fix the error handling after memory_region_init_ram() with a
Coccinelle semantic patch:
@r@
expression mr, owner, name, size, err;
position p;
@@
memory_region_init_ram(mr, owner, name, size,
(
- &error_abort
+ &error_fatal
|
err@p
)
);
@script:python@
p << r.p;
@@
print "%s:%s:%s" % (p[0].file, p[0].line, p[0].column)
When the last argument is &error_abort, it gets replaced by
&error_fatal. This is the fix.
If the last argument is anything else, its position is reported. This
lets us check the fix is complete. Four positions get reported:
* ram_backend_memory_alloc()
Error is passed up the call chain, ultimately through
user_creatable_complete(). As far as I can tell, it's callers all
handle the error sanely.
* fsl_imx25_realize(), fsl_imx31_realize(), dp8393x_realize()
DeviceClass.realize() methods, errors handled sanely further up the
call chain.
We're good. Test case again behaves:
$ qemu-system-x86_64 -m 10000000
qemu-system-x86_64: cannot set up guest memory 'pc.ram': Cannot allocate memory
[Exit 1 ]
The next commits will repair the rest of commit ef701d7's damage.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1441983105-26376-3-git-send-email-armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
cpu_mips_get_random() function is used to generate a random index from
CP0.Wired to TLBSize-1 range. Current implementation avoids generating
the same as before value, hence the while loop. If the guest sets
CP0.Wired to TLBSize-1 (which actually does not sound to be very
practical) QEMU will get stuck in the loop infinitely as we always
generate the same index.
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
The LFSR algorithm, used for generating random TLB indexes for TLBWR
instruction, was inclined to produce a degenerate sequence in some cases.
For example, for 16-entry TLB size and Wired=1, it gives: 15, 6, 7, 2,
7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2...
When replaced with LCG algorithm from ISO/IEC 9899 standard, the sequence
looks much better, with about the same computational effort needed.
Signed-off-by: Serge Vakulenko <serge.vakulenko@gmail.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
IDEState's io_buffer_offset was originally added to keep track of offsets
in AHCI rather exclusively, but it was added to IDEState instead of an
AHCI-specific structure.
AHCI fakes all PIO transfers using DMA and a scatter-gather list. When
the core or atapi layers invoke HBA-specific mechanisms for transfers,
they do not always know that it is being backed by DMA or a sglist, so
this offset is not always updated by the HBA code everywhere.
If we modify it in dma_buf_commit, however, any HBA that needs to use
this offset to manage operating on only part of a sglist will have
access to it.
This will fix ATAPI PIO transfers performed through the AHCI HBA,
which were previously not modifying this value appropriately.
This will fix ATAPI PIO transfers larger than one sector.
Reported-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1440546331-29087-2-git-send-email-jsnow@redhat.com
CC: qemu-stable@nongnu.org
The SOFT_RST or RXEN in the control register can be used as a condition
to unblock the net layer via can_receive(). So check for possible
flushes on RCR changes. This will drop all pending packets on soft
reset or disable which is the functional intent of the can_receive()
logic.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Message-id: b114d4c96f4afbdaa15f1361d9c07e3021755915.1441873621.git.crosthwaite.peter@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Return false from can_receive() when the FIFO doesn't have a free RX
slot. This fixes a bug in the current code where the allocated buffer
is freed before the fifo pop, triggering a premature flush of queued RX
packets. It also will handle a corner case, where the guest manually
frees the allocated buffer before popping the rx FIFO (hence it is not
enough to just delay the flush_queued_packets()).
Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Message-id: 97bfdfc5cbce0bd5e0cbbbff35ce7a1bf6f8603d.1441873621.git.crosthwaite.peter@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Check that the core can once again receive packets before asking the
net layer to do a flush. This will make it more convenient to flush
packets when adding new conditions to can_receive.
Add missing if braces while moving the can_receive() core code.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Message-id: 92e15e12a6964274f4bc0eb71b61a7d94326f6c6.1441873621.git.crosthwaite.peter@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* Support for HyperV crash report
* Cleanup of target-specific HMP commands
* Multiarch batch
* Checkpatch fix for Perl 5.22
* NBD fix
* Revert incorrect commit 5243722376
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJV+Y0VAAoJEL/70l94x66DppAH/393irRPGYJiZqClXDmPZymd
Ilv+mKQIA+QSGiMaVoq0POWqvSa6oPOIOAK8BexhHDWPnxDSeAU9JzjrkwQILjD3
A5kFsR1mhw/oV8aZCsE926SUoY90VH7QP2r0iGdur1VV9DG7CUE8q95umJuU1FCo
hvGI2HjlAPvxSrO+Y5vu4ZNOa5XBiUoLodT0j+jNZfoNMx3irAqkJLPqTUuPT8np
jBeu1MtMe3wNjDBm3WMVZwkNEZ3YtuhRkBeggXqDIl1Jm9lq4Eitk7rtETXm6yHz
Vjp9uAF4en/72gXbELRXp+aWvESEABcouLZrdPV/yjOmQD2oTFC7sZrm1c5rZPw=
=MkK8
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* Linux header update and cleanup
* Support for HyperV crash report
* Cleanup of target-specific HMP commands
* Multiarch batch
* Checkpatch fix for Perl 5.22
* NBD fix
* Revert incorrect commit 5243722376
# gpg: Signature made Wed 16 Sep 2015 16:39:01 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
* remotes/bonzini/tags/for-upstream: (24 commits)
nbd: release exp->blk after all clients are closed
checkpatch: Escape left braces in regex
monitor: uninclude cpu_ldst
include/exec: Move cputlb exec.c defs out
cputlb: Change tlb_set_dirty() arg to cpu
cputlb: move CPU_LOOP() for tlb_reset() to exec.c
translate: move real_host_page setting to -common
tcg: Move tci_tb_ptr to -common
tcg: split tcg_op_defs to -common
translate-all: Move tcg_handle_interrupt() to -common
cpu-exec: Migrate some generic fns to cpu-exec-common
qemu-char: Use g_new() & friends where that makes obvious sense
monitor: added generation of documentation for hmp-commands-info.hx
hmp-commands.hx: fix end of table info
monitor: remove target-specific code from monitor.c
hmp-commands-info: move info_cmds content out of monitor.c
i386/kvm: Hyper-v crash msrs set/get'ers and migration
kvm: Add kvm system event crash handler
cpu: Add crash_occurred flag into CPUState
target-i386: move asm-x86/hyperv.h to standard-headers
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The spec says:
Undefined – The value read from this bit is
undefined. In previous versions of this
specification, this bit was used to indicate a Link
Training Error. System software must ignore the
value read from this bit. System software is
permitted to write any value to this bit.
Do not allow injecting it.
Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, leading to an infinite
loop situation.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, which could lead to a
memory buffer overflow. Added other checks at initialisation.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
While processing transmit descriptors, it could lead to an infinite
loop if 'bytes' was to become zero; Add a check to avoid it.
[The guest can force 'bytes' to 0 by setting the hdr_len and mss
descriptor fields to 0.
--Stefan]
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1441383666-6590-1-git-send-email-stefanha@redhat.com
* qemu_mutex_lock_iothread "No such process" fix
* cutils: qemu_strto* wrappers
* iohandler.c simplification
* Many other fixes and misc patches.
And some MTTCG work (with Emilio's fixes squashed):
* Signal-free TCG kick
* Removing spinlock in favor of QemuMutex
* User-mode emulation multi-threading fixes/docs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJV8Tk7AAoJEL/70l94x66Ds3QH/3bi0RRR2NtKIXAQrGo5tfuD
NPMu1K5Hy+/26AC6mEVNRh4kh7dPH5E4NnDGbxet1+osvmpjxAjc2JrxEybhHD0j
fkpzqynuBN6cA2Gu5GUNoKzxxTmi2RrEYigWDZqCftRXBeO2Hsr1etxJh9UoZw5H
dgpU3j/n0Q8s08jUJ1o789knZI/ckwL4oXK4u2KhSC7ZTCWhJT7Qr7c0JmiKReaF
JEYAsKkQhICVKRVmC8NxML8U58O8maBjQ62UN6nQpVaQd0Yo/6cstFTZsRrHMHL3
7A2Tyg862cMvp+1DOX3Bk02yXA+nxnzLF8kUe0rYo6llqDBDStzqyn1j9R0qeqA=
=nB06
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* Support for jemalloc
* qemu_mutex_lock_iothread "No such process" fix
* cutils: qemu_strto* wrappers
* iohandler.c simplification
* Many other fixes and misc patches.
And some MTTCG work (with Emilio's fixes squashed):
* Signal-free TCG kick
* Removing spinlock in favor of QemuMutex
* User-mode emulation multi-threading fixes/docs
# gpg: Signature made Thu 10 Sep 2015 09:03:07 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
* remotes/bonzini/tags/for-upstream: (44 commits)
cutils: work around platform differences in strto{l,ul,ll,ull}
cpu-exec: fix lock hierarchy for user-mode emulation
exec: make mmap_lock/mmap_unlock globally available
tcg: comment on which functions have to be called with mmap_lock held
tcg: add memory barriers in page_find_alloc accesses
remove unused spinlock.
replace spinlock by QemuMutex.
cpus: remove tcg_halt_cond and tcg_cpu_thread globals
cpus: protect work list with work_mutex
scripts/dump-guest-memory.py: fix after RAMBlock change
configure: Add support for jemalloc
add macro file for coccinelle
configure: factor out adding disas configure
vhost-scsi: fix wrong vhost-scsi firmware path
checkpatch: remove tests that are not relevant outside the kernel
checkpatch: adapt some tests to QEMU
CODING_STYLE: update mixed declaration rules
qmp: Add example usage of strto*l() qemu wrapper
cutils: Add qemu_strtoull() wrapper
cutils: Add qemu_strtoll() wrapper
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Handle missing CPU support for EL3 gracefully.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1442135278-25281-2-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The errp and err variable have unnecessary brackets around them,
so remove the brackets.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 9900393572b63f2ec3d68785ca98193d81e0ac71.1441758563.git.alistair.francis@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
If host and target endianness does not match, loding an initramfs does not work.
Fix by writing boot parameters with appropriate endianness conversion.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Minor cleanup.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
My Coccinelle semantic patch finds a few more, because it also fixes up
the equally pointless conditional
if (foo) {
free(foo);
foo = NULL;
}
Result (feel free to squash it into your patch):
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The free() and g_free() functions both happily accept
NULL on any platform QEMU builds on. As such putting a
conditional 'if (foo)' check before calls to 'free(foo)'
merely serves to bloat the lines of code.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
A number of files were including strings.h but not using any
of the functions it provides
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
A number of files were including signal.h but not using any
of the functions it provides
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
A number of files were including dirent.h but not using any
of the functions it provides
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
A number of files were including assert.h but not using any
of the functions it provides
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Many source files have doubled words (eg "the the", "to to",
and so on). Most of these can simply be removed, but a couple
were actual mis-spellings (eg "to to" instead of "to do").
There was even one triple word score "to to to" :-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
A number of source files have statements accidentally
terminated by a double semicolon - eg 'foo = bar;;'.
This is harmless but a mistake none the less.
The tcg/ia64/tcg-target.c file is whitelisted because
it has valid use of ';;' in a comment containing assembly
code.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
We use muldiv64() to compute the time to wait:
timeout = muldiv64(get_ticks_per_sec(), timeout, 33000000);
but get_ticks_per_sec() is 10^9 (30 bit value) and timeout
is a 35 bit value.
Whereas muldiv64 is:
uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c)
So we loose 3 bits of timeout.
Swapping get_ticks_per_sec() and timeout fixes it.
We can also replace it by a multiplication by 30 ns,
but this changes PCI clock frequency from 33MHz to 33.333333MHz
and we need to do this on all the QEMU PCI devices (later...)
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJV8bU4AAoJEIlPj0hw4a6QIuUP/2zKkoU+KAO1/V5f2WBTwzZc
8X/t+yGMRaQS9ibWldg/kLJ+uqHt1O0XUDyoLFK03jfBd3bJDpGuVAKe39XQmNov
y0f+ytGDtLCRglBw2jJT1tu29y3GbCXYxLKLj9vHEoCt4OEdh5xQlwK5ZkzT+SOF
Qxnx+5rWMb3xnzxlfg354IJ0AGq1qZemkdhqwUJ66/mFKGRxjavn1cCqcb93tbMU
UYKdEkoATRPRrTIhLepUnb3x3fMtlKgZJdqpVDQ3+mwXLGa2C31qJe1h/ac8HVCj
1Rqj8h4va23LntOLS3AIYQcfDjDj1AQbfVKhpZzkYce3kPkXmJ+JwJ6CMQch0Bgw
bD6q8/5sJ30Weyi0Yp+ZjVWH2LVXYguf1csPw510c+ZJIsYTDv+AxF63hVmmdp8G
8B5YHhVMKkUtgrammdardjFBhl2XF+zn072RMh6KBAruI7YBAxo0hbRjoy2EWx0h
Z93VgcBZ6n6iYNlxpQ8kNxbdnJXo4mgHMBTTe9aOkfXArvllrfJZIWsi5aScrqbb
aP5RbFCoRWJVA2qOWywJL8W+rLtTK9244yuqwbhaxcBVw8/fH8VhJD2XxS7yozxS
LZwoYO7pjLpqwfnnqtnXOVjWD7aVlEGKWQSe7EV9wIDPrSU/RpBhP09kIu1yCqgM
Qki6v4d94v3S5Ounwl4n
=7+ii
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/sstabellini/tags/xen-2015-09-10-tag' into staging
xen-2015-09-10
# gpg: Signature made Thu 10 Sep 2015 17:52:08 BST using RSA key ID 70E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"
* remotes/sstabellini/tags/xen-2015-09-10-tag: (29 commits)
xen/pt: Don't slurp wholesale the PCI configuration registers
xen/pt: Check for return values for xen_host_pci_[get|set] in init
xen/pt: Move bulk of xen_pt_unregister_device in its own routine.
xen/pt: Make xen_pt_unregister_device idempotent
xen/pt: Log xen_host_pci_get/set errors in MSI code.
xen/pt: Log xen_host_pci_get in two init functions
xen/pt: Remove XenPTReg->data field.
xen/pt: Check if reg->init function sets the 'data' past the reg->size
xen/pt: Sync up the dev.config and data values.
xen/pt: Use xen_host_pci_get_[byte|word] instead of dev.config
xen/pt: Use XEN_PT_LOG properly to guard against compiler warnings.
xen/pt/msi: Add the register value when printing logging and error messages
xen: use errno instead of rc for xc_domain_add_to_physmap
xen/pt: xen_host_pci_config_read returns -errno, not -1 on failure
xen/pt: Make xen_pt_msi_set_enable static
xen/pt: Update comments with proper function name.
xen/HVM: atomically access pointers in bufioreq handling
xen-hvm: When using xc_domain_add_to_physmap also include errno when reporting
xen, gfx passthrough: add opregion mapping
xen, gfx passthrough: register host bridge specific to passthrough
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Instead we have the emulation registers ->init functions which
consult the host values to see what the initial value should be
and they are responsible for populating the dev.config.
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
and if we have failures we call xen_pt_destroy introduced in
'xen/pt: Move bulk of xen_pt_unregister_device in its own routine.'
and free all of the allocated structures.
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
This way we can call it if we fail during init.
This code movement introduces no changes.
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
To deal with xen_host_pci_[set|get]_ functions returning error values
and clearing ourselves in the init function we should make the
.exit (xen_pt_unregister_device) function be idempotent in case
the generic code starts calling .exit (or for fun does it before
calling .init!).
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
We seem to only use these functions when de-activating the
MSI - so just log errors.
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
To help with troubleshooting in the field.
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
We do not want to have two entries to cache the guest configuration
registers: XenPTReg->data and dev.config. Instead we want to use
only the dev.config.
To do without much complications we rip out the ->data field
and replace it with an pointer to the dev.config. This way we
have the type-checking (uint8_t, uint16_t, etc) and as well
and pre-computed location.
Alternatively we could compute the offset in dev.config by
using the XenPTRRegInfo and XenPTRegGroup every time but
this way we have the pre-computed values.
This change also exposes some mis-use:
- In 'xen_pt_status_reg_init' we used u32 for the Capabilities Pointer
register, but said register is an an u16.
- In 'xen_pt_msgdata_reg_write' we used u32 but should have only use u16.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
It should never happen, but in case it does (an developer adds
a new register and the 'init_val' expands past the register
size) we want to report. The code will only write up to
reg->size so there is no runtime danger of the register spilling
across other ones - however to catch this sort of thing
we still return an error.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
For a passthrough device we maintain a state of emulated
registers value contained within d->config. We also consult
the host registers (and apply ro and write masks) whenever
the guest access the registers. This is done in xen_pt_pci_write_config
and xen_pt_pci_read_config.
Also in this picture we call pci_default_write_config which
updates the d->config and if the d->config[PCI_COMMAND] register
has PCI_COMMAND_MEMORY (or PCI_COMMAND_IO) acts on those changes.
On startup the d->config[PCI_COMMAND] are the host values, not
what the guest initial values should be, which is exactly what
we do _not_ want to do for 64-bit BARs when the guest just wants
to read the size of the BAR. Huh you say?
To get the size of 64-bit memory space BARs, the guest has
to calculate ((BAR[x] & 0xFFFFFFF0) + ((BAR[x+1] & 0xFFFFFFFF) << 32))
which means it has to do two writes of ~0 to BARx and BARx+1.
prior to this patch and with XSA120-addendum patch (Linux kernel)
the PCI_COMMAND register is copied from the host it can have
PCI_COMMAND_MEMORY bit set which means that QEMU will try to
update the hypervisor's P2M with BARx+1 value to ~0 (0xffffffff)
(to sync the guest state to host) instead of just having
xen_pt_pci_write_config and xen_pt_bar_reg_write apply the
proper masks and return the size to the guest.
To thwart this, this patch syncs up the host values with the
guest values taking into account the emu_mask (bit set means
we emulate, PCI_COMMAND_MEMORY and PCI_COMMAND_IO are set).
That is we copy the host values - masking out any bits which
we will emulate. Then merge it with the initial emulation register
values. Lastly this value is then copied both in
dev.config _and_ XenPTReg->data field.
There is also reg->size accounting taken into consideration
that ends up being used in patch.
xen/pt: Check if reg->init function sets the 'data' past the reg->size
This fixes errors such as these:
(XEN) memory_map:add: dom2 gfn=fffe0 mfn=fbce0 nr=20
(DEBUG) 189 pci dev 04:0 BAR16 wrote ~0.
(DEBUG) 200 pci dev 04:0 BAR16 read 0x0fffe0004.
(XEN) memory_map:remove: dom2 gfn=fffe0 mfn=fbce0 nr=20
(DEBUG) 204 pci dev 04:0 BAR16 wrote 0x0fffe0004.
(DEBUG) 217 pci dev 04:0 BAR16 read upper 0x000000000.
(XEN) memory_map:add: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20
(XEN) p2m.c:883:d0v0 p2m_set_entry failed! mfn=ffffffffffffffff rc:-22
(XEN) memory_map:fail: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20 ret:-22
(XEN) memory_map:remove: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20
(XEN) p2m.c:920:d0v0 gfn_to_mfn failed! gfn=ffffffff00000 type:4
(XEN) p2m.c:920:d0v0 gfn_to_mfn failed! gfn=ffffffff00001 type:4
..
(XEN) memory_map: error -22 removing dom2 access to [fbce0,fbcff]
(DEBUG) 222 pci dev 04:0 BAR16 read upper 0x0ffffffff.
(XEN) memory_map:remove: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20
(XEN) memory_map: error -22 removing dom2 access to [fbce0,fbcff]
[The DEBUG is to illustate what the hvmloader was doing]
Also we swap from xen_host_pci_long to using xen_host_pci_get_[byte,word,long].
Otherwise we get:
xen_pt_config_reg_init: Offset 0x0004 mismatch! Emulated=0x0000, host=0x2300017, syncing to 0x2300014.
xen_pt_config_reg_init: Error: Offset 0x0004:0x2300014 expands past register size(2)!
which is not surprising. We read the value as an 32-bit (from host),
then operate it as a 16-bit - and the remainder is left unchanged.
We end up writing the value as 16-bit (so 0014) to dev.config
(as we use proper xen_set_host_[byte,word,long] so we don't spill
to other registers) but in XenPTReg->data it is as 32-bit (0x2300014)!
It is harmless as the read/write functions end up using an size mask
and never modify the bits past 16-bit (reg->size is 2).
This patch fixes the warnings by reading the value using the
proper size.
Note that the check for size is still left in-case the developer
sets bits past the reg->size in the ->init routines. The author
tried to fiddle with QEMU_BUILD_BUG to make this work but failed.
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
During init time we treat the dev.config area as a cache
of the host view. However during execution time we treat it
as guest view (by the generic PCI API). We need to sync Xen's
code to the generic PCI API view. This is the first step
by replacing all of the code that uses dev.config or
pci_get_[byte|word] to get host value to actually use the
xen_host_pci_get_[byte|word] functions.
Interestingly in 'xen_pt_ptr_reg_init' we also needed to swap
reg_field from uint32_t to uint8_t - since the access is only
for one byte not four bytes. We can split this as a seperate
patch however we would have to use a cast to thwart compiler
warnings in the meantime.
We also truncated 'flags' to 'flag' to make the code fit within
the 80 characters.
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
If XEN_PT_LOGGING_ENABLED is enabled the XEN_PT_LOG macros start
using the first argument. Which means if within the function there
is only one user of the argument ('d') and XEN_PT_LOGGING_ENABLED
is not set, we get compiler warnings. This is not the case now
but with the "xen/pt: Use xen_host_pci_get_[byte|word] instead of dev.config"
we will hit - so this sync up the function to the rest of them.
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
We would like to know what the MSI register value is to help
in troubleshooting in the field. As such modify the logging
logic to include such details in xen_pt_msgctrl_reg_write.
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
However the init routines assume that on errors the return
code is -1 (as the libxc API is) - while those xen_host_* routines follow
another paradigm - negative errno on return, 0 on success.
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
As we do not use it outside our code.
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
It has changed but the comments still refer to the old names.
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
The OpRegion shouldn't be mapped 1:1 because the address in the host
can't be used in the guest directly.
This patch traps read and write access to the opregion of the Intel
GPU config space (offset 0xfc).
The original patch is from Jean Guyader <jean.guyader@eu.citrix.com>
Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Currently we just register this isa bridge when we use IGD
passthrough in Xen side.
Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Currently IGD drivers always need to access PCH by 1f.0. But we
don't want to poke that directly to get ID, and although in real
world different GPU should have different PCH. But actually the
different PCH DIDs likely map to different PCH SKUs. We do the
same thing for the GPU. For PCH, the different SKUs are going to
be all the same silicon design and implementation, just different
features turn on and off with fuses. The SW interfaces should be
consistent across all SKUs in a given family (eg LPT). But just
same features may not be supported.
Most of these different PCH features probably don't matter to the
Gfx driver, but obviously any difference in display port connections
will so it should be fine with any PCH in case of passthrough.
So currently use one PCH version, 0x8c4e, to cover all HSW(Haswell)
scenarios, 0x9cc3 for BDW(Broadwell).
Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Now we retrieve VGA bios like kvm stuff in qemu but we need to
fix Device Identification in case if its not matched with the
real IGD device since Seabios is always trying to compare this
ID to work out VGA BIOS.
Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
We will try to reuse assign_dev_load_option_rom in xen side, and
especially its a good beginning to unify pci assign codes both on
kvm and xen in the future.
[Fix build for Windows]
Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Implement a pci host bridge specific to passthrough. Actually
this just inherits the standard one. And we also just expose
a minimal real host bridge pci configuration subset.
[Replace pread with lseek and read to fix Windows build]
Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
The current trace prototypes and (matching) trace calls lead to
"unorthodox" PCI BDF notation in at least the stderr trace backend. For
example, the four BARs of a QXL video card at 00:01.0 (bus 0, slot 1,
function 0) are traced like this (PID and timestamps removed):
pci_update_mappings_add d=0x7f14a73bf890 00:00.1 0,0x84000000+0x4000000
pci_update_mappings_add d=0x7f14a73bf890 00:00.1 1,0x80000000+0x4000000
pci_update_mappings_add d=0x7f14a73bf890 00:00.1 2,0x88200000+0x2000
pci_update_mappings_add d=0x7f14a73bf890 00:00.1 3,0xd060+0x20
The slot and function values are in reverse order.
Stick with the conventional BDF notation.
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Don Koch <dkoch@verizon.com>
Cc: qemu-trivial@nongnu.org
Fixes: 7828d75045
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
it will prevent guests on old machines from seeing
inconsistent memory mapping in firmware/ACPI views.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
reserved-memory-end tells firmware address from which
it could start treating memory as PCI address space
and map PCI BARs after it to avoid collisions with
RAM.
Currently it is incorrectly pointing to address where
hotplugged memory range starts which could redirect
hotplugged RAM accesses to PCI BARs when firmware
maps them over RAM or viceverse.
Fix this by pointing reserved-memory-end to the end
of memory hotplug area.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Commit ef546f1275 ("virtio: add
feature checking helpers") introduced a helper __virtio_has_feature.
We don't want to use reserved identifiers, though, so let's
rename __virtio_has_feature to virtio_has_feature and virtio_has_feature
to virtio_vdev_has_feature.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Remove arguments that can be found in PCMachineState.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
he current code walks up the bus tree for an iommu, however it passes
to the iommu_fn() callback the bus/devfn of the immediate child of
the level where the callback was found, rather than the original
bus/devfn where the search started from.
This prevents iommu's like POWER8 (and in fact also Q35) to properly
provide an address space for a subset of devices that aren't immediate
children of the iommu.
PCIe carries the originator bdfn acccross to the iommu on all DMA
transactions, so we must be able to properly identify devices at all
levels.
This changes the function pci_device_iommu_address_space() to pass
the original pointers to the iommu_fn() callback instead.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Use the same API to trigger interruption of a CPU, no matter if
under TCG or KVM. There is no difference: these calls come from
the CPU thread, so the qemu_cpu_kick calls will send a signal
to the running thread and it will be processed synchronously,
just like a call to cpu_exit. The only difference is in the
overhead, but neither call to cpu_exit (now qemu_cpu_kick)
is in a hot path.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This is unused. cpu_exit now is almost exclusively an internal function
to the CPU execution loop. In a few patches, we'll change the remaining
occurrences to qemu_cpu_kick, making it truly internal.
Reviewed-by: Richard henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The i8257 DMA controller uses an idle bottom half, which by default
does not cause the main loop to exit. Therefore, the DMA_schedule
function is there to ensure that the CPU relinquishes the iothread
mutex to the iothread.
However, this is not enough since the iothread will call
aio_compute_timeout() and go to sleep again. In the iothread
world, forcing execution of the idle bottom half is much simpler,
and only requires a call to qemu_notify_event(). Do it, removing
the need for the "cpu_request_exit" pseudo-irq. The next patch
will remove it.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Connect the Sysbus AHCI device to ZynqMP.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Sai Pavan Boddu <saipava@xilinx.com>
[PMM: removed unnecessary brackets in error_propagate call]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert all of the non-realize error_propagate() calls into error_abort
calls as they shouldn't be user visible failure cases.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The AHCIState struct can either have AHCIPCIState or SysbusAHCIState
as a parent. The ahci_irq_lower() and ahci_irq_raise() functions
assume that it is always AHCIPCIState, which is not always the
case, which causes a seg fault. Verify what the container of AHCIState
is before setting the PCIDevice struct.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: John Snow <jsnow@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pull the AHCI state structure out into the header. This allows
other containers to access the struct. This is required to add
the device to modern SoC containers.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Sai Pavan Boddu <saipava@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bit 15 of the PHY Specific Status Register is reserved and
should remain 0. Fix the reset value to ensure that the 15th
bit is not set.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: c795069e49040ff770fe2ece19dfe1791b729e22.1441316450.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
If we're creating a board with support for TrustZone, then enable
it on the GIC model as well as on the CPUs.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-7-git-send-email-peter.maydell@linaro.org
Switch the default for the 'virt' board to not providing TrustZone
support in either the CPU or the GIC. This is primarily for the
benefit of UEFI, which currently assumes there is no TrustZone
support, and does not set the GIC up correctly if it is TZ-aware.
It also means the board is consistent about its behaviour whether
we're using KVM or TCG (KVM never has TrustZone support).
If TrustZone support is required (for instance for running test
suites or TZ-aware firmware) it can be enabled with the
"-machine secure=on" command line option.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-6-git-send-email-peter.maydell@linaro.org
If the A9 and A15 CPUs which we're creating the peripherals for have
TrustZone (EL3) enabled, then also enable it in the GIC we create.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-5-git-send-email-peter.maydell@linaro.org
If we directly boot a kernel in NonSecure on a system where the GIC
supports the security extensions then we must cause the GIC to
configure its interrupts into group 1 (NonSecure) rather than the
usual group 0, and with their initial priority set to the highest
NonSecure priority rather than the usual highest Secure priority.
Otherwise the guest kernel will be unable to use any interrupts.
Implement this behaviour, controlled by a flag which we set if
appropriate when the ARM bootloader code calls our ARMLinuxBootIf
interface callback.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-4-git-send-email-peter.maydell@linaro.org
For ARM we have a little minimalist bootloader in hw/arm/boot.c which
takes the place of firmware if we're directly booting a Linux kernel.
Unfortunately a few devices need special case handling in this situation
to do the initialization which on real hardware would be done by
firmware. (In particular if we're booting a kernel in NonSecure state
then we need to make a TZ-aware GIC put all its interrupts into Group 1,
or the guest will be unable to use them.)
Create a new QOM interface which can be implemented by devices which
need to do something different from their default reset behaviour.
The callback will be called after machine initialization and before
first reset.
Suggested-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-3-git-send-email-peter.maydell@linaro.org
Although we were correctly handling interrupts becoming active
and then inactive, we weren't actually exposing this to the guest
by setting the 'active' flag for the interrupt, so reads
of GICD_ICACTIVERn and GICD_ISACTIVERn would generally incorrectly
return zeroes. Correct this oversight.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1438089748-5528-6-git-send-email-peter.maydell@linaro.org
The running_irq and last_active arrays represent state which
doesn't exist in a real hardware GIC. The only thing we use
them for is updating the running priority when an interrupt
is completed, but in fact we can use the active-priority
registers to do this. The running priority is always the
priority corresponding to the lowest set bit in the active
priority registers, because only one interrupt at any
particular priority can be active at once.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1438089748-5528-5-git-send-email-peter.maydell@linaro.org
A GICv2 has both GICC_APR<n> and GICC_NSAPR<n> registers, with
the latter holding the active priority bits for Group 1 interrupts
(usually Nonsecure interrupts), and the Nonsecure view of the
GICC_APR<n> is the second half of the GICC_NSAPR<n> registers.
Turn our half-hearted implementation of APR<n> into a proper
implementation of both APR<n> and NSAPR<n>:
* Add the underlying state for NSAPR<n>
* Make sure APR<n> aren't visible for pre-GICv2
* Implement reading of NSAPR<n>
* Make non-secure reads of APR<n> behave correctly
* Implement writing to APR<n> and NSAPR<n>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1438089748-5528-4-git-send-email-peter.maydell@linaro.org
Priority values for the GIC are divided into a "group priority"
and a "subpriority" (with the division being determined by the
binary point register). The running priority is only determined
by the group priority of the active interrupts, not the
subpriority. In particular, this means that there can't be more
than one active interrupt at any particular group priority.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1438089748-5528-3-git-send-email-peter.maydell@linaro.org
Change the implementation of the Interrupt Control and State Register
in the v7M NVIC to not use the running_irq and last_active internal
state fields in the GIC. These fields don't correspond to state in
a real GIC and will be removed soon.
The changes to the ICSR are:
* the VECTACTIVE field is documented as identical to the IPSR[8:0]
field, so implement it that way
* implement RETTOBASE via looking at the active state bits
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1438089748-5528-2-git-send-email-peter.maydell@linaro.org
IGD passthrough wants to supply a different pci and
host devices, inheriting i440fx devices. Make types
configurable.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
There are pieces of guest panic handling code
that can be shared in one generic function.
These code replaced by call qemu_system_guest_panicked().
Signed-off-by: Andrey Smetanin <asmetanin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Andreas Färber <afaerber@suse.de>
Message-Id: <1435924905-8926-10-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
- various bugfixes (css/event-facility)
- more efficient adapter interrupt routes setup
- gdb enhancement
- sclp got treated with a lot of remodelling/cleanup
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJV7aJjAAoJEN7Pa5PG8C+v1fgQALFLDq1zNaq4/mZkYLMqaFnt
nRQsZLzecxHJAVKdFBc5QlCBSRCFjSRLeLeiULu8UkREFO+iZ1HhdnwlTB83cs/3
iHuz+NzJI1C++ATIzqGJpZSXZgYqftar7LKAANwpwjSkANOytrs/m7Y31UYl4zkT
MgfAD0AYWITrOEyefMSXkPL4ddY0otzx7d9az16sIbarSlkItoNj/AVFVmKfPIFa
8cI54YNG582L4gWavC2HGNC95Fau8/oZhNzFAprerIOdCx0bqE5Pmlkohz6AJg+U
e5PyVfIV+fnZtnFtII68HtTwFz0JcBgtga0xWiqlVU+ICrXvyADJDmqeTsU6QMMR
sxTzHNtuSAvJ4JgwXz3nNq7nbUPDAo6SX/YwsTcKPWmFLG5ZctSAYxPBvNY27Mrw
NdywJ8xif6yK8Fc53Dey0+ZYnNTaI6sd/EMPGpeP4B7PU6iZU3z8YOtevSYGib5B
vonGo1YA+Z2DxM+WdT8rjSwgU/MRbRWdWSA4FBr/7K4dkG18d4Pi8Wng4BXlHz+w
kUzXhANJ2QvIfVlPlm8EKudPDVPMeXGG0SGSIDeUKnh/vZQ56LCUTYTasTsx3+MU
XbKJeDBbn+nB33KEOZB9weBL51BIjSB6iGEzVrKQSAsK85iUyqv7NzkrMPVYSB/e
ZQV4lfk6pJTQ2LaBp1Fb
=Ax4r
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20150907' into staging
s390x fixes and improvements:
- various bugfixes (css/event-facility)
- more efficient adapter interrupt routes setup
- gdb enhancement
- sclp got treated with a lot of remodelling/cleanup
# gpg: Signature made Mon 07 Sep 2015 15:42:43 BST using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
* remotes/cohuck/tags/s390x-20150907: (23 commits)
s390/sclp: simplify calculation of rnmax
s390/sclp: store the increment_size in the sclp device
s390: unify allocation of initial memory
s390: move memory calculation into the sclp device
s390/sclp: ignore memory hotplug operations if it is disabled
s390: disallow memory hotplug for the s390-virtio machine
s390: no need to manually parse for slots and maxmem
s390/sclp: move sclp_service_interrupt into the sclp device
s390/sclp: move sclp_execute related functions into the SCLP class
s390/sclp: introduce a root sclp device
s390/sclp: temporarily fix unassignment/reassignment of memory subregions
s390/sclp: replace sclp event types with proper defines
s390/sclp: rework sclp event facility initialization + device realization
sclp/s390: rework sclp cpu hotplug device notification
s390x/gdb: support reading/writing of control registers
s390x/kvm: make setting of in-kernel irq routes more efficient
pc-bios/s390-ccw: rebuild image
pc-bios/s390-ccw: Device detection in higher subchannel sets
s390x/event-facility: fix location of receive mask
s390x/css: start with cleared cstat/dstat
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
rnmax can be directly calculated using machine->maxram_size.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Let's calculate it once and reuse it.
Suggested-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Now that the calculation of the initial memory is hidden in the sclp
device, we can unify the allocation of the initial memory.
The remaining ugly part is the reserved memory for the virtio queues,
but that can be cleaned up later.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
The restrictions for memory calculation belong to the sclp device.
Let's move the calculation to that point, so we are able to unify it for
both s390 machines. The sclp device is the first device to be initialized.
It performs the calculation and safely stores it in the machine, where
other parts of the system can access an reuse it.
The memory hotplug device is now only created when it is really needed.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
If no memory hotplug device was created, the sclp command facility is
not exposed (SCLP_FC_ASSIGN_ATTACH_READ_STOR). We therefore have no
memory hotplug and should correctly report SCLP_RC_INVALID_SCLP_COMMAND
if any such command is executed.
This gets rid of these ugly asserts that could have been triggered
for the s390-virtio machine.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
That machine type doesn't currently support memory hotplug, so let's abort
if it is requested. Reason is, that the virtio queues are allocated for now
at the end of the initial ram - extending the ram is therefore not possible.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
ram_slots and maxram_size has already been parsed and verified by
common code for us.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Let's make that function a method of the new sclp device, keeping
the wrapper for existing users.
We can now let go of get_event_facility().
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Let's move the sclp_execute related functions into the SCLP class
and pass the device state as parameter, so we have easy access to
the SCLPDevice later on.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Let's create a root sclp device, which has other sclp devices as
children (e.g. the event facility for now) and can later be used
for migration of sclp specific attributes and setup of memory.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Commit 374f2981d1 ("memory: protect current_map by RCU") broke
unassignment of standby memory on s390x. Looks like that the new
parallelism allows races with our (semi broken) memory hotplug code. The
flatview_unref() can now be executed after our unparenting. Therefore
memory_region_unref() tries to unreference the MemoryRegion itself instead
of the parent.
In theory, MemoryRegions are now bound to separate devices that control
their lifetime. We don't have this yet, so we really want to control their
lifetime manually.
This patch fixes it temporarily, until we have a proper rework. The only
drawback is that they won't pop up in "info qom-tree", but that's better
than qemu crashes.
We have to release the reference to a memory region after a
memory_region_find, as it automatically takes a reference. As we're now
able to reassign memory, the MemoryRegion is in fact deleted (otherwise
vmstate_register_ram() would complain).
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Introduce TYPE_SCLP_QUIESCE and make use of it. Also use
TYPE_SCLP_CPU_HOTPLUG where applicable.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
The current code only works by chance. The event facility is a sysbus
device, but specifies in its class structure as parent the DeviceClass
(instead of a device class).
The init function in return lies therefore at the same position as
the init function of SysBusDeviceClass and gets triggered instead -
a very bad idea of doing that (e.g. the parameter types don't match).
Let's bring the initialization code up to date, initializing the event
facility + child events in .instance_init and moving the realization of
the child events out of the init call, into the realization step.
Device realization is now automatically performed when the event facility
itself is realized. That realization implicitly triggers realization of
the child bus, which in turn initializes the events.
Please note that we have to manually propagate the realization of the bus
children, common code still has a TODO set for that task.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Let's get rid of this strange local variable + irq logic and
work directly on the QOM. (hint: what happens if two such devices
are created?)
We could introduce proper QOM class + state for the cpu hotplug device,
however that would result in too much overhead for a simple
"trigger_signal" function.
Also remove one unnecessary class function initialization.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
When we add new adapter routes we call kvm_irqchip_add_route() for every
virtqueue and in the same step also do the KVM_SET_GSI_ROUTING ioctl.
This is unnecessary costly as the interface allows us to set multiple
routes in one go. Let's first add all routes to the table stored in the
global kvm_state and then do the ioctl to commit the routes to the
in-kernel irqchip.
This saves us several ioctls to the kernel where for each call a list
is reallocated and populated.
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
When executing the start function, we should start with a clear state
regarding subchannel and device status; it is easy to forget updating one
of them after the ccw has been processed.
Note that we don't need to care about resetting the various control
fields: They are cleared by tsch(), and if they were still pending,
we wouldn't be able to execute the start function in the first
place.
Also note that we don't want to clear cstat/dstat if a suspended
subchannel is resumed.
This fixes a bug where we would continue to present channel-program
check in cstat even though later ccw requests for the subchannel
finished without error (i.e. cstat should be 0).
Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
For selective read event, we need to check if any event is requested
that is not active instead of whether none of the requested events is
active.
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Eric Farman <farman@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Type-0 ccws need to have a count > 0 for any command other than TIC.
Generate a channel-program check if this is not the case.
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
In CCW-0 format TIC command 4 highest bits are ignored in the subchannel.
In CCW-1 format the TIC command 4 highest bits must be 0.
To convert TIC from CCW-0 to CCW-1 we clear the 4 highest bits
to guarantee compatibility.
Signed-off-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Use pow2ceil() to round up to the next power of 2, rather
than an inline calculation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1437741192-20955-4-git-send-email-peter.maydell@linaro.org
Use the utility function pow2ceil() for rounding up to the next
largest power of 2, rather than inline calculation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1437741192-20955-3-git-send-email-peter.maydell@linaro.org
A couple of places in hw/pci use an inline calculation to round a
size up to the next largest power of 2. We have a utility routine
for this, so use it.
(The behaviour of the old code is different if the size value
is 0 -- it would leave it as 0 rather than rounding up to 1,
but in both cases we know the size can't be 0.
In the case where the size value had bit 31 set, the old code
would invoke undefined behaviour; the new code will give a
result of 0. Presumably that could never happen either.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1437741192-20955-2-git-send-email-peter.maydell@linaro.org
At least with KVM, currently there's no reason why QEMU would not be
capable of handling Aff3 != 0. This commit fixes up FDT creation in such
a case.
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Message-id: eef5a86e6d9a313780dbc23b35fcb65df42a3e9e.1441366248.git.p.fedin@samsung.com
[PMM: folded two overlong lines]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested by booting a minimal Linux system on the emulated platform
Tested by booting the Xvisor hypervisor on the emulated platform
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: d27347300d253509d921bc27a6d0a14db877478b.1441057361.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
For now we support the following devices:
* CPU: ARM926
* Interrupt Controller: AVIC
* CCM
* UART x 5
* EPIT x 2
* GPT x 4
* FEC
* I2C x 3
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 62218bfa90f9101f79098e768c3d58bd92dcb7f3.1441057361.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This is based on mcf_fec.c FEC implementation for Coldfire
* A generic PHY was added (borrowwed from LAN9118)
* The buffer management is also modified as buffers are
slightly different between Coldfire and i.MX
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: fb314f8a120aa49f8f6ad886f312c649b484fb5a.1441057361.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The slave mode is not implemented.
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 508dbf2ebe26ec383d3a12a1db5a7890ac8acf20.1441057361.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert the KZM board to use the i.MX31 SoC defintition instead of
redefining the entire SoC on the machine level. Major rewrite of the
machine init code.
While touching the memory map comment de-indent to the correct level
of indentation.
This obsoletes the legacy i.MX device device creation helpers which are removed.
Tested by booting a minimal Linux system on the emulated platform
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 5e783561f092e1c939562fdff001f1ab1194b07f.1441057361.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
For now we support the following devices:
* CPU: ARM1136
* Interrupt Controller: AVIC
* CCM
* UART x 2
* EPIT x 2
* GPT
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: f146d819594e41568daec42a1d0f440cdfe3df76.1441057361.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This large region is necessary for some devices like ivshmem and video cards
32-bit kernels can be built without LPAE support. In this case such a kernel
will not be able to use PCI controller which has windows in high addresses.
In order to work around the problem, "highmem" option is introduced. It
defaults to on on, but can be manually set to off in order to be able to run
those old 32-bit guests.
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org>
[PMM: Added missing ULL suffixes and a comment to the a15memmap[] entry]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch generates smbios tables for ARM mach-virt. Also add
CONFIG_SMBIOS=y for ARM default config.
Acked-by: Gabriel Somlo <somlo@cmu.edu>
Tested-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org>
Tested-by: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Wei Huang <wei@redhat.com>
Message-id: 1440615870-9518-3-git-send-email-wei@redhat.com
[PMM: Added missing braces around an if().]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch adds support for SMBIOS 3.0 entry point. When caller invokes
smbios_set_defaults(), it can specify entry point as 2.1 or 3.0. Then
smbios_get_tables() will return the entry point table in right format.
Acked-by: Gabriel Somlo <somlo@cmu.edu>
Tested-by: Gabriel Somlo <somlo@cmu.edu>
Tested-by: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Wei Huang <wei@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1440615870-9518-2-git-send-email-wei@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This code disables storage key migration when an older machine type is
specified.
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Routines to save/load guest storage keys are provided. register_savevm is
called to register them as migration handlers.
We prepare the protocol to support more complex parameters. So we will
later be able to support standby memory (having empty holes), compression
and "state live migration" like done for ram.
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Provide an info skeys hmp sub-command to allow the end user to dump a storage
key for a given address. This is useful for guest operating system developers.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Add dump-skeys command to the human monitor.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Provide a dump-skeys qmp command to allow the end user to dump storage
keys. This is useful for debugging problems with guest storage key support
within Qemu and for guest operating system developers.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
s390 guest initialization is modified to make use of new s390-storage-keys
device. Old code that globally allocated storage key array is removed.
The new device enables storage key access for kvm guests.
Cache storage key QOM objects in frequently used helper functions to avoid a
performance hit every time we use one of these functions.
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
A new QOM style device is provided to back guest storage keys. A special
version for KVM is created, which handles the storage key access via
KVM_S390_GET_SKEYS and KVM_S390_SET_SKEYS ioctl.
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
ne2000_receive already checks the same conditions and drops the packet
if it's not ready, removing the .can_receive callback avoids the
necessity to add explicit flushes when the conditions turn true (which
is required by the new semantics of .can_receive since 6e99c63
"net/socket: Drop net_socket_can_send").
Plus the "return 1" if E8390_STOP is also suspicious.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Commit 6e99c63 ("net/socket: Drop net_socket_can_send") changed the
semantics around .can_receive for sockets to now require the device to
flush queued pkts when transitioning to a .can_receive=true state. But
it's OK to drop incoming packets when the link is not active.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When operation in standard mode, we currently return the size
of packet during buffer overflow. This consumes the overflow
packet. Return 0 instead so we can re-process the overflow packet
when we have room.
This fixes issues with lost/dropped fragments of large messages.
Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1441121206-6997-3-git-send-email-vyasevic@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
rtl8139_do_receive() tries to check for the overflow condition
by making sure that packet_size + 8 does not exceed the
available buffer space. The issue here is that RxBuffAddr,
used to calculate available buffer space, is aligned to a
a 4 byte boundry after every update. So it is possible that
every packet ends up being slightly padded when written
to the receive buffer. This padding is not taken into
account when checking for overflow and we may end up missing
the overflow condition can causing buffer overwrite.
This patch takes alignment into consideration when
checking for overflow condition.
Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1441121206-6997-2-git-send-email-vyasevic@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The tx offload feature accesses a 16-bit aligned TCP header struct. The
32-bit fields must be accessed using ldl/stl wrappers since some host
architectures fault on unaligned access.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1438604157-29664-4-git-send-email-stefanha@redhat.com
Eliminate the following "custom" macros since they are just duplicates
of net/eth.h macros under a different name:
ETHER_ADDR_LEN -> ETH_ALEN
ETH_P_8021Q -> ETH_P_VLAN
IP_HEADER_LENGTH -> IP_HDR_GET_LEN
TCP_FLAG_FIN -> TH_FIN
TCP_FLAG_PUSH -> TH_PUSH
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1438604157-29664-3-git-send-email-stefanha@redhat.com
The transmit offload features inspect Ethernet, IP, TCP, and UDP
headers. Avoid redefining these net/eth.h structs.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1438604157-29664-2-git-send-email-stefanha@redhat.com
The Xilinx EP108 has four separate OCM banks which are located
adjacent to each other. This patch adds the four banks to
the ZynqMP SoC.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: afa6ba31163a5d541a0bef4b0dc11f2597e0c495.1436813543.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* vhost-scsi fix from Igor and Lu Lina
* a build system fix from Daniel
* two more multi-arch-related patches from Peter C.
* TCG patches from myself and Sergey Fedorov
* RCU improvement from Wen Congyang
* a few more simple cleanups
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJVzmCgAAoJEL/70l94x66DhFgH/1m3iGac2Ks3vAUAdS2HBcxC
EeziMwWFmkrfbtzUkz/jE0NG5uA2Bs8OFHsC8vmQFwkpDbGUlJ1zd5/N5UOHMG3d
zF0vd+nKNw9C1Fo0/LPyQSeP64/xXEMTmFLqmYf4ZOowz8lr/m6WYrMIzKUoXSEn
FeRtq78moDT8qwF372j8aoQUUpsctXDHBQHORZdcERvlc4mxojeJ3+mNViR2bv3r
92PwGvrJ26mQXEKmGo5O1VM4k7QVg7xJQfgE11x7ShE2E9fJDMgts0Q/xCjWCLwS
BXtEtbd9QeFEfG/mlRFevGtuvksq98m0hN7lAWb13zWmlJFuLyyMmlGfGAlU55Q=
=Y2DB
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* SCSI fixes from Stefan and Fam
* vhost-scsi fix from Igor and Lu Lina
* a build system fix from Daniel
* two more multi-arch-related patches from Peter C.
* TCG patches from myself and Sergey Fedorov
* RCU improvement from Wen Congyang
* a few more simple cleanups
# gpg: Signature made Fri 14 Aug 2015 22:41:52 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
disas: Defeature print_target_address
hw: fix mask for ColdFire UART command register
scsi-generic: identify AIO callbacks more clearly
scsi-disk: identify AIO callbacks more clearly
scsi: create restart bottom half in the right AioContext
configure: only add CONFIG_RDMA to config-host.h once
qemu-nbd: remove unnecessary qemu_notify_event()
vhost-scsi: Clarify vhost_virtqueue_mask argument
exec: use macro ROUND_UP for alignment
rcu: Allow calling rcu_(un)register_thread() during synchronize_rcu()
exec: drop cpu_can_do_io, just read cpu->can_do_io
cpu_defs: Simplify CPUTLB padding logic
cpu-exec: Do not invalidate original TB in cpu_exec_nocache()
vhost/scsi: call vhost_dev_cleanup() at unrealize() time
virtio-scsi-test: Add test case for tail unaligned WRITE SAME
scsi-disk: Fix assertion failure on WRITE SAME
tests: virtio-scsi: clear unit attention after reset
scsi-disk: fix cmd.mode field typo
virtio-scsi: use virtqueue_map_sg() when loading requests
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Functions that are not callbacks should assert that aiocb is NULL and
have a SCSIGenericReq argument.
AIO callbacks should assert that aiocb is not NULL. They also have an
opaque argument.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Functions that are not callbacks should assert that aiocb is NULL and
have a non-opaque argument (usually a pointer to SCSIDiskReq).
AIO callbacks should assert that aiocb is not NULL and take care of
calling block_acct done. They also have an opaque argument.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This matches commit 4407c1c (virtio-blk: Schedule BH in the right context,
2014-06-17), which did the same thing for virtio-blk.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
vhost_virtqueue_mask takes an "absolute" virtqueue index, while the
code looks like it's passing an index that is relative to
s->dev.vq_index. In reality, s->dev.vq_index is always zero, so
this patch does not make any difference, but the code is clearer.
Signed-off-by: Lu Lina <lina.lulina@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1437978359-17960-1-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Changes:
* mips32r5-generic CPU updated and renamed to P5600
* improvements in LWL/LDL, logging and fulong2e
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJVzMGTAAoJEFIRjjwLKdprClUH/2col9J1MIoYm+8Ac8Q5hBd5
Bpg1HvWql8ecx29z9bhDNkitXATaMkwho05aEl0xkYzjhKMvjs2ayTuko35ryOY6
KRSONpndvfJLDCaxdrQcvKG9DXmhSPIy2TZLv0Jpl0dfhPXm0LPxv3WQ/s8YZJa7
e2bGmUNLyloySMEmq7T55U4FCB/eyzzLBreCR4miOxU+KBKSAQyZBB9dcCj52sCM
qA8OtaQZdKXUYvqwd+mRpCUjvqhrfFmMSV/A0VclXHCxb9lX63HY1c7X6bHzNyoP
YWwCJLadQsYMUl4ajF+phUrWu6mjRgpcpQKSYiX8+u2gdcbVY6TeyzjYfsczLf8=
=Owqn
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150813' into staging
MIPS patches 2015-08-13
Changes:
* mips32r5-generic CPU updated and renamed to P5600
* improvements in LWL/LDL, logging and fulong2e
# gpg: Signature made Thu 13 Aug 2015 17:10:59 BST using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8DD3 2F98 5495 9D66 35D4 4FC0 5211 8E3C 0B29 DA6B
* remotes/lalrae/tags/mips-20150813:
target-mips: Use CPU_LOG_INT for logging related to interrupts
hw/pci-host/bonito: Avoid buffer overrun for bad LDMA/COP accesses
target-mips: simplify LWL/LDL mask generation
target-mips: update mips32r5-generic into P5600
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The LDMA and COP memory regions represent four 32 bit registers
each, but the memory regions themselves are 0x100 bytes large.
Add guards to the read and write accessors so that bogus accesses
beyond the four defined registers don't just run off the end of
the bonldma and boncop structs and into whatever lies beyond.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Mostly cleanups, notably Eduardo's compat code rework,
and smbios rearrangement for use by ARM.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVzIaUAAoJECgfDbjSjVRpnR4IAK8rXJYmByh4haqhHnDCVSTR
EHmYyZrMHFAVLw4o5iu62a8Fe8De4JlwLIK5N/nM68ct0eVJkP1NbWRSQGTq5bbc
LNOElWunxChvSiF/6ZbyuLkIUN69L+S3bGf8vnB8TvxS4h2PLpswdsw7fOuBR1zB
S1fa6Me4iR/O8qss5HlchAf6Ugske8bWlrr2uh+UFiphzyE7rTwJ0Iop4KLxhn2m
R8b5ll+b5IN8Crvi3kCPn/cwR7qWjYDeZ2bpVpAOcM6xG3As0uBp7Dx+03bBei/p
SqPbnCLBVEF7iKjKw4QW79iQMFSapEKTX2Z8n6kjNMWGSDFbbplGVHEQmaWqfBw=
=2yy6
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio,pc,acpi fixes, cleanups
Mostly cleanups, notably Eduardo's compat code rework,
and smbios rearrangement for use by ARM.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 13 Aug 2015 12:59:16 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream: (24 commits)
MAINTAINERS: list smbios maintainers
smbios: move smbios code into a common folder
smbios: remove dependency on x86 e820 tables
smbios: extract x86 smbios building code into a function
acpi: avoid potential uninitialized access to cpu_hp_io_base
virtio-net: remove useless codes
pci: allow 0 address for PCI IO/MEM regions
pc: Remove redundant arguments from pc_memory_init()
pc: Remove redundant arguments from pc_cmos_init()
pc: Remove redundant arguments from *load_linux()
pc: Use PCMachineState as pc_guest_info_init() argument
pc: Move {above,below}_4g_mem_size variables to PCMachineState
pc: Use PCMachineState for pc_memory_init() argument
pc: Use PCMachineState for pc_cmos_init() argument
pc: Eliminate pc_default_machine_options()
pc: Eliminate pc_common_machine_options()
pc: Move PCMachineClass, PCMachineState to qemu/typedefs.h
pc: Rename pc_machine variables to pcms
pc: Use error_abort when registering properties
target-i386: Remove x86_cpu_compat_set_features()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
To share smbios among different architectures, this patch moves SMBIOS
code (smbios.c and smbios.h) from x86 specific folders into new
hw/smbios directories. As a result, CONFIG_SMBIOS=y is defined in
x86 default config files.
Acked-by: Gabriel Somlo <somlo@cmu.edu>
Tested-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Wei Huang <wei@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Current smbios builds type 19 table from e820, which is x86 specific.
This patch removes smbios' dependency on e820 by passing an array
of memory area to smbios_get_tables().
Acked-by: Gabriel Somlo <somlo@cmu.edu>
Tested-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Wei Huang <wei@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch extracts out the procedure of buidling x86 SMBIOS tables
into a dedicated function.
Acked-by: Gabriel Somlo <somlo@cmu.edu>
Tested-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Wei Huang <wei@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When building QEMU with Mingw64 toolchain I see a warning
CC x86_64-softmmu/hw/i386/acpi-build.o
hw/i386/acpi-build.c: In function 'acpi_build':
hw/i386/acpi-build.c:1138:9: warning: 'pm.cpu_hp_io_base' may be used uninitialized in this function [-Wmaybe-uninitialized]
aml_append(crs,
^
hw/i386/acpi-build.c:1666:16: note: 'pm.cpu_hp_io_base' was declared here
AcpiPmInfo pm;
^
In acpi_get_pm_info() some of the fields are pre-initialized
to 0, but this one was missed.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
After commit 40bad8f3deba15e2074ff34cfe923c12916b1cc5("virtio-net: fix
used len for tx"), async_tx.len was no longer used afterwards. So
remove useless codes with it.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Some kernels program a 0 address for io regions. PCI 3.0 spec
section 6.2.5.1 doesn't seem to disallow this.
based on patch by Michael Roth <mdroth@linux.vnet.ibm.com>
Add pci_allow_0_addr in MachineClass to conditionally
allow addr 0 for pseries, as this can break other architectures.
This patch allows to hotplug PCI card in pseries machine, as the first
added card BAR0 is always set to 0 address.
This as a temporary hack, waiting to fix PCI memory priorities for more
machine types...
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Remove arguments that can be found in PCMachineState.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Remove arguments that can be found in PCMachineState.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Remove arguments that can be found in PCMachineState.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This will make the info readily available for the other initialization
functions, and will allow us to simplify their argument list.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pc_memory_init() already expects a PCMachineState object, there's no
point in upcasting it to MachineState before calling the function.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pc_cmos_init() already expects a PCMachineState object, there's no point
in upcasting it to MachineState before calling the function.
While doing it, reorder the arguments so PCMachineState is the first
function argument.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The only PC machines that didn't call pc_default_machine_options() were
isaps and xenfv. Both were already overwriting max_cpus, and only isapc
was not overwriting hot_add_cpu.
After making isapc set hot_add_cpu to NULL, we can move the
pc_default_machine_options() code the PC common class_init.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
All TYPE_PC_MACHINE subclasses call pc_common_machine_options().
TYPE_PC_MACHINE can simply initialize the common options on class_init
directly.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Make the code use the same variable name everywhere. "pcms" is already
being used in existing code and it's shorter.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
No errors should happen when registering the properties, but we
shouldn't silently ignore them if they happen.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Now we can use compat_props to keep CPUID feature compatibility, using
the boolean QOM properties for CPUID feature flags.
This simplifies the compatibility code, and reduces duplication between
pc_piix.c and pc_q35.c.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The existing i440fx initialization code sets a PCI config register that
isn't documented anywhere in the Intel 440FX datasheet. Register 0x57 is
DRAMC (DRAM Control) and has nothing to do with the RAM size.
This was implemented in commit ec5f92ce6a
because old coreboot code tried to read registers 0x5a-0x5f,0x56,0x57 to
get the RAM size from QEMU, but I couldn't find out why coreboot did
that. I assume it was a mistake, and the original code was supposed to
be reading the DRB[0-7] registers (offsets 0x60-0x67).
Document that coreboot-specific register offset in a macro and a
comment, for future reference.
Cc: Ed Swierk <eswierk@skyportsystems.com>
Cc: Richard Smith <smithbone@gmail.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The old rules.mak loads dependency .d files using include directive
with file glob pattern "*.d". This breaks the build when build tree has
left-over *.d files from another build.
This patch fixes this by
- loading precise list of .d files made from *.o and *.mo.
- specifying explicit list of required dependency info files for
*.hex autogenerated sources.
Note that Makefile still includes some .d in root directory by including
"*.d".
Signed-off-by: Victor Kaplansky <victork@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
In rules like "bar/%.o: %.c" there is a difference between $(*D) and
$(@D). $(*D) expands to '.', while $(@D) expands to 'bar'. It is
cleaner to generate *.d in the same directory where appropriate *.o
resides. This allows precise including of dependency info from .d files.
As a hack, we also touch two sources for generated *.hex files. Without
this hack, anyone doing "git pull; make" will not get *.hex rebuilt
correctly since the dependency file would be missing.
Signed-off-by: Victor Kaplansky <victork@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The "chardev" property initialization might have failed (for example because
there are not enough chardevs provided by QEMU).
The serial device emulator needs to be able to work with an uninitialized
(NULL) chardev device pointer.
This patch adds some missing tests on the chr pointer value before
using it.
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1438342461-18967-1-git-send-email-jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Since we now support both the hypervisor and the secure physical timer, wire
their interrupt lines up in the a15mpcore wrapper object.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1437047249-2357-5-git-send-email-peter.maydell@linaro.org
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Wire up the secure timer interrupt. Since we've defined
that the plain old physical timer is the NS timer, we can
drop the now-out-of-date comment about QEMU not having TZ.
Use a data-driven loop to wire up the timer interrupts, since
we now have four of them and the code is the same for each.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1437047249-2357-4-git-send-email-peter.maydell@linaro.org
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
This small inline returns correct GIC class name depending on whether we
use KVM acceleration or not. Avoids duplicating the condition everywhere.
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 4f26901be9b844b563673ce3ad08eeedbb7a7132.1438758065.git.p.fedin@samsung.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Extracted duplicated initialization code from SW-emulated and KVM GIC
implementations and put into gic_init_irqs_and_mmio()
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Message-id: 8ea5b2781ef39cb5989420987fc73c70e377687d.1438758065.git.p.fedin@samsung.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1436791864-4582-8-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Replace magic constants with macros from
hw/arm/virt.h and hw/intc/arm_gic_common.h.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1436791864-4582-7-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
1.0 does not requires physically-contiguous pages layout for a
virtqueue. So we could not infer avail and used from desc. This means
we need to migrate vring.avail and vring.used when host support virtio
1.0. This fixes malfunction of virtio 1.0 device after migration.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
From: Dana Rubin <dana.rubin@ravellosystems.com>
In commit 80da311d81,
"net/vmxnet3: Fix RX TCP/UDP checksum on partially summed packets"
a debug message was introduced in vmxnet3_rx_need_csum_calculate() for
an unlikely input condition.
The message accidentally printed 'len' variable instead of 'pkt_len'.
Fix, providing the correct argument.
Signed-off-by: Dana Rubin <dana.rubin@ravellosystems.com>
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Message-id: 1438109090-18957-1-git-send-email-shmulik.ladkani@ravellosystems.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
pci_piix3_xen_ide_unplug should completely unhook the unplugged
IDEDevice from the corresponding BlockBackend, otherwise the next call
to release_drive will try to detach the drive again.
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVv1m5AAoJEJykq7OBq3PIO+QIAMbPSu/ZqfdANX+H4bgshudw
9CMYsgEqlmjOSeFP1Pp7lYbuceInsvY4Ks+GtWsPkV/mhEl4+g1h9uWKMSWg0jsU
14hfi7ibJomFngRPkEhcDemu6JSLAGsqedLPyrFZZyGzVZnY/TmpwG3s9CiSUSU0
h7knQLxt8QemsPU+rlH6xE/QkSdyWpERsUCTpcKufIGwIZJDeUfW1/9UxDp6M0QK
LZj+8ZJzF2g/s51xHCTmAyvFZxROceEgUbGyWYNh1Aj55LMT7k+t4TTEYkizqTYj
n0AUDzV65Pm67OWRf22siqb74BPt72gf/048LmhqE7o4NZvLqJ7Kff6pFDYOF0Q=
=9hkg
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanha/tags/rtl8139-cplus-tx-input-validation-pull-request' into staging
Pull request
# gpg: Signature made Mon Aug 3 13:08:25 2015 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/rtl8139-cplus-tx-input-validation-pull-request:
rtl8139: check TCP Data Offset field (CVE-2015-5165)
rtl8139: skip offload on short TCP header (CVE-2015-5165)
rtl8139: check IP Total Length field (CVE-2015-5165)
rtl8139: check IP Header Length field (CVE-2015-5165)
rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165)
rtl8139: drop tautologous if (ip) {...} statement (CVE-2015-5165)
rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The TCP Data Offset field contains the length of the header. Make sure
it is valid and does not exceed the IP data length.
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
TCP Large Segment Offload accesses the TCP header in the packet. If the
packet is too short we must not attempt to access header fields:
tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The IP Total Length field includes the IP header and data. Make sure it
is valid and does not exceed the Ethernet payload size.
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The IP Header Length field was only checked in the IP checksum case, but
is used in other cases too.
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Transmit offload features access Ethernet and IP headers the packet. If
the packet is too short we must not attempt to access header fields:
int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
...
eth_payload_data = saved_buffer + ETH_HLEN;
...
ip = (ip_header*)eth_payload_data;
if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The previous patch stopped using the ip pointer as an indicator that the
IP header is present. When we reach the if (ip) {...} statement we know
ip is always non-NULL.
Remove the if statement to reduce nesting.
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Transmit offload needs to parse packet headers. If header fields have
unexpected values the offload processing is skipped.
The code currently uses nested ifs because there is relatively little
input validation. The next patches will add missing input validation
and a goto label is more appropriate to avoid deep if statement nesting.
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
There are likely others that could be updated, but we'll
go with a light touch for 2.4 for now.
Without the Unsigned specifier, this shifts bits into the
signed bit, which makes clang unhappy and could cause
unwanted behavior.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1437501721-24495-1-git-send-email-jsnow@redhat.com
Commit bd4214fc dropped TRIM support by mistake. Given it is still
advertised to the host when using a drive with discard=on, this cause
the IDE bus to hang when the host issues a TRIM command.
This patch fixes that by re-adding the TRIM code, ported to the new
new DMA implementation.
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: John Snow <jsnow@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Message-id: 1438198068-32428-1-git-send-email-aurelien@aurel32.net
Signed-off-by: John Snow <jsnow@redhat.com>
vhost-scsi calls vhost_dev_init() at realize() time
but forgets to call it's counterpart vhost_dev_cleanup()
at unrealize() time.
Calling it should fix leaking of memory table and
mem_sections table in vhost device. And also unregister
vhost's memory listerner to prevent access from
memory core to freed memory.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1438262999-287627-1-git-send-email-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The last portion of an unaligned WRITE SAME command could fail the
assertion in bdrv_aligned_pwritev:
assert(!qiov || bytes == qiov->size);
Because we updated data->iov.iov_len right above this if block, but
data->qiov still has the old size.
Reinitialize the qiov to make them equal and keep block layer happy.
Cc: qemu-stable@nongnu.org
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1438159512-3871-2-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The cmd.xfer field is the data length. The cmd.mode field is the data
transfer direction.
scsi_handle_rw_error() was using the wrong error policy for read
requests.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <1438262173-11546-3-git-send-email-stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The VirtQueueElement struct is serialized during migration but the
in_sg[]/out_sg[] iovec arrays are not usable on the destination host
because the pointers are meaningless.
Use virtqueue_map_sg() to refresh in_sg[]/out_sg[] to valid pointers
based on in_addr[]/out_addr[] hwaddrs.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <1438262173-11546-2-git-send-email-stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
These two .can_receive() are now reviewed. The net subsystem queue for 2.4 is now empty.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVt3TbAAoJEJykq7OBq3PIxcQH/2LEY8q3zetJdNe9Zu1bQMhQ
J/Ah+szCNCCHOpNfQEBI6zRT4wUMZZTlIUM1el2ykYnYqRYd585GK/+RZ0/yWQUG
yYNWAFfj/b586+aazk2+BnosSywVjCZ1f32OtaAsh14c+3aoXkQyahljA4onIuVp
kLi1psmnBZgRf6AeICnuUTTOYq8BBX6CTg0sxPpIbZe57epwGkK+6gtZV6aSW/Ra
lbkhXNrmyyvycGuOLDpyjE3yUvHuwn+H+JFeRklTEA2pKyMg1AYVMrIKvBeQej8u
g4+sYYME0rMuFL9iISwVYnkTBjYZnE8+6on2ELkElGvWf28kqb1rYWYciyRhf1Y=
=K3Fg
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
Pull request
These two .can_receive() are now reviewed. The net subsystem queue for 2.4 is now empty.
# gpg: Signature made Tue Jul 28 13:26:03 2015 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/net-pull-request:
xen: Drop net_rx_ok
hw/net: handle flow control in mcf_fec driver receiver
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Mostly virtio 1 spec compliance fixes.
We are unlikely to make it perfectly compliant in
the first release, but it seems worth it to try.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVtprUAAoJECgfDbjSjVRpgu4H/AljqEXBYIS/+7aZBGO4UnK/
LSyxiOfw/sQPwYr8xqhYtoITVPQqkBnCajBFuDw3IaGrTDQ1pHfG8z5qt3Fri+yC
RtiqiFg1LVR/AI8W/dUDuLAf8xq1GukZr1o59mi3hAA0pcPxUtVjPkZcaq63d0P+
uzCgRw0qlg8nbT7SN2O9HZz7AT2emaUkaJBF2eRBb7r1kg3ZzM0FOtmCWaRhtS5s
8AuHS+038BWA0J/S7yd5YooQh7NfvmWFpRNukMttJrtOmi7f5LCJJF9rxcXAnzOn
Soc0afauCtUTfxJ4gkLqxQ586eKpREQ+7lzkJDQ62g1oD/+VatOMcbu3jdnJEtQ=
=AoJS
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio fixes for 2.4
Mostly virtio 1 spec compliance fixes.
We are unlikely to make it perfectly compliant in
the first release, but it seems worth it to try.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon Jul 27 21:55:48 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
virtio: minor cleanup
acpi: fix pvpanic device is not shown in ui
virtio-blk: only clear VIRTIO_F_ANY_LAYOUT for legacy device
virtio-blk: fail get_features when both scsi and 1.0 were set
virtio: get_features() can fail
virtio-pci: fix memory MR cleanup for modern
virtio: set any_layout in virtio core
virtio-9p: fix any_layout
virtio-serial: fix ANY_LAYOUT
virtio: hide legacy features from modern guests
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Changes:
* net/dp8393x fixes
* Vectored Interrupts bug fix
* fix for a bug in machine.c which was provoking a warning on FreeBSD
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJVt0+nAAoJEFIRjjwLKdprnsgH/1eTWzyKHOV/vVfBYjJOff/R
5tZRgVDG/mGlQf3bizKt7wRTROIiYWaor0aU2jT2WmWkEbbR1006LZHVORmzDVLp
Zs850OIWM6qALn9efoCTYZpiY39j2KxMNS+edkRSePEbPyD6CUcwDm/Ubj9OQUqD
Pwrwh+FjltnksnTcYv7stXHhCswNK5dK2JJqIiI7AfetH6Uw3z0XDgrGRkd1IdwW
5QHKcIOK2pgcRGRPHMjrsFBb8cQbi+lVaB1wlErypIBa4u5IvRuAD3uebFF3AhIC
WiUR+xRNAG4TgVbGuAdx4dXj2/4RD0GD+R7hT7DzgGMrmDm0mPG9PIuUw3xANFM=
=kC/w
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150728' into staging
MIPS patches 2015-07-28
Changes:
* net/dp8393x fixes
* Vectored Interrupts bug fix
* fix for a bug in machine.c which was provoking a warning on FreeBSD
# gpg: Signature made Tue Jul 28 10:47:19 2015 BST using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8DD3 2F98 5495 9D66 35D4 4FC0 5211 8E3C 0B29 DA6B
* remotes/lalrae/tags/mips-20150728:
net/dp8393x: do not use memory_region_init_rom_device with NULL
net/dp8393x: remove check of runt packets
net/dp8393x: disable user creation
target-mips: fix offset calculation for Interrupts
target-mips: fix passing incompatible pointer type in machine.c
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* megasas SIGSEGV fix
* memory refcount change to fix virtio hot-unplug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJVty9DAAoJEL/70l94x66DJZ4H/j3ix0YRs/rxQEXuvVTg0NeS
abspC2foLAqUbIbeB6ApZBXPZAtIA6mPOm+aK04HuB2K2NXqi57pv6qiJ6LMbVNM
NBOfM3qfk/Drt5Sf/4esAbqFaqlkjeKbC7FetZgM4vTZkFK/mfrqUnWGpE7HdRHp
ap2R1U9aZrS4V3O7TMLrJumnwLEl0bAZ0JnMPQrtjvHt2NmCHQn+4owUiXB2BmwK
xo2pIQeJVYbGpRlUEqkehaHYSZsjrIM/RLRYcHWEA5ucZekQKUgwbgNy4K1/YAT0
/edH0DtkKoSC1eFhS1TKeWm8mCfHp49mAJXlq16zaWrQGItcfYtJ2QLVTdi4Hfc=
=IpxH
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* crypto fixes
* megasas SIGSEGV fix
* memory refcount change to fix virtio hot-unplug
# gpg: Signature made Tue Jul 28 08:29:07 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
memory: do not add a reference to the owner of aliased regions
megasas: Add write function to handle write access to PCI BAR 3
crypto: extend unit tests to cover decryption too
crypto: fix built-in AES decrypt function
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Let net_rx_packet() (which checks the same conditions) drops the packet
if the device is not ready. Drop net_xen_info.can_receive and update the
return value for the buffer full case.
We rely on the qemu_flush_queued_packets() in net_event() to wake up
the peer when the buffer becomes available again.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1438077176-378-1-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The network mcf_fec driver emulated receive side method is not dealing
with network queue flow control properly.
Modify the receive side to check if we have enough space in the
descriptors to store the current packet. If not we process none of it
and return 0. When the guest frees up some buffers through its descriptors
we signal the qemu net layer to send more packets.
[Fixed coding style: 4-space indent and curly braces on if statement.
--Stefan]
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Message-id: 1438045374-10358-1-git-send-email-gerg@uclinux.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Replace memory_region_init_rom_device() with memory_region_init_ram() and
memory_region_set_readonly().
This fixes a guest-triggerable QEMU crash when guest tries to write to PROM.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
[leon.alrae@imgtec.com: shorten subject length]
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Ethernet requires that messages are at least 64 bytes on the wire. This
limitation does not exist on emulation (no wire message), so remove the
check. Netcard is now able to receive small network packets.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Netcard needs an address space to write data to, which can't be specified
on command line.
This fixes a crash when user starts QEMU with "-device dp8393x"
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
This patch fixes a QEMU SEGFAULT when a write operation is performed on
the memory region of the PCI BAR 3 (base address space).
When a writeb(0xe0000000) is performed the .write function is invoked to
handle the write access, however, since the .write is not initialised,
the call to 0, causes QEMU to SEGFAULT.
Signed-off-by: Salva Peiró <speirofr@gmail.com>
Acked-by: Hannes Reinecke <hare@suse.com>
Message-Id: <1437987112-24744-1-git-send-email-speirofr@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 2332333c added a _STA method that hides the device. The fact
that the device is not shown in the gui make it harder to install its
Windows' device.
https://bugzilla.redhat.com/show_bug.cgi?id=1238141
Signed-off-by: Gal Hammer <ghammer@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Commit fba72476c6 ("ich9: add smm_enabled field and arguments") detached
SMM availability from kvm_enabled(). However, the comment in pm_reset()
was not updated; let's do it now.
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-trivial@nongnu.org
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Otherwise on reboot firmware might think (due to APMC_EN remaining set
from the previous boot) that SMI support is absent.
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-trivial@nongnu.org
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Chapter 6.3 of spec said
"
Transitional devices MUST offer, and if offered by the device
transitional drivers MUST accept the following:
VIRTIO_F_ANY_LAYOUT (27)
"
So this patch only clear VIRTIO_F_LAYOUT for legacy device.
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-block@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
SCSI passthrough was no longer supported in virtio 1.0, so this patch
fail the get_features() when both 1.0 and scsi is set. And also only
advertise VIRTIO_BLK_F_SCSI for legacy virtio-blk device.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Each memory_region_add_subregion must be paired with
memory_region_del_subregion.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Here are NIC fixes from Fam Zheng that prevent rx hangs (caused by NIC models
where .can_receive() stops rx but qemu_flush_queued_packets() isn't called).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVtjd0AAoJEJykq7OBq3PI3wsIAIRVH3frjHdYSpPTpAV8Kkhd
P29q7Zam4iOoTaJMrlSX5iFGAxBGQB7cW10HZlKBBkHI5SOCYzhhS4zJlyfz5jZn
+DSMTr0NRLqSAKE6RJjnrkd1QLcfGfi27DKiF0VqwmWcXOvMbIveSPR1C/5XHemT
EBZq8HibDzjgP8htKf4+0NbKxrb2b+MbJKnSbe1uKVGdinadKl2dmjby4M9bgUQ9
pwSnV+efbOkAvVFMVSbkanyg3UPftJjZ3yD3vFU17FbMj55nSIhWLBXlE0NKdYqQ
Ml7ntQt56Zo9e+L2pw2ZEEhRbW+z1VSLxMPAcI5VphBcZ2cgcGHbARrYzfF898I=
=DVR+
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
Pull request
Here are NIC fixes from Fam Zheng that prevent rx hangs (caused by NIC models
where .can_receive() stops rx but qemu_flush_queued_packets() isn't called).
# gpg: Signature made Mon Jul 27 14:51:48 2015 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/net-pull-request:
axienet: Flush queued packets when rx is done
dp8393x: Flush packets when link comes up
stellaris_enet: Flush queued packets when read done
mipsnet: Flush queued packets when receiving is enabled
milkymist-minimac2: Flush queued packets when link comes up
mcf_fec: Drop mcf_fec_can_receive
etsec: Flush queue when rx buffer is consumed
etsec: Move etsec_can_receive into etsec_receive
usbnet: Drop usbnet_can_receive
eepro100: Drop nic_can_receive
pcnet: Drop pcnet_can_receive
xgmac: Drop packets with eth_can_rx is false.
hw/net: fix mcf_fec driver receiver
hw/net: add simple phy support to mcf_fec driver
hw/net: add ANLPAR bit definitions to generic mii
hw/net: create common collection of MII definitions
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
eth_can_rx checks s->rxsize and returns false if it is non-zero. Because
of the .can_receive semantics change, this will make the incoming queue
disabled by peer, until it is explicitly flushed. So we should flush it
when s->rxsize is becoming zero.
Squash eth_can_rx semantics into etx_rx and drop .can_receive()
callback, also add flush when rx buffer becomes available again after a
packet gets queued.
The other conditions, "!axienet_rx_resetting(s) &&
axienet_rx_enabled(s)" are OK because enet_write already calls
qemu_flush_queued_packets when the register bits are changed.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1436955553-22791-13-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
.can_receive callback changes semantics that once return 0, backend will
try sending again until explicitly flushed, change the device to meet
that.
dp8393x_can_receive checks SONIC_CR_RXEN bit in SONIC_CR register and
SONIC_ISR_RBE bit in SONIC_ISR register, try flushing the queue when
either bit is being updated.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1436955553-22791-12-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
If s->np reaches 31, the queue will be disabled by peer when it sees
stellaris_enet_can_receive() returns false, until we explicitly flushes
it which notifies the peer. Do this when guest is done reading all
existing data.
Move the semantics to stellaris_enet_receive, by returning 0 when the
buffer is full, so that new packets will be queued. In
stellaris_enet_read, flush and restart the queue when guest has done
reading.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1436955553-22791-11-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Drop .can_receive and move the semantics to mipsnet_receive, by
returning 0.
After 0 is returned, we must flush the queue explicitly to restart it:
Call qemu_flush_queued_packets when s->busy or s->rx_count is being
updated.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1436955553-22791-10-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Drop .can_receive and move the semantics into minimac2_rx, by returning
0.
That is once minimac2_rx returns 0, incoming packets will be queued
until the queue is explicitly flushed. We do this when s->regs[R_STATE0]
or s->regs[R_STATE1] is changed in minimac2_write.
Also drop the unused trace point.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1436955553-22791-9-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The semantics of .can_receive requires us to flush the queue explicitly
when s->rx_enabled becomes true after it returns 0, but the packet being
queued is not meaningful since the guest hasn't activated the card.
Let's just drop the packet in this case.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1436955553-22791-8-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The BH will be scheduled when etsec->rx_buffer_len is becoming 0, which
is the condition of queuing.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1436955553-22791-7-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When etsec_reset returns 0, peer would queue the packet as if
.can_receive returns false. Drop etsec_can_receive and let etsec_receive
carry the semantics.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1436955553-22791-6-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
usbnet_receive already drops packet if rndis_state is not
RNDIS_DATA_INITIALIZED, and queues packet if in buffer is not available.
The only difference is s->dev.config but that is similar to rndis_state.
Drop usbnet_can_receive and move these checks to usbnet_receive, so that
we don't need to explicitly flush the queue when s->dev.config changes
value.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1436955553-22791-5-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
nic_receive already checks the conditions and drop packets if false.
Due to the new semantics since 6e99c63 ("net/socket: Drop
net_socket_can_send"), having .can_receive returning 0 requires us to
explicitly flush the queued packets when the conditions are becoming
true, but queuing the packets when guest driver is not ready doesn't
make much sense.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1436955553-22791-4-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
pcnet_receive already checks the conditions and drop packets if false.
Due to the new semantics since 6e99c63 ("net/socket: Drop
net_socket_can_send"), having .can_receive returning 0 requires us to
explicitly flush the queued packets when the conditions are becoming
true, but queuing the packets when guest driver is not ready doesn't
make much sense.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1436955553-22791-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1436955553-22791-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The network mcf_fec driver emulated receive side method is returning a
result of 0 causing the network layer to disable receive for this emulated
device. This results in the guest only ever receiving one packet.
Fix the recieve side processing to return the number of bytes that we
passed back through to the guest.
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435296436-12152-5-git-send-email-gerg@uclinux.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The Linux fec driver needs at least basic phy support to probe and work.
The current qemu mcf_fec emulation has no support for the reading or
writing of the MDIO lines to access an attached phy.
This code adds a very simple set of register results for a fixed phy
setup - very similar to that used on an m5208evb board. This is enough
to probe and identify an emulated attached phy.
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435296436-12152-4-git-send-email-gerg@uclinux.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
virtio pci allows any device to have a modern interface,
this in turn requires ANY_LAYOUT support.
Fix up ANY_LAYOUT for virtio-9p.
Reported-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Don't assume a specific layout for control messages.
Required by virtio 1.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
NOTIFY_ON_EMPTY, ANY_LAYOUT and BAD are only valid on the legacy
interface.
Hide them from modern guests.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This is additional hardening against an end_transfer_func that fails to
clear the DRQ status bit. The bit must be unset as soon as the PIO
transfer has completed, so it's better to do this in a central place
instead of duplicating the code in all commands (and forgetting it in
some).
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
The command must be completed on all code paths. START STOP UNIT with
pwrcnd set should succeed without doing anything.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
If the end_transfer_func of a command is called because enough data has
been read or written for the current PIO transfer, and it fails to
correctly call the command completion functions, the DRQ bit in the
status register and s->end_transfer_func may remain set. This allows the
guest to access further bytes in s->io_buffer beyond s->data_end, and
eventually overflowing the io_buffer.
One case where this currently happens is emulation of the ATAPI command
START STOP UNIT.
This patch fixes the problem by adding explicit array bounds checks
before accessing the buffer instead of relying on end_transfer_func to
function correctly.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
* SCSI fixes (including CVE-2015-5158)
* RCU fixes
* Framebuffer logic to set DIRTY_MEMORY_VGA
* Fix compiler warning for --disable-vnc
* qemu-doc fixes
* x86 TCG pasto fix
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJVsihAAAoJEL/70l94x66DXccIAJqoO5t7b8nA3W1gkJBJxgUy
OPAEP7N+v1qZNtYtbmC0p29JaaMPiauNnOQGYQ/hRj3Ccv3bcWg4gbhlxHdjZT5e
fh5aYxZr4K0D8dWbnFhGuvATiaiddfwRB3YCDx2CW1DPgL2xwzdwmYNXPvpnA2hj
3LDqC74v3lppCRpKPa4//xvpkwz0SJrJjbxvKBPRdVSAi8ovRJF27ArM2bVXYpYS
uWhXxhqw0Sx6nqZoz+EpfRsHHirGtsj8iGxGgRre3kqFTLYmjtg0wSBrSvCU3Eaw
1kmceS7ggJq82mIOFnjYE1Sf+JPOySSieHdKEPDEWezsQkBzBsQ9KaSQJnmLCa8=
=0FIR
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* qemu-char fixes
* SCSI fixes (including CVE-2015-5158)
* RCU fixes
* Framebuffer logic to set DIRTY_MEMORY_VGA
* Fix compiler warning for --disable-vnc
* qemu-doc fixes
* x86 TCG pasto fix
# gpg: Signature made Fri Jul 24 12:57:52 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
target-i386/FPU: a misprint in helper_fistll_ST0
qemu-doc: fix typos
framebuffer: set DIRTY_MEMORY_VGA on RAM that is used for the framebuffer
memory: count number of active VGA logging clients
vl: Fix compiler warning for builds without VNC
scsi: Handle no media case for scsi_get_configuration
rcu: actually register threads that have RCU read-side critical sections
scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)
vnc: fix memory leak
qemu-char: Fix missed data on unix socket
qemu-char: handle EINTR for TCP character devices
exec.c: Use atomic_rcu_read() to access dispatch in memory_region_section_get_iotlb()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The MemoryRegionSection contains enough information to access the
RAM region underlying the framebuffer, and can be cached inside the
display device.
By doing this, the new framebuffer_update_memory_section function can
enable dirty memory logging on the relevant RAM region. The function
must be called whenever the stride or base of the framebuffer changes;
a simple way to cover these cases is to call it on every full frame
invalidation, which is a rare case.
framebuffer_update_display now works entirely on a MemoryRegionSection,
without going through cpu_physical_memory_map/unmap.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Currently, scsi_get_configuration always returns a current
profile (DVD or CD), even when there is actually no media present.
By comparison, ide/atapi uses a default profile of 0 (MMC_PROFILE_NONE)
for this case and checks for tray_open, so let's do the same for scsi.
This fixes a problem I'm seeing with Fedora 22 guests where systemd
cdrom_id fails to unmount after a QEMU-initiated eject against a
scsi cdrom device because it believes the media is still present
(but unreadable).
Signed-off-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Message-Id: <1436986352-10695-1-git-send-email-mjrosato@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This is a guest-triggerable buffer overflow present in QEMU 2.2.0
and newer. scsi_cdb_length returns -1 as an error value, but the
caller does not check it.
Luckily, the massive overflow means that QEMU will just SIGSEGV,
making the impact much smaller.
Reported-by: Zhu Donghai (朱东海) <donghai.zdh@alibaba-inc.com>
Fixes: 1894df0281
Reviewed-by: Fam Zheng <famz@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
bootindex was incorrectly changed to a device Property during the
platform code split, resulting in it no longer working. Remove it.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Cc: qemu-stable@nongnu.org # v2.3+
The RTL8168 quirk correctly describes using bit 31 as a signal to
mark a latch/completion, but the code mistakenly uses bit 28. This
causes the Realtek driver to spin on this register for quite a while,
20k cycles on Windows 7 v7.092 driver. Then it gets frustrated and
tries to set the bit itself and spins for another 20k cycles. For
some this still results in a working driver, for others not. About
the only thing the code really does in its current form is protect
the guest from sneaking in writes to the real hardware MSI-X table.
The fix is obviously to use bit 31 as we document that we should.
The other problem doesn't seem to affect current drivers as nobody
seems to use these window registers for writes to the MSI-X table, but
we need to use the stored data when a write is triggered, not the
value of the current write, which only provides the offset.
Note that only the Windows drivers from Realtek seem to use these
registers, the Microsoft drivers provided with Windows 8.1 do not
access them, nor do Linux in-kernel drivers.
Link: https://bugs.launchpad.net/qemu/+bug/1384892
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Cc: qemu-stable@nongnu.org # v2.1+
The new spice-server function to limit the number of monitors (0.12.6)
changed while development from spice_qxl_set_monitors_config_limit to
spice_qxl_max_monitors (accepted upstream).
By mistake I post patch with former name.
This patch fix the function name.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Version: GnuPG v1
iQIcBAABAgAGBQJVrT14AAoJEH3vgQaq/DkOq7EP/0yHGzrIM7wKCPEgZWSuzvJF
g2ooc2d669ulLqhRicUuwIGpYgT7WpVrHMxDbw+f3Y02Upyov44l8bG82hmC/1r+
NAbpkl7PZHD7PM/duKtuclPIAmdpXXQoy7mHtb8PG71poaAhC1D8t0Swy1wKPn6r
uhrhySpN2B+yV9P5sNWdxVTd14oHpJhLsTo/YRe+ptgZnqeWyG6+Rz9xX0nMqaLA
8byl4fGUJ8SGxcyV6NKeUK16wXb7HH9d7EaRihnYoxT50DeJb+8NKWcrwfgzd9hu
M+suPJBbenQ6JcT8mDaOsM1/lsWLUJ+561QS3opx3j2kDrtK/sHKf2flZkGp1Ev9
QioEdL9m731/8wIITWIKntzCw4h2nO+ovnQFIzvcni+PaehZrvF5VIC7QLOSZhy6
zqu+E3PY0PkheqXv8/KWOWs+MctfyfotpCtcD7esQ/f9fD4MsFn1NFaDxG6gnWUt
wYytkxhqvCiOy5dGumcyOC7VDdILB4FObSe15H3LUqSfVqIMoFQ6q7Pr+RC84JPE
cosVoRWd/EE8dxqAP0NmARZwdExIRInfg1ZrooteQy9JQvmgaVReqY6diK9SZVtm
1Aue2qBr8im6sxxz4uzwi5Oi8vvB/Y88EV2mBkaDN0oRWQYzj39AX1vebW+vMjJi
GdtqqEIxSNb2mH4vcB0r
=GHN/
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging
# gpg: Signature made Mon Jul 20 19:27:04 2015 BST using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: FAEB 9711 A12C F475 812F 18F2 88A9 064D 1835 61EB
# Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76 CBD0 7DEF 8106 AAFC 390E
* remotes/jnsnow/tags/ide-pull-request:
tests: Fix broken targets check-report-qtest-*
ahci: Force ICC bits in PxCMD to zero
qtest/ide: add another short PRDT test flavor
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
True is the default.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1435734647-8371-4-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
True is the default.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1435734647-8371-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
True is the default.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1435734647-8371-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Convert partially summed packets to be fully checksummed.
In case csum offloaded packet, vmxnet3 implementation always passes an
RxCompDesc with the "Checksum calculated and found correct" notification
to the OS. This emulates the observed ESXi behavior.
Therefore, if packet has the NEEDS_CSUM bit set, we must calculate and
place a fully computed checksum into the tcp/udp header. Otherwise, the
OS driver will receive a checksum-correct indication but with the actual
tcp/udp checksum field having just the pseudo header csum value.
If host OS performs forwarding, it will forward an incorrectly
checksummed packet.
Signed-off-by: Dana Rubin <dana.rubin@ravellosystems.com>
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Message-id: 1436864116-19154-3-git-send-email-shmulik.ladkani@ravellosystems.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Separate RX packet protocol parsing out of 'vmxnet_rx_pkt_attach_data'.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Message-id: 1436864116-19154-2-git-send-email-shmulik.ladkani@ravellosystems.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The AHCI spec requires that the HBA sets the ICC bits to zero after the
ICC change is done. Since we don't do any ICC change, force the bits to
zero all the time.
This fixes delays with some OSs (e.g. OpenBSD) waiting for the ICC bits
to change to 0.
Signed-off-by: Stefan Fritsch <sf@sfritsch.de>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: E1ZFpg7-00027N-HW@eru.sfritsch.de
Signed-off-by: John Snow <jsnow@redhat.com>
Commit e0cf11f31c ("timer: Use a single
definition of NSEC_PER_SEC for the whole codebase") renamed
NANOSECONDS_PER_SECOND to NSEC_PER_SEC.
On Mac OS X there is a <dispatch/time.h> system header which also
defines NSEC_PER_SEC. This causes compiler warnings.
Let's use the old name instead. It's longer but it doesn't clash.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1436364609-7929-1-git-send-email-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The only notable thing here is vhost-user multiqueue
revert. We'll work on making it stable in 2.5,
reverting now means we won't have to maintain
bug for bug compability forever.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVrNpQAAoJECgfDbjSjVRp5EwH/jh1iiTG4iXDbSnxPJ/FWwJt
9hgd+GeNT9K5Dc1A+X6d80OdeaH5bjFNqfUXSrIsLKDWYtj01AU2+dgGS3j0/Uv1
FRrrWsnN5idcYuqlznk7X9Eu2mb7npGZnjF4PmDU5Hq5eRj/mgJbWvKYqMolLYtv
cuSHxhbA3dlUTIjfXccMF94kvFQUpfs2A3ip9osmCKE15fDS2zXKT3mIj/itnj3o
DFRwkmiKYJwwi9cl7F2svzYnqp00mAMaVJ3UrzYFZhPylzWQfIJCgu47PMfGsJAx
kPvY+IA3WEk0sMTVRNSWj61QNax4G/oM8d4ipnRpt3k0UzWg1XNTZkRIAg40j8A=
=SW7Q
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, vhost, pc fixes for 2.4
The only notable thing here is vhost-user multiqueue
revert. We'll work on making it stable in 2.5,
reverting now means we won't have to maintain
bug for bug compability forever.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon Jul 20 12:24:00 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
virtio-net: remove virtio queues if the guest doesn't support multiqueue
virtio-net: Flush incoming queues when DRIVER_OK is being set
pci_add_capability: remove duplicate comments
virtio-net: unbreak any layout
Revert "vhost-user: add multi queue support"
ich9: fix skipped vmstate_memhp_state subsection
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
commit da51a335 adds all queues in .realize(). But if the
guest doesn't support multiqueue, we forget to remove them. And
we cannot handle the ctrl vq corretly. The guest will hang.
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
This patch fixes network hang after "stop" then "cont", while network
packets keep arriving.
Tested both manually (tap, host pinging guest) and with Jason's qtest
series (plus his "[PATCH 2.4] socket: pass correct size in
net_socket_send()" fix).
As virtio_net_set_status is called when guest driver is setting status
byte and when vm state is changing, it is a good opportunity to flush
queued packets.
This is necessary because during vm stop the backend (e.g. tap) would
stop rx processing after .can_receive returns false, until the queue is
explicitly flushed or purged.
The other interesting condition in .can_receive, virtio_queue_ready(),
is handled by virtio_net_handle_rx() when guest kicks; the 3rd condition
is invalid queue index which doesn't need flushing.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Commit 032a74a1c0
("virtio-net: byteswap virtio-net header") breaks any layout by
requiring out_sg[0].iov_len >= n->guest_hdr_len. Fixing this by
copying header to temporary buffer if swap is needed, and then use
this buffer as part of out_sg.
Fixes 032a74a1c0
("virtio-net: byteswap virtio-net header")
Cc: qemu-stable@nongnu.org
Cc: clg@fr.ibm.com
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This reverts commit 830d70db69.
The interface isn't fully backwards-compatible, which is bad.
Let's redo this properly after 2.4.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
By declaring another .subsections array for vmstate_tco_io_state made
vmstate_memhp_state not registered anymore. There must be only one
.subsections array for all subsections.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>
Reported-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
This patch triggers timer only when guest requests for
entropy. As soon as first request from guest for entropy
comes we set the timer. Timer bumps up the quota value
when it gets triggered.
Signed-off-by: Pankaj Gupta <pagupta@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1436962608-9961-2-git-send-email-pagupta@redhat.com>
[Re-worded patch subject, removed extra whitespace -- Amit]
Signed-off-by: Amit Shah <amit.shah@redhat.com>
This reverts commit 4e8cfbe114.
We should not poll via timer, and with ccid being fixed
to properly notify us about pending transfers we don't have to.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Coverity thinks the fallthroughs are smelly. They are correct, but
everything else in this function is like "wut?".
Refer explicitly to bits 8 and 9 of hs->kbd.modifiers instead of
shifting right first and using (1 << 7). Document what the scancode
is when hid_code is 0xe0. And add plenty of comments.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Drop from include/standard-headers/linux/input.h
Add to hw/input/virtio-input-host.c instead.
That allows to build virtio-input (except pass-through) on windows.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
commit 5cce173 introduced virtio-input segfault, This patch fixes it.
Signed-off-by: Lin Ma <lma@suse.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch allow to limit number of heads using qxl driver. By default
qxl driver is not limited on any kind on head use so can decide to use
as much heads.
libvirt has this as a video card parameter (actually set to 1 but not
used). This parameter will allow to limit setting a use can do (which
could be confusing).
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The Linux kernel on aarch64 creates a page table entry at early bootup
that spans the 2MB range on memory spanning the fdt start address:
[ ALIGN_DOWN(fdt, 2MB) ... ALIGN_DOWN(fdt, 2MB) + 2MB ]
This means that when our current 4k alignment happens to fall at the end
of the aligned region, Linux tries to access memory that is not mapped.
The easy fix is to instead increase the alignment to 2MB, making Linux's
logic always succeed.
We leave the existing 4k alignment for 32bit kernels to not cause any
regressions due to space constraints.
Reported-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
commit 213941d73b ("virtio-ccw: migrate ->revision") broke
migration:
2015-07-07T11:22:55.570968Z qemu-system-s390x: VQ 39 address 0x0 inconsistent with Host index 0x100
2015-07-07T11:22:55.571008Z qemu-system-s390x: error while loading state for instance 0x0 of
If thinint support is active, the config_load function returns early.
Make sure to load the revision all the time.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Fixes: 213941d73b ("virtio-ccw: migrate ->revision")
Message-Id: <1436269643-66303-1-git-send-email-borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
The diag288 watchdog is no sysbus device, therefore it doesn't get
triggered on resets automatically using dc->reset.
Let's register the reset handler manually, so we get correctly notified
again when a system reset was requested. Also reset the watchdog on
subsystem resets that don't trigger a full system reset.
Signed-off-by: Xu Wang <gesaint@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Implement support in Identify and Get/Set Features to properly report
and allow to change the Volatile Write Cache status reported by the
virtual NVMe device.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Implement a real flush instead of faking it. This is especially important
as Qemu assume Write back cashing by default and thus requires a working
cache flush operation for data integrity.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
pc and virtio changes, bugfixes only.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVo6kaAAoJECgfDbjSjVRpEvcH/jiNHGHD+AzFSJ6+vcKH8MHY
GVyWxvnFimyusnv74c7nwTsRGjRycKCPFy8GN/ZX+VWpIpPwK9mysBQ97zM45xeM
T+w1eT4zXafZESr6coAaUu6AvPnVPmsx2im6j5LxBnyIzj41D7dydOM0dU/OHOSI
gUS2DlhqqRPqkB2LscIrkkCmiWpizxTACzZzrko+AuTZ6YVTOEWcnRps9gqR+MWF
o24uppNPIkkmKoWBbXEiTfTqy7rcWydCb/BiM0UMo2cTOeXESNiaQNbKL2ED8K5d
187sL9XCkBrImh4NOFMy4ZKsJ7Uy9zg+zpk03XbjMF+7S155Fcacp2ahDtuCoDA=
=DITH
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc,virtio: fixes for 2.4
pc and virtio changes, bugfixes only.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon Jul 13 13:03:38 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
pc: fix reuse of pc-i440fx-2.4 in pc-i440fx-2.3
Revert "virtio-net: enable virtio 1.0"
virtio-pci: don't crash on illegal length
qdev: fix 64 bit properties
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
commit fddd179ab9,
"pc: Convert *_MACHINE_OPTIONS macros into functions"
broke the chaining of *_machine_options() functions on
pc-i440fx-2.3, at:
-#define PC_I440FX_2_3_MACHINE_OPTIONS \
- PC_I440FX_2_4_MACHINE_OPTIONS, \
- .alias = NULL, \
- .is_default = 0
+static void pc_i440fx_2_3_machine_options(QEMUMachine *m)
+{
+ pc_i440fx_machine_options(m);
+ m->alias = NULL;
+ m->is_default = 0;
+}
I have replaced PC_I440FX_2_4_MACHINE_OPTIONS with a
pc_i440fx_machine_options() call, instead of calling
pc_i440fx_2_4_machine_options(). This broke the setting of default_machine_opts
and default_display on pc-i440fx-{2.0,2,1,2.2,2.3}.
Fix this by making pc_i440fx_2_3_machine_options() reuse
pc_i440fx_2_4_machine_options().
Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This reverts commit df91055db5.
This is because:
- vhost support virtio 1.0 now
- transport code (e.g virtio-pci) set this feature when modern is
enabled, setting this unconditionally will break disable-modern=on.
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Some guests seem to access cfg with an illegal length value.
It's worth fixing them but debugging is easier if
qemu does not crash.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
64 bit props used 32 bit callbacks in two places, leading to broken
feature bits on virtio (example: got 0x31000000000006d4 which is
obviously bogus). Fix this.
Fixes: fdba6d96 ("qdev: add 64bit properties")
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Use cpu_set_pc() for setting program counters when bootloading. This
removes an instance of system level code having to reach into the CPU
env.
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
[AF: Avoid duplicated CPU() casts through local variable]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Use cpu_set_pc() across the board for setting program counters. This
removes instances of system level code having to reach into the CPU
env.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
[AF: Avoid repeated casts with local variables]
Signed-off-by: Andreas Färber <afaerber@suse.de>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJVnQWdAAoJEL/70l94x66D6OgIAKJlzQfmy5w7Q9WD4vCMhD76
JrpLSsn7Gx/Bws0Nu9nLQlqun5z4hiUxyG2kP/WqD9+tV3cpSMSyrG6ImVdqKnQ5
+Z8WJZuREkQv0aqDUjQVST+eIDZuh2LWJXAjhgsCXUHY77eWb/7WmKT79xJOa+5C
5xB1qxudqX5IsTvpiKKPbmUGYkAcvRX1dUSaFwRIMO0UyKn59B9WfM9a5slIbLW7
XfI8+wEJshTVLuQkkTfdidWQc5M5DwlmO7ESUNR/BRPCPFeyjcDqgQY5pBM5XVo9
C+S0R3zIt3Ew0fhCtLRyjlIT0bGfwjbU5HRiHcyldBKhNUZZjSUoOWJnYRHXUDY=
=H8wA
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Bugfixes and Daniel Berrange's crypto library.
# gpg: Signature made Wed Jul 8 12:12:29 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
ossaudio: fix memory leak
ui: convert VNC to use generic cipher API
block: convert qcow/qcow2 to use generic cipher API
ui: convert VNC websockets to use crypto APIs
block: convert quorum blockdrv to use crypto APIs
crypto: add a nettle cipher implementation
crypto: add a gcrypt cipher implementation
crypto: introduce generic cipher API & built-in implementation
crypto: move built-in D3DES implementation into crypto/
crypto: move built-in AES implementation into crypto/
crypto: introduce new module for computing hash digests
vl: move rom_load_all after machine init done
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The CD-ROM signature is 0xeb140101, not 0xeb140000.
Without this change OVMF/Duet runs into a timeout trying
to detect a SATA cdrom.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1436219392-31915-2-git-send-email-jsnow@redhat.com
Most notably, this includes the TCO support for ICH: the last feature for 2.4
as we are entering the hard freeze.
Bugfixes only from now on.
virtio pci also gained cfg access capability - arguably a bugfix
since virtio spec makes it mandatory, but it's a big patch.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVnO/3AAoJECgfDbjSjVRp6lAH/2RAlzoopHDNMCj5r3wHygnA
WD1rjugftcQNJ5HkL1Oe9heQnjUcx4jdaskrTyP8vElY1zheGPYYqtPYjMB3Kfsu
fIQUhjhU6lKjF+0Q9QeyOyz9uvHWgTwtiQsHdFj+fsw7qMpiiADgGmlXoin01ZF9
yGaGZ5GcLNEHXGWyzEpKOml1UxtMFZRe649KV1tqLBoOSLdw+c3SzrGvKYjUtGnG
luMHPAJcKS7khSTyCVJN8un6SjbC/aB22mlh7TgxeNBANsGJVCH09lLCmczkIKAJ
73sut/+2f2aS9qGaSJiI5ElENDhSlWlSjNG/x4dp07fvurxpojde+bYS9veSo3c=
=cQ0D
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc,virtio,pci: fixes and updates
Most notably, this includes the TCO support for ICH: the last feature for 2.4
as we are entering the hard freeze.
Bugfixes only from now on.
virtio pci also gained cfg access capability - arguably a bugfix
since virtio spec makes it mandatory, but it's a big patch.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Wed Jul 8 10:40:07 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
tco-test: fix up config accesses and re-enable
virtio fix cfg endian-ness for BE targets
virtio-pci: implement cfg capability
virtio: define virtio_pci_cfg_cap in header.
pcie: Set the "link active" in the link status register
pci_regs.h: import from linux
virtio_net: reuse constants from linux
hw/i386/pc: don't carry FDC from pc_basic_device_init() to pc_cmos_init()
hw/i386/pc: reflect any FDC @ ioport 0x3f0 in the CMOS
hw/i386/pc: factor out pc_cmos_init_floppy()
ich9: implement strap SPKR pin logic
tests: add testcase for TCO watchdog emulation
ich9: add TCO interface emulation
acpi: split out ICH ACPI support
Revert "dataplane: allow virtio-1 devices"
dataplane: fix cross-endian issues
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
address_space_rw assumes data is in target format
and byte-swaps it if target is BE and device is LE.
Use fixed-endian LE APIs instead.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
spec says we must, so let's do it!
Note: the implementation is incorrect for BE targets.
Will fix with a patch on top, not a big deal now as
the only user is seabios, used on x86 only.
Tested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Some firmwares can test that and assume the device hasn't come
up if that bit isn't set
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Thanks to the last patch, pc_cmos_init() doesn't need the (optional)
board-default FDC any longer as an input parameter. Update
pc_basic_device_init() not to hand it back to pc_init1() / pc_q35_init(),
and update the latter not to carry the FDC to pc_cmos_init(). This
simplifies the code.
pc_init1() | pc_q35_init()
pc_basic_device_init()
pc_cmos_init()
Cc: Jan Tomko <jtomko@redhat.com>
Cc: John Snow <jsnow@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
With the pc-q35-2.4 machine type, if the user creates an ISA FDC manually:
-device isa-fdc,driveA=drive-fdc0-0-0 \
-drive file=...,if=none,id=drive-fdc0-0-0,format=raw
then the board-default FDC will be skipped, and only the explicitly
requested FDC will exist. qtree-wise, this is correct; however such an FDC
is currently not registered in the CMOS, because that code is only reached
for the board-default FDC.
The pc_cmos_init_late() one-shot reset handler -- one-shot because the
CMOS is not reprogrammed during warm reset -- should search for any ISA
FDC devices, created implicitly (by board code) or explicitly, and set the
CMOS accordingly to the ISA FDC(s) with iobase=0x3f0:
- if there is no such FDC, report both drives absent,
- if there is exactly one such FDC, report its drives in the CMOS,
- if there are more than one such FDCs, then pick one (it is not specified
which one), and print a warning about the ambiguity.
Cc: Jan Tomko <jtomko@redhat.com>
Cc: John Snow <jsnow@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Reported-by: Jan Tomko <jtomko@redhat.com>
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Extract the pc_cmos_init_floppy() function from pc_cmos_init(). The
function sets two RTC registers: floppy drive types (0x10), overwriting
the earlier value in there), and REG_EQUIPMENT_BYTE (0x14), setting bits
in the prior value.
Cc: Jan Tomko <jtomko@redhat.com>
Cc: John Snow <jsnow@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
If the signal is sampled high, this indicates that the system is
strapped to the "No Reboot" mode (ICH9 will disable the TCO Timer system
reboot feature). The status of this strap is readable via the NO_REBOOT
bit (CC: offset 0x3410:bit 5).
The NO_REBOOT bit is set when SPKR pin on ICH9 is sampled high. This bit
may be set or cleared by software if the strap is sampled low but may
not override the strap when it indicates "No Reboot".
This patch implements the logic where hardware has ability to set SPKR
pin through a property named "noreboot" and it's sampled high by
default.
Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
A few last minute PPC changes for 2.4:
- spapr: Update SLOF
- spapr: Fix a few bugs
- spapr: Preparation for hotplug
- spapr: Minor code cleanups
- linux-user: Add mftb handling
- kvm: Enable hugepage support with memory-backend-file
- mac99: Remove nonexistent interrupt pin (Mac OS 9 fix)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQIcBAABAgAGBQJVm/TZAAoJECszeR4D/txg0rUP/R1C5IAuY0vM7LOYRbp1jFmn
EO6AZpJaXvT2xP0wUd/rqJct/O41vDVbEmnhpUAQwZcgsyw1UaKhRQbnCtY9PHD2
d7NZiBdv3AAbh8pLFadRjDJr/HrfuWVfjKKep5cM87/o3zjVreeIX8Hs77xHia6/
90n3hcDF4QL8qx6fxCMT4mGpTtbxw85IcK2wyIU45cZSN0VYaTjDwcYokeSKqgxV
pi7UjZSM5nZcn7VI1Uray4NkgXGs92Lorrbg08OFQt0AoXROJOk4V/LX3HkHfDbI
BYUgaOQNdBkytkB3fJCsTgl2Up82bVP/tghMyZOIyBAU4MslnAOW6HAMX2TtNswx
7itnIb7DQsVDE/U234Xzf5qoH5x4nB9xKh2qLHPKSpgLChs6lAW37Af3N+V03JVb
k/WX6i0n70a6kUqCxcMTnVSINWandU2jdJ/S8woIqs6XhfLk7hh0ucg+VhgoQxW7
QpeD69c25eVHeZDoMKR/ZTigJg/EQGuV9B9OSx6SyA9WMS4dImt1m0PBdaUlIAFT
759lMMwQIb5sQYghJ63tgrOI5PBneGnelM1zDWt2SCS0rbSjLWIWP47pHoNmnzzp
vIhJX5GgVuzf0NrbZPSR7/6NuKKU6UW5CTGh3vFgRib/CWIbEgCE3yWQfflZKy5q
Q2xBuAjyWnBoipzI4hlz
=+Uma
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging
Patch queue for ppc - 2015-07-07
A few last minute PPC changes for 2.4:
- spapr: Update SLOF
- spapr: Fix a few bugs
- spapr: Preparation for hotplug
- spapr: Minor code cleanups
- linux-user: Add mftb handling
- kvm: Enable hugepage support with memory-backend-file
- mac99: Remove nonexistent interrupt pin (Mac OS 9 fix)
# gpg: Signature made Tue Jul 7 16:48:41 2015 BST using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg: aka "Alexander Graf <alex@csgraf.de>"
* remotes/agraf/tags/signed-ppc-for-upstream: (30 commits)
sPAPR: Clear stale MSIx table during EEH reset
sPAPR: Reenable EEH functionality on reboot
sPAPR: Don't enable EEH on emulated PCI devices
spapr-vty: Use TYPE_ definition instead of hardcoding
spapr_vty: lookup should only return valid VTY objects
spapr_pci: drop redundant args in spapr_[populate, create]_pci_child_dt
spapr_pci: populate ibm,loc-code
spapr_pci: enumerate and add PCI device tree
xics_kvm: Don't enable KVM_CAP_IRQ_XICS if already enabled
ppc: Update cpu_model in MachineState
spapr: Consolidate cpu init code into a routine
spapr: Reorganize CPU dt generation code
cpus: Add a macro to walk CPUs in reverse
spapr: Support ibm, lrdr-capacity device tree property
spapr: Consider max_cpus during xics initialization
Revert "hw/ppc/spapr_pci.c: Avoid functions not in glib 2.12 (g_hash_table_iter_*)"
spapr_iommu: translate sPAPRTCEAccess to IOMMUAccessFlags
spapr_iommu: drop erroneous check in h_put_tce_indirect()
spapr_pci: set device node unit address as hex
spapr_pci: encode class code including Prog IF register
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVm8x+AAoJEPSH7xhYctcj6vcQAOKIl6/sWLq5z9jTIIsPt/Yb
S+kvi/5AJFEeD//jxAGmv7wIJq6PXjUYzbgyXkcNDvOX+IqFPV4BLKA4r534UvBb
OQg9WiVGYO5ziEDQQLkgS4OGh0a4FhF2Bu++CKHJDvbuZ/DppHJPxKjaw9kO3c84
ui1hHZgrEfazocwziC7YpB5ZQTOtaVApTG92N7+S+8+0gen1360VoJhiNfHz+4Rw
3Kw/eme3bSsFX6FZnLJogCiOFptMVHx9029FEgXV3980ZxBEaxGGEtFmAykNAIFQ
RE0viFnUrUEe9OWRhjum3pS1zO3XIkPTe/F14yLUsrLjTZdk00BSD4KE6X7z9tb+
9S+O7929eP1Ls2HONIpqhNd1TfN6UXHpe/lJF+5mD6vvnXXbcDVUREBpEpLGCsmK
E2kan0MosTeNefUtO6hhsOxfhukOfhzls5Bo6wMXOu8jh9D38PXiD8/5cpm5BNrT
zP/Mok/TC88f5V53KPEKS3djHxTb5oodFC2GfUNcJmXwhX94kpShh34Lm4Niy+qJ
rxdTGDcs5Fph0Zv701WVLzfgbwkf9RuvEppk8+6sYgvGboojnTH9nJ+rcVD5RBo9
VoE7xq9aZOlttWmbxY4YOGO+DYxOmwuioA1hbjTOP0SHH1yZkL7bcAUHLHEje/9t
zWsfLXMtX+2FQx07mCti
=ksVw
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20150707' into staging
migration/next for 20150707
# gpg: Signature made Tue Jul 7 13:56:30 2015 BST using RSA key ID 5872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>"
# gpg: aka "Juan Quintela <quintela@trasno.org>"
* remotes/juanquintela/tags/migration/20150707: (28 commits)
migration: extend migration_bitmap
migration: protect migration_bitmap
check_section_footers: Check the correct section_id
migration: Add migration events on target side
migration: Make events a capability
migration: create migration event
migration: No need to call trace_migrate_set_state()
migration: Use always helper to set state
migration: ensure we start in NONE state
migration: Use cmpxchg correctly
migration: Add configuration section
vmstate: Create optional sections
global_state: Make section optional
migration: create new section to store global state
runstate: migration allows more transitions now
runstate: Add runstate store
Fix older machine type compatibility on power with section footers
Fail more cleanly in mismatched RAM cases
Sanity check RDMA remote data
Sort destination RAMBlocks to be the same as the source
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The PCI device MSIx table is cleaned out in hardware after EEH PE
reset. However, we still hold the stale MSIx entries in QEMU, which
should be cleared accordingly. Otherwise, we will run into another
(recursive) EEH error and the PCI devices contained in the PE have
to be offlined exceptionally.
The patch introduces function spapr_phb_vfio_eeh_pre_reset(), which
is called by sPAPR when asserting hot or fundamental reset, to clear
stale MSIx table for VFIO PCI devices before EEH PE reset so that
MSIx table could be restored properly after EEH PE reset.
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
When rebooting the guest, some PEs might be in frozen state. The
contained PCI devices won't work properly if their frozen states
aren't cleared in time. One case running into this situation would
be maximal EEH error times encountered in the guest.
The patch reenables the EEH functinality on PEs on PHB's reset
callback, which will clear their frozen states if needed.
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
There might have emulated PCI devices, together with VFIO PCI
devices under one PHB. The EEH capability shouldn't enabled
on emulated PCI devices.
The patch returns error when enabling EEH capability on emulated
PCI devices by RTAS call "ibm,set-eeh-option".
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
There's a call to object_dynamic_cast() in spapr_vty which uses the type
name "spapr-vty" directly, instead of the usual idiom of using the #defined
TYPE_VIO_SPAPR_VTY_DEVICE. Fix it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
If a guest passes the reg property of a valid VIO object that is not a VTY
to either H_GET_TERM_CHAR or H_PUT_TERM_CHAR, QEMU hits a dynamic cast
assertion and aborts.
PAPR+ says "Hypervisor checks the termno parameter for validity against the
Vterm IOA unit addresses assigned to the partition, else return H_Parameter."
This patch adds a type check to ensure vty_lookup() either returns a pointer
to a valid VTY object or NULL. H_GET_TERM_CHAR and H_PUT_TERM_CHAR will
now return H_PARAMETER to the guest instead of crashing.
The patch has no effect on the reg == 0 hack used to implement the RTAS call
display-character.
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
* phb_index is not being used and if required can be obtained from sphb
* use helper to get drc_index in spapr_populate_pci_child_dt()
* Check if drc_index is zero
Suggested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Each hardware instance has a platform unique location code. The OF
device tree that describes a part of a hardware entity must include
the “ibm,loc-code” property with a value that represents the location
code for that hardware entity.
Populate ibm,loc-code.
1) PCI passthru devices need to identify with its own ibm,loc-code
available on the host. In failure cases use:
vfio_<name>:<phb-index>:<bus>:<slot>.<fn>
2) Emulated devices encode as following:
qemu_<name>:<phb-index>:<bus>:<slot>.<fn>
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
All the PCI enumeration and device node creation was off-loaded to
SLOF. With PCI hotplug support, code needed to be added to add device
node. This creates multiple copy of the code one in SLOF and other in
hotplug code. To unify this, the patch adds the pci device node
creation in Qemu. For backward compatibility, a flag
"qemu,phb-enumerated" is added to the phb, suggesting to SLOF to not
do device node creation.
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
[ Squashed Michael's drc_index changes ]
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
When supporting CPU hot removal by parking the vCPU fd and reusing
it during hotplug again, there can be cases where we try to reenable
KVM_CAP_IRQ_XICS CAP for the vCPU for which it was already enabled.
Introduce a boolean member in ICPState to track this and don't
reenable the CAP if it was already enabled earlier.
Re-enabling this CAP should ideally work, but currently it results in
kernel trying to create and associate ICP with this vCPU and that
fails since there is already an ICP associated with it. Hence this
patch is needed to work around this problem in the kernel.
This change allows CPU hot removal to work for sPAPR.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Keep cpu_model field in MachineState uptodate so that it can be used
from the CPU hotplug path.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Factor out bits of sPAPR specific CPU initialization code into
a separate routine so that it can be called from CPU hotplug
path too.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Reorganize CPU device tree generation code so that it be reused from
hotplug path. CPU dt entries are now generated from spapr_finalize_fdt()
instead of spapr_create_fdt_skel().
Note: This is how the split-up looks like now:
Boot path
---------
spapr_finalize_fdt
spapr_populate_cpus_dt_node
spapr_populate_cpu_dt
spapr_fixup_cpu_numa_dt
spapr_fixup_cpu_smt_dt
ibm,cas path
------------
spapr_h_cas_compose_response
spapr_fixup_cpu_dt
spapr_fixup_cpu_numa_dt
spapr_fixup_cpu_smt_dt
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Add support for ibm,lrdr-capacity since this is needed by the guest
kernel to know about the possible hot-pluggable CPUs and Memory. With
this, pseries kernels will start reporting correct maxcpus in
/sys/devices/system/cpu/possible.
Also define the minimum hotpluggable memory size as 256MB.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[agraf: Fix compile error on 32bit hosts]
Signed-off-by: Alexander Graf <agraf@suse.de>
Use max_cpus instead of smp_cpus when intializating xics system. Also
report max_cpus in ibm,interrupt-server-ranges device tree property of
interrupt controller node.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Since we now require GLib 2.22+ (commit f40685c), we don't have to
work around lack of g_hash_table_iter_init() & friends anymore.
This reverts commit f8833a37c0.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The fact that these enums have matching values is pure coincidence. We
actually need to translate from the PAPR definition to the QEMU one.
This patch doesn't fix any bug, it is only code cleanup.
Suggested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The tce_list variable is not a TCE but the address to a TCE: we shouldn't
clear permission bits as we do now. And this is dead code anyway since we
check tce_list is 4K aligned a few lines above.
This patch doesn't fix any bug, it is only code cleanup.
Suggested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Device node names should encode the unit address as hex, while the
code was encodind it as integers.
Also, use FDT_NAME_MAX macro for allocating and composing the name.
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Current code missed the Prog IF register. All Class Code, Subclass,
and Prog IF registers are needed to identify the accurate device type.
For example: USB controllers use the PROG IF for denoting: USB
FullSpeed, HighSpeed or SuperSpeed.
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The properties reg/assigned-resources need to encode 64-bit memory
address space as part of phys.hi dword.
00 if configuration space
01 if IO region,
10 if 32-bit MEM region
11 if 64-bit MEM region
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently although we have an sPAPRMachineState descended from MachineState
we don't have an sPAPRMAchineClass descended from MachineClass. So far it
hasn't been needed, but several upcoming features are going to want it,
so this patch creates a stub implementation.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The sPAPRMachineState structure includes an entry_point field containing
the initial PC value for starting the machine, even though this always has
the value 0x100.
I think this is a hangover from very early versions which bypassed the
firmware when using -kernel. In any case it has no function now, so remove
it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The ram_limit field was imported from sPAPREnvironment where it predates
the machine's ram size being available generically from machine->ram_size.
Worse, the existing code was inconsistent about where it got the ram size
from. Sometimes it used spapr->ram_limit, sometimes the global 'ram_size'
and sometimes a local 'ram_size' masking the global.
This cleans up the code to consistently use machine->ram_size, eliminating
spapr->ram_limit in the process.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The code for -machine pseries maintains a global sPAPREnvironment structure
which keeps track of general state information about the guest platform.
This predates the existence of the MachineState structure, but performs
basically the same function.
Now that we have the generic MachineState, fold sPAPREnvironment into
sPAPRMachineState, the pseries specific subclass of MachineState.
This is mostly a matter of search and replace, although a few places which
relied on the global spapr variable are changed to find the structure via
qdev_get_machine().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
XICS needs to know the upper value for cpu_index as it is used to compute
the number of servers:
smp_cpus * kvmppc_smt_threads() / smp_threads
When passing -smp cpus=1,threads=9 on a POWER8 host, we end up with:
1 * 8 / 9 = 0
... which leads to an assertion in both emulated:
Number of servers needs to be greater 0
Aborted (core dumped)
... and in-kernel XICS:
xics_kvm_realize: Assertion `icp->nr_servers' failed.
Aborted (core dumped)
With this patch, we are sure that nr_servers > 0. Passing the same bogus
-smp option then leads to:
qemu-system-ppc64: Cannot support more than 8 threads on PPC with KVM
... which is a lot more explicit than the XICS errors.
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The current macio implementation declares an interrupt that doesn't appear to
exist in the hardware or any other emulator implementation. OpenBIOS detects
this interrupt and generates an 'interrupts' property in the macio device tree
entry. Mac OS 9 halts boot when it detects this interrupt, so it has been
removed to permit further progress in the boot process.
Signed-off-by: Cormac O'Brien <i.am.cormac.obrien@gmail.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
It needs to be the first one and it is not optional, that is the reason
why it is opencoded. For new machine types, it is required that machine
type name is the same in both sides.
It is just done right now for pc's.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
This section would be sent:
a- for all new machine types
b- for old machine types if section state is different form {running,paused}
that were the only giving us troubles.
So, in new qemus: it is alwasy there. In old qemus: they are only
there if it an error has happened, basically stoping on target.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
I forgot to add compatibility for Power when adding section footers.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Fixes: 37fb569c01
Signed-off-by: Juan Quintela <quintela@redhat.com>
For pkts copied to the CPU (to be processed by guest driver), mark the Rx
descriptor with flag "OFFLOAD_FWD" to indicate device has already forwarded
pkt. The guest driver will use this indicator to avoid duplicate
forwarding in the guest OS.
Examples include bcast/mcast/unknown ucast pkts flooded to bridged ports.
We want to avoid both the device and the guest bridge driver flooding these
pkts, which would result in duplicates pkts on the wire. Packet sampling,
such as sFlow, can also use this technique to mark pkts for the guest OS to
record but otherwise drop.
Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Message-id: 1435746792-41278-5-git-send-email-sfeldma@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1435746792-41278-3-git-send-email-sfeldma@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Premature break in switch case block. This particular case (group L2 rewrite)
will be used for L2 LAG and L3 ECMP support, neither of which are enabled in
the guest driver at this time, but are under development.
Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1435746792-41278-2-git-send-email-sfeldma@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Commit 6e99c63 ("net/socket: Drop net_socket_can_send") changed the
semantics around .can_receive for sockets to now require the device to
flush queued pkts when transitioning to a .can_receive=true state. Rocker
device was not flushing the queue on .can_receive=true transition, so the
receiver was stuck.
But, turns out we really don't want any queuing at all on the port when the
port is disabled, otherwise when the port transitions to enabled, we'd
receive and forward stale pkts that really should have been dropped. So,
let's remove .can_receive so avoid queuing and drop the pkt in .receive if
the port is disabled.
Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1435717553-36187-1-git-send-email-sfeldma@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When running ESXi under qemu there is an issue with the ESXi guest
discarding packets that are too short. The guest discards any packets
under the normal minimum length for an ethernet packet (60). This
results in odd behaviour where other hosts or VMs on other hosts can
communicate with the ESXi guest just fine (since there's a physical NIC
somewhere doing padding), but VMs on the host and the host itself cannot
because the ARP request packets are too small for the ESXi host to
accept.
Someone in the past thought this was worth fixing, and added code to the
vmxnet3 qemu emulation such that if it is receiving packets smaller than
60 bytes to pad the packet out to 60. Unfortunately this code is wrong
(or at least in the wrong place). It does so BEFORE before taking into
account the vnet_hdr at the front of the packet added by the tap device.
As a result, it might add padding, but it never adds enough.
Specifically it adds 10 less (the length of the vnet_hdr) than it needs
to.
The following (hopefully "obviously correct") patch simply swaps the
order of processing the vnet header and the padding. With this patch an
ESXi guest is able to communicate with the host or other local VMs.
Signed-off-by: Brian Kress <kressb@moose.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
e1000_can_receive() checks the link up status register bit. If the bit
is clear, packets will be queued and the peer may disable receive to
avoid wasting CPU reading packets that cannot be delivered. The queue
must be flushed once the link comes back up again.
This patch fixes broken e1000 receive with Mac OS X Snow Leopard guests
and tap networking. Flushing the queue invokes the async send callback,
which re-enables tap fd read.
Reported-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1435223885-12745-1-git-send-email-stefanha@redhat.com
This interface provides some registers within a 32-byte range and can be
acessed through PCI-to-LPC bridge interface (PMBASE + 0x60).
It's commonly used as a watchdog timer to detect system lockups through
SMIs that are generated -- if TCO_EN bit is set -- on every timeout. If
NO_REBOOT bit is not set in GCS (General Control and Status register),
the system will be resetted upon second timeout if TCO_RLD register
wasn't previously written to prevent timeout.
This patch adds support to TCO watchdog logic and few other features
like mapping NMIs to SMIs (NMI2SMI_EN bit), system intruder detection,
etc. are not implemented yet.
Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
MIPS doesn't need it, and including it creates problem as we are adding
dependency on ISA LPC bridge.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Switch over to virtio_instance_init_common. Drop duplicate properties
in virtio-gpu-pci and virtio-vga as they are properly aliased now. Also
drop the indirection via DEFINE_VIRTIO_GPU_PROPERTIES, we don't need it
any more as the properties are defined in a single place now.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Update the device link of the QemuConsole, so it points to the
virtio-gpu-pci or virtio-vga device instead of virtio-gpu-device.
This is needed because we want to find the device by id, for
example for input routing, and the id specified on the command
line is attached to the pci proxy, not the virtio device.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
On ARM, commit ac9d32e396 postponed the
memory preparation for boot until the machine init done notifier. This
has for consequence to insert ROM at machine init done time.
However the rom_load_all function stayed called before the ROM are
inserted. As a consequence the rom_load_all function does not do
everything it is expected to do, on ARM.
It currently registers the ROM reset notifier but does not iterate through
the registered ROM list. the isrom field is not set properly. This latter
is used to report info in the monitor and also to decide whether the
rom->data can be freed on ROM reset notifier.
To fix that regression the patch moves the rom_load_all call after
machine init done. We also take the opportunity to rename the rom_load_all
function into rom_check_and_resgister_reset() and integrate the
rom_load_done in it.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reported-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1434470874-22573-1-git-send-email-eric.auger@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This reverts commit f5a5628cf0.
This was an old patch that had been already superseded by b0e5d90eb
("dataplane: endianness-aware accesses").
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Accesses to vring_avail_event and vring_used_event must honor the queue
endianness.
This patch allows cross-endian setups to use dataplane (tested with ppc64
on ppc64le, and vice-versa).
Suggested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Fix pba_offset initialization value for Chelsio T5 Virtual Function
device. The T5 hardware has a bug in it where it reports a Pending Interrupt
Bit Array Offset of 0x8000 for its SR-IOV Virtual Functions instead
of the 0x1000 that the hardware actually uses internally. As the hardware
doesn't return the correct pba_offset value, add a quirk to instead
return a hardcoded value of 0x1000 when a Chelsio T5 VF device is
detected.
This bug has been fixed in the Chelsio's next chip series T6 but there are
no plans to respin the T5 ASIC for this bug. It is just documented in the
T5 Errata and left it at that.
Signed-off-by: Gabriel Laupre <glaupre@chelsio.com>
Reviewed-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
On systems with guest visible IOMMU, adding a new memory region onto
PCI bus calls vfio_listener_region_add() for every DMA window. This
installs a notifier for IOMMU memory regions. The notifier is supposed
to be removed vfio_listener_region_del(), however in the case of mixed
PHB (emulated + VFIO devices) when last VFIO device is unplugged and
container gets destroyed, all existing DMA windows stay alive altogether
with the notifiers which are on the linked list which head was in
the destroyed container.
This unregisters IOMMU memory region notifier when a container is
destroyed.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This patch aims at optimizing IRQ handling using irqfd framework.
Instead of handling the eventfds on user-side they are handled on
kernel side using
- the KVM irqfd framework,
- the VFIO driver virqfd framework.
the virtual IRQ completion is trapped at interrupt controller
This removes the need for fast/slow path swap.
Overall this brings significant performance improvements.
Signed-off-by: Alvise Rigo <a.rigo@virtualopensystems.com>
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Vikram Sethi <vikrams@codeaurora.org>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Add a new connect_irq_notifier notifier in the SysBusDeviceClass. This
notifier, if populated, is called after sysbus_connect_irq.
This mechanism is used to setup VFIO signaling once VFIO platform
devices get attached to their platform bus, on a machine init done
notifier.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Tested-by: Vikram Sethi <vikrams@codeaurora.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
The arm_gic_kvm now calls kvm_irqchip_set_qemuirq_gsi to build
the hash table storing qemu_irq/gsi mappings. From that point on
irqfd can be setup directly from the qemu_irq using
kvm_irqchip_add_irqfd_notifier.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Tested-by: Vikram Sethi <vikrams@codeaurora.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Anticipating for the introduction of new add/remove functions taking
a qemu_irq parameter, let's rename existing ones with a gsi suffix.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Tested-by: Vikram Sethi <vikrams@codeaurora.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This is system level code, and should only depend on the host page
size, not the target page size.
Note that HOST_PAGE_SIZE is misleadingly lead and is really aligning
to both host and target page size. Hence it's replacement with
REAL_HOST_PAGE_SIZE.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
size_t is an unsigned type, thus the error case is never reached in
the below call to pread. If bytes is negative, it will be seen as
a very high positive value.
Spotted by Coverity.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
The property can take values on, off or auto. The default is "off"
for KVM and pre-2.4 machines, otherwise "auto" (which makes it
available on TCG or on new-enough kernels).
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Q35's ACPI device is hard-coding SMM availability to KVM. Place the
logic where the board is created instead, so that it will be possible
to override it.
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We will enable SMM even if KVM is in use. Rename the field and
arguments.
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
These commands are handled entirely by QEMU. Do not raise an SMI
when they happen, because Windows (at least 2008r2) expects these
commands to work and (depending on the value of APMC_EN at
startup) the firmware might not have installed an SMI handler.
When this happens (e.g. the kernel supports SMIs, or you are using
TCG, but you have used "-machine smm=off") RIP is moved to 0x38000
where there is no code to execute.
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* unlocked MMIO support in KVM
* support for compilation with ICC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJVmnuoAAoJEL/70l94x66DKTUH/RFrc20KXRkn/Pb/8qHY/wFz
Wt3YaS5VYPHElHbxHSdpwlV3K50FAX4QaC25Dnw4dsTelyxe5k7od+I7x8PQxD9v
3N+mFFF1BV6PqXTPVnUCnb14EXprJX524E97O6Z3lDGcwSLHDxeveSCk3IvMFErz
JzP3vtigSvtdPPQXlGcndP/r1EXeVjgNIsZ+NKaI/kmoSz1fHFrCN8hTnrxA9RSI
ZPhfmgHI5EMFtAf/HiZID6GSHOHajgeRT2bIiiy1okS++no0uRZlVMvcnFNPZHoG
e9XCGBXJSdmCoi7sIgShXirKszxYkRTbCyxxjz6aYfhrQzo0h+Yn9OPuvQrgynE=
=+YEv
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* more of Peter Crosthwaite's multiarch preparation patches
* unlocked MMIO support in KVM
* support for compilation with ICC
# gpg: Signature made Mon Jul 6 13:59:20 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
exec: skip MMIO regions correctly in cpu_physical_memory_write_rom_internal
Stop including qemu-common.h in memory.h
kvm: Switch to unlocked MMIO
acpi: mark PMTIMER as unlocked
kvm: Switch to unlocked PIO
kvm: First step to push iothread lock out of inner run loop
memory: let address_space_rw/ld*/st* run outside the BQL
exec: pull qemu_flush_coalesced_mmio_buffer() into address_space_rw/ld*/st*
memory: Add global-locking property to memory regions
main-loop: introduce qemu_mutex_iothread_locked
main-loop: use qemu_mutex_lock_iothread consistently
Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
cpu-defs: Move out TB_JMP defines
include/exec: Move tb hash functions out
include/exec: Move standard exceptions to cpu-all.h
cpu-defs: Move CPU_TEMP_BUF_NLONGS to tcg
memory_mapping: Rework cpu related includes
cutils: allow compilation with icc
qemu-common: add VEC_OR macro
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The timer should fire the interrupt only if the IT (interrupt enable) bit
state of the control register is enabled.
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The running timer can't be stopped because timer control code just
doesn't handle disabling the timer. Fix it by deleting the timer if
the enable bit is cleared.
The timer won't start periodic ticking if a ONE-SHOT -> PERIODIC mode
change happens after a one-shot tick was completed. Fix it by
re-starting ticking if the timer isn't ticking right now.
To avoid code churning, these two fixes are squashed in one commit.
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The arm_gic_common reset function was missing reset code for
several of the GIC's state fields:
* bpr[]
* abpr[]
* priority1[]
* priority2[]
* sgi_pending[]
* irq_target[] (SMP configurations only)
These probably went unnoticed because most guests will either
never touch them, or will write to them in the process of
configuring the GIC before enabling interrupts.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1435602345-32210-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
The interval interrupt is not set if the timer is in decrement mode.
This is because x >=0 and x < interval after leaving the while-loop.
Signed-off-by: Johannes Schlatow <schlatow@ida.ing.tu-bs.de>
Message-id: 20150630135821.51f3b4fd@johanness-latitude
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Version: GnuPG v1
iQIcBAABAgAGBQJVl3fQAAoJEH3vgQaq/DkOgNkP/0gkVzBeIhuJHEWJasX12zS4
VaXAKNc/haSvnT4nOOw2VfvyXvbawUgN1izBKhqrGu+Qdj9kZXMuQN/H8V7kLQeK
s9/c9FmiI4On9uheol294Ig9Q8R/NUc9Z69st0usEdAIlGOhzQlItwzQQecDWmd6
LIb0pVAId4jrW+bW5XbMEzCSKQkD5ETKAZ8cMh1+U60b8Oi0xZsY/q+SPhj/PHrX
vH98oOVT0rgQ9ZJPpSmxa2SpeeMINkROeer19rJY9tbcK4W52i4yt7c0NxhICYfP
bB75Zis0TUR9csuuW2801bejxhNhwDka5vur6q14h4wEawtPMV07zhmxTVyKFk89
Y1Jzt7ys2awotHy6/XrHU4eUBwpd1BAgZ8P5M0HzKdxH6+Xxg269zc/QmG3FqCVo
HKJ7e/vcmImYJZG1GhJrP4PUfXrLOciBzYhmaxwGNQLXrM1YUE6F/PvgIJyRGRdB
vXrFUifxHylgQUAdlHHAqT4LlfJZVjTVBVntGqoZgH7RiyK4lSmyUkdYRtlG+Fcm
SCCjRcCAh1nzSp7XI2QziNl/ezavOI4lpAv64ubXU3VGxudGgcq+WsYF4iEOdbNJ
W04QVCjR9PzvLabRLYzTtWTywYT79cg4xh/Lq+EyXAoWFRM2/CYliHJk4VSlk3Us
v8a6sWB9qc3dq6f6uUTX
=nQZA
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging
# gpg: Signature made Sat Jul 4 07:06:08 2015 BST using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: FAEB 9711 A12C F475 812F 18F2 88A9 064D 1835 61EB
# Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76 CBD0 7DEF 8106 AAFC 390E
* remotes/jnsnow/tags/ide-pull-request: (35 commits)
ahci: fix sdb fis semantics
qtest/ahci: halted ncq migration test
ahci: Do not map cmd_fis to generate response
ahci: ncq migration
ahci: add get_cmd_header helper
ahci: add cmd header to ncq transfer state
qtest/ahci: halted NCQ test
ahci: correct ncq sector count
ahci: correct types in NCQTransferState
ahci: add rwerror=stop support for ncq
ahci: factor ncq_finish out of ncq_cb
ahci: refactor process_ncq_command
ahci: assert is_ncq for process_ncq
ahci: stash ncq command
ide: add limit to .prepare_buf()
qtest/ahci: ncq migration test
qtest/ahci: simple ncq data test
libqos/ahci: Force all NCQ commands to be LBA48
libqos/ahci: set the NCQ tag on command_commit
libqos/ahci: adjust expected NCQ interrupts
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There are two things to fix here:
The first one is subtle: the PxSACT register in the AHCI HBA has different
semantics from the field it is shadowing, the ACT field in the
Set Device Bits FIS.
In the HBA register, PxSACT acts as a bitfield indicating outstanding
NCQ commands where a set bit indicates a pending NCQ operation. The FIS
field however operates as an RWC register update to PxSACT, where a set
bit indicates a *successfully* completed command.
Correct the FIS semantics. At the same time, move the "clear finished"
action to the SDB FIS generation instead of the register read to mimick
how the other shadow registers work, which always just report the last
reported value from a FIS, and not the most current values which may
not have been reported by a FIS yet.
Lastly and more simply, SATA 3.2 section 13.6.4.2 (and later sections)
all specify that the Interrupt bit for the SDB FIS should always be set
to one for NCQ commands. That's currently the only time we generate this
FIS, so set it on all the time.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-16-git-send-email-jsnow@redhat.com
The Register D2H FIS should copy the current values of
the registers instead of just parroting back the same
values the guest sent back to it.
In this case, the SECTOR COUNT variables are actually
not generally meaningful in terms of standard commands
(See ATA8-AC3 Section 9.2 Normal Outputs), so it actually
probably doesn't matter what we put in here.
Meanwhile, we do need to use the Register update FIS from
the NCQ pathways (in error cases), so getting rid of
references to cur_cmd here is a win for AHCI concurrency.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-14-git-send-email-jsnow@redhat.com
Migrate the NCQ queue. This is solely for the benefit of halted commands,
since anything else should have completed and had any relevant status
flushed to the HBA registers already.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-13-git-send-email-jsnow@redhat.com
cur_cmd is an internal bookmark that points to the
current AHCI Command Header being processed by the
AHCI state machine. With NCQ needing to occasionally
rely on some of the same AHCI helpers, we cannot use
cur_cmd and will need to grab explicit pointers instead.
In an attempt to begin relying on the cur_cmd pointer
less, add a helper to let us specifically get the pointer
to the command header of particular interest.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-12-git-send-email-jsnow@redhat.com
While the rest of the AHCI device can rely on a single bookmarked
pointer for the AHCI Command Header currently being processed, NCQ
is asynchronous and may have many commands in flight simultaneously.
Add a cmdh pointer to the ncq_tfs object and make the sglist prepare
function take an AHCICmdHeader pointer so we can be explicit about
where we'd like to build SGlists from.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-11-git-send-email-jsnow@redhat.com
uint16_t isn't enough to hold the real sector count, since a value of
zero implies a full 64K sectors, so we need a uint32_t here.
We *could* cheat and pretend that this value is 0-based and fit it in
a uint16_t, but I'd rather waste 2 bytes instead of a future dev's
10 minutes when they forget to +1/-1 accordingly somewhere.
See SATA 3.2, section 13.6.4.1 "READ FPDMA QUEUED".
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-9-git-send-email-jsnow@redhat.com
Handle NCQ failures for cases where we want to halt the VM on IO errors.
Upon a VM state change, retry the halted NCQ commands.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-7-git-send-email-jsnow@redhat.com
When we add werror=stop or rerror=stop support to NCQ,
we'll want to take a codepath where we don't actually
complete the command, so factor that out into a new routine.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-6-git-send-email-jsnow@redhat.com
Split off execute_ncq_command so that we can call
it separately later if we desire.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-5-git-send-email-jsnow@redhat.com
We already checked this in the handle_cmd phase, so just
change this to an assertion and simplify the error logic.
(Also, fix the switch indent, because checkpatch.pl yelled.)
((Sorry for churn.))
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-4-git-send-email-jsnow@redhat.com
For migration and werror=stop/rerror=stop resume purposes,
it will be convenient to have the command handy inside of
ncq_tfs.
Eventually, we'd like to avoid reading from the FIS entirely
after the initial read, so this is a byte (hah!) sized step
in that direction.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-3-git-send-email-jsnow@redhat.com
prepare_buf should not always grab as many descriptors
as it can, sometimes it should self-limit.
For example, an NCQ transfer of 1 sector with a PRDT that
describes 4GiB of data should not copy 4GiB of data, it
should just transfer that first 512 bytes.
PIO is not affected, because the dma_buf_rw dma helpers
already have a byte limit built-in to them, but DMA/NCQ
will exhaust the entire list regardless of requested size.
AHCI 1.3 specifies in section 6.1.6 Command List Underflow that
NCQ is not required to detect underflow conditions. Non-NCQ
pathways signal underflow by writing to the PRDBC field, which
will already occur by writing the actual transferred byte count
to the PRDBC, signaling the underflow.
Our NCQ pathways aren't required to detect underflow, but since our DMA
backend uses the size of the PRDT to determine the size of the transer,
if our PRDT is bigger than the transaction (the underflow condition) it
doesn't cost us anything to detect it and truncate the PRDT.
This is a recoverable error and is not signaled to the guest, in either
NCQ or normal DMA cases.
For BMDMA, the existing pathways should see no guest-visible difference,
but any bytes described in the overage will no longer be transferred
before indicating to the guest that there was an underflow.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435767578-32743-2-git-send-email-jsnow@redhat.com
This value should not be size-corrected, 0 sectors does not imply
1 sector(s). This is just debug information, but it's misleading!
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435016308-6150-8-git-send-email-jsnow@redhat.com
Most of the time, these bits can be safely ignored. For the purposes
of debugging however, it's nice to know that they're not being used.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435016308-6150-7-git-send-email-jsnow@redhat.com
There's no real reason to have it bundled together, and this way
is a little nicer to follow if you have the AHCI spec pulled up.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435016308-6150-6-git-send-email-jsnow@redhat.com
Don't attempt the NCQ transfer if the PRDT we were given is not big
enough to perform the entire transfer.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435016308-6150-5-git-send-email-jsnow@redhat.com
Set some appropriate error bits for NCQ for us.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435016308-6150-4-git-send-email-jsnow@redhat.com
Trivial cleanup that I didn't want to tack-on to anything else.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435016308-6150-3-git-send-email-jsnow@redhat.com
Several fields of the NCQFIS structure are ambiguously named. This patch
clarifies the intended (if unsupported) usage of the NCQ fields to aid
in creating more meaningful debug messages through the NCQ codepaths.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435016308-6150-2-git-send-email-jsnow@redhat.com
The only guidance the AHCI specification gives on memory access is:
"Register accesses shall have a maximum size of 64-bits; 64-bit access
must not cross an 8-byte alignment boundary."
I interpret this to mean that aligned or unaligned 1, 2 and 4 byte
accesses should work, as well as aligned 8 byte accesses.
In practice, a real Q35/ICH9 responds to 1, 2, 4 and 8 byte reads
regardless of alignment. Windows 7 can be observed making 1 byte
reads to the middle of 32 bit registers to fetch error codes.
Introduce a wrapper to support unaligned accesses to AHCI.
This wrapper will support aligned 8 byte reads, but will make
no effort to support unaligned 8 byte reads, which although they
will work on real hardware, are not guaranteed to work and do
not appear to be used by either Windows or Linux.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1434470575-21625-2-git-send-email-jsnow@redhat.com
Start storing the (start_addr, end_addr) of the pc-dimm memory
in corresponding numa_info[node] so that this information can be used
to lookup node by address.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Tested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
HotplugHandlerClass::plug() shouldn't fail and hence use error_abort
to abort if it fails.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Tested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
pc_dimm_plug() has code that will be needed for memory plug handlers
in other archs too. Extract code from pc_dimm_plug() into a generic
routine pc_dimm_memory_plug() that resides in pc-dimm.c. Also
correspondingly refactor re-usable unplug code into pc_dimm_memory_unplug().
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Tested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Move hotplug_memory_base and hotplug_memory fields of PCMachineState
into a separate structure so that the same can be made use of from
other architectures supporing memory hotplug.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Tested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Add display and head properties for input routing to
virtio-input devices, update multiseat documentation.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The section footer changes commit f68945d42b ("Add a protective
section footer") and commit 37fb569c01 ("Disable section footers
on older machine types") broke migration for any non-versioned
machines.
This pinpoints a problem of s390-ccw machines: it needs to
be versioned to be compatible with future changes in common
code data structures such as section footers.
Let's introduce a version scheme for s390-ccw-virtio machines.
We will use the old s390-ccw-virtio name as alias to the latest
version as all existing libvirt XML for the ccw type were expanded
by libvirt to that name.
The only downside of this patch is, that the old alias s390-ccw
will no longer be available as machines can have only one alias,
but it should not really matter.
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: Juan Quintela <quintela@redhat.com>
Cc: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Cc: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <1435742217-62246-1-git-send-email-borntraeger@de.ibm.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
commit fa92e218df ("s390x/ipl: avoid sign extension") introduced
a regression:
qemu-system-s390x -drive file=image.qcow,format=qcow2
does not boot, the bios states
"No virtio-blk device found!"
adding bootindex=1 does boot.
The reason is that the uint32_t as return value will not do the right
thing for the return -1 (default without bootindex).
The bios itself, will interpret a 64bit -1 as autodetect (but it will
interpret 32bit -1 as ccw device address ff.ff.ffff)
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: qemu-stable@nongnu.org # v2.3.0
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
We need to migrate the revision field as well. No compatibility
concerns as we already introduced migration of ->config_vector in
this release.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Support the new CCW_CMD_SET_VQ format for virtio-1 devices.
While we're at it, refactor the code a bit and enforce big endian
fields (which had always been required, even for legacy).
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Handle the virtio-ccw revision according to what the guest sets.
When revision 1 is selected, we have a virtio-1 standard device
with byteswapping for the virtio rings.
When a channel gets disabled, we have to revert to the legacy behavior
in case the next user of the device does not negotiate the revision 1
anymore (e.g. the boot firmware uses revision 1, but the operating
system only uses the legacy mode).
Note that revisions > 0 are still disabled.
[CH: assure memory accesses are always BE]
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Accessing QEMU_CLOCK_VIRTUAL is thread-safe.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1434646046-27150-9-git-send-email-pbonzini@redhat.com>
We need a possibility to run code when a subchannel gets disabled.
This patch adds the necessary infrastructure.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Our main channel_subsys structure is not a device (yet), but we need
to setup mss/mcss-e again if the guest had enabled it before. Use
a hack that should catch most configurations (assuming that the guest
will have enabled at least one device in higher subchannel sets or
channel subsystems if it enabled the functionality.)
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
For a guest-initiated reset, we need to not only reset the virtio device,
but also reset the VirtioCcwDevice into a clean state. This includes
resetting the indicators, or else a guest will not be able to e.g.
switch from classic interrupts to adapter interrupts.
Split off this routine into a new function virtio_ccw_reset_virtio()
to make the distinction between resetting the virtio-related devices
and the base subchannel device clear.
CC: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Almost exclusively bugfixes, though in this case,
we are adding functionality to the pxb in order
to make OVMF work on it.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVjVb/AAoJECgfDbjSjVRpeaEH/2bwK7BGgczEQ7fhzIEaQSQq
SV7aychNZvUFASXLV6aVmQCdYixZxlI9KDn0pMRYntUcjxRRB48U3N5Sy4km46Pw
LLN3vxGzHazlE7AJ5c+WVDf0e2k7v3CpZ/TKXzPHmvZXIuBfjKXtKzBgyQYxGkmL
JgRrRSHDrsbvfmhI4uHMpCTYs/WeY1cuA1IzvimBjmvVP5kkko4NoX+HEWmGJ6WK
13fQuV+Cvz7Yk40HRpPAM0QPV2etGCj+dU7xgF9BWnn9mzbGC5iy8EUClyGil/af
k3i/bCxs6IgpQ76LaezJtGPtn1jbohrO4qRqlatUAJCwgCYMCkxkIk+Pr4A3x4c=
=6WvB
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, pci fixes, enhancements
Almost exclusively bugfixes, though in this case,
we are adding functionality to the pxb in order
to make OVMF work on it.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri Jun 26 14:43:27 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
Fix glib_subprocess test
hw/pci-bridge: format special OFW unit address for PXB host
hw/core: explicit OFW unit address callback for SysBusDeviceClass
hw/pci-bridge: disable SHPC in PXB
hw/pci-bridge: introduce "shpc" property
hw/pci: introduce shpc_present() helper function
hw/pci-bridge: add macro for "msi" property
hw/pci-bridge: add macro for "chassis_nr" property
hw/pci-bridge: expose _test parameter in SHPC_VMSTATE()
migration: introduce VMSTATE_BUFFER_UNSAFE_INFO_TEST()
add pci-bridge-seat
pc: cleanup and convert TMP ACPI device description to AML API
MAINTAINERS: add ACPI entry
vhost: correctly pass error to caller in vhost_dev_enable_notifiers()
balloon: add a feature bit to let Guest OS deflate balloon on oom
qdev: fix OVERFLOW_BEFORE_WIDEN
virito-pci: fix OVERRUN problem
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now we have virtio-pci, we can make the virt board's default block
device type be IF_VIRTIO. This allows users to use simplified
command lines that don't have to explicitly create virtio-pci-blk
devices; the -hda &c very short options now also work.
This means we also need to set no_cdrom to avoid getting a
default cdrom device -- this is needed because the virtio-blk
device will fail if it is connected to a block backend with
no media, which is what the default cdrom device typically is.
Providing a cdrom with media via -cdrom will succeed, but silently
create a device with non-removable medium. this is probably
not really what the user wants, but is the best we can do now.
Note that this change means that some command lines which used
to work (by accident) will stop working. Where a drive was connected
manually to a device but without 'if=none' being specified, we
used to treat this as an IDE drive, which we would then not autoplug
because the board doesn't support IDE. Now we will treat it as a
virtio disk and autoplug it, which means the attempt to use the
drive manually will fail:
qemu-system-arm: -drive file=img.qcow2,id=foo: Drive 'foo' is already
in use because it has been automatically connected to another device
(did you need 'if=none' in the drive options?)
The command line will have to be changed to include 'if=none', as the
error message suggests.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435068107-12594-4-git-send-email-peter.maydell@linaro.org
If the user forgot if=none on their drive specification they're likely
to get an error message because the drive is assigned once automatically
by QEMU and once by the manual id=/drive= user command line specification.
Improve the error message produced in this case to explicitly guide the
user towards if=none.
We rephrase the "drive conflict but not for an if=something" error as
well to keep the wording in line.
The two cases that change are:
(1) Drive specified as to be auto-connected and also manually connected
(and the board does handle this if= type):
qemu-system-x86_64 -nodefaults -display none \
-drive if=scsi,file=tmp.qcow2,id=foo -device ide-hd,drive=foo
Previously:
qemu-system-x86_64: -device ide-hd,drive=foo: Property 'ide-hd.drive'
can't take value 'foo', it's in use
Now:
qemu-system-x86_64: -device ide-hd,drive=foo: Drive 'foo' is already in
use because it has been automatically connected to another device (did
you need 'if=none' in the drive options?)
(2) Drive specified to be manually connected in two different ways:
qemu-system-x86_64 -nodefaults -display none \
-drive if=none,file=tmp.qcow2,id=foo -device ide-hd,drive=foo \
-device ide-hd,drive=foo
Previously:
qemu-system-x86_64: -device ide-hd,drive=foo: Property 'ide-hd.drive'
can't take value 'foo', it's in use
Now:
qemu-system-x86_64: -device ide-hd,drive=foo: Drive 'foo' is already in
use by another device
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435068107-12594-3-git-send-email-peter.maydell@linaro.org
Instead of having set_pointer() call a parse callback which returns
an error number that we then convert to an Error string with
error_set_from_qdev_prop_error(), make the parse callback take an
Error** and set the error itself. This will allow parse routines
to provide more helpful error messages than the generic ones.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1435068107-12594-2-git-send-email-peter.maydell@linaro.org
Add GICv2m description in ACPI MADT table, so guest can use MSI when
booting with ACPI.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Tested-by: Andrew Jones <drjones@redhat.com>
Message-id: 1434676210-2276-1-git-send-email-shannon.zhao@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The table revision is not the ACPI spec version. Fix the wrong revision
and also some comments.
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1433820378-8336-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add UHI semihosting support for MIPS. QEMU run with "-semihosting" option
will alter the behaviour of SDBBP 1 instruction -- UHI operation will be
called instead of generating a debug exception.
Also tweak Malta's pseudo-bootloader. On CPU reset the $4 register is set
to -1 if semihosting arguments are passed to indicate that the UHI
operations should be used to obtain input arguments.
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
The BEV flag controls whether the boot exception vector is still
in place when starting a kernel. When cleared the exception vector
at EBASE (or hard coded address of 0x80000000) is used instead.
The early stages of the linux kernel would benefit from BEV still
being set to ensure any faults get handled by the boot rom exception
handlers. This is a moot point for system qemu as there aren't really
any BEV handlers, but there are other good reasons to change this...
The UHI (semi-hosting interface) defines special behaviours depending
on whether an application starts in an environment with BEV set or
cleared. When BEV is set then UHI assumes that a bootloader is
relatively dumb and has no advanced exception handling logic.
However, when BEV is cleared then UHI assumes that the bootloader
has the ability to handle UHI exceptions with its exception handlers
and will unwind and forward UHI SYSCALL exceptions to the exception
vector that was installed prior to running the application.
Signed-off-by: Matthew Fortune <matthew.fortune@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Version: GnuPG v1
iQEcBAABAgAGBQJVisx5AAoJEJykq7OBq3PIbasIALJC/7BEyCSEubcjH25CIzao
D20ufmo8/Et6KGuD1r2zdGRXQ79q/SDCGStQK8QEEfvRxPMehngfCUb5aJXkcGbu
/bRIaHh7DFxSiPGJI1/1wwR1MC7tjjR6ZrpSd2OTF0VOZvuXlP3noWpX1eiRAcvu
ekK2vvYtDi03/Xzhbx8MIRSuYPAdh/tXZ3mrDfUQNrtO47QYAxh0C9ABzZVrHJCa
RFCFXPoqZroOcrVe20ZHLt82AUL0H3cfHvF74Z+LbOlPJ7JbP/5+PzLisAqX7VeE
VYvK78mQih41Ww+qYYx4lwhUMUW1fYYnN/MHpdU2LBHcF/tPqxz5kyvQ6GJhD5w=
=rdVl
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
# gpg: Signature made Wed Jun 24 16:27:53 2015 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/block-pull-request:
virito-blk: drop duplicate check
qemu-iotests: fix 051.out after qdev error message change
iov: don't touch iov in iov_send_recv()
raw-posix: Introduce hdev_is_sg()
raw-posix: Use DPRINTF for DEBUG_FLOPPY
raw-posix: DPRINTF instead of DEBUG_BLOCK_PRINT
Fix migration in case of scsi-generic
block: Use bdrv_is_sg() everywhere
nvme: Fix memleak in nvme_dma_read_prp
vvfat: add a label option
util/hbitmap: Add an API to reset all set bits in hbitmap
virtio-blk: Use blk_drain() to drain IO requests
block-backend: Introduce blk_drain()
throttle: Check current timers before updating any_timer_armed[]
block: Let bdrv_drain_all() to call aio_poll() for each AioContext
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
in_num = req->elem.in_num, and req->elem.in_num is
checked in line 489, so the check about in_num variable
is superflous, let's drop it.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1435138164-11728-1-git-send-email-arei.gonglei@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We have agreed that OpenFirmware device paths in the "bootorder" fw_cfg
file should follow the pattern
/pci@i0cf8,%x/...
for devices that live behind an extra root bus. The extra root bus in
question is the %x'th among the extra root buses. (In other words, %x
gives the position of the affected extra root bus relative to the other
extra root buses, in bus_nr order.) %x starts at 1, and is formatted in
hex.
The portion of the unit address that comes before the comma is dynamically
taken from the main host bridge, similarly to sysbus_get_fw_dev_path().
Cc: Kevin O'Connor <kevin@koconnor.net>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The sysbus_get_fw_dev_path() function formats OpenFirmware device path
nodes ("driver-name@unit-address") for sysbus devices. The first choice
for "unit-address" is the base address of the device's first MMIO region.
The second choice is its first IO port.
However, if two sysbus devices with the same "driver-name" lack both MMIO
and PIO resources, then there is no good way to distinguish them based on
their OFW nodes, because in this case unit-address is omitted completely
for both devices. An example is TYPE_PXB_HOST ("pxb-host").
For the sake of such devices, introduce the explicit_ofw_unit_address()
"virtual member function". With this function, each sysbus device in the
same SysBusDeviceClass can state its own address.
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Tested-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
OVMF downloads the ACPI linker/loader script from QEMU when the edk2 PCI
Bus driver globally signals the firmware that PCI enumeration and resource
allocation have completed. At this point QEMU regenerates the ACPI payload
in an fw_cfg read callback, and this is when the PXB's _CRS gets
populated.
Unfortunately, when this happens, the PCI_COMMAND_MEMORY bit is clear in
the root bus's command register, *unlike* under SeaBIOS. The consequences
unfold as follows:
- When build_crs() fetches dev->io_regions[i].addr, it is all-bits-one,
because pci_update_mappings() --> pci_bar_address() calculated it as
PCI_BAR_UNMAPPED, due to the PCI_COMMAND_MEMORY bit being clear.
- Consequently, the SHPC MMIO BAR (bar 0) of the bridge is not added to
the _CRS, *despite* having been programmed in PCI config space.
- Similarly, the SHPC MMIO BAR of the PXB is not removed from the main
root bus's DWordMemory descriptor.
- Guest OSes (Linux and Windows alike) notice the pre-programmed SHPC BAR
within the PXB's config space, and notice that it conflicts with the
main root bus's memory resource descriptors. Linux reports
pci 0000:04:00.0: BAR 0: can't assign mem (size 0x100)
pci 0000:04:00.0: BAR 0: trying firmware assignment [mem
0x88200000-0x882000ff 64bit]
pci 0000:04:00.0: BAR 0: [mem 0x88200000-0x882000ff 64bit] conflicts
with PCI Bus 0000:00 [mem
0x88200000-0xfebfffff]
While Windows Server 2012 R2 reports
https://technet.microsoft.com/en-us/library/cc732199%28v=ws.10%29.aspx
This device cannot find enough free resources that it can use. If you
want to use this device, you will need to disable one of the other
devices on this system. (Code 12)
This issue was apparently encountered earlier, see the "hack" in:
https://lists.nongnu.org/archive/html/qemu-devel/2015-01/msg02983.html
and the current hole-punching logic in build_crs() and build_ssdt() is
probably supposed to remedy exactly that problem -- however, for OVMF they
don't work, because at the end of the PCI enumeration and resource
allocation, which cues the ACPI linker/loader client, the command register
is clear.
The "shpc" property of "pci-bridge", introduced in the previous patches,
allows us to disable the standard hotplug controller cleanly, eliminating
the SHPC bar and the conflict.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
In the PCI expander bridge, we will want to disable those features of
pci-bridge that relate to SHPC (standard hotplug controller):
- SHPC bar and underlying MemoryRegion
- interrupt (INTx or MSI)
- effective hotplug callbacks
- other SHPC hooks (initialization, cleanup, migration etc)
Introduce a new feature request bit in the PCIBridgeDev.flags field, and
turn off the above if the bit is explicitly cleared.
Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This should help catch property name typos at compile time.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This should help catch property name typos at compile time.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Change the signature of the function-like macro SHPC_VMSTATE(), so that we
can produce and expect this field conditionally in the migration stream,
starting with an upcoming patch.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When loading migration fails due to a disagreement about
PCI config data we don't currently get any errors explaining
that was the cause of the problem or which byte in the config
data was at fault.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This is done indirectly by adjusting two typedefs and helps emphasizing
that the respective tables aren't supposed to be modified at runtime
(as they may be shared between devices).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Functions setting errno commonly return just -1, which is of no
particular use in the log file.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Expecting the ROM BAR to be written with an all ones value when sizing
the region is wrong - the low bit has another meaning (enable/disable)
and bits 1..10 are reserved. The PCI spec also mandates writing all
ones to just the address portion of the register.
Use suitable constants also for initializing the ROM BAR register field
description.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
The code introduced to address XSA-126 allows simplification of other
code in xen_pt_initfn(): All we need to do is update "cmd" suitably,
as it'll be written back to the host register near the end of the
function anyway.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Simplifies multiseat configuration, see
docs/multiseat.txt update for details.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
remove some code duplication in acpi-build.c and drop 5
ASL and binary blobs files with TPM ACPI device description,
replacing them with 1 small hunk written in AML API.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
We override the error value r in fail_vq, this will cause the caller
can't detect the failure which may cause the caller may disable the
notifiers twice if vhost is failed to start. Fix this by using another
variable to keep track the return value of set_host_notifier().
Fixes b0b3db7955 ("vhost-net: cleanup
host notifiers at last step")
Cc: qemu-stable@nongnu.org
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Excessive virtio_balloon inflation can cause invocation of OOM-killer,
when Linux is under severe memory pressure. Various mechanisms are
responsible for correct virtio_balloon memory management. Nevertheless it
is often the case that these control tools does not have enough time to
react on fast changing memory load. As a result OS runs out of memory and
invokes OOM-killer. The balancing of memory by use of the virtio balloon
should not cause the termination of processes while there are pages in the
balloon. Now there is no way for virtio balloon driver to free memory at
the last moment before some process get killed by OOM-killer.
This does not provide a security breach as balloon itself is running
inside Guest OS and is working in the cooperation with the host. Thus
some improvements from Guest side should be considered as normal.
To solve the problem, introduce a virtio_balloon callback which is
expected to be called from the oom notifier call chain in out_of_memory()
function. If virtio balloon could release some memory, it will make the
system return and retry the allocation that forced the out of memory
killer to run.
This behavior should be enabled if and only if appropriate feature bit
is set on the device. It is off by default.
This functionality was recently merged into vanilla Linux.
commit 5a10b7dbf904bfe01bb9fcc6298f7df09eed77d5
Author: Raushaniya Maksudova <rmaksudova@parallels.com>
Date: Mon Nov 10 09:36:29 2014 +1030
This patch adds respective control bits into QEMU. It introduces
deflate-on-oom option for balloon device which does the trick.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Raushaniya Maksudova <rmaksudova@parallels.com>
CC: Anthony Liguori <aliguori@amazon.com>
CC: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: James Bottomley <JBottomley@Odin.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Each call of the virtio_blk_reset() function calls blk_drain_all(),
which works for all existing BlockDriverStates, while draining only
one is needed.
This patch replaces blk_drain_all() by blk_drain() in
virtio_blk_reset(). virtio_blk_data_plane_stop() should be called
after draining because it restores vblk->complete_request.
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Alexander Yarygin <yarygin@linux.vnet.ibm.com>
Message-id: 1434537440-28236-3-git-send-email-yarygin@linux.vnet.ibm.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJViExCAAoJEDhwtADrkYZTx5IP/1xjBC15T5SDUXEcuWIDg4VY
92Qipe5dcQfZo+EYbKUbQx3Pj+27KhKQjIXthmh+RGvI0fPi/Y2iikcHTzCWqrL8
SNxLLWQXGJSG8yur30OziR/6aRq65jnLCkCR5cNbtQt8Zvzm8jk67lNVL5212NGJ
3jhpoD8eXzrkeDOxlXP2zshOGyGr+05tKXfPYu6npKPiJ8HyUSUwA4CD46ZQLZz8
HtJOkSbhwi8GyWoACF3QEEnYVwYV2cFpGpAB4prWxba5EBihGruC3I7wrVOxs5H8
v2ZVjePdvxwQ/YHPmdpd8DhLpe2BCDgHjEbya9Qg8FStUKALE79AUfc+VkSUKf1/
pPyJmC30coM7yEFWMlJM+RqOel013/TOMuSqBdTnV8C0d8AaEx8Ako6NDiwRm7mt
NeNixsEITAhvi9qUUCywxNO6kVIfbKdqk/cTF3eWj2O3FsMeR2ICd2/ucux5X+Xu
axvrC1xt4s2j4IK7awSFz8kq2w0+eV9OR9+cV9Lpa5cVjHkes8M+b7zExs9+wjBZ
nZcvOBAJo5Xe9FIi4lj2TuEZvZQLgocUkVZIZQRfMTE1VXykcitqp5skLRms63e0
n+W4CSKD0scMxCpTVZfdnVjJpSIOm58R429aOLsDrz+Np8QieNzLsujCsP7V7A+1
EvCwddtvLsKjRvX9ZbE1
=v038
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2015-06-22' into staging
Monitor patches
# gpg: Signature made Mon Jun 22 18:56:18 2015 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/pull-monitor-2015-06-22: (24 commits)
Include monitor/monitor.h exactly where needed
Include qapi/qmp/qerror.h exactly where needed
qerror: Move #include out of qerror.h
qerror: Finally unused, clean up
qmp: Wean off qerror_report()
tpm: Avoid qerror_report() outside QMP command handlers
qerror: Clean up QERR_ macros to expand into a single string
qerror: Eliminate QERR_DEVICE_NOT_FOUND
vl: Use error_report() for --display errors
vl: Avoid qerror_report() outside QMP command handlers
QemuOpts: Wean off qerror_report_err()
qdev-monitor: Propagate errors through qdev_device_add()
qdev-monitor: Propagate errors through set_property()
qdev-monitor: Convert qbus_find() to Error
qdev-monitor: Fix check for full bus
qdev-monitor: Stop error avalanche in qbus_find_recursive()
disas: Remove uses of CPU env
monitor: Split mon_get_cpu fn to remove ENV_GET_CPU
monitor: Fix failure path for "S" argument
monitor: Point to "help" command on syntax error
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This allows to assign host input devices to the guest:
qemu -device virtio-input-host-pci,evdev=/dev/input/event<nr>
The guest gets exclusive access to the input device, so be careful
with assigning the keyboard if you have only one connected to your
machine.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Move properties from virtio-*-pci to virtio-*-device.
Also make better use of QOM and attach common properties
to the abstract parent classes (virtio-input-device and
virtio-input-pci-device).
Switch the hid device instance init functions over to use
virtio_instance_init_common, so we get the properties of the
virtio device aliased properly to the virtio pci proxy.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Potentially overflowing expression "1 << prop->bitnr" with
type "int" (32 bits, signed) is evaluated using 32-bit arithmetic,
and then used in a context that expects an expression of type
"uint64_t" (64 bits, unsigned).
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Overrunning array "proxy->guest_features" of 2 4-byte
elements at element index 2 (byte offset 8) using index
"proxy->gfselect" (which evaluates to 2). Normally, the
Linux kernel driver just read/write '0' or '1' as the
"proxy->gfselect" values, so using '<' instead of '=<' to
make coverity happy and avoid potential harm.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
In particular, don't include it into headers.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
In particular, don't include it into headers.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
These macros expand into error class enumeration constant, comma,
string. Unclean. Has been that way since commit 13f59ae.
The error class is always ERROR_CLASS_GENERIC_ERROR since the previous
commit.
Clean up as follows:
* Prepend every use of a QERR_ macro by ERROR_CLASS_GENERIC_ERROR, and
delete it from the QERR_ macro. No change after preprocessing.
* Rewrite error_set(ERROR_CLASS_GENERIC_ERROR, ...) into
error_setg(...). Again, no change after preprocessing.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP. It should not be used
elsewhere.
The only remaining user in qemu-option.c is qemu_opts_parse(). Is it
used in QMP context? If not, we can simply replace
qerror_report_err() by error_report_err().
The uses in qemu-img.c, qemu-io.c, qemu-nbd.c and under tests/ are
clearly not in QMP context.
The uses in vl.c aren't either, because the only QMP command handlers
there are qmp_query_status() and qmp_query_machines(), and they don't
call it.
Remaining uses:
* drive_def(): Command line -drive and such, HMP drive_add and pci_add
* hmp_chardev_add(): HMP chardev-add
* monitor_parse_command(): HMP core
* tmp_config_parse(): Command line -tpmdev
* net_host_device_add(): HMP host_net_add
* net_client_parse(): Command line -net and -netdev
* qemu_global_option(): Command line -global
* vnc_parse_func(): Command line -display, -vnc, default display, HMP
change, QMP change. Bummer.
* qemu_pci_hot_add_nic(): HMP pci_add
* usb_net_init(): Command line -usbdevice, HMP usb_add
Propagate errors through qemu_opts_parse(). Create a convenience
function qemu_opts_parse_noisily() that passes errors to
error_report_err(). Switch all non-QMP users outside tests to it.
That leaves vnc_parse_func(). Propagate errors through it. Since I'm
touching it anyway, rename it to vnc_parse().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Now that qbool is fixed, let's fix getting and setting a bool
value to a qdict member to also use C99 bool rather than int.
I audited all callers to ensure that the changed return type
will not cause any changed semantics.
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Implement the SIMR and CIMR registers of the 5208 interrupt controller.
These are used by modern versions of Linux running on ColdFire (not sure
of the exact version they were introduced, but they have been in for quite
a while now).
Without this change when attempting to run a linux-3.5 kernel you will
see:
qemu: hardware error: mcf_intc_write: Bad write offset 28
and execution will stop and dump out.
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Message-id: 1434721406-25288-2-git-send-email-gerg@uclinux.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Changes to name string ownership for alias properties
* Improvements around enum properties
* Cleanups around -object handling
* New helper functions
* Cleanups of qdev init helper functions
* Add path argument to qom-tree script
* QTest cleanup to use new qtest_add_data_func() consistently
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJVhE3+AAoJEPou0S0+fgE/PH4QALGwuecDUMBG+pe3uhrSsZSS
vWOwQfFk4rdc+Am/I/zTCujBNmYibKQqn1FbSMMAlrxeBkw8rpdCeyboKMzLP4Me
4DQHQohNMHqhHXnXVzdNKYUeXpVVb/3tB+4fSSEy6RcrbQ64Th2C42ecRd5U7TMN
vEcnkiwaTCR9/Ot4nQ54xnj4JxQo29Dj+Eszi86qpAmzODPvB9Ex5oZpgo8RLgKD
d5RYTUWc5953l3yx0A0rNzvq7eRF98iNYqVfamn/DpOsTxQ12LiaxCjIqwVf8hyj
sMMfdwCyoMpb4V276dRPmOgso+MrtJTo8h+L8eu6vtEOqMs1HE/31tyHa9blPJ5V
bRyUQoIHzMyYxCL9Qwx996N9zrRLed1uYU9gjZl0rdDK5+FmuTpwKeXVZD0vbhMp
Vf5mhbwE61eCB52AAVVy5JCTiM8k6//DlR4kWlt6CxWyM8U9op8egUdnbThj0pv3
8X2dmejBhrXE5cZz1XOH/BefumERJKIxuSmdfJFIH8v1VK4INmjNFLydO0o2b4IY
P036OTPz/dO43ja+qz87F2ukGyXPqIfWcfgngovNb5g67bS/SnqHuB2JjJqmDHpf
1TCgEPUA6s1ll06XKiB5xki2IzEinH3kThpenThnxMTp6NhwgIRCTwOGLW9M5TPH
QXq4Vwi3ShqSCMiUULzA
=bIg2
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
QOM infrastructure fixes and device conversions
* Changes to name string ownership for alias properties
* Improvements around enum properties
* Cleanups around -object handling
* New helper functions
* Cleanups of qdev init helper functions
* Add path argument to qom-tree script
* QTest cleanup to use new qtest_add_data_func() consistently
# gpg: Signature made Fri Jun 19 18:14:38 2015 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-devices-for-peter:
qdev: Un-deprecate qdev_init_nofail()
qdev: Deprecated qdev_init() is finally unused, drop
qom: Don't pass string table to object_get_enum() function
qom: Add an object_property_add_enum() helper function
qom: Make enum string tables const-correct
qom: Add object_new_with_props() / object_new_withpropv() helpers
qom: Add helper function for getting user objects root
vl: Create (most) objects before creating chardev backends
doc: Document user creatable object types in help text
backends: Fix typename of 'policy' enum property in hostmem obj
scripts: Add support for path as argument of qom-tree
tests: Use qtest_add_data_func() consistently
qdev: Free property names after registering gpio aliases
qom: strdup() target property name on object_property_add_alias()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Avoid long 100% CPU wait after restarting guests that use the periodic timer
* Fixes for access clamping (WinXP, MIPS)
* wixl/.msi support for qemu-ga on Windows
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJVg+9dAAoJEL/70l94x66Df/MH/jWRacMKQAGJwmlXS4NsTCdh
HF85290kWn+P9NH1e7TBnhPrgBdDTJmxK3fAMHKZwXs3vDs2lC1eBJyoGZw7lVxQ
uihlnQjSSaRd5R6IpXNgr0wFrS8T3pN+FzOkStYqEHYINa1uBa6CBXYzOzGTFgd+
OOrU0O15NAVsxU29jBW4HPqX4S0zT4KbpvIESGWPgGbLyBhgLAuMLlvbWwNkFZt0
3bDtel9QQnL0Sm4wl7IWCqePEIkCkbF4tRIwCn34Bq/SuE0RgESiHGKUJ638oSuj
/ga1StztyHZhnk+SSAcnma//Holauh+2nBm+8sGyyFFeUbEJsPG70ODCrfxbQf0=
=AXLV
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* i8254 security fix
* Avoid long 100% CPU wait after restarting guests that use the periodic timer
* Fixes for access clamping (WinXP, MIPS)
* wixl/.msi support for qemu-ga on Windows
# gpg: Signature made Fri Jun 19 11:30:53 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
exec: clamp accesses against the MemoryRegionSection
exec: do not clamp accesses to MMIO regions
mc146818rtc: Reset the periodic timer on load
qemu-timer: Call clock reset notifiers on forward jumps
tests: virtio-scsi: Add test for unaligned WRITE SAME
tests: virtio-scsi: Move start/stop to individual test functions
libqos: Complete virtio device ID definition list
libqos: Allow calling guest_free on NULL pointer
tests: Link libqos virtio object to virtio-scsi-test
i8254: fix out-of-bounds memory access in pit_ioport_read()
qemu-ga: Building Windows MSI installation with configure/Makefile
qemu-ga: Introduce Windows MSI script
qemu-ga: debug printouts to help troubleshoot installation
qemu-ga: adding vss-[un]install options
qemu-log: Open file for logging when specified
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Remove the hardcoded values from the machine specific reset
function, as the same values are already set in the standard
MicroBlaze reset.
This also allows the entire reset function to be deleted, as
PVR registers are now preserved on reset.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Move the hard coded register values to the init function.
This also allows the entire reset function to be deleted, as
PVR registers are now preserved on reset.
The hardcoded PVR0 values can be removed as they are setting
the endianness and stack protection, which is already done
or invalid.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Originally the version_mask PVR bits were manually set for each
machine. This is a hassle and difficult to read, instead set them
based on the CPU properties.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Originally the endi PVR bits were manually set for each machine. This
is a hassle and difficult to read, instead set them based on the CPU
properties.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Originally the dcache-writeback PVR bits were manually set for each machine.
This is a hassle and difficult to read, instead set them based on the CPU
properties.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Originally the use-fpu PVR bits were manually set for each machine. This
is a hassle and difficult to read, instead set them based on the CPU
properties.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Instantiate and realise the CPU directly, rather than using
cpu_mb_init. Microblazes cpu_model argument is a dummy so remove the
default cpu_model set logic.
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
qdev_init() is a wrapper around setting property "realized" to true,
plus error handling that passes errors to qerror_report_err().
qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP. It should not be used
elsewhere.
All code has been modernized to avoid qdev_init() and its
inappropriate error handling. We can finally drop it.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Add the 2xCortexR5 CPUs to zynqmp board. They are powered off on reset
(this is true of real hardware) by default or selectable as the boot
processor.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: da34128c73ca13fc4f8c3293e1a33d1e1e345655.1434501320.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add a string property that specifies the primary boot cpu. All CPUs
except the one selected will start-powered-off. This allows for elf
boots on any CPU, which prepares support for booting R5 elfs directly
on the R5 processors.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 53331c00d80c7ce9c6a83712348773f1b38fae2b.1434501320.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The CPUs currently supported by zynqmp are the APU (application
processing unit) CPUs. There are other CPUs in Zynqmp so unqualified
"cpus" in ambiguous. Preface the variables with "APU" accordingly, to
prepare support adding the RPU (realtime processing unit) processors.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: ce32287fc365aea898465e981da3546a227e0811.1434501320.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch allows the instantiation of the vfio-calxeda-xgmac device
from the QEMU command line (-device vfio-calxeda-xgmac,host="<device>").
A specialized device tree node is created for the guest, containing
compat, dma-coherent, reg and interrupts properties.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1434455898-17895-1-git-send-email-eric.auger@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Most notably this includes virtio cross-endian patches.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVg+xdAAoJECgfDbjSjVRp6AAH/3ILznMtvJZjQ/WOjLEsL13M
+0cYEM1LI6LbLhqeruQVVcY9/hx61yHxZMoLkVg/I2po7F4HDNI2vo5Y7eGx+xN0
5rlcAw9/ZQ6SkCVmjN/VZfISW5mSqCaKH8gNzu8AigjsryJSj5iDXv1YJimwsF+5
cgCerhLIVvEkXmNj1ChwR+fz1IgFzJ8TRaZ0N2glxLyVjgKS57diqZF3Rbg2DdQl
BPbekbbtxesPgmKRvtarbhjx26TlnP1YShjhWA5r72gBNlqblLDycpaIGXr34b3a
sLIZjxzQtTEGcaGtkifMgazyK3rY3JmzOshD0onFOWY1r6Abxuj7eTZOEE6JQXk=
=tju/
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, pci fixes, enhancements
Most notably this includes virtio cross-endian patches.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri Jun 19 11:18:05 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
vhost: enable vhost without without MSI-X
pci: Don't register a specialized 'config_write' if default behavior is intended
hw/core: rebase sysbus_get_fw_dev_path() to g_strdup_printf()
vhost_net: re-enable when cross endian
vhost-net: tell tap backend about the vnet endianness
tap: fix non-linux build
tap: add VNET_LE/VNET_BE operations
vhost: set vring endianness for legacy virtio
virtio: introduce virtio_legacy_is_cross_endian()
linux-headers: sync vhost.h
vhost-user: part of virtio
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When loading a VM from a snapshot or migration, clock changes can cause
the periodic timer to stall or loop rapidly.
qemu-timer has a reset notifier mechanism that is used to avoid timer
stalls or loops if the host clock changes while the VM is running when
using QEMU_CLOCK_HOST. However, when loading a snapshot or migration,
qemu-timer is initialized and fires the reset notifier before
mc146818rtc is initialized and has registered its reset handler. In
addition, this mechanism isn't used when using QEMU_CLOCK_REALTIME,
which might also change when loading a snapshot or migration.
To correct that problem, this commit resets the periodic timer after
loading from a snapshot or migration if the clock has either jumped
backward or has jumped forward by more than the clock jump limit that
is used by the reset notifier code in qemu-timer.
Signed-off-by: Paul Donohue <qemu-git@PaulSD.com>
Message-Id: <20150612141013.GE2749@TopQuark.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We use vhostforce to enable vhost even if Guests don't have MSI-X
support and we fall back to QEMU virtio-net.
This gives a very small performance gain, but the disadvantage
is that guest now controls which virtio code is running
(qemu or vhost) so our attack surface is doubled.
This patch will enable vhost unconditionally whenever it's requested.
For compatibility, enable vhost when vhostforce is set, as well.
Signed-off-by: Pankaj Gupta <pagupta@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Few devices have their specialized 'config_write' methods which simply
call 'pci_default_write_config' followed by a 'msix_write_config' or
'msi_write_config' calls, using exact same arguments.
This is unnecessary as 'pci_default_write_config' already invokes
'msi_write_config' and 'msix_write_config'.
Also, since 'pci_default_write_config' is the default 'config_write'
handler, we can simply avoid the registration of these specialized
versions.
Cc: Leonid Shatz <leonid.shatz@ravellosystems.com>
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This is done mainly for improving readability, and in preparation for the
next patch, but Markus pointed out another bonus for the string being
returned:
"No arbitrary length limit. Before the patch, it's 39 characters, and the
code breaks catastrophically when qdev_fw_name() is longer: the second
snprintf() is called with its first argument pointing beyond path[], and
its second argument underflowing to a huge size."
Cc: qemu-stable@nongnu.org
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Cross-endianness is now checked by the core vhost code.
revert 371df9f5e0 "vhost-net: disable when cross-endian"
Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
[ added commit message, Greg Kurz <gkurz@linux.vnet.ibm.com> ]
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The default behaviour for TAP/MACVTAP is to consider vnet as native endian.
This patch handles the cases when this is not true:
- virtio 1.0: always little-endian
- legacy cross-endian
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
commit ea96bc629c doesn't match the patch
submitted by Laszlo to qemu-devel. We reuse pc_q35_2_4_machine_options()
inside pc_q35_2_3_machine_options(), so we need to undo the no_floppy
change in pc_q35_2_3_machine_options().
(This discrepancy was due to a bad merge.)
This restores the previous behavior where all the 2.3 and older machines
had no_floppy=0.
Reported-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 1434646168-3100-1-git-send-email-ehabkost@redhat.com
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
[PMM: mention that this was a merge issue, not a review issue]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now that object_property_add_alias() strdup()s target_name, we can free
the property names in qdev_pass_gpios().
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Include linux/vfio.h after sys/ioctl.h, just like in hw/vfio/common.c.
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Message-id: 1434544500-22405-1-git-send-email-leon.alrae@imgtec.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Legacy virtio is native endian: if the guest and host endianness differ,
we have to tell vhost so it can swap bytes where appropriate. This is
done through a vhost ring ioctl.
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Due converting PIO to the new memory read/write api we no longer provide
separate I/O region lenghts for read and write operations. As a result,
reading from PIT Mode/Command register will end with accessing
pit->channels with invalid index.
Fix this by ignoring read from the Mode/Command register.
This is CVE-2015-3214.
Reported-by: Matt Tait <matttait@google.com>
Fixes: 0505bcdec8
Cc: qemu-stable@nongnu.org
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We now finally have TCG support for the basic set of instructions necessary
to run the s390-ccw machine. That means in any aspect possible that machine
type is now superior to the legacy s390-virtio machine.
Switch over to the ccw machine as default. That way people don't get a halfway
broken machine with the s390x target.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
This remove the corresponding error messages in TCG mode, and allow to
simplify the s390_assign_subch_ioeventfd() function.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andrew Jones <drjones@redhat.com>
Tested-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1433929959-29530-3-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
commit ac9d32e396 had the consequence to
register the do_cpu_reset after the rom_reset one. Hence they get
executed in the wrong order. This commit restores the registration of
do_cpu_reset in arm_load_kernel.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reported-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Tested-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1434111582-9325-1-git-send-email-eric.auger@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Update the pxa2xx_mmci device to stop using the old_mmio read
and write callbacks in its MemoryRegionOps. This actually
simplifies the code because the separate byte/halfword/word
access functions were all calling into a single function to
do the work anyway.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1434117989-7367-6-git-send-email-peter.maydell@linaro.org
The pxa2xx-ssp device is already a QOM device but is still
using the old-style register_savevm(); convert to VMState.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1434117989-7367-5-git-send-email-peter.maydell@linaro.org
The pxa2xx_ssp device was missing a reset method; add one.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter..crosthwaite@xilinx.com>
Message-id: 1434117989-7367-4-git-send-email-peter.maydell@linaro.org
Convert the pxa2xx-fir device to QOM, including using a
VMState for its migration info.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1434117989-7367-3-git-send-email-peter.maydell@linaro.org
The pxa2xx custom coprocessor registers in cp6 and cp14 do device
accesses, so mark the non-constant regs as ARM_CP_IO so that
icount works correctly and doesn't abort.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1434117989-7367-2-git-send-email-peter.maydell@linaro.org
When we're using KVM, the kernel's internal idea of the MPIDR
affinity fields must match the values we tell it for the guest
vcpu cluster configuration in the device tree. Since at the moment
the kernel doesn't support letting userspace tell it the correct
affinity fields to use, we must read the kernel's view and
reflect that back in the device tree.
Signed-off-by: Shlomo Pongratz <shlomo.pongratz@huawei.com>
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Message-id: 02f601d0a1e6$90c7d630$b2578290$@samsung.com
[PMM: Use a local #define rather than a global variable for
the TCG ARM_CPUS_PER_CLUSTER setting. Tweak a comment. Update the
commit message.]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add cortex-a53 cpu support in machine virt, so it can be used for TCG
and KVM.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1433207452-4512-3-git-send-email-shannon.zhao@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
fimd_swap_data() includes code to reverse the bits in a
64-bit integer, but an off-by-one error meant that it would
try to shift off the top of the integer. Correct the bug
(spotted by Coverity).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1432912615-23107-1-git-send-email-peter.maydell@linaro.org
This patch fixes so that gic_update always updates all the cores with
new pending irq states. If the function returns early it is possible
to get interrupts that has already been acknowledged.
Signed-off-by: Johan Karlsson <johan.karlsson@enea.com>
[PMM: rebased to apply to current master]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Version: GnuPG v1
iQEcBAABAgAGBQJVetcwAAoJEJykq7OBq3PI+84IAMfkE0uCXdUbp3jZP9iVx68y
ZtHbhpnZle3bmVFBkgsF8vHWsMlxMZzr2PpAl02VXrrE6z0ScTz+GmVU2V89Y5nv
kn9DhAR4gcyKbKKgRtwjCLMoCfxsdaHTOJXfcHhsiqQP4PwdFkV6bQAymwcJegY/
ze5wKX8XqIML6yUCnhrN41pjt6NkIQoyRneLwX5ymeRLfWg23i9YOVU4Njmm9X52
kH7Xg0UuT6HTyyNER7iqwh61gQ33ETkfWd9UrHFGi7q70UJAr+cVXtzJjqnh08OU
BExph/lQfxXuivpiThvjZkPvMVqISyCrsIAXrwjhXnjqwz/3nt3i6zrfvPNNPG0=
=VdKf
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
# gpg: Signature made Fri Jun 12 13:57:20 2015 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/net-pull-request:
qmp/hmp: add rocker device support
rocker: bring link up/down on PHY enable/disable
rocker: update tests using hw-derived interface names
rocker: Add support for phys name
iohandler: Change return type of qemu_set_fd_handler to "void"
event-notifier: Always return 0 for posix implementation
xen_backend: Remove unused error handling of qemu_set_fd_handler
oss: Remove unused error handling of qemu_set_fd_handler
alsaaudio: Remove unused error handling of qemu_set_fd_handler
main-loop: Drop qemu_set_fd_handler2
Change qemu_set_fd_handler2(..., NULL, ...) to qemu_set_fd_handler
tap: Drop tap_can_send
net/socket: Drop net_socket_can_send
netmap: Drop netmap_can_send
l2tpv3: Drop l2tpv3_can_send
stubs: Add qemu_set_fd_handler
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
misc optimizations and cleanup
convert r2d to new MMIO accessor style
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVerRbAAoJELqceAYd3YybJlkP/0BUh7cCMDZkVTRMOYVLVW+D
a+3Ll86BGt5vavUNmnt2Y3I+VRYVWKObhDU0xo2qBg4WHHX7M62l6Bj6AAF4Lhc0
gu6LPXbf9LyD6300DasV1zwoEyhCS81KFm88SIoe1qGF5ZX3b6MI8/X566YN3ghN
65a1fONz+Bzt2GzKP4i6ABahc3u6GnfuPLa+QWdcsC2cTpUwmAEiU1NSKxjGsTj+
nAzK7AHUsgJodVz+I/KacpD6fAsKi73caPmqdbKH4BTOcQltM806CU5FCcZ7HNVd
RH+RnYIT3Uo/RfMkVHkRtZ5NNRg3DP8jb7QEtxY92EseKMPKTO4t/beh9/1ojWrb
nWJldPk+a62JBEUMSBIiH5AIyByapo6+H/Vu9tC6hksSpniNXgm3IOZ/dWeQvB3b
tU0IuMot9akArngVwHUPWujEREYKGQj+AQlWMzFXNjwDbw7wHIe6xhL4IC5vS9bg
4jlAqeS3Lgkn/YWBH76hYnmeGm0PmylQshNtAZ7dCoYRicdph/pn2vKrWmcDKuHh
7Zw9p5AvK1mCII6/SifbyJ3s/b9cZY5nwmzXWLo2bEUDVqGof6hI7z7AYX8IGNVe
NLts5QrFqTChheAmSRRXjUMCoK0AERJOL8B7KIpnJbrCjx2wH+Z1CnXXhB9Xv6Nz
061IiEppJemmMFC0Re3s
=t78H
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/aurel/tags/pull-sh4-next-20150612' into staging
sh4 linux-user cpu and hwcap
misc optimizations and cleanup
convert r2d to new MMIO accessor style
# gpg: Signature made Fri Jun 12 11:28:43 2015 BST using RSA key ID 1DDD8C9B
# gpg: Good signature from "Aurelien Jarno <aurelien@aurel32.net>"
# gpg: aka "Aurelien Jarno <aurelien@jarno.fr>"
# gpg: aka "Aurelien Jarno <aurel32@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7746 2642 A9EF 94FD 0F77 196D BA9C 7806 1DDD 8C9B
* remotes/aurel/tags/pull-sh4-next-20150612:
target-sh4: remove dead code
target-sh4: factorize fmov implementation
target-sh4: split out Q and M from of SR and optimize div1
target-sh4: optimize negc using add2 and sub2
target-sh4: optimize subc using sub2
target-sh4: optimize addc using add2
target-sh4: Split out T from SR
target-sh4: use bit number for SR constants
sh4/r2d: convert to new MMIO accessor style
linux-user: Add HWCAP for SH4
linux-user: Default sh4 to sh7785
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When the OS driver enables/disables the port, go ahead and set the port's
link status to up/down in response to the change. This more closely
emulates real hardware when the PHY for the port is brought up/down
and the PHY negotiates carrier (link status) with link partner. In
the case of qemu, the virtual rocker device can't really do link
negotiation with the link partner as that requires signally over a
physical medium (the wire), so just pretend the negotiation was
successful and bring the link up when the port is enabled.
Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1433985681-56138-4-git-send-email-sfeldma@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add ROCKER_TLV_CMD_PORT_SETTINGS_PHYS_NAME to port settings. This attribute
exports the port name to the guest OS allowing it to name interfaces with
sensible defaults.
Mostly done by Scott for phys_id support; adapted to phys_name by David.
Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Message-id: 1433985681-56138-2-git-send-email-sfeldma@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The function cannot fail, so the check is superfluous.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1433400324-7358-12-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Changes:
* improve dp8393x network card and rc4030 chipset emulation
* support misaligned R6 and MSA memory accesses
* support MIPS eXtended and Large Physical Addressing
* add Config5.FRE bit and ERETNC instruction (Config5.LLB)
* support ememsize on MALTA
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJVeppzAAoJEFIRjjwLKdprnk8H/1owSOreh0sMFbosvqlEhjXl
lvjjuprWMdX+8M1JlaDvTbw6+LDB3Rihp3A6/I9A0GFiZaORmPzg7efULAI1H6ST
0HfxMAO17eW+PJ3lvk0HidNDr01+RzTvwpizrHgQ9WJubJv0xREU+YG5yn1gPS4N
aMMTKCAQFDba7iQQLKXUYvLz76+xyzW4VIvHVLx/SU86yPg9T7CwLpppipR8+zY5
3BC4NUw/xLlS0LCYQGM8XmYgBiQ6lEAz/Y29bGlUg+LeYysjSgNSeoNbOs1M3kQp
X0Hn7b28I1CjM2wZQ9GkT/ig+jhMvw27motnAe8vKood4ytfcor+dCCS13sE8fg=
=F564
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150612' into staging
MIPS patches 2015-06-12
Changes:
* improve dp8393x network card and rc4030 chipset emulation
* support misaligned R6 and MSA memory accesses
* support MIPS eXtended and Large Physical Addressing
* add Config5.FRE bit and ERETNC instruction (Config5.LLB)
* support ememsize on MALTA
# gpg: Signature made Fri Jun 12 09:38:11 2015 BST using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8DD3 2F98 5495 9D66 35D4 4FC0 5211 8E3C 0B29 DA6B
* remotes/lalrae/tags/mips-20150612: (29 commits)
target-mips: enable XPA and LPA features
target-mips: remove misleading comments in translate_init.c
target-mips: add MTHC0 and MFHC0 instructions
target-mips: add CP0.PageGrain.ELPA support
target-mips: support Page Frame Number Extension field
target-mips: extend selected CP0 registers to 64-bits in MIPS32
target-mips: correct MFC0 for CP0.EntryLo in MIPS64
net/dp8393x: fix hardware reset
net/dp8393x: correctly reset in_use field
net/dp8393x: add load/save support
net/dp8393x: add PROM to store MAC address
net/dp8393x: QOM'ify
net/dp8393x: use dp8393x_ prefix for all functions
net/dp8393x: do not use old_mmio accesses
net/dp8393x: always calculate proper checksums
dma/rc4030: convert to QOM
dma/rc4030: use trace events instead of custom logging
dma/rc4030: document register at offset 0x210
dma/rc4030: do not use old_mmio accesses
dma/rc4030: use AddressSpace and address_space_rw in users
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Some convinience fluff: Add support for '-vga virtio', also add
virtio-vga to the list of vga cards so '-device virtio-vga' will
turn off the default vga.
Written by Dave Airlie and Gerd Hoffmann.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds a virtio-vga device. It is simliar to virtio-gpu-pci,
but it also adds in vga compatibility, so guests without native
virtio-gpu support can drive the device in vga mode. It is compatible
with stdvga.
Written by Dave Airlie and Gerd Hoffmann.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds virtio-gpu-pci, which is the pci proxy for the virtio
gpu device. With this patch in place virtio-gpu is functional. You
need a linux guest with a virtio-gpu driver though, and output will
appear pretty late in boot, once the kernel initialized drm and fbcon.
Written by Dave Airlie and Gerd Hoffmann.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The next patch adds section footers; but we don't want to
break migration compatibility so disable them on older
machine types
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
We create optional sections with this patch. But we already have
optional subsections. Instead of having two mechanism that do the
same, we can just generalize it.
For subsections we just change:
- Add a needed function to VMStateDescription
- Remove VMStateSubsection (after removal of the needed function
it is just a VMStateDescription)
- Adjust the whole tree, moving the needed function to the corresponding
VMStateDescription
Signed-off-by: Juan Quintela <quintela@redhat.com>
This patch allows QEMU to inject a NMI into a guest when the
watchdog expires.
Signed-off-by: Mao Chuan Li <maochuan@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
CC: Eric Blake <eblake@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Let's introduce a general "inject_nmi()" function that doesn't rely on the cpu
index of the monitor, but uses cpu index 0 as default (except for x86).
This function can then later be used from a non-monitor context.
Signed-off-by: Xu Wang <gesaint@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
CC: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Add vmstate structure to keep state and data during migration.
Signed-off-by: Xu Wang <gesaint@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
This patch introduces a new diag288 watchdog device that will, just like
other watchdogs, monitor a guest and take corresponding actions when it
detects that the guest is not responding.
diag288 is s390x specific. The wiring to s390x KVM will be done in
separate patches.
Signed-off-by: Xu Wang <gesaint@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
[split out qemu-option.hx base changes]
Most notably this includes virtio 1 patches
Still not all devices converted, and not fully spec compliant,
so disabled by default.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVeXakAAoJECgfDbjSjVRpyFAH/AwSJhBbQOxtqS66INnzoLRJ
MWD3cP8tj0PzXsLx0cuPxdTboHH60alhSp+iLGv4NgNw15okY71bY2eLhewxS66W
a0wzVCaqeeD5GAoQaSOlqNLrhBodsKS62BWD9y0kK9rtMJfCW2C1JP8Mpue1XMuE
UC72tF4Q6wVdBD/kTD9DZW/23roFu0SuieFSjbQNNi1lInXtDv79UGX0xUHaXlal
+qCtRIy/wNZF0z5arNV/Skq7LKqYl7KZtTapZByy+q6vu0L8mOeXgJ9DLh666htB
NQJJ+VhsgBKPHmZqf8h4mPlvyp03rkr5dIGk7iB2o44GPaEJ/RjZ4wULjxWD12s=
=UY/0
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc, acpi, virtio
Most notably this includes virtio 1 patches
Still not all devices converted, and not fully spec compliant,
so disabled by default.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu Jun 11 12:53:08 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream: (42 commits)
i386/acpi-build: fix PXB workarounds for unsupported BIOSes
i386/acpi-build: more traditional _UID and _HID for PXB root buses
vhost-scsi: move qdev properties into vhost-scsi.c
virtio-9p-device: move qdev properties into virtio-9p-device.c
virtio-serial-bus: move qdev properties into virtio-serial-bus.c
virtio-rng: move qdev properties into virtio-rng.c
virtio-scsi: move qdev properties into virtio-scsi.c
virtio-net.h: Remove unsed DEFINE_VIRTIO_NET_PROPERTIES
virtio-net: move qdev properties into virtio-net.c
virtio-input: emulated devices [pci]
virtio-input: core code & base class [pci]
pci: add PCI_CLASS_INPUT_*
virtio-pci: fill VirtIOPCIRegions early.
virtio-pci: drop identical virtio_pci_cap
virtio-pci: move cap type to VirtIOPCIRegion
virtio-pci: move virtio_pci_add_mem_cap call to virtio_pci_modern_region_map
virtio-pci: add virtio_pci_modern_region_map()
virtio-pci: add virtio_pci_modern_regions_init()
virtio-pci: add struct VirtIOPCIRegion for virtio-1 regions
virtio-balloon: switch to virtio_add_feature
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
g_malloc0_n() is introduced since glib-2.24 while QEMU currently
requires glib-2.22. This may cause a link error on some distributions.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The patch
apci: fix PXB behaviour if used with unsupported BIOS
uses the following condition to see if a "PXB mem/IO chunk" has *not* been
configured by the BIOS:
(!range_base || range_base > range_limit)
When this condition evaluates to true, said patch *omits* the
corresponding entry from the _CRS.
Later on the patch checks for the opposite condition (with the intent of
*adding* entries to the _CRS if the "PXB mem/IO chunks" *have* been
configured). Unfortunately, the condition was negated incorrectly: only
the first ! operator was removed, which led to the nonsensical expression
(range_base || range_base > range_limit)
leading to bogus entries in the _CRS, and causing BSOD in Windows Server
2012 R2 when it runs on OVMF.
The correct negative of the condition seen at the top is
(range_base && range_base <= range_limit)
Fix the expressions.
Cc: Marcel Apfelbaum <marcel@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The ACPI specification permits the _HID and _UID objects to evaluate to
strings. (See "6.1.5 _HID (Hardware ID)" and "6.1.12 _UID (Unique ID)" in
the ACPI v6.0 spec.)
With regard to related standards, the UEFI specification can also express
a device address composed from string _HID and _UID identifiers, inside
the Expanded ACPI Device Path Node. (See "9.3.3 ACPI Device Path", Table
49, in the UEFI v2.5 spec.)
However, numeric (integer) contents for both _HID and _UID are more
traditional. They are recommended by the UEFI spec for size reasons:
[...] the ACPI Device Path node is smaller and should be used if
possible to reduce the size of device paths that may potentially be
stored in nonvolatile storage [...]
External tools support them better (for example the --acpi_hid and
--acpi_uid options of "efibootmgr" only take numeric identifiers).
Finally, numeric _HID and _UID contents are existing practice in the QEMU
source.
This patch was tested with a Fedora 20 LiveCD and a preexistent Windows
Server 2012 R2 guest. Using "acpidump" and "iasl" in the Fedora guest, we
get, in the SSDT:
> Scope (\_SB)
> {
> Device (PC04)
> {
> Name (_UID, 0x04) // _UID: Unique ID
> Name (_HID, EisaId ("PNP0A03") /* PCI Bus */) // _HID: Hardware ID
Cc: Marcel Apfelbaum <marcel@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Documentation is not clear of what happens when doing a hardware reset,
but firmware expect all registers to be zero unless specified otherwise.
This fixes reboot on MIPS Magnum.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Don't write more than the field width, which is always 16 bit.
Fixes network in NetBSD 5.1/arc
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Now that rc4030 internally uses an AddressSpace for DMA handling, make its root
memory region public. This is especially usefull for dp8393x netcard, which now
uses well known QEMU types and methods.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Add a new memory region in system address space where DMA address space
definition (the 'translation table') belongs, so we can update on the fly
the DMA address space.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Remove now useless device models from other MIPS configurations
We're now compiling 12 files less than before.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Commit 94c2b6aff4 (mips_malta: support up to 2GiB RAM) provided
support for using over 256MB of RAM with the MIPS Malta board, including
capping the memsize variable that QEMUs pseudo-bootloader provides to
the kernel at 256MB in order to match YAMON. It didn't however provide
the ememsize variable which kernels supporting memory outside of the
unmapped address spaces (ie. EVA or highmem) may use to determine the
true size of the RAM present in the system.
Set ememsize to the size of RAM so that such kernels may use all
available memory without the user having to manually specifying its size
& location.
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
As only one place in vhost-scsi.c uses DEFINE_VHOST_SCSI_PROPERTIES,
there is no need to expose it. Inline it into vhost-scsi.c to avoid
wrongly use.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
As only one place in virtio-9p-device.c uses
DEFINE_VIRTIO_9P_PROPERTIES, there is no need to expose it. Inline it
into virtio-9p-device.c to avoid wrongly use.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
As only one place in virtio-serial-bus.c uses
DEFINE_VIRTIO_SERIAL_PROPERTIES, there is no need to expose it. Inline
it into virtio-serial-bus.c to avoid wrongly use.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
As only one place in virtio-rng.c uses DEFINE_VIRTIO_RNG_PROPERTIES,
there is no need to expose it. Inline it into virtio-rng.c to avoid
wrongly use.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
As only one place in virtio-scsi.c uses DEFINE_VIRTIO_SCSI_PROPERTIES
and DEFINE_VIRTIO_SCSI_FEATURES, there is no need to expose them. Inline
them into virtio-scsi.c to avoid wrongly use.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
As only one place in virtio-net.c uses DEFINE_VIRTIO_NET_FEATURES,
there is no need to expose it. Inline it into virtio-net.c to avoid
wrongly use.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch adds virtio-pci support for the emulated virtio-input
devices. Using them is as simple as adding "-device virtio-tablet-pci"
to your command line. If you want add multiple devices but don't want
waste a pci slot for each you can compose a multifunction device this way:
qemu -device virtio-keyboard-pci,addr=0d.0,multifunction=on \
-device virtio-tablet-pci,addr=0d.1,multifunction=on
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch adds the virtio-pci support bits for virtio-input-device.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Initialize the modern bar and the VirtIOPCIRegion fields early, in
realize. Also add a size field to VirtIOPCIRegion and variables for
pci bars to VirtIOPCIProxy.
This allows virtio-pci subclasses to change things before the
device_plugged callback applies them. virtio-vga will use that to
arrange regions in a way that virtio-vga is compatible to both stdvga
(in vga mode) and virtio-gpu-pci (in pci mode).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Now the three struct virtio_pci_caps are identical,
lets drop two of them ;)
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Also fill offset and length automatically,
from VirtIOPCIRegion->offset and region size.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add function to map modern virtio regions.
Add offset to VirtIOPCIRegion.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add init function for the modern pci regions,
move over the init code.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
For now just place the MemoryRegion there,
following patches will add more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This was missed during the conversion of feature bit manipulation.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Currently, during host notifier set. We only add eventfd for legacy
bar, this is not correct since:
- Non-transitional device does not have legacy bar, so qemu will crash
since proxy->bar was not initialized.
- Modern device uses modern bar and notify cap to notify the device,
we should add eventfd for proxy->notify.
So this patch fixes the above two issues by adding eventfd based on
whether legacy or modern device were supported.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
This patch adds variables for the pci bars (to get rid of the magic
numbers in the code) and moves the modern virtio bar to region 4 so
regions 2+3 are kept free. virtio-vga wants use them.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Add VIRTIO_PCI_FLAG_DISABLE_LEGACY and VIRTIO_PCI_FLAG_DISABLE_MODERN
for VirtIOPCIProxy->flags. Also add properties for them. They can be
used to disable modern (virtio 1.0) or legacy (virtio 0.9) modes.
By default only legacy is advertized, modern will be turned on by
default once all remaining spec compilance issues are addressed.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
virtio 1.0 config space is in LE format for all
devices, use modern wrappers when accessed through
the 1.0 BAR.
Reported-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
virtio 1.0 defines config space as LE,
as opposed to pre-1.0 which was native endian.
Add API for transports to execute word/dword accesses in
little endian format - will be useful for mmio
and pci (byte access is also wrapped, for completeness).
For simplicity, we still keep config in host native
endian format, byteswap to LE on guest access.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
This is somewhat functional. With this, and linux driver from my tree,
I was able to use virtio net as virtio 1.0 device for light browsing.
At the moment, dataplane and vhost code is
still missing.
Based on Cornelia's virtio 1.0 patchset:
Date: Thu, 11 Dec 2014 14:25:02 +0100
From: Cornelia Huck <cornelia.huck@de.ibm.com>
To: virtualization@lists.linux-foundation.org, qemu-devel@nongnu.org
Cc: rusty@rustcorp.com.au, thuth@linux.vnet.ibm.com, mst@redhat.com,
Cornelia Huck <cornelia.huck@de.ibm.com>
Subject: [PATCH RFC v6 00/20] qemu: towards virtio-1 host support
Message-Id: <1418304322-7546-1-git-send-email-cornelia.huck@de.ibm.com>
which is itself still missing some core bits.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Make sure that all vhost interfaces use 64 bit features, as the virtio
core does, and make sure to use ULL everywhere possible to be on the
safe side.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Add VERSION_1 to list of features that we should
test at the backend.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
virtio-net (non-vhost) now should have everything in place to support
virtio 1.0: let's enable the feature bit for it.
Note that VIRTIO_F_VERSION_1 is technically a transport feature; once
every device is ready for virtio 1.0, we can move setting this
feature bit out of the individual devices.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
virtio-1 devices always use num_buffers in the header, even if
mergeable rx buffers have not been negotiated.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Devices operating as virtio 1.0 may not allow writes to the mac
address in config space.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
virtio-1 allow setting of the FEATURES_OK status bit to fail if
the negotiated feature bits are inconsistent: let's fail
virtio_set_status() in that case and update virtio-ccw to post an
error to the guest.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
For virtio-1 devices, the driver must not attempt to set feature bits
after it set FEATURES_OK in the device status. Simply reject it in
that case.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Handle endianness conversion for virtio-1 virtqueues correctly.
Note that dataplane now needs to be built per-target.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
For virtio-1 devices, we allow a more complex queue layout that doesn't
require descriptor table and rings on a physically-contigous memory area:
add virtio_queue_set_rings() to allow transports to set this up.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Add code that checks for the VERSION_1 feature bit in order to make
decisions about the device's endianness. This allows us to support
transitional devices.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
4096 is the maximum length per TMD and it is also currently the size of
the relay buffer pcnet driver uses for sending the packet data to QEMU
for further processing. With packet spanning multiple TMDs it can
happen that the overall packet size will be bigger than sizeof(buffer),
which results in memory corruption.
Fix this by only allowing to queue maximum sizeof(buffer) bytes.
This is CVE-2015-3209.
[Fixed 3-space indentation to QEMU's 4-space coding standard.
--Stefan]
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reported-by: Matt Tait <matttait@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We allocate an dummy log even if the size is zero. So we should put it
unconditionally too.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Marc-André Lureau