sdk/emulator/qemu.git
8 years agoxen-usb: Fix 32bit build
Anthony PERARD [Thu, 23 Jun 2016 11:08:29 +0000 (12:08 +0100)]
xen-usb: Fix 32bit build

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Message-id: 20160623110829.22671-1-anthony.perard@citrix.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agousb: add storage hotplug documentation
Gerd Hoffmann [Thu, 23 Jun 2016 07:45:01 +0000 (09:45 +0200)]
usb: add storage hotplug documentation

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1466667901-1341-1-git-send-email-kraxel@redhat.com

8 years agonec-usb-xhci: set the device state to USB_STATE_DEFAULT
Zhang Shuaiyi [Thu, 30 Jun 2016 03:50:40 +0000 (23:50 -0400)]
nec-usb-xhci: set the device state to USB_STATE_DEFAULT

This patch is a rough fix to "hw/usb/core.c:401: usb_handle_packet:
 Assertion `dev->state == 3' failed.". Qemu will crash when a usb3
device redirect to Windows7 VM via nec-usb-xhci.

In extensible-host-controler-interface-usb-xhci.pdf P94(4.6.5
Address Device):
    • If the Block Set Address Request (BSR) flag = ‘1’
        • If the slot is in the Enabled state:
            ...
            • Set the Slot State in the Output Slot Context to Default.

BSR = ‘1’: Enabled state to Default state; BSR = ‘0’: Default state
to Addressed state. Try to call usb_device_reset to set device state
to USB_STATE_DEFAULT in xhci_address_slot wether bsr is zero.

Signed-off-by: Zhang Shuaiyi <zhang_syi@massclouds.com>
Message-id: 1467258640-11921-1-git-send-email-zhang_syi@massclouds.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/cohuck/tags/s390x-20160711' into staging
Peter Maydell [Mon, 11 Jul 2016 17:46:38 +0000 (18:46 +0100)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20160711' into staging

Last round of s390x patches for 2.7:
- A large update of the s390x PCI code, bringing it in line with
  the architecture
- Fixes and improvements in the ipl (boot) code
- Refactoring in the css code

# gpg: Signature made Mon 11 Jul 2016 09:04:51 BST
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20160711: (25 commits)
  s390x/pci: make hot-unplug handler smoother
  s390x/pci: replace fid with idx in msg data of msix
  s390x/pci: fix stpcifc_service_call
  s390x/pci: refactor list_pci
  s390x/pci: refactor s390_pci_find_dev_by_idx
  s390x/pci: add checkings in CLP_SET_PCI_FN
  s390x/pci: enable zpci hot-plug/hot-unplug
  s390x/pci: enable uid-checking
  s390x/pci: introduce S390PCIBusDevice qdev
  s390x/pci: introduce S390PCIIOMMU
  s390x/pci: introduce S390PCIBus
  s390x/pci: enforce zPCI state checking
  s390x/pci: refactor s390_pci_find_dev_by_fh
  s390x/pci: unify FH_ macros
  s390x/pci: write fid in CLP_QUERY_PCI_FN
  s390x/pci: acceleration for getting S390pciState
  s390x/pci: fix failures of dma map/unmap
  s390x/css: Unplug handler of virtual css bridge
  s390x/css: Factor out virtual css bridge and bus
  s390x/css: use define for "virtual-css-bridge" literal
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/rth/tags/pull-tcg-20160708' into staging
Peter Maydell [Mon, 11 Jul 2016 16:17:02 +0000 (17:17 +0100)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20160708' into staging

two self-modifying code fixes

# gpg: Signature made Fri 08 Jul 2016 21:28:50 BST
# gpg:                using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC  16A4 AD12 70CC 4DD0 279B

* remotes/rth/tags/pull-tcg-20160708:
  translate-all: Fix user-mode self-modifying code in 2 page long TB
  cputlb: Fix for self-modifying writes across page boundaries
  cputlb: Add address parameter to VICTIM_TLB_HIT
  cputlb: Move VICTIM_TLB_HIT out of line

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
Peter Maydell [Mon, 11 Jul 2016 14:08:47 +0000 (15:08 +0100)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging

x86 and machine queue, 2016-07-07

Highlights:
* Improvements on global property error handling
* Translate -cpu options to global properties
* LMCE support

# gpg: Signature made Thu 07 Jul 2016 20:59:01 BST
# gpg:                using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-pull-request:
  target-i386: Enable LMCE for '-cpu host' if supported by host
  target-i386: Publish advised value of MSR_IA32_FEATURE_CONTROL via fw_cfg
  target-i386: kvm: Add basic Intel LMCE support
  target-i386: Report hyperv feature words through qom
  target-i386: Show host and VM TSC frequencies on mismatch
  pc: Parse CPU features only once
  arm: virt: Parse cpu_model only once
  cpu: Use CPUClass->parse_features() as convertor to global properties
  target-i386: Avoid using locals outside their scope
  target-i386: TCG can support CPUID.07H:EBX.erms
  target-sparc: Use sparc_cpu_parse_features() directly
  vl: Set errp to &error_abort on machine compat_props
  machine: Add machine_register_compat_props() function
  qdev: GlobalProperty.errp field
  qdev: Eliminate qemu_add_globals() function
  qdev: Don't stop applying globals on first error

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/rth/tags/pull-rth-20160710' into staging
Peter Maydell [Mon, 11 Jul 2016 13:10:09 +0000 (14:10 +0100)]
Merge remote-tracking branch 'remotes/rth/tags/pull-rth-20160710' into staging

build fix for travis

# gpg: Signature made Sun 10 Jul 2016 18:07:02 BST
# gpg:                using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC  16A4 AD12 70CC 4DD0 279B

* remotes/rth/tags/pull-rth-20160710:
  build: Use $(AS) for optionrom explicitly
  linux-user: Fix i386 safe-syscall.S

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agogtk: fix build
Gerd Hoffmann [Thu, 7 Jul 2016 07:29:23 +0000 (09:29 +0200)]
gtk: fix build

Commit "9d8256e virgl: pass whole GL scanout dimensions" missed the
opengl code path for gtk versions >= 3.16.  Update that one too and
fix the build with recent gtk versions.

Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1467876563-1351-1-git-send-email-kraxel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agos390x/pci: make hot-unplug handler smoother
Yi Min Zhao [Wed, 27 Apr 2016 09:44:17 +0000 (17:44 +0800)]
s390x/pci: make hot-unplug handler smoother

The current implementation of hot-unplug handler is abrupt. Any pci
operation will be just rejected if pci device is unconfigured. Thus a
pci device can not be reset or destroyed in a right, smooth and safe
way.

Improve this as follows:
- Notify the guest via a HP_EVENT_DECONFIGURE_REQUEST(0x303) event in
  the unplug handler, giving it a chance to deconfigure the device via
  sclp and allowing us to continue hot-unplug afterwards.
- Set up a timer that will generate the HP_EVENT_CONFIGURE_TO_STBRES
  (0x304) event as before if the guest did not react after an adequate
  time.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: replace fid with idx in msg data of msix
Yi Min Zhao [Fri, 6 May 2016 10:44:40 +0000 (18:44 +0800)]
s390x/pci: replace fid with idx in msg data of msix

Present code uses fid as the part of message data of msix for looking
up the specific zpci device. However it limits the usable range of fid,
and the code looking up the zpci device may fail due to truncation of
the fid.

In addition, fh is composed of enabled bit, FH_VIRT and the array index.
So we can use the array index as the identifier to store in msg data.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: fix stpcifc_service_call
Yi Min Zhao [Wed, 15 Jun 2016 09:09:10 +0000 (17:09 +0800)]
s390x/pci: fix stpcifc_service_call

Firstly the function misses dmaas checking. This patch adds it.

Secondly the function uses s390_pci_find_dev_by_fh() to look up the
zpci device. This may fail if the guest provides a valid and disabled
fh but fh of the associated zpci device is enabled. Thus we use
s390_pci_find_dev_by_idx() instead.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: refactor list_pci
Yi Min Zhao [Fri, 3 Jun 2016 07:16:01 +0000 (15:16 +0800)]
s390x/pci: refactor list_pci

Because of the refactor of s390_pci_find_dev_by_idx(), list_pci()
should be updated. We introduce a new function to get the next
available zpci device. It simplifies the code of looking up zpci
devices.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Acked-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: refactor s390_pci_find_dev_by_idx
Yi Min Zhao [Fri, 3 Jun 2016 06:17:59 +0000 (14:17 +0800)]
s390x/pci: refactor s390_pci_find_dev_by_idx

s390_find_dev_by_idx() only indexes usable zpci devices. It implies
that the index value of each zpci device is dynamic and may change if
a new zpci device is plugged. So we have to use a constant index to
look up the device.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: add checkings in CLP_SET_PCI_FN
Yi Min Zhao [Wed, 15 Jun 2016 09:02:36 +0000 (17:02 +0800)]
s390x/pci: add checkings in CLP_SET_PCI_FN

The code in CLP_SET_PCI_FN case misses some checkings. Let's add
them.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: enable zpci hot-plug/hot-unplug
Yi Min Zhao [Fri, 13 May 2016 04:50:09 +0000 (12:50 +0800)]
s390x/pci: enable zpci hot-plug/hot-unplug

We need to support hot-plug/hot-unplug for the new zpci devices as
well. This patch enables the present hot-plug/hot-unplug handlers
to support not only generic pci devices but also zpci devices.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: enable uid-checking
Yi Min Zhao [Wed, 11 May 2016 07:22:42 +0000 (15:22 +0800)]
s390x/pci: enable uid-checking

The uid-checking facility guarantees uniqueness of the uid within the
vm and exposes the real uid to the guest when listing pci devices.
Let's always enable it and present it to the guest in the response to
the list pci clp command.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: introduce S390PCIBusDevice qdev
Yi Min Zhao [Wed, 11 May 2016 07:10:06 +0000 (15:10 +0800)]
s390x/pci: introduce S390PCIBusDevice qdev

To support definitions of s390 pci attributes in Qemu cmdline, we have
to make current S390PCIBusDevice struct inherit DeviceState and add
three properties for it. Currently we only support definitions of uid
and fid.

'uid' is optionally defined by users, identifies a zpci device and
must be defined with a 16-bit and non-zero unique value.

'fid' ranges from 0x0 to 0xFFFFFFFF. For fid property, we introduce a
new PropertyInfo by the name of s390_pci_fid_propinfo with our special
setter and getter. As 'fid' is optional, introduce 'fid_defined' to
track whether the user specified a fid.

'target' field is to direct qemu to find the corresponding generic PCI
device. It is equal to the 'id' value of one of generic pci devices.
If the user doesn't specify 'id' parameter for a generic pci device,
its 'id' value will be generated automatically and use this value as
'target' to create an associated zpci device.

If the user did not specify 'uid' or 'fid', values are generated
automatically. 'target' is required.

In addition, if a pci device has no associated zpci device, the code
will generate a zpci device automatically for it.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: introduce S390PCIIOMMU
Yi Min Zhao [Wed, 11 May 2016 07:10:36 +0000 (15:10 +0800)]
s390x/pci: introduce S390PCIIOMMU

Currently each zpci device holds its own DMA address space and memory
region. At the same time, all instances of zpci device are stored in
S390pciState. So duirng the initialization of S390pciState, all zpci
devices are created and then all DMA address spaces are created. Thus,
when initializing pci devices, their corresponding DMA address spaces
could be found.

But zpci qdev will be introduced later. Zpci device may be initialized
and plugged afterwards generic pci device. So we should initialize all
DMA address spaces and memory regions before initializing zpci devices.

We introduce a new struct named S390PCIIOMMU. And a new field of
S390pciState, which is an array to store all instances of S390PCIIOMMU,
is added so that qemu pci code could find the corresponding DMA
address space when initializing a generic pci device. And this should
be done before the connection of a zpci device and a generic pci
device is built.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Acked-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: introduce S390PCIBus
Yi Min Zhao [Thu, 14 Apr 2016 11:02:39 +0000 (19:02 +0800)]
s390x/pci: introduce S390PCIBus

To enable S390PCIBusDevice as qdev, there should be a new bus to
plug and manage all instances of S390PCIBusDevice. Due to this,
S390PCIBus is introduced.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: enforce zPCI state checking
Yi Min Zhao [Tue, 19 Apr 2016 07:03:13 +0000 (15:03 +0800)]
s390x/pci: enforce zPCI state checking

Current code uses some fields combinatorially to indicate the state of
a s390 pci device. This patch introduces device states in order to make
the code more readable and more logical.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: refactor s390_pci_find_dev_by_fh
Yi Min Zhao [Thu, 12 May 2016 06:27:25 +0000 (14:27 +0800)]
s390x/pci: refactor s390_pci_find_dev_by_fh

Because this function is called very frequently, we should use a more
effective way to find the zpci device. So we use the FH's index to get
the device directly.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: unify FH_ macros
Yi Min Zhao [Fri, 13 May 2016 08:16:30 +0000 (16:16 +0800)]
s390x/pci: unify FH_ macros

Present code uses some macros to structure PCI Function Handle. But
their names don't have a uniform format. Let's use FH_MASK_ as the
unified prefix.

While we're at it, differentiate the SHM bits: use different bits for
vfio and emulated devices.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: write fid in CLP_QUERY_PCI_FN
Yi Min Zhao [Mon, 13 Jun 2016 11:28:38 +0000 (19:28 +0800)]
s390x/pci: write fid in CLP_QUERY_PCI_FN

We forgot to write the fid; fix that.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Acked-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: acceleration for getting S390pciState
Yi Min Zhao [Fri, 13 May 2016 06:58:14 +0000 (14:58 +0800)]
s390x/pci: acceleration for getting S390pciState

There are a number of places where the code needs to get the instance
of S390pciState. It calls object_resolve_path() every time. This
wastes a lot of time and leads to low performance. Thus we add
s390_get_phb() to improve it.

Because we always have a phb, we remove all return checkings in the
callers and add an assert in s390_get_phb() to make sure that phb is
getted successfully.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/pci: fix failures of dma map/unmap
Yi Min Zhao [Sun, 19 Jun 2016 11:20:46 +0000 (19:20 +0800)]
s390x/pci: fix failures of dma map/unmap

In commit d78c19b5cf4821d0c198f4132a085bdbf19dda4c, vfio code stores
the IOMMU's offset_within_address_space and adjusts the IOVA before
calling vfio_dma_map/vfio_dma_unmap. But s390_translate_iommu already
considers the base address of an IOMMU memory region.

Thus we use pal as the size and 0x0 as the base address to initialize
IOMMU memory subregion.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/css: Unplug handler of virtual css bridge
Jing Liu [Fri, 26 Feb 2016 05:46:12 +0000 (06:46 +0100)]
s390x/css: Unplug handler of virtual css bridge

The previous patch moved virtual css bridge and bus out from
virtio-ccw, but kept the direct reference of virtio-ccw specific
unplug function inside css-bridge.c.

To make the virtual css bus and bridge useful for non-virtio devices,
this introduces a common unplug function pointer "unplug" to call
specific virtio-ccw unplug parts. Thus, the tight coupling to
virtio-ccw can be removed.

This unplug pointer is a member of CCWDeviceClass, which is introduced
as an abstract device layer called "ccw-device". This layer is between
DeviceState and specific devices which are plugged in virtual css bus,
like virtio-ccw device. The specific unplug handlers should be assigned
to "unplug" during initialization.

Signed-off-by: Jing Liu <liujbjl@linux.vnet.ibm.com>
Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Reviewed-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/css: Factor out virtual css bridge and bus
Jing Liu [Fri, 6 Nov 2015 11:32:40 +0000 (12:32 +0100)]
s390x/css: Factor out virtual css bridge and bus

Currently, common base layers virtual css bridge and bus are
defined in hw/s390x/virtio-ccw.c(h). In order to support
multiple types of devices in the virtual channel subsystem,
especially non virtio-ccw, refactoring work needs to be done.

This work is just a pure code move without any functional change
except dropping an empty function virtual_css_bridge_init() and
virtio_ccw_busdev_unplug() changing. virtio_ccw_busdev_unplug()
is specific to virtio-ccw but gets referenced from the common
virtual css bridge code. To keep the functional changes to a
minimum we export this function from virtio-ccw.c and continue
to reference it inside virtual_css_bridge_class_init()
(now living in hw/s390x/css-bridge.c). A follow-up patch will
clean this up.

Signed-off-by: Jing Liu <liujbjl@linux.vnet.ibm.com>
Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/css: use define for "virtual-css-bridge" literal
Sascha Silbe [Mon, 4 Jul 2016 13:46:20 +0000 (15:46 +0200)]
s390x/css: use define for "virtual-css-bridge" literal

Introduce a TYPE_* define (like we already use for a couple of other
QOM types) for the name of the virtual CSS bridge QOM type instead of
sprinkling the same string literal over several source files.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/css: factor out some generic code from virtio_ccw_device_realize()
Sascha Silbe [Wed, 15 Jun 2016 15:16:05 +0000 (17:16 +0200)]
s390x/css: factor out some generic code from virtio_ccw_device_realize()

A lot of what virtio_ccw_device_realize() does isn't specific to
virtio; it would apply to emulated CCW as well. Factor it out to make
it easier to implement emulated CCW devices later on.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/ipl: fix reboots for migration from different bios
David Hildenbrand [Thu, 9 Jun 2016 13:36:41 +0000 (15:36 +0200)]
s390x/ipl: fix reboots for migration from different bios

When migrating from a different QEMU version, the start_address and
bios_start_address may differ. During migration these values are migrated
and overwrite the values that were detected by QEMU itself.

On a reboot, QEMU will reload its own BIOS, but use the migrated start
addresses, which does not work if the values differ.

Fix this by not relying on the migrated values anymore, but still
provide them during migration, so existing QEMUs continue to work.

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agos390x/ipl: Support IPL from selected SCSI device
Alexander Yarygin [Thu, 9 Jun 2016 12:54:10 +0000 (15:54 +0300)]
s390x/ipl: Support IPL from selected SCSI device

If bootindex is specified for a device, we need to IPL from
it. Currently it works for ccw devices, but not for SCSI. To be able to
IPL from the specific device, pc-bios needs to know its address.
For this reason we add special QEMU_SCSI IPL type into the IPLB
structure, that contains the scsi device address.

We enhance the ipl block with a currently qemu-only parameter block
that allows us to specify a concrete scsi device.

Signed-off-by: Alexander Yarygin <yarygin@linux.vnet.ibm.com>
Reviewed-by: Eric Farman <farman@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agopc-bios/s390-ccw.img: rebuild image
Cornelia Huck [Mon, 4 Jul 2016 07:59:15 +0000 (09:59 +0200)]
pc-bios/s390-ccw.img: rebuild image

Contains:
- pc-bios/s390-ccw: Pass selected SCSI device to IPL

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agopc-bios/s390-ccw: Pass selected SCSI device to IPL
Eugene (jno) Dvurechenski [Wed, 1 Jun 2016 13:25:51 +0000 (15:25 +0200)]
pc-bios/s390-ccw: Pass selected SCSI device to IPL

There is ,bootindex=%d argument to specify the lookup order of
boot devices.

If a bootindex assigned to the device, then IPL Parameter Info Block
is created for that device when it is IPLed from.

If it is a mere SCSI device (not FCP), then IPIB is created with a
special SCSI type and its fields are used to store SCSI address of the
device. This new ipl block is private to qemu for now.

If the device to IPL from is specified this way, then SCSI bus lookup
is bypassed and prescribed devices uses the address specified.

Signed-off-by: Eugene (jno) Dvurechenski <jno@linux.vnet.ibm.com>
Signed-off-by: Alexander Yarygin <yarygin@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agobuild: Use $(AS) for optionrom explicitly
Richard Henderson [Fri, 8 Jul 2016 04:49:36 +0000 (21:49 -0700)]
build: Use $(AS) for optionrom explicitly

For clang before 3.5, -fno-integrated-as does not exist,
so the workaround in 5f6f0e27fb24 fails to build.

Use clang's default assembler for linux-user/safe-syscall.S,
and explicitly change to use the system assembler for the
option roms.

Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotranslate-all: Fix user-mode self-modifying code in 2 page long TB
Stanislav Shmarov [Thu, 7 Jul 2016 08:33:12 +0000 (11:33 +0300)]
translate-all: Fix user-mode self-modifying code in 2 page long TB

In user-mode emulation Translation Block can consist of 2 guest pages.
In that case QEMU also mprotects 2 host pages that are dedicated for
guest memory, containing instructions. QEMU detects self-modifying code
with SEGFAULT signal processing.

In case if instruction in 1st page is modifying memory of 2nd
page (or vice versa) QEMU will mark 2nd page with PAGE_WRITE,
invalidate TB, generate new TB contatining 1 guest instruction and
exit to CPU loop. QEMU won't call mprotect, and new TB will cause
same SEGFAULT. Page will have both PAGE_WRITE_ORG and PAGE_WRITE
flags, so QEMU will handle the signal as guest binary problem,
and exit with guest SEGFAULT.

Solution is to do following: In case if current TB was invalidated
continue to invalidate TBs from remaining guest pages and mark pages
as PAGE_WRITE. After that disable host page protection with mprotect.
If current tb was invalidated longjmp to main loop. That is more
efficient, since we won't get SEGFAULT when executing new TB.

Reviewed-by: Sergey Fedorov <sergey.fedorov@linaro.org>
Signed-off-by: Stanislav Shmarov <snarpix@gmail.com>
Message-Id: <1467880392-1043630-1-git-send-email-snarpix@gmail.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agocputlb: Fix for self-modifying writes across page boundaries
Samuel Damashek [Fri, 8 Jul 2016 19:54:34 +0000 (12:54 -0700)]
cputlb: Fix for self-modifying writes across page boundaries

As it currently stands, QEMU does not properly handle self-modifying code
when the write is unaligned and crosses a page boundary. The procedure
for handling a write to the current translation block is to write-protect
the current translation block, catch the write, split up the translation
block into the current instruction (which remains write-protected so that
the current instruction is not modified) and the remaining instructions
in the translation block, and then restore the CPU state to before the
write occurred so the write will be retried and successfully executed.
However, since unaligned writes across pages are split into one-byte
writes for simplicity, writes to the second page (which is not the
current TB) may succeed before a write to the current TB is attempted,
and since these writes are not invalidated before resuming state after
splitting the TB, these writes will be performed a second time, thus
corrupting the second page. Credit goes to Patrick Hulin for
discovering this.

In recent 64-bit versions of Windows running in emulated mode, this
results in either being very unstable (a BSOD after a couple minutes of
uptime), or being entirely unable to boot. Windows performs one or more
8-byte unaligned self-modifying writes (xors) which intersect the end
of the current TB and the beginning of the next TB, which runs into the
aforementioned issue. This commit fixes that issue by making the
unaligned write loop perform the writes in forwards order, instead of
reverse order. This way, QEMU immediately tries to write to the current
TB, and splits the TB before any write to the second page is executed.
The write then proceeds as intended. With this patch applied, I am able
to boot and use Windows 7 64-bit and Windows 10 64-bit in QEMU without
KVM.

Per Richard Henderson's input, this patch also ensures the second page
is in the TLB before executing the write loop, to ensure the second
page is mapped.

The original discussion of the issue is located at
http://lists.nongnu.org/archive/html/qemu-devel/2014-08/msg02161.html.

Signed-off-by: Samuel Damashek <samuel.damashek@invincea.com>
Message-Id: <20160706182652.16190-1-samuel.damashek@invincea.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agocputlb: Add address parameter to VICTIM_TLB_HIT
Samuel Damashek [Wed, 6 Jul 2016 18:26:52 +0000 (14:26 -0400)]
cputlb: Add address parameter to VICTIM_TLB_HIT

[rth: Split out from the original patch.]

Signed-off-by: Samuel Damashek <samuel.damashek@invincea.com>
Message-Id: <20160706182652.16190-1-samuel.damashek@invincea.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agocputlb: Move VICTIM_TLB_HIT out of line
Richard Henderson [Fri, 8 Jul 2016 19:19:32 +0000 (12:19 -0700)]
cputlb: Move VICTIM_TLB_HIT out of line

There are currently 22 invocations of this function,
and we're about to increase that number.

Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agolinux-user: Fix i386 safe-syscall.S
Richard Henderson [Fri, 8 Jul 2016 04:39:22 +0000 (21:39 -0700)]
linux-user: Fix i386 safe-syscall.S

Clang insists that "cmp" is ambiguous with a memory destination,
requiring an explicit size suffix.

There was a true error in the use of .cfi_def_cfa_offset in the
epilogue, but changing to use the proper .cfi_adjust_cfa_offset
runs afoul of a clang bug wrt .cfi_restore_state.  Better to
fold the two epilogues so that we don't trigger the bug.

Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-i386: Enable LMCE for '-cpu host' if supported by host
Haozhong Zhang [Wed, 22 Jun 2016 06:56:23 +0000 (14:56 +0800)]
target-i386: Enable LMCE for '-cpu host' if supported by host

If -cpu host is used, LMCE will be automatically enabled when it's
supported by host.

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agotarget-i386: Publish advised value of MSR_IA32_FEATURE_CONTROL via fw_cfg
Haozhong Zhang [Thu, 23 Jun 2016 06:15:43 +0000 (14:15 +0800)]
target-i386: Publish advised value of MSR_IA32_FEATURE_CONTROL via fw_cfg

It's a prerequisite that certain bits of MSR_IA32_FEATURE_CONTROL should
be set before some features (e.g. VMX and LMCE) can be used, which is
usually done by the firmware. This patch adds a fw_cfg file
"etc/msr_feature_control" which contains the advised value of
MSR_IA32_FEATURE_CONTROL and can be used by guest firmware (e.g. SeaBIOS).

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agotarget-i386: kvm: Add basic Intel LMCE support
Ashok Raj [Wed, 22 Jun 2016 06:56:21 +0000 (14:56 +0800)]
target-i386: kvm: Add basic Intel LMCE support

This patch adds the support to inject SRAR and SRAO as LMCE, i.e. they
are injected to only one VCPU rather than broadcast to all VCPUs. As KVM
reports LMCE support on Intel platforms, this features is only available
on Intel platforms.

LMCE is disabled by default and can be enabled/disabled by cpu option
'lmce=on/off'.

Signed-off-by: Ashok Raj <ashok.raj@intel.com>
[Haozhong: Enable LMCE only on Intel platforms
           Disable LMCE by default and add a cpu option 'lmce'
           Handle the error if LMCE is enabled w/o host support
           Remove MCG_LMCE_P from MCE_CAP_DEF
           Add migration support for LMCE
           Minor code style changes]
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agotarget-i386: Report hyperv feature words through qom
Evgeny Yakovlev [Fri, 24 Jun 2016 10:49:36 +0000 (13:49 +0300)]
target-i386: Report hyperv feature words through qom

This change adds hyperv feature words report through qom rpc.

When VM is configured with hyperv features enabled
libvirt will check that required feature words are set
in cpuid leaf 40000003 through qom request.

Currently qemu does not report hyperv feature words
which prevents windows guests from starting with libvirt.

To avoid conflicting with current hyperv properties all added feature
words cannot be set directly with -cpu +feature yet.

Signed-off-by: Evgeny Yakovlev <eyakovlev@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Richard Henderson <rth@twiddle.net>
CC: Eduardo Habkost <ehabkost@redhat.com>
CC: Marcelo Tosatti <mtosatti@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agotarget-i386: Show host and VM TSC frequencies on mismatch
Eduardo Habkost [Thu, 30 Jun 2016 18:12:17 +0000 (15:12 -0300)]
target-i386: Show host and VM TSC frequencies on mismatch

Improve the TSC frequency mismatch warning to show the host and
VM TSC frequencies.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agopc: Parse CPU features only once
Igor Mammedov [Thu, 9 Jun 2016 17:11:03 +0000 (19:11 +0200)]
pc: Parse CPU features only once

Considering that features are converted to global properties and
global properties are automatically applied to every new instance
of created CPU (at object_new() time), there is no point in
parsing cpu_model string every time a CPU created. So move
parsing outside CPU creation loop and do it only once.

Parsing also should be done before any CPU is created so that
features would affect the first CPU a well.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agoarm: virt: Parse cpu_model only once
Igor Mammedov [Thu, 9 Jun 2016 17:11:02 +0000 (19:11 +0200)]
arm: virt: Parse cpu_model only once

Considering that features are converted to global properties and
global properties are automatically applied to every new instance
of created CPU (at object_new() time), there is no point in
parsing cpu_model string every time a CPU created. So move
parsing outside CPU creation loop and do it only once.

Parsing also should be done before any CPU is created so that
features would affect the first CPU a well.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agocpu: Use CPUClass->parse_features() as convertor to global properties
Igor Mammedov [Thu, 9 Jun 2016 17:11:01 +0000 (19:11 +0200)]
cpu: Use CPUClass->parse_features() as convertor to global properties

Currently CPUClass->parse_features() is used to parse -cpu
features string and set properties on created CPU instances.

But considering that features specified by -cpu apply to every
created CPU instance, it doesn't make sense to parse the same
features string for every CPU created. It also makes every target
that cares about parsing features string explicitly call
CPUClass->parse_features() parser, which gets in a way if we
consider using generic device_add for CPU hotplug as device_add
has not a clue about CPU specific hooks.

Turns out we can use global properties mechanism to set
properties on every created CPU instance for a given type. That
way it's possible to convert CPU features into a set of global
properties for CPU type specified by -cpu cpu_model and common
Device.device_post_init() will apply them to CPU of given type
automatically regardless whether it's manually created CPU or CPU
created with help of device_add.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agotarget-i386: Avoid using locals outside their scope
Paolo Bonzini [Tue, 21 Jun 2016 12:04:40 +0000 (14:04 +0200)]
target-i386: Avoid using locals outside their scope

x86_cpu_parse_featurestr has a "val = num;" assignment just before num
goes out of scope.  Push num up to fix the issue.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agotarget-i386: TCG can support CPUID.07H:EBX.erms
Paolo Bonzini [Fri, 17 Jun 2016 15:47:13 +0000 (17:47 +0200)]
target-i386: TCG can support CPUID.07H:EBX.erms

ERMS just says "rep movsb" and "rep stosb" are fast.  It does not
imply any new instruction, so we can support it easily.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agotarget-sparc: Use sparc_cpu_parse_features() directly
Igor Mammedov [Thu, 9 Jun 2016 17:11:00 +0000 (19:11 +0200)]
target-sparc: Use sparc_cpu_parse_features() directly

Make SPARC target use sparc_cpu_parse_features() directly
so it won't get in the way of switching other propertified
targets to handling features as global properties.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agovl: Set errp to &error_abort on machine compat_props
Eduardo Habkost [Wed, 15 Jun 2016 19:00:01 +0000 (16:00 -0300)]
vl: Set errp to &error_abort on machine compat_props

Use the new GlobalProperty.errp field to handle compat_props
errors.

Example output before this change:
(with an intentionally broken entry added to PC_COMPAT_1_3 just
for testing)

  $ qemu-system-x86_64 -machine pc-1.3
  qemu-system-x86_64: hw/core/qdev-properties.c:1091: qdev_prop_set_globals_for_type: Assertion `prop->user_provided' failed.
  Aborted (core dumped)

After:

  $ qemu-system-x86_64 -machine pc-1.3
  Unexpected error in x86_cpuid_set_vendor() at /home/ehabkost/rh/proj/virt/qemu/target-i386/cpu.c:1688:
  qemu-system-x86_64: can't apply global cpu.vendor=x: Property '.vendor' doesn't take value 'x'
  Aborted (core dumped)

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agomachine: Add machine_register_compat_props() function
Eduardo Habkost [Wed, 15 Jun 2016 19:41:19 +0000 (16:41 -0300)]
machine: Add machine_register_compat_props() function

Move the compat_props handling to core machine code.

Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agoqdev: GlobalProperty.errp field
Eduardo Habkost [Wed, 15 Jun 2016 19:08:06 +0000 (16:08 -0300)]
qdev: GlobalProperty.errp field

The new field will allow error handling to be configured by
qdev_prop_register_global() callers: &error_fatal and
&error_abort can be used to make QEMU exit or abort if any errors
are reported when applying the properties.

While doing it, change the error message from "global %s.%s=%s
ignored" to "can't apply global %s.%s=%s".

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agoqdev: Eliminate qemu_add_globals() function
Eduardo Habkost [Wed, 15 Jun 2016 18:54:52 +0000 (15:54 -0300)]
qdev: Eliminate qemu_add_globals() function

The function is just a helper to handle the -global options, it
can stay in vl.c like most qemu_opts_foreach() calls.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agoqdev: Don't stop applying globals on first error
Eduardo Habkost [Wed, 15 Jun 2016 17:59:46 +0000 (14:59 -0300)]
qdev: Don't stop applying globals on first error

qdev_prop_set_globals_for_type() stops applying global properties
on the first error. It is a leftover from when QEMU exited on any
error when applying global property. Commit 25f8dd9 changed the
fatal error to a warning, but neglected to drop the stopping.
Fix that.

For example, the following command-line will not set CPUID level
to 3, but will warn only about "x86_64-cpu.vendor" being ignored.

  $ ./x86_64-softmmu/qemu-system-x86_64 \
      -global x86_64-cpu.vendor=x \
      -global x86_64-cpu.level=3
  qemu-system-x86_64: Warning: global x86_64-cpu.vendor=x ignored: Property '.vendor' doesn't take value 'x'

Fix this by not returning from qdev_prop_set_globals_for_type()
on the first error.

Cc: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160707' into...
Peter Maydell [Thu, 7 Jul 2016 13:49:38 +0000 (14:49 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160707' into staging

target-arm queue:
 * fix a wrong variable type for A64 SYS_HEAPINFO semihosting call
 * xlnx_dp: fix iffy xlnx_dp_aux_push_tx_fifo
 * aux: fix break that wanted to break two levels out
 * aux: Rename aux.[ch] to auxbus.[ch] for the benefit of Windows
 * hw/block/m25p80: fix resource leak
 * i.MX: split the GPT timer implementation into per SOC definitions

# gpg: Signature made Thu 07 Jul 2016 14:48:09 BST
# gpg:                using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20160707:
  i.MX: split the GPT timer implementation into per SOC definitions
  hw/block/m25p80: fix resource leak
  aux: Rename aux.[ch] to auxbus.[ch] for the benefit of Windows
  aux: fix break that wanted to break two levels out
  xlnx_dp: fix iffy xlnx_dp_aux_push_tx_fifo
  target-arm/arm-semi.c: In SYS_HEAPINFO use correct type for 'limit'

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoi.MX: split the GPT timer implementation into per SOC definitions
Jean-Christophe Dubois [Thu, 7 Jul 2016 12:47:01 +0000 (13:47 +0100)]
i.MX: split the GPT timer implementation into per SOC definitions

In various Freescale SOCs, the GPT timers can be configured to select
its input clock.

Depending on the SOC the set of available input clocks may vary.

The actual single GPT definition was no good enough and because of it
booting the sabrelite board with a i.MX6DL device tree would fail
because of an incorrect input clock definition for the i.MX6DL SOC.

This patch fixes the i.MX6DL boot failure by adding the ability to
define a different set of input clocks depending on the considered SOC.

A different class has been defined for i.MX25, i.MX31 and i.MX6 each with
its specific set of input clocks.

The patch has been tested by booting KZM, i.MX25 PDK, i.MX6Q sabrelite
and i.MX6DL sabrelite.

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 1467325619-8374-1-git-send-email-jcd@tribudubois.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: fixed spacing round '/' operator]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agohw/block/m25p80: fix resource leak
Shannon Zhao [Thu, 7 Jul 2016 12:47:01 +0000 (13:47 +0100)]
hw/block/m25p80: fix resource leak

These two are spot by Coverity 1357232 and 1357233.

Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Message-id: 1467684998-12076-1-git-send-email-zhaoshenglong@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoaux: Rename aux.[ch] to auxbus.[ch] for the benefit of Windows
Peter Maydell [Thu, 7 Jul 2016 12:47:01 +0000 (13:47 +0100)]
aux: Rename aux.[ch] to auxbus.[ch] for the benefit of Windows

On Windows 'aux.*' is a reserved name and cannot be used for
filenames; see
  https://msdn.microsoft.com/en-gb/library/windows/desktop/aa365247(v=vs.85).aspx

This prevents cloning the QEMU git repo on Windows:

C:\Java\sources\kvm> git clone https://github.com/qemu/qemu.git
Cloning into 'qemu'...
remote: Counting objects: 279563, done.
remote: Total 279563 (delta 0), reused 0 (delta 0), pack-reused 279563R
Receiving objects: 100% (279563/279563), 122.45 MiB | 3.52 MiB/s, done.
Resolving deltas: 100% (221942/221942), done.
Checking connectivity... done.
error: unable to create file hw/misc/aux.c (No such file or directory)
error: unable to create file include/hw/misc/aux.h (No such file or directory)
Checking out files: 100% (4795/4795), done.
fatal: unable to checkout working tree
warning: Clone succeeded, but checkout failed.
You can inspect what was checked out with 'git status'
and retry the checkout with 'git checkout -f HEAD'

(bug https://bugs.launchpad.net/bugs/1595240)

Rename the offending files for the benefit of Windows.

Reported-by: Алексей Курган <akurgan@yandex.ru>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Wei Huang <wei@redhat.com>
Tested-by: KONRAD Frederic <fred.konrad@greensocs.com>
Message-id: 1467377145-32385-1-git-send-email-peter.maydell@linaro.org

8 years agoaux: fix break that wanted to break two levels out
Paolo Bonzini [Thu, 7 Jul 2016 12:47:00 +0000 (13:47 +0100)]
aux: fix break that wanted to break two levels out

The last "ret = AUX_I2C_NACK;" is dead, because it is always overridden
by AUX_I2C_ACK.  What really the code wants is to jump out of the switch
statement, and a "return" will not cut it because it would omit a debug
printf.

Change the logic so that we can break out of the while loop.  For clarity,
hoist the bus->last_* assignments up, right after i2c_start_transfer.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoxlnx_dp: fix iffy xlnx_dp_aux_push_tx_fifo
Paolo Bonzini [Thu, 7 Jul 2016 12:47:00 +0000 (13:47 +0100)]
xlnx_dp: fix iffy xlnx_dp_aux_push_tx_fifo

xlnx_dp_aux_push_tx_fifo takes an immediate uint8_t and a buffer length,
which must be 1 because that is how many uint8_t's fit in a uint8_t.
Sure enough, that is what xlnx_dp_write passes to it, but the function
is just weird.  Therefore, make xlnx_dp_aux_push_tx_fifo look like
xlnx_dp_aux_push_rx_fifo, taking a pointer to the buffer.

Reported by Coverity.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agotarget-arm/arm-semi.c: In SYS_HEAPINFO use correct type for 'limit'
Peter Maydell [Thu, 7 Jul 2016 12:47:00 +0000 (13:47 +0100)]
target-arm/arm-semi.c: In SYS_HEAPINFO use correct type for 'limit'

In commit f5666418c4 most of the SYS_HEAPINFO implementation was
fixed to use target_ulong rather than uint32_t, but the 'limit'
variable was not changed.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1467650942-28706-1-git-send-email-peter.maydell@linaro.org

8 years agoMerge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
Peter Maydell [Thu, 7 Jul 2016 09:29:05 +0000 (10:29 +0100)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Thu 07 Jul 2016 07:29:44 BST
# gpg:                using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  tap: vhost busy polling support

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agotap: vhost busy polling support
Jason Wang [Wed, 6 Jul 2016 01:57:55 +0000 (09:57 +0800)]
tap: vhost busy polling support

This patch add the capability of basic vhost net busy polling which is
supported by recent kernel. User could configure the maximum number of
us that could be spent on busy polling through a new property of tap
"poll-us".

Cc: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/rth/tags/pull-tcg-20160706' into staging
Peter Maydell [Wed, 6 Jul 2016 16:32:09 +0000 (17:32 +0100)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20160706' into staging

misc updates

# gpg: Signature made Wed 06 Jul 2016 17:17:02 BST
# gpg:                using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC  16A4 AD12 70CC 4DD0 279B

* remotes/rth/tags/pull-tcg-20160706:
  tcg: Improve the alignment check infrastructure
  tcg: Optimize spills of constants
  tcg: Fix name for high-half register
  build: Use $(CCAS) for compiling .S files

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/spice/tags/pull-spice-20160706-1' into staging
Peter Maydell [Wed, 6 Jul 2016 11:49:51 +0000 (12:49 +0100)]
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20160706-1' into staging

spice and qxl bugfixes.

# gpg: Signature made Wed 06 Jul 2016 10:44:10 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/spice/tags/pull-spice-20160706-1:
  virgl: pass whole GL scanout dimensions
  spice: use the right head for multi-monitor
  virgl: count the calls to gl_block
  spice: avoid .set_mm_time on >= 0.12.6
  qxl: fix surface migration
  qxl: store memory region and offset instead of pointer for guest slots
  qxl: factor out qxl_get_check_slot_offset
  qxl: handle no updates in interface_update_area_complete
  qxl: use uint64_t for vram size

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-07-06' into staging
Peter Maydell [Wed, 6 Jul 2016 10:38:09 +0000 (11:38 +0100)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-07-06' into staging

QAPI patches for 2016-07-06

# gpg: Signature made Wed 06 Jul 2016 10:00:51 BST
# gpg:                using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2016-07-06:
  replay: Use new QAPI cloning
  sockets: Use new QAPI cloning
  qapi: Add new clone visitor
  qapi: Add new visit_complete() function
  tests: Factor out common code in qapi output tests
  tests: Clean up test-string-output-visitor
  qmp-output-visitor: Favor new visit_free() function
  string-output-visitor: Favor new visit_free() function
  qmp-input-visitor: Favor new visit_free() function
  string-input-visitor: Favor new visit_free() function
  opts-visitor: Favor new visit_free() function
  qapi: Add new visit_free() function
  qapi: Add parameter to visit_end_*
  qemu-img: Don't leak errors when outputting JSON
  qapi: Improve use of qmp/types.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
Peter Maydell [Wed, 6 Jul 2016 09:23:25 +0000 (10:23 +0100)]
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging

QOM infrastructure fixes and device conversions

* Documentation fix

# gpg: Signature made Wed 06 Jul 2016 08:26:49 BST
# gpg:                using RSA key 0xFA2ED12D3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"
# Primary key fingerprint: 174F 0347 1BCC 221A 6175  6F96 FA2E D12D 3E7E 013F

* remotes/afaerber/tags/qom-devices-for-peter:
  qom: Fix comment typo

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoreplay: Use new QAPI cloning
Eric Blake [Thu, 9 Jun 2016 16:48:46 +0000 (10:48 -0600)]
replay: Use new QAPI cloning

Rather than rolling our own clone via an expensive conversion
in and back out of QObject, use the new clone visitor.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-16-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agosockets: Use new QAPI cloning
Eric Blake [Thu, 9 Jun 2016 16:48:45 +0000 (10:48 -0600)]
sockets: Use new QAPI cloning

Rather than rolling our own clone via an expensive conversion
in and back out of QObject, use the new clone visitor.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-15-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agoqapi: Add new clone visitor
Eric Blake [Thu, 9 Jun 2016 16:48:44 +0000 (10:48 -0600)]
qapi: Add new clone visitor

We have a couple places in the code base that want to deep-clone
one QAPI object into another, and they were resorting to serializing
the struct out to QObject then reparsing it.  A much more efficient
version can be done by adding a new clone visitor.

Since cloning is still relatively uncommon, expose the use of the
new visitor via a QAPI_CLONE() macro that takes care of type-punning
the underlying function pointer, rather than generating lots of
unused functions for types that won't be cloned.  And yes, we're
relying on the compiler treating all pointers equally, even though
a strict C program cannot portably do so - but we're not the first
one in the qemu code base to expect it to work (hello, glib!).

The choice of adding a fourth visitor type deserves some explanation.
On the surface, the clone visitor is mostly an input visitor (it
takes arbitrary input - in this case, another QAPI object - and
creates a new QAPI object during the course of the visit).  But
ever since commit da72ab0 consolidated enum visits based on the
visitor type, using VISITOR_INPUT would cause us to run
visit_type_str(), even though for cloning there is nothing to do
(we just copy the enum value across, without regards to its mapping
to strings).   Also, since our input happens to be a QAPI object,
we can also satisfy the internal checks for VISITOR_OUTPUT.  So in
the end, I settled with a new VISITOR_CLONE, and chose its value
such that many internal checks can use 'v->type & mask', sticking
to 'v->type == value' where the difference matters.

Note that we can only clone objects (including alternates) and lists,
not built-ins or enums.  The visitor core hides integer width from
the actual visitor (since commit 04e070d), and as long as that's the
case, we can't clone top-level integers.  Then again, those can
always be cloned by direct copy, since they are not objects with
deep pointers, so it's no real loss.  And restricting cloning to
just objects and lists is cleaner than restricting it to non-integers.
As such, I documented that the clone visitor is for direct use only
by code internal to QAPI, and should not be used on incomplete objects
(other than a hack to work around the fact that we allow NULL in place
of "" in visit_type_str() in other output visitors).  Note that as
written, the clone visitor will never fail on a complete object.

Scalars (including enums) not at the root of the clone copy just fine
with no additional effort while visiting the scalar, by virtue of a
g_memdup() each time we push another struct onto the stack.  Cloning
a string requires deduplication of a pointer, which means it can also
provide the guarantee of an input visitor of never producing NULL
even when still accepting NULL in place of "" the way the QMP output
visitor does.

Cloning an 'any' type could be possible by incrementing the QObject
refcnt, but it's not obvious whether that is better than implementing
a QObject deep clone.  So for now, we document it as unsupported,
and intentionally omit the .type_any() callback to let a developer
know their usage needs implementation.

Add testsuite coverage for several different clone situations, to
ensure that the code is working.  I also tested that valgrind was
happy with the test.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-14-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agoqapi: Add new visit_complete() function
Eric Blake [Thu, 9 Jun 2016 16:48:43 +0000 (10:48 -0600)]
qapi: Add new visit_complete() function

Making each output visitor provide its own output collection
function was the only remaining reason for exposing visitor
sub-types to the rest of the code base.  Add a polymorphic
visit_complete() function which is a no-op for input visitors,
and which populates an opaque pointer for output visitors.  For
maximum type-safety, also add a parameter to the output visitor
constructors with a type-correct version of the output pointer,
and assert that the two uses match.

This approach was considered superior to either passing the
output parameter only during construction (action at a distance
during visit_free() feels awkward) or only during visit_complete()
(defeating type safety makes it easier to use incorrectly).

Most callers were function-local, and therefore a mechanical
conversion; the testsuite was a bit trickier, but the previous
cleanup patch minimized the churn here.

The visit_complete() function may be called at most once; doing
so lets us use transfer semantics rather than duplication or
ref-count semantics to get the just-built output back to the
caller, even though it means our behavior is not idempotent.

Generated code is simplified as follows for events:

|@@ -26,7 +26,7 @@ void qapi_event_send_acpi_device_ost(ACP
|     QDict *qmp;
|     Error *err = NULL;
|     QMPEventFuncEmit emit;
|-    QmpOutputVisitor *qov;
|+    QObject *obj;
|     Visitor *v;
|     q_obj_ACPI_DEVICE_OST_arg param = {
|         info
|@@ -39,8 +39,7 @@ void qapi_event_send_acpi_device_ost(ACP
|
|     qmp = qmp_event_build_dict("ACPI_DEVICE_OST");
|
|-    qov = qmp_output_visitor_new();
|-    v = qmp_output_get_visitor(qov);
|+    v = qmp_output_visitor_new(&obj);
|
|     visit_start_struct(v, "ACPI_DEVICE_OST", NULL, 0, &err);
|     if (err) {
|@@ -55,7 +54,8 @@ void qapi_event_send_acpi_device_ost(ACP
|         goto out;
|     }
|
|-    qdict_put_obj(qmp, "data", qmp_output_get_qobject(qov));
|+    visit_complete(v, &obj);
|+    qdict_put_obj(qmp, "data", obj);
|     emit(QAPI_EVENT_ACPI_DEVICE_OST, qmp, &err);

and for commands:

| {
|     Error *err = NULL;
|-    QmpOutputVisitor *qov = qmp_output_visitor_new();
|     Visitor *v;
|
|-    v = qmp_output_get_visitor(qov);
|+    v = qmp_output_visitor_new(ret_out);
|     visit_type_AddfdInfo(v, "unused", &ret_in, &err);
|-    if (err) {
|-        goto out;
|+    if (!err) {
|+        visit_complete(v, ret_out);
|     }
|-    *ret_out = qmp_output_get_qobject(qov);
|-
|-out:
|     error_propagate(errp, err);

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-13-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agotests: Factor out common code in qapi output tests
Eric Blake [Thu, 9 Jun 2016 16:48:42 +0000 (10:48 -0600)]
tests: Factor out common code in qapi output tests

Create a new visitor_get() function to capture common
actions taken in collecting output from an output visitor,
to make it easier to refactor the output visitors in a
later patch.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-12-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agotests: Clean up test-string-output-visitor
Eric Blake [Thu, 9 Jun 2016 16:48:41 +0000 (10:48 -0600)]
tests: Clean up test-string-output-visitor

Use &error_abort and error_free_or_abort() in more places, use
the generated qapi_free_intList() instead of open-coding it,
reduce the scope of some variables, avoid code duplication
during test setup with visitor_output_setup_internal(), and
copy the visitor_reset() concept from the qmp-output test to
the string-output test.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-11-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agoqmp-output-visitor: Favor new visit_free() function
Eric Blake [Thu, 9 Jun 2016 16:48:40 +0000 (10:48 -0600)]
qmp-output-visitor: Favor new visit_free() function

Now that we have a polymorphic visit_free(), we no longer need
qmp_output_visitor_cleanup(); however, we still need to
expose the subtype for qmp_output_get_qobject().

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-10-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agostring-output-visitor: Favor new visit_free() function
Eric Blake [Thu, 9 Jun 2016 16:48:39 +0000 (10:48 -0600)]
string-output-visitor: Favor new visit_free() function

Now that we have a polymorphic visit_free(), we no longer need
string_output_visitor_cleanup(); however, we still need to
expose the subtype for string_output_get_string().

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-9-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agoqmp-input-visitor: Favor new visit_free() function
Eric Blake [Thu, 9 Jun 2016 16:48:38 +0000 (10:48 -0600)]
qmp-input-visitor: Favor new visit_free() function

Now that we have a polymorphic visit_free(), we no longer need
qmp_input_visitor_cleanup(); which in turn means we no longer
need to return a subtype from qmp_input_visitor_new() nor a
public upcast function.

Generated code changes to qmp-marshal.c look like:

|@@ -52,11 +52,10 @@ void qmp_marshal_add_fd(QDict *args, QOb
| {
|     Error *err = NULL;
|     AddfdInfo *retval;
|-    QmpInputVisitor *qiv = qmp_input_visitor_new(QOBJECT(args), true);
|     Visitor *v;
|     q_obj_add_fd_arg arg = {0};
|
|-    v = qmp_input_get_visitor(qiv);
|+    v = qmp_input_visitor_new(QOBJECT(args), true);
|     visit_start_struct(v, NULL, NULL, 0, &err);
|     if (err) {
|         goto out;

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-8-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agostring-input-visitor: Favor new visit_free() function
Eric Blake [Thu, 9 Jun 2016 16:48:37 +0000 (10:48 -0600)]
string-input-visitor: Favor new visit_free() function

Now that we have a polymorphic visit_free(), we no longer need
string_input_visitor_cleanup(); which in turn means we no longer
need to return a subtype from string_input_visitor_new() nor a
public upcast function.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-7-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agoopts-visitor: Favor new visit_free() function
Eric Blake [Thu, 9 Jun 2016 16:48:36 +0000 (10:48 -0600)]
opts-visitor: Favor new visit_free() function

Now that we have a polymorphic visit_free(), we no longer need
opts_visitor_cleanup(); which in turn means we no longer need
to return a subtype from opts_visitor_new() nor a public upcast
function.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-6-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agoqapi: Add new visit_free() function
Eric Blake [Thu, 9 Jun 2016 16:48:35 +0000 (10:48 -0600)]
qapi: Add new visit_free() function

Making each visitor provide its own (awkwardly-named) FOO_cleanup()
is unusual, when we can instead have a polymorphic visit_free()
interface.  Over the next few patches, we can use the polymorphic
functions to eliminate the need for a FOO_get_visitor() function
for accessing specific visitor functionality, once everything can
be accessed directly through the Visitor* interfaces.

The dealloc visitor is the first one converted to completely use
the new entry point, since qapi_dealloc_visitor_cleanup() was the
only reason that qapi_dealloc_get_visitor() existed, and only
generated and testsuite code was even using it.  With the new
visit_free() entry point in place, we no longer need to expose
the QapiDeallocVisitor subtype through qapi_dealloc_visitor_new(),
and can get by with less generated code, with diffs that look like:

| void qapi_free_ACPIOSTInfo(ACPIOSTInfo *obj)
| {
|-    QapiDeallocVisitor *qdv;
|     Visitor *v;
|
|     if (!obj) {
|         return;
|     }
|
|-    qdv = qapi_dealloc_visitor_new();
|-    v = qapi_dealloc_get_visitor(qdv);
|+    v = qapi_dealloc_visitor_new();
|     visit_type_ACPIOSTInfo(v, NULL, &obj, NULL);
|-    qapi_dealloc_visitor_cleanup(qdv);
|+    visit_free(v);
|}

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-5-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agoqapi: Add parameter to visit_end_*
Eric Blake [Thu, 9 Jun 2016 16:48:34 +0000 (10:48 -0600)]
qapi: Add parameter to visit_end_*

Rather than making the dealloc visitor track of stack of pointers
remembered during visit_start_* in order to free them during
visit_end_*, it's a lot easier to just make all callers pass the
same pointer to visit_end_*.  The generated code has access to the
same pointer, while all other users are doing virtual walks and
can pass NULL.  The dealloc visitor is then greatly simplified.

All three visit_end_*() functions intentionally take a void**,
even though the visit_start_*() functions differ between void**,
GenericList**, and GenericAlternate**.  This is done for several
reasons: when doing a virtual walk, passing NULL doesn't care
what the type is, but when doing a generated walk, we already
have to cast the caller's specific FOO* to call visit_start,
while using void** lets us use visit_end without a cast. Also,
an upcoming patch will add a clone visitor that wants to use
the same implementation for all three visit_end callbacks,
which is made easier if all three share the same signature.

For visitors with already track per-object state (the QMP visitors
via a stack, and the string visitors which do not allow nesting),
add an assertion that the caller is indeed passing the same
pointer to paired calls.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-4-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agoqemu-img: Don't leak errors when outputting JSON
Eric Blake [Thu, 9 Jun 2016 16:48:33 +0000 (10:48 -0600)]
qemu-img: Don't leak errors when outputting JSON

If our JSON output ever encounters an error, we would just silently
leak the error object.  Instead, assert that our usage won't fail.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-3-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agoqapi: Improve use of qmp/types.h
Eric Blake [Thu, 9 Jun 2016 16:48:32 +0000 (10:48 -0600)]
qapi: Improve use of qmp/types.h

'qjson.h' is not a QObject subtype; include this file directly in
.c files that are using it, rather than abusing qmp/types.h for
that purpose.

Meanwhile, for files that include a list of individual QObject
subtypes, it's easier to just use qmp/types.h for that purpose.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465490926-28625-2-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agovirgl: pass whole GL scanout dimensions
Marc-André Lureau [Tue, 14 Jun 2016 13:44:09 +0000 (15:44 +0200)]
virgl: pass whole GL scanout dimensions

Spice client needs the whole GL texture dimension to be able to show a
scanout with a monitor offset (different than +0+0).

Furthermore, this fixes a crash when calling surface_{width,height}()
after dpy_gfx_replace_surface(con, NULL) was called in
virgl_cmd_set_scanout()

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1465911849-30423-4-git-send-email-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agospice: use the right head for multi-monitor
Marc-André Lureau [Tue, 14 Jun 2016 13:44:08 +0000 (15:44 +0200)]
spice: use the right head for multi-monitor

Look up the associated head monitor config.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1465911849-30423-3-git-send-email-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agovirgl: count the calls to gl_block
Marc-André Lureau [Tue, 14 Jun 2016 13:44:07 +0000 (15:44 +0200)]
virgl: count the calls to gl_block

In virgl_cmd_resource_flush(), when several consoles are updated, it
needs to keep blocking until all spice gl draws are done. This fixes an
assert() in spice when using multiple monitors with virgl.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1465911849-30423-2-git-send-email-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agospice: avoid .set_mm_time on >= 0.12.6
John Snow [Wed, 29 Jun 2016 22:41:35 +0000 (18:41 -0400)]
spice: avoid .set_mm_time on >= 0.12.6

Spice deprecated this callback in 0.12.6.
It's not a problem yet, but it will cause Clang to fail in a -Werror
build due to the deprecated tag.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1467240095-12507-2-git-send-email-jsnow@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agoqxl: fix surface migration
Gerd Hoffmann [Wed, 22 Jun 2016 12:07:24 +0000 (14:07 +0200)]
qxl: fix surface migration

Create a helper function qxl_dirty_one_surface() to mark a single qxl
surface as dirty.  Use the new qxl_get_check_slot_offset function and
lookup the memory region from the slot instead of assuming the surface
is stored in vram.

Use the new helper function in qxl_dirty_surfaces, for both primary and
off-screen surfaces.  For off-screen surfaces this is no functional
change.  For primary surfaces this will dirty only the memory actually
used instead of the whole surface0 region.  It will also work correctly
in case the guest places the primary surface in vram instead of the
surface0 region (linux kms driver does that).

https://bugzilla.redhat.com/show_bug.cgi?id=1235732

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1466597244-5938-3-git-send-email-kraxel@redhat.com

8 years agoqxl: store memory region and offset instead of pointer for guest slots
Gerd Hoffmann [Wed, 22 Jun 2016 12:07:23 +0000 (14:07 +0200)]
qxl: store memory region and offset instead of pointer for guest slots

Store MemoryRegion and offset instead of a pointer for each qxl memory
slot, so we can easily figure in which memory region an qxl object
stored.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1466597244-5938-2-git-send-email-kraxel@redhat.com

8 years agoqxl: factor out qxl_get_check_slot_offset
Gerd Hoffmann [Wed, 22 Jun 2016 12:07:22 +0000 (14:07 +0200)]
qxl: factor out qxl_get_check_slot_offset

New helper function which translates a qxl physical address into
memory slot and offset.  Also applies sanity checks.  Factored out
from qxl_phys2virt.  No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1466597244-5938-1-git-send-email-kraxel@redhat.com

8 years agoqxl: handle no updates in interface_update_area_complete
Gerd Hoffmann [Wed, 8 Jun 2016 14:11:41 +0000 (16:11 +0200)]
qxl: handle no updates in interface_update_area_complete

Simply return early in case there are no updated rects.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1465395101-13580-1-git-send-email-kraxel@redhat.com

8 years agoqxl: use uint64_t for vram size
Gerd Hoffmann [Wed, 8 Jun 2016 12:40:48 +0000 (14:40 +0200)]
qxl: use uint64_t for vram size

This allows for the 64bit vram bar to become larger than 2G
(try -device qxl-vga,vram64_size_mb=8192).

https://bugzilla.redhat.com/show_bug.cgi?id=1340439

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1465389648-5179-1-git-send-email-kraxel@redhat.com

8 years agoqom: Fix comment typo
Changlong Xie [Tue, 14 Jun 2016 07:27:49 +0000 (15:27 +0800)]
qom: Fix comment typo

It's qom_unref, not qdef_unref.

Signed-off-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotcg: Improve the alignment check infrastructure
Sergey Sorokin [Thu, 23 Jun 2016 18:16:46 +0000 (21:16 +0300)]
tcg: Improve the alignment check infrastructure

Some architectures (e.g. ARMv8) need the address which is aligned
to a size more than the size of the memory access.
To support such check it's enough the current costless alignment
check implementation in QEMU, but we need to support
an alignment size specifying.

Signed-off-by: Sergey Sorokin <afarallax@yandex.ru>
Message-Id: <1466705806-679898-1-git-send-email-afarallax@yandex.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>
[rth: Assert in tcg_canonicalize_memop.  Leave get_alignment_bits
available for, though unused by, user-mode.  Retain logging difference
based on ALIGNED_ONLY.]

8 years agotcg: Optimize spills of constants
Richard Henderson [Mon, 20 Jun 2016 05:59:13 +0000 (22:59 -0700)]
tcg: Optimize spills of constants

While we can store constants via constrants on INDEX_op_st_i32 et al,
we weren't able to spill constants to backing store.

Add a new backend interface, tcg_out_sti, which may store the constant
(and is allowed to fail).  Rearrange the temp_* helpers so that we only
attempt to directly store a constant when the temp is becoming dead/free.

Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotcg: Fix name for high-half register
Richard Henderson [Sat, 18 Jun 2016 00:02:20 +0000 (17:02 -0700)]
tcg: Fix name for high-half register

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agobuild: Use $(CCAS) for compiling .S files
Richard Henderson [Thu, 23 Jun 2016 17:39:18 +0000 (10:39 -0700)]
build: Use $(CCAS) for compiling .S files

We fail to pass to $(AS) all of the different flags that may be required
for a given set of CFLAGS.  Rather than figuring out the host-specific
mapping, it's better to allow the compiler driver to do that.

However, simply using $(CC) runs afoul of clang trying to build the
option roms.  C.f. 3dd46c78525a30e98c68, wherein we changed from
using $(CC) to using $(AS) in the first place.

Work around this by passing -fno-integrated-as to clang, so that we use
the external assembler, and the clang driver still passes along all of
the options that the assembler might require.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <1466703558-7723-1-git-send-email-rth@twiddle.net>

8 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Tue, 5 Jul 2016 16:53:02 +0000 (17:53 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches

# gpg: Signature made Tue 05 Jul 2016 16:46:14 BST
# gpg:                using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream: (43 commits)
  block/qcow2: Don't use cpu_to_*w()
  block: Convert bdrv_co_preadv/pwritev to BdrvChild
  block: Convert bdrv_prwv_co() to BdrvChild
  block: Convert bdrv_pwrite_zeroes() to BdrvChild
  block: Convert bdrv_pwrite(v/_sync) to BdrvChild
  block: Convert bdrv_pread(v) to BdrvChild
  block: Convert bdrv_write() to BdrvChild
  block: Convert bdrv_read() to BdrvChild
  block: Use BlockBackend for I/O in bdrv_commit()
  block: Move bdrv_commit() to block/commit.c
  block: Convert bdrv_co_do_readv/writev to BdrvChild
  block: Convert bdrv_aio_writev() to BdrvChild
  block: Convert bdrv_aio_readv() to BdrvChild
  block: Convert bdrv_co_writev() to BdrvChild
  block: Convert bdrv_co_readv() to BdrvChild
  vhdx: Some more BlockBackend use in vhdx_create()
  blkreplay: Convert to byte-based I/O
  vvfat: Use BdrvChild for s->qcow
  block/qdev: Fix NULL access when using BB twice
  block: fix return code for partial write for Linux AIO
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
Peter Maydell [Tue, 5 Jul 2016 15:48:24 +0000 (16:48 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc, pci, virtio: new features, cleanups, fixes

iommus can not be added with -device.
cleanups and fixes all over the place

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 05 Jul 2016 11:18:32 BST
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream: (30 commits)
  vmw_pvscsi: remove unnecessary internal msi state flag
  e1000e: remove unnecessary internal msi state flag
  vmxnet3: remove unnecessary internal msi state flag
  mptsas: remove unnecessary internal msi state flag
  megasas: remove unnecessary megasas_use_msi()
  pci: Convert msi_init() to Error and fix callers to check it
  pci bridge dev: change msi property type
  megasas: change msi/msix property type
  mptsas: change msi property type
  intel-hda: change msi property type
  usb xhci: change msi/msix property type
  change pvscsi_init_msi() type to void
  tests: add APIC.cphp and DSDT.cphp blobs
  tests: acpi: add CPU hotplug testcase
  log: Permit -dfilter 0..0xffffffffffffffff
  range: Replace internal representation of Range
  range: Eliminate direct Range member access
  log: Clean up misuse of Range for -dfilter
  pci_register_bar: cleanup
  Revert "virtio-net: unbreak self announcement and guest offloads after migration"
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'mreitz/tags/pull-block-for-kevin-2016-07-05-v2' into...
Kevin Wolf [Tue, 5 Jul 2016 14:55:31 +0000 (16:55 +0200)]
Merge remote-tracking branch 'mreitz/tags/pull-block-for-kevin-2016-07-05-v2' into queue-block

A block patch for the block queue

# gpg: Signature made Tue Jul  5 16:54:22 2016 CEST
# gpg:                using RSA key 0x3BB14202E838ACAD
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>"
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40
#      Subkey fingerprint: 58B3 81CE 2DC8 9CF9 9730  EE64 3BB1 4202 E838 ACAD

* mreitz/tags/pull-block-for-kevin-2016-07-05-v2:
  block/qcow2: Don't use cpu_to_*w()

Signed-off-by: Kevin Wolf <kwolf@redhat.com>