sdk/emulator/qemu.git
11 years agoexec: put memory map in AddressSpaceDispatch
Paolo Bonzini [Wed, 29 May 2013 10:28:21 +0000 (12:28 +0200)]
exec: put memory map in AddressSpaceDispatch

After this patch, AddressSpaceDispatch holds a constistent tuple of
(phys_map, nodes, sections).  This will be important when updates
of the topology will run concurrently with reads.

cur_map is not used anymore except for freeing it at the end of the
topology update.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoexec: separate current radix tree from the one being built
Paolo Bonzini [Wed, 29 May 2013 10:13:54 +0000 (12:13 +0200)]
exec: separate current radix tree from the one being built

This same treatment previously done to phys_node_map and phys_sections
is now applied to the dispatch field of AddressSpace.  Topology updates
use as->next_dispatch while accesses use as->dispatch.

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoexec: move listener from AddressSpaceDispatch to AddressSpace
Paolo Bonzini [Sun, 2 Jun 2013 08:39:07 +0000 (10:39 +0200)]
exec: move listener from AddressSpaceDispatch to AddressSpace

This will help having two copies of AddressSpaceDispatch during the
recreation of the radix tree (one being built, and one that is complete
and will be protected by RCU).  We do not want to have to unregister and
re-register the listener.

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: move MemoryListener declaration earlier
Paolo Bonzini [Sun, 2 Jun 2013 13:20:47 +0000 (15:20 +0200)]
memory: move MemoryListener declaration earlier

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoexec: separate current memory map from the one being built
Paolo Bonzini [Wed, 29 May 2013 10:09:47 +0000 (12:09 +0200)]
exec: separate current memory map from the one being built

Currently, phys_node_map and phys_sections are shared by all
of the AddressSpaceDispatch.  When updating mem topology, all
AddressSpaceDispatch will rebuild dispatch tables sequentially
on them.  In order to prepare for RCU access, leave the old
memory map alive while the next one is being accessed.

When rebuilding, the new dispatch tables will build and lookup
next_map; after all dispatch tables are rebuilt, we can switch
to next_* and free the previous table.

Based on a patch from Liu Ping Fan.

Signed-off-by: Liu Ping Fan <qemulist@gmail.com>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoexec: change well-known physical sections to macros
Liu Ping Fan [Wed, 29 May 2013 09:09:17 +0000 (11:09 +0200)]
exec: change well-known physical sections to macros

Sections like phys_section_unassigned always have fixed address
in phys_sections.  Declared as macro, so we can use them
when having more than one phys_sections array.

Signed-off-by: Liu Ping Fan <pingfank@linux.vnet.ibm.com>
Signed-off-by: Liu Ping Fan <qemulist@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoqom: Use atomics for object refcounting
Jan Kiszka [Tue, 2 Jul 2013 09:36:39 +0000 (11:36 +0200)]
qom: Use atomics for object refcounting

Object reference counts will soon be changed outside the BQL. So we need
to use atomics in object_ref/unref.

Based on a patch by Liu Ping Fan.

Signed-off-by: Liu Ping Fan <qemulist@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: add reference counting to FlatView
Paolo Bonzini [Mon, 6 May 2013 09:57:21 +0000 (11:57 +0200)]
memory: add reference counting to FlatView

With this change, a FlatView can be used even after a concurrent
update has replaced it.  Because we do not yet have RCU, we use a
mutex to protect the small critical sections that read/write the
as->current_map pointer.  Accesses to the FlatView can be done
outside the mutex.

If a MemoryRegion will be used after the FlatView is unref-ed (or after
a MemoryListener callback is returned), a reference has to be added to
that MemoryRegion. memory_region_find already does it for the region
that it returns.  The same will be done for address_space_translate
as soon as the dispatch tree is also converted to RCU-style.

Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: use a new FlatView pointer on every topology update
Paolo Bonzini [Mon, 6 May 2013 08:29:07 +0000 (10:29 +0200)]
memory: use a new FlatView pointer on every topology update

This is the first step towards converting as->current_map to
RCU-style updates, where the FlatView updates run concurrently
with uses of an old FlatView.

Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: access FlatView from a local variable
Paolo Bonzini [Mon, 6 May 2013 08:26:13 +0000 (10:26 +0200)]
memory: access FlatView from a local variable

We will soon require accesses to as->current_map to be placed under
a lock (with reference counting so as to keep the critical section
small).  To simplify this change, always fetch as->current_map into
a local variable and access it through that variable.

Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoadd a header file for atomic operations
Paolo Bonzini [Mon, 13 May 2013 11:29:47 +0000 (13:29 +0200)]
add a header file for atomic operations

We're already using them in several places, but __sync builtins are just
too ugly to type, and do not provide seqcst load/store operations.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/[u-x]*: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/[u-x]*: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/t*: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/t*: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/s*: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/s*: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/p*: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/p*: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/n*: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/n*: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/m*: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/m*: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/i*: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/i*: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/gpio: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/gpio: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/d*: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/d*: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/c*: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/c*: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/block: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/block: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agohw/a*: pass owner to memory_region_init* functions
Paolo Bonzini [Fri, 7 Jun 2013 01:25:08 +0000 (21:25 -0400)]
hw/a*: pass owner to memory_region_init* functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agopiolist: add owner argument to initialization functions and pass devices
Paolo Bonzini [Fri, 7 Jun 2013 01:19:53 +0000 (21:19 -0400)]
piolist: add owner argument to initialization functions and pass devices

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agopam: pass device to init_pam and use it to set owner
Paolo Bonzini [Tue, 25 Jun 2013 10:33:01 +0000 (12:33 +0200)]
pam: pass device to init_pam and use it to set owner

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agospapr_iommu: pass device to spapr_tce_new_table and use it to set owner
Paolo Bonzini [Tue, 25 Jun 2013 10:32:25 +0000 (12:32 +0200)]
spapr_iommu: pass device to spapr_tce_new_table and use it to set owner

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agovfio: pass device to vfio_mmap_bar and use it to set owner
Paolo Bonzini [Tue, 25 Jun 2013 10:31:46 +0000 (12:31 +0200)]
vfio: pass device to vfio_mmap_bar and use it to set owner

Cc: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agone2000: pass device to ne2000_setup_io, use it as owner
Paolo Bonzini [Tue, 25 Jun 2013 13:04:35 +0000 (15:04 +0200)]
ne2000: pass device to ne2000_setup_io, use it as owner

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agovga: set owner in vga_update_memory_access
Paolo Bonzini [Fri, 7 Jun 2013 01:21:13 +0000 (21:21 -0400)]
vga: set owner in vga_update_memory_access

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agovga: pass owner to vga_init_io
Paolo Bonzini [Fri, 7 Jun 2013 01:21:13 +0000 (21:21 -0400)]
vga: pass owner to vga_init_io

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agovga: pass owner to vga_init_vbe
Paolo Bonzini [Fri, 7 Jun 2013 01:21:13 +0000 (21:21 -0400)]
vga: pass owner to vga_init_vbe

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agovga: pass owner to cirrus_init_common
Paolo Bonzini [Fri, 7 Jun 2013 01:21:13 +0000 (21:21 -0400)]
vga: pass owner to cirrus_init_common

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agovga: pass owner to vga_common_init
Paolo Bonzini [Fri, 7 Jun 2013 01:21:13 +0000 (21:21 -0400)]
vga: pass owner to vga_common_init

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agovga: pass owner to vga_init
Paolo Bonzini [Fri, 7 Jun 2013 01:21:13 +0000 (21:21 -0400)]
vga: pass owner to vga_init

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoescc: rename struct to ESCCState
Paolo Bonzini [Tue, 25 Jun 2013 13:02:38 +0000 (15:02 +0200)]
escc: rename struct to ESCCState

We are using the same struct name for two devices.  8250 is widespread
enough that this causes some confusion, rename the other instance.

Reviewed-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: ref/unref memory across address_space_map/unmap
Paolo Bonzini [Fri, 28 Jun 2013 15:33:29 +0000 (17:33 +0200)]
memory: ref/unref memory across address_space_map/unmap

The iothread mutex might be released between map and unmap, so the
mapped region might disappear.

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoexec: reorganize address_space_map
Paolo Bonzini [Fri, 28 Jun 2013 15:29:27 +0000 (17:29 +0200)]
exec: reorganize address_space_map

First of all, rename "todo" to "done".

Second, clearly separate the case of done == 0 with the case of done != 0.
This will help handling reference counting in the next patch.

Third, this test:

             if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {

does not guarantee that the memory region is the same across two iterations
of the while loop.  For example, you could have two blocks:

A) size 640 K, mapped at physical address 0, ram_addr_t 0
B) size 64 K, mapped at physical address 0xa0000, ram_addr_t 0xa0000

then mapping 1 M starting at physical address zero will erroneously treat
B as the continuation of block A.  qemu_ram_ptr_length ensures that no
invalid memory is accessed, but it is still a pointless complication of
the algorithm.  The patch makes the logic clearer with an explicit test
that the memory region is the same.

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: return MemoryRegion from qemu_ram_addr_from_host
Paolo Bonzini [Mon, 6 May 2013 12:36:15 +0000 (14:36 +0200)]
memory: return MemoryRegion from qemu_ram_addr_from_host

It will be needed in the next patch.

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoexec: move qemu_ram_addr_from_host_nofail to cputlb.c
Paolo Bonzini [Mon, 3 Jun 2013 10:44:02 +0000 (12:44 +0200)]
exec: move qemu_ram_addr_from_host_nofail to cputlb.c

After the next patch it would not be used elsewhere anyway.  Also,
the _nofail and the standard versions of this function return different
things, which is confusing.  Removing the function from the public headers
limits the confusion.

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoexec: check MRU in qemu_ram_addr_from_host
Paolo Bonzini [Mon, 6 May 2013 12:28:39 +0000 (14:28 +0200)]
exec: check MRU in qemu_ram_addr_from_host

This function is not used outside the iothread mutex, so it
can use ram_list.mru_block.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: add ref/unref calls
Paolo Bonzini [Mon, 6 May 2013 08:46:11 +0000 (10:46 +0200)]
memory: add ref/unref calls

Add ref/unref calls at the following places:

- places where memory regions are stashed by a listener and
  used outside the BQL (including in Xen or KVM).

- memory_region_find callsites

- creation of aliases and containers (only the aliased/contained
  region gets a reference to avoid loops)

- around calls to del_subregion/add_subregion, where the region
  could disappear after the first call

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: introduce memory_region_present
Paolo Bonzini [Tue, 2 Jul 2013 11:40:48 +0000 (13:40 +0200)]
memory: introduce memory_region_present

This new API will avoid having too many memory_region_ref/unref
in paths that currently use memory_region_find.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: add ref/unref
Paolo Bonzini [Tue, 7 May 2013 07:06:00 +0000 (09:06 +0200)]
memory: add ref/unref

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: add getter for owner
Paolo Bonzini [Tue, 7 May 2013 04:59:09 +0000 (06:59 +0200)]
memory: add getter for owner

Whenever memory regions are accessed outside the BQL, they need to be
preserved against hot-unplug.  MemoryRegions actually do not have their
own reference count; they piggyback on a QOM object, their "owner".
The owner is set at creation time, and there is a function to retrieve
the owner.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoexec: simplify destruction of the phys map
Paolo Bonzini [Wed, 29 May 2013 10:07:03 +0000 (12:07 +0200)]
exec: simplify destruction of the phys map

Do not bother visiting the radix tree when an address space is destroyed.
After the previous patch, this has become a pointless exercise.  When
called from address_space_destroy_dispatch, all you're doing is zeroing
out a structure that will be freed as soon as you come back.  When called
from mem_begin, when phys_page_set_level will call phys_map_node_alloc the
radix tree's array will be zeroed too.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: destroy phys_sections one by one
Paolo Bonzini [Tue, 25 Jun 2013 07:30:48 +0000 (09:30 +0200)]
memory: destroy phys_sections one by one

phys_sections_clear is invoked after the dispatch tree has been
destroyed.  This leaves a window where phys_sections_nb > 0 but the
subpages are not valid anymore, which is a recipe for use-after-free
bugs.

Move the destruction of subpages in phys_sections_clear.  We will
still destroy the subpages when an address space is cleaned up,
because address_space_destroy will clear as->root and commit the
change before it calls address_space_destroy_dispatch.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agomemory: add owner argument to initialization functions
Paolo Bonzini [Thu, 6 Jun 2013 09:41:28 +0000 (05:41 -0400)]
memory: add owner argument to initialization functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoioport: Move portio types to ioport.h
Jan Kiszka [Sat, 22 Jun 2013 06:07:07 +0000 (08:07 +0200)]
ioport: Move portio types to ioport.h

This decouples memory.h from ioport.h, concentrating all portio related
types in a single header.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agovmport: Disentangle read handler type from portio
Jan Kiszka [Sat, 22 Jun 2013 06:07:06 +0000 (08:07 +0200)]
vmport: Disentangle read handler type from portio

In case the latter may vanish one day, make sure the vmport read handler
type will remain unaffected. This is also conceptually cleaner.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoioport: Remove unused old dispatching services
Jan Kiszka [Sat, 22 Jun 2013 06:07:05 +0000 (08:07 +0200)]
ioport: Remove unused old dispatching services

Remove unused ioport_register and isa_unassign_ioport along with
everything that only those services used.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoioport: Switch dispatching to memory core layer
Jan Kiszka [Mon, 24 Jun 2013 08:45:09 +0000 (10:45 +0200)]
ioport: Switch dispatching to memory core layer

The current ioport dispatcher is a complex beast, mostly due to the
need to deal with old portio interface users. But we can overcome it
without converting all portio users by embedding the required base
address of a MemoryRegionPortio access into that data structure. That
removes the need to have the additional MemoryRegionIORange structure
in the loop on every access.

To handle old portio memory ops, we simply install dispatching handlers
for portio memory regions when registering them with the memory core.
This removes the need for the old_portio field.

We can drop the additional aliasing of ioport regions and also the
special address space listener. cpu_in and cpu_out now simply call
address_space_read/write. And we can concentrate portio handling in a
single source file.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoxen: Mark fixed platform I/O as unaligned
Jan Kiszka [Sat, 22 Jun 2013 06:07:03 +0000 (08:07 +0200)]
xen: Mark fixed platform I/O as unaligned

Before switching to the memory core dispatcher, we need to make sure
that this pv-device will continue to receive unaligned portio accesses.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agovmware-vga: Accept unaligned I/O accesses
Jan Kiszka [Sat, 22 Jun 2013 06:07:02 +0000 (08:07 +0200)]
vmware-vga: Accept unaligned I/O accesses

Before switching to the memory core dispatcher, we need to make sure
that this pv-device will continue to receive unaligned portio accesses.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoisa: implement isa_is_ioport_assigned via memory_region_find
Jan Kiszka [Sat, 22 Jun 2013 06:07:01 +0000 (08:07 +0200)]
isa: implement isa_is_ioport_assigned via memory_region_find

Open-code isa_is_ioport_assigned via a memory region lookup. As all IO
ports are now directly or indirectly registered via the memory API, this
becomes possible and will finally allow us to drop the ioport tables.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoPrivatize register_ioport_read/write
Jan Kiszka [Sat, 22 Jun 2013 06:07:00 +0000 (08:07 +0200)]
Privatize register_ioport_read/write

No more users outside of ioport.c.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agovt82c686: replace register_ioport*
Jan Kiszka [Sat, 22 Jun 2013 06:06:59 +0000 (08:06 +0200)]
vt82c686: replace register_ioport*

Convert over to memory regions to obsolete register_ioport*.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoprep: replace register_ioport*
Jan Kiszka [Sat, 22 Jun 2013 06:06:58 +0000 (08:06 +0200)]
prep: replace register_ioport*

Convert over to memory regions to obsolete register_ioport*.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoi82374: replace register_ioport*
Jan Kiszka [Sat, 22 Jun 2013 06:06:57 +0000 (08:06 +0200)]
i82374: replace register_ioport*

Convert over to memory regions to obsolete register_ioport*.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agowdt_ib700: replace register_ioport*
Jan Kiszka [Sat, 22 Jun 2013 06:06:56 +0000 (08:06 +0200)]
wdt_ib700: replace register_ioport*

Convert over to memory regions to obsolete register_ioport*.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoapplesmc: replace register_ioport*
Jan Kiszka [Sat, 22 Jun 2013 06:06:55 +0000 (08:06 +0200)]
applesmc: replace register_ioport*

Convert over to memory regions to obsolete register_ioport*.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoadlib: replace register_ioport*
Jan Kiszka [Sat, 22 Jun 2013 06:06:54 +0000 (08:06 +0200)]
adlib: replace register_ioport*

Convert over to memory regions to obsolete register_ioport*.

CC: malc <av1474@comtv.ru>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agodma: keep a device alive while it has SGLists
Paolo Bonzini [Mon, 3 Jun 2013 12:17:19 +0000 (14:17 +0200)]
dma: keep a device alive while it has SGLists

Reviewed-by: Anthony Liguori <aliguori@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoscsi: keep device alive while it has requests
Paolo Bonzini [Mon, 3 Jun 2013 12:09:39 +0000 (14:09 +0200)]
scsi: keep device alive while it has requests

Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoint128: optimize and add test cases
Paolo Bonzini [Thu, 20 Jun 2013 14:19:32 +0000 (16:19 +0200)]
int128: optimize and add test cases

For add, the carry only requires checking one of the arguments.
For sub and neg, we can similarly optimize computation of the
carry.

For ge, we can just do lexicographic order.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoMerge remote-tracking branch 'agraf/ppc-for-upstream' into staging
Anthony Liguori [Mon, 1 Jul 2013 14:03:04 +0000 (09:03 -0500)]
Merge remote-tracking branch 'agraf/ppc-for-upstream' into staging

# By Alexander Graf (12) and others
# Via Alexander Graf
* agraf/ppc-for-upstream: (32 commits)
  PPC: Ignore writes to L2CR
  mac-io: Add escc-legacy memory alias region
  PPC: Newworld: Add second uninorth control register set
  PPC: Newworld: Add uninorth token register
  PPC: Add clock-frequency export for Mac machines
  PPC: Introduce an alias cache for faster lookups
  PPC: Fix GDB read on code area for PPC6xx
  PPC: Add dump_mmu() for 6xx
  target-ppc: Introduce unrealizefn for PowerPCCPU
  booke_ppc: limit booke timer to max when timeout overflow
  Graphics: Switch to 800x600x32 as default mode
  pseries: Update MAINTAINERS information
  target-ppc kvm: save cr register
  pseries: Fix compiler warning (conversion of pointer to integral value)
  spapr-rtas: add CPU argument to RTAS calls
  target-ppc: Change default machine for 64-bit
  ppc: do not register IABR SPR twice for 603e
  target-ppc: Drop redundant flags assignments from CPU families
  mpc8544_guts: Turn qdev initfn into instance_init
  mpc8544_guts: QOM'ify
  ...

Message-id: 1372556709-23868-1-git-send-email-agraf@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoMerge remote-tracking branch 'cohuck/virtio-ccw-upstr' into staging
Anthony Liguori [Mon, 1 Jul 2013 14:02:30 +0000 (09:02 -0500)]
Merge remote-tracking branch 'cohuck/virtio-ccw-upstr' into staging

# By Cornelia Huck
# Via Cornelia Huck
* cohuck/virtio-ccw-upstr:
  virtio-ccw: fix build breakage on windows

Message-id: 1372669523-4039-1-git-send-email-cornelia.huck@de.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoMerge remote-tracking branch 'luiz/queue/qmp' into staging
Anthony Liguori [Mon, 1 Jul 2013 14:02:25 +0000 (09:02 -0500)]
Merge remote-tracking branch 'luiz/queue/qmp' into staging

# By Kevin Wolf
# Via Luiz Capitulino
* luiz/queue/qmp:
  hmp: Make "info block" output more readable

Message-id: 1372452199-23237-1-git-send-email-lcapitulino@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovirtio-ccw: fix build breakage on windows
Cornelia Huck [Fri, 28 Jun 2013 07:28:06 +0000 (09:28 +0200)]
virtio-ccw: fix build breakage on windows

event_notifier_get_fd() is not available on windows hosts. Fix this by
moving the calls to event_notifier_get_fd() to the kvm code.

Reported-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
11 years agoPPC: Ignore writes to L2CR
Alexander Graf [Wed, 26 Jun 2013 22:31:42 +0000 (00:31 +0200)]
PPC: Ignore writes to L2CR

The L2CR register contains a number of bits that either impose configuration
which we can't deal with or mean "something is in progress until the bit is
0 again".

Since we don't model the former and we do want to accomodate guests using the
latter semantics, let's just ignore writes to L2CR. That way guests always read
back 0 and are usually happy with that.

Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agomac-io: Add escc-legacy memory alias region
Alexander Graf [Wed, 26 Jun 2013 11:58:31 +0000 (13:58 +0200)]
mac-io: Add escc-legacy memory alias region

Mac OS X's debugging serial driver accesses the ESCC through a different
register layout, called "escc-legacy". This layout differs from the normal
escc register layout purely by the location of the respective registers.

This patch adds a memory alias region that takes normal escc registers and
maps them into the escc-legacy register space.

With this patch applied, a Mac OS X guest successfully emits debug output
on the serial port when run with debug parameters set, for example by running:

  $ qemu-system-ppc -prom-env -'boot-args=-v debug=0x8 io=0xff serial=0x3' \
                    -cdrom 10.4.iso -boot d

Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoPPC: Newworld: Add second uninorth control register set
Alexander Graf [Tue, 25 Jun 2013 01:46:33 +0000 (03:46 +0200)]
PPC: Newworld: Add second uninorth control register set

Mac OS X requires a second uninorth register set to be mapped a few
bytes above the first one. Let's just expose it to make it happy.

Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoPPC: Newworld: Add uninorth token register
Alexander Graf [Tue, 25 Jun 2013 01:39:21 +0000 (03:39 +0200)]
PPC: Newworld: Add uninorth token register

Mac OS X expects the uninorth control register set to contain one
register that always reads back what it writes in. Expose that.

This is just a temporary hack. Eventually, we want to expose the
uninorth (/uni-n in device tree) as a separate QOM device.

Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoPPC: Add clock-frequency export for Mac machines
Alexander Graf [Sat, 22 Jun 2013 22:22:50 +0000 (00:22 +0200)]
PPC: Add clock-frequency export for Mac machines

Support in fwcfg has been around for exposure of the clock-frequency
CPU property. OpenBIOS reads it, we just never exposed it.

Since Mac OS X is very picky about its clock frequency values, let's
just take a known good value and always expose that.

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoPPC: Introduce an alias cache for faster lookups
Alexander Graf [Sat, 22 Jun 2013 01:53:35 +0000 (03:53 +0200)]
PPC: Introduce an alias cache for faster lookups

When running QEMU with "-cpu ?" we walk through every alias for every
target CPU we know about. This takes several seconds on my very fast
host system.

Let's introduce a class object cache in the alias table. Using that we
don't have to go through the tedious work of finding our target class.
Instead, we can just go directly from the alias name to the target class
pointer.

This patch brings -cpu "?" to reasonable times again.

Before:
  real    0m4.716s

After:
  real    0m0.025s

Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoPPC: Fix GDB read on code area for PPC6xx
Fabien Chouteau [Tue, 18 Jun 2013 14:53:01 +0000 (16:53 +0200)]
PPC: Fix GDB read on code area for PPC6xx

On PPC 6xx, data and code have separated TLBs. Until now QEMU was only
looking at data TLBs, which is not good when GDB wants to read code.

This patch adds a second call to get_physical_address() with an
ACCESS_CODE type of access when the first call with ACCESS_INT fails.

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoPPC: Add dump_mmu() for 6xx
Fabien Chouteau [Fri, 21 Jun 2013 13:26:57 +0000 (15:26 +0200)]
PPC: Add dump_mmu() for 6xx

"(qemu) info tlb" is a very useful tool for debugging, so I implemented
the missing 6xx version.

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
[agraf: fix printfs on hwaddr to PRI]
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agotarget-ppc: Introduce unrealizefn for PowerPCCPU
Andreas Färber [Sun, 9 Jun 2013 20:11:49 +0000 (22:11 +0200)]
target-ppc: Introduce unrealizefn for PowerPCCPU

Use it to clean up the opcode table, resolving a former TODO from Jocelyn.
Also switch from malloc() to g_malloc().

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agobooke_ppc: limit booke timer to max when timeout overflow
Bharat Bhushan [Wed, 12 Jun 2013 12:30:50 +0000 (18:00 +0530)]
booke_ppc: limit booke timer to max when timeout overflow

Limit watchdog and fit timer to maximum timeout value which
qemu timer can support (INT64_MAX). This maximum timeout will be
hundreds of years, so limiting to max timeout is pretty safe.

Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoGraphics: Switch to 800x600x32 as default mode
Alexander Graf [Thu, 20 Jun 2013 12:06:27 +0000 (14:06 +0200)]
Graphics: Switch to 800x600x32 as default mode

We have stayed at 800x600x15 as default graphics mode for the last 9 years.
If there ever was a reason to be there, surely nobody remembers it.

However, recently non-Linux PPC guests started to show bad effects on 15 bit
color mode. They do work just fine with 32 bits however.

So let's switch to 32 bit color as the default graphic mode.

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agopseries: Update MAINTAINERS information
David Gibson [Sat, 15 Jun 2013 01:51:52 +0000 (11:51 +1000)]
pseries: Update MAINTAINERS information

I'm no longer at IBM, and therefore no long actively working on the pseries
(aka sPAPR) qemu machine type.  This patch removes my information in the
MAINTAINERS file.

While we're at it, I've added some extra file patterns for pseries specific
files that weren't included in the existing pattern.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[agraf: Remove new maintainer addition]
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agotarget-ppc kvm: save cr register
Alexey Kardashevskiy [Sat, 15 Jun 2013 01:51:51 +0000 (11:51 +1000)]
target-ppc kvm: save cr register

This adds a missing code to save CR (condition register) via
kvm_arch_put_registers(). kvm_arch_get_registers() already has it.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agopseries: Fix compiler warning (conversion of pointer to integral value)
Stefan Weil [Wed, 19 Jun 2013 21:08:29 +0000 (23:08 +0200)]
pseries: Fix compiler warning (conversion of pointer to integral value)

This kind of type cast must use uintptr_t or target_ulong to be portable
for hosts with sizeof(void *) != sizeof(long).

Here the value is assigned to a variable of type target_ulong.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
[agraf: fix compilation on 32bit hosts]
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agospapr-rtas: add CPU argument to RTAS calls
Anthony Liguori [Wed, 19 Jun 2013 20:40:30 +0000 (15:40 -0500)]
spapr-rtas: add CPU argument to RTAS calls

RTAS is a hypervisor provided binary blob that a guest loads and
calls into to execute certain functions.  It's similar to the
vsyscall page in Linux or the short lived VMCI paravirt interface
from VMware.

The QEMU implementation of the RTAS blob is simply a passthrough
that proxies all RTAS calls to the hypervisor via an hypercall.

While we pass a CPU argument for hypercall handling in QEMU, we
don't pass it for RTAS calls.  Since some RTAs calls require
making hypercalls (normally RTAS is implemented as guest code) we
have nasty hacks to allow that.

Add a CPU argument to RTAS call handling so we can more easily
invoke hypercalls just as guest code would.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agotarget-ppc: Change default machine for 64-bit
David Gibson [Sat, 15 Jun 2013 01:51:50 +0000 (11:51 +1000)]
target-ppc: Change default machine for 64-bit

Currently, for qemu-system-ppc64, the default machine type is 'mac99'.
The mac99 machine is not being actively maintained, and represents a
bizarre hybrid of components that never actually existed as a real system.
This patch changes the default machine to 'pseries', which is actively
maintained and works well with most modern ppc64 Linux distributions as a
guest.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[agraf: adjust commit message]
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoppc: do not register IABR SPR twice for 603e
Hervé Poussineau [Sat, 11 May 2013 19:03:50 +0000 (21:03 +0200)]
ppc: do not register IABR SPR twice for 603e

IABR SPR is already registered in gen_spr_603(), called from init_proc_603E().

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agotarget-ppc: Drop redundant flags assignments from CPU families
Andreas Färber [Fri, 22 Feb 2013 17:35:46 +0000 (18:35 +0100)]
target-ppc: Drop redundant flags assignments from CPU families

Previous code has #define POWERPC_INSNS2_<family> PPC_NONE in some
places for macrofied assignment to insns_flags2 field.

PPC_NONE is defined as zero though and QOM classes are zero-initialized,
so drop any pcc->insns_flags2 = PPC_NONE; assignments.

PPC_NONE itself is still in use in translate.c.

Suggested-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agompc8544_guts: Turn qdev initfn into instance_init
Andreas Färber [Sun, 9 Jun 2013 20:47:35 +0000 (22:47 +0200)]
mpc8544_guts: Turn qdev initfn into instance_init

SysBus can deal with NULL SysBusDeviceClass::init since 4ce5dae.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agompc8544_guts: QOM'ify
Andreas Färber [Sun, 9 Jun 2013 20:47:34 +0000 (22:47 +0200)]
mpc8544_guts: QOM'ify

Introduce type constant, cast macro and rename parent field.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agompc8544_guts: Fix MemoryRegion name
Andreas Färber [Sun, 9 Jun 2013 20:47:33 +0000 (22:47 +0200)]
mpc8544_guts: Fix MemoryRegion name

6544 -> 8544

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agointc/openpic_kvm: Fix QOM and build issues
Andreas Färber [Sun, 16 Jun 2013 19:30:40 +0000 (21:30 +0200)]
intc/openpic_kvm: Fix QOM and build issues

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agointc/openpic: Convert to QOM realize
Andreas Färber [Tue, 18 Jun 2013 01:58:08 +0000 (03:58 +0200)]
intc/openpic: Convert to QOM realize

Split qdev initfn into instance_init and realize functions.
Change one occurrence of "klass" while at it.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agointc/openpic: QOM'ify
Andreas Färber [Tue, 18 Jun 2013 01:58:07 +0000 (03:58 +0200)]
intc/openpic: QOM'ify

Introduce type constant and cast macro.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agokvm/openpic: in-kernel mpic support
Scott Wood [Wed, 12 Jun 2013 20:32:51 +0000 (15:32 -0500)]
kvm/openpic: in-kernel mpic support

Enables support for the in-kernel MPIC that thas been merged into the
KVM next branch.  This includes irqfd/KVM_IRQ_LINE support from Alex
Graf (along with some other improvements).

Note from Alex regarding kvm_irqchip_create():

  On x86, one would call kvm_irqchip_create() to initialize an
  in-kernel interrupt controller.  That function then goes ahead and
  initializes global capability variables as well as the default irq
  routing table.

  On ppc, we can't call kvm_irqchip_create() because we can have
  different types of interrupt controllers.  So we want to do all the
  things that function would do for us in the in-kernel device init
  handler.

Signed-off-by: Scott Wood <scottwood@freescale.com>
[agraf: squash in kvm_irqchip_commit_routes patch, fix non-kvm build,
        fix ppcemb]
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoPPC: Add non-kvm stub file
Alexander Graf [Fri, 28 Jun 2013 11:47:15 +0000 (13:47 +0200)]
PPC: Add non-kvm stub file

There are cases where a kvm provided function is called from generic
hw code that doesn't know whether kvm is available or not. Provide
a stub file which can provide simple replacement functions for those
cases.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agoKVM: PIC: Only commit irq routing when necessary
Alexander Graf [Tue, 16 Apr 2013 23:11:55 +0000 (01:11 +0200)]
KVM: PIC: Only commit irq routing when necessary

The current logic updates KVM's view of our interrupt map every time we
change it. While this is nice and bullet proof, it slows things down
badly for me. QEMU spends about 3 seconds on every start telling KVM what
news it has on its routing maps.

Instead, let's just synchronize the whole irq routing map as a whole when
we're done constructing it. For things that change during runtime, we can
still update the routing table on demand.

Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoPPC: e500: factor out mpic init code
Scott Wood [Mon, 15 Apr 2013 13:19:33 +0000 (13:19 +0000)]
PPC: e500: factor out mpic init code

KVM in-kernel MPIC support is going to expand this even more,
so let's keep it contained.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoopenpic: factor out some common defines into openpic.h
Scott Wood [Mon, 15 Apr 2013 13:19:32 +0000 (13:19 +0000)]
openpic: factor out some common defines into openpic.h

...for use by the KVM in-kernel irqchip stub.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoKVM: MSI: Swap payload to native endianness
Alexander Graf [Tue, 16 Apr 2013 13:05:22 +0000 (15:05 +0200)]
KVM: MSI: Swap payload to native endianness

The usual MSI injection mechanism writes msi.data into memory using an
le32 wrapper. So on big endian guests, this swaps msg.data into the
expected byte order.

For irqfd however, we don't swap the payload right now, rendering
in-kernel MPIC emulation broken on PowerPC.

Swap msg.data to the correct endianness whenever we touch it.

Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoKVM: Export kvm_init_irq_routing
Alexander Graf [Tue, 16 Apr 2013 13:58:13 +0000 (15:58 +0200)]
KVM: Export kvm_init_irq_routing

On PPC, we can have different types of interrupt controllers, so we really
only know that we are going to use one when we created it.

Export kvm_init_irq_routing() to common code, so that we don't have to call
kvm_irqchip_create().

Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoKVM: Don't assume that mpstate exists with in-kernel PIC always
Alexander Graf [Wed, 24 Apr 2013 20:24:12 +0000 (22:24 +0200)]
KVM: Don't assume that mpstate exists with in-kernel PIC always

On PPC, we don't support MP state. So far it's not necessary and I'm
not convinced yet that we really need to support it ever.

However, the current idle logic in QEMU assumes that an in-kernel PIC
also means we support MP state. This assumption is not true anymore.

Let's split up the two cases into two different variables. That way
PPC can expose an in-kernel PIC, while not implementing MP state.

Signed-off-by: Alexander Graf <agraf@suse.de>
CC: Jan Kiszka <jan.kiszka@siemens.com>