review.tizen.org Git - sdk/emulator/qemu.git/log

fix screendump

Commit 45efb16124efef51de5157afc31984b5a47700f9 optimized a bit too
much. We can skip the vga_invalidate_display() in case no console
switch happened because we don't need a full redraw then. We can *not*
skip vga_hw_update() though, because the screen content will be stale
then in case nobody else calls vga_hw_update().

Trigger: vga textmode with vnc display and no client connected.

Reported-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Tested-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

target-sparc: Add compiler attribute to some functions which don't return

helper_raise_exception does not return, nor does do_unaligned_access.

Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

target-mips: Add compiler attribute to some functions which don't return

helper_raise_exception_err does not return, nor do helper_raise_exception
and do_unaligned_access.

Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Add support for target helper functions which don't return

Most functions which handle exceptions don't return.

With a compiler attribute (added by QEMU_NORETURN),
gcc can optimize the code.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

scripts: add gdb support script

Add a script that enhances gdb to be aware of QEMU data structures.

This patch adds a single gdb command, 'qemu mtree'. The command is
similar to the monitor's 'info mtree', except that it prints MemoryRegion
addresses, and except for working from a core dump as well as a live instance.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Merge remote-tracking branch 'sstabellini/saverestore-8' into staging

* sstabellini/saverestore-8:
  xen: do not allocate RAM during INMIGRATE runstate
  xen mapcache: check if memory region has moved.
  xen: record physmap changes to xenstore
  Set runstate to INMIGRATE earlier
  Introduce "xen-save-devices-state"
  cirrus_vga: do not reset videoram

Conflicts:
qapi-schema.json

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Merge remote-tracking branch 'stefanha/trivial-patches' into staging

* stefanha/trivial-patches:
  qemu-ga: for w32, fix leaked handle ov.hEvent in ga_channel_write()
  ioapic: fix build with DEBUG_IOAPIC
  .gitignore: add qemu-bridge-helper and option rom build products
  cleanup obsolete typedef
  monitor: Remove unused bool field 'qapi' in mon_cmd_t struct
  ds1338: Add missing break statement
  vnc: Fix packed boolean struct members
  Remove type field in ModuleEntry as it's not used

Merge remote-tracking branch 'spice/spice.v50' into staging

* spice/spice.v50:
  spice: fix broken initialization
  hw/qxl.c: Fix compilation failures on 32 bit hosts
  qxl/qxl_render.c: add trace events
  qxl: switch qxl.c to trace-events
  qxl: init_pipe_signaling: exit on failure
  monitor: fix client_migrate_info error handling
  spice: set spice uuid and name

Merge remote-tracking branch 'bonzini/scsi-next' into staging

* bonzini/scsi-next:
  scsi: add get_dev_path
  virtio-scsi: call unregister_savevm properly
  scsi: copy serial number into VPD page 0x83
  scsi-cd: check ready condition before processing several commands
  get rid of CONFIG_VIRTIO_SCSI

Merge remote-tracking branch 'qemu-kvm/memory/urgent' into staging

* qemu-kvm/memory/urgent:
exec: fix guest memory access for Xen

xen: do not allocate RAM during INMIGRATE runstate

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

xen mapcache: check if memory region has moved.

This patch changes the xen_map_cache behavior. Before trying to map a guest
addr, mapcache will look into the list of range of address that have been moved
(physmap/set_memory). There is currently one memory space like this, the vram,
"moved" from were it's allocated to were the guest will look into.

This help to have a succefull migration.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

xen: record physmap changes to xenstore

Write to xenstore any physmap changes so that the hypervisor can be
aware of them.
Read physmap changes from xenstore on boot.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

Set runstate to INMIGRATE earlier

Set runstate to RUN_STATE_INMIGRATE as soon as we can on resume.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>

Introduce "xen-save-devices-state"

- add an "is_ram" flag to SaveStateEntry;

- register_savevm_live sets is_ram for live_savevm devices;

- introduce a "xen-save-devices-state" QAPI command that can be used to save
the state of all devices, but not the RAM or the block devices of the
VM.

Changes in v8:

- rename save-devices-state to xen-save-devices-state.

Changes in v7:

- rename save_devices to save-devices-state.

Changes in v6:

- remove the is_ram parameter from register_savevm_live and sets is_ram
if the device is a live_savevm device;

- introduce save_devices as a QAPI command, write a better description
for it;

- fix CODING_STYLE;

- introduce a new doc to explain the save format used by save_devices.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>

exec: fix guest memory access for Xen

In cpu_physical_memory_rw, a change has been introduced and qemu_get_ram_ptr is
no longuer called with the ram addr we want to access, but only with the
section address. This patch fixes this. (All other call to qemu_get_ram_ptr are
already called with the right address.)

This patch fixes Xen guest.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

Merge remote-tracking branch 'origin/master' into staging

* origin/master:
tcg: fix sparc host for AREG0 free operation

scsi: add get_dev_path

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

virtio-scsi: call unregister_savevm properly

This fixes a use-after-free when migrating after hot-unplug.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

scsi: copy serial number into VPD page 0x83

Currently QEMU passes the qdev device id to the guest in an ASCII-string
designator in page 0x83. While this is fine, it does not match what
real hardware does; usually the ASCII-string designator there hosts
another copy of the serial number (there can be other designators,
for example with a world-wide name). Do the same for QEMU SCSI
disks.

ATAPI does not support VPD pages, so it does not matter there.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

scsi-cd: check ready condition before processing several commands

This commit is more or less obvious. What it caused is less obvious:
SCSI CD drives failed to eject under Linux, though for example the
"change" command worked okay. This happens because of the autoclose
option in the Linux CD-ROM driver.

The actual chain of events is quite complex and somehow involves
udev helpers; the actual command that matters is READ TOC, though
honestly it's not really clear to me how because it should always be
invoked after autoclose, not before.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

get rid of CONFIG_VIRTIO_SCSI

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Merge remote-tracking branch 'qemu-kvm/memory/urgent' into staging

* qemu-kvm/memory/urgent: (42 commits)
  memory: check for watchpoints when getting code ram_addr
  exec: fix write tlb entry misused as iotlb
  Sparc: avoid AREG0 wrappers for memory access helpers
  Sparc: avoid AREG0 for memory access helpers
  TCG: add 5 arg helpers to def-helper.h
  softmmu templates: optionally pass CPUState to memory access functions
  i386: Remove REGPARM
  sparc64: implement PCI and ISA irqs
  sparc: reset CPU state on reset
  apb: use normal PCI device header for PBM device
  w64: Fix data type of next_tb and tcg_qemu_tb_exec
  softfloat: fix for C99
  vmstate: fix varrays with uint32_t indexes
  Fix large memory chunks allocation with tcg_malloc.
  hw/pxa2xx.c: Fix handling of pxa2xx_i2c variable offset within region
  hw/pxa2xx_lcd.c: drop target_phys_addr_t usage in device state
  hw/pxa2xx_dma.c: drop target_phys_addr_t usage in device state
  ARM: Remove unnecessary subpage workarounds
  malta: Fix display for LED array
  malta: Use symbolic hardware addresses
  ...

Merge remote-tracking branch 'qmp/queue/qmp' into staging

* qmp/queue/qmp:
  qapi: Convert migrate
  Purge migration of (almost) everything to do with monitors
  Error: Introduce error_copy()
  QError: Introduce new errors for the migration command

spice: fix broken initialization

Commit 1b71f7c14fab6f00c2680d4489fbee7baf796e4f moved MODULE_INIT_QOM to
way before MODULE_INIT_MACHINE, thereby breaking assumptions made in
spice-core.c which registered both a type initializer and a machine
intializer.

This fix removes the type registration, and replaces it with calling
qemu_spice_init in vl.c after command line parsing (second pass) is
done, and after timers are armed, required by spice server.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

hw/qxl.c: Fix compilation failures on 32 bit hosts

Fix compilation failures on 32 bit hosts (cast from pointer to
integer of different size; %ld expects 'long int' not uint64_t).

Reported-by: Steve Langasek <steve.langasek@canonical.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qxl/qxl_render.c: add trace events

Signed-off-by: Alon Levy <alevy@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qxl: switch qxl.c to trace-events

dprint is still used for qxl_init_common one time prints.

also switched parts of spice-display.c over, mainly all the callbacks to
spice server.

All qxl device trace events start with the qxl device id.

Signed-off-by: Alon Levy <alevy@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qxl: init_pipe_signaling: exit on failure

If pipe creation fails, exit, don't log and continue. Fix indentation at
the same time.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

monitor: fix client_migrate_info error handling

Report QERR_MISSING_PARAMETER when port is missing. Otherwise
QERR_UNDEFINED_ERROR will occur.

rhbz #795652

Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

spice: set spice uuid and name

This allows a Spice client to identify a VM

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qemu-ga: for w32, fix leaked handle ov.hEvent in ga_channel_write()

In the function ga_channel_write(), the handle ov.hEvent is created
by the call to CreateEvent(). However, the handle is not closed
prior to the function return.

This patch closes the handle before the return of the function.

Kudos to Paolo Bonzini for spotting this bug.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

ioapic: fix build with DEBUG_IOAPIC

ioapic.c:198: error: format ‘%08x’ expects type ‘unsigned int’, but argument 3 has type ‘uint64_t’

Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

.gitignore: add qemu-bridge-helper and option rom build products

This adds a few previously missing generated files to .gitignore: the
qemu-bridge-helper binary, and more generated versions of the
linuxboot, multiboot and kvmvapic roms from pc-bios/optionrom.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

cleanup obsolete typedef

There are no users of i2c_slave.

Signed-off-by: Joshua Housh <joshua.housh@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

monitor: Remove unused bool field 'qapi' in mon_cmd_t struct

Some minor code cleanup: the 'qapi' bool field in mon_cmd_t is
unused, and can be removed.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

ds1338: Add missing break statement

Without the break statement, case 5 sets month and year from the same
data. This does not look correct.

The missing break was reported by splint.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

vnc: Fix packed boolean struct members

This patch fixes warnings reported by splint:

For variables which are packed in a single bit, a signed data type
like 'int' does not make much sense.

There is no obvious reason why the two values should be packed,
so I removed the packing and changed the data type to bool
because both are used as boolean values.

v2:

Some versions of gcc complain after this modification,
for example gcc (Debian 4.4.5-8) 4.4.5):

ui/vnc-auth-sasl.c: In function ‘vnc_sasl_client_cleanup’:
ui/vnc-auth-sasl.c:34: error: suggest parentheses around assignment used as truth value

Obviously, the compiler does not like code which does
bool = unsigned = bool = 0

Splitting that code in three statements works.

Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

Remove type field in ModuleEntry as it's not used

Signed-off-by: Chen Yufei <cyfdecyf@gmail.com>
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

memory: check for watchpoints when getting code ram_addr

The code to get the ram_addr from a (tlb entry, vaddr) pair
checks that the resulting memory is not MMIO, but neglects to
check whether the region is hidden by a watchpoint page.

Add the missing check.

Signed-off-by: Avi Kivity <avi@redhat.com>

exec: fix write tlb entry misused as iotlb

A couple of code paths check the lower bits of CPUTLBEntry::addr_write
against io_mem_ram as a way of looking for a dirty RAM page. This works
by accident since the value is zero, which matches all clear bits for
TLB_INVALID, TLB_MMIO, and TLB_NOTDIRTY (indicating dirty RAM).

Make it work by design by checking for the proper bits.

Signed-off-by: Avi Kivity <avi@redhat.com>

tcg: fix sparc host for AREG0 free operation

e141ab52d2ea5d0bc6ad3b1ad32841127ca04adc didn't handle
the other memory access helper case, fix.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Sparc: avoid AREG0 wrappers for memory access helpers

Adjust generation of load and store templates so that the functions
take a parameter for CPUState instead of relying on global env.

Remove wrappers. Move remaining memory helpers to ldst_helper.c.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Sparc: avoid AREG0 for memory access helpers

Make memory access helpers take a parameter for CPUState instead
of relying on global env. Introduce wrappers for load and store ops.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

TCG: add 5 arg helpers to def-helper.h

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

softmmu templates: optionally pass CPUState to memory access functions

Optionally, make memory access helpers take a parameter for CPUState
instead of relying on global env.

On most targets, perform simple moves to reorder registers. On i386,
switch from regparm(3) calling convention to standard stack-based
version.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

i386: Remove REGPARM

Use stack based calling convention (GCC default) for interfacing with
generated code instead of register based convention (regparm(3)).

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

sparc64: implement PCI and ISA irqs

Generate correct trap for external interrupts. Map PCI and ISA IRQs to
RIC/UltraSPARC-IIi interrupt vectors.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

sparc: reset CPU state on reset

Not strictly accurate for Sparc64 but avoid confusing Valgrind.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

apb: use normal PCI device header for PBM device

PBM has a normal PCI device header, fix.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Merge branch 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm

* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
  hw/pxa2xx.c: Fix handling of pxa2xx_i2c variable offset within region
  hw/pxa2xx_lcd.c: drop target_phys_addr_t usage in device state
  hw/pxa2xx_dma.c: drop target_phys_addr_t usage in device state
  ARM: Remove unnecessary subpage workarounds
  hw/omap_i2c: Convert to qdev

w64: Fix data type of next_tb and tcg_qemu_tb_exec

next_tb is the numeric value of a tcg target (= QEMU host) address.

Using tcg_target_ulong instead of unsigned long shows this and makes
the code portable for hosts with an unusual size of long (w64).

The type cast '(long)(next_tb & ~3)' was not needed (casting
unsigned long to long does not change the bits, and nor does
casting long to pointer for most (= all non w64) hosts.
It is removed here.

Macro or function tcg_qemu_tb_exec is used to set next_tb.
The function also returns next_tb. Therefore tcg_qemu_tb_exec
must return a tcg_target_ulong.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

softfloat: fix for C99

C99 appears to consider compound literals as non-constants, and complains
when they are used in static initializers. Switch to ordinary initializer
syntax.

Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Andreas Färber <afaerber@suse.de>
Reported-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Merge branch 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm

* 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
  target-arm: Decode SETEND correctly in Thumb
  target-arm: Clear IT bits when taking exceptions in v7M
  target-arm: Fix typo in ARM946 cp15 c5 handling

Merge branch 'malta' of git://qemu.weilnetz.de/qemu

* 'malta' of git://qemu.weilnetz.de/qemu:
  malta: Fix display for LED array
  malta: Use symbolic hardware addresses
  malta: Always allocate flash memory
  malta: Clean allocation of bios region alias

Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf

* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf:
  PPC: Fix openpic with relative memregions
  pseries: Configure PCI bridge using properties
  PPC: KVM: Synchronize regs on CPU dump
  kvm: Comparison with ioctl number macros needs to be unsigned
  ppc: Correctly define POWERPC_INSNS2_DEFAULT
  pseries: Add support for level interrupts to XICS
  PPC: Fix large page support in TCG
  PPC: Add PIR register to POWER7 CPU
  pseries: Remove PCI device from PCI host bridge code
  pseries: Remove unused constant from PCI code
  pseries: Update SLOF firmware image
  PPC64: Add support for ldbrx and stdbrx instructions
  pseries: Don't try to munmap() a malloc()ed TCE table
  ppc: Add missing 'static' to spin_rw_ops
  PPC: 405: Fix ppc405ep initialization
  Bad zero comparison for sas_ss_flags on powerpc

vmstate: fix varrays with uint32_t indexes

VMSTATE_VARRAY_UINT32() is used in hw/ds1225y.c, and we checked
VMS_VARRAY_UINT32 bit of field->flags in vmstate_load_state(),
but we don't check this bit in vmstate_save_state().

Signed-off-by: Amos Kong <akong@redhat.com>
Acked-by: Juan Quintela <quintela@redhat.com>
Acked-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Fix large memory chunks allocation with tcg_malloc.

An attempt to allocate a large memory chunk after a small one resulted in
circular links in list of pools. It caused the same memory being
allocated twice for different arrays.

Now pools for large memory chunks are kept in separate list and are
freed during pool reset because current allocator can not reuse them.

Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Merge remote-tracking branch 'kraxel/seabios-1.6.3.2' into staging

* kraxel/seabios-1.6.3.2:
Update seabios to 1.6.3.2
Add seabios build scripts to roms/

pci: fix double free of romfile property

The qdev property release function frees any string properties. This was
resulting in a double free during hot unplug.

It manifests in network devices because block devices have a NULL romfile
property by default.

Cc: Michael Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

hw/pxa2xx.c: Fix handling of pxa2xx_i2c variable offset within region

The pxa2xx I2C controller can have its registers at an arbitrary offset
within the MemoryRegion it creates. We use this to create two controllers,
one which covers a region of size 0x10000 with registers starting at an
offset 0x1600 into that region, and a second one which covers a region
of size just 0x100 with the registers starting at the base of the region.

The implementation of this offsetting uses two qdev properties, "offset"
(which sets the offset which must be subtracted from the address to
get the offset into the actual register bank) and "size", which is the
size of the MemoryRegion. We were actually using "offset" for two
purposes: firstly the required one of handling the registers not being
at the base of the MemoryRegion, and secondly as a workaround for a
deficiency of QEMU. Until commit 5312bd8b3, if a MemoryRegion was mapped
at a non-page boundary, the address passed into the read and write
functions would be the offset from the start of the page, not the
offset from the start of the MemoryRegion. So when calculating the value
to set the "offset" qdev property we included a rounding to a page
boundary.

Following commit 5312bd8b3 MemoryRegion read/write functions are now
correctly passed the offset from the base of the region, and our
workaround now means we're subtracting too much from addresses, resulting
in warnings like "pxa2xx_i2c_read: Bad register 0xffffff90".
The fix for this is simply to remove the rounding to a page boundary;
this allows us to slightly simplify the expression since
base - (base & (~region_size)) == base & region_size

The qdev property "offset" itself must remain because it is still
performing its primary job of handling register banks not being at
the base of the MemoryRegion.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>

hw/pxa2xx_lcd.c: drop target_phys_addr_t usage in device state

Pxa2xx LCD controller is intended to work with 32-bit bus and it has no knowledge
of system's physical address size, so it should not use target_phys_addr_t in it's
state. Convert three variables in DMAChannel state from target_phys_addr_t to uint32_t,
use VMSTATE_UINT32 instead of VMSTATE_UINTTL for these variables.
We can do this safely because:
1) pxa2xx has 32-bit physical address;
2) rest of the code in file never assumes converted variables to have any size
different from uint32_t;
3) we shouldn't have used VMSTATE_UINTTL in the first place because this macro
is for target_ulong type (which can be different from target_phys_addr_t).

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/pxa2xx_dma.c: drop target_phys_addr_t usage in device state

Pxa2xx DMA controller is a 32-bit device and it has no knowledge of system's
physical address size, so it should not use target_phys_addr_t in it's state.
Convert variables descr, src and dest from type target_phys_addr_t to uint32_t,
use VMSTATE_UINT32 instead of VMSTATE_UINTTL for these variables.

We can do this safely because:
1) pxa2xx actually has 32-bit physical address size;
2) rest of the code in file never assumes descr, src and dest variables to have
size different from uint32_t;
3) we shouldn't have used VMSTATE_UINTTL in the first place because this macro
is for target_ulong type (which can be different from target_phys_addr_t).

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

ARM: Remove unnecessary subpage workarounds

In the ARM per-CPU peripherals (GIC, private timers, SCU, etc),
remove workarounds for subpage memory region read/write functions
being passed offsets from the start of the page rather than the
start of the region. Following commit 5312bd8b3 the masking off
of high bits of the address offset is now harmless but unnecessary.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>

malta: Fix display for LED array

The 8-LED array was already implemented in the first commit to Malta,
but this implementation was incomplete.

Signed-off-by: Stefan Weil <sw@weilnetz.de>

malta: Use symbolic hardware addresses

The patch adds definitions of some hardware addresses and uses these
definitions.

It also replaces the type of all addresses from signed to unsigned values.
This is only a cosmetic change because addresses are unsigned values,
the functions called also expect unsigned values,
and we need no sign extension here.

Signed-off-by: Stefan Weil <sw@weilnetz.de>

malta: Always allocate flash memory

There is no reason why there should not be a flash memory when the
Malta emulation is started with a Linux kernel. When flash memory
is always available, the code is simpler, and it can be better tested.

Signed-off-by: Stefan Weil <sw@weilnetz.de>

malta: Clean allocation of bios region alias

It is sufficient to define the region alias once for all code branches.

Signed-off-by: Stefan Weil <sw@weilnetz.de>

target-arm: Decode SETEND correctly in Thumb

Decode the SETEND instruction correctly in Thumb mode,
rather than accidentally treating it like CPS. We don't
support BE8 mode, but this change brings the Thumb mode
in to line with behaviour in ARM mode: 'SETEND BE' is
not supported and will provoke an UNDEF exception, but
'SETEND LE' is correctly handled as a no-op.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Daniel Forsgren <daniel.forsgren@enea.com>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>

target-arm: Clear IT bits when taking exceptions in v7M

When taking an exception for an M profile core, we must clear
the IT bits. Since the IT bits are cached in env->condexec_bits
we must clear them there: writing the bits in env->uncached_cpsr
has no effect. (Reported as LP:944645.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: Fix typo in ARM946 cp15 c5 handling

Fix a typo in handling of the ARM946 cp15 c5 c0 0 1 handling
(instruction access permission bits) that meant it would
return the data access permission bits by mistake.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/omap_i2c: Convert to qdev

Convert the omap_i2c device to qdev.

Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

qapi: Convert migrate

The migrate command is one of those commands where HMP and QMP completely
mix up together. This made the conversion to the QAPI (which separates the
command into QMP and HMP parts) a bit difficult.

The first important change to be noticed is that this commit completes the
removal of the Monitor object from migration code, started by the previous
commit.

Another important and tricky change is about supporting the non-detached
mode. That is, if the user doesn't pass '-d' the migrate command will lock
the monitor and will only release it when migration is finished.

To support this in the new HMP command (hmp_migrate()), it is necessary
to create a timer which runs every second and checks if the migration is
still active. If it is, the timer callback will re-schedule itself to run
one second in the future. If the migration has already finished, the
monitor lock is released and the user can use it normally.

All these changes should be transparent to the user.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

Purge migration of (almost) everything to do with monitors

The Monitor object is passed back and forth within the migration/savevm
code so that it can print errors and progress to the user.

However, that approach assumes a HMP monitor, being completely invalid
in QMP.

This commit drops almost every single usage of the Monitor object, all
monitor_printf() calls have been converted into DPRINTF() ones.

There are a few remaining Monitor objects, those are going to be dropped
by the next commit.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

Error: Introduce error_copy()

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QError: Introduce new errors for the migration command

The new errors are QERR_MIGRATION_ACTIVE and QERR_MIGRATION_NOT_SUPPORTED,
which are going to be used by the QAPI converted migration command.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

PPC: Fix openpic with relative memregions

After commit 5312bd8b3152 we got memory region relative offsets into our mmio
callbacks instead of page boundary based offsets.

This broke the OpenPIC emulation which expected offsets to be on page boundary
and substracted its region offset manually.

This patch gets rid of that manual substraction and lets the memory api do its
magic instead.

Signed-off-by: Alexander Graf <agraf@suse.de>

pseries: Configure PCI bridge using properties

Currently, the function spapr_create_phb() uses its parameters to
initialize the correct memory windows for the new PCI Host Bridge
(PHB). This is not the way things are supposed to be done with qdevs,
and means you can't create extra PHBs easily using -device.

Since pSeries machines can and do have many PHBs with various
configurations, this is a real limitation, not just a theoretical.
This patch, therefore, alters the PHB initialization code to use qdev
properties to set these parameters of the new bridge, moving most of
the code from spapr_create_phb() to spapr_phb_init().

While we're at it, we change the naming of each PCI bus and its
associated memory regions to be less arbitrary and make it easier to
relate the guest and qemu views of memory to each other.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: KVM: Synchronize regs on CPU dump

When we dump the CPU registers, there's a certain chance they haven't been
synchronized with KVM yet, so we have to manually trigger that.

This aligns the code with x86 and fixes a bug where the register state was
bogus on invalid/unknown kvm exit reasons.

Reported-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

kvm: Comparison with ioctl number macros needs to be unsigned

In kvm-all.c we store an ioctl cmd number in the irqchip_inject_ioctl field
of KVMState, which has type 'int'.  This seems to make sense since the
ioctl() man page says that the cmd parameter has type int.

However, the kernel treats ioctl numbers as unsigned - sys_ioctl() takes an
unsigned int, and the macros which generate ioctl numbers expand to
unsigned expressions.  Furthermore, some ioctls (IOC_READ ioctls on x86
and IOC_WRITE ioctls on powerpc) have bit 31 set, and so would be negative
if interpreted as an int. This has the surprising and compile-breaking
consequence that in kvm_irqchip_set_irq() where we do:
    return (s->irqchip_inject_ioctl == KVM_IRQ_LINE) ? 1 : event.status;
We will get a "comparison is always false due to limited range of data
type" warning from gcc if KVM_IRQ_LINE is one of the bit-31-set ioctls,
which it is on powerpc.

So, despite the fact that the man page and posix say ioctl numbers are
signed, they're actually unsigned.  The kernel uses unsigned, the glibc
header uses unsigned long, and FreeBSD, NetBSD and OSX also use unsigned
long ioctl numbers in the code.

Therefore, this patch changes the variable to be unsigned, fixing the
compile.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

ppc: Correctly define POWERPC_INSNS2_DEFAULT

'POWERPC_INSNS2_DEFAULT' was defined incorrectly which was causing the
opcode table creation code to erroneously register 'eieio' and 'mbar'
for the "default" processor:

   ** ERROR: opcode 1a already assigned in opcode table 16
   *** ERROR: unable to insert opcode [1f-16-1a]
   *** ERROR initializing PowerPC instruction 0x1f 0x16 0x1a

Signed-off-by: Meador Inge <meadori@codesourcery.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

pseries: Add support for level interrupts to XICS

The pseries "xics" interrupt controller, like most interrupt
controllers can support both message (i.e. edge sensitive) interrupts
and level sensitive interrupts, but it needs to know which are which.

When I implemented the xics emulation for qemu, the only devices we
supported were the PAPR virtual IO devices.  These devices only use
message interrupts, so they were the only ones I implemented in xics.

Since then, however, we have added support for PCI devices, which use
level sensitive interrupts.  It turns out the message interrupt logic
still actually works most of the time for these, but there are
circumstances where we can lost interrupts due to the incorrect
interrupt logic.

This patch, therefore, implements the correct xics level-sensitive
interrupt logic.  The type of the interrupt is set when a device
allocates a new xics interrupt.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Fix large page support in TCG

Fix large page support in TCG. The old code would overwrite the large page
table entry with the fake 4 KB one generated here whenever the ref/change bits
were updated, causing it to point to the wrong area of memory.

Signed-off-by: Nathan Whitehorn <nwhitehorn@freebsd.org>
Acked-by: David Gibson <david@gibson.drobpear.id.au>
[agraf: fix whitespace, braces]
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Add PIR register to POWER7 CPU

The POWER7 emulation is missing the Processor Identification Register,
mandatory in recent POWER CPUs, that is required for SMP on at least
some operating systems (e.g. FreeBSD) to function properly. This patch
copies the existing PIR code from the other CPUs that implement it.

Signed-off-by: Nathan Whitehorn <nwhitehorn@freebsd.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

pseries: Remove PCI device from PCI host bridge code

The sPAPR PCI code defines a PCI device "spapr-pci-host-bridge-pci" which
is never used. This came over from the earlier bridge driver we used as
a template. Some other bridges appear on their own PCI bus as a device,
but that is not true of pSeries bridges, which are pure host to PCI with
no visible presence on the PCI side.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

pseries: Remove unused constant from PCI code

The 'bars' constant array was used in experimental device allocation code
which is no longer necessary now that we always run the SLOF firmware.
This patch removes the now redundant variable.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

pseries: Update SLOF firmware image

This patch updates the SLOF firmware image used on the pseries
machine. The new version adds support for Cirrus VGA and virtfs, as
well as including a number of bugfixes.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC64: Add support for ldbrx and stdbrx instructions

These instructions for loading and storing byte-swapped 64-bit values have
been introduced in PowerISA 2.06.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

pseries: Don't try to munmap() a malloc()ed TCE table

For the pseries machine, TCE (IOMMU) tables can either be directly
malloc()ed in qemu or, when running on a KVM which supports it, mmap()ed
from a KVM ioctl.  The latter option is used when available, because it
allows the (frequent bottlenext) H_PUT_TCE hypercall to be KVM accelerated.
However, even when KVM is persent, TCE acceleration is not always possible.
Only KVM HV supports this ioctl(), not KVM PR, or the kernel could run out
of contiguous memory to allocate the new table.  In this case we need to
fall back on the malloc()ed table.

When a device is removed, and we need to remove the TCE table, we need to
either munmap() or free() the table as appropriate for how it was
allocated.  The code is supposed to do that, but we buggily fail to
initialize the tcet->fd variable in the malloc() case, which is used as a
flag to determine which is the right choice.

This patch fixes the bug, and cleans up error messages relating to this
path while we're at it.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

ppc: Add missing 'static' to spin_rw_ops

spin_rw_ops is only used in hw/ppce500_spin.c.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: 405: Fix ppc405ep initialization

When trying to run a ppc405 guest, it segfaults quite quickly, trying to
access timers that weren't initialized. Initialize them properly instead.

Reported-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

Bad zero comparison for sas_ss_flags on powerpc

All architectures work the same way, and all check for sas_ss_flags ==
0. The powerpc lines are wrong, and do the check the other way round
(it's a qemu internal check, which is done wrong only for this
architecture, it's more a typo than a bug). It's NOT ppc specific,
it's POSIX standard (sigaltstack) and qemu internal.

I have a test source that I will send in a follow-up (it's longer than
I would have wished, I'm sure that a better test case can be written
if needed)

Signed-off-by: Alex Barcelo <abarcelo@ac.upc.edu>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-lm32/microblaze: Drop second CPU{LM32, MB}State typedef

Commit 9b9a970a23625de4ae6b7461906a9a0d98d3ca95
(target-lm32/microblaze: Typedef struct CPU{MB,LM32}State)
introduced necessary typedefs for cpu_mmu_index() and mmu.h
respectively.

On some GCC versions this leads to "error: redefinition of typedef".

Drop the original typedef to hopefully fix the build.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Merge remote-tracking branch 'afaerber/qom-cpu.v5' into staging

* afaerber/qom-cpu.v5: (43 commits)
  qom: Introduce CPU class
  Rename CPUState -> CPUArchState
  xtensa hw/: Don't use CPUState
  sparc hw/: Don't use CPUState
  sh4 hw/: Don't use CPUState
  s390x hw/: Don't use CPUState
  ppc hw/: Don't use CPUState
  mips hw/: Don't use CPUState
  microblaze hw/: Don't use CPUState
  m68k hw/: Don't use CPUState
  lm32 hw/: Don't use CPUState
  i386 hw/: Don't use CPUState
  cris hw/: Don't use CPUState
  arm hw/: Don't use CPUState
  alpha hw/: Don't use CPUState
  xtensa-semi: Don't use CPUState
  m68k-semi: Don't use CPUState
  arm-semi: Don't use CPUState
  target-xtensa: Don't overuse CPUState
  target-unicore32: Don't overuse CPUState
  ...

vnc: Limit r/w access to size of allocated memory

This fixes memory reads and writes which exceeded the upper limit
of allocated memory vd->guest.ds->data and vd->server->data.

Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

vnc: don't mess up with iohandlers in the vnc thread

The threaded VNC servers messed up with QEMU fd handlers without
any kind of locking, and that can cause some nasty race conditions.

Using qemu_mutex_lock_iothread() won't work because vnc_dpy_cpy(),
which will wait for the current job queue to finish, can be called with
the iothread lock held.

Instead, we now store the data in a temporary buffer, and use a bottom
half to notify the main thread that new data is available.

vnc_[un]lock_ouput() is still needed to access VncState members like
abort, csock or jobs_buffer.

Signed-off-by: Corentin Chary <corentin.chary@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

qom: Introduce CPU class

Reintroduce CPUState as QOM object: It's abstract and derived directly
from TYPE_OBJECT for compatibility with the user emulators.
The identifier CPUState avoids conflicts between CPU() and the struct.

Introduce $(qom-twice-y) to build it separately for system and for user
emulators.

Prepare a virtual reset method, (re)introduce cpu_reset() as wrapper.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>

Rename CPUState -> CPUArchState

Scripted conversion:
  for file in *.[hc] hw/*.[hc] hw/kvm/*.[hc] linux-user/*.[hc] linux-user/m68k/*.[hc] bsd-user/*.[hc] darwin-user/*.[hc] tcg/*/*.[hc] target-*/cpu.h; do
    sed -i "s/CPUState/CPUArchState/g" $file
  done

All occurrences of CPUArchState are expected to be replaced by QOM CPUState,
once all targets are QOM'ified and common fields have been extracted.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>

xtensa hw/: Don't use CPUState

Scripted conversion:
  for file in hw/xtensa_*.[hc]; do
    sed -i "s/CPUState/CPUXtensaState/g" $file
  done

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>

sparc hw/: Don't use CPUState

Scripted conversion:
  for file in hw/sun4m.c hw/sun4u.c hw/grlib.h hw/leon3.c; do
    sed -i "s/CPUState/CPUSPARCState/g" $file
  done

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>