sdk/emulator/qemu.git
9 years agoMerge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Peter Maydell [Thu, 19 Mar 2015 10:07:23 +0000 (10:07 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

- kvm: ioeventfd fix for PPC64LE
- virtio-scsi: misc fixes
- fix for --enable-profiler
- nbd: fixes from Max
- build: fix for scripts/make_device_config.sh
- exec: fix for address_space_translate

# gpg: Signature made Wed Mar 18 11:11:08 2015 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  exec: Respect as_tranlsate_internal length clamp
  virtio-scsi-dataplane: fix memory leak in virtio_scsi_vring_init
  profiler: Reenable built-in profiler
  kvm: fix ioeventfd endianness on bi-endian architectures
  virtio-scsi: Fix assert in virtio_scsi_push_event
  build: pass .d file name to scripts/make_device_config.sh, fix makefile target
  coroutine-io: Return -errno in case of error
  nbd: Drop unexpected data for NBD_OPT_LIST
  nbd: Fix interpretation of the export flags
  nbd: Fix nbd_receive_options()
  nbd: Set block size to BDRV_SECTOR_SIZE
  nbd: Fix potential signed overflow issues
  qemu-nbd: fork() can fail
  nbd: Handle blk_getlength() failure
  nbd: Pass return value from nbd_handle_list()
  nbd: Fix nbd_establish_connection()'s return value
  qemu-nbd: Detect unused partitions by system == 0
  util/uri: Add overflow check to rfc3986_parse_port
  nbd: Fix overflow return value

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoexec: Respect as_tranlsate_internal length clamp
Peter Crosthwaite [Tue, 17 Mar 2015 05:35:54 +0000 (22:35 -0700)]
exec: Respect as_tranlsate_internal length clamp

address_space_translate_internal will clamp the *plen length argument
based on the size of the memory region being queried. The iommu walker
logic in addresss_space_translate was ignoring this by discarding the
post fn call value of *plen. Fix by just always using *plen as the
length argument throughout the fn, removing the len local variable.

This fixes a bootloader bug when a single elf section spans multiple
QEMU memory regions.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1426570554-15940-1-git-send-email-peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agovirtio-scsi-dataplane: fix memory leak in virtio_scsi_vring_init
Bo Su [Wed, 18 Mar 2015 09:42:12 +0000 (09:42 +0000)]
virtio-scsi-dataplane: fix memory leak in virtio_scsi_vring_init

if k->set_host_notifier failed, VirtIOSCSIVring *r will leak

Signed-off-by: Bo Su <subo7@huawei.com>
Message-Id: <1426671732-80213-1-git-send-email-subo7@huawei.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoprofiler: Reenable built-in profiler
Alexey Kardashevskiy [Mon, 16 Mar 2015 03:57:38 +0000 (14:57 +1100)]
profiler: Reenable built-in profiler

2ed1ebcf6 "timer: replace time() with QEMU_CLOCK_HOST" broke compile
when configured with --enable-profiler. Turned out the profiler has been
broken for a while.

This does s/qemu_time/tcg_time/ as the profiler only works in a TCG mode.
This also fixes the compile error.

This changes profile_getclock() to return nanoseconds rather than
CPU ticks as the "profile" HMP command prints seconds and there is no
platform-independent way to get ticks-per-second rate.
Since TCG is quite slow and get_clock() returns nanoseconds (fine
enough), this should not affect precision much.

This removes unused qemu_time_start and tlb_flush_time.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <1426478258-29961-1-git-send-email-aik@ozlabs.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: fix ioeventfd endianness on bi-endian architectures
Greg Kurz [Fri, 13 Mar 2015 21:23:37 +0000 (22:23 +0100)]
kvm: fix ioeventfd endianness on bi-endian architectures

KVM expects host endian values. Hosts that don't use the default endianness
need to negate the swap performed in adjust_endianness().

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Message-Id: <20150313212337.31142.3991.stgit@bahia.local>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agovirtio-scsi: Fix assert in virtio_scsi_push_event
Fam Zheng [Fri, 13 Mar 2015 07:55:54 +0000 (15:55 +0800)]
virtio-scsi: Fix assert in virtio_scsi_push_event

Hotplugging a scsi-disk may trigger the assertion in qemu_sgl_concat.

    qemu-system-x86_64: qemu/hw/scsi/virtio-scsi.c:115: qemu_sgl_concat:
    Assertion `skip == 0' failed.

This is introduced by commit 55783a55 (virtio-scsi: work around bug in
old BIOSes) which didn't check out_num when accessing out_sg[0].iov_len
(the same to in sg). For virtio_scsi_push_event, looking into out_sg
doesn't make sense because 0 req_size is intended.

Cc: qemu-stable@nongnu.org
[Cc'ing qemu-stable because 55783a55 did it too]
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426233354-525-1-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agobuild: pass .d file name to scripts/make_device_config.sh, fix makefile target
Paolo Bonzini [Thu, 12 Mar 2015 15:00:05 +0000 (16:00 +0100)]
build: pass .d file name to scripts/make_device_config.sh, fix makefile target

The .d file name must match exactly what is used in the SUBDIR_DEVICES_MAK_DEP
variable.  Instead of making assumptions in the make_device_config.sh script,
just pass it in.

Similarly, the makefile target may not match the output file name, because
Makefile uses a temporary file.  Instead of making assumptions on what the
Makefile does, emit the config-devices.mak file to stdout, and use the
passed-in destination as the makefile target

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agocoroutine-io: Return -errno in case of error
Max Reitz [Wed, 25 Feb 2015 18:08:28 +0000 (13:08 -0500)]
coroutine-io: Return -errno in case of error

In case qemu_co_sendv_recvv() fails without any data read, there is no
reason not to return the perfectly fine error number retrieved from
socket_error().

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-16-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agonbd: Drop unexpected data for NBD_OPT_LIST
Max Reitz [Wed, 25 Feb 2015 18:08:34 +0000 (13:08 -0500)]
nbd: Drop unexpected data for NBD_OPT_LIST

When requesting the list of exports, no data should be sent. If data is
sent, the NBD server should not just inform the client of the invalid
request, but also drop the data.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-22-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agonbd: Fix interpretation of the export flags
Max Reitz [Wed, 25 Feb 2015 18:08:32 +0000 (13:08 -0500)]
nbd: Fix interpretation of the export flags

The export flags are a 16 bit value, so be16_to_cpu() has to be used to
interpret them correctly. This makes discard and flush actually work
for named NBD exports (they did not work before, because the client
always assumed them to be unsupported because of the bug fixed by this
patch).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-20-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agonbd: Fix nbd_receive_options()
Max Reitz [Wed, 25 Feb 2015 18:08:31 +0000 (13:08 -0500)]
nbd: Fix nbd_receive_options()

The client flags are sent exactly once overall, not once per option.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-19-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agonbd: Set block size to BDRV_SECTOR_SIZE
Max Reitz [Wed, 25 Feb 2015 18:08:25 +0000 (13:08 -0500)]
nbd: Set block size to BDRV_SECTOR_SIZE

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-13-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agonbd: Fix potential signed overflow issues
Max Reitz [Wed, 25 Feb 2015 18:08:23 +0000 (13:08 -0500)]
nbd: Fix potential signed overflow issues

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-11-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoqemu-nbd: fork() can fail
Max Reitz [Wed, 25 Feb 2015 18:08:22 +0000 (13:08 -0500)]
qemu-nbd: fork() can fail

It is very unlikely, but it is possible.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-10-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agonbd: Handle blk_getlength() failure
Max Reitz [Wed, 25 Feb 2015 18:08:21 +0000 (13:08 -0500)]
nbd: Handle blk_getlength() failure

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-9-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agonbd: Pass return value from nbd_handle_list()
Max Reitz [Wed, 25 Feb 2015 18:08:19 +0000 (13:08 -0500)]
nbd: Pass return value from nbd_handle_list()

While it does not make a difference in practice, nbd_receive_options()
generally returns -errno, so it should do that here as well; and the
easiest way to achieve this is by passing on the value returned by
nbd_handle_list().

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-7-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agonbd: Fix nbd_establish_connection()'s return value
Max Reitz [Wed, 25 Feb 2015 18:08:16 +0000 (13:08 -0500)]
nbd: Fix nbd_establish_connection()'s return value

unix_connect_opts() and inet_connect_opts() do not necessarily set errno
(if at all); therefore, nbd_establish_connection() should not literally
return -errno on error.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-4-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoqemu-nbd: Detect unused partitions by system == 0
Max Reitz [Wed, 25 Feb 2015 18:08:15 +0000 (13:08 -0500)]
qemu-nbd: Detect unused partitions by system == 0

Unused partitions do not necessarily have a total sector count of 0
(although they should have), but they always do have the system field
set to 0, so use that for testing whether a partition is in use rather
than the sector count field alone.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-3-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoutil/uri: Add overflow check to rfc3986_parse_port
Max Reitz [Wed, 25 Feb 2015 18:08:14 +0000 (13:08 -0500)]
util/uri: Add overflow check to rfc3986_parse_port

And while at it, replace tabs by eight spaces in this function.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-2-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agonbd: Fix overflow return value
Yik Fang [Thu, 12 Feb 2015 06:21:51 +0000 (06:21 +0000)]
nbd: Fix overflow return value

The value of reply.error should be the type unsigned int.

Signed-off-by: Yik Fang <eric.fangyi@huawei.com>
Message-Id: <1423722111-12902-1-git-send-email-eric.fangyi@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoUpdate version for v2.3.0-rc0 release
Peter Maydell [Tue, 17 Mar 2015 18:58:33 +0000 (18:58 +0000)]
Update version for v2.3.0-rc0 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoMerge remote-tracking branch 'remotes/juanquintela/tags/migration/20150317' into...
Peter Maydell [Tue, 17 Mar 2015 17:11:33 +0000 (17:11 +0000)]
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20150317' into staging

migration/next for 20150317

# gpg: Signature made Tue Mar 17 14:21:14 2015 GMT using RSA key ID 5872D723
# gpg: Can't check signature: public key not found

* remotes/juanquintela/tags/migration/20150317:
  migration: Expose 'cancelling' status to user
  migration: Convert 'status' of MigrationInfo to use an enum type
  hmp: Rename 'MigrationStatus' to 'HMPMigrationStatus'
  migration: Rename abbreviated macro MIG_STATE_* to MIGRATION_STATUS_*
  migration: Remove unused functions
  arch_init: Count the total number of pages by using helper function
  migrate_incoming: Cleanup/clarify error messages
  Warn against the use of the string as uri parameter to migrate-incoming
  migrate_incoming: use hmp_handle_error
  migration: Fix remaining 32 bit compiler errors
  migration: Fix some 32 bit compiler errors
  migration/rdma: clean up qemu_rdma_dest_init a bit
  migration: Avoid qerror_report_err() outside QMP command handlers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoMerge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-peter' into staging
Peter Maydell [Tue, 17 Mar 2015 16:19:12 +0000 (16:19 +0000)]
Merge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-peter' into staging

QOM CPUState and X86CPU

* QTest for PC X86CPU
* Confinement of ICC bridge X86CPU parenting to PC code

# gpg: Signature made Tue Mar 17 15:23:31 2015 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-cpu-for-peter:
  target-i386: Remove icc_bridge parameter from cpu_x86_create()
  tests: Add PC CPU test
  pc: Suppress APIC ID compatibility warning for QTest

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoMerge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
Peter Maydell [Tue, 17 Mar 2015 15:23:23 +0000 (15:23 +0000)]
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging

QOM infrastructure fixes and device conversions

* Conversion of cadence_uart to QOM realize
* qom-tree QMP script
* qom-list and qom-set HMP commands to match their QMP counterparts
* Basic qom-tree HMP command
* Cleanups for /machine QOM composition tree

# gpg: Signature made Tue Mar 17 15:02:57 2015 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-peter:
  qdev: Move owner-less IRQs to /machine/unattached
  memory: Move owner-less MemoryRegions to /machine/unattached
  qom: Implement info qom-tree HMP command
  qom: Implement qom-set HMP command
  qom: Implement qom-list HMP command
  scripts: Add qom-tree script
  cadence_uart: Convert to QOM realize()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agomigration: Expose 'cancelling' status to user
zhanghailiang [Fri, 13 Mar 2015 08:08:41 +0000 (16:08 +0800)]
migration: Expose 'cancelling' status to user

'cancelling' status was introduced by commit 51cf4c1a, mainly to avoid a
possible start of a new migration process while the previous one still exists.
But we didn't expose this status to user, instead we returned the 'active' state.

Here, we expose it to the user (such as libvirt), 'cancelling' status only
occurs for a short window before the migration aborts, so for users,
if they cancel a migration process, it will observe 'cancelling' status
occasionally.

Testing revealed that with older libvirt (anything 1.2.13 or less) will
print an odd error message if the state is seen, but that the migration
is still properly cancelled. Newer libvirt will be patched to recognize
the new state without the odd error message.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Cc: libvir-list@redhat.com
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agomigration: Convert 'status' of MigrationInfo to use an enum type
zhanghailiang [Fri, 13 Mar 2015 08:08:40 +0000 (16:08 +0800)]
migration: Convert 'status' of MigrationInfo to use an enum type

The original 'status' is an open-coded 'str' type, convert it to use an
enum type.
This conversion is backwards compatible, better documented and
more convenient for future extensibility.

In addition, Fix a typo for qapi-schema.json (just remove the typo) :
s/'completed'. 'comppleted' (since 1.2)/'completed' (since 1.2)

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agohmp: Rename 'MigrationStatus' to 'HMPMigrationStatus'
zhanghailiang [Fri, 13 Mar 2015 08:08:39 +0000 (16:08 +0800)]
hmp: Rename 'MigrationStatus' to 'HMPMigrationStatus'

We will use the typename 'MigrationStatus' for publicly exported typename,
So here we rename the internal-only 'MigrationStatus' to
'HMPMigrationStatus'.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agomigration: Rename abbreviated macro MIG_STATE_* to MIGRATION_STATUS_*
zhanghailiang [Fri, 13 Mar 2015 08:08:38 +0000 (16:08 +0800)]
migration: Rename abbreviated macro MIG_STATE_* to MIGRATION_STATUS_*

Rename all macro MIG_STATE_* to  MIGRATION_STATUS_* except "MIG_STATE_ERROR",
we rename it to "MIGRATION_STATUS_FAILED" which will match the migration status
string 'failed'.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agomigration: Remove unused functions
Thomas Huth [Sat, 14 Mar 2015 06:19:28 +0000 (07:19 +0100)]
migration: Remove unused functions

migrate_rdma_pin_all() and qsb_clone() are completely unused and thus
can be deleted.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Cc: Juan Quintela <quintela@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agoarch_init: Count the total number of pages by using helper function
zhanghailiang [Mon, 9 Mar 2015 09:27:38 +0000 (17:27 +0800)]
arch_init: Count the total number of pages by using helper function

There is already a helper function ram_bytes_total(), we can use it to
help counting the total number of pages used by ram blocks.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agomigrate_incoming: Cleanup/clarify error messages
Dr. David Alan Gilbert [Thu, 26 Feb 2015 14:54:41 +0000 (14:54 +0000)]
migrate_incoming: Cleanup/clarify error messages

Create a separate error for the case where migrate_incoming is
used after a succesful migrate_incoming.

Reword the error in the case where '-incoming defer' is missing
to omit the command name so it's right for both hmp and qmp.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agoWarn against the use of the string as uri parameter to migrate-incoming
Dr. David Alan Gilbert [Thu, 26 Feb 2015 14:54:40 +0000 (14:54 +0000)]
Warn against the use of the string as uri parameter to migrate-incoming

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agomigrate_incoming: use hmp_handle_error
Dr. David Alan Gilbert [Thu, 26 Feb 2015 14:54:39 +0000 (14:54 +0000)]
migrate_incoming: use hmp_handle_error

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agomigration: Fix remaining 32 bit compiler errors
Stefan Weil [Sat, 28 Feb 2015 18:09:43 +0000 (19:09 +0100)]
migration: Fix remaining 32 bit compiler errors

Fix type casts between pointers and 64 bit integers.
Now 32 bit builds are possible again.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agomigration: Fix some 32 bit compiler errors
Stefan Weil [Sat, 28 Feb 2015 18:09:42 +0000 (19:09 +0100)]
migration: Fix some 32 bit compiler errors

The current code won't compile on 32 bit hosts because there are lots
of type casts between pointers and 64 bit integers.

Fix some of them.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agomigration/rdma: clean up qemu_rdma_dest_init a bit
Michael Tokarev [Mon, 16 Feb 2015 07:50:25 +0000 (10:50 +0300)]
migration/rdma: clean up qemu_rdma_dest_init a bit

Do not check for rdma->host being empty twice.  This removes a large
"if" block, so code indentation is changed.  While at it, remove an
ugly goto from the loop, replacing it with a cleaner if logic.  And
finally, there's no need to initialize `ret' variable since is always
has a value.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
--

fixed space detected by Dave
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agomigration: Avoid qerror_report_err() outside QMP command handlers
Markus Armbruster [Wed, 18 Feb 2015 18:21:52 +0000 (19:21 +0100)]
migration: Avoid qerror_report_err() outside QMP command handlers

qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP.  It should not be used
elsewhere.  Replace by error_report_err() in
process_incoming_migration_co().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agotarget-i386: Remove icc_bridge parameter from cpu_x86_create()
Eduardo Habkost [Thu, 5 Mar 2015 17:26:51 +0000 (14:26 -0300)]
target-i386: Remove icc_bridge parameter from cpu_x86_create()

Instead of passing icc_bridge from the PC initialization code to
cpu_x86_create(), make the PC initialization code attach the CPU to
icc_bridge.

The only difference here is that icc_bridge attachment will now be done
after x86_cpu_parse_featurestr() is called. But this shouldn't make any
difference, as property setters shouldn't depend on icc_bridge.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agotests: Add PC CPU test
Andreas Färber [Fri, 13 Mar 2015 16:21:11 +0000 (17:21 +0100)]
tests: Add PC CPU test

Test non-default -smp core and thread counts and a non-default CPU model
on all PC machines except for isapc. Note that not all historic versions
actually supported this particular configuration, ignored for simplicity.

For machines pc-*-1.5+ test QMP cpu-add with monotonically increasing ID,
and test for graceful failure otherwise.

Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agopc: Suppress APIC ID compatibility warning for QTest
Andreas Färber [Sat, 14 Mar 2015 13:24:37 +0000 (14:24 +0100)]
pc: Suppress APIC ID compatibility warning for QTest

This avoids cluttering GTester output with irrelevant warnings.

Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoqdev: Move owner-less IRQs to /machine/unattached
Andreas Färber [Thu, 12 Mar 2015 15:09:34 +0000 (16:09 +0100)]
qdev: Move owner-less IRQs to /machine/unattached

Move non-qdev-gpio[*] from /machine into /machine/unattached.
For the PC this moves 25 nodes from the stable namespace into the unstable.

Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Tested-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agomemory: Move owner-less MemoryRegions to /machine/unattached
Andreas Färber [Thu, 12 Mar 2015 14:37:07 +0000 (15:37 +0100)]
memory: Move owner-less MemoryRegions to /machine/unattached

This cleans up the official /machine namespace. In particular
/machine/system[0] and /machine/io[0], as well as entries with
non-sanitized node names such as "/machine/qemu extended regs[0]".

The actual MemoryRegion names remain unchanged.

Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoqom: Implement info qom-tree HMP command
Andreas Färber [Wed, 7 May 2014 15:03:18 +0000 (17:03 +0200)]
qom: Implement info qom-tree HMP command

To complement qdev's bus-oriented info qtree, info qom-tree
prints a hierarchical view of the QOM composition tree.

By default, the machine composition tree is shown. This can be overriden
by supplying a path argument, such as "info qom-tree /".

Tested-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoqom: Implement qom-set HMP command
Andreas Färber [Wed, 7 May 2014 17:48:15 +0000 (19:48 +0200)]
qom: Implement qom-set HMP command

Re-implemented based on qmp_qom_set() to facilitate argument parsing.

Warn about ambiguous path arguments.

Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Tested-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoqom: Implement qom-list HMP command
Andreas Färber [Wed, 7 May 2014 16:08:29 +0000 (18:08 +0200)]
qom: Implement qom-list HMP command

Implement it as a wrapper for QMP qom-list, but mimic the behavior of
scripts/qmp/qom-list in making the path argument optional and listing
the root if absent, to hint users what kind of path to pass.

Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Tested-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoscripts: Add qom-tree script
Andreas Färber [Wed, 5 Feb 2014 17:31:06 +0000 (18:31 +0100)]
scripts: Add qom-tree script

Functionally it is a recursive qom-list with qom-get per non-child<>
property. Some failures needed to be handled, such as trying to read a
pointer property, which is not representable in QMP. Those print a
literal "<EXCEPTION>".

Tested-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agocadence_uart: Convert to QOM realize()
Alistair Francis [Fri, 27 Feb 2015 01:48:58 +0000 (11:48 +1000)]
cadence_uart: Convert to QOM realize()

Use DeviceClass::realize() and TypeInfo::instance_init() instead of
the deprecated SysBusDevice::init().

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoMerge remote-tracking branch 'remotes/armbru/tags/pull-cov-model-2015-03-17' into...
Peter Maydell [Tue, 17 Mar 2015 11:43:00 +0000 (11:43 +0000)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-cov-model-2015-03-17' into staging

coverity: Fix g_malloc_n-like models

# gpg: Signature made Tue Mar 17 10:17:56 2015 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-cov-model-2015-03-17:
  coverity: Fix g_malloc_n-like models

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-gl-20150317-1' into staging
Peter Maydell [Tue, 17 Mar 2015 10:26:09 +0000 (10:26 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-gl-20150317-1' into staging

opengl: fix configure test

# gpg: Signature made Tue Mar 17 10:11:24 2015 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-gl-20150317-1:
  opengl: fix configure test

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoopengl: fix configure test
Gerd Hoffmann [Mon, 16 Mar 2015 09:03:53 +0000 (10:03 +0100)]
opengl: fix configure test

Re-add the glx compile test to configure.  We can't use pkg-config to
probe for glx, and as long as milkymist-tmu2 privately uses glx (due to
opengl infrastructure in qemu not being ready yet) we must continue to
test for glx to avoid build failures.

Reported-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
9 years agocoverity: Fix g_malloc_n-like models
Jan Kiszka [Thu, 12 Mar 2015 11:24:26 +0000 (12:24 +0100)]
coverity: Fix g_malloc_n-like models

Allocate the calculated overall size, not only the size of a single
element.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
9 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Mon, 16 Mar 2015 19:19:03 +0000 (19:19 +0000)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block patches for 2.3-rc0

# gpg: Signature made Mon Mar 16 16:11:55 2015 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  block/vpc: remove disabled code from get_sector_offset
  block/vpc: rename footer->size -> footer->current_size
  block/vpc: make calculate_geometry spec conform
  vpc: Ignore geometry for large images
  block/vpc: optimize vpc_co_get_block_status
  block: Drop bdrv_find
  blockdev: Convert bdrv_find to blk_by_name
  migration: Convert bdrv_find to blk_by_name
  monitor: Convert bdrv_find to blk_by_name
  iotests: Test non-self-referential qcow2 refblocks
  iotests: Add tests for refcount table growth
  qcow2: Respect new_block in alloc_refcount_block()
  qemu-img: Avoid qerror_report_err() outside QMP handlers, again
  block: Fix block-set-write-threshold not to use funky error class
  block: Deprecate QCOW/QCOW2 encryption
  qemu-img: Fix convert, amend error messages for unknown options
  iotests: Update 051's reference output

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoMerge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-20150316' into...
Peter Maydell [Mon, 16 Mar 2015 18:27:13 +0000 (18:27 +0000)]
Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-20150316' into staging

TriCore RRR1, RRRR, RRRW, and SYS instructions

# gpg: Signature made Mon Mar 16 15:55:24 2015 GMT using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"

* remotes/bkoppelmann/tags/pull-tricore-20150316:
  target-tricore: Add instructions of SYS opcode format
  target-tricore: Add instructions of RRRW opcode format
  target-tricore: Add instructions of RRRR opcode format
  target-tricore: Add instructions of RRR1 opcode format, which have 0xe3 as first opcode
  target-tricore: Add instructions of RRR1 opcode format, which have 0x63 as first opcode
  target-tricore: Add instructions of RRR1 opcode format, which have 0xa3 as first opcode

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoMerge remote-tracking branch 'remotes/rth/tags/tcg-pull-20150316' into staging
Peter Maydell [Mon, 16 Mar 2015 17:22:32 +0000 (17:22 +0000)]
Merge remote-tracking branch 'remotes/rth/tags/tcg-pull-20150316' into staging

tcg opt fix for or x,a,a

# gpg: Signature made Mon Mar 16 15:47:19 2015 GMT using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/tcg-pull-20150316:
  tcg/optimize: Handle or r,a,a with constant a

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoMerge remote-tracking branch 'mreitz/block' into queue-block
Kevin Wolf [Mon, 16 Mar 2015 16:11:12 +0000 (17:11 +0100)]
Merge remote-tracking branch 'mreitz/block' into queue-block

* mreitz/block:
  block/vpc: remove disabled code from get_sector_offset
  block/vpc: rename footer->size -> footer->current_size
  block/vpc: make calculate_geometry spec conform
  vpc: Ignore geometry for large images
  block/vpc: optimize vpc_co_get_block_status
  block: Drop bdrv_find
  blockdev: Convert bdrv_find to blk_by_name
  migration: Convert bdrv_find to blk_by_name
  monitor: Convert bdrv_find to blk_by_name
  iotests: Test non-self-referential qcow2 refblocks
  iotests: Add tests for refcount table growth
  qcow2: Respect new_block in alloc_refcount_block()

9 years agoblock/vpc: remove disabled code from get_sector_offset
Peter Lieven [Tue, 3 Mar 2015 10:41:56 +0000 (11:41 +0100)]
block/vpc: remove disabled code from get_sector_offset

The code to check the bitmap for the allocation status of each sector
has been "disabled by reason" ever since the vpc driver existed.

The reason might be that we might end up reading sector by sector
in vpc_read if we really used it. This would be a performance desaster.

The current code would furthermore not work if the disabled parts get
reactivated since vpc_read and vpc_write only use get_sector_offset to
check the allocation status of the first sector of a read/write operation.
This might lead to sectors incorrectly treated as zero in vpc_read and
to sectors getting allocated twice in vpc_write.

Signed-off-by: Peter Lieven <pl@kamp.de>
Message-id: 1425379316-19639-6-git-send-email-pl@kamp.de
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agoblock/vpc: rename footer->size -> footer->current_size
Peter Lieven [Tue, 3 Mar 2015 10:41:55 +0000 (11:41 +0100)]
block/vpc: rename footer->size -> footer->current_size

the field is named current size in the spec. Name it accordingly.

Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1425379316-19639-5-git-send-email-pl@kamp.de
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agoblock/vpc: make calculate_geometry spec conform
Peter Lieven [Tue, 3 Mar 2015 10:41:54 +0000 (11:41 +0100)]
block/vpc: make calculate_geometry spec conform

The VHD spec [1] allows for total_sectors of 65535 x 16 x 255 (~127GB)
represented by a CHS geometry. If total_sectors is greater
than 65535 x 16 x 255 this geometry is set as a maximum.

Qemu, Hyper-V and disk2vhd use this special geometry as an indicator
to use the image current size from the footer as disk size.

This patch changes vpc_create to effectively calculate a CxHxS geometry
for the given image size if possible while rounding up if necessary.
If the image size is too big to be represented in CHS we set the maximum
and write the exact requested image size into the footer.

This partly reverts commit 258d2edb, but leaves support for >127G disks
intact.

[1] http://download.microsoft.com/download/f/f/e/ffef50a5-07dd-4cf8-aaa3-442c0673a029/Virtual%20Hard%20Disk%20Format%20Spec_10_18_06.doc

Signed-off-by: Peter Lieven <pl@kamp.de>
Message-id: 1425379316-19639-4-git-send-email-pl@kamp.de
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agovpc: Ignore geometry for large images
Kevin Wolf [Tue, 3 Mar 2015 10:41:53 +0000 (11:41 +0100)]
vpc: Ignore geometry for large images

The CHS calculation as done per the VHD spec imposes a maximum image
size of ~127 GB. Real VHD images exist that are larger than that.

Apparently there are two separate non-standard ways to achieve this:
You could use more heads than the spec does - this is the option that
qemu-img create chooses.

However, other images exist where the geometry is set to the maximum
(65535/16/255), but the actual image size is larger. Until now, such
images are truncated at 127 GB when opening them with qemu.

This patch changes the vpc driver to ignore geometry in this case and
only trust the size field in the header.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
[PL: Fixed maximum geometry in the commit msg]
Signed-off-by: Peter Lieven <pl@kamp.de>
Message-id: 1425379316-19639-3-git-send-email-pl@kamp.de
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agoblock/vpc: optimize vpc_co_get_block_status
Peter Lieven [Tue, 3 Mar 2015 10:41:52 +0000 (11:41 +0100)]
block/vpc: optimize vpc_co_get_block_status

*pnum can't be greater than s->block_size / BDRV_SECTOR_SIZE for allocated
sectors since there is always a bitmap in between.

Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1425379316-19639-2-git-send-email-pl@kamp.de
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agoblock: Drop bdrv_find
Fam Zheng [Mon, 2 Mar 2015 11:36:49 +0000 (19:36 +0800)]
block: Drop bdrv_find

All callers are converted, so drop it.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1425296209-1476-5-git-send-email-famz@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agoblockdev: Convert bdrv_find to blk_by_name
Fam Zheng [Mon, 2 Mar 2015 11:36:48 +0000 (19:36 +0800)]
blockdev: Convert bdrv_find to blk_by_name

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1425296209-1476-4-git-send-email-famz@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agomigration: Convert bdrv_find to blk_by_name
Fam Zheng [Mon, 2 Mar 2015 11:36:47 +0000 (19:36 +0800)]
migration: Convert bdrv_find to blk_by_name

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1425296209-1476-3-git-send-email-famz@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agomonitor: Convert bdrv_find to blk_by_name
Fam Zheng [Mon, 2 Mar 2015 11:36:46 +0000 (19:36 +0800)]
monitor: Convert bdrv_find to blk_by_name

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1425296209-1476-2-git-send-email-famz@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agoiotests: Test non-self-referential qcow2 refblocks
Max Reitz [Fri, 5 Dec 2014 16:53:32 +0000 (17:53 +0100)]
iotests: Test non-self-referential qcow2 refblocks

It is easy to create only self-referential refblocks, but there are
cases where that is impossible. This adds a test for two of those cases
(combined in a single test case).

Suggested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 1417798412-15330-1-git-send-email-mreitz@redhat.com
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agoiotests: Add tests for refcount table growth
Max Reitz [Tue, 10 Feb 2015 20:02:32 +0000 (15:02 -0500)]
iotests: Add tests for refcount table growth

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 1423598552-24301-3-git-send-email-mreitz@redhat.com
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agoqcow2: Respect new_block in alloc_refcount_block()
Max Reitz [Tue, 10 Feb 2015 20:02:31 +0000 (15:02 -0500)]
qcow2: Respect new_block in alloc_refcount_block()

When choosing a new place for the refcount table, alloc_refcount_block()
tries to infer the number of clusters used so far from its argument
cluster_index (which comes from the idea that if any cluster with an
index greater than cluster_index was in use, the refcount table would
have to be big enough already to describe cluster_index).

However, there is a cluster that may be at or after cluster_index, and
which is not covered by the refcount structures, and that is the new
refcount block new_block. Therefore, it should be taken into account for
the blocks_used calculation.

Also, because new_block already describes (or is intended to describe)
cluster_index, we may not put the new refcount structures there.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 1423598552-24301-2-git-send-email-mreitz@redhat.com
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
9 years agoqemu-img: Avoid qerror_report_err() outside QMP handlers, again
Markus Armbruster [Thu, 12 Mar 2015 15:08:02 +0000 (16:08 +0100)]
qemu-img: Avoid qerror_report_err() outside QMP handlers, again

qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP.  It should not be used
elsewhere.  Replace by error_report_err().

Commit 6936f29 cleaned that up in qemu-img.c, but two calls have crept
in since.  Take care of them the same way.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoblock: Fix block-set-write-threshold not to use funky error class
Markus Armbruster [Fri, 13 Mar 2015 17:51:38 +0000 (18:51 +0100)]
block: Fix block-set-write-threshold not to use funky error class

Error classes are a leftover from the days of "rich" error objects.
New code should always use ERROR_CLASS_GENERIC_ERROR.  Commit e246211
added a use of ERROR_CLASS_DEVICE_NOT_FOUND.  Replace it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoblock: Deprecate QCOW/QCOW2 encryption
Markus Armbruster [Fri, 13 Mar 2015 20:09:40 +0000 (21:09 +0100)]
block: Deprecate QCOW/QCOW2 encryption

We've steered users away from QCOW/QCOW2 encryption for a while,
because it's a flawed design (commit 136cd19 Describe flaws in
qcow/qcow2 encryption in the docs).

In addition to flawed crypto, we have comically bad usability, and
plain old bugs.  Let me show you.

= Example images =

I'm going to use a raw image as backing file, and two QCOW2 images,
one encrypted, and one not:

    $ qemu-img create -f raw backing.img 4m
    Formatting 'backing.img', fmt=raw size=4194304
    $ qemu-img create -f qcow2 -o encryption,backing_file=backing.img,backing_fmt=raw geheim.qcow2 4m
    Formatting 'geheim.qcow2', fmt=qcow2 size=4194304 backing_file='backing.img' backing_fmt='raw' encryption=on cluster_size=65536 lazy_refcounts=off
    $ qemu-img create -f qcow2 -o backing_file=backing.img,backing_fmt=raw normal.qcow2 4m
    Formatting 'normal.qcow2', fmt=qcow2 size=4194304 backing_file='backing.img' backing_fmt='raw' encryption=off cluster_size=65536 lazy_refcounts=off

= Usability issues =

== Confusing startup ==

When no image is encrypted, and you don't give -S, QEMU starts the
guest immediately:

    $ qemu-system-x86_64 -nodefaults -display none -monitor stdio normal.qcow2
    QEMU 2.2.50 monitor - type 'help' for more information
    (qemu) info status
    VM status: running

But as soon as there's an encrypted image in play, the guest is *not*
started, with no notification whatsoever:

    $ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2
    QEMU 2.2.50 monitor - type 'help' for more information
    (qemu) info status
    VM status: paused (prelaunch)

If the user figured out that he needs to type "cont" to enter his
keys, the confusion enters the next level: "cont" asks for at most
*one* key.  If more are needed, it then silently does nothing.  The
user has to type "cont" once per encrypted image:

    $ qemu-system-x86_64 -nodefaults -display none -monitor stdio -drive if=none,file=geheim.qcow2 -drive if=none,file=geheim.qcow2
    QEMU 2.2.50 monitor - type 'help' for more information
    (qemu) info status
    VM status: paused (prelaunch)
    (qemu) c
    none0 (geheim.qcow2) is encrypted.
    Password: ******
    (qemu) info status
    VM status: paused (prelaunch)
    (qemu) c
    none1 (geheim.qcow2) is encrypted.
    Password: ******
    (qemu) info status
    VM status: running

== Incorrect passwords not caught ==

All existing encryption schemes give you the GIGO treatment: garbage
password in, garbage data out.  Guests usually refuse to mount
garbage, but other usage is prone to data loss.

== Need to stop the guest to add an encrypted image ==

    $ qemu-system-x86_64 -nodefaults -display none -monitor stdio
    QEMU 2.2.50 monitor - type 'help' for more information
    (qemu) info status
    VM status: running
    (qemu) drive_add "" if=none,file=geheim.qcow2
    Guest must be stopped for opening of encrypted image
    (qemu) stop
    (qemu) drive_add "" if=none,file=geheim.qcow2
    OK

Commit c3adb58 added this restriction.  Before, we could expose images
lacking an encryption key to guests, with potentially catastrophic
results.  See also "Use without key is not always caught".

= Bugs =

== Use without key is not always caught ==

Encrypted images can be in an intermediate state "opened, but no key".
The weird startup behavior and the need to stop the guest are there to
ensure the guest isn't exposed to that state.  But other things still
are!

* drive_backup

    $ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2
    QEMU 2.2.50 monitor - type 'help' for more information
    (qemu) drive_backup -f ide0-hd0 out.img raw
    Formatting 'out.img', fmt=raw size=4194304

  I guess this writes encrypted data to raw image out.img.  Good luck
  with figuring out how to decrypt that again.

* commit

    $ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2
    QEMU 2.2.50 monitor - type 'help' for more information
    (qemu) commit ide0-hd0

  I guess this writes encrypted data into the unencrypted raw backing
  image, effectively destroying it.

== QMP device_add of usb-storage fails when it shouldn't ==

When the image is encrypted, device_add creates the device, defers
actually attaching it to when the key becomes available, then fails.
This is wrong.  device_add must either create the device and succeed,
or do nothing and fail.

    $ qemu-system-x86_64 -nodefaults -display none -usb -qmp stdio -drive if=none,id=foo,file=geheim.qcow2
    {"QMP": {"version": {"qemu": {"micro": 50, "minor": 2, "major": 2}, "package": ""}, "capabilities": []}}
    { "execute": "qmp_capabilities" }
    {"return": {}}
    { "execute": "device_add", "arguments": { "driver": "usb-storage", "id": "bar", "drive": "foo" } }
    {"error": {"class": "DeviceEncrypted", "desc": "'foo' (geheim.qcow2) is encrypted"}}
    {"execute":"device_del","arguments": { "id": "bar" } }
    {"timestamp": {"seconds": 1426003440, "microseconds": 237181}, "event": "DEVICE_DELETED", "data": {"path": "/machine/peripheral/bar/bar.0/legacy[0]"}}
    {"timestamp": {"seconds": 1426003440, "microseconds": 238231}, "event": "DEVICE_DELETED", "data": {"device": "bar", "path": "/machine/peripheral/bar"}}
    {"return": {}}

This stuff is worse than useless, it's a trap for users.

If people become sufficiently interested in encrypted images to
contribute a cryptographically sane implementation for QCOW2 (or
whatever other format), then rewriting the necessary support around it
from scratch will likely be easier and yield better results than
fixing up the existing mess.

Let's deprecate the mess now, drop it after a grace period, and move
on.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoqemu-img: Fix convert, amend error messages for unknown options
Markus Armbruster [Sat, 14 Mar 2015 09:23:15 +0000 (10:23 +0100)]
qemu-img: Fix convert, amend error messages for unknown options

Message quality regressed in commit dc523cd.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoiotests: Update 051's reference output
Markus Armbruster [Sat, 14 Mar 2015 09:23:14 +0000 (10:23 +0100)]
iotests: Update 051's reference output

Commit c4bacaf improved error reporting, but neglected to update
051.out.  Commit 2726958 tried to redress, but didn't get it quite
right (punctuation difference), and shortly after commit
ae071cc..master improved error reporting some more, neglecting 051.out
some more.  Sorry!

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agotarget-tricore: Add instructions of SYS opcode format
Bastian Koppelmann [Wed, 25 Feb 2015 12:29:24 +0000 (12:29 +0000)]
target-tricore: Add instructions of SYS opcode format

This adds only the non trap instructions.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
9 years agotcg/optimize: Handle or r,a,a with constant a
Richard Henderson [Fri, 13 Mar 2015 19:26:21 +0000 (12:26 -0700)]
tcg/optimize: Handle or r,a,a with constant a

As seen with ubuntu-5.10-live-powerpc.iso.

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
9 years agotarget-tricore: Add instructions of RRRW opcode format
Bastian Koppelmann [Wed, 25 Feb 2015 12:04:45 +0000 (12:04 +0000)]
target-tricore: Add instructions of RRRW opcode format

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
9 years agotarget-tricore: Add instructions of RRRR opcode format
Bastian Koppelmann [Wed, 25 Feb 2015 12:03:18 +0000 (12:03 +0000)]
target-tricore: Add instructions of RRRR opcode format

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
9 years agotarget-tricore: Add instructions of RRR1 opcode format, which have 0xe3 as first...
Bastian Koppelmann [Wed, 25 Feb 2015 11:55:52 +0000 (11:55 +0000)]
target-tricore: Add instructions of RRR1 opcode format, which have 0xe3 as first opcode

Add helpers helper_subadr_h/_ssov which subs one halfword and adds one
halfword, rounds / and saturates each half word independently.

Add microcode helper functions:
    * gen_msubad_h/ads_h: multiply two halfwords left justified and sub from the
                          first one word and add the second one word
                          / and saturate each resulting word independetly.
    * gen_msubadm_h/adms_h: multiply two halfwords in q-format left justified
                            and sub from the first one word and add to
                            the second one word / and saturate each resulting
                            word independetly.
    * gen_msubadr32_h/32s_h: multiply two halfwords in q-format left justified
                             and sub from the first one word and add to
                             the second one word, round both results / and
                             saturate each resulting word independetly.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
9 years agotarget-tricore: Add instructions of RRR1 opcode format, which have 0x63 as first...
Bastian Koppelmann [Wed, 25 Feb 2015 11:46:55 +0000 (11:46 +0000)]
target-tricore: Add instructions of RRR1 opcode format, which have 0x63 as first opcode

Add helpers:
    * msub64_q_ssov: multiply two 32 bit q-format number, sub the result from a
                     64 bit q-format number and saturate.
    * msub32_q_sub_ssov: sub two 64 bit q-format numbers and return a 32 bit
                         result.
    * msubr_q_ssov: multiply two 32 bit q-format numbers, sub the result from a 32 bit
                    q-format number and saturate.
    * msubr_q: multiply two 32 bit q-format numbers and sub the result from a 32 bit
               q-format number.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
9 years agotarget-tricore: Add instructions of RRR1 opcode format, which have 0xa3 as first...
Bastian Koppelmann [Wed, 25 Feb 2015 11:34:55 +0000 (11:34 +0000)]
target-tricore: Add instructions of RRR1 opcode format, which have 0xa3 as first opcode

Add helpers:
    * sub64_ssov: subs two 64 bit values and saturates the result.
    * subr_h/_ssov: subs two halfwords from two words in q-format with rounding
                    / and saturates each result independetly.

Add microcode generator:
    * gen_sub64_d: adds two 64 bit values.
    * gen_msub_h/s_h: multiply four halfwords, sub each result left justfied
                      from two word values / and saturate each result.
    * gen_msubm_h/s_h: multiply four halfwords, sub each result left justfied
                       from two words values in q-format / and saturate each
                       result.
    * gen_msubr32/64_h/s_h: multiply four halfwords, sub each result left
                            justfied from two halftwords/words values in q-format
                            / and saturate each result.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
9 years agoMerge remote-tracking branch 'remotes/juanquintela/tags/migration/20150316' into...
Peter Maydell [Mon, 16 Mar 2015 14:45:09 +0000 (14:45 +0000)]
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20150316' into staging

migration/next for 20150316

# gpg: Signature made Mon Mar 16 13:36:37 2015 GMT using RSA key ID 5872D723
# gpg: Can't check signature: public key not found

* remotes/juanquintela/tags/migration/20150316:
  pc: Disable vmdesc submission for old machines
  migration: Allow to suppress vmdesc submission
  migration: Read JSON VM description on incoming migration
  rename save_block_hdr to save_page_header
  save_block_hdr: we can recalculate the cont parameter here
  save_xbzrle_page: change calling convention
  ram_save_page: change calling covention
  ram_find_and_save_block:  change calling convention
  ram: make all save_page functions take a uint64_t parameter
  Add migrate_incoming
  Add -incoming defer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150316' into...
Peter Maydell [Mon, 16 Mar 2015 13:56:10 +0000 (13:56 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150316' into staging

target-arm queue:
 * fix handling of execute-never bits in page table walks
 * tell kernel to initialize KVM GIC in realize function
 * fix handling of STM (user) with r15 in register list
 * ignore low bit of PC in M-profile exception return
 * fix linux-user get/set_tls syscalls on CPUs with TZ

# gpg: Signature made Mon Mar 16 12:39:04 2015 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20150316:
  linux-user: Access correct register for get/set_tls syscalls on ARM TZ CPUs
  target-arm: Ignore low bit of PC in M-profile exception return
  target-arm: Fix handling of STM (user) with r15 in register list
  hw/intc/arm_gic: Initialize the vgic in the realize function
  target-arm: get_phys_addr_lpae: more xn control
  target-arm: fix get_phys_addr_v6/SCTLR_AFE access check
  target-arm: convert check_ap to ap_to_rw_prot

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agopc: Disable vmdesc submission for old machines
Alexander Graf [Mon, 23 Feb 2015 12:56:43 +0000 (13:56 +0100)]
pc: Disable vmdesc submission for old machines

Older PC machine types might by accident be backwards live migration compatible,
but with the new vmdesc self-describing blob in our live migration stream we
would break that compatibility.

Also users wouldn't expect massive behaviorial differences when updating to a
new version of QEMU while retaining their old machine type, especially not
potential breakage in tooling around live migration.

So disable vmdesc submission for old PC machine types.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agomigration: Allow to suppress vmdesc submission
Alexander Graf [Mon, 23 Feb 2015 12:56:42 +0000 (13:56 +0100)]
migration: Allow to suppress vmdesc submission

We now always send a JSON blob describing the migration file format as part
of the migration stream. However, some tools built around QEMU have proven
to stumble over this.

This patch gives the user the chance to disable said self-describing part of
the migration stream. To disable vmdesc submission, just add

  -machine suppress-vmdesc=on

to your QEMU command line.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agomigration: Read JSON VM description on incoming migration
Alexander Graf [Mon, 23 Feb 2015 12:56:41 +0000 (13:56 +0100)]
migration: Read JSON VM description on incoming migration

One of the really nice things about the VM description format is that it goes
over the wire when live migration is happening. Unfortunately QEMU today closes
any socket once it sees VM_EOF coming, so we never give the VMDESC the chance to
actually land on the wire.

This patch makes QEMU read the description as well. This way we ensure that
anything wire tapping us in between will get the chance to also interpret the
stream.

Along the way we also fix virt tests that assume that number_bytes_sent on the
sender side is equal to number_bytes_read which was true before the VMDESC
patches and is true again with this patch.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agorename save_block_hdr to save_page_header
Juan Quintela [Thu, 12 Feb 2015 20:46:40 +0000 (21:46 +0100)]
rename save_block_hdr to save_page_header

It has always been a page header, not a block header.  Once there, the
flag argument was only passed to make a bit or with it, just do the or
on the caller.

Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agosave_block_hdr: we can recalculate the cont parameter here
Juan Quintela [Thu, 12 Feb 2015 20:41:39 +0000 (21:41 +0100)]
save_block_hdr: we can recalculate the cont parameter here

No need to pass it through all the callers.  Once there, update
last_sent_block here.

Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agosave_xbzrle_page: change calling convention
Juan Quintela [Thu, 12 Feb 2015 19:16:33 +0000 (20:16 +0100)]
save_xbzrle_page: change calling convention

Add a parameter to pass the number of bytes written, and make it return
the number of pages written instead.

Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agoram_save_page: change calling covention
Juan Quintela [Thu, 12 Feb 2015 19:03:45 +0000 (20:03 +0100)]
ram_save_page: change calling covention

Add a parameter to pass the number of bytes written, and make it return
the number of pages written instead.

Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agoram_find_and_save_block: change calling convention
Juan Quintela [Thu, 12 Feb 2015 18:33:05 +0000 (19:33 +0100)]
ram_find_and_save_block:  change calling convention

Add a parameter to pass the number of bytes written, and make it return
the number of pages written instead.

Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agoram: make all save_page functions take a uint64_t parameter
Juan Quintela [Thu, 12 Feb 2015 18:02:42 +0000 (19:02 +0100)]
ram: make all save_page functions take a uint64_t parameter

It used to be an int, but then we can't pass directly the
bytes_transferred parameter, that would happen later in the series.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
9 years agoAdd migrate_incoming
Dr. David Alan Gilbert [Thu, 19 Feb 2015 11:40:28 +0000 (11:40 +0000)]
Add migrate_incoming

Add migrate_incoming/migrate-incoming to start an incoming
migration.

Once a qemu has been started with
    -incoming defer

the migration can be started by issuing:
    migrate_incoming uri

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agoAdd -incoming defer
Dr. David Alan Gilbert [Thu, 19 Feb 2015 11:40:27 +0000 (11:40 +0000)]
Add -incoming defer

-incoming defer causes qemu to wait for an incoming migration
to be specified later.  The monitor can be used to set migration
capabilities that may affect the incoming connection process.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
9 years agoMerge remote-tracking branch 'remotes/kvaneesh/for-upstream' into staging
Peter Maydell [Mon, 16 Mar 2015 13:04:08 +0000 (13:04 +0000)]
Merge remote-tracking branch 'remotes/kvaneesh/for-upstream' into staging

* remotes/kvaneesh/for-upstream:
  virtio: Fix memory leaks reported by Coverity
  virtfs-proxy: Fix possible overflow
  fsdev/virtfs-proxy-helper: Fix improper use of negative value
  hw/9pfs/virtio-9p-posix-acl: Fix out-of-bounds access
  9pfs-proxy: tiny cleanups in proxy_pwritev and proxy_preadv
  9pfs-local: simplify/optimize local_mapped_attr_path()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agolinux-user: Access correct register for get/set_tls syscalls on ARM TZ CPUs
Mikhail Ilyin [Mon, 16 Mar 2015 12:30:47 +0000 (12:30 +0000)]
linux-user: Access correct register for get/set_tls syscalls on ARM TZ CPUs

When support was added for TrustZone to ARM CPU emulation, we failed
to correctly update the support for the linux-user implementation of
the get/set_tls syscalls. This meant that accesses to the TPIDRURO
register via the syscalls were always using the non-secure copy of
the register even if native MRC/MCR accesses were using the secure
register. This inconsistency caused most binaries to segfault on startup
if the CPU type was explicitly set to one of the TZ-enabled ones like
cortex-a15. (The default "any" CPU doesn't have TZ enabled and so is
not affected.)

Use access_secure_reg() to determine whether we should be using
the secure or the nonsecure copy of TPIDRURO when emulating these
syscalls.

Signed-off-by: Mikhail Ilyin <m.ilin@samsung.com>
Message-id: 1426505198-2411-1-git-send-email-m.ilin@samsung.com
[PMM: rewrote commit message to more clearly explain the issue
 and its consequences.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agotarget-arm: Ignore low bit of PC in M-profile exception return
Peter Maydell [Mon, 16 Mar 2015 12:30:47 +0000 (12:30 +0000)]
target-arm: Ignore low bit of PC in M-profile exception return

For the ARM M-profile cores, exception return pops various registers
including the PC from the stack. The architecture defines that if the
lowest bit in the new PC value is set (ie the PC is not halfword
aligned) then behaviour is UNPREDICTABLE. In practice hardware
implementations seem to simply ignore the low bit, and some buggy
RTOSes incorrectly rely on this. QEMU's behaviour was architecturally
permitted, but bringing QEMU into line with the hardware behaviour
allows more guest code to run. We log the situation as a guest error.

This was reported as LP:1428657.

Reported-by: Anders Esbensen <anders@lyes.dk>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agotarget-arm: Fix handling of STM (user) with r15 in register list
Peter Maydell [Mon, 16 Mar 2015 12:30:47 +0000 (12:30 +0000)]
target-arm: Fix handling of STM (user) with r15 in register list

The A32 encoding of LDM distinguishes LDM (user) from LDM (exception
return) based on whether r15 is in the register list. However for
STM (user) there is no equivalent distinction. We were incorrectly
treating "r15 in list" as indicating exception return for both LDM
and STM, with the result that an STM (user) involving r15 went into
an infinite loop. Fix this; note that the value stored for r15
in this case is the current PC regardless of our current mode.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1426015125-5521-1-git-send-email-peter.maydell@linaro.org

9 years agohw/intc/arm_gic: Initialize the vgic in the realize function
Eric Auger [Mon, 16 Mar 2015 12:30:47 +0000 (12:30 +0000)]
hw/intc/arm_gic: Initialize the vgic in the realize function

This patch forces vgic initialization in the vgic realize function.
It uses a new group/attribute that allows such operation:
KVM_DEV_ARM_VGIC_GRP_CTRL/KVM_DEV_ARM_VGIC_CTRL_INIT

This earlier initialization allows, for example, to setup VFIO
signaling and irqfd after vgic initialization, on a reset notifier.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Message-id: 1426094226-8515-1-git-send-email-eric.auger@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agotarget-arm: get_phys_addr_lpae: more xn control
Andrew Jones [Mon, 16 Mar 2015 12:30:46 +0000 (12:30 +0000)]
target-arm: get_phys_addr_lpae: more xn control

This patch makes the following changes to the determination of
whether an address is executable, when translating addresses
using LPAE.

1. No longer assumes that PL0 can't execute when it can't read.
   It can in AArch64, a difference from AArch32.
2. Use va_size == 64 to determine we're in AArch64, rather than
   arm_feature(env, ARM_FEATURE_V8), which is insufficient.
3. Add additional XN determinants
   - NS && is_secure && (SCR & SCR_SIF)
   - WXN && (prot & PAGE_WRITE)
   - AArch64: (prot_PL0 & PAGE_WRITE)
   - AArch32: UWXN && (prot_PL0 & PAGE_WRITE)
   - XN determination should also work in secure mode (untested)
   - XN may even work in EL2 (currently impossible to test)
4. Cleans up the bloated PAGE_EXEC condition - by removing it.

The helper get_S1prot is introduced. It may even work in EL2,
when support for that comes, but, as the function name implies,
it only works for stage 1 translations.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 1426099139-14463-4-git-send-email-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agotarget-arm: fix get_phys_addr_v6/SCTLR_AFE access check
Andrew Jones [Mon, 16 Mar 2015 12:30:46 +0000 (12:30 +0000)]
target-arm: fix get_phys_addr_v6/SCTLR_AFE access check

Introduce simple_ap_to_rw_prot(), which has the same behavior as
ap_to_rw_prot(), but takes the 2-bit simple AP[2:1] instead of
the 3-bit AP[2:0]. Use this in get_phys_addr_v6 when SCTLR_AFE
is set, as that bit indicates we should be using the simple AP
format.

It's unlikely this path is getting used. I don't see CR_AFE
getting used by Linux, so possibly not. If it had been, then
the check would have been wrong for all but AP[2:1] = 0b11.
Anyway, this should fix it up, in case it ever does get used.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1426099139-14463-3-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agotarget-arm: convert check_ap to ap_to_rw_prot
Andrew Jones [Mon, 16 Mar 2015 12:30:46 +0000 (12:30 +0000)]
target-arm: convert check_ap to ap_to_rw_prot

Instead of mixing access permission checking with access permissions
to page protection flags translation, just do the translation, and
leave it to the caller to check the protection flags against the access
type. Also rename to ap_to_rw_prot to better describe the new behavior.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1426099139-14463-2-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>