sdk/emulator/qemu.git
10 years agotarget-ppc: Bug Fix: srad
Tom Musta [Tue, 12 Aug 2014 13:45:10 +0000 (08:45 -0500)]
target-ppc: Bug Fix: srad

Fix the check for carry in the srad helper to properly construct
the mask -- a "1ULL" must be used (instead of "1") in order to
get the desired result.

Example:

R3 8000000000000000
R4 F3511AD4A2CD4C38
srad 3,3,4

Should *not* set XER[CA] but does without this patch.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agotarget-ppc: Bug Fix: srawi
Tom Musta [Tue, 12 Aug 2014 13:45:09 +0000 (08:45 -0500)]
target-ppc: Bug Fix: srawi

For 64 bit implementations, the special case of a shift by zero
should result in the sign extension of the least significant 32 bits
of the source GPR (not a direct copy of the 64 bit source GPR).

Example:

R3 A6212433228F41DC
srawi 3,3,0
R3 expected : 00000000228F41DC
R3 actual   : A6212433228F41DC (without this patch)

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agotarget-ppc: Bug Fix: mulldo OV Detection
Tom Musta [Tue, 12 Aug 2014 13:45:08 +0000 (08:45 -0500)]
target-ppc: Bug Fix: mulldo OV Detection

Fix the code to properly detect overflow; the 128 bit signed
product must have all zeroes or all ones in the first 65 bits
otherwise OV should be set.

Example:

R3 45F086A5D5887509
R4 0000000000000002
mulldo 3,3,4

Should set XER[OV].

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agotarget-ppc: Bug Fix: mullw
Tom Musta [Tue, 12 Aug 2014 13:45:06 +0000 (08:45 -0500)]
target-ppc: Bug Fix: mullw

For 64-bit implementations, the mullw result is the 64 bit product
of the sign-extended least significant 32 bits of the source
registers.

Fix the code to properly sign extend the source operands and produce
a 64 bit product.

Example:
R3 00000000002F37A0
R4 41C33D242F816715
mullw 3,3,4
R3 expected : 0008C3146AE0F020
R3 actual   : 000000006AE0F020 (without this patch)

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agotarget-ppc: Bug Fix: mullwo
Tom Musta [Tue, 12 Aug 2014 13:45:07 +0000 (08:45 -0500)]
target-ppc: Bug Fix: mullwo

On 64-bit implementations, the mullwo result is the 64 bit product of
the signed 32 bit operands.  Fix the implementation to properly deposit
the upper 32 bits into the target register.

Example:

R3 0407DED115077586
R4 53778DF3CA992E09
mullwo 3,3,4
R3 expected : FB9D02730D7735B6
R3 actual   : 000000000D7735B6 (without this patch)

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agotarget-ppc: Bug Fix: rlwimi
Tom Musta [Tue, 12 Aug 2014 13:45:05 +0000 (08:45 -0500)]
target-ppc: Bug Fix: rlwimi

The rlwimi specification includes the ROTL32 operation, which is defined
to be a left rotation of two copies of the least significant 32 bits of
the source GPR.

The current implementation is incorrect on 64-bit implementations in that
it rotates a single copy of the least significant 32 bits, padding with
zeroes in the most significant bits.

Fix the code to properly implement this ROTL32 operation.

Also fix the special case of MB=31 and ME=0 to copy the entire contents
of the source GPR.

Examples:

R3 FFFFFFFFFFFFFFF0
rlwimi 3,3,29,14,1
R3 expected : 1FFFFFFE3FFFFFFE
R3 actual   : 000000003FFFFFFE (without this patch)

R3 ED7EB4DD824F0853
rlwimi 3,3,10,31,0
R3 expected : 3C214E09024F0853
R3 actual   : 00000000024F0853 (without this patch)

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agotarget-ppc: Bug Fix: rlwnm
Tom Musta [Tue, 12 Aug 2014 13:45:04 +0000 (08:45 -0500)]
target-ppc: Bug Fix: rlwnm

The rlwnm specification includes the ROTL32 operation, which is defined
to be a left rotation of two copies of the least significant 32 bits of
the source GPR.

The current implementation is incorrect on 64-bit implementations in that
it rotates a single copy of the least significant 32 bits, padding with
zeroes in the most significant bits.

Fix the code to properly implement this ROTL32 operation.

Example:

R3 = 0000000000000002
R4 = 7FFFFFFFFFFFFFFF
rlwnm 3,3,4,31,16
R3 expected : 0000000100000001
R3 actual   : 0000000000000001 (without this patch)

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agotarget-ppc: Bug Fix: rlwinm
Tom Musta [Tue, 12 Aug 2014 13:45:03 +0000 (08:45 -0500)]
target-ppc: Bug Fix: rlwinm

The rlwinm specification includes the ROTL32 operation, which is defined
to be a left rotation of two copies of the least significant 32 bits of
the source GPR.

The current implementation is incorrect on 64-bit implementations in that
it rotates a single copy of the least significant 32 bits, padding with
zeroes in the most significant bits.

Fix the code to properly implement this ROTL32 operation.

Example:
R3 = F7487D82EC6F75DF
rlwinm 3,3,5,12,4

R3 expected : 8DEEBBFD880EBBFD
R3 actual   : 00000000880EBBFD (without this fix)

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoppc/spapr: Fix MAX_CPUS to 255
Nikunj A Dadhania [Fri, 27 Jun 2014 06:47:38 +0000 (12:17 +0530)]
ppc/spapr: Fix MAX_CPUS to 255

MAX_CPUS 256 is inconsistent with qemu supporting upto 255 cpus. This
MAX_CPUS number was percolated back to "virsh capabilities" with wrong
max_cpus.

Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoppc: Add hw breakpoint watchpoint support
Bharat Bhushan [Mon, 14 Jul 2014 09:15:37 +0000 (14:45 +0530)]
ppc: Add hw breakpoint watchpoint support

This patch adds hardware breakpoint and hardware watchpoint support
for ppc.

On BOOKE architecture we cannot share debug resources between QEMU
and guest because:
    When QEMU is using debug resources then debug exception must
    be always enabled. To achieve this we set MSR_DE and also set
    MSRP_DEP so guest cannot change MSR_DE.

    When emulating debug resource for guest we want guest
    to control MSR_DE (enable/disable debug interrupt on need).

    So above mentioned two configuration cannot be supported
    at the same time. So the result is that we cannot share
    debug resources between QEMU and Guest on BOOKE architecture.

In the current design QEMU gets priority over guest,
this means that if QEMU is using debug resources then guest
cannot use them and if guest is using debug resource then
qemu can overwrite them.

When QEMU is not able to handle debug exception then we inject program
exception to guest. Yes program exception NOT debug exception and the
reason is:
 1) QEMU and guest not sharing debug resources
 2) For software breakpoint QEMU uses a ehpriv-1 instruction;

 So there cannot be any reason that we are in qemu with exit reason
 KVM_EXIT_DEBUG  for guest set debug exception, only possibility is
 guest executed ehpriv-1 privilege instruction and that's why we are
 injecting program exception.

Signed-off-by: Bharat Bhushan <Bharat.Bhushan@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoppc: Add software breakpoint support
Bharat Bhushan [Mon, 14 Jul 2014 09:15:38 +0000 (14:45 +0530)]
ppc: Add software breakpoint support

This patch allow insert/remove software breakpoint.

When QEMU is not able to handle debug exception then we inject
program exception to guest because for software breakpoint QEMU
uses a ehpriv-1 instruction;
So there cannot be any reason that we are in qemu with exit reason
KVM_EXIT_DEBUG  for guest set debug exception, only possibility is
guest executed ehpriv-1 privilege instruction and that's why we are
injecting program exception.

Signed-off-by: Bharat Bhushan <Bharat.Bhushan@freescale.com>
[agraf: make deflect comment booke/book3s agnostic]
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoppc: synchronize excp_vectors for injecting exception
Bharat Bhushan [Mon, 14 Jul 2014 09:15:36 +0000 (14:45 +0530)]
ppc: synchronize excp_vectors for injecting exception

This patch synchronizes env->excp_vectors[] with env->iovr[].
This is required for using the existing interrupt injection mechanism
for kvm.

Signed-off-by: Bharat Bhushan <Bharat.Bhushan@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoppc: debug stub: Get trap instruction opcode from KVM
Bharat Bhushan [Mon, 14 Jul 2014 09:15:35 +0000 (14:45 +0530)]
ppc: debug stub: Get trap instruction opcode from KVM

Get trap instruction opcode from KVM and this opcode will
be used for setting software breakpoint in following patch

Signed-off-by: Bharat Bhushan <Bharat.Bhushan@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agospapr: Locate RTAS and device-tree based on real RMA
Benjamin Herrenschmidt [Mon, 21 Jul 2014 03:02:04 +0000 (13:02 +1000)]
spapr: Locate RTAS and device-tree based on real RMA

We currently calculate the final RTAS and FDT location based on
the early estimate of the RMA size, cropped to 256M on KVM since
we only know the real RMA size at reset time which happens much
later in the boot process.

This means the FDT and RTAS end up right below 256M while they
could be much higher, using precious RMA space and limiting
what the OS bootloader can put there which has proved to be
a problem with some OSes (such as when using very large initrd's)

Fortunately, we do the actual copy of the device-tree into guest
memory much later, during reset, late enough to be able to do it
using the final RMA value, we just need to move the calculation
to the right place.

However, RTAS is still loaded too early, so we change the code to
load the tiny blob into qemu memory early on, and then copy it into
guest memory at reset time. It's small enough that the memory usage
doesn't matter.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[aik: fixed errors from checkpatch.pl, defined RTAS_MAX_ADDR]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[agraf: fix compilation on 32bit hosts]
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoloader: Add load_image_size() to replace load_image()
Benjamin Herrenschmidt [Mon, 21 Jul 2014 03:02:03 +0000 (13:02 +1000)]
loader: Add load_image_size() to replace load_image()

A subsequent patch to ppc/spapr needs to load the RTAS blob into
qemu memory rather than target memory (so it can later be copied
into the right spot at machine reset time).

I would use load_image() but it is marked deprecated because it
doesn't take a buffer size as argument, so let's add load_image_size()
that does.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[aik: fixed errors from checkpatch.pl]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agospapr: Fix ibm, associativity for memory nodes
Alexey Kardashevskiy [Thu, 3 Jul 2014 03:10:07 +0000 (13:10 +1000)]
spapr: Fix ibm, associativity for memory nodes

We want the associtivity lists of memory and CPU nodes to match but
memory nodes have incorrect domain#3 which is zero for CPU so they won't
match.

This clears domain#3 in the list to match CPUs associtivity lists.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agospapr: Add a helper for node0_size calculation
Alexey Kardashevskiy [Thu, 3 Jul 2014 03:10:06 +0000 (13:10 +1000)]
spapr: Add a helper for node0_size calculation

In multiple places there is a node0_size variable calculation
which assumes that NUMA node #0 and memory node #0 are the same
things which they are not. Since we are going to change it and
do not want to change it in multiple places, let's make a helper.

This adds a spapr_node0_size() helper and makes use of it.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agospapr: Split memory nodes to power-of-two blocks
Alexey Kardashevskiy [Thu, 3 Jul 2014 03:10:05 +0000 (13:10 +1000)]
spapr: Split memory nodes to power-of-two blocks

Linux kernel expects nodes to have power-of-two size and
does WARN_ON if this is not the case:
[    0.041456] WARNING: at drivers/base/memory.c:115
which is:

===
/* Validate blk_sz is a power of 2 and not less than section size */
if ((block_sz & (block_sz - 1)) || (block_sz < MIN_MEMORY_BLOCK_SIZE)) {
         WARN_ON(1);
        block_sz = MIN_MEMORY_BLOCK_SIZE;
}
===

This splits memory nodes into set of smaller blocks with
a size which is a power of two. This makes sure the start
address of every node is aligned to the node size.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[agraf: squash windows compile fix in]
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agospapr: Refactor spapr_populate_memory() to allow memoryless nodes
Alexey Kardashevskiy [Thu, 3 Jul 2014 03:10:04 +0000 (13:10 +1000)]
spapr: Refactor spapr_populate_memory() to allow memoryless nodes

Current QEMU does not support memoryless NUMA nodes, however
actual hardware may have them so it makes sense to have a way
to emulate them in QEMU. This prepares SPAPR for that.

This moves 2 calls of spapr_populate_memory_node() into
the existing loop over numa nodes so first several nodes may
have no memory and this still will work.

If there is no numa configuration, the code assumes there is just
a single node at 0 and it has all the guest memory.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agospapr: Use DT memory node rendering helper for other nodes
Alexey Kardashevskiy [Thu, 3 Jul 2014 03:10:03 +0000 (13:10 +1000)]
spapr: Use DT memory node rendering helper for other nodes

This finishes refactoring by using the spapr_populate_memory_node helper
for all nodes and removing leftovers from spapr_populate_memory().

This is not a part of the previous patch because the patches look
nicer apart.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agospapr: Move DT memory node rendering to a helper
Alexey Kardashevskiy [Thu, 3 Jul 2014 03:10:02 +0000 (13:10 +1000)]
spapr: Move DT memory node rendering to a helper

This moves recurring bits of code related to memory@xxx nodes
creation to a helper.

This makes use of the new helper for node@0.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agospapr: fix possible memory leak
Gonglei [Sat, 26 Jul 2014 04:45:33 +0000 (12:45 +0800)]
spapr: fix possible memory leak

get_boot_devices_list() will malloc memory, spapr_finalize_fdt
doesn't free it.

Signed-off-by: Chenliang <chenliang88@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoPPC: mac99: Move NVRAM to page boundary when necessary
Alexander Graf [Fri, 11 Jul 2014 01:24:39 +0000 (03:24 +0200)]
PPC: mac99: Move NVRAM to page boundary when necessary

When running KVM we have to adhere to host page boundaries for memory slots.
Unfortunately the NVRAM on mac99 is a 4k RAM hole inside of an MMIO flash
area.

So if our host is configured with 64k page size, we can't use the mac99 target
with KVM. This is a real shame, as this limitation is not really an issue - we
can easily map NVRAM somewhere else and at least Linux and Mac OS X use it
at their new location.

So in that emergency case when it's about failing to run at all and moving NVRAM
to a place it shouldn't be at, choose the latter.

This patch enables -M mac99 with KVM on 64k page size hosts.

Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agospapr: add uuid/host details to device tree
Nikunj A Dadhania [Wed, 9 Jul 2014 10:38:37 +0000 (16:08 +0530)]
spapr: add uuid/host details to device tree

Useful for identifying the guest/host uniquely within the
guest. Adding following properties to the guest root node.

vm,uuid - uuid of the guest
host-model - Host model number
host-serial - Host machine serial number
hypervisor type - Tells its "kvm"

Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agohw/ppc/spapr_hcall.c: Fix typo in function names
Peter Maydell [Tue, 8 Jul 2014 15:02:26 +0000 (16:02 +0100)]
hw/ppc/spapr_hcall.c: Fix typo in function names

Fix a typo in the names of a couple of functions
(s/resouce/resource/).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agolinux-user: Handle PPC64 ELFv2 Function Pointers
Tom Musta [Mon, 30 Jun 2014 13:13:42 +0000 (08:13 -0500)]
linux-user: Handle PPC64 ELFv2 Function Pointers

Function pointers in the 64-bit ELFv2 PowerPC ABI are actual (internal)
entry point addresses.  However, when invoking a function via a function
pointer, GPR 12 must also be set to this address so that the TOC may be
handled properly.

Add this support to the invocation of a signal handler.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agolinux-user: Implement do_setcontext for PPC64
Tom Musta [Mon, 30 Jun 2014 13:13:40 +0000 (08:13 -0500)]
linux-user: Implement do_setcontext for PPC64

Eliminate the stub for the do_setcontext() function for TARGET_PPC64.  The
implementation re-uses the existing TARGET_PPC32 code with the only change
being the computation of the address of the register save area.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agolinux-user: Properly Dereference PPC64 ELFv1 Signal Handler Pointer
Tom Musta [Mon, 30 Jun 2014 13:13:39 +0000 (08:13 -0500)]
linux-user: Properly Dereference PPC64 ELFv1 Signal Handler Pointer

Properly dereference 64-bit PPC ELF V1 ABIT function pointers to signal handlers.
On this platform, function pointers are pointers to structures and the first 64
bits of such a structure contains the function's entry point.  The second 64 bits
contains the TOC pointer, which must be placed into GPR 2.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agolinux-user: Enable Signal Handlers on PPC64
Tom Musta [Mon, 30 Jun 2014 13:13:38 +0000 (08:13 -0500)]
linux-user: Enable Signal Handlers on PPC64

Enable the 64-bit PowerPC signal handling code that was previously
disabled via #ifdefs.  Specifically:

  - Move the target_mcontext (register save area) structure and
    append it to the 64-bit target_sigcontext structure.  This
    provides the space on the stack for saving and restoring
    context.
  - Define the target_rt_sigframe for 64-bit.
  - Adjust the setup_frame and setup_rt_frame routines to properly
    select the target_mcontext area and trampoline within the stack
    frame; tthis is different for 32-bit and 64-bit implementations.
  - Adjust the do_setcontext stub for 64-bit so that it compiles
    without warnings.

The 64-bit signal handling code is still not functional after this
change; but the 32-bit code is.  Subsequent changes will address
specific issues with the 64-bit code.

Signed-off-by: Tom Musta <tommusta@gmail.com>
[agraf: fix build on 32bit hosts, ppc64abi32]
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agolinux-user: Split PPC Trampoline Encoding from Register Save
Tom Musta [Mon, 30 Jun 2014 13:13:37 +0000 (08:13 -0500)]
linux-user: Split PPC Trampoline Encoding from Register Save

Split the encoding of the PowerPC sigreturn trampoline from the saving of
register state onto the signal handler stack.  This will make it easier
in subsequent patches to deal with variations in the stack frame layouts between
32 and 64 bit PowerPC.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agolinux-user: Fix Stack Pointer Bug in PPC setup_rt_frame
Tom Musta [Mon, 30 Jun 2014 13:13:36 +0000 (08:13 -0500)]
linux-user: Fix Stack Pointer Bug in PPC setup_rt_frame

The code that sets the stack frame back pointer is incorrect for
the setup_rt_frame() code; qemu will abort (SIGSEGV) in some
environments.  The setup_frame code  was fixed in commit
beb526b12134a6b6744125deec5a7fe24a8f92e3 but the setup_rt_frame
code was not.

Make the setup_rt_frame code consistent with the setup_frame
code.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoppc: spapr-rtas - implement os-term rtas call
Nikunj A Dadhania [Mon, 30 Jun 2014 08:35:29 +0000 (14:05 +0530)]
ppc: spapr-rtas - implement os-term rtas call

PAPR compliant guest calls this in absence of kdump. This finally
reaches the guest and can be handled according to the policies set by
higher level tools(like taking dump) for further analysis by tools like
crash.

Linux kernel calls ibm,os-term when extended property of os-term is set.
This makes sure that a return to the linux kernel is gauranteed.

Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
[agraf: reduce RTAS_TOKEN_MAX]
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoPPC: KVM: Fix g3beige and mac99 when HV is loaded
Alexander Graf [Thu, 24 Jul 2014 08:46:47 +0000 (10:46 +0200)]
PPC: KVM: Fix g3beige and mac99 when HV is loaded

On PPC we have 2 different styles of KVM: PR and HV. HV can only virtualize
sPAPR guests while PR can virtualize everything that's reasonably close to
the host hardware platform.

As long as only one kernel module (PR or HV) is loaded, the "default" kvm type
is the module that's loaded. So if your hardware only supports PR mode you can
easily spawn a Mac VM.

However, if both HV and PR are loaded we default to HV mode. And in that case
the Mac machines have to explicitly ask for PR mode to get a working VM.

Fix this up by explicitly having the Mac machines ask for PR style KVM. This
fixes bootup of Mac VMs on systems where bot HV and PR kvm modules are loaded
for me.

Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoMerge remote-tracking branch 'remotes/spice/tags/pull-spice-20140902-1' into staging
Peter Maydell [Tue, 2 Sep 2014 09:26:10 +0000 (10:26 +0100)]
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140902-1' into staging

sanity check for qxl, minor spice display channel tweak.

# gpg: Signature made Tue 02 Sep 2014 09:53:39 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/spice/tags/pull-spice-20140902-1:
  spice: use console index as display id
  qxl-render: add more sanity checks

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoimplementing victim TLB for QEMU system emulated TLB
Xin Tong [Tue, 5 Aug 2014 01:35:23 +0000 (20:35 -0500)]
implementing victim TLB for QEMU system emulated TLB

QEMU system mode page table walks are expensive. Taken by running QEMU
qemu-system-x86_64 system mode on Intel PIN , a TLB miss and walking a
4-level page tables in guest Linux OS takes ~450 X86 instructions on
average.

QEMU system mode TLB is implemented using a directly-mapped hashtable.
This structure suffers from conflict misses. Increasing the
associativity of the TLB may not be the solution to conflict misses as
all the ways may have to be walked in serial.

A victim TLB is a TLB used to hold translations evicted from the
primary TLB upon replacement. The victim TLB lies between the main TLB
and its refill path. Victim TLB is of greater associativity (fully
associative in this patch). It takes longer to lookup the victim TLB,
but its likely better than a full page table walk. The memory
translation path is changed as follows :

Before Victim TLB:
1. Inline TLB lookup
2. Exit code cache on TLB miss.
3. Check for unaligned, IO accesses
4. TLB refill.
5. Do the memory access.
6. Return to code cache.

After Victim TLB:
1. Inline TLB lookup
2. Exit code cache on TLB miss.
3. Check for unaligned, IO accesses
4. Victim TLB lookup.
5. If victim TLB misses, TLB refill
6. Do the memory access.
7. Return to code cache

The advantage is that victim TLB can offer more associativity to a
directly mapped TLB and thus potentially fewer page table walks while
still keeping the time taken to flush within reasonable limits.
However, placing a victim TLB before the refill path increase TLB
refill path as the victim TLB is consulted before the TLB refill. The
performance results demonstrate that the pros outweigh the cons.

some performance results taken on SPECINT2006 train
datasets and kernel boot and qemu configure script on an
Intel(R) Xeon(R) CPU  E5620  @ 2.40GHz Linux machine are shown in the
Google Doc link below.

https://docs.google.com/spreadsheets/d/1eiItzekZwNQOal_h-5iJmC4tMDi051m9qidi5_nwvH4/edit?usp=sharing

In summary, victim TLB improves the performance of qemu-system-x86_64 by
11% on average on SPECINT2006, kernelboot and qemu configscript and with
highest improvement of in 26% in 456.hmmer. And victim TLB does not result
in any performance degradation in any of the measured benchmarks. Furthermore,
the implemented victim TLB is architecture independent and is expected to
benefit other architectures in QEMU as well.

Although there are measurement fluctuations, the performance
improvement is very significant and by no means in the range of
noises.

Signed-off-by: Xin Tong <trent.tong@gmail.com>
Message-id: 1407202523-23553-1-git-send-email-trent.tong@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add instructions of SR opcode format
Bastian Koppelmann [Mon, 1 Sep 2014 12:00:00 +0000 (13:00 +0100)]
target-tricore: Add instructions of SR opcode format

Add instructions of SR opcode format.
Add micro-op generator functions for saturate.
Add helper return from exception (rfe).

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-id: 1409572800-4116-16-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add instructions of SLR, SSRO and SRO opcode format
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:59 +0000 (12:59 +0100)]
target-tricore: Add instructions of SLR, SSRO and SRO opcode format

Add instructions of SLR, SSRO and SRO opcode format.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1409572800-4116-15-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add instructions of SC opcode format
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:58 +0000 (12:59 +0100)]
target-tricore: Add instructions of SC opcode format

Add instructions of SC opcode format.
Add helper for begin interrupt service routine.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-id: 1409572800-4116-14-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add instructions of SBR opcode format
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:57 +0000 (12:59 +0100)]
target-tricore: Add instructions of SBR opcode format

Add instructions of SBR opcode format.
Add gen_loop micro-op generator function.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1409572800-4116-13-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add instructions of SBC and SBRN opcode format
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:56 +0000 (12:59 +0100)]
target-tricore: Add instructions of SBC and SBRN opcode format

Add instructions of SBC and SBRN opcode format.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1409572800-4116-12-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add instructions of SB opcode format
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:55 +0000 (12:59 +0100)]
target-tricore: Add instructions of SB opcode format

Add instructions of SB opcode format.
Add helper call/ret.
Add micro-op generator functions for branches.
Add makro to generate helper functions.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-id: 1409572800-4116-11-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add instructions of SRRS and SLRO opcode format
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:54 +0000 (12:59 +0100)]
target-tricore: Add instructions of SRRS and SLRO opcode format

Add instructions of SSRS and SLRO opcode format.
Add micro-op generator functions for offset loads.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1409572800-4116-10-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add instructions of SSR opcode format
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:53 +0000 (12:59 +0100)]
target-tricore: Add instructions of SSR opcode format

Add instructions of SSR opcode format.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1409572800-4116-9-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add instructions of SRR opcode format
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:52 +0000 (12:59 +0100)]
target-tricore: Add instructions of SRR opcode format

Add instructions of SRR opcode format.
Add helper for add/sub_ssov.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-id: 1409572800-4116-8-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add instructions of SRC opcode format
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:51 +0000 (12:59 +0100)]
target-tricore: Add instructions of SRC opcode format

Add instructions of SRC opcode format.
Add micro-op generator functions for add, conditional add/sub and shi/shai.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1409572800-4116-7-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add masks and opcodes for decoding
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:50 +0000 (12:59 +0100)]
target-tricore: Add masks and opcodes for decoding

Add masks and opcodes for decoding TriCore instructions.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1409572800-4116-6-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add initialization for translation and activate target
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:49 +0000 (12:59 +0100)]
target-tricore: Add initialization for translation and activate target

Add tcg and cpu model initialization.
Add gen_intermediate_code function.
Activate target in configure and add softmmu config.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-id: 1409572800-4116-5-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add softmmu support
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:48 +0000 (12:59 +0100)]
target-tricore: Add softmmu support

Add basic softmmu support for TriCore

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-id: 1409572800-4116-4-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add board for systemmode
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:47 +0000 (12:59 +0100)]
target-tricore: Add board for systemmode

Add basic board to allow systemmode emulation

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-id: 1409572800-4116-3-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-tricore: Add target stubs and qom-cpu
Bastian Koppelmann [Mon, 1 Sep 2014 11:59:46 +0000 (12:59 +0100)]
target-tricore: Add target stubs and qom-cpu

Add TriCore target stubs, and QOM cpu, and Maintainer

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-id: 1409572800-4116-2-git-send-email-kbastian@mail.uni-paderborn.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoMerge remote-tracking branch 'remotes/borntraeger/tags/kvm-s390-20140901' into staging
Peter Maydell [Mon, 1 Sep 2014 12:57:45 +0000 (13:57 +0100)]
Merge remote-tracking branch 'remotes/borntraeger/tags/kvm-s390-20140901' into staging

s390x/kvm: Several updates/fixes/features

1. s390x/kvm: avoid synchronize_rcu's in kernel
----------------------------------------------
The first patches change s390x/kvm code to issue VCPU specific ioctls
from the VCPU thread. This will avoid unnecessary synchronize_rcu in
the kernel, which caused a noticably slowdown with many guest CPUs.
It speeds up all start/restart/reset operations involving cpus
drastically.

2. s390-ccw.img: block size and DASD format support
---------------------------------------------------
The second part changes the s390-ccw bios to IPL (boot)  more disk
formats than before. Furthermore a small fix is made to the console
output of the bios.

3. s390: Support for Hotplug of Standby Memory
----------------------------------------------
The third part adds support in s390 for a pool of standby memory,
which can be set online/offline by the guest (ie, via chmem).
The standby pool of memory is allocated as the difference between
the initial memory setting and the maxmem setting.
As part of this work, additional results are provided for the
Read SCP Information SCLP, and new implentation is added for the
Read Storage Element Information, Attach Storage Element,
Assign Storage and Unassign Storage SCLPs, which enables the s390
guest to manipulate the standby memory pool.

This patchset is based on work originally done by Jeng-Fang (Nick)
Wang.

Sample qemu command snippet:

qemu -machine s390-ccw-virtio  -m 1024M,maxmem=2048M,slots=32 -enable-kvm

This will allocate 1024M of active memory, and another 1024M
of standby memory.  Example output from s390-tools lsmem:
=============================================================================
0x0000000000000000-0x000000000fffffff        256  online   no         0-127
0x0000000010000000-0x000000001fffffff        256  online   yes        128-255
0x0000000020000000-0x000000003fffffff        512  online   no         256-511
0x0000000040000000-0x000000007fffffff       1024  offline  -          512-1023

Memory device size  : 2 MB
Memory block size   : 256 MB
Total online memory : 1024 MB
Total offline memory: 1024 MB

The guest can dynamically enable part or all of the standby pool
via the s390-tools chmem, for example:

chmem -e 512M

And can attempt to dynamically disable:

chmem -d 512M

4. s390x/gdb: various fixes
---------------------------
* Patch 1 fixes a bug where the cc was changed accidentally.
* Patch 2 adds the gdb feature XML files for s390x
* Patch 3 Define acr and fpr registers as coprocessor registers. This allows us
   to reuse the feature XML files.
* Patch 4 whitespace fixes

# gpg: Signature made Mon 01 Sep 2014 12:53:39 BST using RSA key ID B5A61C7C
# gpg: Can't check signature: public key not found

* remotes/borntraeger/tags/kvm-s390-20140901:
  s390x/gdb: coding style fixes
  s390x/gdb: generate target.xml and handle fp/ac as coprocessors
  s390x/gdb: add the feature xml files for s390x
  s390x/gdb: don't touch the cc if tcg is not enabled
  sclp-s390: Add memory hotplug SCLPs
  s390-virtio: Apply same memory boundaries as virtio-ccw
  virtio-ccw: Include standby memory when calculating storage increment
  sclp-s390: Add device to manage s390 memory hotplug
  pc-bios/s390-ccw.img binary update
  pc-bios/s390-ccw: Do proper console setup
  pc-bios/s390-ccw: IPL from DASD with format variations
  pc-bios/s390-ccw Really big EAV ECKD DASD handling
  pc-bios/s390-ccw Improve ECKD informational message
  pc-bios/s390-ccw: handle more ECKD DASD block sizes
  pc-bios/s390-ccw: support all virtio block size
  s390x/kvm: execute the first cpu reset on the vcpu thread
  s390x/kvm: execute "system reset" cpu resets on the vcpu thread
  s390x/kvm: execute sigp orders on the target vcpu thread
  s390x/kvm: run guest triggered resets on the target vcpu thread

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agospice: use console index as display id
Gerd Hoffmann [Fri, 29 Aug 2014 08:13:28 +0000 (10:13 +0200)]
spice: use console index as display id

... instead of maintaining our own numbering.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 years agoqxl-render: add more sanity checks
Gerd Hoffmann [Fri, 29 Aug 2014 07:27:52 +0000 (09:27 +0200)]
qxl-render: add more sanity checks

Damn, the dirty rectangle values are signed integers.  So the checks
added by commit 788fbf042fc6d5aaeab56757e6dad622ac5f0c21 are not good
enough, we also have to make sure they are not negative.

[ Note: There must be something broken in spice-server so we get
  negative values in the first place.  Bug opened:
  https://bugzilla.redhat.com/show_bug.cgi?id=1135372 ]

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
10 years agos390x/gdb: coding style fixes
David Hildenbrand [Fri, 29 Aug 2014 13:52:17 +0000 (15:52 +0200)]
s390x/gdb: coding style fixes

This patch cleanes up two coding style issues (missing whitespaces).

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agos390x/gdb: generate target.xml and handle fp/ac as coprocessors
David Hildenbrand [Fri, 29 Aug 2014 13:52:16 +0000 (15:52 +0200)]
s390x/gdb: generate target.xml and handle fp/ac as coprocessors

This patch reduces the core registers to the psw and the general purpose
registers. The fpc and ac registers are handled as coprocessors registers by gdb.
This allows to reuse the feature xml files taken from gdb without further
modification and is what other architectures do.

The target.xml is now generated and provided to the gdb client. Therefore, the
client doesn't have to guess which registers are available at which logical
register number.

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agos390x/gdb: add the feature xml files for s390x
David Hildenbrand [Fri, 29 Aug 2014 13:52:15 +0000 (15:52 +0200)]
s390x/gdb: add the feature xml files for s390x

This patch adds the relevant s390x feature xml files taken from gdb.

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agos390x/gdb: don't touch the cc if tcg is not enabled
David Hildenbrand [Fri, 29 Aug 2014 13:52:14 +0000 (15:52 +0200)]
s390x/gdb: don't touch the cc if tcg is not enabled

When reading/writing the psw mask, the condition code may only be touched if
running on tcg.

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agosclp-s390: Add memory hotplug SCLPs
Matthew Rosato [Thu, 28 Aug 2014 15:25:35 +0000 (11:25 -0400)]
sclp-s390: Add memory hotplug SCLPs

Add memory information to read SCP info and add handlers for
Read Storage Element Information, Attach Storage Element,
Assign Storage and Unassign Storage.

Signed-off-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agos390-virtio: Apply same memory boundaries as virtio-ccw
Matthew Rosato [Thu, 28 Aug 2014 15:25:34 +0000 (11:25 -0400)]
s390-virtio: Apply same memory boundaries as virtio-ccw

Although s390-virtio won't support memory hotplug, it should
enforce the same memory boundaries so that it can use shared codepaths
(like read_SCP_info).

Signed-off-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agovirtio-ccw: Include standby memory when calculating storage increment
Matthew Rosato [Thu, 28 Aug 2014 15:25:33 +0000 (11:25 -0400)]
virtio-ccw: Include standby memory when calculating storage increment

When determining the memory increment size, use the maxmem size if
it was specified.

Signed-off-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agosclp-s390: Add device to manage s390 memory hotplug
Matthew Rosato [Thu, 28 Aug 2014 15:25:32 +0000 (11:25 -0400)]
sclp-s390: Add device to manage s390 memory hotplug

Add sclpMemoryHotplugDev to contain associated data structures, etc.

Signed-off-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agopc-bios/s390-ccw.img binary update
Eugene (jno) Dvurechenski [Fri, 29 Aug 2014 09:01:42 +0000 (11:01 +0200)]
pc-bios/s390-ccw.img binary update

Rebuild of s390-ccw.img containing these patches:

  pc-bios/s390-ccw: Do proper console setup
  pc-bios/s390-ccw: support all virtio block size
  pc-bios/s390-ccw: handle more ECKD DASD block sizes
  pc-bios/s390-ccw Improve ECKD informational message
  pc-bios/s390-ccw Really big EAV ECKD DASD handling
  pc-bios/s390-ccw: IPL from DASD with format variations

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agopc-bios/s390-ccw: Do proper console setup
Christian Borntraeger [Fri, 29 Aug 2014 09:01:41 +0000 (11:01 +0200)]
pc-bios/s390-ccw: Do proper console setup

The final newline/return must happen before we reset the sclp via
diag 308.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agopc-bios/s390-ccw: IPL from DASD with format variations
Eugene (jno) Dvurechenski [Fri, 29 Aug 2014 09:01:40 +0000 (11:01 +0200)]
pc-bios/s390-ccw: IPL from DASD with format variations

There are two known cases of DASD format where signatures are
incomplete or absent:

1. result of <dasdfmt -d ldl -L ...> (ECKD_LDL_UNLABELED)
2. CDL with zero keys in IPL1 and IPL2 records

Now the code attempts to
1. find zIPL and use SCSI layout
2. find IPL1 and use CDL layout
3. find CMS1 and use LDL layout
3. find LNX1 and use LDL layout
4. find zIPL and use unlabeled LDL layout
5. find zIPL and use CDL layout
6. die
in this sequence.

Signed-off-by: Eugene (jno) Dvurechenski <jno@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agopc-bios/s390-ccw Really big EAV ECKD DASD handling
Eugene (jno) Dvurechenski [Fri, 29 Aug 2014 09:01:39 +0000 (11:01 +0200)]
pc-bios/s390-ccw Really big EAV ECKD DASD handling

For EAV ECKD DASD, the cylinder count will have the magic value
0xfffeU. Therefore, use the block number to test for valid eckd
addresses instead.

Signed-off-by: Eugene (jno) Dvurechenski <jno@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agopc-bios/s390-ccw Improve ECKD informational message
Eugene (jno) Dvurechenski [Fri, 29 Aug 2014 09:01:38 +0000 (11:01 +0200)]
pc-bios/s390-ccw Improve ECKD informational message

Add block size display to ECKD scheme report.

Signed-off-by: Eugene (jno) Dvurechenski <jno@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agopc-bios/s390-ccw: handle more ECKD DASD block sizes
Eugene (jno) Dvurechenski [Fri, 29 Aug 2014 09:01:37 +0000 (11:01 +0200)]
pc-bios/s390-ccw: handle more ECKD DASD block sizes

Using dasdfmt(8) to format a DASD allows to choose a block size.
There are four supported values: 512, 1024, 2048, and 4096 bytes
per block. Each block size leads to selection of new count of
sectors per track. The head count remains always the same: 15.

This empiric knowledge is used to detect ECKD DASD to IPL from.

Signed-off-by: Eugene (jno) Dvurechenski <jno@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agopc-bios/s390-ccw: support all virtio block size
Eugene (jno) Dvurechenski [Fri, 29 Aug 2014 09:01:36 +0000 (11:01 +0200)]
pc-bios/s390-ccw: support all virtio block size

The block size value may be given "as is" OR as a base value and
a shift count (exponent). So, we have to use calculation to get
the proper number in the code.

The main expression reads as
        (blk_cfg.blk_size << blk_cfg.physical_block_exp)

E.g., various combinations between blk_size=1/physical_block_exp=12
and blk_size=4096/physical_block_exp=0 are valid for 4K blocks.

Signed-off-by: Eugene (jno) Dvurechenski <jno@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agos390x/kvm: execute the first cpu reset on the vcpu thread
David Hildenbrand [Thu, 28 Aug 2014 11:58:52 +0000 (13:58 +0200)]
s390x/kvm: execute the first cpu reset on the vcpu thread

As all full cpu resets currently call into the kernel to do initial cpu reset,
let's run this reset (triggered by cpu_s390x_init()) on the proper vcpu thread.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agos390x/kvm: execute "system reset" cpu resets on the vcpu thread
David Hildenbrand [Thu, 28 Aug 2014 11:58:51 +0000 (13:58 +0200)]
s390x/kvm: execute "system reset" cpu resets on the vcpu thread

Let's execute resets triggered by qemu system resets on the target vcpu thread.
This will avoid synchronize_rcu's in the kernel.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agos390x/kvm: execute sigp orders on the target vcpu thread
David Hildenbrand [Thu, 28 Aug 2014 11:58:50 +0000 (13:58 +0200)]
s390x/kvm: execute sigp orders on the target vcpu thread

All sigp orders that can result in ioctls on the target vcpu should be executed
on the associated vcpu thread.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agos390x/kvm: run guest triggered resets on the target vcpu thread
David Hildenbrand [Thu, 28 Aug 2014 11:58:49 +0000 (13:58 +0200)]
s390x/kvm: run guest triggered resets on the target vcpu thread

Currently, load_normal_reset() and modified_clear_reset() as triggered
by a guest vcpu will initiate cpu resets on the current vcpu thread for
all cpus. The reset should happen on the individual vcpu thread
instead, so let's use run_on_cpu() for this.

This avoids calls to synchronize_rcu() in the kernel.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
10 years agoMerge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Peter Maydell [Fri, 29 Aug 2014 17:40:04 +0000 (18:40 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Fri 29 Aug 2014 17:25:58 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request: (35 commits)
  quorum: Fix leak of opts in quorum_open
  blkverify: Fix leak of opts in blkverify_open
  nfs: Fix leak of opts in nfs_file_open
  curl: Don't deref NULL pointer in call to aio_poll.
  curl: Allow a cookie or cookies to be sent with http/https requests.
  virtio-blk: allow drive_del with dataplane
  block: acquire AioContext in do_drive_del()
  linux-aio: avoid deadlock in nested aio_poll() calls
  qemu-iotests: add multiwrite test cases
  block: fix overlapping multiwrite requests
  nbd: Follow the BDS' AIO context
  block: Add AIO context notifiers
  nbd: Drop nbd_can_read()
  sheepdog: fix a core dump while do auto-reconnecting
  aio-win32: add support for sockets
  qemu-coroutine-io: fix for Win32
  AioContext: introduce aio_prepare
  aio-win32: add aio_set_dispatching optimization
  test-aio: test timers on Windows too
  AioContext: export and use aio_dispatch
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoquorum: Fix leak of opts in quorum_open
Fam Zheng [Thu, 28 Aug 2014 05:56:12 +0000 (13:56 +0800)]
quorum: Fix leak of opts in quorum_open

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoblkverify: Fix leak of opts in blkverify_open
Fam Zheng [Thu, 28 Aug 2014 05:56:11 +0000 (13:56 +0800)]
blkverify: Fix leak of opts in blkverify_open

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agonfs: Fix leak of opts in nfs_file_open
Fam Zheng [Thu, 28 Aug 2014 05:56:10 +0000 (13:56 +0800)]
nfs: Fix leak of opts in nfs_file_open

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocurl: Don't deref NULL pointer in call to aio_poll.
Richard W.M. Jones [Thu, 28 Aug 2014 08:04:21 +0000 (09:04 +0100)]
curl: Don't deref NULL pointer in call to aio_poll.

In commit 63f0f45f2e89b60ff8245fec81328ddfde42a303 the following
mechanical change was made:

         if (!state) {
-            qemu_aio_wait();
+            aio_poll(state->s->aio_context, true);
         }

The new code now checks if state is NULL and then dereferences it
('state->s') which is obviously incorrect.

This commit replaces state->s->aio_context with
bdrv_get_aio_context(bs), fixing this problem.  The two other hunks
are concerned with getting the BlockDriverState pointer bs to where it
is needed.

The original bug causes a segfault when using libguestfs to access a
VMware vCenter Server and doing any kind of complex read-heavy
operations.  With this commit the segfault goes away.

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocurl: Allow a cookie or cookies to be sent with http/https requests.
Richard W.M. Jones [Fri, 29 Aug 2014 15:03:12 +0000 (16:03 +0100)]
curl: Allow a cookie or cookies to be sent with http/https requests.

In order to access VMware ESX efficiently, we need to send a session
cookie.  This patch is very simple and just allows you to send that
session cookie.  It punts on the question of how you get the session
cookie in the first place, but in practice you can just run a `curl'
command against the server and extract the cookie that way.

To use it, add file.cookie to the curl URL.  For example:

$ qemu-img info 'json: {
    "file.driver":"https",
    "file.url":"https://vcenter/folder/Windows%202003/Windows%202003-flat.vmdk?dcPath=Datacenter&dsName=datastore1",
    "file.sslverify":"off",
    "file.cookie":"vmware_soap_session=\"52a01262-bf93-ccce-d379-8dabb3e55560\""}'
image: [...]
file format: raw
virtual size: 8.0G (8589934592 bytes)
disk size: unavailable

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agovirtio-blk: allow drive_del with dataplane
Stefan Hajnoczi [Mon, 18 Aug 2014 15:07:13 +0000 (16:07 +0100)]
virtio-blk: allow drive_del with dataplane

Now that drive_del acquires the AioContext we can safely allow deleting
the drive.  As with non-dataplane mode, all I/Os submitted by the guest
after drive_del will return EIO.

This patch makes hot unplug work with virtio-blk dataplane.  Previously
drive_del reported an error because the device was busy.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoblock: acquire AioContext in do_drive_del()
Stefan Hajnoczi [Mon, 18 Aug 2014 15:07:12 +0000 (16:07 +0100)]
block: acquire AioContext in do_drive_del()

Make drive_del safe for dataplane where another thread may be running
the BlockDriverState's AioContext.

Note the assumption that AioContext's lifetime exceeds DriveInfo and
BlockDriverState.  We release AioContext after DriveInfo and
BlockDriverState are potentially freed.

This is clearly safe with the global AioContext but also with -object
iothread and implicit iothreads created by -device
virtio-blk-pci,x-data-plane=on (their lifetime is tied to DeviceState,
not BlockDriverState).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolinux-aio: avoid deadlock in nested aio_poll() calls
Stefan Hajnoczi [Mon, 4 Aug 2014 15:56:33 +0000 (16:56 +0100)]
linux-aio: avoid deadlock in nested aio_poll() calls

If two Linux AIO request completions are fetched in the same
io_getevents() call, QEMU will deadlock if request A's callback waits
for request B to complete using an aio_poll() loop.  This was reported
to happen with the mirror blockjob.

This patch moves completion processing into a BH and makes it resumable.
Nested event loops can resume completion processing so that request B
will complete and the deadlock will not occur.

Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Ming Lei <ming.lei@canonical.com>
Cc: Marcin Gibuła <m.gibula@beyond.pl>
Reported-by: Marcin Gibuła <m.gibula@beyond.pl>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Marcin Gibuła <m.gibula@beyond.pl>
10 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140829' into...
Peter Maydell [Fri, 29 Aug 2014 14:48:15 +0000 (15:48 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140829' into staging

target-arm queue:
 * support PMCCNTR in ARMv8
 * various GIC fixes and cleanups
 * Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values
 * Fix regression that disabled VFP for ARMv5 CPUs
 * Update to upstream VIXL 1.5

# gpg: Signature made Fri 29 Aug 2014 15:34:47 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20140829:
  target-arm: Implement pmccfiltr_write function
  target-arm: Remove old code and replace with new functions
  target-arm: Implement pmccntr_sync function
  target-arm: Add arm_ccnt_enabled function
  target-arm: Implement PMCCNTR_EL0 and related registers
  arm: Implement PMCCNTR 32b read-modify-write
  target-arm: Make the ARM PMCCNTR register 64-bit
  hw/intc/arm_gic: honor target mask in gic_update()
  aarch64: raise max_cpus to 8
  arm_gic: Use GIC_NR_SGIS constant
  arm_gic: Do not force PPIs to edge-triggered mode
  arm_gic: GICD_ICFGR: Write model only for pre v1 GICs
  arm_gic: Fix read of GICD_ICFGR
  target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values
  target-arm: Fix regression that disabled VFP for ARMv5 CPUs
  disas/libvixl: Update to upstream VIXL 1.5

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-arm: Implement pmccfiltr_write function
Alistair Francis [Fri, 29 Aug 2014 14:00:30 +0000 (15:00 +0100)]
target-arm: Implement pmccfiltr_write function

This is the function that is called when writing to the
PMCCFILTR_EL0 register

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 73da3da6404855b17d5ae82975a32ff3a4dcae3d.1409025949.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-arm: Remove old code and replace with new functions
Alistair Francis [Fri, 29 Aug 2014 14:00:30 +0000 (15:00 +0100)]
target-arm: Remove old code and replace with new functions

Remove the old PMCCNTR code and replace it with calls to the new
pmccntr_sync() and arm_ccnt_enabled() functions.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 693a6e437d915c2195fd3dc7303f384ca538b7bf.1409025949.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-arm: Implement pmccntr_sync function
Alistair Francis [Fri, 29 Aug 2014 14:00:29 +0000 (15:00 +0100)]
target-arm: Implement pmccntr_sync function

This is used to synchronise the PMCCNTR counter and swap its
state between enabled and disabled if required. It must always
be called twice, both before and after any logic that could
change the state of the PMCCNTR counter.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 62811d4c0f7b1384f7aab62ea2fcfda3dcb0db50.1409025949.git.peter.crosthwaite@xilinx.com
[PMM: fixed minor typos in pmccntr_sync doc comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-arm: Add arm_ccnt_enabled function
Alistair Francis [Fri, 29 Aug 2014 14:00:29 +0000 (15:00 +0100)]
target-arm: Add arm_ccnt_enabled function

Include a helper function to determine if the CCNT counter
is enabled.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: e1a64f17a756e06c8bda8238ad4826d705049f7a.1409025949.git.peter.crosthwaite@xilinx.com
[ PC changes
  * Remove EL based checks
]
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-arm: Implement PMCCNTR_EL0 and related registers
Alistair Francis [Fri, 29 Aug 2014 14:00:29 +0000 (15:00 +0100)]
target-arm: Implement PMCCNTR_EL0 and related registers

This patch adds support for the ARMv8 version of the PMCCNTR and
related registers. It also starts to implement the PMCCFILTR_EL0
register.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: b5d1094764a5416363ee95216799b394ecd011e8.1409025949.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoarm: Implement PMCCNTR 32b read-modify-write
Peter Crosthwaite [Fri, 29 Aug 2014 14:00:29 +0000 (15:00 +0100)]
arm: Implement PMCCNTR 32b read-modify-write

The register is now 64bit, however a 32 bit write to the register
should leave the higher bits unchanged. The open coded write handler
does not implement this, so we need to read-modify-write accordingly.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Alistair Francis <alistair23@gmail.com>
Message-id: ec350573424bb2adc1701c3b9278d26598e2f2d1.1409025949.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-arm: Make the ARM PMCCNTR register 64-bit
Alistair Francis [Fri, 29 Aug 2014 14:00:29 +0000 (15:00 +0100)]
target-arm: Make the ARM PMCCNTR register 64-bit

This makes the PMCCNTR register 64-bit to allow for the
64-bit ARMv8 version.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 6c5bac5fd0ea54963b1fc0e7f9464909f2e19a73.1409025949.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agohw/intc/arm_gic: honor target mask in gic_update()
Sergey Fedorov [Fri, 29 Aug 2014 14:00:29 +0000 (15:00 +0100)]
hw/intc/arm_gic: honor target mask in gic_update()

Take IRQ target mask into account when determining the highest priority
pending interrupt.

Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1407947471-26981-1-git-send-email-serge.fdrv@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoaarch64: raise max_cpus to 8
Joel Schopp [Fri, 29 Aug 2014 14:00:29 +0000 (15:00 +0100)]
aarch64: raise max_cpus to 8

I'm running on a system with 8 cpus and it would be nice to have qemu
support all of them.  The attached patch does that and has been tested.

That said, I'm not sure if 8 is enough or if we want to bump this even higher
now before systems with many more cpus come along. 255 anyone?

Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Joel Schopp <joel.schopp@amd.com>
Message-id: 20140819213304.19537.2834.stgit@joelaarch64.amd.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoarm_gic: Use GIC_NR_SGIS constant
Adam Lackorzynski [Fri, 29 Aug 2014 14:00:29 +0000 (15:00 +0100)]
arm_gic: Use GIC_NR_SGIS constant

Use constant rather than a plain number.

Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Message-id: 1408372255-12358-5-git-send-email-adam@os.inf.tu-dresden.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoarm_gic: Do not force PPIs to edge-triggered mode
Adam Lackorzynski [Fri, 29 Aug 2014 14:00:28 +0000 (15:00 +0100)]
arm_gic: Do not force PPIs to edge-triggered mode

Only SGIs must be WI, done by forcing them to their default
(edge-triggered).

Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Message-id: 1408372255-12358-4-git-send-email-adam@os.inf.tu-dresden.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoarm_gic: GICD_ICFGR: Write model only for pre v1 GICs
Adam Lackorzynski [Fri, 29 Aug 2014 14:00:28 +0000 (15:00 +0100)]
arm_gic: GICD_ICFGR: Write model only for pre v1 GICs

Setting the model is only available in pre-v1 GIC models.

Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Message-id: 1408372255-12358-3-git-send-email-adam@os.inf.tu-dresden.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoarm_gic: Fix read of GICD_ICFGR
Adam Lackorzynski [Fri, 29 Aug 2014 14:00:28 +0000 (15:00 +0100)]
arm_gic: Fix read of GICD_ICFGR

The GICD_ICFGR register covers 4 interrupts per byte.

Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Message-id: 1408372255-12358-2-git-send-email-adam@os.inf.tu-dresden.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values
Peter Maydell [Fri, 29 Aug 2014 14:00:28 +0000 (15:00 +0100)]
target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values

We implement the crypto extensions but were incorrectly reporting
ID register values for the Cortex-A57 which did not advertise
crypto. Use the correct values as described in the TRM.
With this fix Linux correctly detects presence of the crypto
features and advertises them in /proc/cpuinfo.

Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1408718660-7295-1-git-send-email-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agotarget-arm: Fix regression that disabled VFP for ARMv5 CPUs
Peter Maydell [Fri, 29 Aug 2014 14:00:28 +0000 (15:00 +0100)]
target-arm: Fix regression that disabled VFP for ARMv5 CPUs

Commit 2c7ffc414 added support for honouring the CPACR coprocessor
access control register bits which may disable access to VFP
and Neon instructions. However it failed to account for the
fact that the CPACR is only present starting from the ARMv6
architecture version, so it accidentally disabled VFP completely
for ARMv5 CPUs like the ARM926. Linux would detect this as
"no VFP present" and probably fall back to its own emulation,
but other guest OSes might crash or misbehave.

This fixes bug LP:1359930.

Reported-by: Jakub Jermar <jakub@jermar.eu>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1408714940-7192-1-git-send-email-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agodisas/libvixl: Update to upstream VIXL 1.5
Peter Maydell [Fri, 29 Aug 2014 14:00:27 +0000 (15:00 +0100)]
disas/libvixl: Update to upstream VIXL 1.5

Update our copy of libvixl to upstream's 1.5 release.
This includes the upstream versions of the fixes we
were carrying locally (commit ffebe899).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1407162987-4659-1-git-send-email-peter.maydell@linaro.org

10 years agoqemu-iotests: add multiwrite test cases
Stefan Hajnoczi [Wed, 30 Jul 2014 08:53:31 +0000 (09:53 +0100)]
qemu-iotests: add multiwrite test cases

This test case covers the basic bdrv_aio_multiwrite() scenarios:
1. Single request
2. Sequential requests (AABB)
3. Superset overlapping requests (AABBAA)
4. Subset overlapping requests (BBAABB)
5. Head overlapping requests (AABB)
6. Tail overlapping requests (BBAA)
7. Disjoint requests (AA BB)

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
10 years agoblock: fix overlapping multiwrite requests
Stefan Hajnoczi [Wed, 30 Jul 2014 08:53:30 +0000 (09:53 +0100)]
block: fix overlapping multiwrite requests

When request A is a strict superset of request B:

  AAAAAAAA
    BBBB

multiwrite_merge() merges them as follows:

  AABBBB

The tail of request A should have been included:

  AABBBBAA

This patch fixes data loss but this code path is probably rare.  Since
guests cannot assume ordering between in-flight requests, few
applications submit overlapping write requests.

Reported-by: Slava Pestov <sviatoslav.pestov@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>