Peter Maydell [Tue, 4 Mar 2014 15:53:00 +0000 (15:53 +0000)]
Merge remote-tracking branch 'remotes/rth/i386-fix' into staging
* remotes/rth/i386-fix:
target-i386: Fix ucomis and comis memory access
target-i386: Fix SSE status flag corruption
target-i386: Fix CC_OP_CLR vs PF
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 4 Mar 2014 14:50:46 +0000 (14:50 +0000)]
Merge remote-tracking branch 'remotes/borntraeger/tags/kvm-s390-
20140227' into staging
Several features, fixes and cleanups for kvm/s390:
- sclp event facility: cleanup structure. This allows to use
realize/unrealize as well as migration support via vmsd
- reboot: Two fixes that make reboot much more reliable
- ipl: make elf loading more robust
- flic interrupt controller: This allows to migrate floating
interrupts, as well as clear them on reset etc.
- enable async_pf feature of KVM on s390
- several sclp fixes and cleanups
- several sigp fixes and cleanups
* remotes/borntraeger/tags/kvm-s390-
20140227: (22 commits)
s390x/ipl: Fix crash of ELF images with arbitrary entry points
s390x/kvm: Rework priv instruction handlers
s390x/kvm: Add missing SIGP CPU RESET order
s390x/kvm: Rework SIGP INITIAL CPU RESET handler
s390x/cpu: Use ioctl to reset state in the kernel
s390-ccw.img: new binary rom to match latest fixes
s390-ccw.img: Fix sporadic errors with ccw boot image - initialize css
s390-ccw.img: Fix sporadic reboot hangs: Initialize next_idx
s390x/event-facility: exploit realize/unrealize
s390x/event-facility: add support for live migration
s390x/event-facility: code restructure
s390x/event-facility: some renaming
s390x/sclp: Fixed setting of condition code register
s390x/sclp: Add missing checks to SCLP handler
s390x/sclp: Fixed the size of sccb and code parameter
s390x/eventfacility: mask out commands
s390x/virtio-hcall: Specification exception for illegal subcodes
s390x/virtio-hcall: Add range check for hypervisor call
s390x/kvm: Fixed bad SIGP SET-ARCHITECTURE handler
s390x/async_pf: Check for apf extension and enable pfault
...
Conflicts:
linux-headers/linux/kvm.h
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 4 Mar 2014 14:25:34 +0000 (14:25 +0000)]
Merge remote-tracking branch 'remotes/bonzini/scsi-next' into staging
* remotes/bonzini/scsi-next:
block/iscsi: fix segfault if writesame fails
scsi-disk: Add support for port WWN and index descriptors in VPD page 83h
block/iscsi: query for supported VPD pages
block/iscsi: fix deadlock on scsi check condition
scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b
scsi: report thin provisioning errors with werror=report
scsi: Change scsi sense buf size to 252
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 4 Mar 2014 13:09:06 +0000 (13:09 +0000)]
Merge remote-tracking branch 'remotes/mcayland/qemu-sparc' into staging
* remotes/mcayland/qemu-sparc:
sun4m: Add Sun CG3 framebuffer initialisation function
sun4m: Add Sun CG3 framebuffer and corresponding OpenBIOS FCode ROM
sun4m: fix slavio timer RUN/STOP bit
sun4m: Set HostID in NVRAM
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Weil [Thu, 27 Feb 2014 20:28:03 +0000 (21:28 +0100)]
Makefile: Add missing dependency for system emulation (fix build)
Comment from Makefile.objs:
The system emulation needs this dependency (which was missing in Makefile),
otherwise builds without tools (or massive parallel builds) fail.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Richard Henderson [Mon, 24 Feb 2014 23:53:40 +0000 (15:53 -0800)]
target-i386: Fix ucomis and comis memory access
We were loading 16 bytes for both single and double-precision
scalar comparisons.
Reported-by: Alexander Bluhm <bluhm@openbsd.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Richard Henderson [Mon, 24 Feb 2014 22:59:54 +0000 (14:59 -0800)]
target-i386: Fix SSE status flag corruption
When we restore the mxcsr register with FXRSTOR, or set it with gdb,
we need to update the various SSE status flags in CPUX86State
Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Richard Henderson [Fri, 10 Jan 2014 20:38:40 +0000 (12:38 -0800)]
target-i386: Fix CC_OP_CLR vs PF
Parity should be set for a zero result.
Cc: qemu-stable@nongnu.org
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Fam Zheng [Wed, 26 Feb 2014 22:31:33 +0000 (06:31 +0800)]
modules: Fix building with --enable-modules
Compiling util/modules.c with modules enabled fails now.
Fix it by including qemu-common.h before #ifdef testing in module.c.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id:
1393453893-12125-1-git-send-email-famz@redhat.com
Reviewed-by: Hu Tao <hutao@cn.fujitsu.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 27 Feb 2014 16:00:30 +0000 (16:00 +0000)]
Merge remote-tracking branch 'remotes/kvm/uq/master' into staging
* remotes/kvm/uq/master:
KVM: Use return value for error print
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 27 Feb 2014 11:31:51 +0000 (11:31 +0000)]
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-pci-for-qemu-
20140226.0' into staging
Updates include:
- Coverify fixes for vfio & pci-assign (Markus)
- VFIO blacklisting support for known brokwn PCI option ROMs (Bandan)
# gpg: Signature made Wed 26 Feb 2014 18:15:28 GMT using RSA key ID
3BB08B22
# gpg: Can't check signature: public key not found
* remotes/awilliam/tags/vfio-pci-for-qemu-
20140226.0:
vfio: blacklist loading of unstable roms
qdev-monitor: set DeviceState opts before calling realize
pci-assign: Fix potential read beyond buffer on -EBUSY
vfio: Fix overrun after readlink() fills buffer completely
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Mark Cave-Ayland [Tue, 15 Oct 2013 20:03:04 +0000 (21:03 +0100)]
sun4m: Add Sun CG3 framebuffer initialisation function
In order to allow the user to choose the framebuffer for sparc-softmmu, add
-vga tcx and -vga cg3 options to the QEMU command line. If no option is
specified, the default TCX framebuffer is used.
Since proprietary FCode ROMs use a resolution of 1152x900, slightly relax the
validation rules to allow both displays to be initiated at the higher
resolution used by these ROMs upon request (OpenBIOS FCode ROMs default to
the normal QEMU sun4m default resolution of 1024x768).
Finally move any fprintf(stderr ...) statements in the areas affected by this
patch over to the new error_report() function.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Blue Swirl <blauwirbel@gmail.com>
CC: Anthony Liguori <aliguori@amazon.com>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Bob Breuer <breuerr@mc.net>
CC: Artyom Tarasenko <atar4qemu@gmail.com>
Mark Cave-Ayland [Tue, 15 Oct 2013 20:03:04 +0000 (21:03 +0100)]
sun4m: Add Sun CG3 framebuffer and corresponding OpenBIOS FCode ROM
The CG3 framebuffer is a simple 8-bit framebuffer for use with operating
systems such as early Solaris that do not have drivers for TCX.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Blue Swirl <blauwirbel@gmail.com>
CC: Anthony Liguori <aliguori@amazon.com>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Bob Breuer <breuerr@mc.net>
CC: Artyom Tarasenko <atar4qemu@gmail.com>
Mark Cave-Ayland [Sat, 22 Feb 2014 22:54:53 +0000 (22:54 +0000)]
sun4m: fix slavio timer RUN/STOP bit
The sun4m architecture has one 'system' timer and one timer per CPU.
The CPU timers can be configured in two modes:
* 22 bits Counter/Timer. Periodic interrupts.
* 54 bits User timer. For profiling. In this mode, the Run/Stop bit
controls the timer.
The run/stop bit controls the timer only when it is in "User" mode, but
its state shall be persistent.
Signed-off-by: Olivier Danet <odanet@caramail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Mark Cave-Ayland [Sun, 23 Feb 2014 17:08:06 +0000 (17:08 +0000)]
sun4m: Set HostID in NVRAM
On SparcStations, the HostID field in the NVRAM is equal to the last
three bytes of the MAC address (which is also stored in the NVRAM).
This constant is used as an identification/serial number on Solaris.
Signed-off-by: Olivier Danet <odanet@caramail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Thomas Huth [Sat, 8 Feb 2014 11:31:15 +0000 (12:31 +0100)]
s390x/ipl: Fix crash of ELF images with arbitrary entry points
When loading S390 kernels, the current code expects an ELF file with the
start address 0x10000. Other ELF files cause a segmentation fault. To avoid
these crashes, we should get the start address from the ELF file instead
of always using a hard-coded address.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Frank Blaschka [Tue, 11 Feb 2014 07:41:38 +0000 (08:41 +0100)]
s390x/kvm: Rework priv instruction handlers
The current implementation uses the second byte of the instruction
to identify the instruction handler. This is not sufficient to
support instructions not starting with 0xb2. This patch
adds separate handlers for 0xb2, 0xb9 and 0xeb to be able to
support the full instruction set.
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Thomas Huth [Fri, 24 Jan 2014 16:18:38 +0000 (17:18 +0100)]
s390x/kvm: Add missing SIGP CPU RESET order
The SIGP order CPU RESET was still missing in the list of our
supported handler. This patch now adds a simple implementation,
by using the cpu_reset() function that is already available in
target-s390x/cpu.c.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Thomas Huth [Fri, 24 Jan 2014 15:39:54 +0000 (16:39 +0100)]
s390x/kvm: Rework SIGP INITIAL CPU RESET handler
The s390_cpu_initial_reset() function had two deficiencies: First, it
used an ioctl for the destination CPU, and this ioctl could block
nearly forever, as long as the destination CPU was running in the SIE
loop. Second, it also cleared the general purpose registers - something
it should not do according to the Principles of Operations.
Since we've already got another function for the initial CPU reset in
cpu.c, we can also use that function instead. And by using run_on_cpu()
for executing this code, we make sure that the destination CPU is
correctly kicked out of kernel mode now.
Suggested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Thomas Huth [Wed, 12 Feb 2014 08:56:35 +0000 (09:56 +0100)]
s390x/cpu: Use ioctl to reset state in the kernel
Some of the state in the kernel can not be reset from QEMU yet.
For this we've got to use the KVM_S390_INITIAL_RESET ioctl to make
sure that the state in the kernel is set to the right values during
initial CPU reset, too.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Christian Borntraeger [Thu, 13 Feb 2014 08:48:12 +0000 (09:48 +0100)]
s390-ccw.img: new binary rom to match latest fixes
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Christian Borntraeger [Tue, 11 Feb 2014 21:46:53 +0000 (22:46 +0100)]
s390-ccw.img: Fix sporadic errors with ccw boot image - initialize css
We have to set the cssid to 0, otherwise the stsch code will
return an operand exception without the m bit. In the same way
we should set m=0.
This case was triggered in some cases during reboot, if for some
reason the location of blk_schid.cssid contains 1 and m was 0.
Turns out that the qemu elf loader does not zero out the bss section
on reboot.
The symptom was an dump of the old kernel with several areas
overwritten. The bootloader does not register a program check
handler, so bios exception jumped back into the old kernel.
Lets just use a local struct with a designed initializer. That
will guarantee that all other subelements are initialized to 0.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Christian Borntraeger [Wed, 12 Feb 2014 15:17:35 +0000 (16:17 +0100)]
s390-ccw.img: Fix sporadic reboot hangs: Initialize next_idx
The current code does not initialize next_idx in the virtio ring.
As the ccw bios will always use guest memory at a fixed location,
this queue might != 0 after a reboot.
Lets make the initialization explicit.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Heinz Graalfs [Fri, 20 Dec 2013 11:02:17 +0000 (12:02 +0100)]
s390x/event-facility: exploit realize/unrealize
init/exit functionality of abstract SCLPEvent class is now exploiting
realize/unrealize.
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Heinz Graalfs [Wed, 18 Dec 2013 12:59:57 +0000 (13:59 +0100)]
s390x/event-facility: add support for live migration
Add support for live migration using VMStateDescription.
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Heinz Graalfs [Wed, 18 Dec 2013 09:10:49 +0000 (10:10 +0100)]
s390x/event-facility: code restructure
Code restructure in order to simplify class hierarchy
- remove S390SCLPDevice abstract base class
and move function pointers into new SCLPEventFacilityClass
- implement SCLPEventFacility as SysBusDevice
- use define constants for instance creation strings
The following ascii-art shows the class structure wrt the SCLP EventFacility
before (CURRENT) and after the restructure (NEW):
----
CURRENT:
"s390-sclp-events-bus"
+-------------------------+
| SCLPEventsBus |
|-------------------------|
|BusState qbus |
+-------------------------+
+-------------------------+
| SCLPEventFacility | - to be replaced by new SCLPEventFacility,
|-------------------------| which will be a SysBusDevice
|SCLPEventsBus sbus |
|DeviceState *qdev |
|unsigned int receive_mask|
+-------------------------+
+-------------------------+
| S390SCLPDeviceClass | - to be replaced by new SCLPEventFacilityClass
|-------------------------|
|DeviceClass qdev |
|*(init)() |
+-------------------------+
"s390-sclp-event-facility"
|
instance-of
|
V
"s390-sclp-device" - this is an abstract class
+-------------------------+
| S390SCLPDevice (A)| - to be replaced by new SCLPEventFacility
|-------------------------|
|SysBusDevice busdev |
|SCLPEventFacility *ef |
| |
|*(sclp_command_handler)()| - these 2 go to new SCLPEventFacilityClass
|*(event_pending)() |
+-------------------------+
----
NEW:
"s390-sclp-events-bus"
+-------------------------+
| SCLPEventsBus |
|-------------------------|
|BusState qbus |
+-------------------------+
+-------------------------+
| SCLPEventFacilityClass |
|-------------------------|
|DeviceClass parent_class |
| |
|*(init)() |
|*(command_handler)() |
|*(event_pending)() |
+-------------------------+
"s390-sclp-event-facility"
+-------------------------+
| SCLPEventFacility |
|-------------------------|
|SysBusDevice parent_class|
|SCLPEventsBus sbus |
|unsigned int receive_mask|
+-------------------------+
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Heinz Graalfs [Mon, 23 Dec 2013 09:25:38 +0000 (10:25 +0100)]
s390x/event-facility: some renaming
Do some renaming to shorten some identifiers and to emphasize sclp.
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Thomas Huth [Tue, 14 Jan 2014 11:13:32 +0000 (12:13 +0100)]
s390x/sclp: Fixed setting of condition code register
In the SCLP handler function, the condition code register must
only be set if no exception occured.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Thomas Huth [Mon, 13 Jan 2014 11:55:55 +0000 (12:55 +0100)]
s390x/sclp: Add missing checks to SCLP handler
If the 51 most significant bits of the SCCB address are zero or equal to
the prefix, we should throw an specification exception, too.
Also moved the check for privileged mode to sclp_service_call() to have
all program checks in one place now.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Thomas Huth [Mon, 13 Jan 2014 11:19:03 +0000 (12:19 +0100)]
s390x/sclp: Fixed the size of sccb and code parameter
The pointer to the SCCB should not be limited to 32 bits only.
In contrast to this, the command word parameter is only 32 bits
(the upper 32 bits should be ignored).
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Christian Borntraeger [Fri, 7 Feb 2014 12:41:58 +0000 (13:41 +0100)]
s390x/eventfacility: mask out commands
As a followup to commit
5f04c14a10fa7f259bc0808f35a0beda49f7821e
(s390-sclp: Define New SCLP Codes) we should mask the sclp command
not only in base sclp, but also in the event facility.
Based on an initial patch from Ralf Hoppe.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Thomas Huth [Tue, 14 Jan 2014 12:32:23 +0000 (13:32 +0100)]
s390x/virtio-hcall: Specification exception for illegal subcodes
So far, the DIAG 500 hypervisor call was only setting -EINVAL in
R2 when a guest tried to call this function with an illegal subcode.
This patch now changes the behavior so that a specification exception
is thrown instead, since this is the common behavior of other DIAG
functions (and other CPU instructions) when being called with illegal
parameters.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Thomas Huth [Mon, 13 Jan 2014 08:26:49 +0000 (09:26 +0100)]
s390x/virtio-hcall: Add range check for hypervisor call
The handler for diag 500 did not check whether the requested function
was in the supported range, so illegal values could crash QEMU in the
worst case.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: qemu-stable@nongnu.org
Thomas Huth [Wed, 22 Jan 2014 16:02:46 +0000 (17:02 +0100)]
s390x/kvm: Fixed bad SIGP SET-ARCHITECTURE handler
The SET-ARCHITECTURE handler in QEMU caused a program interruption.
This is wrong according to the "Principles of Operations" specification
(since SIGP should never cause a program interrupt) and was likely only
introduced for debugging purposes. Since we handle SET-ARCHITECTURE in
the kernel already and only dropped to user space in case of bad mode
parameters, we should just report INVALID PARAMETER in QEMU instead.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Dominik Dingel [Thu, 5 Sep 2013 11:54:39 +0000 (13:54 +0200)]
s390x/async_pf: Check for apf extension and enable pfault
S390 can also use async page faults, to enhance guest scheduling.
In case of live migration we want to disable the feature and let
all pending request finish.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Jens Freimann [Tue, 16 Jul 2013 07:04:04 +0000 (09:04 +0200)]
s390x/kvm: implement floating-interrupt controller device
This patch implements a floating-interrupt controller device (flic)
which interacts with the s390 flic kvm_device.
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Christian Borntraeger [Fri, 7 Feb 2014 11:13:39 +0000 (12:13 +0100)]
update linux headers to kvm/next
This updates the kvm headers to
commit
d3714010c307d26df251c45be9cd12ab6d41f0c4
KVM: x86: emulator_cmpxchg_emulated should mark_page_dirty
in kvm/next.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Peter Maydell [Wed, 26 Feb 2014 22:53:50 +0000 (22:53 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-
20140226' into staging
target-arm queue:
* fixes for various Coverity-spotted bugs
* support new KVM device control API for VGIC
* support KVM VGIC save/restore/migration
* more AArch64 system mode foundations
* support ARMv8 CRC instructions for A32/T32
* PL330 minor fixes and cleanup
# gpg: Signature made Wed 26 Feb 2014 17:51:32 GMT using RSA key ID
14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-
20140226: (45 commits)
dma/pl330: implement dmaadnh instruction
dma/pl330: Fix buffer depth
dma/pl330: Add event debugging printfs
dma/pl330: Rename parent_obj
dma/pl330: printf format type sweep.
dma/pl330: Fix misleading type
dma/pl330: Delete overly verbose debug printf
target-arm: Add support for AArch32 ARMv8 CRC32 instructions
include/qemu/crc32c.h: Rename include guards to match filename
target-arm: Add utility function for checking AA32/64 state of an EL
target-arm: Implement AArch64 view of CPACR
target-arm: A64: Implement MSR (immediate) instructions
target-arm: Store AIF bits in env->pstate for AArch32
target-arm: A64: Implement WFI
target-arm: Get MMU index information correct for A64 code
target-arm: Implement AArch64 OSLAR_EL1 sysreg as WI
target-arm: Implement AArch64 dummy breakpoint and watchpoint registers
target-arm: Implement AArch64 ID and feature registers
target-arm: Implement AArch64 generic timers
target-arm: Implement AArch64 MPIDR
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 26 Feb 2014 22:31:10 +0000 (22:31 +0000)]
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/
20140225' into staging
migration/next for
20140225
# gpg: Signature made Tue 25 Feb 2014 14:04:31 GMT using RSA key ID
5872D723
# gpg: Can't check signature: public key not found
* remotes/juanquintela/tags/migration/
20140225:
rdma: rename 'x-rdma' => 'rdma'
Fix two XBZRLE corruption issues
Fix vmstate_info_int32_le comparison/assign
qemu_file: use fwrite() correctly
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 26 Feb 2014 20:04:37 +0000 (20:04 +0000)]
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
Net patches
# gpg: Signature made Tue 25 Feb 2014 13:32:33 GMT using RSA key ID
81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/net-pull-request:
virtio-net: use qemu_get_queue() where possible
vhost_net: use offload API instead of bypassing it
net: remove implicit peer from offload API
net: Disable netmap backend when not supported
net: add offloading support to netmap backend
net: make tap offloading callbacks static
net: virtio-net and vmxnet3 use offloading API
net: TAP uses NetClientInfo offloading callbacks
net: extend NetClientInfo for offloading
net: change vnet-hdr TAP prototypes
opencores_eth: flush queue whenever can_receive can go from false to true
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 26 Feb 2014 18:22:11 +0000 (18:22 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-3' into staging
hda-audio: qom cleanups
# gpg: Signature made Mon 24 Feb 2014 12:19:48 GMT using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-audio-3:
hda-audio: qom cleanups
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bandan Das [Wed, 26 Feb 2014 17:33:45 +0000 (10:33 -0700)]
vfio: blacklist loading of unstable roms
Certain cards such as the Broadcom BCM57810 have rom quirks
that exhibit unstable system behavior duing device assignment. In
the particular case of 57810, rom execution hangs and if a FLR
follows, the device becomes inoperable until a power cycle. This
change blacklists loading of rom for such cards unless the user
specifies a romfile or rombar=1 on the cmd line
Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Bandan Das [Wed, 26 Feb 2014 17:32:40 +0000 (10:32 -0700)]
qdev-monitor: set DeviceState opts before calling realize
Setting opts before the realize property is set allows the
following patch to make decisions based on whether the user
specified "rombar". This also avoids having to create a new
tristate property especially for this purpose
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Markus Armbruster [Wed, 26 Feb 2014 17:30:03 +0000 (10:30 -0700)]
pci-assign: Fix potential read beyond buffer on -EBUSY
readlink() doesn't write a terminating null byte.
assign_failed_examine() passes the unterminated string to strrchr().
Oops. Terminate it.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Markus Armbruster [Wed, 26 Feb 2014 17:28:36 +0000 (10:28 -0700)]
vfio: Fix overrun after readlink() fills buffer completely
readlink() returns the number of bytes written to the buffer, and it
doesn't write a terminating null byte. vfio_init() writes it itself.
Overruns the buffer when readlink() filled it completely.
Fix by treating readlink() filling the buffer completely as error,
like we do in pci-assign.c's assign_failed_examine().
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Peter Crosthwaite [Wed, 26 Feb 2014 17:20:09 +0000 (17:20 +0000)]
dma/pl330: implement dmaadnh instruction
Implement the missing DMAADNH instruction. This is a minor variant
of the DMAADDH instruction, so factor out to a common implementation
for both (dmaadxh).
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id:
73ab13532a7cae53441da89b46c279b5f50785e3.
1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Crosthwaite [Wed, 26 Feb 2014 17:20:08 +0000 (17:20 +0000)]
dma/pl330: Fix buffer depth
This is the product of the data-width and the depth arguments, I.e the
depth of the FIFO is in terms of data entries and not bytes (which is
what the original implementation was suggesting). Fix.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
c34de31031511538ccdb3164b48ee8a6a973ebd4.
1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Crosthwaite [Wed, 26 Feb 2014 17:20:08 +0000 (17:20 +0000)]
dma/pl330: Add event debugging printfs
These are helpful to anyone trying to debug event sequencing.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
e82a0ad804db3de4f46839e55a9d287735ef870d.
1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Crosthwaite [Wed, 26 Feb 2014 17:20:08 +0000 (17:20 +0000)]
dma/pl330: Rename parent_obj
As per current QOM conventions.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
abb137347ea1ee9c31487b544f3d5435fb17f6a4.
1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Crosthwaite [Wed, 26 Feb 2014 17:20:08 +0000 (17:20 +0000)]
dma/pl330: printf format type sweep.
Use PRI formats as appropriate rather than raw %x and %d. This fixes
debug printfery on some host platforms. Fix types of debug only
variables as appropriate.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
dbb5f5fd048b2d4a3cb5c6357577d11211a7a585.
1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Crosthwaite [Wed, 26 Feb 2014 17:20:08 +0000 (17:20 +0000)]
dma/pl330: Fix misleading type
This type really should just be a regular int as no usages rely on it's
32 bitness (it's only meaningful as a bit position and not a bit mask).
This also fixes a printf which uses the variable with a regular %d.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
2a99d31f377aee371476d9da8fd0d1b7efa30f63.
1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Crosthwaite [Wed, 26 Feb 2014 17:20:07 +0000 (17:20 +0000)]
dma/pl330: Delete overly verbose debug printf
When using event synchronisation, this particular debug printf floods.
Just delete it.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
dd94d19493f97c47497b9d8caf74ca43e70d58fd.
1393372019.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Will Newton [Wed, 26 Feb 2014 17:20:07 +0000 (17:20 +0000)]
target-arm: Add support for AArch32 ARMv8 CRC32 instructions
Add support for AArch32 CRC32 and CRC32C instructions added in ARMv8
and add a CPU feature flag to enable these instructions.
The CRC32-C implementation used is the built-in qemu implementation
and The CRC-32 implementation is from zlib. This requires adding zlib
to LIBS to ensure it is linked for the linux-user binary.
Signed-off-by: Will Newton <will.newton@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
1393411566-24104-3-git-send-email-will.newton@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Will Newton [Wed, 26 Feb 2014 17:20:07 +0000 (17:20 +0000)]
include/qemu/crc32c.h: Rename include guards to match filename
Signed-off-by: Will Newton <will.newton@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
1393411566-24104-2-git-send-email-will.newton@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 26 Feb 2014 17:20:07 +0000 (17:20 +0000)]
target-arm: Add utility function for checking AA32/64 state of an EL
There are various situations where we need to behave differently
depending on whether a given exception level is in AArch64 or
AArch32 state. The state of the current exception level is stored
in env->aarch64, but there's no equivalent guest-visible architected
state bits for the status of the exception levels "above" the
current one which may still affect execution. At the moment we
only support EL1 (ie no EL2 or EL3) and insist that AArch64
capable CPUs run with EL1 in AArch64 state, but these may change
in the future, so abstract out the "what state is this?" check
into a utility function which can be enhanced later if necessary.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:06 +0000 (17:20 +0000)]
target-arm: Implement AArch64 view of CPACR
Implement the AArch64 view of the CPACR. The AArch64
CPACR is defined to have a lot of RES0 bits, but since
the architecture defines that RES0 bits may be implemented
as reads-as-written and we know that a v8 CPU will have
no registered coprocessors for cp0..cp13 we can safely
implement the whole register this way.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:06 +0000 (17:20 +0000)]
target-arm: A64: Implement MSR (immediate) instructions
Implement the MSR (immediate) instructions, which can update the
PSTATE SP and DAIF fields.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:06 +0000 (17:20 +0000)]
target-arm: Store AIF bits in env->pstate for AArch32
To avoid complication in code that otherwise would not need to
care about whether EL1 is AArch32 or AArch64, we should store
the interrupt mask bits (CPSR.AIF in AArch32 and PSTATE.DAIF
in AArch64) in one place consistently regardless of EL1's mode.
Since AArch64 has an extra enable bit (D for debug exceptions)
which isn't visible in AArch32, this means we need to keep
the enables in env->pstate. (This is also consistent with the
general approach we're taking that we handle 32 bit CPUs as
being like AArch64/ARMv8 CPUs but which only run in 32 bit mode.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:06 +0000 (17:20 +0000)]
target-arm: A64: Implement WFI
Implement the WFI instruction for A64; this just involves wiring
up the instruction, and adding a gen_a64_set_pc_im() which was
accidentally omitted from the A64 decoder top loop.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:05 +0000 (17:20 +0000)]
target-arm: Get MMU index information correct for A64 code
Emit the correct MMU index information for loads and stores from
A64 code, rather than hardwiring it to "always kernel mode",
by storing the exception level in the TB flags, and make
cpu_mmu_index() return the right answer when the CPU is in
AArch64 mode.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:05 +0000 (17:20 +0000)]
target-arm: Implement AArch64 OSLAR_EL1 sysreg as WI
Define a dummy version of the AArch64 OSLAR_EL1 system register
which just ignores writes. Linux will always write to this (it
is the OS lock used for debugging), but we don't support debug.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:05 +0000 (17:20 +0000)]
target-arm: Implement AArch64 dummy breakpoint and watchpoint registers
In AArch64 the breakpoint and watchpoint registers are mandatory, so the
kernel always accesses them on bootup. Implement dummy versions, which
read as written but have no actual effect.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:05 +0000 (17:20 +0000)]
target-arm: Implement AArch64 ID and feature registers
Implement the AArch64-specific ID and feature registers. Although
many of these are currently not used by the architecture (and so
always zero for all implementations), we define the full set of
fields in the ARMCPU struct for symmetry.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:05 +0000 (17:20 +0000)]
target-arm: Implement AArch64 generic timers
Implement the AArch64 view of the generic timer system registers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 26 Feb 2014 17:20:04 +0000 (17:20 +0000)]
target-arm: Implement AArch64 MPIDR
Implement the AArch64 MPIDR system register.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:04 +0000 (17:20 +0000)]
target-arm: Implement AArch64 TTBR*
Implement the AArch64 TTBR* registers. For v7 these were already 64 bits
to handle LPAE, but implemented as two separate uint32_t fields.
Combine them into a single uint64_t which can be used for all purposes.
Since this requires touching every use, take the opportunity to rename
the field to the architectural name.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:04 +0000 (17:20 +0000)]
target-arm: Implement AArch64 VBAR_EL1
Implement the A64 view of the VBAR system register.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:04 +0000 (17:20 +0000)]
target-arm: Implement AArch64 TCR_EL1
Implement the AArch64 TCR_EL1, which is the 64 bit view of
the AArch32 TTBCR. (The uses of the bits in the register are
completely different, but in any given situation the CPU will
always interpret them one way or the other. In fact for QEMU EL1
is always 64 bit, but we share the state field because this
is the correct mapping to permit a future implementation of EL2.)
We also make the AArch64 view the 'master' as far as migration
and reset is concerned.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:03 +0000 (17:20 +0000)]
target-arm: Implement AArch64 SCTLR_EL1
Implement the AArch64 view of the system control register SCTLR_EL1.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:03 +0000 (17:20 +0000)]
target-arm: Implement AArch64 memory attribute registers
Implement the AArch64 memory attribute registers. Since QEMU doesn't
model caches it does not need to care about memory attributes at all,
and we can simply make these read-as-written.
We did not previously implement the AArch32 versions of the MAIR
registers, which went unnoticed because of the overbroad TLB_LOCKDOWN
reginfo definition; provide them now to keep the 64<->32 register
relationship clear.
We already provided AMAIR registers for 32 bit as simple RAZ/WI;
extend that to provide a 64 bit RAZ/WI AMAIR_EL1.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:03 +0000 (17:20 +0000)]
target-arm: Implement AArch64 dummy MDSCR_EL1
We don't support letting the guest do debug, but Linux prods the
monitor debug system control register anyway, so implement a dummy
RAZ/WI version.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:03 +0000 (17:20 +0000)]
target-arm: Implement AArch64 TLB invalidate ops
Implement the AArch64 TLB invalidate operations. This is
the full set of TLBI ops defined for a CPU which doesn't
implement EL2 or EL3.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 26 Feb 2014 17:20:02 +0000 (17:20 +0000)]
target-arm: Implement AArch64 cache invalidate/clean ops
Implement all the AArch64 cache invalidate and clean ops
(which are all NOPs since QEMU doesn't emulate the cache).
The only remaining unimplemented cache op is DC ZVA.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:02 +0000 (17:20 +0000)]
target-arm: Implement AArch64 MIDR_EL1
Implement the AArch64 view of the MIDR system register
(for AArch64 it is a simple constant, unlike the complicated
mess that TI925 imposes on the 32-bit view).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:02 +0000 (17:20 +0000)]
target-arm: Implement AArch64 CurrentEL sysreg
Implement the CurrentEL sysreg.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:01 +0000 (17:20 +0000)]
target-arm: A64: Make cache ID registers visible to AArch64
Make the cache ID system registers (CLIDR, CSSELR, CCSIDR, CTR)
visible to AArch64. These are mostly simple 64-bit extensions of the
existing 32 bit system registers and so can share reginfo definitions.
CTR needs to have a split definition, but we can clean up the
temporary user-mode implementation in favour of using the CPU-specified
reset value, and implement the system-mode-required semantics of
restricting its EL0 accessibility if SCTLR.UCT is not set.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Wed, 26 Feb 2014 17:20:01 +0000 (17:20 +0000)]
target-arm: Fix raw read and write functions on AArch64 registers
The raw read and write functions were using the ARM_CP_64BIT flag in
ri->type to determine whether to treat the register's state field as
uint32_t or uint64_t; however AArch64 register info structs don't use
that flag. Abstract out the "how big is the field?" test into a
function and fix it to work for AArch64 registers. For this to work
we must ensure that the reginfo structs put into the hashtable have
the correct state field for their use, not the placeholder STATE_BOTH.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Christoffer Dall [Wed, 26 Feb 2014 17:20:01 +0000 (17:20 +0000)]
hw: arm_gic_kvm: Add KVM VGIC save/restore logic
Save and restore the ARM KVM VGIC state from the kernel. We rely on
QEMU to marshal the GICState data structure and therefore simply
synchronize the kernel state with the QEMU emulated state in both
directions.
We take some care on the restore path to check the VGIC has been
configured with enough IRQs and CPU interfaces that we can properly
restore the state, and for separate set/clear registers we first fully
clear the registers and then set the required bits.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id:
1392687921-26921-1-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Christoffer Dall [Wed, 26 Feb 2014 17:20:00 +0000 (17:20 +0000)]
arm: vgic device control api support
Support creating the ARM vgic device through the device control API and
setting the base address for the distributor and cpu interfaces in KVM
VMs using this API.
Because the older KVM_CREATE_IRQCHIP interface needs the irq chip to be
created prior to creating the VCPUs, we first test if we can use the
device control API in kvm_arch_irqchip_create (using the test flag from
the device control API). If we cannot, it means we have to fall back to
KVM_CREATE_IRQCHIP and use the older ioctl at this point in time. If
however, we can use the device control API, we don't do anything and
wait until the arm_gic_kvm driver initializes and let that use the
device control API.
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id:
1392687720-26806-5-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Christoffer Dall [Wed, 26 Feb 2014 17:20:00 +0000 (17:20 +0000)]
kvm: Common device control API functions
Introduces two simple functions:
int kvm_device_ioctl(int fd, int type, ...);
int kvm_create_device(KVMState *s, uint64_t type, bool test);
These functions wrap the basic ioctl-based interactions with KVM in a
way similar to other KVM ioctl wrappers.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id:
1392687720-26806-4-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Christoffer Dall [Wed, 26 Feb 2014 17:20:00 +0000 (17:20 +0000)]
kvm: Introduce kvm_arch_irqchip_create
Introduce kvm_arch_irqchip_create an arch-specific hook in preparation
for architecture-specific use of the device control API to create IRQ
chips.
Following patches will implement the ARM irqchip create method to prefer
the device control API over the older KVM_CREATE_IRQCHIP API.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id:
1392687720-26806-3-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Christoffer Dall [Wed, 26 Feb 2014 17:20:00 +0000 (17:20 +0000)]
linux-headers: Update from v3.14-rc3
Update to tag v3.14-rc3 (
6d0abeca3242a88cab8232e4acd7e2bf088f3bc2)
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id:
1392687720-26806-2-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Christoffer Dall [Wed, 26 Feb 2014 17:19:59 +0000 (17:19 +0000)]
hw/intc/arm_gic: Fix GIC_SET_LEVEL
The GIC_SET_LEVEL macro unfortunately overwrote the entire level
bitmask instead of just or'ing on the necessary bits, causing active
level PPIs on a core to clear PPIs on other cores.
Cc: qemu-stable@nongnu.org
Reported-by: Rob Herring <rob.herring@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id:
1393031030-8692-1-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 26 Feb 2014 17:19:59 +0000 (17:19 +0000)]
target-arm: Load correct access bits from ARMv5 level 2 page table descriptors
In ARMv5 level 2 page table descriptors, each 4K or 64K page is split into
four subpages, each of which can have different access permission settings,
which are specified by four two-bit fields in the l2 descriptor. A
long-standing cut-and-paste error meant we were using the wrong bits in
the virtual address to select the access-permission field for 4K pages.
The error has presumably not been noticed before because most guests don't
make use of the ability to set the access permissions differently for
each 1K subpage: if the guest gives the whole page the same access
permissions it doesn't matter which of the 4 AP fields we select.
(The whole issue is irrelevant for ARMv7 CPUs anyway because subpages
aren't supported there.)
Reported-by: Vivek Rai <Vivek.Rai@emulex.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
1392667690-8731-1-git-send-email-peter.maydell@linaro.org
Peter Maydell [Wed, 26 Feb 2014 17:19:59 +0000 (17:19 +0000)]
hw/arm/musicpal: Remove nonexistent CDTP2, CDTP3 registers
The ethernet device in the musicpal only has two tx queues,
but we modelled it with four CTDP registers, presumably a
cut and paste from the rx queue registers. Since the tx_queue[]
array is only 2 entries long this allowed a guest to overrun
this buffer. Remove the nonexistent registers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
1392737293-10073-1-git-send-email-peter.maydell@linaro.org
Acked-by: Jan Kiszka <jan.kiszka@web.de>
Cc: qemu-stable@nongnu.org
Peter Maydell [Wed, 26 Feb 2014 17:19:58 +0000 (17:19 +0000)]
hw/intc/exynos4210_combiner: Don't overrun output_irq array in init
The Exynos4210 combiner has IIC_NIRQ inputs and IIC_NGRP outputs;
use the correct constant in the loop initializing our output
sysbus IRQs so that we don't overrun the output_irq[] array.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
1392659611-8439-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Andreas Färber <afaerber@suse.de>
Cc: qemu-stable@nongnu.org
Peter Maydell [Wed, 26 Feb 2014 17:19:58 +0000 (17:19 +0000)]
target-arm: Fix incorrect arithmetic constructing short-form PAR for ATS ops
Correct some obviously nonsensical bit manipulation spotted by Coverity
when constructing the short-form PAR value for ATS operations.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
1392659525-8335-1-git-send-email-peter.maydell@linaro.org
Peter Maydell [Wed, 26 Feb 2014 17:19:58 +0000 (17:19 +0000)]
hw/timer/arm_timer: Avoid array overrun for bad addresses
The integrator's timer read/write functions log an error for
bad addresses in guest accesses, but were falling through and
using an out of bounds array index rather than returning early.
Fix this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id:
1392647854-8067-4-git-send-email-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
Peter Maydell [Wed, 26 Feb 2014 17:19:58 +0000 (17:19 +0000)]
hw/net/stellaris_enet: Avoid unintended sign extension
Add a cast to avoid an unintended sign extension that
would mean we returned 0xffffffff in the high 32 bits
for an IA0 read if bit 31 in the MAC address was 1.
(This is harmless since we'll only be doing 4 byte
reads, but it could be confusing, so best avoided.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id:
1392647854-8067-3-git-send-email-peter.maydell@linaro.org
Peter Maydell [Wed, 26 Feb 2014 17:19:57 +0000 (17:19 +0000)]
hw/misc/arm_sysctl: Fix bad boundary check on mb clock accesses
Fix incorrect use of sizeof() rather than ARRAY_SIZE() to guard
accesses into the mb_clock[] array, which was allowing a malicious
guest to overwrite the end of the array.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id:
1392647854-8067-2-git-send-email-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
Peter Crosthwaite [Wed, 26 Feb 2014 00:42:23 +0000 (16:42 -0800)]
xilinx: Delete hw/include/xilinx.h
This is now obsolete - remove the header and all its inclusions.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Peter Crosthwaite [Wed, 26 Feb 2014 00:41:49 +0000 (16:41 -0800)]
xilinx: Inline usages of xilinx_axi*_init()
Inline the only usage of each of xilinx_axiethernet_init and
xilinx_axidma_init. Converts this init to at least a semi-recent QOM
styling.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Peter Crosthwaite [Wed, 26 Feb 2014 00:41:14 +0000 (16:41 -0800)]
xilinx: Inline usage of xilinx_ethlite_create()
Inline the only usage. Converts this init to at least a semi-recent QOM
styling.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Peter Crosthwaite [Wed, 26 Feb 2014 00:40:39 +0000 (16:40 -0800)]
xilinx: Inline usages of xilinx_timer_create()
Inline these usages. Converts these init to at least a semi-recent QOM
styling.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Peter Crosthwaite [Wed, 26 Feb 2014 00:40:04 +0000 (16:40 -0800)]
xilinx: Inline usages of xilinx_intc_create()
Inline these usages. Converts these init to at least a semi-recent QOM
styling.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Peter Crosthwaite [Wed, 26 Feb 2014 00:39:29 +0000 (16:39 -0800)]
microblaze/ml605: Define macros for irq/memory maps
Define (missing) macros for the interrupt and memory maps for the sake
of self documentation.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Peter Crosthwaite [Wed, 26 Feb 2014 00:38:54 +0000 (16:38 -0800)]
ppc/virtex_ml507: Define macros for irq/memory maps
Define macros for the interrupt and memory maps for the sake of self
documentation.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Peter Crosthwaite [Wed, 26 Feb 2014 00:38:19 +0000 (16:38 -0800)]
microblaze/s3adsp_1800: Define macros for irq map
Define macros for the interrupt map for the sake of self documentation.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Paolo Bonzini [Tue, 25 Feb 2014 16:36:55 +0000 (17:36 +0100)]
modules: do not include gmodule-2.0 in static builds
gmodule-2.0's pkg-config files include -Wl,--export-dynamic, which breaks
static builds. It is a glib bug, but we need to support --static builds for
the linux-user targets, and in the end all that is needed to fix this is:
* outlaw --enable-modules --static, which makes little sense anyway
* only include gmodule-2.0's cflags and ldflags if --enable-modules is
specified on the command line.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id:
1393346215-5636-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 25 Feb 2014 15:17:24 +0000 (15:17 +0000)]
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-3' into staging
qxl: add sanity check
# gpg: Signature made Mon 24 Feb 2014 12:01:27 GMT using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/spice/tags/pull-spice-3:
qxl: add sanity check
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / sdk / emulator / qemu.git / log