review.tizen.org Git - sdk/emulator/qemu.git/log

PPC: linux-user: Calculate context pointer explicitly

Peter Maydell recommended the change to be more proper. The result was tested
and shows coming up with the same proper value.

Signed-off-by: Samuel Seay <LightningTH@GMail.com>
[agraf: change subject]
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Error out for -cpu host on unknown PVR

Previously we silently exited, with subclasses we got an opcode warning.
Instead, explicitly tell the user what's wrong.

An indication for this is -cpu ? showing "host" with an all-zero PVR.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Slim conversion of model definitions to QOM subclasses

Since the model list is highly macrofied, keep ppc_def_t for now and
save a pointer to it in PowerPCCPUClass. This results in a flat list of
subclasses including aliases, to be refined later.

Move cpu_ppc_init() to translate_init.c and drop helper.c.
Long-term the idea is to turn translate_init.c into a standalone cpu.c.

Inline cpu_ppc_usable() into type registration.

Split cpu_ppc_register() in two by code movement into the initfn and
by turning the remaining part into a realizefn.
Move qemu_init_vcpu() call into the new realizefn and adapt
create_ppc_opcodes() to return an Error.

Change ppc_find_by_pvr() -> ppc_cpu_class_by_pvr().
Change ppc_find_by_name() -> ppc_cpu_class_by_name().

Turn -cpu host into its own subclass. This requires to move the
kvm_enabled() check in ppc_cpu_class_by_name() to avoid the class being
found via the normal name lookup in the !kvm_enabled() case.
Turn kvmppc_host_cpu_def() into the class_init and add an initfn that
asserts KVM is in fact enabled.

Implement -cpu ? and the QMP equivalent in terms of subclasses.
This newly exposes -cpu host to the user, ordered last for -cpu ?.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Bring EPR support closer to reality

We already used to support the external proxy facility of FSL MPICs,
but only implemented it halfway correctly.

This patch adds support for

* dynamic enablement of the EPR facility
* interrupt acknowledgement only when the interrupt is delivered

This way the implementation now is closer to real hardware.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: KVM: set has-idle in guest device tree

On e500mc, the platform doesn't provide a way for the CPU to go idle.

To still not uselessly burn CPU time, expose an idle hypercall to the guest
if kvm supports it.

Signed-off-by: Stuart Yoder <stuart.yoder@freescale.com>
[agraf: adjust for current code base, add patch description, fix non-kvm case]
Signed-off-by: Alexander Graf <agraf@suse.de>

kvm: Update kernel headers

Corresponding kvm.git hash: 18eb54cf4a

Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: fix CTPR and de-assertion of interrupts

Properly implement level-triggered interrupts by withdrawing an
interrupt from the raised queue if the interrupt source de-asserts.
Also withdraw from the raised queue if the interrupt becomes masked.

When CTPR is written, check whether we need to raise or lower the
interrupt output.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: move IACK to its own function

Besides making the code cleaner, we will need a separate way to access
IACK in order to implement EPR (external proxy) interrupt delivery.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: IRQ_check: search the queue a word at a time

Search the queue more efficiently by first looking for a non-zero word,
and then using the common bit-searching function to find the bit within
the word. It would be even nicer if bitops_ffsl() could be hooked up
to the compiler intrinsic so that bit-searching instructions could be
used, but that's another matter.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: fix sense and priority bits

Previously, the sense and priority bits were masked off when writing
to IVPR, and all interrupts were treated as edge-triggered (despite
the existence of code for handling level-triggered interrupts).

Polarity is implemented only as storage.  We don't simulate the
bad effects that you'd get on real hardware if you set this incorrectly,
but at least the guest sees the right thing when it reads back the register.

Sense now controls level/edge on FSL external interrupts (and all
interrupts on non-FSL MPIC).  FSL internal interrupts do not have a sense
bit (reads as zero), but are level.  FSL timers and IPIs do not have
sense or polarity bits (read as zero), and are edge-triggered.  To
accommodate FSL internal interrupts, QEMU's internal notion of whether an
interrupt is level-triggered is separated from the IVPR bit.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: add some bounds checking for IRQ numbers

The two checks with abort() guard against potential QEMU-internal
problems, but the EOI check stops the guest from causing updates to queue
position -1 and other havoc if it writes EOI with no interrupt in
service.

Signed-off-by: Scott Wood <scottwood@freescale.com>
[agraf: remove hunk in code that didn't get applied yet]
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: use standard bitmap operations

Besides the private implementation being redundant, namespace collisions
prevented the use of other things in bitops.h.

Serialization does get a bit more awkward, unfortunately, since the
standard bitmap operations are "unsigned long" rather than "uint32_t",
though in exchange we will get faster queue lookups on 64-bit hosts once
we search a word at a time.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

Revert "openpic: Accelerate pending irq search"

This reverts commit a9bd83f4c65de0058659ede009fa1a241f379edd.

This counting approach is not robust against setting a bit that
was already set, or clearing a bit that was already clear. Perhaps
that is considered a bug, but besides the lack of any documentation
for that restriction, it's a pretty unpleasant way for the problem
to manifest itself.

It could be made more robust by testing the current value of the
bit before changing the count, but a later patch speeds up IRQ_check
in all cases, not just when there's nothing pending. Hopefully that
should be adequate to address performance concerns.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: always call IRQ_check from IRQ_get_next

Previously the code relied on the queue's "next" field getting
set to -1 sometime between an update to the bitmap, and the next
call to IRQ_get_next. Sometimes this happened after the update.
Sometimes it happened before the check. Sometimes it didn't happen
at all.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic/fsl: critical interrupts ignore mask before v4.1

Signed-off-by: Scott Wood <scottwood@freescale.com>
[agraf: make bool :1]
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: make ctpr signed

Other priorities are signed, so avoid comparisons between
signed and unsigned.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: rework critical interrupt support

Critical interrupts on FSL MPIC are not supposed to pay
attention to priority, IACK, EOI, etc.  On the currently modeled
version it's not supposed to pay attention to the mask bit either.

Also reorganize to make it easier to implement newer FSL MPIC models,
which encode interrupt level information differently and support
mcheck as well as crit, and to reduce problems for later patches
in this set.

Still missing is the ability to lower the CINT signal to the core,
as IACK/EOI is not used.  This will come with general IRQ-source-driven
lowering in the next patch.

New state is added which is not serialized, but instead is recomputed
in openpic_load() by calling the appropriate write_IRQreg function.
This should have the side effect of causing the IRQ outputs to be
raised appropriately on load, which was missing.

The serialization format is altered by swapping ivpr and idr (we'd like
IDR to be restored before we run the IVPR logic), and moving interrupts
to the end (so that other state has been restored by the time we run the
IDR/IVPR logic.  Serialization for this driver is not yet in a state
where backwards compatibility is reasonable (assuming it works at all),
and the current serialization format was not built for extensibility.

Signed-off-by: Scott Wood <scottwood@freescale.com>
[agraf: fix for current code state]
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: make register names correspond better with hw docs

The base openpic specification doesn't provide abbreviated register
names, so it's somewhat understandable that the QEMU code made up
its own, except that most of the names that QEMU used didn't correspond
to the terminology used by any implementation I could find.

In some cases, like PCTP, the phrase "processor current task priority"
could be found in the openpic spec when describing the concept, but
the register itself was labelled "current task priority register"
and every implementation seems to use either CTPR or the full phrase.

In other cases, individual implementations disagree on what to call
the register.  The implementations I have documentation for are
Freescale, Raven (MCP750), and IBM.  The Raven docs tend to not use
abbreviations at all.  The IBM MPIC isn't implemented in QEMU.  Thus,
where there's disagreement I chose to use the Freescale abbreviations.

Signed-off-by: Scott Wood <scottwood@freescale.com>
[agraf: rebase on current state of the code]
Signed-off-by: Alexander Graf <agraf@suse.de>

ppc/booke: fix crit/mcheck/debug exceptions

Book E does not play games with certain bits of xSRR1 being MSR save
bits and others being error status. xSRR1 is the old MSR, period.
This was causing things like MSR[CE] to be lost, even in the saved
version, as soon as you take an exception.

rfci/rfdi/rfmci are fixed to pass the actual xSRR1 register contents,
rather than the register number.

Put FIXME comments on the hack that is "asrr0/1". The whole point of
separate exception levels is so that you can, for example, take a machine
check or debug interrupt without corrupting critical-level operations.
The right xSRR0/1 set needs to be chosen based on CPU type flags.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: lower interrupt when reading the MSI register

This will stop things from breaking once it's properly treated as a
level-triggered interrupt. Note that it's the MPIC's MSI cascade
interrupts that are level-triggered; the individual MSIs are
edge-triggered.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: fix debug prints

Fix various format errors when debug prints are enabled. Also
cause error checking to happen even when debug prints are not
enabled, and consistently use 0x for hex output.

Signed-off-by: Scott Wood <scottwood@freescale.com>
[agraf: adjust for more recent code base, prettify DPRINTF macro]
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: fix segfault in signal handling code

Removed h2g() macro around the ka->_sa_handler due to the _sa_handler being a
guest memory address.

Changed the __put_user to put_user as it was attempting to put a value at the
stack address but the new address is a guest memory address, __put_user is
for host memory addresses.

Signed-off-by: Samuel Seay <LightningTH@GMail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[agraf: change subject line, reformat commit message]
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Reset qemu timers when guest reset

This patch install the timer reset handler. This will be called when
the guest is reset.

Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
[agraf: adjust for QOM'ification]
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: fix coding style issues

This patch fixes the following coding style violations:

- structs have to be typedef and be CamelCase
- if()s are always surrounded by curly braces

Signed-off-by: Alexander Graf <agraf@suse.de>

powerpc: linux header sync script includes epapr_hcalls.h

epapr_hcalls.h is now referenced by kvm_para.h. so this is needed for
QEMU to get compiled on powerpc.

Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: don't crash on a register access without a CPU context

If we access a register via the QEMU memory inspection commands (e.g.
"xp") rather than from guest code, we won't have a CPU context.
Gracefully fail to access the register in that case, rather than
crashing.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: s/opp->nb_irqs -1/opp->nb_cpus - 1/

"opp->nb_irqs-1" would have been a minor coding style error,
but putting in one space but not the other makes it look
confusingly like a numeric literal "-1".

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: BRR1 is not a CPU-specific register.

It's in the address range that normally contains a magic redirection
to the CPU-specific region of the curretn CPU, but it isn't actually
a per-CPU register. On real hardware BRR1 shows up only at 0x40000,
not at 0x60000 or other non-magic per-CPU areas. Plus, this makes
it possible to read the register on the QEMU command line with "xp".

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: support large vectors on FSL mpic

Previously only the spurious vector was sized appropriately
to the openpic model.

Also, instances of "IPVP_VECTOR(opp->spve)" were replace with
just "opp->spve", as opp->spve is already just a vector and not
an IVPR.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: remove pcsr (CPU sensitivity register)

I could not find this register in any spec (FSL, IBM, or OpenPIC)
and the code doesn't do anything with it but initialize, save,
or restore it.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

openpic: symbolicize some magic numbers

Deefine symbolic names for some register bits, and use some that
have already been defined.

Also convert some register values from hex to decimal when it improves
readability.

IPVP_PRIORITY_MASK is corrected from (0x1F << 16) to (0xF << 16), in
conjunction with making wider use of the symbolic name. I looked at
Freescale and IBM MPIC docs and at the base OpenPIC spec, and all three
had priority as 4 bits rather than 5. Plus, the magic nubmer that is
being replaced with symbolic values treated the field as 4 bits wide.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

Revert "virtio-pci: replace byte swap hack"

This reverts commit 9807caccd605d09a72495637959568d690e10175.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

virtio-pci: replace byte swap hack

Remove byte swaps by declaring the config space
as native endian.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

tests: add gcov support

Add support for compiling for GCOV test coverage, enabled
with '--enable-gcov' during configure.

Test coverage will be reported after each test.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

hw/i386: Fix broken build for non POSIX hosts

pc-testdev.c cannot be compiled with MinGW (and other non POSIX hosts):

CC i386-softmmu/hw/i386/../pc-testdev.o
qemu/hw/i386/../pc-testdev.c:38:22: warning: sys/mman.h: file not found
qemu/hw/i386/../pc-testdev.c: In function ‘test_flush_page’:
qemu/hw/i386/../pc-testdev.c:103: warning: implicit declaration of function ‘mprotect’
...

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

softfloat: Implement uint64_to_float128

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

softfloat: Fix uint64_to_float64

The interface to normalizeRoundAndPackFloat64 requires that the
high bit be clear. Perform one shift-right-and-jam if needed.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Merge remote-tracking branch 'stefanha/trivial-patches' into staging

* stefanha/trivial-patches:
  spice: drop incorrect vm_change_state_handler() opaque
  linux-user/syscall.c: remove forward declarations
  hw/mcf5206: Reduce size of lookup table
  Remove --sparc_cpu option from the configure list
  pseries: Remove unneeded include statement (fixes MinGW builds)
  pc_sysfw: Check for qemu_find_file() failure

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Merge remote-tracking branch 'kraxel/testdev.1' into staging

* kraxel/testdev.1:
  pc: remove bochs bios debug ports
  hw: Add test device for unittests execution
  add isa-debug-exit device.
  switch debugcon to memory api

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Merge remote-tracking branch 'kraxel/acpi.2' into staging

* kraxel/acpi.2:
  apci: assign memory regions to ich9 lpc device
  apci: assign memory regions to piix4 acpi device
  acpi: autoload dsdt
  configure: also symlink *.aml files

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

spice: drop incorrect vm_change_state_handler() opaque

The spice_server pointer is a global variable and
vm_change_state_handler() therefore does not use its opaque parameter.

The vm change state handler is added with a pointer to the spice_server
pointer. This is useless and we probably would not want 2 levels of
pointers.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Uri Lublin <uril@redhat.com>

linux-user/syscall.c: remove forward declarations

instead use the correct headers that define these functions.

Requested-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: John Spencer <maillist-qemu@barfooze.de>
Reviewed-by: Amos Kong <kongjianjun@gmail.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

hw/mcf5206: Reduce size of lookup table

This typically reduces the size from 512 bytes to 128 bytes.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Remove --sparc_cpu option from the configure list

commit 9b9c37c36439ee0452632253dac7a31897f27f70 always assume sparcv9,
the others are no longer supported. Remove --sparc_cpu option from the
configure list.

Signed-off-by: Chen Wei-Ren <chenwj@iis.sinica.edu.tw>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

pseries: Remove unneeded include statement (fixes MinGW builds)

sys/mman.h is not needed (tested on Linux) and unavailable for MinGW,
so remove it.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

pc_sysfw: Check for qemu_find_file() failure

pc_fw_add_pflash_drv() ignores qemu_find_file() failure, and happily
creates a drive without a medium.

When pc_system_flash_init() asks for its size, bdrv_getlength() fails
with -ENOMEDIUM, which isn't checked either.  It fails relatively
cleanly only because -ENOMEDIUM isn't a multiple of 4096:

    $ qemu-system-x86_64 -S -vnc :0 -bios nonexistant
    qemu: PC system firmware (pflash) must be a multiple of 0x1000
    [Exit 1 ]

Fix by handling the qemu_find_file() failure.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

pc: remove bochs bios debug ports

Prehistoric leftover, zap it. We poweroff via acpi these days.

And having a port (0x501,0x502) where any random guest write will make
qemu exit -- with no way to turn it off -- is a bad joke anyway.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

hw: Add test device for unittests execution

Add a test device which supports the kvmctl ioports,
so one can run the KVM unittest suite.

Intended Usage:

qemu-system-x86_64 -nographic \
    -device pc-testdev \
    -device isa-debug-exit,iobase=0xf4,iosize=0x04 \
    -kernel /path/to/kvm/unittests/msr.flat

Where msr.flat is one of the KVM unittests, present on a
separate repo,

git://git.kernel.org/pub/scm/virt/kvm/kvm-unit-tests.git

[ kraxel: more memory api + qom fixes ]

CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Lucas Meneghel Rodrigues <lmr@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

add isa-debug-exit device.

When present it makes qemu exit on any write.
Mapped to port 0x501 by default.

Without this patch Anthony doesn't allow me to
remove the bochs bios debug ports because his
test suite uses this.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

switch debugcon to memory api

Also some QOM glue while being at it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

apci: assign memory regions to ich9 lpc device

Get rid of get_system_io() usage.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

apci: assign memory regions to piix4 acpi device

Get rid of get_system_io() usage.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

acpi: autoload dsdt

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

configure: also symlink *.aml files

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

pty: unbreak libvirt

Commit 586502189edf9fd0f89a83de96717a2ea826fdb0 breaks libvirt pty
support because it tried to figure the pts name from stderr output.

Fix this by moving the label to the end of the line, this way the
libvirt parser does still recognise the message. libvirt looks
for "char device redirected to ${ptsname}<whitespace>".

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

dataplane: use linux-headers/ for virtio includes

The hw/dataplane/vring.c code includes linux/virtio_ring.h. Ensure that
we use linux-headers/ instead of the system-wide headers, which may be
out-of-date on older distros.

This resolves the following build error on Debian 6:

CC hw/dataplane/vring.o
cc1: warnings being treated as errors
hw/dataplane/vring.c: In function 'vring_enable_notification':
hw/dataplane/vring.c:71: error: implicit declaration of function 'vring_avail_event'
hw/dataplane/vring.c:71: error: nested extern declaration of 'vring_avail_event'
hw/dataplane/vring.c:71: error: lvalue required as left operand of assignment

Note that we now build dataplane/ for each target instead of only once.
There is no way around this since linux-headers/ is only available for
per-target objects - and it's how virtio, vfio, kvm, and friends are
built.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

configure: Write new file "config-all-disas.mak" when running configure

Incremental builds added new lines to that file each time when configure
was run.

Now a new file with a comment line is written.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

tci: Fix broken builds with TCG interpreter

TCI no longer compiled after commit 76cad71136b7eb371cf2a2a4e1621cfe8d9c769a.

The TCI disassembler depends on data structures which are different for
each QEMU target, so it cannot be compiled as a universal-obj today.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

savevm.c: cleanup system includes

savevm.c suffers from the same problem as some other files.
Some years ago savevm.c was created from vl.c, moving some
code from there into a separate file.  At that time, all
includes were just copied from vl.c to savevm.c, without
checking which ones are needed and which are not.

But actually most of that stuff is _not_ needed.  More, some
stuff is wrong, for example, *BSD #ifdef'ery around <util.h>
vs <libutil.h> - for one, it fails to build on Debian/kFreebsd.

Just remove all this.  Maybe there's a possibility to clean
it up further - like removing <windows.h> (and maybe including
winsock.h for htons etc), and maybe it's possible to remove
some internal #includes too, but I didn't check this.

While at it, remove duplicate #include of qemu/timer.h.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

disallow -daemonize usage of stdio (curses display, -nographic, -serial stdio etc)

Curses display requires stdin/out to stay on the terminal,
so -daemonize makes no sense in this case.  Instead of
leaving display uninitialized like is done since 995ee2bf469de6bb,
explicitly detect this case earlier and error out.

-nographic can actually be used with -daemonize, by redirecting
everything to a null device, but the problem is that according
to documentation and historical behavour, -nographic redirects
guest ports to stdin/out, which, again, makes no sense in case
of -daemonize.  Since -nographic is a legacy option, don't bother
fixing this case (to allow -nographic and -daemonize by redirecting
guest ports to null instead of stdin/out in this case), but disallow
it completely instead, to stop garbling host terminal.

If no display display needed and user wants to use -nographic,
the right way to go is to use
  -serial null -parallel null -monitor none -display none -vga none
instead of -nographic.

Also prevent the same issue -- it was possible to get garbled
host tty after

  -nographic -daemonize

and it is still possible to have it by using

  -serial stdio -daemonize

Fix this by disallowing opening stdio chardev when -daemonize
is specified.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Merge remote-tracking branch 'stefanha/block' into staging

* stefanha/block:
  sheepdog: pass oid directly to send_pending_req()
  sheepdog: don't update inode when create_and_write fails
  block/raw-win32: Fix compiler warnings (wrong format specifiers)
  qemu-img: report size overflow error message
  cutils: change strtosz_suffix_unit function
  virtio-blk: Return UNSUPP for unknown request types
  virtio-blk: add x-data-plane=on|off performance feature
  dataplane: add virtio-blk data plane code
  virtio-blk: restore VirtIOBlkConf->config_wce flag
  iov: add qemu_iovec_concat_iov()
  test-iov: add iov_discard_front/back() testcases
  iov: add iov_discard_front/back() to remove data
  dataplane: add Linux AIO request queue
  dataplane: add event loop
  dataplane: add virtqueue vring code
  dataplane: add host memory mapping code
  configure: add CONFIG_VIRTIO_BLK_DATA_PLANE
  raw-posix: add raw_get_aio_fd() for virtio-blk-data-plane

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

tcg: Remove unneeded assertion

Commit 7f6f0ae5b95adfa76e10eabe2c34424a955fd10c added two assertions.

One of these assertions is not needed:
The pointer ts is never NULL because it is initialized with the
address of an array element.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

sheepdog: pass oid directly to send_pending_req()

Cc: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Liu Yuan <tailai.ly@taobao.com>
Reviewed-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

sheepdog: don't update inode when create_and_write fails

For the error case such as SD_RES_NO_SPACE, we shouldn't update the inode bitmap
to avoid the scenario that the object is allocated but wasn't created at the
server side. This will result in VM's IO error on the failed object.

Cc: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Liu Yuan <tailai.ly@taobao.com>
Reviewed-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block/raw-win32: Fix compiler warnings (wrong format specifiers)

Commit fbcad04d6bfdff937536eb23088a01a280a1a3af added fprintf statements
with wrong format specifiers.

GetLastError() returns a DWORD which is unsigned long, so %lu must be used.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qemu-img: report size overflow error message

qemu-img will complain when qcow or qcow2
size overflow for 64 bits, report the right
message in this condition.

$./qemu-img create -f qcow2 /tmp/foo 0x10000000000000000
before change:
qemu-img: Invalid image size specified! You may use k, M, G or T suffixes for
qemu-img: kilobytes, megabytes, gigabytes and terabytes.

after change:
qemu-img: Image size must be less than 8 EiB!

[Resolved conflict with a9300911 goto removal -- Stefan]

Signed-off-by: liguang <lig.fnst@cn.fujitsu.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

cutils: change strtosz_suffix_unit function

if value to be translated is larger than INT64_MAX,
this function will not be convenient for caller to
be aware of it, so change a little for this.

Signed-off-by: liguang <lig.fnst@cn.fujitsu.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio-blk: Return UNSUPP for unknown request types

Currently, all unknown requests are treated as VIRTIO_BLK_T_IN

Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio-blk: add x-data-plane=on|off performance feature

The virtio-blk-data-plane feature is easy to integrate into
hw/virtio-blk.c. The data plane can be started and stopped similar to
vhost-net.

Users can take advantage of the virtio-blk-data-plane feature using the
new -device virtio-blk-pci,x-data-plane=on property.

The x-data-plane name was chosen because at this stage the feature is
experimental and likely to see changes in the future.

If the VM configuration does not support virtio-blk-data-plane an error
message is printed. Although we could fall back to regular virtio-blk,
I prefer the explicit approach since it prompts the user to fix their
configuration if they want the performance benefit of
virtio-blk-data-plane.

Limitations:
* Only format=raw is supported
* Live migration is not supported
* Block jobs, hot unplug, and other operations fail with -EBUSY
* I/O throttling limits are ignored
* Only Linux hosts are supported due to Linux AIO usage

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

dataplane: add virtio-blk data plane code

virtio-blk-data-plane is a subset implementation of virtio-blk.  It only
handles read, write, and flush requests.  It does this using a dedicated
thread that executes an epoll(2)-based event loop and processes I/O
using Linux AIO.

This approach performs very well but can be used for raw image files
only.  The number of IOPS achieved has been reported to be several times
higher than the existing virtio-blk implementation.

Eventually it should be possible to unify virtio-blk-data-plane with the
main body of QEMU code once the block layer and hardware emulation is
able to run outside the global mutex.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio-blk: restore VirtIOBlkConf->config_wce flag

Two slightly different versions of a patch to conditionally set
VIRTIO_BLK_F_CONFIG_WCE through the "config-wce" qdev property have been
applied (ea776abca and eec7f96c2).  David Gibson
<david@gibson.dropbear.id.au> noticed that the "config-wce"
property is broken as a result and fixed it recently.

The fix sets the host_features VIRTIO_BLK_F_CONFIG_WCE bit from a qdev
property.  Unfortunately, the virtio device then has no chance to test
for the presence of the feature bit during virtio_blk_init().

Therefore, reinstate the VirtIOBlkConf->config_wce flag.  Drop the
duplicate qdev property to set the host_features bit.  The
VirtIOBlkConf->config_wce flag will be used by virtio-blk-data-plane in
a later patch.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

iov: add qemu_iovec_concat_iov()

The qemu_iovec_concat() function copies a subset of a QEMUIOVector.  The
new qemu_iovec_concat_iov() function does the same for a iov/cnt pair.

It is easy to define qemu_iovec_concat() in terms of
qemu_iovec_concat_iov().  The existing code is mostly unchanged, except
for the assertion src->size >= soffset, which cannot be efficiently
checked upfront on a iov/cnt pair.  Instead we assert upon hitting the
end of src with an unsatisfied soffset.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

test-iov: add iov_discard_front/back() testcases

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

iov: add iov_discard_front/back() to remove data

The iov_discard_front/back() functions remove data from the front or
back of the vector. This is useful when peeling off header/footer
structs.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

dataplane: add Linux AIO request queue

The IOQueue has a pool of iocb structs and a function to add new
read/write requests. Multiple requests can be added before calling the
submit function to actually tell the host kernel to begin I/O. This
allows callers to batch requests and submit them in one go.

The actual I/O is performed using Linux AIO.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

dataplane: add event loop

Outside the safety of the global mutex we need to poll on file
descriptors. I found epoll(2) is a convenient way to do that, although
other options could replace this module in the future (such as an
AioContext-based loop or glib's GMainLoop).

One important feature of this small event loop implementation is that
the loop can be terminated in a thread-safe way. This allows QEMU to
stop the data plane thread cleanly.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

dataplane: add virtqueue vring code

The virtio-blk-data-plane cannot access memory using the usual QEMU
functions since it executes outside the global mutex and the memory APIs
are this time are not thread-safe.

This patch introduces a virtqueue module based on the kernel's vhost
vring code. The trick is that we map guest memory ahead of time and
access it cheaply outside the global mutex.

Once the hardware emulation code can execute outside the global mutex it
will be possible to drop this code.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

dataplane: add host memory mapping code

The data plane thread needs to map guest physical addresses to host
pointers.  Normally this is done with cpu_physical_memory_map() but the
function assumes the global mutex is held.  The data plane thread does
not touch the global mutex and therefore needs a thread-safe memory
mapping mechanism.

Hostmem registers a MemoryListener similar to how vhost collects and
pushes memory region information into the kernel.  There is a
fine-grained lock on the regions list which is held during lookup and
when installing a new regions list.

When the physical memory map changes the MemoryListener callbacks are
invoked.  They build up a new list of memory regions which is finally
installed when the list has been completed.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

configure: add CONFIG_VIRTIO_BLK_DATA_PLANE

The virtio-blk-data-plane feature only works with Linux AIO. Therefore
add a ./configure option and necessary checks to implement this
dependency.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

raw-posix: add raw_get_aio_fd() for virtio-blk-data-plane

The raw_get_aio_fd() function allows virtio-blk-data-plane to get the
file descriptor of a raw image file with Linux AIO enabled. This
interface is really a layering violation that can be resolved once the
block layer is able to run outside the global mutex - at that point
virtio-blk-data-plane will switch from custom Linux AIO code to using
the block layer.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge remote-tracking branch 'qemu-kvm/uq/master' into staging

* qemu-kvm/uq/master:
qemu-kvm/pci-assign: 64 bits bar emulation
target-i386: Enabling IA32_TSC_ADJUST for QEMU KVM guest VMs

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Merge remote-tracking branch 'mst/tags/for_anthony' into staging

pci,virtio

This optimizes MSIX handling in virtio-pci.
Also included is pci express capability bugfix.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* mst/tags/for_anthony:
  virtio-pci: don't poll masked vectors
  msix: expose access to masked/pending state
  msi: add API to get notified about pending bit poll
  pcie: Fix bug in pcie_ext_cap_set_next
  virtio: make bindings typesafe

Merge remote-tracking branch 'kraxel/seabios-a810e4e' into staging

* kraxel/seabios-a810e4e:
Update seabios to a810e4e72a0d42c7bc04eda57382f8e019add901

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

pflash_cfi01: Suppress warning when Linux probes for AMD flash

There are several ARM and MIPS boards which are manufactured with
either Intel (pflash_cfi01.c) or AMD (pflash_cfi02.c) flash memory.

The Linux kernel supports both and first probes for AMD flash which
resulted in one or two warnings from the Intel flash emulation:

pflash_write: Unimplemented flash cmd sequence (offset 0000000000000000, wcycle 0x0 cmd 0x0 value 0xf000f0)
pflash_write: Unimplemented flash cmd sequence (offset 0000000000000000, wcycle 0x0 cmd 0x0 value 0xf0)

These warnings confuse users, so suppress them.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: Use EXCP_SC rather than a magic number

From the discussion on the ML [1], the exception limit defined by
magic number 0x100 is actually EXCP_SC defined in cpu.h. Replace the
magic number with EXCP_SC. Remove "#if 1 .. #endif" as well.

[1] http://lists.gnu.org/archive/html/qemu-devel/2012-11/msg03080.html

Signed-off-by: Chen Wei-Ren <chenwj@iis.sinica.edu.tw>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: Make repl_ph to sign extend to target-long

The immediate value is 9bits, should sign-extend to 16bits. The return value to
register should sign-extend to target_long, as Richard says, removing an
unnecessary cast works fun.

Signed-off-by: Dongxue Zhang <elta.era@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Fix my email address

Fix my email address, last time it's wrong.

Signed-off-by: Dongxue Zhang <elta.era@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: Remove semicolon from macro definition

Macro RESTORE_FLUSH_MODE is similar to RESTORE_ROUNDING_MODE
but included a semicolon.

The code which uses that macro also includes a semicolon,
so the result was an empty statement.

Remove the superfluous semicolon from the macro definition.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: Fix for helpers for EXTR_* instructions

The change removes some unnecessary and incorrect code for EXTR_S.H.
Further, it corrects the mask for shift value in the EXTR_ instructions. It also
extends the existing tests so they trigger the issues corrected with the change.

Signed-off-by: Petar Jovanovic <petarj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: Fix incorrect reads and writes to DSPControl register

Upper 4 bits of ccond (bits 31..28 ) of DSPControl register are not used in
the MIPS32 architecture. They are used in the MIPS64 architecture. For MIPS32
these bits must be written as zero, and return zero on read.

The change fixes writes (WRDSP) and reads (RDDSP) to the register. It also fixes
the tests that use these instructions, and makes them smaller and simpler.

Signed-off-by: Petar Jovanovic <petarj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Fix semaphores fallback code

As reported in bug 1087114 the semaphores fallback code is broken which
results in QEMU crashing and making QEMU unusable.

This patch is from Paolo.

This needs to be back ported to the 1.3 stable tree as well.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

tcg-hppa: Fix typo in brcond2

Reported-by: Stuart Brady <sdb@zubnet.me.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

tcg-i386: Perform cmov detection at runtime for 32-bit.

Existing compile-time detection is spotty at best. Convert
it all to runtime detection instead.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

tcg: Add TCGV_IS_UNUSED_*

Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Disable semaphores fallback code for OpenBSD

Disable the semaphores fallback code for OpenBSD as modern OpenBSD
releases now have sem_timedwait().

Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

usb/redirect.c: unbreak compilation due to include/char/char.h

Broken since:

commit 927d4878b0ff319ed87fed9363f314613b0a5ed9
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon Dec 17 18:20:05 2012 +0100

softmmu: move remaining include files to include/ subdirectories

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Merge branch 'qom-cpu' of git://repo.or.cz/qemu/afaerber

* 'qom-cpu' of git://repo.or.cz/qemu/afaerber:
  MAINTAINERS: Include X86CPU in CPU maintenance area
  cpu: Move kvm_run into CPUState
  cpu: Move kvm_state field into CPUState
  ppc_booke: Pass PowerPCCPU to ppc_booke_timers_init()
  ppc4xx_devs: Return PowerPCCPU from ppc4xx_init()
  ppc_booke: Pass PowerPCCPU to {decr,fit,wdt} timer callbacks
  ppc: Pass PowerPCCPU to [h]decr timer callbacks
  ppc: Pass PowerPCCPU to [h]decr callbacks
  ppc: Pass PowerPCCPU to ppc_set_irq()
  kvm: Pass CPUState to kvm_vcpu_ioctl()
  kvm: Pass CPUState to kvm_arch_*
  cpu: Move kvm_fd into CPUState
  qdev-properties.c: Separate core from the code used only by qemu-system-*
  qdev: Coding style fixes
  cpu: Introduce CPUListState struct
  target-alpha: Add support for -cpu ?
  target-alpha: Turn CPU definitions into subclasses
  target-alpha: Avoid leaking the alarm timer over reset
  alpha: Pass AlphaCPU array to Typhoon
  target-alpha: Let cpu_alpha_init() return AlphaCPU

virtio-pci: don't poll masked vectors

At the moment, when irqfd is in use but a vector is masked,
qemu will poll it and handle vector masks in userspace.
Since almost no one ever looks at the pending bits,
it is better to defer this until pending bits
are actually read.
Implement this optimization using the new poll notifier.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

msix: expose access to masked/pending state

For use by poll handler.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

msi: add API to get notified about pending bit poll

Update all users.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>