sdk/emulator/qemu.git
8 years agohmp: fix sendkey out of bounds write (CVE-2015-8619)
Wolfgang Bumiller [Wed, 13 Jan 2016 08:09:58 +0000 (09:09 +0100)]
hmp: fix sendkey out of bounds write (CVE-2015-8619)

When processing 'sendkey' command, hmp_sendkey routine null
terminates the 'keyname_buf' array. This results in an OOB
write issue, if 'keyname_len' was to fall outside of
'keyname_buf' array.

Since the keyname's length is known the keyname_buf can be
removed altogether by adding a length parameter to
index_from_key() and using it for the error output as well.

Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Message-Id: <20160113080958.GA18934@olga>
[Comparison with "<" dumbed down, test for junk after strtoul()
tweaked]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/maxreitz/tags/pull-block-for-peter-2016-02...
Peter Maydell [Tue, 2 Feb 2016 18:04:04 +0000 (18:04 +0000)]
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-for-peter-2016-02-02' into staging

Block patches

# gpg: Signature made Tue 02 Feb 2016 17:23:44 GMT using RSA key ID E838ACAD
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>"

* remotes/maxreitz/tags/pull-block-for-peter-2016-02-02: (50 commits)
  block: qemu-iotests - add test for snapshot, commit, snapshot bug
  block: set device_list.tqe_prev to NULL on BDS removal
  iotests: Add "qemu-img map" test for VMDK extents
  qemu-img: Make MapEntry a QAPI struct
  qemu-img: In "map", use the returned "file" from bdrv_get_block_status
  block: Use returned *file in bdrv_co_get_block_status
  vmdk: Return extent's file in bdrv_get_block_status
  vmdk: Fix calculation of block status's offset
  vpc: Assign bs->file->bs to file in vpc_co_get_block_status
  vdi: Assign bs->file->bs to file in vdi_co_get_block_status
  sheepdog: Assign bs to file in sd_co_get_block_status
  qed: Assign bs->file->bs to file in bdrv_qed_co_get_block_status
  parallels: Assign bs->file->bs to file in parallels_co_get_block_status
  iscsi: Assign bs to file in iscsi_co_get_block_status
  raw: Assign bs to file in raw_co_get_block_status
  qcow2: Assign bs->file->bs to file in qcow2_co_get_block_status
  qcow: Assign bs->file->bs to file in qcow_co_get_block_status
  block: Add "file" output parameter to block status query functions
  block: acquire in bdrv_query_image_info
  iotests: Add test for block jobs and BDS ejection
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoblock: qemu-iotests - add test for snapshot, commit, snapshot bug
Jeff Cody [Tue, 2 Feb 2016 01:33:11 +0000 (20:33 -0500)]
block: qemu-iotests - add test for snapshot, commit, snapshot bug

Signed-off-by: Jeff Cody <jcody@redhat.com>
Message-id: 2dbc05efba2f683cb3aaf71aaa9b776ebf7ec57c.1454376655.git.jcody@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
[Moved test number from 143 to 144]
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoblock: set device_list.tqe_prev to NULL on BDS removal
Jeff Cody [Tue, 2 Feb 2016 01:33:10 +0000 (20:33 -0500)]
block: set device_list.tqe_prev to NULL on BDS removal

This fixes a regression introduced with commit 3f09bfbc7.  Multiple
bugs arise in conjunction with live snapshots and mirroring operations
(which include active layer commit).

After a live snapshot occurs, the active layer and the base layer both
have a non-NULL tqe_prev field in the device_list, although the base
node's tqe_prev field points to a NULL entry.  This non-NULL tqe_prev
field occurs after the bdrv_append() in the external snapshot calls
change_parent_backing_link().

In change_parent_backing_link(), when the previous active layer is
removed from device_list, the device_list.tqe_prev pointer is not
set to NULL.

The operating scheme in the block layer is to indicate that a BDS belongs
in the bdrv_states device_list iff the device_list.tqe_prev pointer
is non-NULL.

This patch does two things:

1.) Introduces a new block layer helper bdrv_device_remove() to remove a
    BDS from the device_list, and
2.) uses that new API, which also fixes the regression once used in
    change_parent_backing_link().

Signed-off-by: Jeff Cody <jcody@redhat.com>
Message-id: 0cd51e11c0666c04ddb7c05293fe94afeb551e89.1454376655.git.jcody@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160202-1' into staging
Peter Maydell [Tue, 2 Feb 2016 17:01:56 +0000 (17:01 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160202-1' into staging

usb: two ehci fixes.

# gpg: Signature made Tue 02 Feb 2016 13:12:00 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-usb-20160202-1:
  ehci: update irq on reset
  usb: check page select value while processing iTD

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoiotests: Add "qemu-img map" test for VMDK extents
Fam Zheng [Tue, 26 Jan 2016 03:59:03 +0000 (11:59 +0800)]
iotests: Add "qemu-img map" test for VMDK extents

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-17-git-send-email-famz@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoqemu-img: Make MapEntry a QAPI struct
Fam Zheng [Tue, 26 Jan 2016 03:59:02 +0000 (11:59 +0800)]
qemu-img: Make MapEntry a QAPI struct

The "flags" bit mask is expanded to two booleans, "data" and "zero";
"bs" is replaced with "filename" string.

Refactor the merge conditions in img_map() into entry_mergeable().

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-16-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoqemu-img: In "map", use the returned "file" from bdrv_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:59:01 +0000 (11:59 +0800)]
qemu-img: In "map", use the returned "file" from bdrv_get_block_status

Now all drivers should return a correct "file", we can make use of it,
even with the recursion into backing chain above.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-15-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoblock: Use returned *file in bdrv_co_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:59:00 +0000 (11:59 +0800)]
block: Use returned *file in bdrv_co_get_block_status

Now that all drivers return the right "file" pointer, we can use it.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1453780743-16806-14-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agovmdk: Return extent's file in bdrv_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:58:59 +0000 (11:58 +0800)]
vmdk: Return extent's file in bdrv_get_block_status

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-13-git-send-email-famz@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agovmdk: Fix calculation of block status's offset
Fam Zheng [Tue, 26 Jan 2016 03:58:58 +0000 (11:58 +0800)]
vmdk: Fix calculation of block status's offset

"offset" is the offset of cluster and sector_num doesn't necessarily
refer to the start of it, it should add index_in_cluster.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-12-git-send-email-famz@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agovpc: Assign bs->file->bs to file in vpc_co_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:58:57 +0000 (11:58 +0800)]
vpc: Assign bs->file->bs to file in vpc_co_get_block_status

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-11-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agovdi: Assign bs->file->bs to file in vdi_co_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:58:56 +0000 (11:58 +0800)]
vdi: Assign bs->file->bs to file in vdi_co_get_block_status

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-10-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agosheepdog: Assign bs to file in sd_co_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:58:55 +0000 (11:58 +0800)]
sheepdog: Assign bs to file in sd_co_get_block_status

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-9-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoqed: Assign bs->file->bs to file in bdrv_qed_co_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:58:54 +0000 (11:58 +0800)]
qed: Assign bs->file->bs to file in bdrv_qed_co_get_block_status

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-8-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoparallels: Assign bs->file->bs to file in parallels_co_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:58:53 +0000 (11:58 +0800)]
parallels: Assign bs->file->bs to file in parallels_co_get_block_status

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-7-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoiscsi: Assign bs to file in iscsi_co_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:58:52 +0000 (11:58 +0800)]
iscsi: Assign bs to file in iscsi_co_get_block_status

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-6-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoraw: Assign bs to file in raw_co_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:58:51 +0000 (11:58 +0800)]
raw: Assign bs to file in raw_co_get_block_status

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-5-git-send-email-famz@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoqcow2: Assign bs->file->bs to file in qcow2_co_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:58:50 +0000 (11:58 +0800)]
qcow2: Assign bs->file->bs to file in qcow2_co_get_block_status

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-4-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoqcow: Assign bs->file->bs to file in qcow_co_get_block_status
Fam Zheng [Tue, 26 Jan 2016 03:58:49 +0000 (11:58 +0800)]
qcow: Assign bs->file->bs to file in qcow_co_get_block_status

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-3-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoblock: Add "file" output parameter to block status query functions
Fam Zheng [Tue, 26 Jan 2016 03:58:48 +0000 (11:58 +0800)]
block: Add "file" output parameter to block status query functions

The added parameter can be used to return the BDS pointer which the
valid offset is referring to. Its value should be ignored unless
BDRV_BLOCK_OFFSET_VALID in ret is set.

Until block drivers fill in the right value, let's clear it explicitly
right before calling .bdrv_get_block_status.

The "bs->file" condition in bdrv_co_get_block_status is kept now to keep iotest
case 102 passing, and will be fixed once all drivers return the right file
pointer.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1453780743-16806-2-git-send-email-famz@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoblock: acquire in bdrv_query_image_info
Paolo Bonzini [Wed, 23 Dec 2015 10:48:23 +0000 (11:48 +0100)]
block: acquire in bdrv_query_image_info

NFS calls aio_poll inside bdrv_get_allocated_size.  This requires
acquiring the AioContext.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1450867706-19860-1-git-send-email-pbonzini@redhat.com
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoiotests: Add test for block jobs and BDS ejection
Max Reitz [Fri, 29 Jan 2016 15:36:16 +0000 (16:36 +0100)]
iotests: Add test for block jobs and BDS ejection

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests: Add test for multiple BB on BDS tree
Max Reitz [Fri, 29 Jan 2016 15:36:15 +0000 (16:36 +0100)]
iotests: Add test for multiple BB on BDS tree

This adds a test for having multiple BlockBackends in one BDS tree. In
this case, there is one BB for the protocol BDS and one BB for the
format BDS in a simple two-BDS tree (with the protocol BDS and BB added
first).

When bdrv_close_all() is executed, no cached data from any BDS should be
lost; the protocol BDS may not be closed until the format BDS is closed.
Otherwise, metadata updates may be lost.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: Rewrite bdrv_close_all()
Max Reitz [Fri, 29 Jan 2016 15:36:14 +0000 (16:36 +0100)]
block: Rewrite bdrv_close_all()

This patch rewrites bdrv_close_all(): Until now, all root BDSs have been
force-closed. This is bad because it can lead to cached data not being
flushed to disk.

Instead, try to make all reference holders relinquish their reference
voluntarily:

1. All BlockBackend users are handled by making all BBs simply eject
   their BDS tree. Since a BDS can never be on top of a BB, this will
   not cause any of the issues as seen with the force-closing of BDSs.
   The references will be relinquished and any further access to the BB
   will fail gracefully.
2. All BDSs which are owned by the monitor itself (because they do not
   have a BB) are relinquished next.
3. Besides BBs and the monitor, block jobs and other BDSs are the only
   things left that can hold a reference to BDSs. After every remaining
   block job has been canceled, there should not be any BDSs left (and
   the loop added here will always terminate (as long as NDEBUG is not
   defined), because either all_bdrv_states will be empty or there will
   not be any block job left to cancel, failing the assertion).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: Add blk_remove_all_bs()
Max Reitz [Fri, 29 Jan 2016 15:36:13 +0000 (16:36 +0100)]
block: Add blk_remove_all_bs()

When bdrv_close_all() is called, instead of force-closing all root
BlockDriverStates, it is better to just drop the reference from all
BlockBackends and let them be closed automatically. This prevents BDS
from getting closed that are still referenced by other BDS, which may
result in loss of cached data.

This patch adds a function for doing that, but does not yet incorporate
it in bdrv_close_all().

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblockdev: Keep track of monitor-owned BDS
Max Reitz [Fri, 29 Jan 2016 15:36:12 +0000 (16:36 +0100)]
blockdev: Keep track of monitor-owned BDS

As a side effect, we can now make x-blockdev-del's check whether a BDS
is actually owned by the monitor explicit.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: Add list of all BlockDriverStates
Max Reitz [Fri, 29 Jan 2016 15:36:11 +0000 (16:36 +0100)]
block: Add list of all BlockDriverStates

We need this list so that bdrv_close_all() can keep track of which BDSs
are still open after having removed the BDSs from all of the BBs and
having released all monitor BDS references.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: Make bdrv_close() static
Max Reitz [Fri, 29 Jan 2016 15:36:10 +0000 (16:36 +0100)]
block: Make bdrv_close() static

There are no users of bdrv_close() left, except for one of bdrv_open()'s
failure paths, bdrv_close_all() and bdrv_delete(), and that is good.
Make bdrv_close() static so nobody makes the mistake of directly using
bdrv_close() again.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblockdev: Use blk_remove_bs() in do_drive_del()
Max Reitz [Fri, 29 Jan 2016 15:36:09 +0000 (16:36 +0100)]
blockdev: Use blk_remove_bs() in do_drive_del()

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: Use blk_remove_bs() in blk_delete()
Max Reitz [Fri, 29 Jan 2016 15:36:08 +0000 (16:36 +0100)]
block: Use blk_remove_bs() in blk_delete()

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: Remove BDS close notifier
Max Reitz [Fri, 29 Jan 2016 15:36:07 +0000 (16:36 +0100)]
block: Remove BDS close notifier

It is unused now, so we can remove it.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agonbd: Switch from close to eject notifier
Max Reitz [Fri, 29 Jan 2016 15:36:06 +0000 (16:36 +0100)]
nbd: Switch from close to eject notifier

The NBD code uses the BDS close notifier to determine when a medium is
ejected. However, now it should use the BB's BDS removal notifier for
that instead of the BDS's close notifier.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agovirtio-scsi: Catch BDS-BB removal/insertion
Max Reitz [Fri, 29 Jan 2016 15:36:05 +0000 (16:36 +0100)]
virtio-scsi: Catch BDS-BB removal/insertion

Make use of the BDS-BB removal and insertion notifiers to remove or set
up, respectively, virtio-scsi's op blockers.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agovirtio-blk: Functions for op blocker management
Max Reitz [Fri, 29 Jan 2016 15:36:04 +0000 (16:36 +0100)]
virtio-blk: Functions for op blocker management

Put the code for setting up and removing op blockers into an own
function, respectively. Then, we can invoke those functions whenever a
BDS is removed from an virtio-blk BB or inserted into it.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: Add BB-BDS remove/insert notifiers
Max Reitz [Fri, 29 Jan 2016 15:36:03 +0000 (16:36 +0100)]
block: Add BB-BDS remove/insert notifiers

bdrv_close() no longer signifies ejection of a medium, this is now done
by removing the BDS from the BB. Therefore, we want to have a notifier
for that in the BB instead of a close notifier in the BDS. The former is
added now, the latter is removed later.

Symmetrically, another notifier list is added that is invoked whenever a
BDS is inserted. We will need that for virtio-blk and virtio-scsi, which
can then remove their op blockers on BDS ejection and set them up on
insertion.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests: Add test for eject under NBD server
Max Reitz [Fri, 29 Jan 2016 15:36:02 +0000 (16:36 +0100)]
iotests: Add test for eject under NBD server

This patch adds a test for ejecting the BlockBackend an NBD server is
connected to (the NBD server is supposed to stop).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: Release named dirty bitmaps in bdrv_close()
Max Reitz [Fri, 29 Jan 2016 15:36:01 +0000 (16:36 +0100)]
block: Release named dirty bitmaps in bdrv_close()

bdrv_delete() is not very happy about deleting BlockDriverStates with
dirty bitmaps still attached to them. In the past, we got around that
very easily by relying on bdrv_close_all() bypassing bdrv_delete(), and
bdrv_close() simply ignoring that condition. We should fix that by
releasing all named dirty bitmaps in bdrv_close() (there should not be
any unnamed bitmaps left) and moving the assertion from bdrv_delete()
there.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: Remove unused struct definition BlockFinishData
Fam Zheng [Thu, 28 Jan 2016 03:57:13 +0000 (11:57 +0800)]
block: Remove unused struct definition BlockFinishData

Unused since 94db6d2d3.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoiotests: Add test for a nonexistent NBD export
Max Reitz [Mon, 25 Jan 2016 18:41:15 +0000 (19:41 +0100)]
iotests: Add test for a nonexistent NBD export

Trying to connect to a nonexistent NBD export should not crash the
server.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests: Make redirecting qemu's stderr optional
Max Reitz [Mon, 25 Jan 2016 18:41:14 +0000 (19:41 +0100)]
iotests: Make redirecting qemu's stderr optional

Redirecting qemu's stderr to stdout makes working with the stderr output
difficult due to the other file descriptor magic performed in
_launch_qemu ("ambiguous redirect").

Add an option which specifies whether stderr should be redirected to
stdout or not (allowing for other modes to be added in the future).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests: Make _filter_nbd support more URL types
Max Reitz [Mon, 25 Jan 2016 18:41:13 +0000 (19:41 +0100)]
iotests: Make _filter_nbd support more URL types

This function should support URLs of the "nbd://" format (without
swallowing the export name), and for "nbd:///" URLs it should replace
"?socket=$TEST_DIR" by "?socket=TEST_DIR" because putting the Unix
socket files into the test directory makes sense.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests: Make _filter_nbd drop log lines
Max Reitz [Mon, 25 Jan 2016 18:41:12 +0000 (19:41 +0100)]
iotests: Make _filter_nbd drop log lines

The NBD log lines ("/your/source/dir/nbd/xyz.c:function():line: error")
should not be converted to empty lines but removed altogether.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests: Move _filter_nbd into common.filter
Max Reitz [Mon, 25 Jan 2016 18:41:11 +0000 (19:41 +0100)]
iotests: Move _filter_nbd into common.filter

_filter_nbd can be useful for other NBD tests, too, therefore it should
reside in common.filter.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests: Change coding style of _filter_nbd in 083
Max Reitz [Mon, 25 Jan 2016 18:41:10 +0000 (19:41 +0100)]
iotests: Change coding style of _filter_nbd in 083

In order to be able to move _filter_nbd to common.filter in the next
patch, its coding style needs to be adapted to that of common.filter.
That means, we have to convert tabs to four spaces, adjust the alignment
of the last line (done with spaces already, assuming one tab equals
eight spaces), fix the line length of the comment, and add a line break
before the opening brace.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests: Rename filter_nbd to _filter_nbd in 083
Max Reitz [Mon, 25 Jan 2016 18:41:09 +0000 (19:41 +0100)]
iotests: Rename filter_nbd to _filter_nbd in 083

In the patch after the next, this function is moved to common.filter.
Therefore, its name should be preceded by an underscore to signify its
global availability.

To keep the code motion patch clean, we cannot rename it in the same
patch, so we need to choose some order of renaming vs. motion. It is
better to keep a supposedly global function used by only a single test
in that test than to keep a supposedly local function in a common* file
and use it from a test, so we should rename the function before moving
it.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agonbd: client_close on error in nbd_co_client_start
Max Reitz [Mon, 25 Jan 2016 18:41:08 +0000 (19:41 +0100)]
nbd: client_close on error in nbd_co_client_start

Use client_close() if an error in nbd_co_client_start() occurs instead
of manually inlining parts of it. This fixes an assertion error on the
server side if nbd_negotiate() fails.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests: Limit supported formats for 118
Max Reitz [Mon, 25 Jan 2016 14:42:56 +0000 (15:42 +0100)]
iotests: Limit supported formats for 118

Image formats used in test 118 need to support image creation.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agovmdk: Fix converting to streamOptimized
Fam Zheng [Mon, 25 Jan 2016 02:26:23 +0000 (10:26 +0800)]
vmdk: Fix converting to streamOptimized

Commit d62d9dc4b8 lifted streamOptimized images's version to 3, but we
now refuse to open version 3 images read-write.  We need to make
streamOptimized an exception to allow converting to it. This fixes the
accidentally broken iotests case 059 for the same reason.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 years agoblock/qapi: Emit tray_open only if there is a tray
Max Reitz [Fri, 29 Jan 2016 19:49:13 +0000 (20:49 +0100)]
block/qapi: Emit tray_open only if there is a tray

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Message-id: 1454096953-31773-5-git-send-email-mreitz@redhat.com

8 years agoRevert "hw/block/fdc: Implement tray status"
Max Reitz [Fri, 29 Jan 2016 19:49:12 +0000 (20:49 +0100)]
Revert "hw/block/fdc: Implement tray status"

This reverts the changes that commit
2e1280e8ff95b3145bc6262accc9d447718e5318 applied to hw/block/fdc.c;
also, an additional case of drv->media_inserted use has crept in since,
which is replaced by a call to blk_is_inserted().

That commit changed tests/fdc-test.c, too, because after it, one less
TRAY_MOVED event would be emitted when executing 'change' on an empty
drive. However, now, no TRAY_MOVED events will be emitted at all, and
the tray_open status returned by query-block will always be false,
necessitating (different) changes to tests/fdc-test.c and iotest 118,
which is why this patch is not a pure revert of said commit.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 1454096953-31773-4-git-send-email-mreitz@redhat.com
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoblockdev: Fix 'change' for slot devices
Max Reitz [Fri, 29 Jan 2016 19:49:11 +0000 (20:49 +0100)]
blockdev: Fix 'change' for slot devices

'change' and related operations did not work when used on guest devices
featuring removable media but no actual tray, because
blk_dev_is_tray_open() always returned false for them and the
blockdev-{insert,remove}-medium commands required it to return true.

Fix this by making blockdev-{insert,remove}-medium work on tray-less
devices. Also, blockdev-{open,close}-tray are now explicitly no-ops when
invoked on such devices, and blk_dev_change_media_cb() is instead
called by blockdev-{insert,remove}-medium (for tray-less devices only).

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Message-id: 1454096953-31773-3-git-send-email-mreitz@redhat.com
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoblock: Add blk_dev_has_tray()
Max Reitz [Fri, 29 Jan 2016 19:49:10 +0000 (20:49 +0100)]
block: Add blk_dev_has_tray()

Pull out the check whether a block device has a tray from
blk_dev_is_tray_open() into its own function so both attributes (whether
there is a tray vs. whether that tray is open) can be queried
independently.

Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Message-id: 1454096953-31773-2-git-send-email-mreitz@redhat.com

8 years agoMerge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-next-2016-02-02...
Peter Maydell [Tue, 2 Feb 2016 15:55:01 +0000 (15:55 +0000)]
Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-next-2016-02-02-1' into staging

Merge qcrypto-next 2016/2/2 v1

# gpg: Signature made Tue 02 Feb 2016 13:13:05 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"

* remotes/berrange/tags/pull-qcrypto-next-2016-02-02-1:
  crypto: ensure qcrypto_hash_digest_len is always defined
  crypto: register properties against the class instead of object
  crypto: fix description of @errp parameter initialization

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20160202-1' into staging
Peter Maydell [Tue, 2 Feb 2016 15:18:39 +0000 (15:18 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20160202-1' into staging

ui: gtk vc fix, adaptive sdl refresh.

# gpg: Signature made Tue 02 Feb 2016 13:06:07 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-ui-20160202-1:
  sdl: shorten the GUI refresh interval when mouse or keyboard is active
  gtk: use qemu_chr_alloc() to allocate CharDriverState

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-audio-20160202-1' into staging
Peter Maydell [Tue, 2 Feb 2016 14:55:01 +0000 (14:55 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-20160202-1' into staging

audio: Clean up includes

# gpg: Signature made Tue 02 Feb 2016 12:58:06 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-audio-20160202-1:
  audio: Clean up includes

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-fwcfg-20160202-1' into staging
Peter Maydell [Tue, 2 Feb 2016 14:27:12 +0000 (14:27 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-fwcfg-20160202-1' into staging

nvme: generate OpenFirmware device path in the "bootorder" fw_cfg file

# gpg: Signature made Tue 02 Feb 2016 12:54:04 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-fwcfg-20160202-1:
  nvme: generate OpenFirmware device path in the "bootorder" fw_cfg file

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/elmarco/tags/ivshmem-pull-request' into staging
Peter Maydell [Tue, 2 Feb 2016 13:31:19 +0000 (13:31 +0000)]
Merge remote-tracking branch 'remotes/elmarco/tags/ivshmem-pull-request' into staging

# gpg: Signature made Tue 02 Feb 2016 12:43:03 GMT using RSA key ID 75969CE5
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>"
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/elmarco/tags/ivshmem-pull-request:
  char: remove qemu_chr_open_eventfd
  ivshmem: use a single eventfd callback, get rid of CharDriver
  ivshmem: generalize ivshmem_setup_interrupts
  ivshmem-test: test both msi & irq cases
  libqos: remove some leaks
  ivshmem-test: leak fixes
  ivshmem: remove redundant assignment, fix crash with msi=off
  ivshmem: no need for opaque argument

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoehci: update irq on reset
Gerd Hoffmann [Tue, 19 Jan 2016 11:44:44 +0000 (12:44 +0100)]
ehci: update irq on reset

After clearing the status register we also have to update the irq line
status.  Otherwise a irq which happends to be pending at reset time
causes a interrupt storm.  And the guest can't stop as the status
register doesn't indicate any pending interrupt.

Both NetBSD and FreeBSD hang on shutdown because of that.

Cc: qemu-stable@nongnu.org
Reported-by: Andrey Korolyov <andrey@xdel.ru>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1453203884-4125-1-git-send-email-kraxel@redhat.com

8 years agousb: check page select value while processing iTD
Prasad J Pandit [Tue, 19 Jan 2016 19:56:46 +0000 (01:26 +0530)]
usb: check page select value while processing iTD

While processing isochronous transfer descriptors(iTD), the page
select(PG) field value could lead to an OOB read access. Add
check to avoid it.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1453233406-12165-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agosdl: shorten the GUI refresh interval when mouse or keyboard is active
Jindřich Makovička [Tue, 12 Jan 2016 19:18:24 +0000 (20:18 +0100)]
sdl: shorten the GUI refresh interval when mouse or keyboard is active

Signed-off-by: Jindřich Makovička <makovick@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agogtk: use qemu_chr_alloc() to allocate CharDriverState
Daniel P. Berrange [Thu, 21 Jan 2016 11:56:26 +0000 (11:56 +0000)]
gtk: use qemu_chr_alloc() to allocate CharDriverState

The gd_vc_handler() callback is using g_malloc0() to
allocate the CharDriverState struct. As a result the
logfd field is getting initialized to 0, instead of
-1 when no logfile is requested.

The result is that when running

 $ qemu-system-i386 -nodefaults -chardev vc,id=mon0 -mon chardev=mon0

qemu duplicates all monitor output to stdout as well
as the GTK window.

Not using qemu_chr_alloc() was already a bug, but harmless
until this commit

  commit d0d7708ba29cbcc343364a46bff981e0ff88366f
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Mon Jan 11 12:44:41 2016 +0000

    qemu-char: add logfile facility to all chardev backends

which exposed the problem as a behaviour regression

Reported-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453377386-10190-1-git-send-email-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agocrypto: ensure qcrypto_hash_digest_len is always defined
Daniel P. Berrange [Fri, 15 Jan 2016 11:23:45 +0000 (11:23 +0000)]
crypto: ensure qcrypto_hash_digest_len is always defined

The qcrypto_hash_digest_len method was accidentally inside
a CONFIG_GNUTLS_HASH block, even though it doesn't depend
on gnutls. Re-arrange it to be unconditionally defined.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
8 years agoaudio: Clean up includes
Peter Maydell [Mon, 18 Jan 2016 17:33:52 +0000 (17:33 +0000)]
audio: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453138432-8324-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agochar: remove qemu_chr_open_eventfd
Marc-André Lureau [Mon, 21 Dec 2015 11:26:51 +0000 (12:26 +0100)]
char: remove qemu_chr_open_eventfd

Broken since d0d7708ba29cbc, since the backend is NULL.

And now no longer needed by ivshmem.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
8 years agoivshmem: use a single eventfd callback, get rid of CharDriver
Marc-André Lureau [Mon, 21 Dec 2015 11:10:13 +0000 (12:10 +0100)]
ivshmem: use a single eventfd callback, get rid of CharDriver

Simplify the interrupt handling by having a single callback on irq&msi
cases. Remove usage of CharDriver, replace it with
qemu_set_fd_handler(). Use event_notifier_test_and_clear() to read the
eventfd.

Before this patch, ivshmem writes the first byte received to
s->intrstatus. But ivshmem_device_spec.txt says "The status register is
set to 1 when an interrupt occurs." Fortunately, the byte usually comes
from another ivshmem device, and those always write 1.

After this commit, follows the specification, set to 1 when an interrupt
occurs.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
8 years agoivshmem: generalize ivshmem_setup_interrupts
Marc-André Lureau [Mon, 21 Dec 2015 11:08:54 +0000 (12:08 +0100)]
ivshmem: generalize ivshmem_setup_interrupts

Call ivshmem_setup_interrupts() with or without MSI, always allocate
msi_vectors that is going to be used in all case in the following patch.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
8 years agoivshmem-test: test both msi & irq cases
Marc-André Lureau [Fri, 18 Dec 2015 17:14:29 +0000 (18:14 +0100)]
ivshmem-test: test both msi & irq cases

Recent commit 660c97ee introduced a regression in irq case, make
sure this code path is also tested.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
8 years agolibqos: remove some leaks
Marc-André Lureau [Fri, 18 Dec 2015 14:13:32 +0000 (15:13 +0100)]
libqos: remove some leaks

qpci_device_find() returns allocated data, don't leak it.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
8 years agoivshmem-test: leak fixes
Marc-André Lureau [Fri, 18 Dec 2015 14:13:59 +0000 (15:13 +0100)]
ivshmem-test: leak fixes

Add a cleanup_vm() function to free QPCIDevice & QPCIBus when cleaning
up the IVState.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
8 years agoivshmem: remove redundant assignment, fix crash with msi=off
Marc-André Lureau [Fri, 18 Dec 2015 14:13:08 +0000 (15:13 +0100)]
ivshmem: remove redundant assignment, fix crash with msi=off

Fix crash when msi=false introduced in 660c97ee (msi_vectors is NULL in
this case)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
8 years agoivshmem: no need for opaque argument
Marc-André Lureau [Fri, 18 Dec 2015 11:20:51 +0000 (12:20 +0100)]
ivshmem: no need for opaque argument

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
8 years agonvme: generate OpenFirmware device path in the "bootorder" fw_cfg file
Laszlo Ersek [Tue, 26 Jan 2016 23:21:23 +0000 (00:21 +0100)]
nvme: generate OpenFirmware device path in the "bootorder" fw_cfg file

Background on QEMU boot indices
-------------------------------

Normally, the "bootindex" property is configured for bootable devices
with:

  DEVICE_instance_init()
    device_add_bootindex_property(..., "bootindex", ...)
      object_property_add(..., device_get_bootindex,
                          device_set_bootindex, ...)

and when the bootindex is set on the QEMU command line, with

  -device DEVICE,...,bootindex=N

the setter that was configured above is invoked:

  device_set_bootindex()
    /* parse boot index */
    visit_type_int32()

    /* verify unicity */
    check_boot_index()

    /* store parsed boot index */
    ...

    /* insert device path to boot order */
    add_boot_device_path()

In the last step, add_boot_device_path() ensures that an OpenFirmware
device path will show up in the "bootorder" fw_cfg file, at a position
corresponding to the device's boot index. Thus guest firmware (SeaBIOS and
OVMF) can try to boot off the device with the right priority.

NVMe boot index
---------------

In QEMU commit 33739c712982,

  nvma: ide: add bootindex to qom property

the following generic setters / getters:
- device_set_bootindex()
- device_get_bootindex()

were open-coded for NVMe, under the names
- nvme_set_bootindex()
- nvme_get_bootindex()

Plus nvme_instance_init() was added to configure the "bootindex" property
manually, designating the open-coded getter & setter, rather than calling
device_add_bootindex_property().

Crucially, nvme_set_bootindex() avoided the final add_boot_device_path()
call. This fact is spelled out in the message of commit 33739c712982, and
it was presumably the entire reason for all of the code duplication.

Now, Vladislav filed an RFE for OVMF
<https://github.com/tianocore/edk2/issues/48>; OVMF should boot off NVMe
devices. It is simple to build edk2's existent NvmExpressDxe driver into
OVMF, but the boot order matching logic in OVMF can only handle NVMe if
the "bootorder" fw_cfg file includes such devices.

Therefore this patch converts the NVMe device model to
device_set_bootindex() all the way.

Device paths
------------

device_set_bootindex() accepts an optional parameter called "suffix". When
present, it is expected to take the form of an OpenFirmware device path
node, and it gets appended as last node to the otherwise auto-generated
OFW path.

For NVMe, the auto-generated part is

  /pci@i0cf8/pci8086,5845@6[,1]
       ^     ^            ^  ^
       |     |            PCI slot and (present when nonzero)
       |     |            function of the NVMe controller, both hex
       |     "driver name" component, built from PCI vendor & device IDs
       PCI root at system bus port, PIO

to which here we append the suffix

  /namespace@1,0
             ^ ^
             | big endian (MSB at lowest address) numeric interpretation
             | of the 64-bit IEEE Extended Unique Identifier, aka EUI-64,
             | hex
             32-bit NVMe namespace identifier, aka NSID, hex

resulting in the OFW device path

  /pci@i0cf8/pci8086,5845@6[,1]/namespace@1,0

The reason for including the NSID and the EUI-64 is that an NVMe device
can in theory produce several different namespaces (distinguished by
NSID). Additionally, each of those may (optionally) have an EUI-64 value.

For now, QEMU only provides namespace 1.

Furthermore, QEMU doesn't even represent the EUI-64 as a standalone field;
it is embedded (and left unused) inside the "NvmeIdNs.res30" array, at the
last eight bytes. (Which is fine, since EUI-64 can be left zero-filled if
unsupported by the device.)

Based on the above, we set the "unit address" part of the last
("namespace") node to fixed "1,0".

OVMF will then map the above OFW device path to the following UEFI device
path fragment, for boot order processing:

  PciRoot(0x0)/Pci(0x6,0x1)/NVMe(0x1,00-00-00-00-00-00-00-00)
          ^        ^   ^    ^    ^   ^
          |        |   |    |    |   octets of the EUI-64 in address order
          |        |   |    |    NSID
          |        |   |    NVMe namespace messaging device path node
          |        PCI slot and function
          PCI root bridge

Cc: Keith Busch <keith.busch@intel.com> (supporter:nvme)
Cc: Kevin Wolf <kwolf@redhat.com> (supporter:Block layer core)
Cc: qemu-block@nongnu.org (open list:nvme)
Cc: Gonglei <arei.gonglei@huawei.com>
Cc: Vladislav Vovchenko <vladislav.vovchenko@sk.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Keith Busch <keith.busch@intel.com>
Tested-by: Vladislav Vovchenko <vladislav.vovchenko@sk.com>
Message-id: 1453850483-27511-1-git-send-email-lersek@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160201' into staging
Peter Maydell [Tue, 2 Feb 2016 09:13:10 +0000 (09:13 +0000)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160201' into staging

ppc patch queue for 2016-02-01

Currently accumulated patches for target-ppc, pseries machine type and
related devices.
  * Cleanup of error handling code in spapr
  * A number of fixes for Macintosh devices for the benefit of MacOS 9 and X
  * Remove some abuses of the RTAS memory access functions in spapr
  * Fixes for the gdbstub (and monitor debug) for VMX and VSX extensions.
  * Fix pseries machine hotplug memory under TCG
  * Clean up and extend handling of multiple page sizes with 64-bit hash MMUs
  * Fix to the TCG implementation of mcrfs

# gpg: Signature made Mon 01 Feb 2016 02:28:34 GMT using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.6-20160201: (40 commits)
  target-ppc: mcrfs should always update FEX/VX and only clear exception bits
  target-ppc: Make every FPSCR_ macro have a corresponding FP_ macro
  target-ppc: Allow more page sizes for POWER7 & POWER8 in TCG
  target-ppc: Helper to determine page size information from hpte alone
  target-ppc: Add new TLB invalidate by HPTE call for hash64 MMUs
  target-ppc: Split 44x tlbiva from ppc_tlb_invalidate_one()
  target-ppc: Remove unused mmu models from ppc_tlb_invalidate_one
  target-ppc: Use actual page size encodings from HPTE
  target-ppc: Rework SLB page size lookup
  target-ppc: Rework ppc_store_slb
  target-ppc: Convert mmu-hash{32,64}.[ch] from CPUPPCState to PowerPCCPU
  target-ppc: Remove unused kvmppc_read_segment_page_sizes() stub
  uninorth.c: add support for UniNorth kMacRISCPCIAddressSelect (0x48) register
  cuda.c: return error for unknown commands
  pseries: Allow TCG h_enter to work with hotplugged memory
  target-ppc: gdbstub: Add VSX support
  target-ppc: gdbstub: fix spe registers for little-endian guests
  target-ppc: gdbstub: fix altivec registers for little-endian guests
  target-ppc: gdbstub: introduce avr_need_swap()
  target-ppc: gdbstub: fix float registers for little-endian guests
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agocrypto: register properties against the class instead of object
Daniel P. Berrange [Mon, 24 Aug 2015 17:46:57 +0000 (18:46 +0100)]
crypto: register properties against the class instead of object

This converts the tlscredsx509, tlscredsanon and secret objects
to register their properties against the class rather than object.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
8 years agocrypto: fix description of @errp parameter initialization
Daniel P. Berrange [Wed, 13 Jan 2016 12:22:33 +0000 (12:22 +0000)]
crypto: fix description of @errp parameter initialization

The "Error **errp" parameters must be NULL initialized
not uninitialized.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
8 years agotarget-ppc: mcrfs should always update FEX/VX and only clear exception bits
James Clarke [Fri, 29 Jan 2016 18:40:21 +0000 (18:40 +0000)]
target-ppc: mcrfs should always update FEX/VX and only clear exception bits

Here is the description of the mcrfs instruction from the PowerPC Architecture
Book, Version 2.02, Book I: PowerPC User Instruction Set Architecture
(http://www.ibm.com/developerworks/systems/library/es-archguide-v2.html), found
on page 120:

    The contents of FPSCR field BFA are copied to Condition Register field BF.
    All exception bits copied are set to 0 in the FPSCR. If the FX bit is
    copied, it is set to 0 in the FPSCR.

    Special Registers Altered:
        CR field BF
        FX OX                        (if BFA=0)
        UX ZX XX VXSNAN              (if BFA=1)
        VXISI VXIDI VXZDZ VXIMZ      (if BFA=2)
        VXVC                         (if BFA=3)
        VXSOFT VXSQRT VXCVI          (if BFA=5)

However, currently every bit in FPSCR field BFA is set to 0, including ones not
on that list.

This can be seen in the following simple C program:

    #include <fenv.h>
    #include <stdio.h>

    int main(int argc, char **argv) {
        int ret;
        ret = fegetround();
        printf("Current rounding: %d\n", ret);
        ret = fesetround(FE_UPWARD);
        printf("Setting to FE_UPWARD (%d): %d\n", FE_UPWARD, ret);
        ret = fegetround();
        printf("Current rounding: %d\n", ret);
        ret = fegetround();
        printf("Current rounding: %d\n", ret);
        return 0;
    }

which gave the output (before this commit):

    Current rounding: 0
    Setting to FE_UPWARD (2): 0
    Current rounding: 2
    Current rounding: 0

instead of (after this commit):

    Current rounding: 0
    Setting to FE_UPWARD (2): 0
    Current rounding: 2
    Current rounding: 2

The relevant disassembly is in fegetround(), which, on my system, is:

    __GI___fegetround:
    <+0>:   mcrfs  cr7, cr7
    <+4>:   mfcr   r3
    <+8>:   clrldi r3, r3, 62
    <+12>:  blr

What happens is that, the first time fegetround() is called, FPSCR field 7 is
retrieved. However, because of the bug in mcrfs, the entirety of field 7 is set
to 0, which includes the rounding mode.

There are other issues this will fix, such as condition flags not persisting
when they should if read, and if you were to read a specific field with some
exception bits set, but no others were set in the entire register, then the
bits would be cleared correctly, but FEX/VX would not be updated to 0 as they
should be.

Signed-off-by: James Clarke <jrtc27@jrtc27.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agotarget-ppc: Make every FPSCR_ macro have a corresponding FP_ macro
James Clarke [Sun, 24 Jan 2016 15:41:25 +0000 (15:41 +0000)]
target-ppc: Make every FPSCR_ macro have a corresponding FP_ macro

Signed-off-by: James Clarke <jrtc27@jrtc27.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agotarget-ppc: Allow more page sizes for POWER7 & POWER8 in TCG
David Gibson [Fri, 15 Jan 2016 06:54:42 +0000 (17:54 +1100)]
target-ppc: Allow more page sizes for POWER7 & POWER8 in TCG

Now that the TCG and spapr code has been extended to allow (semi-)
arbitrary page encodings in the CPU's 'sps' table, we can add the many
page sizes supported by real POWER7 and POWER8 hardware that we previously
didn't support in TCG.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
8 years agotarget-ppc: Helper to determine page size information from hpte alone
David Gibson [Wed, 27 Jan 2016 01:01:20 +0000 (12:01 +1100)]
target-ppc: Helper to determine page size information from hpte alone

h_enter() in the spapr code needs to know the page size of the HPTE it's
about to insert.  Unlike other paths that do this, it doesn't have access
to the SLB, so at the moment it determines this with some open-coded
tests which assume POWER7 or POWER8 page size encodings.

To make this more flexible add ppc_hash64_hpte_page_shift_noslb() to
determine both the "base" page size per segment, and the individual
effective page size from an HPTE alone.

This means that the spapr code should now be able to handle any page size
listed in the env->sps table.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
8 years agotarget-ppc: Add new TLB invalidate by HPTE call for hash64 MMUs
David Gibson [Fri, 15 Jan 2016 05:12:09 +0000 (16:12 +1100)]
target-ppc: Add new TLB invalidate by HPTE call for hash64 MMUs

When HPTEs are removed or modified by hypercalls on spapr, we need to
invalidate the relevant pages in the qemu TLB.

Currently we do that by doing some complicated calculations to work out the
right encoding for the tlbie instruction, then passing that to
ppc_tlb_invalidate_one()... which totally ignores the argument and flushes
the whole tlb.

Avoid that by adding a new flush-by-hpte helper in mmu-hash64.c.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
8 years agotarget-ppc: Split 44x tlbiva from ppc_tlb_invalidate_one()
David Gibson [Wed, 27 Jan 2016 23:31:04 +0000 (10:31 +1100)]
target-ppc: Split 44x tlbiva from ppc_tlb_invalidate_one()

Currently both the tlbiva instruction (used on 44x chips) and the tlbie
instruction (used on hash MMU chips) are both handled via
ppc_tlb_invalidate_one().  This is silly, because they're invoked from
different places, and do different things.

Clean this up by separating out the tlbiva instruction into its own
handling.  In fact the implementation is only a stub anyway.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
8 years agotarget-ppc: Remove unused mmu models from ppc_tlb_invalidate_one
David Gibson [Sat, 30 Jan 2016 12:49:22 +0000 (23:49 +1100)]
target-ppc: Remove unused mmu models from ppc_tlb_invalidate_one

ppc_tlb_invalidate_one() has a big switch handling many different MMU
types.  However, most of those branches can never be reached:

It is called from 3 places: from remove_hpte() and h_protect() in
spapr_hcall.c (which always has a 64-bit hash MMU type), and from
helper_tlbie() in mmu_helper.c.

Calls to helper_tlbie() are generated from gen_tlbiel, gen_tlbiel and
gen_tlbiva.  The first two are only used with the PPC_MEM_TLBIE flag,
set only with 32-bit or 64-bit hash MMU models, and gen_tlbiva() is
used only on 440 and 460 models with the BookE mmu model.

These means the exhaustive list of MMU types which may call
ppc_tlb_invalidate_one() is: POWERPC_MMU_SOFT_6xx, POWERPC_MMU_601,
POWERPC_MMU_32B, POWERPC_MMU_SOFT_74xx, POWERPC_MMU_64B, POWERPC_MMU_2_03,
POWERPC_MMU_2_06, POWERPC_MMU_2_07 and POWERPC_MMU_BOOKE.

Clean up by removing logic for all other MMU types from
ppc_tlb_invalidate_one().

This means that ppc4xx_tlb_invalidate_virt() now has no callers, or rather,
makes it obvious that it has no callers.  So, we remove that function as
well.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agotarget-ppc: Use actual page size encodings from HPTE
David Gibson [Wed, 27 Jan 2016 00:39:15 +0000 (11:39 +1100)]
target-ppc: Use actual page size encodings from HPTE

At present the 64-bit hash MMU code uses information from the SLB to
determine the page size of a translation.  We do need that information to
correctly look up the hash table.  However the MMU also allows a
possibly larger page size to be encoded into the HPTE itself, which is used
to populate the TLB.  At present qemu doesn't check that, and so doesn't
support the MPSS "Multiple Page Size per Segment" feature.

This makes a start on allowing this, by adding an hpte_page_shift()
function which looks up the page size of an HPTE.  We use this to validate
page sizes encodings on faults, and populate the qemu TLB with larger
page sizes when appropriate.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
8 years agotarget-ppc: Rework SLB page size lookup
David Gibson [Wed, 27 Jan 2016 00:52:57 +0000 (11:52 +1100)]
target-ppc: Rework SLB page size lookup

Currently, the ppc_hash64_page_shift() function looks up a page size based
on information in an SLB entry.  It open codes the bit translation for
existing CPUs, however different CPU models can have different SLB
encodings.  We already store those in the 'sps' table in CPUPPCState, but
we don't currently enforce that that actually matches the logic in
ppc_hash64_page_shift.

This patch reworks lookup of page size from SLB in several ways:
  * ppc_store_slb() will now fail (triggering an illegal instruction
    exception) if given a bad SLB page size encoding
  * On success ppc_store_slb() stores a pointer to the relevant entry in
    the page size table in the SLB entry.  This is looked up directly from
    the published table of page size encodings, so can't get out ot sync.
  * ppc_hash64_htab_lookup() and others now use this precached page size
    information rather than decoding the SLB values
  * Now that callers have easy access to the page_shift,
    ppc_hash64_pte_raddr() amounts to just a deposit64(), so remove it and
    have the callers use deposit64() directly.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
8 years agotarget-ppc: Rework ppc_store_slb
David Gibson [Wed, 27 Jan 2016 00:07:29 +0000 (11:07 +1100)]
target-ppc: Rework ppc_store_slb

ppc_store_slb updates the SLB for PPC cpus with 64-bit hash MMUs.
Currently it takes two parameters, which contain values encoded as the
register arguments to the slbmte instruction, one register contains the
ESID portion of the SLBE and also the slot number, the other contains the
VSID portion of the SLBE.

We're shortly going to want to do some SLB updates from other code where
it is more convenient to supply the slot number and ESID separately, so
rework this function and its callers to work this way.

As a bonus, this slightly simplifies the emulation of segment registers for
when running a 32-bit OS on a 64-bit CPU.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
8 years agotarget-ppc: Convert mmu-hash{32,64}.[ch] from CPUPPCState to PowerPCCPU
David Gibson [Thu, 14 Jan 2016 04:33:27 +0000 (15:33 +1100)]
target-ppc: Convert mmu-hash{32,64}.[ch] from CPUPPCState to PowerPCCPU

Like a lot of places these files include a mixture of functions taking
both the older CPUPPCState *env and newer PowerPCCPU *cpu.  Move a step
closer to cleaning this up by standardizing on PowerPCCPU, except for the
helper_* functions which are called with the CPUPPCState * from tcg.

Callers and some related functions are updated as well, the boundaries of
what's changed here are a bit arbitrary.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
8 years agotarget-ppc: Remove unused kvmppc_read_segment_page_sizes() stub
David Gibson [Wed, 13 Jan 2016 01:15:22 +0000 (12:15 +1100)]
target-ppc: Remove unused kvmppc_read_segment_page_sizes() stub

This stub function is in the !KVM ifdef in target-ppc/kvm_ppc.h.  However
no such function exists on the KVM side, or is ever used.

I think this originally referenced a function which read host page size
information from /proc, for we we now use the KVM GET_SMMU_INFO extension
instead.

In any case, it has no function now, so remove it.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
8 years agouninorth.c: add support for UniNorth kMacRISCPCIAddressSelect (0x48) register
Programmingkid [Fri, 22 Jan 2016 16:09:23 +0000 (11:09 -0500)]
uninorth.c: add support for UniNorth kMacRISCPCIAddressSelect (0x48) register

Darwin/OS X use the undocumented kMacRISCPCIAddressSelect (0x48) to
configure PCI memory space size for mac99 machines. Without this
register, warnings similar to below are emitted to the console during boot:

AppleMacRiscPCI: bad range 2(80000000:01000000)
AppleMacRiscPCI: bad range 2(81000000:00001000)
AppleMacRiscPCI: bad range 2(81080000:00080000)

Based upon the algorithm in Darwin's AppleMacRiscPCI.cpp driver, set the
kMacRISCPCIAddressSelect register so that Darwin considers the PCI
memory space to be at 0x80000000 (size 0x10000000) which matches that
currently used by QEMU and OpenBIOS.

Signed-off-by: John Arbuckle <programmingkidx@gmail.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
[commit message and comment revised as suggested by Mark Cave-Ayland]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agocuda.c: return error for unknown commands
Alyssa Milburn [Fri, 22 Jan 2016 23:07:24 +0000 (23:07 +0000)]
cuda.c: return error for unknown commands

This avoids MacsBug hanging at startup in the absence of ADB mouse
input, by replying with an error (which is also what MOL does) when
it sends an unknown command (0x1c).

Signed-off-by: Alyssa Milburn <fuzzie@fuzzie.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agopseries: Allow TCG h_enter to work with hotplugged memory
David Gibson [Thu, 21 Jan 2016 03:48:43 +0000 (14:48 +1100)]
pseries: Allow TCG h_enter to work with hotplugged memory

The implementation of the H_ENTER hypercall for PAPR guests needs to
enforce correct access attributes on the inserted HPTE.  This means
determining if the HPTE's real address is a regular RAM address (which
requires attributes for coherent access) or an IO address (which requires
attributes for cache-inhibited access).

At the moment this check is implemented with (raddr < machine->ram_size),
but that only handles addresses in the base RAM area, not any hotplugged
RAM.

This patch corrects the problem with a new helper.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
8 years agotarget-ppc: gdbstub: Add VSX support
Anton Blanchard [Fri, 15 Jan 2016 15:00:51 +0000 (16:00 +0100)]
target-ppc: gdbstub: Add VSX support

Add the XML and functions to get and set VSX registers.

Signed-off-by: Anton Blanchard <anton@samba.org>
(fixed little-endian guests)
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agotarget-ppc: gdbstub: fix spe registers for little-endian guests
Greg Kurz [Fri, 15 Jan 2016 15:00:44 +0000 (16:00 +0100)]
target-ppc: gdbstub: fix spe registers for little-endian guests

Let's reuse the ppc_maybe_bswap_register() helper, like we already do
with the general registers.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agotarget-ppc: gdbstub: fix altivec registers for little-endian guests
Greg Kurz [Fri, 15 Jan 2016 15:00:38 +0000 (16:00 +0100)]
target-ppc: gdbstub: fix altivec registers for little-endian guests

Altivec registers are 128-bit wide. They are stored in memory as two
64-bit values that must be byteswapped when the guest is little-endian.
Let's reuse the ppc_maybe_bswap_register() helper for this.

We also need to fix the ordering of the 64-bit elements according to
the target endianness, for both system and user mode.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agotarget-ppc: gdbstub: introduce avr_need_swap()
Greg Kurz [Fri, 15 Jan 2016 15:00:31 +0000 (16:00 +0100)]
target-ppc: gdbstub: introduce avr_need_swap()

This helper will be used to support Altivec registers in little-endian guests.
This patch does not change functionnality.

Note: I had to put the helper some lines away from the gdb_*_avr_reg()
routines to get a more readable patch.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agotarget-ppc: gdbstub: fix float registers for little-endian guests
Greg Kurz [Fri, 15 Jan 2016 15:00:25 +0000 (16:00 +0100)]
target-ppc: gdbstub: fix float registers for little-endian guests

Let's reuse the ppc_maybe_bswap_register() helper, like we already do
with the general registers.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agotarget-ppc: rename and export maybe_bswap_register()
Greg Kurz [Fri, 15 Jan 2016 15:00:18 +0000 (16:00 +0100)]
target-ppc: rename and export maybe_bswap_register()

This helper will be used to support FP, Altivec and VSX registers when
the guest is little-endian.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agotarget-ppc: kvm: fix floating point registers sync on little-endian hosts
Greg Kurz [Fri, 15 Jan 2016 15:00:12 +0000 (16:00 +0100)]
target-ppc: kvm: fix floating point registers sync on little-endian hosts

On VSX capable CPUs, the 32 FP registers are mapped to the high-bits
of the 32 first VSX registers. So if you have:

VSR31 = (uint128) 0x0102030405060708090a0b0c0d0e0f00

then

FPR31 = (uint64) 0x0102030405060708

The kernel stores the VSX registers in the fp_state struct following the
host endian element ordering.

On big-endian:

fp_state.fpr[31][0] = 0x0102030405060708
fp_state.fpr[31][1] = 0x090a0b0c0d0e0f00

On little-endian:

fp_state.fpr[31][0] = 0x090a0b0c0d0e0f00
fp_state.fpr[31][1] = 0x0102030405060708

The KVM_GET_ONE_REG and KVM_SET_ONE_REG ioctls preserve this ordering, but
QEMU considers it as big-endian and always copies element [0] to the
fpr[] array and element [1] to the vsr[] array. This does not work with
little-endian hosts, and you will get:

(qemu) p $f31
0x90a0b0c0d0e0f00

instead of:

(qemu) p $f31
0x102030405060708

This patch fixes the element ordering for little-endian hosts.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agopseries: Clean up error reporting in htab migration functions
David Gibson [Wed, 20 Jan 2016 01:59:05 +0000 (12:59 +1100)]
pseries: Clean up error reporting in htab migration functions

The functions for migrating the hash page table on pseries machine type
(htab_save_setup() and htab_load()) can report some errors with an
explicit fprintf() before returning an appropriate error code.  Change some
of these to use error_report() instead. htab_save_setup() is omitted for
now to avoid conflicts with some other in-progress work.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
8 years agopseries: Clean up error reporting in ppc_spapr_init()
David Gibson [Wed, 20 Jan 2016 01:58:55 +0000 (12:58 +1100)]
pseries: Clean up error reporting in ppc_spapr_init()

This function includes a number of explicit fprintf()s for errors.
Change these to use error_report() instead.

Also replace the single exit(EXIT_FAILURE) with an explicit exit(1), since
the latter is the more usual idiom in qemu by a large margin.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>