Michael Tokarev [Tue, 10 Feb 2015 19:40:47 +0000 (22:40 +0300)]
qemu-options: fix/document -incoming options
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Gabriel L. Somlo [Thu, 5 Feb 2015 16:45:30 +0000 (11:45 -0500)]
smbios: document cmdline options for smbios type 2-4, 17 structures
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Borislav Petkov [Sun, 8 Feb 2015 12:14:38 +0000 (13:14 +0100)]
memsave: Improve and disambiguate error message
When requesting a size which cannot be read, the error message shows
a different address which is misleading to the user and it looks like
something's wrong with the address parsing. This is because the input
@addr variable is incremented in the memory dumping loop:
(qemu) memsave 0xffffffff8418069c 0xb00000 mem
Invalid addr 0xffffffff849ffe9c specified
Fix that by saving the original address and size and use them in the
error message:
(qemu) memsave 0xffffffff8418069c 0xb00000 mem
Invalid addr 0xffffffff8418069c/size
11534336 specified
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Markus Armbruster [Wed, 21 Jan 2015 13:18:37 +0000 (14:18 +0100)]
xilinx_ethlite: Clean up after commit 2f991ad
The "fall through" added by the commit is clearly intentional. Mark
it so. Hushes up Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Gonglei [Tue, 10 Feb 2015 07:51:23 +0000 (15:51 +0800)]
xen-pt: fix Out-of-bounds read
The array length of s->real_device.io_regions[] is
"PCI_NUM_REGIONS - 1".
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Gonglei [Tue, 10 Feb 2015 07:51:22 +0000 (15:51 +0800)]
xen-pt: fix Negative array index read
Coverity spot:
Function xen_pt_bar_offset_to_index() may return a negative
value (-1) which is used as an index to d->io_regions[] down
the line.
Let's pass index directly as an argument to
xen_pt_bar_reg_parse().
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Mon, 9 Mar 2015 14:04:14 +0000 (14:04 +0000)]
Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging
Patch queue for ppc - 2015-03-09
This is my current patch queue for 2.3. Highlights include:
* pseries: 2.3 machine
* pseries: Export RTC via QOM
* pseries: EEH support
* mac: save/restore support
* fix POWER5 hosts
* random bug fixes
# gpg: Signature made Mon Mar 9 14:00:53 2015 GMT using RSA key ID
03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg: aka "Alexander Graf <alex@csgraf.de>"
* remotes/agraf/tags/signed-ppc-for-upstream: (38 commits)
target-ppc: Fix warnings from Sparse
sPAPR: Implement sPAPRPHBClass EEH callbacks
sPAPR: Implement EEH RTAS calls
target-ppc: Add versions to server CPU descriptions
PPC: Introduce the Virtual Time Base (VTB) SPR register
PPC: Remove duplicate OPENPIC defines in default-configs
ppc64-softmmu: Remove duplicated OPENPIC from config
Revert "default-configs/ppc64: add all components of i82378 SuperIO chip used by prep"
spapr_vio: Convert to realize()
openpic: convert to vmstate
openpic: switch IRQQueue queue from inline to bitmap
openpic: fix up loadvm under -M mac99
openpic: fix segfault on -M mac99 savevm
target-ppc: force update of msr bits in cpu_post_load
target-ppc: move sdr1 value change detection logic to helper_store_sdr1()
cuda.c: include adb_poll_timer in VMStateDescription
adb.c: include ADBDevice parent state in KBDState and MouseState
macio.c: include parent PCIDevice state in VMStateDescription
display cpu id dump state
Openpic: check that cpu id is within the number of cpus
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Weil [Sat, 7 Mar 2015 22:16:38 +0000 (23:16 +0100)]
target-ppc: Fix warnings from Sparse
Sparse report:
target-ppc/mmu-hash64.c:353:9: warning: returning void-valued expression
target-ppc/mmu-hash64.c:620:9: warning: returning void-valued expression
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Gavin Shan [Fri, 20 Feb 2015 04:58:53 +0000 (15:58 +1100)]
sPAPR: Implement sPAPRPHBClass EEH callbacks
The patch implements sPAPRPHBClass EEH callbacks so that the EEH
RTAS requests can be routed to VFIO for further handling.
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Gavin Shan [Fri, 20 Feb 2015 04:58:52 +0000 (15:58 +1100)]
sPAPR: Implement EEH RTAS calls
The emulation for EEH RTAS requests from guest isn't covered
by QEMU yet and the patch implements them.
The patch defines constants used by EEH RTAS calls and adds
callbacks sPAPRPHBClass::{eeh_set_option, eeh_get_state, eeh_reset,
eeh_configure}, which are going to be used as follows:
* RTAS calls are received in spapr_pci.c, sanity check is done
there.
* RTAS handlers handle what they can. If there is something it
cannot handle and the corresponding sPAPRPHBClass callback is
defined, it is called.
* Those callbacks are only implemented for VFIO now. They do ioctl()
to the IOMMU container fd to complete the calls. Error codes from
that ioctl() are transferred back to the guest.
[aik: defined RTAS tokens for EEH RTAS calls]
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexey Kardashevskiy [Wed, 4 Mar 2015 01:31:26 +0000 (12:31 +1100)]
target-ppc: Add versions to server CPU descriptions
5b79b1c "target-ppc: Create versionless CPU class per family if KVM" added
a dynamic CPU class registration with the name of the CPU family which
QEMU is running on. For example, this allowed specifying "-cpu POWER7"
on every version of POWER7 machine, not just the one which POWER7 was
an alias of. I.e. before 5b79b1c, "-cpu POWER7" would not work on real
POWER7 2.1 and would work on POWER7 2.3 only. The same story for POWER8.
However that patch broke POWER5+ support as POWER5+ CPU uses the same
name as the CPU class so dynamic registering of the POWER5+ class failed.
This redefines POWER5+ server CPUs by adding a version to them and adding
an alias for TCG case. KVM will use dynamically registered CPUs.
While we are here, do the same for 970 CPU.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
Cyril Bur [Mon, 2 Mar 2015 06:55:38 +0000 (17:55 +1100)]
PPC: Introduce the Virtual Time Base (VTB) SPR register
This patch adds basic support for the VTB.
PowerISA:
The Virtual Time Base (VTB) is a 64-bit incrementing counter.
Virtual Time Base increments at the same rate as the Time Base until its value
becomes 0xFFFF_FFFF_FFFF_FFFF (2 64 - 1); at the next increment its value
becomes 0x0000_0000_0000_0000. There is no interrupt or other indication when
this occurs.
The operation of the Virtual Time Base has the following additional
properties.
1. Loading a GPR from the Virtual Time Base has no effect on the accuracy of
the Virtual Time Base.
2. Copying the contents of a GPR to the Virtual Time Base replaces the
contents of the Virtual Time Base with the contents of the GPR.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Mon, 2 Mar 2015 13:31:58 +0000 (14:31 +0100)]
PPC: Remove duplicate OPENPIC defines in default-configs
The CONFIG_OPENPIC variable was declared multiple times. We only need it once.
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexey Kardashevskiy [Mon, 2 Mar 2015 06:46:27 +0000 (17:46 +1100)]
ppc64-softmmu: Remove duplicated OPENPIC from config
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexey Kardashevskiy [Mon, 2 Mar 2015 06:46:25 +0000 (17:46 +1100)]
Revert "default-configs/ppc64: add all components of i82378 SuperIO chip used by prep"
This reverts commit
9c9984242ce46ccf8636f5c19e81d794e84aa0c7 as even when
it was applied, all supposedly new config options were already enabled.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Markus Armbruster [Fri, 27 Feb 2015 10:52:17 +0000 (11:52 +0100)]
spapr_vio: Convert to realize()
Bonus fix: always set an error on failure. Some failures were silent
before, except for the generic error set by device_realize().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Mark Cave-Ayland [Mon, 9 Feb 2015 22:40:52 +0000 (22:40 +0000)]
openpic: convert to vmstate
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Mark Cave-Ayland [Mon, 9 Feb 2015 22:40:51 +0000 (22:40 +0000)]
openpic: switch IRQQueue queue from inline to bitmap
This is in preparation for using VMSTATE_BITMAP in a followup vmstate
migration patch.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Mark Cave-Ayland [Mon, 9 Feb 2015 22:40:50 +0000 (22:40 +0000)]
openpic: fix up loadvm under -M mac99
Issuing loadvm under -M mac99 would fail for two reasons: firstly an incorrect
version number for openpic would cause openpic_load() to abort, and secondly
a cut/paste error when restoring the IVPR and IDR registers caused subsequent
vmstate sections to become misaligned and abort early.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Mark Cave-Ayland [Mon, 9 Feb 2015 22:40:49 +0000 (22:40 +0000)]
openpic: fix segfault on -M mac99 savevm
A simple copy/paste error causes savevm on -M mac99 to segfault.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Mark Cave-Ayland [Mon, 9 Feb 2015 22:40:48 +0000 (22:40 +0000)]
target-ppc: force update of msr bits in cpu_post_load
Since env->msr has already been restored by the time cpu_post_load is called,
make sure that ppc_store_msr() is explicitly called with all msr bits except
MSR_TGPR marked as invalid.
This solves the issue where MSR flags aren't set correctly when restoring a VM
snapshot, in particular the internal env->excp_prefix value when MSR_EP has
been altered by a guest.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Mark Cave-Ayland [Mon, 9 Feb 2015 22:40:47 +0000 (22:40 +0000)]
target-ppc: move sdr1 value change detection logic to helper_store_sdr1()
Otherwise when cpu_post_load calls ppc_store_sdr1() when restoring a VM
snapshot the value is deemed unchanged and so the internal env->htab*
variables aren't set correctly.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Mark Cave-Ayland [Mon, 9 Feb 2015 22:40:46 +0000 (22:40 +0000)]
cuda.c: include adb_poll_timer in VMStateDescription
Make sure that we include the adb_poll_timer when saving the VM state for
client OSs that use it, e.g. Darwin.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Mark Cave-Ayland [Mon, 9 Feb 2015 22:40:45 +0000 (22:40 +0000)]
adb.c: include ADBDevice parent state in KBDState and MouseState
The parent ADBDevice contains the device id on the ADB bus. Make sure that
this state is included in both its subclasses since some clients (such as
OpenBIOS) reprogram each device id after enumeration.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Mark Cave-Ayland [Mon, 9 Feb 2015 22:40:44 +0000 (22:40 +0000)]
macio.c: include parent PCIDevice state in VMStateDescription
This ensures that the macio PCI device is correctly configured when restoring
from a VM snapshot.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Tristan Gingold [Wed, 25 Feb 2015 09:39:25 +0000 (10:39 +0100)]
display cpu id dump state
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Fabien Chouteau [Wed, 25 Feb 2015 09:50:28 +0000 (10:50 +0100)]
Openpic: check that cpu id is within the number of cpus
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Tue, 10 Feb 2015 04:36:16 +0000 (15:36 +1100)]
pseries: Switch VGA endian on H_SET_MODE
When the guest switches the interrupt endian mode, which essentially
means a global machine endian switch, we want to change the VGA
framebuffer endian mode as well in order to be backward compatible
with existing guests who don't know about the new endian control
register.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Tue, 10 Feb 2015 04:36:15 +0000 (15:36 +1100)]
vga: Expose framebuffer byteorder as a QOM property
The VGA device model now supports having the framebuffer in either endian,
and can be switched between these by the guest via a register in the qext
region.
However, in some cases (e.g. LE OS on the pseries machine) we have
existing guest that don't know about the endian switch register, but other
parts of the qemu code have better information to set a default endianness
than the VGA code does of itself.
In order to allow them to set a correct default endianness in these cases,
without breaking abstraction walls, this patch exposes the VGA framebuffer
endianness via a writable QOM property.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
[agraf: use instance_init for property exposure]
Signed-off-by: Alexander Graf <agraf@suse.de>
Markus Armbruster [Thu, 5 Feb 2015 09:34:48 +0000 (10:34 +0100)]
spapr: Clean up misuse of qdev_init() in xics-kvm creation
We call try_create_xics() to create a "xics-kvm". If it fails, we
call it again to fall back to plain "xics".
try_create_xics() uses qdev_init(). qdev_init()'s error handling has
an unwanted side effect: it calls qerror_report_err(), which prints to
stderr. Looks like an error, but isn't.
In QMP context, it would stash the error in the monitor instead,
making the QMP command fail. Fortunately, it's only called from board
initialization, never in QMP context.
Clean up by cutting out the qdev_init() middle-man: set property
"realized" directly.
While there, improve the error message when we can't satisfy an
explicit user request for "xics-kvm", and exit(1) instead of abort().
Simplify the abort when we can't create "xics".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
[agraf: squash in fix for uninitialized variable from mdroth]
Signed-off-by: Alexander Graf <agraf@suse.de>
Markus Armbruster [Thu, 5 Feb 2015 09:34:47 +0000 (10:34 +0100)]
PPC: Clean up misuse of qdev_init() in kvm-openpic creation
We call ppce500_init_mpic_kvm() to create a "kvm-openpic". If it
fails, we call ppce500_init_mpic_qemu() to fall back to plain
"openpic".
ppce500_init_mpic_kvm() uses qdev_init(). qdev_init()'s error
handling has an unwanted side effect: it calls qerror_report_err(),
which prints to stderr. Looks like an error, but isn't.
In QMP context, it would stash the error in the monitor instead,
making the QMP command fail. Fortunately, it's only called from board
initialization, never in QMP context.
Clean up by cutting out the qdev_init() middle-man: set property
"realized" directly.
While there, improve the error message when we can't satisfy an
explicit user request for "kvm-openpic", and exit(1) instead of
abort().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Fri, 6 Feb 2015 03:55:53 +0000 (14:55 +1100)]
pseries: Export RTC time via QOM
On x86, the guest's RTC can be read with QMP, either from the RTC device's
"date" property or via the "rtc-time" property on the machine (which is an
alias to the former). This is set up in the mc146818rtc driver, and
doesn't work on other targets.
This patch adds a similar "date" property to the pseries machine's RTAS RTC
and adds a compatible alias to the machine.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Fri, 6 Feb 2015 03:55:52 +0000 (14:55 +1100)]
pseries: Move rtc_offset into RTC device's state structure
The initial creation of the PAPR RTC qdev class left a wart - the rtc's
offset was left in the sPAPREnvironment structure, accessed via a global.
This patch moves it into the RTC device's own state structure, were it
belongs. This requires a small change to the migration stream format. In
order to handle incoming streams from older versions, we also need to
retain the rtc_offset field in the sPAPREnvironment structure, so that it
can be loaded into via the vmsd, then pushed into the RTC device.
Since we're changing the migration format, this also takes the opportunity
to:
* Change the rtc offset from a value in seconds to a value in
nanoseconds, allowing nanosecond offsets between host and guest
rtc time, if desired.
* Remove both the already unused "next_irq" field and now unused
"rtc_offset" field from the new version of the spapr migration
stream
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Fri, 6 Feb 2015 03:55:51 +0000 (14:55 +1100)]
pseries: Make the PAPR RTC a qdev device
At present the PAPR RTC isn't a "device" as such - it's accessed only via
firmware/hypervisor calls, and is handled in the sPAPR core code. This
becomes inconvenient as we extend it in various ways.
This patch makes the PAPR RTC a separate device in the qemu device model.
For now, the only piece of device state - the rtc_offset - is still kept in
the global sPAPREnvironment structure. That's clearly wrong, but leaving
it to be fixed in a following patch makes for a clearer separation between
the internal re-organization of the device, and the behavioural changes
(because the migration stream format needs to change slightly when the
offset is moved into the device's own state).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Fri, 6 Feb 2015 03:55:50 +0000 (14:55 +1100)]
pseries: Make RTAS time of day functions respect -rtc options
In the 'pseries' machine the real time clock is provided by a
paravirtualized firmware interface rather than a device per se; the RTAS
get-time-of-day and set-time-of-day calls.
Out current implementations of those work directly off host time (with
an offset), not respecting options such as clock=vm which can be
specified in the -rtc command line option.
This patch reworks the RTAS RTC code to respect those options, primarily
by basing them on the qemu_clock_get_ns(rtc_clock) function instead of
directly on qemu_get_timedate() (which essentially handles host time, not
virtual rtc time).
As a bonus, this means our get-time-of-day function now also returns
nanoseconds.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Fri, 6 Feb 2015 03:55:49 +0000 (14:55 +1100)]
pseries: Add spapr_rtc_read() helper function
The virtual RTC time is used in two places in the pseries machine. First
is in the RTAS get-time-of-day function which returns the RTC time to the
guest. Second is in the spapr events code which is used to timestamp
event messages from the hypervisor to the guest.
Currently both call qemu_get_timedate() directly, but we want to change
that so we can properly handle the various -rtc options. In preparation,
create a helper function to return the virtual RTC time.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Fri, 6 Feb 2015 03:55:48 +0000 (14:55 +1100)]
pseries: Add more parameter validation in RTAS time of day functions
Currently, the RTAS time of day functions only partially validate the
number of parameters they receive and return. Because of how the
parameters are used, this is unlikely to lead to a crash, but it's messy.
This patch adds the missing checks.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Fri, 6 Feb 2015 03:55:47 +0000 (14:55 +1100)]
pseries: Move sPAPR RTC code into its own file
At the moment the RTAS (firmware/hypervisor) time of day functions are
implemented in spapr_rtas.c along with a bunch of other things. Since
we're going to be expanding these a bit, move the RTAS RTC related code
out into new file spapr_rtc.c. Also add its own initialization function,
spapr_rtc_init() called from the main machine init routine.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Fri, 6 Feb 2015 03:55:46 +0000 (14:55 +1100)]
Add more VMSTATE_*_TEST variants for integers
Currently, vmstate.h includes helper macro variants for 8, 16 and 32-bit
unsigned integers which include a "test" function which can selectively
enable or disable the field's presence in the migration stream.
There aren't similar helpers for 64-bit unsigned integers, or any size of
signed integers. This patch remedies this.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Fri, 6 Feb 2015 03:55:45 +0000 (14:55 +1100)]
Generalize QOM publishing of date and time from mc146818rtc.c
The mc146818rtc driver exposes the current RTC date and time via the "date"
property in QOM (which is also aliased to the machine's "rtc-time"
property). Currently it uses a custom visitor function rtc_get_date to
do this.
This patch introduces new helpers to the QOM core to expose struct tm
valued properties via a getter function, so that this functionality can be
more easily duplicated in other RTC implementations.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexey Kardashevskiy [Fri, 30 Jan 2015 01:53:19 +0000 (12:53 +1100)]
spapr-pci: Enable huge BARs
At the moment sPAPR only supports 512MB window for MMIO BARs. However
modern devices might want bigger 64bit BARs.
This extends MMIO window from 512MB to 62GB (aligned to
SPAPR_PCI_WINDOW_SPACING) and advertises it in 2 records in
the PHB "ranges" property. 32bit gets the space from
SPAPR_PCI_MEM_WIN_BUS_OFFSET till the end of 4GB, 64bit gets the rest
of the space. If no space is left, 64bit range is not advertised.
The MMIO space size is set to old value of 0x20000000 by default
for pseries machines older than 2.3.
The approach changes the device tree which is a guest visible change, however
it won't break migration as:
1. we do not support migration to older QEMU versions
2. migration to newer QEMU will migrate the device tree as well and since
the new layout only extends the old one and does not change address mappigns,
no breakage is expected here too.
SLOF change is required to utilize this extension.
Suggested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexey Kardashevskiy [Fri, 30 Jan 2015 01:53:18 +0000 (12:53 +1100)]
spapr: Add pseries-2.3 machine
The next patch will make MMIO space bigger and keep the old value for
older pseries machines.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Wed, 14 Jan 2015 02:33:39 +0000 (13:33 +1100)]
pseries: Limit PCI host bridge "index" value
pseries guests can have large numbers of PCI host bridges. To avoid the
user having to specify a number of different configuration values for every
one, the device supports an "index" property which is a shorthand setting
the various window and configuration addresses from a predefined sensible
set.
There are some problems with the details at present:
* The "index" propery is signed, but negative values will create PCI
windows below where we expect, potentially colliding with other devices
* No limit is imposed on the "index" property and large values can
translate to extremely large window addresses. With PCI passthrough in
particular this can mean we exceed various mapping and physical address
limits causing the guest host bridge to not work in strange ways.
This patch addresses this, by making "index" unsigned, and imposing a
limit. Currently the limit allows indices from 0..255 which is probably
enough host bridges for the time being. It's fairly easy to extend if
we discover we need more.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Aneesh Kumar K.V [Mon, 26 Jan 2015 14:21:58 +0000 (19:51 +0530)]
target-ppc: Use right page size with hash table lookup
We look at two sizes specified in ISA (4K, 64K). If not found matching,
we consider it 16MB.
Without this patch we would fail to lookup address above 16MB range.
Below 16MB happened to work before because the kernel have a liner
mapping and we always looked up hash for 0xc000000000000000. The
actual real address was computed by using the 16MB offset
with the real address found with the above hash.
Without Fix:
(gdb) x/16x 0xc000000001000000
0xc000000001000000 <list_entries+453208>: Cannot access memory at address 0xc000000001000000
(gdb)
With Fix:
(gdb) x/16x 0xc000000001000000
0xc000000001000000 <list_entries+453208>: 0x00000000 0x00000000 0x00000000 0x00000000
0xc000000001000010 <list_entries+453224>: 0x00000000 0x00000000 0x00000000 0x00000000
0xc000000001000020 <list_entries+453240>: 0x00000000 0x00000000 0x00000000 0x00000000
0xc000000001000030 <list_entries+453256>: 0x00000000 0x00000000 0x00000000 0x00000000
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexey Kardashevskiy [Thu, 29 Jan 2015 05:04:58 +0000 (16:04 +1100)]
spapr_vio/spapr_iommu: Move VIO bypass where it belongs
Instead of tweaking a TCE table device by adding there a bypass flag,
let's add an alias to RAM and IOMMU memory region, and enable/disable
those according to the selected bypass mode.
This way IOMMU memory region can have size of the actual window rather
than ram_size which is essential for upcoming DDW support.
This moves bypass logic to VIO layer and keeps @bypass flag in TCE table
for migration compatibility only. This replaces spapr_tce_set_bypass()
calls with explicit assignment to avoid confusion as the function could
do something more that just syncing the @bypass flag.
This adds a pointer to VIO device into the sPAPRTCETable struct to provide
the sPAPRTCETable device a way to update bypass mode for the VIO device.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Peter Maydell [Mon, 9 Mar 2015 09:14:28 +0000 (09:14 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pci, pc, virtio fixes and cleanups
A bunch of fixes all over the place.
All of ACPI refactoring has been merged.
Legacy pci commands have been dropped.
virtio header cleanup
initial patches from virtio-1.0 branch
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* remotes/mst/tags/for_upstream: (130 commits)
acpi: drop unused code
aml-build: comment fix
acpi-build: fix typo in comment
acpi: update generated files
vhost user:support vhost user nic for non msi guests
aml-build: fix build for glib < 2.22
acpi: update generated files
Makefile.target: binary depends on config-devices
acpi-test-data: update after pci rewrite
acpi, mem-hotplug: use PC_DIMM_SLOT_PROP in acpi_memory_plug_cb().
pci-hotplug-old: Has been dead for five major releases, bury
pci: Give a few helpers internal linkage
acpi: make build_*() routines static to aml-build.c
pc: acpi: remove not used anymore ssdt-[misc|pcihp].hex.generated blobs
pc: acpi-build: drop template patching and create PCI bus tree dynamically
tests: ACPI: update pc/SSDT.bridge due to new alg of PCI tree creation
pc: acpi-build: simplify PCI bus tree generation
tests: add ACPI blobs for qemu with bridge cases
tests: bios-tables-test: add support for testing bridges
tests: ACPI test blobs update due to PCI0._CRS changes
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Conflicts:
hw/pci/pci-hotplug-old.c
Peter Maydell [Sun, 8 Mar 2015 14:32:38 +0000 (14:32 +0000)]
Merge remote-tracking branch 'remotes/xtensa/tags/
20150307-xtensa' into staging
Xtensa updates:
- implement do_unassigned_access callback;
- fix ML605 xtfpga FLASH size.
# gpg: Signature made Sat Mar 7 12:35:05 2015 GMT using RSA key ID
F83FA044
# gpg: Good signature from "Max Filippov <max.filippov@cogentembedded.com>"
# gpg: aka "Max Filippov <jcmvbkbc@gmail.com>"
* remotes/xtensa/tags/
20150307-xtensa:
target-xtensa: xtfpga: fix ml605 flash size
target-xtensa: implement do_unassigned_access callback
hw/xtensa: allow reads/writes in the system I/O region
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sun, 8 Mar 2015 12:47:13 +0000 (12:47 +0000)]
Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
* remotes/qmp-unstable/queue/qmp:
docs: add memory-hotplug.txt
qemu-options.hx: improve -m description
virtio-balloon: Add some trace events
virtio-balloon: Fix balloon not working correctly when hotplug memory
pc-dimm: add a function to calculate VM's current RAM size
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Michael S. Tsirkin [Sun, 8 Mar 2015 10:49:21 +0000 (11:49 +0100)]
acpi: drop unused code
Recent changes left acpi_get_hex unused,
and clag is unhappy about it:
error: unused function 'acpi_get_hex'
Drop it, as well as some unused macros.
Signer-off-by: Michael S. Tsirkin <mst@redhat.com>
Michael S. Tsirkin [Sun, 8 Mar 2015 09:36:52 +0000 (10:36 +0100)]
aml-build: comment fix
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Michael S. Tsirkin [Sun, 8 Mar 2015 09:24:42 +0000 (10:24 +0100)]
acpi-build: fix typo in comment
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell [Sun, 8 Mar 2015 09:47:55 +0000 (09:47 +0000)]
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-
20150304-1' into staging
misc spice/qxl fixes.
# gpg: Signature made Wed Mar 4 13:57:42 2015 GMT using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/spice/tags/pull-spice-
20150304-1:
hmp: info spice: take out webdav
hmp: info spice: Show string channel name
qxl: drop update_displaychangelistener call for secondary qxl devices
vga: refactor vram_size clamping and rounding
qxl: refactor rounding up to a nearest power of 2
spice: fix invalid memory access to vga.vram
qxl: document minimal video memory for new modes
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sun, 8 Mar 2015 07:33:45 +0000 (07:33 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-
20150303-1' into staging
xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set
# gpg: Signature made Tue Mar 3 07:38:43 2015 GMT using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-usb-
20150303-1:
xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sun, 8 Mar 2015 06:43:32 +0000 (06:43 +0000)]
Merge remote-tracking branch 'remotes/gonglei/tags/bootdevice-next-
20150303' into staging
bootdevice: bug fixes
# gpg: Signature made Tue Mar 3 05:18:39 2015 GMT using RSA key ID
DDE30FBB
# gpg: Good signature from "Gonglei <arei.gonglei@huawei.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5178 9C82 617F 2F58 8693 63B1 BA7A 65B0 DDE3 0FBB
* remotes/gonglei/tags/bootdevice-next-
20150303:
bootdevice: add check in restore_boot_order()
bootdevice: check boot order argument validation before vm running
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sun, 8 Mar 2015 00:16:27 +0000 (00:16 +0000)]
Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-
20150303' into staging
TriCore RRR1, RRR2 instructions and bugfixes
# gpg: Signature made Tue Mar 3 01:12:02 2015 GMT using RSA key ID
6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"
* remotes/bkoppelmann/tags/pull-tricore-
20150303:
target-tricore: Add instructions of RRR1 opcode format, which have 0xc3 as first opcode
target-tricore: Add instructions of RRR1 opcode format, which have 0x43 as first opcode
target-tricore: Add instructions of RRR1 opcode format, which have 0x83 as first opcode
target-tricore: Add instructions of RRR2 opcode format
target-tricore: fix msub32_suov return wrong results
target-tricore: Fix RLC_ADDI, RLC_ADDIH using wrong microcode helper
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Max Filippov [Mon, 16 Feb 2015 19:30:21 +0000 (22:30 +0300)]
target-xtensa: xtfpga: fix ml605 flash size
ML605 daughterboard has 16MB flash, not 32MB. Change board definition
accordingly.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Max Filippov [Wed, 12 Feb 2014 10:35:56 +0000 (14:35 +0400)]
target-xtensa: implement do_unassigned_access callback
Depending on access type raise either InstrPIFDataError or
LoadStorePIFDataError exception.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Max Filippov [Mon, 17 Feb 2014 16:57:45 +0000 (20:57 +0400)]
hw/xtensa: allow reads/writes in the system I/O region
Ignore writes to unassigned areas of system I/O regison and return 0 for
reads. This makes drivers for unimportant unimplemented hardware blocks
happy.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Luiz Capitulino [Thu, 26 Feb 2015 19:43:07 +0000 (14:43 -0500)]
docs: add memory-hotplug.txt
This document describes how to use memory hotplug in QEMU.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Paulo Vital <paulo.vital@profitbricks.com>
Luiz Capitulino [Thu, 26 Feb 2015 19:35:45 +0000 (14:35 -0500)]
qemu-options.hx: improve -m description
Add memory hotplug options to the command-line format. Also,
add a complete command-line example and improve description.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Paulo Vital <paulo.vital@profitbricks.com>
zhanghailiang [Mon, 17 Nov 2014 05:11:10 +0000 (13:11 +0800)]
virtio-balloon: Add some trace events
Add some trace events for easier debugging
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
zhanghailiang [Mon, 17 Nov 2014 05:11:09 +0000 (13:11 +0800)]
virtio-balloon: Fix balloon not working correctly when hotplug memory
When do memory balloon, it takes the 'ram_size' as the VM's current ram size,
But 'ram_size' is the startup configured ram size, it does not take into
account the hotplugged memory.
As a result, the balloon result will be confused.
Steps to reproduce:
(1)Start VM: qemu -m size=1024,slots=4,maxmem=8G
(2)In VM: #free -m : 1024M
(3)qmp balloon 512M
(4)In VM: #free -m : 512M
(5)hotplug pc-dimm 1G
(6)In VM: #free -m : 1512M
(7)qmp balloon 256M
(8)In VM: #free -m :1256M
We expect the VM's available ram size to be 256M after 'qmp balloon 256M'
command, but VM's real available ram size is 1256M.
For "qmp balloon" is not performance critical code, we use function
'get_current_ram_size' to get VM's current ram size.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
zhanghailiang [Mon, 17 Nov 2014 05:11:08 +0000 (13:11 +0800)]
pc-dimm: add a function to calculate VM's current RAM size
The global parameter 'ram_size' does not take into account
the hotplugged memory.
In some codes, we use 'ram_size' as current VM's real RAM size,
which is not correct.
Add function 'get_current_ram_size' to calculate VM's current RAM size,
it will enumerate present memory devices and also plus ram_size.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Peter Maydell [Wed, 4 Mar 2015 15:33:05 +0000 (15:33 +0000)]
Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging
# gpg: Signature made Mon Mar 2 21:45:18 2015 GMT using RSA key ID
81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/tracing-pull-request:
trace: add DTrace reserved words for .d files
unbreak dtrace tracing due to double _ in rdma names
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Michael S. Tsirkin [Wed, 4 Mar 2015 15:05:32 +0000 (16:05 +0100)]
acpi: update generated files
Fixes up build on systems without iasl.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell [Wed, 4 Mar 2015 14:37:31 +0000 (14:37 +0000)]
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-
20150302.0' into staging
Updates for QEMU 2.3-rc0:
- Error reporting and static cleanup (Alexey Kardashevskiy)
- Runtime mmap disable for tracing (Samuel Pitoiset)
- Support for host directed device request (Alex Williamson)
# gpg: Signature made Mon Mar 2 18:42:50 2015 GMT using RSA key ID
3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg: aka "Alex Williamson <alex@shazbot.org>"
# gpg: aka "Alex Williamson <alwillia@redhat.com>"
# gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>"
* remotes/awilliam/tags/vfio-update-
20150302.0:
vfio-pci: Enable device request notification support
vfio: allow to disable MMAP per device with -x-mmap=off option
vfio: Make type1 listener symbols static
vfio: Add ioctl number to error report
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gerd Hoffmann [Tue, 3 Mar 2015 08:27:28 +0000 (09:27 +0100)]
hmp: info spice: take out webdav
Obvious suggestion for the next spice-protocol
release: Add some way to #ifdef new stuff.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Haifeng Gao [Sat, 28 Feb 2015 09:02:02 +0000 (17:02 +0800)]
vhost user:support vhost user nic for non msi guests
Currently, vhost user nic doesn't support non msi guests(like pxe stage) by default.
Vhost user nic can't fall back to qemu like normal vhost net nic does. So we should
enable it for non msi guests.
Signed-off-by: Haifeng Gao <gaohaifeng.gao@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Michael S. Tsirkin [Tue, 3 Mar 2015 16:40:45 +0000 (17:40 +0100)]
aml-build: fix build for glib < 2.22
g_ptr_array_new_with_free_func is there since glib 2.22,
use the older g_ptr_array_foreach instead.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Paolo Bonzini [Tue, 3 Mar 2015 10:36:09 +0000 (11:36 +0100)]
vl: take iothread lock very early
If the iothread lock isn't taken by the main thread, the RCU callbacks
might run concurrently with the main thread. QEMU's not ready for that.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Tested-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 3 Mar 2015 12:07:47 +0000 (12:07 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
- more config options
- bootdevice, iscsi, virtio-scsi fixes
- build system patches for MinGW and config-devices.mak
- qemu_mutex_lock_iothread deadlock fixes
- another tiny patch from the record/replay series
# gpg: Signature made Mon Mar 2 09:59:14 2015 GMT using RSA key ID
78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
cpus: be more paranoid in avoiding deadlocks
cpus: fix deadlock and segfault in qemu_mutex_lock_iothread
virtio-scsi: Allocate op blocker reason before blocking
Makefile.target: binary depends on config-devices
Makefile: don't silence mak file test with V=1
Makefile: fix up parallel building under MSYS+MinGW
iscsi: Handle write protected case in reopen
Give ivshmem its own config option
Create specific config option for "platform-bus"
Add specific config options for PCI-E bridges
bootdevice: fix segment fault when booting guest with '-kernel' and '-initrd'
timer: replace time() with QEMU_CLOCK_HOST
virtio-scsi-dataplane: Call blk_set_aio_context within BQL
block: Forbid bdrv_set_aio_context outside BQL
scsi: give device a parent before setting properties
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Laszlo Ersek [Mon, 2 Mar 2015 16:02:53 +0000 (17:02 +0100)]
xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set
At the moment, when the XHCI driver in edk2
(MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf) runs on QEMU, with the options
-device nec-usb-xhci -device usb-kbd
it crashes with:
ASSERT MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c(1759):
TrsRing != ((void*) 0)
The crash hits in the following edk2 call sequence (all files under
MdeModulePkg/Bus/):
UsbEnumerateNewDev() [Usb/UsbBusDxe/UsbEnumer.c]
UsbBuildDescTable() [Usb/UsbBusDxe/UsbDesc.c]
UsbGetDevDesc() [Usb/UsbBusDxe/UsbDesc.c]
UsbCtrlGetDesc(USB_REQ_GET_DESCRIPTOR) [Usb/UsbBusDxe/UsbDesc.c]
UsbCtrlRequest() [Usb/UsbBusDxe/UsbDesc.c]
UsbHcControlTransfer() [Usb/UsbBusDxe/UsbUtility.c]
XhcControlTransfer() [Pci/XhciDxe/Xhci.c]
XhcCreateUrb() [Pci/XhciDxe/XhciSched.c]
XhcCreateTransferTrb() [Pci/XhciDxe/XhciSched.c]
XhcExecTransfer() [Pci/XhciDxe/XhciSched.c]
XhcCheckUrbResult() [Pci/XhciDxe/XhciSched.c]
//
// look for TRB_TYPE_DATA_STAGE event [1]
//
//
// Store a copy of the device descriptor, as the hub device
// needs this info to configure endpoint. [2]
//
UsbSetConfig() [Usb/UsbBusDxe/UsbDesc.c]
UsbCtrlRequest(USB_REQ_SET_CONFIG) [Usb/UsbBusDxe/UsbDesc.c]
UsbHcControlTransfer() [Usb/UsbBusDxe/UsbUtility.c]
XhcControlTransfer() [Pci/XhciDxe/Xhci.c]
XhcSetConfigCmd() [Pci/XhciDxe/XhciSched.c]
XhcInitializeEndpointContext() [Pci/XhciDxe/XhciSched.c]
//
// allocate transfer ring for the endpoint [3]
//
USBKeyboardDriverBindingStart() [Usb/UsbKbDxe/EfiKey.c]
UsbIoAsyncInterruptTransfer() [Usb/UsbBusDxe/UsbBus.c]
UsbHcAsyncInterruptTransfer() [Usb/UsbBusDxe/UsbUtility.c]
XhcAsyncInterruptTransfer() [Pci/XhciDxe/Xhci.c]
XhcCreateUrb() [Pci/XhciDxe/Xhci.c]
XhcCreateTransferTrb() [Pci/XhciDxe/XhciSched.c]
XhcSyncTrsRing() [Pci/XhciDxe/XhciSched.c]
ASSERT (TrsRing != NULL) [4]
UsbEnumerateNewDev() in the USB bus driver issues a GET_DESCRIPTOR
request, in order to determine the number of configurations that the
endpoint supports. The requests consists of three stages (three TRBs),
setup, data, and status. The length of the response is determined in [1],
namely from the transfer event that the host controller generates in
response to the request's middle stage (ie. the data stage).
If the length of the answer is correct (a full GET_DESCRIPTOR request
takes 18 bytes), then the XHCI driver that underlies the USB bus driver
"snoops" (caches) the descriptor data for later [2].
Later, the USB bus driver sends a SET_CONFIG request. The underlying XHCI
driver allocates a transfer ring for the endpoint, relying on the data
snooped and cached in step [2].
Finally, the USB keyboard driver submits an asynchronous interrupt
transfer to manage the keyboard. As part of this it asserts [4] that the
ring has been allocated in step [3].
And this ASSERT() fires. The root cause can be found in the way QEMU
handles the initial GET_DESCRIPTOR request.
Again, that request consists of three stages (TRBs, Transfer Request
Blocks), "setup", "data", and "status". The XhcCreateTransferTrb()
function sets the IOC ("Interrupt on Completion") flag in each of these
TRBs.
According to the XHCI specification, the host controller shall generate a
Transfer Event in response to *each* individual TRB of the request that
had the IOC flag set. This means that QEMU should queue three events:
setup, data, and status, for edk2's XHCI driver.
However, QEMU only generates two events:
- one for the setup (ie. 1st) stage,
- another for the status (ie. 3rd) stage.
No event is generated for the middle (ie. data) stage. The loop in QEMU's
xhci_xfer_report() function runs three times, but due to the "reported"
variable, only the first and the last TRBs elicit events, the middle (data
stage) results in no event queued.
As a consequence:
- When handling the GET_DESCRIPTOR request, XhcCheckUrbResult() in [1]
does not update the response length from zero.
- XhcControlTransfer() thinks that the response is invalid (it has zero
length payload instead of 18 bytes), hence [2] is not reached; the
device descriptor is not stashed for later, and the number of possible
configurations is left at zero.
- When handling the SET_CONFIG request, (NumConfigurations == 0) from
above prevents the allocation of the endpoint's transfer ring.
- When the keyboard driver tries to use the endpoint, the ASSERT() blows
up.
The solution is to correct the emulation in QEMU, and to generate a
transfer event whenever IOC is set in a TRB.
The patch replaces
!reported && (IOC || foo) == !reported && IOC ||
!reported && foo
with
IOC || (!reported && foo) == IOC ||
!reported && foo
which only changes how
reported && IOC
is handled. (Namely, it now generates an event.)
Tested with edk2 built for "qemu-system-aarch64 -M virt" (ie.
"ArmVirtualizationQemu.dsc", aka "AAVMF"), and guest Linux.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Cole Robinson [Sun, 1 Mar 2015 14:29:18 +0000 (09:29 -0500)]
hmp: info spice: Show string channel name
Useful for debugging.
https://bugzilla.redhat.com/show_bug.cgi?id=822418
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gerd Hoffmann [Mon, 2 Mar 2015 16:01:50 +0000 (17:01 +0100)]
qxl: drop update_displaychangelistener call for secondary qxl devices
Commit
3dcadce5076d4b42fa395c39662d65e050b77784 added three
update_displaychangelistener call sites:
Two for primary qxl cards, when entering/leaving vga mode, which are
correct.
One for secondary qxl cards, which is wrong because we don't register
a displaychangelistener in the first place for secondary cards.
Remove it.
Reported-by: Brad Campbell <lists2009@fnarfbargle.com>
Tested-by: Brad Campbell <lists2009@fnarfbargle.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Radim Krčmář [Tue, 17 Feb 2015 16:30:53 +0000 (17:30 +0100)]
vga: refactor vram_size clamping and rounding
Make the code a bit more obvious.
We don't have min/max, so a general helper for clamp probably isn't
acceptable either.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Radim Krčmář [Tue, 17 Feb 2015 16:30:52 +0000 (17:30 +0100)]
qxl: refactor rounding up to a nearest power of 2
We already have pow2floor, mirror it and use instead of a function with
similar results (same in used domain), to clarify our intent.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Radim Krčmář [Tue, 17 Feb 2015 16:30:51 +0000 (17:30 +0100)]
spice: fix invalid memory access to vga.vram
vga_common_init() doesn't allow more than 256 MiB vram size and silently
shrinks any larger value. qxl_dirty_surfaces() used the unshrinked size
via qxl->shadow_rom.surface0_area_size when accessing the memory, which
resulted in segfault.
Add a workaround for this case and an assert if it happens again.
We have to bump the vga memory limit too, because 256 MiB wouldn't have
allowed 8k (it requires more than 128 MiB).
1024 MiB doesn't work, but 512 MiB seems fine.
Proposed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Radim Krčmář [Tue, 17 Feb 2015 16:30:50 +0000 (17:30 +0100)]
qxl: document minimal video memory for new modes
The alternative to removing existing comments.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gonglei [Thu, 29 Jan 2015 13:13:47 +0000 (13:13 +0000)]
bootdevice: add check in restore_boot_order()
qemu_boot_set() can't fail in restore_boot_order(),
then simply assert it doesn't fail, by passing
&error_abort if boot_set_handler set.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Gonglei [Tue, 3 Feb 2015 11:31:09 +0000 (11:31 +0000)]
bootdevice: check boot order argument validation before vm running
Either 'once' option or 'order' option can take effect for -boot at
the same time, that is say initial startup processing can check only
one. And pc.c's set_boot_dev() fails when its boot order argument
is invalid. This patch provide a solution fix this problem:
1. If "once" is given, register reset handler to restore boot order.
2. Pass the normal boot order to machine creation. Should fail when
the normal boot order is invalid.
3. If "once" is given, set it with qemu_boot_set(). Fails when the
once boot order is invalid.
4. Start the machine.
5. On reset, the reset handler calls qemu_boot_set() to restore boot
order. Should never fail.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Peter Maydell [Tue, 3 Mar 2015 01:28:54 +0000 (01:28 +0000)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-02-26' into staging
QemuOpts: Convert various setters to Error
# gpg: Signature made Thu Feb 26 13:56:43 2015 GMT using RSA key ID
EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/pull-error-2015-02-26:
qtest: Use qemu_opt_set() instead of qemu_opts_parse()
pc: Use qemu_opt_set() instead of qemu_opts_parse()
qemu-sockets: Simplify setting numeric and boolean options
block: Simplify setting numeric options
qemu-img: Suppress unhelpful extra errors in convert, amend
QemuOpts: Propagate errors through opts_parse()
QemuOpts: Propagate errors through opts_do_parse()
QemuOpts: Drop qemu_opt_set(), rename qemu_opt_set_err(), fix use
block: Suppress unhelpful extra errors in bdrv_img_create()
qemu-img: Suppress unhelpful extra errors in convert, resize
QemuOpts: Convert qemu_opts_set() to Error, fix its use
QemuOpts: Convert qemu_opt_set_number() to Error, fix its use
QemuOpts: Convert qemu_opt_set_bool() to Error, fix its use
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bastian Koppelmann [Fri, 6 Feb 2015 14:48:33 +0000 (14:48 +0000)]
target-tricore: Add instructions of RRR1 opcode format, which have 0xc3 as first opcode
Add helpers helper_addsur_h/_ssov which adds one halfword and subtracts one
halfword, rounds / and saturates each half word independently.
Add microcode helper functions:
* gen_maddsu_h/sus_h: multiply two halfwords left justified and add to the
first one word and subtract from the second one word
/ and saturate each resulting word independetly.
* gen_maddsum_h/sums_h: multiply two halfwords in q-format left justified
and add to the first one word and subtract from
the second one word / and saturate each resulting
word independetly.
* gen_maddsur32_h/32s_h: multiply two halfwords in q-format left justified
and add to the first one word and subtract from
the second one word, round both results / and
saturate each resulting word independetly.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Bastian Koppelmann [Tue, 3 Feb 2015 18:36:53 +0000 (18:36 +0000)]
target-tricore: Add instructions of RRR1 opcode format, which have 0x43 as first opcode
Add helpers:
* madd64_q_ssov: multiply two 32 bit q-format number, add them with a
64 bit q-format number and saturate.
* madd32_q_add_ssov: add two 64 bit q-format numbers and return a 32 bit
result.
* maddr_q_ssov: multiplay two 32 bit q-format numbers, add a 32 bit
q-format number and saturate.
* maddr_q: multiplay two 32 bit q-format numbers and add a 32 bit
q-format number.
Note: madd instructions in the q format can behave strange, e.g.
0x1 + (0x80000000 * 0x80000000) << 1 for 32 bit signed values does not cause an
overflow on the guest, because all intermediate results should be handled as if
they are indefinitely precise. We handle this by inverting the overflow bit for
all cases: a + (0x80000000 * 0x80000000) << 1.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Bastian Koppelmann [Thu, 29 Jan 2015 15:35:56 +0000 (15:35 +0000)]
target-tricore: Add instructions of RRR1 opcode format, which have 0x83 as first opcode
Add helpers:
* add64_ssov: adds two 64 bit values and saturates the result.
* addr_h/_ssov: adds two halfwords with two words in q-format with rounding
/ and saturates each result independetly.
Add microcode generator:
* gen_add64_d: adds two 64 bit values.
* gen_addsub64_h: adds/subtracts one halfwords with a word and adds/
subtracts another halftword with another word.
* gen_madd_h/s_h: multiply four halfwords, add each result left justfied
to two word values / and saturate each result.
* gen_maddm_h/s_h: multiply four halfwords, add each result left justfied
to two words values in q-format / and saturate each
result.
* gen_maddr32/64_h/s_h: multiply four halfwords, add each result left
justfied to two halftwords/words values in q-format
/ and saturate each result.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Bastian Koppelmann [Wed, 21 Jan 2015 14:57:51 +0000 (14:57 +0000)]
target-tricore: Add instructions of RRR2 opcode format
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Bastian Koppelmann [Wed, 28 Jan 2015 12:15:05 +0000 (12:15 +0000)]
target-tricore: fix msub32_suov return wrong results
If the signed result of the multiplication overflows, we would get a negative
value, which would result in a addition instead of a subtraction.
Now we do the overflow calculation and saturation by hand instead of using
suov32_neg.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Bastian Koppelmann [Fri, 6 Feb 2015 15:06:05 +0000 (15:06 +0000)]
target-tricore: Fix RLC_ADDI, RLC_ADDIH using wrong microcode helper
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Peter Maydell [Tue, 3 Mar 2015 00:29:17 +0000 (00:29 +0000)]
Revert "Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging"
This reverts commit
b8a173b25c887a606681fc35a46702c164d5b2d0, reversing
changes made to
5de090464f1ec5360c4f30faa01d8a9f8826cd58.
(I applied this pull request when I should not have done so, and
am now immediately reverting it.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Thu, 14 Aug 2014 10:39:23 +0000 (11:39 +0100)]
trace: add DTrace reserved words for .d files
DTrace on Mac OS X fails due to trace events using 'self' as an argument
name:
GEN trace/generated-tracers-dtrace.h
dtrace: failed to compile script trace/generated-tracers-dtrace.dtrace: line 1330: syntax error, unexpected DT_KEY_SELF, expecting ) near "self"
make: *** [trace/generated-tracers-dtrace.h] Error 1
Filter argument names according to the list of DTrace .d file reserved
keywords.
Note that DTrace on Mac and Linux still do not work after this patch.
There are additional build issues remaining.
Reported-by: Henk Poley <henkpoley@gmail.com>
Tested-by: Henk Poley <henkpoley@gmail.com>
Cc: Lluís Vilanova <vilanova@ac.upc.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Dr. David Alan Gilbert [Mon, 16 Feb 2015 16:58:05 +0000 (16:58 +0000)]
unbreak dtrace tracing due to double _ in rdma names
It looks like the dtrace trace code gets upset if you have trace names
with __ in, which the migration/rdma.c code does.
Rename the functions and the associated traces.
Fixes:
733252deb8b7d37beacda5976c2769e18642b2fa
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reported-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Message-id:
1424105885-12149-1-git-send-email-dgilbert@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Alex Williamson [Mon, 2 Mar 2015 18:38:55 +0000 (11:38 -0700)]
vfio-pci: Enable device request notification support
Linux v4.0-rc1 vfio-pci introduced a new virtual interrupt to allow
the kernel to request a device from the user. When signaled, QEMU
will by default attmempt to hot-unplug the device. This is a one-
shot attempt with the expectation that the kernel will continue to
poll for the device if it is not returned. Returning the device when
requested is the expected standard model of cooperative usage, but we
also add an option option to disable this feature. Initially this
opt-out is set as an experimental option because we really should
honor kernel requests for the device.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Samuel Pitoiset [Mon, 2 Mar 2015 18:38:55 +0000 (11:38 -0700)]
vfio: allow to disable MMAP per device with -x-mmap=off option
Disabling MMAP support uses the slower read/write accesses but allows to
trace all MMIO accesses, which is not good for performance, but very
useful for reverse engineering PCI drivers. This option allows to
disable MMAP per device without a compile-time change.
Signed-off-by: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Alexey Kardashevskiy [Mon, 2 Mar 2015 18:38:55 +0000 (11:38 -0700)]
vfio: Make type1 listener symbols static
They are not used from anywhere but common.c which is where these are
defined so make them static.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Alexey Kardashevskiy [Mon, 2 Mar 2015 18:38:54 +0000 (11:38 -0700)]
vfio: Add ioctl number to error report
This makes the error report more informative.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Michael S. Tsirkin [Mon, 2 Mar 2015 15:14:33 +0000 (16:14 +0100)]
acpi: update generated files
Fixes up build on systems without iasl.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell [Mon, 2 Mar 2015 14:25:48 +0000 (14:25 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Move APIC ID compatibility code to pc.c
target-i386: Require APIC ID to be explicitly set before CPU realize
target-i386: Set APIC ID using cpu_index on CONFIG_USER
linux-user: Check for cpu_init() errors
target-i386: Move CPUX86State.cpuid_apic_id to X86CPU.apic_id
target-i386: Simplify error handling on cpu_x86_init_user()
target-i386: Eliminate cpu_init() function
target-i386: Rename cpu_x86_init() to cpu_x86_init_user()
target-i386: Move topology.h to include/hw/i386
target-i386: Eliminate unnecessary get_cpuid_vendor() function
target-i386: Simplify listflags() function
Conflicts:
target-i386/cpu.c
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 2 Mar 2015 13:20:43 +0000 (13:20 +0000)]
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
QOM infrastructure fixes and device conversions
* Assertion fix for device_add with non-device types
* Documentation fix
* qdev_init() error reporting cleanups
# gpg: Signature made Tue Feb 24 13:56:33 2015 GMT using RSA key ID
3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-devices-for-peter:
parallel: parallel_hds_isa_init() shouldn't fail
parallel: Factor out common parallel_hds_isa_init()
serial: serial_hds_isa_init() shouldn't fail
serial: Factor out common serial_hds_isa_init()
etsec: Replace qdev_init() by qdev_init_nofail()
leon3: Replace unchecked qdev_init() by qdev_init_nofail()
ide/isa: Replace unchecked qdev_init() by qdev_init_nofail()
qdev: Improve qdev_init_nofail()'s error reporting
qom: Fix typo, 'my_class_init' -> 'derived_class_init'
qdev: Avoid type assertion in qdev_build_hotpluggable_device_list()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 2 Mar 2015 12:13:45 +0000 (12:13 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into staging
NUMA fixes queue
# gpg: Signature made Mon Feb 23 19:28:42 2015 GMT using RSA key ID
984DC5A6
# gpg: Can't check signature: public key not found
* remotes/ehabkost/tags/numa-pull-request:
numa: Rename set_numa_modes() to numa_post_machine_init()
numa: Rename option parsing functions
numa: Move QemuOpts parsing to set_numa_nodes()
numa: Make max_numa_nodeid static
numa: Move NUMA globals to numa.c
vl.c: Remove unnecessary zero-initialization of NUMA globals
numa: Move NUMA declarations from sysemu.h to numa.h
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Fri, 27 Feb 2015 19:01:03 +0000 (20:01 +0100)]
cpus: be more paranoid in avoiding deadlocks
For good measure, ensure that the following sequence:
thread 1 calls qemu_mutex_lock_iothread
thread 2 calls qemu_mutex_lock_iothread
VCPU thread are created
VCPU thread enters execution loop
results in the VCPU threads letting the other two threads run
and obeying iothread_requesting_mutex even if the VCPUs are
not halted. To do this, check iothread_requesting_mutex
before execution starts.
Tested-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 27 Feb 2015 18:58:23 +0000 (19:58 +0100)]
cpus: fix deadlock and segfault in qemu_mutex_lock_iothread
When two threads (other than the low-priority TCG VCPU thread)
are competing for the iothread lock, a deadlock can happen. This
is because iothread_requesting_mutex is set to false by the first
thread that gets the mutex, and then the VCPU thread might never
yield from the execution loop. If iothread_requesting_mutex is
changed from a bool to a counter, the deadlock is fixed.
However, there is another bug in qemu_mutex_lock_iothread that
can be triggered by the new call_rcu thread. The bug happens
if qemu_mutex_lock_iothread is called before the CPUs are
created. In that case, first_cpu is NULL and the caller
segfaults in qemu_mutex_lock_iothread. To fix this, just
do not do the kick if first_cpu is NULL.
Reported-by: Leon Alrae <leon.alrae@imgtec.com>
Reported-by: Andreas Gustafsson <gson@gson.org>
Tested-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>