migration/vmstate: document VMStateFlags

The VMState API is rather sparsely documented. Start by describing the
meaning of all VMStateFlags.

Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Message-Id: <1456474693-11662-1-git-send-email-silbe@linux.vnet.ibm.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

MAINTAINERS: Add docs/migration.txt to the "Migration" section

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1456393669-20678-1-git-send-email-thuth@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

migration/postcopy-ram: Guard use of sys/eventfd.h with CONFIG_EVENTFD

sys/eventfd.h was being guarded only by a check for linux but does
not exist on older distributions like CentOS 5. Move the include
into the code that uses it and add an appropriate guard.

Signed-off-by: Matthew Fortune <matthew.fortune@imgtec.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <6D39441BF12EF246A7ABCE6654B023536BB85DEB@hhmail02.hh.imgtec.org>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

migration: reorder code to make it symmetric

In qemu_savevm_state_complete_precopy(), it iterates on each device to add
a json object and transfer related status to destination, while the order
of the last two steps could be refined.

Current order:

    json_start_object()
     save_section_header()
     vmstate_save()
    json_end_object()
     save_section_footer()

After the change:

    json_start_object()
     save_section_header()
     vmstate_save()
     save_section_footer()
    json_end_object()

This patch reorder the code to to make it symmetric. No functional change.

Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1454626230-16334-1-git-send-email-richard.weiyang@gmail.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

build: [bsd-user] Rename "syscall.h" to "target_syscall.h" in target directories

This fixes double-definitions in bsd-user builds when using the UST
tracing backend (which indirectly includes the system's "syscall.h").

Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Asynchronous dump-guest-memory from Peter
* improved logging with -D -daemonize from Dimitris
* more address_space_* optimization from Gonglei
* TCG xsave/xrstor thinko fix
* chardev bugfix and documentation patch

# gpg: Signature made Thu 25 Feb 2016 15:12:27 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream:
  target-i386: fix confusion in xcr0 bit position vs. mask
  chardev: Properly initialize ChardevCommon components
  memory: Remove unreachable return statement
  memory: optimize qemu_get_ram_ptr and qemu_ram_ptr_length
  exec: store RAMBlock pointer into memory region
  log: Redirect stderr to logfile if deamonized
  dump-guest-memory: add qmp event DUMP_COMPLETED
  Dump: add hmp command "info dump"
  Dump: add qmp command "query-dump"
  DumpState: adding total_size and written_size fields
  dump-guest-memory: add "detach" support
  dump-guest-memory: disable dump when in INMIGRATE state
  dump-guest-memory: introduce dump_process() helper function.
  dump-guest-memory: add dump_in_progress() helper function
  dump-guest-memory: using static DumpState, add DumpStatus
  dump-guest-memory: add "detach" flag for QMP/HMP interfaces.
  dump-guest-memory: cleanup: removing dump_{error|cleanup}().
  scripts/kvm/kvm_stat: Fix missing right parantheses and ".format(...)"
  qemu-options.hx: Improve documentation of chardev multiplexing mode

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-i386: fix confusion in xcr0 bit position vs. mask

The xsave and xrstor helpers are accessing the x86_ext_save_areas array
using a bit mask instead of a bit position.  Provide two sets of XSTATE_*
definitions and use XSTATE_*_BIT when a bit position is requested.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

chardev: Properly initialize ChardevCommon components

Commit d0d7708b forgot to parse logging for spice chardevs and
virtual consoles. This requires making qemu_chr_parse_common()
non-static. While at it, use a temporary variable to make the
code shorter, as well as reduce the churn when a later patch
alters the layout of simple unions.

Signed-off-by: Eric Blake <eblake@redhat.com>
CC: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1455927587-28033-2-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

memory: Remove unreachable return statement

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1455935721-8804-4-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

memory: optimize qemu_get_ram_ptr and qemu_ram_ptr_length

these two functions consume too much cpu overhead to
find the RAMBlock by ram address.

After this patch, we can pass the RAMBlock pointer
to them so that they don't need to find the RAMBlock
anymore most of the time. We can get better performance
in address translation processing.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1455935721-8804-3-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

exec: store RAMBlock pointer into memory region

Each RAM memory region has a unique corresponding RAMBlock.
In the current realization, the memory region only stored
the ram_addr which means the offset of RAM address space,
We need to qurey the global ram.list to find the ram block
by ram_addr if we want to get the ram block, which is very
expensive.

Now, we store the RAMBlock pointer into memory region
structure. So, if we know the mr, we can easily get the
RAMBlock.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1456130097-4208-2-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-20160225' into staging

TriCore bugfixes and synchronous trap implementation

# gpg: Signature made Thu 25 Feb 2016 11:57:41 GMT using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"

* remotes/bkoppelmann/tags/pull-tricore-20160225:
  target-tricore: add opd trap generation
  target-tricore: add illegal opcode trap generation
  target-tricore: add context managment trap generation
  target-tricore: Add trap handling & SOVF/OVF traps
  target-tricore: Fix wrong precedences on psw_write
  target-tricore: fix save_context_upper using env->PSW

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

vhost, virtio, pci, pc

Fixes all over the place.
virtio dataplane migration support.
Old q35 machine types removed.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 25 Feb 2016 11:16:46 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream: (21 commits)
  q35: No need to check gigabyte_align
  q35: Remove unused q35-acpi-dsdt.aml file
  ich9: Remove enable_tco arguments from init functions
  machine: Remove no_tco field
  q35: Remove old machine versions
  tests/vhost-user-bridge: fix build on 32 bit systems
  vring: remove
  virtio-scsi: do not use vring in dataplane
  virtio-blk: do not use vring in dataplane
  virtio-blk: fix "disabled data plane" mode
  virtio: export vring_notify as virtio_should_notify
  virtio: add AioContext-specific function for host notifiers
  vring: make vring_enable_notification return void
  block-migration: acquire AioContext as necessary
  pci core: function pci_bus_init() cleanup
  pci core: function pci_host_bus_register() cleanup
  balloon: Use only 'pc-dimm' type dimm for ballooning
  virtio-balloon: rewrite get_current_ram_size()
  move get_current_ram_size to virtio-balloon.c
  vhost-user: don't merge regions with different fds
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-tricore: add opd trap generation

If an instruction uses a 64 bit register which consists of an even-odd pair
of 32 bit registers and if the register specifier in the instruction is
odd an opd trap is raised.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <1455889426-1923-5-git-send-email-kbastian@mail.uni-paderborn.de>

target-tricore: add illegal opcode trap generation

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <1455889426-1923-4-git-send-email-kbastian@mail.uni-paderborn.de>

target-tricore: add context managment trap generation

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <1455889426-1923-3-git-send-email-kbastian@mail.uni-paderborn.de>

target-tricore: Add trap handling & SOVF/OVF traps

Add the infrastructure needed to generate and handle traps and
implement the generation of SOVF and OVF traps.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <1455889426-1923-2-git-send-email-kbastian@mail.uni-paderborn.de>

target-tricore: Fix wrong precedences on psw_write

Wrong braces on the restore of the cached TCGv SV and V bit could lead to
a wrong PSW. While at this it removes unnecessary braces for the restore
of the cached TCGv AV and SAV bits.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>

target-tricore: fix save_context_upper using env->PSW

If the cached bits for C, V, SV, AV, or SAV were set, they would
not be saved during the context save since env->PSW was stored instead
of properly reading them using psw_read().

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>

Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20160225' into staging

Second pull req with getrandom fix

# gpg: Signature made Thu 25 Feb 2016 10:57:42 GMT using RSA key ID DE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg:                 aka "Riku Voipio <riku.voipio@linaro.org>"

* remotes/riku/tags/pull-linux-user-20160225:
  linux-user: add getrandom() syscall
  linux-user: correct timerfd_create syscall numbers
  linux-user: remove unavailable syscalls from aarch64
  linux-user: sync syscall numbers with kernel
  linux-user: Don't assert if guest tries shmdt(0)
  linux-user: set ppc64/ppc64le default CPU to POWER8
  build: [linux-user] Rename "syscall.h" to "target_syscall.h" in target directories
  linux-user: fix realloc size of target_fd_trans.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

q35: No need to check gigabyte_align

gigabyte_align is always true on q35, so we don't need the
!gigabyte_align compat code anymore.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

q35: Remove unused q35-acpi-dsdt.aml file

The file was used only by older machine-types, and it is not
needed anymore.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

ich9: Remove enable_tco arguments from init functions

The enable_tco arguments are always true, so they are not needed
anymore.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

machine: Remove no_tco field

The field is always set to zero, so it is not necessary anymore.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

q35: Remove old machine versions

Migration with q35 was not possible before commit
04329029a8c539eb5f75dcb6d8b016f0c53a031a, because q35
unconditionally creates an ich9-ahci device, that was marked as
unmigratable. So all q35 machine classes before pc-q35-2.4 were
not migratable, so there's no point in keeping compatibility code
for them.

Remove all old pc-q35 machine classes and keep only pc-q35-2.4
and newer.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

tests/vhost-user-bridge: fix build on 32 bit systems

Mainly casts between void * and uint64_t, and wrong
format for size_t.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

vring: remove

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio-scsi: do not use vring in dataplane

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio-blk: do not use vring in dataplane

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio-blk: fix "disabled data plane" mode

In disabled mode, virtio-blk dataplane seems to be enabled, but flow
actually goes through the normal virtio path.  This patch simplifies a bit
the handling of disabled mode.  In disabled mode, virtio_blk_handle_output
might be called even if s->dataplane is not NULL.

This is a bit tricky, because the current check for s->dataplane will
always trigger, causing a continuous stream of calls to
virtio_blk_data_plane_start.  Unfortunately, these calls will not
do anything.  To fix this, set the "started" flag even in disabled
mode, and skip virtio_blk_data_plane_start if the started flag is true.
The resulting changes also prepare the code for the next patch, were
virtio-blk dataplane will reuse the same virtio_blk_handle_output function
as "regular" virtio-blk.

Because struct VirtIOBlockDataPlane is opaque in virtio-blk.c, we have
to move s->dataplane->started inside struct VirtIOBlock.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio: export vring_notify as virtio_should_notify

Virtio dataplane needs to trigger the irq manually through the
guest notifier.  Export virtio_should_notify so that it can be
used around event_notifier_set.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio: add AioContext-specific function for host notifiers

This is used to register ioeventfd with a dataplane thread.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

vring: make vring_enable_notification return void

Make the API more similar to the regular virtqueue API.  This will
help when modifying the code to not use vring.c anymore.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

block-migration: acquire AioContext as necessary

This is needed because dataplane will run during block migration as well.

The block device migration code is quite liberal in taking the iothread
mutex.  For simplicity, keep it the same way, even though one could
actually choose between the BQL (for regular BlockDriverStates) and
the AioContext (for dataplane BlockDriverStates).  When the block layer
is made fully thread safe, aio_context_acquire shall go away altogether.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>

pci core: function pci_bus_init() cleanup

remove unused param

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

pci core: function pci_host_bus_register() cleanup

remove unused param, and rename the other to a meaningful one.

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

balloon: Use only 'pc-dimm' type dimm for ballooning

For now there are only two dimm's: pc-dimm and nvdimm. This patch is
actually needed to disable ballooning on nvdimm. But, to avoid future
bugs, instead of disallowing nvdimm, we allow only pc-dimm. So, if
someone adds new dimm which should be balloon-able, then this ability
should be explicitly specified here.

Why ballooning for nvdimm should be disabled for now:

NVDIMM for now is planned to use as a backing store for DAX filesystem
in the guest and thus this memory is excluded from guest memory
management and LRUs.

In this case libvirt running QEMU along with configured balloon almost
immediately inflates balloon and effectively kill the guest as
qemu counts nvdimm as part of the ram.

Counting dimm devices as part of the ram for ballooning was started from
commit 463756d03:
 virtio-balloon: Fix balloon not working correctly when hotplug memory

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

virtio-balloon: rewrite get_current_ram_size()

Use pc_dimm_built_list() instead of qmp_pc_dimm_device_list()

Actually, Qapi is not related to this internal helper.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160225' into staging

ppc patch queue for 2016-02-25

Hopefully final queue before qemu-2.6 soft freeze.  Currently
accumulated patches for target-ppc, pseries machine type and related
devices:
    * SLOF firmware update
        - Many new features, including virtio 1.0 non-legacy support
    * H_PAGE_INIT hypercall implementation
    * Small cleanups and bugfixes.

# gpg: Signature made Thu 25 Feb 2016 03:00:56 GMT using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.6-20160225:
  ppc/kvm: Tell the user what might be wrong when using bad CPU types with kvm-hv
  ppc/kvm: Use error_report() instead of cpu_abort() for user-triggerable errors
  spapr: initialize local Error pointer
  hw/ppc/spapr: Implement the h_page_init hypercall
  pseries: Update SLOF firmware image to 20160223

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

ppc/kvm: Tell the user what might be wrong when using bad CPU types with kvm-hv

Using a CPU type that does not match the host is not possible when using
the kvm-hv kernel module - the PVR is checked in the kernel function
kvm_arch_vcpu_ioctl_set_sregs_hv() and rejected with -EINVAL if it
does not match the host.
However, when the user tries to specify a non-matching CPU type, QEMU
currently only reports "kvm_init_vcpu failed: Invalid argument", and
this is of course not very helpful for the user to solve the problem.
So this patch adds a more descriptive error message that tells the
user to specify "-cpu host" instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
[Removed melodramatic '!' :)]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

ppc/kvm: Use error_report() instead of cpu_abort() for user-triggerable errors

Setting the KVM_CAP_PPC_PAPR capability can fail if either the KVM
kernel module does not support it, or if the specified vCPU type
is not a 64-bit Book3-S CPU type. For example, the user can trigger
it easily with "-M pseries -cpu G2leLS" when using the kvm-pr kernel
module. So the error should not be reported with cpu_abort() since
this function is rather meant for reporting programming errors than
reporting user-triggerable errors (it prints out all CPU registers
and then calls abort() to kills the program - two things that the
normal user does not expect here) . So let's use error_report() with
exit(1) here instead.
A similar problem exists in the code that sets the KVM_CAP_PPC_EPR
capability, so while we're at it, fix that, too.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

spapr: initialize local Error pointer

This fixes a crash in the target QEMU during migration.

Broken in commit c5f54f3.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[reworded commit message]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

hw/ppc/spapr: Implement the h_page_init hypercall

This hypercall either initializes a page with zeros, or copies
another page.
According to LoPAPR, the i-cache of the page should also be
flushed if using H_ICACHE_INVALIDATE or H_ICACHE_SYNCHRONIZE,
and the d-cache should be synchronized to the RAM if the
H_ICACHE_SYNCHRONIZE flag is used. For this, two new functions
are introduced, kvmppc_dcbst_range() and kvmppc_icbi()_range, which
use the corresponding assembler instructions to flush the caches
if running with KVM on Power. If the code runs with TCG instead,
the code only uses tb_flush(), assuming that this will be
enough for synchronization.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

pseries: Update SLOF firmware image to 20160223

The main change is virtio 1.0 support.

The complete changelog is:
  > dhcp: fix warning messages when calling strtoip()
  > virtio-scsi: enable virtio 1.0
  > virtio-scsi: use virtio_fill desc api
  > virtio-scsi: use idx during initialization
  > virtio-net: enable virtio 1.0
  > virtio-blk: enable virtio 1.0
  > virtio: 1.0 helper to read 16/32/64 bit value
  > virtio: add and enable 1.0 device setup
  > virtio: 1.0 guest features negotiation
  > virtio: update features set/get register accessor
  > virtio: make all virtio apis 1.0 aware
  > virtio: add 64-bit virtio helpers for 1.0
  > virtio: add virtio 1.0 related struct and defines
  > virtio: get rid of type variable in virtio_device
  > virtio-net: move setup-mac to the open routine
  > virtio-net: make net_hdr_size a variable
  > virtio-net: replace vq array with vq_{tx,rx}
  > virtio-net: use virtio_fill_desc
  > virtio-{net,blk,scsi,9p}: use status variable
  > virtio-blk: add helpers for filling descriptors
  > virtio-{blk,9p}: enable resetting the device
  > virtio: introduce helper for initializing virt queue
  > virtio: fix code style/design issues.
  > fix code style in byteorder.h
  > pci: add byte read/write helper routines
  > virtio-net: fix gcc warnings (-Wextra)
  > virtio-blk: fix gcc warnings (-Wextra)
  > readme: Add a note about coding style
  > dhcp: Remove duplicated strtoip()
  > ethernet: Fix gcc warnings
  > net-snk: Fix gcc warnings
  > net-snk: Fix coding style
  > net-snk: Fix memory leak in dhcp6_process_options()
  > net-snk: Fix memory leak in ip6_to_multicast_mac() / send_ipv6()
  > net-snk: Remove bad NEIGHBOUR_SOLICITATION code in send_ipv6()
  > Fix dma-alloc and dma-map-in functions on board-js2x
  > net-snk: Allow stateless autoconfig IPv6 addresses with IP_INIT_IPV6_MANUAL
  > net-snk: Simplify the ip6_is_multicast() function
  > net-snk: Move global variable definition out of the header file
  > net-snk: Prefer non-link-local unicast IPv6 addresses if possible
  > net-snk: Fix the check for link-local addresses when receiving RAs
  > net-snk: Remove junk at the end of IPv6 TFTP ACK and error packets
  > Fix format strings in usb-ohci.c
  > net-snk: Get rid of junk at the end of sent DHCPv6 packets
  > net-snk: Use transaction IDs in DHCPv4, too
  > net-snk: Make use of DHCPv6 transaction IDs
  > net-snk: Seed the pseudo-random number generator
  > libc: Add srand() call
  > libc: Fix the rand() function to return non-zero values
  > net-snk: Improve printed text when booting via network
  > Increase temporary buffer size of ibm,client-architecture-support call
  > Move archsupport.fs into board-qemu directory
  > boot: stop booting when we encounter HALT
  > fat-files: Fix bug with root-entries = 0 on certain FAT32 file systems
  > usb: print unhandled descriptor in debug mode
  > Improve stack usage with libnvram get_partition function
  > Improve stack usage in libnvram environment variable code
  > libc: Port vsnprintf back from skiboot
  > Move the code for rfill into a separate function
  > Rework wrapper for new_nvram_partition() and fix possible bug in there
  > Stack optimization in libusb: split up setup_new_device()
  > Check for stack overflow in paflof engine
  > Clean up pending packet variable in ipv4 code
  > Fix tracking of pending outgoing packets when handling ARP replies

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

linux-user: add getrandom() syscall

getrandom() has been introduced in kernel 3.17 and is now used during
the boot sequence of Debian unstable (stretch/sid).

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: correct timerfd_create syscall numbers

x86, m68k, ppc, sh4 and sparc failed to enable timerfd, because they
didn't have timerfd_create system call defined. Instead QEMU
defined timerfd syscall. Checking with kernel sources, it appears
kernel developers reused timerfd syscall number with timerfd_create,
presumably since no userspace called the old syscall number.

Reported-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: remove unavailable syscalls from aarch64

QEMU lists deprecated system call numbers in for Aarch64. These
are never enabled for Linux kernel, so don't define them in Qemu
either. Remove the ifdef around host_to_target_stat64 since
all architectures need it now.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: sync syscall numbers with kernel

Sync syscall numbers to match the linux v4.5-rc1 kernel.

Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: Don't assert if guest tries shmdt(0)

Our implementation of shmat() and shmdt() for linux-user was
using "zero guest address" as its marker for "entry in the
shm_regions[] array is not in use". This meant that if the
guest did a shmdt(0) we would match on an unused array entry
and call page_set_flags() with both start and end addresses zero,
which causes an assertion failure.

Use an explicit in_use flag to manage the shm_regions[] array,
so that we avoid this problem.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Pavel Shamis <pasharesearch@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: set ppc64/ppc64le default CPU to POWER8

Set the default to the latest CPU version to have the
largest set of available features.

It is also really needed in little-endian mode because
POWER7 is not really supported in this mode and some distros
(at least debian) generate POWER8 code for their ppc64le target.

Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813698

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

build: [linux-user] Rename "syscall.h" to "target_syscall.h" in target directories

This fixes double-definitions in linux-user builds when using the UST
tracing backend (which indirectly includes the system's "syscall.h").

Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: fix realloc size of target_fd_trans.

target_fd_trans is an array of "TargetFdTrans *": compute size
accordingly. Use g_renew() as proposed by Paolo.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20160223' into staging

Queued TCG patches

# gpg: Signature made Tue 23 Feb 2016 18:27:44 GMT using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/pull-tcg-20160223:
  tcg: Remove unnecessary osdep.h includes from tcg-target.inc.c
  scripts/clean-includes: Ignore .inc.c files
  tcg: Rename tcg-target.c to tcg-target.inc.c
  target-sparc: Use global registers for the register window
  target-sparc: Tidy global register initialization
  tcg: Allocate indirect_base temporaries in a different order
  tcg: Implement indirect memory registers
  tcg: Work around clang bug wrt enum ranges, part 2

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tcg: Remove unnecessary osdep.h includes from tcg-target.inc.c

Commit 757e725b58c57d added a number of #include "qemu/osdep.h"
files to the tcg-target.c files (as they were named at the time).
These are unnecessary because these files are not standalone C
files, and the tcg/tcg.c file which includes them will have
already included osdep.h on their behalf. Remove the unneeded
include directives.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <1456238983-10160-4-git-send-email-peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

scripts/clean-includes: Ignore .inc.c files

Ignore files which have a .inc.c extension -- these are not headers
but they are not standalone C source files either, so we can't make
any automated decisions about what #include directives they should
have.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <1456238983-10160-3-git-send-email-peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Rename tcg-target.c to tcg-target.inc.c

Rename the per-architecture tcg-target.c files to tcg-target.inc.c.
This makes it clearer that they are not intended to be standalone
C files, but are instead #included into another source file.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <1456238983-10160-2-git-send-email-peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

target-sparc: Use global registers for the register window

Via indirection off cpu_regwptr.

Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>

Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20160223-1' into staging

spice: initial opengl/virgl support, postcopy migration fix.

# gpg: Signature made Tue 23 Feb 2016 12:30:40 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/spice/tags/pull-spice-20160223-1:
  Postcopy+spice: Pass spice migration data earlier
  spice/gl: tweak debug messages.
  spice/gl: add unblock timer
  spice: add opengl/virgl/dmabuf support
  spice: reset cursor on resize
  egl-helpers: add functions for render nodes and dma-buf passing
  configure: add dma-buf support detection.
  spice: init dcl before registering qxl interface

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-sparc: Tidy global register initialization

Create tables for the various global registers that need allocation.
Remove one level of indirection from  gregnames and fregnames.

Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Allocate indirect_base temporaries in a different order

Since we've not got liveness analysis for indirect bases,
placing them at the end of the call-saved registers makes
it more likely that it'll stay live.

Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Implement indirect memory registers

That is, global_mem registers whose base is another global_mem
register, rather than a fixed register.

Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Work around clang bug wrt enum ranges, part 2

A previous patch patch changed the type of REG from int
to enum TCGReg, which provokes the following bug in clang:

  https://llvm.org/bugs/show_bug.cgi?id=16154

Signed-off-by: Richard Henderson <rth@twiddle.net>

tracetool: Include osdep.h in generated-ust.c

When generating the trace/generated-ust.c source file, make sure
it includes osdep.h as its first include.

This fixes compilation with --enable-trace-backends=ust

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1456240661-15422-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Eric Blake <eblake@redhat.com>

include: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

NB: If this commit breaks compilation for your out-of-tree
patchseries or fork, then you need to make sure you add
#include "qemu/osdep.h" to any new .c files that you have.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>

all: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
This just catches a couple of stragglers since I posted
the last clean-includes patchset last week.

all: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>

osdep.h: Include config-target.h if NEED_CPU_H is defined

NEED_CPU_H is the define we use to distinguish per-target object
compilation from common object compilation. For the former, we must
also include config-target.h so that the .c files see the necessary
CONFIG_ constants.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>

scripts/clean-includes: Add --all option

Add a --all option which will run the script on every C
source and header file in the repository (except for those
in a few directories which contain standalone guest code).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>

scripts/clean-includes: Enhance to handle header files

Enhance clean-includes to handle header files as well as .c source
files. For headers we merely remove all the redundant #include
lines, including any includes of qemu/osdep.h itself.

There is a simple mollyguard on the include file processing to
skip a few key headers like osdep.h itself, to avoid producing
bad patches if the script is run on every file in include/.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>

disas/arm-a64.cc: Include osdep.h first

Rearrange include directives so that we include osdep.h first.
This has to be done manually because clean-includes doesn't
handle C++.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>

osdep.h: Define macros for the benefit of C++ before C++11

For C++ before C++11, <stdint.h> requires definition of the macros
__STDC_CONSTANT_MACROS, __STDC_LIMIT_MACROS and __STDC_FORMAT_MACROS
in order to enable definition of various macros by the header file.
Define these in osdep.h, so that we get the right header file
definitions whether osdep.h is being used by plain C, C++11 or
older C++.

In particular libvixl's header files depend on this and won't
compile if osdep.h is included before them otherwise.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>

cpu: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Postcopy+spice: Pass spice migration data earlier

Spice hooks the migration status changes to figure out when to
transmit information to the new spice server; but the migration
status in postcopy doesn't quite fit - the destination starts
running before the end of the source migration.

It's not a case of hanging off the migration status change to
postcopy-active either, since that happens before we stop the
guest CPU.

Fix it by sending a notify just after sending the device state,
and adding a flag that can be tested by the notify receiver.

Symptom:
   spice handover doesn't work with the error:
   red_worker.c:11540:display_channel_wait_for_migrate_data: timeout

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-id: 1456161452-25318-1-git-send-email-dgilbert@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

spice/gl: tweak debug messages.

Adjust message levels, make messages more verbose.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

spice/gl: add unblock timer

Pure debug aid, print a warning in case unblocking
doesn't happen within one second.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

spice: add opengl/virgl/dmabuf support

This adds support for dma-buf passing to spice.  This makes virtio-gpu
with 3d acceleration work with spice.

Workflow:
 * virglrenderer renders the guest command stream into a texture.
 * qemu exports the texture as dma-buf and passes on that dma-buf
   to spice-server.
 * spice-server passes the dma-buf to spice-client, using unix
   socket file descriptor passing.
 * spice-client asks the window systems composer to render the
   dma-buf to the screen.

Requires cutting edge spice (server) and spice-gtk (client) builds,
from git master branch.

Also requires libvirt managing your qemu instance, and using
"virt-viewer --attach $guest".  libvirt will connect spice-server and
spice-client using unix sockets instead of tcp sockets then, which
is required for file descriptor passing.

Works for the local case (spice server and client on the same machine)
only.  Supporting remote too is planned (by feeding the dma-bufs into
gpu-assisted video encoder), but not there yet.

gl mode is turned off by default, use "-spice gl=on,$otherargs" to
enable it.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

spice: reset cursor on resize

Spice server will clear the cursor on resize. QXL driver reset it after
resize, however, virtio and other devices do not. Teach qemu to set it
back.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

egl-helpers: add functions for render nodes and dma-buf passing

Adds helpers to open a drm render node and create a opengl
context for it.  Also add a helper to export a texture as
dma-buf.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

configure: add dma-buf support detection.

Set CONFIG_OPENGL_DMABUF in case both mesa and libepoxy are
new enough to have support for dma-buf import/export.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

spice: init dcl before registering qxl interface

Without this spice might callback into qemu before ssd->dcl.con is
initialized, resulting in a segfault due to NULL pointer dereference.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160223-1' into staging

usb: misc bugfixes.

# gpg: Signature made Tue 23 Feb 2016 10:53:01 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-usb-20160223-1:
  ohci: allocate timer only once.
  usb: add pid check at the first of uhci_handle_td()
  usb: check RNDIS buffer offsets & length
  usb: check RNDIS message length
  tusb6010: move from hw/timer to hw/usb
  usb: check USB configuration descriptor object

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

move get_current_ram_size to virtio-balloon.c

get_current_ram_size() is used only in virtio-balloon.c
This patch moves it into virtio-balloon and make it static, to allow
some balloon-specific tuning.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

vhost-user: don't merge regions with different fds

vhost currently merges regions with contiguious virtual and physical
addresses.  This breaks for vhost-user since that also needs fds to
match.

Add a vhost_ops entry to compare the fds for vhost-user only.

Cc: qemu-stable@nongnu.org
Cc: Victor Kaplansky <victork@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

bios-linker-loader: document+validate input

While guest/host ABI is documented in hw/acpi/bios-linker-loader.c,
the API was left undocumented.

This adds documentation for all API functions.

Additionally, input is validated to make sure all
pointers fall within range of provided files.

To allow this validation for checksum commands,
bios_linker_loader_add_checksum is changed to accept GArray * in place
of void *.

Reported-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

ohci: allocate timer only once.

Allocate timer once, at init time, instead of allocating/freeing
it all the time when starting/stopping the bus.  Simplifies the
code, also fixes bugs (memory leak) due to missing checks whenever
the time is already allocated or not.

Cc: Prasad J Pandit <pjp@fedoraproject.org>
Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: add pid check at the first of uhci_handle_td()

pid can be gotten from uhci device memory in uhci_handle_td(),
so the guest can trigger assert qemu if we get an invalid pid.
And the uhci spec 2.1.2 tells us The Host Controller sets Host
Controller Process Error bit to 1 when it detects a fatal error
and indicates that the Host Controller suffered a consistency
check failure while processing a Transfer Descriptor. An example
of a consistency check failure would be finding an illegal PID
field while processing the packet header portion of the TD.
When this error occurs, the Host Controller clears the Run/Stop
bit in the Command register to prevent further schedule execution.

We'd better to set UHCI_STS_HCPERR and kick an interrupt, check
the pid value at the first of uhci_handle_td function.

https://bugzilla.redhat.com/show_bug.cgi?id=1070027

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-id: 1455867238-4720-1-git-send-email-arei.gonglei@huawei.com

[ applied minor codestyle fix ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: check RNDIS buffer offsets & length

When processing remote NDIS control message packets,
the USB Net device emulator uses a fixed length(4096) data buffer.
The incoming informationBufferOffset & Length combination could
overflow and cross that range. Check control message buffer
offsets and length to avoid it.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1455648821-17340-3-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: check RNDIS message length

When processing remote NDIS control message packets, the USB Net
device emulator uses a fixed length(4096) data buffer. The incoming
packet length could exceed this limit. Add a check to avoid it.

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1455648821-17340-2-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

tusb6010: move from hw/timer to hw/usb

The TUSB6010 is a USB controller (as the name suggests). Move it from
hw/timer (where it was accidentally filed in 2013 when we moved
everything out of hw/) to hw/usb.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1455883404-10976-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: check USB configuration descriptor object

When processing remote NDIS control message packets, the USB Net
device emulator checks to see if the USB configuration descriptor
object is of RNDIS type(2). But it does not check if it is null,
which leads to a null dereference error. Add check to avoid it.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1455188480-14688-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

log: Redirect stderr to logfile if deamonized

In case of daemonize, use the logfile passed with the -D option in
order to redirect stderr to it instead of /dev/null.

Also remove some unused code in log.h.

Signed-off-by: Dimitris Aragiorgis <dimara@arrikto.com>
Message-Id: <1455795518-19205-1-git-send-email-dimara@arrikto.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

dump-guest-memory: add qmp event DUMP_COMPLETED

One new QMP event DUMP_COMPLETED is added. When a dump finishes, one
DUMP_COMPLETED event will occur to notify the user.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1455772616-8668-12-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Dump: add hmp command "info dump"

It will calculate percentage of finished work from completed and
total.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1455772616-8668-11-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Dump: add qmp command "query-dump"

When dump-guest-memory is requested with detach flag, after its
return, user could query its status using "query-dump" command (with
no argument). The result contains:

- status: current dump status
- completed: bytes written in the latest dump
- total: bytes to write in the latest dump

From completed and total, we could know how much work
finished by calculating:

  100.0 * completed / total (%)

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1455772616-8668-10-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

DumpState: adding total_size and written_size fields

Here, total_size is the size in bytes to be dumped (raw data, which
means before compression), while written_size are bytes handled (raw
size too).

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1455772616-8668-9-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

dump-guest-memory: add "detach" support

If "detach" is provided, one thread is created to do the dump work,
while main thread will return immediately. For each GuestPhysBlock,
adding one more field "mr" to points to MemoryRegion that it
belongs, also ref the mr before use.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1455772616-8668-8-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

dump-guest-memory: disable dump when in INMIGRATE state

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1455772616-8668-7-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

dump-guest-memory: introduce dump_process() helper function.

No functional change. Cleanup only.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1455772616-8668-6-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

dump-guest-memory: add dump_in_progress() helper function

For now, it has no effect. It will be used in dump detach support.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1455772616-8668-5-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

dump-guest-memory: using static DumpState, add DumpStatus

Instead of malloc/free each time for DumpState, make it
static. Added DumpStatus to show status for dump.

This is to be used for detached dump.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1455772616-8668-4-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>