sdk/emulator/qemu.git
9 years agoqapi: New QAPISchema intermediate reperesentation
Markus Armbruster [Wed, 16 Sep 2015 11:06:05 +0000 (13:06 +0200)]
qapi: New QAPISchema intermediate reperesentation

The QAPI code generators work with a syntax tree (nested dictionaries)
plus a few symbol tables (also dictionaries) on the side.

They have clearly outgrown these simple data structures.  There's lots
of rummaging around in dictionaries, and information is recomputed on
the fly.  For the work I'm going to do, I want more clearly defined
and more convenient interfaces.

Going forward, I also want less coupling between the back-ends and the
syntax tree, to make messing with the syntax easier.

Create a bunch of classes to represent QAPI schemata.

Have the QAPISchema initializer call the parser, then walk the syntax
tree to create the new internal representation, and finally perform
semantic analysis.

Shortcut: the semantic analysis still relies on existing check_exprs()
to do the actual semantic checking.  All this code needs to move into
the classes.  Mark as TODO.

Simple unions are lowered to flat unions.  Flat unions and structs are
represented as a more general object type.

Catching name collisions in generated code would be nice.  Mark as
TODO.

We generate array types eagerly, even though most of them aren't used.
Mark as TODO.

Nothing uses the new intermediate representation just yet, thus no
change to generated files.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
9 years agoqapi: Rename class QAPISchema to QAPISchemaParser
Markus Armbruster [Wed, 16 Sep 2015 11:06:04 +0000 (13:06 +0200)]
qapi: Rename class QAPISchema to QAPISchemaParser

I want to name a new class QAPISchema.

While there, make it a new-style class.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1442401589-24189-2-git-send-email-armbru@redhat.com>

9 years agoMerge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
Peter Maydell [Sat, 19 Sep 2015 14:59:52 +0000 (15:59 +0100)]
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging

QOM infrastructure fixes and device conversions

* QOM API error handling fixes
* Performance improvements for device GPIO property creation
* Remaining conversion of QEMUMachine to QOM

# gpg: Signature made Sat 19 Sep 2015 15:40:44 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-peter: (21 commits)
  machine: Eliminate QEMUMachine and qemu_register_machine()
  Revert use of DEFINE_MACHINE() for registrations of multiple machines
  Use DEFINE_MACHINE() to register all machines
  mac_world: Break long line
  machine: DEFINE_MACHINE() macro
  exynos4: Declare each QEMUMachine as a separate variable
  exynos4: Use MachineClass instead of exynos4_machines array
  exynos4: Use EXYNOS4210_NCPUS instead of max_cpus on error message
  machine: Set MachineClass::name automatically
  machine: Ensure all TYPE_MACHINE subclasses have the right suffix
  mac99: Use MACHINE_TYPE_NAME to encode class name
  s390: Rename s390-ccw-virtio-2.4 class name to use MACHINE_TYPE_NAME
  s390-virtio: Rename machine class name to use MACHINE_TYPE_NAME
  pseries: Rename machine class names to use MACHINE_TYPE_NAME
  arm: Rename virt machine class to use MACHINE_TYPE_NAME
  vexpress: Rename machine classes to use MACHINE_TYPE_NAME
  vexpress: Don't set name on abstract class
  machine: MACHINE_TYPE_NAME macro
  qdev: Do not use slow [*] expansion for GPIO creation
  qom: Fix invalid error check in property_get_str()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agomachine: Eliminate QEMUMachine and qemu_register_machine()
Eduardo Habkost [Fri, 4 Sep 2015 18:37:09 +0000 (15:37 -0300)]
machine: Eliminate QEMUMachine and qemu_register_machine()

The struct is not used anymore and can be eliminated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoRevert use of DEFINE_MACHINE() for registrations of multiple machines
Andreas Färber [Sat, 19 Sep 2015 08:49:44 +0000 (10:49 +0200)]
Revert use of DEFINE_MACHINE() for registrations of multiple machines

The script used for converting from QEMUMachine had used one
DEFINE_MACHINE() per machine registered. In cases where multiple
machines are registered from one source file, avoid the excessive
generation of module init functions by reverting this unrolling.

Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoUse DEFINE_MACHINE() to register all machines
Eduardo Habkost [Fri, 4 Sep 2015 18:37:08 +0000 (15:37 -0300)]
Use DEFINE_MACHINE() to register all machines

Convert all machines to use DEFINE_MACHINE() instead of QEMUMachine
automatically using a script.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
[AF: Style cleanups, convert imx25_pdk machine]
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agomac_world: Break long line
Eduardo Habkost [Fri, 4 Sep 2015 18:37:07 +0000 (15:37 -0300)]
mac_world: Break long line

Coding style change only.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agomachine: DEFINE_MACHINE() macro
Eduardo Habkost [Fri, 4 Sep 2015 18:37:06 +0000 (15:37 -0300)]
machine: DEFINE_MACHINE() macro

The macro will allow easy registration of a TYPE_MACHINE subclass, using
only the machine name and a MachineClass initialization function as
parameter.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoexynos4: Declare each QEMUMachine as a separate variable
Eduardo Habkost [Fri, 4 Sep 2015 18:37:05 +0000 (15:37 -0300)]
exynos4: Declare each QEMUMachine as a separate variable

This will make the code follow the same pattern used for other machines,
and will make it easier to automatically convert the code to be
QOM-based.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoexynos4: Use MachineClass instead of exynos4_machines array
Eduardo Habkost [Fri, 4 Sep 2015 18:37:04 +0000 (15:37 -0300)]
exynos4: Use MachineClass instead of exynos4_machines array

We don't need a QEMUMachine array to query max_cpus, if we can get the
corresponding MachineClass.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoexynos4: Use EXYNOS4210_NCPUS instead of max_cpus on error message
Eduardo Habkost [Fri, 4 Sep 2015 18:37:03 +0000 (15:37 -0300)]
exynos4: Use EXYNOS4210_NCPUS instead of max_cpus on error message

The code is checking smp_cpus against EXYNOS4210_NCPUS, not against
max_cpus, so use EXYNOS4210_NCPUS in the error message for consistency.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agomachine: Set MachineClass::name automatically
Eduardo Habkost [Thu, 20 Aug 2015 21:54:36 +0000 (14:54 -0700)]
machine: Set MachineClass::name automatically

Now all TYPE_MACHINE subclasses use MACHINE_TYPE_NAME to generate the
class name. So instead of requiring each subclass to set
MachineClass::name manually, we can now set it automatically at the
TYPE_MACHINE class_base_init() function.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
[AF/ehabkost: Updated for s390-ccw machines]
[AF: Cleanup of intermediate virt and vexpress name handling]
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agomachine: Ensure all TYPE_MACHINE subclasses have the right suffix
Eduardo Habkost [Thu, 20 Aug 2015 21:54:35 +0000 (14:54 -0700)]
machine: Ensure all TYPE_MACHINE subclasses have the right suffix

Now that all non-abstract TYPE_MACHINE subclasses have the -machine
suffix, add an assert to ensure this will be always true.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agomac99: Use MACHINE_TYPE_NAME to encode class name
Eduardo Habkost [Thu, 20 Aug 2015 21:54:34 +0000 (14:54 -0700)]
mac99: Use MACHINE_TYPE_NAME to encode class name

It will result in exactly the same class name, but it will make the code
consistent with the other classes.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agos390: Rename s390-ccw-virtio-2.4 class name to use MACHINE_TYPE_NAME
Eduardo Habkost [Thu, 20 Aug 2015 21:54:33 +0000 (14:54 -0700)]
s390: Rename s390-ccw-virtio-2.4 class name to use MACHINE_TYPE_NAME

Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the
s390-ccw-virtio-2.4 machine class using the MACHINE_TYPE_NAME macro.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
[AF/ehabkost: Updated for 2.5 machine]
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agos390-virtio: Rename machine class name to use MACHINE_TYPE_NAME
Eduardo Habkost [Thu, 20 Aug 2015 21:54:32 +0000 (14:54 -0700)]
s390-virtio: Rename machine class name to use MACHINE_TYPE_NAME

Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the s390-virtio
machine class using the MACHINE_TYPE_NAME macro.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agopseries: Rename machine class names to use MACHINE_TYPE_NAME
Eduardo Habkost [Thu, 20 Aug 2015 21:54:31 +0000 (14:54 -0700)]
pseries: Rename machine class names to use MACHINE_TYPE_NAME

Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the the pseries
machine classes using the MACHINE_TYPE_NAME macro.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoarm: Rename virt machine class to use MACHINE_TYPE_NAME
Eduardo Habkost [Thu, 20 Aug 2015 21:54:30 +0000 (14:54 -0700)]
arm: Rename virt machine class to use MACHINE_TYPE_NAME

Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the arm virt
machine class using the MACHINE_TYPE_NAME macro.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agovexpress: Rename machine classes to use MACHINE_TYPE_NAME
Eduardo Habkost [Thu, 20 Aug 2015 21:54:29 +0000 (14:54 -0700)]
vexpress: Rename machine classes to use MACHINE_TYPE_NAME

Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the vexpress
machine classes using the MACHINE_TYPE_NAME macro.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
[AF: Introduce VEXPRESS_*_MACHINE_NAME]
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agovexpress: Don't set name on abstract class
Eduardo Habkost [Thu, 20 Aug 2015 21:54:28 +0000 (14:54 -0700)]
vexpress: Don't set name on abstract class

The MachineClass::name field won't be ever be used on TYPE_VEXPRESS, as
it is an abstract class and the machine class lookup code explicitly
skips abstract classes. We can remove it to make the code simpler.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agomachine: MACHINE_TYPE_NAME macro
Eduardo Habkost [Thu, 20 Aug 2015 21:54:27 +0000 (14:54 -0700)]
machine: MACHINE_TYPE_NAME macro

The macro will be useful to ensure the machine class names follow the
right format to make machine class lookup by class name work correctly.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoqdev: Do not use slow [*] expansion for GPIO creation
Pavel Fedin [Fri, 31 Jul 2015 12:23:22 +0000 (15:23 +0300)]
qdev: Do not use slow [*] expansion for GPIO creation

Expansion of [*] suffix is very slow because index expansion is done using
trial and error strategy, starting every time from zero and retrying with
the next index until insertion succeeds. With large number of already added
properties this process takes huge amount of time (O(n^2) complexity).

Some architectures (like ARM) use very large amount of IRQ pins in interrupt
controller models. This flaw makes machine startup extremely slow
(~20 seconds for ARM64 with 32 CPUs). This patch decreases this time down to
~10 seconds.

Also in qdev_init_gpio_out_named() memset() is now called only once for the
whole array instead of per-cell cleaning

Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoqom: Fix invalid error check in property_get_str()
Markus Armbruster [Tue, 25 Aug 2015 18:00:46 +0000 (20:00 +0200)]
qom: Fix invalid error check in property_get_str()

When a function returns a null pointer on error and only on error, you
can do

    if (!foo(foos, errp)) {
        ... handle error ...
    }

instead of the more cumbersome

    Error *err = NULL;

    if (!foo(foos, &err)) {
        error_propagate(errp, err);
        ... handle error ...
    }

A StringProperty's getter, however, may return null on success!  We
then fail to call visit_type_str().

Screwed up in 6a146eb, v1.1.

Fails tests/qom-test in my current, heavily hacked QAPI branch.  No
reproducer for master known (but I didn't look hard).

Cc: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agoqom: Do not reuse errp after a possible error
Markus Armbruster [Tue, 25 Aug 2015 18:00:45 +0000 (20:00 +0200)]
qom: Do not reuse errp after a possible error

The argument for an Error **errp parameter must point to a null
pointer.  If it doesn't, and an error happens, error_set() fails its
assertion.

Instead of

    foo(foos, errp);
    bar(bars, errp);

you need to do something like

    Error *err = NULL;

    foo(foos, &err);
    if (err) {
        error_propagate(errp, err);
        goto out;
    }

    bar(bars, errp);
out:

Screwed up in commit 0e55884 (v1.3.0): property_get_bool().

Screwed up in commit 1f21772 (v2.1.0): object_property_get_enum() and
object_property_get_uint16List().

Screwed up in commit a8e3fbe (v2.4.0): property_get_enum(),
property_set_enum().

Found by inspection, no actual crashes observed.

Fix them up.

Cc: Anthony Liguori <anthony@codemonkey.ws>
Cc: Hu Tao <hutao@cn.fujitsu.com>
Cc: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
9 years agococoa: Suppress Cocoa window with -display
Rainer Müller [Wed, 9 Sep 2015 14:08:30 +0000 (16:08 +0200)]
cocoa: Suppress Cocoa window with -display

Do not open a Cocoa window when another display is selected that will be
initialized later. The Cocoa display cannot be selected with -display,
so there is no need to check its argument.

Signed-off-by: Rainer Müller <raimue@codingfarm.de>
Reviewed-by: Andreas Färber <andreas.faerber@web.de>
Message-id: 1441807710-25431-1-git-send-email-raimue@codingfarm.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoMerge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging
Peter Maydell [Fri, 18 Sep 2015 15:57:59 +0000 (16:57 +0100)]
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Fri 18 Sep 2015 15:59:02 BST using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"

* remotes/jnsnow/tags/ide-pull-request:
  ahci: clean up initial d2h semantics
  ahci: remove cmd_fis argument from write_fis_d2h
  ahci: fix signature generation
  ahci: remove dead reset code
  atapi: abort transfers with 0 byte limits
  ide: fix ATAPI command permissions
  ide-test: add cdrom dma test
  ide-test: add cdrom pio test
  qtest/ahci: export generate_pattern
  qtest/ahci: use generate_pattern everywhere
  ide: unify io_buffer_offset increments

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoahci: clean up initial d2h semantics
John Snow [Tue, 1 Sep 2015 20:50:41 +0000 (16:50 -0400)]
ahci: clean up initial d2h semantics

with write_fis_d2h and signature generation tidied up,
let's adjust the initial d2h semantics to make more sense.

The initial d2h is considered delivered if there is guest
memory to save it to.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-5-git-send-email-jsnow@redhat.com

9 years agoahci: remove cmd_fis argument from write_fis_d2h
John Snow [Tue, 1 Sep 2015 20:50:40 +0000 (16:50 -0400)]
ahci: remove cmd_fis argument from write_fis_d2h

It's no longer used. We used to generate a D2H FIS based
upon the command FIS that prompted the update, but in reality,
the D2H FIS is generated purely from register state.

cmd_fis is vestigial, so get rid of it.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-4-git-send-email-jsnow@redhat.com

9 years agoahci: fix signature generation
John Snow [Tue, 1 Sep 2015 20:50:39 +0000 (16:50 -0400)]
ahci: fix signature generation

The initial register device-to-host FIS no longer needs to specially
set certain fields, as these can be handled generically by setting those
fields explicitly with the signatures we want at port reset time.

(1) Signatures are decomposed into their four component registers and
    set upon (AHCI) port reset.
(2) the signature cache register is no longer set manually per-each
    device type, but instead just once during ahci_init_d2h.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-3-git-send-email-jsnow@redhat.com

9 years agoahci: remove dead reset code
John Snow [Tue, 1 Sep 2015 20:50:38 +0000 (16:50 -0400)]
ahci: remove dead reset code

This check is dead due to an earlier conditional.
AHCI does not currently support hotplugging, so
checks to see if devices are present or not are useless.

Remove it.

Reported-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-2-git-send-email-jsnow@redhat.com

9 years agoatapi: abort transfers with 0 byte limits
John Snow [Thu, 17 Sep 2015 18:17:05 +0000 (14:17 -0400)]
atapi: abort transfers with 0 byte limits

We're supposed to abort on transfers like this, unless we fill
Word 125 of our IDENTIFY data with a default transfer size, which
we don't currently do.

This is an ATA error, not a SCSI/ATAPI one.
See ATA8-ACS3 sections 7.17.6.49 or 7.21.5.

If we don't do this, QEMU will loop forever trying to transfer
zero bytes, which isn't particularly useful.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1442253685-23349-2-git-send-email-jsnow@redhat.com

9 years agoide: fix ATAPI command permissions
John Snow [Thu, 17 Sep 2015 18:17:05 +0000 (14:17 -0400)]
ide: fix ATAPI command permissions

We're a little too lenient with what we'll let an ATAPI drive handle.
Clamp down on the IDE command execution table to remove CD_OK permissions
from commands that are not and have never been ATAPI commands.

For ATAPI command validity, please see:
- ATA4 Section 6.5 ("PACKET Command feature set")
- ATA8/ACS Section 4.3 ("The PACKET feature set")
- ACS3 Section 4.3 ("The PACKET feature set")

ACS3 has a historical command validity table in Table B.4
("Historical Command Assignments") that can be referenced to find when
a command was introduced, deprecated, obsoleted, etc.

The only reference for ATAPI command validity is by checking that
version's PACKET feature set section.

ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4
therefore are assumed to have never been ATAPI commands.

Mandatory commands, as listed in ATA8-ACS3, are:

- DEVICE RESET
- EXECUTE DEVICE DIAGNOSTIC
- IDENTIFY DEVICE
- IDENTIFY PACKET DEVICE
- NOP
- PACKET
- READ SECTOR(S)
- SET FEATURES

Optional commands as listed in ATA8-ACS3, are:

- FLUSH CACHE
- READ LOG DMA EXT
- READ LOG EXT
- WRITE LOG DMA EXT
- WRITE LOG EXT

All other commands are illegal to send to an ATAPI device and should
be rejected by the device.

CD_OK removal justifications:

0x06 WIN_DSM              Defined in ACS2. Not valid for ATAPI.
0x21 WIN_READ_ONCE        Retired in ATA5. Not ATAPI in ATA4.
0x94 WIN_STANDBYNOW2      Retired in ATA4. Did not coexist with ATAPI.
0x95 WIN_IDLEIMMEDIATE2   Retired in ATA4. Did not coexist with ATAPI.
0x96 WIN_STANDBY2         Retired in ATA4. Did not coexist with ATAPI.
0x97 WIN_SETIDLE2         Retired in ATA4. Did not coexist with ATAPI.
0x98 WIN_CHECKPOWERMODE2  Retired in ATA4. Did not coexist with ATAPI.
0x99 WIN_SLEEPNOW2        Retired in ATA4. Did not coexist with ATAPI.
0xE0 WIN_STANDBYNOW1      Not part of ATAPI in ATA4, ACS or ACS3.
0xE1 WIN_IDLEIMMDIATE     Not part of ATAPI in ATA4, ACS or ACS3.
0xE2 WIN_STANDBY          Not part of ATAPI in ATA4, ACS or ACS3.
0xE3 WIN_SETIDLE1         Not part of ATAPI in ATA4, ACS or ACS3.
0xE4 WIN_CHECKPOWERMODE1  Not part of ATAPI in ATA4, ACS or ACS3.
0xE5 WIN_SLEEPNOW1        Not part of ATAPI in ATA4, ACS or ACS3.
0xF8 WIN_READ_NATIVE_MAX  Obsoleted in ACS3. Not ATAPI in ATA4 or ACS.

This patch fixes a divide by zero fault that can be caused by sending
the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to
attempt to use zeroed CHS values to perform sector arithmetic.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com
CC: qemu-stable@nongnu.org
9 years agoide-test: add cdrom dma test
John Snow [Thu, 17 Sep 2015 18:17:05 +0000 (14:17 -0400)]
ide-test: add cdrom dma test

Now, test the DMA functionality of the ATAPI drive.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1441926555-19471-5-git-send-email-jsnow@redhat.com

9 years agoide-test: add cdrom pio test
John Snow [Thu, 17 Sep 2015 18:17:04 +0000 (14:17 -0400)]
ide-test: add cdrom pio test

Add a simple read test for ATAPI devices,
using the PIO mechanism.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1441926555-19471-4-git-send-email-jsnow@redhat.com

9 years agoqtest/ahci: export generate_pattern
John Snow [Thu, 17 Sep 2015 18:17:04 +0000 (14:17 -0400)]
qtest/ahci: export generate_pattern

Share the pattern function for ide and ahci test.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1441926555-19471-3-git-send-email-jsnow@redhat.com

9 years agoqtest/ahci: use generate_pattern everywhere
John Snow [Thu, 17 Sep 2015 18:17:04 +0000 (14:17 -0400)]
qtest/ahci: use generate_pattern everywhere

Fix the pattern generation to actually be interesting,
and make sure all buffers in the ahci-test actually use it.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1441926555-19471-2-git-send-email-jsnow@redhat.com

9 years agoMerge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-09-18' into staging
Peter Maydell [Fri, 18 Sep 2015 13:41:53 +0000 (14:41 +0100)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-09-18' into staging

Error reporting patches

# gpg: Signature made Fri 18 Sep 2015 13:42:49 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-error-2015-09-18:
  memory: Fix bad error handling in memory_region_init_ram_ptr()
  loader: Fix memory_region_init_resizeable_ram() error handling
  Fix bad error handling after memory_region_init_ram()
  error: New error_fatal
  MAINTAINERS: Add "Error reporting" entry
  error: Copy location information in error_copy()
  hmp: Allow for error message hints on HMP
  error: only prepend timestamp on stderr

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agomemory: Fix bad error handling in memory_region_init_ram_ptr()
Markus Armbruster [Fri, 11 Sep 2015 14:51:45 +0000 (16:51 +0200)]
memory: Fix bad error handling in memory_region_init_ram_ptr()

Commit ef701d7 screwed up handling of out-of-memory conditions.
Before the commit, we report the error and exit(1), in one place.  The
commit lifts the error handling up the call chain some, to three
places.  Fine.  Except it uses &error_abort in these places, changing
the behavior from exit(1) to abort(), and thus undoing the work of
commit 3922825 "exec: Don't abort when we can't allocate guest
memory".

The previous two commits fixed one of the three places, another one
was fixed in commit 33e0eb5.  This commit fixes the third one.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1441983105-26376-5-git-send-email-armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
9 years agoloader: Fix memory_region_init_resizeable_ram() error handling
Markus Armbruster [Fri, 11 Sep 2015 14:51:44 +0000 (16:51 +0200)]
loader: Fix memory_region_init_resizeable_ram() error handling

Commit ef701d7 screwed up handling of out-of-memory conditions.
Before the commit, we report the error and exit(1), in one place.  The
commit lifts the error handling up the call chain some, to three
places.  Fine.  Except it uses &error_abort in these places, changing
the behavior from exit(1) to abort(), and thus undoing the work of
commit 3922825 "exec: Don't abort when we can't allocate guest
memory".

The previous commit fixed up uses of memory_region_init_ram().  One of
them was replaced by memory_region_init_resizeable_ram() [sic!] in
commit a166614, so Coccinelle missed it.  Fix it up.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1441983105-26376-4-git-send-email-armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
9 years agoFix bad error handling after memory_region_init_ram()
Markus Armbruster [Fri, 11 Sep 2015 14:51:43 +0000 (16:51 +0200)]
Fix bad error handling after memory_region_init_ram()

Symptom:

    $ qemu-system-x86_64 -m 10000000
    Unexpected error in ram_block_add() at /work/armbru/qemu/exec.c:1456:
    upstream-qemu: cannot set up guest memory 'pc.ram': Cannot allocate memory
    Aborted (core dumped)

Root cause: commit ef701d7 screwed up handling of out-of-memory
conditions.  Before the commit, we report the error and exit(1), in
one place, ram_block_add().  The commit lifts the error handling up
the call chain some, to three places.  Fine.  Except it uses
&error_abort in these places, changing the behavior from exit(1) to
abort(), and thus undoing the work of commit 3922825 "exec: Don't
abort when we can't allocate guest memory".

The three places are:

* memory_region_init_ram()

  Commit 4994653 (right after commit ef701d7) lifted the error
  handling further, through memory_region_init_ram(), multiplying the
  incorrect use of &error_abort.  Later on, imitation of existing
  (bad) code may have created more.

* memory_region_init_ram_ptr()

  The &error_abort is still there.

* memory_region_init_rom_device()

  Doesn't need fixing, because commit 33e0eb5 (soon after commit
  ef701d7) lifted the error handling further, and in the process
  changed it from &error_abort to passing it up the call chain.
  Correct, because the callers are realize() methods.

Fix the error handling after memory_region_init_ram() with a
Coccinelle semantic patch:

    @r@
    expression mr, owner, name, size, err;
    position p;
    @@
            memory_region_init_ram(mr, owner, name, size,
    (
    -                              &error_abort
    +                              &error_fatal
    |
                                   err@p
    )
                                  );
    @script:python@
        p << r.p;
    @@
    print "%s:%s:%s" % (p[0].file, p[0].line, p[0].column)

When the last argument is &error_abort, it gets replaced by
&error_fatal.  This is the fix.

If the last argument is anything else, its position is reported.  This
lets us check the fix is complete.  Four positions get reported:

* ram_backend_memory_alloc()

  Error is passed up the call chain, ultimately through
  user_creatable_complete().  As far as I can tell, it's callers all
  handle the error sanely.

* fsl_imx25_realize(), fsl_imx31_realize(), dp8393x_realize()

  DeviceClass.realize() methods, errors handled sanely further up the
  call chain.

We're good.  Test case again behaves:

    $ qemu-system-x86_64 -m 10000000
    qemu-system-x86_64: cannot set up guest memory 'pc.ram': Cannot allocate memory
    [Exit 1 ]

The next commits will repair the rest of commit ef701d7's damage.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1441983105-26376-3-git-send-email-armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
9 years agoerror: New error_fatal
Markus Armbruster [Fri, 11 Sep 2015 14:51:42 +0000 (16:51 +0200)]
error: New error_fatal

Similar to error_abort, but doesn't report where the error was
created, and terminates the process with exit(1) rather than abort().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1441983105-26376-2-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
9 years agoMAINTAINERS: Add "Error reporting" entry
Markus Armbruster [Sat, 12 Sep 2015 11:29:56 +0000 (13:29 +0200)]
MAINTAINERS: Add "Error reporting" entry

Error reporting work has been flowing through my tree for a while.
Time for MAINTAINERS to catch up.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1442057396-21989-1-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
9 years agoerror: Copy location information in error_copy()
Eric Blake [Thu, 10 Sep 2015 16:34:50 +0000 (10:34 -0600)]
error: Copy location information in error_copy()

Commit 1e9b65bb forgot to propagate source information to copied
errors.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1441902890-23064-1-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
9 years agohmp: Allow for error message hints on HMP
Eric Blake [Thu, 10 Sep 2015 16:19:16 +0000 (10:19 -0600)]
hmp: Allow for error message hints on HMP

Commits 7216ae3d and d2828429 disabled some error message hints,
all because a change to use modern error reporting meant that the
hint would be output prior to the actual error.  Fix this by making
hints a first-class member of Error.

For example, we are now back to the pleasant:

 $ qemu-system-x86_64 --nodefaults -S --vnc :0 --chardev null,id=,
 qemu-system-x86_64: --chardev null,id=,: Parameter 'id' expects an identifier
 Identifiers consist of letters, digits, '-', '.', '_', starting with a letter.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1441901956-21991-1-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
9 years agoerror: only prepend timestamp on stderr
Stefan Hajnoczi [Mon, 10 Aug 2015 13:15:41 +0000 (14:15 +0100)]
error: only prepend timestamp on stderr

The -msg timestamp=on option prepends a timestamp to error messages.
This is useful on stderr where it allows users to identify when an error
was raised.

Timestamps do not make sense on the monitor since error_report() is
called in response to a synchronous monitor command and the user already
knows "when" the command was issued.  Additionally, the rest of the
monitor conversation lacks timestamps so the error timestamp cannot be
correlated with other activity.

Only prepend timestamps on stderr.  This fixes libvirt's 'drive_del'
processing, which did not expect a timestamp.  Other QEMU monitor
clients are probably equally confused by timestamps on monitor error
messages.

Cc: Markus Armbruster <armbru@redhat.com>
Cc: Seiji Aguchi <seiji.aguchi@hds.com>
Cc: Frank Schreuder <fschreuder@transip.nl>
Cc: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <1439212541-16997-1-git-send-email-stefanha@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Tested-by: Frank Schreuder <fschreuder@transip.nl>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
9 years agoMerge remote-tracking branch 'remotes/lalrae/tags/mips-20150918' into staging
Peter Maydell [Fri, 18 Sep 2015 11:55:27 +0000 (12:55 +0100)]
Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150918' into staging

MIPS patches 2015-09-18

Changes:
* fixes for rdhwr, tlbwr, mtc0, recip.fmt, rsqrt.fmt and daui instructions
* removal of MIPS_DEBUG code
* use tcg_gen_extrh_i64_i32()
* improve random tlb index generation in cpu_mips_get_random()
* exception handling improvements to correctly restore icount

# gpg: Signature made Fri 18 Sep 2015 12:15:28 BST using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"

* remotes/lalrae/tags/mips-20150918:
  target-mips: improve exception handling
  target-mips: correct MTC0 instruction on MIPS64
  target-mips: add missing restriction in DAUI instruction
  target-mips: fix corner case in TLBWR causing QEMU to hang
  pic32: use LCG algorithm for generated random index of TLBWR instruction
  target-mips: get rid of MIPS_DEBUG_SIGN_EXTENSIONS
  target-mips: get rid of MIPS_DEBUG
  target-mips: Fix RDHWR on CP0.Count
  target-mips: remove wrong checks for recip.fmt and rsqrt.fmt
  target-mips: Use tcg_gen_extrh_i64_i32

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agotarget-mips: improve exception handling
Pavel Dovgaluk [Fri, 10 Jul 2015 09:57:08 +0000 (12:57 +0300)]
target-mips: improve exception handling

This patch improves exception handling in MIPS.
Instructions generate several types of exceptions.
When exception is generated, it breaks the execution of the current
translation block. Implementation of the exceptions handling does not
correctly restore icount for the instruction which caused the exception.
In most cases icount will be decreased by the value equal to the size of
TB. This patch passes pointer to the translation block internals to the
exception handler. It allows correct restoring of the icount value.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
[leon.alrae@imgtec.com: avoid retranslation in linux-user SC, break lines
 which are over 80 chars, remove v3 changelog from the commit message]
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
9 years agotarget-mips: correct MTC0 instruction on MIPS64
Leon Alrae [Wed, 9 Sep 2015 11:44:25 +0000 (12:44 +0100)]
target-mips: correct MTC0 instruction on MIPS64

MTC0 on a 64-bit processor should move entire 64-bit GPR content to CP0
register.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
9 years agotarget-mips: add missing restriction in DAUI instruction
Leon Alrae [Wed, 9 Sep 2015 13:45:36 +0000 (14:45 +0100)]
target-mips: add missing restriction in DAUI instruction

rs cannot be the zero register, Reserved Instruction exception must be
signalled for this case.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
9 years agotarget-mips: fix corner case in TLBWR causing QEMU to hang
Leon Alrae [Thu, 10 Sep 2015 09:15:28 +0000 (10:15 +0100)]
target-mips: fix corner case in TLBWR causing QEMU to hang

cpu_mips_get_random() function is used to generate a random index from
CP0.Wired to TLBSize-1 range. Current implementation avoids generating
the same as before value, hence the while loop. If the guest sets
CP0.Wired to TLBSize-1 (which actually does not sound to be very
practical) QEMU will get stuck in the loop infinitely as we always
generate the same index.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
9 years agopic32: use LCG algorithm for generated random index of TLBWR instruction
Serge Vakulenko [Mon, 6 Jul 2015 06:14:50 +0000 (23:14 -0700)]
pic32: use LCG algorithm for generated random index of TLBWR instruction

The LFSR algorithm, used for generating random TLB indexes for TLBWR
instruction, was inclined to produce a degenerate sequence in some cases.
For example, for 16-entry TLB size and Wired=1, it gives: 15, 6, 7, 2,
7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2...
When replaced with LCG algorithm from ISO/IEC 9899 standard, the sequence
looks much better, with about the same computational effort needed.

Signed-off-by: Serge Vakulenko <serge.vakulenko@gmail.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
9 years agotarget-mips: get rid of MIPS_DEBUG_SIGN_EXTENSIONS
Aurelien Jarno [Sun, 13 Sep 2015 21:07:59 +0000 (23:07 +0200)]
target-mips: get rid of MIPS_DEBUG_SIGN_EXTENSIONS

MIPS_DEBUG_SIGN_EXTENSIONS was used sometimes ago to verify that 32-bit
instructions correctly sign extend their results. It's now not need
anymore, remove it.

Cc: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
9 years agotarget-mips: get rid of MIPS_DEBUG
Aurelien Jarno [Sun, 13 Sep 2015 21:07:58 +0000 (23:07 +0200)]
target-mips: get rid of MIPS_DEBUG

MIPS_DEBUG is a define used to dump the instruction disassembling. It
has to be defined at compile time. In practice I believe it's more
efficient to just look at the instruction disassembly and op dump using
-d in_asm,op. This patch therefore removes the corresponding code, which
clutters translate.c.

Cc: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
9 years agotarget-mips: Fix RDHWR on CP0.Count
Alex Smith [Tue, 8 Sep 2015 10:34:11 +0000 (11:34 +0100)]
target-mips: Fix RDHWR on CP0.Count

For RDHWR on the CP0.Count register, env->CP0_Count was being returned.
This value is a delta against the QEMU_CLOCK_VIRTUAL clock, not the
correct current value of CP0.Count. Use cpu_mips_get_count() instead.

Signed-off-by: Alex Smith <alex.smith@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
9 years agotarget-mips: remove wrong checks for recip.fmt and rsqrt.fmt
Petar Jovanovic [Wed, 26 Aug 2015 12:12:20 +0000 (14:12 +0200)]
target-mips: remove wrong checks for recip.fmt and rsqrt.fmt

Instructions recip.{s|d} and rsqrt.{s|d} do not require 64-bit FPU neither
they require any particular mode for its FPU. This patch removes the checks
that may break a program that uses these instructions.

Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
9 years agotarget-mips: Use tcg_gen_extrh_i64_i32
Richard Henderson [Wed, 2 Sep 2015 22:50:14 +0000 (15:50 -0700)]
target-mips: Use tcg_gen_extrh_i64_i32

We can tidy gen_load_fpr32h, as well as introduce a helper
to cleanup the MACC instructions.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
9 years agoide: unify io_buffer_offset increments
John Snow [Thu, 17 Sep 2015 18:17:04 +0000 (14:17 -0400)]
ide: unify io_buffer_offset increments

IDEState's io_buffer_offset was originally added to keep track of offsets
in AHCI rather exclusively, but it was added to IDEState instead of an
AHCI-specific structure.

AHCI fakes all PIO transfers using DMA and a scatter-gather list. When
the core or atapi layers invoke HBA-specific mechanisms for transfers,
they do not always know that it is being backed by DMA or a sglist, so
this offset is not always updated by the HBA code everywhere.

If we modify it in dma_buf_commit, however, any HBA that needs to use
this offset to manage operating on only part of a sglist will have
access to it.

This will fix ATAPI PIO transfers performed through the AHCI HBA,
which were previously not modifying this value appropriately.

This will fix ATAPI PIO transfers larger than one sector.

Reported-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1440546331-29087-2-git-send-email-jsnow@redhat.com
CC: qemu-stable@nongnu.org
9 years agotarget-cris: update CPU state save/load to use VMStateDescription
Juan Quintela [Fri, 4 May 2012 10:54:34 +0000 (12:54 +0200)]
target-cris: update CPU state save/load to use VMStateDescription

Update the CRIS CPU state save/load to use a VMStateDescription struct
rather than cpu_save/cpu_load functions.

Have to define TLBSet struct.
Multidimensional arrays in C are a mess, just unroll them.

Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM:
 * expand commit message a little since it's no longer one patch in
   a 35-patch series
 * add header/copyright comment to machine.c; credited copyright is
   Red Hat and author is Juan, since this commit gives the file all-new
   contents; license is LGPL-2-or-later, to match other target-cris code
 * remove hardcoded tab
 * add fields for locked_irq, interrupt_vector, fault_vector, trap_vector
 * drop minimum_version_id_old fields
 * bump version_id to 2 as we are not compatible with old state format
 * remove unnecessary hw/boards.h include
 * update to register via dc->vmsd]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
9 years agoMerge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
Peter Maydell [Thu, 17 Sep 2015 12:07:50 +0000 (13:07 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging

# gpg: Signature made Thu 17 Sep 2015 12:43:56 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/net-pull-request:
  net: smc91c111: flush packets on RCR register changes
  net: smc91c111: gate can_receive() on rx FIFO having a slot
  net: smc91c111: guard flush_queued_packets() on can_rx()
  MAINTAINERS: Stefan will not maintain net subsystem

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agonet: smc91c111: flush packets on RCR register changes
Peter Crosthwaite [Fri, 11 Sep 2015 04:24:12 +0000 (21:24 -0700)]
net: smc91c111: flush packets on RCR register changes

The SOFT_RST or RXEN in the control register can be used as a condition
to unblock the net layer via can_receive(). So check for possible
flushes on RCR changes. This will drop all pending packets on soft
reset or disable which is the functional intent of the can_receive()
logic.

Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Message-id: b114d4c96f4afbdaa15f1361d9c07e3021755915.1441873621.git.crosthwaite.peter@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 years agonet: smc91c111: gate can_receive() on rx FIFO having a slot
Peter Crosthwaite [Fri, 11 Sep 2015 04:23:57 +0000 (21:23 -0700)]
net: smc91c111: gate can_receive() on rx FIFO having a slot

Return false from can_receive() when the FIFO doesn't have a free RX
slot. This fixes a bug in the current code where the allocated buffer
is freed before the fifo pop, triggering a premature flush of queued RX
packets. It also will handle a corner case, where the guest manually
frees the allocated buffer before popping the rx FIFO (hence it is not
enough to just delay the flush_queued_packets()).

Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Message-id: 97bfdfc5cbce0bd5e0cbbbff35ce7a1bf6f8603d.1441873621.git.crosthwaite.peter@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 years agonet: smc91c111: guard flush_queued_packets() on can_rx()
Peter Crosthwaite [Fri, 11 Sep 2015 04:23:43 +0000 (21:23 -0700)]
net: smc91c111: guard flush_queued_packets() on can_rx()

Check that the core can once again receive packets before asking the
net layer to do a flush. This will make it more convenient to flush
packets when adding new conditions to can_receive.

Add missing if braces while moving the can_receive() core code.

Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Message-id: 92e15e12a6964274f4bc0eb71b61a7d94326f6c6.1441873621.git.crosthwaite.peter@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 years agoMerge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Peter Maydell [Wed, 16 Sep 2015 17:06:54 +0000 (18:06 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Linux header update and cleanup
* Support for HyperV crash report
* Cleanup of target-specific HMP commands
* Multiarch batch
* Checkpatch fix for Perl 5.22
* NBD fix
* Revert incorrect commit 5243722376

# gpg: Signature made Wed 16 Sep 2015 16:39:01 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream: (24 commits)
  nbd: release exp->blk after all clients are closed
  checkpatch: Escape left braces in regex
  monitor: uninclude cpu_ldst
  include/exec: Move cputlb exec.c defs out
  cputlb: Change tlb_set_dirty() arg to cpu
  cputlb: move CPU_LOOP() for tlb_reset() to exec.c
  translate: move real_host_page setting to -common
  tcg: Move tci_tb_ptr to -common
  tcg: split tcg_op_defs to -common
  translate-all: Move tcg_handle_interrupt() to -common
  cpu-exec: Migrate some generic fns to cpu-exec-common
  qemu-char: Use g_new() & friends where that makes obvious sense
  monitor: added generation of documentation for hmp-commands-info.hx
  hmp-commands.hx: fix end of table info
  monitor: remove target-specific code from monitor.c
  hmp-commands-info: move info_cmds content out of monitor.c
  i386/kvm: Hyper-v crash msrs set/get'ers and migration
  kvm: Add kvm system event crash handler
  cpu: Add crash_occurred flag into CPUState
  target-i386: move asm-x86/hyperv.h to standard-headers
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agonbd: release exp->blk after all clients are closed
Wen Congyang [Wed, 16 Sep 2015 08:35:46 +0000 (16:35 +0800)]
nbd: release exp->blk after all clients are closed

If the socket fd is shutdown, there may be some data which is received before
shutdown. We will read the data and do read/write in nbd_trip(). But the exp's
blk is NULL, and it will cause qemu crashed.

Reported-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Message-Id: <55F929E2.1020501@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agocheckpatch: Escape left braces in regex
Fam Zheng [Fri, 11 Sep 2015 11:07:36 +0000 (19:07 +0800)]
checkpatch: Escape left braces in regex

Latest perl now deprecates "{" literal in regex and print warnings like
"unescaped left brace in regex is deprecated".  Add escape to keep it
happy.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1441969656-2640-1-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agomonitor: uninclude cpu_ldst
Peter Crosthwaite [Fri, 11 Sep 2015 05:39:45 +0000 (22:39 -0700)]
monitor: uninclude cpu_ldst

This header is non-needed anymore and wont work in multi-arch where
this service is not provided to core code.

Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <4e96622ab5320603829b6f94b8c4e94d573d34fc.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoinclude/exec: Move cputlb exec.c defs out
Peter Crosthwaite [Fri, 11 Sep 2015 05:39:43 +0000 (22:39 -0700)]
include/exec: Move cputlb exec.c defs out

Move the architecture agnostic function prototypes for exec.c out of
cputlb.h to exec-all.h. This allows hiding of the arch specific
cputlb.h from exec.c which should be getting close to having no
architecture specifics. Prepares support for multi-arch, which will have
a minimal cpu.h that services exec.c but not cputlb.h.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <b4fe754c58c860315e35d44430c26b1c967ce2c9.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agocputlb: Change tlb_set_dirty() arg to cpu
Peter Crosthwaite [Fri, 11 Sep 2015 05:39:42 +0000 (22:39 -0700)]
cputlb: Change tlb_set_dirty() arg to cpu

Change tlb_set_dirty() to accept a CPU instead of an env pointer. This
allows for removal of another CPUArchState usage from prototypes that
need to be QOMified.

Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <d2b1dcbe7945112989861d8ba7369449c11cc273.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agocputlb: move CPU_LOOP() for tlb_reset() to exec.c
Peter Crosthwaite [Fri, 11 Sep 2015 05:39:41 +0000 (22:39 -0700)]
cputlb: move CPU_LOOP() for tlb_reset() to exec.c

To prepare for multi-arch, cputlb.c should only have awareness of one
single architecture. This means it should not have access to the full
CPU lists which may be heterogeneous. Instead, push the CPU_LOOP() up
to the one and only caller in exec.c.

Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <db06dc6c49f8970caaf116d0385f00ee10a56f2f.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agotranslate: move real_host_page setting to -common
Peter Crosthwaite [Fri, 11 Sep 2015 05:39:36 +0000 (22:39 -0700)]
translate: move real_host_page setting to -common

Move the size and mask globals for the "real" host page size to
translate-common. This is to allow system-level code to use
REAL_HOST_PAGE_ALIGN and friends in builds which hide translate-all
behind arch-obj.

Cc: dgilbert@redhat.com
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <b437638691f044bc690a7f03b1240c8b0f34ab57.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agotcg: Move tci_tb_ptr to -common
Peter Crosthwaite [Fri, 11 Sep 2015 05:39:35 +0000 (22:39 -0700)]
tcg: Move tci_tb_ptr to -common

This requires global visibility to common code. Move to tcg-common.

Cc: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <cb0340eba225ab4945aa6cf7c9013f33aa05bcf8.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agotcg: split tcg_op_defs to -common
Peter Crosthwaite [Fri, 11 Sep 2015 05:39:34 +0000 (22:39 -0700)]
tcg: split tcg_op_defs to -common

tcg_op_defs (and the _max) are both needed by the TCI disassembler. For
multi-arch, tcg.c will be multiple-compiled (arch-obj) with its symbols
hidden from common code. So split the definition off to new file,
tcg-common.c which will remain a regular obj-y for use by both the TCI
disas as well as the multiple tcg.c's.

Cc: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <4b607425886d85aee65878e4935dfad46b3e6085.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agotranslate-all: Move tcg_handle_interrupt() to -common
Peter Crosthwaite [Fri, 11 Sep 2015 05:39:33 +0000 (22:39 -0700)]
translate-all: Move tcg_handle_interrupt() to -common

Move this function to common code. It has no arch specific
dependencies. Prepares support for multi-arch where the translate-all
interface needs to be virtualised. One less thing to virtualise.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <44a7c73604ed2552af47ed02b047b6a772b683e0.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agocpu-exec: Migrate some generic fns to cpu-exec-common
Peter Crosthwaite [Fri, 11 Sep 2015 05:39:31 +0000 (22:39 -0700)]
cpu-exec: Migrate some generic fns to cpu-exec-common

The goal is to split the functions such that cpu-exec is CPU specific
content, while cpus-exec-common.c is generic code only. The function
interface to cpu-exec needs to be virtualised to prepare support for
multi-arch and moving these definitions out saves bloating the QOM
interface. So move these definitions out of cpu-exec to a new module,
cpu-exec-common.

Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <3cefeb3fbbb33031670951a0e74de2778529da3f.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoqemu-char: Use g_new() & friends where that makes obvious sense
Markus Armbruster [Mon, 14 Sep 2015 11:54:03 +0000 (13:54 +0200)]
qemu-char: Use g_new() & friends where that makes obvious sense

g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
for two reasons.  One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

This commit only touches allocations with size arguments of the form
sizeof(T).  Same Coccinelle semantic patch as in commit b45c03f.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1442231643-23630-1-git-send-email-armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agomonitor: added generation of documentation for hmp-commands-info.hx
Pavel Butsykin [Thu, 10 Sep 2015 15:39:01 +0000 (18:39 +0300)]
monitor: added generation of documentation for hmp-commands-info.hx

It will be easier if you need to add info-commands to edit
only hmp-commands-info.hx, before this had to edit monitor.c and
hmp-commands.hx.

From the build point of view all documentation is saved into
qemu-monitor-info.texi which from now on is used for all user
documentation building.

Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <1441899541-1856-5-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agohmp-commands.hx: fix end of table info
Pavel Butsykin [Thu, 10 Sep 2015 15:39:00 +0000 (18:39 +0300)]
hmp-commands.hx: fix end of table info

The table info(information about the system state) closes earlier
and some of its elements are outside(trace-events, rocker, etc). This
can be confusing and lead to additional bugs.

Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <1441899541-1856-4-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agomonitor: remove target-specific code from monitor.c
Pavel Butsykin [Thu, 10 Sep 2015 15:38:59 +0000 (18:38 +0300)]
monitor: remove target-specific code from monitor.c

Move target-specific code out of /monitor.c to /target-*/monitor.c,
this will avoid code cluttering and using random ifdeffery.  The solution
is quite simple, but solves the issue of the separation of target-specific
code from monitor.

Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <1441899541-1856-3-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agohmp-commands-info: move info_cmds content out of monitor.c
Pavel Butsykin [Thu, 10 Sep 2015 15:38:58 +0000 (18:38 +0300)]
hmp-commands-info: move info_cmds content out of monitor.c

For moving target- and device-specific code  from monitor.c,
to beginning we move info_cmds content to hmp-commands-info.hx

Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <1441899541-1856-2-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoi386/kvm: Hyper-v crash msrs set/get'ers and migration
Andrey Smetanin [Wed, 9 Sep 2015 12:41:30 +0000 (14:41 +0200)]
i386/kvm: Hyper-v crash msrs set/get'ers and migration

KVM Hyper-V based guests can notify hypervisor about
occurred guest crash by writing into Hyper-V crash MSR's.
This patch does handling and migration of HV_X64_MSR_CRASH_P0-P4,
HV_X64_MSR_CRASH_CTL msrs. User can enable these MSR's by
'hv-crash' option.

Signed-off-by: Andrey Smetanin <asmetanin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Andreas Färber <afaerber@suse.de>
Message-Id: <1435924905-8926-13-git-send-email-den@openvz.org>
[Folks, stop abrviating variable names!!! Also fix compilation on
 non-Linux/x86. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: Add kvm system event crash handler
Andrey Smetanin [Fri, 3 Jul 2015 12:01:43 +0000 (15:01 +0300)]
kvm: Add kvm system event crash handler

KVM kernel can send guest crash events into userspace.
Appropriate guest crash handler is called when kernel guest
crash event received. Guest crash event recognized by a
KVM_SYSTEM_EVENT_CRASH type of system event.

Signed-off-by: Andrey Smetanin <asmetanin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Andreas Färber <afaerber@suse.de>
Message-Id: <1435924905-8926-11-git-send-email-den@openvz.org>
[Rebase: add lock/unlock iothread around qemu_system_guest_panicked - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agocpu: Add crash_occurred flag into CPUState
Andrey Smetanin [Fri, 3 Jul 2015 12:01:44 +0000 (15:01 +0300)]
cpu: Add crash_occurred flag into CPUState

CPUState::crash_occurred field inside CPUState marks
that guest crash occurred. This value is added into
cpu common migration subsection.

Signed-off-by: Andrey Smetanin <asmetanin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Andreas Färber <afaerber@suse.de>
Message-Id: <1435924905-8926-12-git-send-email-den@openvz.org>
[Document the new field. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agotarget-i386: move asm-x86/hyperv.h to standard-headers
Paolo Bonzini [Wed, 9 Sep 2015 13:25:52 +0000 (15:25 +0200)]
target-i386: move asm-x86/hyperv.h to standard-headers

The Hyper-V definitions are an industry standard and can be used
from code that is not KVM-specific.

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoupdate-linux-headers: copy standard-headers files one by one
Paolo Bonzini [Wed, 9 Sep 2015 13:25:52 +0000 (15:25 +0200)]
update-linux-headers: copy standard-headers files one by one

cp_virtio is called for both the asm-s390/ and linux/ directories,
so it looks for pci_regs.h and input.h files in asm-s390/ too.  This
makes little sense.  In the next patch we will have the opposite
problem; we want to add asm-x86/hyperv.h, and there's also a
linux/hyperv.h file with unwanted dependencies on additional Linux
uapi headers.  We do not want to copy linux/hyperv.h.

The solution is to make cp_virtio (now renamed to cp_portable) copy
one file only, instead of using the "find" command, and call it multiple
times.  The new function is really just a reindentation of the old one.

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoupdate Linux headers to 4.3-rc1
Paolo Bonzini [Wed, 9 Sep 2015 12:50:17 +0000 (14:50 +0200)]
update Linux headers to 4.3-rc1

The update to 4.2 was reviewed by Michael S. Tsirkin and Cornelia
Huck.  The further update to 4.3-rc1 only touches KVM files.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agopci: remove Link Training error from AER error list
Paolo Bonzini [Thu, 10 Sep 2015 09:31:12 +0000 (11:31 +0200)]
pci: remove Link Training error from AER error list

The spec says:

    Undefined – The value read from this bit is
    undefined. In previous versions of this
    specification, this bit was used to indicate a Link
    Training Error. System software must ignore the
    value read from this bit. System software is
    permitted to write any value to this bit.

Do not allow injecting it.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoRevert "rcu: init rcu_registry_lock after fork"
Paolo Bonzini [Wed, 16 Sep 2015 12:26:59 +0000 (14:26 +0200)]
Revert "rcu: init rcu_registry_lock after fork"

This reverts commit 5243722376873a48e9852a58b91f4d4101ee66e4.
The patch forgot about rcu_sync_lock and was committed by mistake.

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoMerge remote-tracking branch 'remotes/rth/tags/pull-target-i386-20150915' into staging
Peter Maydell [Wed, 16 Sep 2015 15:19:49 +0000 (16:19 +0100)]
Merge remote-tracking branch 'remotes/rth/tags/pull-target-i386-20150915' into staging

Exception handling improvments from Pavel Dovgalyuk.

# gpg: Signature made Tue 15 Sep 2015 20:36:14 BST using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/pull-target-i386-20150915:
  target-i386: exception handling for other helper functions
  target-i386: exception handling for seg_helper functions
  target-i386: exception handling for memory helpers
  target-i386: exception handling for div instructions
  target-i386: exception handling for FPU instructions
  target-i386: introduce new raise_exception functions

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agoMAINTAINERS: Stefan will not maintain net subsystem
Jason Wang [Wed, 16 Sep 2015 03:05:30 +0000 (11:05 +0800)]
MAINTAINERS: Stefan will not maintain net subsystem

Talked with Stefan, he will not maintain net subsystem.

Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-id: 1442372730-11360-1-git-send-email-jasowang@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 years agotarget-i386: exception handling for other helper functions
Pavel Dovgalyuk [Fri, 10 Jul 2015 09:57:41 +0000 (12:57 +0300)]
target-i386: exception handling for other helper functions

This patch fixes exception handling for other helper functions.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>
9 years agotarget-i386: exception handling for seg_helper functions
Pavel Dovgalyuk [Fri, 10 Jul 2015 09:57:36 +0000 (12:57 +0300)]
target-i386: exception handling for seg_helper functions

This patch fixes exception handling for seg_helper functions.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>
9 years agotarget-i386: exception handling for memory helpers
Pavel Dovgalyuk [Fri, 10 Jul 2015 09:57:30 +0000 (12:57 +0300)]
target-i386: exception handling for memory helpers

This patch fixes exception handling for memory helpers
and removes obsolete PC update from translate.c.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>
9 years agotarget-i386: exception handling for div instructions
Pavel Dovgalyuk [Fri, 10 Jul 2015 09:57:25 +0000 (12:57 +0300)]
target-i386: exception handling for div instructions

This patch fixes exception handling for div instructions
and removes obsolete PC update from translate.c.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>
9 years agotarget-i386: exception handling for FPU instructions
Pavel Dovgalyuk [Fri, 10 Jul 2015 09:57:19 +0000 (12:57 +0300)]
target-i386: exception handling for FPU instructions

This patch fixes exception handling for FPU instructions
and removes obsolete PC update from translate.c.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>
9 years agotarget-i386: introduce new raise_exception functions
Pavel Dovgalyuk [Fri, 10 Jul 2015 09:57:13 +0000 (12:57 +0300)]
target-i386: introduce new raise_exception functions

This patch introduces new versions of raise_exception functions
that receive TB return address as an argument.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>
9 years agoMerge remote-tracking branch 'remotes/rth/tags/pull-tile-20150915' into staging
Peter Maydell [Tue, 15 Sep 2015 16:24:27 +0000 (17:24 +0100)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tile-20150915' into staging

TileGX basic instructions

# gpg: Signature made Tue 15 Sep 2015 15:57:08 BST using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/pull-tile-20150915: (35 commits)
  target-tilegx: Handle v1shl, v1shru, v1shrs
  target-tilegx: Handle v1shli, v1shrui
  target-tilegx: Handle v4int_l/h
  target-tilegx: Handle atomic instructions
  target-tilegx: Handle mtspr, mfspr
  target-tilegx: Handle v1cmpeq, v1cmpne
  target-tilegx: Handle mask instructions
  target-tilegx: Handle scalar multiply instructions
  target-tilegx: Handle conditional move instructions
  target-tilegx: Handle shift instructions
  target-tilegx: Handle bitfield instructions
  target-tilegx: Implement system and memory management instructions
  target-tilegx: Handle comparison instructions
  target-tilegx: Handle conditional branch instructions
  target-tilegx: Handle unconditional jump instructions
  target-tilegx: Handle post-increment load and store instructions
  target-tilegx: Handle basic load and store instructions
  target-tilegx: Handle most bit manipulation instructions
  target-arm: Use new revbit functions
  host-utils: Add revbit functions
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9 years agotarget-tilegx: Handle v1shl, v1shru, v1shrs
Richard Henderson [Mon, 24 Aug 2015 15:56:45 +0000 (08:56 -0700)]
target-tilegx: Handle v1shl, v1shru, v1shrs

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
9 years agotarget-tilegx: Handle v1shli, v1shrui
Richard Henderson [Mon, 24 Aug 2015 15:13:59 +0000 (08:13 -0700)]
target-tilegx: Handle v1shli, v1shrui

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
9 years agotarget-tilegx: Handle v4int_l/h
Richard Henderson [Mon, 24 Aug 2015 15:01:52 +0000 (08:01 -0700)]
target-tilegx: Handle v4int_l/h

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
9 years agotarget-tilegx: Handle atomic instructions
Richard Henderson [Mon, 24 Aug 2015 14:55:47 +0000 (07:55 -0700)]
target-tilegx: Handle atomic instructions

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>