review.tizen.org Git - sdk/emulator/qemu.git/log

spapr_pci: fix irq leak in RTAS ibm,change-msi

This RTAS call is used to request new interrupts or to free all interrupts.

If the driver has already allocated interrupts and asks again for a non-null
number of irqs, then the rtas_ibm_change_msi() function will silently leak
the previous interrupts.

It happens because xics_free() is only called when the driver releases all
interrupts (!req_num case). Note that the previously allocated spapr_pci_msi
is not leaked because the GHashTable is created with destroy functions and
g_hash_table_insert() hence frees the old value.

This patch makes sure any previously allocated MSIs are released when a
new allocation succeeds.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

spapr_pci: kill useless variable in rtas_ibm_change_msi()

The num local variable is initialized to zero and has no writer.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

spapr_rng: disable hotpluggability

It is currently possible to hotplug a spapr_rng device but QEMU crashes
when we try to hot unplug:

ERROR:hw/core/qdev.c:295:qdev_unplug: assertion failed: (hotplug_ctrl)
Aborted

This happens because spapr_rng isn't plugged to any bus and sPAPR does
not provide hotplug support for it: qdev_get_hotplug_handler() hence
return NULL and we hit the assertion.

And anyway, it doesn't make much sense to unplug this device since hcalls
cannot be unregistered. Even the idea of hotplugging a RNG device instead
of declaring it on the QEMU command line looks weird.

This patch simply disables hotpluggability for the spapr-rng class.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160226' into staging

target-arm queue:
* Clean up handling of bad mode switches writing to CPSR, and implement
   the ARMv8 requirement that they set PSTATE.IL
* Implement MDCR_EL3.TPM and MDCR_EL2.TPM traps on perf monitor
   register accesses
* Don't implement stellaris-pl061-only registers on generic-pl061
* Fix SD card handling for raspi
* Add missing include files to MAINTAINERS
* Mark CNTHP_TVAL_EL2 as ARM_CP_NO_RAW
* Make reserved ranges in ID_AA64* spaces RAZ, not UNDEF

# gpg: Signature made Fri 26 Feb 2016 15:19:07 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"

* remotes/pmaydell/tags/pull-target-arm-20160226:
  target-arm: Make reserved ranges in ID_AA64* spaces RAZ, not UNDEF
  target-arm: Mark CNTHP_TVAL_EL2 as ARM_CP_NO_RAW
  sdhci: add quirk property for card insert interrupt status on Raspberry Pi
  sdhci: Revert "add optional quirk property to disable card insertion/removal interrupts"
  MAINTAINERS: Add some missing ARM related header files
  raspi: fix SD card with recent sdhci changes
  ARM: PL061: Checking register r/w accesses to reserved area
  target-arm: Implement MDCR_EL3.TPM and MDCR_EL2.TPM traps
  target-arm: Fix handling of SDCR for 32-bit code
  target-arm: Make Monitor->NS PL1 mode changes illegal if HCR.TGE is 1
  target-arm: Make mode switches from Hyp via CPS and MRS illegal
  target-arm: In v8, make illegal AArch32 mode changes set PSTATE.IL
  target-arm: Forbid mode switch to Mon from Secure EL1
  target-arm: Add Hyp mode checks to bad_mode_switch()
  target-arm: Add comment about not implementing NSACR.RFR
  target-arm: In cpsr_write() ignore mode switches from User mode
  linux-user: Use restrictive mask when calling cpsr_write()
  target-arm: Raw CPSR writes should skip checks and bank switching
  target-arm: Add write_type argument to cpsr_write()
  target-arm: Give CPSR setting on 32-bit exception return its own helper

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/amit-migration/tags/migration-for-2.6-5' into staging

migration pull
- fix a qcow2 assert
- fix for older distros (CentOS 5)
- documentation for vmstate flags
- minor code rearrangement

# gpg: Signature made Fri 26 Feb 2016 15:15:15 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit-migration/tags/migration-for-2.6-5:
  migration (postcopy): move bdrv_invalidate_cache_all of of coroutine context
  migration (ordinary): move bdrv_invalidate_cache_all of of coroutine context
  migration/vmstate: document VMStateFlags
  MAINTAINERS: Add docs/migration.txt to the "Migration" section
  migration/postcopy-ram: Guard use of sys/eventfd.h with CONFIG_EVENTFD
  migration: reorder code to make it symmetric

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

migration (postcopy): move bdrv_invalidate_cache_all of of coroutine context

There is a possibility to hit an assert in qcow2_get_specific_info that
s->qcow_version is undefined. This happens when VM in starting from
suspended state, i.e. it processes incoming migration, and in the same
time 'info block' is called.

The problem is that qcow2_invalidate_cache() closes the image and
memset()s BDRVQcowState in the middle.

The patch moves processing of bdrv_invalidate_cache_all out of
coroutine context for postcopy migration to avoid that. This function
is called with the following stack:
  process_incoming_migration_co
  qemu_loadvm_state
  qemu_loadvm_state_main
  loadvm_process_command
  loadvm_postcopy_handle_run

Signed-off-by: Denis V. Lunev <den@openvz.org>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Juan Quintela <quintela@redhat.com>
CC: Amit Shah <amit.shah@redhat.com>
Message-Id: <1456304019-10507-3-git-send-email-den@openvz.org>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

migration (ordinary): move bdrv_invalidate_cache_all of of coroutine context

There is a possibility to hit an assert in qcow2_get_specific_info that
s->qcow_version is undefined. This happens when VM in starting from
suspended state, i.e. it processes incoming migration, and in the same
time 'info block' is called.

The problem is that qcow2_invalidate_cache() closes the image and
memset()s BDRVQcowState in the middle.

The patch moves processing of bdrv_invalidate_cache_all out of
coroutine context for standard migration to avoid that.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Fam Zheng <famz@redhat.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Juan Quintela <quintela@redhat.com>
CC: Amit Shah <amit.shah@redhat.com>
Message-Id: <1456304019-10507-2-git-send-email-den@openvz.org>

[Amit: Fix a use-after-free bug]

Signed-off-by: Amit Shah <amit.shah@redhat.com>

target-arm: Make reserved ranges in ID_AA64* spaces RAZ, not UNDEF

The v8 ARM ARM defines that unused spaces in the ID_AA64* system
register ranges are Reserved and must RAZ, rather than being UNDEF.
Implement this.

In particular, ARM v8.2 adds a new feature register ID_AA64MMFR2,
and newer versions of the Linux kernel will attempt to read this,
which causes them not to boot up on versions of QEMU missing this fix.

Since the encoding .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 6
is actually defined in ARMv8 (as ID_MMFR4), we give it an entry in
the ARMCPU struct so CPUs can override it, though since none do
this too will just RAZ.

Cc: qemu-stable@nongnu.org
Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1455890863-11203-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>

target-arm: Mark CNTHP_TVAL_EL2 as ARM_CP_NO_RAW

Mark CNTHP_TVAL_EL2 as ARM_CP_NO_RAW due to the register not
having any underlying state. This fixes an issue with booting
KVM enabled kernels when EL2 is on.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1456490739-19343-1-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

sdhci: add quirk property for card insert interrupt status on Raspberry Pi

This quirk is a workaround for the following hardware behaviour, on
which UEFI (specifically, the bootloader for Windows on Pi2) depends:

1. at boot with an SD card present, the interrupt status/enable
   registers are initially zero
2. upon enabling it in the interrupt enable register, the card insert
   bit in the interrupt status register is immediately set
3. after a subsequent controller reset, the card insert interrupt does
   not fire, even if enabled in the interrupt enable register

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1456436130-7048-3-git-send-email-Andrew.Baumann@microsoft.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

sdhci: Revert "add optional quirk property to disable card insertion/removal interrupts"

This reverts commit 723697551a7e926abe7d3c7f2966012b8075143d.

This change was poorly tested on my part. It squelched card insertion
interrupts on reset, but that was not necessary because sdhci_reset()
clears all the registers (via the call to memset), so the subsequent
sdhci_insert_eject_cb() call never sees the card insert interrupt
enabled. However, not calling the insert_eject_cb results in prnsts
remaining 0, when it actually needs to be updated to indicate card
presence and R/O status.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1456436130-7048-2-git-send-email-Andrew.Baumann@microsoft.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

MAINTAINERS: Add some missing ARM related header files

Some header files in the include/hw/arm/ directory can be assigned
to entries in the MAINTAINERS file.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1456399324-24259-1-git-send-email-thuth@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

raspi: fix SD card with recent sdhci changes

Recent changes to sdhci broke SD on raspi. This change mirrors
the logic to create the SD card device at the board level.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1456351128-5560-1-git-send-email-Andrew.Baumann@microsoft.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

ARM: PL061: Checking register r/w accesses to reserved area

pl061.c emulates two GPIO devices, ARM PL061 and TI Stellaris, which
share the same read/write functions (pl061_read and pl061_write).
However PL061 and Stellaris have different GPIO register definitions
and pl061_read()/pl061_write() doesn't check it. This patch enforces
checking on offset, preventing R/W into the reserved memory area.

Signed-off-by: Wei Huang <wei@redhat.com>
Message-id: 1455814580-17699-1-git-send-email-wei@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: Implement MDCR_EL3.TPM and MDCR_EL2.TPM traps

Implement the performance monitor register traps controlled
by MDCR_EL3.TPM and MDCR_EL2.TPM. Most of the performance
registers already have an access function to deal with the
user-enable bit, and the TPM checks can be added there. We
also need a new access function which only implements the
TPM checks for use by the few not-EL0-accessible registers
and by PMUSERENR_EL0 (which is always EL0-readable).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1455892784-11328-3-git-send-email-peter.maydell@linaro.org
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Acked-by: Alistair Francis <alistair.francis@xilinx.com>

target-arm: Fix handling of SDCR for 32-bit code

Fix two issues with our implementation of the SDCR:
* it is only present from ARMv8 onwards
* it does not contain several of the trap bits present in its 64-bit
counterpart the MDCR_EL3

Put the register description in the right place so that it does not
get enabled for ARMv7 and earlier, and give it a write function so that
we can mask out the bits which should not be allowed to have an effect
if EL3 is 32-bit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1455892784-11328-2-git-send-email-peter.maydell@linaro.org
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Acked-by: Alistair Francis <alistair.francis@xilinx.com>

target-arm: Make Monitor->NS PL1 mode changes illegal if HCR.TGE is 1

If HCR.TGE is 1 then mode changes via CPS and MSR from Monitor to
NonSecure PL1 modes are illegal mode changes. Implement this check
in bad_mode_switch().

(We don't currently implement HCR.TGE, but this is the only missing
check from the v8 ARM ARM G1.9.3 and so it's worth adding now; the
rest of the HCR.TGE checks can be added later as necessary.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1455556977-3644-12-git-send-email-peter.maydell@linaro.org

target-arm: Make mode switches from Hyp via CPS and MRS illegal

Mode switches from Hyp to any other mode via the CPS and MRS
instructions are illegal mode switches (though obviously switching
via exception return is valid). Add this check to bad_mode_switch().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1455556977-3644-11-git-send-email-peter.maydell@linaro.org

target-arm: In v8, make illegal AArch32 mode changes set PSTATE.IL

In v8, the illegal mode changes which are UNPREDICTABLE in v7 are
given architected behaviour:
* the mode field is unchanged
* PSTATE.IL is set (so any subsequent instructions will UNDEF)
* any other CPSR fields are written to as normal

This is pretty much the same behaviour we picked for our
UNPREDICTABLE handling, with the exception that for v8 we
need to set the IL bit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1455556977-3644-10-git-send-email-peter.maydell@linaro.org

target-arm: Forbid mode switch to Mon from Secure EL1

In v8 trying to switch mode to Mon from Secure EL1 is an
illegal mode switch. (In v7 this is impossible as all secure
modes except User are at EL3.) We can handle this case by
making a switch to Mon valid only if the current EL is 3,
which then gives the correct answer whether EL3 is AArch32
or AArch64.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1455556977-3644-9-git-send-email-peter.maydell@linaro.org

target-arm: Add Hyp mode checks to bad_mode_switch()

We don't actually support Hyp mode yet, but add the correct
checks for it to the bad_mode_switch() function for completeness.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1455556977-3644-8-git-send-email-peter.maydell@linaro.org

target-arm: Add comment about not implementing NSACR.RFR

QEMU doesn't implement the NSACR.RFR bit, which is a permitted
IMPDEF in choice in ARMv7 and the only permitted choice in ARMv8.
Add a comment to bad_mode_switch() to note that this is why
FIQ is always a valid mode regardless of the CPU's Secure state.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1455556977-3644-7-git-send-email-peter.maydell@linaro.org

target-arm: In cpsr_write() ignore mode switches from User mode

The only case where we can attempt a cpsr_write() mode switch from
User is from the gdbstub; all other cases are handled in the
calling code (notably translate.c). Architecturally attempts to
alter the mode bits from user mode are simply ignored (and not
treated as a bad mode switch, which in v8 sets CPSR.IL). Make
mode switches from User ignored in cpsr_write() as well, for
consistency.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1455556977-3644-6-git-send-email-peter.maydell@linaro.org

linux-user: Use restrictive mask when calling cpsr_write()

When linux-user code is calling cpsr_write(), use a restrictive
mask to ensure we are limiting the set of CPSR bits we update.
In particular, don't allow the mode bits to be changed.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1455556977-3644-5-git-send-email-peter.maydell@linaro.org

target-arm: Raw CPSR writes should skip checks and bank switching

Raw CPSR writes should skip the architectural checks for whether
we're allowed to set the A or F bits and should also not do
the switching of register banks if the mode changes. Handle
this inside cpsr_write(), which allows us to drop the "manually
set the mode bits to avoid the bank switch" code from all the
callsites which are using CPSRWriteRaw.

This fixes a bug in 32-bit KVM handling where we had forgotten
the "manually set the mode bits" part and could thus potentially
trash the register state if the mode from the last exit to userspace
differed from the mode on this exit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1455556977-3644-4-git-send-email-peter.maydell@linaro.org

target-arm: Add write_type argument to cpsr_write()

Add an argument to cpsr_write() to indicate what kind of CPSR
write is being requested, since the exact behaviour should
differ for the different cases.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1455556977-3644-3-git-send-email-peter.maydell@linaro.org

target-arm: Give CPSR setting on 32-bit exception return its own helper

The rules for setting the CPSR on a 32-bit exception return are
subtly different from those for setting the CPSR via an instruction
like MSR or CPS. (In particular, in Hyp mode changing the mode bits
is not valid via MSR or CPS.) Split the exception-return case into
its own helper for setting CPSR, so we can eventually handle them
differently in the helper function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1455556977-3644-2-git-send-email-peter.maydell@linaro.org

migration/vmstate: document VMStateFlags

The VMState API is rather sparsely documented. Start by describing the
meaning of all VMStateFlags.

Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Message-Id: <1456474693-11662-1-git-send-email-silbe@linux.vnet.ibm.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

MAINTAINERS: Add docs/migration.txt to the "Migration" section

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1456393669-20678-1-git-send-email-thuth@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

Merge remote-tracking branch 'remotes/lalrae/tags/mips-20160226' into staging

MIPS patches 2016-02-26

Changes:
* support for FPU and MSA in KVM guest
* support for R6 Virtual Processors

# gpg: Signature made Fri 26 Feb 2016 11:07:37 GMT using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"

* remotes/lalrae/tags/mips-20160226:
  target-mips: implement R6 multi-threading
  mips/kvm: Support MSA in MIPS KVM guests
  mips/kvm: Support FPU in MIPS KVM guests
  mips/kvm: Support signed 64-bit KVM registers
  mips/kvm: Support unsigned KVM registers
  mips/kvm: Implement Config CP0 registers
  mips/kvm: Implement PRid CP0 register
  mips/kvm: Remove a couple of noisy DPRINTFs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging

Update OpenBIOS images

# gpg: Signature made Fri 26 Feb 2016 10:45:04 GMT using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"

* remotes/mcayland/tags/qemu-openbios-signed:
Update OpenBIOS images

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Update OpenBIOS images

Update OpenBIOS images to SVN r1391 built from submodule.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

migration/postcopy-ram: Guard use of sys/eventfd.h with CONFIG_EVENTFD

sys/eventfd.h was being guarded only by a check for linux but does
not exist on older distributions like CentOS 5. Move the include
into the code that uses it and add an appropriate guard.

Signed-off-by: Matthew Fortune <matthew.fortune@imgtec.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <6D39441BF12EF246A7ABCE6654B023536BB85DEB@hhmail02.hh.imgtec.org>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

migration: reorder code to make it symmetric

In qemu_savevm_state_complete_precopy(), it iterates on each device to add
a json object and transfer related status to destination, while the order
of the last two steps could be refined.

Current order:

    json_start_object()
     save_section_header()
     vmstate_save()
    json_end_object()
     save_section_footer()

After the change:

    json_start_object()
     save_section_header()
     vmstate_save()
     save_section_footer()
    json_end_object()

This patch reorder the code to to make it symmetric. No functional change.

Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1454626230-16334-1-git-send-email-richard.weiyang@gmail.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

target-mips: implement R6 multi-threading

MIPS Release 6 provides multi-threading features which replace
pre-R6 MT Module. CP0.Config3.MT is always 0 in R6, instead there is new
CP0.Config5.VP (Virtual Processor) bit which indicates presence of
multi-threading support which includes CP0.GlobalNumber register and
DVP/EVP instructions.

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>

mips/kvm: Support MSA in MIPS KVM guests

Support the new KVM_CAP_MIPS_MSA capability, which allows MIPS SIMD
Architecture (MSA) to be exposed to the KVM guest.

The capability is enabled if the guest core has MSA according to its
Config3 register. Various config bits are now writeable so that KVM is
aware of the configuration (Config3.MSAP) and so that QEMU can
save/restore the guest modifiable bits (Config5.MSAEn). The MSACSR/MSAIR
registers and the MSA vector registers are now saved/restored. Since the
FP registers are a subset of the vector registers, they are omitted if
the guest has MSA.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>

mips/kvm: Support FPU in MIPS KVM guests

Support the new KVM_CAP_MIPS_FPU capability, which allows the host's FPU
to be exposed to the KVM guest.

The capability is enabled if the guest core has an FPU according to its
Config1 register. Various config bits are now writeable so that KVM is
aware of the configuration (Config1.FP) and so that QEMU can
save/restore the guest modifiable bits (Config5.FRE, Config5.UFR,
Config5.UFE). The FCSR/FIR registers and the floating point registers
are now saved/restored (depending on the FR mode bit).

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>

mips/kvm: Support signed 64-bit KVM registers

Rename kvm_mips_{get,put}_one_reg64() to kvm_mips_{get,put}_one_ureg64()
since they take an int64_t pointer, and add separate signed 64-bit
accessors. These will be used for double precision floating point
registers.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>

mips/kvm: Support unsigned KVM registers

Add KVM register access functions for the uint32_t type. This is
required for FP and MSA control registers, which are represented as
unsigned 32-bit integers.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>

mips/kvm: Implement Config CP0 registers

Implement saving and restoring to KVM state of the Config CP0 registers
(namely Config, Config1, Config2, Config3, Config4, and Config5). These
control the features available to a guest, and a few of the fields will
soon be writeable by a guest so QEMU needs to know about them so as not
to clobber them on migration/savevm.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>

mips/kvm: Implement PRid CP0 register

Implement saving and restoring to KVM state of the Processor ID (PRid)
CP0 register. This allows QEMU to control the PRid exposed to the guest
instead of using the default set by KVM.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>

mips/kvm: Remove a couple of noisy DPRINTFs

The DPRINTFs in cpu_mips_io_interrupts_pending() and kvm_arch_pre_run()
are particularly noisy during normal execution, and also not
particularly helpful. Remove them so that more important debug messages
can be more easily seen.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>

Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2016-02-25-tag' into staging

qemu-ga patch queue for 2.6

* fix w32 build breakage when VSS enabled
* fix up wchar handling in guest-set-user-password
* fix re-install handling for w32 MSI installer
* add w32 support for guest-get-vcpus
* add support for enums in guest-file-seek SEEK params
  instead of relying on platform-specific integer values

# gpg: Signature made Thu 25 Feb 2016 16:59:13 GMT using RSA key ID F108B584
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>"
# gpg:                 aka "Michael Roth <mdroth@utexas.edu>"
# gpg:                 aka "Michael Roth <mdroth@linux.vnet.ibm.com>"

* remotes/mdroth/tags/qga-pull-2016-02-25-tag:
  qga: fix w32 breakage due to missing osdep.h includes
  qga: check utf8-to-utf16 conversion
  qga: fix off-by-one length check
  qga: use wide-chars constants for wchar_t comparisons
  qga: use size_t for wcslen() return value
  qga: use more idiomatic qemu-style eol operators
  qga: implement the guest-get-vcpus for windows
  qemu-ga: Fixed minor version switch issue
  qga: Support enum names in guest-file-seek

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

qga: fix w32 breakage due to missing osdep.h includes

requester.h relied on qemu/compiler.h definitions to
handle GCC_FMT_ATTR() stub, but this include was removed as part
of scripted clean-ups via 30456d5:

all: Clean up includes

under the assumption that all C files would have included it via
qemu/osdep.h at that point. requester.cpp was likely missed
due to C++ files requiring manual/special handling as well as
VSS build options needing to be enabled to trigger build failures.

Fix this by including qemu/osdep.h. That in turn pulls in a
macro from qapi/error.h that conflicts with a struct field name
in requester.h, so fix that as well by renaming the field.

While we're at it, fix up provider.cpp/install.cpp to include
osdep.h as well.

Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

build: [bsd-user] Rename "syscall.h" to "target_syscall.h" in target directories

This fixes double-definitions in bsd-user builds when using the UST
tracing backend (which indirectly includes the system's "syscall.h").

Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

qga: check utf8-to-utf16 conversion

UTF8 to UTF16 conversion can fail for genuine reasons, let's check errors.

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qga: fix off-by-one length check

Laszlo Ersek said: "The length check is off by one (in the safe direction); it
should be (nchars >= 2). The processing should be active for the wide string
L"\r\n" -- resulting in the empty wide string --, I believe."

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qga: use wide-chars constants for wchar_t comparisons

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qga: use size_t for wcslen() return value

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qga: use more idiomatic qemu-style eol operators

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qga: implement the guest-get-vcpus for windows

Signed-off-by: Gal Hammer <ghammer@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
* report rather than assert when VCPU count == 0
* fix up subject: s/set-vcpus/get-vcpus/
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: Fixed minor version switch issue

With automatically generated GUID, on minor version changes, an error
occurred, stating that there is a problem with the installer.
Now, a notification is shown, warning the user that another version of
this product is already installed, and that configuration or removal of
the existing version is possible through Add/Remove Programs on the
Control Panel (expected behavior).

Signed-off-by: Leonid Bloch <leonid@daynix.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qga: Support enum names in guest-file-seek

Magic constants are a pain to use, especially when we run the
risk that our choice of '1' for QGA_SEEK_CUR might differ from
the host or guest's choice of SEEK_CUR.  Better is to use an
enum value, via a qapi alternate type for back-compatibility.

With this,
{"command":"guest-file-seek", "arguments":{"handle":1,
  "offset":0, "whence":"cur"}}
becomes a synonym for the older
{"command":"guest-file-seek", "arguments":{"handle":1,
  "offset":0, "whence":1}}

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Asynchronous dump-guest-memory from Peter
* improved logging with -D -daemonize from Dimitris
* more address_space_* optimization from Gonglei
* TCG xsave/xrstor thinko fix
* chardev bugfix and documentation patch

# gpg: Signature made Thu 25 Feb 2016 15:12:27 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream:
  target-i386: fix confusion in xcr0 bit position vs. mask
  chardev: Properly initialize ChardevCommon components
  memory: Remove unreachable return statement
  memory: optimize qemu_get_ram_ptr and qemu_ram_ptr_length
  exec: store RAMBlock pointer into memory region
  log: Redirect stderr to logfile if deamonized
  dump-guest-memory: add qmp event DUMP_COMPLETED
  Dump: add hmp command "info dump"
  Dump: add qmp command "query-dump"
  DumpState: adding total_size and written_size fields
  dump-guest-memory: add "detach" support
  dump-guest-memory: disable dump when in INMIGRATE state
  dump-guest-memory: introduce dump_process() helper function.
  dump-guest-memory: add dump_in_progress() helper function
  dump-guest-memory: using static DumpState, add DumpStatus
  dump-guest-memory: add "detach" flag for QMP/HMP interfaces.
  dump-guest-memory: cleanup: removing dump_{error|cleanup}().
  scripts/kvm/kvm_stat: Fix missing right parantheses and ".format(...)"
  qemu-options.hx: Improve documentation of chardev multiplexing mode

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-i386: fix confusion in xcr0 bit position vs. mask

The xsave and xrstor helpers are accessing the x86_ext_save_areas array
using a bit mask instead of a bit position. Provide two sets of XSTATE_*
definitions and use XSTATE_*_BIT when a bit position is requested.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

chardev: Properly initialize ChardevCommon components

Commit d0d7708b forgot to parse logging for spice chardevs and
virtual consoles. This requires making qemu_chr_parse_common()
non-static. While at it, use a temporary variable to make the
code shorter, as well as reduce the churn when a later patch
alters the layout of simple unions.

Signed-off-by: Eric Blake <eblake@redhat.com>
CC: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1455927587-28033-2-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

memory: Remove unreachable return statement

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1455935721-8804-4-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

memory: optimize qemu_get_ram_ptr and qemu_ram_ptr_length

these two functions consume too much cpu overhead to
find the RAMBlock by ram address.

After this patch, we can pass the RAMBlock pointer
to them so that they don't need to find the RAMBlock
anymore most of the time. We can get better performance
in address translation processing.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1455935721-8804-3-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

exec: store RAMBlock pointer into memory region

Each RAM memory region has a unique corresponding RAMBlock.
In the current realization, the memory region only stored
the ram_addr which means the offset of RAM address space,
We need to qurey the global ram.list to find the ram block
by ram_addr if we want to get the ram block, which is very
expensive.

Now, we store the RAMBlock pointer into memory region
structure. So, if we know the mr, we can easily get the
RAMBlock.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1456130097-4208-2-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-20160225' into staging

TriCore bugfixes and synchronous trap implementation

# gpg: Signature made Thu 25 Feb 2016 11:57:41 GMT using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"

* remotes/bkoppelmann/tags/pull-tricore-20160225:
  target-tricore: add opd trap generation
  target-tricore: add illegal opcode trap generation
  target-tricore: add context managment trap generation
  target-tricore: Add trap handling & SOVF/OVF traps
  target-tricore: Fix wrong precedences on psw_write
  target-tricore: fix save_context_upper using env->PSW

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

vhost, virtio, pci, pc

Fixes all over the place.
virtio dataplane migration support.
Old q35 machine types removed.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 25 Feb 2016 11:16:46 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream: (21 commits)
  q35: No need to check gigabyte_align
  q35: Remove unused q35-acpi-dsdt.aml file
  ich9: Remove enable_tco arguments from init functions
  machine: Remove no_tco field
  q35: Remove old machine versions
  tests/vhost-user-bridge: fix build on 32 bit systems
  vring: remove
  virtio-scsi: do not use vring in dataplane
  virtio-blk: do not use vring in dataplane
  virtio-blk: fix "disabled data plane" mode
  virtio: export vring_notify as virtio_should_notify
  virtio: add AioContext-specific function for host notifiers
  vring: make vring_enable_notification return void
  block-migration: acquire AioContext as necessary
  pci core: function pci_bus_init() cleanup
  pci core: function pci_host_bus_register() cleanup
  balloon: Use only 'pc-dimm' type dimm for ballooning
  virtio-balloon: rewrite get_current_ram_size()
  move get_current_ram_size to virtio-balloon.c
  vhost-user: don't merge regions with different fds
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-tricore: add opd trap generation

If an instruction uses a 64 bit register which consists of an even-odd pair
of 32 bit registers and if the register specifier in the instruction is
odd an opd trap is raised.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <1455889426-1923-5-git-send-email-kbastian@mail.uni-paderborn.de>

target-tricore: add illegal opcode trap generation

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <1455889426-1923-4-git-send-email-kbastian@mail.uni-paderborn.de>

target-tricore: add context managment trap generation

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <1455889426-1923-3-git-send-email-kbastian@mail.uni-paderborn.de>

target-tricore: Add trap handling & SOVF/OVF traps

Add the infrastructure needed to generate and handle traps and
implement the generation of SOVF and OVF traps.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <1455889426-1923-2-git-send-email-kbastian@mail.uni-paderborn.de>

target-tricore: Fix wrong precedences on psw_write

Wrong braces on the restore of the cached TCGv SV and V bit could lead to
a wrong PSW. While at this it removes unnecessary braces for the restore
of the cached TCGv AV and SAV bits.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>

target-tricore: fix save_context_upper using env->PSW

If the cached bits for C, V, SV, AV, or SAV were set, they would
not be saved during the context save since env->PSW was stored instead
of properly reading them using psw_read().

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>

Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20160225' into staging

Second pull req with getrandom fix

# gpg: Signature made Thu 25 Feb 2016 10:57:42 GMT using RSA key ID DE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg:                 aka "Riku Voipio <riku.voipio@linaro.org>"

* remotes/riku/tags/pull-linux-user-20160225:
  linux-user: add getrandom() syscall
  linux-user: correct timerfd_create syscall numbers
  linux-user: remove unavailable syscalls from aarch64
  linux-user: sync syscall numbers with kernel
  linux-user: Don't assert if guest tries shmdt(0)
  linux-user: set ppc64/ppc64le default CPU to POWER8
  build: [linux-user] Rename "syscall.h" to "target_syscall.h" in target directories
  linux-user: fix realloc size of target_fd_trans.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

q35: No need to check gigabyte_align

gigabyte_align is always true on q35, so we don't need the
!gigabyte_align compat code anymore.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

q35: Remove unused q35-acpi-dsdt.aml file

The file was used only by older machine-types, and it is not
needed anymore.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

ich9: Remove enable_tco arguments from init functions

The enable_tco arguments are always true, so they are not needed
anymore.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

machine: Remove no_tco field

The field is always set to zero, so it is not necessary anymore.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

q35: Remove old machine versions

Migration with q35 was not possible before commit
04329029a8c539eb5f75dcb6d8b016f0c53a031a, because q35
unconditionally creates an ich9-ahci device, that was marked as
unmigratable. So all q35 machine classes before pc-q35-2.4 were
not migratable, so there's no point in keeping compatibility code
for them.

Remove all old pc-q35 machine classes and keep only pc-q35-2.4
and newer.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

tests/vhost-user-bridge: fix build on 32 bit systems

Mainly casts between void * and uint64_t, and wrong
format for size_t.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

vring: remove

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio-scsi: do not use vring in dataplane

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio-blk: do not use vring in dataplane

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio-blk: fix "disabled data plane" mode

In disabled mode, virtio-blk dataplane seems to be enabled, but flow
actually goes through the normal virtio path.  This patch simplifies a bit
the handling of disabled mode.  In disabled mode, virtio_blk_handle_output
might be called even if s->dataplane is not NULL.

This is a bit tricky, because the current check for s->dataplane will
always trigger, causing a continuous stream of calls to
virtio_blk_data_plane_start.  Unfortunately, these calls will not
do anything.  To fix this, set the "started" flag even in disabled
mode, and skip virtio_blk_data_plane_start if the started flag is true.
The resulting changes also prepare the code for the next patch, were
virtio-blk dataplane will reuse the same virtio_blk_handle_output function
as "regular" virtio-blk.

Because struct VirtIOBlockDataPlane is opaque in virtio-blk.c, we have
to move s->dataplane->started inside struct VirtIOBlock.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio: export vring_notify as virtio_should_notify

Virtio dataplane needs to trigger the irq manually through the
guest notifier. Export virtio_should_notify so that it can be
used around event_notifier_set.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

virtio: add AioContext-specific function for host notifiers

This is used to register ioeventfd with a dataplane thread.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

vring: make vring_enable_notification return void

Make the API more similar to the regular virtqueue API. This will
help when modifying the code to not use vring.c anymore.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

block-migration: acquire AioContext as necessary

This is needed because dataplane will run during block migration as well.

The block device migration code is quite liberal in taking the iothread
mutex. For simplicity, keep it the same way, even though one could
actually choose between the BQL (for regular BlockDriverStates) and
the AioContext (for dataplane BlockDriverStates). When the block layer
is made fully thread safe, aio_context_acquire shall go away altogether.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>

pci core: function pci_bus_init() cleanup

remove unused param

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

pci core: function pci_host_bus_register() cleanup

remove unused param, and rename the other to a meaningful one.

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

balloon: Use only 'pc-dimm' type dimm for ballooning

For now there are only two dimm's: pc-dimm and nvdimm. This patch is
actually needed to disable ballooning on nvdimm. But, to avoid future
bugs, instead of disallowing nvdimm, we allow only pc-dimm. So, if
someone adds new dimm which should be balloon-able, then this ability
should be explicitly specified here.

Why ballooning for nvdimm should be disabled for now:

NVDIMM for now is planned to use as a backing store for DAX filesystem
in the guest and thus this memory is excluded from guest memory
management and LRUs.

In this case libvirt running QEMU along with configured balloon almost
immediately inflates balloon and effectively kill the guest as
qemu counts nvdimm as part of the ram.

Counting dimm devices as part of the ram for ballooning was started from
commit 463756d03:
virtio-balloon: Fix balloon not working correctly when hotplug memory

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

virtio-balloon: rewrite get_current_ram_size()

Use pc_dimm_built_list() instead of qmp_pc_dimm_device_list()

Actually, Qapi is not related to this internal helper.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160225' into staging

ppc patch queue for 2016-02-25

Hopefully final queue before qemu-2.6 soft freeze.  Currently
accumulated patches for target-ppc, pseries machine type and related
devices:
    * SLOF firmware update
        - Many new features, including virtio 1.0 non-legacy support
    * H_PAGE_INIT hypercall implementation
    * Small cleanups and bugfixes.

# gpg: Signature made Thu 25 Feb 2016 03:00:56 GMT using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.6-20160225:
  ppc/kvm: Tell the user what might be wrong when using bad CPU types with kvm-hv
  ppc/kvm: Use error_report() instead of cpu_abort() for user-triggerable errors
  spapr: initialize local Error pointer
  hw/ppc/spapr: Implement the h_page_init hypercall
  pseries: Update SLOF firmware image to 20160223

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

ppc/kvm: Tell the user what might be wrong when using bad CPU types with kvm-hv

Using a CPU type that does not match the host is not possible when using
the kvm-hv kernel module - the PVR is checked in the kernel function
kvm_arch_vcpu_ioctl_set_sregs_hv() and rejected with -EINVAL if it
does not match the host.
However, when the user tries to specify a non-matching CPU type, QEMU
currently only reports "kvm_init_vcpu failed: Invalid argument", and
this is of course not very helpful for the user to solve the problem.
So this patch adds a more descriptive error message that tells the
user to specify "-cpu host" instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
[Removed melodramatic '!' :)]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

ppc/kvm: Use error_report() instead of cpu_abort() for user-triggerable errors

Setting the KVM_CAP_PPC_PAPR capability can fail if either the KVM
kernel module does not support it, or if the specified vCPU type
is not a 64-bit Book3-S CPU type. For example, the user can trigger
it easily with "-M pseries -cpu G2leLS" when using the kvm-pr kernel
module. So the error should not be reported with cpu_abort() since
this function is rather meant for reporting programming errors than
reporting user-triggerable errors (it prints out all CPU registers
and then calls abort() to kills the program - two things that the
normal user does not expect here) . So let's use error_report() with
exit(1) here instead.
A similar problem exists in the code that sets the KVM_CAP_PPC_EPR
capability, so while we're at it, fix that, too.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

spapr: initialize local Error pointer

This fixes a crash in the target QEMU during migration.

Broken in commit c5f54f3.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[reworded commit message]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

hw/ppc/spapr: Implement the h_page_init hypercall

This hypercall either initializes a page with zeros, or copies
another page.
According to LoPAPR, the i-cache of the page should also be
flushed if using H_ICACHE_INVALIDATE or H_ICACHE_SYNCHRONIZE,
and the d-cache should be synchronized to the RAM if the
H_ICACHE_SYNCHRONIZE flag is used. For this, two new functions
are introduced, kvmppc_dcbst_range() and kvmppc_icbi()_range, which
use the corresponding assembler instructions to flush the caches
if running with KVM on Power. If the code runs with TCG instead,
the code only uses tb_flush(), assuming that this will be
enough for synchronization.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

pseries: Update SLOF firmware image to 20160223

The main change is virtio 1.0 support.

The complete changelog is:
  > dhcp: fix warning messages when calling strtoip()
  > virtio-scsi: enable virtio 1.0
  > virtio-scsi: use virtio_fill desc api
  > virtio-scsi: use idx during initialization
  > virtio-net: enable virtio 1.0
  > virtio-blk: enable virtio 1.0
  > virtio: 1.0 helper to read 16/32/64 bit value
  > virtio: add and enable 1.0 device setup
  > virtio: 1.0 guest features negotiation
  > virtio: update features set/get register accessor
  > virtio: make all virtio apis 1.0 aware
  > virtio: add 64-bit virtio helpers for 1.0
  > virtio: add virtio 1.0 related struct and defines
  > virtio: get rid of type variable in virtio_device
  > virtio-net: move setup-mac to the open routine
  > virtio-net: make net_hdr_size a variable
  > virtio-net: replace vq array with vq_{tx,rx}
  > virtio-net: use virtio_fill_desc
  > virtio-{net,blk,scsi,9p}: use status variable
  > virtio-blk: add helpers for filling descriptors
  > virtio-{blk,9p}: enable resetting the device
  > virtio: introduce helper for initializing virt queue
  > virtio: fix code style/design issues.
  > fix code style in byteorder.h
  > pci: add byte read/write helper routines
  > virtio-net: fix gcc warnings (-Wextra)
  > virtio-blk: fix gcc warnings (-Wextra)
  > readme: Add a note about coding style
  > dhcp: Remove duplicated strtoip()
  > ethernet: Fix gcc warnings
  > net-snk: Fix gcc warnings
  > net-snk: Fix coding style
  > net-snk: Fix memory leak in dhcp6_process_options()
  > net-snk: Fix memory leak in ip6_to_multicast_mac() / send_ipv6()
  > net-snk: Remove bad NEIGHBOUR_SOLICITATION code in send_ipv6()
  > Fix dma-alloc and dma-map-in functions on board-js2x
  > net-snk: Allow stateless autoconfig IPv6 addresses with IP_INIT_IPV6_MANUAL
  > net-snk: Simplify the ip6_is_multicast() function
  > net-snk: Move global variable definition out of the header file
  > net-snk: Prefer non-link-local unicast IPv6 addresses if possible
  > net-snk: Fix the check for link-local addresses when receiving RAs
  > net-snk: Remove junk at the end of IPv6 TFTP ACK and error packets
  > Fix format strings in usb-ohci.c
  > net-snk: Get rid of junk at the end of sent DHCPv6 packets
  > net-snk: Use transaction IDs in DHCPv4, too
  > net-snk: Make use of DHCPv6 transaction IDs
  > net-snk: Seed the pseudo-random number generator
  > libc: Add srand() call
  > libc: Fix the rand() function to return non-zero values
  > net-snk: Improve printed text when booting via network
  > Increase temporary buffer size of ibm,client-architecture-support call
  > Move archsupport.fs into board-qemu directory
  > boot: stop booting when we encounter HALT
  > fat-files: Fix bug with root-entries = 0 on certain FAT32 file systems
  > usb: print unhandled descriptor in debug mode
  > Improve stack usage with libnvram get_partition function
  > Improve stack usage in libnvram environment variable code
  > libc: Port vsnprintf back from skiboot
  > Move the code for rfill into a separate function
  > Rework wrapper for new_nvram_partition() and fix possible bug in there
  > Stack optimization in libusb: split up setup_new_device()
  > Check for stack overflow in paflof engine
  > Clean up pending packet variable in ipv4 code
  > Fix tracking of pending outgoing packets when handling ARP replies

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

linux-user: add getrandom() syscall

getrandom() has been introduced in kernel 3.17 and is now used during
the boot sequence of Debian unstable (stretch/sid).

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: correct timerfd_create syscall numbers

x86, m68k, ppc, sh4 and sparc failed to enable timerfd, because they
didn't have timerfd_create system call defined. Instead QEMU
defined timerfd syscall. Checking with kernel sources, it appears
kernel developers reused timerfd syscall number with timerfd_create,
presumably since no userspace called the old syscall number.

Reported-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: remove unavailable syscalls from aarch64

QEMU lists deprecated system call numbers in for Aarch64. These
are never enabled for Linux kernel, so don't define them in Qemu
either. Remove the ifdef around host_to_target_stat64 since
all architectures need it now.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: sync syscall numbers with kernel

Sync syscall numbers to match the linux v4.5-rc1 kernel.

Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: Don't assert if guest tries shmdt(0)

Our implementation of shmat() and shmdt() for linux-user was
using "zero guest address" as its marker for "entry in the
shm_regions[] array is not in use". This meant that if the
guest did a shmdt(0) we would match on an unused array entry
and call page_set_flags() with both start and end addresses zero,
which causes an assertion failure.

Use an explicit in_use flag to manage the shm_regions[] array,
so that we avoid this problem.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Pavel Shamis <pasharesearch@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: set ppc64/ppc64le default CPU to POWER8

Set the default to the latest CPU version to have the
largest set of available features.

It is also really needed in little-endian mode because
POWER7 is not really supported in this mode and some distros
(at least debian) generate POWER8 code for their ppc64le target.

Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813698

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

build: [linux-user] Rename "syscall.h" to "target_syscall.h" in target directories

This fixes double-definitions in linux-user builds when using the UST
tracing backend (which indirectly includes the system's "syscall.h").

Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>

linux-user: fix realloc size of target_fd_trans.

target_fd_trans is an array of "TargetFdTrans *": compute size
accordingly. Use g_renew() as proposed by Paolo.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>