sdk/emulator/qemu.git
8 years agoaio: introduce qemu_get_current_aio_context
Paolo Bonzini [Thu, 27 Oct 2016 10:48:59 +0000 (12:48 +0200)]
aio: introduce qemu_get_current_aio_context

This will be used by BDRV_POLL_WHILE (and thus by bdrv_drain)
to choose how to wait for I/O completion.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1477565348-5458-12-git-send-email-pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
8 years agosheepdog: use BDRV_POLL_WHILE
Paolo Bonzini [Thu, 27 Oct 2016 10:48:58 +0000 (12:48 +0200)]
sheepdog: use BDRV_POLL_WHILE

This is important when the sheepdog driver works on a BlockDriverState
that is attached to an I/O thread other than the main thread.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1477565348-5458-11-git-send-email-pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
8 years agonfs: use BDRV_POLL_WHILE
Paolo Bonzini [Thu, 27 Oct 2016 10:48:57 +0000 (12:48 +0200)]
nfs: use BDRV_POLL_WHILE

This will make it possible to use nfs_get_allocated_file_size on
a file that is not in the main AioContext.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1477565348-5458-10-git-send-email-pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
8 years agonfs: move nfs_set_events out of the while loops
Paolo Bonzini [Thu, 27 Oct 2016 10:48:56 +0000 (12:48 +0200)]
nfs: move nfs_set_events out of the while loops

nfs_set_events only needs to be called once before entering the
while loop; afterwards, nfs_process_read and nfs_process_write
take care of it.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1477565348-5458-9-git-send-email-pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
8 years agoblock: introduce BDRV_POLL_WHILE
Paolo Bonzini [Thu, 27 Oct 2016 10:48:55 +0000 (12:48 +0200)]
block: introduce BDRV_POLL_WHILE

We want the BDS event loop to run exclusively in the iothread that
owns the BDS's AioContext.  This macro will provide the synchronization
between the two event loops; for now it just wraps the common idiom
of a while loop around aio_poll.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1477565348-5458-8-git-send-email-pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
8 years agoqed: Implement .bdrv_drain
Fam Zheng [Thu, 27 Oct 2016 10:48:54 +0000 (12:48 +0200)]
qed: Implement .bdrv_drain

The "need_check_timer" is used to clear the "NEED_CHECK" flag in the
image header after a grace period once metadata update has finished. To
comply with the bdrv_drain semantics, we should make sure it remains
deleted once .bdrv_drain is called.

The change to qed_need_check_timer_cb is needed because bdrv_qed_drain
is called after s->bs has been drained, and should not operate on it;
instead it should operate on the BdrvChild-ren exclusively.  Doing so
is easy because QED does not have a bdrv_co_flush_to_os callback, hence
all that is needed to flush it is to ensure writes have reached the disk.

Based on commit df9a681dc9a (which however included some unrelated
hunks, possibly due to a merge failure or an overlooked squash).
The patch was reverted because at the time bdrv_qed_drain could call
qed_plug_allocating_write_reqs while an allocating write was queued.
This however is not possible anymore after the previous patch;
.bdrv_drain is only called after all writes have completed at the
QED level, and its purpose is to trigger metadata writes in bs->file.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1477565348-5458-7-git-send-email-pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
8 years agoblock: change drain to look only at one child at a time
Paolo Bonzini [Thu, 27 Oct 2016 10:48:53 +0000 (12:48 +0200)]
block: change drain to look only at one child at a time

bdrv_requests_pending is checking children to also wait until internal
requests (such as metadata writes) have completed.  However, checking
children is in general overkill.  Children requests can be of two kinds:

- requests caused by an operation on bs, e.g. a bdrv_aio_write to bs
causing a write to bs->file->bs.  In this case, the parent's in_flight
count will always be incremented by at least one for every request in
the child.

- asynchronous metadata writes or flushes.  Such writes can be started
even if bs's in_flight count is zero, but not after the .bdrv_drain
callback has been invoked.

This patch therefore changes bdrv_drain to finish I/O in the parent
(after which the parent's in_flight will be locked to zero), call
bdrv_drain (after which the parent will not generate I/O on the child
anymore), and then wait for internal I/O in the children to complete.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1477565348-5458-6-git-send-email-pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
8 years agoblock: add BDS field to count in-flight requests
Paolo Bonzini [Thu, 27 Oct 2016 10:48:52 +0000 (12:48 +0200)]
block: add BDS field to count in-flight requests

Unlike tracked_requests, this field also counts throttled requests,
and remains non-zero if an AIO operation needs a BH to be "really"
completed.

With this change, it is no longer necessary to have a dummy
BdrvTrackedRequest for requests that are never serialising, and
it is no longer necessary to poll the AioContext once after
bdrv_requests_pending(bs) returns false.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1477565348-5458-5-git-send-email-pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
8 years agomirror: use bdrv_drained_begin/bdrv_drained_end
Paolo Bonzini [Thu, 27 Oct 2016 10:48:51 +0000 (12:48 +0200)]
mirror: use bdrv_drained_begin/bdrv_drained_end

Ensure that there are no changes between the last check to
bdrv_get_dirty_count and the switch to the target.

There is already a bdrv_drained_end call, we only need to ensure
that bdrv_drained_begin is not called twice.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1477565348-5458-4-git-send-email-pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
8 years agoblockjob: introduce .drain callback for jobs
Paolo Bonzini [Thu, 27 Oct 2016 10:48:50 +0000 (12:48 +0200)]
blockjob: introduce .drain callback for jobs

This is required to decouple block jobs from running in an
AioContext.  With multiqueue block devices, a BlockDriverState
does not really belong to a single AioContext.

The solution is to first wait until all I/O operations are
complete; then loop in the main thread for the block job to
complete entirely.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1477565348-5458-3-git-send-email-pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
8 years agoreplication: interrupt failover if the main device is closed
Paolo Bonzini [Thu, 27 Oct 2016 10:48:49 +0000 (12:48 +0200)]
replication: interrupt failover if the main device is closed

Without this change, there is a race condition in tests/test-replication.
Depending on how fast the failover job (active commit) runs, there is a
chance of two bad things happening:

1) replication_done can be called after the secondary has been closed
and hence when the BDRVReplicationState is not valid anymore.

2) two copies of the active disk are present during the
/replication/secondary/stop test (that test runs immediately after
/replication/secondary/start, which tests failover).  This causes the
corruption detector to fire.

Reviewed-by: Wen Congyang <wency@cn.fujitsu.com>
Reviewed-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <1477565348-5458-2-git-send-email-pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Fri, 28 Oct 2016 11:06:41 +0000 (12:06 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches

# gpg: Signature made Thu 27 Oct 2016 18:15:47 BST
# gpg:                using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream: (23 commits)
  iotests: Add test for NBD's blockdev-add interface
  iotests: Add assert_json_filename_equal() method
  socket_scm_helper: Accept fd directly
  iotests.py: Allow concurrent qemu instances
  iotests.py: Add qemu_nbd function
  qapi: Allow blockdev-add for NBD
  block/nbd: Use SocketAddress options
  block/nbd: Accept SocketAddress
  block/nbd: Add nbd_has_filename_options_conflict()
  block/nbd: Use qdict_put()
  block/nbd: Default port in nbd_refresh_filename()
  block/nbd: Reject port parameter without host
  block/nbd: Drop trailing "." in error messages
  qemu-iotests: Fix typo for NFS with IMGOPTSSYNTAX
  block: Remove bdrv_aio_ioctl()
  raw: Implement .bdrv_co_ioctl instead of .bdrv_aio_ioctl
  block: Introduce .bdrv_co_ioctl() driver callback
  block: Remove bdrv_ioctl()
  raw-posix: Don't use bdrv_ioctl()
  block: Use blk_co_ioctl() for all BB level ioctls
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-seabios-20161027-2' into staging
Peter Maydell [Fri, 28 Oct 2016 09:51:22 +0000 (10:51 +0100)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-seabios-20161027-2' into staging

seabios: update to 1.10.0 release.

# gpg: Signature made Thu 27 Oct 2016 15:50:54 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-seabios-20161027-2:
  seabios: update to 1.10.0 release.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20161027-1' into staging
Peter Maydell [Fri, 28 Oct 2016 08:58:38 +0000 (09:58 +0100)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20161027-1' into staging

virtio-gpu: fix memory leak in virtio_gpu_resource_create_2d

# gpg: Signature made Thu 27 Oct 2016 15:32:38 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-vga-20161027-1:
  virtio-gpu: fix memory leak in virtio_gpu_resource_create_2d

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agotrace: Fix 'char **' compilation error in simple backend
Fam Zheng [Wed, 26 Oct 2016 03:50:06 +0000 (11:50 +0800)]
trace: Fix 'char **' compilation error in simple backend

Currently, the generated function body will do "strlen(arg)" but the
argument could be 'char **' or 'char * const *'. Avoid that by excluding
such cases in is_string check.

Reported by patchew's "make docker-test-mingw@fedora".

Suggested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1477453806-21097-1-git-send-email-famz@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoiotests: Add test for NBD's blockdev-add interface
Max Reitz [Tue, 25 Oct 2016 13:11:41 +0000 (15:11 +0200)]
iotests: Add test for NBD's blockdev-add interface

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests: Add assert_json_filename_equal() method
Max Reitz [Tue, 25 Oct 2016 13:11:40 +0000 (15:11 +0200)]
iotests: Add assert_json_filename_equal() method

Since the order of keys in JSON filenames is not necessarily fixed, they
should not be compared to fixed strings. This method takes a Python dict
as a reference, parses a given JSON filename and compares both.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agosocket_scm_helper: Accept fd directly
Max Reitz [Tue, 25 Oct 2016 13:11:39 +0000 (15:11 +0200)]
socket_scm_helper: Accept fd directly

This gives us more freedom about the fd that is passed to qemu, allowing
us to e.g. pass sockets.

Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests.py: Allow concurrent qemu instances
Max Reitz [Tue, 25 Oct 2016 13:11:38 +0000 (15:11 +0200)]
iotests.py: Allow concurrent qemu instances

By adding an optional suffix to the files used for communication with a
VM, we can launch multiple VM instances concurrently.

Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoiotests.py: Add qemu_nbd function
Max Reitz [Tue, 25 Oct 2016 13:11:37 +0000 (15:11 +0200)]
iotests.py: Add qemu_nbd function

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoqapi: Allow blockdev-add for NBD
Max Reitz [Tue, 25 Oct 2016 13:11:36 +0000 (15:11 +0200)]
qapi: Allow blockdev-add for NBD

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock/nbd: Use SocketAddress options
Max Reitz [Tue, 25 Oct 2016 13:11:35 +0000 (15:11 +0200)]
block/nbd: Use SocketAddress options

Drop the use of legacy options in favor of the SocketAddress
representation, even for internal use (i.e. for storing the result of
the filename parsing).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock/nbd: Accept SocketAddress
Max Reitz [Tue, 25 Oct 2016 13:11:34 +0000 (15:11 +0200)]
block/nbd: Accept SocketAddress

Add a new option "server" to the NBD block driver which accepts a
SocketAddress.

"path", "host" and "port" are still supported as legacy options and are
mapped to their corresponding SocketAddress representation.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock/nbd: Add nbd_has_filename_options_conflict()
Max Reitz [Tue, 25 Oct 2016 13:11:33 +0000 (15:11 +0200)]
block/nbd: Add nbd_has_filename_options_conflict()

Right now, we have four possible options that conflict with specifying
an NBD filename, and a future patch will add another one ("address").
This future option is a nested QDict that is flattened at this point,
requiring us to test each option whether its key has an "address."
prefix. Therefore, we will then need to iterate through all options
(including the "export" option which was not covered so far).

Adding this iteration logic now will simplify adding the new option
later. A nice side effect is that the user will not receive a long list
of five options which are not supposed to be specified with a filename,
but we can actually print the problematic option.

Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock/nbd: Use qdict_put()
Max Reitz [Tue, 25 Oct 2016 13:11:32 +0000 (15:11 +0200)]
block/nbd: Use qdict_put()

Instead of inlining this nice macro (i.e. resorting to
qdict_put_obj(..., QOBJECT(...))), use it.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock/nbd: Default port in nbd_refresh_filename()
Max Reitz [Tue, 25 Oct 2016 13:11:31 +0000 (15:11 +0200)]
block/nbd: Default port in nbd_refresh_filename()

Instead of not emitting the port in nbd_refresh_filename(), just set it
to the default if the user did not specify it. This makes the logic a
bit simpler.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock/nbd: Reject port parameter without host
Max Reitz [Tue, 25 Oct 2016 13:11:30 +0000 (15:11 +0200)]
block/nbd: Reject port parameter without host

Currently, a port that is passed along with a UNIX socket path is
silently ignored. That is not exactly ideal, it should be an error
instead.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock/nbd: Drop trailing "." in error messages
Max Reitz [Tue, 25 Oct 2016 13:11:29 +0000 (15:11 +0200)]
block/nbd: Drop trailing "." in error messages

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoqemu-iotests: Fix typo for NFS with IMGOPTSSYNTAX
Kevin Wolf [Thu, 27 Oct 2016 11:16:56 +0000 (13:16 +0200)]
qemu-iotests: Fix typo for NFS with IMGOPTSSYNTAX

Commit 076003f5 added configuration for NFS with IMGOPTSSYNTAX enabled,
but it didn't use the right variable name: $TEST_DIR_OPTS doesn't exist.
This fixes the mistake.

However, this doesn't make anything work that was broken before: The
only way to get IMGOPTSSYNTAX is with -luks, but the combination of
-luks and -nfs doesn't get qemu-img create commands right (because
qemu-img create doesn't support --image-opts yet), so even after this
fix some more work would be required to make the tests pass.

Reported-by: Tomáš Golembiovský <tgolembi@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: Remove bdrv_aio_ioctl()
Kevin Wolf [Thu, 20 Oct 2016 12:40:22 +0000 (14:40 +0200)]
block: Remove bdrv_aio_ioctl()

It is unused now.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoraw: Implement .bdrv_co_ioctl instead of .bdrv_aio_ioctl
Kevin Wolf [Thu, 20 Oct 2016 13:09:36 +0000 (15:09 +0200)]
raw: Implement .bdrv_co_ioctl instead of .bdrv_aio_ioctl

It's the simpler interface to use for the raw format driver.

Apart from that, this removes the last user of the AIO emulation
implemented by bdrv_aio_ioctl().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoblock: Introduce .bdrv_co_ioctl() driver callback
Kevin Wolf [Thu, 20 Oct 2016 13:07:27 +0000 (15:07 +0200)]
block: Introduce .bdrv_co_ioctl() driver callback

This allows drivers to implement ioctls in a coroutine-based way.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoblock: Remove bdrv_ioctl()
Kevin Wolf [Thu, 20 Oct 2016 12:40:22 +0000 (14:40 +0200)]
block: Remove bdrv_ioctl()

It is unused now.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoraw-posix: Don't use bdrv_ioctl()
Kevin Wolf [Thu, 20 Oct 2016 12:50:12 +0000 (14:50 +0200)]
raw-posix: Don't use bdrv_ioctl()

Instead of letting raw-posix use the bdrv_ioctl() abstraction to issue
an ioctl to itself, just call ioctl() directly.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoblock: Use blk_co_ioctl() for all BB level ioctls
Kevin Wolf [Thu, 20 Oct 2016 10:56:14 +0000 (12:56 +0200)]
block: Use blk_co_ioctl() for all BB level ioctls

All read/write functions already have a single coroutine-based function
on the BlockBackend level through which all requests go (no matter what
API style the external caller used) and which passes the requests down
to the block node level.

This patch exports a bdrv_co_ioctl() function and uses it to extend this
mode of operation to ioctls.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoblock: Remove bdrv_aio_pdiscard()
Kevin Wolf [Thu, 20 Oct 2016 12:40:22 +0000 (14:40 +0200)]
block: Remove bdrv_aio_pdiscard()

It is unused now.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoblock: Use blk_co_pdiscard() for all BB level discard
Kevin Wolf [Thu, 20 Oct 2016 10:56:14 +0000 (12:56 +0200)]
block: Use blk_co_pdiscard() for all BB level discard

All read/write functions already have a single coroutine-based function
on the BlockBackend level through which all requests go (no matter what
API style the external caller used) and which passes the requests down
to the block node level.

This patch extends this mode of operation to discards.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoblock: Use blk_co_flush() for all BB level flushes
Kevin Wolf [Thu, 20 Oct 2016 10:56:14 +0000 (12:56 +0200)]
block: Use blk_co_flush() for all BB level flushes

All read/write functions already have a single coroutine-based function
on the BlockBackend level through which all requests go (no matter what
API style the external caller used) and which passes the requests down
to the block node level.

This patch extends this mode of operation to flushes.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-audio-20161027-1' into staging
Peter Maydell [Thu, 27 Oct 2016 16:24:29 +0000 (17:24 +0100)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-20161027-1' into staging

audio: intel-hda: check stream entry count during transfer

# gpg: Signature made Thu 27 Oct 2016 15:30:51 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-audio-20161027-1:
  audio: intel-hda: check stream entry count during transfer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoseabios: update to 1.10.0 release.
Gerd Hoffmann [Thu, 27 Oct 2016 14:42:28 +0000 (16:42 +0200)]
seabios: update to 1.10.0 release.

New in this release:
===================

* Initial support for Trusted Platform Module (TPM) version 2.0
* Several USB XHCI timing fixes on real hardware
* Support for "LSI MPT Fusion" scsi controllers on QEMU
* Support for virtio devices mapped above 4GB
* Several bug fixes and code cleanups

git shortlog rel-1.9.3..rel-1.10.0
==================================

Alex Williamson (1):
      fw/pci: Add support for mapping Intel IGD via QEMU

Cao jin (1):
      Fix comment typo

Cole Robinson (1):
      biostables: Support SMBIOS 2.6+ UUID format

Dana Rubin (2):
      pvscsi: Fix incorrect arguments order in call to memalign_low
      pvscsi: Use high memory for rings

Don Slutz (1):
      Support for booting from LSI Logic LSI53C1030, SAS1068, SAS1068e

Gerd Hoffmann (4):
      ahci: set transfer mode according to the capabilities of connected drive
      virtio: uninline _vp_{read,write}
      virtio: pci cfg access
      virtio: fix virtio-pci

Haozhong Zhang (1):
      fw/msr_feature_control: add support to set MSR_IA32_FEATURE_CONTROL

Igor Mammedov (3):
      paravirt: disable legacy bios tables in case of more than 255 CPUs
      add helpers to read etc/boot-cpus at resume time
      support booting with more than 255 CPUs

Kevin O'Connor (124):
      usb: Allow configuration of sigatt time (in etc/usb-time-sigatt)
      xhci: Check for device disconnects during USB2 reset polling
      sdcard: Only enable error_irq_enable for bits defined in SDHCI v1 spec
      sdcard: fix typo causing 32bit write to 16bit block_size field
      sdcard: Enable extra debugging on sdcard_waitw() timeout
      acpi_extract: Move main code to new function main()
      acpi_extract: Make the generated .hex files more human readable
      acpi_extract: Don't generate unused (and empty) q35-acpi-dsdt.hex file
      acpi: Don't build SSDT files on every build; store them in git
      acpi: Remove build check for iasl
      tpm: Move standard definitions from tcgbios.h to new file std/tcg.h
      util.h: Minor - HaveRunPost is in misc.c not resume.c
      tpm: Add "static" declaration to functions not used outside tcgbios.c
      tpm: Move code around in tcgbios.c
      tpm: Move error recovery from tpm_extend_acpi_log() to only caller
      tpm: Open code tpm_ipl() into callers
      tpm: Change tpm_add_measurement() to tpm_add_action()
      tpm: Move tpm_add_bootdevice() into callers
      tpm: Move tpm_start_option_rom_scan() and tpm_calling_int19h() into callers
      tpm: pcpes->event is a variable length array
      tpm: Don't pass entry_count around in parameters to/from tpm_extend_acpi_log()
      tpm: There is no need to pass pcrindex to hash_log_extend_event()
      tpm: Perform hashing separately from logging
      tpm: There is no need to pass event_length to hash/extend functions
      tpm: Avoid scatter-gather copying in build_and_send_cmd()
      tpm: Don't implement scatter-gather in transmit()
      tpm: Merge tpm_log_event() and tpm_extend_acpi_log()
      tpm: Merge tpm_log_extend_event() and tpm_extend(); extend before logging
      xhci: Wait for port enable even for USB3 devices
      xhci: Improve port status change debugging
      xhci: Disable slot on failed set_address command
      nmi: Don't try to switch onto extra stack in NMI handler
      scsi: Do not call printf() from scsi_is_ready()
      block: Report drive->sectors using "%u" instead of "%d"
      tpm: Add banner separating the TCG bios interface code from TCG menu code
      tpm: Avoid macro expansion of tpm request / response structs
      tpm: Simplify hardware probe and detection checks
      tpm: Add wrapper function tpmhw_set_timeouts()
      tpm: Move TPM hardware functions from tcgbios.c to hw/tpm_drivers.c
      tpm: Rework TPM interface shutdown support
      tpm: Simplify tcpa probe
      tpm: Introduce tpm_get_capability() helper function
      tpm: Eliminate response buffer parameter from build_and_send_cmd()
      tpm: Don't return a status from external bios measurement functions
      tpm: No need to check the return status of measurements
      tpm: Don't call tpm_set_failure() from tpm_log_extend_event()
      tpm: Don't use 16bit BIOS return codes in build_and_send_cmd()
      tpm: Don't use 16bit BIOS return codes in tpm_log_event()
      tpm: Don't use 16bit BIOS return codes in tpmhw_* functions
      tpm: Don't use 16bit BIOS return codes in TPM menu functions
      usb: Remove usbdev->slotid field
      coreboot: Check for unaligned cbfs header
      resume: Make KVM soft reboot loop detection more flexible
      post: Always set HaveRunPost prior to setting any other global variable
      kbd: Don't treat scancode and asciicode as separate values
      kbd: Refactor capslock and numlock handling
      ehci: Only delay UHCI/OHCI port scan until after EHCI setup completes
      usb: Eliminate USB controller setup thread
      pci: Add helper functions for internal driver BAR handling
      ahci: Convert to new PCI BAR helper functions
      ata: Convert to new PCI BAR helper functions
      esp-scsi: Convert to new PCI BAR helper functions
      lsi-scsi: Convert to new PCI BAR helper functions
      megasas: Convert to new PCI BAR helper functions
      pvscsi: Convert to new PCI BAR helper functions
      sdcard: Convert to new PCI BAR helper functions
      ehci: Convert to new PCI BAR helper functions
      ohci: Convert to new PCI BAR helper functions
      uhci: Convert to new PCI BAR helper functions
      xhci: Convert to new PCI BAR helper functions
      virtio: Convert to new PCI BAR helper functions
      pci: Consistently set pci->have_drivers for devices with internal drivers
      pci: Implement '%pP' printf handler for 'struct pci_device' pointers
      pci: Move code in pci.c that is specific to pciinit.c to pciinit.c
      pci: Split low-level pci code from higher-level 'struct pci_device' code
      scsi: Always use MAXDESCSIZE when building drive description
      block: Move drive setup to new function block_setup()
      tpm: Unify tpm_fill_hash()/tpm_log_extend_event() and use in BIOS interface
      docs: Note release date of 1.9.1
      build: fix .text section address alignment
      tpm: Write logs in TPM 2 format
      mpt-scsi: Declare 'int i' outside of for loop for older compilers
      block: Move send_disk_op() from block.c to disk.c
      disk: Avoid stack_hop() path if already on the extra stack
      optionroms: Drop support for CONFIG_OPTIONROMS_DEPLOYED
      shadow: Batch PCI config writes
      virtio: Use threads when scanning for virtio devices
      scsi: Launch a thread when scanning for drives in the scsi drivers
      docs: Note release date of 1.9.2
      usb-xhci: Remove unused const variables
      tcgbios: Remove unused const variable
      vgabios: Remove special case of dh==0xff in handle_1013()
      vgabios: Don't check for special case of page==0xff on external calls
      vgabios: Simplify set_cursor_pos()
      docs: Note release date of 1.9.3
      vgabios: Simplify scroll logic
      blockcmd: CMD_SCSI op is only used in 32bit mode
      swcursor: Move swcursor code from vgafb.c to new file swcursor.c
      swcursor: Concentrate swcursor logic in swcursor.c
      vgafb: Move header definitions from vgabios.h to new file vgafb.h
      vgainit: Move video param setup to stdvga_build_video_param()
      vgautil: Add new header file with misc function and variable definitions
      vgautil: Move generic definitions from stdvga.h to vgautil.h
      vgautil: Move definitions from cbvga.h and clext.h to vgautil.h
      version: Update header files now that version.c is not auto generated
      checkstack: Handle conditional checks at start of functions
      tpm: Append to TPM2 log the hashes used for PCR extension
      ps2: Remove stale check for timeout warning on reset
      pic: The default hardware interrupt handlers should not take a parameter
      kbd: Implement 101-key keyboard keycode mapping
      kbd: Implement extended keycode mappings for keypad-enter and keypad-/
      kbd: Suppress keys without mappings
      kbd: Merge bda->kbd_flag0 and bda->kbd_flag1
      kbd: Extract out shift flag setting into new function
      kbd: Move checking for special keys in __process_keys() into switch
      kbd: Ignore fake shift keys
      usb-hid: Generate Ctrl+Break and Alt+SysReq keys
      kbd: Generate interrupt events for SysReq, PrtScr, and Break
      post: Map int 0x05 to entry point
      kbd: Move extended and release events out of special key detection switch
      build: Be sure to also include out/*.d in Makefile
      smp: consolidate CPU APIC ID detection and accounting
      build: Add -fno-pie to the gcc flags when available
      docs: Note v1.10.0 release

Marcel Apfelbaum (2):
      fw/pci: do not automatically allocate IO region for PCIe bridges
      fw/pci: add Q35 S3 support

Matt DeVillier (1):
      sdcard: skip detection of PCI sdhci controllers if etc/sdcard used

Paolo Bonzini (1):
      smp: restore MSRs on S3 resume

Piotr Król (1):
      docs: fix various typos and inconsistency

Roger Pau Monne (1):
      build: fix typo in buildversion.py

Stefan Berger (34):
      tpm: Temporarily deactivate the TPM in case of failure
      tpm: Refactor function building TPM commands
      tpm: Refactor the parameters being passed to tpm_extend_acpi_log
      tpm: Refactor hash_log_event BIOS interface function
      tpm: Refactor hash_log_extend_event
      tpm: fix compiler warning with older gcc versions
      tpm: Drop code using the TPM for sha1
      tpm: Set timeouts and durations to microsecond values
      tpm: Cache all log related pointers in tpm_state
      tpm: Refactor pass_through_to_tpm
      tpm: Rename remaining interrupt functions
      tpm: Remove check for working TPM from TPM interrupt handler
      tpm: Check length parameter of the array
      tpm: Add a menu for TPM configuration
      tpm: Copy digest into HashLogExentEvent response
      tpm: Move assert_physical_presence and dependencies
      tpm: Add support for harware physical presence
      tpm: Rework the assertion of physical presence
      tpm: Remove usage of PP_CMD_ENABLE from all but one place
      tpm: Do not set TPM in failure mode if menu command fails
      tpm: Extend TPM TIS with TPM 2 support.
      tpm: Factor out tpm_extend
      tpm: Prepare code for TPM 2 functions
      tpm: Implement tpm20_startup and tpm20_s3_resume
      tpm: Implement tpm20_set_timeouts
      tpm: Implement tpm20_prepboot
      tpm: Implement tpm20_extend
      tpm: Implement tpm20_menu
      tpm: Implement TPM 2's tpm_set_failure part
      tpm: Filter TPM commands in passthrough API
      tpm: Retrieve the PCR Bank configuration
      tpm: Restructure tpm20_extend to use buffer and take hash as parameter
      tpm: Refactor tpml_digest_values_sha1 structure
      tpm: Extend tpm20_extend to support extending to multiple PCR banks

Zheng Bao (1):
      splash: Skip the RGB555 mode

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/rth/tags/pull-atomic-20161026' into staging
Peter Maydell [Thu, 27 Oct 2016 13:06:34 +0000 (14:06 +0100)]
Merge remote-tracking branch 'remotes/rth/tags/pull-atomic-20161026' into staging

cmpxchg emulation of atomics, v8

# gpg: Signature made Wed 26 Oct 2016 16:30:03 BST
# gpg:                using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC  16A4 AD12 70CC 4DD0 279B

* remotes/rth/tags/pull-atomic-20161026: (37 commits)
  target-alpha: Emulate LL/SC using cmpxchg helpers
  target-alpha: Introduce MMU_PHYS_IDX
  target-arm: remove EXCP_STREX + cpu_exclusive_{test, info}
  linux-user: remove handling of aarch64's EXCP_STREX
  linux-user: remove handling of ARM's EXCP_STREX
  target-arm: emulate aarch64's LL/SC using cmpxchg helpers
  target-arm: emulate SWP with atomic_xchg helper
  target-arm: emulate LL/SC using cmpxchg helpers
  target-arm: Rearrange aa32 load and store functions
  tests: add atomic_add-bench
  target-i386: remove helper_lock()
  target-i386: emulate XCHG using atomic helper
  target-i386: emulate LOCK'ed BTX ops using atomic helpers
  target-i386: emulate LOCK'ed XADD using atomic helper
  target-i386: emulate LOCK'ed NEG using cmpxchg helper
  target-i386: emulate LOCK'ed NOT using atomic helper
  target-i386: emulate LOCK'ed INC using atomic helper
  target-i386: emulate LOCK'ed OP instructions using atomic helpers
  target-i386: emulate LOCK'ed cmpxchg using cmpxchg helpers
  tcg: Emit barriers with parallel_cpus
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
Peter Maydell [Thu, 27 Oct 2016 11:45:45 +0000 (12:45 +0100)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Wed 26 Oct 2016 03:19:06 BST
# gpg:                using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  colo-proxy: fix memory leak
  net: rtl8139: limit processing of ring descriptors
  net: vmxnet: initialise local tx descriptor
  e1000e: Don't zero out buffer address in rx descriptor
  net: rocker: set limit to DMA buffer size
  net: eepro100: fix memory leak in device uninit
  tap-bsd: OpenBSD uses tap(4) now
  net: pcnet: fix source formatting and indentation
  net: pcnet: check rx/tx descriptor ring length

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/vivier/tags/m68k-part1-pull-request' into staging
Peter Maydell [Thu, 27 Oct 2016 10:58:43 +0000 (11:58 +0100)]
Merge remote-tracking branch 'remotes/vivier/tags/m68k-part1-pull-request' into staging

# gpg: Signature made Tue 25 Oct 2016 19:58:46 BST
# gpg:                using RSA key 0xF30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>"
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier/tags/m68k-part1-pull-request: (23 commits)
  target-m68k: Optimize gen_flush_flags
  target-m68k: Optimize some comparisons
  target-m68k: Use setcond for scc
  target-m68k: Introduce DisasCompare
  target-m68k: Reorg flags handling
  target-m68k: Remove incorrect clearing of cc_x
  target-m68k: Some fixes to SR and flags management
  target-m68k: Print flags properly
  target-m68k: update CPU flags management
  target-m68k: don't update cc_dest in helpers
  target-m68k: update move to/from ccr/sr
  target-m68k: remove m68k_cpu_exec_enter() and m68k_cpu_exec_exit()
  target-m68k: Replace helper_xflag_lt with setcond
  target-m68k: allow to update flags with operation on words and bytes
  target-m68k: REG() macro cleanup
  target-m68k: set PAGE_BITS to 12 for m68k
  target-m68k: define operand sizes
  target-m68k: set disassembler mode to 680x0 or coldfire
  target-m68k: introduce read_imXX() functions
  target-m68k: manage scaled index
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agotarget-alpha: Emulate LL/SC using cmpxchg helpers
Richard Henderson [Fri, 2 Sep 2016 19:52:28 +0000 (12:52 -0700)]
target-alpha: Emulate LL/SC using cmpxchg helpers

Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem.  However, portable parallel
code is written assuming only cmpxchg which means that in
practice this is a viable alternative.

Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-alpha: Introduce MMU_PHYS_IDX
Richard Henderson [Sat, 3 Sep 2016 18:32:35 +0000 (11:32 -0700)]
target-alpha: Introduce MMU_PHYS_IDX

Rather than using helpers for physical accesses, use a mmu index.
The primary cleanup is with store-conditional on physical addresses.

Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-arm: remove EXCP_STREX + cpu_exclusive_{test, info}
Emilio G. Cota [Mon, 27 Jun 2016 19:02:16 +0000 (15:02 -0400)]
target-arm: remove EXCP_STREX + cpu_exclusive_{test, info}

The exception is not emitted anymore; remove it and the associated
TCG variables.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <1467054136-10430-31-git-send-email-cota@braap.org>

8 years agolinux-user: remove handling of aarch64's EXCP_STREX
Emilio G. Cota [Mon, 27 Jun 2016 19:02:15 +0000 (15:02 -0400)]
linux-user: remove handling of aarch64's EXCP_STREX

The exception is not emitted anymore.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <1467054136-10430-30-git-send-email-cota@braap.org>

8 years agolinux-user: remove handling of ARM's EXCP_STREX
Emilio G. Cota [Mon, 27 Jun 2016 19:02:14 +0000 (15:02 -0400)]
linux-user: remove handling of ARM's EXCP_STREX

The exception is not emitted anymore.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <rth@twidle.net>
Message-Id: <1467054136-10430-29-git-send-email-cota@braap.org>

8 years agotarget-arm: emulate aarch64's LL/SC using cmpxchg helpers
Emilio G. Cota [Mon, 27 Jun 2016 19:02:13 +0000 (15:02 -0400)]
target-arm: emulate aarch64's LL/SC using cmpxchg helpers

Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem. Portable parallel code, however,
is written assuming only cmpxchg--and not LL/SC--is available.
This means that in practice emulating LL/SC with cmpxchg is
a viable alternative.

The appended emulates LL/SC pairs in aarch64 with cmpxchg helpers.
This works in both user and system mode. In usermode, it avoids
pausing all other CPUs to perform the LL/SC pair. The subsequent
performance and scalability improvement is significant, as the
plots below show. They plot the throughput of atomic_add-bench
compiled for ARM and executed on a 64-core x86 machine.

Hi-res plots: http://imgur.com/a/JVc8Y

                atomic_add-bench: 1000000 ops/thread, [0,1] range

  18 ++---------+----------+---------+----------+----------+----------+---++
     +cmpxchg +-E--+       +         +          +          +          +    |
  16 ++master +-H--+                                                      ++
     ||                                                                    |
  14 ++                                                                   ++
     | |                                                                   |
  12 ++|                                                                  ++
     | |                                                                   |
  10 ++++                                                                 ++
   8 ++E                                                                  ++
     |+++                                                                  |
   6 ++ |                                                                 ++
     |  |                                                                  |
   4 ++ |                                                                 ++
     |   |                                                                 |
   2 +H++E+---                                                            ++
     + |     +E++----+E+---+--+E+----++E+------+E+------+E++----+E+---+--+E|
   0 ++H-H----H-+-----H----+---------+----------+----------+----------+---++
     0          10         20        30         40         50         60
                                Number of threads

                atomic_add-bench: 1000000 ops/thread, [0,2] range

  18 ++---------+----------+---------+----------+----------+----------+---++
     +cmpxchg +-E--+       +         +          +          +          +    |
  16 ++master +-H--+                                                      ++
     | |                                                                   |
  14 ++E                                                                  ++
     | |                                                                   |
  12 ++|                                                                  ++
     |+++                                                                  |
  10 ++ |                                                                 ++
   8 ++ |                                                                 ++
     |  |                                                                  |
   6 ++ |                                                                 ++
     |   |                                                                 |
   4 ++  |                                                                ++
     |  +E+---                                                             |
   2 +H+     +E+-----+++              +++      +++   ---+E+-----+E+------+++
     +++        +    +E+---+--+E+----++E+------+E+---   ++++    +++   +  +E|
   0 ++H-H----H-+-----H----+---------+----------+----------+----------+---++
     0          10         20        30         40         50         60
                                Number of threads

               atomic_add-bench: 1000000 ops/thread, [0,128] range

  70 ++---------+----------+---------+----------+----------+----------+---++
     +cmpxchg +-E--+       +         +          +          +          +    |
  60 ++master +-H--+                  +++            ---+E+-----+E+------+E+
     |                        +E+------E-------+E+---                      |
     |                     ---        +++                                  |
  50 ++              +++---                                               ++
     |              -+E+                                                   |
  40 ++      +++----                                                      ++
     |        E-                                                           |
     |      --|                                                            |
  30 ++   -- +++                                                          ++
     |  +E+                                                                |
  20 ++E+                                                                 ++
     |E+                                                                   |
     |                                                                     |
  10 ++                                                                   ++
     +          +          +         +          +          +          +    |
   0 +HH-H----H-+-----H----+---------+----------+----------+----------+---++
     0          10         20        30         40         50         60
                                Number of threads

              atomic_add-bench: 1000000 ops/thread, [0,1024] range

  160 ++---------+---------+----------+---------+----------+----------+---++
      +cmpxchg +-E--+      +          +         +          +          +    |
  140 ++master +-H--+                                           +++      +++
      |                                                -+E+-----+E+-------E|
  120 ++                                       +++ ----                  +++
      |                                +++  ----E--                        |
  100 ++                              --E---   +++                        ++
      |                       +++ ---- +++                                 |
   80 ++                     --E--                                        ++
      |                  ---- +++                                          |
      |              -+E+                                                  |
   60 ++         ---- +++                                                 ++
      |      +E+-                                                          |
   40 ++   --                                                             ++
      |  +E+                                                               |
   20 +EE+                                                                ++
      +++        +         +          +         +          +          +    |
    0 +HH-H---H--+-----H---+----------+---------+----------+----------+---++
      0          10        20         30        40         50         60
                                Number of threads

[rth: Rearrange 128-bit cmpxchg helper.  Enforce alignment on LL.]

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-28-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-arm: emulate SWP with atomic_xchg helper
Emilio G. Cota [Mon, 27 Jun 2016 19:02:10 +0000 (15:02 -0400)]
target-arm: emulate SWP with atomic_xchg helper

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-25-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-arm: emulate LL/SC using cmpxchg helpers
Emilio G. Cota [Mon, 27 Jun 2016 19:02:08 +0000 (15:02 -0400)]
target-arm: emulate LL/SC using cmpxchg helpers

Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem. Portable parallel code, however,
is written assuming only cmpxchg--and not LL/SC--is available.
This means that in practice emulating LL/SC with cmpxchg is
a viable alternative.

The appended emulates LL/SC pairs in ARM with cmpxchg helpers.
This works in both user and system mode. In usermode, it avoids
pausing all other CPUs to perform the LL/SC pair. The subsequent
performance and scalability improvement is significant, as the
plots below show. They plot the throughput of atomic_add-bench
compiled for ARM and executed on a 64-core x86 machine.

Hi-res plots: http://imgur.com/a/aNQpB

               atomic_add-bench: 1000000 ops/thread, [0,1] range

  9 ++---------+----------+----------+----------+----------+----------+---++
    +cmpxchg +-E--+       +          +          +          +          +    |
  8 +Emaster +-H--+                                                       ++
    | |                                                                    |
  7 ++E                                                                   ++
    | |                                                                    |
  6 ++++                                                                  ++
    |  |                                                                   |
  5 ++ |                                                                  ++
  4 ++ |                                                                  ++
    |  |                                                                   |
  3 ++ |                                                                  ++
    |   |                                                                  |
  2 ++  |                                                                 ++
    |H++E+---                                  +++  ---+E+------+E+------+E|
  1 +++     +E+-----+E+------+E+------+E+------+E+--   +++      +++       ++
    ++H+       +    +++   +  +++     ++++       +          +          +    |
  0 ++--H----H-+-----H----+----------+----------+----------+----------+---++
    0          10         20         30         40         50         60
                               Number of threads

                atomic_add-bench: 1000000 ops/thread, [0,2] range

  16 ++---------+----------+---------+----------+----------+----------+---++
     +cmpxchg +-E--+       +         +          +          +          +    |
  14 ++master +-H--+                                                      ++
     | |                                                                   |
  12 ++|                                                                  ++
     | E                                                                   |
  10 ++|                                                                  ++
     | |                                                                   |
   8 ++++                                                                 ++
     |E+|                                                                  |
     |  |                                                                  |
   6 ++ |                                                                 ++
     |   |                                                                 |
   4 ++  |                                                                ++
     |  +E+---       +++      +++              +++           ---+E+------+E|
   2 +H+     +E+------E-------+E+-----+E+------+E+------+E+--            +++
     + |        +    +++   +         ++++       +          +          +    |
   0 ++H-H----H-+-----H----+---------+----------+----------+----------+---++
     0          10         20        30         40         50         60
                                Number of threads

               atomic_add-bench: 1000000 ops/thread, [0,128] range

  70 ++---------+----------+---------+----------+----------+----------+---++
     +cmpxchg +-E--+       +         +          +       ++++          +    |
  60 ++master +-H--+                                 ----E------+E+-------++
     |                                        -+E+---   +++     +++      +E|
     |                                +++ ---- +++                       ++|
  50 ++                       +++  ---+E+-                                ++
     |                        -E---                                        |
  40 ++                    ---+++                                         ++
     |               +++---                                                |
     |              -+E+                                                   |
  30 ++      +++----                                                      ++
     |       +E+                                                           |
  20 ++ +++--                                                             ++
     |  +E+                                                                |
     |+E+                                                                  |
  10 +E+                                                                  ++
     +          +          +         +          +          +          +    |
   0 +HH-H----H-+-----H----+---------+----------+----------+----------+---++
     0          10         20        30         40         50         60
                                Number of threads

              atomic_add-bench: 1000000 ops/thread, [0,1024] range

  120 ++---------+---------+----------+---------+----------+----------+---++
      +cmpxchg +-E--+      +          +         +          +          +    |
      | master +-H--+                                                    ++|
  100 ++                                                              ----E+
      |                                                 +++  ---+E+---   ++|
      |                                                --E---   +++        |
   80 ++                                           ---- +++               ++
      |                                     ---+E+-                        |
   60 ++                              -+E+--                              ++
      |                       +++ ---- +++                                 |
      |                      -+E+-                                         |
   40 ++              +++----                                             ++
      |      +++   ---+E+                                                  |
      |     -+E+---                                                        |
   20 ++ +E+                                                              ++
      |+E+++                                                               |
      +E+        +         +          +         +          +          +    |
    0 +HH-H---H--+-----H---+----------+---------+----------+----------+---++
      0          10        20         30        40         50         60
                                Number of threads

[rth: Enforce alignment for ldrexd.]

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-23-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-arm: Rearrange aa32 load and store functions
Richard Henderson [Thu, 30 Jun 2016 18:44:14 +0000 (11:44 -0700)]
target-arm: Rearrange aa32 load and store functions

Stop specializing on TARGET_LONG_BITS == 32; unconditionally allocate
a temp and expand with tcg_gen_extu_i32_tl.  Split out gen_aa32_addr,
gen_aa32_frob64, gen_aa32_ld_i32 and gen_aa32_st_i32 as separate interfaces.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotests: add atomic_add-bench
Emilio G. Cota [Mon, 27 Jun 2016 19:02:05 +0000 (15:02 -0400)]
tests: add atomic_add-bench

With this microbenchmark we can measure the overhead of emulating atomic
instructions with a configurable degree of contention.

The benchmark spawns $n threads, each performing $o atomic ops (additions)
in a loop. Each atomic operation is performed on a different cache line
(assuming lines are 64b long) that is randomly selected from a range [0, $r).

[ Note: each $foo corresponds to a -foo flag ]

Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <1467054136-10430-20-git-send-email-cota@braap.org>

8 years agotarget-i386: remove helper_lock()
Emilio G. Cota [Mon, 27 Jun 2016 19:02:06 +0000 (15:02 -0400)]
target-i386: remove helper_lock()

It's been superseded by the atomic helpers.

The use of the atomic helpers provides a significant performance and scalability
improvement. Below is the result of running the atomic_add-test microbenchmark with:
 $ x86_64-linux-user/qemu-x86_64 tests/atomic_add-bench -o 5000000 -r $r -n $n
, where $n is the number of threads and $r is the allowed range for the additions.

The scenarios measured are:
- atomic: implements x86' ADDL with the atomic_add helper (i.e. this patchset)
- cmpxchg: implement x86' ADDL with a TCG loop using the cmpxchg helper
- master: before this patchset

Results sorted in ascending range, i.e. descending degree of contention.
Y axis is Throughput in Mops/s. Tests are run on an AMD machine with 64
Opteron 6376 cores.

                atomic_add-bench: 5000000 ops/thread, [0,1] range

  25 ++---------+----------+---------+----------+----------+----------+---++
     + atomic +-E--+       +         +          +          +          +    |
     |cmpxchg +-H--+                                                       |
  20 +Emaster +-N--+                                                      ++
     ||                                                                    |
     |++                                                                   |
     ||                                                                    |
  15 +++                                                                  ++
     |N|                                                                   |
     |+|                                                                   |
  10 ++|                                                                  ++
     |+|+                                                                  |
     | |    -+E+------        +++  ---+E+------+E+------+E+-----+E+------+E|
     |+E+E+- +++     +E+------+E+--                                        |
   5 ++|+                                                                 ++
     |+N+H+---                                 +++                         |
     ++++N+--+H++----+++   +  +++  --++H+------+H+------+H++----+H+---+--- |
   0 ++---------+-----H----+---H-----+----------+----------+----------+---H+
     0          10         20        30         40         50         60
                                Number of threads

                atomic_add-bench: 5000000 ops/thread, [0,2] range

  25 ++---------+----------+---------+----------+----------+----------+---++
     ++atomic +-E--+       +         +          +          +          +    |
     |cmpxchg +-H--+                                                       |
  20 ++master +-N--+                                                      ++
     |E|                                                                   |
     |++                                                                   |
     ||E                                                                   |
  15 ++|                                                                  ++
     |N||                                                                  |
     |+||                                   ---+E+------+E+-----+E+------+E|
  10 ++| |        ---+E+------+E+-----+E+---                    +++      +++
     ||H+E+--+E+--                                                         |
     |+++++                                                                |
     | ||                                                                  |
   5 ++|+H+--                                  +++                        ++
     |+N+    -                              ---+H+------+H+------          |
     +  +N+--+H++----+H+---+--+H+----++H+---    +          +    +H+---+--+H|
   0 ++---------+----------+---------+----------+----------+----------+---++
     0          10         20        30         40         50         60
                                Number of threads

                atomic_add-bench: 5000000 ops/thread, [0,8] range

  40 ++---------+----------+---------+----------+----------+----------+---++
     ++atomic +-E--+       +         +          +          +          +    |
  35 +cmpxchg +-H--+                                                      ++
     | master +-N--+               ---+E+------+E+------+E+-----+E+------+E|
  30 ++|                   ---+E+--   +++                                 ++
     | |            -+E+---                                                |
  25 ++E        ---- +++                                                  ++
     |+++++ -+E+                                                           |
  20 +E+ E-- +++                                                          ++
     |H|+++                                                                |
     |+|                                       +H+-------                  |
  15 ++H+                                   ---+++      +H+------         ++
     |N++H+--                         +++---                    +H+------++|
  10 ++ +++  -       +++           ---+H+                       +++      +H+
     | |     +H+-----+H+------+H+--                                        |
   5 ++|                      +++                                         ++
     ++N+N+--+N++          +         +          +          +          +    |
   0 ++---------+----------+---------+----------+----------+----------+---++
     0          10         20        30         40         50         60
                                Number of threads

               atomic_add-bench: 5000000 ops/thread, [0,128] range

  160 ++---------+---------+----------+---------+----------+----------+---++
      + atomic +-E--+      +          +         +          +          +    |
  140 +cmpxchg +-H--+                          +++      +++               ++
      | master +-N--+                           E--------E------+E+------++|
  120 ++                                      --|        |      +++       E+
      |                                     -- +++      +++              ++|
  100 ++                                   -                              ++
      |                                +++-                     +++      ++|
   80 ++                              -+E+    -+H+------+H+------H--------++
      |                           ----    ----                  +++       H|
      |            ---+E+-----+E+-  ---+H+                               ++|
   60 ++     +E+---   +++  ---+H+---                                      ++
      |    --+++   ---+H+--                                                |
   40 ++ +E+-+H+---                                                       ++
      |  +H+                                                               |
   20 +EE+                                                                ++
      +N+        +         +          +         +          +          +    |
    0 ++N-N---N--+---------+----------+---------+----------+----------+---++
      0          10        20         30        40         50         60
                                Number of threads

              atomic_add-bench: 5000000 ops/thread, [0,1024] range

  350 ++---------+---------+----------+---------+----------+----------+---++
      + atomic +-E--+      +          +         +          +          +    |
  300 +cmpxchg +-H--+                                                    +++
      | master +-N--+                                           +++       ||
      |                                                 +++      |    ----E|
  250 ++                                                 |   ----E----    ++
      |                                              ----E---    |    ---+H|
  200 ++                                      -+E+---   +++  ---+H+---    ++
      |                                   ----         -+H+--              |
      |                                +E+     +++ ---- +++                |
  150 ++                            ---+++  ---+H+-                       ++
      |                          ---  -+H+--                               |
  100 ++                   ---+E+ ---- +++                                ++
      |      +++   ---+E+-----+H+-                                         |
      |     -+E+------+H+--                                                |
   50 ++ +E+                                                              ++
      +EE+       +         +          +         +          +          +    |
    0 ++N-N---N--+---------+----------+---------+----------+----------+---++
      0          10        20         30        40         50         60
                                Number of threads

  hi-res: http://imgur.com/a/fMRmq

For master I stopped measuring master after 8 threads, because there is little
point in measuring the well-known performance collapse of a contended lock.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-21-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-i386: emulate XCHG using atomic helper
Emilio G. Cota [Mon, 27 Jun 2016 19:02:04 +0000 (15:02 -0400)]
target-i386: emulate XCHG using atomic helper

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-19-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-i386: emulate LOCK'ed BTX ops using atomic helpers
Emilio G. Cota [Mon, 27 Jun 2016 19:02:03 +0000 (15:02 -0400)]
target-i386: emulate LOCK'ed BTX ops using atomic helpers

[rth: Avoid redundant qemu_ld in locked case.  Fix previously unnoticed
incorrect zero-extension of address in register-offset case.]

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-18-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-i386: emulate LOCK'ed XADD using atomic helper
Emilio G. Cota [Mon, 27 Jun 2016 19:02:02 +0000 (15:02 -0400)]
target-i386: emulate LOCK'ed XADD using atomic helper

[rth: Move load of reg value to common location.]

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-17-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-i386: emulate LOCK'ed NEG using cmpxchg helper
Emilio G. Cota [Mon, 27 Jun 2016 19:02:01 +0000 (15:02 -0400)]
target-i386: emulate LOCK'ed NEG using cmpxchg helper

[rth: Move redundant qemu_load out of cmpxchg loop.]

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-16-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-i386: emulate LOCK'ed NOT using atomic helper
Emilio G. Cota [Mon, 27 Jun 2016 19:02:00 +0000 (15:02 -0400)]
target-i386: emulate LOCK'ed NOT using atomic helper

[rth: Avoid qemu_load that's redundant with the atomic op.]

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-15-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-i386: emulate LOCK'ed INC using atomic helper
Emilio G. Cota [Mon, 27 Jun 2016 19:01:59 +0000 (15:01 -0400)]
target-i386: emulate LOCK'ed INC using atomic helper

[rth: Merge gen_inc_locked back into gen_inc to share cc update.]

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-14-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-i386: emulate LOCK'ed OP instructions using atomic helpers
Emilio G. Cota [Mon, 27 Jun 2016 19:01:58 +0000 (15:01 -0400)]
target-i386: emulate LOCK'ed OP instructions using atomic helpers

[rth: Eliminate some unnecessary temporaries.]

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-13-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotarget-i386: emulate LOCK'ed cmpxchg using cmpxchg helpers
Emilio G. Cota [Mon, 27 Jun 2016 19:01:51 +0000 (15:01 -0400)]
target-i386: emulate LOCK'ed cmpxchg using cmpxchg helpers

The diff here is uglier than necessary. All this does is to turn

FOO

into:

if (s->prefix & PREFIX_LOCK) {
  BAR
} else {
  FOO
}

where FOO is the original implementation of an unlocked cmpxchg.

[rth: Adjust unlocked cmpxchg to use movcond instead of branches.
Adjust helpers to use atomic helpers.]

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-6-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotcg: Emit barriers with parallel_cpus
Richard Henderson [Fri, 16 Sep 2016 16:24:20 +0000 (09:24 -0700)]
tcg: Emit barriers with parallel_cpus

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotcg: Add CONFIG_ATOMIC64
Richard Henderson [Fri, 2 Sep 2016 19:23:57 +0000 (12:23 -0700)]
tcg: Add CONFIG_ATOMIC64

Allow qemu to build on 32-bit hosts without 64-bit atomic ops.

Even if we only allow 32-bit hosts to multi-thread emulate 32-bit
guests, we still need some way to handle the 32-bit guest using a
64-bit atomic operation.  Do so by dropping back to single-step.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotcg: Add atomic128 helpers
Richard Henderson [Thu, 30 Jun 2016 04:10:59 +0000 (21:10 -0700)]
tcg: Add atomic128 helpers

Force the use of cmpxchg16b on x86_64.

Wikipedia suggests that only very old AMD64 (circa 2004) did not have
this instruction.  Further, it's required by Windows 8 so no new cpus
will ever omit it.

If we truely care about these, then we could check this at startup time
and then avoid executing paths that use it.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotcg: Add atomic helpers
Richard Henderson [Tue, 28 Jun 2016 18:37:27 +0000 (11:37 -0700)]
tcg: Add atomic helpers

Add all of cmpxchg, op_fetch, fetch_op, and xchg.
Handle both endian-ness, and sizes up to 8.
Handle expanding non-atomically, when emulating in serial.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agocputlb: Tidy some macros
Richard Henderson [Sat, 9 Jul 2016 02:02:33 +0000 (19:02 -0700)]
cputlb: Tidy some macros

TGT_LE and TGT_BE are not size dependent and do not need to be
redefined.  The others are no longer used at all.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agocputlb: Move most of iotlb code out of line
Richard Henderson [Sat, 9 Jul 2016 01:51:28 +0000 (18:51 -0700)]
cputlb: Move most of iotlb code out of line

Saves 2k code size off of a cold path.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agocputlb: Remove includes from softmmu_template.h
Richard Henderson [Sat, 9 Jul 2016 01:24:55 +0000 (18:24 -0700)]
cputlb: Remove includes from softmmu_template.h

We already include exec/address-spaces.h and exec/memory.h in
cputlb.c; the include of qemu/timer.h appears to be a fossil.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agocputlb: Move probe_write out of softmmu_template.h
Richard Henderson [Sat, 9 Jul 2016 01:22:26 +0000 (18:22 -0700)]
cputlb: Move probe_write out of softmmu_template.h

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agocputlb: Replace SHIFT with DATA_SIZE
Richard Henderson [Sat, 9 Jul 2016 01:14:28 +0000 (18:14 -0700)]
cputlb: Replace SHIFT with DATA_SIZE

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agolinux-user: enable parallel code generation on clone
Alex Bennée [Wed, 5 Oct 2016 18:13:04 +0000 (11:13 -0700)]
linux-user: enable parallel code generation on clone

The variable parallel_cpus controls the generation of thread aware
atomic code.  We only need to set it once we clone our first thread.
At this point any existing translations need to be thrown away.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agotcg: Add EXCP_ATOMIC
Richard Henderson [Thu, 30 Jun 2016 05:12:55 +0000 (22:12 -0700)]
tcg: Add EXCP_ATOMIC

When we cannot emulate an atomic operation within a parallel
context, this exception allows us to stop the world and try
again in a serial context.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agoint128: Add int128_make128
Richard Henderson [Wed, 29 Jun 2016 23:57:26 +0000 (16:57 -0700)]
int128: Add int128_make128

Allows Int128 to be used more generally, rather than having to
begin with 64-bit inputs and accumulate.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agoint128: Use __int128 if available
Richard Henderson [Wed, 29 Jun 2016 22:52:10 +0000 (15:52 -0700)]
int128: Use __int128 if available

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agoexec: Avoid direct references to Int128 parts
Richard Henderson [Wed, 29 Jun 2016 22:48:03 +0000 (15:48 -0700)]
exec: Avoid direct references to Int128 parts

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agoatomics: Add __nocheck atomic operations
Richard Henderson [Mon, 24 Oct 2016 17:29:32 +0000 (10:29 -0700)]
atomics: Add __nocheck atomic operations

While the check against sizeof(void *) is appropriate for
normal usage within qemu, there are places in which we want
wider operaions and have checked for their existance.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agoatomics: add atomic_op_fetch variants
Emilio G. Cota [Mon, 27 Jun 2016 19:01:54 +0000 (15:01 -0400)]
atomics: add atomic_op_fetch variants

This paves the way for upcoming work.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <1467054136-10430-9-git-send-email-cota@braap.org>

8 years agoatomics: add atomic_xor
Emilio G. Cota [Mon, 27 Jun 2016 19:01:53 +0000 (15:01 -0400)]
atomics: add atomic_xor

This paves the way for upcoming work.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <1467054136-10430-8-git-send-email-cota@braap.org>

8 years agoatomics: Add parameters to macros
Richard Henderson [Mon, 24 Oct 2016 16:49:25 +0000 (09:49 -0700)]
atomics: Add parameters to macros

Making these functional rather than object macros will
prevent later problems with complex macro expansion.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
8 years agovirtio-gpu: fix memory leak in virtio_gpu_resource_create_2d
Li Qiang [Mon, 19 Sep 2016 02:07:11 +0000 (19:07 -0700)]
virtio-gpu: fix memory leak in virtio_gpu_resource_create_2d

In virtio gpu resource create dispatch, if the pixman format is zero
it doesn't free the resource object allocated previously. Thus leading
a host memory leak issue. This patch avoid this.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 57df486e.8379240a.c3620.ff81@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agoaudio: intel-hda: check stream entry count during transfer
Prasad J Pandit [Thu, 20 Oct 2016 07:40:24 +0000 (13:10 +0530)]
audio: intel-hda: check stream entry count during transfer

Intel HDA emulator uses stream of buffers during DMA data
transfers. Each entry has buffer length and buffer pointer
position, which are used to derive bytes to 'copy'. If this
length and buffer pointer were to be same, 'copy' could be
set to zero(0), leading to an infinite loop. Add check to
avoid it.

Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1476949224-6865-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agocolo-proxy: fix memory leak
Zhang Chen [Mon, 17 Oct 2016 09:23:59 +0000 (17:23 +0800)]
colo-proxy: fix memory leak

Fix memory leak in colo-compare.c and filter-rewriter.c
Report by Coverity and add some comments.

Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agonet: rtl8139: limit processing of ring descriptors
Prasad J Pandit [Fri, 21 Oct 2016 12:09:29 +0000 (17:39 +0530)]
net: rtl8139: limit processing of ring descriptors

RTL8139 ethernet controller in C+ mode supports multiple
descriptor rings, each with maximum of 64 descriptors. While
processing transmit descriptor ring in 'rtl8139_cplus_transmit',
it does not limit the descriptor count and runs forever. Add
check to avoid it.

Reported-by: Andrew Henderson <hendersa@icculus.org>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agonet: vmxnet: initialise local tx descriptor
Li Qiang [Wed, 10 Aug 2016 19:12:20 +0000 (00:42 +0530)]
net: vmxnet: initialise local tx descriptor

In Vmxnet3 device emulator while processing transmit(tx) queue,
when it reaches end of packet, it calls vmxnet3_complete_packet.
In that local 'txcq_descr' object is not initialised, which could
leak host memory bytes a guest.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoe1000e: Don't zero out buffer address in rx descriptor
Kevin Wolf [Sun, 16 Oct 2016 22:35:07 +0000 (00:35 +0200)]
e1000e: Don't zero out buffer address in rx descriptor

The e1000e emulation zeroes out any used rx descriptor and then writes a
completely newly constructed value there. By doing this, it doesn't only
update the write-back area of the descriptors (as it's supposed to do),
but it also clears the buffer address, which real hardware doesn't do.

The spec explicitly mentions in chapter 7.1.8 that it is valid for a
driver to reuse a descriptor and only update the status field while
doing so, i.e. reusing the old buffer address:

    If software statically allocates buffers, and uses memory read to
    check for completed descriptors, it simply has to zero the status
    byte in the descriptor to make it ready for reuse by hardware.

This patch fixes the behaviour to leave the buffer address in
descriptors unchanged even after the descriptor has been used.

Signed-off-by: Kevin Wolf <mail@kevin-wolf.de>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agonet: rocker: set limit to DMA buffer size
Prasad J Pandit [Wed, 12 Oct 2016 09:10:55 +0000 (14:40 +0530)]
net: rocker: set limit to DMA buffer size

Rocker network switch emulator has test registers to help debug
DMA operations. While testing host DMA access, a buffer address
is written to register 'TEST_DMA_ADDR' and its size is written to
register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
test, if DMA buffer size was greater than 'INT_MAX', it leads to
an invalid buffer access. Limit the DMA buffer size to avoid it.

Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agonet: eepro100: fix memory leak in device uninit
Li Qiang [Sat, 8 Oct 2016 12:07:25 +0000 (05:07 -0700)]
net: eepro100: fix memory leak in device uninit

The exit dispatch of eepro100 network card device doesn't free
the 's->vmstate' field which was allocated in device realize thus
leading a host memory leak. This patch avoid this.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agotap-bsd: OpenBSD uses tap(4) now
Brad Smith [Fri, 7 Oct 2016 01:28:33 +0000 (21:28 -0400)]
tap-bsd: OpenBSD uses tap(4) now

Update the tap-bsd code now that OpenBSD uses tap(4).

Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agonet: pcnet: fix source formatting and indentation
Prasad J Pandit [Fri, 30 Sep 2016 06:49:12 +0000 (12:19 +0530)]
net: pcnet: fix source formatting and indentation

Fix indentations and source format at few places. Add braces
around 'if' and 'while' statements.

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agonet: pcnet: check rx/tx descriptor ring length
Prasad J Pandit [Thu, 29 Sep 2016 18:57:33 +0000 (00:27 +0530)]
net: pcnet: check rx/tx descriptor ring length

The AMD PC-Net II emulator has set of control and status(CSR)
registers. Of these, CSR76 and CSR78 hold receive and transmit
descriptor ring length respectively. This ring length could range
from 1 to 65535. Setting ring length to zero leads to an infinite
loop in pcnet_rdra_addr() or pcnet_transmit(). Add check to avoid it.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agotarget-m68k: Optimize gen_flush_flags
Richard Henderson [Fri, 14 Aug 2015 14:59:24 +0000 (07:59 -0700)]
target-m68k: Optimize gen_flush_flags

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 years agotarget-m68k: Optimize some comparisons
Richard Henderson [Fri, 14 Aug 2015 14:59:23 +0000 (07:59 -0700)]
target-m68k: Optimize some comparisons

Signed-off-by: Richard Henderson <rth@twiddle.net>
[laurent: fixed VC and VS: assign v1, not v2]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 years agotarget-m68k: Use setcond for scc
Richard Henderson [Fri, 14 Aug 2015 14:59:22 +0000 (07:59 -0700)]
target-m68k: Use setcond for scc

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 years agotarget-m68k: Introduce DisasCompare
Richard Henderson [Fri, 14 Aug 2015 14:59:21 +0000 (07:59 -0700)]
target-m68k: Introduce DisasCompare

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 years agotarget-m68k: Reorg flags handling
Richard Henderson [Fri, 14 Aug 2015 14:59:20 +0000 (07:59 -0700)]
target-m68k: Reorg flags handling

Separate all ccr bits.  Continue to batch updates via cc_op.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Fix gen_logic_cc() to really extend the size of the result.
Fix gen_get_ccr(): update cc_op as it is used by the helper.
Factorize flags computing and src/ccr cleanup

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
target-m68k: sr/ccr cleanup

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 years agotarget-m68k: Remove incorrect clearing of cc_x
Richard Henderson [Fri, 14 Aug 2015 14:59:18 +0000 (07:59 -0700)]
target-m68k: Remove incorrect clearing of cc_x

The CF docs certainly doesnt suggest this is true.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 years agotarget-m68k: Some fixes to SR and flags management
Richard Henderson [Fri, 14 Aug 2015 14:59:17 +0000 (07:59 -0700)]
target-m68k: Some fixes to SR and flags management

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 years agotarget-m68k: Print flags properly
Richard Henderson [Fri, 14 Aug 2015 14:59:16 +0000 (07:59 -0700)]
target-m68k: Print flags properly

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 years agotarget-m68k: update CPU flags management
Laurent Vivier [Sat, 8 Aug 2015 23:44:24 +0000 (01:44 +0200)]
target-m68k: update CPU flags management

Copied from target-i386

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <rth@twiddle.net>