sdk/emulator/qemu.git
11 years agovirtio: add a queue_index to VirtQueue
Jason Wang [Wed, 30 Jan 2013 11:12:37 +0000 (19:12 +0800)]
virtio: add a queue_index to VirtQueue

Add a queue_index to VirtQueue and a helper to fetch it, this could be used by
multiqueue supported device.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovirtio: introduce virtio_del_queue()
Jason Wang [Wed, 30 Jan 2013 11:12:36 +0000 (19:12 +0800)]
virtio: introduce virtio_del_queue()

Some device (such as virtio-net) needs the ability to destroy or re-order the
virtqueues, this patch adds a helper to do this.

Signed-off-by: Jason Wang <jasowang>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovhost: multiqueue support
Jason Wang [Wed, 30 Jan 2013 11:12:35 +0000 (19:12 +0800)]
vhost: multiqueue support

This patch lets vhost support multiqueue. The idea is simple, just launching
multiple threads of vhost and let each of vhost thread processing a subset of
the virtqueues of the device. After this change each emulated device can have
multiple vhost threads as its backend.

To do this, a virtqueue index were introduced to record to first virtqueue that
will be handled by this vhost_net device. Based on this and nvqs, vhost could
calculate its relative index to setup vhost_net device.

Since we may have many vhost/net devices for a virtio-net device. The setting of
guest notifiers were moved out of the starting/stopping of a specific vhost
thread. The vhost_net_{start|stop}() were renamed to
vhost_net_{start|stop}_one(), and a new vhost_net_{start|stop}() were introduced
to configure the guest notifiers and start/stop all vhost/vhost_net devices.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotap: multiqueue support
Jason Wang [Wed, 30 Jan 2013 11:12:34 +0000 (19:12 +0800)]
tap: multiqueue support

Recently, linux support multiqueue tap which could let userspace call TUNSETIFF
for a signle device many times to create multiple file descriptors as
independent queues. User could also enable/disabe a specific queue through
TUNSETQUEUE.

The patch adds the generic infrastructure to create multiqueue taps. To achieve
this a new parameter "queues" were introduced to specify how many queues were
expected to be created for tap by qemu itself. Alternatively, management could
also pass multiple pre-created tap file descriptors separated with ':' through a
new parameter fds like -netdev tap,id=hn0,fds="X:Y:..:Z". Multiple vhost file
descriptors could also be passed in this way.

Each TAPState were still associated to a tap fd, which mean multiple TAPStates
were created when user needs multiqueue taps. Since each TAPState contains one
NetClientState, with the multiqueue nic support, an N peers of NetClientState
were built up.

A new parameter, mq_required were introduce in tap_open() to create multiqueue
tap fds.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotap: introduce a helper to get the name of an interface
Jason Wang [Wed, 30 Jan 2013 11:12:33 +0000 (19:12 +0800)]
tap: introduce a helper to get the name of an interface

This patch introduces a helper tap_get_ifname() to get the device name of tap
device. This is needed when ifname is unspecified in the command line and qemu
were asked to create tap device by itself. In this situation, the name were
allocated by kernel, so if multiqueue is asked, we need to fetch its name after
creating the first queue.

Only linux has this support since it's the only platform that supports
multiqueue tap.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotap: support enabling or disabling a queue
Jason Wang [Wed, 30 Jan 2013 11:12:32 +0000 (19:12 +0800)]
tap: support enabling or disabling a queue

This patch introduce a new bit - enabled in TAPState which tracks whether a
specific queue/fd is enabled. The tap/fd is enabled during initialization and
could be enabled/disabled by tap_enalbe() and tap_disable() which calls platform
specific helpers to do the real work. Polling of a tap fd can only done when
the tap was enabled.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotap: add Linux multiqueue support
Jason Wang [Wed, 30 Jan 2013 11:12:31 +0000 (19:12 +0800)]
tap: add Linux multiqueue support

This patch add basic multiqueue support for Linux. When multiqueue is needed, we
will first check whether kernel support multiqueue tap before creating more
queues. Two new functions tap_fd_enable() and tap_fd_disable() were introduced
to enable and disable a specific queue. Since the multiqueue is only supported
in Linux, return error on other platforms.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotap: factor out common tap initialization
Jason Wang [Wed, 30 Jan 2013 11:12:30 +0000 (19:12 +0800)]
tap: factor out common tap initialization

This patch factors out the common initialization of tap into a new helper
net_init_tap_one(). This will be used by multiqueue tap patches.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotap: import linux multiqueue constants
Jason Wang [Wed, 30 Jan 2013 11:12:29 +0000 (19:12 +0800)]
tap: import linux multiqueue constants

Import multiqueue constants from if_tun.h from 3.8-rc3. A new ifr flag
IFF_MULTI_QUEUE were introduced to create a multiqueue backend by calling
TUNSETIFF with the this flag and with the same interface name many times.

A new ioctl TUNSETQUEUE were introduced. When doing this ioctl with
IFF_DETACH_QUEUE, the queue were disabled in the linux kernel. When doing this
ioctl with IFF_ATTACH_QUEUE, the queue were enabled in the linux kernel.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agonet: multiqueue support
Jason Wang [Wed, 30 Jan 2013 11:12:28 +0000 (19:12 +0800)]
net: multiqueue support

This patch adds basic multiqueue support for qemu. The idea is simple, an array
of NetClientStates were introduced in NICState, parse_netdev() were extended to
find and match all NetClientStates belongs to the backend and place their
pointers in NICConf. Then qemu_new_nic can setup a N:N mapping between NICStates
that belongs to a nic and NICStates belongs to the netdev. And a queue_index
were introduced in NetClientState to track its index. After this, each peers of
a NICState were abstracted as a queue.

After this change, all NetClientState that belongs to the same backend/nic has
the same id. When use want to change the link status, all NetClientStates that
belongs to the same backend/nic will be also changed. When user want to delete
a device or netdev, all NetClientStates that belongs to the same backend/nic
will be deleted also. Changing or deleting an specific queue is not allowed.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agonet: introduce NetClientState destructor
Jason Wang [Wed, 30 Jan 2013 11:12:27 +0000 (19:12 +0800)]
net: introduce NetClientState destructor

To allow allocating an array of NetClientState and free it once, this patch
introduces destructor of NetClientState. Which could do type specific free,
which could be used by multiqueue to free the array once.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agonet: introduce qemu_net_client_setup()
Jason Wang [Wed, 30 Jan 2013 11:12:26 +0000 (19:12 +0800)]
net: introduce qemu_net_client_setup()

This patch separates the setup of NetClientState from its allocation, this will
allow allocating an arrays of NetClientState and does the initialization one by
one which is what multiqueue needs.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agonet: introduce qemu_find_net_clients_except()
Jason Wang [Wed, 30 Jan 2013 11:12:25 +0000 (19:12 +0800)]
net: introduce qemu_find_net_clients_except()

In multiqueue, all NetClientState that belongs to the same netdev or nic has the
same id. So this patches introduces an helper qemu_find_net_clients_except()
which finds all NetClientState with the same id. This will be used by multiqueue
networking.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agonet: intorduce qemu_del_nic()
Jason Wang [Wed, 30 Jan 2013 11:12:24 +0000 (19:12 +0800)]
net: intorduce qemu_del_nic()

To support multiqueue nic, this patch separate the nic destructor from
qemu_del_net_client() to a new helper qemu_del_nic() since the mapping bettween
NiCState and NetClientState were not 1:1 in multiqueue. The following patches
would refactor this function to support multiqueue nic.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agonet: introduce qemu_get_nic()
Jason Wang [Wed, 30 Jan 2013 11:12:23 +0000 (19:12 +0800)]
net: introduce qemu_get_nic()

To support multiqueue, this patch introduces a helper qemu_get_nic() to get
NICState from a NetClientState. The following patches would refactor this helper
to support multiqueue.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agonet: introduce qemu_get_queue()
Jason Wang [Wed, 30 Jan 2013 11:12:22 +0000 (19:12 +0800)]
net: introduce qemu_get_queue()

To support multiqueue, the patch introduce a helper qemu_get_queue()
which is used to get the NetClientState of a device. The following patches would
refactor this helper to support multiqueue.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agonet: tap: use abort() instead of assert(0)
Jason Wang [Wed, 30 Jan 2013 11:12:21 +0000 (19:12 +0800)]
net: tap: use abort() instead of assert(0)

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agonet: tap: using bool instead of bitfield
Jason Wang [Wed, 30 Jan 2013 11:12:20 +0000 (19:12 +0800)]
net: tap: using bool instead of bitfield

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotarget-ppc: Fix target_ulong vs. hwaddr format mismatches
Andreas Färber [Thu, 31 Jan 2013 13:49:44 +0000 (14:49 +0100)]
target-ppc: Fix target_ulong vs. hwaddr format mismatches

Since HWADDR_PRIx is always the same now, use %016 for TARGET_PPC64 and
%08 for common code. This may slightly change the ppc64 debug output.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agolibqtest: Wait for the right child PID after killing QEMU
Eduardo Habkost [Mon, 28 Jan 2013 18:15:16 +0000 (16:15 -0200)]
libqtest: Wait for the right child PID after killing QEMU

When running "make check" with gcov enabled, we get the following
message:

   hw/tmp105.gcda:cannot open data file, assuming not executed

The problem happens because:

 * tmp105-test exits before QEMU exits, because waitpid() at
   qtest_quit() fails;
 * waitpid() fails because there's another process already
   waiting for the QEMU process;
 * The process that is already waiting for QEMU is the child created by
   qtest_init() to run system();
 * qtest_quit() is incorrectly waiting for the QEMU PID directly instead
   of the child created by qtest_init().

This fixes the problem by sending SIGTERM to QEMU, but waiting for the
child process created by qtest_init() (that exits immediately after QEMU
exits).

Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoisa: QOM'ify isa_bus_from_device()
Andreas Färber [Sun, 20 Jan 2013 17:56:18 +0000 (18:56 +0100)]
isa: QOM'ify isa_bus_from_device()

DeviceState::parent_bus is document as private and should be accessed
through qdev_get_parent_bus(). Use a DEVICE() cast instead of accessing
ISADevice's qdev field directly. Use ISA_BUS() in place of DO_UPCAST().

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoi2c: Drop I2C_SLAVE_FROM_QDEV() macro
Andreas Färber [Fri, 25 Jan 2013 08:12:54 +0000 (09:12 +0100)]
i2c: Drop I2C_SLAVE_FROM_QDEV() macro

It is not being used in hot paths and is obsoleted by I2C_SLAVE()
QOM cast macro. Clean it up using a scripted conversion, so that it
doesn't get used in new code.

Some of its callers were combining it with FROM_I2C_SLAVE() macro, which
is equally obsolete but needs to be replaced in a type-specific way.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Kuo-Jung Su <dantesu@faraday-tech.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoconfigure: Keep -Werror enabled for Release Candidates
Andreas Färber [Sun, 27 Jan 2013 15:16:19 +0000 (16:16 +0100)]
configure: Keep -Werror enabled for Release Candidates

The automatic drop of -Werror during the RC phases has in the past led
to warnings creeping into submaintainer trees.

Last QEMU Summit it was concluded that -Werror should stay on and
enabled only as part of the release process.

To relieve our release manager, instead of always enabling -Werror or
doing some number magic, let's enable it depending on whether a .git/
directory exists in the source tree.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoRevert "e1000: no need auto-negotiation if link was down"
Michael Roth [Thu, 31 Jan 2013 23:43:51 +0000 (17:43 -0600)]
Revert "e1000: no need auto-negotiation if link was down"

This reverts commit 84dd2120247a7d25ff1bb337de21c0e76816ad2d.

I'm not sure what issue the original commit was meant to fix, or if
the logic is actually wrong, but it causes e1000 to stop working
after a guest issues a reset.

>From what I can tell a guest with an e1000 nic has no way of changing
the link status, as far as it's NetClient peer is concerned, except
in the auto-negotiation path, so with this patch in place there's no
recovery after a reset, since the link goes down and stays that way.

Revert this patch now to fix the bigger problem, and handle any
lingering issues with a follow-up.

Reproduced/tested with qemu-jeos and Ubuntu 12.10.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoMerge remote-tracking branch 'quintela/migration.next' into staging
Anthony Liguori [Fri, 1 Feb 2013 15:08:14 +0000 (09:08 -0600)]
Merge remote-tracking branch 'quintela/migration.next' into staging

# By Orit Wasserman
# Via Juan Quintela
* quintela/migration.next:
  Fix error message in migrate_set_capability HMP command
  Allow XBZRLE decoding without enabling the capability
  Fix example for query-migrate-capabilities
  Add XBZRLE testing
  Move XBZRLE encoding code to a separate file to allow testing

11 years agoMerge remote-tracking branch 'agraf/s390-for-upstream' into staging
Anthony Liguori [Fri, 1 Feb 2013 15:06:23 +0000 (09:06 -0600)]
Merge remote-tracking branch 'agraf/s390-for-upstream' into staging

# By Andreas Färber
# Via Alexander Graf
* agraf/s390-for-upstream:
  target-s390x: Pass S390CPU to s390_{add, del}_running_cpu()
  target-s390x: Clean up cpu_inject_*() signatures
  target-s390x: Fix debug output
  target-s390x: Fix debug output (continued)

11 years agoMerge remote-tracking branch 'agraf/ppc-for-upstream' into staging
Anthony Liguori [Fri, 1 Feb 2013 15:02:09 +0000 (09:02 -0600)]
Merge remote-tracking branch 'agraf/ppc-for-upstream' into staging

# By Andreas Färber (2) and Alexander Graf (1)
# Via Alexander Graf
* agraf/ppc-for-upstream:
  target-ppc: Fix build for PPC_DEBUG_DISAS
  target-ppc: Fix unused variable warning for FLUSH_ALL_TLBS
  PPC: Unify dcbzl code path

11 years agoFix error message in migrate_set_capability HMP command
Orit Wasserman [Thu, 31 Jan 2013 07:12:19 +0000 (09:12 +0200)]
Fix error message in migrate_set_capability HMP command

Signed-off-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
11 years agoAllow XBZRLE decoding without enabling the capability
Orit Wasserman [Thu, 31 Jan 2013 07:12:18 +0000 (09:12 +0200)]
Allow XBZRLE decoding without enabling the capability

Before this fix we couldn't load a guest from
XBZRLE compressed file.

For example:
The user activated the XBZRLE capability
The user run migrate -d "exec:gzip -c > vm.gz"
The user won't be able to load vm.gz and get an error.

Signed-off-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
11 years agoFix example for query-migrate-capabilities
Orit Wasserman [Thu, 31 Jan 2013 07:12:17 +0000 (09:12 +0200)]
Fix example for query-migrate-capabilities

Signed-off-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
11 years agoAdd XBZRLE testing
Orit Wasserman [Thu, 31 Jan 2013 07:12:16 +0000 (09:12 +0200)]
Add XBZRLE testing

Signed-off-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
11 years agoMove XBZRLE encoding code to a separate file to allow testing
Orit Wasserman [Thu, 31 Jan 2013 07:12:15 +0000 (09:12 +0200)]
Move XBZRLE encoding code to a separate file to allow testing

Signed-off-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
11 years agoMerge remote-tracking branch 'afaerber/qom-cpu' into staging
Anthony Liguori [Fri, 1 Feb 2013 01:37:33 +0000 (19:37 -0600)]
Merge remote-tracking branch 'afaerber/qom-cpu' into staging

# By Andreas Färber
# Via Andreas Färber
* afaerber/qom-cpu:
  linux-user: bsd-user: Don't reset X86CPU twice
  target-i386: Pass X86CPU to cpu_x86_set_a20()
  target-unicore32: Rename CPU subtypes
  target-openrisc: Rename CPU subtypes
  target-openrisc: TYPE_OPENRISC_CPU should be abstract
  target-m68k: Rename CPU subtypes
  target-m68k: Mark as unmigratable
  target-s390x: Mark as unmigratable
  target-sh4: Mark as unmigratable
  target-xtensa: Mark as unmigratable
  target-microblaze: Mark as unmigratable
  target-unicore32: Mark as unmigratable
  ide/mmio: QOM'ify MMIO IDE for R2D

11 years agoMerge remote-tracking branch 'afaerber-or/cocoa-for-upstream' into staging
Anthony Liguori [Fri, 1 Feb 2013 01:37:23 +0000 (19:37 -0600)]
Merge remote-tracking branch 'afaerber-or/cocoa-for-upstream' into staging

# By Henry Harrington (1) and Stefan Weil (1)
# Via Andreas Färber
* afaerber-or/cocoa-for-upstream:
  cocoa: Replace non-portable asprintf() by g_strdup_printf()
  cocoa: Fix VBE function Set Display Start

11 years agoMerge remote-tracking branch 'mst/tags/for_anthony' into staging
Anthony Liguori [Fri, 1 Feb 2013 01:35:24 +0000 (19:35 -0600)]
Merge remote-tracking branch 'mst/tags/for_anthony' into staging

virtio,make,pci,e1000,vfio,piix

This includes my timestamp generation cleanup,
Amos's and my work on virtio net commands,
pci,e1000,vfio and piix fixes.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 31 Jan 2013 06:20:27 AM CST using RSA key ID D28D5469
# gpg: Can't check signature: public key not found

# By Michael S. Tsirkin (6) and others
# Via Michael S. Tsirkin
* mst/tags/for_anthony:
  vfio-pci: Enable PCIe extended config space
  PIIX3: reset the VM when the Reset Control Register's RCPU bit gets set
  ich9: add support for pci assignment
  virtio-net: rename ctrl rx commands
  virtio-net: introduce a new macaddr control
  virtio-net: remove layout assumptions for ctrl vq
  virtio-net: revert mac on reset
  rules/mak: make clean should blow away timestamp files
  Makefile: clean timestamp generation rule
  rules.mak: cleanup config generation rules
  e1000: document ICS read behaviour

11 years agotarget-s390x: Pass S390CPU to s390_{add, del}_running_cpu()
Andreas Färber [Wed, 30 Jan 2013 12:48:25 +0000 (12:48 +0000)]
target-s390x: Pass S390CPU to s390_{add, del}_running_cpu()

This prepares for moving the halted field to CPUState.
Most call sites can already supply S390CPU, for some env becomes unused.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agotarget-s390x: Clean up cpu_inject_*() signatures
Andreas Färber [Wed, 30 Jan 2013 12:48:24 +0000 (12:48 +0000)]
target-s390x: Clean up cpu_inject_*() signatures

Despite cautioning that S390CPU is needed for upcoming CPUState
refactorings, commit 5d69c547d947798cba92d836d06f6e017ba2b19d (s390:
I/O interrupt and machine check injection.) added functions
cpu_inject_io() and cpu_inject_crw_mchk() with CPUS390XState argument,
claiming consistency with cpu_inject_ext().

This complicates making cpu_interrupt() take a CPUState even more and it
required to pass &cpu->env from some S390CPU-aware call sites already,
creating inconsistency elsewhere. Address that.

This also eliminates the need for CPUS390XState in s390_virtio_irq().

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agotarget-s390x: Fix debug output
Andreas Färber [Sun, 27 Jan 2013 03:32:03 +0000 (03:32 +0000)]
target-s390x: Fix debug output

Commit 71e470886fb6092504503a5fe41092ace71c096c (target-s390x: fix
style) renamed the cpu_s390x_handle_mmu_fault() argument from _vaddr to
orig_vaddr. Update the debug output code.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agotarget-s390x: Fix debug output (continued)
Andreas Färber [Sun, 27 Jan 2013 03:32:04 +0000 (03:32 +0000)]
target-s390x: Fix debug output (continued)

Since its introduction in d5a439645a5a70fed5431318c3bce9dc2caa950f
(s390x: helper functions for system emulation) the variable name was
raddr. Fix this.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agotarget-ppc: Fix build for PPC_DEBUG_DISAS
Andreas Färber [Sun, 27 Jan 2013 03:32:02 +0000 (03:32 +0000)]
target-ppc: Fix build for PPC_DEBUG_DISAS

In r5949 / 76db3ba44ee8db671f804755f13b016eefd13288 (target-ppc: memory
load/store rework) variable little_endian was replaced with ctx.le_mode.
Update the debug code.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agotarget-ppc: Fix unused variable warning for FLUSH_ALL_TLBS
Andreas Färber [Sun, 27 Jan 2013 03:32:01 +0000 (03:32 +0000)]
target-ppc: Fix unused variable warning for FLUSH_ALL_TLBS

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agoPPC: Unify dcbzl code path
Alexander Graf [Tue, 29 Jan 2013 12:36:02 +0000 (13:36 +0100)]
PPC: Unify dcbzl code path

The bit that makes a dcbz instruction a dcbzl instruction was declared as
reserved in ppc32 ISAs. However, hardware simply ignores the bit, making
code valid if it simply invokes dcbzl instead of dcbz even on 750 and G4.

Thus, mark the bit as unreserved so that we properly emulate a simple dcbz
in case we're running on non-G5s.

While at it, also refactor the code to check the 970 special case during
runtime. This way we don't need to differenciate between a 970 dcbz and
any other dcbz anymore. We also allow for future improvements to add e500mc
dcbz handling.

Reported-by: Amadeusz Sławiński <amade@asmblr.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agolinux-user: bsd-user: Don't reset X86CPU twice
Andreas Färber [Sun, 20 Jan 2013 04:34:10 +0000 (05:34 +0100)]
linux-user: bsd-user: Don't reset X86CPU twice

Since commit 65dee38052597b6285eb208125369f01b29ba6c1 (target-i386:
move cpu_reset and reset callback to cpu.c) the x86 CPU is reset through
cpu_init() but was still reset immediately after in linux-user and
bsd-user. Clean this up.

Similarly in linux-user/syscall.c it is also reset after cpu_copy().
But that's a bug of its own, fixing which poses a semantic change.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
11 years agotarget-i386: Pass X86CPU to cpu_x86_set_a20()
Andreas Färber [Fri, 18 Jan 2013 14:19:06 +0000 (15:19 +0100)]
target-i386: Pass X86CPU to cpu_x86_set_a20()

Prepares for cpu_interrupt() changing argument to CPUState.

While touching it, rename to x86_cpu_...() now that it takes an X86CPU.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
11 years agotarget-unicore32: Rename CPU subtypes
Andreas Färber [Sun, 27 Jan 2013 22:25:25 +0000 (23:25 +0100)]
target-unicore32: Rename CPU subtypes

In the initial conversion of CPU models to QOM types, model names were
mapped 1:1 to type names. As a side effect this gained us a type "any",
which is now a device.

To avoid "-device any" silliness and to pave the way for compiling
multiple targets into one executable, adopt a <name>-<arch>-cpu scheme.

No functional changes for -cpu arguments.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-openrisc: Rename CPU subtypes
Andreas Färber [Sun, 27 Jan 2013 21:50:35 +0000 (22:50 +0100)]
target-openrisc: Rename CPU subtypes

Model names were mapped 1:1 to type names. As a side effect this
registered a type "any", which is now a device.

To avoid "-device any" silliness and to pave the way for compiling
multiple targets into one executable, adopt a <name>-<arch>-cpu scheme.

No functional changes for -cpu arguments or -cpu ? output.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-openrisc: TYPE_OPENRISC_CPU should be abstract
Andreas Färber [Sun, 27 Jan 2013 21:27:17 +0000 (22:27 +0100)]
target-openrisc: TYPE_OPENRISC_CPU should be abstract

A basic assumption of CPU subtypes is that only specific models get
instantiated. A user is not supposed to instantiate an <arch>-cpu.
Suppress it via abstract = true, which also drops or32-cpu from
-cpu ? output.

Cc: qemu-stable@nongnu.org
Cc: Jia Liu <proljc@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-m68k: Rename CPU subtypes
Andreas Färber [Sun, 27 Jan 2013 19:16:17 +0000 (20:16 +0100)]
target-m68k: Rename CPU subtypes

In the initial conversion of CPU models to QOM types, model names were
mapped 1:1 to type names. As a side effect this gained us a type "any",
which is now a device.

To avoid "-device any" silliness and to pave the way for compiling
multiple targets into one executable, adopt a <name>-<arch>-cpu scheme.

No functional changes for -cpu arguments or -cpu ? output.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-m68k: Mark as unmigratable
Andreas Färber [Sun, 20 Jan 2013 18:53:28 +0000 (19:53 +0100)]
target-m68k: Mark as unmigratable

It neither defined CPU_SAVE_VERSION nor implemented cpu_{save,load}().
Mark M68kCPU as unmigratable at device level.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
11 years agotarget-s390x: Mark as unmigratable
Andreas Färber [Sun, 20 Jan 2013 18:41:06 +0000 (19:41 +0100)]
target-s390x: Mark as unmigratable

CPU_SAVE_VERSION was undefined, so "cpu_common" VMState and
cpu_{save,load}() were not registered. They were no-ops.
Therefore there is no backwards compatibility to keep, so we can mark
S390CPU as unmigratable at device level.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
11 years agotarget-sh4: Mark as unmigratable
Andreas Färber [Sun, 20 Jan 2013 18:32:33 +0000 (19:32 +0100)]
target-sh4: Mark as unmigratable

It neither defined CPU_SAVE_VERSION nor implemented cpu{save,load}().
Mark it as unmigratable at device level.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
11 years agotarget-xtensa: Mark as unmigratable
Andreas Färber [Sun, 20 Jan 2013 18:22:41 +0000 (19:22 +0100)]
target-xtensa: Mark as unmigratable

There was no CPU_SAVE_VERSION defined, so neither "cpu_common" VMState
nor cpu_{save,load}() were registered. Their implementation was no-op.
Therefore there is no backwards compatibility to keep, so mark XtensaCPU
as unmigratable at device level.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
11 years agotarget-microblaze: Mark as unmigratable
Andreas Färber [Sun, 20 Jan 2013 18:03:32 +0000 (19:03 +0100)]
target-microblaze: Mark as unmigratable

cpu_{save,load} were no-ops, so de facto it is unmigratable and no
backwards compatibility to keep. Therefore mark the MicroBlazeCPU as
unmigratable at device level the QOM way and suppress "cpu_common"
VMState registration by dropping CPU_SAVE_VERSION.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
11 years agotarget-unicore32: Mark as unmigratable
Andreas Färber [Sun, 20 Jan 2013 10:43:30 +0000 (11:43 +0100)]
target-unicore32: Mark as unmigratable

CPU_SAVE_VERSION 2 was bogus as both save and load would just throw a
hw_error(). Therefore we can without problems suppress registration of
"cpu_common" VMState by dropping CPU_SAVE_VERSION define and provide an
unmigratable "cpu" VMStateDescription for UniCore32CPU at device level
instead, where we can attach this the QOM way.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
11 years agoide/mmio: QOM'ify MMIO IDE for R2D
Andreas Färber [Thu, 31 Jan 2013 23:13:41 +0000 (00:13 +0100)]
ide/mmio: QOM'ify MMIO IDE for R2D

It was not qdev'ified before, so turn it into a SysBusDevice.
Keep mmio_ide_init_drives() around to attach the hard drive.

Signed-off-by: Andreas Färberr <afaerber@suse.de>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: fix incorrect test for MTHLIP
Petar Jovanovic [Wed, 23 Jan 2013 03:17:41 +0000 (04:17 +0100)]
target-mips: fix incorrect test for MTHLIP

The pos field in the DSPControl register is not correctly initialized.
Per documentation, the result of MTHLIP is unpredictable if the value of the
pos field before the execution is greater than 32.

Signed-off-by: Petar Jovanovic <petarj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: enable access to DSP ASE if implemented
Petar Jovanovic [Wed, 23 Jan 2013 02:57:02 +0000 (03:57 +0100)]
target-mips: enable access to DSP ASE if implemented

compute_hflags() will reset DSP h-flags, so MX bit should be initially set
for usermode in cpu_state_reset() if DSP ASE is implemented.
This change will bring back user-mode support for DSP ASE, since one of the
recent changes broke it.

Signed-off-by: Petar Jovanovic <petarj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: Unfuse {,N}M{ADD,SUB}.fmt
Richard Sandiford [Tue, 22 Jan 2013 17:16:00 +0000 (17:16 +0000)]
target-mips: Unfuse {,N}M{ADD,SUB}.fmt

Turn MADD.fmt, MSUB.fmt, NMADD.fmt and NMSUB.fmt from fused to unfused
operations, so that they behave in the same way as a separate multiplication
and addition.  The instructions were only fused in early MIPS IV processors.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: Sign-extend the result of LWR
Richard Sandiford [Sun, 20 Jan 2013 19:30:54 +0000 (19:30 +0000)]
target-mips: Sign-extend the result of LWR

Sign-extend the result of LWR, as is already done for LWL.  This is necessary
in the case where LWR loads the full word (i.e. the address is actually
aligned).  In the other cases, it is implementation defined whether the
upper 32 bits of the result are unchanged or a copy of bit 31.  The latter
seems easier to implement.

Previously the code used:

    (oldval & (0xfffffffe << (31 - bitshift))) | (newval >> bitshift)

which zeroed the upper bits of the register, losing any previous sign
extension in the unaligned cases.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: Fix signedness of loads in MIPS16 RESTOREs
Richard Sandiford [Sun, 20 Jan 2013 19:28:48 +0000 (19:28 +0000)]
target-mips: Fix signedness of loads in MIPS16 RESTOREs

Make RESTORE use sign-extending rather than zero-extending loads.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agoMerge branch 'target-arm.next' of git://git.linaro.org/people/pmaydell/qemu-arm
Aurelien Jarno [Thu, 31 Jan 2013 22:33:14 +0000 (23:33 +0100)]
Merge branch 'target-arm.next' of git://git.linaro.org/people/pmaydell/qemu-arm

* 'target-arm.next' of git://git.linaro.org/people/pmaydell/qemu-arm:
  target-arm: Rename CPU types
  target-arm: Fix TCG temp leaks for WI and UNDEF VFP sysreg writes

11 years agotarget-mips: implement DSP (d)append sub-class with TCG
Aurelien Jarno [Tue, 1 Jan 2013 17:02:24 +0000 (18:02 +0100)]
target-mips: implement DSP (d)append sub-class with TCG

DSP instruction from the (d)append sub-class can be implemented with
TCG. Use a different function for these instructions are they are quite
different from compare-pick sub-class.

Fix BALIGN instruction for negative value, where the value should be
zero-extended before being shift to the right.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: use DSP unions for reduction add instructions
Aurelien Jarno [Tue, 1 Jan 2013 17:02:23 +0000 (18:02 +0100)]
target-mips: use DSP unions for reduction add instructions

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: use DSP unions for unary DSP operators
Aurelien Jarno [Tue, 1 Jan 2013 17:02:23 +0000 (18:02 +0100)]
target-mips: use DSP unions for unary DSP operators

This allow to reduce the number of macros.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: use DSP unions for binary DSP operators
Aurelien Jarno [Tue, 1 Jan 2013 17:02:23 +0000 (18:02 +0100)]
target-mips: use DSP unions for binary DSP operators

This allow to reduce the number of macros.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: add unions to access DSP elements
Aurelien Jarno [Tue, 1 Jan 2013 17:02:23 +0000 (18:02 +0100)]
target-mips: add unions to access DSP elements

Instead of playing with bit shifting, add two unions (one for 32-bit
values, one for 64-bit ones) to access all the DSP elements with the
correct type.

This make the code easier to read and less error prone, and allow GCC
to vectorize the code in some cases.

Reviewed-by: Eric Johnson <ericj@mips.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: generate a reserved instruction exception on CPU without DSP
Aurelien Jarno [Tue, 1 Jan 2013 17:02:23 +0000 (18:02 +0100)]
target-mips: generate a reserved instruction exception on CPU without DSP

On CPU without DSP ASE support, a reserved instruction exception (instead of
a DSP ASE sate disabled) should be generated.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: copy insn_flags in DisasContext
Aurelien Jarno [Tue, 1 Jan 2013 17:02:22 +0000 (18:02 +0100)]
target-mips: copy insn_flags in DisasContext

Copy insn_flags in DisasContext to avoid passing a CPUMIPSState pointer
to subroutines, as suggested by Richard Henderson. Change subroutines to
use this new field and remove the first argument.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agotarget-mips: fix DSP loads with rd = 0
Aurelien Jarno [Tue, 1 Jan 2013 17:02:22 +0000 (18:02 +0100)]
target-mips: fix DSP loads with rd = 0

When rd is 0, which still need to do the actually load to possibly
generate a TLB exception.

Reviewed-by: Eric Johnson <ericj@mips.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
11 years agococoa: Replace non-portable asprintf() by g_strdup_printf()
Stefan Weil [Wed, 16 Jan 2013 07:38:40 +0000 (07:38 +0000)]
cocoa: Replace non-portable asprintf() by g_strdup_printf()

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
11 years agococoa: Fix VBE function Set Display Start
Henry Harrington [Tue, 27 Nov 2012 08:59:41 +0000 (08:59 +0000)]
cocoa: Fix VBE function Set Display Start

Register a dpy_gfx_setdata callback so that the Cocoa code
is notified whenever the screen start address changes.

Commit 1d3323d has a similar fix for the VNC UI.

Signed-off-by: Henry Harrington <henry.harrington@gmail.com>
Cc: qemu-stable@nongnu.org (1.3.x)
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
11 years agoMerge remote-tracking branch 'pmaydell/arm-devs.next' into staging
Anthony Liguori [Wed, 30 Jan 2013 16:51:47 +0000 (10:51 -0600)]
Merge remote-tracking branch 'pmaydell/arm-devs.next' into staging

# By Christoffer Dall (1) and Peter Maydell (1)
# Via Peter Maydell
* pmaydell/arm-devs.next:
  hw/vexpress: Use correct HBI (board model number) for vexpress-a15
  hw/arm_sysctl: Clear sysctl cfgctrl start bit

11 years agoMerge remote-tracking branch 'stefanha/trivial-patches' into staging
Anthony Liguori [Wed, 30 Jan 2013 16:51:18 +0000 (10:51 -0600)]
Merge remote-tracking branch 'stefanha/trivial-patches' into staging

# By Markus Armbruster (12) and others
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
  qmp-commands.hx: s/tray-open/tray_open/ to match qapi schema
  tests: Fix {rtc, m48t59}-test build on illumos
  qemu-pixman.h: Avoid mutual inclusion loop with console.h
  qemu-ga: Fix unchecked strdup() by converting to g_strdup()
  qapi: Fix unchecked strdup() by converting to g_strdup()
  libcacard: Fix unchecked strdup() by converting to g_strdup()
  qemu-log: Plug trivial memory leak in cpu_set_log_filename()
  qemu-log: Fix unchecked strdup() by converting to g_strdup()
  virtfs-proxy-helper: Fix unchecked strdup() by conv. to g_strdup()
  spice: Fix unchecked strdup() by converting to g_strdup()
  readline: Fix unchecked strdup() by converting to g_strdup()
  hw/9pfs: Fix unchecked strdup() by converting to g_strdup()
  g_strdup(NULL) returns NULL; simplify
  g_malloc(0) and g_malloc0(0) return NULL; simplify
  xilinx_axidma: Fix debug mode compile messages
  cadence_gem: Debug mode compile fixes
  cadence_ttc: Debug mode compile fixes
  vnc: Clean up vncws_send_handshake_response()

11 years agoMerge remote-tracking branch 'afaerber-or/prep-up' into staging
Anthony Liguori [Wed, 30 Jan 2013 16:48:23 +0000 (10:48 -0600)]
Merge remote-tracking branch 'afaerber-or/prep-up' into staging

# By Andreas Färber
# Via Andreas Färber
* afaerber-or/prep-up:
  prep: Move PReP machine to hw/ppc/
  prep_pci: Convert to QOM realizefn
  prep_pci: Create PCIBus and PCIDevice in-place

11 years agoMerge remote-tracking branch 'agraf/s390-for-upstream' into staging
Anthony Liguori [Wed, 30 Jan 2013 16:46:30 +0000 (10:46 -0600)]
Merge remote-tracking branch 'agraf/s390-for-upstream' into staging

# By Cornelia Huck (13) and others
# Via Alexander Graf
* agraf/s390-for-upstream:
  s390: Drop set_bit usage in virtio_ccw.
  s390: css error codes.
  s390: Use s390_cpu_physical_memory_map for tpi.
  sclpconsole: Don't instantiate sclpconsole with -nodefaults
  s390: Add s390-ccw-virtio machine.
  s390-virtio: Check for NULL device in reset hypercall
  s390: Move hw files to hw/s390x
  virtio-s390: add a reset function to virtio-s390 devices
  s390: Make typeinfo const
  s390: Add new channel I/O based virtio transport.
  s390-virtio: Factor out some initialization code.
  s390: Wire up channel I/O in kvm.
  s390: Virtual channel subsystem support.
  s390: Add channel I/O instructions.
  s390: I/O interrupt and machine check injection.
  s390: Channel I/O basic definitions.
  s390: Add mapping helper functions.
  s390: Lowcore mapping helper.
  s390: Add default support for SCLP console

11 years agotarget-arm: Rename CPU types
Andreas Färber [Sun, 27 Jan 2013 16:30:10 +0000 (17:30 +0100)]
target-arm: Rename CPU types

In the initial conversion of CPU models to QOM types, model names were
mapped 1:1 to type names. As a side effect this gained us a type "any",
which is now a device.

To avoid "-device any" silliness and to pave the way for compiling
multiple targets into one executable, adopt a <name>-<arch>-cpu scheme.
This leads to names like arm926-arm-cpu but is easiest to handle.

No functional changes for -cpu arguments or -cpu ? output.

Suggested-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 years agotarget-arm: Fix TCG temp leaks for WI and UNDEF VFP sysreg writes
Peter Maydell [Wed, 30 Jan 2013 16:01:56 +0000 (16:01 +0000)]
target-arm: Fix TCG temp leaks for WI and UNDEF VFP sysreg writes

Fix a leak of a TCG temporary in code paths for VFP system register
writes for cases which UNDEF or are write-ignored.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 years agohw/vexpress: Use correct HBI (board model number) for vexpress-a15
Peter Maydell [Wed, 30 Jan 2013 15:39:02 +0000 (15:39 +0000)]
hw/vexpress: Use correct HBI (board model number) for vexpress-a15

The vexpress-a15 QEMU model is supposed to be a V2P-CA15; the HBI
(a kind of board model number) for this coretile is 237, not 217.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 years agohw/arm_sysctl: Clear sysctl cfgctrl start bit
Christoffer Dall [Wed, 30 Jan 2013 15:39:01 +0000 (15:39 +0000)]
hw/arm_sysctl: Clear sysctl cfgctrl start bit

The start bit should only be set to indicate that a function call is
underway, right now.  When done with function, clear it.

Signed-off-by: Christoffer Dall <c.dall@virtualopensystems.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 years agoqmp-commands.hx: s/tray-open/tray_open/ to match qapi schema
Michal Privoznik [Tue, 29 Jan 2013 16:58:41 +0000 (17:58 +0100)]
qmp-commands.hx: s/tray-open/tray_open/ to match qapi schema

Currently, we are using 'tray_open' in QMP and 'tray-open' in
HMP. However, the QMP documentation was mistakenly using the
HMP version.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agotests: Fix {rtc, m48t59}-test build on illumos
Andreas Färber [Sat, 26 Jan 2013 14:27:59 +0000 (15:27 +0100)]
tests: Fix {rtc, m48t59}-test build on illumos

Struct tm does not have tm_gmtoff field on illumos.
Fix the build by not zero-initializing these fields on Solaris.

Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agoqemu-pixman.h: Avoid mutual inclusion loop with console.h
Peter Maydell [Mon, 21 Jan 2013 12:03:47 +0000 (12:03 +0000)]
qemu-pixman.h: Avoid mutual inclusion loop with console.h

Remove an unnecessary mutual inclusion loop between qemu-pixman.h and
console.h, since the former was only including the latter for
'PixelFormat*', which can be provided by typedefs.h.  This requires a
minor adjustment to the files which included qemu-pixman.h, since
they were relying on it implicitly dragging in all of console.h.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agoqemu-ga: Fix unchecked strdup() by converting to g_strdup()
Markus Armbruster [Tue, 22 Jan 2013 10:08:06 +0000 (11:08 +0100)]
qemu-ga: Fix unchecked strdup() by converting to g_strdup()

I figure it's freed somewhere deep down in QAPI, with g_free().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agoqapi: Fix unchecked strdup() by converting to g_strdup()
Markus Armbruster [Tue, 22 Jan 2013 10:08:05 +0000 (11:08 +0100)]
qapi: Fix unchecked strdup() by converting to g_strdup()

Note that we already free with g_free().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agolibcacard: Fix unchecked strdup() by converting to g_strdup()
Markus Armbruster [Tue, 22 Jan 2013 10:08:04 +0000 (11:08 +0100)]
libcacard: Fix unchecked strdup() by converting to g_strdup()

Note that we already free with g_free().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agoqemu-log: Plug trivial memory leak in cpu_set_log_filename()
Markus Armbruster [Tue, 22 Jan 2013 10:08:03 +0000 (11:08 +0100)]
qemu-log: Plug trivial memory leak in cpu_set_log_filename()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agoqemu-log: Fix unchecked strdup() by converting to g_strdup()
Markus Armbruster [Tue, 22 Jan 2013 10:08:02 +0000 (11:08 +0100)]
qemu-log: Fix unchecked strdup() by converting to g_strdup()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agovirtfs-proxy-helper: Fix unchecked strdup() by conv. to g_strdup()
Markus Armbruster [Tue, 22 Jan 2013 10:08:01 +0000 (11:08 +0100)]
virtfs-proxy-helper: Fix unchecked strdup() by conv. to g_strdup()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agospice: Fix unchecked strdup() by converting to g_strdup()
Markus Armbruster [Tue, 22 Jan 2013 10:08:00 +0000 (11:08 +0100)]
spice: Fix unchecked strdup() by converting to g_strdup()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agoreadline: Fix unchecked strdup() by converting to g_strdup()
Markus Armbruster [Tue, 22 Jan 2013 10:07:59 +0000 (11:07 +0100)]
readline: Fix unchecked strdup() by converting to g_strdup()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agohw/9pfs: Fix unchecked strdup() by converting to g_strdup()
Markus Armbruster [Tue, 22 Jan 2013 10:07:58 +0000 (11:07 +0100)]
hw/9pfs: Fix unchecked strdup() by converting to g_strdup()

Note: the allocation in virtio_9p_init() is still leaked.  To be fixed
in a followup commit.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agog_strdup(NULL) returns NULL; simplify
Markus Armbruster [Tue, 22 Jan 2013 10:07:57 +0000 (11:07 +0100)]
g_strdup(NULL) returns NULL; simplify

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agog_malloc(0) and g_malloc0(0) return NULL; simplify
Markus Armbruster [Tue, 22 Jan 2013 10:07:56 +0000 (11:07 +0100)]
g_malloc(0) and g_malloc0(0) return NULL; simplify

Once upon a time, it was decided that qemu_malloc(0) should abort.
Switching to glib retired that bright idea.  Some code that was added
to cope with it (e.g. in commits 702ef63b76b6e9) is still around.
Bury it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agoprep: Move PReP machine to hw/ppc/
Andreas Färber [Sat, 26 Jan 2013 19:41:58 +0000 (20:41 +0100)]
prep: Move PReP machine to hw/ppc/

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
11 years agoxilinx_axidma: Fix debug mode compile messages
Peter Crosthwaite [Sat, 26 Jan 2013 20:54:35 +0000 (12:54 -0800)]
xilinx_axidma: Fix debug mode compile messages

Missing cast one one of the conditionally compiled printfs.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agocadence_gem: Debug mode compile fixes
Peter Crosthwaite [Sat, 26 Jan 2013 20:54:34 +0000 (12:54 -0800)]
cadence_gem: Debug mode compile fixes

Some printfs are throwing warnings when debug mode is enabled. Fixed.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agocadence_ttc: Debug mode compile fixes
Peter Crosthwaite [Sat, 26 Jan 2013 20:54:33 +0000 (12:54 -0800)]
cadence_ttc: Debug mode compile fixes

Some printfs are throwing warnings when debug mode is enabled. Fixed.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agovnc: Clean up vncws_send_handshake_response()
Markus Armbruster [Fri, 25 Jan 2013 09:31:16 +0000 (10:31 +0100)]
vnc: Clean up vncws_send_handshake_response()

Use appropriate types, drop superfluous casts, use sizeof, don't
exploit that this particular call of gnutls_fingerprint() doesn't
change its last argument.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agovfio-pci: Enable PCIe extended config space
Alex Williamson [Thu, 24 Jan 2013 00:46:13 +0000 (17:46 -0700)]
vfio-pci: Enable PCIe extended config space

We don't know pre-init time whether the device we're exposing is PCIe
or legacy PCI.  We could ask for it to be specified via a device
option, but that seems like too much to ask of the user.  Instead we
can assume everything will be PCIe, which makes PCI-core allocate
enough config space.  Removing the flag during init leaves the space
allocated, but allows legacy PCI devices to report the real device
config space size to rest of Qemu.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
11 years agoPIIX3: reset the VM when the Reset Control Register's RCPU bit gets set
Laszlo Ersek [Thu, 24 Jan 2013 09:31:20 +0000 (10:31 +0100)]
PIIX3: reset the VM when the Reset Control Register's RCPU bit gets set

  Traditional PCI config space access is achieved by writing a 32 bit
  value to io port 0xcf8 to identify the bus, device, function and config
  register. Port 0xcfc then contains the register in question. But if you
  write the appropriate pair of magic values to 0xcf9, the machine will
  reboot. Spectacular! And not standardised in any way (certainly not part
  of the PCI spec), so different chipsets may have different requirements.
  Booo.

In the PIIX3 spec, IO port 0xcf9 is specified as the Reset Control
Register. Bit 1 (System Reset, SRST) would normally differentiate between
soft reset and hard reset, but we ignore the difference beyond allowing
the guest to read it back.

RHBZ reference: 890459

This patch introduces the following overlap between the preexistent
"pci-conf-idx" region and the "piix3-reset-control" region just being
added. Partial output from "info mtree":

  I/O
  0000000000000000-000000000000ffff (prio 0, RW): io
    0000000000000cf8-0000000000000cfb (prio 0, RW): pci-conf-idx
    0000000000000cf9-0000000000000cf9 (prio 1, RW): piix3-reset-control

I sanity-checked the patch by booting a RHEL-6.3 guest and found no
problems. I summoned gdb and set a breakpoint on rcr_write() in order to
gather a bit more confidence. Relevant frames of the stack:

  kvm_handle_io (port=3321, data=0x7f3f5f3de000, direction=1, size=1,
                 count=1)                                 [kvm-all.c:1422]
    cpu_outb (addr=3321, val=6 '\006')                      [ioport.c:289]
      ioport_write (index=0, address=3321, data=6)           [ioport.c:83]
        ioport_writeb_thunk (opaque=0x7f3f622c4680, addr=3321, data=6)
                                                            [ioport.c:212]
          memory_region_iorange_write (iorange=0x7f3f622c4680, offset=0,
                                       width=1, data=6)     [memory.c:439]
            access_with_adjusted_size (addr=0, value=0x7f3f531fbac0,
                                       size=1, access_size_min=1,
                                       access_size_max=4,
                                       access=0x7f3f5f6e0f90
                                           <memory_region_write_accessor>,
                                       opaque=0x7f3f6227b668)
                                                            [memory.c:364]
              memory_region_write_accessor (opaque=0x7f3f6227b668, addr=0,
                                            value=0x7f3f531fbac0, size=1,
                                            shift=0, mask=255)
                                                            [memory.c:334]
                rcr_write (opaque=0x7f3f6227afb0, addr=0, val=6, len=1)
                                                       [hw/piix_pci.c:498]

The dispatch happens in ioport_write(); "index=0" means byte-wide access:

    static void ioport_write(int index, uint32_t address, uint32_t data)
    {
        static IOPortWriteFunc * const default_func[3] = {
            default_ioport_writeb,
            default_ioport_writew,
            default_ioport_writel
        };
        IOPortWriteFunc *func = ioport_write_table[index][address];
        if (!func)
            func = default_func[index];
        func(ioport_opaque[address], address, data);
    }

The "ioport_write_table" and "ioport_opaque" arrays describe the flattened
IO port space. The first array is less interesting (it selects a thunk
function). The "ioport_opaque" array is interesting because it decides how
writing to the port is implemented ultimately.

4-byte wide access to 0xcf8 (pci-conf-idx):

  (gdb) print ioport_write_table[2][0xcf8]
  $1 = (IOPortWriteFunc *) 0x7f3f5f6d99ba <ioport_writel_thunk>

  (gdb) print \
        ((struct MemoryRegionIORange*)ioport_opaque[0xcf8])->mr->ops.write
  $2 = (void (*)(void *, hwaddr, uint64_t, unsigned int))
       0x7f3f5f5575cb <pci_host_config_write>

1-byte wide access to 0xcf9 (piix3-reset-control):

  (gdb) print ioport_write_table[0][0xcf9]
  $3 = (IOPortWriteFunc *) 0x7f3f5f6d98d0 <ioport_writeb_thunk>

  (gdb) print \
        ((struct MemoryRegionIORange*)ioport_opaque[0xcf9])->mr->ops.write
  $4 = (void (*)(void *, hwaddr, uint64_t, unsigned int))
       0x7f3f5f6b42f1 <rcr_write>

The higher priority of "piix3-reset-control" ensures that the 0xcf9
entries in ioport_write_table / ioport_opaque will always belong to it,
independently of its relative registration order versus "pci-conf-idx".

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>