review.tizen.org Git - sdk/emulator/qemu.git/log

Merge remote-tracking branch 'agraf/ppc-for-upstream' into staging

# By Andreas Färber (2) and Alexander Graf (1)
# Via Alexander Graf
* agraf/ppc-for-upstream:
  target-ppc: Fix build for PPC_DEBUG_DISAS
  target-ppc: Fix unused variable warning for FLUSH_ALL_TLBS
  PPC: Unify dcbzl code path

Merge remote-tracking branch 'afaerber/qom-cpu' into staging

# By Andreas Färber
# Via Andreas Färber
* afaerber/qom-cpu:
  linux-user: bsd-user: Don't reset X86CPU twice
  target-i386: Pass X86CPU to cpu_x86_set_a20()
  target-unicore32: Rename CPU subtypes
  target-openrisc: Rename CPU subtypes
  target-openrisc: TYPE_OPENRISC_CPU should be abstract
  target-m68k: Rename CPU subtypes
  target-m68k: Mark as unmigratable
  target-s390x: Mark as unmigratable
  target-sh4: Mark as unmigratable
  target-xtensa: Mark as unmigratable
  target-microblaze: Mark as unmigratable
  target-unicore32: Mark as unmigratable
  ide/mmio: QOM'ify MMIO IDE for R2D

Merge remote-tracking branch 'afaerber-or/cocoa-for-upstream' into staging

# By Henry Harrington (1) and Stefan Weil (1)
# Via Andreas Färber
* afaerber-or/cocoa-for-upstream:
cocoa: Replace non-portable asprintf() by g_strdup_printf()
cocoa: Fix VBE function Set Display Start

Merge remote-tracking branch 'mst/tags/for_anthony' into staging

virtio,make,pci,e1000,vfio,piix

This includes my timestamp generation cleanup,
Amos's and my work on virtio net commands,
pci,e1000,vfio and piix fixes.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 31 Jan 2013 06:20:27 AM CST using RSA key ID D28D5469
# gpg: Can't check signature: public key not found

# By Michael S. Tsirkin (6) and others
# Via Michael S. Tsirkin
* mst/tags/for_anthony:
  vfio-pci: Enable PCIe extended config space
  PIIX3: reset the VM when the Reset Control Register's RCPU bit gets set
  ich9: add support for pci assignment
  virtio-net: rename ctrl rx commands
  virtio-net: introduce a new macaddr control
  virtio-net: remove layout assumptions for ctrl vq
  virtio-net: revert mac on reset
  rules/mak: make clean should blow away timestamp files
  Makefile: clean timestamp generation rule
  rules.mak: cleanup config generation rules
  e1000: document ICS read behaviour

target-ppc: Fix build for PPC_DEBUG_DISAS

In r5949 / 76db3ba44ee8db671f804755f13b016eefd13288 (target-ppc: memory
load/store rework) variable little_endian was replaced with ctx.le_mode.
Update the debug code.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Fix unused variable warning for FLUSH_ALL_TLBS

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Unify dcbzl code path

The bit that makes a dcbz instruction a dcbzl instruction was declared as
reserved in ppc32 ISAs. However, hardware simply ignores the bit, making
code valid if it simply invokes dcbzl instead of dcbz even on 750 and G4.

Thus, mark the bit as unreserved so that we properly emulate a simple dcbz
in case we're running on non-G5s.

While at it, also refactor the code to check the 970 special case during
runtime. This way we don't need to differenciate between a 970 dcbz and
any other dcbz anymore. We also allow for future improvements to add e500mc
dcbz handling.

Reported-by: Amadeusz Sławiński <amade@asmblr.net>
Signed-off-by: Alexander Graf <agraf@suse.de>

linux-user: bsd-user: Don't reset X86CPU twice

Since commit 65dee38052597b6285eb208125369f01b29ba6c1 (target-i386:
move cpu_reset and reset callback to cpu.c) the x86 CPU is reset through
cpu_init() but was still reset immediately after in linux-user and
bsd-user. Clean this up.

Similarly in linux-user/syscall.c it is also reset after cpu_copy().
But that's a bug of its own, fixing which poses a semantic change.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

target-i386: Pass X86CPU to cpu_x86_set_a20()

Prepares for cpu_interrupt() changing argument to CPUState.

While touching it, rename to x86_cpu_...() now that it takes an X86CPU.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

target-unicore32: Rename CPU subtypes

In the initial conversion of CPU models to QOM types, model names were
mapped 1:1 to type names. As a side effect this gained us a type "any",
which is now a device.

To avoid "-device any" silliness and to pave the way for compiling
multiple targets into one executable, adopt a <name>-<arch>-cpu scheme.

No functional changes for -cpu arguments.

Signed-off-by: Andreas Färber <afaerber@suse.de>

target-openrisc: Rename CPU subtypes

Model names were mapped 1:1 to type names. As a side effect this
registered a type "any", which is now a device.

To avoid "-device any" silliness and to pave the way for compiling
multiple targets into one executable, adopt a <name>-<arch>-cpu scheme.

No functional changes for -cpu arguments or -cpu ? output.

Signed-off-by: Andreas Färber <afaerber@suse.de>

target-openrisc: TYPE_OPENRISC_CPU should be abstract

A basic assumption of CPU subtypes is that only specific models get
instantiated. A user is not supposed to instantiate an <arch>-cpu.
Suppress it via abstract = true, which also drops or32-cpu from
-cpu ? output.

Cc: qemu-stable@nongnu.org
Cc: Jia Liu <proljc@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>

target-m68k: Rename CPU subtypes

In the initial conversion of CPU models to QOM types, model names were
mapped 1:1 to type names. As a side effect this gained us a type "any",
which is now a device.

To avoid "-device any" silliness and to pave the way for compiling
multiple targets into one executable, adopt a <name>-<arch>-cpu scheme.

No functional changes for -cpu arguments or -cpu ? output.

Signed-off-by: Andreas Färber <afaerber@suse.de>

target-m68k: Mark as unmigratable

It neither defined CPU_SAVE_VERSION nor implemented cpu_{save,load}().
Mark M68kCPU as unmigratable at device level.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>

target-s390x: Mark as unmigratable

CPU_SAVE_VERSION was undefined, so "cpu_common" VMState and
cpu_{save,load}() were not registered. They were no-ops.
Therefore there is no backwards compatibility to keep, so we can mark
S390CPU as unmigratable at device level.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>

target-sh4: Mark as unmigratable

It neither defined CPU_SAVE_VERSION nor implemented cpu{save,load}().
Mark it as unmigratable at device level.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>

target-xtensa: Mark as unmigratable

There was no CPU_SAVE_VERSION defined, so neither "cpu_common" VMState
nor cpu_{save,load}() were registered. Their implementation was no-op.
Therefore there is no backwards compatibility to keep, so mark XtensaCPU
as unmigratable at device level.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>

target-microblaze: Mark as unmigratable

cpu_{save,load} were no-ops, so de facto it is unmigratable and no
backwards compatibility to keep. Therefore mark the MicroBlazeCPU as
unmigratable at device level the QOM way and suppress "cpu_common"
VMState registration by dropping CPU_SAVE_VERSION.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>

target-unicore32: Mark as unmigratable

CPU_SAVE_VERSION 2 was bogus as both save and load would just throw a
hw_error(). Therefore we can without problems suppress registration of
"cpu_common" VMState by dropping CPU_SAVE_VERSION define and provide an
unmigratable "cpu" VMStateDescription for UniCore32CPU at device level
instead, where we can attach this the QOM way.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>

ide/mmio: QOM'ify MMIO IDE for R2D

It was not qdev'ified before, so turn it into a SysBusDevice.
Keep mmio_ide_init_drives() around to attach the hard drive.

Signed-off-by: Andreas Färberr <afaerber@suse.de>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: fix incorrect test for MTHLIP

The pos field in the DSPControl register is not correctly initialized.
Per documentation, the result of MTHLIP is unpredictable if the value of the
pos field before the execution is greater than 32.

Signed-off-by: Petar Jovanovic <petarj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: enable access to DSP ASE if implemented

compute_hflags() will reset DSP h-flags, so MX bit should be initially set
for usermode in cpu_state_reset() if DSP ASE is implemented.
This change will bring back user-mode support for DSP ASE, since one of the
recent changes broke it.

Signed-off-by: Petar Jovanovic <petarj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: Unfuse {,N}M{ADD,SUB}.fmt

Turn MADD.fmt, MSUB.fmt, NMADD.fmt and NMSUB.fmt from fused to unfused
operations, so that they behave in the same way as a separate multiplication
and addition. The instructions were only fused in early MIPS IV processors.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: Sign-extend the result of LWR

Sign-extend the result of LWR, as is already done for LWL.  This is necessary
in the case where LWR loads the full word (i.e. the address is actually
aligned).  In the other cases, it is implementation defined whether the
upper 32 bits of the result are unchanged or a copy of bit 31.  The latter
seems easier to implement.

Previously the code used:

    (oldval & (0xfffffffe << (31 - bitshift))) | (newval >> bitshift)

which zeroed the upper bits of the register, losing any previous sign
extension in the unaligned cases.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: Fix signedness of loads in MIPS16 RESTOREs

Make RESTORE use sign-extending rather than zero-extending loads.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Merge branch 'target-arm.next' of git://git.linaro.org/people/pmaydell/qemu-arm

* 'target-arm.next' of git://git.linaro.org/people/pmaydell/qemu-arm:
target-arm: Rename CPU types
target-arm: Fix TCG temp leaks for WI and UNDEF VFP sysreg writes

target-mips: implement DSP (d)append sub-class with TCG

DSP instruction from the (d)append sub-class can be implemented with
TCG. Use a different function for these instructions are they are quite
different from compare-pick sub-class.

Fix BALIGN instruction for negative value, where the value should be
zero-extended before being shift to the right.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: use DSP unions for reduction add instructions

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: use DSP unions for unary DSP operators

This allow to reduce the number of macros.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: use DSP unions for binary DSP operators

This allow to reduce the number of macros.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: add unions to access DSP elements

Instead of playing with bit shifting, add two unions (one for 32-bit
values, one for 64-bit ones) to access all the DSP elements with the
correct type.

This make the code easier to read and less error prone, and allow GCC
to vectorize the code in some cases.

Reviewed-by: Eric Johnson <ericj@mips.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: generate a reserved instruction exception on CPU without DSP

On CPU without DSP ASE support, a reserved instruction exception (instead of
a DSP ASE sate disabled) should be generated.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: copy insn_flags in DisasContext

Copy insn_flags in DisasContext to avoid passing a CPUMIPSState pointer
to subroutines, as suggested by Richard Henderson. Change subroutines to
use this new field and remove the first argument.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: fix DSP loads with rd = 0

When rd is 0, which still need to do the actually load to possibly
generate a TLB exception.

Reviewed-by: Eric Johnson <ericj@mips.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

cocoa: Replace non-portable asprintf() by g_strdup_printf()

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>

cocoa: Fix VBE function Set Display Start

Register a dpy_gfx_setdata callback so that the Cocoa code
is notified whenever the screen start address changes.

Commit 1d3323d has a similar fix for the VNC UI.

Signed-off-by: Henry Harrington <henry.harrington@gmail.com>
Cc: qemu-stable@nongnu.org (1.3.x)
Signed-off-by: Andreas Färber <andreas.faerber@web.de>

Merge remote-tracking branch 'pmaydell/arm-devs.next' into staging

# By Christoffer Dall (1) and Peter Maydell (1)
# Via Peter Maydell
* pmaydell/arm-devs.next:
hw/vexpress: Use correct HBI (board model number) for vexpress-a15
hw/arm_sysctl: Clear sysctl cfgctrl start bit

Merge remote-tracking branch 'stefanha/trivial-patches' into staging

# By Markus Armbruster (12) and others
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
  qmp-commands.hx: s/tray-open/tray_open/ to match qapi schema
  tests: Fix {rtc, m48t59}-test build on illumos
  qemu-pixman.h: Avoid mutual inclusion loop with console.h
  qemu-ga: Fix unchecked strdup() by converting to g_strdup()
  qapi: Fix unchecked strdup() by converting to g_strdup()
  libcacard: Fix unchecked strdup() by converting to g_strdup()
  qemu-log: Plug trivial memory leak in cpu_set_log_filename()
  qemu-log: Fix unchecked strdup() by converting to g_strdup()
  virtfs-proxy-helper: Fix unchecked strdup() by conv. to g_strdup()
  spice: Fix unchecked strdup() by converting to g_strdup()
  readline: Fix unchecked strdup() by converting to g_strdup()
  hw/9pfs: Fix unchecked strdup() by converting to g_strdup()
  g_strdup(NULL) returns NULL; simplify
  g_malloc(0) and g_malloc0(0) return NULL; simplify
  xilinx_axidma: Fix debug mode compile messages
  cadence_gem: Debug mode compile fixes
  cadence_ttc: Debug mode compile fixes
  vnc: Clean up vncws_send_handshake_response()

Merge remote-tracking branch 'afaerber-or/prep-up' into staging

# By Andreas Färber
# Via Andreas Färber
* afaerber-or/prep-up:
  prep: Move PReP machine to hw/ppc/
  prep_pci: Convert to QOM realizefn
  prep_pci: Create PCIBus and PCIDevice in-place

Merge remote-tracking branch 'agraf/s390-for-upstream' into staging

# By Cornelia Huck (13) and others
# Via Alexander Graf
* agraf/s390-for-upstream:
  s390: Drop set_bit usage in virtio_ccw.
  s390: css error codes.
  s390: Use s390_cpu_physical_memory_map for tpi.
  sclpconsole: Don't instantiate sclpconsole with -nodefaults
  s390: Add s390-ccw-virtio machine.
  s390-virtio: Check for NULL device in reset hypercall
  s390: Move hw files to hw/s390x
  virtio-s390: add a reset function to virtio-s390 devices
  s390: Make typeinfo const
  s390: Add new channel I/O based virtio transport.
  s390-virtio: Factor out some initialization code.
  s390: Wire up channel I/O in kvm.
  s390: Virtual channel subsystem support.
  s390: Add channel I/O instructions.
  s390: I/O interrupt and machine check injection.
  s390: Channel I/O basic definitions.
  s390: Add mapping helper functions.
  s390: Lowcore mapping helper.
  s390: Add default support for SCLP console

target-arm: Rename CPU types

In the initial conversion of CPU models to QOM types, model names were
mapped 1:1 to type names. As a side effect this gained us a type "any",
which is now a device.

To avoid "-device any" silliness and to pave the way for compiling
multiple targets into one executable, adopt a <name>-<arch>-cpu scheme.
This leads to names like arm926-arm-cpu but is easiest to handle.

No functional changes for -cpu arguments or -cpu ? output.

Suggested-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: Fix TCG temp leaks for WI and UNDEF VFP sysreg writes

Fix a leak of a TCG temporary in code paths for VFP system register
writes for cases which UNDEF or are write-ignored.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/vexpress: Use correct HBI (board model number) for vexpress-a15

The vexpress-a15 QEMU model is supposed to be a V2P-CA15; the HBI
(a kind of board model number) for this coretile is 237, not 217.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm_sysctl: Clear sysctl cfgctrl start bit

The start bit should only be set to indicate that a function call is
underway, right now. When done with function, clear it.

Signed-off-by: Christoffer Dall <c.dall@virtualopensystems.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

qmp-commands.hx: s/tray-open/tray_open/ to match qapi schema

Currently, we are using 'tray_open' in QMP and 'tray-open' in
HMP. However, the QMP documentation was mistakenly using the
HMP version.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

tests: Fix {rtc, m48t59}-test build on illumos

Struct tm does not have tm_gmtoff field on illumos.
Fix the build by not zero-initializing these fields on Solaris.

Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qemu-pixman.h: Avoid mutual inclusion loop with console.h

Remove an unnecessary mutual inclusion loop between qemu-pixman.h and
console.h, since the former was only including the latter for
'PixelFormat*', which can be provided by typedefs.h. This requires a
minor adjustment to the files which included qemu-pixman.h, since
they were relying on it implicitly dragging in all of console.h.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qemu-ga: Fix unchecked strdup() by converting to g_strdup()

I figure it's freed somewhere deep down in QAPI, with g_free().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qapi: Fix unchecked strdup() by converting to g_strdup()

Note that we already free with g_free().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

libcacard: Fix unchecked strdup() by converting to g_strdup()

Note that we already free with g_free().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qemu-log: Plug trivial memory leak in cpu_set_log_filename()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qemu-log: Fix unchecked strdup() by converting to g_strdup()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

virtfs-proxy-helper: Fix unchecked strdup() by conv. to g_strdup()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

spice: Fix unchecked strdup() by converting to g_strdup()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

readline: Fix unchecked strdup() by converting to g_strdup()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

hw/9pfs: Fix unchecked strdup() by converting to g_strdup()

Note: the allocation in virtio_9p_init() is still leaked. To be fixed
in a followup commit.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

g_strdup(NULL) returns NULL; simplify

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

g_malloc(0) and g_malloc0(0) return NULL; simplify

Once upon a time, it was decided that qemu_malloc(0) should abort.
Switching to glib retired that bright idea. Some code that was added
to cope with it (e.g. in commits 702ef63, b76b6e9) is still around.
Bury it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

prep: Move PReP machine to hw/ppc/

Signed-off-by: Andreas Färber <andreas.faerber@web.de>

xilinx_axidma: Fix debug mode compile messages

Missing cast one one of the conditionally compiled printfs.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

cadence_gem: Debug mode compile fixes

Some printfs are throwing warnings when debug mode is enabled. Fixed.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

cadence_ttc: Debug mode compile fixes

Some printfs are throwing warnings when debug mode is enabled. Fixed.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

vnc: Clean up vncws_send_handshake_response()

Use appropriate types, drop superfluous casts, use sizeof, don't
exploit that this particular call of gnutls_fingerprint() doesn't
change its last argument.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

vfio-pci: Enable PCIe extended config space

We don't know pre-init time whether the device we're exposing is PCIe
or legacy PCI.  We could ask for it to be specified via a device
option, but that seems like too much to ask of the user.  Instead we
can assume everything will be PCIe, which makes PCI-core allocate
enough config space.  Removing the flag during init leaves the space
allocated, but allows legacy PCI devices to report the real device
config space size to rest of Qemu.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

PIIX3: reset the VM when the Reset Control Register's RCPU bit gets set

  Traditional PCI config space access is achieved by writing a 32 bit
  value to io port 0xcf8 to identify the bus, device, function and config
  register. Port 0xcfc then contains the register in question. But if you
  write the appropriate pair of magic values to 0xcf9, the machine will
  reboot. Spectacular! And not standardised in any way (certainly not part
  of the PCI spec), so different chipsets may have different requirements.
  Booo.

In the PIIX3 spec, IO port 0xcf9 is specified as the Reset Control
Register. Bit 1 (System Reset, SRST) would normally differentiate between
soft reset and hard reset, but we ignore the difference beyond allowing
the guest to read it back.

RHBZ reference: 890459

This patch introduces the following overlap between the preexistent
"pci-conf-idx" region and the "piix3-reset-control" region just being
added. Partial output from "info mtree":

  I/O
  0000000000000000-000000000000ffff (prio 0, RW): io
    0000000000000cf8-0000000000000cfb (prio 0, RW): pci-conf-idx
    0000000000000cf9-0000000000000cf9 (prio 1, RW): piix3-reset-control

I sanity-checked the patch by booting a RHEL-6.3 guest and found no
problems. I summoned gdb and set a breakpoint on rcr_write() in order to
gather a bit more confidence. Relevant frames of the stack:

  kvm_handle_io (port=3321, data=0x7f3f5f3de000, direction=1, size=1,
                 count=1)                                 [kvm-all.c:1422]
    cpu_outb (addr=3321, val=6 '\006')                      [ioport.c:289]
      ioport_write (index=0, address=3321, data=6)           [ioport.c:83]
        ioport_writeb_thunk (opaque=0x7f3f622c4680, addr=3321, data=6)
                                                            [ioport.c:212]
          memory_region_iorange_write (iorange=0x7f3f622c4680, offset=0,
                                       width=1, data=6)     [memory.c:439]
            access_with_adjusted_size (addr=0, value=0x7f3f531fbac0,
                                       size=1, access_size_min=1,
                                       access_size_max=4,
                                       access=0x7f3f5f6e0f90
                                           <memory_region_write_accessor>,
                                       opaque=0x7f3f6227b668)
                                                            [memory.c:364]
              memory_region_write_accessor (opaque=0x7f3f6227b668, addr=0,
                                            value=0x7f3f531fbac0, size=1,
                                            shift=0, mask=255)
                                                            [memory.c:334]
                rcr_write (opaque=0x7f3f6227afb0, addr=0, val=6, len=1)
                                                       [hw/piix_pci.c:498]

The dispatch happens in ioport_write(); "index=0" means byte-wide access:

    static void ioport_write(int index, uint32_t address, uint32_t data)
    {
        static IOPortWriteFunc * const default_func[3] = {
            default_ioport_writeb,
            default_ioport_writew,
            default_ioport_writel
        };
        IOPortWriteFunc *func = ioport_write_table[index][address];
        if (!func)
            func = default_func[index];
        func(ioport_opaque[address], address, data);
    }

The "ioport_write_table" and "ioport_opaque" arrays describe the flattened
IO port space. The first array is less interesting (it selects a thunk
function). The "ioport_opaque" array is interesting because it decides how
writing to the port is implemented ultimately.

4-byte wide access to 0xcf8 (pci-conf-idx):

  (gdb) print ioport_write_table[2][0xcf8]
  $1 = (IOPortWriteFunc *) 0x7f3f5f6d99ba <ioport_writel_thunk>

  (gdb) print \
        ((struct MemoryRegionIORange*)ioport_opaque[0xcf8])->mr->ops.write
  $2 = (void (*)(void *, hwaddr, uint64_t, unsigned int))
       0x7f3f5f5575cb <pci_host_config_write>

1-byte wide access to 0xcf9 (piix3-reset-control):

  (gdb) print ioport_write_table[0][0xcf9]
  $3 = (IOPortWriteFunc *) 0x7f3f5f6d98d0 <ioport_writeb_thunk>

  (gdb) print \
        ((struct MemoryRegionIORange*)ioport_opaque[0xcf9])->mr->ops.write
  $4 = (void (*)(void *, hwaddr, uint64_t, unsigned int))
       0x7f3f5f6b42f1 <rcr_write>

The higher priority of "piix3-reset-control" ensures that the 0xcf9
entries in ioport_write_table / ioport_opaque will always belong to it,
independently of its relative registration order versus "pci-conf-idx".

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

ich9: add support for pci assignment

Fills out support for the pci assignment API. Added:

PCIINTxRoute ich9_route_intx_pin_to_irq(void *opaque, int pirq_pin)

Add calls to pci_bus_fire_intx_routing_notifier() when routing changes
are made.

Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

virtio-net: rename ctrl rx commands

This patch makes rx commands consistent with specification.

Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

virtio-net: introduce a new macaddr control

In virtio-net guest driver, currently we write MAC address to
pci config space byte by byte, this means that we have an
intermediate step where mac is wrong. This patch introduced
a new control command to set MAC address, it's atomic.

VIRTIO_NET_F_CTRL_MAC_ADDR is a new feature bit for compatibility.

"mac" field will be set to read-only when VIRTIO_NET_F_CTRL_MAC_ADDR
is acked.

Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

virtio-net: remove layout assumptions for ctrl vq

Virtio-net code makes assumption about virtqueue descriptor layout
(e.g. sg[0] is the header, sg[1] is the data buffer).

This patch makes code not rely on the layout of descriptors.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

virtio-net: revert mac on reset

Once guest overrides virtio net primary mac,
it retains the value set until qemu exit.
This is inconsistent with standard nic behaviour.
To fix, revert the mac to the original value on reset.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

rules/mak: make clean should blow away timestamp files

Using a global pattern makes it easier to clean out
old generated files.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Makefile: clean timestamp generation rule

create timestamp by rule without sideeffects.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

rules.mak: cleanup config generation rules

This addresses two issues with config generation
1. rule generating timestamp has side effect.
Thus cleanup on error does not work.
2. rule for handling timestamp is too generic.
It can create any missing .h file.
As a result when .h file is removed, build
might try to create it using this rule which
results in build errors.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

e1000: document ICS read behaviour

Add code comment to clarify the reason we set ICS with ICR:
the reason was previously undocumented and git
log confused rather than clarified the comments.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote-tracking branch 'qemu-kvm/uq/master' into staging

* qemu-kvm/uq/master:
target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big
vmxcap: bit 9 of VMX_PROCBASED_CTLS2 is 'virtual interrupt delivery'

Conflicts:
target-i386/kvm.c

Trivial merge resolution due to lack of context.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Merge remote-tracking branch 'mdroth/qga-pull-1-28-13' into staging

# By Markus Armbruster
# Via Michael Roth
* mdroth/qga-pull-1-28-13:
qemu-ga: Plug leaks on qmp_guest_network_get_interfaces() error paths
qemu-ga: Plug memory leak in guest_fsfreeze_cleanup()

s390: Drop set_bit usage in virtio_ccw.

set_bit on indicators doesn't go well on 32 bit targets:

note: expected 'long unsigned int *' but argument is of type 'uint64_t *'

Switch to bit shifts instead.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
[agraf: use 1ULL instead]
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: css error codes.

Changed error codes in the channel subsystem / virtio-ccw code
(-EOPNOTSUPP -> -ENOSYS, -ERESTART -> -EINPROGRESS).

This should hopefully fix building on mingw32.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Use s390_cpu_physical_memory_map for tpi.

Map the I/O interruption code before calling into css.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

sclpconsole: Don't instantiate sclpconsole with -nodefaults

libvirt specifies nodefaults and creates an sclp console with special
parameters. Let qemu follow nodefaults and don't create an sclp
console if nodefaults is specified.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Add s390-ccw-virtio machine.

Add a new machine type, s390-ccw-virtio, making use of the
virtio-ccw transport to present virtio devices as channel
devices.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390-virtio: Check for NULL device in reset hypercall

s390_virtio_bus_find_mem() may return a NULL VirtIOS390Device.
If called with, e.g., args[0] == 0, this leads to a segfault.
Fix this by adding error handling as done for other hypercalls.

Present since baf0b55a9e57b909b1f8b0f732c0b10242867418 (Implement
virtio reset).

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Move hw files to hw/s390x

This moves all files only used by s390 system emulation to hw/s390x.

Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>

virtio-s390: add a reset function to virtio-s390 devices

virtio-s390 devices are not being reset when their bus is. To fix
this, add a reset method that forwards to virtio_reset. This is
only needed because of the "strange" modeling of virtio devices;
the ->vdev link is being handled manually rather than through qdev.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Make typeinfo const

All TypeInfo definitions should be const.

Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Add new channel I/O based virtio transport.

Add a new virtio transport that uses channel commands to perform
virtio operations.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390-virtio: Factor out some initialization code.

Some of the machine initialization for s390-virtio will be reused
by virtio-ccw.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Wire up channel I/O in kvm.

Trigger the code for our virtual css in case of instruction
intercepts for I/O instructions.

Handle the tsch exit for the subchannel-related part of tsch.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Virtual channel subsystem support.

Provide a mechanism for qemu to provide fully virtual subchannels to
the guest.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Add channel I/O instructions.

Provide handlers for (most) channel I/O instructions.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: I/O interrupt and machine check injection.

I/O interrupts are queued per isc. Only crw pending machine checks
are supported.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Channel I/O basic definitions.

Basic channel I/O structures and helper function.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Add mapping helper functions.

Add s390_cpu_physical_memory_{map,unmap} with special handling
for the lowcore.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Lowcore mapping helper.

Create a lowcore mapping helper that includes a check for sufficient
length.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Add default support for SCLP console

The current s390 machine uses the virtio console as default console,
but this doesn't mean that we always want to keep it that way for new
machines.

This patch introduces a way for a machine type to specify that it wants
the default console to be an SCLP console, which is a lot closer to what
real hardware does.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>

target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big

Stack corruption may occur if too big 'level' or 'xlevel' values passed
on command line with KVM enabled, due to limited size of cpuid_data
in kvm_arch_init_vcpu().

reproduces with:
qemu -enable-kvm -cpu qemu64,level=4294967295
or
qemu -enable-kvm -cpu qemu64,xlevel=4294967295

Check if there is space in cpuid_data before passing it to cpu_x86_cpuid()
or abort() if there is not space.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>

Merge remote-tracking branch 'afaerber/qom-cpu' into staging

* afaerber/qom-cpu: (37 commits)
  kvm: Pass CPUState to kvm_on_sigbus_vcpu()
  cpu: Unconditionalize CPUState fields
  target-m68k: Use type_register() instead of type_register_static()
  target-unicore32: Use type_register() instead of type_register_static()
  target-openrisc: Use type_register() instead of type_register_static()
  target-unicore32: Catch attempt to instantiate abstract type in cpu_init()
  target-openrisc: Catch attempt to instantiate abstract type in cpu_init()
  target-m68k: Catch attempt to instantiate abstract type in cpu_init()
  target-arm: Catch attempt to instantiate abstract type in cpu_init()
  target-alpha: Catch attempt to instantiate abstract type in cpu_init()
  qom: Introduce object_class_is_abstract()
  target-unicore32: Detect attempt to instantiate non-CPU type in cpu_init()
  target-openrisc: Detect attempt to instantiate non-CPU type in cpu_init()
  target-m68k: Detect attempt to instantiate non-CPU type in cpu_init()
  target-alpha: Detect attempt to instantiate non-CPU type in cpu_init()
  target-arm: Detect attempt to instantiate non-CPU type in cpu_init()
  cpu: Add model resolution support to CPUClass
  target-i386: Remove setting tsc-frequency from x86_def_t
  target-i386: Set custom features/properties without intermediate x86_def_t
  target-i386: Remove vendor_override field from CPUX86State
  ...

Conflicts:
tests/Makefile

Resolved simple conflict caused by lack of context in Makefile

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Merge remote-tracking branch 'kwolf/for-anthony' into staging

# By Paolo Bonzini (14) and others
# Via Kevin Wolf
* kwolf/for-anthony: (24 commits)
  ide: Add fall through annotations
  block: Create proper size file for disk mirror
  ahci: Add migration support
  ahci: Change data types in preparation for migration
  ahci: Remove unused AHCIDevice fields
  hbitmap: add assertion on hbitmap_iter_init
  mirror: do nothing on zero-sized disk
  block/vdi: Check for bad signature
  block/vdi: Improved return values from vdi_open
  block/vdi: Improve debug output for signature
  block: Use error code EMEDIUMTYPE for wrong format in some block drivers
  block: Add special error code for wrong format
  mirror: support arbitrarily-sized iterations
  mirror: support more than one in-flight AIO operation
  mirror: add buf-size argument to drive-mirror
  mirror: switch mirror_iteration to AIO
  mirror: allow customizing the granularity
  block: allow customizing the granularity of the dirty bitmap
  block: return count of dirty sectors, not chunks
  mirror: perform COW if the cluster size is bigger than the granularity
  ...

Merge remote-tracking branch 'luiz/queue/qmp' into staging

# By Lei Li (3) and others
# Via Luiz Capitulino
* luiz/queue/qmp:
  QAPI: Introduce memchar-read QMP command
  QAPI: Introduce memchar-write QMP command
  qemu-char: Add new char backend CirMemCharDriver
  docs: document virtio-balloon stats
  balloon: re-enable balloon stats
  balloon: drop old stats code & API
  block: Monitor command commit neglects to report some errors

qemu-ga: Plug leaks on qmp_guest_network_get_interfaces() error paths

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>