git.osdn.net Git - qmiga/qemu.git/log

spice: reduce refresh rate in native mode

Now that cursor updates are out of the way qxl needs the refresh timer
only when when running in vga mode, for dirty bitmap checking. In
native qxl mode the guest will notify us, so we don't need to poll and
can use the idle interval (one refresh wakeup every few seconds).

Cc: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

spice: use bottom half instead of refresh timer for cursor updates

Calling directly doesn't work due to the qxl-render code running in
spice server thread context. Meanwhile bottom half scheduling is
thread-safe though, so we can use that to kick a cursor update in
main i/o thread context.

Cc: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

- Migration and linuxboot fixes for 2.2 regressions
- valgrind/KVM support
- small i386 patches
- PCI SD host controller support
- malloc/free cleanups from Markus (x86/scsi)
- IvyBridge model
- XSAVES support for KVM
- initial patches from record/replay

# gpg: Signature made Mon 15 Dec 2014 16:35:08 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (47 commits)
  sdhci: Support SDHCI devices on PCI
  sdhci: Define SDHCI PCI ids
  sdhci: Add "sysbus" to sdhci QOM types and methods
  sdhci: Remove class "virtual" methods
  sdhci: Set a default frequency clock
  serial: only resample THR interrupt on rising edge of IER.THRI
  serial: update LSR on enabling/disabling FIFOs
  serial: clean up THRE/TEMT handling
  serial: reset thri_pending on IER writes with THRI=0
  linuxboot: fix loading old kernels
  kvm/apic: fix 2.2->2.1 migration
  target-i386: add Ivy Bridge CPU model
  target-i386: add f16c and rdrand to Haswell and Broadwell
  target-i386: add VME to all CPUs
  pc: add 2.3 machine types
  i386: do not cross the pages boundaries in replay mode
  cpus: make icount warp behave well with respect to stop/cont
  timer: introduce new QEMU_CLOCK_VIRTUAL_RT clock
  cpu-exec: invalidate nocache translation if they are interrupted
  icount: introduce cpu_get_icount_raw
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

sdhci: Support SDHCI devices on PCI

Support for PCI devices following the "SD Host Controller Simplified
Specification Version 2.00" spec.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

sdhci: Define SDHCI PCI ids

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

sdhci: Add "sysbus" to sdhci QOM types and methods

Update the sdhci sysbus QOM types and methods so that sysbus is in
their name. This is in preparation for adding PCI versions of these
types and methods.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

sdhci: Remove class "virtual" methods

The SDHCIClass defines a series of class "methods". However, no code
in the QEMU tree overrides these methods or even uses them outside of
sdhci.c.

Remove the virtual methods and replace them with direct calls to the
underlying functions. This simplifies the process of extending the
sdhci code to support PCI devices (which have a different parent
class).

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

sdhci: Set a default frequency clock

The Linux SDHCI PCI driver will only register the device if there is a
clock frequency set. So, set a default frequency of 52Mhz.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

serial: only resample THR interrupt on rising edge of IER.THRI

There is disagreement on whether LSR.THRE should be resampled when
IER.THRI goes from 1 to 1. Bochs only does it if IER.THRI goes from 0
to 1; PCE does it even if IER.THRI is unchanged. But the Windows driver
seems to always go from 1 to 0 and back to 1, so do things in agreement
with Bochs, because the handling of thr_ipending was reported in 2010
(https://lists.gnu.org/archive/html/qemu-devel/2010-03/msg01914.html)
as breaking DR-DOS Plus.

Reported-by: Roy Tam <roytam@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

serial: update LSR on enabling/disabling FIFOs

When the transmit FIFO is emptied or enabled, the transmitter
hold register is empty.  When it is disabled, it is also emptied and
in addition the previous contents of the transmitter hold register
are discarded.  In either case, the THRE bit in LSR must be set and
THRI raised.

When the receive FIFO is emptied or enabled, the data ready and break
bits must be cleared in LSR.  Likewise when the receive FIFO is disabled.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

serial: clean up THRE/TEMT handling

- assert TEMT is cleared before sending a character; we'll get one from
TSR if tsr_retry > 0, from the FIFO or THR otherwise

- assert THRE cleared and FIFO not empty (if enabled) before fetching a
character to send.  This effectively reverts dffacd46, but the check
makes no sense and commit f702e62 (serial: change retry logic to avoid
concurrency, 2014-07-11) must have made it unnecessary.  The commit
message for f702e62 talks about multiple calls to qemu_chr_fe_add_watch
triggering s->tsr_retry >= MAX_XMIT_RETRY, but other failures were
possible.  For example, if you have multiple calls, the subsequent ones
will see s->tsr_retry == 0 and will find THRE and/or TEMT on entry.

- for clarity, raise THRI immediately after the code sets THRE

- check THRE to see if another character has to be sent.  This makes
the assertions more obvious and also means TEMT has to be set as soon as
the loop ends.  It makes the loop send both TSR and THR if flow-control
happens in non-FIFO mode.  Previously, THR would be lost.

- clear TEMT together with THRE even in the non-FIFO case

The last two items are bugfixes, but they were just found by inspection
and do not squash known bugs.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

serial: reset thri_pending on IER writes with THRI=0

This is responsible for failure of migration from 2.2 to 2.1, because
thr_ipending is always one in practice.

serial.c is setting thr_ipending unconditionally.  However, thr_ipending
is not used at all if THRI=0, and it will be overwritten again the next
time THRE or THRI changes.  For that reason, we can set thr_ipending to
zero every time THRI is reset.

There is disagreement on whether LSR.THRE should be resampled when IER.THRI
goes from 1 to 1.  This patch does not touch the code, leaving that for
QEMU 2.3+.

This has no semantic change and is enough to fix migration in the common
case where the interrupt is not pending or is reported in IIR.  It does not
change the migration format, so 2.2.0 -> 2.1 will remain broken but we
can fix 2.2.1 -> 2.1 without breaking 2.2.1 <-> 2.2.0.

The case that remains broken (the one in which the subsection is strictly
necessary) is when THRE=1, the THRI interrupt has *not* been acknowledged
yet, and a higher-priority interrupt comes.  In this case, you need the
subsection to tell the source that the lower-priority THRI interrupt is
pending.  The subsection's breakage of migration, in this case, prevents
continuing the VM on the destination with an invalid state.

Cc: qemu-stable@nongnu.org
Reported-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

linuxboot: fix loading old kernels

Old kernels that used high memory only allowed the initrd to be in the
first 896MB of memory.  If you load the initrd above, they complain
that "initrd extends beyond end of memory".

In order to fix this, while not breaking machines with small amounts
of memory fixed by cdebec5 (linuxboot: compute initrd loading address,
2014-10-06), we need to distinguish two cases.  If pc.c placed the
initrd at end of memory, use the new algorithm based on the e801
memory map.  If instead pc.c placed the initrd at the maximum address
specified by the bzImage, leave it there.

The only interesting part is that the low-memory info block is now
loaded very early, in real mode, and thus the 32-bit address has
to be converted into a real mode segment.  The initrd address is
also patched in the info block before entering real mode, it is
simpler that way.

This fixes booting the RHEL4.8 32-bit installation image with 1GB
of RAM.

Cc: qemu-stable@nongnu.org
Cc: mst@redhat.com
Cc: jsnow@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

kvm/apic: fix 2.2->2.1 migration

The wait_for_sipi field is set back to 1 after an INIT, so it was not
effective to reset it in kvm_apic_realize. Introduce a reset callback
and reset wait_for_sipi there.

Reported-by: Igor Mammedov <imammedo@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: add Ivy Bridge CPU model

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: add f16c and rdrand to Haswell and Broadwell

Both were added in Ivy Bridge (for which we do not have a CPU model
yet!).

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: add VME to all CPUs

vm86 mode extensions date back to the 486. All models should have
them.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

pc: add 2.3 machine types

The next patch will differentiate them.

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

i386: do not cross the pages boundaries in replay mode

This patch denies crossing the boundary of the pages in the replay mode,
because it can cause an exception. Do it only when boundary is
crossed by the first instruction in the block.
If current instruction already crossed the bound - it's ok,
because an exception hasn't stopped this code.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

cpus: make icount warp behave well with respect to stop/cont

This patch makes icount warp use the new QEMU_CLOCK_VIRTUAL_RT clock.
This way, icount's QEMU_CLOCK_VIRTUAL will never count time during which
the virtual machine is stopped.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

timer: introduce new QEMU_CLOCK_VIRTUAL_RT clock

This patch introduces new QEMU_CLOCK_VIRTUAL_RT clock, which
should be used for icount warping. In the next patch, it
will be used to avoid a huge icount warp when a virtual
machine is stopped for a long time.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

cpu-exec: invalidate nocache translation if they are interrupted

In this case, QEMU might longjmp out of cpu-exec.c and miss the final
cleanup in cpu_exec_nocache. Do this manually through a new compile
flag.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

icount: introduce cpu_get_icount_raw

Separate accessing the instruction counter from the compensation for
speed and halting that are introduced by qemu_icount_bias. This
introduces new infrastructure used by the record/replay patches.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

icount: set can_do_io outside TB execution

This patch sets can_do_io function to allow reading icount
within cpu-exec, but outside TB execution.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

cpu-exec: reset exception_index correctly

Exception index is reset at every entry at every entry into cpu_exec()
function. This may cause missing the exceptions while replaying them.
This patch moves exception_index reset to the locations where they are
processed.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

cpu-exec: fix cpu_exec_nocache

In icount mode cpu_exec_nocache function is used to execute part of the
existing TB. At the end of cpu_exec_nocache newly created TB is deleted.
Sometimes io_read function needs to recompile current TB and restart TB
lookup and execution. After that tb_find_fast function finds old (bigger)
TB again. This TB cannot be executed (because icount is not big enough)
and cpu_exec_nocache is called again. Such a loop continues over and over.
This patch deletes old TB and avoids finding it in the TB cache.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

scsi-disk: provide maximum transfer length

The QEMU block layer has a limit of INT_MAX bytes per transfer.

Expose it in the block limits VPD page for both regular transfers
and WRITE SAME.

Reported-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

scsi: Use g_new() & friends where that makes obvious sense

g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

This commit only touches allocations with size arguments of the form
sizeof(T).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

scsi: Fuse g_malloc(); memset() into g_malloc0()

Coccinelle semantic patch:

    @@
    expression LHS, SZ;
    @@
    -       LHS = g_malloc(SZ);
    -       memset(LHS, 0, SZ);
    +       LHS = g_malloc0(SZ);

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

scsi: Drop superfluous conditionals around g_free()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

x86: Drop some superfluous casts from void *

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

x86: Use g_new() & friends where that makes obvious sense

g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

This commit only touches allocations with size arguments of the form
sizeof(T).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

x86: Fuse g_malloc(); memset() into g_malloc0()

Coccinelle semantic patch:

    @@
    expression LHS, SZ;
    @@
    -       LHS = g_malloc(SZ);
    -       memset(LHS, 0, SZ);
    +       LHS = g_malloc0(SZ);

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

x86: Drop superfluous conditionals around g_free()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: get/set/migrate XSAVES state

Add xsaves related definition, it also adds corresponding part
to kvm_get/put, and vmstate.

Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-mips: kvm: do not use get_clock()

Use the external qemu-timer API instead.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: add feature flags for CPUID[EAX=0xd,ECX=1]

These represent xsave-related capabilities of the processor, and KVM may
or may not support them.

Add feature bits so that they are considered by "-cpu ...,enforce", and use
the new feature work instead of calling kvm_arch_get_supported_cpuid.

Bit 3 (XSAVES) is not migratables because it requires saving MSR_IA32_XSS.
Neither KVM nor any commonly available hardware supports it anyway.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

coverity/s390x: avoid false positive in kvm_irqchip_add_adapter_route

Paolo Bonzini reported that Coverity reports an uninitialized pad value.
Let's use a designated initializer for kvm_irq_routing_entry to avoid
this false positive. This is similar to kvm_irqchip_add_msi_route and
other users of kvm_irq_routing_entry.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

valgrind/s390x: avoid false positives on KVM_SET_FPU ioctl

struct kvm_fpu contains an alignment padding on s390x. Let's use a
designated initializer to avoid false positives from valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

valgrind/i386: avoid false positives on KVM_SET_VCPU_EVENTS ioctl

struct kvm_vcpu_events contains reserved fields. Let's use a
designated initializer to avoid false positives in valgrind.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

valgrind/i386: avoid false positives on KVM_GET_MSRS ioctl

struct kvm_msrs contains a pad field. Let's use a designated
initializer on the info part to avoid false positives from
valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

valgrind/i386: avoid false positives on KVM_SET_MSRS ioctl

struct kvm_msrs contains padding bytes. Let's use a designated
initializer on the info part to avoid false positives from
valgrind/memcheck. Do the same for generic MSRS, the TSC and
feature control.

We also need to zero out the reserved fields in the entries.
We do this in kvm_msr_entry_set as suggested by Paolo. This
avoids a big memset that a designated initializer on the
full structure would do.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

valgrind/i386: avoid false positives on KVM_SET_XCRS ioctl

struct kvm_xcrs contains padding bytes. Let's use a designated
initializer to avoid false positives from valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

valgrind/i386: avoid false positives on KVM_SET_PIT ioctl

struct kvm_pit_state2 contains pad fields. Let's use a designated
initializer to avoid false positives from valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

valgrind/i386: avoid false positives on KVM_SET_CLOCK ioctl

kvm_clock_data contains pad fields. Let's use a designated
initializer to avoid false positives from valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

valgrind: avoid false positives in KVM_GET_DIRTY_LOG ioctl

struct kvm_dirty_log contains padding fields that trigger false
positives in valgrind. Let's use a designated initializer to avoid
false positives from valgrind/memcheck.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

vfio: use kvm_resamplefds_enabled()

Use the kvm_resamplefds_enabled function

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

KVM_CAP_IRQFD and KVM_CAP_IRQFD_RESAMPLE checks

Compute kvm_irqfds_allowed by checking the KVM_CAP_IRQFD extension.
Remove direct settings in architecture specific files.

Add a new kvm_resamplefds_allowed variable, initialized by
checking the KVM_CAP_IRQFD_RESAMPLE extension. Add a corresponding
kvm_resamplefds_enabled() function.

A special notice for s390 where KVM_CAP_IRQFD was not immediatly
advirtised when irqfd capability was introduced in the kernel.
KVM_CAP_IRQ_ROUTING was advertised instead.

This was fixed in "KVM: s390: announce irqfd capability",
ebc3226202d5956a5963185222982d435378b899 whereas irqfd support
was brought in 84223598778ba08041f4297fda485df83414d57e,
"KVM: s390: irq routing for adapter interrupts". Both commits
first appear in 3.15 so there should not be any kernel
version impacted by this QEMU modification.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: simplify AES emulation

This patch simplifies the AES code, by directly accessing the newly added
S-Box, InvS-Box and InvMixColumns tables instead of recreating them by
using the AES_Te and AES_Td tables.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Add bootloader name to multiboot implementation

The name is set to "qemu".

Signed-off-by: Drew DeVault <sir@cmpwn.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Drew DeVault <sircmpwn@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Merge remote-tracking branch 'remotes/rth/tags/x86-next-20141214' into staging

Collected x86 patches

# gpg: Signature made Sun 14 Dec 2014 22:54:28 GMT using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/x86-next-20141214:
  target-i386: fix icount processing for repz instructions
  target-i386: fbld instruction doesn't set minus sign
  target-i386: Wrong conversion infinity from float80 to int32/int64

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-i386: fix icount processing for repz instructions

TCG generates optimized code for i386 repz instructions in single step mode.
It means that when ecx becomes 0, execution of the string instruction breaks
immediately without an additional iteration for ecx==0 (which will only check
ecx and set the flags). Omitting this iteration leads to different
instructions counting in singlestep mode and in normal execution.
This patch disables optimization of this last iteration for icount mode
which should be deterministic.

v2: inverted the condition and formatted the comment

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>

target-i386: fbld instruction doesn't set minus sign

Signed-off-by: Dmitry Poletaev <poletaev-qemu@yandex.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>

target-i386: Wrong conversion infinity from float80 to int32/int64

Signed-off-by: Dmitry Poletaev <poletaev-qemu@yandex.ru>
Signed-off-by: Richard Henderson <rth@twiddle.net>

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Fri 12 Dec 2014 17:09:56 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  linux-aio: simplify removal of completed iocbs from the list
  linux-aio: drop return code from laio_io_unplug and ioq_submit
  linux-aio: rename LaioQueue idx field to "n"
  linux-aio: track whether the queue is blocked
  linux-aio: queue requests that cannot be submitted
  block: drop unused bdrv_clear_incoming_migration_all() prototype
  block: Don't add trailing space in "Formating..." message
  qemu-iotests: Remove traling whitespaces in *.out
  block: vhdx - set .bdrv_has_zero_init to bdrv_has_zero_init_1
  iotests: Fix test 039
  iotests: Filter for "Killed" in qemu-io output
  qemu-io: Add sigraise command
  block: vhdx - change .vhdx_create default block state to ZERO
  block: vhdx - update PAYLOAD_BLOCK_UNMAPPED value to match 1.00 spec
  block: vhdx - remove redundant comments
  block/rbd: fix memory leak
  iotests: Add test for vmdk JSON file names
  vmdk: Fix error for JSON descriptor file names
  block migration: fix return value

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

linux-aio: simplify removal of completed iocbs from the list

There is no need to do another O(n) pass on the list; the iocb to
split the list at is already available through the array we passed to
io_submit.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1418305950-30924-6-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

linux-aio: drop return code from laio_io_unplug and ioq_submit

These are unused.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1418305950-30924-5-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

linux-aio: rename LaioQueue idx field to "n"

It does not identify an index in an array anymore.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1418305950-30924-4-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

linux-aio: track whether the queue is blocked

Avoid that unplug submits requests when io_submit reported that it
couldn't accept more; at the same time, try more io_submit calls if it
could handle the whole set of requests that were passed, so that the
"blocked" flag is reset as soon as possible.

After the previous patch, laio_submit already tried to avoid submitting
requests to a blocked queue, by comparing s->io_q.idx with "==" instead
of the more natural ">=". Switch to the simpler expression now that we
have the "blocked" flag.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1418305950-30924-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

linux-aio: queue requests that cannot be submitted

Keep a queue of requests that were not submitted; pass them to
the kernel when a completion is reported, unless the queue is
plugged.

The array of iocbs is rebuilt every time from scratch. This
avoids keeping the iocbs array and list synchronized.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1418305950-30924-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: drop unused bdrv_clear_incoming_migration_all() prototype

The bdrv_clear_incoming_migration_all() function has not existed since
commit 7ea2d269cb84ca7a2f4b7c3735634176f7c1dc35 ("block/migration:
Disable cache invalidate for incoming migration").

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1418212937-22222-1-git-send-email-stefanha@redhat.com

block: Don't add trailing space in "Formating..." message

Change the message printing code to output a separator for each option
string before it instead of after, then we don't one more extra ' ' in
the end.

To update qemu-iotests output files, most of the times one would just
copy the *.out.bad to *.out. With this change we will not have the
space disliked by checkpatch.pl.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1418110684-19528-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qemu-iotests: Remove traling whitespaces in *.out

This is simply:

$ cd tests/qemu-iotests; sed -i -e 's/ *$//' *.out

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1418110684-19528-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: vhdx - set .bdrv_has_zero_init to bdrv_has_zero_init_1

Now that new VHDX images will default to BAT block states of
PAYLOAD_BLOCK_ZERO, we can indicate that VHDX has zero init.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 5e582703e36450b9ca939e2e5c9fa3930030f7fe.1418018421.git.jcody@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

iotests: Fix test 039

Test 039 used qemu-io -c abort for simulating a qemu crash; however,
abort() generally results in a core dump and ulimit -c 0 is no reliable
way of preventing that. Use "sigraise $(kill -l KILL)" instead to have
it crash without a core dump.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1418032092-16813-4-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

iotests: Filter for "Killed" in qemu-io output

_filter_qemu_io already filters out the process ID when qemu-io is
aborted; the same should be done when it is killed.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1418032092-16813-3-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qemu-io: Add sigraise command

abort() has the sometimes undesirable side-effect of generating a core
dump. If that is not needed, SIGKILL has the same effect of abruptly
crash qemu; without a core dump.

Thus, -c abort is not always useful to simulate a qemu-io crash;
therefore, this patch adds a new sigraise command which allows raising
a signal.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1418032092-16813-2-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: vhdx - change .vhdx_create default block state to ZERO

The VHDX spec specifies that the default new block state is
PAYLOAD_BLOCK_NOT_PRESENT for a dynamic VHDX image, and
PAYLOAD_BLOCK_FULLY_PRESENT for a fixed VHDX image.

However, in order to create space-efficient VHDX images with qemu-img
convert, it is desirable to be able to set has_zero_init to true for
VHDX.

There is currently an option when creating VHDX images, to use block
state ZERO for new blocks. However, this currently defaults to 'off'.
In order to be able to eventually set has_zero_init to true for VHDX,
this needs to default to 'on'.

This patch changes the default to 'on', and provides some help
information to warn against setting it to 'off' when using qemu-img
convert.

[Max Reitz pointed out that a full stop was missing at the end of the
VHDX_BLOCK_OPT_ZERO option help text. I have added it.
--Stefan]

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 85164899eacc86e150c3ceba793cf93b398dedd7.1418018421.git.jcody@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: vhdx - update PAYLOAD_BLOCK_UNMAPPED value to match 1.00 spec

The 0.95 VHDX spec defined PAYLOAD_BLOCK_UNMAPPED to be 5. The 1.00
VHDX spec redefines PAYLOAD_BLOCK_UNMAPPED to be 3 instead.

The original value of 5 is now an undefined state in the spec, but it
should be safe to treat it the same and return zeros for data read.
This way, we can maintain compatibility with any images out in the wild
that may have been created in accordance to the 0.95 spec.

Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 8a4d2da73a8dbc04cde62bea782fc09ff84b1cf1.1418018421.git.jcody@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: vhdx - remove redundant comments

Minor cleanup.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: e8718ae3fd3e40a527e46a00e394973fbaab4d53.1418018421.git.jcody@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block/rbd: fix memory leak

Variable local_err going out of scope
leaks the storage it points to.

Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Message-id: 1417674851-6248-1-git-send-email-arei.gonglei@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

iotests: Add test for vmdk JSON file names

Add a test for vmdk files which use a file with a JSON file name, and
which then try to open extents. That should fail and the error message
should at least try to look helpful.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417615043-26174-3-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

vmdk: Fix error for JSON descriptor file names

If vmdk blindly tries to use path_combine() using bs->file->filename as
the base file name, this will result in a bad error message for JSON
file names when calling bdrv_open(). It is better to only try
bs->file->exact_filename; if that is empty, bs->file->filename will be
useless for path_combine() and an error should be emitted (containing
bs->file->filename because desc_file_path (which is
bs->file->exact_filename) is empty).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1417615043-26174-2-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block migration: fix return value

Modify block_save_iterate() to return positive/zero/negative
(success/not done/failure) return status. The computation of
the blocks transferred (an int64_t) exceeds the size of an
int return value.

Signed-off-by: Gary R Hook <gary.hook@nimboxx.com>
Reviewed-by: ChenLiang <chenliang88@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1416958202-15913-1-git-send-email-gary.hook@nimboxx.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2014-12-11' into staging

trivial patches for 2014-12-11

# gpg: Signature made Thu 11 Dec 2014 18:13:58 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"

* remotes/mjt/tags/pull-trivial-patches-2014-12-11:
  Sort include/qemu/typedefs.h
  hpet: increase spelling precision
  pflash_cfi02.c: associate "cfi.pflash02" to "Storage devices" category
  vt82c686: fix coverity warning about out-of-bounds write
  virtio: remove useless declaration of virtio_net_init()
  qapi-schema: fix typo about change-vnc-password
  fw_cfg: remove superfluous blank line
  get_maintainer.pl: Remove the --git-chief-penguins option
  configure: Replace which(1) with "has"
  util: Use g_new() & friends where that makes obvious sense
  util: Fuse g_malloc(); memset() into g_new0()
  util: Drop superfluous conditionals around g_free()
  Drop superfluous conditionals around g_strdup()
  Drop superfluous conditionals around qemu_opts_del()
  usb: delete redundant brackets in usb_host_handle_control()
  virtio-bus: avoid breaking build when open DEBUG switch
  acpi-build: Make DPRINTF working for acpi-build
  acpi-build: adjust indention 8 -> 4 spaces
  target-s390x: fix possible out of bounds read
  qmp: fix typo in input-send-event examples

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Sort include/qemu/typedefs.h

Mainly to make it less likely to conflict during merges.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

hpet: increase spelling precision

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20141211' into staging

target-arm queue:
* pass semihosting exit code out to system
* more TrustZone support code (still not enabled yet)
* allow user to direct semihosting to gdb or native explicitly
   rather than always auto-guessing the destination
* fix memory leak in realview_init
* fix coverity warning in hw/arm/boot
* get state migration working for AArch64 CPUs
* check errors in kvm_arm_reset_vcpu

# gpg: Signature made Thu 11 Dec 2014 12:16:19 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20141211: (33 commits)
  target-arm: Check error conditions on kvm_arm_reset_vcpu
  target-arm: Support save/load for 64 bit CPUs
  target-arm/kvm: make reg sync code common between kvm32/64
  arm_gic_kvm: Tell kernel about number of IRQs
  hw/arm/boot: fix uninitialized scalar variable warning reported by coverity
  hw/arm/realview.c: Fix memory leak in realview_init()
  target-arm: make MAIR0/1 banked
  target-arm: make c13 cp regs banked (FCSEIDR, ...)
  target-arm: make VBAR banked
  target-arm: make PAR banked
  target-arm: make IFAR/DFAR banked
  target-arm: make DFSR banked
  target-arm: make IFSR banked
  target-arm: make DACR banked
  target-arm: make TTBCR banked
  target-arm: make TTBR0/1 banked
  target-arm: make CSSELR banked
  target-arm: respect SCR.FW, SCR.AW and SCTLR.NMFI
  target-arm: add SCTLR_EL3 and make SCTLR banked
  target-arm: add MVBAR support
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block patches for 2.3

# gpg: Signature made Wed 10 Dec 2014 09:31:53 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream: (73 commits)
  vmdk: Set errp on failures in vmdk_open_vmdk4
  vmdk: Remove unnecessary initialization
  vmdk: Check descriptor file length when reading it
  vmdk: Clean up descriptor file reading
  vmdk: Fix comment to match code of extent lines
  vmdk: Use g_random_int to generate CID
  block: Use g_new0() for a bit of extra type checking
  block: remove BLOCK_OPT_NOCOW from vpc_create_opts
  block: remove BLOCK_OPT_NOCOW from vdi_create_opts
  qemu-iotests: Skip 099 for VMDK subformats with desc file
  block/raw-posix: Fix ret in raw_open_common()
  qcow2: Respect bdrv_truncate() error
  qcow2: Flushing the caches in qcow2_close may fail
  qcow2: Prevent numerical overflow
  iotests: Add test for unsupported image creation
  iotests: Only kill NBD server if it runs
  qemu-img: Check create_opts before image amendment
  qemu-img: Check create_opts before image creation
  block: Check create_opts before image creation
  block/nfs: Add create_opts
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: Check error conditions on kvm_arm_reset_vcpu

When resetting a VCPU we currently call both kvm_arm_vcpu_init() and
write_kvmstate_to_list(), both of which can fail, but we never check the
return value.

The only choice here is to print an error an exit if the calls fail.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418039630-11773-1-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: Support save/load for 64 bit CPUs

For migration to work on 64 bit CPUs, we need to include both
the 64-bit integer register file and the PSTATE. Everything
else is either stored in the same place as existing 32-bit CPU
state or handled by the generic sysreg mechanism.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1417788683-4038-3-git-send-email-peter.maydell@linaro.org

target-arm/kvm: make reg sync code common between kvm32/64

Before we launch a guest we query KVM for the list of "co-processor"
registers it knows about. This is used to synchronize system
register state for the bulk of coprocessor/system registers.
Move this code from the 32-bit specific vcpu init function into
a common routine and call it also from the 64-bit vcpu init.

This allows system registers to migrate correctly when using
KVM, and also permits QEMU code to see the current KVM register
state (which will be needed to support big-endian guests, since
the virtio endianness callback must check for some system register
settings).

Since vcpu reset also has to sync registers, we move the
32 bit kvm_arm_reset_vcpu() into common code as well and
share it with the 64 bit version.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
[PMM: just copy the 32-bit code rather than improving it along the way;
don't share reg_syncs_via_tuple_list() between 32 and 64 bit;
tweak function names; move reset]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

arm_gic_kvm: Tell kernel about number of IRQs

Newer kernels support a device attribute on the GIC which allows us to
tell it how many IRQs this GIC instance is configured with; use it, if
it exists.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1417718679-1071-1-git-send-email-peter.maydell@linaro.org

hw/arm/boot: fix uninitialized scalar variable warning reported by coverity

Coverity reports the 'size' may be used uninitialized, but that can't happen,
because the caller has checked "if (binfo->dtb_filename || binfo->get_dtb)"
before call 'load_dtb'.

Here we simply remove the 'if (binfo->get_dtb)' to satisfy coverity.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Message-id: 1416826240-12368-1-git-send-email-zhang.zhanghailiang@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm/realview.c: Fix memory leak in realview_init()

Variable 'ram_lo' is allocated unconditionally, but used only in some cases.
When it is unused pointer will be lost at function exit, resulting in a
memory leak. Allocate memory for 'ram_lo' only if it is needed.

Valgrind output:
==16879== 240 bytes in 1 blocks are definitely lost in loss record 6,033 of 7,018
==16879==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16879==    by 0x33D2CE: malloc_and_trace (vl.c:2804)
==16879==    by 0x509E610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==16879==    by 0x288836: realview_init (realview.c:55)
==16879==    by 0x28988C: realview_pb_a8_init (realview.c:375)
==16879==    by 0x341426: main (vl.c:4413)

Signed-off-by: Nikita Belov <zodiac@ispras.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: make MAIR0/1 banked

Added CP register info entries for the ARMv7 MAIR0/1 secure banks.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-26-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: make c13 cp regs banked (FCSEIDR, ...)

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
FCSEIDR, CONTEXTIDR, TPIDRURW, TPIDRURO and TPIDRPRW have a secure
and a non-secure instance.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-25-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: make VBAR banked

When EL3 is running in Aarch32 (or ARMv7 with Security Extensions)
VBAR has a secure and a non-secure instance, which are mapped to
VBAR_EL1 and VBAR_EL3.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-24-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: make PAR banked

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
PAR has a secure and a non-secure instance.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-23-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: make IFAR/DFAR banked

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
IFAR and DFAR have a secure and a non-secure instance.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-22-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: make DFSR banked

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
DFSR has a secure and a non-secure instance.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-21-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: make IFSR banked

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
IFSR has a secure and a non-secure instance. Adds IFSR32_EL2 definition and
storage.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-20-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: make DACR banked

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
DACR has a secure and a non-secure instance. Adds definition for DACR32_EL2.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-19-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: make TTBCR banked

Adds secure and non-secure bank register suport for TTBCR.
Added new struct to compartmentalize the TCR data and masks.  Removed old
tcr/ttbcr data and added a 4 element array of the new structs in cp15.  This
allows for one entry per EL.  Added a CP register definition for TCR_EL3.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-18-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: make TTBR0/1 banked

Adds secure and non-secure bank register suport for TTBR0 and TTBR1.
Changes include adding secure and non-secure instances of ttbr0 and ttbr1 as
well as a CP register definition for TTBR0_EL3. Added a union containing
both EL based array fields and secure and non-secure fields mapped to them.
Updated accesses to use A32_BANKED_CURRENT_REG_GET macro.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-17-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: make CSSELR banked

Rename CSSELR (cache size selection register) and add secure
instance (AArch32).

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-16-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: respect SCR.FW, SCR.AW and SCTLR.NMFI

Add checks of SCR AW/FW bits when performing writes of CPSR. These SCR bits
are used to control whether the CPSR masking bits can be adjusted from
non-secure state.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-15-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: add SCTLR_EL3 and make SCTLR banked

Implements SCTLR_EL3 and uses secure/non-secure instance when
needed.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-14-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: add MVBAR support

Use MVBAR register as exception vector base address for
exceptions taken to CPU monitor mode.

Signed-off-by: Sergey Fedorov <s.fedorov@samsung.com>
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-13-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: add SDER definition

Added CP register defintions for SDER and SDER32_EL3 as well as cp15.sder for
register storage.

Signed-off-by: Sergey Fedorov <s.fedorov@samsung.com>
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-12-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>