git.osdn.net Git - qmiga/qemu.git/log

linux-user: Implement PR_PAC_RESET_KEYS

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190201195404.30486-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Enable BTI for -cpu max

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190128223118.5255-11-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Set btype for indirect branches

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190128223118.5255-9-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Reset btype for direct branches

This is all of the non-exception cases of DISAS_NORETURN.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190128223118.5255-8-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Default handling of BTYPE during translation

The branch target exception for guarded pages has high priority,
and only 8 instructions are valid for that case. Perform this
check before doing any other decode.

Clear BTYPE after all insns that neither set BTYPE nor exit via
exception (DISAS_NORETURN).

Not yet handled are insns that exit via DISAS_NORETURN for some
other reason, like direct branches.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190128223118.5255-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Cache the GP bit for a page in MemTxAttrs

Caching the bit means that we will not have to re-walk the
page tables to look up the bit during translation.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190128223118.5255-6-richard.henderson@linaro.org
[PMM: no need to OR in guarded bit status]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

exec: Add target-specific tlb bits to MemTxAttrs

These bits can be used to cache target-specific data in cputlb
read from the page tables.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190128223118.5255-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Add BT and BTYPE to tb->flags

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190128223118.5255-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Add PSTATE.BTYPE

Place this in its own field within ENV, as that will
make it easier to reset from within TCG generated code.

With the change to pstate_read/write, exception entry
and return are automatically handled.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190128223118.5255-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Introduce isar_feature_aa64_bti

Also create field definitions for id_aa64pfr1 from ARMv8.5.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190128223118.5255-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190205-pull-request' into staging

ui: add kbd stats tracker.
ui: gtk scroll fixes.
ui: egl cursor scale fix.
ui: more sdl1 cleanup.

# gpg: Signature made Tue 05 Feb 2019 10:57:42 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20190205-pull-request:
  keymap: fix keyup mappings
  keymap: pass full keyboard state to keysym2scancode
  kbd-state: use state tracker for vnc
  kbd-state: use state tracker for gtk
  sdl2: use only QKeyCode in sdl2_process_key()
  kbd-state: use state tracker for sdl2
  sdl2: remove sdl2_reset_keys() function
  kbd-state: add keyboard state tracker
  ui/egl-helpers: Augment parameter list of egl_texture_blend() to convey scales of viewport
  ui/cocoa.m: Fix macOS 10.14 deprecation warnings
  ui/sdl_keysym: Remove obsolete SDL1.2 related code
  ui: listen for GDK_SMOOTH_SCROLL events
  ui: don't send any event if delta_y == 0
  Remove deprecated -no-frame option

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-02-04' into staging

nbd patches for 2019-02-04

- deprecate 'qemu-nbd --partition'
- preparation for NBD reconnect, including better logging of read errors

# gpg: Signature made Tue 05 Feb 2019 03:50:56 GMT
# gpg:                using RSA key A7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg:                 aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* remotes/ericb/tags/pull-nbd-2019-02-04:
  block/nbd-client: rename read_reply_co to connection_co
  block/nbd-client: don't check ioc
  block/nbd-client: fix nbd_reply_chunk_iter_receive
  block/nbd-client: split connection from initialization
  block/nbd: move connection code from block/nbd to block/nbd-client
  block/nbd-client: split channel errors from export errors
  nbd: generalize usage of nbd_read
  qemu-nbd: Deprecate qemu-nbd --partition

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

keymap: fix keyup mappings

It is possible that the modifier state on keyup is different from the
modifier state on keydown. In that case the keycode lookup can end up
with different keys in case multiple keysym -> keycode mappings exist,
because it picks the mapping depending on modifier state.

To fix that change the lookup logic for keyup events. Instead of
looking at the modifier state check the key state and prefer a keycodes
where the key is in "down" state right now.

Fixes: abb4f2c965 keymap: consider modifier state when picking a mapping
Buglink: https://bugs.launchpad.net/bugs/1738283
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1658676
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190122092814.14919-9-kraxel@redhat.com

keymap: pass full keyboard state to keysym2scancode

Pass the keyboard state tracker handle down to keysym2scancode(),
so the code can fully inspect the keyboard state as needed. No
functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190122092814.14919-8-kraxel@redhat.com

kbd-state: use state tracker for vnc

Use the new keyboard state tracked for vnc. Allows to drop the
vnc-specific modifier state tracking code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190122092814.14919-7-kraxel@redhat.com

kbd-state: use state tracker for gtk

Use the new keyboard state tracked for gtk. Allows to drop the
gtk-specific modifier state tracking code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190122092814.14919-6-kraxel@redhat.com

sdl2: use only QKeyCode in sdl2_process_key()

Also: sdl2_process_key is never called with scon == NULL.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190122092814.14919-5-kraxel@redhat.com

kbd-state: use state tracker for sdl2

Use the new keyboard state tracked for sdl2. We can drop the modifier
state tracking from sdl2. Also keyup code is simpler, the state tracker
will take care to not send suspious keyup events to the guest.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190122092814.14919-4-kraxel@redhat.com

sdl2: remove sdl2_reset_keys() function

No users left, dead code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190122092814.14919-3-kraxel@redhat.com

kbd-state: add keyboard state tracker

Now that most user interfaces are using QKeyCodes it is easier to have
common keyboard code useable by all user interfaces.

This patch adds helper code to track the state of all keyboard keys,
using a bitmap indexed by QKeyCode. Modifier state is tracked too,
as separate bitmap. That makes checking modifier state easier.
Likewise we can easily apply special handling for capslock & numlock
(toggles on keypress) and ctrl + shift (we have two keys for that).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190122092814.14919-2-kraxel@redhat.com

[ kraxel: added license boilerplate header ]

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

ui/egl-helpers: Augment parameter list of egl_texture_blend() to convey scales of viewport

This would help gtk-egl display showing scaled DMABuf cursor images when
gtk window was zoomed. A default scale of (1.0, 1.0) was presumed for
call sites where no scaling is needed.

Signed-off-by: Chen Zhang <tgfbeta@me.com>
Message-id: 23B229B3-3095-4DFB-8369-866784808D30@me.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Merge remote-tracking branch 'remotes/xtensa/tags/20190204-xtensa' into staging

target/xtensa: SMP updates and various fixes

- fix CPU wakeup on runstall changes; expose runstall as an IRQ line;
- place mini-bootloader at the BSP reset vector;
- expose CPU core frequency in XTFPGA board FPGA register;
- rearrange access to external interrupts of xtensa cores;
- add MX interrupt distributor and use it on SMP XTFPGA boards;
- add test_mmuhifi_c3 xtensa core variant;
- raise number of CPUs that can be instantiated on XTFPGA boards.

# gpg: Signature made Mon 04 Feb 2019 18:59:32 GMT
# gpg:                using RSA key 2B67854B98E5327DCDEB17D851F9CC91F83FA044
# gpg:                issuer "jcmvbkbc@gmail.com"
# gpg: Good signature from "Max Filippov <filippov@cadence.com>" [unknown]
# gpg:                 aka "Max Filippov <max.filippov@cogentembedded.com>" [full]
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>" [full]
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20190204-xtensa:
  hw/xtensa: xtfpga: raise CPU number limit
  target/xtensa: add test_mmuhifi_c3 core
  hw/xtensa: xtfpga: use MX PIC for SMP
  target/xtensa: add MX interrupt controller
  target/xtensa: expose core runstall as an IRQ line
  target/xtensa: rearrange access to external interrupts
  target/xtensa: drop function xtensa_timer_irq
  target/xtensa: fix access to the INTERRUPT SR
  hw/xtensa: xtfpga: use core frequency
  hw/xtensa: xtfpga: fix bootloader placement in SMP
  target/xtensa: add qemu_cpu_kick to xtensa_runstall

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

ui/cocoa.m: Fix macOS 10.14 deprecation warnings

macOS 10.14 deprecated NSOnState/NSOffState in favour of
NSControlStateValueOn/NSControlStateValueOff. Use the new constants,
and #define them to the old ones when compiling against a pre-10.13 SDK.
Also [NSGraphicsContext graphicsPort] is now deprecated, use
[NSGraphicsContext CGContext] when available.

Signed-off-by: Brendan Shanks <brendan@bslabs.net>
Message-id: 20190201071225.20576-1-brendan@bslabs.net
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

ui/sdl_keysym: Remove obsolete SDL1.2 related code

sdl_keysym.h has only been included by sdl.c which has recently been
removed recently with this commit:

0015ca5cbabe0b31d31610ddfaafd90a9e5911a4
("ui: remove support for SDL1.2 in favour of SDL2")

So we can drop this header file now completely, too.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 1549282241-23535-1-git-send-email-thuth@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

ui: listen for GDK_SMOOTH_SCROLL events

On Wayland, without grabbing focus, two-finger scrolling generates
GDK_SMOOTH_SCROLL events instead of GDK_SCROLL_*, so listen for them.

Signed-off-by: Sergio Lopez <slp@redhat.com>
Message-id: 20190204120823.41333-1-slp@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

ui: don't send any event if delta_y == 0

When the user raises their fingers from the touchpad, we may receive a
GDK_SMOOTH_SCROLL event with delta_y == 0. Avoid generating a WHEEL_UP
event in this situation.

Signed-off-by: Sergio Lopez <slp@redhat.com>
Message-id: 20190204122043.43007-1-slp@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Remove deprecated -no-frame option

The -no-frame option has been deprecated with QEMU v2.12. It was only
useful with SDL1.2 - now that we've removed support for SDL1.2, we
can certainly remove the -no-frame option, too.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1549351769-19620-1-git-send-email-thuth@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

block/nbd-client: rename read_reply_co to connection_co

This coroutine will serve nbd reconnects, so, rename it to be something
more generic.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190201130138.94525-7-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>

block/nbd-client: don't check ioc

We have several paranoid checks for ioc != NULL. But ioc may become
NULL only on close, which should not happen during requests handling.
Also, we check ioc only sometimes, not after each yield, which is
inconsistent. Let's drop these checks. However, for safety, let's leave
asserts instead.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190201130138.94525-6-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>

block/nbd-client: fix nbd_reply_chunk_iter_receive

Use exported report, not the variable to be reused (should not really
matter).

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190201130138.94525-5-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>

block/nbd-client: split connection from initialization

Split connection code to reuse it for reconnect.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190201130138.94525-4-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>

block/nbd: move connection code from block/nbd to block/nbd-client

Keep all connection code in one file, to be able to implement reconnect
in further patches.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20190201130138.94525-3-vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[eblake: format tweak]
Signed-off-by: Eric Blake <eblake@redhat.com>

block/nbd-client: split channel errors from export errors

To implement nbd reconnect in further patches, we need to distinguish
error codes, returned by nbd server, from channel errors, to reconnect
only in the latter case.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190201130138.94525-2-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>

nbd: generalize usage of nbd_read

We generally do very similar things around nbd_read: error_prepend
specifying what we have tried to read, and be_to_cpu conversion of
integers.

So, it seems reasonable to move common things to helper functions,
which:
1. simplify code a bit
2. generalize nbd_read error descriptions, all starting with
"Failed to read"
3. make it more difficult to forget to convert things from BE

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190128165830.165170-1-vsementsov@virtuozzo.com>
[eblake: rename macro to DEF_NBD_READ_N and formatting tweaks;
checkpatch has false positive complaint]
Signed-off-by: Eric Blake <eblake@redhat.com>

qemu-nbd: Deprecate qemu-nbd --partition

The existing qemu-nbd --partition code claims to handle logical
partitions up to 8, since its introduction in 2008 (commit 7a5ca86).
However, the implementation is bogus (actual MBR logical partitions
form a sort of linked list, with one partition per extended table
entry, rather than four logical partitions in a single extended
table), making the code unlikely to work for anything beyond -P5 on
actual guest images. What's more, the code does not support GPT
partitions, which are becoming more popular, and maintaining device
subsetting in both NBD and the raw device is unnecessary duplication
of effort (even if it is not too difficult).

Note that obtaining the offsets of a partition (MBR or GPT) can be
learned by using 'qemu-nbd -c /dev/nbd0 file.qcow2 && sfdisk --dump
/dev/nbd0', but by the time you've done that, you might as well
just mount /dev/nbd0p1 that the kernel creates for you instead of
bothering with qemu exporting a subset. Or, keeping to just
user-space code, use nbdkit's partition filter, which has already
known both GPT and primary MBR partitions for a while, and was
just recently enhanced to support arbitrary logical MBR parititions.

Start the clock on the deprecation cycle, with examples of how
to accomplish device subsetting without using -P.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190125234837.2272-1-eblake@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>

test-filter-mirror: pass UNIX domain socket through fd

The tests tries to let qemu server mode to process the connection
which turns out to be racy after commit 8258292e18c3 ("monitor: Remove
"x-oob", offer capability "oob" unconditionally"). This is because the
filter may try to mirror the packets before UNIX socket object is
ready (connected was set to true) from the view of qemu. In this case
the packet will be dropped silently.

Fixing this by passing pre-connected socket created by socketpair() to
qemu through fd.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Li Zhijian <lizhijian@cn.fujitsu.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: Zhang Chen <zhangckid@gmail.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Zhang Chen <zhangckid@gmail.com>
Message-id: 20190130031427.13129-1-jasowang@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tests/docker/test-mingw and docs: Remove --with-sdlabi=2.0

Patchew currently reports failures with the mingw docker test - this
is due to --with-sdlabi=2.0 configure flag which does not exist anymore.
Remove this remainder from the docker test and the docs now.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1549268743-18502-1-git-send-email-thuth@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20190204' into staging

Xen queue

* xen-block, the Xen PV backend, now handles resize.
* configure cleanup.
* xen-bus fix.

# gpg: Signature made Mon 04 Feb 2019 11:16:13 GMT
# gpg:                using RSA key F80C006308E22CFD8A92E7980CF5572FD7FB55AF
# gpg:                issuer "anthony.perard@citrix.com"
# gpg: Good signature from "Anthony PERARD <anthony.perard@gmail.com>" [marginal]
# gpg:                 aka "Anthony PERARD <anthony.perard@citrix.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5379 2F71 024C 600F 778A  7161 D8D5 7199 DF83 42C8
#      Subkey fingerprint: F80C 0063 08E2 2CFD 8A92  E798 0CF5 572F D7FB 55AF

* remotes/aperard/tags/pull-xen-20190204:
  xen-block: handle resize callback
  xen: fix xen-bus state model to allow frontend re-connection
  configure: Don't add Xen's libs to LDFLAGS
  configure: xen: Stop build-testing for xc_domain_create

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

xen-block: handle resize callback

Some frontend drivers will handle dynamic resizing of PV disks, so set up
the BlockDevOps resize_cb() method during xen_block_realize() to allow
this to be done.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>

xen: fix xen-bus state model to allow frontend re-connection

There is a flaw in the xen-bus state model. To allow a frontend to re-
connect the backend state of an online XenDevice is transitioned from
Closed to InitWait, but this is currently done unilaterally which is
incorrect. The backend state should remain Closed until the frontend state
transitions to Initialising.

This patch removes the automatic backend state transition from
xen_device_backend_state_changed() and, instead, adds an extra check in
xen_device_frontend_state_changed() to determine whether a frontend is
trying to re-connect to a previously Closed XenDevice. Only if this is
found to be the case is the backend state transitioned from Closed to
InitWait. Note that this transition will be common amongst all XenDevice
classes and hence xen_device_frontend_state_changed() returns immediately
afterwards without calling into the XenDeviceClass frontend_changed()
method.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>

configure: Don't add Xen's libs to LDFLAGS

When Xen is detected via pkg-config, it isn't necessary to modify
LDFLAGS as modifying libs_softmmu is enough.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

configure: xen: Stop build-testing for xc_domain_create

Its last uses was removed by: 6d7c06c213ddcfabcafdc178ccef81736f85a7c2
"Remove broken Xen PV domain builder".

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-4.0-20190204' into staging

ppc patch queue 2019-02-04

Here's the next batch of ppc target and spapr related changes.
Highlights are:
* A number of endianness handling cleanups from Mark Cave-Ayland
* Updated Mac VGA driver
* Updated SLOF image
* Some XIVE cleanups and small fixes
* ppc4xx cleanups and fixes from BALATON Zoltan

There are a few chances not technically in the ppc target code:
* Several MAINTAINERS updates
* Fixes for unmapping of hugepages on power hosts

The latter is included because it's primarily of interest for ppc KVM setups.

# gpg: Signature made Mon 04 Feb 2019 07:52:26 GMT
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-4.0-20190204: (37 commits)
  mmap-alloc: fix hugetlbfs misaligned length in ppc64
  mmap-alloc: unfold qemu_ram_mmap()
  hw/ppc: Don't include m48t59.h if it is not necessary
  spapr_pci: Fix endianness in assigned-addresses property
  target/ppc: remove various HOST_WORDS_BIGENDIAN hacks in int_helper.c
  target/ppc: remove ROTRu32 and ROTRu64 macros from int_helper.c
  target/ppc: simplify VEXT_SIGNED macro in int_helper.c
  target/ppc: eliminate use of EL_IDX macros from int_helper.c
  target/ppc: eliminate use of HI_IDX and LO_IDX macros from int_helper.c
  target/ppc: rework vmul{e,o}{s,u}{b,h,w} instructions to use Vsr* macros
  target/ppc: rework vmrg{l,h}{b,h,w} instructions to use Vsr* macros
  hw/ppc/spapr: Add support for "-vga cirrus"
  QemuMacDrivers: update qemu_vga.ndrv to 90c488d built from submodule
  MAINTAINERS: add myself as maintainer for Mac Old World and New World machines
  spapr: Drop unused parameters from fdt building helper
  MAINTAINERS: Merge the two e500 sections
  MAINTAINERS: XIVE is an interrupt controller, not a machine
  hw/ppc: Move ppc40x_*reset() functions from ppc405_uc.c to ppc.c
  ppc: remove the interrupt presenters from under PowerPCCPU
  target/ppc: implement complete set of Vsr* macros
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

mmap-alloc: fix hugetlbfs misaligned length in ppc64

The commit 7197fb4058bcb68986bae2bb2c04d6370f3e7218 ("util/mmap-alloc:
fix hugetlb support on ppc64") fixed Huge TLB mappings on ppc64.

However, we still need to consider the underlying huge page size
during munmap() because it requires that both address and length be a
multiple of the underlying huge page size for Huge TLB mappings.
Quote from "Huge page (Huge TLB) mappings" paragraph under NOTES
section of the munmap(2) manual:

"For munmap(), addr and length must both be a multiple of the
underlying huge page size."

On ppc64, the munmap() in qemu_ram_munmap() does not work for Huge TLB
mappings because the mapped segment can be aligned with the underlying
huge page size, not aligned with the native system page size, as
returned by getpagesize().

This has the side effect of not releasing huge pages back to the pool
after a hugetlbfs file-backed memory device is hot-unplugged.

This patch fixes the situation in qemu_ram_mmap() and
qemu_ram_munmap() by considering the underlying page size on ppc64.

After this patch, memory hot-unplug releases huge pages back to the
pool.

Fixes: 7197fb4058bcb68986bae2bb2c04d6370f3e7218
Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

mmap-alloc: unfold qemu_ram_mmap()

Unfold parts of qemu_ram_mmap() for the sake of understanding, moving
declarations to the top, and keeping architecture-specifics in the
ifdef-else blocks.  No changes in the function behaviour.

Give ptr and ptr1 meaningful names:
  ptr  -> guardptr : pointer to the PROT_NONE guard region
  ptr1 -> ptr      : pointer to the mapped memory returned to caller

Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

hw/ppc: Don't include m48t59.h if it is not necessary

These files don't use anything from m48t59.h, so no need to include
this header here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

spapr_pci: Fix endianness in assigned-addresses property

reg->phys_hi and assigned->phys_hi are big endian but we do an extra
byteswap anyway when copying reg->phys_hi to assigned->phys_hi.
To make things slightly more messy, we also add a relocatable bit (b_n())
although in the right endianness.

This fixes endianness of assigned->phys_hi.

This is unlikely to produce any visible difference though as we should end up
there only in the case of PCI hotplug and even then I am not sure if
(d->io_regions[i].addr == PCI_BAR_UNMAPPED) == true.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

target/ppc: remove various HOST_WORDS_BIGENDIAN hacks in int_helper.c

Following on from the previous work, there are numerous endian-related hacks
in int_helper.c that can now be replaced with Vsr* macros.

There are also a few places where the VECTOR_FOR_INORDER_I macro can be
replaced with a normal iterator since the processing order is irrelevant.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

target/ppc: remove ROTRu32 and ROTRu64 macros from int_helper.c

Richard points out that these macros suffer from a -fsanitize=shift bug in that
they improperly handle n == 0 turning it into a shift by 32/64 respectively.
Replace them with QEMU's existing ror32() and ror64() functions instead.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

target/ppc: simplify VEXT_SIGNED macro in int_helper.c

As pointed out by Richard: it does not need the mask argument, nor does it need
the recast argument. The masking is implied by the cast argument, and the
recast is implied by the assignment.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

target/ppc: eliminate use of EL_IDX macros from int_helper.c

These macros can be eliminated by instead using the relavant Vsr* macros in
the few locations where they appear.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

target/ppc: eliminate use of HI_IDX and LO_IDX macros from int_helper.c

The original purpose of these macros was to correctly reference the high and low
parts of the VSRs regardless of the host endianness.

Replace these direct references to high and low parts with the relevant VsrD
macro instead, and completely remove the now-unused HI_IDX and LO_IDX macros.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

target/ppc: rework vmul{e,o}{s,u}{b,h,w} instructions to use Vsr* macros

The current implementations make use of the endian-specific macros HI_IDX and
LO_IDX directly to calculate array offsets.

Rework the implementation to use the Vsr* macros so that these per-endian
references can be removed.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

target/ppc: rework vmrg{l,h}{b,h,w} instructions to use Vsr* macros

The current implementations make use of the endian-specific macros MRGLO/MRGHI
and also reference HI_IDX and LO_IDX directly to calculate array offsets.

Rework the implementation to use the Vsr* macros so that these per-endian
references can be removed.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

hw/ppc/spapr: Add support for "-vga cirrus"

The cirrus VGA card has been enabled in the PPC builds with
commit 29f9cef39eb1ae55e82c ("ppc: Include vga cirrus card into
the compiling process") last year. It also works on the pseries
machine, even SLOF contains support for this card, so we can
also support this for the "-vga" parameter here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

QemuMacDrivers: update qemu_vga.ndrv to 90c488d built from submodule

This update to qemu_vga.ndrv includes the following changes:

- Build guest resolution list from QEMU EDID data if enabled
- Fixes to re-enable 256 color mode

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

MAINTAINERS: add myself as maintainer for Mac Old World and New World machines

I've unofficially been doing most of the work on the Mac machines for a while
now, so update MAINTAINERS to reflect this. David is still happy to be listed
as a reviewer as per our discussion at KVM forum.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

spapr: Drop unused parameters from fdt building helper

spapr_load_rtas() handles now RTAS address and size information in the FDT
so drop them from spapr_build_fdt().

While we are here, fix a small typo.

Fixes: 3f5dabceba24 "pseries: Consolidate construction of /rtas device tree node"
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

MAINTAINERS: Merge the two e500 sections

There is currently a "e500" machine section and a "ppce500" device
section in the maintainers file - with some oddities: The wildcard
in the device section also covers the files from the machine section.
And hw/pci-host/ppce500.c is in the device section, while its header
is in the machine section.
This is really quite confusing, and I don't see a reason why we really
need two sections here, so let's simply merge them.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

MAINTAINERS: XIVE is an interrupt controller, not a machine

The "XIVE" section is currently listed in the "PowerPC Machines"
section, which is weird, since this is an interrupt controller
device. Move it to the "Devices" section instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

hw/ppc: Move ppc40x_*reset() functions from ppc405_uc.c to ppc.c

Currently, it is not possible to build a QEMU binary without the
ppc405_uc.c file, even if you do not want to have the embedded machines
in the binary. This is bad since it's quite a bit of code and this code
pulls in some more dependencies (e.g. via the usage of serial_mm_init())
which would not be needed otherwise - especially with the upcoming
Kconfig-style configuration system for QEMU.

The only functions from this file which are really always required for
linking are the ppc40x_*reset() functions, so move these functions to
ppc.c, close to the ppc40x_set_irq() function that calls them. Now we
can flag ppc405_uc.c and ppc4xx_devs.c with the CONFIG_PPC4XX config
switch, too.

And while we're at it, replace the printf()s in these ppc40x_*reset()
functions with proper calls to qemu_log_mask().

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

ppc: remove the interrupt presenters from under PowerPCCPU

These fields have now been replaced by equivalents under the machine
data.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

target/ppc: implement complete set of Vsr* macros

This prepares us for eliminating the use of direct array access within the VMX
instruction implementations.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

spapr: move the interrupt presenters under machine_data

Next step is to remove them from under the PowerPCCPU

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

ppc/pnv: introduce a CPU machine_data

Include the interrupt presenter under the machine_data as we plan to
remove it from under PowerPCCPU

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

xive: add a get_tctx() method to the XiveRouter

It provides a mean to retrieve the XiveTCTX of a CPU. This will become
necessary with future changes which move the interrupt presenter
object pointers under the PowerPCCPU machine_data.

The PowerNV machine has an extra requirement on TIMA accesses that
this new method addresses. The machine can perform indirect loads and
stores on the TIMA on behalf of another CPU. The PIR being defined in
the controller registers, we need a way to peek in the controller
model to find the PIR value.

The XiveTCTX is moved above the XiveRouter definition to avoid forward
typedef declarations.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

spapr/pci: Fix primary bus number for PCI bridges

While looking at the s390x implementation, looks like spapr has a
similar BUG when building the topology.

The primary bus number corresponds always to the bus number of the
bus the bridge is attached to.

Right now, if we have two bridges attached to the same bus (e.g. root
bus) this is however not the case. The first bridge will have primary
bus 0, the second bridge primary bus 1, which is wrong. Fix the assignment.

While at it, drop setting the PCI_SUBORDINATE_BUS temporarily to 0xff.
Setting it temporarily to that value (as discussed e.g. in [1]), is
only relevant for a running system that probes the buses. The value is
effectively unused for us just doing a DFS.

[1] http://www.science.unitn.it/~fiorella/guidelinux/tlk/node76.html

Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

spapr: Forbid setting ic-mode for old machine types

Machine types 3.0 and older only know about the legacy XICS backend.
Make it clear by erroring out if the user tries to set ic-mode on
such machines.

Signed-off-by: Greg Kurz <groug@kaod.org>
Tested-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

hw/ppc/spapr: Encode the SCSI channel (bus) in the SRP LUNs

In hw/scsi/spapr_vio.c we declare that the controller supports multiple
buses by specifying "max_channel = 7" there. So in the code that fixes
up the device tree nodes, we must encode the channel number (a.k.a. bus
number in the "Logical unit addressing format" table of SAM5) into the
64-bit LUN, too.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1663160
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

spapr/vio: remove the "irq" property"

commit efe2add7cb7f ("spapr/vio: deprecate the "irq" property") was
merged in QEMU version 3.0. The "irq" property" can be removed for
QEMU version 4.0.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

ppc440: Avoid reporting error when reading non-existent RAM slot

When reading base register of RAM slot with no RAM we should not try
to calculate register value because that will result printing an error
due to invalid RAM size. Just return 0 without the error in this case.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

target/ppc/kvm: Drop useless include directive

It has been there since the enablement of PR KVM for PAPR, ie, commit
f61b4bedaf35 in 2011. Not sure why at that time, but it is definitely
not needed with the current code.

Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

ppc/xive: fix remaining XiveFabric names

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

sam460ex: Fix support for memory larger than 1GB

Fix the encoding of larger memory modules in the SoC registers which
allows specifying more than 1GB memory for sam460ex. Well, only 2GB
due to SoC and firmware restrictions which was the only missing value
compared to what the real hardware supports. The SoC should support up
to 4GB but when setting that the firmware hangs during memory test.
This may be an overflow bug in the firmware which I did not try to
debug but this may affect real hardware as well.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

ppc4xx: Pass array index to function instead of pointer into the array

The sdram_set_bcr() function in ppc440_uc.c takes a pointer into an
array then calculates its index from that. It's simpler and easier to
just pass the index which simplifies both the function and its callers.
Do similar cleanup in ppc4xx_devs.c to similar function.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

ppc4xx: Rename ppc4xx_sdram_t in ppc440_uc.c to ppc440_sdram_t

There's already a struct with the same name in ppc4xx_devs.c. They are
not used outside their files so don't clash but they are also not
identical so rename the ppc440 specific one to distinguish them.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

ppc4xx: Use ram_addr_t in ppc4xx_sdram_adjust()

To avoid overflow if larger values are added later use ram_addr_t for
the sdram_bank_sizes parameter to match ram_size to which it is compared.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

sam460ex: Clean up SPD EEPROM creation

Get rid of code from MIPS Malta board used to create SPD EEPROM data
(parts of which was not even needed for sam460ex) and use the generic
spd_data_generate() function to simplify this.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

smbus: Add a helper to generate SPD EEPROM data

There are several boards with SPD EEPROMs that are now using
duplicated or slightly different hard coded data. Add a helper to
generate SPD data for a memory module of given type and size that
could be used by these boards (either as is or with further changes if
needed) which should help cleaning this up and avoid further duplication.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

pseries: Update SLOF firmware image

This includes spapr-vio and usb-storage fixes, phandles fix for NVLink2
pass through support and other compile improvements.

The full list of changes is:
  * vio-vscsi: Support multiple channels / buses
  * board-qemu/slof/vio-vscsi: Scan up to 64 SCSI IDs
  * usb/storage: Implement block write support
  * usb/storage: Invert the logic of the IF-statements
  * fdt: Fix phandles for NVLink/NVLink2
  * fdt: Factor out code to replace a phandle in place
  * pci: use appropriate base class ids
  * Makefile: Set a proper DRIVER_NAME when building from a git tree
  * romfs/tools: Silence more compiler warnings with GCC 8.1
  * romfs/tools: Silence GCC 8.1 compiler warning with FLASHFS_MAGIC
  * romfs/tools: Remove superfluous union around the rom header struct
  * make.rules: Compile SLOF with -fno-asynchronous-unwind-tables

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- vmdk: Support for blockdev-create
- block: Apply auto-read-only for ro-whitelist drivers
- virtio-scsi: Fixes related to attaching/detaching iothreads
- scsi-disk: Fixed erroneously detected multipath setup with multiple
  disks created with node-names. Added device_id property.
- block: Fix hangs in synchronous APIs with iothreads
- block: Fix invalidate_cache error path for parent activation
- block-backend, mirror, qcow2, vpc, vdi, qemu-iotests:
  Minor fixes and code improvements

# gpg: Signature made Fri 01 Feb 2019 15:23:10 GMT
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream: (27 commits)
  scsi-disk: Add device_id property
  scsi-disk: Don't use empty string as device id
  qtest.py: Wait for the result of qtest commands
  block: Fix invalidate_cache error path for parent activation
  iotests/236: fix transaction kwarg order
  iotests: Filter second BLOCK_JOB_ERROR from 229
  virtio-scsi: Forbid devices with different iothreads sharing a blockdev
  scsi-disk: Acquire the AioContext in scsi_*_realize()
  virtio-scsi: Move BlockBackend back to the main AioContext on unplug
  block: Eliminate the S_1KiB, S_2KiB, ... macros
  block: Remove blk_attach_dev_legacy() / legacy_dev code
  block: Apply auto-read-only for ro-whitelist drivers
  uuid: Make qemu_uuid_bswap() take and return a QemuUUID
  block/vdi: Don't take address of fields in packed structs
  block/vpc: Don't take address of fields in packed structs
  vmdk: Reject excess extents in blockdev-create
  iotests: Add VMDK tests for blockdev-create
  iotests: Filter cid numbers in VMDK extent info
  vmdk: Implement .bdrv_co_create callback
  vmdk: Refactor vmdk_create_extent
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190201' into staging

target-arm queue:
* New machine mps2-an521 -- this is a model of the AN521 FPGA image for the MPS2 devboard
* Fix various places where we failed to UNDEF invalid A64 instructions
* Don't UNDEF a valid FCMLA on 32-bit inputs
* Fix some bugs in the newly-added PAuth implementation
* microbit: Implement NVMC non-volatile memory controller

# gpg: Signature made Fri 01 Feb 2019 16:06:03 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20190201: (47 commits)
  tests/microbit-test: Add tests for nRF51 NVMC
  arm: Instantiate NRF51 special NVM's and NVMC
  hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories
  target/arm: fix decoding of B{,L}RA{A,B}
  target/arm: fix AArch64 virtual address space size
  linux-user: Initialize aarch64 pac keys
  aarch64-linux-user: Enable HWCAP bits for PAuth
  aarch64-linux-user: Update HWCAP bits from linux 5.0-rc1
  target/arm: Always enable pac keys for user-only
  arm: Clarify the logic of set_pc()
  target/arm: Enable API, APK bits in SCR, HCR
  target/arm: Add a timer to predict PMU counter overflow
  target/arm: Send interrupts on PMU counter overflow
  target/arm/translate-a64: Fix mishandling of size in FCMLA decode
  target/arm/translate-a64: Fix FCMLA decoding error
  exec.c: Don't reallocate IOMMUNotifiers that are in use
  target/arm/translate-a64: Don't underdecode SDOT and UDOT
  target/arm/translate-a64: Don't underdecode FP insns
  target/arm/translate-a64: Don't underdecode add/sub extended register
  target/arm/translate-a64: Don't underdecode SIMD ld/st single
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tests/microbit-test: Add tests for nRF51 NVMC

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190201023357.22596-4-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

arm: Instantiate NRF51 special NVM's and NVMC

Instantiates UICR, FICR, FLASH and NVMC in nRF51 SOC.

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190201023357.22596-3-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories

The nRF51 contains three regions of non-volatile memory (NVM):
- CODE (R/W): contains code
- FICR (R): Factory information like code size, chip id etc.
- UICR (R/W): Changeable configuration data. Lock bits, Code
  protection configuration, Bootloader address, Nordic SoftRadio
  configuration, Firmware configuration.

Read and write access to the memories is managed by the
Non-volatile memory controller.

Memory schema:
[ CPU ] -+- [ NVM, either FICR, UICR or CODE ]
          |      |
          \- [ NVMC ]

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190201023357.22596-2-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: fix decoding of B{,L}RA{A,B}

A flawed test lead to the instructions always being treated as
unallocated encodings.

Fixes: https://bugs.launchpad.net/bugs/1813460
Signed-off-by: Remi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: fix AArch64 virtual address space size

Since QEMU does not support the ARMv8.2-LVA, Large Virtual Address,
extension (yet), the VA address space is 48-bits plus a sign bit. User
mode can only handle the positive half of the address space, so that
makes a limit of 48 bits.

(With LVA, it would be 53 and 52 bits respectively.)

The incorrectly large address space conflicts with PAuth instructions,
which use bits 48-54 and 56-63 for the pointer authentication code. This
also conflicts with (as yet unsupported by QEMU) data tagging and with
the ARMv8.5-MTE extension.

Signed-off-by: Remi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

linux-user: Initialize aarch64 pac keys

Initialize the keys to a non-zero value on process start.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

aarch64-linux-user: Enable HWCAP bits for PAuth

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

aarch64-linux-user: Update HWCAP bits from linux 5.0-rc1

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Always enable pac keys for user-only

Drop the pac properties. This approach cannot work as written
because the properties are applied before arm_cpu_reset, which
zeros SCTLR_EL1 (amongst everything else).

We can re-introduce the properties if they turn out to be useful.
But since linux 5.0 enables all of the keys, they may not be.

Fixes: 1ae9cfbd470
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

arm: Clarify the logic of set_pc()

Until now, the set_pc logic was unclear, which raised questions about
whether it should be used directly, applying a value to PC or adding
additional checks, for example, set the Thumb bit in Arm cpu. Let's set
the set_pc logic for “Configure the PC, as was done in the ELF file”
and implement synchronize_with_tb hook for preserving PC to cpu_tb_exec.

Signed-off-by: Julia Suvorova <jusual@mail.ru>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190129121817.7109-1-jusual@mail.ru
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Enable API, APK bits in SCR, HCR

These bits become writable with the ARMv8.3-PAuth extension.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190129143511.12311-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Add a timer to predict PMU counter overflow

Make PMU overflow interrupts more accurate by using a timer to predict
when they will overflow rather than waiting for an event to occur which
allows us to otherwise check them.

Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190124162401.5111-3-aaron@os.amperecomputing.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Send interrupts on PMU counter overflow

Whenever we notice that a counter overflow has occurred, send an
interrupt. This is made more reliable with the addition of a timer in a
follow-on commit.

Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190124162401.5111-2-aaron@os.amperecomputing.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm/translate-a64: Fix mishandling of size in FCMLA decode

In disas_simd_indexed(), for the case of "complex fp", each indexable
element is a complex pair, so the total size is twice that indicated
in the 'size' field in the encoding. We were trying to do this
"double the size" operation with a left shift by 1, but this is
incorrect because the 'size' field is a MO_8/MO_16/MO_32/MO_64
value, and doubling the size should be done by a simple increment.

This meant we were mishandling FCMLA (by element) of values where
the real and imaginary parts are 32-bit floats, and would incorrectly
UNDEF this encoding. (No other insns take this code path, and for
16-bit floats it happens that 1 << 1 and 1 + 1 are both the same).

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190129140411.682-3-peter.maydell@linaro.org

target/arm/translate-a64: Fix FCMLA decoding error

The FCMLA (by element) instruction exists in the
"vector x indexed element" encoding group, but not in
the "scalar x indexed element" group. Correctly UNDEF
the unallocated encodings.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190129140411.682-2-peter.maydell@linaro.org

exec.c: Don't reallocate IOMMUNotifiers that are in use

The tcg_register_iommu_notifier() code has a GArray of
TCGIOMMUNotifier structs which it has registered by passing
memory_region_register_iommu_notifier() a pointer to the embedded
IOMMUNotifier field. Unfortunately, if we need to enlarge the
array via g_array_set_size() this can cause a realloc(), which
invalidates the pointer that memory_region_register_iommu_notifier()
put into the MemoryRegion's iommu_notify list. This can result
in segfaults.

Switch the GArray to holding pointers to the TCGIOMMUNotifier
structs, so that we can individually allocate and free them.

Cc: qemu-stable@nongnu.org
Fixes: 1f871c5e6b0f30644a60a ("exec.c: Handle IOMMUs in address_space_translate_for_iotlb()")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190128174241.5860-1-peter.maydell@linaro.org

target/arm/translate-a64: Don't underdecode SDOT and UDOT

In the AdvSIMD scalar x indexed element and vector x indexed element
encoding group, the SDOT and UDOT instructions are vector only,
and their opcode is unallocated in the scalar group. Correctly
UNDEF this unallocated encoding.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190125182626.9221-8-peter.maydell@linaro.org

target/arm/translate-a64: Don't underdecode FP insns

In the encoding groups
* floating-point data-processing (1 source)
* floating-point data-processing (2 source)
* floating-point data-processing (3 source)
* floating-point immediate
* floating-point compare
* floating-ponit conditional compare
* floating-point conditional select

bit 31 is M and bit 29 is S (and bit 30 is 0, already checked at
this point in the decode). None of these groups allocate any
encoding for M=1 or S=1. We checked this in disas_fp_compare(),
disas_fp_ccomp() and disas_fp_csel(), but missed it in disas_fp_1src(),
disas_fp_2src(), disas_fp_3src() and disas_fp_imm().

We also missed that in the fp immediate encoding the imm5 field
must be all zeroes.

Correctly UNDEF the unallocated encodings here.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190125182626.9221-7-peter.maydell@linaro.org