git.osdn.net Git - qmiga/qemu.git/log

xen-hvm: increase maxmem before calling xc_domain_populate_physmap

Increase maxmem before calling xc_domain_populate_physmap_exact to
avoid the risk of running out of guest memory. This way we can also
avoid complex memory calculations in libxl at domain construction
time.

This patch fixes an abort() when assigning more than 4 NICs to a VM.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Don Slutz <dslutz@verizon.com>

xen-pt: Fix PCI devices re-attach failed

Use the 'xl pci-attach $DomU $BDF' command to attach more than
one PCI devices to the guest, then detach the devices with
'xl pci-detach $DomU $BDF', after that, re-attach these PCI
devices again, an error message will be reported like following:

    libxl: error: libxl_qmp.c:287:qmp_handle_error_response: receive
    an error message from QMP server: Duplicate ID 'pci-pt-03_10.1'
    for device.

If using the 'address_space_memory' as the parameter of
'memory_listener_register', 'xen_pt_region_del' will not be called
if the memory region's name is not 'xen-pci-pt-*' when the devices
is detached. This will cause the device's related QemuOpts object
not be released properly.

Using the device's address space can avoid such issue, because the
calling count of 'xen_pt_region_add' when attaching and the calling
count of 'xen_pt_region_del' when detaching is the same, so all the
memory region ref and unref by the 'xen_pt_region_add' and
'xen_pt_region_del' can be released properly.

Signed-off-by: Liang Li <liang.z.li@intel.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reported-by: Longtao Pang <longtaox.pang@intel.com>

Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging

# gpg: Signature made Mon 12 Jan 2015 10:27:41 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/net-pull-request:
  hw/net/xen_nic.c: Set 'netdev->mac' to NULL after free it
  hw/net/xen_nic.c: Need free 'netdev->nic' in net_free() instead of net_disconnect()
  hw/net/xen_nic.c: Free 'netdev->txs' when map 'netdev->rxs' fails
  net: remove all cleanup methods from NIC NetClientInfos

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/net/xen_nic.c: Set 'netdev->mac' to NULL after free it

Since net_init() checks whether 'netdev->mac' is NULL, before alloc it;
net_release() also need set 'netdev->mac' to NULL after free it.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

hw/net/xen_nic.c: Need free 'netdev->nic' in net_free() instead of net_disconnect()

net_init() and net_free() are pairs, net_connect() and net_disconnect()
are pairs. net_init() creates 'netdev->nic', so also need free it in
net_free().

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

hw/net/xen_nic.c: Free 'netdev->txs' when map 'netdev->rxs' fails

When map 'netdev->rxs' fails, need free the original resource, or will
cause resource leak.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

net: remove all cleanup methods from NIC NetClientInfos

All NICs have a cleanup function that, in most cases, zeroes the pointer
to the NICState. In some cases, it frees data belonging to the NIC.

However, this function is never called except when exiting from QEMU.
It is not necessary to NULL pointers and free data here; the right place
to do that would be in the device's unrealize function, after calling
qemu_del_nic. Zeroing the NIC multiple times is also wrong for multiqueue
devices.

This cleanup function gets in the way of making the NetClientStates for
the NIC hold an object_ref reference to the object, so get rid of it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20150112-v3' into staging

s390x patches for 2.3.

Highlight is support for PCI devices on s390x. Otherwise, performance
improvements (register sync) and small cleanups.

# gpg: Signature made Mon 12 Jan 2015 09:49:31 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"

* remotes/cohuck/tags/s390x-20150112-v3:
  kvm: extend kvm_irqchip_add_msi_route to work on s390
  s390: implement pci instructions
  s390: Add PCI bus support
  s390x/kvm: avoid syscalls by syncing registers with kvm_run
  s390x/kvm: sync register support helper function
  s390x/css: Clean up unnecessary CONFIG_USER_ONLY wrappers
  s390x/ccw: fix oddity in machine class init

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

kvm: extend kvm_irqchip_add_msi_route to work on s390

on s390 MSI-X irqs are presented as thin or adapter interrupts
for this we have to reorganize the routing entry to contain
valid information for the adapter interrupt code on s390.
To minimize impact on existing code we introduce an architecture
function to fixup the routing entry.

Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>

s390: implement pci instructions

This patch implements the s390 pci instructions in qemu. It allows
to access and drive pci devices attached to the s390 pci bus.
Because of platform constrains devices using IO BARs are not
supported. Also a device has to support MSI/MSI-X to run on s390.

Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>

s390: Add PCI bus support

This patch implements a pci bus for s390x together with infrastructure
to generate and handle hotplug events, to configure/unconfigure via
sclp instruction, to do iommu translations and provide s390 support for
MSI/MSI-X notification processing.

Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>

s390x/kvm: avoid syscalls by syncing registers with kvm_run

We can avoid loads of syscalls when dropping to user space by storing the values
of more registers directly within kvm_run.

Support is added for:
- ARCH0: CPU timer, clock comparator, TOD programmable register,
guest breaking-event register, program parameter
- PFAULT: pfault parameters (token, select, compare)

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>

s390x/kvm: sync register support helper function

Let's unify the code to sync registers by moving the checks into a helper
function can_sync_regs().

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>

s390x/css: Clean up unnecessary CONFIG_USER_ONLY wrappers

The css functions are only used from ioinst.c and other files that are
only built for CONFIG_SOFTMMU. So we do not need the dummy wrappers for
the CONFIG_USER_ONLY target in the cpu.h header.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Jason J. Herne <jjherne@us.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>

s390x/ccw: fix oddity in machine class init

ccw_machine_class_init() uses ',' instead of ';' while initializing
the class' fields. This is almost certainly a copy/paste error and,
while legal C, rather on the unusual side. Just use ';' everywhere.

Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150109.0' into staging

VFIO fixes:
- Fix 32bit overflow in handling large PCI BARs (Alex Williamson)
- Fix interrupt shutdown ordering (Alex Williamson)

# gpg: Signature made Fri 09 Jan 2015 16:23:42 GMT using RSA key ID 3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"

* remotes/awilliam/tags/vfio-update-20150109.0:
  vfio-pci: Fix interrupt disabling
  vfio-pci: Fix BAR size overflow

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc: resizeable ROM blocks

This makes ROM blocks resizeable.  This infrastructure is required for other
functionality we have queued.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 08 Jan 2015 11:19:24 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  acpi-build: make ROMs RAM blocks resizeable
  memory: API to allocate resizeable RAM MR
  arch_init: support resizing on incoming migration
  exec: qemu_ram_alloc_resizeable, qemu_ram_resize
  exec: split length -> used_length/max_length
  exec: cpu_physical_memory_set/clear_dirty_range
  memory: add memory_region_set_size

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging

Patch queue for ppc - 2015-01-07

New year's release. This time's highlights:

  - E500: More RAM support
  - pseries: New SLOF release
  - Migration fixes
  - Simplify USB spawning logic, removes support for explicit usb=off
  - TCG: Simple untansactional TM emulation

# gpg: Signature made Wed 07 Jan 2015 15:19:37 GMT using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg:                 aka "Alexander Graf <alex@csgraf.de>"

* remotes/agraf/tags/signed-ppc-for-upstream: (37 commits)
  hw/ppc/mac_newworld: simplify usb controller creation logic
  hw/ppc/spapr: simplify usb controller creation logic
  hw/ppc/mac_newworld: QOMified mac99 machines
  hw/usb: simplified usb_enabled
  hw/machine: added machine_usb wrapper
  hw/ppc: modified the condition for usb controllers to be created for some ppc machines
  target-ppc: Cast ssize_t to size_t before printing with %zx
  target-ppc: Mark SR() and gen_sync_exception() as !CONFIG_USER_ONLY
  PPC: e500: Fix GPIO controller interrupt number
  target-ppc: Introduce Privileged TM Noops
  target-ppc: Introduce tcheck
  target-ppc: Introduce TM Noops
  target-ppc: Introduce tbegin
  target-ppc: Introduce TEXASRU Bit Fields
  target-ppc: Power8 Supports Transactional Memory
  target-ppc: Introduce tm_enabled Bit to CPU State
  target-ppc: Introduce Feature Flag for Transactional Memory
  target-ppc: Introduce Instruction Type for Transactional Memory
  pseries: Update SLOF firmware image to 20141202
  PPC: Fix crash on spapr_tce_table_finalize()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20150105' into staging

seccomp branch queue

# gpg: Signature made Mon 05 Jan 2015 17:17:01 GMT using RSA key ID 12F8BD2F
# gpg: Can't check signature: public key not found

* remotes/otubo/tags/pull-seccomp-20150105:
seccomp: add mbind() to the syscall whitelist
seccomp: typo in configure error message

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/amit-virtio-rng/tags/rng-for-2.3' into staging

Fixes an init-time check for parameter validity

# gpg: Signature made Mon 05 Jan 2015 08:34:05 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit-virtio-rng/tags/rng-for-2.3:
  virtio-rng: fix check for period_ms validity

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/amit/tags/for-2.3' into staging

Migration fix for virtio-serial devices on bi-endian targets by David
Gibson.

# gpg: Signature made Mon 05 Jan 2015 07:26:07 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit/tags/for-2.3:
  virtio-serial: Don't keep a persistent copy of config space
  virtio_serial: Don't use vser->config.max_nr_ports internally

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

More migration fixes and more record/replay preparations.  Also moves
the sdhci-pci device id to make space for the rocker device.

# gpg: Signature made Sat 03 Jan 2015 08:22:36 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  pci: move REDHAT_SDHCI device ID to make room for Rocker
  block/iscsi: fix uninitialized variable
  pckbd: set bits 2-3-6-7 of the output port by default
  serial: refine serial_thr_ipending_needed
  gen-icount: check cflags instead of use_icount global
  translate: check cflags instead of use_icount global
  cpu-exec: add a new CF_USE_ICOUNT cflag
  target-ppc: pass DisasContext to SPR generator functions
  atomic: fix position of volatile qualifier

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

vfio-pci: Fix interrupt disabling

When disabling MSI/X interrupts the disable functions will leave the
device in INTx mode (when available).  This matches how hardware
operates, INTx is enabled unless MSI/X is enabled (DisINTx is handled
separately).  Therefore when we really want to disable all interrupts,
such as when removing the device, and we start with the device in
MSI/X mode, we need to pass through INTx on our way to being
completely quiesced.

In well behaved situations, the guest driver will have shutdown the
device and it will start vfio_exitfn() in INTx mode, producing the
desired result.  If hot-unplug causes the guest to crash, we may get
the device in MSI/X state, which will leave QEMU with a bogus handler
installed.

Fix this by re-ordering our disable routine so that it should always
finish in VFIO_INT_NONE state, which is what all callers expect.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

vfio-pci: Fix BAR size overflow

We use an unsigned int when working with the PCI BAR size, which can
obviously overflow if the BAR is 4GB or larger.  This needs to change
to a fixed length uint64_t.  A similar issue is possible, though even
more unlikely, when mapping the region above an MSI-X table.  The
start of the MSI-X vector table must be below 4GB, but the end, and
therefore the start of the next mapping region, could still land at
4GB.

Suggested-by: Nishank Trivedi <nishank.trivedi@netapp.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Don Slutz <dslutz@verizon.com>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>

Merge remote-tracking branch 'remotes/mwalle/tags/lm32-fixes/20141229' into staging

lm32: milkymist fixes and MAINTAINER update

# gpg: Signature made Tue 30 Dec 2014 16:54:15 GMT using DSA key ID 3F98A378
# gpg: Can't check signature: public key not found

* remotes/mwalle/tags/lm32-fixes/20141229:
MAINTAINERS: add myself to lm32 and milkymist
milkymist: softmmu: fix event handling

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/ppc/mac_newworld: simplify usb controller creation logic

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-7-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/ppc/spapr: simplify usb controller creation logic

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-6-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/ppc/mac_newworld: QOMified mac99 machines

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-5-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/usb: simplified usb_enabled

The argument is not longer used and the implementation
uses now QOM instead of QemuOpts.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-4-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/machine: added machine_usb wrapper

Following QOM convention, object properties should
not be accessed directly.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-3-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/ppc: modified the condition for usb controllers to be created for some ppc machines

Some ppc machines create a default usb controller based on a 'machine condition'.
Until now the logic was: create the usb controller if:
-  the usb option was supplied in cli and value is true or
-  the usb option was absent and both set_defaults and the machine
    condition were true.

Modified the logic to:
Create the usb controller if:
- the machine condition is true and defaults are enabled or
- the usb option is supplied and true.

The main for this is to simplify the usb_enabled method.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-2-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

acpi-build: make ROMs RAM blocks resizeable

Use resizeable ram API so we can painlessly extend ROMs in the
future. Note: migration is not affected, as we are
not actually changing the used length for RAM, which
is the part that's migrated.

Use this in acpi: reserve x16 more RAM space.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

memory: API to allocate resizeable RAM MR

Add API to allocate resizeable RAM MR.

This looks just like regular RAM generally, but
has a special property that only a portion of it
(used_length) is actually used, and migrated.

This used_length size can change across reboots.

Follow up patches will change used_length for such blocks at migration,
making it easier to extend devices using such RAM (notably ACPI,
but in the future thinkably other ROMs) without breaking migration
compatibility or wasting ROM (guest) memory.

Device is notified on resize, so it can adjust if necessary.

Note: nothing prevents making all RAM resizeable in this way.
However, reviewers felt that only enabling this selectively will
make some class of errors easier to detect.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

arch_init: support resizing on incoming migration

If block used_length does not match, try to resize it.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

exec: qemu_ram_alloc_resizeable, qemu_ram_resize

Add API to allocate "resizeable" RAM.
This looks just like regular RAM generally, but
has a special property that only a portion of it
(used_length) is actually used, and migrated.

This used_length size can change across reboots.

Follow up patches will change used_length for such blocks at migration,
making it easier to extend devices using such RAM (notably ACPI,
but in the future thinkably other ROMs) without breaking migration
compatibility or wasting ROM (guest) memory.

Device is notified on resize, so it can adjust if necessary.

qemu_ram_alloc_resizeable allocates this memory, qemu_ram_resize resizes
it.

Note: nothing prevents making all RAM resizeable in this way.
However, reviewers felt that only enabling this selectively will
make some class of errors easier to detect.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

exec: split length -> used_length/max_length

This patch allows us to distinguish between two
length values for each block:
max_length - length of memory block that was allocated
used_length - length of block used by QEMU/guest

Currently, we set used_length - max_length, unconditionally.
Follow-up patches allow used_length <= max_length.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

exec: cpu_physical_memory_set/clear_dirty_range

Make cpu_physical_memory_set/clear_dirty_range
behave symmetrically.

To clear range for a given client type only, add
cpu_physical_memory_clear_dirty_range_type.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

memory: add memory_region_set_size

Add API to change MR size.
Will be used internally for RAM resize.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

hw/ppc/mac_newworld: simplify usb controller creation logic

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

hw/ppc/spapr: simplify usb controller creation logic

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

hw/ppc/mac_newworld: QOMified mac99 machines

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

hw/usb: simplified usb_enabled

The argument is not longer used and the implementation
uses now QOM instead of QemuOpts.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

hw/machine: added machine_usb wrapper

Following QOM convention, object properties should
not be accessed directly.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

hw/ppc: modified the condition for usb controllers to be created for some ppc machines

Some ppc machines create a default usb controller based on a 'machine condition'.
Until now the logic was: create the usb controller if:
-  the usb option was supplied in cli and value is true or
-  the usb option was absent and both set_defaults and the machine
    condition were true.

Modified the logic to:
Create the usb controller if:
- the machine condition is true and defaults are enabled or
- the usb option is supplied and true.

The main for this is to simplify the usb_enabled method.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Cast ssize_t to size_t before printing with %zx

The mingw32 compiler complains about trying to print variables of type
ssize_t with the %z format string specifier. Since we're printing it
as unsigned hex anyway, cast to size_t to silence the warning.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Mark SR() and gen_sync_exception() as !CONFIG_USER_ONLY

The functions SR() and gen_sync_exception() are only used in softmmu
configs; wrap them in #ifndef CONFIG_USER_ONLY to suppress clang warnings
on the linux-user builds.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: e500: Fix GPIO controller interrupt number

The GPIO controller lives at IRQ 47, not 43 on real hardware. This is a problem
because IRQ 43 is occupied by the I2C controller which we want to implement
next, so we'd have a conflict on that IRQ number.

Move the GPIO controller to IRQ 47 where it belongs.

Signed-off-by: Amit Singh Tomar <amit.tomar@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Introduce Privileged TM Noops

Add the supervisory Transactional Memory instructions treclaim. and
trechkpt. The implementation is a degenerate one that simply
checks privileged state, TM availability and then sets CR[0] to
0b0000, just like the unprivileged noops.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Introduce tcheck

Add a degenerate implementation of the Transaction Check (tcheck)
instruction. Since transaction always immediately fail, this
implementation simply sets CR[BF] to 0b1000, i.e. TDOOMED = 1
and MSR[TS] == 0.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Introduce TM Noops

Add degenerate implementations of the non-privileged Transactional
Memory instructions tend., tabort*. and tsr. This implementation
simply checks the MSR[TM] bit and then sets CR0 to 0b0000. This
is a reasonable degenerate implementation since transactions are
never allowed to begin and hence MSR[TS] is always 0b00.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Introduce tbegin

Provide a degenerate implementation of the tbegin instruction. This
implementation always fails the transaction, recording the failure
per Book II Section 5.3.2 of the Power ISA V2.07.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Introduce TEXASRU Bit Fields

Define mnemonics for the various bit fields in the Transaction
EXception And Summary Register (TEXASR).
Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Power8 Supports Transactional Memory

The Power8 processor implements the Transactional Memory Facility
as defined in Power ISA 2.07. Update the initialization code to
indicate this.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Introduce tm_enabled Bit to CPU State

Add a bit (tm_enabled) to CPU state that mirrors the MSR[TM] bit.
This is analogous to the other "available" bits in the MSR (FP,
VSX, etc.).

NOTE: Since MSR[TM] occupies big-endian bit 31, the code is wrapped
with a PPC64 bit check.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Introduce Feature Flag for Transactional Memory

Add a flag (POWERPC_FLAG_TM) for the Transactional Memory
Facility introduced in Power ISA 2.07.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Introduce Instruction Type for Transactional Memory

Add a category (PPC2_TM) for the Transactional Memory instructions
introduced in Power ISA 2.07.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

pseries: Update SLOF firmware image to 20141202

The changelog is:
  > version: update to 20141202
  > ipv4: Fix send packet across a subnet
  > pci: scan only type 0 and type 1
  > usb-xhci: support xhci extended capabilities
  > Fix term-io-key to also work when stdin has not been set yet
  > net-snk: llfw startup is using the wrong offset to handler
  > net-snk: Make call_client_interface() a bit more ABI compliant
  > net-snk: Remove custom printf version
  > net-snk: Sanitize our .lds file
  > net-snk: Avoid type clash for stdin & stdout
  > net-snk: use socket descriptor in the network stack
  > net-snk: Remove printk() in favor of printf()
  > net-snk: Remove redundant prototypes
  > net-snk: Remove unused timer functions
  > net-snk: Remove some unused PCI functions
  > net-snk: Remove module system
  > net-snk: Remove insmod/rmmod
  > net-snk: Remove snk_kernel_interface and related definitions
  > net-snk: Remove pci/vio_config gunk
  > js2x: Fix build
  > net-snk: Remoe some now unused "kernel" functions
  > rtas: Improve error handling in instantiate-rtas
  > version: update to 20140827
  > Add private HCALL to inform updated RTAS base and entry
  > xhci: fix port assignment

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Fix crash on spapr_tce_table_finalize()

spapr_tce_table_finalize() can SEGV if the object was not previously
realized. In particular this can be triggered by running
qemu-system-ppc -device spapr-tce-table,?

The basic problem is that we have mismatched initialization versus
finalization: spapr_tce_table_finalize() is attempting to undo things that
are done in spapr_tce_table_realize(), not an instance_init function.

Therefore, replace spapr_tce_table_finalize() with
spapr_tce_table_unrealize().

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>

ppc: do not use get_clock_realtime()

Use the external qemu-timer API instead.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

device-tree: fix memory leak

Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

spapr: Fix stale HTAB during live migration (TCG)

If a TCG guest reboots during a running migration HTAB entries are not
marked dirty, and the destination boots with an invalid HTAB.

When a reboot occurs, explicitly mark the current HTAB dirty after
clearing it.

Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>

spapr: Fix integer overflow during migration (TCG)

The n_valid and n_invalid fields are unsigned short integers but it is
possible to have more than 65535 entries in a contiguous hunk, overflowing
the field. This results in an incorrect HTAB being sent to the destination
during migration.

Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>

spapr: Fix stale HTAB during live migration (KVM)

If a guest reboots during a running migration, changes to the
hash page table are not necessarily updated on the destination.
Opening a new file descriptor to the HTAB forces the migration
handler to resend the entire table.

Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: explicitly save page table headers in big endian

Currently, when the page tables are saved, the kvm_get_htab_header structs
and the ptes are assumed being big endian and dumped as a indistinct blob
in the statefile. This is no longer true when the host is little endian
and this breaks restoration.

This patch unfolds the kvmppc_save_htab routine to write explicitly the
kvm_get_htab_header structs in big endian. The ptes are left untouched.

Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Eliminate set_fprf Argument From helper_compute_fprf

The set_fprf argument to the helper_compute_fprf helper function
is no longer necessary -- the helper is only invoked when FPSCR[FPRF]
is going to be set.

Eliminate the unnecessary argument from the function signature and
its corresponding implementation. Change the return value of the
helper to "void". Update the name of the local variable "ret" to
"fprf", which now makes more sense.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Eliminate set_fprf Argument From gen_compute_fprf

The set_fprf argument to the gen_compute_fprf() utility is no longer
needed -- gen_compute_fprf() is now called only when FPRF is actually
computed and set. Eliminate the obsolete argument.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Fully Migrate to gen_set_cr1_from_fpscr

Eliminate the set_rc argument from the gen_compute_fprf utility and
the corresponding (and incorrect) implementation. Replace it with
calls to the gen_set_cr1_from_fpscr() utility.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: mffs. Should Set CR1 from FPSCR Bits

Update the Move From FPSCR (mffs.) instruction to correctly
set CR[1] from FPSCR[FX,FEX,VX,OX].

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Fix Floating Point Move Instructions That Set CR1

The Floating Point Move instructions (fmr., fabs., fnabs., fneg.,
and fcpsgn.) incorrectly copy FPSCR[FPCC] instead of [FX,FEX,VX,OX].
Furthermore, the current code does this via a call to gen_compute_fprf,
which is awkward since these instructions do not actually set FPRF.

Change the code to use the gen_set_cr1_from_fpscr utility.

Signed-off-by: Tom Musta <tommusta@gmail.com>
[agraf: whitespace fixes]
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: VXSQRT Should Not Be Set for NaNs

The Power ISA square root instructions (fsqrt[s], frsqrte[s]) must
set the FPSCR[VXSQRT] flag when operating on a negative value.
However, NaNs have no sign and therefore this flag should not
be set when operating on one.

Change the order of the checks in the helper code. Move the
SNaN-to-QNaN macro to the top of the file so that it can be
re-used.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

target-ppc: Load/Store Vector Element Storage Alignment

The Load Vector Element Indexed and Store Vector Element Indexed
instructions compute an effective address in the usual manner.
However, they truncate that address to the natural boundary.
For example, the lvewx instruction will ignore the least significant
two bits of the address and thus load the aligned word of storage.

Fix the generators for these instruction to properly perform this
truncation.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: e500 pci host: Add support for ATMUs

The e500 PCI controller has configurable windows that allow a guest OS
to selectively map parts of the PCI bus space to CPU address space and
to selectively map parts of the CPU address space for DMA requests into
PCI visible address ranges.

So far, we've simply assumed that this mapping is 1:1 and ignored it.

However, the PCICSRBAR (CCSR mapped in PCI bus space) always has to live
inside the first 32bits of address space. This means if we always treat
all mappings as 1:1, this map will collide with our RAM map from the CPU's
point of view.

So this patch adds proper ATMU support which allows us to keep the PCICSRBAR
below 32bits local to the PCI bus and have another, different window to PCI
BARs at the upper end of address space. We leverage this on e500plat though,
mpc8544ds stays virtually 1:1 like it was before, but now also goes via ATMU.

With this patch, I can run guests with lots of RAM and not coincidently access
MSI-X mappings while I really want to access RAM.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: mpc8554ds: Tell user about exceeding RAM limits

The mpc8544ds board only supports up to 3GB of RAM due to its limited
address space.

When the user requests more, abort and tell him that he should use less.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: e500: Move CCSR and MMIO space to upper end of address space

On e500 we're basically guaranteed to have 36bits of physical address space
available for our enjoyment. Older chips (like the mpc8544) only had 32bits,
but everything from e500v2 onwards bumped it up.

It's reasonably safe to assume that if you're using the PV machine, your guest
kernel is configured to support 36bit physical address space. So in order to
support more guest RAM, we can move CCSR and other MMIO windows right below the
end of our 36bit address space, just like later SoC versions of e500 do.

With this patch, I'm able to successfully spawn an e500 VM with -m 48G.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: e500: Move CCSR definition to params

We want to have different MMIO region offsets for the mpc8544ds machine
and our e500 PV machine, so move the definitions of those into the machine
specific params struct.

Signed-off-by: Alexander Graf <agraf@suse.de>

seccomp: add mbind() to the syscall whitelist

The "memory-backend-ram" QOM object utilizes the mbind(2) syscall to
set the policy for a memory range. Add the syscall to the seccomp
sandbox whitelist.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Tested-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

seccomp: typo in configure error message

Error message was misleading people to install wrong version of
libseccomp.

Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>

virtio-rng: fix check for period_ms validity

This was reported for this warning:

hw/virtio/virtio-rng.c:150:31: warning: logical not is only applied to
the left hand side of comparison [-Wlogical-not-parentheses]

Reported-by: dcb
Suggested-by: dcb
Bug: https://bugs.launchpad.net/qemu/+bug/1393486
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

virtio-serial: Don't keep a persistent copy of config space

The 'config' field in the VirtIOSerial structure keeps a copy of the virtio
console's config space as visible to the guest, that is to say, in guest
endianness. This is fiddly to maintain, because on some targets, such as
powerpc, the "guest endianness" can change when a new guest OS boots.

In fact, there's no need to maintain such a guest view of config space -
instead we can reconstruct it from host-format data when it is accessed
with get_config.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

virtio_serial: Don't use vser->config.max_nr_ports internally

A number of places in the virtio_serial driver retrieve the number of ports
from vser->config.max_nr_ports, which is guest-endian. But for internal
users, we already have a host-endian copy of the number of ports in
vser->serial.max_virtserial_ports. Using that instead of the config field
removes the need for easy-to-forget byteswapping.

In particular this fixes a bug on incoming migration, where we don't adjust
the endianness vser->config correctly, because it hasn't yet been loaded
from the migration stream when virtio_serial_load_device() is called.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>

pci: move REDHAT_SDHCI device ID to make room for Rocker

The rocker device uses same PCI device ID as sdhci. Since rocker device driver
has already been accepted into Linux 3.18, and REDHAT_SDHCI device ID isn't
used by any drivers, it's safe to move REDHAT_SDHCI device ID, avoiding
conflict with rocker.

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

block/iscsi: fix uninitialized variable

'ret' was never initialized in the success path.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

pckbd: set bits 2-3-6-7 of the output port by default

OSes typically write 0xdd/0xdf to turn the A20 line off and on. This
has bits 2-3-6-7 on, so that the output port subsection is migrated.
Change the reset value and migration default to include those four
bits, thus avoiding that the subsection is migrated.

This strictly speaking changes guest ABI, but the long time during which
we have not migrated the value means that the guests really do not care
much; so the change is for all machine types.

Reported-by: Igor Mammedov <imammedo@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

serial: refine serial_thr_ipending_needed

If the THR interrupt is disabled, there is no need to migrate thr_ipending
because LSR.THRE will be sampled again when the interrupt is enabled.
(This is the behavior that is not documented in the datasheet, but
relied on by Windows!)

Note that in this case IIR will never be 0x2 so, if thr_ipending were
to be one, QEMU would produce the subsection.

Reported-by: Igor Mammedov <imammedo@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

gen-icount: check cflags instead of use_icount global

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

translate: check cflags instead of use_icount global

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

MAINTAINERS: add myself to lm32 and milkymist

Add myself to lm32 and milkymist files.

Signed-off-by: Michael Walle <michael@walle.cc>

milkymist: softmmu: fix event handling

Keys which send more than one scancode (esp. windows key) weren't handled
correctly since commit 1ff5eedd. Two events were put into the input event
queue but only one was processed. This fixes this by fetching all pending
events in the callback handler.

Signed-off-by: Michael Walle <michael@walle.cc>
Cc: Gerd Hoffmann <kraxel@redhat.com>

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20141223' into staging

target-arm queue:
* enable 32-bit EL3 (TrustZone) for vexpress and virt boards
* add fw_cfg device to virt board for UEFI firmware config
* support passing commandline kernel/initrd to firmware

# gpg: Signature made Tue 23 Dec 2014 13:50:33 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20141223: (31 commits)
  hw/arm/virt: enable passing of EFI-stubbed kernel to guest UEFI firmware
  hw/arm: pass pristine kernel image to guest firmware over fw_cfg
  hw/loader: split out load_image_gzipped_buffer()
  arm: add fw_cfg to "virt" board
  fw_cfg_mem: expose the "data_width" property with fw_cfg_init_mem_wide()
  fw_cfg_mem: introduce the "data_width" property
  exec: allows 8-byte accesses in subpage_ops
  fw_cfg_mem: flip ctl_mem_ops and data_mem_ops to DEVICE_BIG_ENDIAN
  fw_cfg_mem: max access size and region size are the same for data register
  fw_cfg: move boards to fw_cfg_init_io() / fw_cfg_init_mem()
  fw_cfg: hard separation between the MMIO and I/O port mappings
  target-arm: add cpu feature EL3 to CPUs with Security Extensions
  target-arm: Disable EL3 on unsupported machines
  target-arm: Breakout integratorcp and versatilepb cpu init
  target-arm: Set CPU has_el3 prop during virt init
  target-arm: Enable CPU has_el3 prop during VE init
  target-arm: Add arm_boot_info secure_boot control
  target-arm: Add ARMCPU secure property
  target-arm: Add feature unset function
  target-arm: Add virt machine secure property
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20141222.0' into staging

VFIO updates:
- Conversion to tracepoints (Eric Auger)
- Fix memory listener address space (Frank Blaschka)
- Move to hw/vfio/ and split common vs pci (Eric Auger & Kim Phillips)
- Trivial error_report() fixes (Alex Williamson)

In addition to enabling S390 with the address space fix and updating
to use tracepoints rather than compile time debug, this set of patches
moves hw/misc/vfio.c to hw/vfio/ and paves the way for vfio-platform
support by splitting common functionality from PCI specific code.

# gpg: Signature made Mon 22 Dec 2014 20:19:43 GMT using RSA key ID 3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"

* remotes/awilliam/tags/vfio-update-20141222.0:
  vfio: Cleanup error_report()s
  hw/vfio: create common module
  hw/vfio/pci: use name field in format strings
  hw/vfio/pci: rename group_list into vfio_group_list
  hw/vfio/pci: split vfio_get_device
  hw/vfio/pci: Introduce VFIORegion
  hw/vfio/pci: handle reset at VFIODevice
  hw/vfio/pci: add type, name and group fields in VFIODevice
  hw/vfio/pci: introduce minimalist VFIODevice with fd
  hw/vfio/pci: generalize mask/unmask to any IRQ index
  hw/vfio/pci: Rename VFIODevice into VFIOPCIDevice
  vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio
  vfio: fix adding memory listener to the right address space
  vfio: migration to trace points

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

cpu-exec: add a new CF_USE_ICOUNT cflag

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-ppc: pass DisasContext to SPR generator functions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

atomic: fix position of volatile qualifier

What needs to be volatile is not the pointer, but the pointed-to
value!

Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

hw/arm/virt: enable passing of EFI-stubbed kernel to guest UEFI firmware

The virt board already ensures mutual exclusion between -bios and -pflash
unit#0; we only need to set "bootinfo.firmware_loaded", introduced in the
previous patch, if either of those options was used to load the guest
firmware.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-12-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm: pass pristine kernel image to guest firmware over fw_cfg

Introduce the new boolean field "arm_boot_info.firmware_loaded". When this
field is set, it means that the portion of guest DRAM that the VCPU
normally starts to execute, or the pflash chip that the VCPU normally
starts to execute, has been populated by board-specific code with
full-fledged guest firmware code, before the board calls
arm_load_kernel().

Simultaneously, "arm_boot_info.firmware_loaded" guarantees that the board
code has set up the global firmware config instance, for arm_load_kernel()
to find with fw_cfg_find().

Guest kernel (-kernel) and guest firmware (-bios, -pflash) has always been
possible to specify independently on the command line. The following cases
should be considered:

nr  -bios    -pflash  -kernel  description
             unit#0
--  -------  -------  -------  -------------------------------------------
1   present  present  absent   Board code rejects this case, -bios and
    present  present  present  -pflash unit#0 are exclusive. Left intact
                               by this patch.

2   absent   absent   present  Traditional kernel loading, with qemu's
                               minimal board firmware. Left intact by this
                               patch.

3   absent   present  absent   Preexistent case for booting guest firmware
    present  absent   absent   loaded with -bios or -pflash. Left intact
                               by this patch.

4   absent   absent   absent   Preexistent case for not loading any
                               firmware or kernel up-front. Left intact by
                               this patch.

5   present  absent   present  New case introduced by this patch: kernel
    absent   present  present  image is passed to externally loaded
                               firmware in unmodified form, using fw_cfg.

An easy way to see that this patch doesn't interfere with existing cases
is to realize that "info->firmware_loaded" is constant zero at this point.
Which makes the "outer" condition unchanged, and the "inner" condition
(with the fw_cfg-related code) dead.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-11-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/loader: split out load_image_gzipped_buffer()

In the next patch we'd like to reuse the image decompression facility
without installing the output as a ROM at a specific guest-phys address.

In addition, expose LOAD_IMAGE_MAX_GUNZIP_BYTES, because that's a
straightforward "max_sz" argument for the new load_image_gzipped_buffer().

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-10-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

arm: add fw_cfg to "virt" board

fw_cfg already supports exposure over MMIO (used in ppc/mac_newworld.c,
ppc/mac_oldworld.c, sparc/sun4m.c); we can easily add it to the "virt"
board.

Because MMIO access is slow on ARM KVM, we enable the guest, with
fw_cfg_init_mem_wide(), to transfer up to 8 bytes with a single access.
This has been measured to speed up transfers up to 7.5-fold, relative to
single byte data access, on both ARM KVM and x86_64 TCG.

The MMIO register block of fw_cfg is advertized in the device tree. As
base address we pick 0x09020000, which conforms to the comment preceding
"a15memmap": it falls in the miscellaneous device I/O range 128MB..256MB,
and it is aligned at 64KB. The DTB properties follow the documentation in
the Linux source file "Documentation/devicetree/bindings/arm/fw-cfg.txt".

fw_cfg automatically exports a number of files to the guest; for example,
"bootorder" (see fw_cfg_machine_reset()).

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-9-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

fw_cfg_mem: expose the "data_width" property with fw_cfg_init_mem_wide()

We rebase fw_cfg_init_mem() to the new function for compatibility with
current callers.

The behavior of the (big endian) multi-byte data reads is best shown
with a qtest session.  Here, we are reading the first six bytes of
the UUID

    $ arm-softmmu/qemu-system-arm -M virt -machine accel=qtest \
         -qtest stdio -uuid 4600cb32-38ec-4b2f-8acb-81c6ea54f2d8
>>> writew 0x9020008 0x0200
<<< OK
>>> readl 0x9020000
<<< OK 0x000000004600cb32

Remember this is big endian.  On big endian machines, it is stored
directly as 0x46 0x00 0xcb 0x32.

On a little endian machine, we have to first swap it, so that it becomes
0x32cb0046.  When written to memory, it becomes 0x46 0x00 0xcb 0x32
again.

Reading byte-by-byte works too, of course:

>>> readb 0x9020000
<<< OK 0x0000000000000038
>>> readb 0x9020000
<<< OK 0x00000000000000ec

Here only a single byte is read at a time, so they are read in order
similar to the 1-byte data port that is already in PPC and SPARC
machines.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-8-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

fw_cfg_mem: introduce the "data_width" property

The "data_width" property is capable of changing the maximum valid access
size to the MMIO data register, and resizes the memory region similarly,
at device realization time.

The default value of "data_memwidth" is set so that we don't yet diverge
from "fw_cfg_data_mem_ops".

Most of the fw_cfg_mem users will stick with the default, and for them we
should continue using the statically allocated "fw_cfg_data_mem_ops". This
is beneficial for debugging because gdb can resolve pointers referencing
static objects to the names of those objects.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-7-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

exec: allows 8-byte accesses in subpage_ops

Otherwise fw_cfg accesses are split into 4-byte ones before they reach the
fw_cfg ops / handlers.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-6-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>