Added machvirt parsing of feature keywords added to the -cpu command line
option. Parsing occurs during machine initialization.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1423736974-14254-3-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now that we have a working "generic" PCIe host bridge driver, we can plug
it into ARM's virt machine to always have PCIe available to normal ARM VMs.
I've successfully managed to expose a Bochs VGA device, XHCI and an e1000
into an AArch64 VM with this and they all lived happily ever after.
Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Claudio Fontana <claudio.fontana@huawei.com>
[PMM: Squashed in fix for off-by-one error in bus-range DT property
from Laszlo Ersek <lersek@redhat.com>]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
With simple exposure of MMFG, ioport window, mmio window and an IRQ line we
can successfully create a workable PCIe host bridge that can be mapped anywhere
and only needs to get described to the OS using whatever means it likes.
This patch implements such a "generic" host bridge. It handles 4 legacy IRQ
lines. MSIs need to be handled external to the host bridge.
This device is particularly useful for the "pci-host-ecam-generic" driver in
Linux.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Tested-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
At present, the target is valued boot_tpgt, In addition,
channel and lun both are 0 for bootable vhost-scsi device.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Bo Su <subo7@huawei.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In the way, we can make the bootindex property take effect.
At the meanwhile, the firmware path name of vhost-scsi is
"channel@channel/vhost-scsi@target,lun".
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
commit 6b1566c (qdev: Introduce FWPathProvider interface) did a
good job for supproting to get firmware path on some different
architectures.
Moreover further more, we can use the interface to get firmware
path name for a device which isn't attached a specific bus,
such as virtio-bus, scsi-bus etc.
When the device (such as vhost-scsi) realize the TYPE_FW_PATH_PROVIDER
interface, we should introduce a new function to get the correct firmware
path name for it.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This fixes a compiler error which occurs if DEBUG_VFIO is defined.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
The difference between v1 and v2 is fairly subtle, simply more
deterministic behavior for unmaps. The v1 interface allows the user
to attempt to unmap sub-regions of previous mappings, returning
success with zero size if unable to comply. This was a reflection of
the underlying IOMMU API. The v2 interface requires that the user
may only unmap fully contained mappings, ie. an unmap cannot intersect
or bisect a previous mapping, but may cover multiple mappings. QEMU
never made use of the sub-region v1 support anyway, so we can support
either v1 or v2. We'll favor v2 since it's newer.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
In the case of VFIO, the unrealize callback is too early to munmap the
BARs. The munmap must be delayed until memory accesses are complete.
To do this, split vfio_unmap_bars in two. The removal step, now called
vfio_unregister_bars, remains in vfio_exitfn. The reclamation step
is vfio_unmap_bars and is moved to the instance_finalize callback.
Similarly, quirk MemoryRegions have to be removed during
vfio_unregister_bars, but freeing the data structure must be delayed
to vfio_unmap_bars.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
In order to enable out-of-BQL address space lookup, destruction of
devices needs to be split in two phases.
Unrealize is the first phase; once it complete no new accesses will
be started, but there may still be pending memory accesses can still
be completed.
The second part is freeing the device, which only happens once all memory
accesses are complete. At this point the reference count has dropped to
zero, an RCU grace period must have completed (because the RCU-protected
FlatViews hold a reference to the device via memory_region_ref). This is
when instance_finalize is called.
Freeing data belongs in an instance_finalize callback, because the
dynamically allocated memory can still be used after unrealize by the
pending memory accesses.
This starts the process by creating an instance_finalize callback and
freeing most of the dynamically-allocated data in instance_finalize.
Because instance_finalize is also called on error paths or also when
the device is actually not realized, the common code needs some changes
to be ready for this. The error path in vfio_initfn can be simplified too.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Now that vfio_put_base_device is called unconditionally at instance_finalize
time, it can be called twice if vfio_populate_device fails. This works
but it is slightly harder to follow.
Change vfio_get_device to not touch the vbasedev struct until it will
definitely succeed, moving the vfio_populate_device call back to vfio-pci.
This way, vfio_put_base_device will only be called once.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Warning from the Sparse static analysis tool:
hw/char/virtio-serial-bus.c:31:3:
warning: symbol 'vserdevices' was not declared. Should it be static?
Cc: Amit Shah <amit.shah@redhat.com>
Cc: Anthony Liguori <aliguori@amazon.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Warning from the Sparse static analysis tool:
hw/display/vga.c:2012:26: warning:
symbol 'vmstate_vga_endian' was not declared. Should it be static?
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Warnings from the Sparse static analysis tool:
hw/char/serial.c:630:26: warning: symbol
'vmstate_serial_thr_ipending' was not declared. Should it be static?
hw/char/serial.c:646:26: warning: symbol
'vmstate_serial_tsr' was not declared. Should it be static?
hw/char/serial.c:665:26: warning: symbol
'vmstate_serial_recv_fifo' was not declared. Should it be static?
hw/char/serial.c:681:26: warning: symbol
'vmstate_serial_xmit_fifo' was not declared. Should it be static?
hw/char/serial.c:697:26: warning: symbol
'vmstate_serial_fifo_timeout_timer' was not declared. Should it be static?
hw/char/serial.c:713:26: warning: symbol
'vmstate_serial_timeout_ipending' was not declared. Should it be static?
hw/char/serial.c:729:26: warning: symbol
'vmstate_serial_poll' was not declared. Should it be static?
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Spotted by Coverity with preview checker ALLOC_FREE_MISMATCH enabled
and my "coverity: Model g_free() isn't necessarily free()" model patch
applied.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Spotted by Coverity with preview checker ALLOC_FREE_MISMATCH enabled
and my "coverity: Model g_free() isn't necessarily free()" model patch
applied.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add trace calls. Convert some #ifdef DEBUG printfs to trace.
Signed-off-by: Don Koch <dkoch@verizon.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
we check and adjust request sizes at several places with
sometimes inconsistent checks or default values:
INT_MAX
INT_MAX >> BDRV_SECTOR_BITS
UINT_MAX >> BDRV_SECTOR_BITS
SIZE_MAX >> BDRV_SECTOR_BITS
This patches introdocues a macro for the maximal allowed sectors
per request and uses it at several places.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
this adds a knob to disable request merging for debugging or benchmarks if dedired.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
this patch finally introduces multiread support to virtio-blk. While
multiwrite support was there for a long time, read support was missing.
The complete merge logic is moved into virtio-blk.c which has
been the only user of request merging ever since. This is required
to be able to merge chunks of requests and immediately invoke callbacks
for those requests. Secondly, this is required to switch to
direct invocation of coroutines which is planned at a later stage.
The following benchmarks show the performance of running fio with
4 worker threads on a local ram disk. The numbers show the average
of 10 test runs after 1 run as warmup phase.
| 4k | 64k | 4k
MB/s | rd seq | rd rand | rd seq | rd rand | wr seq | wr rand
--------------+--------+---------+--------+---------+--------+--------
master | 1221 | 1187 | 4178 | 4114 | 1745 | 1213
multiread | 1829 | 1189 | 4639 | 4110 | 1894 | 1216
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
As it was not obvious (at least for me) where the 32 comes from;
add a constant for it.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(With the previous atapi_dma flag recovery)
If migration happens between the ATAPI command being written and the
bmdma being started, the DMA is dropped. Eventually the guest times
out and recovers, but that can take many seconds.
(This is rare, on a pingpong reading the CD continuously I hit
this about ~1/30-1/50 migrates)
I don't think we've got enough state to be able to recover safely
at this point, so I throw a 'medium error, no seek complete'
that I'm assuming guests will try and recover from an apparently
dirty CD.
OK, it's a hack, the real solution is probably to push a lot of
ATAPI state into the migration stream, but this is a fix that
works with no stream changes. Tested only on Linux (both RHEL5
(pre-libata) and RHEL7).
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If a migration happens just after the guest has kicked
off an ATAPI command and kicked off DMA, we lose the atapi_dma
flag, and the destination tries to complete the command as PIO
rather than DMA. This upsets Linux; modern libata based kernels
stumble and recover OK, older kernels end up passing bad data
to userspace.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Version: GnuPG v1
iQEcBAABAgAGBQJU1MtgAAoJEJykq7OBq3PId6IH/2p7BZSEal1CqmxgmcAyRxrB
IZ3RkDKyCF3ELBozvJ9RLHEakARVBNBSc4YSiQTFIcE6QYe8rRWXthbo6k6MiCnC
5w3Yh1EdocKLNOU0jCl0yN0cqJyWp6ax//66K4iFn7Q1+LCRVs74JO7z9U7tEXuW
cz3fRzb2OsP2tjUDTsnaIQNs7zewn1w9DgSnhtt9KS6rF9V9qDHeX4pjIcdEM45w
S+YMUaLtTmyTJ55ldq7YCMjBU+3KxFQi8LuEPjCwBMLyLaF35Uy2N99NIHGa0696
P8WAL67SV4YR9KpKIjL3w82Fjx22cpe1cUuxVTkEzCTFKHgq2yzHTdy0I02nhkc=
=9OUs
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
# gpg: Signature made Fri 06 Feb 2015 14:10:40 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/net-pull-request:
monitor: more accurate completion for host_net_remove()
net: del hub port when peer is deleted
net: remove the wrong comment in net_init_hubport()
monitor: print hub port name during info network
rtl8139: simplify timer logic
MAINTAINERS: add Jason Wang as net subsystem maintainer
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pavel Dovgalyuk reports that TimerExpire and the timer are not restored
correctly on the receiving end of migration.
It is not clear to me whether this is really the case, but we can take
the occasion to get rid of the complicated code that computes PCSTimeout
on the fly upon changes to IntrStatus/IntrMask. Just always keep a
timer running, it will fire every ~130 seconds at most if the interrupt
is masked with TimerInt != 0.
This makes rtl8139_set_next_tctr_time idempotent (when the virtual clock
is stopped between two calls, as is the case during migration).
Tested with Frediano's qtest.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421765099-26190-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
fix mc146818rtc wrong subsection name to avoid vmstate_subsection_load() fail
during incoming migration or loadvm.
Signed-off-by: Zhang Haoyu <zhanghy@sangfor.com.cn>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
One of the annoyances of the current migration format is the fact that
it's not self-describing. In fact, it's not properly describing at all.
Some code randomly scattered throughout QEMU elaborates roughly how to
read and write a stream of bytes.
We discussed an idea during KVM Forum 2013 to add a JSON description of
the migration protocol itself to the migration stream. This patch
adds a section after the VM_END migration end marker that contains
description data on what the device sections of the stream are composed of.
This approach is backwards compatible with any QEMU version reading the
stream, because QEMU just stops reading after the VM_END marker and ignores
any data following it.
With an additional external program this allows us to decipher the
contents of any migration stream and hopefully make migration bugs easier
to track down.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Update to arm_cpu_reset() to reset into the highest available exception level
based on the set ARM features.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-4-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch allows the board to specifiy the number of NVIC interrupt
lines when using armv7m_init.
Signed-off-by: Alistair Francis <alistair23@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 5a0b0fcc778df0340899f488053acc9493679e03.1422077994.git.alistair23@gmail.com
[PMM: removed stale FIXME comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch moves the memory region init code from the
armv7m_init function to the stellaris_init function
Signed-off-by: Alistair Francis <alistair23@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 4836be7e1d708554d6eb0bc639dc2fbf7dac0458.1422077994.git.alistair23@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit d8d9581460 added explicit object_unparent() calls for
dynamically allocated MemoryRegions. The VFIOMSIXInfo structure also
contains such a MemoryRegion, covering the mmap'd region of a PCI BAR
above the MSI-X table. This structure is freed as part of the class
exit function and therefore also needs an explicit object_unparent().
Failing to do this results in random segfaults due to fields within
the structure, often the class pointer, being reclaimed and corrupted
by the time object_finalize_child_property() is called for the object.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-stable@nongnu.org # 2.2
in old code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJU0MaQAAoJEN7Pa5PG8C+vS58P/ApghtO/fn1Iev7lzrZe3SkK
+hz/iOS8lKwoztwaD/qEQBXapKdNCZc5U0j+f0SYVB/aeJfhkSNkv61e+0XwxMK3
0LFwXVvHwauUC1m//rRLlGSyhAfFDRyAOSKZPPggJn4ZvsQFUAY6Ap7EThjzlvQk
u4bil9wzeonlPGYaVrmCq7FSBuCXwH0ZMMS4wf+/x6gq8kMvhn0Lvl4dvEfDNRd3
C33V/HiNQHdqr5qr3LIIhxriDR8jDCh7jZgAqStxBqAAq0qeo1OAe6oh+ccTWTCz
rVbQu3UZJt0a+4EarS3te+BpWg8ZzM4tuOGwunhKpkJMuoC0aT2stpPQB8uPzZav
0OASRN5J8aClzlQYCLlixIED3KFY4q4b643r+CGnUczPNhL/C0lj/5ly862RnmoP
HORFxWamCWy1IKiIWiZpr39ubEb853XaaR6MsC6IVozK9q0i4oqifKoiBRyHe02c
FEyXUJjImS8HV9UoYiIOsWMeZigmdp+9Q7gjl/oPNoUXmLH4Z5YFCAo01uhNOdYd
Z/5FosrVedC1bvLCrVMLxB+mk/15K4MAXYW1l4g0W/iN+0RA1tdVlxP7FoaLNMyE
5ZcB3BGIwjiuSNwMMgvkbmcNtkfoR02qHqm8Xotyjn2hJVopZQpaikpi2gkfD7mD
MF3dPHqfM6lg3gj662t6
=gJ0f
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20150203' into staging
Some bugfixes and cleanups for s390x, both in the new pci code and
in old code.
# gpg: Signature made Tue 03 Feb 2015 13:01:04 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
* remotes/cohuck/tags/s390x-20150203:
pc-bios/s390-ccw: update binary
pc-bios/s390-ccw: fix sparse warnings
s390x/ipl: Improved code indentation in s390_ipl_init()
s390x/kvm: unknown DIAGNOSE code should give a specification exception
s390x/kvm: Fix diag-308 register decoding
s390x/pci: fix dma notifications in rpcit instruction
s390x/pci: check for invalid function handle
s390x/pci: avoid sign extension in stpcifc
s390: Plug memory leak on s390_pci_generate_event() error path
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The indentation of the code in s390_ipl_init() can be simplified
a little bit by removing superfluous else-statements.
Suggested-by: Michael Mueller <mimu@linux.vnet.ibm.com>
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
The virtual I/O address range passed to rpcit instruction might not
map to consecutive physical guest pages. For this we have to translate
and create mapping notifications for each vioa page separately.
Signed-off-by: Yi Min Zhao <zyimin@cn.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
broken guest may provide 0 (invalid) function handle to zpci
instructions. Since we use function handle 0 to indicate an empty
slot in the PHB we have to add an additional check to spot this
kind of error.
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
This patch avoids sign extension and fixes a data conversion
bug in stpcifc. Both issues where found by Coverity.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
scsi_req_cancel_complete is responsible for releasing the request, so we
shouldn't skip it in any case. This doesn't affect the only existing
caller, virtio-scsi, but is useful for other devices once they use it.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This includes a (mangled) copy of the liburcu code. The main changes
are: 1) removing dependencies on many other header files in liburcu; 2)
removing for simplicity the tentative busy waiting in synchronize_rcu,
which has limited performance effects; 3) replacing futexes in
synchronize_rcu with QemuEvents for Win32 portability. The API is
the same as liburcu, so it should be possible in the future to require
liburcu on POSIX systems for example and use our copy only on Windows.
Among the various versions available I chose urcu-mb, which is the
least invasive implementation even though it does not have the
fastest rcu_read_{lock,unlock} implementation. The urcu flavor can
be changed later, after benchmarking.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
A bunch of fixes all over the place. Also, beginning to generalize acpi build
code for reuse by ARM.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJUx465AAoJECgfDbjSjVRpzewIAI/tzV1oCR1D/YDYBYpiK68W
85JJbyR90DpS9unjrkeUHEnJgkegCk8dMXlWJOlshpwxDw2khC2ol0yS6siwC6Z/
1peL9E5zHz2H8KWfH6JlhqLETovZxjd5Uv3q1mWULvK+zZcPzeQDCky5I8mbEw4b
0LGDGX8mcLlDnit9mnAbgHu7cbqGa0jtXoJTFveKdxQtHdyj4cAg0wCjOLhnEo6s
fJP7K1TJ2Ptiwwlk2cnj8T4Z9AoJkWjpFfr94dST2KqR3z5j8OUZYYhifrZa3e8t
qxO/UatY4IwSnsmWCn/hvzlHZFa03sc9nPIkAlj96j78sHqPafDJxCdnwlX8pF8=
=Kfwr
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pci, pc, virtio fixes and cleanups
A bunch of fixes all over the place. Also, beginning to generalize acpi build
code for reuse by ARM.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 27 Jan 2015 13:12:25 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
pc-dimm: Add Error argument to pc_existing_dimms_capacity
pc-dimm: Make pc_existing_dimms_capacity global
pc: Fix DIMMs capacity calculation
smbios: Don't report unknown CPU speed (fix SVVP regression)
smbios: Fix dimm size calculation when RAM is multiple of 16GB
bios-linker-loader: move source to common location
bios-linker-loader: move header to common location
virtio: fix feature bit checks
bios-tables-test: split piix4 and q35 tests
acpi: build_append_nameseg(): add padding if necessary
acpi: update generated hex files
acpi-test: update expected DSDT
pc: acpi: fix WindowsXP BSOD when memory hotplug is enabled
pci: Split pcie_host_mmcfg_map()
Add some trace calls to pci.c.
ich9: add disable_s3, disable_s4, s4_val properties
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now that pc_existing_dimms_capacity() is an API, include Error pointer
as an argument and modify the caller appropriately.
Suggested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Move pc_existing_dimms_capacity() to pc-dimm.c since it would be needed
by PowerPC memory hotplug code too.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pc_existing_dimms_capacity() is returning DIMMs count rather than capacity.
Fix this to return the capacity. Also consider only realized devices for
capacity calculation.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
SVVP requires processor speed on Type 4 structures to not be unknown.
This was fixed in SeaBIOS 0.5.0 (in 2009), but the bug was reintroduced
in QEMU 2.1.
Revert to old behavior and report CPU speed as 2000 MHz instead of
unknown.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
The Memory Device size calculation logic is broken when the RAM size is
a multiple of 16GB, making the size of the last entry be 0 instead of
16GB. Fix the logic to handle that case correctly.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
There are plans to use bios linker by MIPS, ARM.
It's only used by ACPI ATM, so put it in hw/acpi
and make it depend on CONFIG_ACPI.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Several places check against the feature bit number instead of against
the feature bit. Fix them.
Cc: qemu-stable@nongnu.org
Reported-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
According to ACPI spec NameSeg shorter than 4 characters
must be padded up to 4 characters with "_" symbol.
ACPI 5.0: 20.2.2 "Name Objects Encoding"
Do it in build_append_nameseg() so that caller shouldn't know
or care about it.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Previous patch
pc: acpi: fix WindowsXP BSOD when memory hotplug is enabled
changed DSDT, update hex files for non-iasl builds.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
ACPI parser in XP considers PNP0A06 devices of CPU and
memory hotplug as duplicates. Adding unique _UID
to CPU hotplug device fixes BSOD.
Cc: qemu-stable@nongnu.org
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The mmcfg space is a memory region that allows access to PCI config space
in the PCIe world. To maintain abstraction layers, I would like to expose
the mmcfg space as a sysbus mmio region rather than have it mapped straight
into the system's memory address space though.
So this patch splits the initialization of the mmcfg space from the actual
mapping, allowing us to only have an mmfg memory region without the map.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
PIIX4 has disable_s3 and disable_s4 properties to enable or disable PM
functions. Add such properties to the ICH9 chipset as well for the Q35
machine type.
S3 / S4 are not guaranteed to always work (needs work in the guest as
well as QEMU for things to work properly), and disabling advertising of
these features ensures guests don't go into zombie state if something
isn't working right.
The defaults are kept the same as in PIIX4: both S3 and S4 are enabled
by default.
These can be disabled via the cmdline:
... -global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1
Note: some guests can fake hibernation by writing a hibernate image and
doing a shutdown instead of S4 if S4 isn't available; there's nothing we
can do guests to stop doing this, and this patch can't affect that
functionality.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
- New "edu" device (v1->v2: fix 32-bit compilation)
- Disabling HLE and RTM on Haswell & Broadwell
- kvm_stat updates
- Added --enable-modules to Travis, in preparation for switching
the default
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJUxiioAAoJEL/70l94x66D+zQIAKVq9DPm4RNJ2/c2nt6phAVr
6Z5yB+TMf4BKFORwVkionvIOEqOC0pdm3oo93/XH7DTsN7pFg7rdwJl+ADESgvl6
+tpUbrgjZuCuNQNXy/mjx0EJQUmTk8/x+a054hSo6XNvs2ZM9HjaKNX3ojS6pG1J
mhIH4cjGPMCwu2hgm2mho/1zdIs4Qk3xT8Uzfq8i5gES14YX0Fmt93idUn3DRs7m
zHdzHWr0JmXfZweNDdPgsfGO6g+NnwgGUOqeGY4Ucmurkepk9ViCaaJP7lOnuRhT
52isayOrfrZsSLm5xxwtSUjmgbxzlOEit1b8jLzpHb5b9b+LJiCtuJnN7vwHb34=
=jgup
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
- Many fixes from the floor as usual
- New "edu" device (v1->v2: fix 32-bit compilation)
- Disabling HLE and RTM on Haswell & Broadwell
- kvm_stat updates
- Added --enable-modules to Travis, in preparation for switching
the default
# gpg: Signature made Mon 26 Jan 2015 11:44:40 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
kvm_stat: Add RESET support for perf event ioctl
target-i386: Disable HLE and RTM on Haswell & Broadwell
sparse: Fix build with sparse on .S files
exec: fix madvise of NULL pointer
.travis.yml: Add "--enable-modules"
apic: do not dereference pointer before it is checked for NULL
kvm_stat: Print errno when syscall to perf_event_open() fails
kvm_stat: Update exit reasons to the latest defintion
kvm_stat: Add aarch64 support
hw: misc, add educational driver
vmstate: accept QEMUTimer in VMSTATE_TIMER*, add VMSTATE_TIMER_PTR*
qemu-timer: introduce timer_deinit
qemu-timer: add timer_init and timer_init_ns/us/ms
target-i386: make xmm_regs 512-bit wide
target-i386: use vmstate_offset_sub_array for AVX registers
tests/multiboot: Add test for modules
multiboot: Fix offset of bootloader name
tests/multiboot: Update reference output
pc: fix KVM features in pc-1.3 and earlier machine types
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
All Haswell CPUs and some Broadwell CPUs were updated by Intel to have
the HLE and RTM features disabled. This will prevent
"-cpu Haswell,enforce" and "-cpu Broadwell,enforce" from running out of
the box on those CPUs.
Disable those features by default on Broadwell and Haswell CPU models,
starting on pc-*-2.3. Users who want to use those features can enable
them explicitly on the command-line.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Right now you only get to apic_init_reset if you have an APIC
(do_cpu_init is reached only if CPU_INTERRUPT_INIT is set and
that only happens in hw/intc/apic.c). However, this is wrong
because for example a port 92 or keyboard controller reset is
really an INIT, and that can happen also with no APIC. So
keep the check and fix the error that Coverity reported.
Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
I am using qemu for teaching the Linux kernel at our university. I
wrote a simple PCI device that can answer to writes/reads, generate
interrupts and perform DMA. As I am dragging it locally over 2 years,
I am sending it to you now.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
[Fix 32-bit compilation. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This fixes a bug introduced in commit 5eba5a66 ('Add bootloader name to
multiboot implementation').
The calculation of the bootloader name offset didn't consider space
occupied by module command lines, so some unlucky module got its command
line partially overwritten with a "qemu" string.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Due to a typo, instead of disabling KVM_FEATURE_PV_EOI (bit
6) these machine types are disabling bits 1 and 2, which are
KVM_FEATURE_NOP_IO_DELAY and KVM_FEATURE_MMU_OP. Not a big deal
because they aren't very important and KVM_FEATURE_MMU_OP is
disabled anyway. The worst part is actually that KVM_FEATURE_PV_EOI
is remaining enabled.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Use the asynchronous interface of ioctl. This will not make the VM
unresponsive if the ioctl takes a long time.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
In preparation for calling blk_aio_ioctl. Also make the function static
as no other files need it.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When ever USB keyboard is used, e.g. '-usbdevice keyboard' pressing
caps lock key send 0x32 hid code, which is treated as backslash.
Instead it should be 0x39 code. This affects sending uppercase keys,
as they typed whith caps lock active.
While on x86 this can be workarounded by using ps/2 protocol. On
Power it is crusial as we don't have anything else than USB.
This is fixes guest automation tasts over vnc.
Signed-off-by: Dinar Valeev <dvaleev@suse.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
SoundBlaster 16 emulation is very broken and consumes a lot of CPU, but a
small fix was suggested offlist and it is enough to fix some games. I
got Epic Pinball to work with the "SoundBlaster Clone" option.
The processing of the interrupt register is wrong due to two missing
"not"s. This causes the interrupt flag to remain set even after the
Acknowledge ports have been read (0x0e and 0x0f).
The line was introduced by commit 85571bc (audio merge (malc), 2004-11-07),
but the code might have been broken before because I did not look closely
at the huge patches from 10 years ago.
Reported-by: Joshua Bair <j_bair@bellsouth.net>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The Xen ioreq-server API, introduced in Xen 4.5, requires that PCI device
models explicitly register with Xen for config space accesses. This patch
adds a listener interface into qdev-core which can be used by the Xen
interface code to monitor for arrival and departure of PCI devices.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
This allows VGA to decide whether to use a shared surface based on
whether the UI backend supports the format or not. Backends that
don't provide the new callback fallback to native 32 bpp which
is equivalent to what was supported before.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[ kraxel: fix console check, allow only 32 bpp as fallback ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(1) Let's contemplate what device endianness means, for a memory mapped
device register (independently of QEMU -- that is, on physical hardware).
It determines the byte order that the device will put on the data bus when
the device is producing a *numerical value* for the CPU. This byte order
may differ from the CPU's own byte order, therefore when software wants to
consume the *numerical value*, it may have to swap the byte order first.
For example, suppose we have a device that exposes in a 2-byte register
the number of sheep we have to count before falling asleep. If the value
is decimal 37 (0x0025), then a big endian register will produce [0x00,
0x25], while a little endian register will produce [0x25, 0x00].
If the device register is big endian, but the CPU is little endian, the
numerical value will read as 0x2500 (decimal 9472), which software has to
byte swap before use.
However... if we ask the device about who stole our herd of sheep, and it
answers "XY", then the byte representation coming out of the register must
be [0x58, 0x59], regardless of the device register's endianness for
numeric values. And, software needs to copy these bytes into a string
field regardless of the CPU's own endianness.
(2) QEMU's device register accessor functions work with *numerical values*
exclusively, not strings:
The emulated register's read accessor function returns the numerical value
(eg. 37 decimal, 0x0025) as a *host-encoded* uint64_t. QEMU translates
this value for the guest to the endianness of the emulated device register
(which is recorded in MemoryRegionOps.endianness). Then guest code must
translate the numerical value from device register to guest CPU
endianness, before including it in any computation (see (1)).
(3) However, the data register of the fw_cfg device shall transfer strings
*only* -- that is, opaque blobs. Interpretation of any given blob is
subject to further agreement -- it can be an integer in an independently
determined byte order, or a genuine string, or an array of structs of
integers (in some byte order) and fixed size strings, and so on.
Because register emulation in QEMU is integer-preserving, not
string-preserving (see (2)), we have to jump through a few hoops.
(3a) We defined the memory mapped fw_cfg data register as
DEVICE_BIG_ENDIAN.
The particular choice is not really relevant -- we picked BE only for
consistency with the control register, which *does* transfer integers --
but our choice affects how we must host-encode values from fw_cfg strings.
(3b) Since we want the fw_cfg string "XY" to appear as the [0x58, 0x59]
array on the data register, *and* we picked DEVICE_BIG_ENDIAN, we must
compose the host (== C language) value 0x5859 in the read accessor
function.
(3c) When the guest performs the read access, the immediate uint16_t value
will be 0x5958 (in LE guests) and 0x5859 (in BE guests). However, the
uint16_t value does not matter. The only thing that matters is the byte
pattern [0x58, 0x59], which the guest code must copy into the target
string *without* any byte-swapping.
(4) Now I get to explain where I screwed up. :(
When we decided for big endian *integer* representation in the MMIO data
register -- see (3a) --, I mindlessly added an indiscriminate
byte-swizzling step to the (little endian) guest firmware.
This was a grave error -- it violates (3c) --, but I didn't realize it. I
only saw that the code I otherwise intended for fw_cfg_data_mem_read():
value = 0;
for (i = 0; i < size; ++i) {
value = (value << 8) | fw_cfg_read(s);
}
didn't produce the expected result in the guest.
In true facepalm style, instead of blaming my guest code (which violated
(3c)), I blamed my host code (which was correct). Ultimately, I coded
ldX_he_p() into fw_cfg_data_mem_read(), because that happened to work.
Obviously (...in retrospect) that was wrong. Only because my host happened
to be LE, ldX_he_p() composed the (otherwise incorrect) host value 0x5958
from the fw_cfg string "XY". And that happened to compensate for the bogus
indiscriminate byte-swizzling in my guest code.
Clearly the current code leaks the host endianness through to the guest,
which is wrong. Any device should work the same regardless of host
endianness.
The solution is to compose the host-endian representation (2) of the big
endian interpretation (3a, 3b) of the fw_cfg string, and to drop the wrong
byte-swizzling in the guest (3c).
Brown paper bag time for me.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1420024880-15416-1-git-send-email-lersek@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There is nothing that is used by this ARM-specific device.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
superio_ioport_readb can read the 256th element of the array.
Coverity reports an out-of-bounds write in superio_ioport_writeb,
but it does not show the corresponding out-of-bounds read
because it cannot prove that it can happen. Fix the root
cause of the problem (zhanghailang's patch instead fixes
the logic in superio_ioport_writeb).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Cc: qemu-stable@nongnu.org
the record/replay series, and a few SCSI and i386 patches as well.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJUtjlCAAoJEL/70l94x66Dy5gH/0QIHoXVH/2wuA9apNK2/gBj
2U7g08QGKlc2wQGF4a48sQf523lSt5eirVxrwta0wmvFeznrdR84d4YGpolHM67A
Q9Y5J2i+v1H6cfQH6ylq61QQ7rEC3+isa65wblLeMSCAb2W1CcV7avSKu4BSPZw2
jGr3jd2Ve7pOsULpPhiNsmmltYSeZc7sQBYc9C7fQEoxOGsNnRoKOUKPnIk1mJTc
iYH480L1MnOL3enIz13K34lQofNRhJxJBLYKhYsBydQbOh0/Ls1eifOY4xEegXZ0
IUODy6c2pk+s/IUPARpBucKGKzDxdv0DLXDV60uGn5EsYT0CjCl9/sRs3bZvaQE=
=eT8u
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Mostly bugfixes and cleanups from qemu-devel. Yet another small patch from
the record/replay series, and a few SCSI and i386 patches as well.
# gpg: Signature made Wed 14 Jan 2015 09:39:14 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
cpus: consistently use QEMU_CLOCK_VIRTUAL_RT for icount_warp_rt timer
qemu-timer: rename timer_init to timer_init_tl
scsi: fix cancellation when I/O was completed but DMA was not.
rules.mak: Fix module build
hw/scsi/lsi53c895a: add support for additional diag / debug registers
qemu-common.h: optimise muldiv64 if int128 is available
target-i386: do not memcpy in and out of xmm_regs
target-i386: fix movntsd on big-endian hosts
vl.c: fix regression when reading memory size from config file
vl: Don't silently change topology when all -smp options were set
vl: fix max_cpus check
vl: Avoid unnecessary 'if' nesting
9pfs: changed to use event_notifier instead of qemu_pipe
vl.c: fix regression when reading machine type from config file
char: restore stdio echo on resume from suspend.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit d577646 (scsi: Introduce scsi_req_cancel_complete, 2014-09-25)
was supposed to have no semantic change, but it missed a case. When
r->aiocb has already been NULLed, but DMA was not complete and the
SCSI layer was waiting for scsi_req_continue, after the patch the
SCSI layer will not call the .cancel callback of SCSIBusInfo.
Fixes: d5776465ee
Cc: qemu-stable@nongnu.org
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Some ancient Linux kernels read from registers 0x09 and 0x3c-3f during
boot. According to the spec these registers are for diag and debug
purposes only. If they are absend qemu aborts on read.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
According to NVMe specifications Bits 15:08 represent Minor Version number.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
According to the specification, the low 16 bits should contain the number of
I/O submission queues, and the high 16 bits should contain the number of
I/O completion queues.
Signed-off-by: Alex Friedman <alex@e8storage.com>
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
SCSI devices have multiple kinds of queries they need to respond
to, as defined in the "cmd inquiry" section in MMC-6 and SPC-3.
Relevent sections:
MMC-6 revision 2g:
Non-VPD response data and pointer to SPC-3;
Section 6.8 "Inquiry Command"
SPC-3 revision 23:
Inquiry command and error handling:
Section 6.4 "INQUIRY command"
VPD data pages format:
Section 7.6 "Vital product data parameters"
We implement these Vital Product Data queries for SCSI, but not for
ATAPI through IDE. The result is that if you are looking for the WWN
identifier via tools such as sg3_utils, you will be unable to query
our CD/DVD rom device to obtain it.
This patch adds the minimum number of mandatory responses as defined
by SPC-3, which include the "supported pages" response (page 0x00)
and the "Device Identification" response (page 0x83). It also correctly
responds when it receives a request for an illegal page to improve
error output from related tools.
The Device ID page contains an arbitrary list of identification
strings of various formats; the ID strings included in this patch
were chosen to mimic those provided by the libata driver when
emulating this SCSI query (model, serial, and wwn when present.)
Example:
# libata emulated response
[root@localhost ~]# sg_inq --id /dev/sda
VPD INQUIRY: Device Identification page
Designation descriptor number 1, descriptor length: 24
designator_type: vendor specific [0x0], code_set: ASCII
associated with the addressed logical unit
vendor specific: QM00001
Designation descriptor number 2, descriptor length: 72
designator_type: T10 vendor identification, code_set: ASCII
associated with the addressed logical unit
vendor id: ATA
vendor specific: QEMU HARDDISK QM00001
# QEMU generated ATAPI response, with WWN
[root@localhost ~]# sg_inq --id /dev/sr0
VPD INQUIRY: Device Identification page
Designation descriptor number 1, descriptor length: 24
designator_type: vendor specific [0x0], code_set: ASCII
associated with the addressed logical unit
vendor specific: QM00005
Designation descriptor number 2, descriptor length: 72
designator_type: T10 vendor identification, code_set: ASCII
associated with the addressed logical unit
vendor id: ATA
vendor specific: QEMU DVD-ROM QM00005
Designation descriptor number 3, descriptor length: 12
designator_type: NAA, code_set: Binary
associated with the addressed logical unit
NAA 5, IEEE Company_id: 0xc50
Vendor Specific Identifier: 0x15ea71bb
[0x5000c50015ea71bb]
See also: hw/scsi/scsi-disk.c, scsi_disk_emulate_inquiry()
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Like BLOCK_OP_TYPE_BACKUP_SOURCE and BLOCK_OP_TYPE_BACKUP_TARGET,
block-commit involves two asymmetric devices.
This change is not user-visible (yet), because commit only works with
device names.
But once we enable backing reference in blockdev-add, or specifying
node-name in block-commit command, we don't want the user to start two
commit jobs on the same backing chain, which will corrupt things because
of the final bdrv_swap.
Before we have per category blockers, splitting this type is still
better.
[Resolved virtio-blk dataplane conflict by replacing
BLOCK_OP_TYPE_COMMIT with both BLOCK_OP_TYPE_COMMIT_{SOURCE, TARGET}.
They are safe since the block job runs in the same AioContext as the
dataplane IOThread.
--Stefan]
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Use the 'xl pci-attach $DomU $BDF' command to attach more than
one PCI devices to the guest, then detach the devices with
'xl pci-detach $DomU $BDF', after that, re-attach these PCI
devices again, an error message will be reported like following:
libxl: error: libxl_qmp.c:287:qmp_handle_error_response: receive
an error message from QMP server: Duplicate ID 'pci-pt-03_10.1'
for device.
If using the 'address_space_memory' as the parameter of
'memory_listener_register', 'xen_pt_region_del' will not be called
if the memory region's name is not 'xen-pci-pt-*' when the devices
is detached. This will cause the device's related QemuOpts object
not be released properly.
Using the device's address space can avoid such issue, because the
calling count of 'xen_pt_region_add' when attaching and the calling
count of 'xen_pt_region_del' when detaching is the same, so all the
memory region ref and unref by the 'xen_pt_region_add' and
'xen_pt_region_del' can be released properly.
Signed-off-by: Liang Li <liang.z.li@intel.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reported-by: Longtao Pang <longtaox.pang@intel.com>
Version: GnuPG v1
iQEcBAABAgAGBQJUs6GdAAoJEJykq7OBq3PISysH/RrB2GTwdBSKlivDdUbV6xgi
ak0Vnv3k9eiHTD0auJDGqgtC+DhP9AxOZTnN2GjKTCE55vhkYXgSqHLqLgQakkND
NhnUNcmZeW0fehd/QA8HGcaXukJhZKEG2MlNhFSmC1L8yK7wyXgIB6KBS5vLPfNw
yy3uujmZJW/MbR6eUvugGB6TdrX7dAvogjP7H6N7Bbp4RpQrh5Wp5zVVVbgLvEtX
6aGqfol5kTurtuZ2lxFfovO/fiwQ1BErFLbqXauUO0bTqKIXlWY3Xwgu3JLRfMw/
0EfW7ZTducz0RoWfalCanh+d0+uHEZgwTZaaeOVBslNnGk1u4A2cYIqJjr1QVAc=
=7/Iy
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
# gpg: Signature made Mon 12 Jan 2015 10:27:41 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/net-pull-request:
hw/net/xen_nic.c: Set 'netdev->mac' to NULL after free it
hw/net/xen_nic.c: Need free 'netdev->nic' in net_free() instead of net_disconnect()
hw/net/xen_nic.c: Free 'netdev->txs' when map 'netdev->rxs' fails
net: remove all cleanup methods from NIC NetClientInfos
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Since net_init() checks whether 'netdev->mac' is NULL, before alloc it;
net_release() also need set 'netdev->mac' to NULL after free it.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
net_init() and net_free() are pairs, net_connect() and net_disconnect()
are pairs. net_init() creates 'netdev->nic', so also need free it in
net_free().
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When map 'netdev->rxs' fails, need free the original resource, or will
cause resource leak.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
All NICs have a cleanup function that, in most cases, zeroes the pointer
to the NICState. In some cases, it frees data belonging to the NIC.
However, this function is never called except when exiting from QEMU.
It is not necessary to NULL pointers and free data here; the right place
to do that would be in the device's unrealize function, after calling
qemu_del_nic. Zeroing the NIC multiple times is also wrong for multiqueue
devices.
This cleanup function gets in the way of making the NetClientStates for
the NIC hold an object_ref reference to the object, so get rid of it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch implements the s390 pci instructions in qemu. It allows
to access and drive pci devices attached to the s390 pci bus.
Because of platform constrains devices using IO BARs are not
supported. Also a device has to support MSI/MSI-X to run on s390.
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
This patch implements a pci bus for s390x together with infrastructure
to generate and handle hotplug events, to configure/unconfigure via
sclp instruction, to do iommu translations and provide s390 support for
MSI/MSI-X notification processing.
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
ccw_machine_class_init() uses ',' instead of ';' while initializing
the class' fields. This is almost certainly a copy/paste error and,
while legal C, rather on the unusual side. Just use ';' everywhere.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
This makes ROM blocks resizeable. This infrastructure is required for other
functionality we have queued.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJUrme8AAoJECgfDbjSjVRpqmEH/1APnrphAi/CM6rxf2hPyvWj
f5yQDNXfeGxrHaW5vux6DvgHUkTng6KGBxz6XMSiwul6MeyRFNDqwbfMhSHjiIum
QkT//jqb5xux60kyTLXuIBTPok1SsKDtaTxbvZb0VmZrnkdYeI2CLa1Mq3cQUY0a
8DKnchQEM5lic9bxj+OuLiDFx8QYaMpQlUP9iIvNq6GjX+0zNsWvfPtkMTm00t93
lHKPvD2eVmrgfS5g+lkAwLDahLSjqwDc0YuLABOgDUFsZFz9GAUCHSpt0y8HEBwR
1NhGCfbnyyRl/1OSULtARGQ4Ddwm5dn1i5I4usoP5rLFS7FV5F7xhBu0IZlwgVA=
=pFmm
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc: resizeable ROM blocks
This makes ROM blocks resizeable. This infrastructure is required for other
functionality we have queued.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 08 Jan 2015 11:19:24 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
acpi-build: make ROMs RAM blocks resizeable
memory: API to allocate resizeable RAM MR
arch_init: support resizing on incoming migration
exec: qemu_ram_alloc_resizeable, qemu_ram_resize
exec: split length -> used_length/max_length
exec: cpu_physical_memory_set/clear_dirty_range
memory: add memory_region_set_size
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
New year's release. This time's highlights:
- E500: More RAM support
- pseries: New SLOF release
- Migration fixes
- Simplify USB spawning logic, removes support for explicit usb=off
- TCG: Simple untansactional TM emulation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQIcBAABAgAGBQJUrU6JAAoJECszeR4D/txgclcQALbuKWkpj4O85zfC3MbbC/ld
dORPmHFI0OChyN9YOU8UKtetIQK6FlbBB+ZA0VVOusEVpiQ/bmj+iGelTRf4R08a
5pcqlF8yQPoWrIxH6JK+OJqg7rrNJSUSrlYnMQKsZudmvL6r1VzFCcGoL+lIzIi8
uGoD+ngBHdEjUKRD+BxnOdkBwIm5K6FlbK1uynN1Cj9FLkYw9RsmVNqNPtd0vYSn
2Qi4XPXZoLxwVM2x/M89d1HCW41eBeLhBr28KuXR4bphIS1eyZY5pBlS35LPPt9+
KWo9xvkT2y+18T968vwKHLmQlqN62N0rotSFlNCpnvoo3bd6KexsSkjg497HsUR9
eOHdgVOBOHReWmmqtjgECgjzBmI2hEY8fEHg8ktOdOJ0YupcGdbWui5+r0ObYbnp
BKEvPiAo3/+XSASbW6NkAxcWvFt6DQx8nh5Y+9XFq1Q6Ge962SuCldzExzTo/8iQ
kSxTeECsHZb5Ch0vPyrOICeWxeBFJYW6lWVl59qSS0NzHflBD/Nns9TBGO8LJxm6
6NLmAu47Q7KW4xYZOXve6+I5Ze20szasiPF2v9BeV6TeKdSCd2krut1D8lUurPQM
EdtRmAKOCRQnC3x/lzQrrRxszoCqa3OSStO9RZ5TaGeq+7zec5J3g/9iomgGtMyz
t4Q8k66Mez8BhviG0SoS
=28q1
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging
Patch queue for ppc - 2015-01-07
New year's release. This time's highlights:
- E500: More RAM support
- pseries: New SLOF release
- Migration fixes
- Simplify USB spawning logic, removes support for explicit usb=off
- TCG: Simple untansactional TM emulation
# gpg: Signature made Wed 07 Jan 2015 15:19:37 GMT using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg: aka "Alexander Graf <alex@csgraf.de>"
* remotes/agraf/tags/signed-ppc-for-upstream: (37 commits)
hw/ppc/mac_newworld: simplify usb controller creation logic
hw/ppc/spapr: simplify usb controller creation logic
hw/ppc/mac_newworld: QOMified mac99 machines
hw/usb: simplified usb_enabled
hw/machine: added machine_usb wrapper
hw/ppc: modified the condition for usb controllers to be created for some ppc machines
target-ppc: Cast ssize_t to size_t before printing with %zx
target-ppc: Mark SR() and gen_sync_exception() as !CONFIG_USER_ONLY
PPC: e500: Fix GPIO controller interrupt number
target-ppc: Introduce Privileged TM Noops
target-ppc: Introduce tcheck
target-ppc: Introduce TM Noops
target-ppc: Introduce tbegin
target-ppc: Introduce TEXASRU Bit Fields
target-ppc: Power8 Supports Transactional Memory
target-ppc: Introduce tm_enabled Bit to CPU State
target-ppc: Introduce Feature Flag for Transactional Memory
target-ppc: Introduce Instruction Type for Transactional Memory
pseries: Update SLOF firmware image to 20141202
PPC: Fix crash on spapr_tce_table_finalize()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Changed to use event_notifier instead of qemu_pipe.
It is necessary for porting 9pfs to Windows and MacOS.
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Gibson.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJUqjyPAAoJEB6aO1+FQIO2Vq4P/3yYa1AbD6wFj2K6NaVlhEM5
HHIa03Zv/i1OESx14JgnB9dlS5ZYagQLs6C6IIHZqmmQeTa01fHkOVwhEisFXiXm
m/XzBus6DtH65ZlM0PQT7RAu3qPceaEkMbXh+jVGbbz1IEDgNblINgXYpBaFWp0f
EtKqQpWL0ImW8BSeYZGEAGYCX+IUtVez54Iyfzs7ZHneAhwUwydZosz5gDPPNkDf
u61LnY9DEULkn+KHGEj1kQ8+/wWJKJrN9H7PzPtSWdUHpSwBb+RqmXMjUvW97HNd
ObQCX3+8kMGOex2sGXQsBkx0zQcnJHTFpukTC+uM+D5PGZOoFXhrkxrjmuXWJp9C
71yEYoQcuKMpDnBmWIdiKLMVIA8hnqJd7/DNWKA9xETIpQbkIoyitsFV8lKVOUdS
MnDKaIPkn/kgWfc1LwGKPAtcKL3gjxswOXxSpU54snPitihcGqeMqcVICMYEqvKy
AbbJXSxquAsUDP4mlRrE9zSI6viS6+r7BocaGn5pTLt+ZdTkSzPr2Umo+LsEBOpv
OJwScc8HyD9vppJHIoHJuUiJLHoX6dmazOhUVJsjmW1rU3qBVNGGJT3n9dzldqeK
5Fw7680bHU3ICUt9lleGr/7fkPD5vNS5H6gsLiq0wjwMwWFb8aeJpoHuvP5x+EWO
QbrHlQqYdJ7eC8/1nttq
=hnwv
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/amit/tags/for-2.3' into staging
Migration fix for virtio-serial devices on bi-endian targets by David
Gibson.
# gpg: Signature made Mon 05 Jan 2015 07:26:07 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg: aka "Amit Shah <amit@kernel.org>"
# gpg: aka "Amit Shah <amitshah@gmx.net>"
* remotes/amit/tags/for-2.3:
virtio-serial: Don't keep a persistent copy of config space
virtio_serial: Don't use vser->config.max_nr_ports internally
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
the sdhci-pci device id to make space for the rocker device.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJUp6bMAAoJEL/70l94x66D9q0H/06JFtq/Sn5jLJsWgkU2EcNM
VpV9E2d+RE711PuKkplTj1ee/oYLTnxG9Yf+gdR3KY0hjB/32tHi70ft1WyvbGh/
m/9AiRMmVsKqnZnOlnqgLSN97bV8RNHdpF9wmogdB6xKm5ilICHMnKgRepIBA4HE
J0CeRrFr6LENQbaEU1YGuQ4StithPCSMm3FMNAsvZsM+4ALx+gj7E6NVFgfCyium
oeUyMjqzLE4Ddm3cvelMc0I0hnr7noyzYML6jJaed0XMt5V1Ln/2zUOLfLMc6x9a
SU/mzFnnF2ieqR32M0OijS5E9EHOR46clQlxAQBOdI9qtFTtMYFwe7FIEbvQhJI=
=YI77
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
More migration fixes and more record/replay preparations. Also moves
the sdhci-pci device id to make space for the rocker device.
# gpg: Signature made Sat 03 Jan 2015 08:22:36 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
pci: move REDHAT_SDHCI device ID to make room for Rocker
block/iscsi: fix uninitialized variable
pckbd: set bits 2-3-6-7 of the output port by default
serial: refine serial_thr_ipending_needed
gen-icount: check cflags instead of use_icount global
translate: check cflags instead of use_icount global
cpu-exec: add a new CF_USE_ICOUNT cflag
target-ppc: pass DisasContext to SPR generator functions
atomic: fix position of volatile qualifier
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When disabling MSI/X interrupts the disable functions will leave the
device in INTx mode (when available). This matches how hardware
operates, INTx is enabled unless MSI/X is enabled (DisINTx is handled
separately). Therefore when we really want to disable all interrupts,
such as when removing the device, and we start with the device in
MSI/X mode, we need to pass through INTx on our way to being
completely quiesced.
In well behaved situations, the guest driver will have shutdown the
device and it will start vfio_exitfn() in INTx mode, producing the
desired result. If hot-unplug causes the guest to crash, we may get
the device in MSI/X state, which will leave QEMU with a bogus handler
installed.
Fix this by re-ordering our disable routine so that it should always
finish in VFIO_INT_NONE state, which is what all callers expect.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
We use an unsigned int when working with the PCI BAR size, which can
obviously overflow if the BAR is 4GB or larger. This needs to change
to a fixed length uint64_t. A similar issue is possible, though even
more unlikely, when mapping the region above an MSI-X table. The
start of the MSI-X vector table must be below 4GB, but the end, and
therefore the start of the next mapping region, could still land at
4GB.
Suggested-by: Nishank Trivedi <nishank.trivedi@netapp.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Don Slutz <dslutz@verizon.com>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
The argument is not longer used and the implementation
uses now QOM instead of QemuOpts.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-4-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Following QOM convention, object properties should
not be accessed directly.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-3-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Some ppc machines create a default usb controller based on a 'machine condition'.
Until now the logic was: create the usb controller if:
- the usb option was supplied in cli and value is true or
- the usb option was absent and both set_defaults and the machine
condition were true.
Modified the logic to:
Create the usb controller if:
- the machine condition is true and defaults are enabled or
- the usb option is supplied and true.
The main for this is to simplify the usb_enabled method.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id: 1420550957-22337-2-git-send-email-marcel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use resizeable ram API so we can painlessly extend ROMs in the
future. Note: migration is not affected, as we are
not actually changing the used length for RAM, which
is the part that's migrated.
Use this in acpi: reserve x16 more RAM space.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
The argument is not longer used and the implementation
uses now QOM instead of QemuOpts.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Following QOM convention, object properties should
not be accessed directly.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Some ppc machines create a default usb controller based on a 'machine condition'.
Until now the logic was: create the usb controller if:
- the usb option was supplied in cli and value is true or
- the usb option was absent and both set_defaults and the machine
condition were true.
Modified the logic to:
Create the usb controller if:
- the machine condition is true and defaults are enabled or
- the usb option is supplied and true.
The main for this is to simplify the usb_enabled method.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The mingw32 compiler complains about trying to print variables of type
ssize_t with the %z format string specifier. Since we're printing it
as unsigned hex anyway, cast to size_t to silence the warning.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
The GPIO controller lives at IRQ 47, not 43 on real hardware. This is a problem
because IRQ 43 is occupied by the I2C controller which we want to implement
next, so we'd have a conflict on that IRQ number.
Move the GPIO controller to IRQ 47 where it belongs.
Signed-off-by: Amit Singh Tomar <amit.tomar@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
spapr_tce_table_finalize() can SEGV if the object was not previously
realized. In particular this can be triggered by running
qemu-system-ppc -device spapr-tce-table,?
The basic problem is that we have mismatched initialization versus
finalization: spapr_tce_table_finalize() is attempting to undo things that
are done in spapr_tce_table_realize(), not an instance_init function.
Therefore, replace spapr_tce_table_finalize() with
spapr_tce_table_unrealize().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
If a TCG guest reboots during a running migration HTAB entries are not
marked dirty, and the destination boots with an invalid HTAB.
When a reboot occurs, explicitly mark the current HTAB dirty after
clearing it.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
The n_valid and n_invalid fields are unsigned short integers but it is
possible to have more than 65535 entries in a contiguous hunk, overflowing
the field. This results in an incorrect HTAB being sent to the destination
during migration.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
If a guest reboots during a running migration, changes to the
hash page table are not necessarily updated on the destination.
Opening a new file descriptor to the HTAB forces the migration
handler to resend the entire table.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
The e500 PCI controller has configurable windows that allow a guest OS
to selectively map parts of the PCI bus space to CPU address space and
to selectively map parts of the CPU address space for DMA requests into
PCI visible address ranges.
So far, we've simply assumed that this mapping is 1:1 and ignored it.
However, the PCICSRBAR (CCSR mapped in PCI bus space) always has to live
inside the first 32bits of address space. This means if we always treat
all mappings as 1:1, this map will collide with our RAM map from the CPU's
point of view.
So this patch adds proper ATMU support which allows us to keep the PCICSRBAR
below 32bits local to the PCI bus and have another, different window to PCI
BARs at the upper end of address space. We leverage this on e500plat though,
mpc8544ds stays virtually 1:1 like it was before, but now also goes via ATMU.
With this patch, I can run guests with lots of RAM and not coincidently access
MSI-X mappings while I really want to access RAM.
Signed-off-by: Alexander Graf <agraf@suse.de>
The mpc8544ds board only supports up to 3GB of RAM due to its limited
address space.
When the user requests more, abort and tell him that he should use less.
Signed-off-by: Alexander Graf <agraf@suse.de>
On e500 we're basically guaranteed to have 36bits of physical address space
available for our enjoyment. Older chips (like the mpc8544) only had 32bits,
but everything from e500v2 onwards bumped it up.
It's reasonably safe to assume that if you're using the PV machine, your guest
kernel is configured to support 36bit physical address space. So in order to
support more guest RAM, we can move CCSR and other MMIO windows right below the
end of our 36bit address space, just like later SoC versions of e500 do.
With this patch, I'm able to successfully spawn an e500 VM with -m 48G.
Signed-off-by: Alexander Graf <agraf@suse.de>
We want to have different MMIO region offsets for the mpc8544ds machine
and our e500 PV machine, so move the definitions of those into the machine
specific params struct.
Signed-off-by: Alexander Graf <agraf@suse.de>
This was reported for this warning:
hw/virtio/virtio-rng.c:150:31: warning: logical not is only applied to
the left hand side of comparison [-Wlogical-not-parentheses]
Reported-by: dcb
Suggested-by: dcb
Bug: https://bugs.launchpad.net/qemu/+bug/1393486
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
The 'config' field in the VirtIOSerial structure keeps a copy of the virtio
console's config space as visible to the guest, that is to say, in guest
endianness. This is fiddly to maintain, because on some targets, such as
powerpc, the "guest endianness" can change when a new guest OS boots.
In fact, there's no need to maintain such a guest view of config space -
instead we can reconstruct it from host-format data when it is accessed
with get_config.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
A number of places in the virtio_serial driver retrieve the number of ports
from vser->config.max_nr_ports, which is guest-endian. But for internal
users, we already have a host-endian copy of the number of ports in
vser->serial.max_virtserial_ports. Using that instead of the config field
removes the need for easy-to-forget byteswapping.
In particular this fixes a bug on incoming migration, where we don't adjust
the endianness vser->config correctly, because it hasn't yet been loaded
from the migration stream when virtio_serial_load_device() is called.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
OSes typically write 0xdd/0xdf to turn the A20 line off and on. This
has bits 2-3-6-7 on, so that the output port subsection is migrated.
Change the reset value and migration default to include those four
bits, thus avoiding that the subsection is migrated.
This strictly speaking changes guest ABI, but the long time during which
we have not migrated the value means that the guests really do not care
much; so the change is for all machine types.
Reported-by: Igor Mammedov <imammedo@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If the THR interrupt is disabled, there is no need to migrate thr_ipending
because LSR.THRE will be sampled again when the interrupt is enabled.
(This is the behavior that is not documented in the datasheet, but
relied on by Windows!)
Note that in this case IIR will never be 0x2 so, if thr_ipending were
to be one, QEMU would produce the subsection.
Reported-by: Igor Mammedov <imammedo@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Keys which send more than one scancode (esp. windows key) weren't handled
correctly since commit 1ff5eedd. Two events were put into the input event
queue but only one was processed. This fixes this by fetching all pending
events in the callback handler.
Signed-off-by: Michael Walle <michael@walle.cc>
Cc: Gerd Hoffmann <kraxel@redhat.com>
* enable 32-bit EL3 (TrustZone) for vexpress and virt boards
* add fw_cfg device to virt board for UEFI firmware config
* support passing commandline kernel/initrd to firmware
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJUmXMpAAoJEDwlJe0UNgzeIlIP/24UPoFsA/8rZV9JI41FDGJT
ZH9SU6mjMhCIYZScbIwr2lfggRMOIzxFe3ohz4pTklXdwwz87Rg8Nfxecg+te/1i
sqCmhAhsEcZr+Snirn/HmsqPE1dOGoNcCUP4Pb0XByBo3KQ1Gdqj9dUsV2S4CO0M
ZkxjFaNJrqhyh5PJxoWYqO8aed38v2S+sNA5brCtWsrePo71e89M6qd3JyhKpNWC
II33HWCS1leBmNc//bWP3DiIiZ1FIwyWgiEhscLD67LhtaQX1Am/x6RAsWzH4T8k
rH4qZtIIYJi7up1qPCQqUA0TS3TvZuvvY46suAihxgaiLe1p/0KGEvwYmyyg35Pl
yxdVny21gJi0s/HXVgBGTndjzCBVMfvDoN8BYGRZvuBia1a6QNdRybpiqq/X/8J2
fPXPgJNuDMzERSrnVHYPqriQpAyNw25gRJqDbo/3xoNS60Yzd4q06yhKxRg8ng3A
jNrU0O+RVr4IslBXACFPS638WU1n+r6wfN4J/BJvdVugWrIxQ6mSp6ZKdr8dEOMM
6+R8bVHvCsMdaPB8Hfc94NyagrPM5+JItujfIvE+zRzjdB831IYHVoDOx4MsO+tD
8A7856tM4/l7LGVbx4ecmLxYyeQyPtEheLkcsaRLJ7FFbt31tnVSCDFcrpzw8TdX
eRmZTKIFuN1NiaLZ7dev
=MhXg
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20141223' into staging
target-arm queue:
* enable 32-bit EL3 (TrustZone) for vexpress and virt boards
* add fw_cfg device to virt board for UEFI firmware config
* support passing commandline kernel/initrd to firmware
# gpg: Signature made Tue 23 Dec 2014 13:50:33 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20141223: (31 commits)
hw/arm/virt: enable passing of EFI-stubbed kernel to guest UEFI firmware
hw/arm: pass pristine kernel image to guest firmware over fw_cfg
hw/loader: split out load_image_gzipped_buffer()
arm: add fw_cfg to "virt" board
fw_cfg_mem: expose the "data_width" property with fw_cfg_init_mem_wide()
fw_cfg_mem: introduce the "data_width" property
exec: allows 8-byte accesses in subpage_ops
fw_cfg_mem: flip ctl_mem_ops and data_mem_ops to DEVICE_BIG_ENDIAN
fw_cfg_mem: max access size and region size are the same for data register
fw_cfg: move boards to fw_cfg_init_io() / fw_cfg_init_mem()
fw_cfg: hard separation between the MMIO and I/O port mappings
target-arm: add cpu feature EL3 to CPUs with Security Extensions
target-arm: Disable EL3 on unsupported machines
target-arm: Breakout integratorcp and versatilepb cpu init
target-arm: Set CPU has_el3 prop during virt init
target-arm: Enable CPU has_el3 prop during VE init
target-arm: Add arm_boot_info secure_boot control
target-arm: Add ARMCPU secure property
target-arm: Add feature unset function
target-arm: Add virt machine secure property
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
- Conversion to tracepoints (Eric Auger)
- Fix memory listener address space (Frank Blaschka)
- Move to hw/vfio/ and split common vs pci (Eric Auger & Kim Phillips)
- Trivial error_report() fixes (Alex Williamson)
In addition to enabling S390 with the address space fix and updating
to use tracepoints rather than compile time debug, this set of patches
moves hw/misc/vfio.c to hw/vfio/ and paves the way for vfio-platform
support by splitting common functionality from PCI specific code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJUmHzfAAoJECObm247sIsiZwwP/1vaePjmppn2iQkaS/eKssYc
aHNlQ+zteML0/MMGUsp2d76HinZTStGRAm0yHGQ46Z2XQ+4DT9iARzkferhJKfb9
jPblAg/ek08WqPvv3epXU81qj/sp0n9MjCz7PJPzSXpKngOaBS5vZp4HJt37+2Kk
4I3TzKGEaEoAk84Ba8AKp3xG3TcOdnIsg5Ht2cT20QmrGh0R8tXreGavC+ERpJ5/
59yIewpxxVNDYttD4bqRwyVPup1rpw/qK824cYFz3PWeFzix4rYg8aujr5BxqC5S
BL6WxHbNC75e8vNZ/toEZX41Dj3jRtXVP3ARCbU0h/5oboUZ+j94eVmRejeCkIor
G0uJjOT0NTILeq5ZrhGVl7/4reSFyO4EvhF6RDm/913iYJ9xwR1usHyTT3VbUwMh
3xnCHbGskxVrtdOLHd80o6uEycr4goQip8HP6Xg5YLWauoXHi5oAaOSIeyoHR7JH
CjnkdmgpSbqBijL+sgAHoRh4hh7hS1sXR4kqeXEdwqZj8be/5v3gb7R/yLlQZYvs
zAcE16a7CkTvki0f9uKsU2ZGhDE4AQaofB3EnKGSHvmMtGw6PoEDlZFcxtEjbfkl
RUW6FLxXDVp16wTQCckyT9XPAjsqSFXdiqOf25StR9iwiHDB29hK5JNzM9vTUv06
AiNWMlxwEYuHu09FKSYi
=CRNj
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20141222.0' into staging
VFIO updates:
- Conversion to tracepoints (Eric Auger)
- Fix memory listener address space (Frank Blaschka)
- Move to hw/vfio/ and split common vs pci (Eric Auger & Kim Phillips)
- Trivial error_report() fixes (Alex Williamson)
In addition to enabling S390 with the address space fix and updating
to use tracepoints rather than compile time debug, this set of patches
moves hw/misc/vfio.c to hw/vfio/ and paves the way for vfio-platform
support by splitting common functionality from PCI specific code.
# gpg: Signature made Mon 22 Dec 2014 20:19:43 GMT using RSA key ID 3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg: aka "Alex Williamson <alex@shazbot.org>"
# gpg: aka "Alex Williamson <alwillia@redhat.com>"
# gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>"
* remotes/awilliam/tags/vfio-update-20141222.0:
vfio: Cleanup error_report()s
hw/vfio: create common module
hw/vfio/pci: use name field in format strings
hw/vfio/pci: rename group_list into vfio_group_list
hw/vfio/pci: split vfio_get_device
hw/vfio/pci: Introduce VFIORegion
hw/vfio/pci: handle reset at VFIODevice
hw/vfio/pci: add type, name and group fields in VFIODevice
hw/vfio/pci: introduce minimalist VFIODevice with fd
hw/vfio/pci: generalize mask/unmask to any IRQ index
hw/vfio/pci: Rename VFIODevice into VFIOPCIDevice
vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio
vfio: fix adding memory listener to the right address space
vfio: migration to trace points
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The virt board already ensures mutual exclusion between -bios and -pflash
unit#0; we only need to set "bootinfo.firmware_loaded", introduced in the
previous patch, if either of those options was used to load the guest
firmware.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-12-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Introduce the new boolean field "arm_boot_info.firmware_loaded". When this
field is set, it means that the portion of guest DRAM that the VCPU
normally starts to execute, or the pflash chip that the VCPU normally
starts to execute, has been populated by board-specific code with
full-fledged guest firmware code, before the board calls
arm_load_kernel().
Simultaneously, "arm_boot_info.firmware_loaded" guarantees that the board
code has set up the global firmware config instance, for arm_load_kernel()
to find with fw_cfg_find().
Guest kernel (-kernel) and guest firmware (-bios, -pflash) has always been
possible to specify independently on the command line. The following cases
should be considered:
nr -bios -pflash -kernel description
unit#0
-- ------- ------- ------- -------------------------------------------
1 present present absent Board code rejects this case, -bios and
present present present -pflash unit#0 are exclusive. Left intact
by this patch.
2 absent absent present Traditional kernel loading, with qemu's
minimal board firmware. Left intact by this
patch.
3 absent present absent Preexistent case for booting guest firmware
present absent absent loaded with -bios or -pflash. Left intact
by this patch.
4 absent absent absent Preexistent case for not loading any
firmware or kernel up-front. Left intact by
this patch.
5 present absent present New case introduced by this patch: kernel
absent present present image is passed to externally loaded
firmware in unmodified form, using fw_cfg.
An easy way to see that this patch doesn't interfere with existing cases
is to realize that "info->firmware_loaded" is constant zero at this point.
Which makes the "outer" condition unchanged, and the "inner" condition
(with the fw_cfg-related code) dead.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-11-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
In the next patch we'd like to reuse the image decompression facility
without installing the output as a ROM at a specific guest-phys address.
In addition, expose LOAD_IMAGE_MAX_GUNZIP_BYTES, because that's a
straightforward "max_sz" argument for the new load_image_gzipped_buffer().
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-10-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
fw_cfg already supports exposure over MMIO (used in ppc/mac_newworld.c,
ppc/mac_oldworld.c, sparc/sun4m.c); we can easily add it to the "virt"
board.
Because MMIO access is slow on ARM KVM, we enable the guest, with
fw_cfg_init_mem_wide(), to transfer up to 8 bytes with a single access.
This has been measured to speed up transfers up to 7.5-fold, relative to
single byte data access, on both ARM KVM and x86_64 TCG.
The MMIO register block of fw_cfg is advertized in the device tree. As
base address we pick 0x09020000, which conforms to the comment preceding
"a15memmap": it falls in the miscellaneous device I/O range 128MB..256MB,
and it is aligned at 64KB. The DTB properties follow the documentation in
the Linux source file "Documentation/devicetree/bindings/arm/fw-cfg.txt".
fw_cfg automatically exports a number of files to the guest; for example,
"bootorder" (see fw_cfg_machine_reset()).
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-9-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We rebase fw_cfg_init_mem() to the new function for compatibility with
current callers.
The behavior of the (big endian) multi-byte data reads is best shown
with a qtest session. Here, we are reading the first six bytes of
the UUID
$ arm-softmmu/qemu-system-arm -M virt -machine accel=qtest \
-qtest stdio -uuid 4600cb32-38ec-4b2f-8acb-81c6ea54f2d8
>>> writew 0x9020008 0x0200
<<< OK
>>> readl 0x9020000
<<< OK 0x000000004600cb32
Remember this is big endian. On big endian machines, it is stored
directly as 0x46 0x00 0xcb 0x32.
On a little endian machine, we have to first swap it, so that it becomes
0x32cb0046. When written to memory, it becomes 0x46 0x00 0xcb 0x32
again.
Reading byte-by-byte works too, of course:
>>> readb 0x9020000
<<< OK 0x0000000000000038
>>> readb 0x9020000
<<< OK 0x00000000000000ec
Here only a single byte is read at a time, so they are read in order
similar to the 1-byte data port that is already in PPC and SPARC
machines.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-8-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The "data_width" property is capable of changing the maximum valid access
size to the MMIO data register, and resizes the memory region similarly,
at device realization time.
The default value of "data_memwidth" is set so that we don't yet diverge
from "fw_cfg_data_mem_ops".
Most of the fw_cfg_mem users will stick with the default, and for them we
should continue using the statically allocated "fw_cfg_data_mem_ops". This
is beneficial for debugging because gdb can resolve pointers referencing
static objects to the names of those objects.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-7-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The standalone selector port (fw_cfg_ctl_mem_ops) is only used by big
endian guests to date (*), hence this change doesn't regress them. Paolo
and Alex have suggested / requested an explicit DEVICE_BIG_ENDIAN setting
here, for clarity.
(*) git grep -l fw_cfg_init_mem
hw/nvram/fw_cfg.c
hw/ppc/mac_newworld.c
hw/ppc/mac_oldworld.c
hw/sparc/sun4m.c
include/hw/nvram/fw_cfg.h
The standalone data port (fw_cfg_data_mem_ops) has max_access_size 1 (for
now), hence changing its endianness doesn't change behavior for existing
guest code.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-5-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Make it clear that the maximum access size to the MMIO data register
determines the full size of the memory region.
Currently the max access size is 1.
This patch doesn't change behavior.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-4-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This allows us to drop the fw_cfg_init() shim and to enforce the possible
mappings at compile time.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We are going to introduce a wide data register for fw_cfg, but only for
the MMIO mapped device. The wide data register will also require the
tightening of endiannesses.
However we don't want to touch the I/O port mapped fw_cfg device at all.
Currently QEMU provides a single fw_cfg device type that can handle both
I/O port and MMIO mapping. This flexibility is not actually exploited by
any board in the tree, but it renders restricting the above changes to
MMIO very hard.
Therefore, let's derive two classes from TYPE_FW_CFG: TYPE_FW_CFG_IO and
TYPE_FW_CFG_MEM.
TYPE_FW_CFG_IO incorporates the base I/O port and the related combined
MemoryRegion. (NB: all boards in the tree that use the I/O port mapped
flavor opt for the combined mapping; that is, when the data port overlays
the high address byte of the selector port. Therefore we can drop the
capability to map those I/O ports separately.)
TYPE_FW_CFG_MEM incorporates the base addresses for the MMIO selector and
data registers, and their respective MemoryRegions.
The "realize" and "props" class members are specific to each new derived
class, and become unused for the base class. The base class retains the
"reset" member and the "vmsd" member, because the reset functionality and
the set of migrated data are not specific to the mapping.
The new functions fw_cfg_init_io() and fw_cfg_init_mem() expose the
possible mappings in separation. For now fw_cfg_init() is retained as a
compatibility shim that enforces the above assumptions.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Disables the CPU ARM_FEATURE_EL3 featuere on machine models that can be
configured to use Cortex-A9, Cortex-A15, and ARM1176 but don't officially
support EL3. This preserves backwards compatibility.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-15-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit changes the integratorcp and versatilepb CPU initialization from
using the generic ARM cpu_arm_init function to doing it inline. This is
necessary in order to allow CPU configuration changes to occur between CPU
instance initialization and realization. Specifically, this change is in
preparation for disabling CPU EL3 support.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-14-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Adds setting of the CPU has_el3 property based on the virt machine
secure state property during initialization. This enables/disables EL3
state during start-up. Changes include adding an additional secure state
boolean during virt CPU initialization. Also disables the ARM secure boot
by default.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418684992-8996-13-git-send-email-greg.bellows@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Adds setting of the CPU has_el3 property based on the vexpress machine
secure state property during initialization. This enables/disables EL3
state during start-up. Changes include adding an additional secure state
boolean during vexpress CPU initialization. Also enables the ARM secure boot
by default.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418684992-8996-12-git-send-email-greg.bellows@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Adds the secure_boot boolean field to the arm_boot_info descriptor. This
fields is used to indicate whether Linux should boot into secure or non-secure
state if the ARM EL3 feature is enabled. The default is to leave the CPU in an
unaltered reset state. On EL3 enabled systems, the reset state is secure and
can be overridden by setting the added field to false.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-11-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add "secure" virt machine specific property to allow override of the
default secure state configuration. By default, when using the QEMU
-kernel command line argument, virt machines boot into NS/SVC. When using
the QEMU -bios command line argument, virt machines boot into S/SVC.
The secure state can be changed from the default specifying the secure
state as a machine property. For example, the below command line would disable
security extensions on a -kernel Linux boot:
aarch64-softmmu/qemu-system-aarch64
-machine type=virt,secure=off
-kernel ...
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-8-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Switch virt qemu machine support to use the newer object type, class, and
instance model. Added virt TypeInfo with static registration along with virt
specific class and machine structs. Also added virt class initialization
method.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-7-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Change the Vexpress daughterboard initialization method to take a vexpress
machine state pointer instead of the daughterboard struct pointer. The machine
state now contains the daughterboard pointer.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-6-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add "secure" Vexpress machine specific property to allow override of the
default secure state configuration. By default, when using the QEMU
-kernel command line argument, Vexpress machines boot into NS/SVC. When using
the QEMU -bios command line argument, Vexpress machines boot into S/SVC.
The secure state can be changed from the default specifying the secure
state as a machine property. For example, the below command line would disable
security extensions on a -kernel Linux boot:
aarch64-softmmu/qemu-system-aarch64
-machine type=vexpress-a15,secure=off
-kernel ...
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-5-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Switched the Vexpress machine initialization to use the common function with
the machine pointer to board info.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-4-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add Vexpress machine objects for the the Cortex A9 & A15 variants. The older
style QEMUMachine types were replaced with dedicated TypeInfo objects. The new
objects include dedicated class init functions that currently ustilze dedicated
machine init methods. The previous qemu_register_machine calls were replaced
with the newer type_register_status calls.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-3-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Adds base Vexpress class and machine objects and infrastructure. This is in
preparation for switching to the full QEMU object model. The base vexpress
infrastructure is intended to handle common vexpress details.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-2-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
QEMU has support for options per machine, keeping
a global list of options is no longer necessary.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418217570-15517-2-git-send-email-marcel.a@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
With the conversion to tracepoints, a couple previous DPRINTKs are
now quite a bit more visible and are really just informational.
Remove these and add a bit more description to another.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
A new common module is created. It implements all functions
that have no device specificity (PCI, Platform).
This patch only consists in move (no functional changes)
Signed-off-by: Kim Phillips <kim.phillips@linaro.org>
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
vfio_get_device now takes a VFIODevice as argument. The function is split
into 2 parts: vfio_get_device which is generic and vfio_populate_device
which is bus specific.
3 new fields are introduced in VFIODevice to store dev_info.
vfio_put_base_device is created.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This structure is going to be shared by VFIOPCIDevice and
VFIOPlatformDevice. VFIOBAR includes it.
vfio_eoi becomes an ops of VFIODevice specialized by parent device.
This makes possible to transform vfio_bar_write/read into generic
vfio_region_write/read that will be used by VFIOPlatformDevice too.
vfio_mmap_bar becomes vfio_map_region
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Since we can potentially have both PCI and platform devices in
the same VFIO group, this latter now owns a list of VFIODevices.
A unified reset handler, vfio_reset_handler, is registered, looping
through this VFIODevice list. 2 specialized operations are introduced
(vfio_compute_needs_reset and vfio_hot_reset_multi): they allow to
implement type specific behavior. also reset_works and needs_reset
VFIOPCIDevice fields are moved into VFIODevice.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Add 3 new fields in the VFIODevice struct. Type is set to
VFIO_DEVICE_TYPE_PCI. The type enum value will later be used
to discriminate between VFIO PCI and platform devices. The name is
set to domain🚌slot:function. Currently used to test whether
the device already is attached to the group. Later on, the name
will be used to simplify all traces. The group is simply moved
from VFIOPCIDevice to VFIODevice.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
[Fix g_strdup_printf() usage]
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
It will be useful for checking when we change traditional
boot order dynamically and propagate error message
to the monitor.
For x86 architecture, we pass &local_err to set_boot_dev()
when vm startup in pc_coms_init().
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Version: GnuPG v1
iQEcBAABAgAGBQJUlCWaAAoJEJykq7OBq3PImO0IAMngtyIaBYOeb4qQU1X5+C2f
8HTp3usHj8qdl3W2iak0jo88cUiX2HTdliHnnGbmShKNyjrAOJuk/4OdGKc5W0UC
lBabUsyJeOh0RWG9i33/6jru061RbRewJcohXikFeRLP6h5ed5GZtK7OjtcMYcDB
j+VyfCPgf1l8upDmJrBAJdduRYjWgvl1jh0Y780rURE0YGHTiYzzki/wcvgBOm5K
n5UVkp9qOpQVLd6TdyS3YpJrAPnpkxfQtfqrZ2AIxZX0OL+PPzDX6amTp83cN8zf
2FB4dLy3c/l/Hf7vEoMQlU+XP9B0I87MmzGLFYcMAu79a2EOGyXPtpa+bKlCknw=
=qMs3
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
# gpg: Signature made Fri 19 Dec 2014 13:18:18 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/net-pull-request:
e1000: defer packets until BM enabled
net: Use g_new() & friends where that makes obvious sense
net: Fuse g_malloc(); memset() into g_new0()
net: don't use set/get_pointer() in set/get_netdev()
tap: fix vcpu long time io blocking on tap
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Introduce a new base VFIODevice strcut that will be used by both PCI
and Platform VFIO device. Move VFIOPCIDevice fd field there. Obviously
other fields from VFIOPCIDevice will be moved there but this patch
file is introduced to ease the review.
Also vfio_mask_single_irqindex, vfio_unmask_single_irqindex,
vfio_disable_irqindex now take a VFIODevice handle as argument.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
To prepare for platform device introduction, rename vfio_mask_intx
and vfio_unmask_intx into vfio_mask_single_irqindex and respectively
unmask_single_irqindex. Also use a nex index parameter.
With that name and prototype the function will be usable for other
indexes than VFIO_PCI_INTX_IRQ_INDEX.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This prepares for the introduction of VFIOPlatformDevice
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This is done in preparation for the addition of VFIO platform
device support.
Signed-off-by: Kim Phillips <kim.phillips@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Depending on the device, container->space->as contains the valid AddressSpace.
Using address_space_memory breaks devices sitting behind an iommu (and using
a separate address space).
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This patch removes all DPRINTF and replace them by trace points.
A few DPRINTF used in error cases were transformed into error_report.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Some guests seem to set BM for e1000 after
enabling RX.
If packets arrive in the window, device is wedged.
Probably works by luck on real hardware, work around
this by making can_receive depend on BM.
Tested-by: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Commit 1ceef9f273 (net: multiqueue
support) tries to use set_pointer() and get_pointer() to set and get
NICPeers which is not a pointer defined in DEFINE_PROP_NETDEV. This
trick works but result a unclean and fragile implementation (e.g
print_netdev and parse_netdev).
This patch solves this issue by not using set/get_pinter() and set and
get netdev directly in set_netdev() and get_netdev(). After this the
parse_netdev() and print_netdev() were no longer used and dropped from
the source.
[Renamed 'err' label to 'out' as suggested by Markus Armbruster.
--Stefan]
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
set secondary-vga category.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJUkEU5AAoJEEy22O7T6HE4zzYQAMcwGnfwzLzWRXtSqPAkwJpP
2SWLZfrSJE2x4Jh19sVX1T8vQa2bPm5Rye2C3/LpqsK5lcBozXkzXBxr9b7Ps/lc
1E4SJxekNmKpqSN6xwboXwrXo1du0ekOyOLDlMOTAIcUmUPTTn4qLhlCEdMaXwyB
IAU9+3ZkjciPZ4bZLC9nz3kyZrRAXOkQ7XE3QcXIEAIxC6xVtkEu6ktEBiAEE09o
+NLIgyZ0dwZeRQCueIhrvpaDfQXAFfR8HbvNNE3QQGZm+4424snt4JNFSOwuQ3Ny
0cVQ02VaAmrUGO3l7GukKZwkXV9JCZBQL0cLUG74bOxQCnt/QAI+MyjZbtjF0FAR
YzTgE05yIFRa6KNRujjrfBheq9xfz6BBQQaZPECy6XNd//NDGbm/nqk2JXGHxiYr
Z2oSsxhXLVgV2Wznl95OasxrPzgTfSTMSYHsGAZEPCpJhfHIWqGTZnqpVcpyvsU7
yHJtbzbv3n7EpD13LHPXkXBtH/ls23I+OQOfQWOLNDQ3OUOGxCMjuxIQbkNwnjVc
RTI/qOKHuGvAIzZgZHNsBS6+5VMu20nhcbo6xT8OxFhEPb+hNfJEgOXppcU2baYA
mpYvibnADjiWrR+/8Pf6Zn4PMRe6lV3wWRbBwzyK0DpnTFdQ2d/vqHaCz1f9YHME
PsekZP7WAQxSg/pK9d9a
=/o3d
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20141216-1' into staging
cirrus hwcursor fixes.
set secondary-vga category.
# gpg: Signature made Tue 16 Dec 2014 14:44:09 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-vga-20141216-1:
vga: set catagory bit for secondary vga device
move hw cursor pos from cirrus to vga
cirrus: Force use of shadow pixmap when HW cursor is enabled
vga: Add mechanism to force the use of a shadow surface
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The HW cursor cannot be painted on a shared surface. This fixes HW
cursor display in Windows NT 4.0 and Windows 98.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This prevents surface sharing which will be necessary to
fix cirrus HW cursor support.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Now that cursor updates are out of the way qxl needs the refresh timer
only when when running in vga mode, for dirty bitmap checking. In
native qxl mode the guest will notify us, so we don't need to poll and
can use the idle interval (one refresh wakeup every few seconds).
Cc: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Calling directly doesn't work due to the qxl-render code running in
spice server thread context. Meanwhile bottom half scheduling is
thread-safe though, so we can use that to kick a cursor update in
main i/o thread context.
Cc: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
- valgrind/KVM support
- small i386 patches
- PCI SD host controller support
- malloc/free cleanups from Markus (x86/scsi)
- IvyBridge model
- XSAVES support for KVM
- initial patches from record/replay
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJUjw28AAoJEL/70l94x66D9kcH/RBoc4mNjrSt+MLy9Y+Fu1bu
HNhfd1n/yA0MKSHtSYwJPgkiuoxG3jHt0N69gbpZE0kdBcK+PPZZZUpTFIAU6vD/
D0O7l+2viOcl2z7SPuHIp9/O0CChsAYZkH+Zn2XbeStbe4d4f6bFzdy4vblMsirQ
BfMn/Y2Dw1uLknvrO3/QKgGhbK5Nxo/Te7lavRP+w7FgOhAdAUHOhBPfGrPWtG+0
0hVWmxoQyJtk+Ltt2oF4zUkql7czDsgyXkaO82l3TkecCvtqolCuby4lQIFJnq7E
vw0XUDwC/l/MWnXFq/rG97yopfIxkSAthT/xP/+TTJKM/oJEWDTh6I8ghQTdG90=
=ncys
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
- Migration and linuxboot fixes for 2.2 regressions
- valgrind/KVM support
- small i386 patches
- PCI SD host controller support
- malloc/free cleanups from Markus (x86/scsi)
- IvyBridge model
- XSAVES support for KVM
- initial patches from record/replay
# gpg: Signature made Mon 15 Dec 2014 16:35:08 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream: (47 commits)
sdhci: Support SDHCI devices on PCI
sdhci: Define SDHCI PCI ids
sdhci: Add "sysbus" to sdhci QOM types and methods
sdhci: Remove class "virtual" methods
sdhci: Set a default frequency clock
serial: only resample THR interrupt on rising edge of IER.THRI
serial: update LSR on enabling/disabling FIFOs
serial: clean up THRE/TEMT handling
serial: reset thri_pending on IER writes with THRI=0
linuxboot: fix loading old kernels
kvm/apic: fix 2.2->2.1 migration
target-i386: add Ivy Bridge CPU model
target-i386: add f16c and rdrand to Haswell and Broadwell
target-i386: add VME to all CPUs
pc: add 2.3 machine types
i386: do not cross the pages boundaries in replay mode
cpus: make icount warp behave well with respect to stop/cont
timer: introduce new QEMU_CLOCK_VIRTUAL_RT clock
cpu-exec: invalidate nocache translation if they are interrupted
icount: introduce cpu_get_icount_raw
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Support for PCI devices following the "SD Host Controller Simplified
Specification Version 2.00" spec.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Update the sdhci sysbus QOM types and methods so that sysbus is in
their name. This is in preparation for adding PCI versions of these
types and methods.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The SDHCIClass defines a series of class "methods". However, no code
in the QEMU tree overrides these methods or even uses them outside of
sdhci.c.
Remove the virtual methods and replace them with direct calls to the
underlying functions. This simplifies the process of extending the
sdhci code to support PCI devices (which have a different parent
class).
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The Linux SDHCI PCI driver will only register the device if there is a
clock frequency set. So, set a default frequency of 52Mhz.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
There is disagreement on whether LSR.THRE should be resampled when
IER.THRI goes from 1 to 1. Bochs only does it if IER.THRI goes from 0
to 1; PCE does it even if IER.THRI is unchanged. But the Windows driver
seems to always go from 1 to 0 and back to 1, so do things in agreement
with Bochs, because the handling of thr_ipending was reported in 2010
(https://lists.gnu.org/archive/html/qemu-devel/2010-03/msg01914.html)
as breaking DR-DOS Plus.
Reported-by: Roy Tam <roytam@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When the transmit FIFO is emptied or enabled, the transmitter
hold register is empty. When it is disabled, it is also emptied and
in addition the previous contents of the transmitter hold register
are discarded. In either case, the THRE bit in LSR must be set and
THRI raised.
When the receive FIFO is emptied or enabled, the data ready and break
bits must be cleared in LSR. Likewise when the receive FIFO is disabled.
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
- assert TEMT is cleared before sending a character; we'll get one from
TSR if tsr_retry > 0, from the FIFO or THR otherwise
- assert THRE cleared and FIFO not empty (if enabled) before fetching a
character to send. This effectively reverts dffacd46, but the check
makes no sense and commit f702e62 (serial: change retry logic to avoid
concurrency, 2014-07-11) must have made it unnecessary. The commit
message for f702e62 talks about multiple calls to qemu_chr_fe_add_watch
triggering s->tsr_retry >= MAX_XMIT_RETRY, but other failures were
possible. For example, if you have multiple calls, the subsequent ones
will see s->tsr_retry == 0 and will find THRE and/or TEMT on entry.
- for clarity, raise THRI immediately after the code sets THRE
- check THRE to see if another character has to be sent. This makes
the assertions more obvious and also means TEMT has to be set as soon as
the loop ends. It makes the loop send both TSR and THR if flow-control
happens in non-FIFO mode. Previously, THR would be lost.
- clear TEMT together with THRE even in the non-FIFO case
The last two items are bugfixes, but they were just found by inspection
and do not squash known bugs.
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This is responsible for failure of migration from 2.2 to 2.1, because
thr_ipending is always one in practice.
serial.c is setting thr_ipending unconditionally. However, thr_ipending
is not used at all if THRI=0, and it will be overwritten again the next
time THRE or THRI changes. For that reason, we can set thr_ipending to
zero every time THRI is reset.
There is disagreement on whether LSR.THRE should be resampled when IER.THRI
goes from 1 to 1. This patch does not touch the code, leaving that for
QEMU 2.3+.
This has no semantic change and is enough to fix migration in the common
case where the interrupt is not pending or is reported in IIR. It does not
change the migration format, so 2.2.0 -> 2.1 will remain broken but we
can fix 2.2.1 -> 2.1 without breaking 2.2.1 <-> 2.2.0.
The case that remains broken (the one in which the subsection is strictly
necessary) is when THRE=1, the THRI interrupt has *not* been acknowledged
yet, and a higher-priority interrupt comes. In this case, you need the
subsection to tell the source that the lower-priority THRI interrupt is
pending. The subsection's breakage of migration, in this case, prevents
continuing the VM on the destination with an invalid state.
Cc: qemu-stable@nongnu.org
Reported-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The wait_for_sipi field is set back to 1 after an INIT, so it was not
effective to reset it in kvm_apic_realize. Introduce a reset callback
and reset wait_for_sipi there.
Reported-by: Igor Mammedov <imammedo@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Both were added in Ivy Bridge (for which we do not have a CPU model
yet!).
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
vm86 mode extensions date back to the 486. All models should have
them.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The QEMU block layer has a limit of INT_MAX bytes per transfer.
Expose it in the block limits VPD page for both regular transfers
and WRITE SAME.
Reported-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.
This commit only touches allocations with size arguments of the form
sizeof(T).
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.
This commit only touches allocations with size arguments of the form
sizeof(T).
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
struct kvm_pit_state2 contains pad fields. Let's use a designated
initializer to avoid false positives from valgrind/memcheck.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
kvm_clock_data contains pad fields. Let's use a designated
initializer to avoid false positives from valgrind/memcheck.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Use the kvm_resamplefds_enabled function
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Compute kvm_irqfds_allowed by checking the KVM_CAP_IRQFD extension.
Remove direct settings in architecture specific files.
Add a new kvm_resamplefds_allowed variable, initialized by
checking the KVM_CAP_IRQFD_RESAMPLE extension. Add a corresponding
kvm_resamplefds_enabled() function.
A special notice for s390 where KVM_CAP_IRQFD was not immediatly
advirtised when irqfd capability was introduced in the kernel.
KVM_CAP_IRQ_ROUTING was advertised instead.
This was fixed in "KVM: s390: announce irqfd capability",
ebc3226202d5956a5963185222982d435378b899 whereas irqfd support
was brought in 84223598778ba08041f4297fda485df83414d57e,
"KVM: s390: irq routing for adapter interrupts". Both commits
first appear in 3.15 so there should not be any kernel
version impacted by this QEMU modification.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The name is set to "qemu".
Signed-off-by: Drew DeVault <sir@cmpwn.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Drew DeVault <sircmpwn@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJUid7mAAoJEL7lnXSkw9fbX0YH/RXeoX7IN1QVEP8Z2dLq4nzt
igHm4Gd4ENX6pdluHmXAxzKoHR78yNGFegzuv0IJBfav8kGCQWW6zAf4TUk/udtn
AKPk1yauVKNzCvmYldrfbuu4HedZqkftE0tyDZuAK50pZH1hzX7qiAT1C0OlarLQ
Tqy4+ouYiRja2hLq4YJCM9mmYt0sbMDShIcHBYRTdD0cxoPZ+JZEeAQYg+FYNdIo
jioVg8NgmFZW37UWeBTCKG+DcX9NwXwyo/ASdIozM+aQcTBx/nXn7/NOAxXlxUX8
M9AS9iz+LWBfwof3HLbzLLTvTmE66Z78/TluFMmEbpK4ts0ZXRJKDHE/pfynRD0=
=PXlQ
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2014-12-11' into staging
trivial patches for 2014-12-11
# gpg: Signature made Thu 11 Dec 2014 18:13:58 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
* remotes/mjt/tags/pull-trivial-patches-2014-12-11:
Sort include/qemu/typedefs.h
hpet: increase spelling precision
pflash_cfi02.c: associate "cfi.pflash02" to "Storage devices" category
vt82c686: fix coverity warning about out-of-bounds write
virtio: remove useless declaration of virtio_net_init()
qapi-schema: fix typo about change-vnc-password
fw_cfg: remove superfluous blank line
get_maintainer.pl: Remove the --git-chief-penguins option
configure: Replace which(1) with "has"
util: Use g_new() & friends where that makes obvious sense
util: Fuse g_malloc(); memset() into g_new0()
util: Drop superfluous conditionals around g_free()
Drop superfluous conditionals around g_strdup()
Drop superfluous conditionals around qemu_opts_del()
usb: delete redundant brackets in usb_host_handle_control()
virtio-bus: avoid breaking build when open DEBUG switch
acpi-build: Make DPRINTF working for acpi-build
acpi-build: adjust indention 8 -> 4 spaces
target-s390x: fix possible out of bounds read
qmp: fix typo in input-send-event examples
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* pass semihosting exit code out to system
* more TrustZone support code (still not enabled yet)
* allow user to direct semihosting to gdb or native explicitly
rather than always auto-guessing the destination
* fix memory leak in realview_init
* fix coverity warning in hw/arm/boot
* get state migration working for AArch64 CPUs
* check errors in kvm_arm_reset_vcpu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJUiYsTAAoJEDwlJe0UNgzeIkQQAKVGNYVReFXkTv7nsd9oC/Ub
geDklMVLvS/Pi9PXSudDl3IyWhTSQCg5P0lC2+2G699XCpzyKBfp+prFQ9zofrjY
j0wDgphiDJefvjaphv3wScxOXmXTNl5ztGp6nzHPvi1SnEUrCZf1vKThwYnB3vv5
s6/R5i/HP8ipzO5B55kj5xvncmM2nhEhCo+qvLsy7QyNbhsRPguBSArsCfoJTB9+
/T8pyARGUEHI3yYrc3jWhX88N4fcJChuIICkmpqutVpaUoQCwQ8qV6arGc7vuUVv
spHyvjFFxLEgm8gJEKsSU11bq2PQu0vxa7NP4tAxgPFVKCnIKHGfCYRqbiYfmZsy
uwN3C9RGsbicwvXUKwx2+8DIZhePMahomKmLt3N6Reua5RNtslCXuh/gjVKeVYK0
VoiEBN9kTmYLM28yz9Dj3gh0KCk36lELi7jLx1J4vVD00QeE1fE46miXBWxikNNg
ZAxfBErQItf5pHQOaXQOM0pZHKnQCFqd1kK7urz9GwakU2QG1d8ibBqgBH4FSs77
ycDJeFoxunoYtmDcereBUMOvtP5YWBFaogGsaY/s3jaT6bZeeQeG1PvKsFdNHCQB
WJ1TSUSaqXx1cdDyooYNNNBBkrzSi3TP+fvY9Q1yPt5ZHr2q/WHD9teRh/LVFkBI
K15w1QzX8fpHHRzsOxbk
=pMcy
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20141211' into staging
target-arm queue:
* pass semihosting exit code out to system
* more TrustZone support code (still not enabled yet)
* allow user to direct semihosting to gdb or native explicitly
rather than always auto-guessing the destination
* fix memory leak in realview_init
* fix coverity warning in hw/arm/boot
* get state migration working for AArch64 CPUs
* check errors in kvm_arm_reset_vcpu
# gpg: Signature made Thu 11 Dec 2014 12:16:19 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20141211: (33 commits)
target-arm: Check error conditions on kvm_arm_reset_vcpu
target-arm: Support save/load for 64 bit CPUs
target-arm/kvm: make reg sync code common between kvm32/64
arm_gic_kvm: Tell kernel about number of IRQs
hw/arm/boot: fix uninitialized scalar variable warning reported by coverity
hw/arm/realview.c: Fix memory leak in realview_init()
target-arm: make MAIR0/1 banked
target-arm: make c13 cp regs banked (FCSEIDR, ...)
target-arm: make VBAR banked
target-arm: make PAR banked
target-arm: make IFAR/DFAR banked
target-arm: make DFSR banked
target-arm: make IFSR banked
target-arm: make DACR banked
target-arm: make TTBCR banked
target-arm: make TTBR0/1 banked
target-arm: make CSSELR banked
target-arm: respect SCR.FW, SCR.AW and SCTLR.NMFI
target-arm: add SCTLR_EL3 and make SCTLR banked
target-arm: add MVBAR support
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Newer kernels support a device attribute on the GIC which allows us to
tell it how many IRQs this GIC instance is configured with; use it, if
it exists.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1417718679-1071-1-git-send-email-peter.maydell@linaro.org
Coverity reports the 'size' may be used uninitialized, but that can't happen,
because the caller has checked "if (binfo->dtb_filename || binfo->get_dtb)"
before call 'load_dtb'.
Here we simply remove the 'if (binfo->get_dtb)' to satisfy coverity.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Message-id: 1416826240-12368-1-git-send-email-zhang.zhanghailiang@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Variable 'ram_lo' is allocated unconditionally, but used only in some cases.
When it is unused pointer will be lost at function exit, resulting in a
memory leak. Allocate memory for 'ram_lo' only if it is needed.
Valgrind output:
==16879== 240 bytes in 1 blocks are definitely lost in loss record 6,033 of 7,018
==16879== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16879== by 0x33D2CE: malloc_and_trace (vl.c:2804)
==16879== by 0x509E610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==16879== by 0x288836: realview_init (realview.c:55)
==16879== by 0x28988C: realview_pb_a8_init (realview.c:375)
==16879== by 0x341426: main (vl.c:4413)
Signed-off-by: Nikita Belov <zodiac@ispras.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
DACR has a secure and a non-secure instance. Adds definition for DACR32_EL2.
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-19-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Adds secure and non-secure bank register suport for TTBR0 and TTBR1.
Changes include adding secure and non-secure instances of ttbr0 and ttbr1 as
well as a CP register definition for TTBR0_EL3. Added a union containing
both EL based array fields and secure and non-secure fields mapped to them.
Updated accesses to use A32_BANKED_CURRENT_REG_GET macro.
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-17-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Our IDE emulation can't handle logical block sizes other than 512. Check
for it.
The original assumption was that other values would silently be ignored
(which is bad enough), but it's not quite true: The physical block size
is exposed in IDENTIFY DEVICE as a multiple of the logical block size.
Setting a logical block size therefore also corrupts the physical block
size (4096/4096 doesn't silently downgrade to 4096/512, but 512/512).
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Initialise our maximum page size capability to 64kB and increase
the page_size variable from 16 to 32 bits.
Signed-off-by: Anton Blanchard <anton@samba.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The transaction QMP command performs operations atomically on a group of
drives. This command needs to acquire AioContext in order to work
safely when virtio-blk dataplane IOThreads are accessing drives.
The transactional nature of the command means that actions are split
into prepare, commit, abort, and clean functions. Acquire the
AioContext in prepare and don't release it until one of the other
functions is called. This prevents the IOThread from running the
AioContext before the transaction has completed.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1416566940-4430-4-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
SATA 3.0 "10.3.1 FIS Type values" defines the constants used to
differentiate between FIS types.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1415874281-7371-3-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Debug code using #ifdef is susceptible to bitrot because the compiler
never checks the debug code.
This is easy to avoid, change the DPRINTF() macro to use if (DEBUG_AHCI)
and always give it a 0 or 1 value.
This also allows us to drop an #ifdef DEBUG_AHCI in ahci_start_dma()
since the compiler can now see the local variable is used.
The motivation for this change is a recent DEBUG_AHCI build failure due
to an outdated DPRINTF() format string. From now on the compiler will
catch these errors.
Cc: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1415874281-7371-2-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Add dataplane support to the change-backing-file QMP commands. By
acquiring the AioContext we avoid race conditions with the dataplane
thread which may also be accessing the BlockDriverState.
Note that this command operates on both bs and a node in its chain
(image_bs). The bdrv_chain_contains(bs, image_bs) check guarantees that
bs and image_bs are in the same AioContext.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
By acquiring the AioContext we avoid race conditions with the dataplane
thread which may also be accessing the BlockDriverState.
Fix up eject, change, and block_passwd in a single patch because
qmp_eject() and qmp_change_blockdev() both call eject_device(). Also
fix block_passwd while we're tackling a command that takes a block
encryption password.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Add dataplane support to the blockdev-snapshot-delete-internal-sync QMP
command. By acquiring the AioContext we avoid race conditions with the
dataplane thread which may also be accessing the BlockDriverState.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Refactor superio_ioport_writeb to fix the out of bounds write warning.
In addition, fix two typos: s/chage/change/
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
When see usb codes, find there are redundant brackets !((udev->port->speedmask
& USB_SPEED_MASK_SUPER)) here. So delete it.
Signed-off-by: Jun Li <junmuzi@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1417166789-1960-1-git-send-email-arei.gonglei@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Issues:
* Doesn't check pitches correctly in case it is negative.
* Doesn't check width at all.
Turn macro into functions while being at it, also factor out the check
for one region which we then can simply call twice for src + dst.
This is CVE-2014-8106.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
VirtIO devices now remember which endianness they're operating in in order
to support targets which may have guests of either endianness, such as
powerpc. This endianness state is transferred in a subsection of the
virtio device's information.
With virtio-rng this can lead to an abort after a loadvm hitting the
assert() in virtio_is_big_endian(). This can be reproduced by doing a
migrate and load from file on a bi-endian target with a virtio-rng device.
The actual guest state isn't particularly important to triggering this.
The cause is that virtio_rng_load_device() calls virtio_rng_process() which
accesses the ring and thus needs the endianness. However,
virtio_rng_process() is called via virtio_load() before it loads the
subsections. Essentially the ->load callback in VirtioDeviceClass should
only be used for actually reading the device state from the stream, not for
post-load re-initialization.
This patch fixes the bug by moving the virtio_rng_process() after the call
to virtio_load(). Better yet would be to convert virtio to use vmsd and
have the virtio_rng_process() as a post_load callback, but that's a bigger
project for another day.
This is bugfix, and should be considered for the 2.2 branch.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Message-id: 1417067290-20715-1-git-send-email-david@gibson.dropbear.id.au
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
virtio_net_handle_ctrl() and other functions that process control vq
request call iov_discard_front() which will shorten the iov. This will
lead unmapping in virtqueue_push() leaks mapping.
Fixes this by keeping the original iov untouched and using a temp variable
in those functions.
Cc: Wen Congyang <wency@cn.fujitsu.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1417082643-23907-1-git-send-email-jasowang@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The commits:
- 6a1fa9f5 (monitor: add del completion for peripheral device)
- 66e56b13 (qdev: add qdev_build_hotpluggable_device_list helper)
cause a QEMU crash when trying to use HMP device_del auto-completion.
It can be easily reproduced by:
<qemu-bin> -enable-kvm ~/images/fedora.qcow2 -monitor stdio -device virtio-net-pci,id=vnet
(qemu) device_del
/home/mapfelba/git/upstream/qemu/hw/core/qdev.c:941:qdev_build_hotpluggable_device_list: Object 0x7f6ce04e4fe0 is not an instance of type device
Aborted (core dumped)
The root cause is qdev_build_hotpluggable_device_list going recursively over
all peripherals and their children assuming all are devices. It doesn't work
since PCI devices have at least on child which is a memory region (bus master).
Solved by observing that all devices appear as direct children of
/machine/peripheral container. No need of going recursively
over all the children.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reported-by: Gal Hammer <ghammer@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 1417002601-20799-1-git-send-email-marcel.a@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When we dynamically modify boot order, the length of
boot order will be changed, but we don't update
s->files->f[i].size with new length. This casuse
seabios read a wrong vale of qemu cfg file about
bootorder.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
c/s 9b23cfb76b
or
c/s b154537ad0
moved the testing of xen_enabled() from pc_init1() to
pc_machine_initfn().
xen_enabled() does not return the correct value in
pc_machine_initfn().
Changed vmport from a bool to an enum. Added the value "auto" to do
the old way. Move check of xen_enabled() back to pc_init1().
Acked-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Don Slutz <dslutz@verizon.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
A bunch of bugfixes for 2.2.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJUc4AjAAoJECgfDbjSjVRp084IAIYh48pK0MrCTSrDh2/3UCkN
Z+htfYS9uEpJHbIeJrn4u1e2Z90bgcovq8Cg36pUeGZtI5CVZYv/lmPjcOwJEruX
RIveOes87S58rp39mM2/24k1lp2u6VyS+QlrQlmO/ukKEz4ABhy0yF70yTuldX3b
RQ6d1aa/MaEsEx/iTWcQo6cDIdeWUYg8Mt34fSLfcphbHcSC02t8VCOX9cOR4jR9
80Lf78LGEdTCMexrcxs392o7npZGJLzCTWXLRtf6Q4/uPBM8Cmq60yt8JI0WCqbT
ram3XLv9u7GwPgeAp5HPKVV/LxRsDf5HjET3fW8QwbrUP2BvQ5PCgzKCUY6sT20=
=akFH
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc, pci, misc bugfixes
A bunch of bugfixes for 2.2.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 24 Nov 2014 18:59:47 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
pc: acpi: mark all possible CPUs as enabled in SRAT
pcie: fix improper use of negative value
pcie: fix typo in pcie_cap_deverr_init()
target-i386: move generic memory hotplug methods to DSDTs
acpi-build: mark RAM dirty on table update
hw/pci: fix crash on shpc error flow
pc: count in 1Gb hugepage alignment when sizing hotplug-memory container
pc: explicitly check maxmem limit when adding DIMM
pc: pc-dimm: use backend alignment during address auto allocation
pc: align DIMM's address/size by backend's alignment value
memory: expose alignment used for allocating RAM as MemoryRegion API
pc: limit DIMM address and size to page aligned values
pc: make pc_dimm_plug() more readble
pc: kvm: check if KVM has free memory slots to avoid abort()
qemu-char: fix tcp_get_fds
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
If QEMU is started with -numa ... Windows only notices that
CPU has been hot-added but it will not online such CPUs.
It's caused by the fact that possible CPUs are flagged as
not enabled in SRAT and Windows honoring that information
doesn't use corresponding CPU.
ACPI 5.0 Spec regarding to flag says:
"
Table 5-47 Local APIC Flags
...
Enabled: if zero, this processor is unusable, and the operating system
support will not attempt to use it.
"
Fix QEMU to adhere to spec and mark possible CPUs as enabled
in SRAT.
With that Windows onlines hot-added CPUs as expected.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by:
https://bugs.launchpad.net/qemu/+bug/1393440
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This makes it simpler to keep the SSDT byte-for-byte identical for a
given machine type, which is a goal we want to have for 2.2 and newer
types.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
acpi build modifies internal FW CFG RAM on first access
but we forgot to mark it dirty.
If this RAM has been migrated already, it won't be
migrated again, returning corrupted tables to guest.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
If the pci bridge enters in error flow as part
of init process it will only delete the shpc mmio
subregion but not remove it from the properties list,
resulting in segmentation fault when the bridge runs
the exit function.
Example: add a pci bridge without specifing the chassis number:
<qemu-bin> ... -device pci-bridge,id=p1
Result:
(qemu) qemu-system-x86_64: -device pci-bridge,id=p1: Bridge chassis not specified. Each bridge is required to be assigned a unique chassis id > 0.
qemu-system-x86_64: -device pci-bridge,id=p1: Device
initialization failed.
Segmentation fault (core dumped)
if (child->class->unparent) {
#0 0x00005555558d629b in object_finalize_child_property (obj=0x555556d2e830, name=0x555556d30630 "shpc-mmio[0]", opaque=0x555556a42fc8) at qom/object.c:1078
#1 0x00005555558d4b1f in object_property_del_all (obj=0x555556d2e830) at qom/object.c:367
#2 0x00005555558d4ca1 in object_finalize (data=0x555556d2e830) at qom/object.c:412
#3 0x00005555558d55a1 in object_unref (obj=0x555556d2e830) at qom/object.c:720
#4 0x000055555572c907 in qdev_device_add (opts=0x5555563544f0) at qdev-monitor.c:566
#5 0x0000555555744f16 in device_init_func (opts=0x5555563544f0, opaque=0x0) at vl.c:2213
#6 0x00005555559cf5f0 in qemu_opts_foreach (list=0x555555e0f8e0 <qemu_device_opts>, func=0x555555744efa <device_init_func>, opaque=0x0, abort_on_failure=1) at util/qemu-option.c:1057
#7 0x000055555574a11b in main (argc=16, argv=0x7fffffffdde8, envp=0x7fffffffde70) at vl.c:423
Unparent the shpc mmio region as part of shpc cleanup.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
if DIMMs with different size/alignment are interleaved
in creation order, it could lead to hotplug-memory
container fragmentation and following inability to use
all RAM upto maxmem.
For example:
-m 4G,slots=3,maxmem=7G
-object memory-backend-file,id=mem-1,size=256M,mem-path=/pagesize-2MB
-device pc-dimm,id=mem1,memdev=mem-1
-object memory-backend-file,id=mem-2,size=1G,mem-path=/pagesize-1GB
-device pc-dimm,id=mem2,memdev=mem-2
-object memory-backend-file,id=mem-3,size=256M,mem-path=/pagesize-2MB
-device pc-dimm,id=mem3,memdev=mem-3
fragments hotplug-memory container and doesn't allow
to use 1GB hugepage backend to consume remainig 1Gb.
To ease managment factor count in max 1Gb alignment for
each memory slot when sizing hotplug-memory region so
that regadless of fragmentaion it would be possible to
add max aligned DIMM.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Currently maxmem limit is not checked and depends on
hotplug region container not being able to fit more RAM
than maxmem. Do check explicitly so that it would
be possible to change hotplug container size later
to deal with fragmentation.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This fixes another failure with ExtINT, demonstrated by QNX. The failure
mode is as follows:
- IPI sent to cpu 0 (bit set in APIC irr)
- IPI accepted by cpu 0 (bit cleared in irr, set in isr)
- IPI sent to cpu 0 (bit set in both irr and isr)
- PIC interrupt sent to cpu 0
The PIC interrupt causes CPU_INTERRUPT_HARD to be set, but
apic_irq_pending observes that the highest pending APIC interrupt priority
(the IPI) is the same as the processor priority (since the IPI is still
being handled), so apic_get_interrupt returns a spurious interrupt rather
than the pending PIC interrupt. The result is an endless sequence of
spurious interrupts, since nothing will clear CPU_INTERRUPT_HARD.
Instead, ExtINT interrupts should have ignored the processor priority.
Calling apic_check_pic early in apic_get_interrupt ensures that
apic_deliver_pic_intr is called instead of delivering the spurious
interrupt. apic_deliver_pic_intr then clears CPU_INTERRUPT_HARD if needed.
Reported-by: Richard Bilson <rbilson@qnx.com>
Tested-by: Richard Bilson <rbilson@qnx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch fixes an obscure failure of the QNX kernel on QEMU x86 SMP.
In QNX, all hardware interrupts come via the PIC, and are delivered by
the cpu 0 LAPIC in ExtINT mode, while IPIs are delivered by the LAPIC
in fixed mode.
This bug happens as follows:
- cpu 0 masks a particular PIC interrupt
- IPI sent to cpu 0 (CPU_INTERRUPT_HARD is set)
- before the IPI is accepted, the masked interrupt line is asserted by the
device
Since the interrupt is masked, apic_deliver_pic_intr will clear
CPU_INTERRUPT_HARD. The IPI will still be set in the APIC irr, but since
CPU_INTERRUPT_HARD is not set the cpu will not notice. Depending on the
scenario this can cause a system hang, i.e. if cpu 0 is expected to unmask
the interrupt.
In order to fix this, do a full check of the APIC before an EXTINT
is acknowledged. This can result in clearing CPU_INTERRUPT_HARD, but
can also result in delivering the lost IPI.
Reported-by: Richard Bilson <rbilson@qnx.com>
Tested-by: Richard Bilson <rbilson@qnx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After the next patch, if a masked PIC interrupts causes CPU_INTERRUPT_POLL
to be set, the CPU will spuriously get out of halted state. While this
is technically valid, we should avoid that.
Make CPU_INTERRUPT_POLL run apic_update_irq in the right thread and then
look at CPU_INTERRUPT_HARD. If CPU_INTERRUPT_HARD does not get set,
do not report the CPU as having work.
Also move the handling of software-disabled APIC from apic_update_irq
to apic_irq_pending, and always trigger CPU_INTERRUPT_POLL. This will
be important once we will add a case that resets CPU_INTERRUPT_HARD
from apic_update_irq. We want to run it even if we go through
CPU_INTERRUPT_POLL, and even if the local APIC is software disabled.
Reported-by: Richard Bilson <rbilson@qnx.com>
Tested-by: Richard Bilson <rbilson@qnx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Performance wise it's better to align GVA by the backend's
page size.
Also do not allow to create DIMM device with suboptimal
size (i.e. not aligned to backends page size) to aviod
memory loss.
Do above only for 2.2 and newer machine types to avoid
breaking working configs with 2.1 machine type.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When running in KVM mode, kvm_set_phys_mem() will silently
fail if registered MemoryRegion address/size is not page
aligned. Causing memory hotplug failure in guest.
Mapping non aligned MemoryRegion in TCG mode 'works', but
sane guest OS still expects page aligned memory module
and fails to initialize it if it's not aligned.
So do not allow non aligned (i.e. valid) address/size
values for DIMM to avoid either KVM failure or guest
issues caused by it.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
split addr initialization from declaration so that
later when new local vars are added property getter
wouldn't drift off of error check.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When more memory devices are used than available
KVM memory slots, QEMU crashes with:
kvm_alloc_slot: no free slot available
Aborted (core dumped)
Fix this by checking that KVM has a free slot before
attempting to map memory in guest address space.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Coverity spot:
Assigning: iov = struct iovec [3]({{buf, 12UL},
{(void *)dot1q_buf, 4UL},
{buf + 12, size - 12}})
(address of temporary variable of type struct iovec [3]).
out_of_scope: Temporary variable of type struct iovec [3] goes out of scope.
Pointer to local outside scope (RETURN_LOCAL)
use_invalid:
Using iov, which points to an out-of-scope temporary variable of type struct iovec [3].
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
s->xmit_pos maybe assigned to a negative value (-1),
but in this branch variable s->xmit_pos as an index to
array s->buffer. Let's add a check for s->xmit_pos.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
ePAPR 1.1 defines the stdout-path property, making the os-specific
linux,stdout-path property redundant. Change the DT setup for ARM virt
to use the generic property - supported by Linux since 3.15.
The old QEMU behaviour was not present in any released version of
QEMU, and was only added to QEMU after the kernel changed, so
this should not break any existing setups.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
[PMM: add note to commit about the old behaviour never hving been
in a released version of QEMU]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The other callers to blk_set_enable_write_cache() in this file
already check for s->blk == NULL.
Signed-off-by: Don Slutz <dslutz@verizon.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1416259239-13281-1-git-send-email-dslutz@verizon.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
usb_ep_get and usb_handle_packet can deal with a NULL device, but we have
to avoid dereferencing NULL pointers when building the id.
Thanks to Gonglei for an initial stab at fixing this.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
((n->bar.aqa >> AQA_ASQS_SHIFT) & AQA_ASQS_MASK) > 4095
is always false regardless of the values of its operands.
This occurs as the logical second operand of '||'.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
lseek will return -1 on error, g_malloc0(size) and read(,,size)
paramenters cannot be negative. We should add a check for return
value of lseek().
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
May pass freed pointer filename as an argument to error_report.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch fixes two issues with persistent grants and the disk PV backend
(Qdisk):
- Keep track of memory regions where persistent grants have been mapped
since we need to unmap them as a whole. It is not possible to unmap a
single grant if it has been batch-mapped. A new check has also been added
to make sure persistent grants are only used if the whole mapped region
can be persistently mapped in the batch_maps case.
- Unmap persistent grants before switching to the closed state, so the
frontend can also free them.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reported-by: George Dunlap <george.dunlap@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: George Dunlap <george.dunlap@eu.citrix.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
If user starts QEMU with "-machine pc,accel=xen", then
compat property in xenfv won't work and it would cause error:
"Unsupported bus. Bus doesn't have property 'acpi-pcihp-bsel' set"
when PCI device is added with -device on QEMU CLI.
From: Igor Mammedov <imammedo@redhat.com>
In case of Xen instead of using compat property, just use the fact
that xen doesn't use QEMU's fw_cfg/acpi tables to switch piix4_pm
into legacy PCI hotplug mode when Xen is enabled.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Li Liang <liang.z.li@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
In order to make handle_cmd more readable at the macro level,
the details of how to decompose particular types of FIS packets
are left to helper functions.
In our case, the only type of FIS packet we currently expect to
see is a Register H2D FIS packet, but the gory details of its
decomposition are of no particular interest in handle_cmd.
This patch keeps the receipt of FIS packets and the decomposition
thereof separated to two different functions.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1415058979-16604-6-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Instead of checking for a known byte, inspect the
fields of this byte explicitly to produce more meaningful
error messages and improve the readability of this section.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1415058979-16604-5-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Error checking in ahci's handle_cmd is re-ordered so that we
initialize as few things as possible before we've done our
sanity checking. This simplifies returning from this call
in case of an error.
A check to make sure the DMA memory map succeeds with the
correct size is also added, and the debug print of the
command fis is cleaned up with its size corrected.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1415058979-16604-4-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch introduces a few changes to how FIS packets are
deciphered in the AHCI virtual device. The summary of
changes can be grouped into two pieces:
[A] Changes to how we apply a preliminary sieve to FISes,
[B] Changes in how we internalize a decomposed FIS.
== Changes to how we apply a preliminary sieve to FISes ==
(1) Packets may now either update the Control register or
the Command register, but not both. This is according
to the SATA 3.2 specification which states:
"...the device either initiates processing of the command
indicated in the Command register or initiates processing
of the control request indicated [...] depending on the
state of the C bit in the FIS."
See SATA 3.2 section 10.5.5.4, "Reception" in the 10.5.5
"Register Host to Device FIS" section.
This change accounts for the first two regions of change
within the diff. All other changes belong to the following
changes.
== Changes in how we internalize a decomposed FIS ==
(2) Instead of trying to extract the sector number out of the
FIS from bytes 4-10 and setting it with ide_set_sector,
we set the appropriate IDEState registers and trust that
ide_get_sector can retrieve the correct sector later.
By "constructing" the sector for use with ide_set_sector,
we are duplicating the mechanisms of ide_get_sector.
This change makes the FIS decomposition more obvious.
SATA 3.2 as a specification does not make the legacy
register mapping with respect to the D2H FIS obvious.
However, SATA 3.2 section 10.5.5.1 "Register Host to
Device FIS layout" describes all of the "cmd_fis"
bytes:
0 - FIS Type (0x27)
1 - Port Multiplier Port and Command Update flag
2 - ATA Command
3 - Features_Low
4 - LBA 7:0
5 - LBA 15:8
6 - LBA 23:16
7 - Device, AKA "Drive Select."
8 - LBA 31:24
9 - LBA 39:32
10 - LBA 47:40
11 - Features_High
12 - Count Low
13 - Count High
14 - ICC
15 - Control
16-19 - Auxiliary (for NCQ, defined per-command)
Most of these registers map to existing IDEState registers
in obvious ways, especially features, select, hob_features,
and nsector (count). ICC is reserved in older specifications
but is not supported in our implementation, and remains
unused here. The Control register is not valid for a command
that is trying to update the command register and is to be
considered reserved at this point.
What is not obvious is the LBA register mappings, but SATA 1.0
can help inform of us legacy device support, see SATA 1.0 section
8.5.2 "Register - Host to Device."
LBA 7:0 - Sector Number (sector)
LBA 15:8 - Cyl Low (lcyl)
LBA 23:16 - Cyl High (hcyl)
LBA 31:24 - Sector Num Exp. (hob_sector)
LBA 39:32 - Cyl Low Exp. (hob_lcyl)
LBA 47:40 - Cyl High Exp. (hob_hcyl)
These mappings help guide which registers the FIS should be decomposed
into/towards for CHS, LBA28 and LBA48 commands.
As a note: The prior confusion that can be seen in the documentation
arises from the fact that CHS and LBA28 commands use the low nybble
of the drive select register to store LBA 27:24, whereas LNA48 commands
use the hob_sector, hob_lcyl and hob_hcyl registers as explained above.
The decomposition as it stands now will correctly decompose CHS, LBA28
and LBA48 commands into their appropriate registers where the core
IDE/ATAPI layers can deal with them correctly.
See the below point for more information.
(3) We save cmd_fis[7] as ide_state->select, which informs
decisions about if we are using LBA or CHS.
This corrects a bug in AHCI wherein we attempt to set and/or
retrieve the sector number by using ide_set_sector and
ide_get_sector, which depend on the select register to
determine if we are using LBA or CHS.
Without this adjustment, LBA48 read/writes are currently
broken. Thanks to Eniac Zheng @ HP for pointing this out.
(4) Save cmd_fis[11] as ide_state->hob_feature, as defined in SATA 3.2.
(5) For several ATA commands, the sector count register set to 0
is a magic number that means 256 sectors. For LBA48 commands,
this means 65,536 sectors. We drop the magic sector correction
here, and trust the ide core layer to handle the conversion
appropriately, in ide_cmd_lba48_transform(). As it stands,
the current AHCI code is only compliant with LBA28 commands.
By simply removing the magic, it will work with LBA28 and LBA48.
(6) We expand FIS decomposition to include both ATAPI and IDE devices.
We leave the logic of determining if the fields are valid or not
to the respective layers.
This change intends to make it clearer that AHCI is only a
composition mechanism for the FIS packets: the meanings of
the registers is best left to the implementation layers for
those devices.
(7) Forcefully setting the feature, hcyl and lcyl registers for ATAPI
commands is removed.
- The hcyl and lcyl magic present here is valid at boot only,
and should not be overridden for every PACKET command.
- The feature register is defined as valid for the PACKET command,
so we should not suppress it. The ATAPI layer does not even
currently depend on or require 0x01 as mandatory.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1415058979-16604-3-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
A small helper to determine which S/ATA commands
are destined to be routed to the NCQ pathways.
This references SATA 3.2 section 13.6,
Native Command Queueing. See sections 13.6.4,
13.6.5, 13.6.6, 13.6.7 and 13.6.8 for all
SATA commands considered to be part of the
NCQ feature set. This is summarized in a small
list in section 13.6.3.1 and again in 13.6.3.2.
Not all of these NCQ commands are currently supported,
so the error pathways are adjusted slightly to be more
informative in the case they are encountered.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1415058979-16604-2-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This impacts both BMDMA and AHCI HBA interfaces for IDE.
Currently, we confuse the difference between a PRDT having
"0 bytes" and a PRDT having "0 complete sectors."
When we receive an incomplete sector, inconsistent error checking
leads to an infinite loop wherein the call succeeds, but it
didn't give us enough bytes -- leading us to re-call the
DMA chain over and over again. This leads to, in the BMDMA case,
leaked memory for short PRDTs, and infinite loops and resource
usage in the AHCI case.
The .prepare_buf() callback is reworked to return the number of
bytes that it successfully prepared. 0 is a valid, non-error
answer that means the table was empty and described no bytes.
-1 indicates an error.
Our current implementation uses the io_buffer in IDEState to
ultimately describe the size of a prepared scatter-gather list.
Even though the AHCI PRDT/SGList can be as large as 256GiB, the
AHCI command header limits transactions to just 4GiB. ATA8-ACS3,
however, defines the largest transaction to be an LBA48 command
that transfers 65,536 sectors. With a 512 byte sector size, this
is just 32MiB.
Since our current state structures use the int type to describe
the size of the buffer, and this state is migrated as int32, we
are limited to describing 2GiB buffer sizes unless we change the
migration protocol.
For this reason, this patch begins to unify the assertions in the
IDE pathways that the scatter-gather list provided by either the
AHCI PRDT or the PCI BMDMA PRDs can only describe, at a maximum,
2GiB. This should be resilient enough unless we need a sector
size that exceeds 32KiB.
Further, the likelihood of any guest operating system actually
attempting to transfer this much data in a single operation is
very slim.
To this end, the IDEState variables have been updated to more
explicitly clarify our maximum supported size. Callers to the
prepare_buf callback have been reworked to understand the new
return code, and all versions of the prepare_buf callback have
been adjusted accordingly.
Lastly, the ahci_populate_sglist helper, relied upon by the
AHCI implementation of .prepare_buf() as well as the PCI
implementation of the callback have had overflow assertions
added to help make clear the reasonings behind the various
type changes.
[Added %d -> %"PRId64" fix John sent because off_pos changed from int to
int64_t.
--Stefan]
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1414785819-26209-4-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The intent of this patch is to further unify the creation and
deletion of the sglist used for all AHCI transfers, including
emulated PIO, ATAPI R/W, and native DMA R/W.
By replacing ahci_start_transfer's call to ahci_populate_sglist
with ahci_dma_prepare_buf, we reduce the number of direct calls
where we manipulate the scatter-gather list in the AHCI code.
To make this switch, the constant "0" passed as an offset
in ahci_dma_prepare_buf is adjusted to use io_buffer_offset.
For DMA pathways, this has no effect: io_buffer_offset is always
updated to 0 at the beginning of a DMA transfer loop regardless.
DMA pathways through ide_dma_cb() update the io_buffer_offset
accordingly, and for circumstances where we might make several
trips through this loop, this may actually correct a design flaw.
For PIO pathways, the newly updated ahci_dma_prepare_buf will
now prepare the sglist at the correct offset. It will also set
io_buffer_size, but this is not used in the cmd_read_pio or
cmd_write_pio pathways.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1414785819-26209-3-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Currently, for emulated PIO transfers through the AHCI device,
any attempt made to request more than a single sector's worth
of data will result in the same sector being transferred over
and over.
For example, if we request 8 sectors via PIO READ SECTORS, the
AHCI device will give us the same sector eight times.
This patch adds offset tracking into the PIO pathways so that
we can fulfill these requests appropriately.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1414785819-26209-2-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch fixes a regression caused by commit
659142ecf7.
The problem occurs when we wish to return early
from the ahci_start_transfer function, but are now
updating the transferred byte count in the AHCI
command header via ahci_commit_buf.
This will cause problems in the Windows 8 installer.
Don't update the byte count in the command header
for the transmission of ATAPI packets: These commands
will distort the final byte count of the actual data
payload.
The call to ahci_commit_buf remains in the "out"
portion of the call in order to clean up the sglist.
The byte count is maintained by forcing size to be 0.
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
patches, pending confirmation from the submitter that they really
fix QNX.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJUZMqiAAoJEL/70l94x66DQEEH/3kWZSwiC6yh5icRmLd1PX9Q
P8a5qIGQUldN54orlr4bDs4Slb6w4CVwwupT6AIFvNbZDFQVlJTMd+3ssZ03H++D
eJ9WvY3yVmrC1ofFk1WNIposk01gvM0U74Kns4ttEuJ7UyB75mhPEegQd3B8WbPa
/eJILlXu9ayxj60yEqmoR8IfqrkuuTHx7P4QmpJigGeLkBhQOq0TXjb1xi+4JPnv
BHjVjA6YNtzuMO2wP0y6KE/9HZpow0luAb+vB0NkY0NoEezVucoDWLMMUkpSiZI/
yYFEqp4lzRo2ygnJXlGvLFND6F2qacGIIU5lj5t8a2BmswqD83JEt/idQGYeIzM=
=ExeA
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
x86 and SCSI fixes. I left out the APIC device model
patches, pending confirmation from the submitter that they really
fix QNX.
# gpg: Signature made Thu 13 Nov 2014 15:13:38 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
acpi: accurate overflow check
smbios: change 'ram_addr_t' variables to 'uint64_t'
kvmclock: Add comment explaining why we need cpu_clean_all_dirty()
target-i386: fix Coverity complaints about overflows
apic_common: migrate missing fields
target-i386: eliminate dead code and hoist common code out of "if"
virtio-scsi: Fix comment for VirtIOSCSIReq
virtio-scsi: dataplane: suppress guest notification
esp: Do not overwrite ESP_TCHI after reset
virtio-scsi: dataplane: fix allocation for 'cmd_vrings'
esp: fix coding standards
virtio-scsi: work around bug in old BIOSes
esp-pci: fixup deadlock with linux
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare clock in ns, because acpi_pm_tmr_update uses rounded
to ns value instead of ticks.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
[This lets Windows boot in icount mode. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ram_addr_t should not be used except if referring to a RAMBlobk.
Using 'uint64_t' avoids a -Wconstant-conversion warning, which
clang >= 3.4 produces in "smbios_get_tables()".
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch adds missed sipi_vector and wait_for_sipi fields to a new
subsection of the vmstate of the apic_common module. Saving and loading
of these fields makes migration of the apic state deterministic.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
[Initialize the field in pre_load and kvm_apic_realize. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch uses vring_should_notify() to suppress
guest notification, and looks notification frequency
can be decreased from ~33K/sec to ~2K/sec in my test
environment.
Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After a reset ESP_TCHI should contain the unique ID
of the chip. This value will be overwritten with the
current tranfer count if the transfer count has
previously been set.
So we should always return the chip id if ESP_TCHI
has never been written to.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJUYh9vAAoJEL7lnXSkw9fbgPQH/065L5+SpaJR1Nte9Lz3N2s1
a6tGSI22yu85tKvYCdYjeoVHSkSTyR57FdTfUd2xc2QPj+J4sWXpA81KILBGTJUp
NMpmLpWg4LOh8Ek4ViRgmFFdryzIFa4dT4gc1AcSAIAQ6jsgK1dM7m5kfncC3TN0
TUs248vJ2i/DaE0k8TOeJqxJTqInoFttlJEqG7RD+V5JznokE4zpFNXHDGx9BptE
W2J38GJ/TKRPe9UrHMKZI1r6+ZBdXyE/CaqsNNKLJdqrHgSQuAyK/PS6dQbM4BLg
M1qdP7Tp0wOlvv9qoEZMOEiUsi54XPqLgaLMbW74Yp5X459fqmLW2imy49pHXt8=
=klsW
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2014-11-11' into staging
trivial patches for 2014-11-11
# gpg: Signature made Tue 11 Nov 2014 14:38:39 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
* remotes/mjt/tags/pull-trivial-patches-2014-11-11:
block: Fix comment for bdrv_co_get_block_status
sysbus: Correct SYSTEM_BUS(obj) defines
target-i386: cpu: keeping function parameters alignment on new line
xen-hvm: Remove redundant variable 'xstate'
coroutine-sigaltstack: Change jmp_buf to sigjmp_buf
pc-bios: petalogix-s3adsp1800.dtb: Use 'xlnx, xps-ethernetlite-2.00.a' instead of 'xlnx, xps-ethernetlite-2.00.b'
gdbstub: Add a missing case of signal number translation in gdbstub
numa: make 'info numa' take into account hotplugged memory
slirp/smbd: modify/set several parameters in generated smbd.conf
qemu-doc.texi: fix typos in x509 examples
icc_bus: fix typo ICC_BRIGDE -> ICC_BRIDGE
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The size of each element should be sizeof(VirtIOSCSIVring *).
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
- instruction decoding and sparse warning in kvm
- overlong input and hangs in the sclp consoles
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJUWkVWAAoJEN7Pa5PG8C+vB1oP/1UIcGNXd4L8iaDeT5Q2Uq9q
sBfd81EkuR7F80p1l3KfEq+4krdcNj/5zQTDG0Mq8dsH+qBvgI5gjaih18ECpRRl
hCvPsRRPaTu7intLLVbjLopkOJLFOPnSyIn91jjQVfZxm6gNAH8/G1/EM9xRjWU6
q7FN7bXDi8reERllsMfWNpMoVZXXd5Nw+oChHO9neo3jKfSSBVaqJQvhp4PZLHhE
Bchn0HbsrMe0xaabRA6AqOeKgw7bSlUsgMc8U98OaBkWoCDnj8Vb3ZK2xKa3aHY4
+BWxwDSEM0hEG7r3mI+YDbXANEiiFFtArX9A6v6RzydR/nezL5m7Ngbdwlxq3MQK
xiJ98kQGoufaq2/oFhwqy9CGAOBAr4i8PRHSoe5cyOuoiPrblZ91CiwV9H615HBr
/CSdu8uQQr3m1U8tELOEqMWERNv3LnVxL45SZf1NYihttp4Uj//+eWrqy16L/fdB
IYpfLMbRB06V7K1TJEiwLnoh1oiUsY7iG86cLfUPzrExxR0aDehJiJ3vTHDLCbk8
Ep9ko+CUcEZwqQ4/GgN+SWObfPlZ3jiLg1GNU3VbbLhtHQC26FZJ6xxVZztfkh9p
hJx594jDMsttoN1DuZeX7Xo4qf/5Sw0qGk7hl98KuwgX8Yuy+DkqMQP9DApd3RYC
v8OCU4hKv7kw96EJ1zOV
=hUn1
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20141105' into staging
Several bugfixes for s390x:
- instruction decoding and sparse warning in kvm
- overlong input and hangs in the sclp consoles
# gpg: Signature made Wed 05 Nov 2014 15:42:14 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
* remotes/cohuck/tags/s390x-20141105:
s390x/sclpconsole: Avoid hanging SCLP ASCII console
s390x/sclpconsole-lm: Fix hanging SCLP line mode console
s390x/sclpconsole-lm: truncate input if line is too long
s390x/kvm: Fix warning from sparse
s390x/kvm: Fix opcode decoding for eb instruction handler
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Old BIOSes left some padding by mistake after the req_size/resp_size.
New QEMU does not like it, thinking it is a bidirectional command.
As a workaround, we can check if the ANY_LAYOUT bit is set; if not, we
always consider the first buffer as the virtio-scsi request/response,
because, back when QEMU did not support ANY_LAYOUT, it expected the
payload to start at the second element of the iovec.
This can show up during migration.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
A linux guest will be issuing messages:
[ 32.124042] DC390: Deadlock in DataIn_0: DMA aborted unfinished: 000000 bytes remain!!
[ 32.126348] DC390: DataIn_0: DMA State: 0
and the HBA will fail to work properly.
Reason is the emulation is not setting the 'DMA transfer done'
status correctly.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
It seems "name" is not mandatory, and the following command line (based
on one generated by current libvirt) will crash qemu at start:
qemu-system-x86_64 \
-device virtio-serial-pci \
-device virtserialport,name=foo \
-device virtconsole
Program received signal SIGSEGV, Segmentation fault.
__strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:210
210 movlpd (%rsi), %xmm2
Missing separate debuginfos, use: debuginfo-install
python-libs-2.7.5-13.fc20.x86_64
(gdb) bt
#0 __strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:210
#1 0x000055555566bdc6 in find_port_by_name (name=0x0) at /home/elmarco/src/qemu/hw/char/virtio-serial-bus.c:67
Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Force recalculation of file descriptor sets for main loop's poll(),
in order to be able to readd a possibly removed input file descriptor
after can_read() returned 0 (zero).
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Trigger recalculating sets of file descriptors for the main loop's poll()
in order to make sure a possibly removed FD 0 from the poll() file
descriptor array is re-added. FD 0 is removed from the decriptor array
when the console's can_read() callback returns 0.
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
As the SCLP line mode console input length is limited by the available
SCCB buffer space, it might lock up if the input does not fit into the
buffer.
With this patch, characters that don't fit are 'eaten' up to the next
CR/LF and the input line is sent truncated to the guest.
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Now that we finally check for presence of dangling sysbus devices, make check
started complaining that the sPAPR PHB is one such device.
However, it really isn't. The spapr PHB is not really a traditional sysbus
device, but much more a special spapr pv device which is already able to get
created dynamically.
Move spapr to its own dynamic sysbus check handling and allow PHB devices to
get allocated dynamically.
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds support to expose eTSEC devices in the dynamically created
guest facing device tree. This allows us to expose eTSEC devices into guests
without changes in the machine file.
Because we can now tell the guest about eTSEC devices this patch allows the
user to specify eTSEC devices via -device at all.
Signed-off-by: Alexander Graf <agraf@suse.de>
For e500 our approach to supporting dynamically spawned sysbus devices is to
create a simple bus from the guest's point of view within which we map those
devices dynamically.
We allocate memory regions always within the "platform" hole in address
space and map IRQs to predetermined IRQ lines that are reserved for platform
device usage.
This maps really nicely into device tree logic, so we can just tell the
guest about our virtual simple bus in device tree as well.
Signed-off-by: Alexander Graf <agraf@suse.de>
We need to support spawning of sysbus devices dynamically via the command line.
The easiest way to represent these dynamically spawned devices in the guest's
memory and IRQ layout is by preallocating some space for dynamic sysbus devices.
This is what the "platform bus" device does. It is a sysbus device that exports
a configurably sized MMIO region and a configurable number of IRQ lines. When
this device encounters sysbus devices that have been dynamically created and not
manually wired up, it dynamically connects them to its own pool of resources.
The machine model can then loop through all of these devices and create a guest
configuration (device tree) to make them visible to the guest.
Signed-off-by: Alexander Graf <agraf@suse.de>
Sysbus devices have a range of MMIO regions they expose. The exact number
of regions is device specific and internal information to the device model.
Expose whether a region exists via a public interface. That way our platform
bus enumeration code can dynamically determine how many regions exist.
Signed-off-by: Alexander Graf <agraf@suse.de>
Sysbus devices can get their IRQ lines connected to other devices. It is
possible to figure out which IRQ line a connection is on and whether a sysbus
device even provides an IRQ connector at a specific offset.
This patch exposes helpers to make this information publicly accessible. We
will need it for the platform bus dynamic sysbus enumeration.
Signed-off-by: Alexander Graf <agraf@suse.de>
Now that we can properly map sysbus devices that haven't been connected to
something forcefully by C code, we can allow the -device command line option
to spawn them.
For machines that don't implement dynamic sysbus assignment in their board
files we add a new bool "has_dynamic_sysbus" to the machine class.
When that property is false (default), we bail out when we see dynamically
spawned sysbus devices, like we did before.
Signed-off-by: Alexander Graf <agraf@suse.de>
Sysbus devices can be spawned by C code or dynamically via the command line.
In the latter case, we need to be able to find the dynamically created devices
to do things with them.
This patch adds a search helper that makes it easy to look for dynamically
spawned sysbus devices.
Signed-off-by: Alexander Graf <agraf@suse.de>
The g_hash_table_iter_* functions for iterating through a hash table
are not present in glib 2.12, which is our current minimum requirement.
Rewrite the code to use g_hash_table_foreach() instead.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
The only case when sPAPR NVRAM migrates now is if is backed by a file and
copy-storage migration is performed. In other cases NVRAM does not
migrate regardless whether it is backed by a file or not.
This enables shadow copy of NVRAM in RAM which is read from a file
(if used) and used for reads. Writes to NVRAM are mirrored to the file.
This defines a VMSTATE descriptor for NVRAM device so the memory copy
of NVRAM can migrate and be flushed to a backing file on the destination
if one is specified.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Now that we have a working GPIO controller on the virt machine, we can use
one pin to notify QEMU that the guests wants to power off the system.
Signed-off-by: Alexander Graf <agraf@suse.de>
With the e500 virt machine, we don't have to adhere to the exact hardware
layout of an mpc8544ds board. So there we can just add a qoriq compatible
GPIO controller into the system that we can add a power off hook to.
Signed-off-by: Alexander Graf <agraf@suse.de>
On e500 systems most SoCs implement a common GPIO controller that Linux
calls the "mpc8xxx" gpio controller. This patch adds an emulation model
for this device.
Signed-off-by: Alexander Graf <agraf@suse.de>
The MemoryRegionOps struct pci4xx_cfgaddr_ops and the read and
write functions it references are all unused; remove them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
The in-kernel OpenPIC emulation only supports a single map. However, we
map the OpenPIC at 2 locations: The CPU visible one and the PCI visible
one. For KVM acceleration, we only care about the first one.
To make sure that we only map that first mapping and not the PCI map that
happens dynamically later during bootup, ignore maps that happen when
we are already considering ourselves mapped.
Credits due are to Bogdan and Mihai for debugging this.
Reported-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Reported-by: Mihai Caraman <mihai.caraman@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
As of qemu-2.1, spapr/pseries, has a set of versioned machine classes to
represent the machine type as it appeared to the guest in different qemu
versions. This allows for safe migration of guests between current and
future qemu versions.
However, these are organized a bit differently from those for PC: on PC,
the default plain "pc" machine type is just an alias for the most recent
versioned machine type. In sPAPR, it names the base machine class from
which the versioned types are derived.
The PC approach is preferable; it makes it clearer which explicit version
is the current one. Additionally updating the "current" machine as the
base class makes it even more likely than otherwise to incorrectly alter
the versioned machines' behaviour when updating the current machine.
Therefore this patch changes sPAPR to the PC approach - the base class
becomes abstract, and plain "pseries" becomes an alias for the most
recent versioned machine class. Since qemu-2.1 is now released, we also
create a new pseries-2.2 machine type, to incorporate changes during this
development cycle (for now it is identical to pseries-2.1).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The virtex-ml507 is a Xilinx CPU based system, and requires several sub
devices which are only included with CONFIG_XILINX. Therefore, it should
only be compiled if CONFIG_XILINX is set.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Make SVM be disabled by default on all CPU models when in KVM mode.
Nested SVM is enabled by default in the KVM kernel module, but it is
probably less stable than nested VMX (which is already disabled by
default).
Add a new compat function, x86_cpu_compat_kvm_no_autodisable(), to keep
compatibility on previous machine-types.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
TCG doesn't support VMX, and nested VMX is not enabled by default in the
KVM kernel module.
So, there's no reason to have VMX enabled by default on the core2duo and
coreduo CPU models, today. Even the newer Intel CPU model definitions
don't have it enabled.
In this case, we need machine-type compat code, as people may be running
the older machine-types on hosts that had VMX nesting enabled.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
A bunch of minor bugfixes all over the place.
changes from v2:
added cpu hotplug rework
added default vga type switch
more fixes
changes from v1:
fix for test re-generation script
add missing acks to two patches
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJUV65JAAoJECgfDbjSjVRpqzgIAJJDaU95xdtl/snSJVbSGsgR
2YW8mC8pjkZnV8fbu7F1vOTJSpAhj0eeXaDTqtbBhgAqBlqQ5tWAT9xDnUIlBlHN
GVTWzWaifVOGMj087Ovvy9+4NyfsuvTlf3aOjvLfqlaDqI5dbZQAyIdHNFyV7Qy9
txgAcERp+caZ4rN8XgAv82KV1JGj8PXermTgLJ+DcqYxhwWm66eEviQ+f+F5YImJ
CJQ6HFPXjclxHCuyKBL334SIwq8IfYyUUkIsGgKCNuHPUud7r2rqsIlRfeZBwLf9
igUgf4iPQL5TNVq9qwQmnTK6ddHTqHZmGyu902WxHK/N0EDq4dLw8diqFhZxo9Y=
=f7Rb
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc, virtio, misc bugfixes
A bunch of minor bugfixes all over the place.
changes from v2:
added cpu hotplug rework
added default vga type switch
more fixes
changes from v1:
fix for test re-generation script
add missing acks to two patches
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 03 Nov 2014 16:33:13 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream: (28 commits)
vga: flip qemu 2.2 pc machine types from cirrus to stdvga
vga: add default display to machine class
vhost-user: fix mmap offset calculation
hw/i386/acpi-build.c: Fix memory leak in acpi_build_tables_cleanup()
smbios: Encode UUID according to SMBIOS specification
pc: Add pc_compat_2_1() function
hw/virtio/vring/event_idx: fix the vring_avail_event error
hw/pci: fixed hotplug crash when using rombar=0 with devices having romfile
hw/pci: fixed error flow in pci_qdev_init
-machine vmport=off: Allow disabling of VMWare ioport emulation
acpi/cpu-hotplug: introduce helper function to keep bit setting in one place
cpu-hotplug: rename function for better readability
qom/cpu: remove the unused CPU hot-plug notifier
pc: Update rtc_cmos in pc_cpu_plug
pc: add cpu hotplug handler to PC_MACHINE
acpi:piix4: convert cpu hotplug to hotplug_handler API
acpi:ich9: convert cpu hotplug to hotplug_handler API
acpi/cpu: add cpu hotplug callback function to match hotplug_handler API
acpi: create separate file for TCPA log
tests: fix rebuild-expected-aml.sh for acpi-test rename
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The x86_cpu_compat_disable_kvm_features() name was a bit confusing, as
it won't forcibly disable the feature for all CPU models (i.e. add it to
kvm_default_unset_features), but it will instead turn off the KVM
auto-enabling of the feature (i.e. remove it from kvm_default_features),
meaning the feature may still be enabled by default in some CPU models).
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
We will need new compat code for the 2.1 machine-types.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Version: GnuPG v1
iQEcBAABAgAGBQJUV2wdAAoJEJykq7OBq3PIjcAH/29rl938ETw1wjXxYe3uH+R6
K2yFEiPh9/cOJSH0mJ+gD8DZIN+iyR4eoQGP2s5ALFPcX3bkYxRLlUeYK0BCp883
esc7gO6XPhLvTVqP0xgACRCdUwH2I0VTToDlHjXXZogyI/DuDX3gzWJufE3x1DGs
WNTMOp5n/uYkWH3rI3DkInmbSddEz3pgX65a8BuYtw0V/RSeSRnHKDYHMygvJBRL
EVfWRNeOIrZ730CyJry0t8ITjsZxiBDKXR5glNSwaIfQUfGkTSWi9YNSurNYkUDr
aMS2rgvOVlrOUDKTHUj9oS3jgoGWcDtlk9E1MeSoyIptbRoMhdFVl1AUJZsrMJU=
=Mfbu
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
# gpg: Signature made Mon 03 Nov 2014 11:50:53 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/block-pull-request: (53 commits)
block: declare blockjobs and dataplane friends!
block: let commit blockjob run in BDS AioContext
block: let mirror blockjob run in BDS AioContext
block: let stream blockjob run in BDS AioContext
block: let backup blockjob run in BDS AioContext
block: add bdrv_drain()
blockjob: add block_job_defer_to_main_loop()
blockdev: add note that block_job_cb() must be thread-safe
blockdev: acquire AioContext in blockdev_mark_auto_del()
blockdev: acquire AioContext in do_qmp_query_block_jobs_one()
block: acquire AioContext in generic blockjob QMP commands
iotests: Expand test 061
block/qcow2: Simplify shared L2 handling in amend
block/qcow2: Make get_refcount() global
block/qcow2: Implement status CB for amend
qemu-img: Fix insignificant memleak
qemu-img: Add progress output for amend
block: Add status callback to bdrv_amend_options()
block: qemu-iotest 107 supports NFS
iotests: Add test for qcow2's bdrv_make_empty
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch switches the default display from cirrus to vga
for the new (qemu 2.2+) machine types. Old machines types
stay as-is for compatibility reasons.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This allows machine classes to specify which display device they want
as default. If unspecified the current behavior (try cirrus, failing
that try stdvga, failing that use no display) will be used.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
qemu_get_ram_block_host_ptr should get ram_addr_t,
vhost-user passes in GPA.
That's very wrong.
Reported-by: Linhaifeng <haifeng.lin@huawei.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJUVhuDAAoJEL7lnXSkw9fbOKMIAIE3XZMhar4Vmokb/K0DFbnh
gy2z7iCe7vumLKiRSJX1LGmkFO3dwykw82JZQ1SVo0RdgguJ5dx1Abx1qDM1rojL
jJT0pJ9zWPl4fTv38wCEfaysQHPdgwoH4826ga+MXnVS9XHRHHxuQ4vI01AK3oyQ
4t6/wto9H8kF3n6ny7tz5WNZClsq7qbiIqw5nNCILQfSh/VBPwxQNBiWf/nYVMuY
Ubk5noztZwH+hbiAQL5lAPz/HolcRwg1tzbR0dfmt8/aqO28rJhasG58JgtziI2y
JSg4BwldqUQEgiHonArLfQDixjLtEEyL+fQSzZm02ixwcBpc/ADSyGDy2R1zpH8=
=j1ga
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2014-11-02' into staging
trivial patches for 2014-11-02
# gpg: Signature made Sun 02 Nov 2014 11:54:43 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
* remotes/mjt/tags/pull-trivial-patches-2014-11-02: (23 commits)
vdi: wrapped uuid_unparse() in #ifdef
tap: fix possible fd leak in net_init_tap
tap: do not close(fd) in net_init_tap_one
target-i386: Remove unused model_features_t struct
tap_int.h: remove repeating NETWORK_SCRIPT defines
os-posix: reorder parent notification for -daemonize
pidfile: stop making pidfile error a special case
os-posix: replace goto again with a proper loop
os-posix: use global daemon_pipe instead of cryptic fds[1]
dump: Fix dump-guest-memory termination and use-after-close
virtio-9p-proxy: improve error messages in connect_namedsocket()
virtio-9p-proxy: fix error return in proxy_init()
virtio-9p-proxy: Fix sockfd leak
target-tricore: check return value before using it
net/slirp: specify logbase for smbd
Revert "os-posix: report error message when lock file failed"
util: Improve os_mem_prealloc error message
sparse: fix build
target-arm: A64: remove redundant store
target-xtensa: mark XtensaConfig structs as unused
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
megasas 2108 emulation, and other small patches here and there.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJUU8RCAAoJEL/70l94x66Dvh0H/3CMdRSk9UugaHxn+VeSqGdz
Z5KQpvUqZts03hISrFATOG9XZGTnsxuVtzGuR+kpW4luQXd4x4dv/pFIiS43FWNr
hGKckxLsSYLM57eh5pUbRfoIAYwa+txe/PnCa1GGSyrEbBe6isF39LrZnkCEJWNc
yEF4nIwTJqAAkvqgXv6SWzINr9vKUYHlGG2a6I2pSM3pofL3Pe8dr5Lg2rXCU3QS
Petn3Xj45oKhQGX9mBrfFQR9xeJ/Uq1chF5GpIYWPqpeSFmHd7A6gW+cpGMN+RlT
OG8JnOwWBxQ26ZOjS6Ek52RiDCr4fsEWmbrwYRYz1D5hi9jSnpOYxipj1kSOG5k=
=479x
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
The last round of patches for soft freeze. Includes ivshmem bugfixes,
megasas 2108 emulation, and other small patches here and there.
# gpg: Signature made Fri 31 Oct 2014 17:17:54 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream: (35 commits)
virtio-scsi: fix dataplane
ivshmem: use error_report
ivshmem: Fix fd leak on error
ivshmem: Fix potential OOB r/w access
ivshmem: validate incoming_posn value from server
ivshmem: Check ivshmem_read() size argument
i386: fix breakpoints handling in icount mode
kvm_stat: Add powerpc support
kvm_stat: Abstract ioctl numbers
kvm_stat: Rework platform detection
kvm_stat: Fix the non-x86 exit reasons
kvm_stat: Only consider online cpus
virtio-scsi: Fix num_queue input validation
scsi: devirtualize unrealize of SCSI devices
virtio-scsi: Fix memory leak when realize failed
iscsi: Refuse to open as writable if the LUN is write protected
kvmvapic: patch_instruction fix
vl.c: Fix Coverity complaining for vmstate_dump_file
Add skip_dump flag to ignore memory region during dump
-machine vmport=off: Allow disabling of VMWare ioport emulation
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now that blockjobs use AioContext they are safe for use with dataplane.
Unblock them!
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1413889440-32577-12-git-send-email-stefanha@redhat.com
The SDB FIS creation was mangled;
We were writing the error byte to byte 0,
and omitting the SDB FIS magic byte.
Though the SDB packet layout states that:
byte 0: Must be 0xA1 to indicate SDB FIS.
byte 1: Port multiplier select & other flags
byte 2: status byte.
byte 3: error byte.
This patch adds an SDB FIS structure with
human-readable names, and ensures that we
are filling the structure appropriately.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1412204151-18117-7-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Currently, DMA read/write operations neglect to update
the byte count after a successful transfer like ATAPI
DMA read or PIO read/write operations do.
We correct this oversight by adding another callback into
the IDEDMAOps structure. The commit callback is called
whenever we are cleaning up a scatter-gather list.
AHCI can register this callback in order to update post-
transfer information such as byte count updates.
We use this callback in AHCI to consolidate where we delete
the SGlist as generated from the PRDT, as well as update the
byte count after the transfer is complete.
The QEMUSGList structure has an init flag added to it in order
to make qemu_sglist_destroy a nop if it is called when
there is no sglist, which simplifies cleanup and error paths.
This patch fixes several AHCI problems, notably Non-NCQ modes
of operation for Windows 7 as well as Hibernate support for Windows 7.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1412204151-18117-3-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Currently, the D2H FIS packets AHCI generates simply parrot back
the LBA that the guest sent to us in the cmd_fis. However, some
commands (like READ NATIVE MAX) modify the LBA registers as a
return value, through which the AHCI D2H FIS is the only response
mechanism. Thus, the D2H response should use the current register
values, not the initial ones.
This patch adjusts the LBA and drive select register responses for
PIO Setup and D2H FIS response packets.
Additionally, the PIO and D2H FIS responses copy too many bytes
from the command FIS that it is being generated from. Specifically,
byte 11 which is the Features(15:8) field for Register Host to
Device FIS packets, is instead reserved for the PIO Setup FIS and
should always be 0.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1412204151-18117-2-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
U-boot for xtensa always treats uImage load address as virtual address.
This is important when booting uImage on xtensa core with MMUv2, because
MMUv2 has fixed non-identity virtual-to-physical mapping after reset.
Always do virtual-to-physical translation of uImage load address and
load uImage at the translated address. This fixes booting uImage kernels
on dc232b and other MMUv2 cores.
Cc: qemu-stable@nongnu.org
Reported-by: Waldemar Brodkorb <mail@waldemar-brodkorb.de>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Such address translation is needed when load address recorded in uImage
is a virtual address. When the actual load address is requested, return
untranslated address: user that needs the translated address can always
apply translation function to it and those that need it untranslated
don't need to do the inverse translation.
Add translation function pointer and its parameter to uimage_load
prototype. Update all existing users.
No user-visible functional changes.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Timer interrupt should be raised at the same cycle when CCOUNT equals
CCOMPARE. As cycles are counted in batches, timer interrupt is sent
every time CCOMPARE lies in the interval [old CCOUNT, new CCOUNT]. This
is wrong, because when new CCOUNT equals CCOMPARE interrupt is sent
twice, once for the upper interval boundary and once for the lower. Fix
that by excluding lower interval boundary from the condition.
This doesn't have user-visible effect, because CCOMPARE reload always
causes CCOUNT increment followed by current timer interrupt reset.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
There are three ACPI tables: 'linker_data', 'rsdp' and 'table_data'. They are
used differently. Two of them are being copied before using and only the copy
is used later. But the third is used directly. Because of that we need to free
two tables completely and delete only wrapper for the third one.
Valgrind output:
==23931== 131,072 bytes in 1 blocks are definitely lost in loss record 7,729 of 7,734
==23931== at 0x4C2CE8E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23931== by 0x2EA920: realloc_and_trace (vl.c:2811)
==23931== by 0x509E6AE: g_realloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==23931== by 0x506DB32: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==23931== by 0x506E463: g_array_set_size (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==23931== by 0x256A4F: acpi_align_size (acpi-build.c:487)
==23931== by 0x259F92: acpi_build (acpi-build.c:1601)
==23931== by 0x25A212: acpi_setup (acpi-build.c:1682)
==23931== by 0x24F346: pc_guest_info_machine_done (pc.c:1110)
==23931== by 0x55FAAB: notifier_list_notify (notify.c:39)
==23931== by 0x2EA704: qemu_run_machine_init_done_notifiers (vl.c:2759)
==23931== by 0x2EEC3C: main (vl.c:4504)
Signed-off-by: Nikita Belov <zodiac@ispras.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Differently from older versions, SMBIOS version 2.6 is explicit about
the encoding of UUID fields:
> Although RFC 4122 recommends network byte order for all fields, the PC
> industry (including the ACPI, UEFI, and Microsoft specifications) has
> consistently used little-endian byte encoding for the first three fields:
> time_low, time_mid, time_hi_and_version. The same encoding, also known as
> wire format, should also be used for the SMBIOS representation of the UUID.
>
> The UUID {00112233-4455-6677-8899-AABBCCDDEEFF} would thus be represented
> as 33 22 11 00 55 44 77 66 88 99 AA BB CC DD EE FF.
The dmidecode tool implements this and decodes the above "wire format"
when SMBIOS version >= 2.6. We moved from SMBIOS version 2.4 to 2.8 when
we started building the SMBIOS entry point inside QEMU, on commit
c97294ec1b.
Change smbios_build_type_1_table() to encode the UUID as specified.
To make sure we won't change the guest-visible UUID when upgrading to a
newer QEMU version, keep the old behavior on pc-*-2.1 and older.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The event idx in virtio is an effective way to reduce the number of
interrupts and exits of the guest. When the guest puts an request
into the virtio ring, it doesn't exit immediately to inform the
backend. Instead, the guest checks the "avail" event idx to determine
the notification.
In virtqueue_pop, when a request is poped, the current avail event
idx should be set to the number of vq->last_avail_idx.
Signed-off-by: Bin Wu <wu.wubin@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Greg Bellows