qemu.git
7 years agotimer: rename NSEC_PER_SEC due to Mac OS X header clash
Stefan Hajnoczi [Wed, 8 Jul 2015 14:10:09 +0000 (15:10 +0100)] 
timer: rename NSEC_PER_SEC due to Mac OS X header clash

Commit e0cf11f31c24cfb17f44ed46c254d84c78e7f6e9 ("timer: Use a single
definition of NSEC_PER_SEC for the whole codebase") renamed
NANOSECONDS_PER_SECOND to NSEC_PER_SEC.

On Mac OS X there is a <dispatch/time.h> system header which also
defines NSEC_PER_SEC.  This causes compiler warnings.

Let's use the old name instead.  It's longer but it doesn't clash.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1436364609-7929-1-git-send-email-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Mon, 20 Jul 2015 15:01:31 +0000 (16:01 +0100)] 
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches for 2.4.0-rc2

# gpg: Signature made Mon Jul 20 15:48:56 2015 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  crypto: Fix aes_decrypt_wrapper()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
Peter Maydell [Mon, 20 Jul 2015 12:25:28 +0000 (13:25 +0100)] 
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, vhost, pc fixes for 2.4

The only notable thing here is vhost-user multiqueue
revert. We'll work on making it stable in 2.5,
reverting now means we won't have to maintain
bug for bug compability forever.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon Jul 20 12:24:00 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  virtio-net: remove virtio queues if the guest doesn't support multiqueue
  virtio-net: Flush incoming queues when DRIVER_OK is being set
  pci_add_capability: remove duplicate comments
  virtio-net: unbreak any layout
  Revert "vhost-user: add multi queue support"
  ich9: fix skipped vmstate_memhp_state subsection

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agocrypto: Fix aes_decrypt_wrapper()
Kevin Wolf [Fri, 17 Jul 2015 17:44:10 +0000 (19:44 +0200)] 
crypto: Fix aes_decrypt_wrapper()

Commit d3462e3 broke qcow2's encryption functionality by using encrypt
instead of decrypt in the wrapper function it introduces. This was found
by qemu-iotests case 134.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
7 years agovirtio-net: remove virtio queues if the guest doesn't support multiqueue
Wen Congyang [Wed, 15 Jul 2015 09:20:59 +0000 (17:20 +0800)] 
virtio-net: remove virtio queues if the guest doesn't support multiqueue

commit da51a335 adds all queues in .realize(). But if the
guest doesn't support multiqueue, we forget to remove them. And
we cannot handle the ctrl vq corretly. The guest will hang.

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
7 years agovirtio-net: Flush incoming queues when DRIVER_OK is being set
Fam Zheng [Wed, 15 Jul 2015 03:02:27 +0000 (11:02 +0800)] 
virtio-net: Flush incoming queues when DRIVER_OK is being set

This patch fixes network hang after "stop" then "cont", while network
packets keep arriving.

Tested both manually (tap, host pinging guest) and with Jason's qtest
series (plus his "[PATCH 2.4] socket: pass correct size in
net_socket_send()" fix).

As virtio_net_set_status is called when guest driver is setting status
byte and when vm state is changing, it is a good opportunity to flush
queued packets.

This is necessary because during vm stop the backend (e.g. tap) would
stop rx processing after .can_receive returns false, until the queue is
explicitly flushed or purged.

The other interesting condition in .can_receive, virtio_queue_ready(),
is handled by virtio_net_handle_rx() when guest kicks; the 3rd condition
is invalid queue index which doesn't need flushing.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agopci_add_capability: remove duplicate comments
Chen Hanxiao [Tue, 14 Jul 2015 08:16:11 +0000 (16:16 +0800)] 
pci_add_capability: remove duplicate comments

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agovirtio-net: unbreak any layout
Jason Wang [Fri, 17 Jul 2015 07:19:18 +0000 (15:19 +0800)] 
virtio-net: unbreak any layout

Commit 032a74a1c0fcdd5fd1c69e56126b4c857ee36611
("virtio-net: byteswap virtio-net header") breaks any layout by
requiring out_sg[0].iov_len >= n->guest_hdr_len. Fixing this by
copying header to temporary buffer if swap is needed, and then use
this buffer as part of out_sg.

Fixes 032a74a1c0fcdd5fd1c69e56126b4c857ee36611
("virtio-net: byteswap virtio-net header")
Cc: qemu-stable@nongnu.org
Cc: clg@fr.ibm.com
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
7 years agoRevert "vhost-user: add multi queue support"
Michael S. Tsirkin [Wed, 15 Jul 2015 10:47:31 +0000 (13:47 +0300)] 
Revert "vhost-user: add multi queue support"

This reverts commit 830d70db692e374b55555f4407f96a1ceefdcc97.

The interface isn't fully backwards-compatible, which is bad.
Let's redo this properly after 2.4.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agoich9: fix skipped vmstate_memhp_state subsection
Paulo Alcantara [Mon, 13 Jul 2015 20:45:42 +0000 (17:45 -0300)] 
ich9: fix skipped vmstate_memhp_state subsection

By declaring another .subsections array for vmstate_tco_io_state made
vmstate_memhp_state not registered anymore. There must be only one
.subsections array for all subsections.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>
Reported-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/amit-virtio-rng/tags/vrng-2.4' into staging
Peter Maydell [Fri, 17 Jul 2015 14:22:45 +0000 (15:22 +0100)] 
Merge remote-tracking branch 'remotes/amit-virtio-rng/tags/vrng-2.4' into staging

Fire timer only when required.  Brings down wakeups by a big number.

# gpg: Signature made Fri Jul 17 14:41:40 2015 BST using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit-virtio-rng/tags/vrng-2.4:
  virtio-rng: trigger timer only when guest requests for entropy

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agovirtio-rng: trigger timer only when guest requests for entropy
Pankaj Gupta [Wed, 15 Jul 2015 12:16:47 +0000 (17:46 +0530)] 
virtio-rng: trigger timer only when guest requests for entropy

This patch triggers timer only when guest requests for
entropy. As soon as first request from guest for entropy
comes we set the timer. Timer bumps up the quota value
when it gets triggered.

Signed-off-by: Pankaj Gupta <pagupta@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1436962608-9961-2-git-send-email-pagupta@redhat.com>

[Re-worded patch subject, removed extra whitespace -- Amit]

Signed-off-by: Amit Shah <amit.shah@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20150717-1' into staging
Peter Maydell [Fri, 17 Jul 2015 11:39:12 +0000 (12:39 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20150717-1' into staging

usb: fixes for 2.4 (ccid, xhci and usb-host)

# gpg: Signature made Fri Jul 17 12:21:42 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-usb-20150717-1:
  Revert "xhci: set timer to retry xfers"
  usb-ccid: add missing wakeup calls
  usb-ccid: fix 61b4887b41b270bc837ead57bc502d904af023bb
  Re-attach usb device to kernel while usb_host_open fails

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoRevert "xhci: set timer to retry xfers"
Gerd Hoffmann [Fri, 17 Jul 2015 08:12:55 +0000 (10:12 +0200)] 
Revert "xhci: set timer to retry xfers"

This reverts commit 4e8cfbe1143d8384387595b500212d7a7f11aeae.

We should not poll via timer, and with ccid being fixed
to properly notify us about pending transfers we don't have to.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-ccid: add missing wakeup calls
Gerd Hoffmann [Thu, 16 Jul 2015 14:33:07 +0000 (16:33 +0200)] 
usb-ccid: add missing wakeup calls

Properly notify the host adapter that we have
data pending, so it doesn't has to poll us.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-ccid: fix 61b4887b41b270bc837ead57bc502d904af023bb
Gerd Hoffmann [Fri, 17 Jul 2015 09:34:11 +0000 (11:34 +0200)] 
usb-ccid: fix 61b4887b41b270bc837ead57bc502d904af023bb

QOMification dropped the parent device lookup, fix it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-input-20150717-1' into staging
Peter Maydell [Fri, 17 Jul 2015 09:52:12 +0000 (10:52 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-20150717-1' into staging

input: fixes for 2.4

# gpg: Signature made Fri Jul 17 07:45:17 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-input-20150717-1:
  hid: clarify hid_keyboard_process_keycode
  virtio-input: move sys/ioctl.h include
  virtio-input: fix segfault in virtio_input_hid_properties

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agohid: clarify hid_keyboard_process_keycode
Paolo Bonzini [Tue, 14 Jul 2015 09:18:06 +0000 (11:18 +0200)] 
hid: clarify hid_keyboard_process_keycode

Coverity thinks the fallthroughs are smelly.  They are correct, but
everything else in this function is like "wut?".

Refer explicitly to bits 8 and 9 of hs->kbd.modifiers instead of
shifting right first and using (1 << 7).  Document what the scancode
is when hid_code is 0xe0.  And add plenty of comments.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agoUpdate version for v2.4.0-rc1 release v2.4.0-rc1
Peter Maydell [Thu, 16 Jul 2015 19:32:20 +0000 (20:32 +0100)] 
Update version for v2.4.0-rc1 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Peter Maydell [Thu, 16 Jul 2015 18:18:15 +0000 (19:18 +0100)] 
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* MIPS-KVM fixes.
* Coverity fixes.
* Nettle function prototype fixes.
* Memory API refcount fix.

# gpg: Signature made Thu Jul 16 19:01:27 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  crypto: avoid undefined behavior in nettle calls
  crypto: fix build with nettle >= 3.0.0
  memory: fix refcount leak in memory_region_present
  RDMA: Fix error exits
  arm/xlnx-zynqmp: fix memory leak
  ppc/spapr_drc: fix memory leak
  mips/kvm: Sign extend registers written to KVM
  mips/kvm: Fix Big endian 32-bit register access

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agocrypto: avoid undefined behavior in nettle calls
Radim Krčmář [Fri, 10 Jul 2015 17:18:01 +0000 (19:18 +0200)] 
crypto: avoid undefined behavior in nettle calls

Calling a function pointer that was cast from an incompatible function
results in undefined behavior.  'void *' isn't compatible with 'struct
XXX *', so we can't cast to nettle_cipher_func, but have to provide a
wrapper.  (Conversion from 'void *' to 'struct XXX *' might require
computation, which won't be done if we drop argument's true type, and
pointers can have different sizes so passing arguments on stack would
bug.)

Having two different prototypes based on nettle version doesn't make
this solution any nicer.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Message-Id: <1437062641-12684-3-git-send-email-rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agocrypto: fix build with nettle >= 3.0.0
Radim Krčmář [Fri, 10 Jul 2015 17:18:00 +0000 (19:18 +0200)] 
crypto: fix build with nettle >= 3.0.0

In nettle 3, cbc_encrypt() accepts 'nettle_cipher_func' instead of
'nettle_crypt_func' and these two differ in 'const' qualifier of the
first argument.  The build fails with:

  In file included from crypto/cipher.c:71:0:
  ./crypto/cipher-nettle.c: In function ‘qcrypto_cipher_encrypt’:
  ./crypto/cipher-nettle.c:154:38: error: passing argument 2 of
  ‘nettle_cbc_encrypt’ from incompatible pointer type
           cbc_encrypt(ctx->ctx_encrypt, ctx->alg_encrypt,
                                               ^
  In file included from ./crypto/cipher-nettle.c:24:0,
                   from crypto/cipher.c:71:
  /usr/include/nettle/cbc.h:48:1: note: expected
  ‘void (*)(const void *, size_t, uint8_t *, const uint8_t *)
  but argument is of type
  ‘void (*)(      void *, size_t, uint8_t *, const uint8_t *)

To allow both versions, we switch to the new definition and #if typedef
it for old versions.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Message-Id: <1436548682-9315-2-git-send-email-rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agomemory: fix refcount leak in memory_region_present
Paolo Bonzini [Tue, 14 Jul 2015 11:45:34 +0000 (13:45 +0200)] 
memory: fix refcount leak in memory_region_present

memory_region_present() leaks a reference to a MemoryRegion in the
case "mr == container".  While fixing it, avoid reference counting
altogether for memory_region_present(), by using RCU only.

The return value could in principle be already invalid immediately
after memory_region_present returns, but presumably the caller knows
that and it's using memory_region_present to probe for devices that
are unpluggable, or something like that.  The RCU critical section
is needed anyway, because it protects as->current_map.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agoRDMA: Fix error exits
Dr. David Alan Gilbert [Fri, 10 Jul 2015 19:08:52 +0000 (20:08 +0100)] 
RDMA: Fix error exits

The error checks I added used 'break' after the error, but I'm
in a switch inside the while loop, so they need to be 'goto out'.

Spotted by coverity; entries 1311368 and 1311369

Fixes: afcddefd

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <1436555332-19076-1-git-send-email-dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agoarm/xlnx-zynqmp: fix memory leak
Gonglei [Fri, 10 Jul 2015 00:51:29 +0000 (08:51 +0800)] 
arm/xlnx-zynqmp: fix memory leak

fix CID 1311372.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1436489490-236-4-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agoppc/spapr_drc: fix memory leak
Gonglei [Fri, 10 Jul 2015 00:51:28 +0000 (08:51 +0800)] 
ppc/spapr_drc: fix memory leak

fix CID 1311373.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1436489490-236-3-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agomips/kvm: Sign extend registers written to KVM
James Hogan [Fri, 24 Apr 2015 10:26:53 +0000 (11:26 +0100)] 
mips/kvm: Sign extend registers written to KVM

In case we're running on a 64-bit host, be sure to sign extend the
general purpose registers and hi/lo/pc before writing them to KVM, so as
to take advantage of MIPS32/MIPS64 compatibility.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: kvm@vger.kernel.org
Cc: qemu-stable@nongnu.org
Message-Id: <1429871214-23514-3-git-send-email-james.hogan@imgtec.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agomips/kvm: Fix Big endian 32-bit register access
James Hogan [Fri, 24 Apr 2015 10:26:52 +0000 (11:26 +0100)] 
mips/kvm: Fix Big endian 32-bit register access

Fix access to 32-bit registers on big endian targets. The pointer passed
to the kernel must be for the actual 32-bit value, not a temporary
64-bit value, otherwise on big endian systems the kernel will only
interpret the upper half.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: kvm@vger.kernel.org
Cc: qemu-stable@nongnu.org
Message-Id: <1429871214-23514-2-git-send-email-james.hogan@imgtec.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/spice/tags/pull-spice-20150716-1' into staging
Peter Maydell [Thu, 16 Jul 2015 15:55:00 +0000 (16:55 +0100)] 
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20150716-1' into staging

qxl: allow to specify head limit to qxl driver

# gpg: Signature made Thu Jul 16 16:31:40 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/spice/tags/pull-spice-20150716-1:
  qxl: allow to specify head limit to qxl driver

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoRe-attach usb device to kernel while usb_host_open fails
Lin Ma [Wed, 24 Jun 2015 05:40:11 +0000 (13:40 +0800)] 
Re-attach usb device to kernel while usb_host_open fails

Signed-off-by: Lin Ma <lma@suse.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agovirtio-input: move sys/ioctl.h include
Gerd Hoffmann [Tue, 14 Jul 2015 11:44:12 +0000 (13:44 +0200)] 
virtio-input: move sys/ioctl.h include

Drop from include/standard-headers/linux/input.h
Add to hw/input/virtio-input-host.c instead.

That allows to build virtio-input (except pass-through) on windows.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agovirtio-input: fix segfault in virtio_input_hid_properties
Lin Ma [Tue, 14 Jul 2015 11:27:30 +0000 (19:27 +0800)] 
virtio-input: fix segfault in virtio_input_hid_properties

commit 5cce173 introduced virtio-input segfault, This patch fixes it.

Signed-off-by: Lin Ma <lma@suse.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agoqxl: allow to specify head limit to qxl driver
Frediano Ziglio [Mon, 6 Jul 2015 06:56:38 +0000 (07:56 +0100)] 
qxl: allow to specify head limit to qxl driver

This patch allow to limit number of heads using qxl driver. By default
qxl driver is not limited on any kind on head use so can decide to use
as much heads.

libvirt has this as a video card parameter (actually set to 1 but not
used). This parameter will allow to limit setting a use can do (which
could be confusing).

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/lalrae/tags/mips-20150716' into staging
Peter Maydell [Thu, 16 Jul 2015 09:40:22 +0000 (10:40 +0100)] 
Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150716' into staging

MIPS patches 2015-07-16

Changes:
* bug fixes

# gpg: Signature made Thu Jul 16 09:04:56 2015 BST using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8DD3 2F98 5495 9D66 35D4  4FC0 5211 8E3C 0B29 DA6B

* remotes/lalrae/tags/mips-20150716:
  target-mips: fix page fault address for LWL/LWR/LDL/LDR
  linux-user: Fix MIPS N64 trap and break instruction bug
  target-mips: fix resource leak reported by Coverity
  target-mips: fix logically dead code reported by Coverity
  target-mips: correct DERET instruction
  target-mips: fix ASID synchronisation for MIPS MT
  disas/mips: fix disassembling R6 instructions
  target-mips: fix to clear MSACSR.Cause
  target-mips: fix MIPS64R6-generic configuration

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
Peter Maydell [Wed, 15 Jul 2015 21:05:13 +0000 (22:05 +0100)] 
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging

X86 queue, 2015-07-15

Two bug fixes:
* Memory leak due to extra g_strdup() when registering X86CPU alias properties
* Fix CPUID levels so that W10 insider can run as guest OS

# gpg: Signature made Wed Jul 15 21:26:59 2015 BST using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-pull-request:
  target-i386: emulate CPUID level of real hardware
  target-i386: Don't strdup() alias property name

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into staging
Peter Maydell [Wed, 15 Jul 2015 20:06:54 +0000 (21:06 +0100)] 
Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into staging

NUMA queue, 2015-07-15

# gpg: Signature made Wed Jul 15 21:01:37 2015 BST using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/numa-pull-request:
  numa: Fix memory leak in numa_set_mem_node_id()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-i386: emulate CPUID level of real hardware
Radim Krčmář [Thu, 9 Jul 2015 19:07:39 +0000 (21:07 +0200)] 
target-i386: emulate CPUID level of real hardware

W10 insider has a bug where it ignores CPUID level and interprets
CPUID.(EAX=07H, ECX=0H) incorrectly, because CPUID in fact returned
CPUID.(EAX=04H, ECX=0H);  this resulted in execution of unsupported
instructions.

While it's a Windows bug, there is no reason to emulate incorrect level.

I used http://instlatx64.atw.hu/ as a source of CPUID and checked that
it matches Penryn Xeon X5472, Westmere Xeon W3520, SandyBridge i5-2540M,
and Haswell i5-4670T.

kvm64 and qemu64 were bumped to 0xD to allow all available features for
them (and to avoid the same Windows bug).

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
7 years agotarget-i386: Don't strdup() alias property name
Eduardo Habkost [Thu, 9 Jul 2015 15:24:43 +0000 (12:24 -0300)] 
target-i386: Don't strdup() alias property name

Now object_property_add_alias() calls g_strdup() on the target property
name, so we don't need to call g_strdup() ourselves.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
7 years agonuma: Fix memory leak in numa_set_mem_node_id()
Bharata B Rao [Thu, 9 Jul 2015 15:27:36 +0000 (20:57 +0530)] 
numa: Fix memory leak in numa_set_mem_node_id()

Fix a memory leak in numa_set_mem_node_id().

Signed-off-by: Bharata B Rao <bharata@linux.vnet.com>
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150715' into...
Peter Maydell [Wed, 15 Jul 2015 16:28:59 +0000 (17:28 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150715' into staging

target arm queue:
 * handle broken AArch64 kernels which assume DTB won't cross a 2MB boundary
 * correct broken SCTLR_EL3 reset value

# gpg: Signature made Wed Jul 15 17:24:24 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20150715:
  hw/arm/boot: Increase fdt alignment
  target-arm: Fix broken SCTLR_EL3 reset

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agohw/arm/boot: Increase fdt alignment
Alexander Graf [Wed, 15 Jul 2015 16:16:26 +0000 (17:16 +0100)] 
hw/arm/boot: Increase fdt alignment

The Linux kernel on aarch64 creates a page table entry at early bootup
that spans the 2MB range on memory spanning the fdt start address:

  [ ALIGN_DOWN(fdt, 2MB) ... ALIGN_DOWN(fdt, 2MB) + 2MB ]

This means that when our current 4k alignment happens to fall at the end
of the aligned region, Linux tries to access memory that is not mapped.

The easy fix is to instead increase the alignment to 2MB, making Linux's
logic always succeed.

We leave the existing 4k alignment for 32bit kernels to not cause any
regressions due to space constraints.

Reported-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-arm: Fix broken SCTLR_EL3 reset
Peter Maydell [Wed, 15 Jul 2015 16:16:26 +0000 (17:16 +0100)] 
target-arm: Fix broken SCTLR_EL3 reset

The SCTLR_EL3 cpreg definition was implicitly resetting the
register state to 0, which is both wrong and clashes with
the reset done via the SCTLR definition (since sctlr[3]
is unioned with sctlr_s). This went unnoticed until recently,
when an unrelated change (commit a903c449b41f105aa) happened to
perturb the order of enumeration through the cpregs hashtable for
reset such that the erroneous reset happened after the correct one
rather than before it. Fix this by marking SCTLR_EL3 as an alias,
so its reset is left up to the AArch32 view.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
7 years agoMerge remote-tracking branch 'remotes/cody/tags/jtc-for-upstream-pull-request' into...
Peter Maydell [Wed, 15 Jul 2015 13:23:58 +0000 (14:23 +0100)] 
Merge remote-tracking branch 'remotes/cody/tags/jtc-for-upstream-pull-request' into staging

# gpg: Signature made Wed Jul 15 03:25:16 2015 BST using RSA key ID C0DE3057
# gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>"
# gpg:                 aka "Jeffrey Cody <jeff@codyprime.org>"
# gpg:                 aka "Jeffrey Cody <codyprime@gmail.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 9957 4B4D 3474 90E7 9D98  D624 BDBE 7B27 C0DE 3057

* remotes/cody/tags/jtc-for-upstream-pull-request:
  block/curl: Don't lose original error when a connection fails.
  mirror: correct buf_size
  block: keep bitmap if incremental backup job is cancelled
  blockdev: no need to drain in qmp_block_commit
  block/mirror: Sleep periodically during bitmap scanning

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-mips: fix page fault address for LWL/LWR/LDL/LDR
Aurelien Jarno [Tue, 14 Jul 2015 15:45:16 +0000 (17:45 +0200)] 
target-mips: fix page fault address for LWL/LWR/LDL/LDR

When a LWL, LWR, LDL or LDR instruction triggers a page fault, QEMU
currently reports the aligned address in CP0 BadVAddr, while the Windows
NT kernel expects the unaligned address.

This patch adds a byte access with the unaligned address at the
beginning of the LWL/LWR/LDL/LDR instructions to possibly trigger a page
fault and fill the QEMU TLB.

Cc: Leon Alrae <leon.alrae@imgtec.com>
Reported-by: Hervé Poussineau <hpoussin@reactos.org>
Tested-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
7 years agolinux-user: Fix MIPS N64 trap and break instruction bug
Andrew Bennett [Mon, 29 Jun 2015 10:20:07 +0000 (10:20 +0000)] 
linux-user: Fix MIPS N64 trap and break instruction bug

For the MIPS N64 ABI when QEMU reads the break/trap instruction so that
it can inspect the break/trap code it reads 8 rather than 4 bytes
which means it finds the code field from the instruction after the
break/trap instruction.  This then causes the break/trap handling
code to fail because it does not understand the code number.

The fix forces QEMU to always read 4 bytes of instruction data rather
than deciding how much to read based on the ABI.

Signed-off-by: Andrew Bennett <andrew.bennett@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
7 years agotarget-mips: fix resource leak reported by Coverity
Leon Alrae [Tue, 14 Jul 2015 10:08:15 +0000 (11:08 +0100)] 
target-mips: fix resource leak reported by Coverity

UHI assert and link operations call lock_user_string() twice to obtain two
strings pointed by gpr[4] and gpr[5]. If the second lock_user_string()
fails, then the first one won't get freed. Fix this by introducing another
macro responsible for obtaining two strings and handling allocation
failure.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agotarget-mips: fix logically dead code reported by Coverity
Leon Alrae [Tue, 14 Jul 2015 10:08:14 +0000 (11:08 +0100)] 
target-mips: fix logically dead code reported by Coverity

Make use of CMPOP in floating-point compare instructions.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agotarget-mips: correct DERET instruction
Leon Alrae [Tue, 14 Jul 2015 10:08:13 +0000 (11:08 +0100)] 
target-mips: correct DERET instruction

Fix Debug Mode flag clearing, and when DERET is placed between LL and SC
do not make SC fail.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agotarget-mips: fix ASID synchronisation for MIPS MT
Aurelien Jarno [Wed, 1 Jul 2015 13:59:13 +0000 (15:59 +0200)] 
target-mips: fix ASID synchronisation for MIPS MT

When syncing the task ASID with EntryHi, correctly or the value instead
of assigning it.

Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
7 years agodisas/mips: fix disassembling R6 instructions
Yongbok Kim [Tue, 30 Jun 2015 15:33:15 +0000 (16:33 +0100)] 
disas/mips: fix disassembling R6 instructions

In the Release 6 of the MIPS Architecture, LL, SC, LLD, SCD, PREF
and CACHE instructions have 9 bits offsets.

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
7 years agotarget-mips: fix to clear MSACSR.Cause
Yongbok Kim [Tue, 30 Jun 2015 14:44:28 +0000 (15:44 +0100)] 
target-mips: fix to clear MSACSR.Cause

MSACSR.Cause bits are needed to be cleared before a vector floating-point
instructions.
FEXDO.df, FEXUPL.df and FEXUPR.df were missed out.

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
7 years agotarget-mips: fix MIPS64R6-generic configuration
Yongbok Kim [Mon, 29 Jun 2015 09:11:23 +0000 (10:11 +0100)] 
target-mips: fix MIPS64R6-generic configuration

Fix core configuration for MIPS64R6-generic to make it as close as
I6400.
I6400 core has 48-bit of Virtual Address available (SEGBITS).
MIPS SIMD Architecture is available.
Rearrange order of bits to match the specification.

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
7 years agoMerge remote-tracking branch 'remotes/juanquintela/tags/migration/20150715-1' into...
Peter Maydell [Wed, 15 Jul 2015 11:22:31 +0000 (12:22 +0100)] 
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20150715-1' into staging

migration/next for 20150715

# gpg: Signature made Wed Jul 15 11:23:33 2015 BST using RSA key ID 5872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>"
# gpg:                 aka "Juan Quintela <quintela@trasno.org>"

* remotes/juanquintela/tags/migration/20150715-1:
  migration: We also want to store the global state for savevm
  migration: reduce the count of strlen call
  migration: Register global state section before loadvm
  migration: Write documetation for events capabilites
  migration: Trace event and migration event are different things
  migration: Only change state after migration has finished

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agomigration: We also want to store the global state for savevm
Juan Quintela [Wed, 15 Jul 2015 07:53:46 +0000 (09:53 +0200)] 
migration: We also want to store the global state for savevm

Commit df4b1024526cae3479da3492d6371fd4a7324a03 introduced global_state
section.  But it only filled the state while doing migration.  While
doing a savevm, we stored an empty string as state.  So when we did a
loadvm, it complained that state was invalid.

Fedora 21, 4.1.1, qemu 2.4.0-rc0
> ../../configure --target-list="x86_64-softmmu"

068 2s ... - output mismatch (see 068.out.bad)
--- /home/bos/jhuston/src/qemu/tests/qemu-iotests/068.out 2015-07-08
17:56:18.588164979 -0400
+++ 068.out.bad 2015-07-09 17:39:58.636651317 -0400
@@ -6,6 +6,8 @@
 QEMU X.Y.Z monitor - type 'help' for more information
 (qemu) savevm 0
 (qemu) quit
+qemu-system-x86_64: Unknown savevm section or instance 'globalstate' 0
+qemu-system-x86_64: Error -22 while loading VM state
 QEMU X.Y.Z monitor - type 'help' for more information
 (qemu) quit
 *** done
Failures: 068
Failed 1 of 1 tests

Actually, there were two problems here:
- we registered global_state too late for load_vm (fixed on another
  patch on the list)
- we didn't store a valid state for savevm (fixed by this patch).

Reported-by: John Snow <jsnow@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
7 years agomigration: reduce the count of strlen call
Liang Li [Mon, 13 Jul 2015 09:34:10 +0000 (17:34 +0800)] 
migration: reduce the count of strlen call

'strlen' is called three times in 'save_page_header', it's
inefficient.

Signed-off-by: Liang Li <liang.z.li@intel.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
7 years agomigration: Register global state section before loadvm
Juan Quintela [Fri, 10 Jul 2015 12:51:58 +0000 (14:51 +0200)] 
migration: Register global state section before loadvm

Otherwise, it is not found

Signed-off-by: Juan Quintela <quintela@redhat.com>
7 years agomigration: Write documetation for events capabilites
Juan Quintela [Wed, 8 Jul 2015 12:13:10 +0000 (14:13 +0200)] 
migration: Write documetation for events capabilites

Reported-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
7 years agomigration: Trace event and migration event are different things
Juan Quintela [Wed, 8 Jul 2015 11:58:27 +0000 (13:58 +0200)] 
migration: Trace event and migration event are different things

We can want the trace event even without migration events enabled.

Reported-by: Wen Congyang <ghostwcy@gmail.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
7 years agomigration: Only change state after migration has finished
Juan Quintela [Wed, 8 Jul 2015 11:56:26 +0000 (13:56 +0200)] 
migration: Only change state after migration has finished

On previous change, we changed state at post load time if it was not
running, special casing the "running" change.  Now, we change any states
at the end of the migration.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
7 years agoblock/curl: Don't lose original error when a connection fails.
Richard W.M. Jones [Wed, 8 Jul 2015 13:37:48 +0000 (14:37 +0100)] 
block/curl: Don't lose original error when a connection fails.

Currently if qemu is connected to a curl source (eg. web server), and
the web server fails / times out / dies, you always see a bogus EIO
"Input/output error".

For example, choose a large file located on any local webserver which
you control:

  $ qemu-img convert -p http://example.com/large.iso /tmp/test

Once it starts copying the file, stop the webserver and you will see
qemu-img fail with:

  qemu-img: error while reading sector 61440: Input/output error

This patch does two things: Firstly print the actual error from curl
so it doesn't get lost.  Secondly, change EIO to EPROTO.  EPROTO is a
POSIX.1 compatible errno which more accurately reflects that there was
a protocol error, rather than some kind of hardware failure.

After this patch is applied, the error changes to:

  $ qemu-img convert -p http://example.com/large.iso /tmp/test
  qemu-img: curl: transfer closed with 469989 bytes remaining to read
  qemu-img: error while reading sector 16384: Protocol error

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
7 years agomirror: correct buf_size
Wen Congyang [Fri, 15 May 2015 07:51:36 +0000 (15:51 +0800)] 
mirror: correct buf_size

If bus_size is less than 0, the command fails.
If buf_size is 0, use DEFAULT_MIRROR_BUF_SIZE.
If buf_size % granularity is not 0, mirror_free_init() will
do dangerous things.

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 5555A588.3080907@cn.fujitsu.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
7 years agoblock: keep bitmap if incremental backup job is cancelled
Stefan Hajnoczi [Mon, 15 Jun 2015 15:02:14 +0000 (16:02 +0100)] 
block: keep bitmap if incremental backup job is cancelled

Reclaim the dirty bitmap if an incremental backup block job is
cancelled.  The ret variable may be 0 when the job is cancelled so it's
not enough to check ret < 0.

Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1434380534-7680-1-git-send-email-stefanha@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
7 years agoblockdev: no need to drain in qmp_block_commit
Paolo Bonzini [Thu, 28 May 2015 14:21:43 +0000 (16:21 +0200)] 
blockdev: no need to drain in qmp_block_commit

Draining is not necessary, I/O can happen as soon as the
commit coroutine yields.  Draining can be necessary before
reopening the file for read/write, or while modifying the
backing file chain, but that is done separately in
bdrv_reopen_multiple or bdrv_close; this particular
bdrv_drain_all does nothing for that.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1432822903-25821-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
7 years agoblock/mirror: Sleep periodically during bitmap scanning
Fam Zheng [Wed, 13 May 2015 03:11:13 +0000 (11:11 +0800)] 
block/mirror: Sleep periodically during bitmap scanning

Before, we only yield after initializing dirty bitmap, where the QMP
command would return. That may take very long, and guest IO will be
blocked.

Add sleep points like the later mirror iterations.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Wen Congyang <wency@cn.fujitsu.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1431486673-19280-1-git-send-email-famz@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/cohuck/tags/s390x-20150714' into staging
Peter Maydell [Tue, 14 Jul 2015 17:50:16 +0000 (18:50 +0100)] 
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20150714' into staging

s390x fixes for 2.4:
- virtio migration regression
- missing diag288 watchdog resets

# gpg: Signature made Tue Jul 14 18:17:54 2015 BST using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"

* remotes/cohuck/tags/s390x-20150714:
  s390/virtio-ccw: Fix migration
  watchdog/diag288: correctly register for system reset requests

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agos390/virtio-ccw: Fix migration
Christian Borntraeger [Tue, 7 Jul 2015 11:47:23 +0000 (13:47 +0200)] 
s390/virtio-ccw: Fix migration

commit 213941d73b ("virtio-ccw: migrate ->revision") broke
migration:
2015-07-07T11:22:55.570968Z qemu-system-s390x: VQ 39 address 0x0 inconsistent with Host index 0x100
2015-07-07T11:22:55.571008Z qemu-system-s390x: error while loading state for instance 0x0 of

If thinint support is active, the config_load function returns early.
Make sure to load the revision all the time.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Fixes: 213941d73b ("virtio-ccw: migrate ->revision")
Message-Id: <1436269643-66303-1-git-send-email-borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
7 years agowatchdog/diag288: correctly register for system reset requests
Xu Wang [Mon, 29 Jun 2015 06:21:10 +0000 (08:21 +0200)] 
watchdog/diag288: correctly register for system reset requests

The diag288 watchdog is no sysbus device, therefore it doesn't get
triggered on resets automatically using dc->reset.

Let's register the reset handler manually, so we get correctly notified
again when a system reset was requested. Also reset the watchdog on
subsystem resets that don't trigger a full system reset.

Signed-off-by: Xu Wang <gesaint@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
7 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Tue, 14 Jul 2015 15:51:44 +0000 (16:51 +0100)] 
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches for 2.4.0-rc1

# gpg: Signature made Tue Jul 14 16:15:35 2015 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  rbd: fix ceph settings precedence
  rbd: make qemu's cache setting override any ceph setting
  MAINTAINERS: update email address
  rbd: remove unused constants and fields
  block: Fix backing file child when modifying graph
  block: Reorder cleanups in bdrv_close()
  block: Introduce bdrv_unref_child()
  block: Introduce bdrv_open_child()
  block: Move bdrv_attach_child() calls up the call chain
  nvme: properly report volatile write caches
  nvme: implement the Flush command

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agorbd: fix ceph settings precedence
Josh Durgin [Thu, 11 Jun 2015 03:28:46 +0000 (20:28 -0700)] 
rbd: fix ceph settings precedence

Apply the ceph settings from a config file before any ceph settings
from the command line. Since the ceph config file location may be
specified on the command line, parse it once to read the config file,
and do a second pass to apply the rest of the command line ceph
options.

Signed-off-by: Josh Durgin <jdurgin@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agorbd: make qemu's cache setting override any ceph setting
Josh Durgin [Thu, 11 Jun 2015 03:28:45 +0000 (20:28 -0700)] 
rbd: make qemu's cache setting override any ceph setting

To be safe, when cache=none is used ceph settings should not be able
to override it to turn on caching. This was previously possible with
rbd_cache=true in the rbd device configuration or a ceph configuration
file. Similarly, rbd settings could have turned off caching when qemu
requested it, although this would just be a performance problem.

Fix this by changing rbd's cache setting to match qemu after all other
ceph settings have been applied.

Signed-off-by: Josh Durgin <jdurgin@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoMAINTAINERS: update email address
Josh Durgin [Thu, 11 Jun 2015 03:28:44 +0000 (20:28 -0700)] 
MAINTAINERS: update email address

The old one still works for now, but will not work indefinitely.

Signed-off-by: Josh Durgin <jdurgin@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agorbd: remove unused constants and fields
Josh Durgin [Thu, 11 Jun 2015 03:28:43 +0000 (20:28 -0700)] 
rbd: remove unused constants and fields

RBDAIOCB.status was only used for cancel, which was removed in
7691e24dbebb46658e89b3f950fda6ec78bbb823.

RBDAIOCB.sector_num was never used.

RADOSCB.done and rcbid were never used.

RBD_FD* are obsolete since the pipe was removed in
e04fb07fd1676e9facd7f3f878c1bbe03bccd26b.

Signed-off-by: Josh Durgin <jdurgin@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoblock: Fix backing file child when modifying graph
Kevin Wolf [Wed, 17 Jun 2015 13:52:09 +0000 (15:52 +0200)] 
block: Fix backing file child when modifying graph

This patch moves bdrv_attach_child() from the individual places that add
a backing file to a BDS to bdrv_set_backing_hd(), which is called by all
of them. It also adds bdrv_detach_child() there.

For normal operation (starting with one backing file chain and not
changing it until the topmost image is closed) and live snapshots, this
constitutes no change in behaviour.

For all other cases, this is a fix for the bug that the old backing file
was still referenced as a child, and the new one wasn't referenced.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
7 years agoblock: Reorder cleanups in bdrv_close()
Kevin Wolf [Tue, 16 Jun 2015 08:58:20 +0000 (10:58 +0200)] 
block: Reorder cleanups in bdrv_close()

Block drivers may still want to access their child nodes in their
.bdrv_close handler. If they unref and/or detach a child by themselves,
this should not result in a double free.

There is additional code for backing files, which are just a special
case of child nodes. The same applies for them.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
7 years agoblock: Introduce bdrv_unref_child()
Kevin Wolf [Mon, 15 Jun 2015 11:51:04 +0000 (13:51 +0200)] 
block: Introduce bdrv_unref_child()

This is the counterpart for bdrv_open_child(). It decreases the
reference count of the child BDS and removes it from the list of
children of the given parent BDS.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
7 years agoblock: Introduce bdrv_open_child()
Kevin Wolf [Mon, 15 Jun 2015 11:24:19 +0000 (13:24 +0200)] 
block: Introduce bdrv_open_child()

It is the same as bdrv_open_image(), except that it doesn't only return
success or failure, but the newly created BdrvChild object for the new
child node.

As the BdrvChild object already contains a BlockDriverState pointer (and
this is supposed to become the only pointer so that bdrv_append() and
friends can just change a single pointer in BdrvChild), the pbs
parameter is removed for bdrv_open_child().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
7 years agoblock: Move bdrv_attach_child() calls up the call chain
Kevin Wolf [Mon, 15 Jun 2015 09:53:47 +0000 (11:53 +0200)] 
block: Move bdrv_attach_child() calls up the call chain

Let the callers of bdrv_open_inherit() call bdrv_attach_child(). It
needs to be called in all cases where bdrv_open_inherit() succeeds (i.e.
returns 0) and a child_role is given.

bdrv_attach_child() is moved upwards to avoid a forward declaration.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
7 years agonvme: properly report volatile write caches
Christoph Hellwig [Thu, 11 Jun 2015 10:01:39 +0000 (12:01 +0200)] 
nvme: properly report volatile write caches

Implement support in Identify and Get/Set Features to properly report
and allow to change the Volatile Write Cache status reported by the
virtual NVMe device.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agonvme: implement the Flush command
Christoph Hellwig [Thu, 11 Jun 2015 10:01:38 +0000 (12:01 +0200)] 
nvme: implement the Flush command

Implement a real flush instead of faking it.  This is especially important
as Qemu assume Write back cashing by default and thus requires a working
cache flush operation for data integrity.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20150714-1' into staging
Peter Maydell [Tue, 14 Jul 2015 13:52:45 +0000 (14:52 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20150714-1' into staging

vnc: fix vnc client authentication

# gpg: Signature made Tue Jul 14 14:38:48 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vnc-20150714-1:
  vnc: fix vnc client authentication

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agovnc: fix vnc client authentication
Wolfgang Bumiller [Tue, 14 Jul 2015 12:51:40 +0000 (14:51 +0200)] 
vnc: fix vnc client authentication

Commit 800567a61 updated the code to the generic crypto API
and mixed up encrypt and decrypt functions in
procotol_client_auth_vnc.
(Used to be: deskey(key, EN0) which encrypts, and was
changed to qcrypto_cipher_decrypt in 800567a61.)
Changed it to qcrypto_cipher_encrypt now.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
Peter Maydell [Mon, 13 Jul 2015 12:35:51 +0000 (13:35 +0100)] 
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,virtio: fixes for 2.4

pc and virtio changes, bugfixes only.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon Jul 13 13:03:38 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  pc: fix reuse of pc-i440fx-2.4 in pc-i440fx-2.3
  Revert "virtio-net: enable virtio 1.0"
  virtio-pci: don't crash on illegal length
  qdev: fix 64 bit properties

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agopc: fix reuse of pc-i440fx-2.4 in pc-i440fx-2.3
Eduardo Habkost [Tue, 23 Jun 2015 17:00:51 +0000 (14:00 -0300)] 
pc: fix reuse of pc-i440fx-2.4 in pc-i440fx-2.3

commit fddd179ab962f6f78a8493742e1068d6a620e059,
    "pc: Convert *_MACHINE_OPTIONS macros into functions"
broke the chaining of *_machine_options() functions on
pc-i440fx-2.3, at:

  -#define PC_I440FX_2_3_MACHINE_OPTIONS \
  -    PC_I440FX_2_4_MACHINE_OPTIONS, \
  -    .alias = NULL, \
  -    .is_default = 0
  +static void pc_i440fx_2_3_machine_options(QEMUMachine *m)
  +{
  +    pc_i440fx_machine_options(m);
  +    m->alias = NULL;
  +    m->is_default = 0;
  +}

I have replaced PC_I440FX_2_4_MACHINE_OPTIONS with a
pc_i440fx_machine_options() call, instead of calling
pc_i440fx_2_4_machine_options(). This broke the setting of default_machine_opts
and default_display on pc-i440fx-{2.0,2,1,2.2,2.3}.

Fix this by making pc_i440fx_2_3_machine_options() reuse
pc_i440fx_2_4_machine_options().

Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
7 years agoRevert "virtio-net: enable virtio 1.0"
Jason Wang [Mon, 13 Jul 2015 05:46:50 +0000 (13:46 +0800)] 
Revert "virtio-net: enable virtio 1.0"

This reverts commit df91055db5c9cee93d70ca8c08d72119a240b987.

This is because:
- vhost support virtio 1.0 now
- transport code (e.g virtio-pci) set this feature when modern is
  enabled, setting this unconditionally will break disable-modern=on.

Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agovirtio-pci: don't crash on illegal length
Michael S. Tsirkin [Mon, 13 Jul 2015 07:32:50 +0000 (10:32 +0300)] 
virtio-pci: don't crash on illegal length

Some guests seem to access cfg with an illegal length value.
It's worth fixing them but debugging is easier if
qemu does not crash.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agoqdev: fix 64 bit properties
Cornelia Huck [Thu, 9 Jul 2015 11:01:14 +0000 (13:01 +0200)] 
qdev: fix 64 bit properties

64 bit props used 32 bit callbacks in two places, leading to broken
feature bits on virtio (example: got 0x31000000000006d4 which is
obviously bogus). Fix this.

Fixes: fdba6d96 ("qdev: add 64bit properties")
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agotci: Fix regression with INDEX_op_qemu_st_i32, INDEX_op_qemu_st_i64
Stefan Weil [Fri, 10 Jul 2015 19:22:39 +0000 (21:22 +0200)] 
tci: Fix regression with INDEX_op_qemu_st_i32, INDEX_op_qemu_st_i64

Commit 59227d5d45bb3c31dc2118011691c35b3c00879c did not update the
code in tcg/tci/tcg-target.c for those two cases.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1436556159-3002-1-git-send-email-sw@weilnetz.de
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoUpdate version for v2.4.0-rc0 release v2.4.0-rc0
Peter Maydell [Thu, 9 Jul 2015 16:56:56 +0000 (17:56 +0100)] 
Update version for v2.4.0-rc0 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotci: Fix compile failure by including qemu-common.h
Peter Maydell [Thu, 9 Jul 2015 16:46:24 +0000 (17:46 +0100)] 
tci: Fix compile failure by including qemu-common.h

Compilation of TCI was accidentally broken by the recent disassembler
changes:

  CC    x86_64-softmmu/arch_init.o
In file included from target-i386/cpu-qom.h:23:0,
                 from target-i386/cpu.h:986,
                 from include/qemu-common.h:122,
                 from include/disas/bfd.h:12,
                 from disas/tci.c:20:
include/qom/cpu.h:178:43: error: unknown type name ‘disassemble_info’
     void (*disas_set_info)(CPUState *cpu, disassemble_info *info);
                                           ^
include/qom/cpu.h:179:1: error:
no semicolon at end of struct or union [-Werror]
 } CPUClass;
 ^
cc1: all warnings being treated as errors

The underlying cause of this is an include loop:
 bfd.h -> qemu-common.h -> target-arm/cpu.h ->  target-arm/cpu-qom.h
  -> qom/cpu.h -> bfd.h

which means that if bfd.h is included first then qom/cpu.h doesn't
get the definition of the disassemble_info type that it wanted.
The easiest fix for this is to include qemu-common.h from tci.c
before including disas/bfd.h.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Peter Maydell [Thu, 9 Jul 2015 15:22:37 +0000 (16:22 +0100)] 
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Fixes for two bad bugs.  For 2.4-rc0.

# gpg: Signature made Thu Jul  9 15:54:19 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  crypto: fix builtin qcrypto_cipher_free
  migration: fix RCU deadlock

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agocrypto: fix builtin qcrypto_cipher_free
Paolo Bonzini [Thu, 9 Jul 2015 14:52:48 +0000 (16:52 +0200)] 
crypto: fix builtin qcrypto_cipher_free

This was dereferencing a pointer before checking if it was NULL.

Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reported-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-peter' into staging
Peter Maydell [Thu, 9 Jul 2015 14:00:37 +0000 (15:00 +0100)] 
Merge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-peter' into staging

QOM CPUState and X86CPU

* Further QOM'ification of CPU initialization
* Propagation of CPUState arguments and elimination of ENV_GET_CPU() usage
* cpu_set_pc() abstraction
* CPUClass::disas_set_info() hook

# gpg: Signature made Thu Jul  9 14:23:12 2015 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-cpu-for-peter: (22 commits)
  disas: cris: QOMify target specific disas setup
  disas: cris: Fix 0 buffer length case
  disas: microblaze: QOMify target specific disas setup
  disas: arm: QOMify target specific disas setup
  disas: arm-a64: Make printfer and stream variable
  disas: QOMify target specific setup
  disas: Add print_insn to disassemble info
  microblaze: boot: Use cpu_set_pc()
  hw/arm/boot: Use cpu_set_pc()
  gdbstub: Use cpu_set_pc() helper
  cpu: Add wrapper for the set_pc() hook
  cpu-exec: Purge all uses of ENV_GET_CPU()
  cpu: Change cpu_exec_init() arg to cpu, not env
  cpu: Change tcg_cpu_exec() arg to cpu, not env
  gdbstub: Change gdbserver_fork() to accept cpu instead of env
  translate-all: Change tb_flush() env argument to cpu
  target-ppc: Move cpu_exec_init() call to realize function
  cpu: Convert cpu_index into a bitmap
  cpu: Add Error argument to cpu_exec_init()
  cpu: Reorder cpu->as, cpu->thread_id, cpu->memory_dispatch init
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agodisas: cris: QOMify target specific disas setup
Peter Crosthwaite [Wed, 24 Jun 2015 03:57:38 +0000 (20:57 -0700)] 
disas: cris: QOMify target specific disas setup

Move the target_disas() cris specifics to the QOM disas_set_info() hook
and delete the cris specific code in disas.c.

This also now adds support for monitor_disas() to cris.

E.g.
(qemu) xp 0x40004000
0000000040004000: 0x1e6f25f0

And before this patch:
(qemu) xp/i 0x40004000
0x40004000: Asm output not supported on this arch

After:
(qemu) xp/i 0x40004000
0x40004000:  di
(qemu) xp/i 0x40004002
0x40004002:  move.d 0xb003c004,$r1

Note: second example is 6-byte misaligned instruction!

Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agodisas: cris: Fix 0 buffer length case
Peter Crosthwaite [Wed, 24 Jun 2015 03:57:37 +0000 (20:57 -0700)] 
disas: cris: Fix 0 buffer length case

Cris has the complication of variable length instructions and has
a check in place to clamp memory reads in case the disas request
doesn't have enough bytes for the instruction being disas'd. This
breaks down in the case where disassembling for the monitor where
the buffer length is defaulted to 0.

The buffer length should never be zero for a regular target_disas,
so we can safely assume the 0 case is for the monitor in which case
consider the buffer length to be the max for cris instructions.

Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agodisas: microblaze: QOMify target specific disas setup
Peter Crosthwaite [Wed, 24 Jun 2015 03:57:36 +0000 (20:57 -0700)] 
disas: microblaze: QOMify target specific disas setup

Move the target_disas() MB specifics to the QOM disas_set_info hook
and delete the MB specific code in disas.c.

This also now adds support for monitor_disas() to Microblaze.

E.g.
(qemu) xp 0x90000000
0000000090000000: 0x94208001

And before this patch:
(qemu) xp/i 0x90000000
0x90000000: Asm output not supported on this arch

After:
(qemu) xp/i 0x90000000
0x90000000:  mfs    r1, rmsr

Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agodisas: arm: QOMify target specific disas setup
Peter Crosthwaite [Wed, 24 Jun 2015 03:57:35 +0000 (20:57 -0700)] 
disas: arm: QOMify target specific disas setup

Move the target_disas() ARM specifics to the QOM disas_set_info hook
and delete the ARM specific code in disas.c.

This has the extra advantage of the more fully featured target_disas()
implementation now applying to monitor_disas().

Currently, target_disas() has multi-endian, thumb and AArch64
support whereas the existing monitor_disas() support only has vanilla
AA32 support.

E.G. Running an AA64 linux kernel the following -d in_asm disas happens
(taget_disas()):

IN:
0x0000000040000000:  580000c0      ldr x0, pc+24 (addr 0x40000018)
0x0000000040000004:  aa1f03e1      mov x1, xzr

However before this patch, disasing the same from the monitor:

(qemu) xp/i 0x40000000
0x0000000040000000:  580000c0      stmdapl  r0, {r6, r7}

After this patch:
(qemu) xp/i 0x40000000
0x0000000040000000:  580000c0      ldr x0, pc+24 (addr 0x40000018)

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agodisas: arm-a64: Make printfer and stream variable
Peter Crosthwaite [Wed, 24 Jun 2015 03:57:34 +0000 (20:57 -0700)] 
disas: arm-a64: Make printfer and stream variable

In a normal disassembly flow, the printf() and stream being used varies
from disas job to job. In particular it varies if mixing monitor_disas
and target_disas.

Make both the printf() function and target stream settable in the
QEMUDisassmbler class.

Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Tested-by: Claudio Fontana <claudio.fontana@huawei.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agodisas: QOMify target specific setup
Peter Crosthwaite [Wed, 24 Jun 2015 03:57:33 +0000 (20:57 -0700)] 
disas: QOMify target specific setup

Add a QOM function hook for target-specific disassembly setup. This
allows removal of the #ifdeffery currently implementing target specific
disas setup from disas.c.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agodisas: Add print_insn to disassemble info
Peter Crosthwaite [Wed, 24 Jun 2015 03:57:32 +0000 (20:57 -0700)] 
disas: Add print_insn to disassemble info

Add the print_insn pointer to the disassemble info structure. This is
to prepare for QOMification support, where a QOM CPU hook function will
be responsible for setting the print_insn() function. Add this function
to the existing struct to consolidate such that only the one struct
needs to be passed to the new QOM API.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agomicroblaze: boot: Use cpu_set_pc()
Peter Crosthwaite [Wed, 24 Jun 2015 03:19:23 +0000 (20:19 -0700)] 
microblaze: boot: Use cpu_set_pc()

Use cpu_set_pc() for setting program counters when bootloading. This
removes an instance of system level code having to reach into the CPU
env.

Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
[AF: Avoid duplicated CPU() casts through local variable]
Signed-off-by: Andreas Färber <afaerber@suse.de>