qemu.git
2 years agosd: Fix out-of-bounds assertions
Lidong Chen [Wed, 19 Jun 2019 19:14:46 +0000 (15:14 -0400)] 
sd: Fix out-of-bounds assertions

Due to an off-by-one error, the assert statements allow an
out-of-bound array access.  This doesn't happen in practice,
but the static analyzer notices.

Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <6b19cb7359a10a6bedc3ea0fce22fed3ef93c102.1560806687.git.lidong.chen@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: kvm: Add nested migration blocker only when kernel lacks required capabi...
Liran Alon [Wed, 19 Jun 2019 16:21:40 +0000 (19:21 +0300)] 
target/i386: kvm: Add nested migration blocker only when kernel lacks required capabilities

Previous commits have added support for migration of nested virtualization
workloads. This was done by utilising two new KVM capabilities:
KVM_CAP_NESTED_STATE and KVM_CAP_EXCEPTION_PAYLOAD. Both which are
required in order to correctly migrate such workloads.

Therefore, change code to add a migration blocker for vCPUs exposed with
Intel VMX or AMD SVM in case one of these kernel capabilities is
missing.

Signed-off-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Maran Wilson <maran.wilson@oracle.com>
Message-Id: <20190619162140.133674-11-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: kvm: Add support for KVM_CAP_EXCEPTION_PAYLOAD
Liran Alon [Wed, 19 Jun 2019 16:21:39 +0000 (19:21 +0300)] 
target/i386: kvm: Add support for KVM_CAP_EXCEPTION_PAYLOAD

Kernel commit c4f55198c7c2 ("kvm: x86: Introduce KVM_CAP_EXCEPTION_PAYLOAD")
introduced a new KVM capability which allows userspace to correctly
distinguish between pending and injected exceptions.

This distinguish is important in case of nested virtualization scenarios
because a L2 pending exception can still be intercepted by the L1 hypervisor
while a L2 injected exception cannot.

Furthermore, when an exception is attempted to be injected by QEMU,
QEMU should specify the exception payload (CR2 in case of #PF or
DR6 in case of #DB) instead of having the payload already delivered in
the respective vCPU register. Because in case exception is injected to
L2 guest and is intercepted by L1 hypervisor, then payload needs to be
reported to L1 intercept (VMExit handler) while still preserving
respective vCPU register unchanged.

This commit adds support for QEMU to properly utilise this new KVM
capability (KVM_CAP_EXCEPTION_PAYLOAD).

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20190619162140.133674-10-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: kvm: Add support for save and restore nested state
Liran Alon [Wed, 19 Jun 2019 16:21:38 +0000 (19:21 +0300)] 
target/i386: kvm: Add support for save and restore nested state

Kernel commit 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE")
introduced new IOCTLs to extract and restore vCPU state related to
Intel VMX & AMD SVM.

Utilize these IOCTLs to add support for migration of VMs which are
running nested hypervisors.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Reviewed-by: Maran Wilson <maran.wilson@oracle.com>
Tested-by: Maran Wilson <maran.wilson@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20190619162140.133674-9-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agovmstate: Add support for kernel integer types
Liran Alon [Wed, 19 Jun 2019 16:21:37 +0000 (19:21 +0300)] 
vmstate: Add support for kernel integer types

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Reviewed-by: Maran Wilson <maran.wilson@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20190619162140.133674-8-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agolinux-headers: sync with latest KVM headers from Linux 5.2
Liran Alon [Wed, 19 Jun 2019 16:21:36 +0000 (19:21 +0300)] 
linux-headers: sync with latest KVM headers from Linux 5.2

Improve the KVM_{GET,SET}_NESTED_STATE structs by detailing the format
of VMX nested state data in a struct.

In order to avoid changing the ioctl values of
KVM_{GET,SET}_NESTED_STATE, there is a need to preserve
sizeof(struct kvm_nested_state). This is done by defining the data
struct as "data.vmx[0]". It was the most elegant way I found to
preserve struct size while still keeping struct readable and easy to
maintain. It does have a misfortunate side-effect that now it has to be
accessed as "data.vmx[0]" rather than just "data.vmx".

Because we are already modifying these structs, I also modified the
following:
* Define the "format" field values as macros.
* Rename vmcs_pa to vmcs12_pa for better readability.

Signed-off-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Maran Wilson <maran.wilson@oracle.com>
Message-Id: <20190619162140.133674-7-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: kvm: Block migration for vCPUs exposed with nested virtualization
Liran Alon [Wed, 19 Jun 2019 16:21:35 +0000 (19:21 +0300)] 
target/i386: kvm: Block migration for vCPUs exposed with nested virtualization

Commit d98f26073beb ("target/i386: kvm: add VMX migration blocker")
added a migration blocker for vCPU exposed with Intel VMX.
However, migration should also be blocked for vCPU exposed with
AMD SVM.

Both cases should be blocked because QEMU should extract additional
vCPU state from KVM that should be migrated as part of vCPU VMState.
E.g. Whether vCPU is running in guest-mode or host-mode.

Fixes: d98f26073beb ("target/i386: kvm: add VMX migration blocker")
Reviewed-by: Maran Wilson <maran.wilson@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20190619162140.133674-6-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: kvm: Re-inject #DB to guest with updated DR6
Liran Alon [Wed, 19 Jun 2019 16:21:34 +0000 (19:21 +0300)] 
target/i386: kvm: Re-inject #DB to guest with updated DR6

If userspace (QEMU) debug guest, when #DB is raised in guest and
intercepted by KVM, KVM forwards information on #DB to userspace
instead of injecting #DB to guest.
While doing so, KVM don't update vCPU DR6 but instead report the #DB DR6
value to userspace for further handling.
See KVM's handle_exception() DB_VECTOR handler.

QEMU handler for this case is kvm_handle_debug(). This handler basically
checks if #DB is related to one of user set hardware breakpoints and if
not, it re-inject #DB into guest.
The re-injection is done by setting env->exception_injected to #DB which
will later be passed as events.exception.nr to KVM_SET_VCPU_EVENTS ioctl
by kvm_put_vcpu_events().

However, in case userspace re-injects #DB, KVM expects userspace to set
vCPU DR6 as reported to userspace when #DB was intercepted! Otherwise,
KVM_REQ_EVENT handler will inject #DB with wrong DR6 to guest.

Fix this issue by updating vCPU DR6 appropriately when re-inject #DB to
guest.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Reviewed-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20190619162140.133674-5-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: kvm: Use symbolic constant for #DB/#BP exception constants
Liran Alon [Wed, 19 Jun 2019 16:21:33 +0000 (19:21 +0300)] 
target/i386: kvm: Use symbolic constant for #DB/#BP exception constants

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Reviewed-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20190619162140.133674-4-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoKVM: Introduce kvm_arch_destroy_vcpu()
Liran Alon [Wed, 19 Jun 2019 16:21:32 +0000 (19:21 +0300)] 
KVM: Introduce kvm_arch_destroy_vcpu()

Simiar to how kvm_init_vcpu() calls kvm_arch_init_vcpu() to perform
arch-dependent initialisation, introduce kvm_arch_destroy_vcpu()
to be called from kvm_destroy_vcpu() to perform arch-dependent
destruction.

This was added because some architectures (Such as i386)
currently do not free memory that it have allocated in
kvm_arch_init_vcpu().

Suggested-by: Maran Wilson <maran.wilson@oracle.com>
Reviewed-by: Maran Wilson <maran.wilson@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20190619162140.133674-3-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: kvm: Delete VMX migration blocker on vCPU init failure
Liran Alon [Wed, 19 Jun 2019 16:21:31 +0000 (19:21 +0300)] 
target/i386: kvm: Delete VMX migration blocker on vCPU init failure

Commit d98f26073beb ("target/i386: kvm: add VMX migration blocker")
added migration blocker for vCPU exposed with Intel VMX because QEMU
doesn't yet contain code to support migration of nested virtualization
workloads.

However, that commit missed adding deletion of the migration blocker in
case init of vCPU failed. Similar to invtsc_mig_blocker. This commit fix
that issue.

Fixes: d98f26073beb ("target/i386: kvm: add VMX migration blocker")
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Maran Wilson <maran.wilson@oracle.com>
Message-Id: <20190619162140.133674-2-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: define a new MSR based feature word - FEAT_CORE_CAPABILITY
Xiaoyao Li [Mon, 17 Jun 2019 15:36:54 +0000 (23:36 +0800)] 
target/i386: define a new MSR based feature word - FEAT_CORE_CAPABILITY

MSR IA32_CORE_CAPABILITY is a feature-enumerating MSR, which only
enumerates the feature split lock detection (via bit 5) by now.

The existence of MSR IA32_CORE_CAPABILITY is enumerated by CPUID.7_0:EDX[30].

The latest kernel patches about them can be found here:
https://lkml.org/lkml/2019/4/24/1909

Signed-off-by: Xiaoyao Li <xiaoyao.li@linux.intel.com>
Message-Id: <20190617153654.916-1-xiaoyao.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoi386/kvm: add support for Direct Mode for Hyper-V synthetic timers
Vitaly Kuznetsov [Fri, 17 May 2019 14:19:24 +0000 (16:19 +0200)] 
i386/kvm: add support for Direct Mode for Hyper-V synthetic timers

Hyper-V on KVM can only use Synthetic timers with Direct Mode (opting for
an interrupt instead of VMBus message). This new capability is only
announced in KVM_GET_SUPPORTED_HV_CPUID.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20190517141924.19024-10-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoi386/kvm: hv-evmcs requires hv-vapic
Vitaly Kuznetsov [Fri, 17 May 2019 14:19:23 +0000 (16:19 +0200)] 
i386/kvm: hv-evmcs requires hv-vapic

Enlightened VMCS is enabled by writing to a field in VP assist page and
these require virtual APIC.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20190517141924.19024-9-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoi386/kvm: hv-tlbflush/ipi require hv-vpindex
Vitaly Kuznetsov [Fri, 17 May 2019 14:19:22 +0000 (16:19 +0200)] 
i386/kvm: hv-tlbflush/ipi require hv-vpindex

The corresponding hypercalls require using VP indexes.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20190517141924.19024-8-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoi386/kvm: hv-stimer requires hv-time and hv-synic
Vitaly Kuznetsov [Fri, 17 May 2019 14:19:21 +0000 (16:19 +0200)] 
i386/kvm: hv-stimer requires hv-time and hv-synic

Synthetic timers operate in hv-time time and Windows won't use these
without SynIC.

Add .dependencies field to kvm_hyperv_properties[] and a generic mechanism
to check dependencies between features.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20190517141924.19024-7-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoi386/kvm: implement 'hv-passthrough' mode
Vitaly Kuznetsov [Fri, 17 May 2019 14:19:20 +0000 (16:19 +0200)] 
i386/kvm: implement 'hv-passthrough' mode

In many case we just want to give Windows guests all currently supported
Hyper-V enlightenments and that's where this new mode may come handy. We
pass through what was returned by KVM_GET_SUPPORTED_HV_CPUID.

hv_cpuid_check_and_set() is modified to also set cpu->hyperv_* flags as
we may want to check them later (and we actually do for hv_runtime,
hv_synic,...).

'hv-passthrough' is a development only feature, a migration blocker is
added to prevent issues while migrating between hosts with different
feature sets.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20190517141924.19024-6-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoi386/kvm: document existing Hyper-V enlightenments
Vitaly Kuznetsov [Fri, 17 May 2019 14:19:19 +0000 (16:19 +0200)] 
i386/kvm: document existing Hyper-V enlightenments

Currently, there is no doc describing hv-* CPU flags, people are
encouraged to get the information from Microsoft Hyper-V Top Level
Functional specification (TLFS). There is, however, a bit of QEMU
specifics.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20190517141924.19024-5-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoi386/kvm: move Hyper-V CPUID filling to hyperv_handle_properties()
Vitaly Kuznetsov [Fri, 17 May 2019 14:19:18 +0000 (16:19 +0200)] 
i386/kvm: move Hyper-V CPUID filling to hyperv_handle_properties()

Let's consolidate Hyper-V features handling in hyperv_handle_properties().
The change is necessary to support 'hv-passthrough' mode as we'll be just
copying CPUIDs from KVM instead of filling them in.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20190517141924.19024-4-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoi386/kvm: add support for KVM_GET_SUPPORTED_HV_CPUID
Vitaly Kuznetsov [Fri, 17 May 2019 14:19:17 +0000 (16:19 +0200)] 
i386/kvm: add support for KVM_GET_SUPPORTED_HV_CPUID

KVM now supports reporting supported Hyper-V features through CPUID
(KVM_GET_SUPPORTED_HV_CPUID ioctl). Going forward, this is going to be
the only way to announce new functionality and this has already happened
with Direct Mode stimers.

While we could just support KVM_GET_SUPPORTED_HV_CPUID for new features,
it seems to be beneficial to use it for all Hyper-V enlightenments when
possible. This way we can implement 'hv-all' pass-through mode giving the
guest all supported Hyper-V features even when QEMU knows nothing about
them.

Implementation-wise we create a new kvm_hyperv_properties structure
defining Hyper-V features, get_supported_hv_cpuid()/
get_supported_hv_cpuid_legacy() returning the supported CPUID set and
a bit over-engineered hv_cpuid_check_and_set() which we will also be
used to set cpu->hyperv_* properties for 'hv-all' mode.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20190517141924.19024-3-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoi386/kvm: convert hyperv enlightenments properties from bools to bits
Vitaly Kuznetsov [Fri, 17 May 2019 14:19:16 +0000 (16:19 +0200)] 
i386/kvm: convert hyperv enlightenments properties from bools to bits

Representing Hyper-V properties as bits will allow us to check features
and dependencies between them in a natural way.

Suggested-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20190517141924.19024-2-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agohax: Honor CPUState::halted
Colin Xu [Mon, 10 Jun 2019 02:19:39 +0000 (10:19 +0800)] 
hax: Honor CPUState::halted

QEMU tracks whether a vcpu is halted using CPUState::halted. E.g.,
after initialization or reset, halted is 0 for the BSP (vcpu 0)
and 1 for the APs (vcpu 1, 2, ...). A halted vcpu should not be
handed to the hypervisor to run (e.g. hax_vcpu_run()).

Under HAXM, Android Emulator sometimes boots into a "vcpu shutdown
request" error while executing in SeaBIOS, with the HAXM driver
logging a guest triple fault in vcpu 1, 2, ... at RIP 0x3. That is
ultimately because the HAX accelerator asks HAXM to run those APs
when they are still in the halted state.

Normally, the vcpu thread for an AP will start by looping in
qemu_wait_io_event(), until the BSP kicks it via a pair of IPIs
(INIT followed by SIPI). But because the HAX accelerator does not
honor cpu->halted, it allows the AP vcpu thread to proceed to
hax_vcpu_run() as soon as it receives any kick, even if the kick
does not come from the BSP. It turns out that emulator has a
worker thread which periodically kicks every vcpu thread (possibly
to collect CPU usage data), and if one of these kicks comes before
those by the BSP, the AP will start execution from the wrong RIP,
resulting in the aforementioned SMP boot failure.

The solution is inspired by the KVM accelerator (credit to
Chuanxiao Dong <chuanxiao.dong@intel.com> for the pointer):

1. Get rid of questionable logic that unconditionally resets
   cpu->halted before hax_vcpu_run(). Instead, only reset it at the
   right moments (there are only a few "unhalt" events).
2. Add a check for cpu->halted before hax_vcpu_run().

Note that although the non-Unrestricted Guest (!ug_platform) code
path also forcibly resets cpu->halted, it is left untouched,
because only the UG code path supports SMP guests.

The patch is first merged to android emulator with Change-Id:
I9c5752cc737fd305d7eace1768ea12a07309d716

Cc: Yu Ning <yu.ning@intel.com>
Cc: Chuanxiao Dong <chuanxiao.dong@intel.com>
Signed-off-by: Colin Xu <colin.xu@intel.com>
Message-Id: <20190610021939.13669-1-colin.xu@intel.com>

2 years agokvm-all: Add/update fprintf's for kvm_*_ioeventfd_del
Yury Kotov [Fri, 7 Jun 2019 09:08:30 +0000 (12:08 +0300)] 
kvm-all: Add/update fprintf's for kvm_*_ioeventfd_del

Signed-off-by: Yury Kotov <yury-kotov@yandex-team.ru>
Message-Id: <20190607090830.18807-1-yury-kotov@yandex-team.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Tue, 18 Jun 2019 16:00:52 +0000 (17:00 +0100)] 
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- block: Remove bs->job
- block: Ignore loosening perm restrictions failures
- block/null: Expose read-zeroes option in QAPI schema
- iotests: Hide timestamps for skipped tests

# gpg: Signature made Tue 18 Jun 2019 15:44:12 BST
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  block/null: Expose read-zeroes option in QAPI schema
  iotests: Test failure to loosen restrictions
  block: Ignore loosening perm restrictions failures
  block: Add *tighten_restrictions to *check*_perm()
  block: Fix order in bdrv_replace_child()
  block/commit: Drop bdrv_child_try_set_perm()
  block/mirror: Fix child permissions
  block: Add bdrv_child_refresh_perms()
  file-posix: Update open_flags in raw_set_perm()
  block: drop bs->job
  blockdev: blockdev_mark_auto_del: drop usage of bs->job
  block/block-backend: blk_iostatus_reset: drop usage of bs->job
  block/replication: drop usage of bs->job
  iotests: Hide timestamps for skipped tests

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agoMerge remote-tracking branch 'remotes/ehabkost/tags/python-next-pull-request' into...
Peter Maydell [Tue, 18 Jun 2019 14:47:16 +0000 (15:47 +0100)] 
Merge remote-tracking branch 'remotes/ehabkost/tags/python-next-pull-request' into staging

Python queue, 2019-06-18

Use a different method to dump avocado job log, to work around
timing-dependent issues in the arm test cases.

# gpg: Signature made Tue 18 Jun 2019 15:39:31 BST
# gpg:                using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/python-next-pull-request:
  Travis: print acceptance tests logs in case of job failure
  Revert "travis: Make check-acceptance job more verbose"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agoblock/null: Expose read-zeroes option in QAPI schema
Kevin Wolf [Mon, 17 Jun 2019 11:54:48 +0000 (13:54 +0200)] 
block/null: Expose read-zeroes option in QAPI schema

Commit cd219eb1e55 added the read-zeroes option for the null-co and
null-aio block driver, but forgot to add them to the QAPI schema.
Therefore, this option wasn't available in -blockdev and blockdev-add
until now.

Add the missing option in the schema to make it available there, too.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2 years agoiotests: Test failure to loosen restrictions
Max Reitz [Wed, 22 May 2019 17:03:52 +0000 (19:03 +0200)] 
iotests: Test failure to loosen restrictions

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoblock: Ignore loosening perm restrictions failures
Max Reitz [Wed, 22 May 2019 17:03:51 +0000 (19:03 +0200)] 
block: Ignore loosening perm restrictions failures

We generally assume that loosening permission restrictions can never
fail.  We have seen in the past that this assumption is wrong.  This has
led to crashes because we generally pass &error_abort when loosening
permissions.

However, a failure in such a case should actually be handled in quite
the opposite way: It is very much not fatal, so qemu may report it, but
still consider the operation successful.  The only realistic problem is
that qemu may then retain permissions and thus locks on images it
actually does not require.  But again, that is not fatal.

To implement this behavior, we make all functions that change
permissions and that pass &error_abort to the initiating function
(bdrv_check_perm() or bdrv_child_check_perm()) evaluate the
@loosen_restrictions value introduced in the previous patch.  If it is
true and an error did occur, we abort the permission update, discard the
error, and instead report success to the caller.

bdrv_child_try_set_perm() itself does not pass &error_abort, but it is
the only public function to change permissions.  As such, callers may
pass &error_abort to it, expecting dropping permission restrictions to
never fail.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoblock: Add *tighten_restrictions to *check*_perm()
Max Reitz [Wed, 22 May 2019 17:03:50 +0000 (19:03 +0200)] 
block: Add *tighten_restrictions to *check*_perm()

This patch makes three functions report whether the necessary permission
change tightens restrictions or not.  These functions are:
- bdrv_check_perm()
- bdrv_check_update_perm()
- bdrv_child_check_perm()

Callers can use this result to decide whether a failure is fatal or not
(see the next patch).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoblock: Fix order in bdrv_replace_child()
Max Reitz [Wed, 22 May 2019 17:03:49 +0000 (19:03 +0200)] 
block: Fix order in bdrv_replace_child()

We have to start by applying the permission restrictions to new_bs
before we can loosen them on old_bs.  See the comment for the
explanation.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoblock/commit: Drop bdrv_child_try_set_perm()
Max Reitz [Wed, 22 May 2019 17:03:48 +0000 (19:03 +0200)] 
block/commit: Drop bdrv_child_try_set_perm()

commit_top_bs never requests or unshares any permissions.  There is no
reason to make this so explicit here.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoblock/mirror: Fix child permissions
Max Reitz [Wed, 22 May 2019 17:03:47 +0000 (19:03 +0200)] 
block/mirror: Fix child permissions

We cannot use bdrv_child_try_set_perm() to give up all restrictions on
the child edge, and still have bdrv_mirror_top_child_perm() request
BLK_PERM_WRITE.  Fix this by making bdrv_mirror_top_child_perm() return
0/BLK_PERM_ALL when we want to give up all permissions, and replacing
bdrv_child_try_set_perm() by bdrv_child_refresh_perms().

The bdrv_child_try_set_perm() before removing the node with
bdrv_replace_node() is then unnecessary.  No permissions have changed
since the previous invocation of bdrv_child_try_set_perm().

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoblock: Add bdrv_child_refresh_perms()
Max Reitz [Wed, 22 May 2019 17:03:46 +0000 (19:03 +0200)] 
block: Add bdrv_child_refresh_perms()

If a block node uses bdrv_child_try_set_perm() to change the permission
it takes on its child, the result may be very short-lived.  If anything
makes the block layer recalculate the permissions internally, it will
invoke the node driver's .bdrv_child_perm() implementation.  The
permission/shared permissions masks that returns will then override the
values previously passed to bdrv_child_try_set_perm().

If drivers want a child edge to have specific values for the
permissions/shared permissions mask, it must return them in
.bdrv_child_perm().  Consequentially, there is no need for them to pass
the same values to bdrv_child_try_set_perm() then: It is better to have
a function that invokes .bdrv_child_perm() and calls
bdrv_child_try_set_perm() with the result.  This patch adds such a
function under the name of bdrv_child_refresh_perms().

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agofile-posix: Update open_flags in raw_set_perm()
Max Reitz [Wed, 22 May 2019 17:03:45 +0000 (19:03 +0200)] 
file-posix: Update open_flags in raw_set_perm()

raw_check_perm() + raw_set_perm() can change the flags associated with
the current FD.  If so, we have to update BDRVRawState.open_flags
accordingly.  Otherwise, we may keep reopening the FD even though the
current one already has the correct flags.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoblock: drop bs->job
Vladimir Sementsov-Ogievskiy [Thu, 6 Jun 2019 15:41:32 +0000 (18:41 +0300)] 
block: drop bs->job

Drop remaining users of bs->job:
1. assertions actually duplicated by assert(!bs->refcnt)
2. trace-point seems not enough reason to change stream_start to return
   BlockJob pointer
3. Restricting creation of two jobs based on same bs is bad idea, as
   3.1 Some jobs creates filters to be their main node, so, this check
   don't actually prevent creating second job on same real node (which
   will create another filter node) (but I hope it is restricted by
   other mechanisms)
   3.2 Even without bs->job we have two systems of permissions:
   op-blockers and BLK_PERM
   3.3 We may want to run several jobs on one node one day

And finally, drop bs->job pointer itself. Hurrah!

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoblockdev: blockdev_mark_auto_del: drop usage of bs->job
Vladimir Sementsov-Ogievskiy [Thu, 6 Jun 2019 15:41:31 +0000 (18:41 +0300)] 
blockdev: blockdev_mark_auto_del: drop usage of bs->job

We are going to remove bs->job pointer. Drop it's usage in
blockdev_mark_auto_del: instead of looking at bs->job let's check all
jobs for references to bs.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoblock/block-backend: blk_iostatus_reset: drop usage of bs->job
Vladimir Sementsov-Ogievskiy [Thu, 6 Jun 2019 15:41:30 +0000 (18:41 +0300)] 
block/block-backend: blk_iostatus_reset: drop usage of bs->job

We are going to remove bs->job pointer. Drop it's usage in
blk_iostatus_reset.

blk_iostatus_reset() has only two callers:

1. blk_attach_dev(). This doesn't have anything to do with jobs and
    attaching a new guest device won't solve any problem the job
    encountered, so no reason to reset the iostatus for the job.

2. qmp_cont(). This resets the iostatus for everything. We can just
    call block_job_iostatus_reset() for all block jobs instead of going
    through BlockBackend.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoblock/replication: drop usage of bs->job
Vladimir Sementsov-Ogievskiy [Thu, 6 Jun 2019 15:41:29 +0000 (18:41 +0300)] 
block/replication: drop usage of bs->job

We are going to remove bs->job pointer. Drop it's usage in replication
code. Additionally we have to return job pointer from some mirror APIs.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoiotests: Hide timestamps for skipped tests
Max Reitz [Thu, 13 Jun 2019 18:37:27 +0000 (20:37 +0200)] 
iotests: Hide timestamps for skipped tests

Currently, the "thistime" variable is not reinitialized on every loop
iteration.  This leads to tests that do not yield a run time (because
they failed or were skipped) printing the run time of the previous test
that did.  Fix that by reinitializing "thistime" for every test.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoTravis: print acceptance tests logs in case of job failure
Cleber Rosa [Fri, 7 Jun 2019 15:22:16 +0000 (11:22 -0400)] 
Travis: print acceptance tests logs in case of job failure

Because Travis doesn't allow us to keep files produced during tests
(such as log files), let's print the complete job log to the "console"
in case of job failures.

This is a debugging aid, and given that there's been some timeouts
happening on some tests, we absolutely needs the logs to have a proper
action.

Signed-off-by: Cleber Rosa <crosa@redhat.com>
Message-Id: <20190607152223.9467-2-crosa@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2 years agoRevert "travis: Make check-acceptance job more verbose"
Eduardo Habkost [Tue, 18 Jun 2019 14:10:43 +0000 (11:10 -0300)] 
Revert "travis: Make check-acceptance job more verbose"

This reverts commit 6d7a134da4afebe8551a69329478415cfb4cbe91.

We'll have a better fix, that will show the full avocado job log
only if a test case failed.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2 years agotarget/arm: Check for dp support for dp VFM, not sp
Peter Maydell [Mon, 17 Jun 2019 16:01:30 +0000 (17:01 +0100)] 
target/arm: Check for dp support for dp VFM, not sp

In commit 1120827fa182f0e7622 we accidentally put the
"UNDEF unless FPU has double-precision support" check in
the single-precision VFM function. Put it in the dp
function where it belongs.

Fixes: 1120827fa182f0e7622
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190617160130.3207-1-peter.maydell@linaro.org

2 years agoMerge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2019-06-17-v2' into...
Peter Maydell [Tue, 18 Jun 2019 09:47:00 +0000 (10:47 +0100)] 
Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2019-06-17-v2' into staging

Monitor patches for 2019-06-17

# gpg: Signature made Tue 18 Jun 2019 07:20:25 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-monitor-2019-06-17-v2:
  vl: Deprecate -mon pretty=... for HMP monitors
  monitor: Replace monitor_init() with monitor_init_{hmp, qmp}()
  monitor: Split Monitor.flags into separate bools
  monitor: Split out monitor/monitor.c
  monitor: Split out monitor/hmp.c
  monitor: Split out monitor/qmp.c
  monitor: Create monitor-internal.h with common definitions
  monitor: Move {hmp, qmp}.c to monitor/{hmp, qmp}-cmds.c
  Move monitor.c to monitor/misc.c
  monitor: Rename HMP command type and tables
  monitor: Remove Monitor.cmd_table indirection
  monitor: Create MonitorHMP with readline state
  monitor: Make MonitorQMP a child class of Monitor
  monitor: Split monitor_init in HMP and QMP function
  monitor: Remove unused password prompting fields
  monitor: Fix return type of monitor_fdset_dup_fd_find

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agovl: Deprecate -mon pretty=... for HMP monitors
Kevin Wolf [Thu, 13 Jun 2019 15:34:05 +0000 (17:34 +0200)] 
vl: Deprecate -mon pretty=... for HMP monitors

The -mon pretty=on|off switch of the -mon option applies only to QMP
monitors. It's silently ignored for HMP. Deprecate this combination so
that we can make it an error in future versions.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20190613153405.24769-16-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message tweaked]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Replace monitor_init() with monitor_init_{hmp, qmp}()
Kevin Wolf [Thu, 13 Jun 2019 15:34:04 +0000 (17:34 +0200)] 
monitor: Replace monitor_init() with monitor_init_{hmp, qmp}()

Most callers know which monitor type they want to have. Instead of
calling monitor_init() with flags that can describe both types of
monitors, make monitor_init_{hmp,qmp}() public interfaces that take
specific bools instead of flags and call these functions directly.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20190613153405.24769-15-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Split Monitor.flags into separate bools
Kevin Wolf [Thu, 13 Jun 2019 15:34:03 +0000 (17:34 +0200)] 
monitor: Split Monitor.flags into separate bools

Monitor.flags contains three different flags: One to distinguish HMP
from QMP; one specific to HMP (MONITOR_USE_READLINE) that is ignored
with QMP; and another one specific to QMP (MONITOR_USE_PRETTY) that is
ignored with HMP.

Split the flags field into three bools and move them to the right
subclass. Flags are still in use for the monitor_init() interface.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20190613153405.24769-14-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Split out monitor/monitor.c
Kevin Wolf [Thu, 13 Jun 2019 15:34:02 +0000 (17:34 +0200)] 
monitor: Split out monitor/monitor.c

Move the monitor core infrastructure from monitor/misc.c to
monitor/monitor.c. This is code that can be shared for all targets, so
compile it only once.

What remains in monitor/misc.c after this patch is mostly monitor
command implementations (which could move to hmp-cmds.c or qmp-cmds.c
later) and code that requires a system emulator or is even
target-dependent (including HMP command completion code).

The amount of function and particularly extern variables in
monitor_int.h is probably a bit larger than it needs to be, but this way
no non-trivial code modifications are needed. The interfaces between all
monitor parts can be cleaned up later.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20190613153405.24769-13-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Superfluous #include dropped]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Split out monitor/hmp.c
Kevin Wolf [Thu, 13 Jun 2019 15:34:01 +0000 (17:34 +0200)] 
monitor: Split out monitor/hmp.c

Move HMP infrastructure from monitor/misc.c to monitor/hmp.c. This is
code that can be shared for all targets, so compile it only once.

The amount of function and particularly extern variables in
monitor_int.h is probably a bit larger than it needs to be, but this way
no non-trivial code modifications are needed. The interfaces between HMP
and the monitor core can be cleaned up later.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20190613153405.24769-12-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Comment reformatted to make checkpatch.pl happy, #include <dirent.h>
moved to fix Windows build, superfluous #include dropped]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Split out monitor/qmp.c
Kevin Wolf [Thu, 13 Jun 2019 15:34:00 +0000 (17:34 +0200)] 
monitor: Split out monitor/qmp.c

Move QMP infrastructure from monitor/misc.c to monitor/qmp.c. This is
code that can be shared for all targets, so compile it only once.

The amount of function and particularly extern variables in
monitor_int.h is probably a bit larger than it needs to be, but this way
no non-trivial code modifications are needed. The interfaces between QMP
and the monitor core can be cleaned up later.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20190613153405.24769-11-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[monitor_is_qmp() tidied up to make checkpatch.pl happy,
superfluous #include dropped]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Create monitor-internal.h with common definitions
Kevin Wolf [Thu, 13 Jun 2019 15:33:59 +0000 (17:33 +0200)] 
monitor: Create monitor-internal.h with common definitions

Before we can split monitor/misc.c, we need to create a header file that
contains the common definitions that will be used by multiple source
files.

For a start, add the type definitions for Monitor, MonitorHMP and
MonitorQMP and their dependencies. We'll add functions as needed when
splitting monitor/misc.c.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20190613153405.24769-10-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Header guard symbol tidied up, superfluous #include dropped, FIXME in
hmp_change() resolved]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Move {hmp, qmp}.c to monitor/{hmp, qmp}-cmds.c
Kevin Wolf [Thu, 13 Jun 2019 15:33:58 +0000 (17:33 +0200)] 
monitor: Move {hmp, qmp}.c to monitor/{hmp, qmp}-cmds.c

Now that we have a monitor/ subdirectory, let's move hmp.c and qmp.c
from the root directory there. As they contain implementations of
monitor commands, rename them to {hmp,qmp}-cmds.c, so that {hmp,qmp}.c
are free for the HMP and QMP infrastructure.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190613153405.24769-9-kwolf@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agoMove monitor.c to monitor/misc.c
Kevin Wolf [Thu, 13 Jun 2019 15:33:57 +0000 (17:33 +0200)] 
Move monitor.c to monitor/misc.c

Create a new monitor/ subdirectory and move monitor.c there. As the plan
is to move the monitor core into separate files, use the chance to
rename it to misc.c.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190613153405.24769-8-kwolf@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Rename HMP command type and tables
Kevin Wolf [Thu, 13 Jun 2019 15:33:56 +0000 (17:33 +0200)] 
monitor: Rename HMP command type and tables

This renames the type for HMP monitor commands and the tables holding
the commands to make clear that they are related to HMP and to allow
making them public later:

* mon_cmd_t -> HMPCommand (fixing use of a reserved name, too)
* mon_cmds -> hmp_cmds
* info_cmds -> hmp_info_cmds

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20190613153405.24769-7-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[sortcmdlist() cleaned up to make checkpatch.pl happy]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Remove Monitor.cmd_table indirection
Kevin Wolf [Thu, 13 Jun 2019 15:33:55 +0000 (17:33 +0200)] 
monitor: Remove Monitor.cmd_table indirection

Monitor.cmd_table is initialised to point to mon_cmds and never changed
afterwards. We can remove the indirection and just reference mon_cmds
directly instead.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20190613153405.24769-6-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Create MonitorHMP with readline state
Kevin Wolf [Thu, 13 Jun 2019 15:33:54 +0000 (17:33 +0200)] 
monitor: Create MonitorHMP with readline state

The ReadLineState in Monitor is only used for HMP monitors. Create
MonitorHMP and move it there.

Can't use container_of() in hmp_change().  Cast instead, and mark
FIXME.  Will be cleaned up shortly.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20190613153405.24769-5-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Superfluous variable in monitor_data_destroy() eliminated, whitespace
tweaked in hmp_change(), commit message improved]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Make MonitorQMP a child class of Monitor
Kevin Wolf [Thu, 13 Jun 2019 15:33:53 +0000 (17:33 +0200)] 
monitor: Make MonitorQMP a child class of Monitor

Currently, struct Monitor mixes state that is only relevant for HMP,
state that is only relevant for QMP, and some actually shared state.
In particular, a MonitorQMP field is present in the state of any
monitor, even if it's not a QMP monitor and therefore doesn't use the
state.

As a first step towards a clean separation between QMP and HMP, let
MonitorQMP extend Monitor and create a MonitorQMP object only when the
monitor is actually a QMP monitor.

Some places accessed Monitor.qmp unconditionally, even for HMP monitors.
They can't keep doing this now, so during the conversion, they are
either changed to become conditional on monitor_is_qmp() or to assert()
that they always get a QMP monitor.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20190613153405.24769-4-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Superfluous variable in monitor_data_destroy() eliminated]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Split monitor_init in HMP and QMP function
Kevin Wolf [Thu, 13 Jun 2019 15:33:52 +0000 (17:33 +0200)] 
monitor: Split monitor_init in HMP and QMP function

Instead of mixing HMP and QMP monitors in the same function, separate
the monitor creation function for both.

While in theory, one could pass both MONITOR_USE_CONTROL and
MONITOR_USE_READLINE before this patch and both flags would do
something, readline support is tightly coupled with HMP: QMP never feeds
its input to readline, and the tab completion function treats the input
as an HMP command. Therefore, this configuration is useless.

After this patch, the QMP path asserts that MONITOR_USE_READLINE is not
set. The HMP path can be used with or without MONITOR_USE_READLINE, like
before.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190613153405.24769-3-kwolf@redhat.com>
[Zero initialization of Monitor moved from monitor_data_init() to
callers]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Remove unused password prompting fields
Kevin Wolf [Thu, 13 Jun 2019 15:33:51 +0000 (17:33 +0200)] 
monitor: Remove unused password prompting fields

Commit 788cf9f8c removed the code for password prompting from the
monitor. Since then, the Monitor fields password_completion_cb and
password_opaque have been unused. Remove them.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190613153405.24769-2-kwolf@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agomonitor: Fix return type of monitor_fdset_dup_fd_find
Yury Kotov [Thu, 23 May 2019 09:44:33 +0000 (12:44 +0300)] 
monitor: Fix return type of monitor_fdset_dup_fd_find

monitor_fdset_dup_fd_find_remove() and monitor_fdset_dup_fd_find()
return mon_fdset->id which is int64_t. Downcasting from int64_t to int
leads to a bug with removing fd from fdset with id >= 2^32.
So, fix return types for these function.

Signed-off-by: Yury Kotov <yury-kotov@yandex-team.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190523094433.30297-1-yury-kotov@yandex-team.ru>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-docs-20190617' into staging
Peter Maydell [Mon, 17 Jun 2019 15:41:25 +0000 (16:41 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-docs-20190617' into staging

docs infrastructure queue:
 * fix some minor syntax issues in docs/specs/index.rst
 * build and install the 'specs' manual, since it now has some content
 * delete the "QEMU compared to other emulators" section of the docs
 * Convert "translator internals" docs to RST, move to devel manual

# gpg: Signature made Mon 17 Jun 2019 15:56:07 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-docs-20190617:
  docs: Build and install specs manual
  docs/specs/index.rst: Fix minor syntax issues
  qemu-tech.texi: Remove "QEMU compared to other emulators" section
  Convert "translator internals" docs to RST, move to devel manual

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agodocs: Build and install specs manual
Peter Maydell [Mon, 17 Jun 2019 14:35:31 +0000 (15:35 +0100)] 
docs: Build and install specs manual

Now we have some rST format docs in the docs/specs/ manual, we should
actually build and install it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Message-id: 20190610152444.20859-3-peter.maydell@linaro.org

2 years agodocs/specs/index.rst: Fix minor syntax issues
Peter Maydell [Mon, 17 Jun 2019 14:35:31 +0000 (15:35 +0100)] 
docs/specs/index.rst: Fix minor syntax issues

The docs/specs/index.rst has a couple of minor issues which
we didn't notice because we weren't building the manual:
 * the ToC entry for the new PPC XIVE docs points to
   a nonexistent file
 * the initial comment needs to be marked by '..', not '.',
   or it will appear in the output
 * the title doesn't match the capitialization used by
   the existing interop or devel manuals, and uses
   'full-system emulation' rather than the 'system emulation'
   that the interop manual title uses

Fix these minor issues before we start trying to build the manual.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Message-id: 20190610152444.20859-2-peter.maydell@linaro.org

2 years agoqemu-tech.texi: Remove "QEMU compared to other emulators" section
Peter Maydell [Mon, 17 Jun 2019 14:35:31 +0000 (15:35 +0100)] 
qemu-tech.texi: Remove "QEMU compared to other emulators" section

The "QEMU compared to other emulators" section of our documentation
hasn't been updated since 2015 (and parts of the text are even older).
We're clearly not very well placed to track the evolution of a
dozen other emulation projects, and an inaccurate or out of date
comparison doesn't serve anybody, so we're best off just removing
the whole documentation section.

If anybody cares strongly about maintaining a comparison page,
it's probably better to do that on the project's wiki where
we can update it more dynamically.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190607152827.18003-3-peter.maydell@linaro.org
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2 years agoConvert "translator internals" docs to RST, move to devel manual
Peter Maydell [Mon, 17 Jun 2019 14:35:30 +0000 (15:35 +0100)] 
Convert "translator internals" docs to RST, move to devel manual

Our user-facing manual currently has a section "translator internals"
which has some high-level information about the design of the
TCG translator. This should really be in our new devel/ manual.
Convert it to RST format and move it there.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190607152827.18003-2-peter.maydell@linaro.org
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190617' into...
Peter Maydell [Mon, 17 Jun 2019 14:35:21 +0000 (15:35 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190617' into staging

target-arm queue:
 * support large kernel images in bootloader (by avoiding
   putting the initrd over the top of them)
 * correctly disable FPU/DSP in the CPU for the mps2-an521, musca-a boards
 * arm_gicv3: Fix decoding of ID register range
 * arm_gicv3: GICD_TYPER.SecurityExtn is RAZ if GICD_CTLR.DS == 1
 * some code cleanups following on from the VFP decodetree conversion
 * Only implement doubles if the FPU supports them
   (so we now correctly model Cortex-M4, -M33 as single precision only)

# gpg: Signature made Mon 17 Jun 2019 15:33:01 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20190617: (24 commits)
  target/arm: Only implement doubles if the FPU supports them
  target/arm: Fix typos in trans function prototypes
  target/arm: Remove unused cpu_F0s, cpu_F0d, cpu_F1s, cpu_F1d
  target/arm: Stop using deprecated functions in NEON_2RM_VCVT_F32_F16
  target/arm: stop using deprecated functions in NEON_2RM_VCVT_F16_F32
  target/arm: Stop using cpu_F0s in Neon VCVT fixed-point ops
  target/arm: Stop using cpu_F0s for Neon f32/s32 VCVT
  target/arm: Stop using cpu_F0s for NEON_2RM_VRECPE_F and NEON_2RM_VRSQRTE_F
  target/arm: Stop using cpu_F0s for NEON_2RM_VCVT[ANPM][US]
  target/arm: Stop using cpu_F0s for NEON_2RM_VRINT*
  target/arm: Stop using cpu_F0s for NEON_2RM_VNEG_F
  target/arm: Stop using cpu_F0s for NEON_2RM_VABS_F
  target/arm: Use vfp_expand_imm() for AArch32 VFP VMOV_imm
  target/arm: Move vfp_expand_imm() to translate.[ch]
  hw/intc/arm_gicv3: GICD_TYPER.SecurityExtn is RAZ if GICD_CTLR.DS == 1
  hw/intc/arm_gicv3: Fix decoding of ID register range
  hw/arm: Correctly disable FPU/DSP for some ARMSSE-based boards
  hw/arm/armv7m: Forward "vfp" and "dsp" properties to CPU
  target/arm: Allow M-profile CPUs to disable the DSP extension via CPU property
  target/arm: Allow VFP and Neon to be disabled via a CPU property
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Only implement doubles if the FPU supports them
Peter Maydell [Fri, 14 Jun 2019 10:44:57 +0000 (11:44 +0100)] 
target/arm: Only implement doubles if the FPU supports them

The architecture permits FPUs which have only single-precision
support, not double-precision; Cortex-M4 and Cortex-M33 are
both like that. Add the necessary checks on the MVFR0 FPDP
field so that we UNDEF any double-precision instructions on
CPUs like this.

Note that even if FPDP==0 the insns like VMOV-to/from-gpreg,
VLDM/VSTM, VLDR/VSTR which take double precision registers
still exist.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190614104457.24703-3-peter.maydell@linaro.org

2 years agotarget/arm: Fix typos in trans function prototypes
Peter Maydell [Fri, 14 Jun 2019 10:44:56 +0000 (11:44 +0100)] 
target/arm: Fix typos in trans function prototypes

In several places cut and paste errors meant we were using the wrong
type for the 'arg' struct in trans_ functions called by the
decodetree decoder, because we were using the _sp version of the
struct in the _dp function.  These were harmless, because the two
structs were identical and so decodetree made them typedefs of the
same underlying structure (and we'd have had a compile error if they
were not harmless), but we should clean them up anyway.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190614104457.24703-2-peter.maydell@linaro.org

2 years agotarget/arm: Remove unused cpu_F0s, cpu_F0d, cpu_F1s, cpu_F1d
Peter Maydell [Thu, 13 Jun 2019 16:39:17 +0000 (17:39 +0100)] 
target/arm: Remove unused cpu_F0s, cpu_F0d, cpu_F1s, cpu_F1d

Remove the now unused TCG globals cpu_F0s, cpu_F0d, cpu_F1s, cpu_F1d.

cpu_M0 is still used by the iwmmxt code, and cpu_V0 and
cpu_V1 are used by both iwmmxt and Neon.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-13-peter.maydell@linaro.org

2 years agotarget/arm: Stop using deprecated functions in NEON_2RM_VCVT_F32_F16
Peter Maydell [Thu, 13 Jun 2019 16:39:16 +0000 (17:39 +0100)] 
target/arm: Stop using deprecated functions in NEON_2RM_VCVT_F32_F16

Remove some old constructns from NEON_2RM_VCVT_F16_F32 code:
 * don't use CPU_F0s
 * don't use tcg_gen_st_f32

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-12-peter.maydell@linaro.org

2 years agotarget/arm: stop using deprecated functions in NEON_2RM_VCVT_F16_F32
Peter Maydell [Thu, 13 Jun 2019 16:39:15 +0000 (17:39 +0100)] 
target/arm: stop using deprecated functions in NEON_2RM_VCVT_F16_F32

Remove some old constructs from NEON_2RM_VCVT_F16_F32 code:
 * don't use cpu_F0s
 * don't use tcg_gen_ld_f32

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-11-peter.maydell@linaro.org

2 years agotarget/arm: Stop using cpu_F0s in Neon VCVT fixed-point ops
Peter Maydell [Thu, 13 Jun 2019 16:39:14 +0000 (17:39 +0100)] 
target/arm: Stop using cpu_F0s in Neon VCVT fixed-point ops

Stop using cpu_F0s in the Neon VCVT fixed-point operations.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-10-peter.maydell@linaro.org

2 years agotarget/arm: Stop using cpu_F0s for Neon f32/s32 VCVT
Peter Maydell [Thu, 13 Jun 2019 16:39:13 +0000 (17:39 +0100)] 
target/arm: Stop using cpu_F0s for Neon f32/s32 VCVT

Stop using cpu_F0s for the Neon f32/s32 VCVT operations.
Since this is the last user of cpu_F0s in the Neon 2rm-op
loop, we can remove the handling code for it too.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-9-peter.maydell@linaro.org

2 years agotarget/arm: Stop using cpu_F0s for NEON_2RM_VRECPE_F and NEON_2RM_VRSQRTE_F
Peter Maydell [Thu, 13 Jun 2019 16:39:12 +0000 (17:39 +0100)] 
target/arm: Stop using cpu_F0s for NEON_2RM_VRECPE_F and NEON_2RM_VRSQRTE_F

Stop using cpu_F0s for NEON_2RM_VRECPE_F and NEON_2RM_VRSQRTE_F.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-8-peter.maydell@linaro.org

2 years agotarget/arm: Stop using cpu_F0s for NEON_2RM_VCVT[ANPM][US]
Peter Maydell [Thu, 13 Jun 2019 16:39:11 +0000 (17:39 +0100)] 
target/arm: Stop using cpu_F0s for NEON_2RM_VCVT[ANPM][US]

Stop using cpu_F0s for the NEON_2RM_VCVT[ANPM][US] ops.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-7-peter.maydell@linaro.org

2 years agotarget/arm: Stop using cpu_F0s for NEON_2RM_VRINT*
Peter Maydell [Thu, 13 Jun 2019 16:39:10 +0000 (17:39 +0100)] 
target/arm: Stop using cpu_F0s for NEON_2RM_VRINT*

Switch NEON_2RM_VRINT* away from using cpu_F0s.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-6-peter.maydell@linaro.org

2 years agotarget/arm: Stop using cpu_F0s for NEON_2RM_VNEG_F
Peter Maydell [Thu, 13 Jun 2019 16:39:09 +0000 (17:39 +0100)] 
target/arm: Stop using cpu_F0s for NEON_2RM_VNEG_F

Switch NEON_2RM_VABS_F away from using cpu_F0s.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-5-peter.maydell@linaro.org

2 years agotarget/arm: Stop using cpu_F0s for NEON_2RM_VABS_F
Peter Maydell [Thu, 13 Jun 2019 16:39:08 +0000 (17:39 +0100)] 
target/arm: Stop using cpu_F0s for NEON_2RM_VABS_F

Where Neon instructions are floating point operations, we
mostly use the old VFP utility functions like gen_vfp_abs()
which work on the TCG globals cpu_F0s and cpu_F1s. The
Neon for-each-element loop conditionally loads the inputs
into either a plain old TCG temporary for most operations
or into cpu_F0s for float operations, and similarly stores
back either cpu_F0s or the temporary.

Switch NEON_2RM_VABS_F away from using cpu_F0s, and
update neon_2rm_is_float_op() accordingly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-4-peter.maydell@linaro.org

2 years agotarget/arm: Use vfp_expand_imm() for AArch32 VFP VMOV_imm
Peter Maydell [Thu, 13 Jun 2019 16:39:07 +0000 (17:39 +0100)] 
target/arm: Use vfp_expand_imm() for AArch32 VFP VMOV_imm

The AArch32 VMOV (immediate) instruction uses the same VFP encoded
immediate format we already handle in vfp_expand_imm().  Use that
function rather than hand-decoding it.

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-3-peter.maydell@linaro.org

2 years agotarget/arm: Move vfp_expand_imm() to translate.[ch]
Peter Maydell [Thu, 13 Jun 2019 16:39:06 +0000 (17:39 +0100)] 
target/arm: Move vfp_expand_imm() to translate.[ch]

We want to use vfp_expand_imm() in the AArch32 VFP decode;
move it from the a64-only header/source file to the
AArch32 one (which is always compiled even for AArch64).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190613163917.28589-2-peter.maydell@linaro.org

2 years agohw/intc/arm_gicv3: GICD_TYPER.SecurityExtn is RAZ if GICD_CTLR.DS == 1
Peter Maydell [Fri, 24 May 2019 12:42:48 +0000 (13:42 +0100)] 
hw/intc/arm_gicv3: GICD_TYPER.SecurityExtn is RAZ if GICD_CTLR.DS == 1

The GICv3 specification says that the GICD_TYPER.SecurityExtn bit
is RAZ if GICD_CTLR.DS is 1. We were incorrectly making it RAZ
if the security extension is unsupported. "Security extension
unsupported" always implies GICD_CTLR.DS == 1, but the guest can
also set DS on a GIC which does support the security extension.
Fix the condition to correctly check the GICD_CTLR.DS bit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190524124248.28394-3-peter.maydell@linaro.org

2 years agohw/intc/arm_gicv3: Fix decoding of ID register range
Peter Maydell [Fri, 24 May 2019 12:42:47 +0000 (13:42 +0100)] 
hw/intc/arm_gicv3: Fix decoding of ID register range

The GIC ID registers cover an area 0x30 bytes in size
(12 registers, 4 bytes each). We were incorrectly decoding
only the first 0x20 bytes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190524124248.28394-2-peter.maydell@linaro.org

2 years agohw/arm: Correctly disable FPU/DSP for some ARMSSE-based boards
Peter Maydell [Fri, 17 May 2019 17:40:46 +0000 (18:40 +0100)] 
hw/arm: Correctly disable FPU/DSP for some ARMSSE-based boards

The SSE-200 hardware has configurable integration settings which
determine whether its two CPUs have the FPU and DSP:
 * CPU0_FPU (default 0)
 * CPU0_DSP (default 0)
 * CPU1_FPU (default 1)
 * CPU1_DSP (default 1)

Similarly, the IoTKit has settings for its single CPU:
 * CPU0_FPU (default 1)
 * CPU0_DSP (default 1)

Of our four boards that use either the IoTKit or the SSE-200:
 * mps2-an505, mps2-an521 and musca-a use the default settings
 * musca-b1 enables FPU and DSP on both CPUs

Currently QEMU models all these boards using CPUs with
both FPU and DSP enabled. This means that we are incorrect
for mps2-an521 and musca-a, which should not have FPU or DSP
on CPU0.

Create QOM properties on the ARMSSE devices corresponding to the
default h/w integration settings, and make the Musca-B1 board
enable FPU and DSP on both CPUs. This fixes the mps2-an521
and musca-a behaviour, and leaves the musca-b1 and mps2-an505
behaviour unchanged.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190517174046.11146-5-peter.maydell@linaro.org

2 years agohw/arm/armv7m: Forward "vfp" and "dsp" properties to CPU
Peter Maydell [Fri, 17 May 2019 17:40:45 +0000 (18:40 +0100)] 
hw/arm/armv7m: Forward "vfp" and "dsp" properties to CPU

Create "vfp" and "dsp" properties on the armv7m container object
which will be forwarded to its CPU object, so that SoCs can
configure whether the CPU has these features.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190517174046.11146-4-peter.maydell@linaro.org

2 years agotarget/arm: Allow M-profile CPUs to disable the DSP extension via CPU property
Peter Maydell [Fri, 17 May 2019 17:40:44 +0000 (18:40 +0100)] 
target/arm: Allow M-profile CPUs to disable the DSP extension via CPU property

Allow the DSP extension to be disabled via a CPU property for
M-profile CPUs. (A and R-profile CPUs don't have this extension
as a defined separate optional architecture extension, so
they don't need the property.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190517174046.11146-3-peter.maydell@linaro.org

2 years agotarget/arm: Allow VFP and Neon to be disabled via a CPU property
Peter Maydell [Fri, 17 May 2019 17:40:43 +0000 (18:40 +0100)] 
target/arm: Allow VFP and Neon to be disabled via a CPU property

Allow VFP and neon to be disabled via a CPU property. As with
the "pmu" property, we only allow these features to be removed
from CPUs which have it by default, not added to CPUs which
don't have it.

The primary motivation here is to be able to optionally
create Cortex-M33 CPUs with no FPU, but we provide switches
for both VFP and Neon because the two interact:
 * AArch64 can't have one without the other
 * Some ID register fields only change if both are disabled

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190517174046.11146-2-peter.maydell@linaro.org

2 years agohw/arm/boot: Honour image size field in AArch64 Image format kernels
Peter Maydell [Thu, 16 May 2019 14:47:33 +0000 (15:47 +0100)] 
hw/arm/boot: Honour image size field in AArch64 Image format kernels

Since Linux v3.17, the kernel's Image header includes a field image_size,
which gives the total size of the kernel including unpopulated data
sections such as the BSS). If this is present, then return it from
load_aarch64_image() as the true size of the kernel rather than
just using the size of the Image file itself. This allows the code
which calculates where to put the initrd to avoid putting it in
the kernel's BSS area.

This means that we should be able to reliably load kernel images
which are larger than 128MB without accidentally putting the
initrd or dtb in locations that clash with the kernel itself.

Fixes: https://bugs.launchpad.net/qemu/+bug/1823998
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Message-id: 20190516144733.32399-5-peter.maydell@linaro.org

2 years agohw/arm/boot: Avoid placing the initrd on top of the kernel
Peter Maydell [Thu, 16 May 2019 14:47:32 +0000 (15:47 +0100)] 
hw/arm/boot: Avoid placing the initrd on top of the kernel

We currently put the initrd at the smaller of:
 * 128MB into RAM
 * halfway into the RAM
(with the dtb following it).

However for large kernels this might mean that the kernel
overlaps the initrd. For some kinds of kernel (self-decompressing
32-bit kernels, and ELF images with a BSS section at the end)
we don't know the exact size, but even there we have a
minimum size. Put the initrd at least further into RAM than
that. For image formats that can give us an exact kernel size, this
will mean that we definitely avoid overlaying kernel and initrd.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Message-id: 20190516144733.32399-4-peter.maydell@linaro.org

2 years agohw/arm/boot: Diagnose layouts that put initrd or DTB off the end of RAM
Peter Maydell [Thu, 16 May 2019 14:47:31 +0000 (15:47 +0100)] 
hw/arm/boot: Diagnose layouts that put initrd or DTB off the end of RAM

We calculate the locations in memory where we want to put the
initrd and the DTB based on the size of the kernel, since they
come after it. Add some explicit checks that these aren't off the
end of RAM entirely.

(At the moment the way we calculate the initrd_start means that
it can't ever be off the end of RAM, but that will change with
the next commit.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Message-id: 20190516144733.32399-3-peter.maydell@linaro.org

2 years agohw/arm/boot: Don't assume RAM starts at address zero
Peter Maydell [Thu, 16 May 2019 14:47:30 +0000 (15:47 +0100)] 
hw/arm/boot: Don't assume RAM starts at address zero

In the Arm kernel/initrd loading code, in some places we make the
incorrect assumption that info->ram_size can be treated as the
address of the end of RAM, as for instance when we calculate the
available space for the initrd using "info->ram_size - info->initrd_start".
This is wrong, because many Arm boards (including "virt") specify
a non-zero info->loader_start to indicate that their RAM area
starts at a non-zero physical address.

Correct the places which make this incorrect assumption.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Message-id: 20190516144733.32399-2-peter.maydell@linaro.org

2 years agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
Peter Maydell [Mon, 17 Jun 2019 10:55:14 +0000 (11:55 +0100)] 
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, acpi: fixes, cleanups

A bunch of minor fixes all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Sun 16 Jun 2019 21:46:31 BST
# gpg:                using RSA key 281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  tests/rebuild-expected-aml.sh: blow out difflist
  q35: update DSDT
  q35: fix mmconfig and PCI0._CRS
  hw/acpi: extract acpi_add_rom_blob()
  vhost: fix vhost_log size overflow during migration
  docs/vhost-user.json: some firmware.json copy leftovers
  vhost-user-gpu: initialize msghdr & iov at declaration
  vhost-user-input: check ioctl(EVIOCGNAME) return value
  vhost-user: improve error report
  vhost-user: check unix_listen() return value
  vhost-user-gpu: do not send scanout update if no GPU socket

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agoMerge remote-tracking branch 'remotes/lersek/tags/edk2-pull-2019-06-14' into staging
Peter Maydell [Mon, 17 Jun 2019 10:07:11 +0000 (11:07 +0100)] 
Merge remote-tracking branch 'remotes/lersek/tags/edk2-pull-2019-06-14' into staging

edk2-stable201905 was released on 2019-06-06:

  https://github.com/tianocore/edk2/releases/tag/edk2-stable201905

Advance QEMU's edk2 submodule to edk2-stable201905, and rebuild the
firmware binaries. This should be the edk2 release that goes into QEMU
4.1.

Launchpad: https://bugs.launchpad.net/qemu/+bug/1831477

# gpg: Signature made Fri 14 Jun 2019 21:09:29 BST
# gpg:                using RSA key D39DA71E0D496CFA
# gpg: Good signature from "Laszlo Ersek <lersek@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: F5D9 660F 1BA5 F310 A95A  C5E0 466A EAE0 6125 3988
#      Subkey fingerprint: B3A5 5D3F 88A8 90ED 2E63  3E8D D39D A71E 0D49 6CFA

* remotes/lersek/tags/edk2-pull-2019-06-14:
  pc-bios: update the README file with edk2-stable201905 information
  pc-bios: refresh edk2 build artifacts for edk2-stable201905
  roms/Makefile.edk2: update input file list for "pc-bios/edk2-licenses.txt"
  roms/Makefile.edk2: remove edk2-stable201903 network feature test macros
  roms/edk2: update submodule from edk2-stable201903 to edk2-stable201905
  roms/Makefile.edk2: define edk2-stable201905 network feature test macros

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotests/rebuild-expected-aml.sh: blow out difflist
Michael S. Tsirkin [Sun, 16 Jun 2019 20:43:03 +0000 (16:43 -0400)] 
tests/rebuild-expected-aml.sh: blow out difflist

As expected files have been updated, make sure we
do not forget to remove them from the allowed
diff list.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2 years agoq35: update DSDT
Michael S. Tsirkin [Sun, 16 Jun 2019 20:33:14 +0000 (16:33 -0400)] 
q35: update DSDT

update expected files and drop them from allowed diff list.

Fixes: 4a4418369d6 ("q35: fix mmconfig and PCI0._CRS")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2 years agoq35: fix mmconfig and PCI0._CRS
Gerd Hoffmann [Fri, 7 Jun 2019 07:34:29 +0000 (09:34 +0200)] 
q35: fix mmconfig and PCI0._CRS

This patch changes the handling of the mmconfig area.  Thanks to the
pci(e) expander devices we already have the logic to exclude address
ranges from PCI0._CRS.  We can simply add the mmconfig address range
to the list get it excluded as well.

With that in place we can go with a fixed pci hole which covers the
whole area from the end of (low) ram to the ioapic.

This will make the whole logic alot less fragile.  No matter where the
firmware places the mmconfig xbar, things should work correctly.  The
guest also gets a bit more PCI address space (seabios boot):

    # cat /proc/iomem
    [ ... ]
    7ffdd000-7fffffff : reserved
    80000000-afffffff : PCI Bus 0000:00            <<-- this is new
    b0000000-bfffffff : PCI MMCONFIG 0000 [bus 00-ff]
      b0000000-bfffffff : reserved
    c0000000-febfffff : PCI Bus 0000:00
      f8000000-fbffffff : 0000:00:01.0
    [ ... ]

So this is a guest visible change.

Cc: László Érsek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20190607073429.3436-1-kraxel@redhat.com>

2 years agohw/acpi: extract acpi_add_rom_blob()
Wei Yang [Mon, 10 Jun 2019 01:18:30 +0000 (09:18 +0800)] 
hw/acpi: extract acpi_add_rom_blob()

arm and i386 has almost the same function acpi_add_rom_blob(), except
giving different FWCfgCallback function.

This patch moves acpi_add_rom_blob() to utils.c by passing
FWCfgCallback to it.

Signed-off-by: Wei Yang <richardw.yang@linux.intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
v7:
  * rebase on top of current master because of conflict
v6:
  * change author from Igor to Michael
v5:
  * remove unnecessary header glib/gprintf.h
  * rearrange include header to make it more suitable
v4:
  * extract -> moves
  * adjust comment in source to make checkpatch happy
v3:
  * put acpi_add_rom_blob() to hw/acpi/utils.c
v2:
  * remove unused header in original source file
Message-Id: <20190610011830.28398-1-richardw.yang@linux.intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2 years agovhost: fix vhost_log size overflow during migration
Li Hangjing [Mon, 3 Jun 2019 06:15:24 +0000 (14:15 +0800)] 
vhost: fix vhost_log size overflow during migration

When a guest which doesn't support multiqueue is migrated with a multi queues
vhost-user-blk deivce, a crash will occur like:

0 qemu_memfd_alloc (name=<value optimized out>, size=562949953421312, seals=<value optimized out>, fd=0x7f87171fe8b4, errp=0x7f87171fe8a8) at util/memfd.c:153
1 0x00007f883559d7cf in vhost_log_alloc (size=70368744177664, share=true) at hw/virtio/vhost.c:186
2 0x00007f88355a0758 in vhost_log_get (listener=0x7f8838bd7940, enable=1) at qemu-2-12/hw/virtio/vhost.c:211
3 vhost_dev_log_resize (listener=0x7f8838bd7940, enable=1) at hw/virtio/vhost.c:263
4 vhost_migration_log (listener=0x7f8838bd7940, enable=1) at hw/virtio/vhost.c:787
5 0x00007f88355463d6 in memory_global_dirty_log_start () at memory.c:2503
6 0x00007f8835550577 in ram_init_bitmaps (f=0x7f88384ce600, opaque=0x7f8836024098) at migration/ram.c:2173
7 ram_init_all (f=0x7f88384ce600, opaque=0x7f8836024098) at migration/ram.c:2192
8 ram_save_setup (f=0x7f88384ce600, opaque=0x7f8836024098) at migration/ram.c:2219
9 0x00007f88357a419d in qemu_savevm_state_setup (f=0x7f88384ce600) at migration/savevm.c:1002
10 0x00007f883579fc3e in migration_thread (opaque=0x7f8837530400) at migration/migration.c:2382
11 0x00007f8832447893 in start_thread () from /lib64/libpthread.so.0
12 0x00007f8832178bfd in clone () from /lib64/libc.so.6

This is because vhost_get_log_size() returns a overflowed vhost-log size.
In this function, it uses the uninitialized variable vqs->used_phys and
vqs->used_size to get the vhost-log size.

Signed-off-by: Li Hangjing <lihangjing@baidu.com>
Reviewed-by: Xie Yongji <xieyongji@baidu.com>
Reviewed-by: Chai Wen <chaiwen@baidu.com>
Message-Id: <20190603061524.24076-1-lihangjing@baidu.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2 years agodocs/vhost-user.json: some firmware.json copy leftovers
Marc-André Lureau [Wed, 5 Jun 2019 13:12:21 +0000 (15:12 +0200)] 
docs/vhost-user.json: some firmware.json copy leftovers

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190605131221.29432-1-marcandre.lureau@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2 years agovhost-user-gpu: initialize msghdr & iov at declaration
Marc-André Lureau [Wed, 5 Jun 2019 14:58:29 +0000 (16:58 +0200)] 
vhost-user-gpu: initialize msghdr & iov at declaration

This should fix uninitialized fields found by coverity CID 1401762.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190605145829.7674-6-marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2 years agovhost-user-input: check ioctl(EVIOCGNAME) return value
Marc-André Lureau [Wed, 5 Jun 2019 14:58:28 +0000 (16:58 +0200)] 
vhost-user-input: check ioctl(EVIOCGNAME) return value

This should fix coverity CID 1401704.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190605145829.7674-5-marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2 years agovhost-user: improve error report
Marc-André Lureau [Wed, 5 Jun 2019 14:58:27 +0000 (16:58 +0200)] 
vhost-user: improve error report

g_printerr() needs a trailing \n

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190605145829.7674-4-marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>