qemu.git
4 years agoblock: Byte-based bdrv_co_do_copy_on_readv()
Kevin Wolf [Thu, 2 Jun 2016 09:41:52 +0000 (11:41 +0200)] 
block: Byte-based bdrv_co_do_copy_on_readv()

In a first step to convert the common I/O path to work on bytes rather
than sectors, this converts the copy-on-read logic that is used by
bdrv_aligned_preadv().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
4 years agoblock: drop support for using qcow[2] encryption with system emulators
Daniel P. Berrange [Mon, 13 Jun 2016 11:30:09 +0000 (12:30 +0100)] 
block: drop support for using qcow[2] encryption with system emulators

Back in the 2.3.0 release we declared qcow[2] encryption as
deprecated, warning people that it would be removed in a future
release.

  commit a1f688f4152e65260b94f37543521ceff8bfebe4
  Author: Markus Armbruster <armbru@redhat.com>
  Date:   Fri Mar 13 21:09:40 2015 +0100

    block: Deprecate QCOW/QCOW2 encryption

The code still exists today, but by a (happy?) accident we entirely
broke the ability to use qcow[2] encryption in the system emulators
in the 2.4.0 release due to

  commit 8336aafae1451d54c81dd2b187b45f7c45d2428e
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Tue May 12 17:09:18 2015 +0100

    qcow2/qcow: protect against uninitialized encryption key

This commit was designed to prevent future coding bugs which
might cause QEMU to read/write data on an encrypted block
device in plain text mode before a decryption key is set.

It turns out this preventative measure was a little too good,
because we already had a long standing bug where QEMU read
encrypted data in plain text mode during system emulator
startup, in order to guess disk geometry:

  Thread 10 (Thread 0x7fffd3fff700 (LWP 30373)):
  #0  0x00007fffe90b1a28 in raise () at /lib64/libc.so.6
  #1  0x00007fffe90b362a in abort () at /lib64/libc.so.6
  #2  0x00007fffe90aa227 in __assert_fail_base () at /lib64/libc.so.6
  #3  0x00007fffe90aa2d2 in  () at /lib64/libc.so.6
  #4  0x000055555587ae19 in qcow2_co_readv (bs=0x5555562accb0, sector_num=0, remaining_sectors=1, qiov=0x7fffffffd260) at block/qcow2.c:1229
  #5  0x000055555589b60d in bdrv_aligned_preadv (bs=bs@entry=0x5555562accb0, req=req@entry=0x7fffd3ffea50, offset=offset@entry=0, bytes=bytes@entry=512, align=align@entry=512, qiov=qiov@entry=0x7fffffffd260, flags=0) at block/io.c:908
  #6  0x000055555589b8bc in bdrv_co_do_preadv (bs=0x5555562accb0, offset=0, bytes=512, qiov=0x7fffffffd260, flags=<optimized out>) at block/io.c:999
  #7  0x000055555589c375 in bdrv_rw_co_entry (opaque=0x7fffffffd210) at block/io.c:544
  #8  0x000055555586933b in coroutine_thread (opaque=0x555557876310) at coroutine-gthread.c:134
  #9  0x00007ffff64e1835 in g_thread_proxy (data=0x5555562b5590) at gthread.c:778
  #10 0x00007ffff6bb760a in start_thread () at /lib64/libpthread.so.0
  #11 0x00007fffe917f59d in clone () at /lib64/libc.so.6

  Thread 1 (Thread 0x7ffff7ecab40 (LWP 30343)):
  #0  0x00007fffe91797a9 in syscall () at /lib64/libc.so.6
  #1  0x00007ffff64ff87f in g_cond_wait (cond=cond@entry=0x555555e085f0 <coroutine_cond>, mutex=mutex@entry=0x555555e08600 <coroutine_lock>) at gthread-posix.c:1397
  #2  0x00005555558692c3 in qemu_coroutine_switch (co=<optimized out>) at coroutine-gthread.c:117
  #3  0x00005555558692c3 in qemu_coroutine_switch (from_=0x5555562b5e30, to_=to_@entry=0x555557876310, action=action@entry=COROUTINE_ENTER) at coroutine-gthread.c:175
  #4  0x0000555555868a90 in qemu_coroutine_enter (co=0x555557876310, opaque=0x0) at qemu-coroutine.c:116
  #5  0x0000555555859b84 in thread_pool_completion_bh (opaque=0x7fffd40010e0) at thread-pool.c:187
  #6  0x0000555555859514 in aio_bh_poll (ctx=ctx@entry=0x5555562953b0) at async.c:85
  #7  0x0000555555864d10 in aio_dispatch (ctx=ctx@entry=0x5555562953b0) at aio-posix.c:135
  #8  0x0000555555864f75 in aio_poll (ctx=ctx@entry=0x5555562953b0, blocking=blocking@entry=true) at aio-posix.c:291
  #9  0x000055555589c40d in bdrv_prwv_co (bs=bs@entry=0x5555562accb0, offset=offset@entry=0, qiov=qiov@entry=0x7fffffffd260, is_write=is_write@entry=false, flags=flags@entry=(unknown: 0)) at block/io.c:591
  #10 0x000055555589c503 in bdrv_rw_co (bs=bs@entry=0x5555562accb0, sector_num=sector_num@entry=0, buf=buf@entry=0x7fffffffd2e0 "\321,", nb_sectors=nb_sectors@entry=21845, is_write=is_write@entry=false, flags=flags@entry=(unknown: 0)) at block/io.c:614
  #11 0x000055555589c562 in bdrv_read_unthrottled (nb_sectors=21845, buf=0x7fffffffd2e0 "\321,", sector_num=0, bs=0x5555562accb0) at block/io.c:622
  #12 0x000055555589c562 in bdrv_read_unthrottled (bs=0x5555562accb0, sector_num=sector_num@entry=0, buf=buf@entry=0x7fffffffd2e0 "\321,", nb_sectors=nb_sectors@entry=21845) at block/io.c:634
    nb_sectors@entry=1) at block/block-backend.c:504
  #14 0x0000555555752e9f in guess_disk_lchs (blk=blk@entry=0x5555562a5290, pcylinders=pcylinders@entry=0x7fffffffd52c, pheads=pheads@entry=0x7fffffffd530, psectors=psectors@entry=0x7fffffffd534) at hw/block/hd-geometry.c:68
  #15 0x0000555555752ff7 in hd_geometry_guess (blk=0x5555562a5290, pcyls=pcyls@entry=0x555557875d1c, pheads=pheads@entry=0x555557875d20, psecs=psecs@entry=0x555557875d24, ptrans=ptrans@entry=0x555557875d28) at hw/block/hd-geometry.c:133
  #16 0x0000555555752b87 in blkconf_geometry (conf=conf@entry=0x555557875d00, ptrans=ptrans@entry=0x555557875d28, cyls_max=cyls_max@entry=65536, heads_max=heads_max@entry=16, secs_max=secs_max@entry=255, errp=errp@entry=0x7fffffffd5e0) at hw/block/block.c:71
  #17 0x0000555555799bc4 in ide_dev_initfn (dev=0x555557875c80, kind=IDE_HD) at hw/ide/qdev.c:174
  #18 0x0000555555768394 in device_realize (dev=0x555557875c80, errp=0x7fffffffd640) at hw/core/qdev.c:247
  #19 0x0000555555769a81 in device_set_realized (obj=0x555557875c80, value=<optimized out>, errp=0x7fffffffd730) at hw/core/qdev.c:1058
  #20 0x00005555558240ce in property_set_bool (obj=0x555557875c80, v=<optimized out>, opaque=0x555557875de0, name=<optimized out>, errp=0x7fffffffd730)
        at qom/object.c:1514
  #21 0x0000555555826c87 in object_property_set_qobject (obj=obj@entry=0x555557875c80, value=value@entry=0x55555784bcb0, name=name@entry=0x55555591cb3d "realized", errp=errp@entry=0x7fffffffd730) at qom/qom-qobject.c:24
  #22 0x0000555555825760 in object_property_set_bool (obj=obj@entry=0x555557875c80, value=value@entry=true, name=name@entry=0x55555591cb3d "realized", errp=errp@entry=0x7fffffffd730) at qom/object.c:905
  #23 0x000055555576897b in qdev_init_nofail (dev=dev@entry=0x555557875c80) at hw/core/qdev.c:380
  #24 0x0000555555799ead in ide_create_drive (bus=bus@entry=0x555557629630, unit=unit@entry=0, drive=0x5555562b77e0) at hw/ide/qdev.c:122
  #25 0x000055555579a746 in pci_ide_create_devs (dev=dev@entry=0x555557628db0, hd_table=hd_table@entry=0x7fffffffd830) at hw/ide/pci.c:440
  #26 0x000055555579b165 in pci_piix3_ide_init (bus=<optimized out>, hd_table=0x7fffffffd830, devfn=<optimized out>) at hw/ide/piix.c:218
  #27 0x000055555568ca55 in pc_init1 (machine=0x5555562960a0, pci_enabled=1, kvmclock_enabled=<optimized out>) at /home/berrange/src/virt/qemu/hw/i386/pc_piix.c:256
  #28 0x0000555555603ab2 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4249

So the safety net is correctly preventing QEMU reading cipher
text as if it were plain text, during startup and aborting QEMU
to avoid bad usage of this data.

For added fun this bug only happens if the encrypted qcow2
file happens to have data written to the first cluster,
otherwise the cluster won't be allocated and so qcow2 would
not try the decryption routines at all, just return all 0's.

That no one even noticed, let alone reported, this bug that
has shipped in 2.4.0, 2.5.0 and 2.6.0 shows that the number
of actual users of encrypted qcow2 is approximately zero.

So rather than fix the crash, and backport it to stable
releases, just go ahead with what we have warned users about
and disable any use of qcow2 encryption in the system
emulators. qemu-img/qemu-io/qemu-nbd are still able to access
qcow2 encrypted images for the sake of data conversion.

In the future, qcow2 will gain support for the alternative
luks format, but when this happens it'll be using the
'-object secret' infrastructure for getting keys, which
avoids this problematic scenario entirely.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoblock: Assert that flags are in range
Eric Blake [Mon, 13 Jun 2016 18:56:35 +0000 (12:56 -0600)] 
block: Assert that flags are in range

Add a new BDRV_REQ_MASK constant, and use it to make sure that
caller flags are always valid.

Tested with 'make check' and with qemu-iotests on both '-raw'
and '-qcow2'; the only failure turned up was fixed in the
previous commit.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoblock: Avoid bogus flags during mirroring
Eric Blake [Mon, 13 Jun 2016 18:56:34 +0000 (12:56 -0600)] 
block: Avoid bogus flags during mirroring

Commit e253f4b8 converted mirroring from sector-based bdrv_aio_*
to byte-based blk_aio_*, but failed to account for the subtle
difference in signatures (the former takes a semi-redundant length,
the latter takes a flags parameter).  Since all of our flags are
currently smaller in size than BDRV_SECTOR_SIZE, it has no ill
effects until we either perform sub-sector mirroring, or we start
asserting that no unexpected flags are set.  I found it while
testing new asserts when qemu-iotests 132 started warning about an
unknown flag 0x200000.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoqemu-img bench: Fix uninitialised writethrough mode
Kevin Wolf [Tue, 14 Jun 2016 09:29:32 +0000 (11:29 +0200)] 
qemu-img bench: Fix uninitialised writethrough mode

If no -t option is specified, bool writethrough stayed uninitialised.
Initialise it as false, which makes cache=writeback the default cache
mode.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
4 years agom25p80: fix test on blk_pread() return value
Cédric Le Goater [Tue, 31 May 2016 11:36:05 +0000 (13:36 +0200)] 
m25p80: fix test on blk_pread() return value

commit 243e6f69c129 ("m25p80: Switch to byte-based block access")
replaced blk_read() calls with blk_pread() but return values are
different.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agohmp: acquire aio_context in hmp_qemu_io
Vladimir Sementsov-Ogievskiy [Wed, 8 Jun 2016 09:39:17 +0000 (12:39 +0300)] 
hmp: acquire aio_context in hmp_qemu_io

Acquire aio context before run command, this is mandatory for unit tests.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoblockdev: clarify error on attempt to open locked tray
Colin Lord [Wed, 8 Jun 2016 17:56:28 +0000 (13:56 -0400)] 
blockdev: clarify error on attempt to open locked tray

When opening a device with a locked tray, gives an error explaining the
device tray is locked and that the user should wait and try again. This
is less confusing than the previous error, which simply stated that the
tray was locked.

Signed-off-by: Colin Lord <clord@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoqcow2: Implement .bdrv_co_pwritev()
Kevin Wolf [Wed, 1 Jun 2016 14:55:05 +0000 (16:55 +0200)] 
qcow2: Implement .bdrv_co_pwritev()

This changes qcow2 to implement the byte-based .bdrv_co_pwritev
interface rather than the sector-based old one.

As preallocation uses the same allocation function as normal writes, and
the interface of that function needs to be changed, it is converted in
the same patch.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
4 years agoqcow2: Use bytes instead of sectors for QCowL2Meta
Kevin Wolf [Wed, 1 Jun 2016 12:08:56 +0000 (14:08 +0200)] 
qcow2: Use bytes instead of sectors for QCowL2Meta

In preparation for implementing .bdrv_co_pwritev in qcow2.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
4 years agoqcow2: Make copy_sectors() byte based
Kevin Wolf [Wed, 1 Jun 2016 13:21:05 +0000 (15:21 +0200)] 
qcow2: Make copy_sectors() byte based

This will allow copy on write operations where the overwritten part of
the cluster is not aligned to sector boundaries.

Also rename the function because it has nothing to do with sectors any
more.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
4 years agoqcow2: Implement .bdrv_co_preadv()
Kevin Wolf [Tue, 31 May 2016 14:13:07 +0000 (16:13 +0200)] 
qcow2: Implement .bdrv_co_preadv()

Reading from qcow2 images is now byte granularity.

Most of the affected code in qcow2 actually gets simpler with this
change. The only exception is encryption, which is fixed on 512 bytes
blocks; in order to keep this working, bs->request_alignment is set for
encrypted images.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
4 years agoqcow2: Work with bytes in qcow2_get_cluster_offset()
Kevin Wolf [Tue, 31 May 2016 14:41:09 +0000 (16:41 +0200)] 
qcow2: Work with bytes in qcow2_get_cluster_offset()

This patch changes the units that qcow2_get_cluster_offset() uses
internally, without touching the interface just yet. This will be done
in another patch.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/amit-migration/tags/migration-for-2.7-4' into...
Peter Maydell [Thu, 16 Jun 2016 09:53:33 +0000 (10:53 +0100)] 
Merge remote-tracking branch 'remotes/amit-migration/tags/migration-for-2.7-4' into staging

Migration:

- Fixes for TLS series
- Postcopy: Add stats, fix, test case

# gpg: Signature made Thu 16 Jun 2016 05:40:09 BST
# gpg:                using RSA key 0xEB0B4DFC657EF670
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"
# Primary key fingerprint: 48CA 3722 5FE7 F4A8 B337  2735 1E9A 3B5F 8540 83B6
#      Subkey fingerprint: CC63 D332 AB8F 4617 4529  6534 EB0B 4DFC 657E F670

* remotes/amit-migration/tags/migration-for-2.7-4:
  migration: rename functions to starting migrations
  migration: fix typos in qapi-schema from latest migration additions
  Postcopy: Check for support when setting the capability
  tests: fix libqtest socket timeouts
  test: Postcopy
  Postcopy: Add stats on page requests
  Migration: Split out ram part of qmp_query_migrate
  Postcopy: Avoid 0 length discards

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agomigration: rename functions to starting migrations
Daniel P. Berrange [Wed, 1 Jun 2016 10:17:14 +0000 (11:17 +0100)] 
migration: rename functions to starting migrations

Apply the following renames for starting incoming migration:

 process_incoming_migration -> migration_fd_process_incoming
 migration_set_incoming_channel -> migration_channel_process_incoming
 migration_tls_set_incoming_channel -> migration_tls_channel_process_incoming

and for starting outgoing migration:

 migration_set_outgoing_channel -> migration_channel_connect
 migration_tls_set_outgoing_channel -> migration_tls_channel_connect

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1464776234-9910-3-git-send-email-berrange@redhat.com
Message-Id: <1464776234-9910-3-git-send-email-berrange@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
4 years agomigration: fix typos in qapi-schema from latest migration additions
Daniel P. Berrange [Wed, 1 Jun 2016 10:17:13 +0000 (11:17 +0100)] 
migration: fix typos in qapi-schema from latest migration additions

Recent migration QAPI enhancements had a few spelling mistakes
and also incorrect version number in a few places.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1464776234-9910-2-git-send-email-berrange@redhat.com
Message-Id: <1464776234-9910-2-git-send-email-berrange@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
4 years agoPostcopy: Check for support when setting the capability
Dr. David Alan Gilbert [Mon, 13 Jun 2016 11:16:45 +0000 (12:16 +0100)] 
Postcopy: Check for support when setting the capability

Knowing whether the destination host supports migration with
postcopy can be tricky.
The destination doesn't need the capability set, however
if we set it then use the opportunity to do the test and
tell the user/management layer early.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1465816605-29488-7-git-send-email-dgilbert@redhat.com
Message-Id: <1465816605-29488-7-git-send-email-dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
4 years agotests: fix libqtest socket timeouts
Andrea Arcangeli [Mon, 13 Jun 2016 11:16:44 +0000 (12:16 +0100)] 
tests: fix libqtest socket timeouts

I kept getting timeouts and unix socket accept failures under high
load, the patch fixes it.

Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Message-id: 1465816605-29488-6-git-send-email-dgilbert@redhat.com
Message-Id: <1465816605-29488-6-git-send-email-dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
4 years agotest: Postcopy
Dr. David Alan Gilbert [Mon, 13 Jun 2016 11:16:43 +0000 (12:16 +0100)] 
test: Postcopy

This is a postcopy test (x86 only) that actually runs the guest
and checks the memory contents.

The test runs from an x86 boot block with the hex embedded in the test;
the source for this is:

...........

.code16
.org 0x7c00
.file "fill.s"
.text
.globl start
.type start, @function
start:             # at 0x7c00 ?
        cli
        lgdt gdtdesc
        mov $1,%eax
        mov %eax,%cr0  # Protected mode enable
        data32 ljmp $8,$0x7c20

.org 0x7c20
.code32
        # A20 enable - not sure I actually need this
        inb $0x92,%al
        or  $2,%al
        outb %al, $0x92

        # set up DS for the whole of RAM (needed on KVM)
        mov $16,%eax
        mov %eax,%ds

        mov $65,%ax
        mov $0x3f8,%dx
        outb %al,%dx

        # bl keeps a counter so we limit the output speed
        mov $0, %bl
mainloop:
        # Start from 1MB
        mov $(1024*1024),%eax
innerloop:
        incb (%eax)
        add $4096,%eax
        cmp $(100*1024*1024),%eax
        jl innerloop

        inc %bl
        jnz mainloop

        mov $66,%ax
        mov $0x3f8,%dx
        outb %al,%dx

jmp mainloop

        # GDT magic from old (GPLv2)  Grub startup.S
        .p2align        2       /* force 4-byte alignment */
gdt:
        .word   0, 0
        .byte   0, 0, 0, 0

        /* -- code segment --
         * base = 0x00000000, limit = 0xFFFFF (4 KiB Granularity), present
         * type = 32bit code execute/read, DPL = 0
         */
        .word   0xFFFF, 0
        .byte   0, 0x9A, 0xCF, 0

        /* -- data segment --
         * base = 0x00000000, limit 0xFFFFF (4 KiB Granularity), present
         * type = 32 bit data read/write, DPL = 0
         */
        .word   0xFFFF, 0
        .byte   0, 0x92, 0xCF, 0

gdtdesc:
        .word   0x27                    /* limit */
        .long   gdt                     /* addr */

/* I'm a bootable disk */
.org 0x7dfe
        .byte 0x55
        .byte 0xAA

...........

and that can be assembled by the following magic:
    as --32 -march=i486 fill.s -o fill.o
    objcopy -O binary fill.o fill.boot
    dd if=fill.boot of=bootsect bs=256 count=2 skip=124
    xxd -i bootsect

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Message-id: 1465816605-29488-5-git-send-email-dgilbert@redhat.com
Message-Id: <1465816605-29488-5-git-send-email-dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
4 years agoPostcopy: Add stats on page requests
Dr. David Alan Gilbert [Mon, 13 Jun 2016 11:16:42 +0000 (12:16 +0100)] 
Postcopy: Add stats on page requests

On the source, add a count of page requests received from the
destination.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Message-id: 1465816605-29488-4-git-send-email-dgilbert@redhat.com
Message-Id: <1465816605-29488-4-git-send-email-dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
4 years agoMigration: Split out ram part of qmp_query_migrate
Dr. David Alan Gilbert [Mon, 13 Jun 2016 11:16:41 +0000 (12:16 +0100)] 
Migration: Split out ram part of qmp_query_migrate

The RAM section of qmp_query_migrate is reasonably complex
and repeated 3 times.  Split it out into a helper.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1465816605-29488-3-git-send-email-dgilbert@redhat.com
Reviwed-by: Denis V. Lunev <den@openvz.org>
Message-Id: <1465816605-29488-3-git-send-email-dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
4 years agoPostcopy: Avoid 0 length discards
Dr. David Alan Gilbert [Mon, 13 Jun 2016 11:16:40 +0000 (12:16 +0100)] 
Postcopy: Avoid 0 length discards

The discard code in migration/ram.c would send request for
zero length discards in the case where no discards were needed.
It doesn't appear to have had any bad effect.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Message-id: 1465816605-29488-2-git-send-email-dgilbert@redhat.com
Message-Id: <1465816605-29488-2-git-send-email-dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
Peter Maydell [Wed, 15 Jun 2016 15:12:19 +0000 (16:12 +0100)] 
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging

X86 queue, 2016-06-14 (v2)

# gpg: Signature made Tue 14 Jun 2016 22:29:04 BST
# gpg:                using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-pull-request:
  target-i386: Consolidate calls of object_property_parse() in x86_cpu_parse_featurestr
  target-i386: Use cpu_generic_init() in cpu_x86_init()
  target-i386: Move xcc->kvm_required check to realize time
  target-i386: Remove assert(kvm_enabled()) from host_x86_cpu_initfn()
  target-i386: Move features logic that requires CPUState to realize time
  target-i386: Remove xlevel & hv-spinlocks option fixups
  target-i386: Implement CPUID[0xB] (Extended Topology Enumeration)
  pc: Add 2.7 machine
  target-i386: add Skylake-Client cpu model

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-i386: Consolidate calls of object_property_parse() in x86_cpu_parse_featurestr
Eduardo Habkost [Thu, 9 Jun 2016 17:10:58 +0000 (19:10 +0200)] 
target-i386: Consolidate calls of object_property_parse() in x86_cpu_parse_featurestr

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
4 years agotarget-i386: Use cpu_generic_init() in cpu_x86_init()
Igor Mammedov [Mon, 6 Jun 2016 15:16:46 +0000 (17:16 +0200)] 
target-i386: Use cpu_generic_init() in cpu_x86_init()

Now cpu_x86_init() does nothing more or less
than duplicating cpu_generic_init() logic.
So simplify it by using cpu_generic_init().

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
4 years agotarget-i386: Move xcc->kvm_required check to realize time
Igor Mammedov [Mon, 6 Jun 2016 15:16:45 +0000 (17:16 +0200)] 
target-i386: Move xcc->kvm_required check to realize time

It will allow to drop custom cpu_x86_init() and use
cpu_generic_init() instead, reducing cpu_x86_create()
to a simple 3-liner.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
4 years agotarget-i386: Remove assert(kvm_enabled()) from host_x86_cpu_initfn()
Eduardo Habkost [Fri, 10 Jun 2016 11:42:08 +0000 (08:42 -0300)] 
target-i386: Remove assert(kvm_enabled()) from host_x86_cpu_initfn()

The code will be changed to allow creation of the CPU object and
report kvm_required errors only at realizefn, so we need to make
the instance_init function more flexible.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
4 years agotarget-i386: Move features logic that requires CPUState to realize time
Igor Mammedov [Mon, 6 Jun 2016 15:16:44 +0000 (17:16 +0200)] 
target-i386: Move features logic that requires CPUState to realize time

Making x86_cpu_parse_featurestr() a pure convertor
of legacy feature string into global properties, needs
it to be called before a CPU instance is created so
parser shouldn't modify CPUState directly or access
it at all. Hence move current hack that directly pokes
into CPUState, to set/unset +-feats, from parser to
CPU's realize method.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
4 years agotarget-i386: Remove xlevel & hv-spinlocks option fixups
Eduardo Habkost [Thu, 2 Jun 2016 16:46:13 +0000 (13:46 -0300)] 
target-i386: Remove xlevel & hv-spinlocks option fixups

The "fixup will be removed in future versions" warnings are
present since QEMU 1.7.0, at least, so users should have fixed
their scripts and configurations, already.

In the case of libvirt users, libvirt doesn't use the "xlevel"
option, and already rejects HyperV spinlock retry count < 0xFFF.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
4 years agotarget-i386: Implement CPUID[0xB] (Extended Topology Enumeration)
Radim Krčmář [Thu, 12 May 2016 17:24:26 +0000 (19:24 +0200)] 
target-i386: Implement CPUID[0xB] (Extended Topology Enumeration)

I looked at a dozen Intel CPU that have this CPUID and all of them
always had Core offset as 1 (a wasted bit when hyperthreading is
disabled) and Package offset at least 4 (wasted bits at <= 4 cores).

QEMU uses more compact IDs and it doesn't make much sense to change it
now.  I keep the SMT and Core sub-leaves even if there is just one
thread/core;  it makes the code simpler and there should be no harm.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
4 years agopc: Add 2.7 machine
Igor Mammedov [Tue, 17 May 2016 14:43:10 +0000 (16:43 +0200)] 
pc: Add 2.7 machine

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
4 years agotarget-i386: add Skylake-Client cpu model
Eduardo Habkost [Wed, 27 Apr 2016 08:13:06 +0000 (16:13 +0800)] 
target-i386: add Skylake-Client cpu model

Introduce Skylake-Client cpu mode which inherits the features from
Broadwell and supports some additional features that are: MPX,
XSAVEC, and XGETBV1.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/sstabellini/tags/xen-20160614-tag' into staging
Peter Maydell [Tue, 14 Jun 2016 15:32:32 +0000 (16:32 +0100)] 
Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20160614-tag' into staging

Xen 2016/06/14

# gpg: Signature made Tue 14 Jun 2016 16:01:52 BST
# gpg:                using RSA key 0x894F8F4870E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"
# Primary key fingerprint: D04E 33AB A51F 67BA 07D3  0AEA 894F 8F48 70E1 AE90

* remotes/sstabellini/tags/xen-20160614-tag:
  xen: Clean up includes
  xen/blkif: avoid double access to any shared ring request fields

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160614-2' into...
Peter Maydell [Tue, 14 Jun 2016 15:04:25 +0000 (16:04 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160614-2' into staging

target-arm queue:
 * add PMU support for virt machine under KVM
 * fix reset and migration of TTBCR(S)
 * add virt-2.7 machine type
 * QOMify various ARM devices
 * implement xilinx DisplayPort device
 * don't permit ARMv8-only Neon insns to work on ARMv7

# gpg: Signature made Tue 14 Jun 2016 16:01:45 BST
# gpg:                using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20160614-2: (30 commits)
  target-arm: Don't permit ARMv8-only Neon insns on ARMv7
  arm: xlnx-zynqmp: Add xlnx-dp and xlnx-dpdma
  introduce xlnx-dp
  introduce xlnx-dpdma
  hw/i2c-ddc.c: Implement DDC I2C slave
  introduce dpcd module
  introduce aux-bus
  i2c: Factor our send() and recv() common logic
  i2c: implement broadcast write
  i2cbus: remove unused dev field
  hw/sd: QOM'ify pl181.c
  hw/dma: QOM'ify pxa2xx_dma.c
  hw/misc: QOM'ify mst_fpga.c
  hw/misc: QOM'ify exynos4210_pmu.c
  hw/misc: QOM'ify arm_l2x0.c
  hw/gpio: QOM'ify zaurus.c
  hw/gpio: QOM'ify pl061.c
  hw/gpio: QOM'ify omap_gpio.c
  hw/i2c: QOM'ify versatile_i2c.c
  hw/i2c: QOM'ify omap_i2c.c
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Don't permit ARMv8-only Neon insns on ARMv7
Peter Maydell [Tue, 14 Jun 2016 14:59:15 +0000 (15:59 +0100)] 
target-arm: Don't permit ARMv8-only Neon insns on ARMv7

The Neon instructions VCVTA, VCVTM, VCVTN, VCVTP, VRINTA, VRINTM,
VRINTN, VRINTP, VRINTX, and VRINTZ were only introduced with ARMv8,
so they need a guard to make them UNDEF if the CPU only supports ARMv7.
(We got this right for all the other new-in-v8 insns, but forgot
it for these Neon 2-reg-misc ops.)

Reported-by: Christophe Lyon <christophe.lyon@linaro.org>
Tested-by: Christophe Lyon <christophe.lyon@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1465492511-9333-1-git-send-email-peter.maydell@linaro.org

4 years agoarm: xlnx-zynqmp: Add xlnx-dp and xlnx-dpdma
KONRAD Frederic [Tue, 14 Jun 2016 14:59:15 +0000 (15:59 +0100)] 
arm: xlnx-zynqmp: Add xlnx-dp and xlnx-dpdma

This adds the DP and the DPDMA to the Zynq MP platform.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Tested-By: Hyun Kwon <hyun.kwon@xilinx.com>
Message-id: 1465833014-21982-10-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agointroduce xlnx-dp
KONRAD Frederic [Tue, 14 Jun 2016 14:59:15 +0000 (15:59 +0100)] 
introduce xlnx-dp

This is the implementation of the DisplayPort.
It has an aux-bus to access dpcd and edid.

Graphic plane is connected to the channel 3.
Video plane is connected to the channel 0.
Audio stream are connected to the channels 4 and 5.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Tested-By: Hyun Kwon <hyun.kwon@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1465833014-21982-9-git-send-email-fred.konrad@greensocs.com
[PMM: fixed format strings]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agointroduce xlnx-dpdma
KONRAD Frederic [Tue, 14 Jun 2016 14:59:15 +0000 (15:59 +0100)] 
introduce xlnx-dpdma

This is the implementation of the DPDMA.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Tested-By: Hyun Kwon <hyun.kwon@xilinx.com>
Message-id: 1465833014-21982-8-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/i2c-ddc.c: Implement DDC I2C slave
Peter Maydell [Tue, 14 Jun 2016 14:59:15 +0000 (15:59 +0100)] 
hw/i2c-ddc.c: Implement DDC I2C slave

Implement an I2C slave which implements DDC and returns the
EDID data for an attached monitor.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Tested-by: Hyun Kwon <hyun.kwon@xilinx.com>
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Message-id: 1465833014-21982-7-git-send-email-fred.konrad@greensocs.com

  - Rebased on the current master.
  - Modified for QOM.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Tested-By: Hyun Kwon <hyun.kwon@xilinx.com>
[PMM: actually wire up the vmstate to dc->vmsd]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agointroduce dpcd module
KONRAD Frederic [Tue, 14 Jun 2016 14:59:15 +0000 (15:59 +0100)] 
introduce dpcd module

This introduces dpcd module.
It wires on a aux-bus and can be accessed by the driver to get lane-speed, etc.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Tested-By: Hyun Kwon <hyun.kwon@xilinx.com>
Message-id: 1465833014-21982-6-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agointroduce aux-bus
KONRAD Frederic [Tue, 14 Jun 2016 14:59:15 +0000 (15:59 +0100)] 
introduce aux-bus

This introduces a new bus: aux-bus.

It contains an address space for aux slaves devices and a bridge to an I2C bus
for I2C through AUX transactions.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Tested-By: Hyun Kwon <hyun.kwon@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1465833014-21982-5-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoi2c: Factor our send() and recv() common logic
Peter Crosthwaite [Tue, 14 Jun 2016 14:59:14 +0000 (15:59 +0100)] 
i2c: Factor our send() and recv() common logic

Most of the control flow logic between send and recv (error checking
etc) is the same. Factor this out into a common send_recv() API.
This is then usable by clients, where the control logic for send
and receive differs only by a boolean. E.g.

if (send)
   i2c_send(...):
else
   i2c_recv(...);

becomes:

i2c_send_recv(... , send);

Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Message-id: 1465833014-21982-4-git-send-email-fred.konrad@greensocs.com
Changes from FK:
  * Rebased on master.
  * Rebased on my i2c broadcast patch.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoi2c: implement broadcast write
KONRAD Frederic [Tue, 14 Jun 2016 14:59:14 +0000 (15:59 +0100)] 
i2c: implement broadcast write

This does a write to every slaves when the I2C bus get a write to address 0.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Tested-By: Hyun Kwon <hyun.kwon@xilinx.com>
Message-id: 1465833014-21982-3-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoi2cbus: remove unused dev field
KONRAD Frederic [Tue, 14 Jun 2016 14:59:14 +0000 (15:59 +0100)] 
i2cbus: remove unused dev field

The dev field in i2cbus is not used.
So just drop it.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Tested-By: Hyun Kwon <hyun.kwon@xilinx.com>
Message-id: 1465833014-21982-2-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/sd: QOM'ify pl181.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:14 +0000 (15:59 +0100)] 
hw/sd: QOM'ify pl181.c

split the old SysBus init function into an instance_init
and a Device realize function

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-13-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/dma: QOM'ify pxa2xx_dma.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:14 +0000 (15:59 +0100)] 
hw/dma: QOM'ify pxa2xx_dma.c

split the old SysBus init function into an instance_init
and a Device realize function

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-12-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/misc: QOM'ify mst_fpga.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:14 +0000 (15:59 +0100)] 
hw/misc: QOM'ify mst_fpga.c

Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-11-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/misc: QOM'ify exynos4210_pmu.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:14 +0000 (15:59 +0100)] 
hw/misc: QOM'ify exynos4210_pmu.c

Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-10-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/misc: QOM'ify arm_l2x0.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:14 +0000 (15:59 +0100)] 
hw/misc: QOM'ify arm_l2x0.c

Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-9-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/gpio: QOM'ify zaurus.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:13 +0000 (15:59 +0100)] 
hw/gpio: QOM'ify zaurus.c

Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-8-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/gpio: QOM'ify pl061.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:13 +0000 (15:59 +0100)] 
hw/gpio: QOM'ify pl061.c

* Merge the pl061_initfn into pl061_init
* Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-7-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/gpio: QOM'ify omap_gpio.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:13 +0000 (15:59 +0100)] 
hw/gpio: QOM'ify omap_gpio.c

* Split the old SysBus init into an instance_init and
  DeviceClass::realize function
* Drop the SysBus init function

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-6-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/i2c: QOM'ify versatile_i2c.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:13 +0000 (15:59 +0100)] 
hw/i2c: QOM'ify versatile_i2c.c

Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-5-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/i2c: QOM'ify omap_i2c.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:13 +0000 (15:59 +0100)] 
hw/i2c: QOM'ify omap_i2c.c

* Split the omap_i2c_init into an instance_init and realize function
* Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-4-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/i2c: QOM'ify exynos4210_i2c.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:13 +0000 (15:59 +0100)] 
hw/i2c: QOM'ify exynos4210_i2c.c

* Rename the exynos4210_i2c_realize to exynos4210_i2c_init
* Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-3-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/i2c: QOM'ify bitbang_i2c.c
xiaoqiang zhao [Tue, 14 Jun 2016 14:59:13 +0000 (15:59 +0100)] 
hw/i2c: QOM'ify bitbang_i2c.c

Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com>
Message-id: 1465815255-21776-2-git-send-email-zxq_yx_007@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm/virt: create the 2.7 machine type
Andrew Jones [Tue, 14 Jun 2016 14:59:13 +0000 (15:59 +0100)] 
hw/arm/virt: create the 2.7 machine type

Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 1465746713-30414-5-git-send-email-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm/virt: introduce DEFINE_VIRT_MACHINE_AS_LATEST
Andrew Jones [Tue, 14 Jun 2016 14:59:12 +0000 (15:59 +0100)] 
hw/arm/virt: introduce DEFINE_VIRT_MACHINE_AS_LATEST

Create two variants of DEFINE_VIRT_MACHINE. One, just called
DEFINE_VIRT_MACHINE, that does not set properties that only
the latest machine type should have, and another that does.
This will hopefully reduce potential for errors when adding
new versions.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 1465746713-30414-4-git-send-email-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm/virt: introduce DEFINE_VIRT_MACHINE
Andrew Jones [Tue, 14 Jun 2016 14:59:12 +0000 (15:59 +0100)] 
hw/arm/virt: introduce DEFINE_VIRT_MACHINE

Use DEFINE_VIRT_MACHINE to generate versioned machine type info.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1465746713-30414-3-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm/virt: separate versioned type-init code
Andrew Jones [Tue, 14 Jun 2016 14:59:12 +0000 (15:59 +0100)] 
hw/arm/virt: separate versioned type-init code

Rename machvirt_info (which is specifically for 2.6 TypeInfo)
to machvirt_2_6_info, and separate the type registration of the
abstract machine type from the versioned type.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1465746713-30414-2-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Fix reset and migration of TTBCR(S)
Peter Maydell [Tue, 14 Jun 2016 14:59:12 +0000 (15:59 +0100)] 
target-arm: Fix reset and migration of TTBCR(S)

Commit 6459b94c26dd666badb3 broke reset and migration of the AArch32
TTBCR(S) register if the guest used non-LPAE page tables. This is
because the AArch32 TTBCR register definition is marked as ARM_CP_ALIAS,
meaning that the AArch64 variant has to handle migration and reset.
Although AArch64 TCR_EL3 doesn't need to care about the mask and
base_mask fields, AArch32 may do so, and so we must use the special
TTBCR reset and raw write functions to ensure they are set correctly.

This doesn't affect TCR_EL2, because the AArch32 equivalent of that
is HTCR, which never uses the non-LPAE page table variant.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Pranith Kumar <bobby.prani+qemu@gmail.com>
Reviewed-by: Sergey Fedorov <sergey.fedorov@linaro.org>
Message-id: 1465488181-31977-1-git-send-email-peter.maydell@linaro.org

4 years agohw/arm/virt-acpi-build: Add PMU IRQ number in ACPI table
Shannon Zhao [Tue, 14 Jun 2016 14:59:12 +0000 (15:59 +0100)] 
hw/arm/virt-acpi-build: Add PMU IRQ number in ACPI table

Add PMU IRQ number in ACPI table, then we can use PMU in guest through
ACPI.

Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 1465267577-1808-4-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm/virt: Add PMU node for virt machine
Shannon Zhao [Tue, 14 Jun 2016 14:59:12 +0000 (15:59 +0100)] 
hw/arm/virt: Add PMU node for virt machine

Add a virtual PMU device for virt machine while use PPI 7 for PMU
overflow interrupt number.

Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 1465267577-1808-3-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: kvm64: set guest PMUv3 feature bit if supported
Shannon Zhao [Tue, 14 Jun 2016 14:59:12 +0000 (15:59 +0100)] 
target-arm: kvm64: set guest PMUv3 feature bit if supported

Check if kvm supports guest PMUv3. If so, set the corresponding feature
bit for vcpu.

Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 1465267577-1808-2-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoxen: Clean up includes
Peter Maydell [Tue, 24 May 2016 15:27:18 +0000 (16:27 +0100)] 
xen: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
4 years agoqdev_try_create(): Assert that devices we put onto the system bus are SysBusDevices
Peter Maydell [Tue, 10 May 2016 10:30:42 +0000 (11:30 +0100)] 
qdev_try_create(): Assert that devices we put onto the system bus are SysBusDevices

If qdev_try_create() is passed NULL for the bus, it will automatically
put the newly created device onto the default system bus. However
if the device is not actually a SysBusDevice then this will result
in later crashes (for instance when running the monitor "info qtree"
command) because code reasonably assumes that all devices on the system
bus are system bus devices.

Generally the mistake is that the calling code should create the
object with object_new(TYPE_FOO) rather than qdev_create(NULL, TYPE_FOO);
see commit 6749695eaaf346c1 for an example of fixing this bug.

Assert in qdev_try_create() if the device isn't suitable to put on
the system bus, so that this mistake results in failure earlier
and more reliably.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/cohuck/tags/s390x-20160614' into staging
Peter Maydell [Tue, 14 Jun 2016 12:14:55 +0000 (13:14 +0100)] 
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20160614' into staging

More s390x patches, this time mostly dealing with channel I/O:
Bugfixes and cleanups, and dequeue pending interrupts after
machine checks.

# gpg: Signature made Tue 14 Jun 2016 13:09:43 BST
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20160614:
  s390x/kvm: Fixup interrupt type for non-adapter I/O interrupts
  s390x: Limit s390-ccw machines to 248 CPUs
  virtio-ccw: Provide traces for indicator changes
  s390x/css: introduce property type for device ids
  s390x/css: clear IO irqs when generating IPI CRW
  s390x/kvm: add interface for clearing IO irqs
  linux-headers: update

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agos390x/kvm: Fixup interrupt type for non-adapter I/O interrupts
Christian Borntraeger [Mon, 6 Jun 2016 14:57:50 +0000 (16:57 +0200)] 
s390x/kvm: Fixup interrupt type for non-adapter I/O interrupts

The current algorithm for I/O interrupts would result in a wrong
interrupt type for subchannel numbers fffe and ffff. In addition
a non adapter interrupt might look like an adapter interrupt for
any subchannel number that has the 0x0400 bit set.

No kernel has ever used the type outside logging - and the logging
was wrong all the time. For everything else the kernel used the
interrupt parameters.

Let's use the KVM_S390_INT_IO macro as for adapter interrupts.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
4 years agos390x: Limit s390-ccw machines to 248 CPUs
Christian Borntraeger [Thu, 2 Jun 2016 12:06:10 +0000 (14:06 +0200)] 
s390x: Limit s390-ccw machines to 248 CPUs

The sclp scp read info call fills in a buffer with information about the
system. With more than 248 CPUs we overflow the 4k buffer of the SCCB,
leading to random data corruption. Basically ALL guest operating systems
call scp read info, so let's limit the machines to 248 CPUs to make it
obvious that >=249 does not work.

As KVM also limits itself to 248 and TCG on s390 does not support
SMP, this should cause no regression for any user as no VMs with more
than 248 VCPUs were ever possible.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
4 years agovirtio-ccw: Provide traces for indicator changes
Christian Borntraeger [Thu, 2 Jun 2016 08:57:37 +0000 (10:57 +0200)] 
virtio-ccw: Provide traces for indicator changes

This allows to trace changes in the summary and queue indicators
for the non-irqfd case. For irqfd, kernel traces are needed instead.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
4 years agos390x/css: introduce property type for device ids
Cornelia Huck [Fri, 1 Apr 2016 11:42:04 +0000 (13:42 +0200)] 
s390x/css: introduce property type for device ids

Let's introduce a CssDevId to handle device ids of the xx.x.xxxx
type used for channel devices. This has some benefits:

- We can use them in virtio-ccw and split the validity checks for
  a channel device id in general from the constraint checking
  within the virtio-ccw scope.
- We can reuse the device id type for future non-virtio channel
  devices.

While we're at it, improve the validity checks and disallow e.g.
trailing characters.

Suggested-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Acked-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
4 years agos390x/css: clear IO irqs when generating IPI CRW
Halil Pasic [Wed, 27 Jan 2016 12:24:17 +0000 (13:24 +0100)] 
s390x/css: clear IO irqs when generating IPI CRW

According to the Principles of Operation (more precisely the subsection
'Channel-Report Word'), a subchannel put into the installed parameters
initialized state is in the same state as after an I/O system reset (just
parameters possibly changed). This implies that any I/O interrupts for that
subchannel are no longer pending (as I/O system resets clear I/O
interrupts). Therefore, we need an interface to clear pending I/O
interrupts. Make css_generate_sch_crws clear the pending IO interrupts for
the subchannel.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
4 years agos390x/kvm: add interface for clearing IO irqs
Halil Pasic [Wed, 27 Jan 2016 12:03:44 +0000 (13:03 +0100)] 
s390x/kvm: add interface for clearing IO irqs

According to the platform specification, under certain conditions,
pending IO interruptions have to be cleared. Let's add an interface
for that.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
4 years agolinux-headers: update
Cornelia Huck [Tue, 7 Jun 2016 13:11:44 +0000 (15:11 +0200)] 
linux-headers: update

Update to 4.7-rc2.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
4 years agoMerge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160614' into staging
Peter Maydell [Tue, 14 Jun 2016 08:30:05 +0000 (09:30 +0100)] 
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160614' into staging

ppc patch queue for 2016-06-14

Latest patch queue for ppc.
    * Allow qemu to support a generic architecture 2.07 (POWER8-era)
      compatibility mode.  This is useful for guests which are POWER8
      aware, but don't know about the specific POWER8 variant that
      qemu (and/or KVM) is emulating. (Thomas Huth)
    * Fix a bug where macio wasn't removing DMA mappings (Mark Cave-Ayland)
    * Add a workaround for Linux guest's miscalculation of maximum
      memory address (including hotplugged memory), which could break
      when hotplug memory was combined with VFIO.  The previous
      approach was technically correct by spec, but differed from
      PowerVM's behaviour enough to trip a guest kernel bug.  This
      works around the bug, while remaining correct-to-spec. (Bharata Rao)

# gpg: Signature made Tue 14 Jun 2016 06:53:58 BST
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.7-20160614:
  spapr: Ensure all LMBs are represented in ibm,dynamic-memory
  macio: call dma_memory_unmap() at the end of each DMA transfer
  Add PowerPC AT_HWCAP2 definitions
  ppc: Add PowerISA 2.07 compatibility mode
  ppc: Improve PCR bit selection in ppc_set_compat()
  ppc: Provide function to get CPU class of the host CPU
  ppc: Split pcr_mask settings into supported bits and the register mask
  ppc/spapr: Refactor h_client_architecture_support() CPU parsing code

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agospapr: Ensure all LMBs are represented in ibm,dynamic-memory
Bharata B Rao [Fri, 10 Jun 2016 05:14:48 +0000 (10:44 +0530)] 
spapr: Ensure all LMBs are represented in ibm,dynamic-memory

Memory hotplug can fail for some combinations of RAM and maxmem when
DDW is enabled in the presence of devices like nec-usb-xhci. DDW depends
on maximum addressable memory returned by guest and this value is currently
being calculated wrongly by the guest kernel routine memory_hotplug_max().
While there is an attempt to fix the guest kernel, this patch works
around the problem within QEMU itself.

memory_hotplug_max() routine in the guest kernel arrives at max
addressable memory by multiplying lmb-size with the lmb-count obtained
from ibm,dynamic-memory property. There are two assumptions here:

- All LMBs are part of ibm,dynamic memory: This is not true for PowerKVM
  where only hot-pluggable LMBs are present in this property.
- The memory area comprising of RAM and hotplug region is contiguous: This
  needn't be true always for PowerKVM as there can be gap between
  boot time RAM and hotplug region.

To work around this guest kernel bug, ensure that ibm,dynamic-memory
has information about all the LMBs (RMA, boot-time LMBs, future
hotpluggable LMBs, and dummy LMBs to cover the gap between RAM and
hotpluggable region).

RMA is represented separately by memory@0 node. Hence mark RMA LMBs
and also the LMBs for the gap b/n RAM and hotpluggable region as
reserved and as having no valid DRC so that these LMBs are not considered
by the guest.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
4 years agomacio: call dma_memory_unmap() at the end of each DMA transfer
Mark Cave-Ayland [Fri, 10 Jun 2016 18:26:37 +0000 (19:26 +0100)] 
macio: call dma_memory_unmap() at the end of each DMA transfer

This ensures that the underlying memory is marked dirty once the transfer
is complete and resolves cache coherency problems under MacOS 9.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
4 years agoAdd PowerPC AT_HWCAP2 definitions
Anton Blanchard [Tue, 7 Jun 2016 12:28:42 +0000 (22:28 +1000)] 
Add PowerPC AT_HWCAP2 definitions

We need the PPC_FEATURE2_HAS_HTM bit in a subsequent patch, so
add the PowerPC AT_HWCAP2 definitions.

Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
4 years agoppc: Add PowerISA 2.07 compatibility mode
Thomas Huth [Tue, 7 Jun 2016 15:39:40 +0000 (17:39 +0200)] 
ppc: Add PowerISA 2.07 compatibility mode

Make sure that guests can use the PowerISA 2.07 CPU sPAPR
compatibility mode when they request it and the target CPU
supports it.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
4 years agoppc: Improve PCR bit selection in ppc_set_compat()
Thomas Huth [Tue, 7 Jun 2016 15:39:39 +0000 (17:39 +0200)] 
ppc: Improve PCR bit selection in ppc_set_compat()

When using an olderr PowerISA level, all the upper compatibility
bits have to be enabled, too. For example when we want to run
something in PowerISA 2.05 compatibility mode on POWER8, the bit
for 2.06 has to be set beside the bit for 2.05.
Additionally, to make sure that we do not set bits that are not
supported by the host, we apply a mask with the known-to-be-good
bits here, too.

Signed-off-by: Thomas Huth <thuth@redhat.com>
[dwg: Added some #ifs to fix compile on 32-bit targets]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
4 years agoppc: Provide function to get CPU class of the host CPU
Thomas Huth [Tue, 7 Jun 2016 15:39:38 +0000 (17:39 +0200)] 
ppc: Provide function to get CPU class of the host CPU

When running with KVM, we might be interested in some details
of the host CPU class, too, so provide a function to get the
corresponding CPU class.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
4 years agoppc: Split pcr_mask settings into supported bits and the register mask
Thomas Huth [Tue, 7 Jun 2016 15:39:37 +0000 (17:39 +0200)] 
ppc: Split pcr_mask settings into supported bits and the register mask

The current pcr_mask values are ambiguous: Should these be the mask
that defines valid bits in the PCR register? Or should these rather
indicate which compatibility levels are possible? Anyway, POWER6 and
POWER7 should certainly not use the same values here. So let's
introduce an additional variable "pcr_supported" here which is
used to indicate the valid compatibility levels, and use pcr_mask
to signal the valid bits in the PCR register.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
4 years agoppc/spapr: Refactor h_client_architecture_support() CPU parsing code
Thomas Huth [Tue, 7 Jun 2016 15:39:36 +0000 (17:39 +0200)] 
ppc/spapr: Refactor h_client_architecture_support() CPU parsing code

The h_client_architecture_support() function has become quite big
and nested already. So factor out the code that takes care of the
sPAPR compatibility PVRs (which will be modified by the following
patches).

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
4 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160613-1' into staging
Peter Maydell [Mon, 13 Jun 2016 14:15:03 +0000 (15:15 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160613-1' into staging

usb: misc fixes.

# gpg: Signature made Mon 13 Jun 2016 14:09:15 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-usb-20160613-1:
  vl: Eliminate usb_enabled()
  pxa2xx: Unconditionally enable USB controller
  hw/usb/dev-network.c: Use ldl_le_p() and stl_le_p()
  usb-host: add special case for bus+addr

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoxen/blkif: avoid double access to any shared ring request fields
Jan Beulich [Mon, 23 May 2016 06:44:57 +0000 (00:44 -0600)] 
xen/blkif: avoid double access to any shared ring request fields

Commit f9e98e5d7a ("xen/blkif: Avoid double access to
src->nr_segments") didn't go far enough: src->operation is also being
used twice. And nothing was done to prevent the compiler from using the
source side of the copy done by blk_get_request() (granted that's very
unlikely).

Move the barrier()s up, and add another one to blk_get_request().

Note that for completing XSA-155, the barrier() getting added to
blk_get_request() would suffice, and hence the changes to xen_blkif.h
are more like just cleanup. And since, as said, the unpatched code
getting compiled to something vulnerable is very unlikely (and not
observed in practice), this isn't being viewed as a new security issue.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
4 years agoMerge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-2016-06-13-v1' into...
Peter Maydell [Mon, 13 Jun 2016 12:05:02 +0000 (13:05 +0100)] 
Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-2016-06-13-v1' into staging

Merge qcrypto-next 2016/06/13 v1

# gpg: Signature made Mon 13 Jun 2016 12:43:22 BST
# gpg:                using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/qcrypto-next-2016-06-13-v1:
  crypto: aes: always rename internal symbols
  crypto: assert that qcrypto_hash_digest_len is in range
  crypto: remove temp files on completion of secrets test
  TLS: provide slightly more information when TLS certificate loading fails

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agocrypto: aes: always rename internal symbols
Mike Frysinger [Mon, 6 Jun 2016 22:05:35 +0000 (18:05 -0400)] 
crypto: aes: always rename internal symbols

OpenSSL's libcrypto always defines AES symbols with the same names as
qemu's local aes code.  This is problematic when enabling at least curl
as that frequently also uses libcrypto.  It might not be noticed when
running, but if you try to statically link, everything falls down.

An example snippet:
  LINK  qemu-nbd
.../libcrypto.a(aes-x86_64.o): In function 'AES_encrypt':
(.text+0x460): multiple definition of 'AES_encrypt'
crypto/aes.o:aes.c:(.text+0x670): first defined here
.../libcrypto.a(aes-x86_64.o): In function 'AES_decrypt':
(.text+0x9f0): multiple definition of 'AES_decrypt'
crypto/aes.o:aes.c:(.text+0xb30): first defined here
.../libcrypto.a(aes-x86_64.o): In function 'AES_cbc_encrypt':
(.text+0xf90): multiple definition of 'AES_cbc_encrypt'
crypto/aes.o:aes.c:(.text+0xff0): first defined here
collect2: error: ld returned 1 exit status
.../qemu-2.6.0/rules.mak:105: recipe for target 'qemu-nbd' failed
make: *** [qemu-nbd] Error 1

The aes.h header has redefines already for FreeBSD, but go ahead and
enable that for everyone since there's no real good reason to not use
a namespace all the time.

Signed-off-by: Mike Frysinger <vapier@chromium.org>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
4 years agocrypto: assert that qcrypto_hash_digest_len is in range
Paolo Bonzini [Fri, 20 May 2016 09:09:54 +0000 (11:09 +0200)] 
crypto: assert that qcrypto_hash_digest_len is in range

Otherwise unintended results could happen.  For example,
Coverity reports a division by zero in qcrypto_afsplit_hash.
While this cannot really happen, it shows that the contract
of qcrypto_hash_digest_len can be improved.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
4 years agocrypto: remove temp files on completion of secrets test
Daniel P. Berrange [Tue, 26 Apr 2016 09:59:09 +0000 (10:59 +0100)] 
crypto: remove temp files on completion of secrets test

The secret object tests left some temporary files on disk
when completing. Ensure they are unlink, and rename them
to make it more obvious where they come from.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
4 years agoTLS: provide slightly more information when TLS certificate loading fails
Alex Bligh [Tue, 5 Apr 2016 19:33:48 +0000 (20:33 +0100)] 
TLS: provide slightly more information when TLS certificate loading fails

Give slightly more information when certification loading fails.
Rather than have no information, you now get gnutls's only slightly
less unhelpful error messages.

Signed-off-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
4 years agovl: Eliminate usb_enabled()
Eduardo Habkost [Wed, 8 Jun 2016 20:50:25 +0000 (17:50 -0300)] 
vl: Eliminate usb_enabled()

This wrapper for machine_usb(current_machine) is not necessary,
replace all usages of usb_enabled() with machine_usb().

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: qemu-arm@nongnu.org
Cc: qemu-ppc@nongnu.org
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1465419025-21519-3-git-send-email-ehabkost@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 years agopxa2xx: Unconditionally enable USB controller
Eduardo Habkost [Wed, 8 Jun 2016 20:50:24 +0000 (17:50 -0300)] 
pxa2xx: Unconditionally enable USB controller

Simplify initialization logic by removing the usb_enabled()
check. The USB controller is part of the SoC, so it doesn't make
sense to create a system where it is not present.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: qemu-arm@nongnu.org,
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1465419025-21519-2-git-send-email-ehabkost@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 years agohw/usb/dev-network.c: Use ldl_le_p() and stl_le_p()
Peter Maydell [Fri, 10 Jun 2016 15:37:57 +0000 (16:37 +0100)] 
hw/usb/dev-network.c: Use ldl_le_p() and stl_le_p()

Use stl_le_p() and ldl_le_p() to read and write data from
buffers, rather than using pointer casts and cpu_to_le32()
for writes and le32_to_cpup() for reads. This:
 * avoids lots of casts
 * works even if the buffer isn't as aligned as the host would like
 * avoids using the *_to_cpup() functions which we want to get rid of

Note that there may still be some places where a pointer from the
guest is cast to a pointer to a host structure; these would also
have to be changed for the device to work on a host CPU which
enforces alignment restrictions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1465573077-29221-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/sstabellini/tags/xen-20160613-tag' into staging
Peter Maydell [Mon, 13 Jun 2016 11:18:17 +0000 (12:18 +0100)] 
Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20160613-tag' into staging

Xen 2016/06/13

# gpg: Signature made Mon 13 Jun 2016 11:53:18 BST
# gpg:                using RSA key 0x894F8F4870E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"
# Primary key fingerprint: D04E 33AB A51F 67BA 07D3  0AEA 894F 8F48 70E1 AE90

* remotes/sstabellini/tags/xen-20160613-tag:
  Introduce "xen-load-devices-state"
  exec: Fix qemu_ram_block_from_host for Xen

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agousb-host: add special case for bus+addr
Gerd Hoffmann [Fri, 3 Jun 2016 09:12:55 +0000 (11:12 +0200)] 
usb-host: add special case for bus+addr

This patch changes usb-host behavior in case we hostbus= and hostaddr=
properties are used to identify the usb device in question.  Instead of
adding the device to the hotplug watchlist we try to open directly using
the given bus number and device address.

Putting a device specified by hostaddr to the hotplug watchlist isn't
a great idea as the address isn't a fixed property.  It changes every
time the device is plugged in.  So considering this case as "use the
device at bus:addr _now_" is more sane.  Also usb-host will throw errors
in case it can't initialize the host device.

Note: For devices on the hotplug watchlist (hostport or vendorid or
productid specified) qemu continues to ignore errors and keeps
monitoring the usb bus to see if the device eventually shows up.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464945175-28939-1-git-send-email-kraxel@redhat.com

4 years agoIntroduce "xen-load-devices-state"
Wen Congyang [Fri, 3 Jun 2016 09:58:34 +0000 (17:58 +0800)] 
Introduce "xen-load-devices-state"

Introduce a "xen-load-devices-state" QAPI command that can be used to
load the state of all devices, but not the RAM or the block devices of
the VM.

We only have hmp commands savevm/loadvm, and qmp commands
xen-save-devices-state.

We use this new command for COLO:
1. suspend both primary vm and secondary vm
2. sync the state
3. resume both primary vm and secondary vm

In such case, we need to update all devices' state in any time.

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
4 years agoexec: Fix qemu_ram_block_from_host for Xen
Anthony PERARD [Thu, 9 Jun 2016 15:56:17 +0000 (16:56 +0100)] 
exec: Fix qemu_ram_block_from_host for Xen

Since f615f39 (exec: remove ram_addr argument from
qemu_ram_block_from_host), migration under Xen is likely to fail, with a
SEGV of QEMU. But the commit only reveal a bug with the calculation of
the offset value in qemu_ram_block_from_host().

This patch calculates the offset from the ram_addr as
qemu_ram_addr_from_host() will later calculate the ram_addr from the
offset.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
4 years agoMerge remote-tracking branch 'remotes/rth/tags/pull-tcg-20160611' into staging
Peter Maydell [Mon, 13 Jun 2016 09:12:44 +0000 (10:12 +0100)] 
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20160611' into staging

TB hashing improvements

# gpg: Signature made Sun 12 Jun 2016 01:12:50 BST
# gpg:                using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC  16A4 AD12 70CC 4DD0 279B

* remotes/rth/tags/pull-tcg-20160611:
  translate-all: add tb hash bucket info to 'info jit' dump
  tb hash: track translated blocks with qht
  qht: add test-qht-par to invoke qht-bench from 'check' target
  qht: add qht-bench, a performance benchmark
  qht: add test program
  qht: QEMU's fast, resizable and scalable Hash Table
  qdist: add test program
  qdist: add module to represent frequency distributions of data
  tb hash: hash phys_pc, pc, and flags with xxhash
  exec: add tb_hash_func5, derived from xxhash
  qemu-thread: add simple test-and-set spinlock
  include/processor.h: define cpu_relax()
  seqlock: rename write_lock/unlock to write_begin/end
  seqlock: remove optional mutex
  compiler.h: add QEMU_ALIGNED() to enforce struct alignment

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotranslate-all: add tb hash bucket info to 'info jit' dump
Emilio G. Cota [Wed, 8 Jun 2016 18:55:33 +0000 (14:55 -0400)] 
translate-all: add tb hash bucket info to 'info jit' dump

Examples:

- Good hashing, i.e. tb_hash_func5(phys_pc, pc, flags):
TB count            715135/2684354
[...]
TB hash buckets     388775/524288 (74.15% head buckets used)
TB hash occupancy   33.04% avg chain occ. Histogram: [0,10)%|▆ █  ▅▁▃▁▁|[90,100]%
TB hash avg chain   1.017 buckets. Histogram: 1|█▁▁|3

- Not-so-good hashing, i.e. tb_hash_func5(phys_pc, pc, 0):
TB count            712636/2684354
[...]
TB hash buckets     344924/524288 (65.79% head buckets used)
TB hash occupancy   31.64% avg chain occ. Histogram: [0,10)%|█ ▆  ▅▁▃▁▂|[90,100]%
TB hash avg chain   1.047 buckets. Histogram: 1|█▁▁▁|4

- Bad hashing, i.e. tb_hash_func5(phys_pc, 0, 0):
TB count            702818/2684354
[...]
TB hash buckets     112741/524288 (21.50% head buckets used)
TB hash occupancy   10.15% avg chain occ. Histogram: [0,10)%|█ ▁  ▁▁▁▁▁|[90,100]%
TB hash avg chain   2.107 buckets. Histogram: [1.0,10.2)|█▁▁▁▁▁▁▁▁▁|[83.8,93.0]

- Good hashing, but no auto-resize:
TB count            715634/2684354
TB hash buckets     8192/8192 (100.00% head buckets used)
TB hash occupancy   98.30% avg chain occ. Histogram: [95.3,95.8)%|▁▁▃▄▃▄▁▇▁█|[99.5,100.0]%
TB hash avg chain   22.070 buckets. Histogram: [15.0,16.7)|▁▂▅▄█▅▁▁▁▁|[30.3,32.0]

Acked-by: Sergey Fedorov <sergey.fedorov@linaro.org>
Suggested-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1465412133-3029-16-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotb hash: track translated blocks with qht
Emilio G. Cota [Wed, 8 Jun 2016 18:55:32 +0000 (14:55 -0400)] 
tb hash: track translated blocks with qht

Having a fixed-size hash table for keeping track of all translation blocks
is suboptimal: some workloads are just too big or too small to get maximum
performance from the hash table. The MRU promotion policy helps improve
performance when the hash table is a little undersized, but it cannot
make up for severely undersized hash tables.

Furthermore, frequent MRU promotions result in writes that are a scalability
bottleneck. For scalability, lookups should only perform reads, not writes.
This is not a big deal for now, but it will become one once MTTCG matures.

The appended fixes these issues by using qht as the implementation of
the TB hash table. This solution is superior to other alternatives considered,
namely:

- master: implementation in QEMU before this patchset
- xxhash: before this patch, i.e. fixed buckets + xxhash hashing + MRU.
- xxhash-rcu: fixed buckets + xxhash + RCU list + MRU.
              MRU is implemented here by adding an intermediate struct
              that contains the u32 hash and a pointer to the TB; this
              allows us, on an MRU promotion, to copy said struct (that is not
              at the head), and put this new copy at the head. After a grace
              period, the original non-head struct can be eliminated, and
              after another grace period, freed.
- qht-fixed-nomru: fixed buckets + xxhash + qht without auto-resize +
                   no MRU for lookups; MRU for inserts.
The appended solution is the following:
- qht-dyn-nomru: dynamic number of buckets + xxhash + qht w/ auto-resize +
                 no MRU for lookups; MRU for inserts.

The plots below compare the considered solutions. The Y axis shows the
boot time (in seconds) of a debian jessie image with arm-softmmu; the X axis
sweeps the number of buckets (or initial number of buckets for qht-autoresize).
The plots in PNG format (and with errorbars) can be seen here:
  http://imgur.com/a/Awgnq

Each test runs 5 times, and the entire QEMU process is pinned to a
single core for repeatability of results.

                            Host: Intel Xeon E5-2690

  28 ++------------+-------------+-------------+-------------+------------++
     A*****        +             +             +             master **A*** +
  27 ++    *                                                 xxhash ##B###++
     |      A******A******                               xxhash-rcu $$C$$$ |
  26 C$$                  A******A******            qht-fixed-nomru*%%D%%%++
     D%%$$                              A******A******A*qht-dyn-mru A*E****A
  25 ++ %%$$                                          qht-dyn-nomru &&F&&&++
     B#####%                                                               |
  24 ++    #C$$$$$                                                        ++
     |      B###  $                                                        |
     |          ## C$$$$$$                                                 |
  23 ++           #       C$$$$$$                                         ++
     |             B######       C$$$$$$                                %%%D
  22 ++                  %B######       C$$$$$$C$$$$$$C$$$$$$C$$$$$$C$$$$$$C
     |                    D%%%%%%B######      @E@@@@@@    %%%D%%%@@@E@@@@@@E
  21 E@@@@@@E@@@@@@F&&&@@@E@@@&&&D%%%%%%B######B######B######B######B######B
     +             E@@@   F&&&   +      E@     +      F&&&   +             +
  20 ++------------+-------------+-------------+-------------+------------++
     14            16            18            20            22            24
                             log2 number of buckets

                                 Host: Intel i7-4790K

  14.5 ++------------+------------+-------------+------------+------------++
       A**           +            +             +            master **A*** +
    14 ++ **                                                 xxhash ##B###++
  13.5 ++   **                                           xxhash-rcu $$C$$$++
       |                                            qht-fixed-nomru %%D%%% |
    13 ++     A******                                   qht-dyn-mru @@E@@@++
       |             A*****A******A******             qht-dyn-nomru &&F&&& |
  12.5 C$$                               A******A******A*****A******    ***A
    12 ++ $$                                                        A***  ++
       D%%% $$                                                             |
  11.5 ++  %%                                                             ++
       B###  %C$$$$$$                                                      |
    11 ++  ## D%%%%% C$$$$$                                               ++
       |     #      %      C$$$$$$                                         |
  10.5 F&&&&&&B######D%%%%%       C$$$$$$C$$$$$$C$$$$$$C$$$$$C$$$$$$    $$$C
    10 E@@@@@@E@@@@@@B#####B######B######E@@@@@@E@@@%%%D%%%%%D%%%###B######B
       +             F&&          D%%%%%%B######B######B#####B###@@@D%%%   +
   9.5 ++------------+------------+-------------+------------+------------++
       14            16           18            20           22            24
                              log2 number of buckets

Note that the original point before this patch series is X=15 for "master";
the little sensitivity to the increased number of buckets is due to the
poor hashing function in master.

xxhash-rcu has significant overhead due to the constant churn of allocating
and deallocating intermediate structs for implementing MRU. An alternative
would be do consider failed lookups as "maybe not there", and then
acquire the external lock (tb_lock in this case) to really confirm that
there was indeed a failed lookup. This, however, would not be enough
to implement dynamic resizing--this is more complex: see
"Resizable, Scalable, Concurrent Hash Tables via Relativistic
Programming" by Triplett, McKenney and Walpole. This solution was
discarded due to the very coarse RCU read critical sections that we have
in MTTCG; resizing requires waiting for readers after every pointer update,
and resizes require many pointer updates, so this would quickly become
prohibitive.

qht-fixed-nomru shows that MRU promotion is advisable for undersized
hash tables.

However, qht-dyn-mru shows that MRU promotion is not important if the
hash table is properly sized: there is virtually no difference in
performance between qht-dyn-nomru and qht-dyn-mru.

Before this patch, we're at X=15 on "xxhash"; after this patch, we're at
X=15 @ qht-dyn-nomru. This patch thus matches the best performance that we
can achieve with optimum sizing of the hash table, while keeping the hash
table scalable for readers.

The improvement we get before and after this patch for booting debian jessie
with arm-softmmu is:

- Intel Xeon E5-2690: 10.5% less time
- Intel i7-4790K: 5.2% less time

We could get this same improvement _for this particular workload_ by
statically increasing the size of the hash table. But this would hurt
workloads that do not need a large hash table. The dynamic (upward)
resizing allows us to start small and enlarge the hash table as needed.

A quick note on downsizing: the table is resized back to 2**15 buckets
on every tb_flush; this makes sense because it is not guaranteed that the
table will reach the same number of TBs later on (e.g. most bootup code is
thrown away after boot); it makes sense to grow the hash table as
more code blocks are translated. This also avoids the complication of
having to build downsizing hysteresis logic into qht.

Reviewed-by: Sergey Fedorov <serge.fedorov@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1465412133-3029-15-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>