qemu.git
6 months agoppc: add host-serial and host-model machine attributes (CVE-2019-8934)
Prasad J Pandit [Mon, 18 Feb 2019 18:13:49 +0000 (23:43 +0530)] 
ppc: add host-serial and host-model machine attributes (CVE-2019-8934)

On ppc hosts, hypervisor shares following system attributes

  - /proc/device-tree/system-id
  - /proc/device-tree/model

with a guest. This could lead to information leakage and misuse.[*]
Add machine attributes to control such system information exposure
to a guest.

[*] https://wiki.openstack.org/wiki/OSSN/OSSN-0028

Reported-by: Daniel P. Berrangé <berrange@redhat.com>
Fix-suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20190218181349.23885-1-ppandit@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agotarget/ppc: Add support for LPCR:HEIC on POWER9
Benjamin Herrenschmidt [Fri, 15 Feb 2019 16:16:48 +0000 (17:16 +0100)] 
target/ppc: Add support for LPCR:HEIC on POWER9

This controls whether the External Interrupt (0x500) can be
delivered to the hypervisor or not.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20190215161648.9600-11-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agotarget/ppc: Add POWER9 external interrupt model
Benjamin Herrenschmidt [Fri, 15 Feb 2019 16:16:47 +0000 (17:16 +0100)] 
target/ppc: Add POWER9 external interrupt model

Adds support for the Hypervisor directed interrupts in addition to the
OS ones.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[clg: - modified the icp_realize() and xive_tctx_realize() to take
        into account explicitely the POWER9 interrupt model
      - introduced a specific power9_set_irq for POWER9 ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20190215161648.9600-10-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agotarget/ppc: Add Hypervisor Virtualization Interrupt on POWER9
Benjamin Herrenschmidt [Fri, 15 Feb 2019 16:16:46 +0000 (17:16 +0100)] 
target/ppc: Add Hypervisor Virtualization Interrupt on POWER9

This adds support for delivering that exception

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20190215161648.9600-9-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agotarget/ppc: Detect erroneous condition in interrupt delivery
Benjamin Herrenschmidt [Fri, 15 Feb 2019 16:16:45 +0000 (17:16 +0100)] 
target/ppc: Detect erroneous condition in interrupt delivery

It's very easy for the CPU specific has_work() implementation
and the logic in ppc_hw_interrupt() to be subtly out of sync.

This can occasionally allow a CPU to wakeup from a PM state
and resume executing past the PM instruction when it should
resume at the 0x100 vector.

This detects if it happens and aborts, making it a lot easier
to catch such bugs when testing rather than chasing obscure
guest misbehaviour.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20190215161648.9600-8-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agotarget/ppc: Add POWER9 exception model
Benjamin Herrenschmidt [Fri, 15 Feb 2019 16:16:44 +0000 (17:16 +0100)] 
target/ppc: Add POWER9 exception model

And use it to get the correct HILE bit in HID0

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20190215161648.9600-7-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agotarget/ppc: Rename "in_pm_state" to "resume_as_sreset"
Benjamin Herrenschmidt [Fri, 15 Feb 2019 16:16:43 +0000 (17:16 +0100)] 
target/ppc: Rename "in_pm_state" to "resume_as_sreset"

To better reflect what this does, as it's specific to some of the
P7/P8/P9 PM states, not generic.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20190215161648.9600-6-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agotarget/ppc: Move "wakeup reset" code to a separate function
Benjamin Herrenschmidt [Fri, 15 Feb 2019 16:16:42 +0000 (17:16 +0100)] 
target/ppc: Move "wakeup reset" code to a separate function

This moves the code to handle waking up from the 0x100 vector
from powerpc_excp() to a separate function, as the former is
already way too big as it is.

No functional change.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20190215161648.9600-5-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agotarget/ppc: Fix support for "STOP light" states on POWER9
Benjamin Herrenschmidt [Fri, 15 Feb 2019 16:16:41 +0000 (17:16 +0100)] 
target/ppc: Fix support for "STOP light" states on POWER9

STOP must act differently based on PSSCR:EC on POWER9. When set, it
acts like the P7/P8 power management instructions and wake up at 0x100
based on the wakeup conditions in LPCR.

When PSSCR:EC is clear however it will wakeup at the next instruction
after STOP (if EE is clear) or take the corresponding interrupts (if
EE is set).

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20190215161648.9600-4-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agotarget/ppc: Don't clobber MSR:EE on PM instructions
Benjamin Herrenschmidt [Fri, 15 Feb 2019 16:16:40 +0000 (17:16 +0100)] 
target/ppc: Don't clobber MSR:EE on PM instructions

When issuing a power management instruction, we set MSR:EE
to force ppc_hw_interrupt() into calling powerpc_excp()
to deal with the fact that on P7 and P8, the system reset
caused by the wakeup needs to be generated regardless of
the MSR:EE value (using LPCR only).

This however means that the OS will see a bogus SRR1:EE
value which is a problem. It also prevents properly
implementing P9 STOP "light".

So fix this by instead putting some logic in ppc_hw_interrupt()
to decide whether to deliver or not by taking into account the
fact that we are waking up from sleep.

The LPCR isn't checked as this is done in the has_work() test.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20190215161648.9600-3-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agotarget/ppc: Fix nip on power management instructions
Benjamin Herrenschmidt [Fri, 15 Feb 2019 16:16:39 +0000 (17:16 +0100)] 
target/ppc: Fix nip on power management instructions

Those instructions currently raise an exception from within
the helper. This tends to result in a bogus nip value in
the env context (typically the beginning of the TB). Such
a helper needs a gen_update_nip() first.

This fixes it with a different approach which is to throw the
exception from translate.c instead of the helper using
gen_exception_nip() which does the right thing. Exception
EXCP_HLT is also used instead of POWERPC_EXCP_STOP to effectively
exit from the CPU execution loop.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[clg : modified the commit log to comment the use of EXCP_HLT instead
       of POWERPC_EXCP_STOP]
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20190215161648.9600-2-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
6 months agoMerge remote-tracking branch 'remotes/stsquad/tags/pull-testing-next-220219-1' into...
Peter Maydell [Mon, 25 Feb 2019 14:04:20 +0000 (14:04 +0000)] 
Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-next-220219-1' into staging

Various testing fixes:

  - Travis updates (inc disable isapc cdrom test)
  - Add gitlab control
  - Fix docker image
  - keep softloat tests short

# gpg: Signature made Fri 22 Feb 2019 09:51:36 GMT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-testing-next-220219-1:
  tests/cdrom-test: only include isapc cdrom test when g_test_slow()
  tests/softfloat: always do quick softfloat tests
  Add a gitlab-ci file for Continuous Integration testing on Gitlab
  tests/docker: peg netmap code to a specific version
  tests/docker: squash initial update and install step for debian9
  .travis.yml: Remove disable-uuid
  .travis.yml: Test with disable-replication
  .travis.yml: split debug builds
  .travis.yml: the xcode10 image seems to be hosed

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agoMerge remote-tracking branch 'remotes/kraxel/tags/vga-20190222-pull-request' into...
Peter Maydell [Mon, 25 Feb 2019 12:49:07 +0000 (12:49 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/vga-20190222-pull-request' into staging

vga: bugfixes and edid support for virtio-vga

# gpg: Signature made Fri 22 Feb 2019 08:24:25 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20190222-pull-request:
  display/virtio: add edid support.
  virtio-gpu: remove useless 'waiting' field
  virtio-gpu: block both 2d and 3d rendering
  virtio-gpu: remove unused config_size
  virtio-gpu: remove unused qdev

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agoMerge remote-tracking branch 'remotes/kraxel/tags/ui-20190222-pull-request' into...
Peter Maydell [Mon, 25 Feb 2019 09:05:41 +0000 (09:05 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190222-pull-request' into staging

ui: add support for -display spice-app
ui: gtk+sdl bugfixes.

# gpg: Signature made Fri 22 Feb 2019 07:53:13 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20190222-pull-request:
  display: add -display spice-app launching a Spice client
  spice: use a default name for the server
  qapi: document DisplayType enum
  build-sys: add gio-2.0 check
  char: register spice ports after spice started
  char: move SpiceChardev and open_spice_port() to spice.h header
  spice: do not stop spice if VM is paused
  spice: merge options lists
  spice: avoid spice runtime assert
  char/spice: discard write() if backend is disconnected
  char/spice: trigger HUP event
  ui/gtk: Fix the license information
  sdl2: drop qemu_input_event_send_key_qcode call
  spice: set device address and device display ID in QXL interface
  kbd-state: don't block auto-repeat events

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agoMerge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20190221.0' into...
Peter Maydell [Fri, 22 Feb 2019 15:48:04 +0000 (15:48 +0000)] 
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20190221.0' into staging

VFIO updates 2019-02-21

 - Workaround kernel overflow bug in vfio type1 DMA unmap
   (Alex Williamson)

 - Refactor vfio container initialization (Eric Auger)

# gpg: Signature made Fri 22 Feb 2019 05:21:07 GMT
# gpg:                using RSA key 239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" [full]
# gpg:                 aka "Alex Williamson <alex@shazbot.org>" [full]
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>" [full]
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>" [full]
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* remotes/awilliam/tags/vfio-updates-20190221.0:
  hw/vfio/common: Refactor container initialization
  vfio/common: Work around kernel overflow bug in DMA unmap

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agoMerge remote-tracking branch 'remotes/rth/tags/pull-hppa-20190221' into staging
Peter Maydell [Fri, 22 Feb 2019 13:53:12 +0000 (13:53 +0000)] 
Merge remote-tracking branch 'remotes/rth/tags/pull-hppa-20190221' into staging

Fix dino pci config access.

# gpg: Signature made Thu 21 Feb 2019 19:03:26 GMT
# gpg:                using RSA key 64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-hppa-20190221:
  hw/hppa/dino: mask out lower 2 bits of PCI config addr

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agoMerge remote-tracking branch 'remotes/rth/tags/pull-tcg-20190221' into staging
Peter Maydell [Fri, 22 Feb 2019 13:04:42 +0000 (13:04 +0000)] 
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20190221' into staging

Allow const void * as argument to helpers.
Remove obsolete TODO file.

# gpg: Signature made Thu 21 Feb 2019 18:59:11 GMT
# gpg:                using RSA key 64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-tcg-20190221:
  include/exec/helper-head.h: support "const void *" in helper calls
  tcg: Remove TODO file

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agoMerge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-feb-21-2019-v2' into...
Peter Maydell [Fri, 22 Feb 2019 11:26:17 +0000 (11:26 +0000)] 
Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-feb-21-2019-v2' into staging

MIPS queue for February 21st, 2019, v2

# gpg: Signature made Thu 21 Feb 2019 18:37:04 GMT
# gpg:                using RSA key D4972A8967F75A65
# gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01  DD75 D497 2A89 67F7 5A65

* remotes/amarkovic/tags/mips-queue-feb-21-2019-v2:
  target/mips: fulong2e: Dynamically generate SPD EEPROM data
  target/mips: fulong2e: Fix bios flash size
  hw/pci-host/bonito.c: Add PCI mem region mapped at the correct address
  target/mips: implement QMP query-cpu-definitions command
  tests/tcg: target/mips: Add wrappers for MSA integer compare instructions
  tests/tcg: target/mips: Change directory name 'bit-counting' to 'bit-count'
  tests/tcg: target/mips: Correct path to headers in some test source files
  hw/misc: mips_itu: Fix 32/64 bit issue in a line involving shift operator

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agotests/cdrom-test: only include isapc cdrom test when g_test_slow()
Alex Bennée [Thu, 21 Feb 2019 13:26:28 +0000 (13:26 +0000)] 
tests/cdrom-test: only include isapc cdrom test when g_test_slow()

We are seeing instability on our CI runs which has been there since
the test was introduced. I suspect it triggers more on Travis due to
their heavy load.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Thomas Huth <thuth@redhat.com>
6 months agotests/softfloat: always do quick softfloat tests
Alex Bennée [Wed, 20 Feb 2019 15:03:29 +0000 (15:03 +0000)] 
tests/softfloat: always do quick softfloat tests

Some operations take a long time and enabling "-l 2 -r all" can take
more than a day which is stretching the definition of a "slow" test.
Lets default to the quick test and leave a note for those who wish to
run by hand.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoAdd a gitlab-ci file for Continuous Integration testing on Gitlab
Thomas Huth [Wed, 13 Feb 2019 11:54:41 +0000 (12:54 +0100)] 
Add a gitlab-ci file for Continuous Integration testing on Gitlab

This is very convenient for people like me who store their QEMU git trees
on gitlab.com: Automatic CI pipelines are now run for each branch that is
pushed to the server - useful for some extra-testing before sending PULL-
requests for example. Since the runtime of the jobs is limited to 1h, the
jobs are distributed into multiple pipelines - this way everything finishs
fine within time (ca. 30 minutes currently).

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1550058881-16351-1-git-send-email-thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Cleber Rosa <crosa@redhat.com>
6 months agotests/docker: peg netmap code to a specific version
Alex Bennée [Wed, 20 Feb 2019 11:29:48 +0000 (11:29 +0000)] 
tests/docker: peg netmap code to a specific version

Tracking head is always going to be at the whims of the upstream.
Let's use a defined release so things don't magically change under us.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agotests/docker: squash initial update and install step for debian9
Alex Bennée [Wed, 20 Feb 2019 11:18:36 +0000 (11:18 +0000)] 
tests/docker: squash initial update and install step for debian9

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
6 months ago.travis.yml: Remove disable-uuid
Dr. David Alan Gilbert [Fri, 15 Feb 2019 09:45:02 +0000 (09:45 +0000)] 
.travis.yml: Remove disable-uuid

Commit 315d3184525 turned --disable-uuid into a warning only; remove
the check from Travis.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20190215094502.32149-2-dgilbert@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
6 months ago.travis.yml: Test with disable-replication
Dr. David Alan Gilbert [Fri, 15 Feb 2019 09:45:01 +0000 (09:45 +0000)] 
.travis.yml: Test with disable-replication

We've had the build break with replication disabled, so lets
test that case in travis.

Suggsted-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20190215094502.32149-1-dgilbert@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
6 months ago.travis.yml: split debug builds
Alex Bennée [Wed, 20 Feb 2019 11:28:25 +0000 (11:28 +0000)] 
.travis.yml: split debug builds

The builds are reaching the magic 50 minute limit with regularity so
lets split them up. Rather than doing a full debug build on both just
enable debug tcg for linux-user.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months ago.travis.yml: the xcode10 image seems to be hosed
Paolo Bonzini [Wed, 20 Feb 2019 10:45:23 +0000 (11:45 +0100)] 
.travis.yml: the xcode10 image seems to be hosed

It fails to install homebrew.  Unfortunately we cannot mark
it as an expected failure because Travis does not match
allow_failures rows against include rows (only against the
main test matrix, which we do not use at all), so just disable
it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20190220105131.23479-1-pbonzini@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
6 months agodisplay: add -display spice-app launching a Spice client
Marc-André Lureau [Thu, 21 Feb 2019 11:07:03 +0000 (12:07 +0100)] 
display: add -display spice-app launching a Spice client

Add a new display backend that will configure Spice to allow a remote
client to control QEMU in a similar fashion as other QEMU display
backend/UI like GTK.

For this to work, it will set up Spice server with a unix socket, and
register a VC chardev that will be exposed as Spice ports. A QMP
monitor is also exposed as a Spice port, this allows the remote client
fuller qemu control and state handling.

- doesn't handle VC set_echo() - this doesn't seem a strong
  requirement, very few front-end use it
- spice options can be tweaked with other -spice arguments
- Windows support shouldn't be hard to do, but will probably use a TCP
  port instead
- we may want to watch the child process to quit automatically if it
  crashed

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-12-marcandre.lureau@redhat.com

[ kraxel: squash incremental fix ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agodisplay/virtio: add edid support.
Gerd Hoffmann [Thu, 21 Feb 2019 08:10:54 +0000 (09:10 +0100)] 
display/virtio: add edid support.

This patch adds EDID support to the family of virtio-gpu devices.  It is
turned off by default, use the new edid property to enable it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190221081054.13853-1-kraxel@redhat.com

6 months agovirtio-gpu: remove useless 'waiting' field
Marc-André Lureau [Thu, 21 Feb 2019 11:43:30 +0000 (12:43 +0100)] 
virtio-gpu: remove useless 'waiting' field

Let's check renderer_blocked instead directly.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Christophe Fergeau <cfergeau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190221114330.17968-5-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agovirtio-gpu: block both 2d and 3d rendering
Marc-André Lureau [Thu, 21 Feb 2019 11:43:29 +0000 (12:43 +0100)] 
virtio-gpu: block both 2d and 3d rendering

Now that 2d commands are translated to 3d rendering, qemu must stop
sending 3d updates (from 2d) to Spice as well.

Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1674324

Cc: cfergeau@redhat.com
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Christophe Fergeau <cfergeau@redhat.com>
Tested-by: Christophe Fergeau <cfergeau@redhat.com>
Message-id: 20190221114330.17968-4-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agovirtio-gpu: remove unused config_size
Marc-André Lureau [Thu, 21 Feb 2019 11:43:28 +0000 (12:43 +0100)] 
virtio-gpu: remove unused config_size

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Christophe Fergeau <cfergeau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190221114330.17968-3-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agovirtio-gpu: remove unused qdev
Marc-André Lureau [Thu, 21 Feb 2019 11:43:27 +0000 (12:43 +0100)] 
virtio-gpu: remove unused qdev

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Christophe Fergeau <cfergeau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190221114330.17968-2-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agohw/vfio/common: Refactor container initialization
Eric Auger [Fri, 22 Feb 2019 04:07:03 +0000 (21:07 -0700)] 
hw/vfio/common: Refactor container initialization

We introduce the vfio_init_container_type() helper.
It computes the highest usable iommu type and then
set the container and the iommu type.

Its usage in vfio_connect_container() makes the code
ready for addition of new iommu types.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
6 months agovfio/common: Work around kernel overflow bug in DMA unmap
Alex Williamson [Fri, 22 Feb 2019 04:07:03 +0000 (21:07 -0700)] 
vfio/common: Work around kernel overflow bug in DMA unmap

A kernel bug was introduced in v4.15 via commit 71a7d3d78e3c which
adds a test for address space wrap-around in the vfio DMA unmap path.
Unfortunately due to overflow, the kernel detects an unmap of the last
page in the 64-bit address space as a wrap-around.  In QEMU, a Q35
guest with VT-d emulation and guest IOMMU enabled will attempt to make
such an unmap request during VM system reset, triggering an error:

  qemu-kvm: VFIO_UNMAP_DMA: -22
  qemu-kvm: vfio_dma_unmap(0x561f059948f0, 0xfef00000, 0xffffffff01100000) = -22 (Invalid argument)

Here the IOVA start address (0xfef00000) and the size parameter
(0xffffffff01100000) add to exactly 2^64, triggering the bug.  A
kernel fix is queued for the Linux v5.0 release to address this.

This patch implements a workaround to retry the unmap, excluding the
final page of the range when we detect an unmap failing which matches
the requirements for this issue.  This is expected to be a safe and
complete workaround as the VT-d address space does not extend to the
full 64-bit space and therefore the last page should never be mapped.

This workaround can be removed once all kernels with this bug are
sufficiently deprecated.

Link: https://bugzilla.redhat.com/show_bug.cgi?id=1662291
Reported-by: Pei Zhang <pezhang@redhat.com>
Debugged-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
6 months agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190221' into...
Peter Maydell [Thu, 21 Feb 2019 18:58:35 +0000 (18:58 +0000)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190221' into staging

target-arm queue:
 * Model the Arm "Musca" development boards: "musca-a" and "musca-b1"
 * Implement the ARMv8.3-JSConv extension
 * v8M MPU should use background region as default, not always
 * Stop unintentional sign extension in pmu_init

# gpg: Signature made Thu 21 Feb 2019 18:56:32 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20190221: (21 commits)
  hw/arm/armsse: Make 0x5... alias region work for per-CPU devices
  hw/arm/musca: Wire up PL011 UARTs
  hw/arm/musca: Wire up PL031 RTC
  hw/arm/musca: Add MPCs
  hw/arm/musca: Add PPCs
  hw/arm/musca.c: Implement models of the Musca-A and -B1 boards
  hw/arm/armsse: Allow boards to specify init-svtor
  hw/arm/armsse: Document SRAM_ADDR_WIDTH property in header comment
  hw/char/pl011: Use '0x' prefix when logging hex numbers
  hw/char/pl011: Support all interrupt lines
  hw/char/pl011: Allow use as an embedded-struct device
  hw/timer/pl031: Convert to using trace events
  hw/timer/pl031: Allow use as an embedded-struct device
  hw/misc/tz-ppc: Support having unused ports in the middle of the range
  target/arm: Implement ARMv8.3-JSConv
  target/arm: Rearrange Floating-point data-processing (2 regs)
  target/arm: Split out vfp_helper.c
  target/arm: Restructure disas_fp_int_conv
  target/arm: Stop unintentional sign extension in pmu_init
  target/arm: v8M MPU should use background region as default, not always
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agotarget/mips: fulong2e: Dynamically generate SPD EEPROM data
BALATON Zoltan [Thu, 21 Feb 2019 12:34:07 +0000 (13:34 +0100)] 
target/mips: fulong2e: Dynamically generate SPD EEPROM data

The machine comes with 256M memory module by default but it's
upgradable so it could have different memory size. There was a TODO
comment to replace static SPD EEPROM data with dynamically generated
one to support this. Now that we have a function for that, it's easy
to do. Although this would allow larger RAM sizes, the peculiar memory
map of the machine may need some special handling to map it as low and
high memory. Because I don't know what the correct place would be for
highmem, I've left memory size fixed at 256M for now and TODO is moved
there instead.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6 months agotarget/mips: fulong2e: Fix bios flash size
BALATON Zoltan [Thu, 21 Feb 2019 12:29:15 +0000 (13:29 +0100)] 
target/mips: fulong2e: Fix bios flash size

According to both the specifications on linux-mips.org referenced in a
comment at the beginning of the file and the flash chip part number
the bios size should be 512k not 1M.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6 months agohw/pci-host/bonito.c: Add PCI mem region mapped at the correct address
BALATON Zoltan [Thu, 21 Feb 2019 12:25:00 +0000 (13:25 +0100)] 
hw/pci-host/bonito.c: Add PCI mem region mapped at the correct address

Stop using system memory as PCI memory otherwise devices such as VGA
that have regions mapped to PCI memory clash with RAM. Use a separate
memory region for PCI memory and map it to the correct address in
system memory which allows PCI mem regions to show at the correct
address where clients expect them.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6 months agotarget/mips: implement QMP query-cpu-definitions command
Pavel Dovgalyuk [Tue, 19 Feb 2019 17:02:55 +0000 (18:02 +0100)] 
target/mips: implement QMP query-cpu-definitions command

This patch enables QMP-based querying of the available CPU types for
MIPS and MIPS64 platforms.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
6 months agotests/tcg: target/mips: Add wrappers for MSA integer compare instructions
Aleksandar Markovic [Wed, 13 Feb 2019 17:04:12 +0000 (18:04 +0100)] 
tests/tcg: target/mips: Add wrappers for MSA integer compare instructions

Add wrappers for MSA integer compare instructions.

Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com>
6 months agotests/tcg: target/mips: Change directory name 'bit-counting' to 'bit-count'
Aleksandar Markovic [Mon, 18 Feb 2019 06:57:47 +0000 (07:57 +0100)] 
tests/tcg: target/mips: Change directory name 'bit-counting' to 'bit-count'

Change directory name 'bit-counting' to 'bit-count'. This is just for
cosmetic and consistency sake. This was the only subdirectory in MSA
test directory that uses ending 'ing'.

Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6 months agotests/tcg: target/mips: Correct path to headers in some test source files
Aleksandar Markovic [Mon, 18 Feb 2019 06:55:56 +0000 (07:55 +0100)] 
tests/tcg: target/mips: Correct path to headers in some test source files

Correct path to headers in tests/tcg/mips/user/ase/msa/bit-counting/*
source files.

Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com>
6 months agohw/misc: mips_itu: Fix 32/64 bit issue in a line involving shift operator
Aleksandar Markovic [Mon, 18 Feb 2019 07:32:48 +0000 (08:32 +0100)] 
hw/misc: mips_itu: Fix 32/64 bit issue in a line involving shift operator

Fix 32/64 bit issue in a line involving shift operator. "1 << ..."
calculation of size is done as a 32-bit signed integer which may
then be unintentionally sign-extended into the 64-bit result. The
problem was discovered by Coverity (CID 1398648). Using "1ULL"
instead of "1" on the LHS of the shift fixes this problem.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6 months agoinclude/exec/helper-head.h: support "const void *" in helper calls
David Hildenbrand [Thu, 21 Feb 2019 09:34:59 +0000 (10:34 +0100)] 
include/exec/helper-head.h: support "const void *" in helper calls

Especially when dealing with out-of-line gvec helpers, it is often
helpful to specify some vector pointers as constant. E.g. when
we have two inputs and one output, marking the two inputs as consts
pointers helps to avoid bugs.

Const pointers can be specified via "cptr", however behave in TCG just
like ordinary pointers. We can specify helpers like:

DEF_HELPER_FLAGS_4(gvec_vbperm, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)

void HELPER(gvec_vbperm)(void *v1, const void *v2, const void *v3,
                         uint32_t desc)

And make sure that here, only v1 will be written (as long as const is
not casted away, of course).

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190221093459.22547-1-david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agotcg: Remove TODO file
Richard Henderson [Wed, 20 Feb 2019 17:29:06 +0000 (09:29 -0800)] 
tcg: Remove TODO file

The last update to this file was 9 years ago.  In the meantime,
4 of the 6 ideas have actually been completed.  The lat two do
not actually make sense anymore.

Suggested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/arm/armsse: Make 0x5... alias region work for per-CPU devices
Peter Maydell [Thu, 21 Feb 2019 18:17:48 +0000 (18:17 +0000)] 
hw/arm/armsse: Make 0x5... alias region work for per-CPU devices

The region 0x40010000 .. 0x4001ffff and its secure-only alias
at 0x50010000... are for per-CPU devices. We implement this by
giving each CPU its own container memory region, where the
per-CPU devices live. Unfortunately, the alias region which
makes devices mapped at 0x4... addresses also appear at 0x5...
is only implemented in the overall "all CPUs" container. The
effect of this bug is that the CPU_IDENTITY register block appears
only at 0x4001f000, but not at the 0x5001f000 alias where it should
also appear. Guests (like very recent Arm Trusted Firmware-M)
which try to access it at 0x5001f000 will crash.

Fix this by moving the handling for this alias from the "all CPUs"
container to the per-CPU container. (We leave the aliases for
0x1... and 0x3... in the overall container, because there are
no per-CPU devices there.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190215180500.6906-1-peter.maydell@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
6 months agohw/arm/musca: Wire up PL011 UARTs
Peter Maydell [Thu, 21 Feb 2019 18:17:47 +0000 (18:17 +0000)] 
hw/arm/musca: Wire up PL011 UARTs

Wire up the two PL011 UARTs in the Musca board.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/arm/musca: Wire up PL031 RTC
Peter Maydell [Thu, 21 Feb 2019 18:17:47 +0000 (18:17 +0000)] 
hw/arm/musca: Wire up PL031 RTC

Wire up the PL031 RTC for the Musca board.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/arm/musca: Add MPCs
Peter Maydell [Thu, 21 Feb 2019 18:17:47 +0000 (18:17 +0000)] 
hw/arm/musca: Add MPCs

The Musca board puts its SRAM and flash behind TrustZone
Memory Protection Controllers (MPCs). Each MPC sits between
the CPU and the RAM/flash, and also has a set of memory mapped
control registers. Wire up the MPCs, and the memory behind them.
For the moment we implement the flash as simple ROM, which
cannot be reprogrammed by the guest.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/arm/musca: Add PPCs
Peter Maydell [Thu, 21 Feb 2019 18:17:47 +0000 (18:17 +0000)] 
hw/arm/musca: Add PPCs

Many of the devices on the Musca board live behind TrustZone
Peripheral Protection Controllers (PPCs); add models of the
PPCs, using a similar scheme to the MPS2 board models.
This commit wires up the PPCs with "unimplemented device"
stubs behind them in the correct places in the address map.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/arm/musca.c: Implement models of the Musca-A and -B1 boards
Peter Maydell [Thu, 21 Feb 2019 18:17:47 +0000 (18:17 +0000)] 
hw/arm/musca.c: Implement models of the Musca-A and -B1 boards

The Musca-A and Musca-B1 development boards are based on the
SSE-200 subsystem for embedded. Implement an initial skeleton
model of these boards, which are similar but not identical.

This commit creates the board model with the SSE and the IRQ
splitters to wire IRQs up to its two CPUs. As yet there
are no devices and no memory: these will be added later.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/arm/armsse: Allow boards to specify init-svtor
Peter Maydell [Thu, 21 Feb 2019 18:17:47 +0000 (18:17 +0000)] 
hw/arm/armsse: Allow boards to specify init-svtor

The Musca boards have DAPLink firmware that sets the initial
secure VTOR value (the location of the vector table) differently
depending on the boot mode (from flash, from RAM, etc). Export
the init-svtor as a QOM property of the ARMSSE object so that
the board can change it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/arm/armsse: Document SRAM_ADDR_WIDTH property in header comment
Peter Maydell [Thu, 21 Feb 2019 18:17:47 +0000 (18:17 +0000)] 
hw/arm/armsse: Document SRAM_ADDR_WIDTH property in header comment

In commit 4b635cf7a95e501211 we added a QOM property to the ARMSSE
object, but forgot to add it to the documentation comment in the
header. Correct the omission.

Fixes: 4b635cf7a95e501211 ("hw/arm/armsse: Make SRAM bank size configurable")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/char/pl011: Use '0x' prefix when logging hex numbers
Peter Maydell [Thu, 21 Feb 2019 18:17:46 +0000 (18:17 +0000)] 
hw/char/pl011: Use '0x' prefix when logging hex numbers

The pl011 logs when the guest makes a bad access. It prints
the address offset in hex but confusingly omits the '0x'
prefix; add it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/char/pl011: Support all interrupt lines
Peter Maydell [Thu, 21 Feb 2019 18:17:46 +0000 (18:17 +0000)] 
hw/char/pl011: Support all interrupt lines

The PL011 UART has six interrupt lines:
 * RX (receive data)
 * TX (transmit data)
 * RT (receive timeout)
 * MS (modem status)
 * E (errors)
 * combined (logical OR of all the above)

So far we have only emulated the combined interrupt line;
add support for the others, so that boards that wire them
up to different interrupt controller inputs can do so.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/char/pl011: Allow use as an embedded-struct device
Peter Maydell [Thu, 21 Feb 2019 18:17:46 +0000 (18:17 +0000)] 
hw/char/pl011: Allow use as an embedded-struct device

Create a new include file for the pl011's device struct,
type macros, etc, so that it can be instantiated using
the "embedded struct" coding style.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/timer/pl031: Convert to using trace events
Peter Maydell [Thu, 21 Feb 2019 18:17:46 +0000 (18:17 +0000)] 
hw/timer/pl031: Convert to using trace events

Convert the debug printing in the PL031 device to use trace events,
and augment it to cover the interesting parts of device operation.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/timer/pl031: Allow use as an embedded-struct device
Peter Maydell [Thu, 21 Feb 2019 18:17:46 +0000 (18:17 +0000)] 
hw/timer/pl031: Allow use as an embedded-struct device

Create a new include file for the pl031's device struct,
type macros, etc, so that it can be instantiated using
the "embedded struct" coding style.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agohw/misc/tz-ppc: Support having unused ports in the middle of the range
Peter Maydell [Thu, 21 Feb 2019 18:17:46 +0000 (18:17 +0000)] 
hw/misc/tz-ppc: Support having unused ports in the middle of the range

The Peripheral Protection Controller's handling of unused ports
is that if there is nothing connected to the port's downstream
then it does not create the sysbus MMIO region for the upstream
end of the port. This results in odd behaviour when there is
an unused port in the middle of the range: since sysbus MMIO
regions are implicitly consecutively allocated, any used ports
above the unused ones end up with sysbus MMIO region numbers
that don't match the port number.

Avoid this numbering mismatch by creating dummy MMIO regions
for the unused ports. This doesn't change anything for our
existing boards, which don't have any gaps in the middle of
the port ranges they use; but it will be needed for the Musca
board.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6 months agotarget/arm: Implement ARMv8.3-JSConv
Richard Henderson [Thu, 21 Feb 2019 18:17:46 +0000 (18:17 +0000)] 
target/arm: Implement ARMv8.3-JSConv

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190215192302.27855-5-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: fixed a couple of comment typos]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agotarget/arm: Rearrange Floating-point data-processing (2 regs)
Richard Henderson [Thu, 21 Feb 2019 18:17:45 +0000 (18:17 +0000)] 
target/arm: Rearrange Floating-point data-processing (2 regs)

There are lots of special cases within these insns.  Split the
major argument decode/loading/saving into no_output (compares),
rd_is_dp, and rm_is_dp.

We still need to special case argument load for compare (rd as
input, rm as zero) and vcvt fixed (rd as input+output), but lots
of special cases do disappear.

Now that we have a full switch at the beginning, hoist the ISA
checks from the code generation.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190215192302.27855-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agotarget/arm: Split out vfp_helper.c
Richard Henderson [Thu, 21 Feb 2019 18:17:45 +0000 (18:17 +0000)] 
target/arm: Split out vfp_helper.c

Move all of the fp helpers out of helper.c into a new file.
This is code movement only.  Since helper.c has no copyright
header, take the one from cpu.h for the new file.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190215192302.27855-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agotarget/arm: Restructure disas_fp_int_conv
Richard Henderson [Thu, 21 Feb 2019 18:17:45 +0000 (18:17 +0000)] 
target/arm: Restructure disas_fp_int_conv

For opcodes 0-5, move some if conditions into the structure
of a switch statement.  For opcodes 6 & 7, decode everything
at once with a second switch.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190215192302.27855-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agotarget/arm: Stop unintentional sign extension in pmu_init
Aaron Lindsay OS [Thu, 21 Feb 2019 18:17:45 +0000 (18:17 +0000)] 
target/arm: Stop unintentional sign extension in pmu_init

This was introduced by
    commit bf8d09694ccc07487cd73d7562081fdaec3370c8
    target/arm: Don't clear supported PMU events when initializing PMCEID1
and identified by Coverity (CID 1398645).

Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com>
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190219144621.450-1-aaron@os.amperecomputing.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agotarget/arm: v8M MPU should use background region as default, not always
Peter Maydell [Thu, 21 Feb 2019 18:17:45 +0000 (18:17 +0000)] 
target/arm: v8M MPU should use background region as default, not always

The "background region" for a v8M MPU is a default which will be used
(if enabled, and if the access is privileged) if the access does
not match any specific MPU region. We were incorrectly using it
always (by putting the condition at the wrong nesting level). This
meant that we would always return the default background permissions
rather than the correct permissions for a specific region, and also
that we would not return the right information in response to a
TT instruction.

Move the check for the background region to the same place in the
logic as the equivalent v8M MPUCheck() pseudocode puts it.
This in turn means we must adjust the condition we use to detect
matches in multiple regions to avoid false-positives.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190214113408.10214-1-peter.maydell@linaro.org

6 months agohw/arm/armsse: Fix memory leak in error-exit path
Peter Maydell [Thu, 21 Feb 2019 18:17:45 +0000 (18:17 +0000)] 
hw/arm/armsse: Fix memory leak in error-exit path

Coverity points out (CID 1398632, CID 1398650) that we
leak a couple of allocated strings in the error-exit
code path for setting up the MHUs in the ARMSSE.
Fix this bug by moving the allocate-and-free of each
string to be closer to the use, so we do the free before
doing the error-exit check.

Fixes: f8574705f62b38a ("hw/arm/armsse: Add unimplemented-device stubs for MHUs")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190215113707.24553-1-peter.maydell@linaro.org

6 months agohw/hppa/dino: mask out lower 2 bits of PCI config addr
Sven Schnelle [Mon, 18 Feb 2019 18:33:14 +0000 (19:33 +0100)] 
hw/hppa/dino: mask out lower 2 bits of PCI config addr

some versions of HP-UX 10.20 seems to rely on the fact that DINO
strips out the lower 2 bits of the PCI configuration address.
Also update the binary SeaBIOS distributed to the latest version
from Helge's repository, which is required with that change.

Signed-off-by: Sven Schnelle <svens@stackframe.org>
Message-Id: <20190218183314.20157-1-svens@stackframe.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoMerge remote-tracking branch 'remotes/jnsnow/tags/bitmaps-pull-request' into staging
Peter Maydell [Thu, 21 Feb 2019 13:09:33 +0000 (13:09 +0000)] 
Merge remote-tracking branch 'remotes/jnsnow/tags/bitmaps-pull-request' into staging

Pull request

# gpg: Signature made Wed 20 Feb 2019 18:01:00 GMT
# gpg:                using RSA key F9B7ABDBBCACDF95BE76CBD07DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" [full]
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/bitmaps-pull-request:
  blockdev: acquire aio_context for bitmap add/remove
  block/dirty-bitmap: Documentation and Comment fixups
  dirty-bitmap: Expose persistent flag to 'query-block'

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agospice: use a default name for the server
Marc-André Lureau [Thu, 21 Feb 2019 11:07:02 +0000 (12:07 +0100)] 
spice: use a default name for the server

If no -name is given, let's use a friendly "QEMU version" server
name. This is sometime exposed on spice client side, for example on
remote-viewer title.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-11-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agoqapi: document DisplayType enum
Marc-André Lureau [Thu, 21 Feb 2019 11:07:01 +0000 (12:07 +0100)] 
qapi: document DisplayType enum

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-10-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agobuild-sys: add gio-2.0 check
Marc-André Lureau [Thu, 21 Feb 2019 11:07:00 +0000 (12:07 +0100)] 
build-sys: add gio-2.0 check

GIO is required for the "-display spice-app" backend.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-9-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agochar: register spice ports after spice started
Marc-André Lureau [Thu, 21 Feb 2019 11:06:59 +0000 (12:06 +0100)] 
char: register spice ports after spice started

Spice port registration is delayed until the server is started. But
ports created after are not being registered. If the server is already
started, do vmc_register_interface() to register it from
qemu_chr_open_spice_port().

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-8-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agochar: move SpiceChardev and open_spice_port() to spice.h header
Marc-André Lureau [Thu, 21 Feb 2019 11:06:58 +0000 (12:06 +0100)] 
char: move SpiceChardev and open_spice_port() to spice.h header

This will allow easier subclassing of SpiceChardev, in upcoming
"display: add -display spice-app launching external application"
patch.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-7-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agospice: do not stop spice if VM is paused
Marc-André Lureau [Thu, 21 Feb 2019 11:06:57 +0000 (12:06 +0100)] 
spice: do not stop spice if VM is paused

spice_server_vm_start/stop() was added to help migration state (commit
f5bb039c6d97ef3e664094eab3c9a4dc1824ed73).

However, a paused VM could keep running the spice server. This will
allow a Spice client to keep sending commands to a spice chardev. This
allows to stop/cont a VM from a Spice monitor port. Character
devices (vdagent/usb/smartcard/..) should not read from Spice when the
VM is paused.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-6-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agospice: merge options lists
Marc-André Lureau [Thu, 21 Feb 2019 11:06:56 +0000 (12:06 +0100)] 
spice: merge options lists

Passing several -spice options to qemu command line, or calling
several time qemu_opts_set() will ignore all but the first option
list. Since the spice server is a singleton, it makes sense to merge
all the options, the last value being the one taken into account.

This changes the behaviour from, for ex:
$ qemu... -spice port=5900 -spice port=5901 -> port: 5900
to:
$ qemu... -spice port=5900 -spice port=5901 -> port: 5901

(if necessary we could instead produce an error when an option is
given twice, although this makes handling default values and such more
complicated)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-5-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agospice: avoid spice runtime assert
Marc-André Lureau [Thu, 21 Feb 2019 11:06:55 +0000 (12:06 +0100)] 
spice: avoid spice runtime assert

The Spice server doesn't like to be started or stopped twice . It
aborts with:

(process:6191): Spice-ERROR **: 19:29:35.912: red-worker.c:623:handle_dev_start: assertion `!worker->running' failed

It's easy to avoid that situation since qemu spice_display_is_running
tracks the server state.

After the commit "spice: do not stop spice if VM is paused", it will
be possible to pause and resume the VM, and this will call
qemu_spice_display_start() twice. The easiest is to add a check for
spice_display_is_running with this patch to avoid the assert.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-4-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agochar/spice: discard write() if backend is disconnected
Marc-André Lureau [Thu, 21 Feb 2019 11:06:54 +0000 (12:06 +0100)] 
char/spice: discard write() if backend is disconnected

Most chardev backend handle write() as discarded data if underlying
system is disconnected. For unknown historical reasons, the Spice
backend has "reliable" write: it will wait until the client end is
reconnected to do further successful write().

To decide whether it make sense to wait until the client is
reconnected (or queue the writes), let's review Spice chardev usage
and handling of a disconnected client:

 * spice vdagent
   The agents reopen the virtio port on disconnect. In qemu side,
   virtio_serial_close() will also discard pending data.

 * usb redirection
   A disconnect creates a device disconnection.

 * smartcard emulation
   Data is discarded in passthru_apdu_from_guest().

   (Spice doesn't explicitly open the smartcard char device until
   upcoming 0.14.2, commit 69a5cfc74131ec0459f2eb5a231139f5a69a8037)

 * spice webdavd
   The daemon will restart the service, and reopen the virtio port.

 * spice ports (serial console, qemu monitor..)
   Depends on the associated device or usage.

   - serial, may be throttled or discarded on write, depending on
     device

   - QMP/HMP monitor have some CLOSED event handling, but want to
     flush the write, which will finish when a new client connects.

On disconnect/reconnect, the client starts with fresh sessions. If it
is a seamless migration, the client disconnects after the source
migrated. The handling of source disconnect in qemu is thus irrelevant
for the Spice session migration.

For all these use cases, it is better to discard writes when the
client is disconnected, and require the vm-side device/agent to behave
correctly on CHR_EVENT_CLOSED, to stop reading and writing from
the spice chardev.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-3-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agochar/spice: trigger HUP event
Marc-André Lureau [Thu, 21 Feb 2019 11:06:53 +0000 (12:06 +0100)] 
char/spice: trigger HUP event

Inform the front-end of disconnected state (spice client
disconnected).

This will wakeup the source handler immediately, so it can detect the
disconnection asap.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-2-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agoui/gtk: Fix the license information
Thomas Huth [Thu, 21 Feb 2019 06:51:42 +0000 (07:51 +0100)] 
ui/gtk: Fix the license information

The license information in this file is very messy. A short note at
the beginning says GPL first, but the long boilerplate code then
talks about "GNU Lesser General Public License version 2.0". First,
there is no such version of the "GNU Lesser GPL", it only started with
version 2.1. In version 2.0, it was still called "GNU Library GPL"
instead. Second, you can easily get the license of this file wrong
if you only quickly glance at the long boilerplate code.

Anyway, looking at the text of the LGPL (see COPYING.LIB in the top
directory), the license clearly states in section "3." that one should
rather replace the license information with the GPL information in
such a case of a mixture instead. Thus let's clean up the confusing
statements and use the proper GPL text only.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 1550731902-28842-1-git-send-email-thuth@redhat.com

[ kraxel: s/v2/v2+/ as requested by Daniel ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agosdl2: drop qemu_input_event_send_key_qcode call
Gerd Hoffmann [Fri, 8 Feb 2019 07:27:44 +0000 (08:27 +0100)] 
sdl2: drop qemu_input_event_send_key_qcode call

qkbd_state_key_event() does that for us.

Fixes: 07333e1ca3 kbd-state: use state tracker for sdl2
Reported-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 20190208072744.10687-1-kraxel@redhat.com

6 months agoMerge remote-tracking branch 'remotes/kraxel/tags/usb-20190220-pull-request' into...
Peter Maydell [Thu, 21 Feb 2019 09:41:11 +0000 (09:41 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/usb-20190220-pull-request' into staging

usb: usb_ep_get() fixes

# gpg: Signature made Wed 20 Feb 2019 11:13:32 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20190220-pull-request:
  usb: remove unnecessary NULL device check from usb_ep_get()
  usb: add device checks before redirector calls to usb_ep_get()
  usb: check device is not NULL before calling usb_ep_get()
  uhci: check device is not NULL before calling usb_ep_get()
  ohci: check device is not NULL before calling usb_ep_get()
  ehci: check device is not NULL before calling usb_ep_get()
  xhci: check device is not NULL before calling usb_ep_get()
  xhci: add asserts to help with static code analysis
  usb: rearrange usb_ep_get()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agospice: set device address and device display ID in QXL interface
Lukáš Hrázký [Fri, 15 Feb 2019 15:09:19 +0000 (16:09 +0100)] 
spice: set device address and device display ID in QXL interface

Calls the new SPICE QXL interface function spice_qxl_set_device_info to
set the hardware address of the graphics device represented by the QXL
interface (e.g. a PCI path) and the device display IDs (the IDs of the
device's monitors that belong to this QXL interface).

Also stops using the deprecated spice_qxl_set_max_monitors, the new
interface function replaces it.

Signed-off-by: Lukáš Hrázký <lhrazky@redhat.com>
Message-Id: <20190215150919.8263-1-lhrazky@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agokbd-state: don't block auto-repeat events
Gerd Hoffmann [Wed, 20 Feb 2019 10:02:35 +0000 (11:02 +0100)] 
kbd-state: don't block auto-repeat events

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190220100235.20914-1-kraxel@redhat.com

6 months agousb: remove unnecessary NULL device check from usb_ep_get()
Liam Merwick [Wed, 6 Feb 2019 13:36:56 +0000 (13:36 +0000)] 
usb: remove unnecessary NULL device check from usb_ep_get()

No caller of usb_ep_get() calls it with a NULL device (previous commits
have addressed the few remaining cases which didn't explicitly check).
Replace check for 'dev == NULL' with an assert instead.

Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Message-id: 1549460216-25808-10-git-send-email-liam.merwick@oracle.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agousb: add device checks before redirector calls to usb_ep_get()
Liam Merwick [Wed, 6 Feb 2019 13:36:55 +0000 (13:36 +0000)] 
usb: add device checks before redirector calls to usb_ep_get()

Add an assert and an explicit check before the two callers to
usb_ep_get() in the USB redirector code to ensure the device
passed in is not NULL.

Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Message-id: 1549460216-25808-9-git-send-email-liam.merwick@oracle.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agousb: check device is not NULL before calling usb_ep_get()
Liam Merwick [Wed, 6 Feb 2019 13:36:54 +0000 (13:36 +0000)] 
usb: check device is not NULL before calling usb_ep_get()

In musb_packet(), the call to usb_find_device() can return NULL
if it doesn't find a device matching 'addr' so explicitly check
the return value before passing it to usb_ep_get().  This then
allows the subsequent calculation of 'id' to be streamlined.

Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Message-id: 1549460216-25808-8-git-send-email-liam.merwick@oracle.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agouhci: check device is not NULL before calling usb_ep_get()
Liam Merwick [Wed, 6 Feb 2019 13:36:53 +0000 (13:36 +0000)] 
uhci: check device is not NULL before calling usb_ep_get()

In uhci_handle_td(), the call to ehci_find_device() can return NULL
if it doesn't find a device matching 'addr' so explicitly check
the return value before passing it to usb_ep_get().

Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Message-id: 1549460216-25808-7-git-send-email-liam.merwick@oracle.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agoohci: check device is not NULL before calling usb_ep_get()
Liam Merwick [Wed, 6 Feb 2019 13:36:52 +0000 (13:36 +0000)] 
ohci: check device is not NULL before calling usb_ep_get()

A call to ohci_find_device() can return NULL if it doesn't find a
device matching 'addr' so for the two callers, explicitly check
the return value before passing it to usb_ep_get().

Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Message-id: 1549460216-25808-6-git-send-email-liam.merwick@oracle.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agoehci: check device is not NULL before calling usb_ep_get()
Liam Merwick [Wed, 6 Feb 2019 13:36:51 +0000 (13:36 +0000)] 
ehci: check device is not NULL before calling usb_ep_get()

In ehci_process_itd(), the call to ehci_find_device() can return NULL
if it doesn't find a device matching 'devaddr' so explicitly check
the return value before passing it to usb_ep_get().

Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Message-id: 1549460216-25808-5-git-send-email-liam.merwick@oracle.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agoxhci: check device is not NULL before calling usb_ep_get()
Liam Merwick [Wed, 6 Feb 2019 13:36:50 +0000 (13:36 +0000)] 
xhci: check device is not NULL before calling usb_ep_get()

Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Message-id: 1549460216-25808-4-git-send-email-liam.merwick@oracle.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agoxhci: add asserts to help with static code analysis
Liam Merwick [Wed, 6 Feb 2019 13:36:49 +0000 (13:36 +0000)] 
xhci: add asserts to help with static code analysis

Most callers of xhci_port_update() and xhci_wakeup() pass in a pointer
to an array entry and can never be NULL but add two defensive asserts
to protect against future changes (e.g. adding a new port speed, etc.)
adding a path through xhci_lookup_port() that could result in the
return of a NULL XHCIPort.

Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Message-id: 1549460216-25808-3-git-send-email-liam.merwick@oracle.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agousb: rearrange usb_ep_get()
Liam Merwick [Wed, 6 Feb 2019 13:36:48 +0000 (13:36 +0000)] 
usb: rearrange usb_ep_get()

There is no need to calculate the 'eps' variable in usb_ep_get()
if 'ep' is the control endpoint.  Instead the calculation should
be done after validating the input before returning an entry
indexed by the endpoint 'ep'.

Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Reviewed-by: Darren Kenny <Darren.Kenny@oracle.com>
Reviewed-by: Mark Kanda <Mark.Kanda@oracle.com>
Reviewed-by: Ameya More <ameya.more@oracle.com>
Message-id: 1549460216-25808-2-git-send-email-liam.merwick@oracle.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
6 months agoblockdev: acquire aio_context for bitmap add/remove
John Snow [Tue, 19 Feb 2019 22:49:43 +0000 (17:49 -0500)] 
blockdev: acquire aio_context for bitmap add/remove

When bitmaps are persistent, they may incur a disk read or write when bitmaps
are added or removed. For configurations like virtio-dataplane, failing to
acquire this lock will abort QEMU when disk IO occurs.

We used to acquire aio_context as part of the bitmap lookup, so re-introduce
the lock for just the cases that have an IO penalty. Commit 2119882c removed
these locks, and I failed to notice this when we committed fd5ae4cc, so this
has been broken since persistent bitmaps were introduced.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1672010
Reported-By: Aihua Liang <aliang@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20190218233154.19303-1-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
6 months agoblock/dirty-bitmap: Documentation and Comment fixups
John Snow [Tue, 19 Feb 2019 22:49:43 +0000 (17:49 -0500)] 
block/dirty-bitmap: Documentation and Comment fixups

The meaning of the states has changed subtly over time,
this should bring the understanding more in-line with the
current, actual usages.

Reported-by: Eric Blake <eblake@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-id: 20190202011048.12343-1-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
6 months agodirty-bitmap: Expose persistent flag to 'query-block'
Eric Blake [Tue, 19 Feb 2019 22:49:43 +0000 (17:49 -0500)] 
dirty-bitmap: Expose persistent flag to 'query-block'

Since qemu currently doesn't flush persistent bitmaps to disk until
shutdown (which might be MUCH later), it's useful if 'query-block'
at least shows WHICH bitmaps will (eventually) make it to persistent
storage.  Update affected iotests.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 20190204210512.27458-1-eblake@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
6 months agoMerge remote-tracking branch 'remotes/dgibson/tags/ppc-for-4.0-20190219' into staging
Peter Maydell [Mon, 18 Feb 2019 16:20:13 +0000 (16:20 +0000)] 
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-4.0-20190219' into staging

ppc patch queue 2019-02-19

Here's the next batch of ppc and spapr patches.  Higlights are:

 * A bunch of improvements to TCG handling of vector instructions from
   Richard Henderson and Marc Cave-Ayland

 * Cleanup to the XICS interrupt controller from Greg Kurz, removing
   the special KVM subclasses which were a bad idea

 * Some refinements to the XIVE interrupt controller from Cédric Le
   Goater

 * Fix from Fabiano Rosas for a really dumb buffer overflow in the
   device tree code for memory hotplug

 * Code for allowing access to SPRs from the gdb stub from Fabiano
   Rosas

 * Assorted minor fixes and cleanups

# gpg: Signature made Mon 18 Feb 2019 13:47:54 GMT
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-4.0-20190219: (43 commits)
  target/ppc: convert vmin* and vmax* to vector operations
  target/ppc: convert vadd*s and vsub*s to vector operations
  target/ppc: Split out VSCR_SAT to a vector field
  target/ppc: Add set_vscr_sat
  target/ppc: Use mtvscr/mfvscr for vmstate
  target/ppc: Add helper_mfvscr
  target/ppc: Remove vscr_nj and vscr_sat
  target/ppc: Use helper_mtvscr for reset and gdb
  target/ppc: Pass integer to helper_mtvscr
  target/ppc: convert xxsel to vector operations
  target/ppc: convert xxspltw to vector operations
  target/ppc: convert xxspltib to vector operations
  target/ppc: convert VSX logical operations to vector operations
  target/ppc: convert vsplt[bhw] to use vector operations
  target/ppc: convert vspltis[bhw] to use vector operations
  target/ppc: convert vaddu[b,h,w,d] and vsubu[b,h,w,d] over to use vector operations
  target/ppc: convert VMX logical instructions to use vector operations
  xics: Drop the KVM ICS class
  spapr/irq: Use the "simple" ICS class for KVM
  xics: Handle KVM interrupt presentation from "simple" ICS code
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agoMerge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2019-02-18' into staging
Peter Maydell [Mon, 18 Feb 2019 14:23:13 +0000 (14:23 +0000)] 
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2019-02-18' into staging

QAPI patches for 2019-02-18

# gpg: Signature made Mon 18 Feb 2019 13:44:30 GMT
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2019-02-18:
  qapi: move RTC_CHANGE to the target schema
  qmp: Deprecate query-events in favor of query-qmp-schema
  Revert "qapi-events: add 'if' condition to implicit event enum"
  qapi: remove qmp_unregister_command()
  qapi: make query-cpu-definitions depend on specific targets
  qapi: make query-cpu-model-expansion depend on s390 or x86
  qapi: make query-gic-capabilities depend on TARGET_ARM
  target.json: add a note about query-cpu* not being s390x-specific
  qapi: make s390 commands depend on TARGET_S390X
  qapi: make rtc-reset-reinjection and SEV depend on TARGET_I386
  qapi: New module target.json
  build: Deal with all of QAPI's .o in qapi/Makefile.objs
  build-sys: move qmp-introspect per target
  qapi: Generate QAPIEvent stuff into separate files
  qapi: Prepare for system modules other than 'builtin'
  qapi: Clean up modular built-in code generation a bit
  qapi: Fix up documentation for recent commit a95291007b2
  qapi: Belatedly document modular code generation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 months agoqapi: move RTC_CHANGE to the target schema
Marc-André Lureau [Thu, 14 Feb 2019 15:22:51 +0000 (16:22 +0100)] 
qapi: move RTC_CHANGE to the target schema

A few targets don't emit RTC_CHANGE, we could restrict the event to
the tagets that do emit it.

Note: There is a lot more of events & commands that we could restrict
to capable targets, with the cost of some additional complexity, but
the benefit of added correctness and better introspection.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190214152251.2073-19-armbru@redhat.com>

6 months agoqmp: Deprecate query-events in favor of query-qmp-schema
Markus Armbruster [Thu, 14 Feb 2019 15:22:50 +0000 (16:22 +0100)] 
qmp: Deprecate query-events in favor of query-qmp-schema

query-events doesn't reflect compile-time configuration.  Instead of
fixing that, deprecate the command in favor of query-qmp-schema.

Libvirt prefers query-qmp-schema as of commit 22d7222ec0 "qemu: caps:
Don't call 'query-events' when we probe events from QMP schema".
It'll be in the next release.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190214152251.2073-18-armbru@redhat.com>