qemu.git
23 months agoblock/iscsi: drop unallocated_blocks_are_zero
Vladimir Sementsov-Ogievskiy [Thu, 28 May 2020 09:44:01 +0000 (12:44 +0300)] 
block/iscsi: drop unallocated_blocks_are_zero

We set bdi->unallocated_blocks_are_zero = iscsilun->lbprz, but
iscsi_co_block_status doesn't return 0 in case of iscsilun->lbprz, it
returns ZERO when appropriate. So actually unallocated_blocks_are_zero
is useless (it doesn't affect the only user of the field:
bdrv_co_block_status()). Drop it now.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200528094405.145708-7-vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoblock/crypto: drop unallocated_blocks_are_zero
Vladimir Sementsov-Ogievskiy [Thu, 28 May 2020 09:44:00 +0000 (12:44 +0300)] 
block/crypto: drop unallocated_blocks_are_zero

It's false by default, no needs to set it. We are going to drop this
variable at all, so drop it now here, it doesn't hurt.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200528094405.145708-6-vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoblock/vpc: return ZERO block-status when appropriate
Vladimir Sementsov-Ogievskiy [Thu, 28 May 2020 09:43:59 +0000 (12:43 +0300)] 
block/vpc: return ZERO block-status when appropriate

In case when get_image_offset() returns -1, we do zero out the
corresponding chunk of qiov. So, this should be reported as ZERO.

Note that this changes visible output of "qemu-img map --output=json"
and "qemu-io -c map" commands. For qemu-img map, the change is obvious:
we just mark as zero what is really zero. For qemu-io it's less
obvious: what was unallocated now is allocated.

There is an inconsistency in understanding of unallocated regions in
Qemu: backing-supporting format-drivers return 0 block-status to report
go-to-backing logic for this area. Some protocol-drivers (iscsi) return
0 to report fs-unallocated-non-zero status (i.e., don't occupy space on
disk, read result is undefined).

BDRV_BLOCK_ALLOCATED is defined as something more close to
go-to-backing logic. Still it is calculated as ZERO | DATA, so 0 from
iscsi is treated as unallocated. It doesn't influence backing-chain
behavior, as iscsi can't have backing file. But it does influence
"qemu-io -c map".

We should solve this inconsistency at some future point. Now, let's
just make backing-not-supporting format drivers (vdi in the previous
patch and vpc now) to behave more like backing-supporting drivers
and not report 0 block-status. More over, returning ZERO status is
absolutely valid thing, and again, corresponds to how the other
format-drivers (backing-supporting) work.

After block-status update, it never reports 0, so setting
unallocated_blocks_are_zero doesn't make sense (as the only user of it
is bdrv_co_block_status and it checks unallocated_blocks_are_zero only
for unallocated areas). Drop it.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200528094405.145708-5-vsementsov@virtuozzo.com>
[mreitz: qemu-io -c map as used by iotest 146 now reports everything as
         allocated; in order to make the test do something useful, we
         use qemu-img map --output=json now]
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoblock/vdi: return ZERO block-status when appropriate
Vladimir Sementsov-Ogievskiy [Thu, 28 May 2020 09:43:58 +0000 (12:43 +0300)] 
block/vdi: return ZERO block-status when appropriate

In case of !VDI_IS_ALLOCATED[], we do zero out the corresponding chunk
of qiov. So, this should be reported as ZERO.

Note that this changes visible output of "qemu-img map --output=json"
and "qemu-io -c map" commands. For qemu-img map, the change is obvious:
we just mark as zero what is really zero. For qemu-io it's less
obvious: what was unallocated now is allocated.

There is an inconsistency in understanding of unallocated regions in
Qemu: backing-supporting format-drivers return 0 block-status to report
go-to-backing logic for this area. Some protocol-drivers (iscsi) return
0 to report fs-unallocated-non-zero status (i.e., don't occupy space on
disk, read result is undefined).

BDRV_BLOCK_ALLOCATED is defined as something more close to
go-to-backing logic. Still it is calculated as ZERO | DATA, so 0 from
iscsi is treated as unallocated. It doesn't influence backing-chain
behavior, as iscsi can't have backing file. But it does influence
"qemu-io -c map".

We should solve this inconsistency at some future point. Now, let's
just make backing-not-supporting format drivers (vdi at this patch and
vpc with the following) to behave more like backing-supporting drivers
and not report 0 block-status. More over, returning ZERO status is
absolutely valid thing, and again, corresponds to how the other
format-drivers (backing-supporting) work.

After block-status update, it never reports 0, so setting
unallocated_blocks_are_zero doesn't make sense (as the only user of it
is bdrv_co_block_status and it checks unallocated_blocks_are_zero only
for unallocated areas). Drop it.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200528094405.145708-4-vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoblock: inline bdrv_unallocated_blocks_are_zero()
Vladimir Sementsov-Ogievskiy [Thu, 28 May 2020 09:43:57 +0000 (12:43 +0300)] 
block: inline bdrv_unallocated_blocks_are_zero()

The function has only one user: bdrv_co_block_status(). Inline it to
simplify reviewing of the following patches, which will finally drop
unallocated_blocks_are_zero field too.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200528094405.145708-3-vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoqemu-img: convert: don't use unallocated_blocks_are_zero
Vladimir Sementsov-Ogievskiy [Thu, 28 May 2020 09:43:56 +0000 (12:43 +0300)] 
qemu-img: convert: don't use unallocated_blocks_are_zero

qemu-img convert wants to distinguish ZERO which comes from short
backing files. unallocated_blocks_are_zero field of bdi is unrelated:
space after EOF is always considered to be zero anyway. So, just make
post_backing_zero true in case of short backing file.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200528094405.145708-2-vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoiotests: add tests for blockdev-amend
Maxim Levitsky [Thu, 25 Jun 2020 12:55:48 +0000 (14:55 +0200)] 
iotests: add tests for blockdev-amend

This commit adds two tests that cover the
new blockdev-amend functionality of luks and qcow2 driver

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[mreitz: Let 295 verify that LUKS works; drop 295 and 296 from the auto
         group]
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200625125548.870061-20-mreitz@redhat.com>

23 months agoblock/qcow2: implement blockdev-amend
Maxim Levitsky [Thu, 25 Jun 2020 12:55:47 +0000 (14:55 +0200)] 
block/qcow2: implement blockdev-amend

Currently the implementation only supports amending the encryption
options, unlike the qemu-img version

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200608094030.670121-14-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoblock/crypto: implement blockdev-amend
Maxim Levitsky [Thu, 25 Jun 2020 12:55:46 +0000 (14:55 +0200)] 
block/crypto: implement blockdev-amend

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200608094030.670121-13-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoblock/core: add generic infrastructure for x-blockdev-amend qmp command
Maxim Levitsky [Thu, 25 Jun 2020 12:55:45 +0000 (14:55 +0200)] 
block/core: add generic infrastructure for x-blockdev-amend qmp command

blockdev-amend will be used similiar to blockdev-create
to allow on the fly changes of the structure of the format based block devices.

Current plan is to first support encryption keyslot management for luks
based formats (raw and embedded in qcow2)

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200608094030.670121-12-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoiotests: qemu-img tests for luks key management
Maxim Levitsky [Thu, 25 Jun 2020 12:55:44 +0000 (14:55 +0200)] 
iotests: qemu-img tests for luks key management

This commit adds two tests, which test the new amend interface
of both luks raw images and qcow2 luks encrypted images.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[mreitz: Let 293 verify that LUKS works; drop $(seq) usage from 293;
         drop 293 and 294 from the auto group]
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200625125548.870061-16-mreitz@redhat.com>

23 months agoblock/qcow2: extend qemu-img amend interface with crypto options
Maxim Levitsky [Thu, 25 Jun 2020 12:55:43 +0000 (14:55 +0200)] 
block/qcow2: extend qemu-img amend interface with crypto options

Now that we have all the infrastructure in place,
wire it in the qcow2 driver and expose this to the user.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200608094030.670121-9-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoblock/crypto: implement the encryption key management
Maxim Levitsky [Thu, 25 Jun 2020 12:55:42 +0000 (14:55 +0200)] 
block/crypto: implement the encryption key management

This implements the encryption key management using the generic code in
qcrypto layer and exposes it to the user via qemu-img

This code adds another 'write_func' because the initialization
write_func works directly on the underlying file, and amend
works on instance of luks device.

This commit also adds a 'hack/workaround' I and Kevin Wolf (thanks)
made to make the driver both support write sharing (to avoid breaking the users),
and be safe against concurrent  metadata update (the keyslots)

Eventually the write sharing for luks driver will be deprecated
and removed together with this hack.

The hack is that we ask (as a format driver) for BLK_PERM_CONSISTENT_READ
and then when we want to update the keys, we unshare that permission.
So if someone else has the image open, even readonly, encryption
key update will fail gracefully.

Also thanks to Daniel Berrange for the idea of
unsharing read, rather that write permission which allows
to avoid cases when the other user had opened the image read-only.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200608094030.670121-8-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoblock/crypto: rename two functions
Maxim Levitsky [Thu, 25 Jun 2020 12:55:41 +0000 (14:55 +0200)] 
block/crypto: rename two functions

rename the write_func to create_write_func, and init_func to create_init_func.
This is preparation for other write_func that will be used to update the encryption keys.

No functional changes

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200608094030.670121-7-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoblock/amend: refactor qcow2 amend options
Maxim Levitsky [Thu, 25 Jun 2020 12:55:40 +0000 (14:55 +0200)] 
block/amend: refactor qcow2 amend options

Some qcow2 create options can't be used for amend.
Remove them from the qcow2 create options and add generic logic to detect
such options in qemu-img

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[mreitz: Dropped some iotests reference output hunks that became
         unnecessary thanks to
         "iotests: Make _filter_img_create more active"]
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200625125548.870061-12-mreitz@redhat.com>

23 months agoblock/amend: separate amend and create options for qemu-img
Maxim Levitsky [Thu, 25 Jun 2020 12:55:39 +0000 (14:55 +0200)] 
block/amend: separate amend and create options for qemu-img

Some options are only useful for creation
(or hard to be amended, like cluster size for qcow2), while some other
options are only useful for amend, like upcoming keyslot management
options for luks

Since currently only qcow2 supports amend, move all its options
to a common macro and then include it in each action option list.

In future it might be useful to remove some options which are
not supported anyway from amend list, which currently
cause an error message if amended.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200608094030.670121-5-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoblock/amend: add 'force' option
Maxim Levitsky [Thu, 25 Jun 2020 12:55:38 +0000 (14:55 +0200)] 
block/amend: add 'force' option

'force' option will be used for some unsafe amend operations.

This includes things like erasing last keyslot in luks based formats
(which destroys the data, unless the master key is backed up
by external means), but that _might_ be desired result.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200608094030.670121-4-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoqcrypto/luks: implement encryption key management
Maxim Levitsky [Thu, 25 Jun 2020 12:55:37 +0000 (14:55 +0200)] 
qcrypto/luks: implement encryption key management

Next few patches will expose that functionality to the user.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200608094030.670121-3-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoqcrypto/core: add generic infrastructure for crypto options amendment
Maxim Levitsky [Thu, 25 Jun 2020 12:55:36 +0000 (14:55 +0200)] 
qcrypto/core: add generic infrastructure for crypto options amendment

This will be used first to implement luks keyslot management.

block_crypto_amend_opts_init will be used to convert
qemu-img cmdline to QCryptoBlockAmendOptions

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200608094030.670121-2-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoiotests: Check whether luks works
Max Reitz [Thu, 25 Jun 2020 12:55:35 +0000 (14:55 +0200)] 
iotests: Check whether luks works

Whenever running an iotest for the luks format, we should check whether
luks actually really works.

Tests that try to create luks-encrypted qcow2 images should do the same.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200625125548.870061-7-mreitz@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
23 months agoiotests.py: Add (verify|has)_working_luks()
Max Reitz [Thu, 25 Jun 2020 12:55:34 +0000 (14:55 +0200)] 
iotests.py: Add (verify|has)_working_luks()

Similar to _require_working_luks for bash tests, these functions can be
used to check whether our luks driver can actually create images.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200625125548.870061-6-mreitz@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
23 months agoiotests.py: Add qemu_img_pipe_and_status()
Max Reitz [Thu, 25 Jun 2020 12:55:33 +0000 (14:55 +0200)] 
iotests.py: Add qemu_img_pipe_and_status()

This function will be used by the next patch, which intends to check
both the exit code and qemu-img's output.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200625125548.870061-5-mreitz@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
[mreitz: Rebased on 49438972b8c2e]
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoiotests/common.rc: Add _require_working_luks
Max Reitz [Thu, 25 Jun 2020 12:55:32 +0000 (14:55 +0200)] 
iotests/common.rc: Add _require_working_luks

That the luks driver is present is little indication on whether it is
actually working.  Without the crypto libraries linked in, it does not
work.  So add this function, which tries to create a luks image to see
whether that actually works.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200625125548.870061-4-mreitz@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
23 months agoiotests: filter few more luks specific create options
Maxim Levitsky [Thu, 25 Jun 2020 12:55:31 +0000 (14:55 +0200)] 
iotests: filter few more luks specific create options

This allows more tests to be able to have same output on both qcow2 luks encrypted images
and raw luks images

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20200625125548.870061-3-mreitz@redhat.com>

23 months agoiotests: Make _filter_img_create more active
Max Reitz [Thu, 25 Jun 2020 12:55:30 +0000 (14:55 +0200)] 
iotests: Make _filter_img_create more active

Right now, _filter_img_create just filters out everything that looks
format-dependent, and applies some filename filters.  That means that we
have to add another filter line every time some format gets a new
creation option.  This can be avoided by instead discarding everything
and just keeping what we know is format-independent (format, size,
backing file, encryption information[1], preallocation) or just
interesting to have in the reference output (external data file path).

Furthermore, we probably want to sort these options.  Format drivers are
not required to define them in any specific order, so the output is
effectively random (although this has never bothered us until now).  We
need a specific order for our reference outputs, though.  Unfortunately,
just using a plain "sort" would change a lot of existing reference
outputs, so we have to pre-filter the option keys to keep our existing
order (fmt, size, backing*, data, encryption info, preallocation).

Finally, this makes it difficult for _filter_img_create to automagically
work for QMP output.  Thus, this patch adds a separate
_filter_img_create_for_qmp function that echos every line verbatim that
does not start with "Formatting", and pipes those "Formatting" lines to
_filter_img_create.

[1] Actually, the only thing that is really important is whether
    encryption is enabled or not.  A patch by Maxim thus removes all
    other "encrypt.*" options from the output:
    https://lists.nongnu.org/archive/html/qemu-block/2020-06/msg00339.html
    But that patch needs to come later so we can get away with changing
    as few reference outputs in this patch here as possible.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200625125548.870061-2-mreitz@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
23 months agoqcow2: Fix preallocation on images with unaligned sizes
Alberto Garcia [Wed, 17 Jun 2020 14:00:36 +0000 (16:00 +0200)] 
qcow2: Fix preallocation on images with unaligned sizes

When resizing an image with qcow2_co_truncate() using the falloc or
full preallocation modes the code assumes that both the old and new
sizes are cluster-aligned.

There are two problems with this:

  1) The calculation of how many clusters are involved does not always
     get the right result.

     Example: creating a 60KB image and resizing it (with
     preallocation=full) to 80KB won't allocate the second cluster.

  2) No copy-on-write is performed, so in the previous example if
     there is a backing file then the first 60KB of the first cluster
     won't be filled with data from the backing file.

This patch fixes both issues.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20200617140036.20311-1-berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoblock/block-copy: block_copy_dirty_clusters: fix failure check
Vladimir Sementsov-Ogievskiy [Tue, 26 May 2020 18:13:47 +0000 (21:13 +0300)] 
block/block-copy: block_copy_dirty_clusters: fix failure check

ret may be > 0 on success path at this point. Fix assertion, which may
crash currently.

Fixes: 4ce5dd3e9b5ee0fac18625860eb3727399ee965e
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200526181347.489557-1-vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
23 months agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200703' into...
Peter Maydell [Sat, 4 Jul 2020 15:08:41 +0000 (16:08 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200703' into staging

target-arm queue:
 * i.MX6UL EVK board: put PHYs in the correct places
 * hw/arm/virt: Let the virtio-iommu bypass MSIs
 * target/arm: kvm: Handle DABT with no valid ISS
 * hw/arm/virt-acpi-build: Only expose flash on older machine types
 * target/arm: Fix temp double-free in sve ldr/str
 * hw/display/bcm2835_fb.c: Initialize all fields of struct
 * hw/arm/spitz: Code cleanup to fix Coverity-detected memory leak
 * Deprecate TileGX port

# gpg: Signature made Fri 03 Jul 2020 17:53:05 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200703: (34 commits)
  Deprecate TileGX port
  Replace uses of FROM_SSI_SLAVE() macro with QOM casts
  hw/arm/spitz: Provide usual QOM macros for corgi-ssp and spitz-lcdtg
  hw/arm/pxa2xx_pic: Use LOG_GUEST_ERROR for bad guest register accesses
  hw/arm/spitz: Use LOG_GUEST_ERROR for bad guest register accesses
  hw/gpio/zaurus.c: Use LOG_GUEST_ERROR for bad guest register accesses
  hw/arm/spitz: Encapsulate misc GPIO handling in a device
  hw/misc/max111x: Create header file for documentation, TYPE_ macros
  hw/misc/max111x: Use GPIO lines rather than max111x_set_input()
  hw/arm/spitz: Use max111x properties to set initial values
  ssi: Add ssi_realize_and_unref()
  hw/misc/max111x: Don't use vmstate_register()
  hw/misc/max111x: provide QOM properties for setting initial values
  hw/arm/spitz: Implement inbound GPIO lines for bit5 and power signals
  hw/arm/spitz: Keep pointers to scp0, scp1 in SpitzMachineState
  hw/arm/spitz: Keep pointers to MPU and SSI devices in SpitzMachineState
  hw/arm/spitz: Create SpitzMachineClass abstract base class
  hw/arm/spitz: Detabify
  hw/display/bcm2835_fb.c: Initialize all fields of struct
  target/arm: Fix temp double-free in sve ldr/str
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoMerge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20200703a' into...
Peter Maydell [Sat, 4 Jul 2020 14:05:43 +0000 (15:05 +0100)] 
Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20200703a' into staging

virtiofsd+migration pull 2020-07-03

A couple of small migration fixes, and some capability
rework for virtiofsd.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
# gpg: Signature made Fri 03 Jul 2020 16:26:35 BST
# gpg:                using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert/tags/pull-migration-20200703a:
  migration: Count new_dirty instead of real_dirty
  migration: postcopy take proper error return
  virtiofsd: Allow addition or removal of capabilities
  virtiofsd: Check capability calls
  virtiofsd: Terminate capability list

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoMerge remote-tracking branch 'remotes/cohuck/tags/s390x-20200703' into staging
Peter Maydell [Sat, 4 Jul 2020 09:24:07 +0000 (10:24 +0100)] 
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200703' into staging

s390 update:
- various fixes
- cleanup in the s390x-ccw bios

# gpg: Signature made Fri 03 Jul 2020 11:04:08 BST
# gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [marginal]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [marginal]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [marginal]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20200703:
  s390x/pci: fix set_ind_atomic
  virtio-ccw: fix virtio_set_ind_atomic
  target/s390x: Fix SQXBR
  pc-bios/s390: Update s390-ccw bios binaries with the latest changes
  pc-bios/s390-ccw: Generate and include dependency files in the Makefile
  pc-bios: s390x: Make u32 ptr check explicit
  pc-bios: s390x: Use ebcdic2ascii table
  pc-bios: s390x: Move panic() into header and add infinite loop
  pc-bios: s390x: Use PSW masks where possible and introduce PSW_MASK_SHORT_ADDR
  pc-bios: s390x: Rename PSW_MASK_ZMODE to PSW_MASK_64
  pc-bios: s390x: Get rid of magic offsets into the lowcore
  pc-bios: s390x: Move sleep and yield to helper.h
  pc-bios: s390x: Consolidate timing functions into time.h
  pc-bios: s390x: cio.c cleanup and compile fix

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Fri, 3 Jul 2020 16:55:31 +0000 (17:55 +0100)] 
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- qemu-img convert: Don't pre-zero images (removes nowadays
  counterproductive optimisation)
- qemu-storage-daemon: Fix object-del, cleaner shutdown
- vvfat: Check that the guest doesn't escape the given host directory
  with read-write vvfat drives
- vvfat: Fix crash by out-of-bounds array writes for read-write drives
- iotests fixes

# gpg: Signature made Fri 03 Jul 2020 10:20:46 BST
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  iotests: Fix 051 output after qdev_init_nofail() removal
  iotests.py: Do not wait() before communicate()
  vvfat: Fix array_remove_slice()
  vvfat: Check that updated filenames are valid
  qemu-storage-daemon: add missing cleanup calls
  qemu-storage-daemon: remember to add qemu_object_opts
  qemu-img convert: Don't pre-zero images

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoDeprecate TileGX port
Peter Maydell [Fri, 3 Jul 2020 15:59:46 +0000 (16:59 +0100)] 
Deprecate TileGX port

Deprecate our TileGX target support:
 * we have no active maintainer for it
 * it has had essentially no contributions (other than tree-wide cleanups
   and similar) since it was first added
 * the Linux kernel dropped support in 2018, as has glibc

Note the deprecation in the manual, but don't try to print a warning
when QEMU runs -- printing unsuppressable messages is more obtrusive
for linux-user mode than it would be for system-emulation mode, and
it doesn't seem worth trying to invent a new suppressible-error
system for linux-user just for this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20200619154831.26319-1-peter.maydell@linaro.org

23 months agoReplace uses of FROM_SSI_SLAVE() macro with QOM casts
Peter Maydell [Fri, 3 Jul 2020 15:59:46 +0000 (16:59 +0100)] 
Replace uses of FROM_SSI_SLAVE() macro with QOM casts

The FROM_SSI_SLAVE() macro predates QOM and is used as a typesafe way
to cast from an SSISlave* to the instance struct of a subtype of
TYPE_SSI_SLAVE.  Switch to using the QOM cast macros instead, which
have the same effect (by writing the QOM macros if the types were
previously missing them.)

(The FROM_SSI_SLAVE() macro allows the SSISlave member of the
subtype's struct to be anywhere as long as it is named "ssidev",
whereas a QOM cast macro insists that it is the first thing in the
subtype's struct.  This is true for all the types we convert here.)

This removes all the uses of FROM_SSI_SLAVE() so we can delete the
definition.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-18-peter.maydell@linaro.org

23 months agohw/arm/spitz: Provide usual QOM macros for corgi-ssp and spitz-lcdtg
Peter Maydell [Fri, 3 Jul 2020 15:59:46 +0000 (16:59 +0100)] 
hw/arm/spitz: Provide usual QOM macros for corgi-ssp and spitz-lcdtg

The QOM types "spitz-lcdtg" and "corgi-ssp" are missing the
usual QOM TYPE and casting macros; provide and use them.

In particular, we can safely use the QOM cast macros instead of
FROM_SSI_SLAVE() because in both cases the 'ssidev' field of
the instance state struct is the first field in it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-17-peter.maydell@linaro.org

23 months agohw/arm/pxa2xx_pic: Use LOG_GUEST_ERROR for bad guest register accesses
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)] 
hw/arm/pxa2xx_pic: Use LOG_GUEST_ERROR for bad guest register accesses

Instead of using printf() for logging guest accesses to invalid
register offsets in the pxa2xx PIC device, use the usual
qemu_log_mask(LOG_GUEST_ERROR,...).

This was the only user of the REG_FMT macro in pxa.h, so we can
remove that.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-16-peter.maydell@linaro.org

23 months agohw/arm/spitz: Use LOG_GUEST_ERROR for bad guest register accesses
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)] 
hw/arm/spitz: Use LOG_GUEST_ERROR for bad guest register accesses

Instead of logging guest accesses to invalid register offsets in the
Spitz flash device with zaurus_printf() (which just prints to stderr),
use the usual qemu_log_mask(LOG_GUEST_ERROR,...).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-15-peter.maydell@linaro.org

23 months agohw/gpio/zaurus.c: Use LOG_GUEST_ERROR for bad guest register accesses
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)] 
hw/gpio/zaurus.c: Use LOG_GUEST_ERROR for bad guest register accesses

Instead of logging guest accesses to invalid register offsets in this
device using zaurus_printf() (which just prints to stderr), use the
usual qemu_log_mask(LOG_GUEST_ERROR,...).

Since this was the only use of the zaurus_printf() macro outside
spitz.c, we can move the definition of that macro from sharpsl.h
to spitz.c.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-14-peter.maydell@linaro.org

23 months agohw/arm/spitz: Encapsulate misc GPIO handling in a device
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)] 
hw/arm/spitz: Encapsulate misc GPIO handling in a device

Currently we have a free-floating set of IRQs and a function
spitz_out_switch() which handle some miscellaneous GPIO lines for the
spitz board.  Encapsulate this behaviour in a simple QOM device.

At this point we can finally remove the 'max1111' global, because the
ADC battery-temperature value is now handled by the misc-gpio device
writing the value to its outbound "adc-temp" GPIO, which the board
code wires up to the appropriate inbound GPIO line on the max1111.

This commit also fixes Coverity issue CID 1421913 (which pointed out
that the 'outsignals' in spitz_scoop_gpio_setup() were leaked),
because it removes the use of the qemu_allocate_irqs() API from this
code entirely.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-13-peter.maydell@linaro.org

23 months agohw/misc/max111x: Create header file for documentation, TYPE_ macros
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)] 
hw/misc/max111x: Create header file for documentation, TYPE_ macros

Create a header file for the hw/misc/max111x device, in the
usual modern style for QOM devices:
 * definition of the TYPE_ constants and macros
 * definition of the device's state struct so that it can
   be embedded in other structs if desired
 * documentation of the interface

This allows us to use TYPE_MAX_1111 in the spitz.c code rather
than the string "max1111".

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200628142429.17111-12-peter.maydell@linaro.org

23 months agohw/misc/max111x: Use GPIO lines rather than max111x_set_input()
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)] 
hw/misc/max111x: Use GPIO lines rather than max111x_set_input()

The max111x ADC device model allows other code to set the level on
the 8 ADC inputs using the max111x_set_input() function.  Replace
this with generic qdev GPIO inputs, which also allow inputs to be set
to arbitrary values.

Using GPIO lines will make it easier for board code to wire things
up, so that if device A wants to set the ADC input it doesn't need to
have a direct pointer to the max111x but can just set that value on
its output GPIO, which is then wired up by the board to the
appropriate max111x input.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-11-peter.maydell@linaro.org

23 months agohw/arm/spitz: Use max111x properties to set initial values
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)] 
hw/arm/spitz: Use max111x properties to set initial values

Use the new max111x qdev properties to set the initial input
values rather than calling max111x_set_input(); this means that
on system reset the inputs will correctly return to their initial
values.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200628142429.17111-10-peter.maydell@linaro.org

23 months agossi: Add ssi_realize_and_unref()
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)] 
ssi: Add ssi_realize_and_unref()

Add an ssi_realize_and_unref(), for the benefit of callers
who want to be able to create an SSI device, set QOM properties
on it, and then do the realize-and-unref afterwards.

The API works on the same principle as the recently added
qdev_realize_and_undef(), sysbus_realize_and_undef(), etc.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-9-peter.maydell@linaro.org

23 months agohw/misc/max111x: Don't use vmstate_register()
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)] 
hw/misc/max111x: Don't use vmstate_register()

The max111x is a proper qdev device; we can use dc->vmsd rather than
directly calling vmstate_register().

It's possible that this is a migration compat break, but the only
boards that use this device are the spitz-family ('akita', 'borzoi',
'spitz', 'terrier').

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-8-peter.maydell@linaro.org

23 months agohw/misc/max111x: provide QOM properties for setting initial values
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)] 
hw/misc/max111x: provide QOM properties for setting initial values

Add some QOM properties to the max111x ADC device to allow the
initial values to be configured. Currently this is done by
board code calling max111x_set_input() after it creates the
device, which doesn't work on system reset.

This requires us to implement a reset method for this device,
so while we're doing that make sure we reset the other parts
of the device state.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-7-peter.maydell@linaro.org

23 months agohw/arm/spitz: Implement inbound GPIO lines for bit5 and power signals
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)] 
hw/arm/spitz: Implement inbound GPIO lines for bit5 and power signals

Currently the Spitz board uses a nasty hack for the GPIO lines
that pass "bit5" and "power" information to the LCD controller:
the lcdtg realize function sets a global variable to point to
the instance it just realized, and then the functions spitz_bl_power()
and spitz_bl_bit5() use that to find the device they are changing
the internal state of. There is a comment reading:
 FIXME: Implement GPIO properly and remove this hack.
which was added in 2009.

Implement GPIO properly and remove this hack.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-6-peter.maydell@linaro.org

23 months agohw/arm/spitz: Keep pointers to scp0, scp1 in SpitzMachineState
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)] 
hw/arm/spitz: Keep pointers to scp0, scp1 in SpitzMachineState

Keep pointers to scp0, scp1 in SpitzMachineState, and just pass
that to spitz_scoop_gpio_setup().

(We'll want to use some of the other fields in SpitzMachineState
in that function in the next commit.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-5-peter.maydell@linaro.org

23 months agohw/arm/spitz: Keep pointers to MPU and SSI devices in SpitzMachineState
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)] 
hw/arm/spitz: Keep pointers to MPU and SSI devices in SpitzMachineState

Keep pointers to the MPU and the SSI devices in SpitzMachineState.
We're going to want to make GPIO connections between some of the
SSI devices and the SCPs, so we want to keep hold of a pointer to
those; putting the MPU into the struct allows us to pass just
one thing to spitz_ssp_attach() rather than two.

We have to retain the setting of the global "max1111" variable
for the moment as it is used in spitz_adc_temp_on(); later in
this series of commits we will be able to remove it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-4-peter.maydell@linaro.org

23 months agohw/arm/spitz: Create SpitzMachineClass abstract base class
Peter Maydell [Fri, 3 Jul 2020 15:59:43 +0000 (16:59 +0100)] 
hw/arm/spitz: Create SpitzMachineClass abstract base class

For the four Spitz-family machines (akita, borzoi, spitz, terrier)
create a proper abstract class SpitzMachineClass which encapsulates
the common behaviour, rather than having them all derive directly
from TYPE_MACHINE:
 * instead of each machine class setting mc->init to a wrapper
   function which calls spitz_common_init() with parameters,
   put that data in the SpitzMachineClass and make spitz_common_init
   the SpitzMachineClass machine-init function
 * move the settings of mc->block_default_type and
   mc->ignore_memory_transaction_failures into the SpitzMachineClass
   class init rather than repeating them in each machine's class init

(The motivation is that we're going to want to keep some state in
the SpitzMachineState so we can connect GPIOs between devices created
in one sub-function of the machine init to devices created in a
different sub-function.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200628142429.17111-3-peter.maydell@linaro.org

23 months agohw/arm/spitz: Detabify
Peter Maydell [Fri, 3 Jul 2020 15:59:43 +0000 (16:59 +0100)] 
hw/arm/spitz: Detabify

The spitz board has been around a long time, and still has a fair number
of hard-coded tab characters in it. We're about to do some work on
this source file, so start out by expanding out the tabs.

This commit is a pure whitespace only change.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200628142429.17111-2-peter.maydell@linaro.org

23 months agohw/display/bcm2835_fb.c: Initialize all fields of struct
Peter Maydell [Fri, 3 Jul 2020 15:59:43 +0000 (16:59 +0100)] 
hw/display/bcm2835_fb.c: Initialize all fields of struct

In bcm2835_fb_mbox_push(), Coverity complains (CID 1429989) that we
pass a pointer to a local struct to another function without
initializing all its fields.  This is a real bug:
bcm2835_fb_reconfigure() copies the whole of our new BCM2385FBConfig
struct into s->config, so any fields we don't initialize will corrupt
the state of the device.

Copy the two fields which we don't want to update (pixo and alpha)
from the existing config so we don't accidentally change them.

Fixes: cfb7ba983857e40e88
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200628195436.27582-1-peter.maydell@linaro.org

23 months agotarget/arm: Fix temp double-free in sve ldr/str
Richard Henderson [Fri, 3 Jul 2020 15:59:43 +0000 (16:59 +0100)] 
target/arm: Fix temp double-free in sve ldr/str

The temp that gets assigned to clean_addr has been allocated with
new_tmp_a64, which means that it will be freed at the end of the
instruction.  Freeing it earlier leads to assertion failure.

The loop creates a complication, in which we allocate a new local
temp, which does need freeing, and the final code path is shared
between the loop and non-loop.

Fix this complication by adding new_tmp_a64_local so that the new
local temp is freed at the end, and can be treated exactly like
the non-loop path.

Fixes: bba87d0a0f4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200702175605.1987125-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotests/acpi: virt: update golden masters for DSDT
Andrew Jones [Fri, 3 Jul 2020 15:59:43 +0000 (16:59 +0100)] 
tests/acpi: virt: update golden masters for DSDT

Differences between disassembled ASL files for DSDT:

@@ -5,13 +5,13 @@
  *
  * Disassembling to symbolic ASL+ operators
  *
- * Disassembly of a, Mon Jun 29 09:50:01 2020
+ * Disassembly of b, Mon Jun 29 09:50:03 2020
  *
  * Original Table Header:
  *     Signature        "DSDT"
- *     Length           0x000014BB (5307)
+ *     Length           0x00001455 (5205)
  *     Revision         0x02
- *     Checksum         0xD1
+ *     Checksum         0xE1
  *     OEM ID           "BOCHS "
  *     OEM Table ID     "BXPCDSDT"
  *     OEM Revision     0x00000001 (1)
@@ -45,32 +45,6 @@
             })
         }

-        Device (FLS0)
-        {
-            Name (_HID, "LNRO0015")  // _HID: Hardware ID
-            Name (_UID, Zero)  // _UID: Unique ID
-            Name (_CRS, ResourceTemplate ()  // _CRS: Current Resource Settings
-            {
-                Memory32Fixed (ReadWrite,
-                    0x00000000,         // Address Base
-                    0x04000000,         // Address Length
-                    )
-            })
-        }
-
-        Device (FLS1)
-        {
-            Name (_HID, "LNRO0015")  // _HID: Hardware ID
-            Name (_UID, One)  // _UID: Unique ID
-            Name (_CRS, ResourceTemplate ()  // _CRS: Current Resource Settings
-            {
-                Memory32Fixed (ReadWrite,
-                    0x04000000,         // Address Base
-                    0x04000000,         // Address Length
-                    )
-            })
-        }
-
         Device (FWCF)
         {
             Name (_HID, "QEMU0002")  // _HID: Hardware ID

The other two binaries have the same changes (the removal of the
flash devices).

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 20200629140938.17566-5-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/arm/virt-acpi-build: Only expose flash on older machine types
Andrew Jones [Fri, 3 Jul 2020 15:59:43 +0000 (16:59 +0100)] 
hw/arm/virt-acpi-build: Only expose flash on older machine types

The flash device is exclusively for the host-controlled firmware, so
we should not expose it to the OS. Exposing it risks the OS messing
with it, which could break firmware runtime services and surprise the
OS when all its changes disappear after reboot.

As firmware needs the device and uses DT, we leave the device exposed
there. It's up to firmware to remove the nodes from DT before sending
it on to the OS. However, there's no need to force firmware to remove
tables from ACPI (which it doesn't know how to do anyway), so we
simply don't add the tables in the first place. But, as we've been
adding the tables for quite some time and don't want to change the
default hardware exposed to versioned machines, then we only stop
exposing the flash device tables for 5.1 and later machine types.

Suggested-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 20200629140938.17566-4-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotests/acpi: virt: allow DSDT acpi table changes
Andrew Jones [Fri, 3 Jul 2020 15:59:43 +0000 (16:59 +0100)] 
tests/acpi: virt: allow DSDT acpi table changes

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20200629140938.17566-3-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotests/acpi: remove stale allowed tables
Andrew Jones [Fri, 3 Jul 2020 15:59:42 +0000 (16:59 +0100)] 
tests/acpi: remove stale allowed tables

Fixes: 93dd625f8bf7 ("tests/acpi: update expected data files")
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20200629140938.17566-2-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotarget/arm: kvm: Handle misconfigured dabt injection
Beata Michalska [Fri, 3 Jul 2020 15:59:42 +0000 (16:59 +0100)] 
target/arm: kvm: Handle misconfigured dabt injection

Injecting external data abort through KVM might trigger
an issue on kernels that do not get updated to include the KVM fix.
For those and aarch32 guests, the injected abort gets misconfigured
to be an implementation defined exception. This leads to the guest
repeatedly re-running the faulting instruction.

Add support for handling that case.

[
Fixed-by: 018f22f95e8a
('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
Fixed-by: 21aecdbd7f3a
('KVM: arm: Make inject_abt32() inject an external abort instead')
]

Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
Acked-by: Andrew Jones <drjones@redhat.com>
Message-id: 20200629114110.30723-3-beata.michalska@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotarget/arm: kvm: Handle DABT with no valid ISS
Beata Michalska [Fri, 3 Jul 2020 15:59:42 +0000 (16:59 +0100)] 
target/arm: kvm: Handle DABT with no valid ISS

On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate those instruction which is one of the
(many) reasons why KVM will not even try to do so.

Add support for handling those by requesting KVM to inject external
dabt into the quest.

Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 20200629114110.30723-2-beata.michalska@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/arm/virt: Let the virtio-iommu bypass MSIs
Eric Auger [Fri, 3 Jul 2020 15:59:42 +0000 (16:59 +0100)] 
hw/arm/virt: Let the virtio-iommu bypass MSIs

At the moment the virtio-iommu translates MSI transactions.
This behavior is inherited from ARM SMMU. The virt machine
code knows where the guest MSI doorbells are so we can easily
declare those regions as VIRTIO_IOMMU_RESV_MEM_T_MSI. With that
setting the guest will not map MSIs through the IOMMU and those
transactions will be simply bypassed.

Depending on which MSI controller is in use (ITS or GICV2M),
we declare either:
- the ITS interrupt translation space (ITS_base + 0x10000),
  containing the GITS_TRANSLATOR or
- The GICV2M single frame, containing the MSI_SETSP_NS register.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20200629070404.10969-6-eric.auger@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agovirtio-iommu-pci: Add array of Interval properties
Eric Auger [Fri, 3 Jul 2020 15:59:42 +0000 (16:59 +0100)] 
virtio-iommu-pci: Add array of Interval properties

The machine may need to pass reserved regions to the
virtio-iommu-pci device (such as the MSI window on x86
or the MSI doorbells on ARM).

So let's add an array of Interval properties.

Note: if some reserved regions are already set by the
machine code - which should be the case in general -,
the length of the property array is already set and
prevents the end-user from modifying them. For example,
attempting to use:

-device virtio-iommu-pci,\
 len-reserved-regions=1,reserved-regions[0]=0xfee00000:0xfeefffff:1

would result in the following error message:

qemu-system-aarch64: -device virtio-iommu-pci,addr=0xa,
len-reserved-regions=1,reserved-regions[0]=0xfee00000:0xfeefffff:1:
array size property len-reserved-regions may not be set more than once

Otherwise, for example, adding two reserved regions is achieved
using the following options:

-device virtio-iommu-pci,addr=0xa,len-reserved-regions=2,\
 reserved-regions[0]=0xfee00000:0xfeefffff:1,\
 reserved-regions[1]=0x1000000:100ffff:1

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Xu <peterx@redhat.com>
Message-id: 20200629070404.10969-5-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agovirtio-iommu: Handle reserved regions in the translation process
Eric Auger [Fri, 3 Jul 2020 15:59:42 +0000 (16:59 +0100)] 
virtio-iommu: Handle reserved regions in the translation process

When translating an address we need to check if it belongs to
a reserved virtual address range. If it does, there are 2 cases:

- it belongs to a RESERVED region: the guest should neither use
  this address in a MAP not instruct the end-point to DMA on
  them. We report an error

- It belongs to an MSI region: we bypass the translation.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20200629070404.10969-4-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agovirtio-iommu: Implement RESV_MEM probe request
Eric Auger [Fri, 3 Jul 2020 15:59:42 +0000 (16:59 +0100)] 
virtio-iommu: Implement RESV_MEM probe request

This patch implements the PROBE request. At the moment,
only THE RESV_MEM property is handled. The first goal is
to report iommu wide reserved regions such as the MSI regions
set by the machine code. On x86 this will be the IOAPIC MSI
region, [0xFEE00000 - 0xFEEFFFFF], on ARM this may be the ITS
doorbell.

In the future we may introduce per device reserved regions.
This will be useful when protecting host assigned devices
which may expose their own reserved regions

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20200629070404.10969-3-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoqdev: Introduce DEFINE_PROP_RESERVED_REGION
Eric Auger [Fri, 3 Jul 2020 15:59:41 +0000 (16:59 +0100)] 
qdev: Introduce DEFINE_PROP_RESERVED_REGION

Introduce a new property defining a reserved region:
<low address>:<high address>:<type>.

This will be used to encode reserved IOVA regions.

For instance, in virtio-iommu use case, reserved IOVA regions
will be passed by the machine code to the virtio-iommu-pci
device (an array of those). The type of the reserved region
will match the virtio_iommu_probe_resv_mem subtype value:
- VIRTIO_IOMMU_RESV_MEM_T_RESERVED (0)
- VIRTIO_IOMMU_RESV_MEM_T_MSI (1)

on PC/Q35 machine, this will be used to inform the
virtio-iommu-pci device it should bypass the MSI region.
The reserved region will be: 0xfee00000:0xfeefffff:1.

On ARM, we can declare the ITS MSI doorbell as an MSI
region to prevent MSIs from being mapped on guest side.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20200629070404.10969-2-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoSelect MDIO device 2 and 1 as PHY devices for i.MX6UL EVK board.
Jean-Christophe Dubois [Fri, 3 Jul 2020 15:59:41 +0000 (16:59 +0100)] 
Select MDIO device 2 and 1 as PHY devices for i.MX6UL EVK board.

The i.MX6UL EVK 14x14 board uses:
- PHY 2 for FEC 1
- PHY 1 for FEC 2

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: fb41992126c091a71d76ab3d1898959091f60583.1593296112.git.jcd@tribudubois.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoAdd the ability to select a different PHY for each i.MX6UL FEC interface
Jean-Christophe Dubois [Fri, 3 Jul 2020 15:59:41 +0000 (16:59 +0100)] 
Add the ability to select a different PHY for each i.MX6UL FEC interface

Add properties to the i.MX6UL processor to be able to select a
particular PHY on the MDIO bus for each FEC device.

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: ea1d604198b6b73ea6521676e45bacfc597aba53.1593296112.git.jcd@tribudubois.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoAdd a phy-num property to the i.MX FEC emulator
Jean-Christophe Dubois [Fri, 3 Jul 2020 15:59:41 +0000 (16:59 +0100)] 
Add a phy-num property to the i.MX FEC emulator

We need a solution to use an Ethernet PHY that is not the first device
on the MDIO bus (device 0 on MDIO bus).

As an example with the i.MX6UL the NXP SOC has 2 Ethernet devices but
only one MDIO bus on which the 2 related PHY are connected but at unique
addresses.

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: a1a5c0e139d1c763194b8020573dcb6025daeefa.1593296112.git.jcd@tribudubois.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoMerge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20200702...
Peter Maydell [Fri, 3 Jul 2020 15:58:38 +0000 (16:58 +0100)] 
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20200702-1' into staging

This PR contains two patches to improve PLIC support in QEMU.

It also contains one patch that fixes CLINT accesses for RISC-V. This
fixes a regression for most RISC-V boards.

The rest of the PR is adding support for the v0.7.1 RISC-V vector
extensions. This is experimental support as the vector extensions are
still in a draft state.

This is a v2 pull request that has fixed the building on big endian
machines failure.

# gpg: Signature made Thu 02 Jul 2020 17:21:54 BST
# gpg:                using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8  CE8F 21E1 0D29 DF97 7054

* remotes/alistair/tags/pull-riscv-to-apply-20200702-1: (64 commits)
  target/riscv: configure and turn on vector extension from command line
  target/riscv: vector compress instruction
  target/riscv: vector register gather instruction
  target/riscv: vector slide instructions
  target/riscv: floating-point scalar move instructions
  target/riscv: integer scalar move instruction
  target/riscv: integer extract instruction
  target/riscv: vector element index instruction
  target/riscv: vector iota instruction
  target/riscv: set-X-first mask bit
  target/riscv: vmfirst find-first-set mask bit
  target/riscv: vector mask population count vmpopc
  target/riscv: vector mask-register logical instructions
  target/riscv: vector widening floating-point reduction instructions
  target/riscv: vector single-width floating-point reduction instructions
  target/riscv: vector wideing integer reduction instructions
  target/riscv: vector single-width integer reduction instructions
  target/riscv: narrowing floating-point/integer type-convert instructions
  target/riscv: widening floating-point/integer type-convert instructions
  target/riscv: vector floating-point/integer type-convert instructions
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agomigration: Count new_dirty instead of real_dirty
Keqian Zhu [Mon, 22 Jun 2020 03:20:37 +0000 (11:20 +0800)] 
migration: Count new_dirty instead of real_dirty

real_dirty_pages becomes equal to total ram size after dirty log sync
in ram_init_bitmaps, the reason is that the bitmap of ramblock is
initialized to be all set, so old path counts them as "real dirty" at
beginning.

This causes wrong dirty rate and false positive throttling.

Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
Message-Id: <20200622032037.31112-1-zhukeqian1@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomigration: postcopy take proper error return
Dr. David Alan Gilbert [Wed, 1 Jul 2020 09:35:57 +0000 (10:35 +0100)] 
migration: postcopy take proper error return

This function returns a boolean success and we're returning -1;
lets just use the 'out' error path.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Fixes: 58b7c17e226 ("Disable mlock around incoming postcopy")
Buglink: https://bugs.launchpad.net/qemu/+bug/1885720
Message-Id: <20200701093557.130096-1-dgilbert@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agovirtiofsd: Allow addition or removal of capabilities
Dr. David Alan Gilbert [Mon, 29 Jun 2020 11:54:20 +0000 (12:54 +0100)] 
virtiofsd: Allow addition or removal of capabilities

Allow capabilities to be added or removed from the allowed set for the
daemon; e.g.

default:
CapPrm: 00000000880000df
CapEff: 00000000880000df

-o modcaps=+sys_admin

CapPrm: 00000000882000df
CapEff: 00000000882000df

-o modcaps=+sys_admin:-chown

CapPrm: 00000000882000de
CapEff: 00000000882000de

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20200629115420.98443-4-dgilbert@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agovirtiofsd: Check capability calls
Dr. David Alan Gilbert [Mon, 29 Jun 2020 11:54:19 +0000 (12:54 +0100)] 
virtiofsd: Check capability calls

Check the capability calls worked.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20200629115420.98443-3-dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agovirtiofsd: Terminate capability list
Dr. David Alan Gilbert [Mon, 29 Jun 2020 11:54:18 +0000 (12:54 +0100)] 
virtiofsd: Terminate capability list

capng_updatev is a varargs function that needs a -1 to terminate it,
but it was missing.

In practice what seems to have been happening is that it's added the
capabilities we asked for, then runs into junk on the stack, so if
we're unlucky it might be adding some more, but in reality it's
failing - but after adding the capabilities we asked for.

Fixes: a59feb483b8 ("virtiofsd: only retain file system capabilities")
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20200629115420.98443-2-dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agoMerge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-06-24' into staging
Peter Maydell [Fri, 3 Jul 2020 14:34:44 +0000 (15:34 +0100)] 
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-06-24' into staging

Block patches:
- Two iotest fixes

# gpg: Signature made Wed 24 Jun 2020 09:00:51 BST
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/maxreitz/tags/pull-block-2020-06-24:
  iotests: don't test qcow2.py inside 291
  iotests: Fix 051 output after qdev_init_nofail() removal

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoMerge tag 's390-ccw-bios-2020-07-02' into s390-next-staging
Cornelia Huck [Fri, 3 Jul 2020 09:16:46 +0000 (11:16 +0200)] 
Merge tag 's390-ccw-bios-2020-07-02' into s390-next-staging

* Source code clean-ups from Janosch

# gpg: Signature made Thu 02 Jul 2020 11:56:01 AM CEST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [undefined]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [undefined]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]

* tag 's390-ccw-bios-2020-07-02':
  pc-bios/s390: Update s390-ccw bios binaries with the latest changes
  pc-bios/s390-ccw: Generate and include dependency files in the Makefile
  pc-bios: s390x: Make u32 ptr check explicit
  pc-bios: s390x: Use ebcdic2ascii table
  pc-bios: s390x: Move panic() into header and add infinite loop
  pc-bios: s390x: Use PSW masks where possible and introduce PSW_MASK_SHORT_ADDR
  pc-bios: s390x: Rename PSW_MASK_ZMODE to PSW_MASK_64
  pc-bios: s390x: Get rid of magic offsets into the lowcore
  pc-bios: s390x: Move sleep and yield to helper.h
  pc-bios: s390x: Consolidate timing functions into time.h
  pc-bios: s390x: cio.c cleanup and compile fix

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
23 months agos390x/pci: fix set_ind_atomic
Halil Pasic [Tue, 16 Jun 2020 04:50:35 +0000 (06:50 +0200)] 
s390x/pci: fix set_ind_atomic

The atomic_cmpxchg() loop is broken because we occasionally end up with
old and _old having different values (a legit compiler can generate code
that accessed *ind_addr again to pick up a value for _old instead of
using the value of old that was already fetched according to the
rules of the abstract machine). This means the underlying CS instruction
may use a different old (_old) than the one we intended to use if
atomic_cmpxchg() performed the xchg part.

Let us use volatile to force the rules of the abstract machine for
accesses to *ind_addr. Let us also rewrite the loop so, we that the
new old is used to compute the new desired value if the xchg part
is not performed.

Fixes: 8cba80c3a0 ("s390: Add PCI bus support")
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200616045035.51641-3-pasic@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
23 months agovirtio-ccw: fix virtio_set_ind_atomic
Halil Pasic [Tue, 16 Jun 2020 04:50:34 +0000 (06:50 +0200)] 
virtio-ccw: fix virtio_set_ind_atomic

The atomic_cmpxchg() loop is broken because we occasionally end up with
old and _old having different values (a legit compiler can generate code
that accessed *ind_addr again to pick up a value for _old instead of
using the value of old that was already fetched according to the
rules of the abstract machine). This means the underlying CS instruction
may use a different old (_old) than the one we intended to use if
atomic_cmpxchg() performed the xchg part.

Let us use volatile to force the rules of the abstract machine for
accesses to *ind_addr. Let us also rewrite the loop so, we that the
new old is used to compute the new desired value if the xchg part
is not performed.

Fixes: 7e7494627f ("s390x/virtio-ccw: Adapter interrupt support.")
Reported-by: Andre Wild <Andre.Wild1@ibm.com>
Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200616045035.51641-2-pasic@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
23 months agotarget/s390x: Fix SQXBR
Richard Henderson [Sat, 20 Jun 2020 04:21:40 +0000 (21:21 -0700)] 
target/s390x: Fix SQXBR

The output is 128-bit, and thus requires a pair of 64-bit temps.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Buglink: https://bugs.launchpad.net/bugs/1883984
Message-Id: <20200620042140.42070-1-richard.henderson@linaro.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
23 months agoMerge remote-tracking branch 'remotes/kraxel/tags/seabios-20200702-pull-request'...
Peter Maydell [Fri, 3 Jul 2020 08:55:35 +0000 (09:55 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/seabios-20200702-pull-request' into staging

seabios: update submodule to pre-1.14 master snapshot

# gpg: Signature made Thu 02 Jul 2020 15:21:50 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/seabios-20200702-pull-request:
  seabios: update binaries
  seabios: update 128k config
  seabios: update submodule to pre-1.14 master snapshot

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agoiotests: Fix 051 output after qdev_init_nofail() removal
Philippe Mathieu-Daudé [Wed, 24 Jun 2020 14:04:22 +0000 (15:04 +0100)] 
iotests: Fix 051 output after qdev_init_nofail() removal

Commit 96927c744 replaced qdev_init_nofail() call by
isa_realize_and_unref() which has a different error
message. Update the test output accordingly.

Gitlab CI error after merging b77b5b3dc7:
https://gitlab.com/qemu-project/qemu/-/jobs/597414772#L4375

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200616154949.6586-1-philmd@redhat.com>
Message-Id: <20200624140446.15380-2-alex.bennee@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoiotests.py: Do not wait() before communicate()
Max Reitz [Tue, 30 Jun 2020 08:37:11 +0000 (10:37 +0200)] 
iotests.py: Do not wait() before communicate()

Waiting on a process for which we have a pipe will stall if the process
outputs more data than fits into the OS-provided buffer.  We must use
communicate() before wait(), and in fact, communicate() perfectly
replaces wait() already.

We have to drop the stderr=subprocess.STDOUT parameter from
subprocess.Popen() in qemu_nbd_early_pipe(), because stderr is passed on
to the child process, so if we do not drop this parameter, communicate()
will hang (because the pipe is not closed).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200630083711.40567-1-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agovvfat: Fix array_remove_slice()
Kevin Wolf [Tue, 23 Jun 2020 17:55:34 +0000 (19:55 +0200)] 
vvfat: Fix array_remove_slice()

array_remove_slice() calls array_roll() with array->next - 1 as the
destination index. This is only correct for count == 1, otherwise we're
writing past the end of the array. array->next - count would be correct.

However, this is the only place ever calling array_roll(), so this
rather complicated operation isn't even necessary.

Fix the problem and simplify the code by replacing it with a single
memmove() call. array_roll() can now be removed.

Reported-by: Nathan Huckleberry <nhuck15@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200623175534.38286-3-kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agovvfat: Check that updated filenames are valid
Kevin Wolf [Tue, 23 Jun 2020 17:55:33 +0000 (19:55 +0200)] 
vvfat: Check that updated filenames are valid

FAT allows only a restricted set of characters in file names, and for
some of the illegal characters, it's actually important that we catch
them: If filenames can contain '/', the guest can construct filenames
containing "../" and escape from the assigned vvfat directory. The same
problem could arise if ".." was ever accepted as a literal filename.

Fix this by adding a check that all filenames are valid in
check_directory_consistency().

Reported-by: Nathan Huckleberry <nhuck15@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200623175534.38286-2-kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoqemu-storage-daemon: add missing cleanup calls
Stefan Hajnoczi [Fri, 19 Jun 2020 10:11:32 +0000 (11:11 +0100)] 
qemu-storage-daemon: add missing cleanup calls

Several components used by qemu-storage-daemon have cleanup functions
that aren't called. Keep the "valgrind --leak-check=full" as clean as
possible by invoking the necessary cleanup functions.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20200619101132.2401756-3-stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoqemu-storage-daemon: remember to add qemu_object_opts
Stefan Hajnoczi [Fri, 19 Jun 2020 10:11:31 +0000 (11:11 +0100)] 
qemu-storage-daemon: remember to add qemu_object_opts

The --object option is supported by qemu-storage-daemon but the
qemu_object_opts QemuOptsList wasn't being added. As a result calls to
qemu_find_opts("object") failed with "There is no option group
'object'".

This patch fixes the object-del QMP command.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20200619101132.2401756-2-stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agoqemu-img convert: Don't pre-zero images
Kevin Wolf [Mon, 22 Jun 2020 15:12:03 +0000 (17:12 +0200)] 
qemu-img convert: Don't pre-zero images

Since commit 5a37b60a61c, qemu-img create will pre-zero the target image
if it isn't already zero-initialised (most importantly, for host block
devices, but also iscsi etc.), so that writing explicit zeros wouldn't
be necessary later.

This could speed up the operation significantly, in particular when the
source image file was only sparsely populated. However, it also means
that some block are written twice: Once when pre-zeroing them, and then
when they are overwritten with actual data. On a full image, the
pre-zeroing is wasted work because everything will be overwritten.

In practice, write_zeroes typically turns out faster than writing
explicit zero buffers, but slow enough that first zeroing everything and
then overwriting parts can be a significant net loss.

Meanwhile, qemu-img convert was rewritten in 690c7301600 and zero blocks
are now written to the target using bdrv_co_pwrite_zeroes() if the
target could be pre-zeroed. This way we already make use of the faster
write_zeroes operation, but avoid writing any blocks twice.

Remove the pre-zeroing because these days this former optimisation has
actually turned into a pessimisation in the common case.

Reported-by: Nir Soffer <nsoffer@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200622151203.35624-1-kwolf@redhat.com>
Tested-by: Nir Soffer <nsoffer@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 years agotarget/riscv: configure and turn on vector extension from command line
LIU Zhiwei [Wed, 1 Jul 2020 15:25:49 +0000 (23:25 +0800)] 
target/riscv: configure and turn on vector extension from command line

Vector extension is default off. The only way to use vector extension is
1. use cpu rv32 or rv64
2. turn on it by command line
   "-cpu rv64,x-v=true,vlen=128,elen=64,vext_spec=v0.7.1".

vlen is the vector register length, default value is 128 bit.
elen is the max operator size in bits, default value is 64 bit.
vext_spec is the vector specification version, default value is v0.7.1.
These properties can be specified with other values.

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-62-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: vector compress instruction
LIU Zhiwei [Wed, 1 Jul 2020 15:25:48 +0000 (23:25 +0800)] 
target/riscv: vector compress instruction

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-61-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: vector register gather instruction
LIU Zhiwei [Wed, 1 Jul 2020 15:25:47 +0000 (23:25 +0800)] 
target/riscv: vector register gather instruction

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-60-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: vector slide instructions
LIU Zhiwei [Wed, 1 Jul 2020 15:25:46 +0000 (23:25 +0800)] 
target/riscv: vector slide instructions

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-59-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: floating-point scalar move instructions
LIU Zhiwei [Wed, 1 Jul 2020 15:25:45 +0000 (23:25 +0800)] 
target/riscv: floating-point scalar move instructions

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-58-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: integer scalar move instruction
LIU Zhiwei [Wed, 1 Jul 2020 15:25:44 +0000 (23:25 +0800)] 
target/riscv: integer scalar move instruction

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-57-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: integer extract instruction
LIU Zhiwei [Wed, 1 Jul 2020 15:25:43 +0000 (23:25 +0800)] 
target/riscv: integer extract instruction

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-56-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: vector element index instruction
LIU Zhiwei [Wed, 1 Jul 2020 15:25:42 +0000 (23:25 +0800)] 
target/riscv: vector element index instruction

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-55-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: vector iota instruction
LIU Zhiwei [Wed, 1 Jul 2020 15:25:41 +0000 (23:25 +0800)] 
target/riscv: vector iota instruction

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-54-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: set-X-first mask bit
LIU Zhiwei [Wed, 1 Jul 2020 15:25:40 +0000 (23:25 +0800)] 
target/riscv: set-X-first mask bit

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-53-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: vmfirst find-first-set mask bit
LIU Zhiwei [Wed, 1 Jul 2020 15:25:39 +0000 (23:25 +0800)] 
target/riscv: vmfirst find-first-set mask bit

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-52-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: vector mask population count vmpopc
LIU Zhiwei [Wed, 1 Jul 2020 15:25:38 +0000 (23:25 +0800)] 
target/riscv: vector mask population count vmpopc

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-51-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: vector mask-register logical instructions
LIU Zhiwei [Wed, 1 Jul 2020 15:25:37 +0000 (23:25 +0800)] 
target/riscv: vector mask-register logical instructions

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200701152549.1218-50-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: vector widening floating-point reduction instructions
LIU Zhiwei [Wed, 1 Jul 2020 15:25:36 +0000 (23:25 +0800)] 
target/riscv: vector widening floating-point reduction instructions

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20200701152549.1218-49-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: vector single-width floating-point reduction instructions
LIU Zhiwei [Wed, 1 Jul 2020 15:25:35 +0000 (23:25 +0800)] 
target/riscv: vector single-width floating-point reduction instructions

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20200701152549.1218-48-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2 years agotarget/riscv: vector wideing integer reduction instructions
LIU Zhiwei [Wed, 1 Jul 2020 15:25:34 +0000 (23:25 +0800)] 
target/riscv: vector wideing integer reduction instructions

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20200701152549.1218-47-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>