qemu.git
8 years agoqdev: integrate with QEMU Object Model (v2)
Anthony Liguori [Fri, 16 Dec 2011 20:34:46 +0000 (14:34 -0600)] 
qdev: integrate with QEMU Object Model (v2)

This is a very shallow integration.  We register a TYPE_DEVICE but only use
QOM as basically a memory allocator.  This will make all devices show up as
QOM objects but they will all carry the TYPE_DEVICE.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
v1 -> v2
 - update for new location of object.h

8 years agoqom: add the base Object class (v2)
Anthony Liguori [Sat, 3 Dec 2011 23:10:08 +0000 (17:10 -0600)] 
qom: add the base Object class (v2)

This class provides the main building block for QEMU Object Model and is
extensively documented in the header file.  It is largely inspired by GObject.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
v1 -> v2
 - remove printf() in type registration
 - fix typo in comment (Paolo)
 - make Interface private
 - move object into a new directory and move header into include/qemu/
 - don't make object.h depend on qemu-common.h
 - remove Type and replace it with TypeImpl * (Paolo)
 - use hash table to store types (Paolo)
 - aggressively cache parent type (Paolo)
 - make a type_register and use it with interfaces (Paolo)
 - fix interface cast comment (Paolo)
 - add a few more functions required in later series

8 years agopci: call reset unconditionally
Anthony Liguori [Sun, 4 Dec 2011 17:40:58 +0000 (11:40 -0600)] 
pci: call reset unconditionally

Because now all PCI devices are converted to qdev.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoopenpic: remove dead code to make a PCI device version
Anthony Liguori [Wed, 21 Dec 2011 22:18:02 +0000 (16:18 -0600)] 
openpic: remove dead code to make a PCI device version

bus is always NULL so the code in this if clause is dead (and therefore
untested).

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agomacio: convert to qdev
Anthony Liguori [Wed, 21 Dec 2011 22:14:09 +0000 (16:14 -0600)] 
macio: convert to qdev

This is a "shallow", half hearted, and untested conversion.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoMerge remote-tracking branch 'pmaydell/arm-devs.for-upstream' into staging
Anthony Liguori [Fri, 27 Jan 2012 15:00:03 +0000 (09:00 -0600)] 
Merge remote-tracking branch 'pmaydell/arm-devs.for-upstream' into staging

* pmaydell/arm-devs.for-upstream:
  arm: SoC model for Calxeda Highbank
  arm_boot: support board IDs more than 16 bits wide
  arm: add secondary cpu boot callbacks to arm_boot.c
  ahci: add support for non-PCI based controllers
  Add xgmac ethernet model

8 years agoMerge remote-tracking branch 'kwolf/for-anthony' into staging
Anthony Liguori [Fri, 27 Jan 2012 14:58:52 +0000 (08:58 -0600)] 
Merge remote-tracking branch 'kwolf/for-anthony' into staging

* kwolf/for-anthony: (22 commits)
  scsi: Guard against buflen exceeding req->cmd.xfer in scsi_disk_emulate_command
  qcow: Use bdrv functions to replace file operation
  qcow: Return real error code in qcow_open
  block/vdi: Zero unused parts when allocating a new block (fix #919242)
  virtio-blk: add virtio_blk_handle_read trace event
  docs: describe live block operations
  block: add support for partial streaming
  add QERR_BASE_NOT_FOUND
  block: add bdrv_find_backing_image
  blockdev: make image streaming safe across hotplug
  qmp: add query-block-jobs
  qmp: add block_job_cancel command
  qmp: add block_job_set_speed command
  qmp: add block_stream command
  block: rate-limit streaming operations
  block: add image streaming block job
  block: add BlockJob interface for long-running operations
  block: make copy-on-read a per-request flag
  block: check bdrv_in_use() before blockdev operations
  coroutine: add co_sleep_ns() coroutine sleep function
  ...

8 years agoqemu-io: end aio help text sentences with periods
Laszlo Ersek [Tue, 24 Jan 2012 20:13:28 +0000 (21:13 +0100)] 
qemu-io: end aio help text sentences with periods

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
8 years ago./configure: export xfs config via --{enable, disable}-xfsctl
Sergei Trofimovich [Tue, 24 Jan 2012 17:42:40 +0000 (20:42 +0300)] 
./configure: export xfs config via --{enable, disable}-xfsctl

Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
8 years agopcnet: Preserve link state across device reset
Jan Kiszka [Tue, 24 Jan 2012 12:47:56 +0000 (13:47 +0100)] 
pcnet: Preserve link state across device reset

A device reset does not affect the link state, only set_link does.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
8 years agoe1000: Preserve link state across device reset
Jan Kiszka [Tue, 24 Jan 2012 12:47:46 +0000 (13:47 +0100)] 
e1000: Preserve link state across device reset

A device reset does not affect the link state, only set_link does.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
8 years agoqdev-property: Make bit property parsing stricter
Jan Kiszka [Sat, 21 Jan 2012 13:43:07 +0000 (14:43 +0100)] 
qdev-property: Make bit property parsing stricter

By using strncasecmp, we allow for arbitrary characters after the
"on"/"off" string. Fix this by switching to strcasecmp.

Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
8 years agoremove #if 0 code for timers
Paolo Bonzini [Fri, 20 Jan 2012 11:05:22 +0000 (12:05 +0100)] 
remove #if 0 code for timers

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
8 years agoscsi: Guard against buflen exceeding req->cmd.xfer in scsi_disk_emulate_command
Thomas Higdon [Tue, 24 Jan 2012 17:19:44 +0000 (12:19 -0500)] 
scsi: Guard against buflen exceeding req->cmd.xfer in scsi_disk_emulate_command

Limit the return value (corresponding to the length of the buffer to be
DMAed back to the intiator) to the value in req->cmd.xfer, which is the
amount of data that the initiator expects. Eliminate now-duplicate code
that does this guarding in the functions for individual commands.

Without this, the SCRIPTS code in the emulated LSI device eventually
raises a DMA interrupt for a data overrun when an INQUIRY command whose
buflen exceeds req->cmd.xfer is processed. It's the responsibility of
the client to provide a request buffer and allocation length that are
large enough for the result of the command.

Signed-off-by: Thomas Higdon <thigdon@akamai.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoqcow: Use bdrv functions to replace file operation
Li Zhi Hui [Mon, 21 Nov 2011 07:40:39 +0000 (15:40 +0800)] 
qcow: Use bdrv functions to replace file operation

Since common file operation functions lack of error detection and use
much more I/O syscalls, so change them to bdrv series functions and
reduce I/O request.

Signed-off-by: Li Zhi Hui <zhihuili@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoqcow: Return real error code in qcow_open
Li Zhi Hui [Thu, 15 Dec 2011 10:14:00 +0000 (18:14 +0800)] 
qcow: Return real error code in qcow_open

Signed-off-by: Li Zhi Hui <zhihuili@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock/vdi: Zero unused parts when allocating a new block (fix #919242)
Stefan Weil [Sat, 21 Jan 2012 12:54:24 +0000 (13:54 +0100)] 
block/vdi: Zero unused parts when allocating a new block (fix #919242)

The new block was filled with zero when it was allocated by g_malloc0,
but when it was reused later and only partially used, data from the
previously allocated block were still present and written to the new
block.

This caused the problems reported by bug #919242
(https://bugs.launchpad.net/qemu/+bug/919242).

Now the unused parts of the new block which are before and after the data
are always filled with zero, so it is no longer necessary to zero the whole
block with g_malloc0.

I also updated the copyright comment.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agovirtio-blk: add virtio_blk_handle_read trace event
Stefan Hajnoczi [Thu, 22 Dec 2011 13:17:02 +0000 (13:17 +0000)] 
virtio-blk: add virtio_blk_handle_read trace event

There already exists a virtio_blk_handle_write trace event as well as
completion events.  Add the virtio_blk_handle_read event so it's easy to
trace virtio-blk requests for both read and write operations.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agodocs: describe live block operations
Marcelo Tosatti [Wed, 18 Jan 2012 14:40:54 +0000 (14:40 +0000)] 
docs: describe live block operations

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: add support for partial streaming
Marcelo Tosatti [Wed, 18 Jan 2012 14:40:53 +0000 (14:40 +0000)] 
block: add support for partial streaming

Add support for streaming data from an intermediate section of the
image chain (see patch and documentation for details).

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoadd QERR_BASE_NOT_FOUND
Marcelo Tosatti [Wed, 18 Jan 2012 14:40:52 +0000 (14:40 +0000)] 
add QERR_BASE_NOT_FOUND

This qerror will be raised when a given streaming base (backing file)
cannot be found.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: add bdrv_find_backing_image
Marcelo Tosatti [Wed, 18 Jan 2012 14:40:51 +0000 (14:40 +0000)] 
block: add bdrv_find_backing_image

Add bdrv_find_backing_image: given a BlockDriverState pointer, and an id,
traverse the backing image chain to locate the id.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblockdev: make image streaming safe across hotplug
Stefan Hajnoczi [Wed, 18 Jan 2012 14:40:50 +0000 (14:40 +0000)] 
blockdev: make image streaming safe across hotplug

Unplugging a storage interface like virtio-blk causes the host block
device to be deleted too.  Long-running operations like block migration
must take a DriveInfo reference to prevent the BlockDriverState from
being freed.  For image streaming we can do the same thing.

Note that it is not possible to acquire/release the drive reference in
block.c where the block job functions live because
drive_get_ref()/drive_put_ref() are blockdev.c functions.  Calling them
from block.c would be a layering violation - tools like qemu-img don't
even link against blockdev.c.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoqmp: add query-block-jobs
Stefan Hajnoczi [Wed, 18 Jan 2012 14:40:49 +0000 (14:40 +0000)] 
qmp: add query-block-jobs

Add query-block-jobs, which shows the progress of ongoing block device
operations.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoqmp: add block_job_cancel command
Stefan Hajnoczi [Wed, 18 Jan 2012 14:40:48 +0000 (14:40 +0000)] 
qmp: add block_job_cancel command

Add block_job_cancel, which stops an active block streaming operation.
When the operation has been cancelled the new BLOCK_JOB_CANCELLED event
is emitted.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoqmp: add block_job_set_speed command
Stefan Hajnoczi [Wed, 18 Jan 2012 14:40:47 +0000 (14:40 +0000)] 
qmp: add block_job_set_speed command

Add block_job_set_speed, which sets the maximum speed for a background
block operation.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoqmp: add block_stream command
Stefan Hajnoczi [Wed, 18 Jan 2012 14:40:46 +0000 (14:40 +0000)] 
qmp: add block_stream command

Add the block_stream command, which starts copy backing file contents
into the image file.  Also add the BLOCK_JOB_COMPLETED QMP event which
is emitted when image streaming completes.  Later patches add control
over the background copy speed, cancelation, and querying running
streaming operations.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoarm: SoC model for Calxeda Highbank
Rob Herring [Thu, 26 Jan 2012 11:43:49 +0000 (11:43 +0000)] 
arm: SoC model for Calxeda Highbank

Adds support for Calxeda's Highbank SoC.

Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoarm_boot: support board IDs more than 16 bits wide
Peter Maydell [Thu, 26 Jan 2012 11:43:48 +0000 (11:43 +0000)] 
arm_boot: support board IDs more than 16 bits wide

Support passing a board ID value to the kernel in r1
that is more than 16 bits wide. This is needed to pass
the '-1 == invalid' value for boards which only support
device tree booting.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
8 years agoarm: add secondary cpu boot callbacks to arm_boot.c
Mark Langsdorf [Thu, 26 Jan 2012 11:43:48 +0000 (11:43 +0000)] 
arm: add secondary cpu boot callbacks to arm_boot.c

Create two functions, write_secondary_boot() and secondary_cpu_reset_hook(),
to allow platforms more control of how secondary CPUs are brought up. The
new functions default to NULL and aren't called unless they are populated
so there are no changes to existing platform models.

Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoahci: add support for non-PCI based controllers
Rob Herring [Thu, 26 Jan 2012 11:43:47 +0000 (11:43 +0000)] 
ahci: add support for non-PCI based controllers

Add support for ahci on sysbus.

Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoAdd xgmac ethernet model
Rob Herring [Thu, 26 Jan 2012 11:43:47 +0000 (11:43 +0000)] 
Add xgmac ethernet model

This adds very basic support for the xgmac ethernet core. Missing things
include:

- statistics counters
- WoL support
- rx checksum offload
- chained descriptors (only linear descriptor ring)
- broadcast and multicast handling

Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoblock: rate-limit streaming operations
Stefan Hajnoczi [Wed, 18 Jan 2012 14:40:45 +0000 (14:40 +0000)] 
block: rate-limit streaming operations

This patch implements rate-limiting for image streaming.  If we've
exceeded the bandwidth quota for a 100 ms time slice we sleep the
coroutine until the next slice begins.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: add image streaming block job
Stefan Hajnoczi [Wed, 18 Jan 2012 14:40:44 +0000 (14:40 +0000)] 
block: add image streaming block job

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: add BlockJob interface for long-running operations
Stefan Hajnoczi [Wed, 18 Jan 2012 14:40:43 +0000 (14:40 +0000)] 
block: add BlockJob interface for long-running operations

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: make copy-on-read a per-request flag
Stefan Hajnoczi [Wed, 18 Jan 2012 14:40:42 +0000 (14:40 +0000)] 
block: make copy-on-read a per-request flag

Previously copy-on-read could only be enabled for all requests to a
block device.  This means requests coming from the guest as well as
QEMU's internal requests would perform copy-on-read when enabled.

For image streaming we want to support finer-grained behavior than just
populating the image file from its backing image.  Image streaming
supports partial streaming where a common backing image is preserved.
In this case guest requests should not perform copy-on-read because they
would indiscriminately copy data which should be left in a backing image
from the backing chain.

Introduce a per-request flag for copy-on-read so that a block device can
process both regular and copy-on-read requests.  Overlapping reads and
writes still need to be serialized for correctness when copy-on-read is
happening, so add an in-flight reference count to track this.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: check bdrv_in_use() before blockdev operations
Stefan Hajnoczi [Wed, 18 Jan 2012 14:40:41 +0000 (14:40 +0000)] 
block: check bdrv_in_use() before blockdev operations

Long-running block operations like block migration and image streaming
must have continual access to their block device.  It is not safe to
perform operations like hotplug, eject, change, resize, commit, or
external snapshot while a long-running operation is in progress.

This patch adds the missing bdrv_in_use() checks so that block migration
and image streaming never have the rug pulled out from underneath them.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agocoroutine: add co_sleep_ns() coroutine sleep function
Stefan Hajnoczi [Wed, 18 Jan 2012 14:40:40 +0000 (14:40 +0000)] 
coroutine: add co_sleep_ns() coroutine sleep function

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: replace unchecked strdup/malloc/calloc with glib
Stefan Hajnoczi [Mon, 16 Jan 2012 09:28:06 +0000 (09:28 +0000)] 
block: replace unchecked strdup/malloc/calloc with glib

Most of the codebase as been converted to use glib memory allocation
functions.  There are still a few instances of malloc/calloc in the
block layer and qemu-io.  Replace them, especially since they do not
check the strdup/malloc/calloc return value.

Reported-by: Dr David Alan Gilbert <davidagilbert@uk.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agorbd: wire up snapshot removal and rollback functionality
Gregory Farnum [Wed, 11 Jan 2012 19:53:52 +0000 (11:53 -0800)] 
rbd: wire up snapshot removal and rollback functionality

Signed-off-by: Greg Farnum <gregory.farnum@dreamhost.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agovga: compile cirrus_vga in hwlib
Blue Swirl [Sun, 9 Oct 2011 09:58:00 +0000 (09:58 +0000)] 
vga: compile cirrus_vga in hwlib

Remove target dependencies and compile Cirrus VGA in hwlib.

Address masking can be removed since memory API handles that now.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
8 years agomemory: change dirty setting APIs to take a size
Blue Swirl [Sun, 16 Oct 2011 16:04:59 +0000 (16:04 +0000)] 
memory: change dirty setting APIs to take a size

Instead of each target knowing or guessing the guest page size,
just pass the desired size of dirtied memory area.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
8 years agomemory: fix dirty mask function length handling
Blue Swirl [Sun, 22 Jan 2012 11:00:44 +0000 (11:00 +0000)] 
memory: fix dirty mask function length handling

Fix handling of cases like start = 0xfff, length = 2.

Change length to ram_addr_t to handle larger lengths.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
8 years agovga: fix -nodefaults -device VGA
Blue Swirl [Tue, 24 Jan 2012 17:27:35 +0000 (17:27 +0000)] 
vga: fix -nodefaults -device VGA

Flag -nodefaults should also imply no VGA. This was broken in
a369da5f31ddbdeb32a7f76622e480d3995fbb00.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
8 years agohyperv: fix build on non-KVM hosts
Blue Swirl [Mon, 23 Jan 2012 19:59:14 +0000 (19:59 +0000)] 
hyperv: fix build on non-KVM hosts

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
8 years agoMerge remote-tracking branch 'qemu-kvm/uq/master' into staging
Anthony Liguori [Mon, 23 Jan 2012 17:00:26 +0000 (11:00 -0600)] 
Merge remote-tracking branch 'qemu-kvm/uq/master' into staging

* qemu-kvm/uq/master:
  kvm: Activate in-kernel irqchip support
  kvm: x86: Add user space part for in-kernel IOAPIC
  kvm: x86: Add user space part for in-kernel i8259
  kvm: x86: Add user space part for in-kernel APIC
  kvm: x86: Establish IRQ0 override control
  kvm: Introduce core services for in-kernel irqchip support
  memory: Introduce memory_region_init_reservation
  ioapic: Factor out base class for KVM reuse
  ioapic: Drop post-load irr initialization
  i8259: Factor out base class for KVM reuse
  i8259: Completely privatize PicState
  apic: Open-code timer save/restore
  apic: Factor out base class for KVM reuse
  apic: Introduce apic_report_irq_delivered
  apic: Inject external NMI events via LINT1
  apic: Stop timer on reset
  kvm: Move kvmclock into hw/kvm folder
  msi: Generalize msix_supported to msi_supported
  hyper-v: initialize Hyper-V CPUID leaves.
  hyper-v: introduce Hyper-V support infrastructure.

Conflicts:
Makefile.target

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoMerge remote-tracking branch 'afaerber/prep-up' into staging
Anthony Liguori [Mon, 23 Jan 2012 16:58:02 +0000 (10:58 -0600)] 
Merge remote-tracking branch 'afaerber/prep-up' into staging

* afaerber/prep-up:
  prep: Use i82378 PCI->ISA bridge for 'prep' machine
  prep: Add i82378 PCI-to-ISA bridge emulation
  prep: Add i82374 DMA emulation
  MAINTAINERS: Add PCI host bridge files to PReP machine
  prep: qdev'ify Raven host bridge (SysBus)
  prep_pci: Update I/O to MemoryRegion ops
  prep_pci: Simplify I/O endianness
  prep: qdev'ify Raven host bridge (PCIDevice)
  prep: Use ISA m48t59
  prep: Fix offset of BIOS MemoryRegion

8 years agoe1000: bounds packet size against buffer size
Anthony Liguori [Mon, 23 Jan 2012 13:30:43 +0000 (07:30 -0600)] 
e1000: bounds packet size against buffer size

Otherwise we can write beyond the buffer and corrupt memory.  This is tracked
as CVE-2012-0029.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agotarget-sparc: Fix mixup of uint64 and uint64_t
Andreas Färber [Mon, 16 Jan 2012 00:46:51 +0000 (01:46 +0100)] 
target-sparc: Fix mixup of uint64 and uint64_t

Commit 793a137a41ad4125011c7022cf16a1baa40a5ab6 (target-sparc:
Implement BMASK/BSHUFFLE.) introduced a stray usage of softfloat uint64
type.

Use uint64_t instead.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
8 years agosga: fix copypasta
Blue Swirl [Sun, 23 Oct 2011 14:39:46 +0000 (14:39 +0000)] 
sga: fix copypasta

Fix the name of the init function.

Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
8 years agovga: make Cirrus ISA device optional
Blue Swirl [Sat, 1 Oct 2011 16:33:43 +0000 (16:33 +0000)] 
vga: make Cirrus ISA device optional

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
8 years agovga: improve VGA logic
Blue Swirl [Tue, 27 Sep 2011 19:15:42 +0000 (19:15 +0000)] 
vga: improve VGA logic

Improve VGA selection logic, push check for device availabilty to vl.c.
Create the devices at board level unconditionally.

Remove now unused pci_try_create*() functions.

Make PCI VGA devices optional.

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
8 years agograckle_pci: Clean up qdev names
Andreas Färber [Wed, 18 Jan 2012 00:11:16 +0000 (00:11 +0000)] 
grackle_pci: Clean up qdev names

Rename SysBus device from 'grackle' to 'grackle-pcihost' to resolve a
name conflict.

Also mark both devices as no_user.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoMAINTAINERS: Add PCI-PCI bridge to New World Mac machine
Andreas Färber [Wed, 18 Jan 2012 06:20:43 +0000 (06:20 +0000)] 
MAINTAINERS: Add PCI-PCI bridge to New World Mac machine

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: Pseries: Check for PCI boundaries
Alexander Graf [Wed, 18 Jan 2012 15:42:09 +0000 (16:42 +0100)] 
PPC: Pseries: Check for PCI boundaries

We call pci_host_config_{read,write}_common() which perform PCI config
accesses. However they don't do all limit checking the way we expect
it to.

So let's introduce a small wrapper around them, making them behave the
way we would without touching generic code.

This patch is based on a patch by David Gibson which put this logic into
the generic code.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoMAINTAINERS: Add PCI host bridge files to CHRP machines
Andreas Färber [Fri, 13 Jan 2012 13:33:58 +0000 (13:33 +0000)] 
MAINTAINERS: Add PCI host bridge files to CHRP machines

Just like prep_pci.c, these were not associated with any MAINTAINERS
section, including PCI.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoMAINTAINERS: Add qemu-ppc to all ppc target stuff
Andreas Färber [Fri, 13 Jan 2012 13:33:57 +0000 (13:33 +0000)] 
MAINTAINERS: Add qemu-ppc to all ppc target stuff

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agopseries: SLOF PCI flag day
Benjamin Herrenschmidt [Wed, 11 Jan 2012 19:46:28 +0000 (19:46 +0000)] 
pseries: SLOF PCI flag day

Currently on the pseries machine the SLOF firmware is used normally,
but we bypass it when -kernel is specified.  Having these two

different boot paths can cause some confusion.

In particular at present we need to "probe" the (emulated) PCI bus and
produce device tree nodes for the PCI devices in qemu, for the -kernel
case.  In the SLOF case, it takes the device tree from qemu adds some
stuff to it then passes it on to the kernel.

It's been decided that a better approach is to always boot through
SLOF, even when using -kernel.  WIth this approach we can leave PCI
probing and device node creation to SLOF in all cases which removes a
bunch of code in qemu, and avoids iterating the PCI devices from the
machine specific init code which we're not supposed to do.

This patch changes qemu to always boot through SLOF, and not to create
PCI nodes.  Simultaneously it updates the included version of SLOF
(submodule and binary image) to one which supports (and requires) the
new approach.

The new SLOF version also includes a number of unrelated enhancements:
support for booting from virtio-pci devices and e1000, greatly
improved FCode support and many bugfixes.  It also makes SLOF ready to
be used even when specifying a kernel on the qemu command line.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agopseries: Use correct dispatcher for PCI config space accesses
David Gibson [Wed, 11 Jan 2012 19:46:26 +0000 (19:46 +0000)] 
pseries: Use correct dispatcher for PCI config space accesses

The pseries machine expects a para-virtualized guest and so supplies RTAS
functions (via a hypercall) for performing PCI config space access.
Currently the implementation of these calls into
pci_default_{read,write}_config().  However this would be incorrect for
any PCI device which overrides the default config read/write functions.
AFAICT there's only one such device today, but we should still get it
right.  In addition the pci_host_config_{read,write}_common() functions
which do correctly do this dispatch, perform bounds checking on the config
space address, lack of which currently leads to an exploitable bug.

This patch corrects the problem.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agopseries: Support PCI extended config space in RTAS calls
Benjamin Herrenschmidt [Wed, 11 Jan 2012 19:46:25 +0000 (19:46 +0000)] 
pseries: Support PCI extended config space in RTAS calls

On the pseries machine (which expexts a paravirtualized guest), guest
access to PCI config space is via host-provided RTAS functions.  This
patch extends these RTAS functions to permit access to PCI extended
config space, as specified in PAPR.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoCorrect types in bmdma_addr_{read,write}
David Gibson [Wed, 11 Jan 2012 19:46:24 +0000 (19:46 +0000)] 
Correct types in bmdma_addr_{read,write}

Back when I made patches introducing dma_addr_t and various PCI DMA
wrapper functions, I made a mistake.  The bmdma_addr_{read,write} functions
need to take target_phys_addr_t not dma_addr_t, since they are assigned
to MemoryRegionOps callbacks.

This patch corrects my error.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoUpdate gitignore file
David Gibson [Wed, 11 Jan 2012 19:46:23 +0000 (19:46 +0000)] 
Update gitignore file

This patch adds several auto-generated files to .gitignore which were
previously missing.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoFix dirty logging with 32-bit qemu & 64-bit guests
Benjamin Herrenschmidt [Wed, 11 Jan 2012 19:46:21 +0000 (19:46 +0000)] 
Fix dirty logging with 32-bit qemu & 64-bit guests

The kvm_get_dirty_pages_log_range() function uses two address
variables to step through the monitored memory region to update the
dirty log.  However, these variables have type unsigned long, which
can overflow if running a 64-bit guest with a 32-bit qemu binary.

This patch changes these to target_phys_addr_t which will have the
correct size.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoload_image_targphys() should enforce the max size
Benjamin Herrenschmidt [Wed, 11 Jan 2012 19:46:20 +0000 (19:46 +0000)] 
load_image_targphys() should enforce the max size

load_image_targphys() gets passed a max size for the file, but doesn't
enforce it at all. Add a check and return -1 (error) if the file is
too big, without loading it.  Fix the bracing style in the function
while we're at it.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agovirtio: change memcpy to guest reads
Alexander Graf [Tue, 10 Jan 2012 22:33:10 +0000 (23:33 +0100)] 
virtio: change memcpy to guest reads

When accessing the device specific virtio config space, we memcpy
the data into a variable in QEMU. At that point we're basically
pulling host endianness into the game which is a really bad idea.

So instead, let's use the target specific load/store helpers for
memory pointers which fetch things in target endianness. The whole
array is already populated in target endianness anyways
(see virtio-blk).

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agovirtio-pci: Fix endianness of virtio config
Benjamin Herrenschmidt [Tue, 10 Jan 2012 01:35:11 +0000 (01:35 +0000)] 
virtio-pci: Fix endianness of virtio config

The virtio config area in PIO space is a bit special. The initial
header is little endian but the rest (device specific) is guest
native endian.

The PIO accessors for PCI on machines that don't have native IO ports
assume that all PIO is little endian, which works fine for everything
except the above.

A complicated way to fix it would be to split the BAR into two memory
regions with different endianess settings, but this isn't practical
to do, besides, the PIO code doesn't honor region endianness anyway
(I have a patch for that too but it isn't necessary at this stage).

So I decided to go for the quick fix instead which consists of
reverting the swap in virtio-pci in selected places, hoping that when
we eventually do a "v2" of the virtio protocols, we sort that out once
and for all using a fixed endian setting for everything.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
[agraf: keep virtio in libhw and determine endianness through a
        helper function in exec.c]
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoPPC: Bamboo: Integrate SoC instatiation, use qdev for PCI
Alexander Graf [Tue, 10 Jan 2012 19:11:25 +0000 (20:11 +0100)] 
PPC: Bamboo: Integrate SoC instatiation, use qdev for PCI

Now that we have the SoC init function in the same file, let's integrate
it with the board initialization.

While at it, also make use of the newly qdev'ified PCI host controller.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: Bamboo: fold ppc440.c and ppc440_bamboo.c into a single file
Alexander Graf [Tue, 10 Jan 2012 18:39:38 +0000 (19:39 +0100)] 
PPC: Bamboo: fold ppc440.c and ppc440_bamboo.c into a single file

The separation of ppc440 and ppc440_bamboo makes some sense, since ppc440
is the SoC while ppc440_bamboo is the actual board. But the separation
makes things harder for us for no good reason, so let's just fold them
in together with each other.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: 4xx: Qdevify the 440 PCI host controller
Alexander Graf [Tue, 10 Jan 2012 18:36:26 +0000 (19:36 +0100)] 
PPC: 4xx: Qdevify the 440 PCI host controller

Due to popular demand, this qdevifies the PCI host controller of 4xx SoCs
the same way as e500.

We have to introduce a small stub function for pci init that will be
removed in a later patch, once we qdev'ified the board, to keep the build
working.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: bamboo: fix whitespace
Alexander Graf [Tue, 10 Jan 2012 15:49:22 +0000 (16:49 +0100)] 
PPC: bamboo: fix whitespace

Tabs followed by spaces are a no-go. My editor shows it red, distracting
me from actual work! :)

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: bamboo: remove old machine descriptions
Alexander Graf [Tue, 10 Jan 2012 15:36:10 +0000 (16:36 +0100)] 
PPC: bamboo: remove old machine descriptions

Nobody needs to run bamboo in 0.12 compat mode. Remove the machine.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: Enable 440EP CPU target
Alexander Graf [Tue, 3 Jan 2012 21:01:40 +0000 (22:01 +0100)] 
PPC: Enable 440EP CPU target

Now that we have 440 TLB emulation, we can also support running the 440EP
CPU target in system emulation mode.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: 440: Default to 440EP CPU
Alexander Graf [Tue, 3 Jan 2012 21:00:23 +0000 (22:00 +0100)] 
PPC: 440: Default to 440EP CPU

Today we're exposing a Virtex 440 CPU to the guest despite the fact
that we're telling the guest that we're running on a 440EP one in the
device tree.

So let's better default to a real 440EP to make things synced again.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: Bamboo: recompile device tree
Alexander Graf [Tue, 3 Jan 2012 20:58:57 +0000 (21:58 +0100)] 
PPC: Bamboo: recompile device tree

Recent dtc doesn't compile our dts anymore. Change all hex numbers to have
0x prefixes, indicate the old version and recompile using recent dtc.

This doesn't change any semantics in the device tree.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: 440: Ignore invalid PCI IRQs
Alexander Graf [Tue, 3 Jan 2012 18:15:16 +0000 (19:15 +0100)] 
PPC: 440: Ignore invalid PCI IRQs

When running a 440 target, we currently get invalid irq_num values (-1)
which completely confuse the IRQ setting code.

This is most likely due to the missing qdev conversion.

While this shouldn't happen in the first place and should really rather
be fixed by converting the target, I dislike segfaults. So for now, let's
just print a warning and ignore invalid irq_num values.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: Bamboo: Set initial TLB entry
Alexander Graf [Tue, 3 Jan 2012 18:12:47 +0000 (19:12 +0100)] 
PPC: Bamboo: Set initial TLB entry

Back in the day when the bamboo target got introduced, the initial TLB was
dictated by KVM. TCG has been missing initial TLB values ever since, rendering
the target unusable for TCG usage.

This patch adds linear TLB maps the way Linux expects them, making the target
work.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: Bamboo: Register CPU reset
Alexander Graf [Tue, 3 Jan 2012 18:10:02 +0000 (19:10 +0100)] 
PPC: Bamboo: Register CPU reset

To be able to support CPU reset, we need to put all register initialization
and initial state into a CPU reset hook instead of a function that is only
called once on bootup.

This is a preparation step for the initial TLB setting code and brings bamboo
more in line with what e500 and virtex already do.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: 440EP: Initialize timer
Alexander Graf [Tue, 3 Jan 2012 17:55:38 +0000 (18:55 +0100)] 
PPC: 440EP: Initialize timer

When using TCG with a BookE PowerPC core, we need to explicitly initialize
the BookE timers with the correct frequencies.

This was missing for 440EP, since that code came from KVM and was never used
with TCG.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoprep: Use i82378 PCI->ISA bridge for 'prep' machine
Andreas Färber [Mon, 9 Jan 2012 01:04:05 +0000 (02:04 +0100)] 
prep: Use i82378 PCI->ISA bridge for 'prep' machine

Speaker I/O, ISA bus, i8259 PIC, RTC and DMA are no longer set up
individually by the machine. Effectively, no-op speaker I/O is replaced
by pcspk; PIT and i82374 DMA are introduced.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Remove related dead, alternative code.
Wire up PCI host bridge IRQs via GPIO-in IRQs of PCI->ISA bridge.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
8 years agoprep: Add i82378 PCI-to-ISA bridge emulation
Andreas Färber [Sat, 25 Dec 2010 05:01:41 +0000 (06:01 +0100)] 
prep: Add i82378 PCI-to-ISA bridge emulation

Prepare Intel 82378 emulation for use by PReP platforms.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Create ISA bus in this device (suggested by Markus).
Rebase onto Memory API, mark memory ops as Little Endian.
Add VMState. Provide access to i8259 IRQs via qdev GPIOs.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
8 years agoprep: Add i82374 DMA emulation
Andreas Färber [Sat, 25 Dec 2010 04:29:37 +0000 (05:29 +0100)] 
prep: Add i82374 DMA emulation

Prepare Intel 82374 emulation for use by Intel 82378 PCI->ISA bridge.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Confine to CONFIG_I82374. Add VMState.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
8 years agoMAINTAINERS: Add PCI host bridge files to PReP machine
Andreas Färber [Fri, 6 Jan 2012 23:12:15 +0000 (00:12 +0100)] 
MAINTAINERS: Add PCI host bridge files to PReP machine

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Acked-by: Alexander Graf <agraf@suse.de>
8 years agoprep: qdev'ify Raven host bridge (SysBus)
Andreas Färber [Tue, 3 Jan 2012 01:42:46 +0000 (02:42 +0100)] 
prep: qdev'ify Raven host bridge (SysBus)

Drop pci_prep_init() in favor of extended device state. Inspired by
patches from Hervé and Alex.

Assign the 4 IRQs from the board after device instantiation. This moves
the knowledge out of prep_pci and allows for future machines with
different IRQ wiring (IBM 40P). Suggested by Alex.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Cc: Hervé Poussineau <hpoussin@reactos.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
8 years agoprep_pci: Update I/O to MemoryRegion ops
Andreas Färber [Sat, 7 Jan 2012 07:28:53 +0000 (08:28 +0100)] 
prep_pci: Update I/O to MemoryRegion ops

Convert to new-style read/write callbacks.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Avi Kivity <avi@redhat.com>
Cc: Benoît Canet <benoit.canet@gmail.com>
8 years agoprep_pci: Simplify I/O endianness
Andreas Färber [Thu, 12 Jan 2012 02:44:42 +0000 (03:44 +0100)] 
prep_pci: Simplify I/O endianness

The prep PowerPC CPU is Big Endian. An explicit byte swap therefore
effectively becomes Little Endian.

Remove explicit byte swaps and mark as Little Endian.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Cc: Michael S. Tsirkin <mst@redhat.com>
8 years agoprep: qdev'ify Raven host bridge (PCIDevice)
Andreas Färber [Tue, 3 Jan 2012 00:50:07 +0000 (01:50 +0100)] 
prep: qdev'ify Raven host bridge (PCIDevice)

Move initialization of vendor ID, etc. to PCIDeviceInfo.
Introduce VMState.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Cc: Hervé Poussineau <hpoussin@reactos.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
8 years agoprep: Use ISA m48t59
Andreas Färber [Fri, 13 Jan 2012 17:03:48 +0000 (18:03 +0100)] 
prep: Use ISA m48t59

This simplifies the code later when the i8259 moves to the i82378
PCI->ISA bridge and happens to fix a SysBus m48t59 io_base issue
introduced by commit 0fb56ffc5edd66f12ccfc0d71af5f9c79c0a2612 (m48t59:
drop obsolete address base arithmetic). Suggested by Hervé and Jan.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Hervé Poussineau <hpoussin@reactos.org>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
8 years agoprep: Fix offset of BIOS MemoryRegion
Andreas Färber [Thu, 5 Jan 2012 15:48:23 +0000 (16:48 +0100)] 
prep: Fix offset of BIOS MemoryRegion

Since 0c90c52fab5ea92d7f12b29bfe26a7cd75d9efcb (ppc_prep: convert to memory
API) OHW was "Trying to execute code outside RAM or ROM at 0xfff00700".

The BIOS MemoryRegion is created with a fixed size of 1 MiB.
Ensure that the full size can be accessed since the exception
vectors are located at 0xfff00000 and the BIOS may want to use them.

It thereby no longer depends on the actual BIOS binary size.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Avi Kivity <avi@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
8 years agoMerge remote-tracking branch 'spice/spice.v47' into staging
Anthony Liguori [Thu, 19 Jan 2012 18:51:02 +0000 (12:51 -0600)] 
Merge remote-tracking branch 'spice/spice.v47' into staging

* spice/spice.v47:
  qxl: Slot sanity check in qxl_phys2virt() is off by one, fix

8 years agoMerge remote-tracking branch 'stefanha/trivial-patches' into staging
Anthony Liguori [Thu, 19 Jan 2012 15:23:59 +0000 (09:23 -0600)] 
Merge remote-tracking branch 'stefanha/trivial-patches' into staging

* stefanha/trivial-patches:
  Makefile: Remove generated headers on clean
  Makefile: Exclude tests/Makefile in unconfigured tree
  lm32: Fix mixup of uint32 and uint32_t
  tests: Silence gtester in Makefile
  qemu-tool: Fix mixup of int64 and int64_t

8 years agoMerge remote-tracking branch 'qmp/queue/qmp' into staging
Anthony Liguori [Thu, 19 Jan 2012 15:23:16 +0000 (09:23 -0600)] 
Merge remote-tracking branch 'qmp/queue/qmp' into staging

* qmp/queue/qmp:
  block: use proper qerrors in qmp_block_resize
  qerror: restore alphabetical order over qerrors
  qerror: add check-qerror.sh to verify alphabetical order
  qmp: Add missing gcc format attribute and fix format string
  qapi: Convert block_set_io_throttle
  qapi: Convert change
  qerror: Extend QERR_DEVICE_ENCRYPTED
  qapi: Introduce change-vnc-password
  monitor: expose readline state
  qapi: Convert eject
  block: eject_device(): Use error_set()
  qapi: Convert expire_password
  qapi: Convert set_password
  vnc: Simplify vnc_display_password()

8 years agoMerge remote-tracking branch 'pmaydell/arm-devs.for-upstream' into staging
Anthony Liguori [Thu, 19 Jan 2012 15:19:44 +0000 (09:19 -0600)] 
Merge remote-tracking branch 'pmaydell/arm-devs.for-upstream' into staging

* pmaydell/arm-devs.for-upstream:
  arm: make the number of GIC interrupts configurable
  hw/lan9118: Add save/load support
  arm: Remove incorrect comment in arm_timer
  vexpress, realview: Add (dummy) L2 cache controller

8 years agoMerge remote-tracking branch 'kraxel/usb.37' into staging
Anthony Liguori [Thu, 19 Jan 2012 14:34:38 +0000 (08:34 -0600)] 
Merge remote-tracking branch 'kraxel/usb.37' into staging

* kraxel/usb.37:
  usb-redir: Improve some debugging messages
  usb-redir: Try to keep our buffer size near the target size
  usb-redir: Pre-fill our isoc input buffer before sending pkts to the host
  usb-redir: Dynamically adjust iso buffering size based on ep interval
  usb-redir: Clear iso / irq error when stopping the stream
  usb: link packets to endpoints not devices
  usb: add max_packet_size to USBEndpoint
  usb/debug: add usb_ep_dump
  usb-desc: USBEndpoint support
  usb: add ifnum to USBEndpoint
  usb: add USBEndpoint
  xhci: Initial xHCI implementation
  usb: add audio device model
  usb-desc: audio endpoint support
  usb: track altsetting in USBDevice
  usb: track configuration and interface count in USBDevice.
  usb-host: rip out legacy procfs support

8 years agokvm: Activate in-kernel irqchip support
Jan Kiszka [Sat, 15 Oct 2011 11:43:48 +0000 (13:43 +0200)] 
kvm: Activate in-kernel irqchip support

Make the basic in-kernel irqchip support selectable via
-machine ...,kernel_irqchip=on. Leave it off by default until it can
fully replace user space models.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
8 years agokvm: x86: Add user space part for in-kernel IOAPIC
Jan Kiszka [Sun, 16 Oct 2011 21:25:49 +0000 (23:25 +0200)] 
kvm: x86: Add user space part for in-kernel IOAPIC

This introduces the KVM-accelerated IOAPIC model 'kvm-ioapic' and
extends the IRQ routing setup by the 0->2 redirection when needed.

The kvm-ioapic model has a property that allows to define its GSI base
for injecting interrupts into the kernel model. This will allow to
disentangle PIC and IOAPIC pins for chipsets that support more
sophisticated IRQ routes than the PIIX3. So far the base is kept at 0,
i.e. PIC and IOAPIC share pins 0..15.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
8 years agokvm: x86: Add user space part for in-kernel i8259
Jan Kiszka [Sun, 16 Oct 2011 13:30:27 +0000 (15:30 +0200)] 
kvm: x86: Add user space part for in-kernel i8259

Introduce the alternative 'kvm-i8259' device model that exploits KVM
in-kernel acceleration.

The PIIX3 initialization code is furthermore extended by KVM specific
IRQ route setup. GSI injection differs in KVM mode from the user space
model. As we can dispatch ISA-range IRQs to both IOAPIC and PIC inside
the kernel, we do not need to inject them separately. This is reflected
by a KVM-specific GSI handler.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
8 years agokvm: x86: Add user space part for in-kernel APIC
Jan Kiszka [Sun, 16 Oct 2011 11:23:26 +0000 (13:23 +0200)] 
kvm: x86: Add user space part for in-kernel APIC

This introduces the alternative APIC device which makes use of KVM's
in-kernel device model. External NMI injection via LINT1 is emulated by
checking the current state of the in-kernel APIC, only injecting a NMI
into the VCPU if LINT1 is unmasked and configured to DM_NMI.

MSI is not yet supported, so we disable this when the in-kernel model is
in use.

CC: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
8 years agokvm: x86: Establish IRQ0 override control
Jan Kiszka [Sat, 15 Oct 2011 12:08:26 +0000 (14:08 +0200)] 
kvm: x86: Establish IRQ0 override control

KVM is forced to disable the IRQ0 override when we run with in-kernel
irqchip but without IRQ routing support of the kernel. Set the fwcfg
value correspondingly. This aligns us with qemu-kvm.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
8 years agokvm: Introduce core services for in-kernel irqchip support
Jan Kiszka [Sat, 15 Oct 2011 09:49:47 +0000 (11:49 +0200)] 
kvm: Introduce core services for in-kernel irqchip support

Add the basic infrastructure to active in-kernel irqchip support, inject
interrupts into these models, and maintain IRQ routes.

Routing is optional and depends on the host arch supporting
KVM_CAP_IRQ_ROUTING. When it's not available on x86, we looe the HPET as
we can't route GSI0 to IOAPIC pin 2.

In-kernel irqchip support will once be controlled by the machine
property 'kernel_irqchip', but this is not yet wired up.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
8 years agomemory: Introduce memory_region_init_reservation
Jan Kiszka [Sun, 23 Oct 2011 14:01:19 +0000 (16:01 +0200)] 
memory: Introduce memory_region_init_reservation

Introduce a memory region type that can reserve I/O space. Such regions
are useful for modeling I/O that is only handled outside of QEMU, i.e.
in the context of an accelerator like KVM.

Any access to such a region from QEMU is a bug, but could theoretically
be triggered by guest code (DMA to reserved region). So only warning
about such events once, then ignore them.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>