qemu.git
7 years agoMerge remote-tracking branch 'remotes/spice/tags/pull-spice-5' into staging
Peter Maydell [Mon, 24 Mar 2014 18:47:19 +0000 (18:47 +0000)] 
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-5' into staging

spice: input: Fix absolute mouse y coordinates

# gpg: Signature made Mon 24 Mar 2014 07:44:11 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/spice/tags/pull-spice-5:
  spice: input: Fix absolute mouse y coordinates

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agobackends/baum.c: Fix compilation when SDL is not available.
Richard W.M. Jones [Fri, 21 Mar 2014 21:29:37 +0000 (21:29 +0000)] 
backends/baum.c: Fix compilation when SDL is not available.

backends/baum.c: In function ‘chr_baum_init’:
backends/baum.c:569:64: error: missing binary operator before token "("
 #if defined(CONFIG_SDL) && SDL_COMPILEDVERSION < SDL_VERSIONNUM(2, 0, 0)
                                                                ^
backends/baum.c:598:64: error: missing binary operator before token "("
 #if defined(CONFIG_SDL) && SDL_COMPILEDVERSION < SDL_VERSIONNUM(2, 0, 0)

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Message-id: 1395437377-5779-1-git-send-email-rjones@redhat.com
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-arm: Load ELF images with the correct machine type for CPU
Peter Maydell [Fri, 21 Mar 2014 18:44:36 +0000 (18:44 +0000)] 
target-arm: Load ELF images with the correct machine type for CPU

When trying to load an ELF file specified via -kernel, we need to
pass load_elf() the ELF machine type corresponding to the CPU we're
booting with, not the one corresponding to the softmmu binary
we happen to be running. (The two are different in the case of
loading a 32-bit ARM ELF file into a 32 bit CPU being emulated
by qemu-system aarch64.) This was causing us to incorrectly fail
to load ELF images in this situation.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1395427476-25546-1-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: Fix A64 Neon MLS
Peter Maydell [Mon, 24 Mar 2014 15:59:02 +0000 (15:59 +0000)] 
target-arm: Fix A64 Neon MLS

The order of operands for the accumulate step in disas_simd_3same_int()
was reversed. This only affected the MLS instruction, since all the
other accumulating instructions in this category perform an addition
rather than a subtraction.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotests/acpi-test: do not fail if iasl is broken
Marcel Apfelbaum [Mon, 24 Mar 2014 10:02:33 +0000 (12:02 +0200)] 
tests/acpi-test: do not fail if iasl is broken

There is an issue with iasl on big endian machines: It
cannot disassemble acpi tables taken from little endian
machines, so we cannot check the expected tables.

The acpi test will check if the expected aml files
can be disassembled, and will issue an warning not
failing the test on those machines until this
problem is solved by the acpica community.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agospice: input: Fix absolute mouse y coordinates
Cole Robinson [Fri, 21 Mar 2014 18:28:49 +0000 (14:28 -0400)] 
spice: input: Fix absolute mouse y coordinates

Current tablet + spice is unusable. Regressed with the UI input rework.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/afaerber/tags/ppc-for-2.0' into staging
Peter Maydell [Thu, 20 Mar 2014 11:45:37 +0000 (11:45 +0000)] 
Merge remote-tracking branch 'remotes/afaerber/tags/ppc-for-2.0' into staging

PowerPC queue for 2.0

* sPAPR loop fix
* SPR reset fix
* Reduce allocation size of indirect opcode tables
* Restrict number of CPU threads
* sPAPR H_SET_MODE fixes
* sPAPR firmware path fixes
* Static and constness cleanups

# gpg: Signature made Thu 20 Mar 2014 01:46:14 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/ppc-for-2.0:
  spapr: Implement interface to fix device pathname
  spapr: QOM'ify pseries machine
  spapr_vio: Fix firmware names
  spapr_llan: Add to boot device list
  qdev: Introduce FWPathProvider interface
  vl.c: Extend get_boot_devices_list() to ignore suffixes
  spapr_hcall: Fix little-endian resource handling in H_SET_MODE
  target-ppc: Introduce powerisa-207-server flag
  target-ppc: Force CPU threads count to be a power of 2
  target-ppc: Fix overallocation of opcode tables
  target-ppc: Reset SPRs on CPU reset
  spapr_hcall: Fix h_enter to loop correctly
  target-ppc: Add missing 'static' and 'const' attributes

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agospapr: Implement interface to fix device pathname
Alexey Kardashevskiy [Mon, 17 Mar 2014 02:40:27 +0000 (13:40 +1100)] 
spapr: Implement interface to fix device pathname

This extends the pseries machine type with the interface to fix firmware
pathnames for devices which have @bootindex property.

This fixes SCSI disks' device node names (which are wildcard nodes in
the device-tree), for spapr-vscsi, virtio-scsi and usb-storage.

This fixes PHB name from "pci" to "pci@XXXX" where XXXX is a BUID as
there is no bus on top of sPAPRPHBState where PHB firmware name could
be fixed using the BusClass::get_fw_dev_path() mechanism.

This stores the boot list in the /chosen/qemu,boot-list property of
the device tree. "\n" are replaced by spaces to support OF1275.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agospapr: QOM'ify pseries machine
Alexey Kardashevskiy [Mon, 17 Mar 2014 02:40:26 +0000 (13:40 +1100)] 
spapr: QOM'ify pseries machine

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agospapr_vio: Fix firmware names
Alexey Kardashevskiy [Mon, 17 Mar 2014 02:40:25 +0000 (13:40 +1100)] 
spapr_vio: Fix firmware names

This changes VIO bridge fw name from spapr-vio-bridge to vdevice and
vscsi/veth node names from QEMU object names to VIO specific device tree
names.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agospapr_llan: Add to boot device list
Alexey Kardashevskiy [Mon, 17 Mar 2014 02:40:24 +0000 (13:40 +1100)] 
spapr_llan: Add to boot device list

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoqdev: Introduce FWPathProvider interface
Paolo Bonzini [Mon, 17 Mar 2014 02:40:23 +0000 (13:40 +1100)] 
qdev: Introduce FWPathProvider interface

QEMU supports firmware names for all devices in the QEMU tree but
some architectures expect some parts of firmware path names in different
format.

This introduces a firmware-pathname-change interface definition.
If some machines needs to redefine the firmware path format, it has
to add the TYPE_FW_PATH_PROVIDER interface to an object that is above
the device on the QOM tree (typically /machine).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agovl.c: Extend get_boot_devices_list() to ignore suffixes
Alexey Kardashevskiy [Mon, 17 Mar 2014 02:40:22 +0000 (13:40 +1100)] 
vl.c: Extend get_boot_devices_list() to ignore suffixes

As suffixes do not make sense for sPAPR's device tree and
there is no way to filter them out on the BusState::get_fw_dev_path()
level, let's add an ability for the external caller to specify
whether to apply suffixes or not.

We could handle suffixes in SLOF (ignored for now) but this would require
serious rework in the node opening code in SLOF, which has no obvious
benefit for the currently emulated sPAPR machine.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agospapr_hcall: Fix little-endian resource handling in H_SET_MODE
Alexey Kardashevskiy [Fri, 7 Mar 2014 04:37:40 +0000 (15:37 +1100)] 
spapr_hcall: Fix little-endian resource handling in H_SET_MODE

This changes resource code definitions to ones used in the host kernel.

This fixes H_SET_MODE_RESOURCE_LE (switch between big endian and
little endian) to sync registers from KVM before changing LPCR value.

This adds a set_spr() helper to update an SPR in a CPU's context to avoid
possible races and makes use of it to change LPCR.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agotarget-ppc: Introduce powerisa-207-server flag
Alexey Kardashevskiy [Fri, 7 Mar 2014 04:37:39 +0000 (15:37 +1100)] 
target-ppc: Introduce powerisa-207-server flag

This flag will be used to decide whether to emulate some bits of
H_SET_MODE hypercall because some are POWER8-only.

While we are here, add 2.05 flag to POWER8 family too. POWER7/7+ already
have it.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agotarget-ppc: Force CPU threads count to be a power of 2
Bharata B Rao [Wed, 5 Mar 2014 08:32:36 +0000 (14:02 +0530)] 
target-ppc: Force CPU threads count to be a power of 2

PowerPC kernel expects the number of SMT threads in a core to be a power
of 2. Since QEMU doesn't enforce this, it leads to an early guest kernel
crash if invalid threads count is specified.

Prevent this crash and make it a graceful exit from QEMU itself by
validating the user-supplied threads count.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agotarget-ppc: Fix overallocation of opcode tables
Stuart Brady [Wed, 19 Mar 2014 14:07:26 +0000 (14:07 +0000)] 
target-ppc: Fix overallocation of opcode tables

create_new_table() should allocate 0x20 opc_handler_t pointers, but
actually allocates 0x20 opc_handler_t structs.  Fix this.

Signed-off-by: Stuart Brady <sdb@zubnet.me.uk>
Reviewed-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agotarget-ppc: Reset SPRs on CPU reset
Alexey Kardashevskiy [Wed, 19 Mar 2014 13:03:57 +0000 (00:03 +1100)] 
target-ppc: Reset SPRs on CPU reset

This resets SPR values to defaults on CPU reset. This should help
with little-endian guests reboot issues.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agospapr_hcall: Fix h_enter to loop correctly
Aneesh Kumar K.V [Fri, 14 Mar 2014 13:51:49 +0000 (19:21 +0530)] 
spapr_hcall: Fix h_enter to loop correctly

We wanted to loop till index is 8. On 8 we return with H_PTEG_FULL. If we
are successful in loading hpte with any other index, we continue with that
index value.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoMerge remote-tracking branch 'remotes/afaerber/tags/prep-for-2.0' into staging
Peter Maydell [Wed, 19 Mar 2014 23:34:42 +0000 (23:34 +0000)] 
Merge remote-tracking branch 'remotes/afaerber/tags/prep-for-2.0' into staging

PReP machine and devices

* Raven PCI host bridge memory fixes (remainder)

# gpg: Signature made Wed 19 Mar 2014 23:35:08 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/prep-for-2.0:
  raven: Use raven_ for all function prefixes
  raven: Fix PCI bus accesses with size > 1
  raven: Add PCI bus mastering address space
  raven: Set a correct PCI memory region
  raven: Set a correct PCI I/O memory region
  raven: Implement non-contiguous I/O region
  raven: Rename intack region to pci_intack

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoraven: Use raven_ for all function prefixes
Hervé Poussineau [Mon, 17 Mar 2014 22:00:25 +0000 (23:00 +0100)] 
raven: Use raven_ for all function prefixes

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Fix PCI bus accesses with size > 1
Hervé Poussineau [Mon, 17 Mar 2014 22:00:24 +0000 (23:00 +0100)] 
raven: Fix PCI bus accesses with size > 1

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Add PCI bus mastering address space
Hervé Poussineau [Mon, 17 Mar 2014 22:00:23 +0000 (23:00 +0100)] 
raven: Add PCI bus mastering address space

This has been tested on Linux 2.4/PPC with the lsi53c895a SCSI adapter.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Set a correct PCI memory region
Hervé Poussineau [Mon, 17 Mar 2014 22:00:22 +0000 (23:00 +0100)] 
raven: Set a correct PCI memory region

PCI memory region is 0x3f000000 bytes starting at 0xc0000000.

However, keep compatibility with Open Hack'Ware expectations
by adding a hack for Open Hack'Ware display.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Set a correct PCI I/O memory region
Hervé Poussineau [Mon, 17 Mar 2014 22:00:21 +0000 (23:00 +0100)] 
raven: Set a correct PCI I/O memory region

PCI I/O region is 0x3f800000 bytes starting at 0x80000000.
Do not use global QEMU I/O region, which is only 64KB.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Implement non-contiguous I/O region
Hervé Poussineau [Mon, 17 Mar 2014 22:00:20 +0000 (23:00 +0100)] 
raven: Implement non-contiguous I/O region

Remove now duplicated code from prep board.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Rename intack region to pci_intack
Hervé Poussineau [Mon, 17 Mar 2014 22:00:19 +0000 (23:00 +0100)] 
raven: Rename intack region to pci_intack

Regions added subsequently will also have the pci_ prefix.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoMerge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-2.0' into staging
Peter Maydell [Wed, 19 Mar 2014 22:36:44 +0000 (22:36 +0000)] 
Merge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-2.0' into staging

QOM CPUState refactorings / X86CPU

* CPUState layout optimization for TCG

# gpg: Signature made Wed 19 Mar 2014 21:51:46 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-cpu-for-2.0:
  cpu: Move tcg_exit_req to the end of CPUState

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-2.0' into staging
Peter Maydell [Wed, 19 Mar 2014 21:45:41 +0000 (21:45 +0000)] 
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-2.0' into staging

QOM/QTest infrastructure fixes

* QOM machine memory and build fixes
* QOM link<> and child<> property reference counting fixes

# gpg: Signature made Wed 19 Mar 2014 21:44:04 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-2.0:
  virtio-rng: Avoid default_backend refcount leak
  qom: Add check() argument to object_property_add_link()
  qom: Make QOM link property unref optional
  qom: Don't make link NULL on object_property_set_link() failure
  qom: Split object_property_set_link()
  vl.c: Fix OpenBSD compilation issue due to namespace collisions
  vl.c: Fix memory leak in qemu_register_machine()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agovirtio-rng: Avoid default_backend refcount leak
Stefan Hajnoczi [Wed, 19 Mar 2014 07:58:57 +0000 (08:58 +0100)] 
virtio-rng: Avoid default_backend refcount leak

QOM child properties take a reference to the object and release it when
the property is deleted.  Therefore we should unref the default_backend
after we have added it as a child property.

Cc: KONRAD Frederic <fred.konrad@greensocs.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoqom: Add check() argument to object_property_add_link()
Stefan Hajnoczi [Wed, 19 Mar 2014 07:58:56 +0000 (08:58 +0100)] 
qom: Add check() argument to object_property_add_link()

There are currently three types of object_property_add_link() callers:

1. The link property may be set at any time.
2. The link property of a DeviceState instance may only be set before
   realize.
3. The link property may never be set, it is read-only.

Something similar can already be achieved with
object_property_add_str()'s set() argument.  Follow its example and add
a check() argument to object_property_add_link().

Also provide default check() functions for case #1 and #2.  Case #3 is
covered by passing a NULL function pointer.

Cc: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Anthony Liguori <aliguori@amazon.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Tweaked documentation comment]
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agocpu: Move tcg_exit_req to the end of CPUState
Richard Henderson [Fri, 14 Mar 2014 22:30:10 +0000 (15:30 -0700)] 
cpu: Move tcg_exit_req to the end of CPUState

Reverse an increase in the size of generated code.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoqom: Make QOM link property unref optional
Stefan Hajnoczi [Wed, 19 Mar 2014 07:58:55 +0000 (08:58 +0100)] 
qom: Make QOM link property unref optional

Some object_property_add_link() callers expect property deletion to
unref the link property object.  Other callers expect to manage the
refcount themselves.  The former are currently broken and therefore leak
the link property object.

This patch adds a flags argument to object_property_add_link() so the
caller can specify which refcount behavior they require.  The new
OBJ_PROP_LINK_UNREF_ON_RELEASE flag causes the link pointer to be
unreferenced when the property is deleted.

This fixes refcount leaks in qdev.c, xilinx_axidma.c, xilinx_axienet.c,
s390-virtio-bus.c, virtio-pci.c, virtio-rng.c, and ui/console.c.

Rationale for refcount behavior:

 * hw/core/qdev.c
   - bus children are explicitly unreferenced, don't interfere
   - parent_bus is essentially a read-only property that doesn't hold a
     refcount, don't unref
   - hotplug_handler is leaked, do unref

 * hw/dma/xilinx_axidma.c
   - rx stream "dma" links are set using set_link, therefore they
     need unref
   - tx streams are set using set_link, therefore they need unref

 * hw/net/xilinx_axienet.c
   - same reasoning as hw/dma/xilinx_axidma.c

 * hw/pcmcia/pxa2xx.c
   - pxa2xx bypasses set_link and therefore does not use refcounts

 * hw/s390x/s390-virtio-bus.c
 * hw/virtio/virtio-pci.c
 * hw/virtio/virtio-rng.c
 * ui/console.c
   - set_link is used and there is no explicit unref, do unref

Cc: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Anthony Liguori <aliguori@amazon.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoqom: Don't make link NULL on object_property_set_link() failure
Stefan Hajnoczi [Wed, 19 Mar 2014 07:58:54 +0000 (08:58 +0100)] 
qom: Don't make link NULL on object_property_set_link() failure

The error behavior of object_property_set_link() is dangerous.  It sets
the link property object to NULL if an error occurs.  A setter function
should either succeed or fail, it shouldn't leave the value NULL on
failure.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoqom: Split object_property_set_link()
Stefan Hajnoczi [Wed, 19 Mar 2014 07:58:53 +0000 (08:58 +0100)] 
qom: Split object_property_set_link()

The path resolution logic in object_property_set_link() should be a
separate function.  This makes the code easier to read and maintain.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agovl.c: Fix OpenBSD compilation issue due to namespace collisions
Marcel Apfelbaum [Tue, 18 Mar 2014 15:26:35 +0000 (17:26 +0200)] 
vl.c: Fix OpenBSD compilation issue due to namespace collisions

Machine rewriting added MACHINE() macro which is
already in use by other OpenBSD library.
Since qemu/sockets.h exposes the OpenBSD namespace,
the minimalistic approach is to add it as the first QEMU include.

Reported-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agovl.c: Fix memory leak in qemu_register_machine()
Christian Borntraeger [Wed, 19 Mar 2014 11:24:27 +0000 (12:24 +0100)] 
vl.c: Fix memory leak in qemu_register_machine()

Since commit 261747f176f6 (vl: Use MachineClass instead of global
QEMUMachine list) valgrind complains about the following:

==54082== 57 bytes in 3 blocks are definitely lost in loss record 365 of
729
==54082==    at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==54082==    by 0x4145569: g_malloc (in
/usr/lib64/libglib-2.0.so.0.3400.2)
==54082==    by 0x415F9E9: g_strconcat (in
/usr/lib64/libglib-2.0.so.0.3400.2)
==54082==    by 0x80157FE7: qemu_register_machine (vl.c:1597)
==54082==    by 0x80208E6B: module_call_init (module.c:105)
==54082==    by 0x80013B91: main (vl.c:3000)

Turns out that valgrind is right. We simply forget the memory that
g_strconcat() has allocated. Lets free it after the type_register().
We need a 2nd variable due to constness of the name part of the
type structure.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoMerge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-2.0' into staging
Peter Maydell [Wed, 19 Mar 2014 19:05:13 +0000 (19:05 +0000)] 
Merge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-2.0' into staging

QOM CPUState refactorings / X86CPU

* Fix pointer type mismatch

# gpg: Signature made Wed 19 Mar 2014 18:51:47 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-cpu-for-2.0:
  exec: Fix CPU rework fallout

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoexec: Fix CPU rework fallout
Christian Borntraeger [Mon, 17 Mar 2014 16:13:12 +0000 (17:13 +0100)] 
exec: Fix CPU rework fallout

Commit 259186a7d2f7184efc96ae99bc5658e6159f53ad (cpu: Move halted and
interrupt_request fields to CPUState) passed CPUState::env_ptr to
tlb_flush() directory rather than through a typed variable.

Commit 00c8cb0a36f51a6866a83c08962d12a0eb21864b (cputlb: Change
tlb_flush() argument to CPUState) now changed the argument type.
This was unnoticed by gcc because env_ptr is a void pointer.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agolinux-user: Fix build if headers don't define _LINUX_CAPABILITY_VERSION_1
Peter Maydell [Wed, 19 Mar 2014 16:07:30 +0000 (16:07 +0000)] 
linux-user: Fix build if headers don't define _LINUX_CAPABILITY_VERSION_1

Older kernel headers don't define _LINUX_CAPABILITY_VERSION_1.
Switch to using the older _LINUX_CAPABILITY_VERSION; newer headers
still define this for source compatibility.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Acked-by: Riku Voipio <riku.voipio@iki.fi>
7 years agotarget-ppc: Add missing 'static' and 'const' attributes
Stefan Weil [Sun, 16 Mar 2014 13:49:54 +0000 (14:49 +0100)] 
target-ppc: Add missing 'static' and 'const' attributes

This fixes warnings from the static code analysis (smatch).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoMerge remote-tracking branch 'remotes/riku/linux-user-for-upstream' into staging
Peter Maydell [Wed, 19 Mar 2014 14:14:15 +0000 (14:14 +0000)] 
Merge remote-tracking branch 'remotes/riku/linux-user-for-upstream' into staging

* remotes/riku/linux-user-for-upstream:
  linux-user: Implement capget, capset
  linux-user: Don't allow guest to block SIGSEGV
  signal: added a wrapper for sigprocmask function
  linux-user: Don't reserve space for commpage for AArch64
  linux-user: implement F_[GS]ETOWN_EX
  linux-user: Don't return uninitialized value for atomic_barrier syscall
  linux-user/signal.c: Correct error path for AArch64 do_rt_sigreturn

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Wed, 19 Mar 2014 13:47:22 +0000 (13:47 +0000)] 
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block patches for 2.0.0-rc1

# gpg: Signature made Wed 19 Mar 2014 13:03:27 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  dataplane: fix implicit IOThread refcount
  block/nfs: report errors from libnfs
  block/nfs: bump libnfs requirement to 1.9.3
  qcow2: Fix fail path in realloc_refcount_block()
  qcow2: Correct comment for realloc_refcount_block()
  qemu-io: Extended "--cmd" description in usage text
  qemu-io-cmds: Fixed typo in example for writev.
  block: Add error handling to bdrv_invalidate_cache()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140319' into...
Peter Maydell [Wed, 19 Mar 2014 13:00:41 +0000 (13:00 +0000)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140319' into staging

target-arm queue:
 * last few A64 Neon instructions
 * fix some PL011 UART bugs causing occasional serial lockups
 * fix the non-PCI AHCI device

# gpg: Signature made Wed 19 Mar 2014 12:00:59 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20140319:
  target-arm: A64: Add saturating accumulate ops (USQADD/SUQADD)
  target-arm: A64: Add saturating int ops (SQNEG/SQABS)
  pl011: fix incorrect logic to set the RXFF flag
  pl011: fix UARTRSR accesses corrupting the UARTCR value
  pl011: reset the fifo when enabled or disabled
  ahci: fix sysbus support

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agovl.c: Use MAX_CPUMASK_BITS macro instead of hardcoded constant
Eduardo Habkost [Tue, 18 Mar 2014 19:29:24 +0000 (16:29 -0300)] 
vl.c: Use MAX_CPUMASK_BITS macro instead of hardcoded constant

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agosysemu.h: Document what MAX_CPUMASK_BITS really limits
Eduardo Habkost [Tue, 18 Mar 2014 19:29:23 +0000 (16:29 -0300)] 
sysemu.h: Document what MAX_CPUMASK_BITS really limits

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agodataplane: fix implicit IOThread refcount
Stefan Hajnoczi [Tue, 18 Mar 2014 16:50:52 +0000 (17:50 +0100)] 
dataplane: fix implicit IOThread refcount

When creating an IOThread implicitly (the user did not specify
x-iothread=<id>) remember that iothread_find() does not return the
object with an incremented refcount.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoblock/nfs: report errors from libnfs
Peter Lieven [Mon, 17 Mar 2014 08:37:21 +0000 (09:37 +0100)] 
block/nfs: report errors from libnfs

if an NFS operation fails we should report what libnfs knows
about the failure. It is likely more than just an error code.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoblock/nfs: bump libnfs requirement to 1.9.3
Peter Lieven [Mon, 17 Mar 2014 08:37:33 +0000 (09:37 +0100)] 
block/nfs: bump libnfs requirement to 1.9.3

libnfs prior to 1.9.3 contains a bug that will report
wrong transfer sizes if the file offset grows beyond 4GB
and RPC responses are received out of order. this
error is not detectable and fixable in qemu.

additionally 1.9.3 introduces support for handling short
read/writes in general and takes care of the necessary
retransmissions internally.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoqcow2: Fix fail path in realloc_refcount_block()
Max Reitz [Mon, 17 Mar 2014 22:04:52 +0000 (23:04 +0100)] 
qcow2: Fix fail path in realloc_refcount_block()

If qcow2_alloc_clusters() fails, new_offset and ret will both be
negative after the fail label, thus passing the first if condition and
subsequently resulting in a call of qcow2_free_clusters() with an
invalid (negative) offset parameter. Fix this by introducing a new label
"fail_free_cluster" which is only invoked if new_offset is indeed
pointing to a newly allocated cluster that should be cleaned up by
freeing it.

While we're at it, clean up the whole fail path. qcow2_cache_put()
should (and actually can) never fail, hence the return value can safely
be ignored (aside from asserting that it indeed did not fail).

Furthermore, there is no reason to give QCOW2_DISCARD_ALWAYS to
qcow2_free_clusters(), a mere QCOW2_DISCARD_OTHER will suffice.

Ultimately, rename the "fail" label to "done", as it is invoked both on
failure and success.

Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoqcow2: Correct comment for realloc_refcount_block()
Max Reitz [Mon, 17 Mar 2014 22:04:51 +0000 (23:04 +0100)] 
qcow2: Correct comment for realloc_refcount_block()

Contrary to the comment describing this function's behavior, it does not
return 0 on success, but rather the offset of the newly allocated
cluster. This patch adjusts the comment accordingly to reflect the
actual behavior.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoqemu-io: Extended "--cmd" description in usage text
Maria Kustova [Tue, 18 Mar 2014 05:59:19 +0000 (09:59 +0400)] 
qemu-io: Extended "--cmd" description in usage text

It's not clear from the usage description that "--cmd" option accepts
its argument as a string, so any special symbols have to be quoted from
the shell.

Updates in usage text:
 - Specified parameter format for "--cmd" option.
 - Added an instruction how to get help for "--cmd" option.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoqemu-io-cmds: Fixed typo in example for writev.
Maria Kustova [Tue, 18 Mar 2014 05:59:17 +0000 (09:59 +0400)] 
qemu-io-cmds: Fixed typo in example for writev.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoblock: Add error handling to bdrv_invalidate_cache()
Kevin Wolf [Wed, 12 Mar 2014 14:59:16 +0000 (15:59 +0100)] 
block: Add error handling to bdrv_invalidate_cache()

If it returns an error, the migrated VM will not be started, but qemu
exits with an error message.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
7 years agotarget-arm: A64: Add saturating accumulate ops (USQADD/SUQADD)
Alex Bennée [Tue, 18 Mar 2014 23:10:06 +0000 (23:10 +0000)] 
target-arm: A64: Add saturating accumulate ops (USQADD/SUQADD)

Add the saturating accumulate operations USQADD and SUQADD
to the A64 instruction set. This completes coverage of A64 Neon.
These operations (which are unsigned + signed -> signed and
signed + unsigned -> unsigned) don't exist in the A32/T32
instruction set, so require a complete new set of helper functions.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
7 years agotarget-arm: A64: Add saturating int ops (SQNEG/SQABS)
Alex Bennée [Tue, 18 Mar 2014 23:10:06 +0000 (23:10 +0000)] 
target-arm: A64: Add saturating int ops (SQNEG/SQABS)

This mostly re-uses the existing NEON helpers with an additional two for
the 64 bit case. I also took the opportunity to add TCG_CALL_NO_RWG
options to the helpers as they don't modify globals (saturation flags
are in the CPU Environment).

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
7 years agopl011: fix incorrect logic to set the RXFF flag
Rob Herring [Tue, 18 Mar 2014 18:18:41 +0000 (13:18 -0500)] 
pl011: fix incorrect logic to set the RXFF flag

The receive fifo full bit should be set when 1 character is received and
the fifo is disabled or when 16 characters are in the fifo.

Signed-off-by: Rob Herring <rob.herring@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1395166721-15716-4-git-send-email-robherring2@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agopl011: fix UARTRSR accesses corrupting the UARTCR value
Rob Herring [Tue, 18 Mar 2014 18:18:40 +0000 (13:18 -0500)] 
pl011: fix UARTRSR accesses corrupting the UARTCR value

Offset 4 is UARTRSR/UARTECR, not the UARTCR. The UARTCR would be
corrupted if the UARTRSR is ever written. Fix by implementing a correct
model of the UARTRSR/UARTECR register. Reads of this register simply
reflect the error bits in data register. Only breaks can be triggered in
QEMU. With the pl011_can_receive function, we effectively have flow
control between the host and the model. Framing and parity errors simply
don't make sense in the model and will never occur.

Signed-off-by: Rob Herring <rob.herring@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1395166721-15716-3-git-send-email-robherring2@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agopl011: reset the fifo when enabled or disabled
Rob Herring [Tue, 18 Mar 2014 18:18:39 +0000 (13:18 -0500)] 
pl011: reset the fifo when enabled or disabled

Intermittent issues have been seen where no serial input occurs. It
appears the pl011 gets in a state where the rx interrupt never fires
because the rx interrupt only asserts when crossing the fifo trigger
level. The fifo state appears to get out of sync when the pl011 is
re-configured. This combined with the rx timeout interrupt not being
modeled results in no more rx interrupts.

Disabling the fifo is the recommended way to clear the tx fifo in the
TRM (section 3.3.8). The behavior in this case for the rx fifo is
undefined in the TRM, but having fifo contents to be maintained during
configuration changes is not likely expected behavior. Reseting the
fifo state when the fifo size is changed is the simplest solution.

Signed-off-by: Rob Herring <rob.herring@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1395166721-15716-2-git-send-email-robherring2@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoahci: fix sysbus support
Rob Herring [Tue, 18 Mar 2014 19:36:13 +0000 (19:36 +0000)] 
ahci: fix sysbus support

Non-PCI AHCI support is broken due to assertion failures when trying
to convert AHCIState to a PCIDevice pointer as AHCIState can have
different container structs. Fix this by using the non-asserting object
cast and checking the returned pointer is not NULL.

The AddressSpace pointer is also being initialized to NULL and causing
dma_memory_map call to fail. Fix this by initializing to
address_space_memory for sysbus instances.

Also correct AHCI_VMSTATE to use the correct container SysbusAHCIState
for sysbus instances.

Signed-off-by: Rob Herring <rob.herring@linaro.org>
Message-id: 1392073373-3295-1-git-send-email-robherring2@gmail.com
[PMM: added linebreaks to fix overlong lines]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-2' into staging
Peter Maydell [Tue, 18 Mar 2014 16:39:29 +0000 (16:39 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-2' into staging

vnc: fix vmware VGA incompatiblities

# gpg: Signature made Tue 18 Mar 2014 07:23:10 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vnc-2:
  ui/vnc: fix vmware VGA incompatiblities

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoacpi: fix endian-ness for table ids
Michael S. Tsirkin [Tue, 18 Mar 2014 13:49:41 +0000 (15:49 +0200)] 
acpi: fix endian-ness for table ids

when using signature for table ID, we forgot to byte-swap it.
signatures are really ASCII strings, let's treat them as such.
While at it, get rid of most of _SIGNATURE macros.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agoacpi-test: signature endian-ness fixes
Michael S. Tsirkin [Tue, 18 Mar 2014 14:42:05 +0000 (16:42 +0200)] 
acpi-test: signature endian-ness fixes

acpi table signature is really an ASCII string.
Treat it as such in tests.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140317' into...
Peter Maydell [Tue, 18 Mar 2014 14:31:42 +0000 (14:31 +0000)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140317' into staging

target-arm queue:
 * more A64 Neon instructions
 * fixes to reset CBAR values for A9 and A15 boards
 * fix accesses to PMCR register in -icount mode

# gpg: Signature made Mon 17 Mar 2014 22:04:52 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20140317: (30 commits)
  scripts/qemu-binfmt-conf.sh: Add AArch64 registration
  target-arm: A64: Add [UF]RSQRTE (reciprocal root estimate)
  target-arm: A64: Implement FCVTXN
  target-arm: A64: Implement scalar saturating narrow ops
  target-arm: A64: Move handle_2misc_narrow function
  target-arm: A64: Implement AdvSIMD reciprocal estimate insns URECPE, FRECPE
  softfloat: export squash_input_denormal functions
  target-arm: A64: Implement FCVTZS, FCVTZU in the shift-imm categories
  target-arm: A64: Handle saturating left shifts SQSHL, SQSHLU, UQSHL
  exec-all.h: Increase MAX_OP_PER_INSTR for ARM A64 decoder
  target-arm: A64: Implement FRINT*
  target-arm: A64: Implement SRI
  target-arm: A64: Add FRECPX (reciprocal exponent)
  target-arm: A64: List unsupported shift-imm opcodes
  target-arm: A64: Implement FCVTL
  target-arm: A64: Implement FCVTN
  target-arm: A64: Implement FCVT[NMAPZ][SU] SIMD instructions
  target-arm: A64: Implement SHLL, SHLL2
  target-arm: A64: Implement SADDLP, UADDLP, SADALP, UADALP
  target-arm: A64: Saturating and narrowing shift ops
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoi386/acpi-build: support hotplug of VCPU with APIC ID 0xFF
Laszlo Ersek [Mon, 17 Mar 2014 16:05:17 +0000 (17:05 +0100)] 
i386/acpi-build: support hotplug of VCPU with APIC ID 0xFF

Building on the previous patch, raise the maximal count of processor
objects / NTFY branches / CPON elements from 255 to 256. This allows the
VCPU with APIC ID 0xFF to be hotplugged.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agoacpi-test: rebuild SSDT
Michael S. Tsirkin [Tue, 18 Mar 2014 14:14:59 +0000 (16:14 +0200)] 
acpi-test: rebuild SSDT

commit 9bcc80cd71892df42605e0c097d85c0237ff45d1
    i386/acpi-build: allow more than 255 elements in CPON

Replaces 0x1 with a smaller One constant.

rebuild expected SSDT.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agoi386/acpi-build: allow more than 255 elements in CPON
Laszlo Ersek [Mon, 17 Mar 2014 16:05:16 +0000 (17:05 +0100)] 
i386/acpi-build: allow more than 255 elements in CPON

The build_ssdt() function builds a number of AML objects that are related
to CPU hotplug, and whose IDs form a contiguous sequence of APIC IDs.
(APIC IDs are in fact discontiguous, but this is the traditional
interface: build a contiguous sequence from zero up that covers all
possible APIC IDs.) These objects are:

- a Processor() object for each VCPU,
- a NTFY method, with one branch for each VCPU,
- a CPON package with one element (hotplug status byte) for each VCPU.

The build_ssdt() function currently limits the *count* of processor
objects, and NTFY branches, and CPON elements, in 0xFF (see the assignment
to "acpi_cpus"). This allows for an inclusive APIC ID range of [0..254].
This is incorrect, because the highest APIC ID that we otherwise allow a
VCPU to take is 255.

In order to extend the maximum count to 256, and the traversed APIC ID
range correspondingly to [0..255]:
- the Processor() objects need no change,
- the NTFY method also needs no change,
- the CPON package must be updated, because it is defined with a
  DefPackage, and the number of elements in such a package can be at most
  255. We pick a DefVarPackage instead.

We replace the Op byte, and the encoding of the number of elements.
Compare:

DefPackage     := PackageOp    PkgLength NumElements    PackageElementList
DefVarPackage  := VarPackageOp PkgLength VarNumElements PackageElementList

PackageOp      := 0x12
VarPackageOp   := 0x13

NumElements    := ByteData
VarNumElements := TermArg => Integer

The build_append_int() function implements precisely the following TermArg
encodings (a subset of what the ACPI spec describes):

  TermArg             := DataObject
  DataObject          := ComputationalData
  ComputationalData   := ConstObj | ByteConst | WordConst | DWordConst

  directly encoded in the function, with build_append_byte():
    ConstObj          := ZeroOp | OneOp
      ZeroOp          := 0x00
      OneOp           := 0x01

  call to build_append_value(..., 1):
    ByteConst         := BytePrefix ByteData
      BytePrefix      := 0x0A
      ByteData        := 0x00 - 0xFF

  call to build_append_value(..., 2):
    WordConst         := WordPrefix WordData
      WordPrefix      := 0x0B
      WordData        := ByteData[0:7] ByteData[8:15]

  call to build_append_value(..., 4):
    DWordConst        := DWordPrefix DWordData
      DWordPrefix     := 0x0C
      DWordData       := WordData[0:15] WordData[16:31]

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agopc: Refuse max_cpus if it results in too large APIC ID
Eduardo Habkost [Fri, 14 Mar 2014 19:33:54 +0000 (16:33 -0300)] 
pc: Refuse max_cpus if it results in too large APIC ID

This changes the PC initialization code to reject max_cpus if it results
in an APIC ID that's too large, instead of aborting or erroring out when
it is already too late.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agoacpi: Don't use MAX_CPUMASK_BITS for APIC ID bitmap
Eduardo Habkost [Fri, 14 Mar 2014 19:33:53 +0000 (16:33 -0300)] 
acpi: Don't use MAX_CPUMASK_BITS for APIC ID bitmap

MAX_CPUMASK_BITS is a limit for max_cpus and CPU indexes, not for APIC
IDs.

ACPI_CPU_HOTPLUG_ID_LIMIT is the right macro for the limit on APIC IDs
on the ACPI and CPU hotplug code.

There are no functional changes introduced by this patch, as
MAX_CPUMASK_BITS + 1 == 255 + 1 == 256 == ACPI_CPU_HOTPLUG_ID_LIMIT.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agoacpi: Assert sts array limit on AcpiCpuHotplug_add()
Eduardo Habkost [Fri, 14 Mar 2014 19:33:52 +0000 (16:33 -0300)] 
acpi: Assert sts array limit on AcpiCpuHotplug_add()

AcpiCpuHotplug_add() can't handle vCPU arch IDs larger than
ACPI_CPU_HOTPLUG_ID_LIMIT. Instead of corrupting memory in case the vCPU
ID is too large, use g_assert() to ensure we are not over the limit.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agopc: Refuse CPU hotplug if the resulting APIC ID is too large
Eduardo Habkost [Fri, 14 Mar 2014 19:33:51 +0000 (16:33 -0300)] 
pc: Refuse CPU hotplug if the resulting APIC ID is too large

The ACPI CPU hotplug code requires APIC IDs to be smaller than
ACPI_CPU_HOTPLUG_ID_LIMIT, so enforce the limit before trying to hotplug
a new vCPU, returning an error instead of crashing.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agoacpi: Add ACPI_CPU_HOTPLUG_ID_LIMIT macro
Eduardo Habkost [Fri, 14 Mar 2014 19:33:50 +0000 (16:33 -0300)] 
acpi: Add ACPI_CPU_HOTPLUG_ID_LIMIT macro

The new macro will be helpful to allow us to detect too large SMP limits
before it is too late.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agoacpi-test: update expected SSDT files
Michael S. Tsirkin [Mon, 10 Mar 2014 19:13:59 +0000 (21:13 +0200)] 
acpi-test: update expected SSDT files

commit 13f65b2e1073cf7e2c8fb3880c77d8a53fa2f95e
    acpi-test: update expected SSDT files

set an incorrect SSDT.
rebuild it.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
7 years agoui/vnc: fix vmware VGA incompatiblities
Peter Lieven [Mon, 17 Mar 2014 17:38:58 +0000 (18:38 +0100)] 
ui/vnc: fix vmware VGA incompatiblities

this fixes invalid rectangle updates observed after commit 12b316d
with the vmware VGA driver. The issues occured because the server
and client surface update seems to be out of sync at some points
and the max width of the surface is not dividable by
VNC_DIRTY_BITS_PER_PIXEL (16).

Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/borntraeger/tags/kvm-s390-20140317' into staging
Peter Maydell [Mon, 17 Mar 2014 22:31:32 +0000 (22:31 +0000)] 
Merge remote-tracking branch 'remotes/borntraeger/tags/kvm-s390-20140317' into staging

4 small patches:
- Fixing findings of valgrind regarding minor memory leaks:
  Currently we forget the pointer of qemu_allocate_irqs. Since we never
  free the irqs, this is not critical, but obviously not good programming
  style. While we are at it, we dont need the irq infrastructure for
  the sclp consoles.
- Handle new ELF error codes for BIOS loading

# gpg: Signature made Mon 17 Mar 2014 21:34:12 GMT using RSA key ID B5A61C7C
# gpg: Can't check signature: public key not found

* remotes/borntraeger/tags/kvm-s390-20140317:
  s390x/sclpconsole-lm: Fix and simplify irq setup
  s390x/sclpconsole: Fix and simplify interrupt injection
  s390x/cpu hotplug: Fix memory leak
  s390/ipl: Fix error path on BIOS loading

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/rth/tcg-v8p-2' into staging
Peter Maydell [Mon, 17 Mar 2014 22:15:52 +0000 (22:15 +0000)] 
Merge remote-tracking branch 'remotes/rth/tcg-v8p-2' into staging

* remotes/rth/tcg-v8p-2:
  tcg-sparc: Convert to new ldst opcodes
  tcg-sparc: Convert to new ldst helpers
  tcg-sparc: Tidy tcg_out_tlb_load interface
  tcg-sparc: Use TCGMemOp within qemu_ldst routines
  tcg-sparc: Improve tcg_out_movi
  tcg-sparc: Dont handle constant arguments to ext32 ops
  tcg-sparc: Don't handle remainder
  tcg-sparc: Use intptr_t as appropriate
  tcg-sparc: Tidy call+jump patterns
  tcg-sparc: Fix tlb read
  tcg-sparc: Fix ld64 for 32-bit mode

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agos390x/sclpconsole-lm: Fix and simplify irq setup
Christian Borntraeger [Mon, 10 Mar 2014 13:19:52 +0000 (14:19 +0100)] 
s390x/sclpconsole-lm: Fix and simplify irq setup

valgrind complains about a memory leak in irq setup of sclpconsole:

==42117== 8 bytes in 1 blocks are definitely lost in loss record 89of 833
==42117==    at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117==    by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117==    by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117==    by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117==    by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117==    by 0x800F5685: console_init (sclpconsole.c:235)
==42117==    by 0x80297C79: event_realize (event-facility.c:386)
==42117==    by 0x80105071: device_set_realized (qdev.c:693)
==42117==    by 0x801CDC4B: property_set_bool (object.c:1337)
 ==42117==    by 0x801CBD7F: object_property_set (object.c:819)
[...]

We dont need the indirection of an qemu irq to inject an slcp interrupt.
Fixes a valgrind error and makes the code simpler.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
7 years agos390x/sclpconsole: Fix and simplify interrupt injection
Christian Borntraeger [Mon, 10 Mar 2014 13:17:04 +0000 (14:17 +0100)] 
s390x/sclpconsole: Fix and simplify interrupt injection

valgrind complains about a memory leak in irq setup of sclpconsole:

==42117== 8 bytes in 1 blocks are definitely lost in loss record 89 of 833
==42117==    at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117==    by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117==    by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117==    by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117==    by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117==    by 0x800F5685: console_init (sclpconsole.c:235)
==42117==    by 0x80297C79: event_realize (event-facility.c:386)
==42117==    by 0x80105071: device_set_realized (qdev.c:693)
==42117==    by 0x801CDC4B: property_set_bool (object.c:1337)
==42117==    by 0x801CBD7F: object_property_set (object.c:819)
[...]

Turns out that we actually dont need the indirection, so trigger the
sclp interrupt directly.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
7 years agos390x/cpu hotplug: Fix memory leak
Christian Borntraeger [Mon, 10 Mar 2014 14:03:16 +0000 (15:03 +0100)] 
s390x/cpu hotplug: Fix memory leak

valgrind complains about the following:
==42117== 8 bytes in 1 blocks are definitely lost in loss record 88 of 833
==42117==    at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117==    by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117==    by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117==    by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117==    by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117==    by 0x8029FA4B: irq_cpu_hotplug_init (sclpcpu.c:84)
==42117==    by 0x80297C79: event_realize (event-facility.c:386)
==42117==    by 0x80105071: device_set_realized (qdev.c:693)
[...]

Right it is. Don't drop the pointer of the irq.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Jason J. Herne <jjherne@us.ibm.com>
7 years agos390/ipl: Fix error path on BIOS loading
Christian Borntraeger [Fri, 14 Mar 2014 12:38:57 +0000 (13:38 +0100)] 
s390/ipl: Fix error path on BIOS loading

commit 18674b26788a9e47f1157170234e32ece2044367
(elf-loader: add more return codes) enabled the elf loader to return
other errors than -1.

Lets also handle that case for our "BIOS" on s390.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: Alexey Kardashevskiy <aik@ozlabs.ru>
CC: Alexander Graf <agraf@suse.de>
7 years agotcg-sparc: Convert to new ldst opcodes
Richard Henderson [Tue, 10 Sep 2013 02:51:21 +0000 (19:51 -0700)] 
tcg-sparc: Convert to new ldst opcodes

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Convert to new ldst helpers
Richard Henderson [Wed, 5 Mar 2014 17:42:08 +0000 (09:42 -0800)] 
tcg-sparc: Convert to new ldst helpers

All of the helpers with the explicit big/little endian option
require the return address as a parameter.  Acquire this via
a trampoline.

Move the load of areg0 into the trampoline.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Tidy tcg_out_tlb_load interface
Richard Henderson [Fri, 6 Sep 2013 22:01:14 +0000 (15:01 -0700)] 
tcg-sparc: Tidy tcg_out_tlb_load interface

Pass address registers explicitly, rather than as indicies of args[].
It's two argument registers either way.  Use more TCGReg as appropriate.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Use TCGMemOp within qemu_ldst routines
Richard Henderson [Wed, 4 Sep 2013 03:12:01 +0000 (20:12 -0700)] 
tcg-sparc: Use TCGMemOp within qemu_ldst routines

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Improve tcg_out_movi
Richard Henderson [Tue, 10 Sep 2013 04:07:09 +0000 (21:07 -0700)] 
tcg-sparc: Improve tcg_out_movi

If bits 31:13 are zero, reduce the insn count by one.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Dont handle constant arguments to ext32 ops
Richard Henderson [Tue, 4 Mar 2014 23:24:04 +0000 (15:24 -0800)] 
tcg-sparc: Dont handle constant arguments to ext32 ops

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Don't handle remainder
Richard Henderson [Wed, 21 Aug 2013 02:22:15 +0000 (19:22 -0700)] 
tcg-sparc: Don't handle remainder

The generic fallback is exactly what we implemented.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Use intptr_t as appropriate
Richard Henderson [Wed, 21 Aug 2013 01:31:45 +0000 (18:31 -0700)] 
tcg-sparc: Use intptr_t as appropriate

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Tidy call+jump patterns
Richard Henderson [Wed, 21 Aug 2013 01:25:38 +0000 (18:25 -0700)] 
tcg-sparc: Tidy call+jump patterns

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Fix tlb read
Richard Henderson [Sat, 7 Sep 2013 00:19:12 +0000 (17:19 -0700)] 
tcg-sparc: Fix tlb read

We were computing the full address into %o0 and then not using it.
Adjust some of the computation to rely less on having to pull immediate
values into registers.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Fix ld64 for 32-bit mode
Richard Henderson [Fri, 6 Sep 2013 21:20:00 +0000 (14:20 -0700)] 
tcg-sparc: Fix ld64 for 32-bit mode

Since were not using an annulled branch, we need to put a nop
in the delay slot.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agoscripts/qemu-binfmt-conf.sh: Add AArch64 registration
Peter Maydell [Mon, 17 Mar 2014 16:31:53 +0000 (16:31 +0000)] 
scripts/qemu-binfmt-conf.sh: Add AArch64 registration

Add the binfmt-misc magic needed to register QEMU for handling AArch64
ELF binaries.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-26-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Add [UF]RSQRTE (reciprocal root estimate)
Alex Bennée [Mon, 17 Mar 2014 16:31:53 +0000 (16:31 +0000)] 
target-arm: A64: Add [UF]RSQRTE (reciprocal root estimate)

This adds support for [UF]RSQRTE instructions. It utilises the existing
NEON helpers with some changes. The changes include an explicit passing
of fpstatus (so the correct one is used between arm32 and aarch64),
denormilzation, more correct error handling and also proper scaling of
the fraction going into the estimate.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-25-git-send-email-peter.maydell@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-arm: A64: Implement FCVTXN
Peter Maydell [Mon, 17 Mar 2014 16:31:53 +0000 (16:31 +0000)] 
target-arm: A64: Implement FCVTXN

Implement the FCVTXN operation, which does a narrowing fp precision
conversion using the "round to odd" (von Neumann) mode. This can
conveniently be implemented as "do operation using round to zero;
then set the LSB of the mantissa to 1 if the Inexact flag was set".

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-24-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement scalar saturating narrow ops
Alex Bennée [Mon, 17 Mar 2014 16:31:52 +0000 (16:31 +0000)] 
target-arm: A64: Implement scalar saturating narrow ops

This completes the set of integer narrowing saturating ops including:
     SQXTN, SQXTN2
     SQXTUN, SQXTUN2
     UQXTN, UQXTN2

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-23-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Move handle_2misc_narrow function
Alex Bennée [Mon, 17 Mar 2014 16:31:52 +0000 (16:31 +0000)] 
target-arm: A64: Move handle_2misc_narrow function

Move the handle_2misc_narrow() function up the file so that it can
be called from disas_simd_scalar_two_reg_misc().

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-22-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement AdvSIMD reciprocal estimate insns URECPE, FRECPE
Alex Bennée [Mon, 17 Mar 2014 16:31:52 +0000 (16:31 +0000)] 
target-arm: A64: Implement AdvSIMD reciprocal estimate insns URECPE, FRECPE

Implement URECPE and FRECPE instructions in both scalar and vector forms.
The actual reciprocal estimate function is shared with the A32/T32 Neon
code. However in A64 we aren't using the Neon "standard FPSCR value"
so extra checks are necessary to handle non-squashed denormal inputs
which can never happen for A32/T32. Calling conventions for the helpers
are thus modified to pass the fpst directly; we mark the helpers as
TCG_CALL_NO_RWG since we're changing the declarations anyway.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-21-git-send-email-peter.maydell@linaro.org

7 years agosoftfloat: export squash_input_denormal functions
Alex Bennée [Mon, 17 Mar 2014 16:31:51 +0000 (16:31 +0000)] 
softfloat: export squash_input_denormal functions

I need these available outside of softfloat for some of the reciprocal
processing in aarch64 helper functions.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-20-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement FCVTZS, FCVTZU in the shift-imm categories
Peter Maydell [Mon, 17 Mar 2014 16:31:51 +0000 (16:31 +0000)] 
target-arm: A64: Implement FCVTZS, FCVTZU in the shift-imm categories

Implement FCVTZS and FCVTZU in the shift-imm and scalar-shift-imm
categories; this completes the implementation of those two groups.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-19-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Handle saturating left shifts SQSHL, SQSHLU, UQSHL
Peter Maydell [Mon, 17 Mar 2014 16:31:51 +0000 (16:31 +0000)] 
target-arm: A64: Handle saturating left shifts SQSHL, SQSHLU, UQSHL

Implement the saturating left shift instructions SQSHL, SQSHLU
and UQSHL for the scalar-shift-imm and shift-imm categories.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-18-git-send-email-peter.maydell@linaro.org