qemu.git
6 years agonet: add checks to validate ring buffer pointers(CVE-2015-5279)
P J P [Tue, 15 Sep 2015 11:10:49 +0000 (16:40 +0530)] 
net: add checks to validate ring buffer pointers(CVE-2015-5279)

Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, which could lead to a
memory buffer overflow. Added other checks at initialisation.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
6 years agoe1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815)
P J P [Fri, 4 Sep 2015 16:21:06 +0000 (17:21 +0100)] 
e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815)

While processing transmit descriptors, it could lead to an infinite
loop if 'bytes' was to become zero; Add a check to avoid it.

[The guest can force 'bytes' to 0 by setting the hdr_len and mss
descriptor fields to 0.
--Stefan]

Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1441383666-6590-1-git-send-email-stefanha@redhat.com

6 years agoqapi: Fix cgen() for Python older than 2.7
Markus Armbruster [Mon, 7 Sep 2015 15:45:55 +0000 (17:45 +0200)] 
qapi: Fix cgen() for Python older than 2.7

A feature new in Python 2.7 crept into commit 77e703b: re.subn()'s
fifth argument.  Avoid that, use re.compile().

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 1441640755-23902-1-git-send-email-armbru@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agoMerge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Peter Maydell [Mon, 14 Sep 2015 15:13:16 +0000 (16:13 +0100)] 
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Support for jemalloc
* qemu_mutex_lock_iothread "No such process" fix
* cutils: qemu_strto* wrappers
* iohandler.c simplification
* Many other fixes and misc patches.

And some MTTCG work (with Emilio's fixes squashed):
* Signal-free TCG kick
* Removing spinlock in favor of QemuMutex
* User-mode emulation multi-threading fixes/docs

# gpg: Signature made Thu 10 Sep 2015 09:03:07 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream: (44 commits)
  cutils: work around platform differences in strto{l,ul,ll,ull}
  cpu-exec: fix lock hierarchy for user-mode emulation
  exec: make mmap_lock/mmap_unlock globally available
  tcg: comment on which functions have to be called with mmap_lock held
  tcg: add memory barriers in page_find_alloc accesses
  remove unused spinlock.
  replace spinlock by QemuMutex.
  cpus: remove tcg_halt_cond and tcg_cpu_thread globals
  cpus: protect work list with work_mutex
  scripts/dump-guest-memory.py: fix after RAMBlock change
  configure: Add support for jemalloc
  add macro file for coccinelle
  configure: factor out adding disas configure
  vhost-scsi: fix wrong vhost-scsi firmware path
  checkpatch: remove tests that are not relevant outside the kernel
  checkpatch: adapt some tests to QEMU
  CODING_STYLE: update mixed declaration rules
  qmp: Add example usage of strto*l() qemu wrapper
  cutils: Add qemu_strtoull() wrapper
  cutils: Add qemu_strtoll() wrapper
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150914' into...
Peter Maydell [Mon, 14 Sep 2015 13:57:50 +0000 (14:57 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150914' into staging

target-arm queue:
 * fix GIC region size in xlnx-zynqmp
 * xlnx-zynqmp: Remove unnecessary brackets
 * improve A64 generated TCG code
 * add GPIO devices to i.MX25 and i.MX31
 * more missing pieces for EL2 support

# gpg: Signature made Mon 14 Sep 2015 14:51:12 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"

* remotes/pmaydell/tags/pull-target-arm-20150914: (24 commits)
  target-arm: Add VMPIDR_EL2
  target-arm: Break out mpidr_read_val()
  target-arm: Add VPIDR_EL2
  target-arm: Suppress EPD for S2, EL2 and EL3 translations
  target-arm: Suppress TBI for S2 translations
  target-arm: Add VTTBR_EL2
  target-arm: Add VTCR_EL2
  hw/cpu/{a15mpcore, a9mpcore}: Handle missing has_el3 CPU props gracefully
  i.MX: Add GPIO devices to i.MX25 SOC
  i.MX: Add GPIO devices to i.MX31 SOC
  i.MX: Add GPIO device
  target-arm: Use tcg_gen_extrh_i64_i32
  target-arm: Recognize ROR
  target-arm: Eliminate unnecessary zero-extend in disas_bitfield
  target-arm: Recognize UXTB, UXTH, LSR, LSL
  target-arm: Recognize SXTB, SXTH, SXTW, ASR
  target-arm: Implement fcsel with movcond
  target-arm: Implement ccmp branchless
  target-arm: Use setcond and movcond for csel
  target-arm: Handle always condition codes within arm_test_cc
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Add VMPIDR_EL2
Edgar E. Iglesias [Mon, 14 Sep 2015 13:39:51 +0000 (14:39 +0100)] 
target-arm: Add VMPIDR_EL2

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1442135278-25281-9-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Break out mpidr_read_val()
Edgar E. Iglesias [Mon, 14 Sep 2015 13:39:51 +0000 (14:39 +0100)] 
target-arm: Break out mpidr_read_val()

Break out mpidr_read_val() to allow future sharing of the
code that conditionally sets the M and U bits of MPIDR.

No functional changes.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1442135278-25281-8-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Add VPIDR_EL2
Edgar E. Iglesias [Mon, 14 Sep 2015 13:39:50 +0000 (14:39 +0100)] 
target-arm: Add VPIDR_EL2

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1442135278-25281-7-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Suppress EPD for S2, EL2 and EL3 translations
Edgar E. Iglesias [Mon, 14 Sep 2015 13:39:50 +0000 (14:39 +0100)] 
target-arm: Suppress EPD for S2, EL2 and EL3 translations

Stage-2 translations, EL2 and EL3 regimes don't have the
EPD control.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1442135278-25281-6-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Suppress TBI for S2 translations
Edgar E. Iglesias [Mon, 14 Sep 2015 13:39:50 +0000 (14:39 +0100)] 
target-arm: Suppress TBI for S2 translations

Stage-2 MMU translations do not have configurable TBI as
the top byte is always 0 (48-bit IPAs).

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1442135278-25281-5-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Add VTTBR_EL2
Edgar E. Iglesias [Mon, 14 Sep 2015 13:39:50 +0000 (14:39 +0100)] 
target-arm: Add VTTBR_EL2

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1442135278-25281-4-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Add VTCR_EL2
Edgar E. Iglesias [Mon, 14 Sep 2015 13:39:50 +0000 (14:39 +0100)] 
target-arm: Add VTCR_EL2

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1442135278-25281-3-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: fixed typo in comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agohw/cpu/{a15mpcore, a9mpcore}: Handle missing has_el3 CPU props gracefully
Edgar E. Iglesias [Mon, 14 Sep 2015 13:39:49 +0000 (14:39 +0100)] 
hw/cpu/{a15mpcore, a9mpcore}: Handle missing has_el3 CPU props gracefully

Handle missing CPU support for EL3 gracefully.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1442135278-25281-2-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agoi.MX: Add GPIO devices to i.MX25 SOC
Jean-Christophe Dubois [Mon, 14 Sep 2015 13:39:49 +0000 (14:39 +0100)] 
i.MX: Add GPIO devices to i.MX25 SOC

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 2eb129ba8713aedfe877eaa3d8de80061d880fbb.1441828793.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agoi.MX: Add GPIO devices to i.MX31 SOC
Jean-Christophe Dubois [Mon, 14 Sep 2015 13:39:49 +0000 (14:39 +0100)] 
i.MX: Add GPIO devices to i.MX31 SOC

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 60b67c9a8b948159f4b4163ead86fbf701c011c6.1441828793.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agoi.MX: Add GPIO device
Jean-Christophe Dubois [Mon, 14 Sep 2015 13:39:49 +0000 (14:39 +0100)] 
i.MX: Add GPIO device

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 5ea3b0021e47cf7f7d883a7edbabee44980f3df7.1441828793.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Use tcg_gen_extrh_i64_i32
Richard Henderson [Mon, 14 Sep 2015 13:39:49 +0000 (14:39 +0100)] 
target-arm: Use tcg_gen_extrh_i64_i32

Usually, eliminate an operation from the translator by combining
a shift with an extract.

In the case of gen_set_NZ64, we don't need a boolean value for cpu_ZF,
merely a non-zero value.  Given that we can extract both halves of a
64-bit input in one call, this simplifies the code.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-12-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Recognize ROR
Richard Henderson [Mon, 14 Sep 2015 13:39:49 +0000 (14:39 +0100)] 
target-arm: Recognize ROR

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-11-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Eliminate unnecessary zero-extend in disas_bitfield
Richard Henderson [Mon, 14 Sep 2015 13:39:48 +0000 (14:39 +0100)] 
target-arm: Eliminate unnecessary zero-extend in disas_bitfield

For !SF, this initial ext32u can't be optimized away by the
current TCG code generator.  (It would require backward bit
liveness propagation.)

But since the range of bits for !SF are already constrained by
unallocated_encoding, we'll never reference the high bits anyway.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-10-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Recognize UXTB, UXTH, LSR, LSL
Richard Henderson [Mon, 14 Sep 2015 13:39:48 +0000 (14:39 +0100)] 
target-arm: Recognize UXTB, UXTH, LSR, LSL

These are all special case aliases of UBFM.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-9-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Recognize SXTB, SXTH, SXTW, ASR
Richard Henderson [Mon, 14 Sep 2015 13:39:48 +0000 (14:39 +0100)] 
target-arm: Recognize SXTB, SXTH, SXTW, ASR

These are all special case aliases of SBFM.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-8-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Implement fcsel with movcond
Richard Henderson [Mon, 14 Sep 2015 13:39:48 +0000 (14:39 +0100)] 
target-arm: Implement fcsel with movcond

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-7-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Implement ccmp branchless
Richard Henderson [Mon, 14 Sep 2015 13:39:48 +0000 (14:39 +0100)] 
target-arm: Implement ccmp branchless

This can allow much of a ccmp to be elided when particular
flags are subsequently dead.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-6-git-send-email-rth@twiddle.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Use setcond and movcond for csel
Richard Henderson [Mon, 14 Sep 2015 13:39:47 +0000 (14:39 +0100)] 
target-arm: Use setcond and movcond for csel

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-5-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Handle always condition codes within arm_test_cc
Richard Henderson [Mon, 14 Sep 2015 13:39:47 +0000 (14:39 +0100)] 
target-arm: Handle always condition codes within arm_test_cc

Handling this with TCG_COND_ALWAYS will allow these unlikely
cases to be handled without special cases in the rest of the
translator.  The TCG optimizer ought to be able to reduce
these ALWAYS conditions completely.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-4-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Introduce DisasCompare
Richard Henderson [Mon, 14 Sep 2015 13:39:47 +0000 (14:39 +0100)] 
target-arm: Introduce DisasCompare

Split arm_gen_test_cc into 3 functions, so that it can be reused
for non-branch TCG comparisons.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-3-git-send-email-rth@twiddle.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agotarget-arm: Share all common TCG temporaries
Richard Henderson [Mon, 14 Sep 2015 13:39:47 +0000 (14:39 +0100)] 
target-arm: Share all common TCG temporaries

This is a bug fix for aarch64.  At present, we have branches using
the 32-bit (translate.c) versions of cpu_[NZCV]F, but we set the flags
using the 64-bit (translate-a64.c) versions of cpu_[NZCV]F.  From
the view of the TCG code generator, these are unrelated variables.

The bug is hard to see because we currently only read these variables
from branches, and upon reaching a branch TCG will first spill live
variables and then reload the arguments of the branch.  Since the
32-bit versions were never live until reaching the branch, we'd re-read
the data that had just been spilled from the 64-bit versions.

There is currently no such problem with the cpu_exclusive_* variables,
but there's no point in tempting fate.

Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-2-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agoxlnx-zynqmp: Remove unnecessary brackets around error messages
Alistair Francis [Mon, 14 Sep 2015 13:39:47 +0000 (14:39 +0100)] 
xlnx-zynqmp: Remove unnecessary brackets around error messages

The errp and err variable have unnecessary brackets around them,
so remove the brackets.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 9900393572b63f2ec3d68785ca98193d81e0ac71.1441758563.git.alistair.francis@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agoarm: xlnx-zynqmp: Fix up GIC region size
Nathan Rossi [Mon, 14 Sep 2015 13:39:47 +0000 (14:39 +0100)] 
arm: xlnx-zynqmp: Fix up GIC region size

The GIC in ZynqMP cover a 64K address space, however the actual
registers are decoded within a 4K address space and mirrored at the 4K
boundaries. This change fixes the defined size for these regions as it
was set to 0x4000/16K incorrectly.

Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441719672-25296-1-git-send-email-nathan@nathanrossi.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agoMerge remote-tracking branch 'remotes/aurel/tags/pull-sh4-next-20150913' into staging
Peter Maydell [Mon, 14 Sep 2015 09:46:38 +0000 (10:46 +0100)] 
Merge remote-tracking branch 'remotes/aurel/tags/pull-sh4-next-20150913' into staging

sh4-next:

- TCG optimizations
- fix initramfs endianness issue

# gpg: Signature made Sun 13 Sep 2015 22:16:12 BST using RSA key ID 1DDD8C9B
# gpg: Good signature from "Aurelien Jarno <aurelien@aurel32.net>"
# gpg:                 aka "Aurelien Jarno <aurelien@jarno.fr>"
# gpg:                 aka "Aurelien Jarno <aurel32@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7746 2642 A9EF 94FD 0F77  196D BA9C 7806 1DDD 8C9B

* remotes/aurel/tags/pull-sh4-next-20150913:
  sh4: Fix initramfs initialization for endiannes-mismatched targets
  target-sh4: improve shad instruction
  target-sh4: improve shld instruction
  target-sh4: improve cmp/str instruction
  target-sh4: use deposit in swap.b instruction
  target-sh4: add flags markups for FP helpers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agosh4: Fix initramfs initialization for endiannes-mismatched targets
Guenter Roeck [Wed, 12 Aug 2015 14:20:36 +0000 (07:20 -0700)] 
sh4: Fix initramfs initialization for endiannes-mismatched targets

If host and target endianness does not match, loding an initramfs does not work.
Fix by writing boot parameters with appropriate endianness conversion.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
6 years agotarget-sh4: improve shad instruction
Aurelien Jarno [Sun, 5 Jul 2015 20:39:03 +0000 (22:39 +0200)] 
target-sh4: improve shad instruction

The SH4 shad instruction can shift in both direction, depending on the
sign of the shift. This is currently implemented using branches, which
is not really efficient and prevents the optimizer to do its job. In
practice it is often used with a constant loaded in a register just
before.

Simplify the implementation by computing both the value shifted to the
left and to the right, and then selecting the correct one with a
movcond. As with a negative value the shift amount can go up to 32 which
is undefined, we shift the value in two steps.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
6 years agotarget-sh4: improve shld instruction
Aurelien Jarno [Sun, 5 Jul 2015 20:37:18 +0000 (22:37 +0200)] 
target-sh4: improve shld instruction

The SH4 shld instruction can shift in both direction, depending on the
sign of the shift. This is currently implemented using branches, which
is not really efficient and prevents the optimizer to do its job. In
practice it is often used with a constant loaded in a register just
before.

Simplify the implementation by computing both the value shifted to the
left and to the right, and then selecting the correct one with a
movcond. As with a negative value the shift amount can go up to 32 which
is undefined, we shift the value in two steps.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
6 years agotarget-sh4: improve cmp/str instruction
Aurelien Jarno [Sun, 5 Jul 2015 16:50:09 +0000 (18:50 +0200)] 
target-sh4: improve cmp/str instruction

Instead of testing bytes one by one, we can use the following trick
from https://graphics.stanford.edu/~seander/bithacks.html:

  haszero(v) = (v - 0x01010101) & ~v & 0x80808080

The subexpression v - 0x01010101, evaluates to a high bit set in any
byte whenever the corresponding byte in v is zero or greater than 0x80.
The sub-expression ~v & 0x80808080 evaluates to high bits set in bytes
where the byte of v doesn't have its high bit set (so the byte was less
than 0x80). Finally, by ANDing these two sub-expressions the result is
the high bits set where the bytes in v were zero, since the high bits
set due to a value greater than 0x80 in the first sub-expression are
masked off by the second.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
6 years agotarget-sh4: use deposit in swap.b instruction
Aurelien Jarno [Sun, 5 Jul 2015 15:05:08 +0000 (17:05 +0200)] 
target-sh4: use deposit in swap.b instruction

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
6 years agotarget-sh4: add flags markups for FP helpers
Aurelien Jarno [Wed, 17 Jun 2015 10:53:13 +0000 (12:53 +0200)] 
target-sh4: add flags markups for FP helpers

Most floating point helpers can trigger an exception, but don't change
the globals. Mark these helpers as TCG_CALL_NO_WG.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
6 years agoMerge remote-tracking branch 'remotes/rth/tags/pull-tcg-20150911' into staging
Peter Maydell [Fri, 11 Sep 2015 17:01:56 +0000 (18:01 +0100)] 
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20150911' into staging

queued tcg related patches

# gpg: Signature made Fri 11 Sep 2015 16:17:00 BST using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/pull-tcg-20150911:
  cpu-exec: introduce loop exit with restore function
  softmmu: remove now unused functions
  softmmu: add helper function to pass through retaddr
  tlb: Add "ifetch" argument to cpu_mmu_index()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agoscripts/qemu-gdb: Add brief comment describing usage
Peter Maydell [Fri, 14 Aug 2015 17:46:32 +0000 (18:46 +0100)] 
scripts/qemu-gdb: Add brief comment describing usage

Add a brief comment describing how to use the debug support
from GDB.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1439574392-4403-5-git-send-email-peter.maydell@linaro.org

6 years agoscripts/qemu-gdb: Silently pass through SIGUSR1
Peter Maydell [Fri, 14 Aug 2015 17:46:31 +0000 (18:46 +0100)] 
scripts/qemu-gdb: Silently pass through SIGUSR1

SIGUSR1 is QEMU's IPI signal, and it gets sent a lot, so is
best silently passed through to the guest without stopping.
Make qemu-gdb.py do this bit of configuration for the user.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1439574392-4403-4-git-send-email-peter.maydell@linaro.org

6 years agoscripts/qemu-gdb: Split CoroutineCommand into its own file
Peter Maydell [Fri, 14 Aug 2015 17:46:30 +0000 (18:46 +0100)] 
scripts/qemu-gdb: Split CoroutineCommand into its own file

Split the implementation of CoroutineCommand into its own file.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1439574392-4403-3-git-send-email-peter.maydell@linaro.org

6 years agoscripts/qemu-gdb: Split MtreeCommand into its own module
Peter Maydell [Fri, 14 Aug 2015 17:46:29 +0000 (18:46 +0100)] 
scripts/qemu-gdb: Split MtreeCommand into its own module

As we add more commands to our Python gdb debugging support, it's
going to get unwieldy to have everything in a single file. Split
the implementation of the 'mtree' command from qemu-gdb.py into
its own module.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1439574392-4403-2-git-send-email-peter.maydell@linaro.org

6 years agocpu-exec: introduce loop exit with restore function
Pavel Dovgalyuk [Fri, 10 Jul 2015 09:57:02 +0000 (12:57 +0300)] 
cpu-exec: introduce loop exit with restore function

This patch introduces loop exit function, which also
restores guest CPU state according to the value of host
program counter.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <20150710095702.13280.97477.stgit@PASHA-ISP>
Signed-off-by: Richard Henderson <rth@twiddle.net>
6 years agosoftmmu: remove now unused functions
Pavel Dovgalyuk [Fri, 10 Jul 2015 09:56:56 +0000 (12:56 +0300)] 
softmmu: remove now unused functions

Now that the cpu_ld/st_* function directly call helper_ret_ld/st, we can
drop the old helper_ld/st functions.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <20150710095656.13280.7085.stgit@PASHA-ISP>
Signed-off-by: Richard Henderson <rth@twiddle.net>
6 years agosoftmmu: add helper function to pass through retaddr
Pavel Dovgalyuk [Fri, 10 Jul 2015 09:56:50 +0000 (12:56 +0300)] 
softmmu: add helper function to pass through retaddr

This patch introduces several helpers to pass return address
which points to the TB. Correct return address allows correct
restoring of the guest PC and icount. These functions should be used when
helpers embedded into TB invoke memory operations.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <20150710095650.13280.32255.stgit@PASHA-ISP>
Signed-off-by: Richard Henderson <rth@twiddle.net>
6 years agotlb: Add "ifetch" argument to cpu_mmu_index()
Benjamin Herrenschmidt [Mon, 17 Aug 2015 07:34:10 +0000 (17:34 +1000)] 
tlb: Add "ifetch" argument to cpu_mmu_index()

This is set to true when the index is for an instruction fetch
translation.

The core get_page_addr_code() sets it, as do the SOFTMMU_CODE_ACCESS
acessors.

All targets ignore it for now, and all other callers pass "false".

This will allow targets who wish to split the mmu index between
instruction and data accesses to do so. A subsequent patch will
do just that for PowerPC.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Message-Id: <1439796853-4410-2-git-send-email-benh@kernel.crashing.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
6 years agoMerge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2015-09-11' into...
Peter Maydell [Fri, 11 Sep 2015 11:07:29 +0000 (12:07 +0100)] 
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2015-09-11' into staging

trivial patches for 2015-09-11

# gpg: Signature made Fri 11 Sep 2015 12:02:43 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"

* remotes/mjt/tags/pull-trivial-patches-2015-09-11: (26 commits)
  virtio-vga: enable for i386
  hw/arm/spitz: Remove meaningless blank Property
  hw/gpio/zaurus: Remove meaningless blank Property
  hw/virtio/virtio-pci: Remove meaningless blank Property
  hw/s390x/s390-virtio-bus: Remove meaningless blank Property
  typofixes - v4
  qapi-schema: remove legacy<> from doc
  disas/microblaze: Remove unused code
  help: dd missing newline
  Target-ppc: Remove unnecessary variable
  baum: Fix build with debugging enabled
  linux-user: Fix warnings caused by missing 'static' attribute
  opts: produce valid command line in qemu_opts_print
  docs: fix a qga/qapi-schema.json comment
  trivial: remove trailing newline from error_report
  maint: avoid useless "if (foo) free(foo)" pattern
  maint: avoid useless "if (foo) free(foo)" pattern
  maint: remove unused include for strings.h
  maint: remove unused include for signal.h
  maint: remove unused include for dirent.h
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agovirtio-vga: enable for i386
Gerd Hoffmann [Mon, 13 Jul 2015 11:58:46 +0000 (13:58 +0200)] 
virtio-vga: enable for i386

This one just syncs x86_64 and i386.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-trivial@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agohw/arm/spitz: Remove meaningless blank Property
Shannon Zhao [Tue, 12 May 2015 02:25:20 +0000 (10:25 +0800)] 
hw/arm/spitz: Remove meaningless blank Property

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agohw/gpio/zaurus: Remove meaningless blank Property
Shannon Zhao [Tue, 12 May 2015 02:25:19 +0000 (10:25 +0800)] 
hw/gpio/zaurus: Remove meaningless blank Property

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agohw/virtio/virtio-pci: Remove meaningless blank Property
Shannon Zhao [Tue, 12 May 2015 02:25:18 +0000 (10:25 +0800)] 
hw/virtio/virtio-pci: Remove meaningless blank Property

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agohw/s390x/s390-virtio-bus: Remove meaningless blank Property
Shannon Zhao [Tue, 12 May 2015 02:25:16 +0000 (10:25 +0800)] 
hw/s390x/s390-virtio-bus: Remove meaningless blank Property

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agotypofixes - v4
Veres Lajos [Tue, 8 Sep 2015 21:45:14 +0000 (22:45 +0100)] 
typofixes - v4

Signed-off-by: Veres Lajos <vlajos@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agoqapi-schema: remove legacy<> from doc
Marc-André Lureau [Fri, 4 Sep 2015 19:41:01 +0000 (21:41 +0200)] 
qapi-schema: remove legacy<> from doc

The legacy<> type is no longer used since 7ce7ffe02.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agodisas/microblaze: Remove unused code
Stefan Weil [Sat, 29 Aug 2015 07:44:33 +0000 (09:44 +0200)] 
disas/microblaze: Remove unused code

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agohelp: dd missing newline
Laurent Vivier [Fri, 4 Sep 2015 19:30:04 +0000 (21:30 +0200)] 
help: dd missing newline

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agoTarget-ppc: Remove unnecessary variable
Shraddha Barke [Fri, 4 Sep 2015 19:20:28 +0000 (00:50 +0530)] 
Target-ppc: Remove unnecessary variable

Compress lines and remove the variable ret.

Change made using Coccinelle script

@@
expression ret;
@@
- if (ret) return ret;
- return 0;
+ return ret;
@@
local idexpression ret;
expression e;
@@
- ret = e;
- return ret;
+ return e;
@@
type T; identifier i;
@@
- T i;
... when != i

Signed-off-by: Shraddha Barke <shraddha.6596@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agobaum: Fix build with debugging enabled
Samuel Thibault [Sun, 30 Aug 2015 15:12:13 +0000 (17:12 +0200)] 
baum: Fix build with debugging enabled

cur and buf are pointers, so the difference is a ptrdiff_t

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agolinux-user: Fix warnings caused by missing 'static' attribute
Stefan Weil [Sat, 29 Aug 2015 07:29:52 +0000 (09:29 +0200)] 
linux-user: Fix warnings caused by missing 'static' attribute

Warnings from the Sparse static analysis tool:

linux-user/main.c:40:12: warning:
 symbol 'filename' was not declared. Should it be static?
linux-user/main.c:41:12: warning:
 symbol 'argv0' was not declared. Should it be static?
linux-user/main.c:42:5: warning:
 symbol 'gdbstub_port' was not declared. Should it be static?
linux-user/main.c:43:11: warning:
 symbol 'envlist' was not declared. Should it be static?

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agoopts: produce valid command line in qemu_opts_print
Kővágó, Zoltán [Tue, 7 Jul 2015 14:42:10 +0000 (16:42 +0200)] 
opts: produce valid command line in qemu_opts_print

This will let us print options in a format that the user would actually
write it on the command line (foo=bar,baz=asd,etc=def), without
prepending a spurious comma at the beginning of the list, or quoting
values unnecessarily.  This patch provides the following changes:
* write and id=, if the option has an id
* do not print separator before the first element
* do not quote string arguments
* properly escape commas (,) for QEMU

Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agodocs: fix a qga/qapi-schema.json comment
Marc-André Lureau [Thu, 27 Aug 2015 10:48:35 +0000 (12:48 +0200)] 
docs: fix a qga/qapi-schema.json comment

For consistency with the rest of the comment blocks.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agotrivial: remove trailing newline from error_report
John Snow [Mon, 29 Jun 2015 20:56:26 +0000 (16:56 -0400)] 
trivial: remove trailing newline from error_report

Minor cleanup.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agomaint: avoid useless "if (foo) free(foo)" pattern
Markus Armbruster [Wed, 26 Aug 2015 12:02:53 +0000 (14:02 +0200)] 
maint: avoid useless "if (foo) free(foo)" pattern

My Coccinelle semantic patch finds a few more, because it also fixes up
the equally pointless conditional

    if (foo) {
        free(foo);
        foo = NULL;
    }

Result (feel free to squash it into your patch):

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agomaint: avoid useless "if (foo) free(foo)" pattern
Daniel P. Berrange [Wed, 26 Aug 2015 11:17:18 +0000 (12:17 +0100)] 
maint: avoid useless "if (foo) free(foo)" pattern

The free() and g_free() functions both happily accept
NULL on any platform QEMU builds on. As such putting a
conditional 'if (foo)' check before calls to 'free(foo)'
merely serves to bloat the lines of code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agomaint: remove unused include for strings.h
Daniel P. Berrange [Wed, 26 Aug 2015 11:17:17 +0000 (12:17 +0100)] 
maint: remove unused include for strings.h

A number of files were including strings.h but not using any
of the functions it provides

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agomaint: remove unused include for signal.h
Daniel P. Berrange [Wed, 26 Aug 2015 11:17:16 +0000 (12:17 +0100)] 
maint: remove unused include for signal.h

A number of files were including signal.h but not using any
of the functions it provides

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agomaint: remove unused include for dirent.h
Daniel P. Berrange [Wed, 26 Aug 2015 11:17:15 +0000 (12:17 +0100)] 
maint: remove unused include for dirent.h

A number of files were including dirent.h but not using any
of the functions it provides

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agomaint: remove unused include for assert.h
Daniel P. Berrange [Wed, 26 Aug 2015 11:17:14 +0000 (12:17 +0100)] 
maint: remove unused include for assert.h

A number of files were including assert.h but not using any
of the functions it provides

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agomaint: remove / fix many doubled words
Daniel P. Berrange [Wed, 26 Aug 2015 11:17:13 +0000 (12:17 +0100)] 
maint: remove / fix many doubled words

Many source files have doubled words (eg "the the", "to to",
and so on). Most of these can simply be removed, but a couple
were actual mis-spellings (eg "to to" instead of "to do").
There was even one triple word score "to to to" :-)

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agomaint: remove double semicolons in many files
Daniel P. Berrange [Wed, 26 Aug 2015 11:17:12 +0000 (12:17 +0100)] 
maint: remove double semicolons in many files

A number of source files have statements accidentally
terminated by a double semicolon - eg 'foo = bar;;'.
This is harmless but a mistake none the less.

The tcg/ia64/tcg-target.c file is whitelisted because
it has valid use of ';;' in a comment containing assembly
code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agoi6300esb: fix timer overflow
Laurent Vivier [Tue, 4 Aug 2015 08:27:31 +0000 (10:27 +0200)] 
i6300esb: fix timer overflow

We use muldiv64() to compute the time to wait:

    timeout = muldiv64(get_ticks_per_sec(), timeout, 33000000);

but get_ticks_per_sec() is 10^9 (30 bit value) and timeout
is a 35 bit value.

Whereas muldiv64 is:

    uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c)

So we loose 3 bits of timeout.

Swapping get_ticks_per_sec() and timeout fixes it.

We can also replace it by a multiplication by 30 ns,
but this changes PCI clock frequency from 33MHz to 33.333333MHz
and we need to do this on all the QEMU PCI devices (later...)

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agoTrivial: fix commandline help message
Andrey Korolyov [Fri, 31 Jul 2015 19:12:54 +0000 (22:12 +0300)] 
Trivial: fix commandline help message

Fix obvious typo in printed help for qemu-nbd.

Signed-off-by: Andrey Korolyov <andrey@xdel.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agoUpdate language files for QEMU 2.4.0
Stefan Weil [Thu, 30 Jul 2015 05:46:43 +0000 (07:46 +0200)] 
Update language files for QEMU 2.4.0

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
6 years agoMerge remote-tracking branch 'remotes/sstabellini/tags/xen-2015-09-10-tag' into staging
Peter Maydell [Thu, 10 Sep 2015 17:25:52 +0000 (18:25 +0100)] 
Merge remote-tracking branch 'remotes/sstabellini/tags/xen-2015-09-10-tag' into staging

xen-2015-09-10

# gpg: Signature made Thu 10 Sep 2015 17:52:08 BST using RSA key ID 70E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"

* remotes/sstabellini/tags/xen-2015-09-10-tag: (29 commits)
  xen/pt: Don't slurp wholesale the PCI configuration registers
  xen/pt: Check for return values for xen_host_pci_[get|set] in init
  xen/pt: Move bulk of xen_pt_unregister_device in its own routine.
  xen/pt: Make xen_pt_unregister_device idempotent
  xen/pt: Log xen_host_pci_get/set errors in MSI code.
  xen/pt: Log xen_host_pci_get in two init functions
  xen/pt: Remove XenPTReg->data field.
  xen/pt: Check if reg->init function sets the 'data' past the reg->size
  xen/pt: Sync up the dev.config and data values.
  xen/pt: Use xen_host_pci_get_[byte|word] instead of dev.config
  xen/pt: Use XEN_PT_LOG properly to guard against compiler warnings.
  xen/pt/msi: Add the register value when printing logging and error messages
  xen: use errno instead of rc for xc_domain_add_to_physmap
  xen/pt: xen_host_pci_config_read returns -errno, not -1 on failure
  xen/pt: Make xen_pt_msi_set_enable static
  xen/pt: Update comments with proper function name.
  xen/HVM: atomically access pointers in bufioreq handling
  xen-hvm: When using xc_domain_add_to_physmap also include errno when reporting
  xen, gfx passthrough: add opregion mapping
  xen, gfx passthrough: register host bridge specific to passthrough
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agoxen/pt: Don't slurp wholesale the PCI configuration registers
Konrad Rzeszutek Wilk [Wed, 8 Jul 2015 19:58:41 +0000 (15:58 -0400)] 
xen/pt: Don't slurp wholesale the PCI configuration registers

Instead we have the emulation registers ->init functions which
consult the host values to see what the initial value should be
and they are responsible for populating the dev.config.

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: Check for return values for xen_host_pci_[get|set] in init
Konrad Rzeszutek Wilk [Thu, 2 Jul 2015 18:33:44 +0000 (14:33 -0400)] 
xen/pt: Check for return values for xen_host_pci_[get|set] in init

and if we have failures we call xen_pt_destroy introduced in
'xen/pt: Move bulk of xen_pt_unregister_device in its own routine.'
and free all of the allocated structures.

Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: Move bulk of xen_pt_unregister_device in its own routine.
Konrad Rzeszutek Wilk [Tue, 8 Sep 2015 20:21:59 +0000 (16:21 -0400)] 
xen/pt: Move bulk of xen_pt_unregister_device in its own routine.

This way we can call it if we fail during init.

This code movement introduces no changes.

Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: Make xen_pt_unregister_device idempotent
Konrad Rzeszutek Wilk [Tue, 8 Sep 2015 20:21:29 +0000 (16:21 -0400)] 
xen/pt: Make xen_pt_unregister_device idempotent

To deal with xen_host_pci_[set|get]_ functions returning error values
and clearing ourselves in the init function we should make the
.exit (xen_pt_unregister_device) function be idempotent in case
the generic code starts calling .exit (or for fun does it before
calling .init!).

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: Log xen_host_pci_get/set errors in MSI code.
Konrad Rzeszutek Wilk [Wed, 24 Jun 2015 21:27:40 +0000 (17:27 -0400)] 
xen/pt: Log xen_host_pci_get/set errors in MSI code.

We seem to only use these functions when de-activating the
MSI - so just log errors.

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: Log xen_host_pci_get in two init functions
Konrad Rzeszutek Wilk [Wed, 24 Jun 2015 21:18:26 +0000 (17:18 -0400)] 
xen/pt: Log xen_host_pci_get in two init functions

To help with troubleshooting in the field.

Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: Remove XenPTReg->data field.
Konrad Rzeszutek Wilk [Wed, 1 Jul 2015 19:41:33 +0000 (15:41 -0400)] 
xen/pt: Remove XenPTReg->data field.

We do not want to have two entries to cache the guest configuration
registers: XenPTReg->data and dev.config. Instead we want to use
only the dev.config.

To do without much complications we rip out the ->data field
and replace it with an pointer to the dev.config. This way we
have the type-checking (uint8_t, uint16_t, etc) and as well
and pre-computed location.

Alternatively we could compute the offset in dev.config by
using the XenPTRRegInfo and XenPTRegGroup every time but
this way we have the pre-computed values.

This change also exposes some mis-use:
 - In 'xen_pt_status_reg_init' we used u32 for the Capabilities Pointer
   register, but said register is an an u16.
 - In 'xen_pt_msgdata_reg_write' we used u32 but should have only use u16.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: Check if reg->init function sets the 'data' past the reg->size
Konrad Rzeszutek Wilk [Mon, 29 Jun 2015 20:41:14 +0000 (16:41 -0400)] 
xen/pt: Check if reg->init function sets the 'data' past the reg->size

It should never happen, but in case it does (an developer adds
a new register and the 'init_val' expands past the register
size) we want to report. The code will only write up to
reg->size so there is no runtime danger of the register spilling
across other ones - however to catch this sort of thing
we still return an error.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: Sync up the dev.config and data values.
Konrad Rzeszutek Wilk [Mon, 29 Jun 2015 20:24:40 +0000 (16:24 -0400)] 
xen/pt: Sync up the dev.config and data values.

For a passthrough device we maintain a state of emulated
registers value contained within d->config. We also consult
the host registers (and apply ro and write masks) whenever
the guest access the registers. This is done in xen_pt_pci_write_config
and xen_pt_pci_read_config.

Also in this picture we call pci_default_write_config which
updates the d->config and if the d->config[PCI_COMMAND] register
has PCI_COMMAND_MEMORY (or PCI_COMMAND_IO) acts on those changes.

On startup the d->config[PCI_COMMAND] are the host values, not
what the guest initial values should be, which is exactly what
we do _not_ want to do for 64-bit BARs when the guest just wants
to read the size of the BAR. Huh you say?

To get the size of 64-bit memory space BARs,  the guest has
to calculate ((BAR[x] & 0xFFFFFFF0) + ((BAR[x+1] & 0xFFFFFFFF) << 32))
which means it has to do two writes of ~0 to BARx and BARx+1.

prior to this patch and with XSA120-addendum patch (Linux kernel)
the PCI_COMMAND register is copied from the host it can have
PCI_COMMAND_MEMORY bit set which means that QEMU will try to
update the hypervisor's P2M with BARx+1 value to ~0 (0xffffffff)
(to sync the guest state to host) instead of just having
xen_pt_pci_write_config and xen_pt_bar_reg_write apply the
proper masks and return the size to the guest.

To thwart this, this patch syncs up the host values with the
guest values taking into account the emu_mask (bit set means
we emulate, PCI_COMMAND_MEMORY and PCI_COMMAND_IO are set).
That is we copy the host values - masking out any bits which
we will emulate. Then merge it with the initial emulation register
values. Lastly this value is then copied both in
dev.config _and_ XenPTReg->data field.

There is also reg->size accounting taken into consideration
that ends up being used in patch.
 xen/pt: Check if reg->init function sets the 'data' past the reg->size

This fixes errors such as these:

(XEN) memory_map:add: dom2 gfn=fffe0 mfn=fbce0 nr=20
(DEBUG) 189 pci dev 04:0 BAR16 wrote ~0.
(DEBUG) 200 pci dev 04:0 BAR16 read 0x0fffe0004.
(XEN) memory_map:remove: dom2 gfn=fffe0 mfn=fbce0 nr=20
(DEBUG) 204 pci dev 04:0 BAR16 wrote 0x0fffe0004.
(DEBUG) 217 pci dev 04:0 BAR16 read upper 0x000000000.
(XEN) memory_map:add: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20
(XEN) p2m.c:883:d0v0 p2m_set_entry failed! mfn=ffffffffffffffff rc:-22
(XEN) memory_map:fail: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20 ret:-22
(XEN) memory_map:remove: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20
(XEN) p2m.c:920:d0v0 gfn_to_mfn failed! gfn=ffffffff00000 type:4
(XEN) p2m.c:920:d0v0 gfn_to_mfn failed! gfn=ffffffff00001 type:4
..
(XEN) memory_map: error -22 removing dom2 access to [fbce0,fbcff]
(DEBUG) 222 pci dev 04:0 BAR16 read upper 0x0ffffffff.
(XEN) memory_map:remove: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20
(XEN) memory_map: error -22 removing dom2 access to [fbce0,fbcff]

[The DEBUG is to illustate what the hvmloader was doing]

Also we swap from xen_host_pci_long to using xen_host_pci_get_[byte,word,long].

Otherwise we get:

xen_pt_config_reg_init: Offset 0x0004 mismatch! Emulated=0x0000, host=0x2300017, syncing to 0x2300014.
xen_pt_config_reg_init: Error: Offset 0x0004:0x2300014 expands past register size(2)!

which is not surprising. We read the value as an 32-bit (from host),
then operate it as a 16-bit - and the remainder is left unchanged.

We end up writing the value as 16-bit (so 0014) to dev.config
(as we use proper xen_set_host_[byte,word,long] so we don't spill
to other registers) but in XenPTReg->data it is as 32-bit (0x2300014)!

It is harmless as the read/write functions end up using an size mask
and never modify the bits past 16-bit (reg->size is 2).

This patch fixes the warnings by reading the value using the
proper size.

Note that the check for size is still left in-case the developer
sets bits past the reg->size in the ->init routines. The author
tried to fiddle with QEMU_BUILD_BUG to make this work but failed.

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: Use xen_host_pci_get_[byte|word] instead of dev.config
Konrad Rzeszutek Wilk [Mon, 29 Jun 2015 18:01:13 +0000 (14:01 -0400)] 
xen/pt: Use xen_host_pci_get_[byte|word] instead of dev.config

During init time we treat the dev.config area as a cache
of the host view. However during execution time we treat it
as guest view (by the generic PCI API). We need to sync Xen's
code to the generic PCI API view. This is the first step
by replacing all of the code that uses dev.config or
pci_get_[byte|word] to get host value to actually use the
xen_host_pci_get_[byte|word] functions.

Interestingly in 'xen_pt_ptr_reg_init' we also needed to swap
reg_field from uint32_t to uint8_t - since the access is only
for one byte not four bytes. We can split this as a seperate
patch however we would have to use a cast to thwart compiler
warnings in the meantime.

We also truncated 'flags' to 'flag' to make the code fit within
the 80 characters.

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoMerge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-09-10' into staging
Peter Maydell [Thu, 10 Sep 2015 13:51:35 +0000 (14:51 +0100)] 
Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-09-10' into staging

error: On abort, report where the error was created

# gpg: Signature made Thu 10 Sep 2015 13:01:39 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-error-2015-09-10:
  error: On abort, report where the error was created
  error: Revamp interface documentation
  error: error_set_errno() is unused, drop
  qga/vss-win32: Document the DLL requires non-null errp
  qga: Clean up unnecessarily dirty casts
  error: Make error_setg() a function
  error: De-duplicate code creating Error objects

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6 years agoxen/pt: Use XEN_PT_LOG properly to guard against compiler warnings.
Konrad Rzeszutek Wilk [Mon, 29 Jun 2015 20:06:19 +0000 (16:06 -0400)] 
xen/pt: Use XEN_PT_LOG properly to guard against compiler warnings.

If XEN_PT_LOGGING_ENABLED is enabled the XEN_PT_LOG macros start
using the first argument. Which means if within the function there
is only one user of the argument ('d') and XEN_PT_LOGGING_ENABLED
is not set, we get compiler warnings. This is not the case now
but with the "xen/pt: Use xen_host_pci_get_[byte|word] instead of dev.config"
we will hit - so this sync up the function to the rest of them.

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt/msi: Add the register value when printing logging and error messages
Konrad Rzeszutek Wilk [Mon, 29 Jun 2015 16:30:37 +0000 (12:30 -0400)] 
xen/pt/msi: Add the register value when printing logging and error messages

We would like to know what the MSI register value is to help
in troubleshooting in the field. As such modify the logging
logic to include such details in xen_pt_msgctrl_reg_write.

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen: use errno instead of rc for xc_domain_add_to_physmap
Konrad Rzeszutek Wilk [Mon, 29 Jun 2015 16:51:05 +0000 (12:51 -0400)] 
xen: use errno instead of rc for xc_domain_add_to_physmap

In Xen 4.6 commit cd2f100f0f61b3f333d52d1737dd73f02daee592
"libxc: Fix do_memory_op to return negative value on errors"
made the libxc API less odd-ball: On errors, return value is
-1 and error code is in errno. On success the return value
is either 0 or an positive value.

Since we could be running with an old toolstack in which the
Exx value is in rc or the newer, we add an wrapper around
the xc_domain_add_to_physmap (called xen_xc_domain_add_to_physmap)
which will always return the EXX.

Xen 4.6 did not change the libxc functions mentioned (same parameters)
so we piggyback on the fact that Xen 4.6 has a new function:
commit 504ed2053362381ac01b98db9313454488b7db40 "tools/libxc: Expose
new hypercall xc_reserved_device_memory_map" and check for that.

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Suggested-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: xen_host_pci_config_read returns -errno, not -1 on failure
Konrad Rzeszutek Wilk [Mon, 29 Jun 2015 17:58:17 +0000 (13:58 -0400)] 
xen/pt: xen_host_pci_config_read returns -errno, not -1 on failure

However the init routines assume that on errors the return
code is -1 (as the libxc API is) - while those xen_host_* routines follow
another paradigm - negative errno on return, 0 on success.

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: Make xen_pt_msi_set_enable static
Konrad Rzeszutek Wilk [Wed, 24 Jun 2015 21:26:43 +0000 (17:26 -0400)] 
xen/pt: Make xen_pt_msi_set_enable static

As we do not use it outside our code.

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/pt: Update comments with proper function name.
Konrad Rzeszutek Wilk [Wed, 24 Jun 2015 21:16:01 +0000 (17:16 -0400)] 
xen/pt: Update comments with proper function name.

It has changed but the comments still refer to the old names.

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen/HVM: atomically access pointers in bufioreq handling
Jan Beulich [Fri, 24 Jul 2015 09:38:28 +0000 (03:38 -0600)] 
xen/HVM: atomically access pointers in bufioreq handling

The number of slots per page being 511 (i.e. not a power of two) means
that the (32-bit) read and write indexes going beyond 2^32 will likely
disturb operation. The hypervisor side gets I/O req server creation
extended so we can indicate that we're using suitable atomic accesses
where needed, allowing it to atomically canonicalize both pointers when
both have gone through at least one cycle.

The Xen side counterpart (which is not a functional prereq to this
change, albeit a build one) went in already (commit b7007bc6f9).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen-hvm: When using xc_domain_add_to_physmap also include errno when reporting
Konrad Rzeszutek Wilk [Fri, 13 Mar 2015 19:36:58 +0000 (15:36 -0400)] 
xen-hvm: When using xc_domain_add_to_physmap also include errno when reporting

.errors - as it will most likely have the proper error value.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen, gfx passthrough: add opregion mapping
Tiejun Chen [Wed, 15 Jul 2015 05:37:50 +0000 (13:37 +0800)] 
xen, gfx passthrough: add opregion mapping

The OpRegion shouldn't be mapped 1:1 because the address in the host
can't be used in the guest directly.

This patch traps read and write access to the opregion of the Intel
GPU config space (offset 0xfc).

The original patch is from Jean Guyader <jean.guyader@eu.citrix.com>

Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen, gfx passthrough: register host bridge specific to passthrough
Tiejun Chen [Wed, 15 Jul 2015 05:37:49 +0000 (13:37 +0800)] 
xen, gfx passthrough: register host bridge specific to passthrough

Just register that pci host bridge specific to passthrough.

Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen, gfx passthrough: register a isa bridge
Tiejun Chen [Wed, 15 Jul 2015 05:37:48 +0000 (13:37 +0800)] 
xen, gfx passthrough: register a isa bridge

Currently we just register this isa bridge when we use IGD
passthrough in Xen side.

Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoigd gfx passthrough: create a isa bridge
Tiejun Chen [Wed, 15 Jul 2015 05:37:47 +0000 (13:37 +0800)] 
igd gfx passthrough: create a isa bridge

Currently IGD drivers always need to access PCH by 1f.0. But we
don't want to poke that directly to get ID, and although in real
world different GPU should have different PCH. But actually the
different PCH DIDs likely map to different PCH SKUs. We do the
same thing for the GPU. For PCH, the different SKUs are going to
be all the same silicon design and implementation, just different
features turn on and off with fuses. The SW interfaces should be
consistent across all SKUs in a given family (eg LPT). But just
same features may not be supported.

Most of these different PCH features probably don't matter to the
Gfx driver, but obviously any difference in display port connections
will so it should be fine with any PCH in case of passthrough.

So currently use one PCH version, 0x8c4e, to cover all HSW(Haswell)
scenarios, 0x9cc3 for BDW(Broadwell).

Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
6 years agoxen, gfx passthrough: retrieve VGA BIOS to work
Tiejun Chen [Wed, 15 Jul 2015 05:37:46 +0000 (13:37 +0800)] 
xen, gfx passthrough: retrieve VGA BIOS to work

Now we retrieve VGA bios like kvm stuff in qemu but we need to
fix Device Identification in case if its not matched with the
real IGD device since Seabios is always trying to compare this
ID to work out VGA BIOS.

Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agoxen, gfx passthrough: basic graphics passthrough support
Tiejun Chen [Wed, 15 Jul 2015 05:37:45 +0000 (13:37 +0800)] 
xen, gfx passthrough: basic graphics passthrough support

basic gfx passthrough support:
- add a vga type for gfx passthrough
- register/unregister legacy VGA I/O ports and MMIOs for passthrough GFX

Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
6 years agohw/pci-assign: split pci-assign.c
Tiejun Chen [Wed, 15 Jul 2015 05:37:44 +0000 (13:37 +0800)] 
hw/pci-assign: split pci-assign.c

We will try to reuse assign_dev_load_option_rom in xen side, and
especially its a good beginning to unify pci assign codes both on
kvm and xen in the future.

[Fix build for Windows]

Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
6 years agopiix: create host bridge to passthrough
Tiejun Chen [Wed, 15 Jul 2015 05:37:43 +0000 (13:37 +0800)] 
piix: create host bridge to passthrough

Implement a pci host bridge specific to passthrough. Actually
this just inherits the standard one. And we also just expose
a minimal real host bridge pci configuration subset.

[Replace pread with lseek and read to fix Windows build]

Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>