qemu.git
7 years agotarget-arm: Fix A64 Neon MLS
Peter Maydell [Mon, 24 Mar 2014 15:59:02 +0000 (15:59 +0000)] 
target-arm: Fix A64 Neon MLS

The order of operands for the accumulate step in disas_simd_3same_int()
was reversed. This only affected the MLS instruction, since all the
other accumulating instructions in this category perform an addition
rather than a subtraction.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/afaerber/tags/ppc-for-2.0' into staging
Peter Maydell [Thu, 20 Mar 2014 11:45:37 +0000 (11:45 +0000)] 
Merge remote-tracking branch 'remotes/afaerber/tags/ppc-for-2.0' into staging

PowerPC queue for 2.0

* sPAPR loop fix
* SPR reset fix
* Reduce allocation size of indirect opcode tables
* Restrict number of CPU threads
* sPAPR H_SET_MODE fixes
* sPAPR firmware path fixes
* Static and constness cleanups

# gpg: Signature made Thu 20 Mar 2014 01:46:14 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/ppc-for-2.0:
  spapr: Implement interface to fix device pathname
  spapr: QOM'ify pseries machine
  spapr_vio: Fix firmware names
  spapr_llan: Add to boot device list
  qdev: Introduce FWPathProvider interface
  vl.c: Extend get_boot_devices_list() to ignore suffixes
  spapr_hcall: Fix little-endian resource handling in H_SET_MODE
  target-ppc: Introduce powerisa-207-server flag
  target-ppc: Force CPU threads count to be a power of 2
  target-ppc: Fix overallocation of opcode tables
  target-ppc: Reset SPRs on CPU reset
  spapr_hcall: Fix h_enter to loop correctly
  target-ppc: Add missing 'static' and 'const' attributes

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agospapr: Implement interface to fix device pathname
Alexey Kardashevskiy [Mon, 17 Mar 2014 02:40:27 +0000 (13:40 +1100)] 
spapr: Implement interface to fix device pathname

This extends the pseries machine type with the interface to fix firmware
pathnames for devices which have @bootindex property.

This fixes SCSI disks' device node names (which are wildcard nodes in
the device-tree), for spapr-vscsi, virtio-scsi and usb-storage.

This fixes PHB name from "pci" to "pci@XXXX" where XXXX is a BUID as
there is no bus on top of sPAPRPHBState where PHB firmware name could
be fixed using the BusClass::get_fw_dev_path() mechanism.

This stores the boot list in the /chosen/qemu,boot-list property of
the device tree. "\n" are replaced by spaces to support OF1275.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agospapr: QOM'ify pseries machine
Alexey Kardashevskiy [Mon, 17 Mar 2014 02:40:26 +0000 (13:40 +1100)] 
spapr: QOM'ify pseries machine

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agospapr_vio: Fix firmware names
Alexey Kardashevskiy [Mon, 17 Mar 2014 02:40:25 +0000 (13:40 +1100)] 
spapr_vio: Fix firmware names

This changes VIO bridge fw name from spapr-vio-bridge to vdevice and
vscsi/veth node names from QEMU object names to VIO specific device tree
names.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agospapr_llan: Add to boot device list
Alexey Kardashevskiy [Mon, 17 Mar 2014 02:40:24 +0000 (13:40 +1100)] 
spapr_llan: Add to boot device list

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoqdev: Introduce FWPathProvider interface
Paolo Bonzini [Mon, 17 Mar 2014 02:40:23 +0000 (13:40 +1100)] 
qdev: Introduce FWPathProvider interface

QEMU supports firmware names for all devices in the QEMU tree but
some architectures expect some parts of firmware path names in different
format.

This introduces a firmware-pathname-change interface definition.
If some machines needs to redefine the firmware path format, it has
to add the TYPE_FW_PATH_PROVIDER interface to an object that is above
the device on the QOM tree (typically /machine).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agovl.c: Extend get_boot_devices_list() to ignore suffixes
Alexey Kardashevskiy [Mon, 17 Mar 2014 02:40:22 +0000 (13:40 +1100)] 
vl.c: Extend get_boot_devices_list() to ignore suffixes

As suffixes do not make sense for sPAPR's device tree and
there is no way to filter them out on the BusState::get_fw_dev_path()
level, let's add an ability for the external caller to specify
whether to apply suffixes or not.

We could handle suffixes in SLOF (ignored for now) but this would require
serious rework in the node opening code in SLOF, which has no obvious
benefit for the currently emulated sPAPR machine.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agospapr_hcall: Fix little-endian resource handling in H_SET_MODE
Alexey Kardashevskiy [Fri, 7 Mar 2014 04:37:40 +0000 (15:37 +1100)] 
spapr_hcall: Fix little-endian resource handling in H_SET_MODE

This changes resource code definitions to ones used in the host kernel.

This fixes H_SET_MODE_RESOURCE_LE (switch between big endian and
little endian) to sync registers from KVM before changing LPCR value.

This adds a set_spr() helper to update an SPR in a CPU's context to avoid
possible races and makes use of it to change LPCR.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agotarget-ppc: Introduce powerisa-207-server flag
Alexey Kardashevskiy [Fri, 7 Mar 2014 04:37:39 +0000 (15:37 +1100)] 
target-ppc: Introduce powerisa-207-server flag

This flag will be used to decide whether to emulate some bits of
H_SET_MODE hypercall because some are POWER8-only.

While we are here, add 2.05 flag to POWER8 family too. POWER7/7+ already
have it.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agotarget-ppc: Force CPU threads count to be a power of 2
Bharata B Rao [Wed, 5 Mar 2014 08:32:36 +0000 (14:02 +0530)] 
target-ppc: Force CPU threads count to be a power of 2

PowerPC kernel expects the number of SMT threads in a core to be a power
of 2. Since QEMU doesn't enforce this, it leads to an early guest kernel
crash if invalid threads count is specified.

Prevent this crash and make it a graceful exit from QEMU itself by
validating the user-supplied threads count.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agotarget-ppc: Fix overallocation of opcode tables
Stuart Brady [Wed, 19 Mar 2014 14:07:26 +0000 (14:07 +0000)] 
target-ppc: Fix overallocation of opcode tables

create_new_table() should allocate 0x20 opc_handler_t pointers, but
actually allocates 0x20 opc_handler_t structs.  Fix this.

Signed-off-by: Stuart Brady <sdb@zubnet.me.uk>
Reviewed-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agotarget-ppc: Reset SPRs on CPU reset
Alexey Kardashevskiy [Wed, 19 Mar 2014 13:03:57 +0000 (00:03 +1100)] 
target-ppc: Reset SPRs on CPU reset

This resets SPR values to defaults on CPU reset. This should help
with little-endian guests reboot issues.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agospapr_hcall: Fix h_enter to loop correctly
Aneesh Kumar K.V [Fri, 14 Mar 2014 13:51:49 +0000 (19:21 +0530)] 
spapr_hcall: Fix h_enter to loop correctly

We wanted to loop till index is 8. On 8 we return with H_PTEG_FULL. If we
are successful in loading hpte with any other index, we continue with that
index value.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoMerge remote-tracking branch 'remotes/afaerber/tags/prep-for-2.0' into staging
Peter Maydell [Wed, 19 Mar 2014 23:34:42 +0000 (23:34 +0000)] 
Merge remote-tracking branch 'remotes/afaerber/tags/prep-for-2.0' into staging

PReP machine and devices

* Raven PCI host bridge memory fixes (remainder)

# gpg: Signature made Wed 19 Mar 2014 23:35:08 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/prep-for-2.0:
  raven: Use raven_ for all function prefixes
  raven: Fix PCI bus accesses with size > 1
  raven: Add PCI bus mastering address space
  raven: Set a correct PCI memory region
  raven: Set a correct PCI I/O memory region
  raven: Implement non-contiguous I/O region
  raven: Rename intack region to pci_intack

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoraven: Use raven_ for all function prefixes
Hervé Poussineau [Mon, 17 Mar 2014 22:00:25 +0000 (23:00 +0100)] 
raven: Use raven_ for all function prefixes

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Fix PCI bus accesses with size > 1
Hervé Poussineau [Mon, 17 Mar 2014 22:00:24 +0000 (23:00 +0100)] 
raven: Fix PCI bus accesses with size > 1

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Add PCI bus mastering address space
Hervé Poussineau [Mon, 17 Mar 2014 22:00:23 +0000 (23:00 +0100)] 
raven: Add PCI bus mastering address space

This has been tested on Linux 2.4/PPC with the lsi53c895a SCSI adapter.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Set a correct PCI memory region
Hervé Poussineau [Mon, 17 Mar 2014 22:00:22 +0000 (23:00 +0100)] 
raven: Set a correct PCI memory region

PCI memory region is 0x3f000000 bytes starting at 0xc0000000.

However, keep compatibility with Open Hack'Ware expectations
by adding a hack for Open Hack'Ware display.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Set a correct PCI I/O memory region
Hervé Poussineau [Mon, 17 Mar 2014 22:00:21 +0000 (23:00 +0100)] 
raven: Set a correct PCI I/O memory region

PCI I/O region is 0x3f800000 bytes starting at 0x80000000.
Do not use global QEMU I/O region, which is only 64KB.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Implement non-contiguous I/O region
Hervé Poussineau [Mon, 17 Mar 2014 22:00:20 +0000 (23:00 +0100)] 
raven: Implement non-contiguous I/O region

Remove now duplicated code from prep board.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoraven: Rename intack region to pci_intack
Hervé Poussineau [Mon, 17 Mar 2014 22:00:19 +0000 (23:00 +0100)] 
raven: Rename intack region to pci_intack

Regions added subsequently will also have the pci_ prefix.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
7 years agoMerge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-2.0' into staging
Peter Maydell [Wed, 19 Mar 2014 22:36:44 +0000 (22:36 +0000)] 
Merge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-2.0' into staging

QOM CPUState refactorings / X86CPU

* CPUState layout optimization for TCG

# gpg: Signature made Wed 19 Mar 2014 21:51:46 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-cpu-for-2.0:
  cpu: Move tcg_exit_req to the end of CPUState

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-2.0' into staging
Peter Maydell [Wed, 19 Mar 2014 21:45:41 +0000 (21:45 +0000)] 
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-2.0' into staging

QOM/QTest infrastructure fixes

* QOM machine memory and build fixes
* QOM link<> and child<> property reference counting fixes

# gpg: Signature made Wed 19 Mar 2014 21:44:04 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-2.0:
  virtio-rng: Avoid default_backend refcount leak
  qom: Add check() argument to object_property_add_link()
  qom: Make QOM link property unref optional
  qom: Don't make link NULL on object_property_set_link() failure
  qom: Split object_property_set_link()
  vl.c: Fix OpenBSD compilation issue due to namespace collisions
  vl.c: Fix memory leak in qemu_register_machine()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agovirtio-rng: Avoid default_backend refcount leak
Stefan Hajnoczi [Wed, 19 Mar 2014 07:58:57 +0000 (08:58 +0100)] 
virtio-rng: Avoid default_backend refcount leak

QOM child properties take a reference to the object and release it when
the property is deleted.  Therefore we should unref the default_backend
after we have added it as a child property.

Cc: KONRAD Frederic <fred.konrad@greensocs.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoqom: Add check() argument to object_property_add_link()
Stefan Hajnoczi [Wed, 19 Mar 2014 07:58:56 +0000 (08:58 +0100)] 
qom: Add check() argument to object_property_add_link()

There are currently three types of object_property_add_link() callers:

1. The link property may be set at any time.
2. The link property of a DeviceState instance may only be set before
   realize.
3. The link property may never be set, it is read-only.

Something similar can already be achieved with
object_property_add_str()'s set() argument.  Follow its example and add
a check() argument to object_property_add_link().

Also provide default check() functions for case #1 and #2.  Case #3 is
covered by passing a NULL function pointer.

Cc: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Anthony Liguori <aliguori@amazon.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Tweaked documentation comment]
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agocpu: Move tcg_exit_req to the end of CPUState
Richard Henderson [Fri, 14 Mar 2014 22:30:10 +0000 (15:30 -0700)] 
cpu: Move tcg_exit_req to the end of CPUState

Reverse an increase in the size of generated code.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoqom: Make QOM link property unref optional
Stefan Hajnoczi [Wed, 19 Mar 2014 07:58:55 +0000 (08:58 +0100)] 
qom: Make QOM link property unref optional

Some object_property_add_link() callers expect property deletion to
unref the link property object.  Other callers expect to manage the
refcount themselves.  The former are currently broken and therefore leak
the link property object.

This patch adds a flags argument to object_property_add_link() so the
caller can specify which refcount behavior they require.  The new
OBJ_PROP_LINK_UNREF_ON_RELEASE flag causes the link pointer to be
unreferenced when the property is deleted.

This fixes refcount leaks in qdev.c, xilinx_axidma.c, xilinx_axienet.c,
s390-virtio-bus.c, virtio-pci.c, virtio-rng.c, and ui/console.c.

Rationale for refcount behavior:

 * hw/core/qdev.c
   - bus children are explicitly unreferenced, don't interfere
   - parent_bus is essentially a read-only property that doesn't hold a
     refcount, don't unref
   - hotplug_handler is leaked, do unref

 * hw/dma/xilinx_axidma.c
   - rx stream "dma" links are set using set_link, therefore they
     need unref
   - tx streams are set using set_link, therefore they need unref

 * hw/net/xilinx_axienet.c
   - same reasoning as hw/dma/xilinx_axidma.c

 * hw/pcmcia/pxa2xx.c
   - pxa2xx bypasses set_link and therefore does not use refcounts

 * hw/s390x/s390-virtio-bus.c
 * hw/virtio/virtio-pci.c
 * hw/virtio/virtio-rng.c
 * ui/console.c
   - set_link is used and there is no explicit unref, do unref

Cc: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Anthony Liguori <aliguori@amazon.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoqom: Don't make link NULL on object_property_set_link() failure
Stefan Hajnoczi [Wed, 19 Mar 2014 07:58:54 +0000 (08:58 +0100)] 
qom: Don't make link NULL on object_property_set_link() failure

The error behavior of object_property_set_link() is dangerous.  It sets
the link property object to NULL if an error occurs.  A setter function
should either succeed or fail, it shouldn't leave the value NULL on
failure.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoqom: Split object_property_set_link()
Stefan Hajnoczi [Wed, 19 Mar 2014 07:58:53 +0000 (08:58 +0100)] 
qom: Split object_property_set_link()

The path resolution logic in object_property_set_link() should be a
separate function.  This makes the code easier to read and maintain.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agovl.c: Fix OpenBSD compilation issue due to namespace collisions
Marcel Apfelbaum [Tue, 18 Mar 2014 15:26:35 +0000 (17:26 +0200)] 
vl.c: Fix OpenBSD compilation issue due to namespace collisions

Machine rewriting added MACHINE() macro which is
already in use by other OpenBSD library.
Since qemu/sockets.h exposes the OpenBSD namespace,
the minimalistic approach is to add it as the first QEMU include.

Reported-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agovl.c: Fix memory leak in qemu_register_machine()
Christian Borntraeger [Wed, 19 Mar 2014 11:24:27 +0000 (12:24 +0100)] 
vl.c: Fix memory leak in qemu_register_machine()

Since commit 261747f176f6 (vl: Use MachineClass instead of global
QEMUMachine list) valgrind complains about the following:

==54082== 57 bytes in 3 blocks are definitely lost in loss record 365 of
729
==54082==    at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==54082==    by 0x4145569: g_malloc (in
/usr/lib64/libglib-2.0.so.0.3400.2)
==54082==    by 0x415F9E9: g_strconcat (in
/usr/lib64/libglib-2.0.so.0.3400.2)
==54082==    by 0x80157FE7: qemu_register_machine (vl.c:1597)
==54082==    by 0x80208E6B: module_call_init (module.c:105)
==54082==    by 0x80013B91: main (vl.c:3000)

Turns out that valgrind is right. We simply forget the memory that
g_strconcat() has allocated. Lets free it after the type_register().
We need a 2nd variable due to constness of the name part of the
type structure.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoMerge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-2.0' into staging
Peter Maydell [Wed, 19 Mar 2014 19:05:13 +0000 (19:05 +0000)] 
Merge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-2.0' into staging

QOM CPUState refactorings / X86CPU

* Fix pointer type mismatch

# gpg: Signature made Wed 19 Mar 2014 18:51:47 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-cpu-for-2.0:
  exec: Fix CPU rework fallout

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoexec: Fix CPU rework fallout
Christian Borntraeger [Mon, 17 Mar 2014 16:13:12 +0000 (17:13 +0100)] 
exec: Fix CPU rework fallout

Commit 259186a7d2f7184efc96ae99bc5658e6159f53ad (cpu: Move halted and
interrupt_request fields to CPUState) passed CPUState::env_ptr to
tlb_flush() directory rather than through a typed variable.

Commit 00c8cb0a36f51a6866a83c08962d12a0eb21864b (cputlb: Change
tlb_flush() argument to CPUState) now changed the argument type.
This was unnoticed by gcc because env_ptr is a void pointer.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agolinux-user: Fix build if headers don't define _LINUX_CAPABILITY_VERSION_1
Peter Maydell [Wed, 19 Mar 2014 16:07:30 +0000 (16:07 +0000)] 
linux-user: Fix build if headers don't define _LINUX_CAPABILITY_VERSION_1

Older kernel headers don't define _LINUX_CAPABILITY_VERSION_1.
Switch to using the older _LINUX_CAPABILITY_VERSION; newer headers
still define this for source compatibility.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Acked-by: Riku Voipio <riku.voipio@iki.fi>
7 years agotarget-ppc: Add missing 'static' and 'const' attributes
Stefan Weil [Sun, 16 Mar 2014 13:49:54 +0000 (14:49 +0100)] 
target-ppc: Add missing 'static' and 'const' attributes

This fixes warnings from the static code analysis (smatch).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
7 years agoMerge remote-tracking branch 'remotes/riku/linux-user-for-upstream' into staging
Peter Maydell [Wed, 19 Mar 2014 14:14:15 +0000 (14:14 +0000)] 
Merge remote-tracking branch 'remotes/riku/linux-user-for-upstream' into staging

* remotes/riku/linux-user-for-upstream:
  linux-user: Implement capget, capset
  linux-user: Don't allow guest to block SIGSEGV
  signal: added a wrapper for sigprocmask function
  linux-user: Don't reserve space for commpage for AArch64
  linux-user: implement F_[GS]ETOWN_EX
  linux-user: Don't return uninitialized value for atomic_barrier syscall
  linux-user/signal.c: Correct error path for AArch64 do_rt_sigreturn

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Wed, 19 Mar 2014 13:47:22 +0000 (13:47 +0000)] 
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block patches for 2.0.0-rc1

# gpg: Signature made Wed 19 Mar 2014 13:03:27 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  dataplane: fix implicit IOThread refcount
  block/nfs: report errors from libnfs
  block/nfs: bump libnfs requirement to 1.9.3
  qcow2: Fix fail path in realloc_refcount_block()
  qcow2: Correct comment for realloc_refcount_block()
  qemu-io: Extended "--cmd" description in usage text
  qemu-io-cmds: Fixed typo in example for writev.
  block: Add error handling to bdrv_invalidate_cache()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140319' into...
Peter Maydell [Wed, 19 Mar 2014 13:00:41 +0000 (13:00 +0000)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140319' into staging

target-arm queue:
 * last few A64 Neon instructions
 * fix some PL011 UART bugs causing occasional serial lockups
 * fix the non-PCI AHCI device

# gpg: Signature made Wed 19 Mar 2014 12:00:59 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20140319:
  target-arm: A64: Add saturating accumulate ops (USQADD/SUQADD)
  target-arm: A64: Add saturating int ops (SQNEG/SQABS)
  pl011: fix incorrect logic to set the RXFF flag
  pl011: fix UARTRSR accesses corrupting the UARTCR value
  pl011: reset the fifo when enabled or disabled
  ahci: fix sysbus support

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agodataplane: fix implicit IOThread refcount
Stefan Hajnoczi [Tue, 18 Mar 2014 16:50:52 +0000 (17:50 +0100)] 
dataplane: fix implicit IOThread refcount

When creating an IOThread implicitly (the user did not specify
x-iothread=<id>) remember that iothread_find() does not return the
object with an incremented refcount.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoblock/nfs: report errors from libnfs
Peter Lieven [Mon, 17 Mar 2014 08:37:21 +0000 (09:37 +0100)] 
block/nfs: report errors from libnfs

if an NFS operation fails we should report what libnfs knows
about the failure. It is likely more than just an error code.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoblock/nfs: bump libnfs requirement to 1.9.3
Peter Lieven [Mon, 17 Mar 2014 08:37:33 +0000 (09:37 +0100)] 
block/nfs: bump libnfs requirement to 1.9.3

libnfs prior to 1.9.3 contains a bug that will report
wrong transfer sizes if the file offset grows beyond 4GB
and RPC responses are received out of order. this
error is not detectable and fixable in qemu.

additionally 1.9.3 introduces support for handling short
read/writes in general and takes care of the necessary
retransmissions internally.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoqcow2: Fix fail path in realloc_refcount_block()
Max Reitz [Mon, 17 Mar 2014 22:04:52 +0000 (23:04 +0100)] 
qcow2: Fix fail path in realloc_refcount_block()

If qcow2_alloc_clusters() fails, new_offset and ret will both be
negative after the fail label, thus passing the first if condition and
subsequently resulting in a call of qcow2_free_clusters() with an
invalid (negative) offset parameter. Fix this by introducing a new label
"fail_free_cluster" which is only invoked if new_offset is indeed
pointing to a newly allocated cluster that should be cleaned up by
freeing it.

While we're at it, clean up the whole fail path. qcow2_cache_put()
should (and actually can) never fail, hence the return value can safely
be ignored (aside from asserting that it indeed did not fail).

Furthermore, there is no reason to give QCOW2_DISCARD_ALWAYS to
qcow2_free_clusters(), a mere QCOW2_DISCARD_OTHER will suffice.

Ultimately, rename the "fail" label to "done", as it is invoked both on
failure and success.

Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoqcow2: Correct comment for realloc_refcount_block()
Max Reitz [Mon, 17 Mar 2014 22:04:51 +0000 (23:04 +0100)] 
qcow2: Correct comment for realloc_refcount_block()

Contrary to the comment describing this function's behavior, it does not
return 0 on success, but rather the offset of the newly allocated
cluster. This patch adjusts the comment accordingly to reflect the
actual behavior.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoqemu-io: Extended "--cmd" description in usage text
Maria Kustova [Tue, 18 Mar 2014 05:59:19 +0000 (09:59 +0400)] 
qemu-io: Extended "--cmd" description in usage text

It's not clear from the usage description that "--cmd" option accepts
its argument as a string, so any special symbols have to be quoted from
the shell.

Updates in usage text:
 - Specified parameter format for "--cmd" option.
 - Added an instruction how to get help for "--cmd" option.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoqemu-io-cmds: Fixed typo in example for writev.
Maria Kustova [Tue, 18 Mar 2014 05:59:17 +0000 (09:59 +0400)] 
qemu-io-cmds: Fixed typo in example for writev.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoblock: Add error handling to bdrv_invalidate_cache()
Kevin Wolf [Wed, 12 Mar 2014 14:59:16 +0000 (15:59 +0100)] 
block: Add error handling to bdrv_invalidate_cache()

If it returns an error, the migrated VM will not be started, but qemu
exits with an error message.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
7 years agotarget-arm: A64: Add saturating accumulate ops (USQADD/SUQADD)
Alex Bennée [Tue, 18 Mar 2014 23:10:06 +0000 (23:10 +0000)] 
target-arm: A64: Add saturating accumulate ops (USQADD/SUQADD)

Add the saturating accumulate operations USQADD and SUQADD
to the A64 instruction set. This completes coverage of A64 Neon.
These operations (which are unsigned + signed -> signed and
signed + unsigned -> unsigned) don't exist in the A32/T32
instruction set, so require a complete new set of helper functions.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
7 years agotarget-arm: A64: Add saturating int ops (SQNEG/SQABS)
Alex Bennée [Tue, 18 Mar 2014 23:10:06 +0000 (23:10 +0000)] 
target-arm: A64: Add saturating int ops (SQNEG/SQABS)

This mostly re-uses the existing NEON helpers with an additional two for
the 64 bit case. I also took the opportunity to add TCG_CALL_NO_RWG
options to the helpers as they don't modify globals (saturation flags
are in the CPU Environment).

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
7 years agopl011: fix incorrect logic to set the RXFF flag
Rob Herring [Tue, 18 Mar 2014 18:18:41 +0000 (13:18 -0500)] 
pl011: fix incorrect logic to set the RXFF flag

The receive fifo full bit should be set when 1 character is received and
the fifo is disabled or when 16 characters are in the fifo.

Signed-off-by: Rob Herring <rob.herring@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1395166721-15716-4-git-send-email-robherring2@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agopl011: fix UARTRSR accesses corrupting the UARTCR value
Rob Herring [Tue, 18 Mar 2014 18:18:40 +0000 (13:18 -0500)] 
pl011: fix UARTRSR accesses corrupting the UARTCR value

Offset 4 is UARTRSR/UARTECR, not the UARTCR. The UARTCR would be
corrupted if the UARTRSR is ever written. Fix by implementing a correct
model of the UARTRSR/UARTECR register. Reads of this register simply
reflect the error bits in data register. Only breaks can be triggered in
QEMU. With the pl011_can_receive function, we effectively have flow
control between the host and the model. Framing and parity errors simply
don't make sense in the model and will never occur.

Signed-off-by: Rob Herring <rob.herring@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1395166721-15716-3-git-send-email-robherring2@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agopl011: reset the fifo when enabled or disabled
Rob Herring [Tue, 18 Mar 2014 18:18:39 +0000 (13:18 -0500)] 
pl011: reset the fifo when enabled or disabled

Intermittent issues have been seen where no serial input occurs. It
appears the pl011 gets in a state where the rx interrupt never fires
because the rx interrupt only asserts when crossing the fifo trigger
level. The fifo state appears to get out of sync when the pl011 is
re-configured. This combined with the rx timeout interrupt not being
modeled results in no more rx interrupts.

Disabling the fifo is the recommended way to clear the tx fifo in the
TRM (section 3.3.8). The behavior in this case for the rx fifo is
undefined in the TRM, but having fifo contents to be maintained during
configuration changes is not likely expected behavior. Reseting the
fifo state when the fifo size is changed is the simplest solution.

Signed-off-by: Rob Herring <rob.herring@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1395166721-15716-2-git-send-email-robherring2@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoahci: fix sysbus support
Rob Herring [Tue, 18 Mar 2014 19:36:13 +0000 (19:36 +0000)] 
ahci: fix sysbus support

Non-PCI AHCI support is broken due to assertion failures when trying
to convert AHCIState to a PCIDevice pointer as AHCIState can have
different container structs. Fix this by using the non-asserting object
cast and checking the returned pointer is not NULL.

The AddressSpace pointer is also being initialized to NULL and causing
dma_memory_map call to fail. Fix this by initializing to
address_space_memory for sysbus instances.

Also correct AHCI_VMSTATE to use the correct container SysbusAHCIState
for sysbus instances.

Signed-off-by: Rob Herring <rob.herring@linaro.org>
Message-id: 1392073373-3295-1-git-send-email-robherring2@gmail.com
[PMM: added linebreaks to fix overlong lines]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-2' into staging
Peter Maydell [Tue, 18 Mar 2014 16:39:29 +0000 (16:39 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-2' into staging

vnc: fix vmware VGA incompatiblities

# gpg: Signature made Tue 18 Mar 2014 07:23:10 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vnc-2:
  ui/vnc: fix vmware VGA incompatiblities

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140317' into...
Peter Maydell [Tue, 18 Mar 2014 14:31:42 +0000 (14:31 +0000)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140317' into staging

target-arm queue:
 * more A64 Neon instructions
 * fixes to reset CBAR values for A9 and A15 boards
 * fix accesses to PMCR register in -icount mode

# gpg: Signature made Mon 17 Mar 2014 22:04:52 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20140317: (30 commits)
  scripts/qemu-binfmt-conf.sh: Add AArch64 registration
  target-arm: A64: Add [UF]RSQRTE (reciprocal root estimate)
  target-arm: A64: Implement FCVTXN
  target-arm: A64: Implement scalar saturating narrow ops
  target-arm: A64: Move handle_2misc_narrow function
  target-arm: A64: Implement AdvSIMD reciprocal estimate insns URECPE, FRECPE
  softfloat: export squash_input_denormal functions
  target-arm: A64: Implement FCVTZS, FCVTZU in the shift-imm categories
  target-arm: A64: Handle saturating left shifts SQSHL, SQSHLU, UQSHL
  exec-all.h: Increase MAX_OP_PER_INSTR for ARM A64 decoder
  target-arm: A64: Implement FRINT*
  target-arm: A64: Implement SRI
  target-arm: A64: Add FRECPX (reciprocal exponent)
  target-arm: A64: List unsupported shift-imm opcodes
  target-arm: A64: Implement FCVTL
  target-arm: A64: Implement FCVTN
  target-arm: A64: Implement FCVT[NMAPZ][SU] SIMD instructions
  target-arm: A64: Implement SHLL, SHLL2
  target-arm: A64: Implement SADDLP, UADDLP, SADALP, UADALP
  target-arm: A64: Saturating and narrowing shift ops
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoui/vnc: fix vmware VGA incompatiblities
Peter Lieven [Mon, 17 Mar 2014 17:38:58 +0000 (18:38 +0100)] 
ui/vnc: fix vmware VGA incompatiblities

this fixes invalid rectangle updates observed after commit 12b316d
with the vmware VGA driver. The issues occured because the server
and client surface update seems to be out of sync at some points
and the max width of the surface is not dividable by
VNC_DIRTY_BITS_PER_PIXEL (16).

Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/borntraeger/tags/kvm-s390-20140317' into staging
Peter Maydell [Mon, 17 Mar 2014 22:31:32 +0000 (22:31 +0000)] 
Merge remote-tracking branch 'remotes/borntraeger/tags/kvm-s390-20140317' into staging

4 small patches:
- Fixing findings of valgrind regarding minor memory leaks:
  Currently we forget the pointer of qemu_allocate_irqs. Since we never
  free the irqs, this is not critical, but obviously not good programming
  style. While we are at it, we dont need the irq infrastructure for
  the sclp consoles.
- Handle new ELF error codes for BIOS loading

# gpg: Signature made Mon 17 Mar 2014 21:34:12 GMT using RSA key ID B5A61C7C
# gpg: Can't check signature: public key not found

* remotes/borntraeger/tags/kvm-s390-20140317:
  s390x/sclpconsole-lm: Fix and simplify irq setup
  s390x/sclpconsole: Fix and simplify interrupt injection
  s390x/cpu hotplug: Fix memory leak
  s390/ipl: Fix error path on BIOS loading

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/rth/tcg-v8p-2' into staging
Peter Maydell [Mon, 17 Mar 2014 22:15:52 +0000 (22:15 +0000)] 
Merge remote-tracking branch 'remotes/rth/tcg-v8p-2' into staging

* remotes/rth/tcg-v8p-2:
  tcg-sparc: Convert to new ldst opcodes
  tcg-sparc: Convert to new ldst helpers
  tcg-sparc: Tidy tcg_out_tlb_load interface
  tcg-sparc: Use TCGMemOp within qemu_ldst routines
  tcg-sparc: Improve tcg_out_movi
  tcg-sparc: Dont handle constant arguments to ext32 ops
  tcg-sparc: Don't handle remainder
  tcg-sparc: Use intptr_t as appropriate
  tcg-sparc: Tidy call+jump patterns
  tcg-sparc: Fix tlb read
  tcg-sparc: Fix ld64 for 32-bit mode

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agos390x/sclpconsole-lm: Fix and simplify irq setup
Christian Borntraeger [Mon, 10 Mar 2014 13:19:52 +0000 (14:19 +0100)] 
s390x/sclpconsole-lm: Fix and simplify irq setup

valgrind complains about a memory leak in irq setup of sclpconsole:

==42117== 8 bytes in 1 blocks are definitely lost in loss record 89of 833
==42117==    at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117==    by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117==    by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117==    by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117==    by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117==    by 0x800F5685: console_init (sclpconsole.c:235)
==42117==    by 0x80297C79: event_realize (event-facility.c:386)
==42117==    by 0x80105071: device_set_realized (qdev.c:693)
==42117==    by 0x801CDC4B: property_set_bool (object.c:1337)
 ==42117==    by 0x801CBD7F: object_property_set (object.c:819)
[...]

We dont need the indirection of an qemu irq to inject an slcp interrupt.
Fixes a valgrind error and makes the code simpler.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
7 years agos390x/sclpconsole: Fix and simplify interrupt injection
Christian Borntraeger [Mon, 10 Mar 2014 13:17:04 +0000 (14:17 +0100)] 
s390x/sclpconsole: Fix and simplify interrupt injection

valgrind complains about a memory leak in irq setup of sclpconsole:

==42117== 8 bytes in 1 blocks are definitely lost in loss record 89 of 833
==42117==    at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117==    by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117==    by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117==    by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117==    by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117==    by 0x800F5685: console_init (sclpconsole.c:235)
==42117==    by 0x80297C79: event_realize (event-facility.c:386)
==42117==    by 0x80105071: device_set_realized (qdev.c:693)
==42117==    by 0x801CDC4B: property_set_bool (object.c:1337)
==42117==    by 0x801CBD7F: object_property_set (object.c:819)
[...]

Turns out that we actually dont need the indirection, so trigger the
sclp interrupt directly.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
7 years agos390x/cpu hotplug: Fix memory leak
Christian Borntraeger [Mon, 10 Mar 2014 14:03:16 +0000 (15:03 +0100)] 
s390x/cpu hotplug: Fix memory leak

valgrind complains about the following:
==42117== 8 bytes in 1 blocks are definitely lost in loss record 88 of 833
==42117==    at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117==    by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117==    by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117==    by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117==    by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117==    by 0x8029FA4B: irq_cpu_hotplug_init (sclpcpu.c:84)
==42117==    by 0x80297C79: event_realize (event-facility.c:386)
==42117==    by 0x80105071: device_set_realized (qdev.c:693)
[...]

Right it is. Don't drop the pointer of the irq.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Jason J. Herne <jjherne@us.ibm.com>
7 years agos390/ipl: Fix error path on BIOS loading
Christian Borntraeger [Fri, 14 Mar 2014 12:38:57 +0000 (13:38 +0100)] 
s390/ipl: Fix error path on BIOS loading

commit 18674b26788a9e47f1157170234e32ece2044367
(elf-loader: add more return codes) enabled the elf loader to return
other errors than -1.

Lets also handle that case for our "BIOS" on s390.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: Alexey Kardashevskiy <aik@ozlabs.ru>
CC: Alexander Graf <agraf@suse.de>
7 years agotcg-sparc: Convert to new ldst opcodes
Richard Henderson [Tue, 10 Sep 2013 02:51:21 +0000 (19:51 -0700)] 
tcg-sparc: Convert to new ldst opcodes

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Convert to new ldst helpers
Richard Henderson [Wed, 5 Mar 2014 17:42:08 +0000 (09:42 -0800)] 
tcg-sparc: Convert to new ldst helpers

All of the helpers with the explicit big/little endian option
require the return address as a parameter.  Acquire this via
a trampoline.

Move the load of areg0 into the trampoline.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Tidy tcg_out_tlb_load interface
Richard Henderson [Fri, 6 Sep 2013 22:01:14 +0000 (15:01 -0700)] 
tcg-sparc: Tidy tcg_out_tlb_load interface

Pass address registers explicitly, rather than as indicies of args[].
It's two argument registers either way.  Use more TCGReg as appropriate.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Use TCGMemOp within qemu_ldst routines
Richard Henderson [Wed, 4 Sep 2013 03:12:01 +0000 (20:12 -0700)] 
tcg-sparc: Use TCGMemOp within qemu_ldst routines

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Improve tcg_out_movi
Richard Henderson [Tue, 10 Sep 2013 04:07:09 +0000 (21:07 -0700)] 
tcg-sparc: Improve tcg_out_movi

If bits 31:13 are zero, reduce the insn count by one.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Dont handle constant arguments to ext32 ops
Richard Henderson [Tue, 4 Mar 2014 23:24:04 +0000 (15:24 -0800)] 
tcg-sparc: Dont handle constant arguments to ext32 ops

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Don't handle remainder
Richard Henderson [Wed, 21 Aug 2013 02:22:15 +0000 (19:22 -0700)] 
tcg-sparc: Don't handle remainder

The generic fallback is exactly what we implemented.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Use intptr_t as appropriate
Richard Henderson [Wed, 21 Aug 2013 01:31:45 +0000 (18:31 -0700)] 
tcg-sparc: Use intptr_t as appropriate

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Tidy call+jump patterns
Richard Henderson [Wed, 21 Aug 2013 01:25:38 +0000 (18:25 -0700)] 
tcg-sparc: Tidy call+jump patterns

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Fix tlb read
Richard Henderson [Sat, 7 Sep 2013 00:19:12 +0000 (17:19 -0700)] 
tcg-sparc: Fix tlb read

We were computing the full address into %o0 and then not using it.
Adjust some of the computation to rely less on having to pull immediate
values into registers.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agotcg-sparc: Fix ld64 for 32-bit mode
Richard Henderson [Fri, 6 Sep 2013 21:20:00 +0000 (14:20 -0700)] 
tcg-sparc: Fix ld64 for 32-bit mode

Since were not using an annulled branch, we need to put a nop
in the delay slot.

Signed-off-by: Richard Henderson <rth@twiddle.net>
7 years agoscripts/qemu-binfmt-conf.sh: Add AArch64 registration
Peter Maydell [Mon, 17 Mar 2014 16:31:53 +0000 (16:31 +0000)] 
scripts/qemu-binfmt-conf.sh: Add AArch64 registration

Add the binfmt-misc magic needed to register QEMU for handling AArch64
ELF binaries.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-26-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Add [UF]RSQRTE (reciprocal root estimate)
Alex Bennée [Mon, 17 Mar 2014 16:31:53 +0000 (16:31 +0000)] 
target-arm: A64: Add [UF]RSQRTE (reciprocal root estimate)

This adds support for [UF]RSQRTE instructions. It utilises the existing
NEON helpers with some changes. The changes include an explicit passing
of fpstatus (so the correct one is used between arm32 and aarch64),
denormilzation, more correct error handling and also proper scaling of
the fraction going into the estimate.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-25-git-send-email-peter.maydell@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-arm: A64: Implement FCVTXN
Peter Maydell [Mon, 17 Mar 2014 16:31:53 +0000 (16:31 +0000)] 
target-arm: A64: Implement FCVTXN

Implement the FCVTXN operation, which does a narrowing fp precision
conversion using the "round to odd" (von Neumann) mode. This can
conveniently be implemented as "do operation using round to zero;
then set the LSB of the mantissa to 1 if the Inexact flag was set".

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-24-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement scalar saturating narrow ops
Alex Bennée [Mon, 17 Mar 2014 16:31:52 +0000 (16:31 +0000)] 
target-arm: A64: Implement scalar saturating narrow ops

This completes the set of integer narrowing saturating ops including:
     SQXTN, SQXTN2
     SQXTUN, SQXTUN2
     UQXTN, UQXTN2

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-23-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Move handle_2misc_narrow function
Alex Bennée [Mon, 17 Mar 2014 16:31:52 +0000 (16:31 +0000)] 
target-arm: A64: Move handle_2misc_narrow function

Move the handle_2misc_narrow() function up the file so that it can
be called from disas_simd_scalar_two_reg_misc().

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-22-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement AdvSIMD reciprocal estimate insns URECPE, FRECPE
Alex Bennée [Mon, 17 Mar 2014 16:31:52 +0000 (16:31 +0000)] 
target-arm: A64: Implement AdvSIMD reciprocal estimate insns URECPE, FRECPE

Implement URECPE and FRECPE instructions in both scalar and vector forms.
The actual reciprocal estimate function is shared with the A32/T32 Neon
code. However in A64 we aren't using the Neon "standard FPSCR value"
so extra checks are necessary to handle non-squashed denormal inputs
which can never happen for A32/T32. Calling conventions for the helpers
are thus modified to pass the fpst directly; we mark the helpers as
TCG_CALL_NO_RWG since we're changing the declarations anyway.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-21-git-send-email-peter.maydell@linaro.org

7 years agosoftfloat: export squash_input_denormal functions
Alex Bennée [Mon, 17 Mar 2014 16:31:51 +0000 (16:31 +0000)] 
softfloat: export squash_input_denormal functions

I need these available outside of softfloat for some of the reciprocal
processing in aarch64 helper functions.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-20-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement FCVTZS, FCVTZU in the shift-imm categories
Peter Maydell [Mon, 17 Mar 2014 16:31:51 +0000 (16:31 +0000)] 
target-arm: A64: Implement FCVTZS, FCVTZU in the shift-imm categories

Implement FCVTZS and FCVTZU in the shift-imm and scalar-shift-imm
categories; this completes the implementation of those two groups.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-19-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Handle saturating left shifts SQSHL, SQSHLU, UQSHL
Peter Maydell [Mon, 17 Mar 2014 16:31:51 +0000 (16:31 +0000)] 
target-arm: A64: Handle saturating left shifts SQSHL, SQSHLU, UQSHL

Implement the saturating left shift instructions SQSHL, SQSHLU
and UQSHL for the scalar-shift-imm and shift-imm categories.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-18-git-send-email-peter.maydell@linaro.org

7 years agoexec-all.h: Increase MAX_OP_PER_INSTR for ARM A64 decoder
Peter Maydell [Mon, 17 Mar 2014 16:31:51 +0000 (16:31 +0000)] 
exec-all.h: Increase MAX_OP_PER_INSTR for ARM A64 decoder

The ARM A64 decoder's worst case number of TCG ops per instruction
is 266 (for insn 0x4c800000, a post-indexed ST4 multiple-structures
store). Raise the MAX_OP_PER_INSTR define accordingly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-17-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement FRINT*
Peter Maydell [Mon, 17 Mar 2014 16:31:50 +0000 (16:31 +0000)] 
target-arm: A64: Implement FRINT*

Implement the FRINT* round-to-integral operations from
the 2-reg-misc category.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-16-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement SRI
Peter Maydell [Mon, 17 Mar 2014 16:31:50 +0000 (16:31 +0000)] 
target-arm: A64: Implement SRI

Implement SRI (shift right and insert).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-15-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Add FRECPX (reciprocal exponent)
Alex Bennée [Mon, 17 Mar 2014 16:31:50 +0000 (16:31 +0000)] 
target-arm: A64: Add FRECPX (reciprocal exponent)

These are fairly simple exponent only estimation functions using helpers.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-14-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: List unsupported shift-imm opcodes
Peter Maydell [Mon, 17 Mar 2014 16:31:50 +0000 (16:31 +0000)] 
target-arm: A64: List unsupported shift-imm opcodes

Add the remaining unsupported opcodes to the decode switches
for the shift-imm and scalar shift-imm categories so we can
see what is still to be implemented.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-13-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement FCVTL
Peter Maydell [Mon, 17 Mar 2014 16:31:49 +0000 (16:31 +0000)] 
target-arm: A64: Implement FCVTL

Implement FCVTL, the only instruction in the 2-reg-misc group
which widens from size to 2*size elements.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-12-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement FCVTN
Peter Maydell [Mon, 17 Mar 2014 16:31:49 +0000 (16:31 +0000)] 
target-arm: A64: Implement FCVTN

Implement FCVTN (narrowing fp-to-fp conversions) from the SIMD
2-reg-misc category.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-11-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement FCVT[NMAPZ][SU] SIMD instructions
Peter Maydell [Mon, 17 Mar 2014 16:31:49 +0000 (16:31 +0000)] 
target-arm: A64: Implement FCVT[NMAPZ][SU] SIMD instructions

Implement the floating-point-to-integer conversion instructions
FCVT[NMAPZ][SU] in the 2-reg-misc and scalar-2-reg-misc
categories.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-10-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement SHLL, SHLL2
Peter Maydell [Mon, 17 Mar 2014 16:31:49 +0000 (16:31 +0000)] 
target-arm: A64: Implement SHLL, SHLL2

Implement the SHLL and SHLL2 instructions from the 2-reg-misc
category.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-9-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement SADDLP, UADDLP, SADALP, UADALP
Peter Maydell [Mon, 17 Mar 2014 16:31:48 +0000 (16:31 +0000)] 
target-arm: A64: Implement SADDLP, UADDLP, SADALP, UADALP

Implement the SADDLP, UADDLP, SADALP and UADALP instructions
in the SIMD 2-reg misc category.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-8-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Saturating and narrowing shift ops
Alex Bennée [Mon, 17 Mar 2014 16:31:48 +0000 (16:31 +0000)] 
target-arm: A64: Saturating and narrowing shift ops

This implements the remaining [US][Q][R]SHR[U][N][2] opcodes, which are
saturating and narrowing shift right operations. These are used in
things like libav. Note signed shifts can have an "unsigned" saturating
narrow operation which will floor negative values.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1394822294-14837-7-git-send-email-peter.maydell@linaro.org
[PMM: Added the scalar encodings, style tweaks]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-arm: A64: Add remaining CLS/Z vector ops
Alex Bennée [Mon, 17 Mar 2014 16:31:48 +0000 (16:31 +0000)] 
target-arm: A64: Add remaining CLS/Z vector ops

Implement the CLS, CLZ operations in the 2-reg-misc category.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-6-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Add FSQRT to C3.6.17 (two misc)
Alex Bennée [Mon, 17 Mar 2014 16:31:47 +0000 (16:31 +0000)] 
target-arm: A64: Add FSQRT to C3.6.17 (two misc)

Implement FSQRT in the two-reg-misc category.
GCC uses this instruction form.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-5-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Add last AdvSIMD Integer to FP ops
Alex Bennée [Mon, 17 Mar 2014 16:31:47 +0000 (16:31 +0000)] 
target-arm: A64: Add last AdvSIMD Integer to FP ops

This adds the remaining [US]CVTF operations to the SIMD
shift-immediate, scalar-shift-immediate, two-reg-misc and
scalar-two-reg-misc groups of opcodes.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1394822294-14837-4-git-send-email-peter.maydell@linaro.org
[PMM: added scalar 2-misc and scalar-shift-imm encodings]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-arm: A64: Fix bug in add_sub_ext handling of rn
Alex Bennée [Mon, 17 Mar 2014 16:31:47 +0000 (16:31 +0000)] 
target-arm: A64: Fix bug in add_sub_ext handling of rn

rn == 31 always means SP (not XZR) whether an add_sub_ext
instruction is setting the flags or not; only rd has behaviour
dependent on whether we are setting flags.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-3-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: A64: Implement PMULL instruction
Peter Maydell [Mon, 17 Mar 2014 16:31:47 +0000 (16:31 +0000)] 
target-arm: A64: Implement PMULL instruction

Implement the PMULL instruction; this is the last unimplemented insn
in the three-reg-diff group.

Note that PMULL with size 3 is considered part of the AES part
of the crypto extensions (see the ID_AA64ISAR0_EL1 register definition
in the v8 ARM ARM), so it isn't necessary to burn an extra feature
bit on it, even though we're using more feature bits than a single
"crypto extension present/not present" toggle.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-2-git-send-email-peter.maydell@linaro.org

7 years agotarget-arm: Add ARM_CP_IO notation to PMCR reginfo
Peter Maydell [Mon, 17 Mar 2014 16:31:46 +0000 (16:31 +0000)] 
target-arm: Add ARM_CP_IO notation to PMCR reginfo

Now that the PMCR writefn makes timer accesses, its reginfo needs
the ARM_CP_IO flag, so that icount mode works correctly. (Fixes
the bug accidentally introduced in commit 7c2cb42b).

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1394908291-16546-1-git-send-email-peter.maydell@linaro.org

7 years agovirt: Set reset-cbar on CPUs
Peter Maydell [Mon, 17 Mar 2014 16:31:46 +0000 (16:31 +0000)] 
virt: Set reset-cbar on CPUs

Set the reset-cbar property on CPUs used by the virt board,
if they have it. This isn't necessary for correct functioning
under Linux (since the A9 isn't a valid CPU for the virt board),
but it is the correct behaviour.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1394462692-8871-5-git-send-email-peter.maydell@linaro.org