qemu.git
4 years agoxhci: apply limits to loops
Gerd Hoffmann [Mon, 6 Feb 2017 12:21:09 +0000 (13:21 +0100)] 
xhci: apply limits to loops

Limits should be big enough that normal guest should not hit it.
Add a tracepoint to log them, just in case.  Also, while being
at it, log the existing link trb limit too.

Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1486383669-6421-1-git-send-email-kraxel@redhat.com

4 years agousb: ohci: limit the number of link eds
Li Qiang [Tue, 7 Feb 2017 10:23:33 +0000 (02:23 -0800)] 
usb: ohci: limit the number of link eds

The guest may builds an infinite loop with link eds. This patch
limit the number of linked ed to avoid this.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 5899a02e.45ca240a.6c373.93c1@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 years agousb: ohci: fix error return code in servicing iso td
Li Qiang [Tue, 7 Feb 2017 11:15:03 +0000 (03:15 -0800)] 
usb: ohci: fix error return code in servicing iso td

It should return 1 if an error occurs when reading iso td.
This will avoid an infinite loop issue in ohci_service_ed_list.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 5899ac3e.1033240a.944d5.9a2d@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 years agousb: ehci: fix memory leak in ehci
Li Qiang [Wed, 8 Feb 2017 02:42:55 +0000 (18:42 -0800)] 
usb: ehci: fix memory leak in ehci

In usb_ehci_init function, it initializes 's->ipacket', but there
is no corresponding function to free this. As the ehci can be hotplug
and unplug, this will leak host memory leak. In order to make the
hierarchy clean, we should add a ehci pci finalize function, then call
the clean function in ehci device.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 589a85b8.3c2b9d0a.b8e6.1434@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2017-02-20' into staging
Peter Maydell [Mon, 20 Feb 2017 17:42:47 +0000 (17:42 +0000)] 
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2017-02-20' into staging

QAPI patches for 2017-02-20

# gpg: Signature made Mon 20 Feb 2017 13:31:12 GMT
# gpg:                using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2017-02-20:
  Makefile: Put VERSION info into version.texi rather than using -D
  qapi2texi: replace quotation by bold section name

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20170220-1' into staging
Peter Maydell [Mon, 20 Feb 2017 16:31:38 +0000 (16:31 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20170220-1' into staging

ui: opengl fixes, for spice and egl-helpers.

# gpg: Signature made Mon 20 Feb 2017 13:12:46 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-ui-20170220-1:
  egl-helpers: Support newer MESA versions
  spice: allow to specify drm rendernode

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-input-20170220-1' into staging
Peter Maydell [Mon, 20 Feb 2017 13:38:34 +0000 (13:38 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-20170220-1' into staging

input: add wctablet, ps2 fix

# gpg: Signature made Mon 20 Feb 2017 11:42:12 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-input-20170220-1:
  Add wctablet device
  ps2: fix mouse mappings for right/middle button

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoMakefile: Put VERSION info into version.texi rather than using -D
Peter Maydell [Fri, 17 Feb 2017 18:59:28 +0000 (18:59 +0000)] 
Makefile: Put VERSION info into version.texi rather than using -D

Unfortunately some older versions of makeinfo don't correctly
handle the -D command line option and fail to set the variable.
This then causes them to complain
 docs/qemu-ga-ref.texi:41: warning: undefined flag: VERSION

Work around this by doing as the autotools do, and writing
the information into a version.texi file which we then
include from the .texi files that need it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1487357968-31000-1-git-send-email-peter.maydell@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
4 years agoqapi2texi: replace quotation by bold section name
Marc-André Lureau [Fri, 17 Feb 2017 09:34:16 +0000 (13:34 +0400)] 
qapi2texi: replace quotation by bold section name

When we build qemu-qmp-ref.txt this causes texinfo to complain several
times:
"Negative repeat count does nothing at
/usr/share/texinfo/Texinfo/Convert/Line.pm line 124."

It also doesn't display correctly, because the "Notes" text disappears
entirely in the HTML version because it thinks there's no actual
quotation text.

The text file output formatting is also not good.

To solve those problems, remove usage of @quotation, and simply use bold
face for the section name.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20170217093416.27688-1-marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/huth/tags/coldfire-20170219' into staging
Peter Maydell [Mon, 20 Feb 2017 11:55:37 +0000 (11:55 +0000)] 
Merge remote-tracking branch 'remotes/huth/tags/coldfire-20170219' into staging

Updates for the m68k ColdFire machines:
- Remove the obsolete dummy machine
- QOMify the ColdFire interrupt controller
- Volunteer for maintaining the orphan ColdFire boards

# gpg: Signature made Sat 18 Feb 2017 23:08:55 GMT
# gpg:                using RSA key 0x2ED9D774FE702DB5
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>"
# gpg:                 aka "Thomas Huth <thuth@redhat.com>"
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>"
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/huth/tags/coldfire-20170219:
  MAINTAINERS: Add odd fixer for the ColdFire boards
  hw/m68k: QOMify the ColdFire interrupt controller
  hw/m68k: Remove dummy machine

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoegl-helpers: Support newer MESA versions
Frediano Ziglio [Mon, 20 Feb 2017 09:50:55 +0000 (09:50 +0000)] 
egl-helpers: Support newer MESA versions

According to
https://www.khronos.org/registry/EGL/extensions/MESA/EGL_MESA_platform_gbm.txt
if MESA_platform_gbm is supported display should be initialized
from a GBM handle using eglGetPlatformDisplayEXT.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Message-id: 20170220095055.4234-1-fziglio@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 years agospice: allow to specify drm rendernode
Marc-André Lureau [Sun, 12 Feb 2017 11:21:18 +0000 (15:21 +0400)] 
spice: allow to specify drm rendernode

When multiple GPU are available, picking the first one isn't always the
best choice. Learn to specify a device rendernode.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20170212112118.16044-1-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 years agoAdd wctablet device
Anatoli Huseu1 [Mon, 6 Feb 2017 14:23:27 +0000 (15:23 +0100)] 
Add wctablet device

Add QEMU Wacom Penpartner serial tablet emulation.
GSoC 2016 project.

Signed-off-by: Anatoli Huseu1 <avg.tolik@gmail.com>
Various cleanups.
Add line speed tracking.
Implement ST and SP commands.
Adapted to chardev QOMification.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1486391007-10116-1-git-send-email-kraxel@redhat.com

4 years agops2: fix mouse mappings for right/middle button
Fabian Lesniak [Sat, 4 Feb 2017 15:03:19 +0000 (16:03 +0100)] 
ps2: fix mouse mappings for right/middle button

Commit 8b0caab0 ("ps2: add support for mice with extra/side buttons")
accidentally swapped right and middle mouse buttons. This commit corrects
the mapping as expected by the ps2 controller.

Signed-off-by: Fabian Lesniak <fabian@lesniak-it.de>
Message-id: 20170204150319.8907-1-fabian@lesniak-it.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
Peter Maydell [Mon, 20 Feb 2017 09:53:59 +0000 (09:53 +0000)] 
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, pci: fixes, features

virtio is using region caches for performance
iommu support for IOTLBs
misc fixes

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri 17 Feb 2017 19:53:02 GMT
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream: (23 commits)
  intel_iommu: vtd_slpt_level_shift check level
  intel_iommu: convert dbg macros to trace for trans
  intel_iommu: convert dbg macros to traces for inv
  intel_iommu: renaming gpa to iova where proper
  intel_iommu: simplify irq region translation
  intel_iommu: add "caching-mode" option
  vfio: allow to notify unmap for very large region
  vfio: introduce vfio_get_vaddr()
  vfio: trace map/unmap for notify as well
  pcie: simplify pcie_add_capability()
  virtio: Fix no interrupt when not creating msi controller
  virtio: use VRingMemoryRegionCaches for avail and used rings
  virtio: check for vring setup in virtio_queue_update_used_idx
  virtio: use VRingMemoryRegionCaches for descriptor ring
  virtio: add MemoryListener to cache ring translations
  virtio: use MemoryRegionCache to access descriptors
  exec: make address_space_cache_destroy idempotent
  virtio: use address_space_map/unmap to access descriptors
  virtio: add virtio_*_phys_cached
  memory: make memory_listener_unregister idempotent
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoMAINTAINERS: Add odd fixer for the ColdFire boards
Thomas Huth [Sun, 12 Feb 2017 22:38:17 +0000 (23:38 +0100)] 
MAINTAINERS: Add odd fixer for the ColdFire boards

I did some work with real ColdFire boards in the past, and after
QOMifying most of the ColdFire devices recently, I feel confident
that I could at least take care of odd fixes for these boards.

Signed-off-by: Thomas Huth <huth@tuxfamily.org>
4 years agohw/m68k: QOMify the ColdFire interrupt controller
Thomas Huth [Sun, 12 Feb 2017 14:41:35 +0000 (15:41 +0100)] 
hw/m68k: QOMify the ColdFire interrupt controller

Use type_init() and friends to adapt the ColdFire interrupt
controller to the latest QEMU device conventions.

Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
4 years agohw/m68k: Remove dummy machine
Thomas Huth [Thu, 26 Jan 2017 08:30:51 +0000 (09:30 +0100)] 
hw/m68k: Remove dummy machine

Since it is now possible to instantiate a CPU and RAM with the "none"
machine, too, and a kernel can be loaded there with the generic loader
device, there is no more need for the m68k "dummy" machine. Thus let's
remove this unmaintained file now.

Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
4 years agointel_iommu: vtd_slpt_level_shift check level
Peter Xu [Tue, 7 Feb 2017 08:28:11 +0000 (16:28 +0800)] 
intel_iommu: vtd_slpt_level_shift check level

This helps in debugging incorrect level passed in.

Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agointel_iommu: convert dbg macros to trace for trans
Peter Xu [Tue, 7 Feb 2017 08:28:10 +0000 (16:28 +0800)] 
intel_iommu: convert dbg macros to trace for trans

Another patch to convert the DPRINTF() stuffs. This patch focuses on the
address translation path and caching.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agointel_iommu: convert dbg macros to traces for inv
Peter Xu [Tue, 7 Feb 2017 08:28:09 +0000 (16:28 +0800)] 
intel_iommu: convert dbg macros to traces for inv

VT-d codes are still using static DEBUG_INTEL_IOMMU macro. That's not
good, and we should end the day when we need to recompile the code
before getting useful debugging information for vt-d. Time to switch to
the trace system. This is the first patch to do it.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agointel_iommu: renaming gpa to iova where proper
Peter Xu [Tue, 7 Feb 2017 08:28:08 +0000 (16:28 +0800)] 
intel_iommu: renaming gpa to iova where proper

There are lots of places in current intel_iommu.c codes that named
"iova" as "gpa". It is really confusing to use a name "gpa" in these
places (which is very easily to be understood as "Guest Physical
Address", while it's not). To make the codes (much) easier to be read, I
decided to do this once and for all.

No functional change is made. Only literal ones.

Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agointel_iommu: simplify irq region translation
Peter Xu [Tue, 7 Feb 2017 08:28:07 +0000 (16:28 +0800)] 
intel_iommu: simplify irq region translation

Now we have a standalone memory region for MSI, all the irq region
requests should be redirected there. Cleaning up the block with an
assertion instead.

Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agointel_iommu: add "caching-mode" option
Aviv Ben-David [Tue, 7 Feb 2017 08:28:06 +0000 (16:28 +0800)] 
intel_iommu: add "caching-mode" option

This capability asks the guest to invalidate cache before each map operation.
We can use this invalidation to trap map operations in the hypervisor.

Signed-off-by: Aviv Ben-David <bd.aviv@gmail.com>
[peterx: using "caching-mode" instead of "cache-mode" to align with spec]
[peterx: re-write the subject to make it short and clear]
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Aviv Ben-David <bd.aviv@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovfio: allow to notify unmap for very large region
Peter Xu [Tue, 7 Feb 2017 08:28:05 +0000 (16:28 +0800)] 
vfio: allow to notify unmap for very large region

Linux vfio driver supports to do VFIO_IOMMU_UNMAP_DMA for a very big
region. This can be leveraged by QEMU IOMMU implementation to cleanup
existing page mappings for an entire iova address space (by notifying
with an IOTLB with extremely huge addr_mask). However current
vfio_iommu_map_notify() does not allow that. It make sure that all the
translated address in IOTLB is falling into RAM range.

The check makes sense, but it should only be a sensible checker for
mapping operations, and mean little for unmap operations.

This patch moves this check into map logic only, so that we'll get
faster unmap handling (no need to translate again), and also we can then
better support unmapping a very big region when it covers non-ram ranges
or even not-existing ranges.

Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovfio: introduce vfio_get_vaddr()
Peter Xu [Tue, 7 Feb 2017 08:28:04 +0000 (16:28 +0800)] 
vfio: introduce vfio_get_vaddr()

A cleanup for vfio_iommu_map_notify(). Now we will fetch vaddr even if
the operation is unmap, but it won't hurt much.

One thing to mention is that we need the RCU read lock to protect the
whole translation and map/unmap procedure.

Acked-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovfio: trace map/unmap for notify as well
Peter Xu [Tue, 7 Feb 2017 08:28:03 +0000 (16:28 +0800)] 
vfio: trace map/unmap for notify as well

We traces its range, but we don't know whether it's a MAP/UNMAP. Let's
dump it as well.

Acked-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agopcie: simplify pcie_add_capability()
Peter Xu [Thu, 16 Feb 2017 04:06:01 +0000 (12:06 +0800)] 
pcie: simplify pcie_add_capability()

When we add PCIe extended capabilities, we should be following the rule
that we add the head extended cap (at offset 0x100) first, then the rest
of them. Meanwhile, we are always adding new capability bits at the end
of the list. Here the "next" looks meaningless in all cases since it
should always be zero (along with the "header").

Simplify the function a bit, and it looks more readable now.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovirtio: Fix no interrupt when not creating msi controller
Michael S. Tsirkin [Fri, 17 Feb 2017 02:52:16 +0000 (04:52 +0200)] 
virtio: Fix no interrupt when not creating msi controller

For ARM virt machine, if we use virt-2.7 which will not create ITS node,
the virtio-net can not recieve interrupts so it can't get ip address
through dhcp.
This fixes commit 83d768b(virtio: set ISR on dataplane notifications).

Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovirtio: use VRingMemoryRegionCaches for avail and used rings
Paolo Bonzini [Fri, 27 Jan 2017 15:40:20 +0000 (16:40 +0100)] 
virtio: use VRingMemoryRegionCaches for avail and used rings

The virtio-net change is necessary because it uses virtqueue_fill
and virtqueue_flush instead of the more convenient virtqueue_push.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovirtio: check for vring setup in virtio_queue_update_used_idx
Paolo Bonzini [Fri, 27 Jan 2017 15:40:19 +0000 (16:40 +0100)] 
virtio: check for vring setup in virtio_queue_update_used_idx

If the vring has not been set up, it is not necessary for vring_used_idx
to do anything (as is already the case when the caller is virtio_load).
This is harmless for now, but it will be a problem when the
MemoryRegionCache has not been set up.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovirtio: use VRingMemoryRegionCaches for descriptor ring
Paolo Bonzini [Fri, 27 Jan 2017 15:40:18 +0000 (16:40 +0100)] 
virtio: use VRingMemoryRegionCaches for descriptor ring

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovirtio: add MemoryListener to cache ring translations
Paolo Bonzini [Fri, 27 Jan 2017 15:40:17 +0000 (16:40 +0100)] 
virtio: add MemoryListener to cache ring translations

The cached translations are RCU-protected to allow efficient use
when processing virtqueues.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovirtio: use MemoryRegionCache to access descriptors
Paolo Bonzini [Fri, 27 Jan 2017 15:40:16 +0000 (16:40 +0100)] 
virtio: use MemoryRegionCache to access descriptors

For now, the cache is created on every virtqueue_pop.  Later on,
direct descriptors will be able to reuse it.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agoexec: make address_space_cache_destroy idempotent
Paolo Bonzini [Fri, 27 Jan 2017 15:40:15 +0000 (16:40 +0100)] 
exec: make address_space_cache_destroy idempotent

Clear cache->mr so that address_space_cache_destroy does nothing
the second time it is called.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovirtio: use address_space_map/unmap to access descriptors
Paolo Bonzini [Fri, 27 Jan 2017 15:40:14 +0000 (16:40 +0100)] 
virtio: use address_space_map/unmap to access descriptors

This makes little difference, but it makes the code change smaller
for the next patch that introduces MemoryRegionCache.  This is
because map/unmap are similar to MemoryRegionCache init/destroy.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovirtio: add virtio_*_phys_cached
Paolo Bonzini [Fri, 27 Jan 2017 15:40:13 +0000 (16:40 +0100)] 
virtio: add virtio_*_phys_cached

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agomemory: make memory_listener_unregister idempotent
Paolo Bonzini [Fri, 27 Jan 2017 15:40:12 +0000 (16:40 +0100)] 
memory: make memory_listener_unregister idempotent

Make it easy to unregister a MemoryListener without tracking whether it
had been registered before.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agodocs: add document to explain the usage of vNVDIMM
Haozhong Zhang [Fri, 3 Feb 2017 00:32:12 +0000 (08:32 +0800)] 
docs: add document to explain the usage of vNVDIMM

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Reviewed-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovirtio: Report real progress in VQ aio poll handler
Fam Zheng [Thu, 9 Feb 2017 08:40:47 +0000 (16:40 +0800)] 
virtio: Report real progress in VQ aio poll handler

In virtio_queue_host_notifier_aio_poll, not all "!virtio_queue_empty()"
cases are making true progress.

Currently the offending one is virtio-scsi event queue, whose handler
does nothing if no event is pending. As a result aio_poll() will spin on
the "non-empty" VQ and take 100% host CPU.

Fix this by reporting actual progress from virtio queue aio handlers.

Reported-by: Ed Swierk <eswierk@skyportsystems.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Tested-by: Ed Swierk <eswierk@skyportsystems.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agopci/pcie: don't assume cap id 0 is reserved
Michael S. Tsirkin [Wed, 15 Feb 2017 20:37:45 +0000 (22:37 +0200)] 
pci/pcie: don't assume cap id 0 is reserved

VFIO actually wants to create a capability with ID == 0.
This is done to make guest drivers skip the given capability.
pcie_add_capability then trips up on this capability
when looking for end of capability list.

To support this use-case, it's easy enough to switch to
e.g. 0xffffffff for these comparisons - we can be sure
it will never match a 16-bit capability ID.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Peter Maydell [Thu, 16 Feb 2017 17:46:52 +0000 (17:46 +0000)] 
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* GUEST_PANICKED improvements (Anton)
* vCont gdbstub rewrite (Claudio)
* Fix CPU creation with -device (Liyang)
* Logging fixes for pty chardevs (Ed)
* Makefile "move if changed" fix (Lin)
* First part of cpu_exec refactoring (me)
* SVM emulation fix (me)
* apic_delivered fix (Pavel)
* "info ioapic" fix (Peter)
* qemu-nbd socket activation (Richard)
* QOMification of mcf_uart (Thomas)

# gpg: Signature made Thu 16 Feb 2017 17:37:31 GMT
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (23 commits)
  target-i386: correctly propagate retaddr into SVM helpers
  vl: log available guest crash information
  report guest crash information in GUEST_PANICKED event
  i386/cpu: add crash-information QOM property
  Makefile: avoid leaving the temporary QEMU_PKGVERSION header file
  vl: Move the cpu_synchronize_all_post_init() after generic devices initialization
  qemu-nbd: Implement socket activation.
  qemu-doc: Clarify that -vga std is now the default
  cpu-exec: remove outermost infinite loop
  cpu-exec: avoid repeated sigsetjmp on interrupts
  cpu-exec: avoid cpu_loop_exit in cpu_handle_interrupt
  cpu-exec: tighten barrier on TCG_EXIT_REQUESTED
  cpu-exec: fix icount out-of-bounds access
  hw/char/mcf_uart: QOMify the ColdFire UART
  gdbstub: Fix vCont behaviour
  move vm_start to cpus.c
  char: drop data written to a disconnected pty
  apic: reset apic_delivered global variable on machine reset
  qemu-char: socket backend: disconnect on write error
  test-vmstate: remove yield_until_fd_readable
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-i386: correctly propagate retaddr into SVM helpers
Paolo Bonzini [Thu, 16 Feb 2017 11:30:05 +0000 (12:30 +0100)] 
target-i386: correctly propagate retaddr into SVM helpers

Commit 2afbdf8 ("target-i386: exception handling for memory helpers",
2015-09-15) changed tlb_fill's cpu_restore_state+raise_exception_err
to raise_exception_err_ra.  After this change, the cpu_restore_state
and raise_exception_err's cpu_loop_exit are merged into
raise_exception_err_ra's cpu_loop_exit_restore.

This actually fixed some bugs, but when SVM is enabled there is a
second path from raise_exception_err_ra to cpu_loop_exit.  This is
the VMEXIT path, and now cpu_vmexit is called without a
cpu_restore_state before.

The fix is to pass the retaddr to cpu_vmexit (via
cpu_svm_check_intercept_param).  All helpers can now use GETPC() to pass
the correct retaddr, too.

Cc: qemu-stable@nongnu.org
Fixes: 2afbdf84807d673eb682cb78158e11cdacbf4673
Reported-by: Alexander Boettcher <alexander.boettcher@genode-labs.com>
Tested-by: Alexander Boettcher <alexander.boettcher@genode-labs.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-upstream-pull-reque...
Peter Maydell [Thu, 16 Feb 2017 15:03:28 +0000 (15:03 +0000)] 
Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-upstream-pull-request' into staging

# gpg: Signature made Thu 16 Feb 2017 14:35:46 GMT
# gpg:                using RSA key 0xF30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>"
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-upstream-pull-request:
  linux-user: Add FICLONE and FICLONERANGE ioctls
  linux-user: Use correct types in load_symbols()
  linux-user: fill target sigcontext struct accordingly
  linux-user: fix tcg/mmap test
  linux-user: fix settime old value location
  linux-user: Update m68k syscall definitions to match Linux 4.6
  linux-user: Update sh4 syscall definitions to match Linux 4.8
  linux-user: manage two new IFLA host message types
  linux-user: Fix mq_open
  linux-user: Fix readahead
  linux-user: Fix inotify_init1 support
  linux-user: Fix s390x safe-syscall for z900
  linux-user: drop __cygwin__ ifdef
  linux-user: remove ifdef __USER_MISC

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agovl: log available guest crash information
Anton Nefedov [Tue, 14 Feb 2017 06:25:24 +0000 (09:25 +0300)] 
vl: log available guest crash information

There is a suitable log mask for the purpose.

Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-Id: <1487053524-18674-4-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agoreport guest crash information in GUEST_PANICKED event
Anton Nefedov [Tue, 14 Feb 2017 06:25:23 +0000 (09:25 +0300)] 
report guest crash information in GUEST_PANICKED event

it's not very convenient to use the crash-information property interface,
so provide a CPU class callback to get the guest crash information, and pass
that information in the event

Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-Id: <1487053524-18674-3-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agoi386/cpu: add crash-information QOM property
Anton Nefedov [Tue, 14 Feb 2017 06:25:22 +0000 (09:25 +0300)] 
i386/cpu: add crash-information QOM property

Windows reports BSOD parameters through Hyper-V crash MSRs. This
information is very useful for initial crash analysis and thus
it would be nice to have a way to fetch it.

Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-Id: <1487053524-18674-2-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agoMakefile: avoid leaving the temporary QEMU_PKGVERSION header file
Lin Ma [Wed, 15 Feb 2017 02:40:30 +0000 (10:40 +0800)] 
Makefile: avoid leaving the temporary QEMU_PKGVERSION header file

By commit 67a1de0d, When we perform 'git pull && make && sudo make install',
In 'make' stage a qemu-version.h.tmp will be generated. If the content of
qemu-version.h.tmp and qemu-version.h aren't consistent, The qemu-version.h.tmp
will be renamed to qemu-version.h. Because of the target FORCE, The same action
will be do again in 'make install' stage.

In 'make install' stage, If there is no qemu-version.h.tmp exists and we run
'make install' with sudo, The owner and group of new qemu-version.h.tmp will be
privileged user/group. When we run 'make' next time, qemu-version.h.tmp can't
be overwritten because of permission issue.

This patch removed qemu-version.h.tmp after build to fix this issue.

Signed-off-by: Lin Ma <lma@suse.com>
Message-Id: <20170215024030.23895-1-lma@suse.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agovl: Move the cpu_synchronize_all_post_init() after generic devices initialization
Dou Liyang [Wed, 1 Feb 2017 02:29:38 +0000 (10:29 +0800)] 
vl: Move the cpu_synchronize_all_post_init() after generic devices initialization

At the Qemu initialization, we call the cpu_synchronize_all_post_init()
to synchronize All CPU states to KVM in the ./vl.c::main().

Currently, it is called before we initialize the CPUs, which is created
by "-device" command and parsed by generic devices initialization, So,
these CPUs may be ignored to synchronize.

The patch moves the cpu_synchronize_all_post_init func after generic
devices initialization to make sure that all the CPUs can be included.

Signed-off-by: Dou Liyang <douly.fnst@cn.fujitsu.com>
Message-Id: <1485916178-17838-1-git-send-email-douly.fnst@cn.fujitsu.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agoqemu-nbd: Implement socket activation.
Richard W.M. Jones [Sat, 4 Feb 2017 10:03:17 +0000 (10:03 +0000)] 
qemu-nbd: Implement socket activation.

Socket activation (sometimes known as systemd socket activation)
allows an Internet superserver to pass a pre-opened listening socket
to the process, instead of having qemu-nbd open a socket itself.  This
is done via the LISTEN_FDS and LISTEN_PID environment variables, and a
standard file descriptor range.

This change partially implements socket activation for qemu-nbd.  If
the environment variables are set correctly, then socket activation
will happen automatically, otherwise everything works as before.  The
limitation is that LISTEN_FDS must be 1.

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20170204100317.32425-2-rjones@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agolinux-user: Add FICLONE and FICLONERANGE ioctls
Helge Deller [Sat, 11 Feb 2017 22:26:02 +0000 (23:26 +0100)] 
linux-user: Add FICLONE and FICLONERANGE ioctls

Add missing FICLONE and FICLONERANGE ioctls.

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20170211222602.GA6399@ls3530.fritz.box>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
4 years agolinux-user: Use correct types in load_symbols()
Peter Maydell [Sat, 4 Feb 2017 23:05:33 +0000 (23:05 +0000)] 
linux-user: Use correct types in load_symbols()

Coverity doesn't like the code in load_symbols() which assumes
it can use 'int' for a variable that might hold an offset into
the guest ELF file, because in a 64-bit guest that could
overflow. Guest binaries with 2GB sections aren't very likely
and this isn't a security issue because we fully trust the
guest linux-user binary anyway, but we might as well use the
right types, which will placate Coverity. Use uint64_t to
hold section sizes, and bail out if the symbol table is too
large rather than just overflowing an int.

(Coverity issue CID1005776)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1486249533-5260-1-git-send-email-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
4 years agolinux-user: fill target sigcontext struct accordingly
Jose Ricardo Ziviani [Tue, 31 Jan 2017 22:05:17 +0000 (20:05 -0200)] 
linux-user: fill target sigcontext struct accordingly

A segfault is noticed when an emulated program uses any of ucontext
regs fields. Risu detected this issue in the following operation when
handling a signal:
  ucontext_t *uc = (ucontext_t*)uc;
  uc->uc_mcontext.regs->nip += 4;

but this works fine:
  uc->uc_mcontext.gp_regs[PT_NIP] += 4;

This patch set regs to a valid location as well as other sigcontext
fields.

Signed-off-by: Jose Ricardo Ziviani <joserz@linux.vnet.ibm.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <1485900317-3256-1-git-send-email-joserz@linux.vnet.ibm.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
4 years agolinux-user: fix tcg/mmap test
Marc-André Lureau [Thu, 19 Jan 2017 15:15:33 +0000 (10:15 -0500)] 
linux-user: fix tcg/mmap test

tests/tcg/mmap test fails with values other than default target page
size. When creating a map beyond EOF, extra anonymous pages are added up
to the target page boundary. Currently, this operation is performed only
when qemu_real_host_page_size < TARGET_PAGE_SIZE, but it should be
performed if the configured page size (qemu -p) is larger than
qemu_real_host_page_size too.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[pranith: dropped checkpatch changes]
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20170119151533.29328-2-bobby.prani@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
4 years agolinux-user: fix settime old value location
Marc-André Lureau [Thu, 19 Jan 2017 15:15:32 +0000 (10:15 -0500)] 
linux-user: fix settime old value location

old_value is the 4th argument of timer_settime(), not the 2nd.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20170119151533.29328-1-bobby.prani@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
4 years agolinux-user: Update m68k syscall definitions to match Linux 4.6
John Paul Adrian Glaubitz [Mon, 16 Jan 2017 22:49:15 +0000 (23:49 +0100)] 
linux-user: Update m68k syscall definitions to match Linux 4.6

Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20170116224915.19430-2-glaubitz@physik.fu-berlin.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
4 years agolinux-user: Update sh4 syscall definitions to match Linux 4.8
John Paul Adrian Glaubitz [Mon, 16 Jan 2017 22:31:40 +0000 (23:31 +0100)] 
linux-user: Update sh4 syscall definitions to match Linux 4.8

Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20170116223140.18634-2-glaubitz@physik.fu-berlin.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
4 years agoqemu-doc: Clarify that -vga std is now the default
Alberto Garcia [Fri, 27 Jan 2017 09:41:54 +0000 (11:41 +0200)] 
qemu-doc: Clarify that -vga std is now the default

The QEMU manual page states that Cirrus Logic is the default video
card if the user doesn't specify any. However this is not true since
QEMU 2.2.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20170127094154.19778-1-berto@igalia.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agocpu-exec: remove outermost infinite loop
Paolo Bonzini [Sun, 29 Jan 2017 09:55:14 +0000 (10:55 +0100)] 
cpu-exec: remove outermost infinite loop

Reorganize the sigsetjmp so that the restart case falls through
to cpu_handle_exception and the execution loop.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agocpu-exec: avoid repeated sigsetjmp on interrupts
Paolo Bonzini [Fri, 27 Jan 2017 10:01:00 +0000 (11:01 +0100)] 
cpu-exec: avoid repeated sigsetjmp on interrupts

The sigsetjmp only needs to be prepared once for the whole execution
of cpu_exec.  This patch takes care of the "== 0" side, using a
nested loop so that cpu_handle_interrupt goes straight back to
cpu_handle_exception without doing another sigsetjmp.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agocpu-exec: avoid cpu_loop_exit in cpu_handle_interrupt
Paolo Bonzini [Fri, 27 Jan 2017 09:57:18 +0000 (10:57 +0100)] 
cpu-exec: avoid cpu_loop_exit in cpu_handle_interrupt

The siglongjmp goes straight back to the beginning of cpu_exec's
outermost loop.  We do not need a siglongjmp, we can simply
leave the inner TB execution loop.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agocpu-exec: tighten barrier on TCG_EXIT_REQUESTED
Paolo Bonzini [Sun, 29 Jan 2017 11:15:15 +0000 (12:15 +0100)] 
cpu-exec: tighten barrier on TCG_EXIT_REQUESTED

This seems to have worked just fine so far on weakly-ordered
architectures, but I don't see anything that prevents the
reordering from:

    store 1 to exit_request
    store 1 to tcg_exit_req
                                 load tcg_exit_req
                                 store 0 to tcg_exit_req
                                 load exit_request
                                 store 0 to exit_request
    store 1 to exit_request
    store 1 to tcg_exit_req

to this:

    store 1 to exit_request
    store 1 to tcg_exit_req
                                 load tcg_exit_req
                                 load exit_request
    store 1 to exit_request
    store 1 to tcg_exit_req
                                 store 0 to tcg_exit_req
                                 store 0 to exit_request

therefore losing a request.  It's possible that other memory barriers
(e.g. in rcu_read_unlock) are hiding it, but better safe than
sorry.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agocpu-exec: fix icount out-of-bounds access
Paolo Bonzini [Sun, 29 Jan 2017 11:00:59 +0000 (12:00 +0100)] 
cpu-exec: fix icount out-of-bounds access

When icount is active, tb_add_jump is surprisingly called with an
out of bounds basic block index.  I have no idea how that can work,
but it does not seem like a good idea.  Clear *last_tb for all
TB_EXIT_ICOUNT_EXPIRED cases, even when all you have to do is
refill icount_extra.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agohw/char/mcf_uart: QOMify the ColdFire UART
Thomas Huth [Sat, 28 Jan 2017 06:56:22 +0000 (07:56 +0100)] 
hw/char/mcf_uart: QOMify the ColdFire UART

Use type_init() etc. to adapt the ColdFire UART
to the latest QEMU device conventions.

Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Message-Id: <1485586582-6490-1-git-send-email-huth@tuxfamily.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agogdbstub: Fix vCont behaviour
Claudio Imbrenda [Tue, 14 Feb 2017 17:07:48 +0000 (18:07 +0100)] 
gdbstub: Fix vCont behaviour

When GDB issues a "vCont", QEMU was not handling it correctly when
multiple VCPUs are active.
For vCont, for each thread (VCPU), it can be specified whether to
single step, continue or stop that thread. The default is to stop a
thread.
However, when (for example) "vCont;s:2" is issued, all VCPUs continue
to run, although all but VCPU nr 2 are to be stopped.

This patch completely rewrites the vCont parsing code.

Please note that this improvement only works in system emulation mode,
when in userspace emulation mode the old behaviour is preserved.

Signed-off-by: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
Message-Id: <1487092068-16562-3-git-send-email-imbrenda@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agomove vm_start to cpus.c
Claudio Imbrenda [Tue, 14 Feb 2017 17:07:47 +0000 (18:07 +0100)] 
move vm_start to cpus.c

This patch:

* moves vm_start to cpus.c.
* exports qemu_vmstop_requested, since it's needed by vm_start.
* extracts vm_prepare_start from vm_start; it does what vm_start did,
  except restarting the cpus.
* vm_start now calls vm_prepare_start and then restarts the cpus.

Signed-off-by: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
Message-Id: <1487092068-16562-2-git-send-email-imbrenda@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agochar: drop data written to a disconnected pty
Ed Swierk [Tue, 31 Jan 2017 13:45:29 +0000 (05:45 -0800)] 
char: drop data written to a disconnected pty

When a serial port writes data to a pty that's disconnected, drop the
data and return the length dropped. This avoids triggering pointless
retries in callers like the 16550A serial_xmit(), and causes
qemu_chr_fe_write() to write all data to the log file, rather than
logging only while a pty client like virsh console happens to be
connected.

Signed-off-by: Ed Swierk <eswierk@skyportsystems.com>
Message-Id: <1485870329-79428-1-git-send-email-eswierk@skyportsystems.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agoapic: reset apic_delivered global variable on machine reset
Pavel Dovgalyuk [Tue, 31 Jan 2017 11:40:54 +0000 (14:40 +0300)] 
apic: reset apic_delivered global variable on machine reset

This patch adds call to apic_reset_irq_delivered when the virtual
machine is reset.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <20170131114054.276.62201.stgit@PASHA-ISP>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agoqemu-char: socket backend: disconnect on write error
Anton Nefedov [Thu, 2 Feb 2017 14:26:29 +0000 (17:26 +0300)] 
qemu-char: socket backend: disconnect on write error

Socket backend read handler should normally perform a disconnect, however
the read handler may not get a chance to run if the frontend is not ready
(qemu_chr_be_can_write() == 0).

This means that in virtio-serial frontend case if
 - the host has disconnected (giving EPIPE on socket write)
 - and the guest has disconnected (-> frontend not ready -> backend
   will not read)
 - and there is still data (frontend->backend) to flush (has to be a really
   tricky timing but nevertheless, we have observed the case in production)

This results in virtio-serial trying to flush this data continiously forming
a busy loop.

Solution: react on write error in the socket write handler.
errno is not reliable after qio_channel_writev_full(), so we may not get
the exact EPIPE, so disconnect on any error but QIO_CHANNEL_ERR_BLOCK which
io_channel_send_full() converts to errno EAGAIN.
We must not disconnect right away though, there still may be data to read
(see 4bf1cb0).

Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Daniel P. Berrange <berrange@redhat.com>
CC: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1486045589-8074-1-git-send-email-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agotest-vmstate: remove yield_until_fd_readable
Paolo Bonzini [Mon, 30 Jan 2017 20:11:19 +0000 (15:11 -0500)] 
test-vmstate: remove yield_until_fd_readable

The function is not needed anymore now that migration is built on
top of QIOChannel.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agokvm/ioapic: correct kvm ioapic version
Peter Xu [Fri, 3 Feb 2017 07:18:18 +0000 (15:18 +0800)] 
kvm/ioapic: correct kvm ioapic version

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1486106298-3699-4-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agoioapic: fix error report value of def version
Peter Xu [Fri, 3 Feb 2017 07:18:17 +0000 (15:18 +0800)] 
ioapic: fix error report value of def version

It should be 0x20, rather than 0x11.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1486106298-3699-3-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agokvm/ioapic: dump real object instead of a fake one
Peter Xu [Fri, 3 Feb 2017 07:18:16 +0000 (15:18 +0800)] 
kvm/ioapic: dump real object instead of a fake one

When we do "info ioapic" for kvm ioapic, we were building up a temporary
ioapic object. Let's fetch the real one and update correspond to the
real object as well.

This fixes printing uninitialized version field in
ioapic_print_redtbl().

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1486106298-3699-2-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
Peter Maydell [Thu, 16 Feb 2017 12:36:24 +0000 (12:36 +0000)] 
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Wed 15 Feb 2017 03:46:59 GMT
# gpg:                using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  net: e1000e: fix an infinite loop issue
  net: imx: limit buffer descriptor count
  colo-compare: sort TCP packet queue by sequence number
  net: e1000e: fix dead code in e1000e_write_packet_to_guest
  net: Mark 'vlan' parameter as deprecated

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agonet: e1000e: fix an infinite loop issue
Li Qiang [Fri, 10 Feb 2017 02:19:19 +0000 (18:19 -0800)] 
net: e1000e: fix an infinite loop issue

This issue is like the issue in e1000 network card addressed in
this commit:
e1000: eliminate infinite loops on out-of-bounds transfer start.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agonet: imx: limit buffer descriptor count
Prasad J Pandit [Thu, 2 Feb 2017 10:46:24 +0000 (16:16 +0530)] 
net: imx: limit buffer descriptor count

i.MX Fast Ethernet Controller uses buffer descriptors to manage
data flow to/fro receive & transmit queues. While transmitting
packets, it could continue to read buffer descriptors if a buffer
descriptor has length of zero and has crafted values in bd.flags.
Set an upper limit to number of buffer descriptors.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agocolo-compare: sort TCP packet queue by sequence number
Zhang Chen [Tue, 24 Jan 2017 08:53:46 +0000 (16:53 +0800)] 
colo-compare: sort TCP packet queue by sequence number

Improve efficiency of TCP packet comparison.

Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agonet: e1000e: fix dead code in e1000e_write_packet_to_guest
Paolo Bonzini [Thu, 26 Jan 2017 10:10:10 +0000 (11:10 +0100)] 
net: e1000e: fix dead code in e1000e_write_packet_to_guest

Because is_first is declared inside a loop, it is always true.  The store
is dead, and so is the "else" branch of "if (is_first)".  is_last is
okay though.

Reported by Coverity.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agonet: Mark 'vlan' parameter as deprecated
Thomas Huth [Tue, 24 Jan 2017 09:42:49 +0000 (10:42 +0100)] 
net: Mark 'vlan' parameter as deprecated

The 'vlan' parameter is a continuous source of confusion for the users,
many people mix it up with the more common term VLAN (the link layer
packet encapsulation), and even if they realize that the QEMU 'vlan' is
rather some kind of network hub emulation, there is still a high risk
that they configure their QEMU networking in a wrong way with this
parameter (e.g. by hooking NICs together, so they get a 'loopback'
between one and the other NIC).
Thus at one point in time, we should finally get rid of the 'vlan'
feature in QEMU. Let's do a first step in this direction by declaring
the 'vlan' parameter as deprecated and informing the users to use the
'netdev' parameter instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agolinux-user: manage two new IFLA host message types
Laurent Vivier [Thu, 27 Oct 2016 01:00:49 +0000 (03:00 +0200)] 
linux-user: manage two new IFLA host message types

Add QEMU_IFLA_GSO_MAX_SEGS and QEMU_IFLA_GSO_MAX_SIZE
in host_to_target_data_link_rtattr().

These two messages are sent by the host kernel when
we use "sudo".

Found with qemu-m68k and Debian etch-m68k (sudo 1.6.8p12-4) and
host kernel 4.7.6-200.fc24.x86_64

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <1477530049-15676-1-git-send-email-laurent@vivier.eu>

4 years agolinux-user: Fix mq_open
Lena Djokic [Thu, 24 Nov 2016 16:08:58 +0000 (17:08 +0100)] 
linux-user: Fix mq_open

If fourth argument is NULL it should be passed without
using lock_user function which would, in that case, return
EFAULT, and system call supports passing NULL as fourth argument.

Signed-off-by: Lena Djokic <Lena.Djokic@rt-rk.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
4 years agolinux-user: Fix readahead
Lena Djokic [Thu, 24 Nov 2016 16:08:56 +0000 (17:08 +0100)] 
linux-user: Fix readahead

Calculation of 64-bit offset was not correct for all cases.

Signed-off-by: Lena Djokic <Lena.Djokic@rt-rk.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
4 years agolinux-user: Fix inotify_init1 support
Lena Djokic [Thu, 24 Nov 2016 16:08:53 +0000 (17:08 +0100)] 
linux-user: Fix inotify_init1 support

This commit adds necessary conversion of argument passed to inotify_init1.
inotify_init1 flags can be IN_NONBLOCK and IN_CLOEXEC which rely on O_NONBLOCK
and O_CLOEXEC and those can have different values on different platforms.

Signed-off-by: Lena Djokic <Lena.Djokic@rt-rk.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
4 years agolinux-user: Fix s390x safe-syscall for z900
Richard Henderson [Wed, 26 Oct 2016 19:08:52 +0000 (12:08 -0700)] 
linux-user: Fix s390x safe-syscall for z900

The LT instruction was added in the extended immediate facility
introduced with the z9-109 processor.

Cc: Riku Voipio <riku.voipio@iki.fi>
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Fixes: c9bc3437a905b660561a26cd4ecc64579843267b
Suggested-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
4 years agolinux-user: drop __cygwin__ ifdef
Riku Voipio [Tue, 27 Sep 2016 22:05:22 +0000 (01:05 +0300)] 
linux-user: drop __cygwin__ ifdef

linux-user doesn't work on cygwin anyways.

Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
4 years agolinux-user: remove ifdef __USER_MISC
Riku Voipio [Tue, 27 Sep 2016 21:25:19 +0000 (00:25 +0300)] 
linux-user: remove ifdef __USER_MISC

This preprocessor macro isn't set anywhere. Remove
the check so -strace can show these options.

Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
4 years agoMerge remote-tracking branch 'remotes/rth/tags/pull-or-20170214' into staging
Peter Maydell [Tue, 14 Feb 2017 09:55:48 +0000 (09:55 +0000)] 
Merge remote-tracking branch 'remotes/rth/tags/pull-or-20170214' into staging

Queued openrisc patches

# gpg: Signature made Mon 13 Feb 2017 21:21:03 GMT
# gpg:                using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC  16A4 AD12 70CC 4DD0 279B

* remotes/rth/tags/pull-or-20170214: (24 commits)
  target/openrisc: Optimize for r0 being zero
  target/openrisc: Tidy handling of delayed branches
  target/openrisc: Tidy ppc/npc implementation
  target/openrisc: Optimize l.jal to next
  target/openrisc: Fix madd
  target/openrisc: Implement muld, muldu, macu, msbu
  target/openrisc: Represent MACHI:MACLO as a single unit
  target/openrisc: Implement msync
  target/openrisc: Enable trap, csync, msync, psync for user mode
  target/openrisc: Set flags on helpers
  target/openrisc: Use movcond where appropriate
  target/openrisc: Keep SR_CY and SR_OV in a separate variables
  target/openrisc: Keep SR_F in a separate variable
  target/openrisc: Invert the decoding in dec_calc
  target/openrisc: Put SR[OVE] in TB flags
  target/openrisc: Streamline arithmetic and OVE
  target/openrisc: Rationalize immediate extraction
  target/openrisc: Tidy insn dumping
  target/openrisc: Implement lwa, swa
  target/openrisc: Fix exception handling status registers
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget/openrisc: Optimize for r0 being zero
Richard Henderson [Wed, 6 Apr 2016 02:43:40 +0000 (19:43 -0700)] 
target/openrisc: Optimize for r0 being zero

The HW does not special-case r0, but the ABI specifies that r0 should
contain 0.  If we expose this fact to the optimizer, we can simplify
a lot of the generated code.  We must of course verify that r0==0, but
that is trivial to do with a TB flag.

Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Tidy handling of delayed branches
Richard Henderson [Wed, 6 Apr 2016 01:00:33 +0000 (18:00 -0700)] 
target/openrisc: Tidy handling of delayed branches

Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Tidy ppc/npc implementation
Richard Henderson [Tue, 5 Apr 2016 18:41:48 +0000 (11:41 -0700)] 
target/openrisc: Tidy ppc/npc implementation

The NPC SPR is really only supposed to be used for FPGA debugging.
It contains the same contents as PC, unless one plays games.  Follow
the or1ksim implementation in flushing delayed branch state when it
is changed.

The PPC SPR need not be updated every instruction, merely when we
exit the TB or attempt to read its contents.

Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Optimize l.jal to next
Richard Henderson [Tue, 5 Apr 2016 18:50:16 +0000 (11:50 -0700)] 
target/openrisc: Optimize l.jal to next

This allows the tcg optimizer to see, and fold, all of the
constants involved in a GOT base register load sequence.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Fix madd
Richard Henderson [Thu, 19 Feb 2015 02:47:35 +0000 (18:47 -0800)] 
target/openrisc: Fix madd

Note that the specification for lf.madd.s is confused.  It's
the only mention of supposed FPMADDHI/FPMADDLO special registers.
On the other hand, or1ksim implements a somewhat normal non-fused
multiply and add.  Mirror that.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Implement muld, muldu, macu, msbu
Richard Henderson [Thu, 19 Feb 2015 01:03:40 +0000 (17:03 -0800)] 
target/openrisc: Implement muld, muldu, macu, msbu

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Represent MACHI:MACLO as a single unit
Richard Henderson [Wed, 18 Feb 2015 23:05:05 +0000 (15:05 -0800)] 
target/openrisc: Represent MACHI:MACLO as a single unit

Significantly simplifies the implementation of the use of MAC.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Implement msync
Richard Henderson [Tue, 24 Jan 2017 03:07:40 +0000 (19:07 -0800)] 
target/openrisc: Implement msync

Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Enable trap, csync, msync, psync for user mode
Richard Henderson [Thu, 19 Feb 2015 00:26:01 +0000 (16:26 -0800)] 
target/openrisc: Enable trap, csync, msync, psync for user mode

Not documented as disabled for user mode.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Set flags on helpers
Richard Henderson [Wed, 18 Feb 2015 21:38:33 +0000 (13:38 -0800)] 
target/openrisc: Set flags on helpers

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Use movcond where appropriate
Richard Henderson [Wed, 18 Feb 2015 19:51:10 +0000 (11:51 -0800)] 
target/openrisc: Use movcond where appropriate

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Keep SR_CY and SR_OV in a separate variables
Richard Henderson [Wed, 18 Feb 2015 21:26:26 +0000 (13:26 -0800)] 
target/openrisc: Keep SR_CY and SR_OV in a separate variables

This significantly streamlines carry and overflow production.

Signed-off-by: Richard Henderson <rth@twiddle.net>
4 years agotarget/openrisc: Keep SR_F in a separate variable
Richard Henderson [Wed, 18 Feb 2015 19:45:54 +0000 (11:45 -0800)] 
target/openrisc: Keep SR_F in a separate variable

This avoids having to keep merging and extracting the flag from SR.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>