Jan Kiszka [Sun, 16 Oct 2011 13:30:27 +0000 (15:30 +0200)]
kvm: x86: Add user space part for in-kernel i8259
Introduce the alternative 'kvm-i8259' device model that exploits KVM
in-kernel acceleration.
The PIIX3 initialization code is furthermore extended by KVM specific
IRQ route setup. GSI injection differs in KVM mode from the user space
model. As we can dispatch ISA-range IRQs to both IOAPIC and PIC inside
the kernel, we do not need to inject them separately. This is reflected
by a KVM-specific GSI handler.
Jan Kiszka [Sun, 16 Oct 2011 11:23:26 +0000 (13:23 +0200)]
kvm: x86: Add user space part for in-kernel APIC
This introduces the alternative APIC device which makes use of KVM's
in-kernel device model. External NMI injection via LINT1 is emulated by
checking the current state of the in-kernel APIC, only injecting a NMI
into the VCPU if LINT1 is unmasked and configured to DM_NMI.
MSI is not yet supported, so we disable this when the in-kernel model is
in use.
Jan Kiszka [Sat, 15 Oct 2011 12:08:26 +0000 (14:08 +0200)]
kvm: x86: Establish IRQ0 override control
KVM is forced to disable the IRQ0 override when we run with in-kernel
irqchip but without IRQ routing support of the kernel. Set the fwcfg
value correspondingly. This aligns us with qemu-kvm.
Jan Kiszka [Sat, 15 Oct 2011 09:49:47 +0000 (11:49 +0200)]
kvm: Introduce core services for in-kernel irqchip support
Add the basic infrastructure to active in-kernel irqchip support, inject
interrupts into these models, and maintain IRQ routes.
Routing is optional and depends on the host arch supporting
KVM_CAP_IRQ_ROUTING. When it's not available on x86, we looe the HPET as
we can't route GSI0 to IOAPIC pin 2.
In-kernel irqchip support will once be controlled by the machine
property 'kernel_irqchip', but this is not yet wired up.
Jan Kiszka [Sun, 23 Oct 2011 14:01:19 +0000 (16:01 +0200)]
memory: Introduce memory_region_init_reservation
Introduce a memory region type that can reserve I/O space. Such regions
are useful for modeling I/O that is only handled outside of QEMU, i.e.
in the context of an accelerator like KVM.
Any access to such a region from QEMU is a bug, but could theoretically
be triggered by guest code (DMA to reserved region). So only warning
about such events once, then ignore them.
Jan Kiszka [Sun, 16 Oct 2011 17:38:22 +0000 (19:38 +0200)]
ioapic: Factor out base class for KVM reuse
Split up the IOAPIC analogously to APIC and i8259. KVM will share the
IOAPICCommonState, the vmstate, reset logic and certain init parts with
the user space model.
Jan Kiszka [Tue, 10 Jan 2012 11:24:10 +0000 (12:24 +0100)]
ioapic: Drop post-load irr initialization
As all devices undergo a reset prior to vmloa, and the reset value of
irr is 0, we do not need to do this clearing for older vmstates
explicitly. Dropping this redundant code will also make KVM integration
a bit simpler.
Jan Kiszka [Sun, 16 Oct 2011 12:38:45 +0000 (14:38 +0200)]
i8259: Factor out base class for KVM reuse
Analogously to the APIC, we will reuse some parts of the user space
i8259 model for KVM. The base class provides a common device state, the
vmstate, the property list, a reset core and some shared init bits.
This also introduces a common helper to instantiate a single i8259 chip
from the cascade-creating i8259_init function.
Jan Kiszka [Sun, 16 Oct 2011 10:19:12 +0000 (12:19 +0200)]
apic: Open-code timer save/restore
To enable migration between accelerated and non-accelerated APIC models,
we will need to handle the timer saving and restoring specially and can
no longer rely on the automatics of VMSTATE_TIMER. Specifically,
accelerated model will not start any QEMUTimer.
This patch therefore factors out the generic bits into apic_next_timer
and use a post-load callback to implemented model-specific logic.
Jan Kiszka [Sun, 16 Oct 2011 09:16:36 +0000 (11:16 +0200)]
apic: Factor out base class for KVM reuse
The KVM in-kernel APIC model will reuse parts of the user space model
while providing the same frontend view to guest and most management
interfaces.
Factor out an APIC base class to encapsulate those parts that will be
shared by user space and KVM model. This class offers callback hooks for
init, base/tpr setting, and the external NMI delivery that will be
set via APICCommonInfo structure and implemented specifically in the
subclasses.
Jan Kiszka [Mon, 17 Oct 2011 16:00:06 +0000 (00:00 +0800)]
apic: Inject external NMI events via LINT1
On real hardware, NMI button events are injected via the LINT1 line of
the APICs. E.g. kdump expect this wiring and gets upset if the per-APIC
LINT1 mask is not respected, i.e. if NMIs are injected to VCPUs that
should not receive them. Change the APIC emulation code to reflect this.
Jan Kiszka [Sun, 16 Oct 2011 09:59:30 +0000 (11:59 +0200)]
apic: Stop timer on reset
All LVTs are masked on reset, so the timer becomes ineffective. Letting
it tick nevertheless is harmless, but will at least create a spurious
trace event.
Jan Kiszka [Sat, 15 Oct 2011 12:33:17 +0000 (14:33 +0200)]
msi: Generalize msix_supported to msi_supported
Rename msix_supported to msi_supported and control MSI and MSI-X
activation this way. That was likely to original intention for this
flag, but MSI support came after MSI-X.
Evgeny Voevodin [Fri, 13 Jan 2012 20:52:40 +0000 (20:52 +0000)]
hw/arm_boot.c: Make SMP boards specify address to poll in bootup loop
The secondary CPU bootloader in arm_boot.c holds secondary CPUs in a
pen until the primary CPU releases them. Make boards specify the
address to be polled to determine whether to leave the pen (it was
previously hardcoded to 0x10000030, which is a Versatile Express/
Realview specific system register address).
u-boot uses single automatic scans and polling in
pxa2xx_keypad driver, so clear KPC_AS bit immediately
and update keys state even if KPC_AS and KPC_ASACT are
cleared.
Peter Maydell [Fri, 13 Jan 2012 17:25:08 +0000 (17:25 +0000)]
target-arm: Fix errors in decode of M profile CPS
Fix errors in the decode of M profile CPS:
* the decode of the I (affects PRIMASK) and F (affects FAULTMASK)
bits was reversed
* the FAULTMASK system register number is 19, not 17
Paolo Bonzini [Fri, 13 Jan 2012 16:44:23 +0000 (17:44 +0100)]
prepare for future GPLv2+ relicensing
All files under GPLv2 will get GPLv2+ changes starting tomorrow.
event_notifier.c and exec-obsolete.h were only ever touched by Red Hat
employees and can be relicensed now.
Amit Shah [Fri, 13 Jan 2012 09:59:48 +0000 (15:29 +0530)]
virtio-console: no need to remove char handlers explicitly
qdev is now equipped (thanks to the last commit) to disassociate
chardevs from the qdev devices on the devices going away. So doing it
in the virtio-console driver is not necessary.
Since that was the only thing being done in the qdev exit method, drop
it entirely.
Paolo Bonzini [Fri, 23 Dec 2011 14:39:03 +0000 (15:39 +0100)]
virtio-blk: refuse SG_IO requests with scsi=off
QEMU does have a "scsi" option (to be used like -device
virtio-blk-pci,drive=foo,scsi=off). However, it only
masks the feature bit, and does not reject the command
if a malicious guest disregards the feature bits and
issues a request.
Without this patch, using scsi=off does not protect you
from CVE-2011-4127.
Anthony Liguori [Fri, 13 Jan 2012 13:45:55 +0000 (07:45 -0600)]
qdev: fix device_del by refactoring reference counting
Commit 8eb0283 broken device_del by having too overzealous reference counting
checks. Move the reference count checks to qdev_free(), make sure to remove
the parent link on free, and decrement the reference count on property removal.
Anthony Liguori [Fri, 13 Jan 2012 16:17:49 +0000 (10:17 -0600)]
Merge remote-tracking branch 'stefanha/trivial-patches' into HEAD
* stefanha/trivial-patches:
bt-host: add missing break statement
virtfs-proxy-helper: Add missing printf format attribute
virtfs-proxy-helper: Clean include files
virtfs-proxy-helper: Fix compilation on newer systems
hmp: Fix freeing of PciInfoList
Add 'fall through' comments to case statements without break
omap_dss: correct chip[1] index in RFBI_READ/RFBI_STATUS
vnc: fix no-lock-key-sync strncmp() length
vvfat: avoid leaking file descriptor in commit_one_file()
Spelling fixes in comments and documentation
tcg-arm: fix a typo in comments
configure: Modify detection of supported warning options
Aurelien Jarno [Fri, 13 Jan 2012 15:01:40 +0000 (16:01 +0100)]
target-i386: fix compilation with --enable-debug-tcg
Commit 2355c16e74ffa4d14e7fc2b4a23b055565ac0221 introduced a new ldmxcsr
helper taking an i32 argument, but the helper is actually passed a long.
Fix that by truncating the long to i32.
Stefan Hajnoczi [Thu, 12 Jan 2012 14:17:04 +0000 (14:17 +0000)]
bt-host: add missing break statement
The switch statement in bt_host_read() is missing a break in one case.
Andrzej Zaborowski <[email protected]> confirmed that this is
not an intentional fall-through.
Stefan Weil [Wed, 11 Jan 2012 18:34:30 +0000 (19:34 +0100)]
virtfs-proxy-helper: Clean include files
The common standard include files are already included via qemu-common.h,
and for the socket related include files there is qemu_socket.h, so the
code can be reduced by some lines.
Stefan Hajnoczi [Sat, 7 Jan 2012 11:59:59 +0000 (11:59 +0000)]
omap_dss: correct chip[1] index in RFBI_READ/RFBI_STATUS
The RFBI_READ/RFBI_STATUS code incorrectly uses chip[0] when it should
be using chip[1]. Andrzej Zaborowski <[email protected]> confirmed this
bug since I don't know this code well.
Stefan Hajnoczi [Fri, 6 Jan 2012 16:57:45 +0000 (16:57 +0000)]
vnc: fix no-lock-key-sync strncmp() length
The no-lock-key-sync option is being parsed incorrectly because of an
outdated strcmp() length value. Use the correct length so that invalid
option names do not match.
Avi Kivity [Wed, 28 Dec 2011 10:26:58 +0000 (12:26 +0200)]
Fix qapi code generation fix
The fixes to qapi code generation had multiple bugs:
- the Null class used to drop output was missing some methods
- in some scripts it was never instantiated, leading to a None return,
which is missing even more methods
- the --source and --header options were swapped
Luckily, all those bugs were hidden by a makefile bug which caused the
old behaviour (with the race) to be invoked.
Aurelien Jarno [Sat, 7 Jan 2012 14:20:12 +0000 (15:20 +0100)]
target-i386: fix SSE rounding and flush to zero
SSE rounding and flush to zero control has never been implemented. However
given that softfloat-native was using a single state for FPU and SSE and
given that glibc is setting both FPU and SSE state in fesetround(), this
was working correctly up to the switch to softfloat.
Fix that by adding an update_sse_status() function similar to
update_fpu_status(), and callin git on write to mxcsr.
Aurelien Jarno [Sat, 7 Jan 2012 14:20:12 +0000 (15:20 +0100)]
target-i386: fix dpps and dppd SSE2 instructions
The helpers implemented dpps and dppd SSE instructions are not passing
the correct argument types to the softfloat functions. While they do
work anyway providing a correct behaviour, this patch fixes that.
roundps and roundss SSE2 instructions have been broken when switching
target-i386 to softfloat. They use float64_round_to_int to convert a
float32, and while the implicit conversion from float32 to float64 was
correct for softfloat-native, it is not for pure softfloat. Fix that by
using the correct registers and correct functions.
Also fix roundpd and roundsd implementation at the same time, even if
these functions are behaving correctly.
minpd, minps, minsd, minss and maxpd, maxps, maxsd, maxss SSE2
instructions have been broken when switching target-i386 to softfloat.
It's not possible to use comparison instructions on float types anymore
to softfloat, so use the floatXX_lt function instead, as the
float_XX_min and float_XX_max functions can't be used due to the Intel
specific behaviour.
As it implements the correct NaNs behaviour, let's remove the
corresponding entry from the TODO.
It fixes GDM screen display on Debian Lenny.
Thanks to Peter Maydell and Jason Wessel for their analysis of the
problem.
Stefan Weil [Thu, 5 Jan 2012 14:39:39 +0000 (15:39 +0100)]
elf: Improve symbol lookup (optimize, fix for bsd-user)
Coverity complained about local variable key which was only partially
initiated. Only key.st_value was set. As this was also the only part
of key which was used in function symfind, the code could be optimized
by directly passing a pointer to orig_addr.
In bsd-user/elfload.c, fix ec822001a2f26eef8701194714f6482b6d852de2
was missing. This was a simple replacement of > by >= in symfind, so
I fixed it here without creating an additional patch.
Aurelien Jarno [Tue, 10 Jan 2012 17:24:11 +0000 (18:24 +0100)]
Merge branch 's390-next' of git://repo.or.cz/qemu/agraf
* 's390-next' of git://repo.or.cz/qemu/agraf:
s390: fix cpu hotplug / cpu activity on interrupts
s390x: add TR function for EXECUTE
Expose drive_add on all architectures
Add generic drive hotplugging
Compile device-hotplug on all targets
[S390] Add hotplug support
Aurelien Jarno [Sat, 7 Jan 2012 14:20:12 +0000 (15:20 +0100)]
target-sh4: ignore ocbp and ocbwb instructions
ocbp and ocbwb controls the writeback of a cache line to memory. They
are supposed to do nothing in case of a cache miss. Given QEMU only
partially emulate caches, it is safe to ignore these instructions.
This fixes a kernel oops when trying to access an rtl8139 NIC with
recent versions.
Peter Maydell [Mon, 26 Dec 2011 00:02:18 +0000 (00:02 +0000)]
tcg/arm: Use r6 as TCG_AREG0 to avoid clash with Thumb framepointer
On ARM, in Thumb mode r7 is used for the framepointer; this meant
that we would fail to compile in debug mode because we were using r7
for TCG_AREG0. Shift to r6 instead to avoid this clash.
(Bug reported as LP:870990.)
Stefan Weil [Mon, 9 Jan 2012 18:23:42 +0000 (19:23 +0100)]
cris-dis: Clean memory allocation
The old code used sizeof(const struct cris_opcode **) where it should
have used sizeof(const struct cris_opcode *). As both sizes give the
same value, the resulting binary was ok, but static code analyzers
like coverity and clang complained.
This is fixed here, and the code is also simplified by using g_new0.
Avi Kivity [Mon, 9 Jan 2012 12:01:39 +0000 (14:01 +0200)]
vhost: improve region filtering
vhost memory management doesn't care about non-memory (e.g. PIO) or non-RAM
regions. Adjust the filtering to reflect that, and move it earlier so it
applies to mem_sections too.
Avi Kivity [Sun, 8 Jan 2012 11:18:19 +0000 (13:18 +0200)]
Fix vmstate_register_ram() for rom/device regions
rom/device regions have a ram_addr that is composed of both an I/O handler
(low bits) and RAM region (high bits); but qemu_ram_set_idstr() expects just
a RAM region. Mask the I/O handler to make it happy.
Andreas Färber [Sat, 7 Jan 2012 08:45:14 +0000 (09:45 +0100)]
memory: Fix memory_region_wrong_endianness()
Since commit be675c972088eba210e18dc125613e9f205a6bfb (memory: move
endianness compensation to memory core) it was checking for
TARGET_BIG_ENDIAN instead of TARGET_WORDS_BIGENDIAN, thereby not
swapping correctly for Big Endian targets.
Avi Kivity [Thu, 5 Jan 2012 10:30:31 +0000 (12:30 +0200)]
kvm: fix build error in ppc kvm due to memory_region_init_ram_ptr() change
Commit c5705a772 ("vmstate, memory: decouple vmstate from memory API") changed
the signature of memory_region_init_ram_ptr() but did not update a caller in
the ppc kvm module. Fix.
Aurelien Jarno [Sat, 7 Jan 2012 21:19:14 +0000 (22:19 +0100)]
Merge branch 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm
* 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
arm: add dummy A9-specific cp15 registers
target-arm: Ignore attempts to set invalid modes in CPSR
target-arm: Don't use cpu_single_env in bank_number()
Aurelien Jarno [Sat, 7 Jan 2012 21:01:57 +0000 (22:01 +0100)]
Merge branch 'ppc-next' of git://repo.or.cz/qemu/agraf
* 'ppc-next' of git://repo.or.cz/qemu/agraf:
PPC: Add description for the Freescale e500mc core.
pseries: Check for duplicate addresses on the spapr-vio bus
pseries: Populate "/chosen/linux,stdout-path" in the FDT
pseries: Add a routine to find a stable "default" vty and use it
pseries: Emit device tree nodes in reg order
pseries: FDT NUMA extensions to support multi-node guests
pseries: Remove hcalls callback
kvm-ppc: halt secondary cpus when guest reset
console: Fix segfault on screendump without VGA adapter
PPC: monitor: add ability to dump SLB entries
Stefan Weil [Wed, 4 Jan 2012 21:50:09 +0000 (22:50 +0100)]
sm501: Fix size of color_reg
color_reg is expected to hold 32 bit values, so it was too small.
This bug was reported by coverity:
hw/sm501.c:624:
result_independent_of_operands:
color_reg >> 16 is 0 regardless of the values of its operands.
This occurs as the bitwise first operand of '&'.
projects / qemu.git / log