The start of the address space indicates which maximum alignment is
supported by our machine (e.g. ppc, x86 1GB). This is helpful to
catch fragmenting guest physical memory in strange fashions.
Right now we can crash QEMU by e.g. (there might be easier examples)
Sergio Lopez [Tue, 5 Jun 2018 07:54:55 +0000 (03:54 -0400)]
hw/char/serial: Only retry if qemu_chr_fe_write returns 0
Only retry on serial_xmit if qemu_chr_fe_write returns 0, as this is the
only recoverable error.
Retrying with any other scenario, in addition to being a waste of CPU
cycles, can compromise the Guest stability if by the vCPU issuing the
write and the main loop thread are, by chance or explicit pinning,
running on the same pCPU.
chardev: don't splatter terminal settings on exit if not previously set
The stdio chardev finalize method calls term_exit() to restore the
original terminal settings that were saved in the "oldtty" global. If
the qemu_chr_open_stdio() method exited with an error, we might not have
any original terminal settings saved in "oldtty" yet.
eg
$ qemu-system-x86_64 -monitor stdio -daemonize
qemu-system-x86_64: -monitor stdio: cannot use stdio with -daemonize
will cause QEMU to splatter the terminal settings with an all-zeros
"struct termios", with predictably unpleasant results. Fortunately the
existing "stdio_in_use" flag is suitable witness for whether "oldtty"
contains settings that need restoring.
Paolo Bonzini [Wed, 30 May 2018 09:58:36 +0000 (11:58 +0200)]
move public invalidate APIs out of translate-all.{c,h}, clean up
Place them in exec.c, exec-all.h and ram_addr.h. This removes
knowledge of translate-all.h (which is an internal header) from
several files outside accel/tcg and removes knowledge of
AddressSpace from translate-all.c (as it only operates on ram_addr_t).
Eric Auger [Wed, 13 Jun 2018 13:19:06 +0000 (15:19 +0200)]
exec: Fix MAP_RAM for cached access
When an IOMMUMemoryRegion is in front of a virtio device,
address_space_cache_init does not set cache->ptr as the memory
region is not RAM. However when the device performs an access,
we end up in glue() which performs the translation and then uses
MAP_RAM. This latter uses the unset ptr and returns a wrong value
which leads to a SIGSEV in address_space_lduw_internal_cached_slow,
for instance.
In slow path cache->ptr is NULL and MAP_RAM must redirect to
qemu_map_ram_ptr((mr)->ram_block, ofs).
As MAP_RAM, IS_DIRECT and INVALIDATE are the same in _cached_slow
and non cached mode, let's remove those macros.
This fixes the use cases featuring vIOMMU (Intel and ARM SMMU)
which lead to a SIGSEV.
# gpg: Signature made Wed 27 Jun 2018 13:53:53 BST
# gpg: using RSA key F487EF185872D723
# gpg: Good signature from "Juan Quintela <[email protected]>"
# gpg: aka "Juan Quintela <[email protected]>"
# Primary key fingerprint: 1899 FF8E DEBF 58CC EE03 4B82 F487 EF18 5872 D723
* remotes/juanquintela/tags/migration/20180627:
migration: fix crash in when incoming client channel setup fails
postcopy: drop ram_pages parameter from postcopy_ram_incoming_init()
migration: Stop sending whole pages through main channel
migration: Remove not needed semaphore and quit
migration: Wait for blocking IO
migration: Start sending messages
migration: Create ram_save_multifd_page
migration: Create multifd_bytes ram_counter
migration: Synchronize multifd threads with main thread
migration: Add block where to send/receive packets
migration: Multifd channels always wait on the sem
migration: Add multifd traces for start/end thread
migration: Abstract the number of bytes sent
migration: Calculate mbps only during transfer time
migration: Create multifd packet
migration: Create multipage support
Peter Maydell [Thu, 28 Jun 2018 13:31:41 +0000 (14:31 +0100)]
Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-2018-06-27' into staging
MIPS queue
# gpg: Signature made Wed 27 Jun 2018 19:16:23 BST
# gpg: using RSA key D4972A8967F75A65
# gpg: Good signature from "Aleksandar Markovic <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01 DD75 D497 2A89 67F7 5A65
* remotes/amarkovic/tags/mips-queue-2018-06-27:
target/mips: Fix gdbstub to read/write 64 bit FP registers
target/mips: Fix data type for offset
target/mips: Update gen_flt_ldst()
target/mips: Fix microMIPS on reset
target/mips: Raise a RI when given fs is n/a from CTC1
hw/pci-host/xilinx-pcie: don't make "io" region be RAM
hw/mips/mips_malta: don't make bios region 'nomigrate'
hw/mips/boston: don't make flash region 'nomigrate'
MAINTAINERS: update target-mips maintainers
Peter Maydell [Tue, 19 Jun 2018 12:07:30 +0000 (13:07 +0100)]
hw/pci-host/xilinx-pcie: don't make "io" region be RAM
Currently we use memory_region_init_rom_nomigrate() to create
the "io" memory region to pass to pci_register_root_bus().
This is a dummy region, because this PCI controller doesn't
support accesses to PCI IO space.
There is no reason for the dummy region to be a RAM region;
it is only used as a place where PCI BARs can be mapped,
and if you could get a PCI card to do a bus master access
to the IO space it should not get acts-like-RAM behaviour.
Use a simple container memory region instead. (We do have
one PCI card model which can do bus master accesses to IO
space -- the LSI53C895A SCSI adaptor.)
This avoids the oddity of having a memory region which is
RAM but where the RAM is not migrated.
Note that the size of the region we use here has no
effect on behaviour.
Peter Maydell [Mon, 4 Jun 2018 11:03:58 +0000 (12:03 +0100)]
hw/mips/mips_malta: don't make bios region 'nomigrate'
Currently we use memory_region_init_rom_nomigrate() to create
the "bios.1fc" memory region, and we don't manually register
it with vmstate_register_ram(). This currently means that its
contents are migrated but as a ram block whose name is the empty
string; in future it may mean they are not migrated at all. Use
memory_region_init_ram() instead.
Note that this is a a cross-version migration compatibility break
for the "malta" machine.
Peter Maydell [Mon, 4 Jun 2018 11:03:57 +0000 (12:03 +0100)]
hw/mips/boston: don't make flash region 'nomigrate'
Currently we use memory_region_init_rom_nomigrate() to create
the "boston.flash" memory region, and we don't manually register
it with vmstate_register_ram(). This currently means that its
contents are migrated but as a ram block whose name is the empty
string; in future it may mean they are not migrated at all. Use
memory_region_init_ram() instead.
Note that this is a a cross-version migration compatibility break
for the "boston" machine.
Yongbok Kim transfers duties of QEMU for target MIPS maintainer to
myself as he leaves MIPS. Many thanks to Yongbok for his substantial
contributing to QEMU for MIPS over many years and taking care of its
maintainance for almost two years.
This method in turn calls multifd_recv_all_channels_created()
which is hardcoded to always return 'true' when multifd is
not in use. This is a latent bug...
...activated in a following commit where that return result
ends up acting as the flag to indicate whether it is possible
to start processing the migration:
This means that if channel initialization fails with normal
migration, it'll never notice and attempt to start the
incoming migration regardless and crash on a NULL pointer.
This can be seen, for example, if a client connects to a server
requiring TLS, but has an invalid x509 certificate:
qemu-system-x86_64: The certificate hasn't got a known issuer
qemu-system-x86_64: migration/migration.c:386: process_incoming_migration_co: Assertion `mis->from_src_file' failed.
#0 0x00007fffebd24f2b in raise () at /lib64/libc.so.6
#1 0x00007fffebd0f561 in abort () at /lib64/libc.so.6
#2 0x00007fffebd0f431 in _nl_load_domain.cold.0 () at /lib64/libc.so.6
#3 0x00007fffebd1d692 in () at /lib64/libc.so.6
#4 0x0000555555ad027e in process_incoming_migration_co (opaque=<optimized out>) at migration/migration.c:386
#5 0x0000555555c45e8b in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at util/coroutine-ucontext.c:116
#6 0x00007fffebd3a6a0 in __start_context () at /lib64/libc.so.6
#7 0x0000000000000000 in ()
To handle the non-multifd case, we check whether mis->from_src_file
is non-NULL. With this in place, the migration server drops the
rejected client and stays around waiting for another, hopefully
valid, client to arrive.
Juan Quintela [Tue, 17 Apr 2018 22:49:19 +0000 (00:49 +0200)]
migration: Remove not needed semaphore and quit
We know quit with shutdwon in the QIO.
Signed-off-by: Juan Quintela <[email protected]> Reviewed-by: Dr. David Alan Gilbert <[email protected]>
--
Add comment
Use shutdown() instead of unref()
Juan Quintela [Tue, 17 Apr 2018 22:38:17 +0000 (00:38 +0200)]
migration: Wait for blocking IO
We have three conditions here:
- channel fails -> error
- we have to quit: we close the channel and reads fails
- normal read that success, we are in bussiness
So forget the complications of waiting in a semaphore.
Juan Quintela [Fri, 15 Jan 2016 10:40:13 +0000 (11:40 +0100)]
migration: Create ram_save_multifd_page
The function still don't use multifd, but we have simplified
ram_save_page, xbzrle and RDMA stuff is gone. We have added a new
counter.
Signed-off-by: Juan Quintela <[email protected]> Reviewed-by: Dr. David Alan Gilbert <[email protected]>
--
Add last_page parameter
Add commets for done and address
Remove multifd field, it is the same than normal pages
Merge next patch, now we send multiple pages at a time
Remove counter for multifd pages, it is identical to normal pages
Use iovec's instead of creating the equivalent.
Clear memory used by pages (dave)
Use g_new0(danp)
define MULTIFD_CONTINUE
now pages member is a pointer
Fix off-by-one in number of pages in one packet
Remove RAM_SAVE_FLAG_MULTIFD_PAGE
s/multifd_pages_t/MultiFDPages_t/
add comment explaining what it means
Juan Quintela [Wed, 28 Feb 2018 08:10:07 +0000 (09:10 +0100)]
migration: Synchronize multifd threads with main thread
We synchronize all threads each RAM_SAVE_FLAG_EOS. Bitmap
synchronizations don't happen inside a ram section, so we are safe
about two channels trying to overwrite the same memory.
Signed-off-by: Juan Quintela <[email protected]> Reviewed-by: Dr. David Alan Gilbert <[email protected]>
--
seq needs to be atomic now, will also be accessed from main thread.
Fix the if (true || ...) leftover
We are back to non-atomics
Juan Quintela [Tue, 26 Jun 2018 13:38:00 +0000 (15:38 +0200)]
migration: Abstract the number of bytes sent
Right now we use the "position" inside the QEMUFile, but things like
RDMA already do weird things to be able to maintain that counter
right, and multifd will have some similar problems.
Juan Quintela [Wed, 4 Apr 2018 09:26:58 +0000 (11:26 +0200)]
migration: Create multifd packet
We still don't put anything there.
Signed-off-by: Juan Quintela <[email protected]> Reviewed-by: Dr. David Alan Gilbert <[email protected]>
--
fix magic (dave)
check offset/ramblock (dave)
s/seq/packet_num/ and make it 64bit
Stefan Hajnoczi [Thu, 21 Jun 2018 15:02:54 +0000 (16:02 +0100)]
trace: forbid floating point types
Only one existing trace event uses a floating point type. Unfortunately
float and double cannot be supported since SystemTap does not have
floating point types.
Remove float and double from the whitelist and document this limitation.
Update the migrate_transferred trace event to use uint64_t instead of
double.
Emilio G. Cota [Tue, 22 May 2018 22:26:52 +0000 (18:26 -0400)]
trace: enable tracing of TCG atomics
We do not trace guest atomic accesses. Fix it.
Tested with a modified atomic_add-bench so that it executes
a deterministic number of instructions, i.e. fixed seeding,
no threading and fixed number of loop iterations instead
of running for a certain time.
Before:
- With parallel_cpus = false (no clone syscall so it is never set to true):
220070 memory accesses
- With parallel_cpus = true (hard-coded):
212105 memory accesses <-- we're not tracing the atomics!
After:
220070 memory accesses regardless of parallel_cpus.
Emilio G. Cota [Tue, 22 May 2018 22:26:49 +0000 (18:26 -0400)]
trace: simplify trace_mem functions
Add some defines for the mem_info bits, simplify
trace_mem_build_info, and also simplify trace_mem_get_info
by making it a wrapper around trace_mem_build_info.
This paves the way for increasing size_shift by one bit.
Peter Maydell [Tue, 26 Jun 2018 17:23:49 +0000 (18:23 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180626' into staging
target-arm queue:
* aspeed: set APB clocks correctly (fixes slowdown on palmetto)
* smmuv3: cache config data and TLB entries
* v7m/v8m: support read/write from MPU regions smaller than 1K
* various: clean up logging/debug messages
* xilinx_spips: Make dma transactions as per dma_burst_size
* remotes/pmaydell/tags/pull-target-arm-20180626: (32 commits)
aspeed/timer: use the APB frequency from the SCU
aspeed: initialize the SCU controller first
aspeed/scu: introduce clock frequencies
hw/arm/smmuv3: Add notifications on invalidation
hw/arm/smmuv3: IOTLB emulation
hw/arm/smmuv3: Cache/invalidate config data
hw/arm/smmuv3: Fix translate error handling
target/arm: Handle small regions in get_phys_addr_pmsav8()
target/arm: Set page (region) size in get_phys_addr_pmsav7()
tcg: Support MMU protection regions smaller than TARGET_PAGE_SIZE
hw/arm/stellaris: Use HWADDR_PRIx to display register address
hw/arm/stellaris: Fix gptm_write() error message
hw/net/smc91c111: Use qemu_log_mask(UNIMP) instead of fprintf
hw/net/smc91c111: Use qemu_log_mask(GUEST_ERROR) instead of hw_error
hw/net/stellaris_enet: Use qemu_log_mask(GUEST_ERROR) instead of hw_error
hw/net/stellaris_enet: Fix a typo
hw/arm/stellaris: Use qemu_log_mask(UNIMP) instead of fprintf
hw/arm/omap: Use qemu_log_mask(GUEST_ERROR) instead of fprintf
hw/arm/omap1: Use qemu_log_mask(GUEST_ERROR) instead of fprintf
hw/i2c/omap_i2c: Use qemu_log_mask(UNIMP) instead of fprintf
...
Cédric Le Goater [Tue, 26 Jun 2018 16:50:42 +0000 (17:50 +0100)]
aspeed/timer: use the APB frequency from the SCU
The timer controller can be driven by either an external 1MHz clock or
by the APB clock. Today, the model makes the assumption that the APB
frequency is always set to 24MHz but this is incorrect.
The AST2400 SoC on the palmetto machines uses a 48MHz input clock
source and the APB can be set to 48MHz. The consequence is a general
system slowdown. The QEMU machines using the AST2500 SoC do not seem
impacted today because the APB frequency is still set to 24MHz.
We fix the timer frequency for all SoCs by linking the Timer model to
the SCU model. The APB frequency driving the timers is now the one
configured for the SoC.
Cédric Le Goater [Tue, 26 Jun 2018 16:50:42 +0000 (17:50 +0100)]
aspeed/scu: introduce clock frequencies
All Aspeed SoC clocks are driven by an input source clock which can
have different frequencies : 24MHz or 25MHz, and also, on the Aspeed
AST2400 SoC, 48MHz. The H-PLL (CPU) clock is defined from a
calculation using parameters in the H-PLL Parameter register or from a
predefined set of frequencies if the setting is strapped by hardware
(Aspeed AST2400 SoC). The other clocks of the SoC are then defined
from the H-PLL using dividers.
We introduce first the APB clock because it should be used to drive
the Aspeed timer model.
Eric Auger [Tue, 26 Jun 2018 16:50:42 +0000 (17:50 +0100)]
hw/arm/smmuv3: Add notifications on invalidation
On TLB invalidation commands, let's call registered
IOMMU notifiers. Those can only be UNMAP notifiers.
SMMUv3 does not support notification on MAP (VFIO).
This patch allows vhost use case where IOTLB API is notified
on each guest IOTLB invalidation.
Eric Auger [Tue, 26 Jun 2018 16:50:42 +0000 (17:50 +0100)]
hw/arm/smmuv3: IOTLB emulation
We emulate a TLB cache of size SMMU_IOTLB_MAX_SIZE=256.
It is implemented as a hash table whose key is a combination
of the 16b asid and 48b IOVA (Jenkins hash).
Entries are invalidated on TLB invalidation commands, either
globally, or per asid, or per asid/iova.
Eric Auger [Tue, 26 Jun 2018 16:50:42 +0000 (17:50 +0100)]
hw/arm/smmuv3: Cache/invalidate config data
Let's cache config data to avoid fetching and parsing STE/CD
structures on each translation. We invalidate them on data structure
invalidation commands.
We put in place a per-smmu mutex to protect the config cache. This
will be useful too to protect the IOTLB cache. The caches can be
accessed without BQL, ie. in IO dataplane. The same kind of mutex was
put in place in the intel viommu.
Jia He [Tue, 26 Jun 2018 16:50:42 +0000 (17:50 +0100)]
hw/arm/smmuv3: Fix translate error handling
In case the STE's config is "Bypass" we currently don't set the
IOMMUTLBEntry perm flags and the access does not succeed. Also
if the config is 0b0xx (Aborted/Reserved), decode_ste and
smmuv3_decode_config currently returns -EINVAL and we don't enter
the expected code path: we record an event whereas we should not.
This patch fixes those bugs and simplifies the error handling.
decode_ste and smmuv3_decode_config now return 0 if aborted or
bypassed config was found. Only bad config info produces negative
error values. In smmuv3_translate we more clearly differentiate
errors, bypass/smmu disabled, aborted and success cases. Also
trace points are differentiated.
Peter Maydell [Tue, 26 Jun 2018 16:50:42 +0000 (17:50 +0100)]
target/arm: Handle small regions in get_phys_addr_pmsav8()
Allow ARMv8M to handle small MPU and SAU region sizes, by making
get_phys_add_pmsav8() set the page size to the 1 if the MPU or
SAU region covers less than a TARGET_PAGE_SIZE.
We choose to use a size of 1 because it makes no difference to
the core code, and avoids having to track both the base and
limit for SAU and MPU and then convert into an artificially
restricted "page size" that the core code will then ignore.
Since the core TCG code can't handle execution from small
MPU regions, we strip the exec permission from them so that
any execution attempts will cause an MPU exception, rather
than allowing it to end up with a cpu_abort() in
get_page_addr_code().
(The previous code's intention was to make any small page be
treated as having no permissions, but unfortunately errors
in the implementation meant that it didn't behave that way.
It's possible that some binaries using small regions were
accidentally working with our old behaviour and won't now.)
We also retain an existing bug, where we ignored the possibility
that the SAU region might not cover the entire page, in the
case of executable regions. This is necessary because some
currently-working guest code images rely on being able to
execute from addresses which are covered by a page-sized
MPU region but a smaller SAU region. We can remove this
workaround if we ever support execution from small regions.
Peter Maydell [Tue, 26 Jun 2018 16:50:41 +0000 (17:50 +0100)]
target/arm: Set page (region) size in get_phys_addr_pmsav7()
We want to handle small MPU region sizes for ARMv7M. To do this,
make get_phys_addr_pmsav7() set the page size to the region
size if it is less that TARGET_PAGE_SIZE, rather than working
only in TARGET_PAGE_SIZE chunks.
Since the core TCG code con't handle execution from small
MPU regions, we strip the exec permission from them so that
any execution attempts will cause an MPU exception, rather
than allowing it to end up with a cpu_abort() in
get_page_addr_code().
(The previous code's intention was to make any small page be
treated as having no permissions, but unfortunately errors
in the implementation meant that it didn't behave that way.
It's possible that some binaries using small regions were
accidentally working with our old behaviour and won't now.)
Peter Maydell [Tue, 26 Jun 2018 16:50:41 +0000 (17:50 +0100)]
tcg: Support MMU protection regions smaller than TARGET_PAGE_SIZE
Add support for MMU protection regions that are smaller than
TARGET_PAGE_SIZE. We do this by marking the TLB entry for those
pages with a flag TLB_RECHECK. This flag causes us to always
take the slow-path for accesses. In the slow path we can then
special case them to always call tlb_fill() again, so we have
the correct information for the exact address being accessed.
This change allows us to handle reading and writing from small
regions; we cannot deal with execution from the small region.
MAINTAINERS: Adopt the Gumstix computers-on-module machines
These COMs are hard to find, and the companie dropped the support
few years ago.
Per the "Gumstix Product Changes, Known Issues, and EOL" pdf:
- Phasing out: PXA270-based Verdex product line
September 2012
- Phasing out: PXA255-based Basix & Connex
September 2009
However there are still booting SD card image availables, very
convenient to stress test the QEMU SD card implementation.
Therefore I volunteer to keep an eye on this file, while it
is useful for testing.
Cédric Le Goater [Tue, 26 Jun 2018 16:50:39 +0000 (17:50 +0100)]
aspeed/smc: fix dummy cycles count when in dual IO mode
When configured in dual I/O mode, address and data are sent in dual
mode, including the dummy byte cycles in between. Adapt the count to
the IO setting.
* remotes/kraxel/tags/vga-20180626-pull-request:
virtio-gpu-3d: Drop workaround for VIRTIO_GPU_CAPSET_VIRGL2 define
ramfb: fix overflow
vga: set owner for mmio regions
* remotes/kraxel/tags/ui-20180626-pull-request:
sdl2: add checking for NULL
sdl2: fix copypaste issues
Add gles support to egl-helpers, wire up in egl-headless and gtk.
Peter Maydell [Fri, 22 Jun 2018 17:32:49 +0000 (18:32 +0100)]
virtio-gpu-3d: Drop workaround for VIRTIO_GPU_CAPSET_VIRGL2 define
In commit a8bff79e9f27df we added a definition to hw/virtio/virtio-gpu.h
for VIRTIO_GPU_CAPSET_VIRGL2, as a workaround for it not yet being
in the Linux kernel headers. In commit 77d361b13c19 we updated our
kernel headers to a version which does define the macro, so we can
now remove our workaround.
Gerd Hoffmann [Tue, 26 Jun 2018 08:31:19 +0000 (10:31 +0200)]
ramfb: fix overflow
> CID 1393621: (OVERFLOW_BEFORE_WIDEN)
> Potentially overflowing expression "stride * s->height" with type "unsigned
> int" (32 bits, unsigned) is evaluated using +32-bit arithmetic, and then used
> in a context that expects an expression of type "hwaddr" (64 bits, unsigned).
Peter Maydell [Tue, 26 Jun 2018 11:49:24 +0000 (12:49 +0100)]
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging
Machine queue, 2018-06-25
* Don't support --daemonize and --preconfig together
* Deprecate machine types pc-0.10 and pc-0.11
# gpg: Signature made Mon 25 Jun 2018 23:37:59 BST
# gpg: using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <[email protected]>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/machine-next-pull-request:
hw/i386: Deprecate the machine types pc-0.10 and pc-0.11
vl.c: do not allow --daemonize in combination with --preconfig CLI option
Pavel Dovgalyuk [Tue, 26 Jun 2018 06:47:29 +0000 (09:47 +0300)]
sdl2: add checking for NULL
Sometimes SDL2 console can't be retrieved on events and scon variable
becomes NULL. This patch prevents processing of the events when the console
is not available.
Pavel Dovgalyuk [Tue, 26 Jun 2018 06:40:17 +0000 (09:40 +0300)]
sdl2: fix copypaste issues
This patch fixes text and mouse event processing. These functions used
'key' field of the event instead of appropriate 'text', 'motion', 'button',
or 'wheel'.
Gerd Hoffmann [Mon, 18 Jun 2018 11:21:41 +0000 (13:21 +0200)]
Add gles support to egl-helpers, wire up in egl-headless and gtk.
Add support for OpenGL ES to egl-helpers. Wire up the new option for
egl-headless and gtk UIs. egl-headless actually works fine. gtk hits a
not-yet implemented code path in libEGL when trying to use gles mode:
libEGL warning: FIXME: egl/x11 doesn't support front buffer rendering.
Peter Maydell [Tue, 26 Jun 2018 10:10:49 +0000 (11:10 +0100)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging
x86 queue, 2018-06-25
* Add TOPOEXT feature to EPYC CPU model
* AMD's amd-ssbd and amd-no-ssbd CPUID features
* Removed unused CPUID flag names: ospke, osxsave
* Better formatting of '-cpu help'
# gpg: Signature made Mon 25 Jun 2018 23:18:51 BST
# gpg: using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <[email protected]>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-next-pull-request:
i386: Remove generic SMT thread check
i386: Enable TOPOEXT feature on AMD EPYC CPU
i386: Fix up the Node id for CPUID_8000_001E
i386: Allow TOPOEXT to be enabled on older kernels
i386: Define AMD's no SSB mitigation needed.
i386: define the AMD 'amd-ssbd' CPUID feature bit
i386: Remove ospke CPUID flag name
i386: Remove osxsave CPUID flag name
i386: display known CPUID features linewrapped, in alphabetical order
i386: improve sorting of CPU model names
i386: improve alignment of CPU model listing
i386: Add support for CPUID_8000_001E for AMD
Paolo Bonzini [Mon, 25 Jun 2018 20:50:48 +0000 (16:50 -0400)]
ahci: fix FIS I bit and PIO Setup FIS interrupt
The "I" bit in PIO Setup and D2H FISes is exclusively a device concept
and the irqstatus register in the controller does not matter. The SATA
spec says when it should be one; for D2H FISes in practice it is always
set, while the PIO Setup FIS has several subcases that are documented in
the patch.
Also, the PIO Setup FIS interrupt is actually generated _after_ data
has been received.
Someone should probably spend some time reading the SATA specification and
figuring out the more obscure fields in the PIO Setup FIS, but this is enough
to fix SeaBIOS booting from ATAPI CD-ROMs over an AHCI controller.
Thomas Huth [Mon, 25 Jun 2018 09:05:12 +0000 (11:05 +0200)]
hw/i386: Deprecate the machine types pc-0.10 and pc-0.11
The oldest machine type which is still used in a still maintained distro
is a pc-0.12 based machine type in RHEL6, so everything that is older
than pc-0.12 should not be used anymore. Thus let's deprecate pc-0.10
and pc-0.11 so that we can finally remove them in a future release.
Igor Mammedov [Wed, 20 Jun 2018 13:24:19 +0000 (15:24 +0200)]
vl.c: do not allow --daemonize in combination with --preconfig CLI option
some users when using --daemonize expect that QEMU will parse CLI options,
initialize VM and only then complete daemonzation by signalling lead
process to exit and start listening on monitor socket. So users treat
parent process exit as sync point to connect to QEMU's monitor.
That however doesn't work when --preconfig options is used, since it
provides monitor before completing daemonization and expects user to
issue exit-preconfig command when additional configuration via monitor
is finished. We also can't move completing daemonization before
preconfig monitor becomes available, since that would imply:
* partially loosing ability to configure QEMU instance in --preconfig
mode since QEMU might drop privileges, chroot and do other things
when daemonization is completed
* lead to loss of error messages in case they would happen after
daemonization
Be proactive now and make options mutually exclusive, so users would
get clear error message instead of waiting for lead process exit
indefinitely before connecting to monitor.
PS:
In case someone would come up with usecase where both options should
be enabled at the same time we could drop this restriction as far
as daemonization point is left where it is now (os_setup_post).
* remotes/kraxel/tags/audio-20180625-pull-request:
audio: Convert use of atoi to qemu_strtoi
audio/hda: enable new timer code by default.
audio/hda: detect output buffer overruns
audio/hda: tweak timer adjust logic
audio/hda: turn some dprintfs into trace points
audio/hda: create millisecond timers that handle IO
Gerd Hoffmann [Fri, 22 Jun 2018 11:11:59 +0000 (13:11 +0200)]
audio/hda: detect output buffer overruns
If some event caused some larger playback hickup the fine-grained timer
adjust isn't able to recover. Use a buffer overruns as indicator for
that. Reset timer adjust logic in case we detected one.
Gerd Hoffmann [Fri, 22 Jun 2018 11:11:58 +0000 (13:11 +0200)]
audio/hda: tweak timer adjust logic
We have some jitter in the audio timer call frequency and buffer sizes.
So it is rather pointless trying to be very exact, effect is a constant
up+down adjustment. So adjust only in case we are off too much.
Gerd Hoffmann [Fri, 22 Jun 2018 11:11:56 +0000 (13:11 +0200)]
audio/hda: create millisecond timers that handle IO
Currently, the HDA device tries to sync itself with the QEMU audio
backend by waiting for the guest driver to handle buffer completion
interrupts. This causes the backend to often read too much data from the
device, as well as running out of data whenever the guest takes too long
to handle the interrupt.
According to the HDA specification, the guest is also not required to
use interrupts, but can also sync itself by polling the LPIB registers.
This patch will introduce high frequency (1000Hz) timers that interface
with the device and allow for much smoother emulation of the LPIB
registers. Since the timing is now provided by these timers, the need
to wait for buffer completion interrupts also ceases.
[ kraxel: keep old code for compatibility with older qemu versions,
add property to switch code paths at runtime ]
[ kraxel: new code is disabled by default, use-timer=on enables it ]
projects / qemu.git / log