Peter Maydell [Mon, 23 Jun 2014 17:26:58 +0000 (18:26 +0100)]
Merge remote-tracking branch 'remotes/rth/tcg-ppc-merge-1' into staging
* remotes/rth/tcg-ppc-merge-1: (25 commits)
tcg-ppc: Use the return address as a base pointer
tcg-ppc: Merge cache-utils into the backend
qemu/osdep: Remove the need for qemu_init_auxval
tcg-ppc: Rename the tcg/ppc64 backend
tcg-ppc: Remove the backend
tcg-ppc64: Merge ppc32 shifts
tcg-ppc64: Support mulsh_i32
tcg-ppc64: Merge ppc32 register usage
tcg-ppc64: Merge ppc32 qemu_ld/st
tcg-ppc64: Merge ppc32 brcond2, setcond2, muluh
tcg-ppc64: Begin merging ppc32 with ppc64
tcg-ppc64: Fix sub2 implementation
tcg-ppc64: Merge 32-bit ABIs into the prologue / frame code
tcg-ppc64: Adjust tcg_out_call for ELFv2
tcg-ppc64: Support the ppc64 elfv2 ABI
tcg-ppc64: Use the correct test in tcg_out_call
tcg-ppc64: Better parameterize the stack frame
tcg-ppc64: Fix TCG_TARGET_CALL_STACK_OFFSET
tcg-ppc64: Move call macros out of tcg-target.h
tcg-ppc64: Make TCG_AREG0 and TCG_REG_CALL_STACK enum constants
...
Peter Maydell [Mon, 23 Jun 2014 16:47:28 +0000 (17:47 +0100)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20140623-2' into staging
A couple of s390-ccw bios bugfixes: Fix booting for some bootmaps and get
the devices to a sane state before running the guest.
# gpg: Signature made Mon 23 Jun 2014 13:22:32 BST using RSA key ID C6F02FAF
# gpg: Can't check signature: public key not found
* remotes/cohuck/tags/s390x-20140623-2:
pc-bios/s390-ccw: update s390-ccw.img binary
pc-bios/s390-ccw: fix for fragmented SCSI bootmap
pc-bios/s390-ccw: do a subsystem reset before running the guest
pc-bios/s390-ccw: virtio_load_direct() can't load max number of sectors
This can significantly reduce code size for generation of (some)
64-bit constants. With the side effect that we know for a fact
that exit_tb can use the register to good effect.
As a "utility", it only supported ppc, and in a way that other
tcg backends provided directly in tcg-target.h. Removing this
disparity is easier now that the two ppc backends are merged.
Instead of getting backup auxv data from the env pointer given to main,
read it from /proc/self/auxv. We can do this at any time, so we're not
tied to any ordering wrt a call to qemu_init_auxval from main.
The new ELFv2 ABI, used by default on powerpc64le-linux hosts,
introduced some changes that are incompatible with code currently
generated by the ppc64 TGC target. In particular, we no longer
use function descriptors.
This patch adds support for the ELFv2 ABI in the ppc64 TGC
function call and function prologue sequences.
The calling convention reserves space for the 8 register parameters on
the stack, so using only 6*8=48 as the offset was wrong. We never saw
this bug because we don't have any helpers with more than 5 parameters.
We need to interpret the last entry of the bootmap with zero
block count as "continuation pointer".
The "last entry" is being detected by pre-filling of the scratch
space with known values and respective look-ahead.
pc-bios/s390-ccw: do a subsystem reset before running the guest
The loader BIOS has already activated several devices. Let's do a
subsystem reset before jumping into the guest. As there is no direct
way of doing so, we use diagnose 308 to bring the system in a
defined state. This is similar to what kdump on s390 uses. We have
to define a small trampoline function that restores the low bytes
to whatever the bootmap has written there.
pc-bios/s390-ccw: virtio_load_direct() can't load max number of sectors
The number of sectors to read is given by the last 16 bit of rec_list2.
1 is added in order to get to the real number of sectors to read (0x0000
-> read 1 block). For now, the maximum number (0xffff) led to 0 sectors
being read.
This fixes a bug where a large initrd (62MB) could not be ipled anymore.
Peter Maydell [Mon, 23 Jun 2014 11:55:22 +0000 (12:55 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Block pull request
# gpg: Signature made Mon 23 Jun 2014 09:53:49 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <[email protected]>"
# gpg: aka "Stefan Hajnoczi <[email protected]>"
* remotes/stefanha/tags/block-pull-request:
block: asynchronously stop the VM on I/O errors
vl: allow other threads to do qemu_system_vmstop_request
sheepdog: fix NULL dereference in sd_create
QemuOpts: check NULL opts in qemu_opt_get functions
block: m25p80: Support read only bdrvs.
block: m25p80: sync_page(): Deindent function body.
console: move chardev declarations to sysemu/char.h
move generic chardev APIs to sysemu/char.h, to make them available to
callers which can not depend on the whole of ui/console.h.
This fixes a build error on systems without pixman-devel:
./configure --disable-tools --disable-docs --target-list=arm-linux-user
...
pixman none
...
make
...
In file included from
/data/home/nchip/linaro/qemu/include/ui/console.h:4:0,
from /data/home/nchip/linaro/qemu/stubs/vc-init.c:2:
/data/home/nchip/linaro/qemu/include/ui/qemu-pixman.h:14:20: fatal
error: pixman.h: No such file or directory
#include <pixman.h>
^
compilation terminated.
Paolo Bonzini [Thu, 5 Jun 2014 12:53:59 +0000 (14:53 +0200)]
block: asynchronously stop the VM on I/O errors
With virtio-blk dataplane, I/O errors might occur while QEMU is
not in the main I/O thread. However, it's invalid to call vm_stop
when we're neither in a VCPU thread nor in the main I/O thread,
even if we were to take the iothread mutex around it.
To avoid this problem, we can raise a request to the main I/O thread,
similar to what QEMU does when vm_stop is called from a CPU thread.
We know that bdrv_error_action is called from an AIO callback, and
the moment at which the callback will fire is not well-defined; it
depends on the moment at which the disk or OS finishes the operation,
which can happen at any time. Note that QEMU is certainly not in a CPU
thread and we do not need to call cpu_stop_current() like vm_stop() does.
However, we need to ensure that any action taken by management will
result in correct detection of the error _and_ a running VM. In particular:
- the event must be raised after the iostatus has been set, so that
"info block" will return an iostatus that matches the event.
- the VM must be stopped after the iostatus has been set, so that
"info block" will return an iostatus that matches the runstate.
The ordering between the STOP and BLOCK_IO_ERROR events is preserved;
BLOCK_IO_ERROR is documented to come first.
This makes bdrv_error_action() thread safe (assuming QMP events are,
which is attacked by a separate series).
Paolo Bonzini [Thu, 5 Jun 2014 12:53:58 +0000 (14:53 +0200)]
vl: allow other threads to do qemu_system_vmstop_request
There patch protects vmstop_requested with a lock and introduces
qemu_system_vmstop_request_prepare.
Together with the new call to qemu_vmstop_requested in vm_start,
qemu_system_vmstop_request_prepare avoids a race where the VM could remain
stopped even though the iostatus of a block device has already been set
(for example).
qemu_system_vmstop_request_prepare however also lets the caller thread
delay observation of the state change until it has itself communicated
that change to the user. This delay avoids any possibility of a wrong
reordering of the BLOCK_IO_ERROR event and the subsequent STOP event.
Chunyan Liu [Wed, 18 Jun 2014 02:47:26 +0000 (10:47 +0800)]
QemuOpts: check NULL opts in qemu_opt_get functions
Some places will call bdrv_create_file(filename, NULL, &local_err), where
opts is NULL. Check NULL in qemu_opt_get and qemu_opt_get_*_del functions,
to avoid extra effort of checking opts before calling them every time.
By just never doing write-backs. This is completely invisible to the
guest, as the entire storage area is implemented as device state (at
realize time the entire drive is read in).
block: m25p80: sync_page(): Deindent function body.
sync_page() was conditionalizing it's whole fn body on the bdrv being
non-null. Just return for the function immediately on NULL brdv and
get rid of the big if.
Makes implementation consistent with flash_zynq_area().
Stefan Weil [Mon, 9 Jun 2014 14:19:29 +0000 (16:19 +0200)]
apb: Fix out-of-bounds array write access
The array regs is declared with IOMMU_NREGS (3) elements and accessed
using IOMMU_CTRL (0) and IOMMU_BASE (8). In most cases, those values
are right shifted before being used as an index which results in indices
0 and 1. In one case, this right shift was missing for IOMMU_BASE which
results in an out-of-bounds write access with index 8.
The patch adds the missing shift operation also for IOMMU_CTRL where
it is needed only for cosmetic reasons.
Aurelien Jarno [Thu, 29 May 2014 13:50:17 +0000 (15:50 +0200)]
target-mips: copy CP0_Config1 into DisasContext
In order to avoid access to the CPUMIPSState structure in the
translator, keep a copy of CP0_Config1 into DisasContext. The whole
register is read-only so it can be copied as a single value.
Peter Maydell [Fri, 20 Jun 2014 18:25:17 +0000 (19:25 +0100)]
Merge remote-tracking branch 'remotes/kvm/uq/master' into staging
* remotes/kvm/uq/master:
hw/mips: malta: Don't boot from flash with KVM T&E
MAINTAINERS: Add entry for MIPS KVM
target-mips: Enable KVM support in build system
hw/mips: malta: Add KVM support
hw/mips: In KVM mode, inject IRQ2 (I/O) interrupts via ioctls
target-mips: Call kvm_mips_reset_vcpu() from mips_cpu_reset()
target-mips: kvm: Add main KVM support for MIPS
kvm: Allow arch to set sigmask length
target-mips: get_physical_address: Add KVM awareness
target-mips: get_physical_address: Add defines for segment bases
hw/mips: Add API to convert KVM guest KSEG0 <-> GPA
hw/mips/cputimer: Don't start periodic timer in KVM mode
target-mips: Reset CPU timer consistently
KVM: Fix GSI number space limit
Peter Maydell [Fri, 20 Jun 2014 17:01:24 +0000 (18:01 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc,pci,virtio,hotplug fixes, enhancements
numa work by Hu Tao and others
memory hotplug by Igor
vhost-user by Nikolay, Antonios and others
guest virtio announcements by Jason
qtest fixes by Sergey
qdev hotplug fixes by Paolo
misc other fixes mostly by myself
Signed-off-by: Michael S. Tsirkin <[email protected]>
* remotes/mst/tags/for_upstream: (109 commits)
numa: use RAM_ADDR_FMT with ram_addr_t
qapi/string-output-visitor: fix bugs
tests: simplify code
qapi: fix input visitor bugs
acpi: rephrase comment
qmp: add ACPI_DEVICE_OST event handling
qmp: add query-acpi-ospm-status command
acpi: implement ospm_status() method for PIIX4/ICH9_LPC devices
acpi: introduce TYPE_ACPI_DEVICE_IF interface
qmp: add query-memory-devices command
numa: handle mmaped memory allocation failure correctly
pc: acpi: do not hardcode preprocessor
qmp: clean out whitespace
qdev: recursively unrealize devices when unrealizing bus
qdev: reorganize error reporting in bus_set_realized
qapi: fix build on glib < 2.28
qapi: make string output visitor parse int list
qapi: make string input visitor parse int list
tests: fix memory leak in test of string input visitor
hmp: add info memdev
...
Conflicts:
include/hw/i386/pc.h
[PMM: fixed minor conflict in pc.h] Signed-off-by: Peter Maydell <[email protected]>
Peter Maydell [Fri, 20 Jun 2014 16:41:09 +0000 (17:41 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140619' into staging
target-arm:
* Support PSCI 0.2 when using KVM
* fix AIRCR reset value for v7M CPUs
* report correct size information for pflash_cfi01
* minor coverity fixes
* avoid warnings on Windows builds due to #define clash
* implement TTBCR PD0/PD1 bits
# gpg: Signature made Thu 19 Jun 2014 18:35:06 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <[email protected]>"
* remotes/pmaydell/tags/pull-target-arm-20140619:
armv7m_nvic: fix AIRCR implementation
Use PSCI v0.2 compatible string when KVM or TCG provides it
target-arm: Introduce per-CPU field for PSCI version
target-arm: Implement kvm_arch_reset_vcpu() for KVM ARM64
target-arm: Enable KVM_ARM_VCPU_PSCI_0_2 feature when possible
target-arm: Common kvm_arm_vcpu_init() for KVM ARM and KVM ARM64
kvm: Handle exit reason KVM_EXIT_SYSTEM_EVENT
hw/block/pflash_cfi01: Report correct size info for parallel configs
hw/arm/vexpress: Forbid specifying flash contents in two ways at once
target-arm/translate-a64.c: Fix dead ?: in handle_simd_shift_fpint_conv()
target-arm/translate-a64.c: Remove dead ?: in disas_simd_3same_int()
target-arm: Add ULL suffix to calculation of page size
hw/arm/spitz: Avoid clash with Windows header symbol MOD_SHIFT
target-arm: implement PD0/PD1 bits for TTBCR
Peter Maydell [Fri, 20 Jun 2014 15:57:28 +0000 (16:57 +0100)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20140619-1' into staging
vnc: cleanups and fixes
# gpg: Signature made Thu 19 Jun 2014 12:02:09 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <[email protected]>"
# gpg: aka "Gerd Hoffmann <[email protected]>"
# gpg: aka "Gerd Hoffmann (private) <[email protected]>"
* remotes/kraxel/tags/pull-vnc-20140619-1:
vnc: fix screen updates
vnc: Drop superfluous conditionals around g_strdup()
vnc: Drop superfluous conditionals around g_free()
James Hogan [Fri, 20 Jun 2014 11:47:59 +0000 (12:47 +0100)]
hw/mips: malta: Don't boot from flash with KVM T&E
In KVM trap & emulate (T&E) mode the flash reset region at 0xbfc00000
isn't executable, which is why the minimal kernel bootloader is loaded
and executed from the last 1MB of DRAM instead.
Therefore if no kernel is provided on the command line and KVM is
enabled, exit with an error since booting from flash will fail.
target-arm: Introduce per-CPU field for PSCI version
We require to know the PSCI version available to given CPU at
potentially many places. Currently, we need to know PSCI version
when generating DTB for virt machine.
This patch introduce per-CPU 32bit field representing the PSCI
version available to the CPU. The encoding of this 32bit field
is same as described in PSCI v0.2 spec.
target-arm: Implement kvm_arch_reset_vcpu() for KVM ARM64
To implement kvm_arch_reset_vcpu(), we simply re-init the VCPU
using kvm_arm_vcpu_init() so that all registers of VCPU are set
to their reset values by in-kernel KVM code.
target-arm: Enable KVM_ARM_VCPU_PSCI_0_2 feature when possible
Latest linux kernel supports in-kernel emulation of PSCI v0.2 but
to enable it we need to select KVM_ARM_VCPU_PSCI_0_2 feature using
KVM_ARM_VCPU_INIT ioctl.
Also, we can use KVM_ARM_VCPU_PSCI_0_2 feature for VCPU only when
linux kernel has KVM_CAP_ARM_PSCI_0_2 capability.
This patch updates kvm_arch_init_vcpu() to enable KVM_ARM_VCPU_PSCI_0_2
feature for VCPU when KVM ARM/ARM64 has KVM_CAP_ARM_PSCI_0_2 capability.
target-arm: Common kvm_arm_vcpu_init() for KVM ARM and KVM ARM64
Introduce a common kvm_arm_vcpu_init() for doing KVM_ARM_VCPU_INIT
ioctl in KVM ARM and KVM ARM64. This also helps us factor-out few
common code lines from kvm_arch_init_vcpu() for KVM ARM/ARM64.
Peter Maydell [Thu, 19 Jun 2014 17:06:25 +0000 (18:06 +0100)]
hw/block/pflash_cfi01: Report correct size info for parallel configs
If the flash device is configured with a device-width which is
not equal to the bank-width, indicating that it is actually several
narrow flash devices in parallel, the CFI table should report the
number of blocks and the size of a single device, not of the whole
combined setup. This stops Linux from complaining:
"NOR chip too large to fit in mapping. Attempting to cope..."
As usual, we retain the old broken but backwards compatible behaviour
when the device-width is not specified.
Peter Maydell [Thu, 19 Jun 2014 17:06:25 +0000 (18:06 +0100)]
hw/arm/vexpress: Forbid specifying flash contents in two ways at once
Detect attempts by the user to specify the contents of the first flash
device via both -bios and -drive if=pflash... simultaneously and
print a helpful error message.
Peter Maydell [Thu, 19 Jun 2014 17:06:25 +0000 (18:06 +0100)]
target-arm/translate-a64.c: Fix dead ?: in handle_simd_shift_fpint_conv()
In handle_simd_shift_fpint_conv(), the combination of is_double == true,
is_scalar == false and is_q == false is an unallocated encoding; the
'both parts false' case of the nested ?: expression for calculating
maxpass is therefore unreachable and can be removed.
Peter Maydell [Thu, 19 Jun 2014 17:06:24 +0000 (18:06 +0100)]
target-arm/translate-a64.c: Remove dead ?: in disas_simd_3same_int()
In disas_simd_3same_int(), none of the instructions permit is_q
to be false with size == 3 (this would be a vector operation with
a one-element vector, and the instruction set encodes those as
scalar operations). Replace the always-true ?: check with an
assert.
Peter Maydell [Thu, 19 Jun 2014 17:06:24 +0000 (18:06 +0100)]
target-arm: Add ULL suffix to calculation of page size
The maximum block size for AArch64 address translation is 2GB. This means
that we need a ULL suffix on our shift to avoid shifting into the sign
bit of a signed 32 bit integer.
Fabian Aggeler [Thu, 19 Jun 2014 17:06:24 +0000 (18:06 +0100)]
target-arm: implement PD0/PD1 bits for TTBCR
Corrected handling of writes to TTBCR for ARMv8 (previously UNK/SBZP
bits are not RES0) and ARMv7 (new bits PD0/PD1 for CPUs with Security
Extensions).
Bits PD0/PD1 are now respected in get_phys_addr_v6/v5() and
get_level1_table_address.
commit 4407ab055be995e64633322a78e64dfa376dc534
vl.c: extend -m option to support options for memory hotplug
prints ram_addr_t with u64 format, this is wrong for
some systems, in particular w32.
print ram_addr_t with RAM_ADDR_FMT to fix build on w32.
because we forgot to pass 'true' as the human parameter on one of the
two calls to format_string.
Also, this is a worsening of quality; previously we would produce
16 (0x10)
to make it obvious which number was hex.
Fix these issues.
Igor Mammedov [Mon, 16 Jun 2014 17:12:26 +0000 (19:12 +0200)]
acpi: introduce TYPE_ACPI_DEVICE_IF interface
... it will be used to abstract generic ACPI bits from
device that implements ACPI interface.
ACPIOSTInfo type is used for passing-through raw _OST
event/status codes reported by guest OS to a management
layer. It lets management tools interpret values
as specified by ACPI spec if it is interested in it.
QEMU doesn't encode these values as enum, since it
doesn't need to handle them and it allows interface
to scale well without any changes in QEMU while guest
OS and management evolves in time.
when memory_region_init_ram_from_file() fails
memory_region_size() will still return size that was
provided at region init time.
Instead use errp to properly detect error condition.
Paolo Bonzini [Wed, 11 Jun 2014 12:52:09 +0000 (14:52 +0200)]
qdev: recursively unrealize devices when unrealizing bus
When the patch was posted that became 5c21ce7 (qdev: Realize buses
on device realization, 2014-03-12), it included recursive realization
and unrealization of devices when the bus's "realized" property
was toggled.
However, due to the same old worries about recursive realization
and prerequisites not being realized yet, those hunks were dropped when
committing the patch. Unfortunately, this causes a use-after-free bug
(easily reproduced by a PCI hot-unplug action).
Before the patch, device_unparent behaved as follows:
for each child bus
unparent bus ----------------------------.
| for each child device |
| unparent device ---------------. |
| | unrealize device | |
| | call dc->unparent | |
| '------------------------------- |
'----------------------------------------'
unrealize device
After the patch, it behaves as follows instead:
unrealize device --------------------.
| for each child bus |
| unrealize bus (A) |
'------------------------------------'
for each child bus
unparent bus ----------------------.
| for each child device |
| unrealize device (B) |
| call dc->unparent |
'----------------------------------'
At the step marked (B) the device might use data from the bus that is
not available anymore due to step (A).
To fix this, we need to unrealize devices before step (A). To sidestep
concerns about recursive realization, only do recursive unrealization
and leave the "value && !bus->realized" case as it is.
The resulting flow is:
for each child bus
unrealize bus ---------------------.
| for each child device |
| unrealize device (B) |
| call bc->unrealize (A) |
'----------------------------------'
unrealize device
for each child bus
unparent bus ----------------------.
| for each child device |
| unparent device |
'----------------------------------'
where everything is "powered down" before it is unassembled.
The following commits:
qapi: make string output visitor parse int list
qapi: make string input visitor parse int list
break with glib < 2.28 since they use the
new g_list_free_full function.
Paolo Bonzini [Tue, 10 Jun 2014 11:15:23 +0000 (19:15 +0800)]
hostmem: allow preallocation of any memory region
And allow preallocation of file-based memory even without -mem-prealloc.
Some care is necessary because -mem-prealloc does not allow disabling
preallocation for hostmem-file.
Paolo Bonzini [Wed, 14 May 2014 09:43:20 +0000 (17:43 +0800)]
memory: add error propagation to file-based RAM allocation
Right now, -mem-path will fall back to RAM-based allocation in some
cases. This should never happen with "-object memory-file", prepare
the code by adding correct error propagation.
Paolo Bonzini [Wed, 14 May 2014 09:43:19 +0000 (17:43 +0800)]
memory: move mem_path handling to memory_region_allocate_system_memory
Like the previous patch did in exec.c, split memory_region_init_ram and
memory_region_init_ram_from_file, and push mem_path one step further up.
Other RAM regions than system memory will now be backed by regular RAM.
Also, boards that do not use memory_region_allocate_system_memory will
not support -mem-path anymore. This can be changed before the patches
are merged by migrating boards to use the function.
projects / qemu.git / log