Eric Johnson [Sat, 10 Nov 2012 03:40:51 +0000 (19:40 -0800)]
target-mips: Fix seg fault for LUI when MIPS_DEBUG_DISAS==1.
The call to gen_logic_imm for OPC_LUI passes -1 for rs. This
causes the MIPS_DEBUG statement to seg fault due to the deference
of regnames[rs]. This patch fixes that.
Signed-off-by: Eric Johnson <[email protected]> Signed-off-by: Aurelien Jarno <[email protected]>
(aurel32: replaced static string formating by a static string)
Catalin Patulea [Mon, 29 Oct 2012 07:45:51 +0000 (03:45 -0400)]
tests/tcg: new test for i386 FPREM and FPREM1
This is setting the stage for a cleanup of FPREM and FPREM1 helpers while being
sure that they behave same as bare metal.
The test constructs operands using combinations of corner cases for the
floating-point bitfields and prints operands, result and FPU status word for
FPREM and FPREM1. The outputs can then be compared between bare metal and QEMU.
The 'run-test-i386-fprem' make target does just that.
Jan Kiszka [Mon, 5 Nov 2012 15:45:56 +0000 (16:45 +0100)]
memory: Reintroduce dirty flag to optimize changes on disabled regions
Cirrus is triggering this, e.g. during Win2k boot: Changes only on
disabled regions require no topology update when transaction depth drops
to 0 again.
BALATON Zoltan [Sun, 4 Nov 2012 17:41:59 +0000 (18:41 +0100)]
vmware_vga: Add back some info in local state partially reverting aa32b38c
Keep saving display surface parameters at init and using these cached
values instead of getting them when needed. Not sure why this is
needed (maybe due to the interaction with the vga device) but not
doing this broke the Xorg vmware driver at least.
Jan Kiszka [Sun, 4 Nov 2012 08:16:55 +0000 (09:16 +0100)]
kvmvapic: Fix TB invalidation after instruction patching
Since 0b57e287, cpu_memory_rw_debug already triggers a TB invalidation.
As it doesn't (and cannot) set is_cpu_write_access=1 but "consumes" the
currently executed TB, the tb_invalidate_phys_page_range call from
patch_instruction didn't work anymore.
Fix this by open-coding the required bits to restore the CPU state from
the current TB position before patching and resume execution on the
patched instruction afterward.
malc [Mon, 5 Nov 2012 17:47:04 +0000 (21:47 +0400)]
tcg/ppc32: Use trampolines to trim the code size for mmu slow path accessors
mmu access looks something like:
<check tlb>
if miss goto slow_path
<fast path>
done:
...
; end of the TB
slow_path:
<pre process>
mr r3, r27 ; move areg0 to r3
; (r3 holds the first argument for all the PPC32 ABIs)
<call mmu_helper>
b $+8
.long done
<post process>
b done
On ppc32 <call mmu_helper> is:
(SysV and Darwin)
mmu_helper is most likely not within direct branching distance from
the call site, necessitating
a. moving 32 bit offset of mmu_helper into a GPR ; 8 bytes
b. moving GPR to CTR/LR ; 4 bytes
c. (finally) branching to CTR/LR ; 4 bytes
(PowerOpen (AIX))
a. moving 32 bit offset of mmu_helper's TOC into a GPR1 ; 8 bytes
b. loading 32 bit function pointer into GPR2 ; 4 bytes
c. moving GPR2 to CTR/LR ; 4 bytes
d. loading 32 bit small area pointer into R2 ; 4 bytes
e. (finally) branching to CTR/LR ; 4 bytes
call - 4 bytes (trampoline is within code gen buffer
and most likely accessible via
direct branch)
embedded retaddr - 4 bytes
Total overhead - 8 bytes
In the end the icache pressure is decreased by 20/28 bytes at the cost
of an extra jump to trampoline and adjusting LR (to skip over embedded
retaddr) once inside.
Blue Swirl [Sat, 3 Nov 2012 18:48:35 +0000 (18:48 +0000)]
target-mips: use ULL for 64 bit constants
Fix build on a 32 bit host:
CC mips-softmmu/target-mips/dsp_helper.o
/src/qemu/target-mips/dsp_helper.c: In function 'helper_dextr_rs_w':
/src/qemu/target-mips/dsp_helper.c:3556: error: integer constant is too large for 'long' type
/src/qemu/target-mips/dsp_helper.c: In function 'helper_extr_s_h':
/src/qemu/target-mips/dsp_helper.c:3656: error: integer constant is too large for 'long' type
BALATON Zoltan [Sat, 3 Nov 2012 11:47:08 +0000 (12:47 +0100)]
vmware_vga: Allow simple drivers to work without using the fifo
Postpone stopping the dirty log to the point where the command fifo is
configured to allow drivers which don't use the fifo to work too.
(Without this the picture rendered into the vram never got to the
screen and the DIRECT_VRAM option meant to support this case was
removed a year ago.)
BALATON Zoltan [Sat, 3 Nov 2012 11:47:08 +0000 (12:47 +0100)]
vmware_vga: Return a value for FB_SIZE before the device is enabled
According to the documentation drivers using this device should read
FB_SIZE before enabling the device to know what memory to map. This
would not work if we return 0 before enabled. The docs also mention
reading SVGA_REG_DEPTH but not writing it. (Only SVGA_REG_BITS_PER_PIXEL
can be written but we don't really support that either.)
Blue Swirl [Sat, 3 Nov 2012 12:55:05 +0000 (12:55 +0000)]
Merge branch 'trivial-patches' of git://github.com/stefanha/qemu
* 'trivial-patches' of git://github.com/stefanha/qemu:
pc: Drop redundant test for ROM memory region
exec: make some functions static
target-ppc: make some functions static
ppc: add missing static
vnc: add missing static
vl.c: add missing static
target-sparc: make do_unaligned_access static
m68k: Return semihosting errno values correctly
cadence_uart: More debug information
Yeongkyoon Lee [Wed, 31 Oct 2012 07:04:25 +0000 (16:04 +0900)]
tcg: Optimize qemu_ld/st by generating slow paths at the end of a block
Add optimized TCG qemu_ld/st generation which locates the code of TLB miss
cases at the end of a block after generating the other IRs.
Currently, this optimization supports only i386 and x86_64 hosts.
Yeongkyoon Lee [Wed, 31 Oct 2012 07:04:24 +0000 (16:04 +0900)]
tcg: Add extended GETPC mechanism for MMU helpers with ldst optimization
Add GETPC_EXT which is used by MMU helpers to selectively calculate the code
address of accessing guest memory when called from a qemu_ld/st optimized code
or a C function. Currently, it supports only i386 and x86-64 hosts.
Peter Maydell [Mon, 29 Oct 2012 12:05:11 +0000 (12:05 +0000)]
target-m68k/m68k-semi.c: Log when put_user for returning values fails
Abstract out the use of put_user for returning semihosting call results,
so that we can log when a guest erroneously attempts a semihosting call
with an unwritable argument block.
Paolo Bonzini [Fri, 2 Nov 2012 14:43:24 +0000 (15:43 +0100)]
vl: delay thread initialization after daemonization
Commit ac4119c (chardev: Use timer instead of bottom-half to postpone
open event, 2012-10-12) moved the alarm timer initialization to an earlier
point but failed to consider that it depends on qemu_init_main_loop.
Later, commit 1c53786 (vl: init main loop earlier, 2012-10-30) fixed
this, but left -daemonize in two different ways. First, timers need to
be reinitialized after forking. Second, the global mutex was being held
by the parent, and thus dropped after forking.
The first is now fixed using pthread_atfork. For the second part,
make sure that the global mutex is not taken before daemonization,
and similarly delay qemu_thread_self.
Anthony Liguori [Fri, 2 Nov 2012 18:06:28 +0000 (13:06 -0500)]
Merge remote-tracking branch 'bonzini/migr-coroutine' into staging
Signed-off-by: Anthony Liguori <[email protected]>
* bonzini/migr-coroutine:
migration: move process_incoming_migration to a coroutine
migration: handle EAGAIN while reading QEMUFile
migration: move qemu_fclose to process_incoming_migration
migration: close socket QEMUFile from socket_close
migration: xxx_close will only be called once
migration: use closesocket, not close
migration: use migrate_fd_close in migrate_fd_cleanup
migration: clean up server sockets and handlers before invoking process_incoming_migration
migration: replace qemu_stdio_fd with qemu_get_fd
migration: add qemu_get_fd
migration: consolidate QEMUFile methods in a single QEMUFileOps struct
migration: unify stdio-based QEMUFile operations
Paolo Bonzini [Tue, 7 Aug 2012 09:07:59 +0000 (11:07 +0200)]
migration: handle EAGAIN while reading QEMUFile
This will never happen right now (the assertion would fail). The
next patch will set the socket or pipe in non-blocking mode, thus
enabling this part of the code.
Coroutines can just stop whenever they want with qemu_coroutine_yield.
As soon as select tells the main loop that the migration stream is
readable, the coroutine is re-entered directly in qemu_get_buffer,
where it will read more data and pass it to the loading routines.
Paolo Bonzini [Thu, 27 Sep 2012 11:25:45 +0000 (13:25 +0200)]
migration: use migrate_fd_close in migrate_fd_cleanup
migrate_fd_cleanup will usually close the file descriptor via
buffered_file_close's call to migrate_fd_close. However, in the case
of s->file == NULL it is "inlining" migrate_fd_close (almost: there is a
direct close() instead of using s->close(s)). To fix the inconsistency
and clean up the code, allow multiple calls to migrate_fd_close and use
the function in migrate_fd_cleanup.
Paolo Bonzini [Fri, 21 Sep 2012 10:04:03 +0000 (12:04 +0200)]
migration: unify stdio-based QEMUFile operations
Now that qemu_fseek does not exist anymore, there is no reason to do
an fseek before fread/fwrite when operating on an stdio file.
Thus, unify the get/put_buffer callbacks used by qemu_fopen
with those used for pipes.
Eduardo Habkost [Fri, 2 Nov 2012 16:25:15 +0000 (14:25 -0200)]
target-i386: cpu: fix --disable-kvm compilation
This fixes the following:
target-i386/cpu.o: In function `kvm_cpu_fill_host':
target-i386/cpu.c:783: undefined reference to `kvm_state'
I didn't notice the problem before because GCC was optimizing the entire
kvm_cpu_fill_host() function out (because all calls are conditional on
kvm_enabled()).
* cpu_x86_fill_model_id() is used only if CONFIG_KVM is set, so #ifdef it
entirely to avoid compiler warnings.
* kvm_cpu_fill_host() should be called only if KVM is enabled, so
use #ifdef CONFIG_KVM around the entire function body.
Anthony Liguori [Thu, 1 Nov 2012 19:34:13 +0000 (14:34 -0500)]
Merge remote-tracking branch 'kraxel/usb.69' into staging
* kraxel/usb.69: (31 commits)
usb-redir: Allow redirecting super speed devices to high speed controllers
usb-redir: Allow to attach USB 2.0 devices to 1.1 host controller
usb-redir: Use reject rather the disconnect on bad ep info
usb-redir: Add an usbredir_setup_usb_eps() helper function
usb-redir: Add support for input pipelining
usb-redir: Add support for 32 bits bulk packet length
combined-packet: Add a workaround for Linux usbfs + live migration
usb: Add packet combining functions
uhci: Don't crash on device disconnect
uhci: Add a uhci_handle_td_error() helper function
usb/ehci-pci: add helper to create ich9 usb controllers
usb/ehci-pci: add ich9 00:1a.* variant
usb/ehci-pci: dynamic type generation
uhci: add ich9 00:1a.* variants
uhci: stick irq routing info into UHCIInfo too.
uhci: dynamic type generation
xilinx_zynq: add USB controllers
usb/ehci: add sysbus variant
usb/ehci: split into multiple source files
usb/ehci: Guard definition of EHCI_DEBUG
...
Anthony Liguori [Thu, 1 Nov 2012 16:13:59 +0000 (11:13 -0500)]
Merge remote-tracking branch 'stefanha/net' into staging
* stefanha/net:
e1000: pre-initialize RAH/RAL registers
net: Reject non-netdevs in qmp_netdev_del()
net: use "socket" model name for UDP sockets
e1000: drop check_rxov, always treat RX ring with RDH == RDT as empty
Anthony Liguori [Thu, 1 Nov 2012 16:12:50 +0000 (11:12 -0500)]
Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
* qemu-kvm/uq/master: (28 commits)
update-linux-headers.sh: Handle new kernel uapi/ directories
target-i386: kvm_cpu_fill_host: use GET_SUPPORTED_CPUID
target-i386: cpu: make -cpu host/check/enforce code KVM-specific
target-i386: make cpu_x86_fill_host() void
Emulate qemu-kvms -no-kvm option
Issue warning when deprecated -tdf option is used
Issue warning when deprecated drive parameter boot=on|off is used
Use global properties to emulate -no-kvm-pit-reinjection
Issue warning when deprecated -no-kvm-pit is used
Use machine options to emulate -no-kvm-irqchip
cirrus_vga: allow configurable vram size
target-i386: Add missing kvm cpuid feature name
i386: cpu: add missing CPUID[EAX=7,ECX=0] flag names
i386: kvm: filter CPUID leaf 7 based on GET_SUPPORTED_CPUID, too
i386: kvm: reformat filter_features_for_kvm() code
i386: kvm: filter CPUID feature words earlier, on cpu.c
i386: kvm: mask cpuid_ext4_features bits earlier
i386: kvm: mask cpuid_kvm_features earlier
i386: kvm: x2apic is not supported without in-kernel irqchip
i386: kvm: set CPUID_EXT_TSC_DEADLINE_TIMER on kvm_arch_get_supported_cpuid()
...
Peter Maydell [Fri, 26 Oct 2012 15:29:38 +0000 (16:29 +0100)]
arm_boot: Change initrd load address to "halfway through RAM"
To avoid continually having to bump the initrd load address
to account for larger kernel images, put the initrd halfway
through RAM. This allows large kernels on new boards with lots
of RAM to work OK, without breaking existing usecases for
boards with only 32MB of RAM.
Note that this change fixes in passing a bug where we were
passing an overly large max_size to load_image_targphys()
for the initrd, which meant that we wouldn't correctly refuse
to load an enormous initrd that didn't actually fit into RAM.
Aurelien Jarno [Thu, 1 Nov 2012 15:42:49 +0000 (16:42 +0100)]
Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf:
pseries: Cleanup duplications of ics_valid_irq() code
pseries: Clean up inconsistent variable name in xics.c
target-ppc: Extend FPU state for newer POWER CPUs
target-ppc: Rework storage of VPA registration state
Revert "PPC: pseries: Remove hack for PIO window"
Aurelien Jarno [Thu, 1 Nov 2012 15:42:29 +0000 (16:42 +0100)]
Merge branch 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm
* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm: (28 commits)
hw/sd.c: add SD card save/load support
vmstate: Add support for saving/loading bitmaps
hw/sd.c: Fix erase for high capacity cards
pflash_cfi01: Fix debug mode printfery
pflash_cfi0x: QOMified
pflash_cfi01: remove unused total_len field
pflash_cfi0x: remove unused base field
hw/versatile_i2c: Use LOG_GUEST_ERROR
hw/arm_l2x0: Use LOG_GUEST_ERROR
hw/arm_sysctl: Use LOG_GUEST_ERROR
hw/armv7m_nvic: Use LOG_GUEST_ERROR and LOG_UNIMP
hw/arm_timer: Use LOG_GUEST_ERROR and LOG_UNIMP
hw/arm_gic: Use LOG_GUEST_ERROR
hw/arm11mpcore: Use LOG_GUEST_ERROR rather than hw_error()
hw/pl190: Use LOG_UNIMP rather than hw_error()
hw/pl110: Use LOG_GUEST_ERROR rather than hw_error()
hw/pl080: Use LOG_GUEST_ERROR and LOG_UNIMP
hw/pl061: Use LOG_GUEST_ERROR
hw/pl050: Use LOG_GUEST_ERROR
hw/exynos4_boards: Don't prematurely explode QEMUMachineInitArgs
...
Jan Kiszka [Wed, 31 Oct 2012 12:47:15 +0000 (13:47 +0100)]
usb-redir: Allow to attach USB 2.0 devices to 1.1 host controller
This follows the logic of host-linux: If a 2.0 device has no ISO
endpoint and no interrupt endpoint with a packet size > 64, we can
attach it also to an 1.1 host controller. In case the redir server does
not report endpoint sizes, play safe and remove the 1.1 compatibility as
well. Moreover, if we detect a conflicting change in the configuration
after the device was already attached, it will be disconnected
immediately.
Hans de Goede [Wed, 31 Oct 2012 12:47:10 +0000 (13:47 +0100)]
combined-packet: Add a workaround for Linux usbfs + live migration
Older versions (anything but the latest) of Linux usbfs + libusb(x),
will submit larger (bulk) transfers split into multiple 16k submissions,
which means that rather then all tds getting linked into the queue in
one atomic operarion they get linked in a bunch at a time, which could
cause problems if:
1) We scan the queue while libusb is in the middle of submitting a split
bulk transfer
2) While this bulk transfer is pending we migrate to another host.
The problem is that after 2, the new host will rescan the queue and
combine the packets in one large transfer, where as 1) has caused the
original host to see them as 2 transfers. This patch fixes this by stopping
combinging if we detect a 16k transfer with its int_req flag set.
This should not adversely effect performance for other cases as:
1) Linux never sets the interrupt flag on packets other then the last
2) Windows does set the in_req flag on each td, but will submit large
transfers in 20k tds thus never triggering the check
Hans de Goede [Wed, 31 Oct 2012 12:47:09 +0000 (13:47 +0100)]
usb: Add packet combining functions
Currently we only do pipelining for output endpoints, since to properly
support short-not-ok semantics we can only have one outstanding input
packet. Since the ehci and uhci controllers have a limited per td packet
size guests will split large input transfers to into multiple packets,
and since we don't pipeline these, this comes with a serious performance
penalty.
This patch adds helper functions to (re-)combine packets which belong to 1
transfer at the guest device-driver level into 1 large transger. This can be
used by (redirection) usb-devices to enable pipelining for input endpoints.
This patch will combine packets together until a transfer terminating packet
is encountered. A terminating packet is a packet which meets one or more of
the following conditions:
1) The packet size is *not* a multiple of the endpoint max packet size
2) The packet does *not* have its short-not-ok flag set
3) The packet has its interrupt-on-complete flag set
The short-not-ok flag of the combined packet is that of the terminating packet.
Multiple combined packets may be submitted to the device, if the combined
packets do not have their short-not-ok flag set, enabling true pipelining.
If a combined packet does have its short-not-ok flag set the queue will
wait with submitting further packets to the device until that packet has
completed.
Once enabled in the usb-redir and ehci code, this improves the speed (MB/s)
of a Linux guest reading from a USB mass storage device by a factor of
1.2 - 1.5.
And the main reason why I started working on this, when reading from a pl2303
USB<->serial converter, it combines the previous 4 packets submitted per
device-driver level read into 1 big read, reducing the number of packets / sec
by a factor 4, and it allows to have multiple reads outstanding. This allows
for much better latency tolerance without the pl2303's internal buffer
overflowing (which was happening at 115200 bps, without serial flow control).
Hans de Goede [Wed, 31 Oct 2012 11:54:37 +0000 (12:54 +0100)]
uhci: Don't crash on device disconnect
My recent uhci cleanup series has introduced a regression, where
qemu sometimes crashes on a device disconnect. The problem is that
the uhci code never checked for a device not / no longer existing, instead
it was relying on usb_handle_packet accepting a NULL device.
But since we now pass usb_handle_packet q->ep->dev, rather then just
a local dev variable, we crash as q->ep == NULL due to the device no longer
existing.
This patch fixes this. Note that this patch also improves over
the old behavior were we would:
1) create a queue for the device
2) create an async for the packet
3) have usb_handle_packet fail
4) destroy the async
5) wait for the queue to be idle for 32 frames
6) destroy the queue
Gerd Hoffmann [Wed, 10 Oct 2012 11:29:43 +0000 (13:29 +0200)]
pixman/vnc: use pixman images in vnc.
The vnc code uses *three* DisplaySurfaces:
First is the surface of the actual QemuConsole, usually the guest
screen, but could also be a text console (monitor/serial reachable via
Ctrl-Alt-<nr> keys). This is left as-is.
Second is the current server's view of the screen content. The vnc code
uses this to figure which parts of the guest screen did _really_ change
to reduce the amount of updates sent to the vnc clients. It is also
used as data source when sending out the updates to the clients. This
surface gets replaced by a pixman image. The format changes too,
instead of using the guest screen format we'll use fixed 32bit rgb
framebuffer and convert the pixels on the fly when comparing and
updating the server framebuffer.
Third surface carries the format expected by the vnc client. That isn't
used to store image data. This surface is switched to PixelFormat and a
boolean for bigendian byte order.
Gerd Hoffmann [Wed, 10 Oct 2012 09:16:26 +0000 (11:16 +0200)]
console: don't set PixelFormat alpha fields for 32bpp
Currently it is inconstent, PixelFormat->amask is left unset whereas
abits and amax and ashift are filled. As an alpha channel doesn't make
sense for the vga framebuffer leave all alpha fields clear.
Surfaces are now allocated using pixman. DisplaySurface gets new
struct fields with pixman image and data. DisplayChangeListeners
can easily start using pixman now.
projects / qemu.git / log