Thomas Huth [Tue, 17 Dec 2013 13:22:08 +0000 (14:22 +0100)]
s390x/kvm: Simplified the calculation of the SIGP order code
We've already got a helper function for calculating the
base/displacement of RS formatted instructions, so we can
get rid of the manual calculation of the SIGP order code.
Cornelia Huck [Tue, 17 Dec 2013 17:27:33 +0000 (18:27 +0100)]
s390x/kvm: Fix diagnose handling.
The instruction intercept handler for diagnose used only the displacement
when trying to calculate the function code. This is only correct for base
0, however; we need to perform a complete base/displacement address
calculation and use bits 48-63 as the function code.
I checked all qemu_opts_parse() invocations (and all drive_def()
invocations too, because it blindly forwards the former's retval). Only
the two above examples look problematic.
Anthony Liguori [Mon, 16 Dec 2013 17:44:13 +0000 (09:44 -0800)]
Merge remote-tracking branch 'spice/tags/pull-spice-1' into staging
Collection of little cleanups anf bugfixes.
nbd patches in preparation of spice-nbd.
# gpg: Signature made Mon 16 Dec 2013 01:27:45 AM PST using RSA key ID D3E87138
# gpg: Can't check signature: public key not found
# By Marc-André Lureau (12) and Gerd Hoffmann (4)
# Via Gerd Hoffmann
* spice/tags/pull-spice-1:
spice: stop server for qxl hard reset
spice: move spice_server_vm_{start,stop} calls into qemu_spice_display_*()
spice: move qemu_spice_display_*() from spice-graphics to spice-core
nbd: avoid uninitialized warnings
nbd: finish any pending coroutine
nbd: make nbd_client_session_close() idempotent
nbd: pass export name as init argument
nbd: don't change socket block during negotiate
Split nbd block client code
spice-char: implement chardev port event
char: add qemu_chr_fe_event()
include: add missing config-host.h include
qmp_change_blockdev() remove unused has_format
spice-char: remove unused field
vscclient: do not add a socket watch if there is not data to send
spice: flip streaming video mode to off by default
Anthony Liguori [Mon, 16 Dec 2013 17:43:27 +0000 (09:43 -0800)]
Merge remote-tracking branch 'kwolf/tags/for-anthony' into staging
Block patches
# gpg: Signature made Fri 13 Dec 2013 09:47:03 AM PST using RSA key ID C88F2FD6
# gpg: Can't check signature: public key not found
# By Peter Lieven (2) and others
# Via Kevin Wolf
* kwolf/tags/for-anthony:
blkdebug: Use QLIST_FOREACH_SAFE to resume IO
qemu-img: make progress output more accurate during convert
block: expect get_block_status errors in bdrv_make_zero
block/vvfat: Fix compiler warnings for OpenBSD
qapi-schema.json: Change 1.8 reference to 2.0
sheepdog: check if '-o redundancy' is passed from user
Gerd Hoffmann [Mon, 9 Dec 2013 15:03:49 +0000 (16:03 +0100)]
spice: stop server for qxl hard reset
Hard reset can happen at any time. We should be able to put qxl into a
known-good state no matter what. Stop spice server thread for reset so
it can't be confused by fetching stale commands lingering around in the
rings while we reset is ongoing.
Gerd Hoffmann [Mon, 2 Dec 2013 10:17:04 +0000 (11:17 +0100)]
spice: flip streaming video mode to off by default
Video streaming detection heuristics in spice-server have problems
keeping modern desktop animations (as done by gnome shell) and real
video playback apart. This leads to jpeg compression artefacts on
your desktop, due to spice using mjpeg to send what it thinks is
a video stream.
Turn off video detection by default to avoid these artifacts.
Anthony Liguori [Fri, 13 Dec 2013 19:10:19 +0000 (11:10 -0800)]
Merge remote-tracking branch 'mst/tags/for_anthony' into staging
acpi.pci,pc,memory core fixes
Most notably this includes changes to exec to support
full 64 bit addresses.
This also flushes out patches that got queued during 1.7 freeze.
There are new tests, and a bunch of bug fixes all over the place.
There are also some changes mostly useful for downstreams.
I'm also listing myself as pc co-maintainer. I'm doing this reluctantly,
but this seems to be necessary to make sure patches are not lost or delayed too
much, and posting the MAINTAINERS patch did not seem to make anyone else
volunteer.
Signed-off-by: Michael S. Tsirkin <[email protected]>
# gpg: Signature made Wed 11 Dec 2013 10:21:51 AM PST using RSA key ID D28D5469
# gpg: Can't check signature: public key not found
# By Michael S. Tsirkin (14) and others
# Via Michael S. Tsirkin
* mst/tags/for_anthony: (28 commits)
pc: use macro for HPET type
hpet: fix build with CONFIG_HPET off
acpi unit-test: adjust the test data structure for better handling
acpi unit-test: load and check facs table
exec: separate sections and nodes per address space
memory.c: bugfix - ref counting mismatch in memory_region_find
hpet: enable to entitle more irq pins for hpet
hpet: inverse polarity when pin above ISA_NUM_IRQS
pci: fix pci bridge fw path
ACPI DSDT: Make control method `IQCR` serialized
acpi: strip compiler info in built-in DSDT
acpi unit-test: verify signature and checksum
smbios: Set system manufacturer, product & version by default
exec: reduce L2_PAGE_SIZE
exec: make address spaces 64-bit wide
exec: memory radix tree page level compression
exec: pass hw address to phys_page_find
exec: extend skip field to 6 bit, page entry to 32 bit
exec: replace leaf with skip
split definitions for exec.c and translate-all.c radix trees
...
Anthony Liguori [Fri, 13 Dec 2013 19:10:02 +0000 (11:10 -0800)]
Merge remote-tracking branch 'bonzini/scsi-next' into staging
# By Paolo Bonzini (4) and Peter Lieven (1)
# Via Paolo Bonzini
* bonzini/scsi-next:
help: add id suboption to -iscsi
scsi-disk: fix WRITE SAME with large non-zero payload
block/iscsi: introduce bdrv_co_{readv, writev, flush_to_disk}
scsi-disk: fix VERIFY emulation
scsi-bus: fix transfer length and direction for VERIFY command
Peter Lieven [Thu, 5 Dec 2013 14:54:53 +0000 (15:54 +0100)]
qemu-img: make progress output more accurate during convert
the progress output is very bumpy if the input images contains
a significant portion of unallocated sectors. This patch
checks how much sectors are allocated a priori if progress
output is selected.
Peter Lieven [Thu, 12 Dec 2013 12:57:05 +0000 (13:57 +0100)]
block: expect get_block_status errors in bdrv_make_zero
during testing around with 4k LUNs a bad target implementation
triggert an -EIO in iscsi_get_block_status, but it got never caught
resulting in an infinite loop.
Stefan Weil [Wed, 11 Dec 2013 20:37:11 +0000 (21:37 +0100)]
block/vvfat: Fix compiler warnings for OpenBSD
The buildbot shows these compiler warnings:
block/vvfat.c: In function 'create_short_and_long_name':
block/vvfat.c:620: warning: array size (8) smaller than bound length (11)
block/vvfat.c:620: warning: array size (8) smaller than bound length (11)
block/vvfat.c:635: warning: array size (8) smaller than bound length (11)
block/vvfat.c:635: warning: array size (8) smaller than bound length (11)
They are caused by tricky code where 8 characters for the name are followed
by 3 characters for the extension, and some operations touch both name and
extension.
Using an 11 character name which includes the extension fixes the compiler
warning, satisfies cppcheck, valgrind and maybe other static and dynamic
code checkers, and even simplifies some parts of the code.
exec: separate sections and nodes per address space
Every address space has its own nodes and sections, but
it uses the same global arrays of nodes/section.
This limits the number of devices that can be attached
to the guest to 20-30 devices. It happens because:
- The sections array is limited to 2^12 entries.
- The main memory has at least 100 sections.
- Each device address space is actually an alias to
main memory, multiplying its number of nodes/sections.
Remove the limitation by using separate arrays of
nodes and sections for each address space.
Liu Ping Fan [Sun, 8 Dec 2013 09:38:17 +0000 (17:38 +0800)]
hpet: enable to entitle more irq pins for hpet
Owning to some different hardware design, piix and q35 need
different compat. So making them diverge.
On q35, IRQ2/8 can be reserved for hpet timer 0/1. And pin 16~23
can be assigned to hpet as guest chooses. So we introduce intcap
property to do that.
Consider the compat and piix/q35, we finally have the following
value for intcap: For piix, hpet's intcap is hard coded as IRQ2.
For pc-q35-1.7 and earlier, we use IRQ2 for compat reason. Otherwise
IRQ2, IRQ8, and IRQ16~23 are allowed.
Liu Ping Fan [Sun, 8 Dec 2013 09:38:16 +0000 (17:38 +0800)]
hpet: inverse polarity when pin above ISA_NUM_IRQS
According to hpet spec, hpet irq is high active. But according to
ICH spec, there is inversion before the input of ioapic. So the OS
will expect low active on this IRQ line. (On bare metal, if OS driver
claims high active on this line, spurious irq is generated)
We fold the emulation of this inversion inside the hpet logic.
Gerd Hoffmann [Fri, 6 Dec 2013 11:24:40 +0000 (12:24 +0100)]
pci: fix pci bridge fw path
qemu uses "pci" as name for pci bridges in the firmware device path.
seabios expects "pci-bridge". Result is that bootorder is broken for
devices behind pci bridges.
Some googling suggests that "pci-bridge" is the correct one. At least
PPC-based Apple machines are using this. See question "How do I boot
from a device attached to a PCI card" here:
http://www.netbsd.org/ports/macppc/faq.html
Anthony Liguori [Wed, 11 Dec 2013 00:14:20 +0000 (16:14 -0800)]
Merge remote-tracking branch 'stefanha/net-next' into staging
# By Vincenzo Maffione (2) and others
# Via Stefan Hajnoczi
* stefanha/net-next:
net: Update netdev peer on link change
virtio-net: don't update mac_table in error state
MAINTAINERS: Add netmap maintainers
net: Adding netmap network backend
Anthony Liguori [Wed, 11 Dec 2013 00:13:32 +0000 (16:13 -0800)]
Merge remote-tracking branch 'pmaydell/tags/pull-target-arm-20131210' into staging
target-arm queue:
* support REFCNT register on integrator/cp board
* implement the A9MP's global timer
* add the 'virt' platform
* support '-cpu host' on KVM/ARM
* Cadence GEM ethernet device bugfixes
* Implement 32-bit ARMv8 VSEL, VMAXNM, VMINNM
* fix TTBCR write masking
* update 32 bit decoder to use new qemu_ld/st TCG opcodes
# gpg: Signature made Tue 10 Dec 2013 06:22:01 AM PST using RSA key ID 14360CDE
# gpg: Can't check signature: public key not found
# By Peter Crosthwaite (16) and others
# Via Peter Maydell
* pmaydell/tags/pull-target-arm-20131210: (37 commits)
target-arm: fix TTBCR write masking
target-arm: Use new qemu_ld/st opcodes
target-arm: Implement ARMv8 SIMD VMAXNM and VMINNM instructions.
target-arm: Implement ARMv8 FP VMAXNM and VMINNM instructions.
softfloat: Add minNum() and maxNum() functions to softfloat.
softfloat: Remove unused argument from MINMAX macro.
target-arm: Implement ARMv8 VSEL instruction.
target-arm: Move call to disas_vfp_insn out of disas_coproc_insn.
net/cadence_gem: Don't rx packets when no rx buffer available
net/cadence_gem: Improve can_receive debug printfery
net/cadence_gem: Fix register w1c logic
net/cadence_gem: Fix small packet FCS stripping
net/cadence_gem: Fix rx multi-fragment packets
net/cadence_gem: Add missing VMSTATE_END_OF_LIST
net/cadence_gem: Implement SAR (de)activation
net/cadence_gem: Implement SAR match bit in rx desc
net/cadence_gem: Implement RX descriptor match mode flags
net/cadence_gem: Prefetch rx descriptors ASAP
net/cadence_gem: simplify rx buf descriptor walking
net/cadence_gem: Don't assert against 0 buffer address
...
Anthony Liguori [Wed, 11 Dec 2013 00:11:21 +0000 (16:11 -0800)]
Merge remote-tracking branch 'kraxel/tags/pull-audio-1' into staging
Change audio wakeup rate from 250 Hz to 100 Hz.
Emulation bugfixes for intel-hda and adlib.
# gpg: Signature made Mon 09 Dec 2013 06:04:16 AM PST using RSA key ID D3E87138
# gpg: Can't check signature: public key not found
# By Gerd Hoffmann (2) and others
# Via Gerd Hoffmann
* kraxel/tags/pull-audio-1:
intel-hda: fix position buffer
adlib: fix patching of port I/O addresses
audio: adjust pulse to 100Hz wakeup rate
audio: Lower default wakeup rate to 100 times / second
We previously allocated 32-bits per temp for the next_free_temp entry.
We now allocate 4 bits per temp across the 4 bitmaps.
Using a linked list meant that if a translator is tweeked, resulting in
temps being freed in a different order, that would have follow-on effects
throughout the TB. Always allocating the lowest free temp means that
follow-on effects are minimized, which can make it easier to diff output
when debugging the translators.
Sergey Fedorov [Tue, 10 Dec 2013 06:41:49 +0000 (10:41 +0400)]
target-arm: fix TTBCR write masking
Current implementation is not accurate according to ARMv7-AR reference
manual. See "B4.1.153 TTBCR, Translation Table Base Control Register,
VMSA | TTBCR format when using the Long-descriptor translation table
format". When LPAE feature is supported, EAE, bit[31] selects
translation descriptor format and, therefore, TTBCR format.
Will Newton [Fri, 6 Dec 2013 17:01:41 +0000 (17:01 +0000)]
softfloat: Add minNum() and maxNum() functions to softfloat.
Add floatnn_minnum() and floatnn_maxnum() functions which are equivalent
to the minNum() and maxNum() functions from IEEE 754-2008. They are
similar to min() and max() but differ in the handling of QNaN arguments.
Currently this just floods indicating that can_receive has been called
by the net framework. Instead, save the result of the most recent
can_receive callback as state and only print a message if the result
changes (indicating some sort of actual state change in GEM). Make said
debug message more meaningful as well.
This write-1-clear logic was incorrect. It was always clearing w1c
bits regardless of whether the written value was 1 or not. i.e. it
was implementing a write-anything-to-clear strategy.
Bytes_to_copy was being updated before its final use where it
advances the rx buffer pointer. This was causing total mayhem,
where packet data for any subsequent fragments was being fetched
from the wrong place.
The Specific address registers can be enabled or disabled by software.
QEMU was assuming they were always enabled. Implement the
disable/enable feature. SARs are disabled by writing to the lower half
register. They are re-enabled by then writing the upper half.
The real hardware prefetches rx buffer descriptors ASAP and
potentially throws relevant interrupts following the fetch
even in the absence of a received packet.
There was a replication of the rx descriptor address walking logic.
Reorder the flow control to remove. This refactoring also obsoletes
the local variables packet_desc_addr and last_desc_addr.
Peter Maydell [Fri, 22 Nov 2013 17:17:16 +0000 (17:17 +0000)]
target-arm: Don't hardcode KVM target CPU to be A15
Instead of assuming that a KVM target CPU must always be a
Cortex-A15 and hardcoding this in kvm_arch_init_vcpu(),
store the KVM_ARM_TARGET_* value in the ARMCPU class,
and use that.
Peter Maydell [Fri, 22 Nov 2013 17:17:14 +0000 (17:17 +0000)]
hw/arm: Add 'virt' platform
Add 'virt' platform support corresponding to arch/arm/mach-virt
in the Linux kernel tree. This has no platform-specific code but
can use any device whose kernel driver is is able to work purely
from a device tree node. We use this to instantiate a minimal
set of devices: a GIC and some virtio-mmio transports.
Signed-off-by: John Rigby <[email protected]> Reviewed-by: Christoffer Dall <[email protected]>
Message-id: 1385140638[email protected]
[PMM:
Significantly overhauled:
* renamed user-facing machine to just "virt"
* removed the A9 support (it can't work since the A9 has no
generic timers)
* added virtio-mmio transports instead of random set of 'soc' devices
(though we retain a pl011 UART)
* instead of updating io_base as we step through adding devices,
define a memory map with an array (similar to vexpress)
* similarly, define irqmap with an array
* folded in some minor fixes from John's aarch64-support patch
* rather than explicitly doing endian-swapping on FDT cells,
use fdt APIs that let us just pass in host-endian values
and let the fdt layer take care of the swapping
* miscellaneous minor code cleanups and style fixes
] Signed-off-by: Peter Maydell <[email protected]>
Peter Maydell [Fri, 22 Nov 2013 17:17:13 +0000 (17:17 +0000)]
target-arm: Allow secondary KVM CPUs to be booted via PSCI
New ARM boards are generally expected to boot their secondary CPUs
via the PSCI interface, rather than ad-hoc "loop around in holding
pen code" as hw/arm/boot.c implements. In particular this is
necessary for mach-virt kernels. For KVM we achieve this by creating
the VCPUs with a feature flag marking them as starting in PSCI
powered-down state; the guest kernel will then make a PSCI call
(implemented in the host kernel) to start the secondaries at
an address of its choosing once it has got the primary CPU up.
Implement this setting of the feature flag, controlled by a
qdev property for ARMCPU, which board code can set if it is a
PSCI system.
Peter Maydell [Fri, 22 Nov 2013 17:17:12 +0000 (17:17 +0000)]
target-arm: Add ARMCPU field for Linux device-tree 'compatible' string
Linux requires device tree CPU nodes to include a 'compatible'
string describing the CPU. Add a field in the ARMCPU struct for
this so that boards which construct a device tree can insert
the correct CPU nodes.
Note that there is currently no officially specified 'compatible'
string for the TI925T, Cortex-M3 or SA1110 CPUs.
Peter Maydell [Fri, 22 Nov 2013 17:17:11 +0000 (17:17 +0000)]
target-arm: Provide PSCI constants to generic QEMU code
Provide versions of the KVM PSCI constants to non-KVM code;
this will allow us to avoid an ifdef in boards which set up
a PSCI node in the device tree.
Peter Maydell [Fri, 22 Nov 2013 17:17:09 +0000 (17:17 +0000)]
device_tree.c: Terminate the empty reservemap in create_device_tree()
Device trees created with create_device_tree() may not have any
entries in their reservemap, because the FDT API requires that the
reservemap is completed before any FDT nodes are added, and
create_device_tree() itself creates a node. However we were not
calling fdt_finish_reservemap(), which meant that there was no
terminator in the reservemap list and whatever happened to be at the
start of the FDT data section would end up being interpreted as
reservemap entries. Avoid this by calling fdt_finish_reservemap()
to add the terminator.
Peter Maydell [Fri, 22 Nov 2013 17:17:08 +0000 (17:17 +0000)]
target-arm: Provide mechanism for getting KVM constants even if not CONFIG_KVM
There are a number of places where it would be convenient for ARM
code to have working definitions of KVM constants even in code
which is compiled with CONFIG_KVM not set. In this situation we
can't simply include the kernel KVM headers (which might conflict
with host header definitions or not even compile on the compiler
we're using) so we have to redefine equivalent constants.
Provide a mechanism for doing this and checking that the values
match, and use it for the constants we're currently exposing
via an ad-hoc mechanism.
The ARM A9 MPCore has a timer that is global to all cores in the cluster.
The timer is shared but each core has a private independent comparator
and interrupt.
Based on version contributed by Francois LEGAL.
Signed-off-by: François LEGAL <[email protected]>
Message-id: 4918e89476b8da916be2964ec41578b50d569a37.1385969450[email protected]
[PC changes:
* New commit message
* Re-implemented as single timer model
* Fixed backwards counting issue in polled mode
* completed VMSD fields
* macroified magic numbers (and headerified reg definitions)
* split of as device-model-only patch
* use bitops for 64 bit register access
* Fixed auto increment mode to check condition properly
* general cleanup (names/style etc).
] Signed-off-by: Peter Crosthwaite <[email protected]>
[PMM:
* minor typo fixes
* added missing return after error_setg()
* dropped setting dc->no_user = 1
] Signed-off-by: Peter Maydell <[email protected]>
To make it consistent for easier code reading. The order in which
variables are defined and functions are called is set to match the
address map ordering.
After changing the parameter from `NotSerialized` to `Serialized`, the
remark is indeed gone and there is no size change.
The remark was added in ACPICA version 20130517 [1] and gives the
following explanation.
If a thread blocks within the method for any reason, and another thread
enters the method, the method will fail because an attempt will be
made to create the same (named) object twice.
In this case, issue a remark that the method should be marked
serialized. ACPICA BZ 909.
IASL stores it's revision in each table header it generates.
That's not nice since guests will see a change each time they move
between hypervisors. We generally fill our own info for tables, but we
(and seabios) forgot to do this for the built-in DSDT.
smbios: Set system manufacturer, product & version by default
Currently, we get SeaBIOS defaults: manufacturer Bochs, product Bochs,
no version. Best SeaBIOS can do, but we can provide better defaults:
manufacturer QEMU, product & version taken from QEMUMachine desc and
name.
Take care to do this only for new machine types, of course.
Note: Michael Tsirkin doesn't trust us to keep values of QEMUMachine member
product stable in the future. Use copies instead, and in a way that
makes it obvious that they're guest ABI.
Note that we can be trusted to keep values of member name, because
that has always been ABI.
Paolo Bonzini [Thu, 7 Nov 2013 16:14:37 +0000 (17:14 +0100)]
exec: make address spaces 64-bit wide
As an alternative to commit 818f86b (exec: limit system memory
size, 2013-11-04) let's just make all address spaces 64-bit wide.
This eliminates problems with phys_page_find ignoring bits above
TARGET_PHYS_ADDR_SPACE_BITS and address_space_translate_internal
consequently messing up the computations.
In Luiz's reported crash, at startup gdb attempts to read from address
0xffffffffffffffe6 to 0xffffffffffffffff inclusive. The region it gets
is the newly introduced master abort region, which is as big as the PCI
address space (see pci_bus_init). Due to a typo that's only 2^63-1,
not 2^64. But we get it anyway because phys_page_find ignores the upper
bits of the physical address. In address_space_translate_internal then
At the moment, memory radix tree is already variable width, but it can
only skip the low bits of address.
This is efficient if we have huge memory regions but inefficient if we
are only using a tiny portion of the address space.
After we have built up the map, detect
configurations where a single L2 entry is valid.
We then speed up the lookup by skipping one or more levels.
In case any levels were skipped, we might end up in a valid section
instead of erroring out. We handle this by checking that
the address is in range of the resulting section.
exec: extend skip field to 6 bit, page entry to 32 bit
Extend skip to 6 bit. As page entry doesn't fit in 16 bit
any longer anyway, extend it to 32 bit.
This doubles node map memory requirements, but follow-up
patches will save this memory.
Paolo Bonzini [Thu, 7 Nov 2013 16:14:36 +0000 (17:14 +0100)]
split definitions for exec.c and translate-all.c radix trees
The exec.c and translate-all.c radix trees are quite different, and
the exec.c one in particular is not limited to the CPU---it can be
used also by devices that do DMA, and in that case the address space
is not limited to TARGET_PHYS_ADDR_SPACE_BITS bits.
We want to make exec.c's radix trees 64-bit wide. As a first step,
stop sharing the constants between exec.c and translate-all.c.
exec.c gets P_L2_* constants, translate-all.c gets V_L2_*, for
consistency with the existing V_L1_* symbols. Though actually
in the softmmu case translate-all.c is also indexed by physical
addresses...
It doesn't make sense for a region to be INT64_MAX in size:
memory core uses UINT64_MAX as a special value meaning
"all 64 bit" this is what was meant here.
While this should never affect the spapr system which at the moment always
has < 63 bit size, this makes us hit all kind of corner case bugs with
sub-pages, so users are probably better off if we just use UINT64_MAX
instead.
projects / qemu.git / log