Paolo Bonzini [Mon, 23 Feb 2015 16:18:00 +0000 (11:18 -0500)]
ide: commonize io_buffer_index initialization
Resetting the io_buffer_index to 0 is commonized,
with the exception of the case within ide_atapi_cmd_reply,
where we need to reset this index to 0 prior to the
ide_atapi_cmd_reply_end call.
Note that not all calls to ide_atapi_cmd_reply_end
expect the index to be 0, so setting it there is
not appropriate.
Paolo Bonzini [Mon, 23 Feb 2015 16:17:59 +0000 (11:17 -0500)]
ide: migrate initial request state via IDEBus
This only breaks backwards migration compatibility if the bus is in
an error state. It is in principle possible to avoid this by making
two subsections (one for version 1, and one for version 2, but with
the same name) with different "_needed" callbacks. The v1 callback would
return true if error_status != 0 and the bus is PATA; the v2 callback
would return true if error_status != 0 and the bus is AHCI.
Paolo Bonzini [Mon, 23 Feb 2015 16:17:55 +0000 (11:17 -0500)]
ide: move restart callback to common code
With BMDMA specific excised from the restart functions,
create a HBA-agnostic restart callback to be shared
between the different HBAs.
Change the callback registered with the vmstate_change
handler to always point to ide_restart_cb instead of
relying on the IDEDMAOps.restart_cb() member.
Paolo Bonzini [Mon, 23 Feb 2015 16:17:52 +0000 (11:17 -0500)]
ide: introduce ide_register_restart_cb
A helper is added that registers the IDEDMAOp .restart_cb()
via qemu_add_vm_change_state_handler instead of requiring
each HBA to register the callback themselves.
Paolo Bonzini [Mon, 23 Feb 2015 16:17:51 +0000 (11:17 -0500)]
ide: prepare to move restart to common code
This patch adds the restart_dma callback and adjusts
the ide_restart_dma function to utilize this callback
to call the BMDMA-specific restart code instead of statically
executing BMDMA-specific code.
BlockConf: Call backend functions to detect geometry and blocksizes
geometry: hd_geometry_guess function autodetects the drive geometry.
This patch adds a block backend call, that probes the backing device
geometry. If the inner driver method is implemented and succeeds
(currently only for DASDs), the blkconf_geometry will pass-through
the backing device geometry. Otherwise will fallback to old logic.
blocksize: This patch initializes blocksize properties to 0.
In order to set the property a blkconf_blocksizes was introduced.
If user didn't set physical or logical blocksize, it will
retrieve its value from a driver (only succeeds for DASD), otherwise
it will set default 512 value.
The blkconf_blocksizes call was added to all users of BlkConf.
block: Add driver methods to probe blocksizes and geometry
Introduce driver methods of defining disk blocksizes (physical and
logical) and hard drive geometry.
Methods are only implemented for "host_device". For "raw" devices
driver calls child's method.
For now geometry detection will only work for DASD devices. To check
that a local check_for_dasd function was introduced. It calls BIODASDINFO2
ioctl and returns its rc.
Blocksizes detection function will probe sizes for DASD devices.
John Snow [Fri, 6 Feb 2015 21:26:17 +0000 (16:26 -0500)]
blkdebug: fix "once" rule
Background:
The blkdebug scripts are currently engineered so that when a debug
event occurs, a prefilter browses a master list of parsed rules for a
certain event and adds them to an "active list" of rules to be used for
the forthcoming action, provided the events and state numbers match.
Then, once the request is received, the last active rule is used to
inject an error if certain parameters match.
This active list is cleared every time the prefilter injects a new
rule for the first time during a debug event.
The "once" rule currently causes the error injection, if it is
triggered, to only clear the active list. This is insufficient for
preventing future injections of the same rule.
Remedy:
This patch /deletes/ the rule from the list that the prefilter
browses, so it is gone for good. In V2, we remove only the rule of
interest from the active list instead of allowing the "once" rule to
clear the entire list of active rules.
Impact:
This affects iotests 026. Several ENOSPC tests that used "once" can
be seen to have output that shows multiple failure messages. After
this patch, the error messages tend to be smaller and less severe, but
the injection can still be seen to be working. I have patched the
expected output to expect the smaller error messages.
Max Reitz [Wed, 18 Feb 2015 22:40:48 +0000 (17:40 -0500)]
iotests: Prepare for refcount_bits option
Some tests do not work well with certain refcount widths (i.e. you
cannot create internal snapshots with refcount_bits=1), so make those
widths unsupported.
Furthermore, add another filter to _filter_img_create in common.filter
which filters out the refcount_bits value.
This is necessary for test 079, which does actually work with any
refcount width, but invoking qemu-img directly leads to the
refcount_bits value being visible in the output; use _make_test_img
instead which will filter it out.
Max Reitz [Wed, 18 Feb 2015 22:40:47 +0000 (17:40 -0500)]
qcow2: Use symbolic macros in qcow2_amend_options
qcow2_amend_options() should not compare options against some inline
strings but rather use the symbolic macros available for each of the
creation options.
Max Reitz [Wed, 18 Feb 2015 22:40:46 +0000 (17:40 -0500)]
qcow2: refcount_order parameter for qcow2_create2
Add a refcount_order parameter to qcow2_create2(), use that value for
the image header and for calculating the size required for
preallocation.
For now, always pass 4.
This addition requires changes to the calculation of the file size for
the "full" and "falloc" preallocation modes. That in turn is a nice
opportunity to add a comment about that calculation not necessarily
being exact (and that being intentional).
Max Reitz [Tue, 10 Feb 2015 20:28:52 +0000 (15:28 -0500)]
qcow2: Open images with refcount order != 4
No longer refuse to open images with a different refcount entry width
than 16 bits; only reject images with a refcount width larger than 64
bits (which is prohibited by the specification).
Max Reitz [Tue, 10 Feb 2015 20:28:51 +0000 (15:28 -0500)]
qcow2: More helpers for refcount modification
Add helper functions for getting and setting refcounts in a refcount
array for any possible refcount order, and choose the correct one during
refcount initialization.
Max Reitz [Tue, 10 Feb 2015 20:28:50 +0000 (15:28 -0500)]
qcow2: Helper function for refcount modification
Since refcounts do not always have to be a uint16_t, all refcount blocks
and arrays in memory should not have a specific type (thus they become
pointers to void) and for accessing them, two helper functions are used
(a getter and a setter). Those functions are called indirectly through
function pointers in the BDRVQcowState so they may later be exchanged
for different refcount orders.
With the check and repair functions using this function, the refcount
array they are creating will be in big endian byte order; additionally,
using realloc_refcount_array() makes the size of this refcount array
always cluster-aligned. Both combined allow rebuild_refcount_structure()
to drop the bounce buffer which was used to convert parts of the
refcount array to big endian byte order and store them on disk. Instead,
those parts can now be written directly.
[ kwolf: Fixed a build failure on 32 bit and another with old glib ]
Max Reitz [Tue, 10 Feb 2015 20:28:49 +0000 (15:28 -0500)]
qcow2: Helper for refcount array reallocation
Add a helper function for reallocating a refcount array, independent of
the refcount order. The newly allocated space is zeroed and the function
handles failed reallocations gracefully.
The helper function will always align the buffer size to a cluster
boundary; if storing the refcounts in such an array in big endian byte
order, this makes it possible to write parts of the array directly as
refcount blocks into the image file.
Max Reitz [Tue, 10 Feb 2015 20:28:47 +0000 (15:28 -0500)]
qcow2: Use unsigned addend for update_refcount()
update_refcount() and qcow2_update_cluster_refcount() currently take a
signed addend. At least one caller passes a value directly derived from
an absolute refcount that should be reached ("l2_refcount - 1" in
expand_zero_clusters_in_l1()). Therefore, the addend should be unsigned
as well; this will be especially important for 64 bit refcounts.
Because update_refcount() then no longer knows whether the refcount
should be increased or decreased, it now requires an additional flag
which specified exactly that. The same applies to
qcow2_update_cluster_refcount().
Max Reitz [Tue, 10 Feb 2015 20:28:46 +0000 (15:28 -0500)]
qcow2: Only return status from qcow2_get_refcount
Refcounts can theoretically be of type uint64_t; in order to be able to
represent the full range, qcow2_get_refcount() cannot use a single
variable to represent both all refcount values and also keep some values
reserved for errors.
One solution would be to add an Error pointer parameter to
qcow2_get_refcount(); however, no caller could (currently) pass that
error message, so it would have to be emitted immediately and be
passed to the next caller by returning -EIO or something similar.
Therefore, an Error parameter does not offer any advantages here.
The solution applied by this patch is simpler to use. Because no caller
would be able to pass the error message, they would have to print it and
free it, whereas with this patch the caller only needs to pass the
returned integer (which is often a no-op from the code perspective,
because that integer will be stored in a variable "ret" which will be
returned by the fail path of many callers).
Max Reitz [Tue, 10 Feb 2015 20:28:45 +0000 (15:28 -0500)]
qcow2: Do not return new value after refcount update
qcow2_update_cluster_refcount() does not have any quick access to the
new refcount value, it has to call qcow2_get_refcount(). Some callers do
not need that new value at all, others call qcow2_get_refcount()
themselves anyway (albeit in a different code path, which can however be
easily changed), therefore there is no advantage in making
qcow2_update_cluster_refcount() return the new value. Drop it.
Max Reitz [Tue, 10 Feb 2015 20:28:44 +0000 (15:28 -0500)]
qcow2: Add refcount_bits to format-specific info
Add the bit width of every refcount entry to the format-specific
information.
In contrast to lazy_refcounts and the corrupt flag, this should be
always emitted, even for compat=0.10 although it does not support any
refcount width other than 16 bits. This is because if a boolean is
optional, one normally assumes it to be false when omitted; but if an
integer is not specified, it is rather difficult to guess its value.
This new field breaks some test outputs, fix them.
Marc Marí [Tue, 24 Feb 2015 21:21:54 +0000 (22:21 +0100)]
libqos: Add malloc generic
This malloc is a basic interface implementation that works for any platform.
It should be replaced in the future for a real malloc implementation for each
of the platforms.
This variable is used only when on of the following macros are defined
CONFIG_XFS, CONFIG_FALLOCATE, CONFIG_FALLOCATE_PUNCH_HOLE or
CONFIG_FALLOCATE_ZERO_RANGE. Fortunately, CONFIG_FALLOCATE_PUNCH_HOLE
and CONFIG_FALLOCATE_ZERO_RANGE could be defined only along with
CONFIG_FALLOCATE. Therefore checking for CONFIG_XFS or CONFIG_FALLOCATE
would be enough.
Kevin Wolf [Wed, 11 Feb 2015 14:56:01 +0000 (15:56 +0100)]
vpc: Implement bdrv_co_get_block_status()
This implements bdrv_co_get_block_status() for VHD images. This can
significantly speed up qemu-img convert operation because only with this
function implemented sparseness can be considered. (Before, converting a
1 TB empty image took several minutes for me, now it's instantaneous.)
Kevin Wolf [Wed, 11 Feb 2015 16:19:57 +0000 (17:19 +0100)]
vpc: Fix size in fixed image creation
If total_sectors is rounded to match the geometry, total_size needs to
be changed as well. Otherwise we end up with an image whose geometry
describes a disk larger than the image file, which doesn't end well.
Kevin Wolf [Tue, 10 Feb 2015 10:31:52 +0000 (11:31 +0100)]
coroutine: Clean up qemu_coroutine_enter()
qemu_coroutine_enter() is now the only user of coroutine_swap(). Both
functions are short, so inline it.
Also, using COROUTINE_YIELD is now even more confusing because this code
is never called during qemu_coroutine_yield() any more. In fact, this
value is never read back, so we can just introduce a new COROUTINE_ENTER
which documents the purpose of the task switch better.
Kevin Wolf [Tue, 10 Feb 2015 10:17:53 +0000 (11:17 +0100)]
coroutine: Fix use after free with qemu_coroutine_yield()
Instead of using the same function for entering and exiting coroutines,
and hoping that it doesn't add any functionality that hurts with the
parameters used for exiting, we can just directly call into the real
task switch in qemu_coroutine_switch().
This fixes a use-after-free scenario where reentering a coroutine that
has yielded still accesses the old parent coroutine (which may have
meanwhile terminated) in the part of coroutine_swap() that follows
qemu_coroutine_switch().
# gpg: Signature made Sat Mar 7 12:35:05 2015 GMT using RSA key ID F83FA044
# gpg: Good signature from "Max Filippov <[email protected]>"
# gpg: aka "Max Filippov <[email protected]>"
* remotes/xtensa/tags/20150307-xtensa:
target-xtensa: xtfpga: fix ml605 flash size
target-xtensa: implement do_unassigned_access callback
hw/xtensa: allow reads/writes in the system I/O region
Peter Maydell [Sun, 8 Mar 2015 12:47:13 +0000 (12:47 +0000)]
Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
* remotes/qmp-unstable/queue/qmp:
docs: add memory-hotplug.txt
qemu-options.hx: improve -m description
virtio-balloon: Add some trace events
virtio-balloon: Fix balloon not working correctly when hotplug memory
pc-dimm: add a function to calculate VM's current RAM size
Peter Maydell [Sun, 8 Mar 2015 09:47:55 +0000 (09:47 +0000)]
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20150304-1' into staging
misc spice/qxl fixes.
# gpg: Signature made Wed Mar 4 13:57:42 2015 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <[email protected]>"
# gpg: aka "Gerd Hoffmann <[email protected]>"
# gpg: aka "Gerd Hoffmann (private) <[email protected]>"
* remotes/spice/tags/pull-spice-20150304-1:
hmp: info spice: take out webdav
hmp: info spice: Show string channel name
qxl: drop update_displaychangelistener call for secondary qxl devices
vga: refactor vram_size clamping and rounding
qxl: refactor rounding up to a nearest power of 2
spice: fix invalid memory access to vga.vram
qxl: document minimal video memory for new modes
Peter Maydell [Sun, 8 Mar 2015 06:43:32 +0000 (06:43 +0000)]
Merge remote-tracking branch 'remotes/gonglei/tags/bootdevice-next-20150303' into staging
bootdevice: bug fixes
# gpg: Signature made Tue Mar 3 05:18:39 2015 GMT using RSA key ID DDE30FBB
# gpg: Good signature from "Gonglei <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5178 9C82 617F 2F58 8693 63B1 BA7A 65B0 DDE3 0FBB
* remotes/gonglei/tags/bootdevice-next-20150303:
bootdevice: add check in restore_boot_order()
bootdevice: check boot order argument validation before vm running
Peter Maydell [Sun, 8 Mar 2015 00:16:27 +0000 (00:16 +0000)]
Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-20150303' into staging
TriCore RRR1, RRR2 instructions and bugfixes
# gpg: Signature made Tue Mar 3 01:12:02 2015 GMT using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <[email protected]>"
* remotes/bkoppelmann/tags/pull-tricore-20150303:
target-tricore: Add instructions of RRR1 opcode format, which have 0xc3 as first opcode
target-tricore: Add instructions of RRR1 opcode format, which have 0x43 as first opcode
target-tricore: Add instructions of RRR1 opcode format, which have 0x83 as first opcode
target-tricore: Add instructions of RRR2 opcode format
target-tricore: fix msub32_suov return wrong results
target-tricore: Fix RLC_ADDI, RLC_ADDIH using wrong microcode helper
Max Filippov [Mon, 17 Feb 2014 16:57:45 +0000 (20:57 +0400)]
hw/xtensa: allow reads/writes in the system I/O region
Ignore writes to unassigned areas of system I/O regison and return 0 for
reads. This makes drivers for unimportant unimplemented hardware blocks
happy.
zhanghailiang [Mon, 17 Nov 2014 05:11:09 +0000 (13:11 +0800)]
virtio-balloon: Fix balloon not working correctly when hotplug memory
When do memory balloon, it takes the 'ram_size' as the VM's current ram size,
But 'ram_size' is the startup configured ram size, it does not take into
account the hotplugged memory.
As a result, the balloon result will be confused.
Steps to reproduce:
(1)Start VM: qemu -m size=1024,slots=4,maxmem=8G
(2)In VM: #free -m : 1024M
(3)qmp balloon 512M
(4)In VM: #free -m : 512M
(5)hotplug pc-dimm 1G
(6)In VM: #free -m : 1512M
(7)qmp balloon 256M
(8)In VM: #free -m :1256M
We expect the VM's available ram size to be 256M after 'qmp balloon 256M'
command, but VM's real available ram size is 1256M.
For "qmp balloon" is not performance critical code, we use function
'get_current_ram_size' to get VM's current ram size.
* remotes/awilliam/tags/vfio-update-20150302.0:
vfio-pci: Enable device request notification support
vfio: allow to disable MMAP per device with -x-mmap=off option
vfio: Make type1 listener symbols static
vfio: Add ioctl number to error report
Peter Maydell [Tue, 3 Mar 2015 12:07:47 +0000 (12:07 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
- more config options
- bootdevice, iscsi, virtio-scsi fixes
- build system patches for MinGW and config-devices.mak
- qemu_mutex_lock_iothread deadlock fixes
- another tiny patch from the record/replay series
# gpg: Signature made Mon Mar 2 09:59:14 2015 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <[email protected]>"
# gpg: aka "Paolo Bonzini <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
cpus: be more paranoid in avoiding deadlocks
cpus: fix deadlock and segfault in qemu_mutex_lock_iothread
virtio-scsi: Allocate op blocker reason before blocking
Makefile.target: binary depends on config-devices
Makefile: don't silence mak file test with V=1
Makefile: fix up parallel building under MSYS+MinGW
iscsi: Handle write protected case in reopen
Give ivshmem its own config option
Create specific config option for "platform-bus"
Add specific config options for PCI-E bridges
bootdevice: fix segment fault when booting guest with '-kernel' and '-initrd'
timer: replace time() with QEMU_CLOCK_HOST
virtio-scsi-dataplane: Call blk_set_aio_context within BQL
block: Forbid bdrv_set_aio_context outside BQL
scsi: give device a parent before setting properties
UsbEnumerateNewDev() in the USB bus driver issues a GET_DESCRIPTOR
request, in order to determine the number of configurations that the
endpoint supports. The requests consists of three stages (three TRBs),
setup, data, and status. The length of the response is determined in [1],
namely from the transfer event that the host controller generates in
response to the request's middle stage (ie. the data stage).
If the length of the answer is correct (a full GET_DESCRIPTOR request
takes 18 bytes), then the XHCI driver that underlies the USB bus driver
"snoops" (caches) the descriptor data for later [2].
Later, the USB bus driver sends a SET_CONFIG request. The underlying XHCI
driver allocates a transfer ring for the endpoint, relying on the data
snooped and cached in step [2].
Finally, the USB keyboard driver submits an asynchronous interrupt
transfer to manage the keyboard. As part of this it asserts [4] that the
ring has been allocated in step [3].
And this ASSERT() fires. The root cause can be found in the way QEMU
handles the initial GET_DESCRIPTOR request.
Again, that request consists of three stages (TRBs, Transfer Request
Blocks), "setup", "data", and "status". The XhcCreateTransferTrb()
function sets the IOC ("Interrupt on Completion") flag in each of these
TRBs.
According to the XHCI specification, the host controller shall generate a
Transfer Event in response to *each* individual TRB of the request that
had the IOC flag set. This means that QEMU should queue three events:
setup, data, and status, for edk2's XHCI driver.
However, QEMU only generates two events:
- one for the setup (ie. 1st) stage,
- another for the status (ie. 3rd) stage.
No event is generated for the middle (ie. data) stage. The loop in QEMU's
xhci_xfer_report() function runs three times, but due to the "reported"
variable, only the first and the last TRBs elicit events, the middle (data
stage) results in no event queued.
As a consequence:
- When handling the GET_DESCRIPTOR request, XhcCheckUrbResult() in [1]
does not update the response length from zero.
- XhcControlTransfer() thinks that the response is invalid (it has zero
length payload instead of 18 bytes), hence [2] is not reached; the
device descriptor is not stashed for later, and the number of possible
configurations is left at zero.
- When handling the SET_CONFIG request, (NumConfigurations == 0) from
above prevents the allocation of the endpoint's transfer ring.
- When the keyboard driver tries to use the endpoint, the ASSERT() blows
up.
The solution is to correct the emulation in QEMU, and to generate a
transfer event whenever IOC is set in a TRB.
Radim Krčmář [Tue, 17 Feb 2015 16:30:51 +0000 (17:30 +0100)]
spice: fix invalid memory access to vga.vram
vga_common_init() doesn't allow more than 256 MiB vram size and silently
shrinks any larger value. qxl_dirty_surfaces() used the unshrinked size
via qxl->shadow_rom.surface0_area_size when accessing the memory, which
resulted in segfault.
Add a workaround for this case and an assert if it happens again.
We have to bump the vga memory limit too, because 256 MiB wouldn't have
allowed 8k (it requires more than 128 MiB).
1024 MiB doesn't work, but 512 MiB seems fine.
Gonglei [Tue, 3 Feb 2015 11:31:09 +0000 (11:31 +0000)]
bootdevice: check boot order argument validation before vm running
Either 'once' option or 'order' option can take effect for -boot at
the same time, that is say initial startup processing can check only
one. And pc.c's set_boot_dev() fails when its boot order argument
is invalid. This patch provide a solution fix this problem:
1. If "once" is given, register reset handler to restore boot order.
2. Pass the normal boot order to machine creation. Should fail when
the normal boot order is invalid.
3. If "once" is given, set it with qemu_boot_set(). Fails when the
once boot order is invalid.
4. Start the machine.
5. On reset, the reset handler calls qemu_boot_set() to restore boot
order. Should never fail.
Peter Maydell [Tue, 3 Mar 2015 01:28:54 +0000 (01:28 +0000)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-02-26' into staging
QemuOpts: Convert various setters to Error
# gpg: Signature made Thu Feb 26 13:56:43 2015 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <[email protected]>"
# gpg: aka "Markus Armbruster <[email protected]>"
* remotes/armbru/tags/pull-error-2015-02-26:
qtest: Use qemu_opt_set() instead of qemu_opts_parse()
pc: Use qemu_opt_set() instead of qemu_opts_parse()
qemu-sockets: Simplify setting numeric and boolean options
block: Simplify setting numeric options
qemu-img: Suppress unhelpful extra errors in convert, amend
QemuOpts: Propagate errors through opts_parse()
QemuOpts: Propagate errors through opts_do_parse()
QemuOpts: Drop qemu_opt_set(), rename qemu_opt_set_err(), fix use
block: Suppress unhelpful extra errors in bdrv_img_create()
qemu-img: Suppress unhelpful extra errors in convert, resize
QemuOpts: Convert qemu_opts_set() to Error, fix its use
QemuOpts: Convert qemu_opt_set_number() to Error, fix its use
QemuOpts: Convert qemu_opt_set_bool() to Error, fix its use
target-tricore: Add instructions of RRR1 opcode format, which have 0xc3 as first opcode
Add helpers helper_addsur_h/_ssov which adds one halfword and subtracts one
halfword, rounds / and saturates each half word independently.
Add microcode helper functions:
* gen_maddsu_h/sus_h: multiply two halfwords left justified and add to the
first one word and subtract from the second one word
/ and saturate each resulting word independetly.
* gen_maddsum_h/sums_h: multiply two halfwords in q-format left justified
and add to the first one word and subtract from
the second one word / and saturate each resulting
word independetly.
* gen_maddsur32_h/32s_h: multiply two halfwords in q-format left justified
and add to the first one word and subtract from
the second one word, round both results / and
saturate each resulting word independetly.
target-tricore: Add instructions of RRR1 opcode format, which have 0x43 as first opcode
Add helpers:
* madd64_q_ssov: multiply two 32 bit q-format number, add them with a
64 bit q-format number and saturate.
* madd32_q_add_ssov: add two 64 bit q-format numbers and return a 32 bit
result.
* maddr_q_ssov: multiplay two 32 bit q-format numbers, add a 32 bit
q-format number and saturate.
* maddr_q: multiplay two 32 bit q-format numbers and add a 32 bit
q-format number.
Note: madd instructions in the q format can behave strange, e.g.
0x1 + (0x80000000 * 0x80000000) << 1 for 32 bit signed values does not cause an
overflow on the guest, because all intermediate results should be handled as if
they are indefinitely precise. We handle this by inverting the overflow bit for
all cases: a + (0x80000000 * 0x80000000) << 1.
target-tricore: Add instructions of RRR1 opcode format, which have 0x83 as first opcode
Add helpers:
* add64_ssov: adds two 64 bit values and saturates the result.
* addr_h/_ssov: adds two halfwords with two words in q-format with rounding
/ and saturates each result independetly.
Add microcode generator:
* gen_add64_d: adds two 64 bit values.
* gen_addsub64_h: adds/subtracts one halfwords with a word and adds/
subtracts another halftword with another word.
* gen_madd_h/s_h: multiply four halfwords, add each result left justfied
to two word values / and saturate each result.
* gen_maddm_h/s_h: multiply four halfwords, add each result left justfied
to two words values in q-format / and saturate each
result.
* gen_maddr32/64_h/s_h: multiply four halfwords, add each result left
justfied to two halftwords/words values in q-format
/ and saturate each result.
Alex Williamson [Mon, 2 Mar 2015 18:38:55 +0000 (11:38 -0700)]
vfio-pci: Enable device request notification support
Linux v4.0-rc1 vfio-pci introduced a new virtual interrupt to allow
the kernel to request a device from the user. When signaled, QEMU
will by default attmempt to hot-unplug the device. This is a one-
shot attempt with the expectation that the kernel will continue to
poll for the device if it is not returned. Returning the device when
requested is the expected standard model of cooperative usage, but we
also add an option option to disable this feature. Initially this
opt-out is set as an experimental option because we really should
honor kernel requests for the device.
Samuel Pitoiset [Mon, 2 Mar 2015 18:38:55 +0000 (11:38 -0700)]
vfio: allow to disable MMAP per device with -x-mmap=off option
Disabling MMAP support uses the slower read/write accesses but allows to
trace all MMIO accesses, which is not good for performance, but very
useful for reverse engineering PCI drivers. This option allows to
disable MMAP per device without a compile-time change.
Peter Maydell [Mon, 2 Mar 2015 14:25:48 +0000 (14:25 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Move APIC ID compatibility code to pc.c
target-i386: Require APIC ID to be explicitly set before CPU realize
target-i386: Set APIC ID using cpu_index on CONFIG_USER
linux-user: Check for cpu_init() errors
target-i386: Move CPUX86State.cpuid_apic_id to X86CPU.apic_id
target-i386: Simplify error handling on cpu_x86_init_user()
target-i386: Eliminate cpu_init() function
target-i386: Rename cpu_x86_init() to cpu_x86_init_user()
target-i386: Move topology.h to include/hw/i386
target-i386: Eliminate unnecessary get_cpuid_vendor() function
target-i386: Simplify listflags() function
Peter Maydell [Mon, 2 Mar 2015 12:13:45 +0000 (12:13 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into staging
NUMA fixes queue
# gpg: Signature made Mon Feb 23 19:28:42 2015 GMT using RSA key ID 984DC5A6
# gpg: Can't check signature: public key not found
* remotes/ehabkost/tags/numa-pull-request:
numa: Rename set_numa_modes() to numa_post_machine_init()
numa: Rename option parsing functions
numa: Move QemuOpts parsing to set_numa_nodes()
numa: Make max_numa_nodeid static
numa: Move NUMA globals to numa.c
vl.c: Remove unnecessary zero-initialization of NUMA globals
numa: Move NUMA declarations from sysemu.h to numa.h
Paolo Bonzini [Fri, 27 Feb 2015 19:01:03 +0000 (20:01 +0100)]
cpus: be more paranoid in avoiding deadlocks
For good measure, ensure that the following sequence:
thread 1 calls qemu_mutex_lock_iothread
thread 2 calls qemu_mutex_lock_iothread
VCPU thread are created
VCPU thread enters execution loop
results in the VCPU threads letting the other two threads run
and obeying iothread_requesting_mutex even if the VCPUs are
not halted. To do this, check iothread_requesting_mutex
before execution starts.
Paolo Bonzini [Fri, 27 Feb 2015 18:58:23 +0000 (19:58 +0100)]
cpus: fix deadlock and segfault in qemu_mutex_lock_iothread
When two threads (other than the low-priority TCG VCPU thread)
are competing for the iothread lock, a deadlock can happen. This
is because iothread_requesting_mutex is set to false by the first
thread that gets the mutex, and then the VCPU thread might never
yield from the execution loop. If iothread_requesting_mutex is
changed from a bool to a counter, the deadlock is fixed.
However, there is another bug in qemu_mutex_lock_iothread that
can be triggered by the new call_rcu thread. The bug happens
if qemu_mutex_lock_iothread is called before the CPUs are
created. In that case, first_cpu is NULL and the caller
segfaults in qemu_mutex_lock_iothread. To fix this, just
do not do the kick if first_cpu is NULL.
Max Reitz [Fri, 27 Feb 2015 17:11:53 +0000 (12:11 -0500)]
virtio-scsi: Allocate op blocker reason before blocking
s->blocker is really only used in hw/scsi/virtio-scsi.c; the only places
where it is used in hw/scsi/virtio-scsi-dataplane.c is when it is
allocated and when it is freed. That does not make a whole lot of sense
(and is actually wrong because this leads to s->blocker potentially
being NULL when blk_op_block_all() is called in virtio-scsi.c), so move
the allocation and destruction of s->blocker to the device realization
and unrealization in virtio-scsi.c, respectively.
Vasily Efimov [Wed, 18 Feb 2015 12:59:37 +0000 (15:59 +0300)]
Makefile: fix up parallel building under MSYS+MinGW
This patch enables parallel building of QEMU in MSYS+MinGW environment.
Currently an attempt to build QEMU in parallel fails on generation of
version.lo (and version.o too).
The cause of the failure is that when listing prerequisites "Makefile"
references "config-host.h" by absolute path in some rules and by relative
path in others. Make cannot figure out that these references points to the
same file which leads to the race: the generation of "version.*" which
requires "$(BUILD_DIR)/config-host.h" is launched in parallel with the
generation of "config-host.h" needed by other "Makefile" targets.
This patch removes "$(BUILD_DIR)/" prefix from corresponding prerequisite
of "version.*". There is no other prerequisites "$(BUILD_DIR)/config-host.h"
found.
Also note that not every version of MSYS is able to build QEMU in parallel,
see: "http://sourceforge.net/p/mingw/bugs/1950/". The suggested version is
1.0.17.
David Gibson [Fri, 27 Feb 2015 06:04:37 +0000 (17:04 +1100)]
Give ivshmem its own config option
Currently the ivshmem device is built whenever both PCI and KVM support are
included. This patch gives it its own config option to allow easier
customization of whether to include it. It's enabled by default in the
same circumstances as now - when both PCI and KVM are available.
David Gibson [Fri, 27 Feb 2015 06:04:36 +0000 (17:04 +1100)]
Create specific config option for "platform-bus"
Currently the "platform-bus" device is included for all softmmu builds.
This bridge is intended for use on any platforms that require dynamic
creation of sysbus devices. However, at present it is used only for the
PPC E500 target, with plans for the ARM "virt" target in the immediate
future.
To avoid a not-very-useful entry appearing in "qemu -device ?" output on
other targets, this patch makes a specific config option for platform-bus
and enables it (for now) only on ppc configurations which include E500
and on ARM (which always includes the "virt" target).
projects / qemu.git / log