David Gibson [Wed, 7 Mar 2012 14:41:09 +0000 (14:41 +0000)]
kvm: Comparison with ioctl number macros needs to be unsigned
In kvm-all.c we store an ioctl cmd number in the irqchip_inject_ioctl field
of KVMState, which has type 'int'. This seems to make sense since the
ioctl() man page says that the cmd parameter has type int.
However, the kernel treats ioctl numbers as unsigned - sys_ioctl() takes an
unsigned int, and the macros which generate ioctl numbers expand to
unsigned expressions. Furthermore, some ioctls (IOC_READ ioctls on x86
and IOC_WRITE ioctls on powerpc) have bit 31 set, and so would be negative
if interpreted as an int. This has the surprising and compile-breaking
consequence that in kvm_irqchip_set_irq() where we do:
return (s->irqchip_inject_ioctl == KVM_IRQ_LINE) ? 1 : event.status;
We will get a "comparison is always false due to limited range of data
type" warning from gcc if KVM_IRQ_LINE is one of the bit-31-set ioctls,
which it is on powerpc.
So, despite the fact that the man page and posix say ioctl numbers are
signed, they're actually unsigned. The kernel uses unsigned, the glibc
header uses unsigned long, and FreeBSD, NetBSD and OSX also use unsigned
long ioctl numbers in the code.
Therefore, this patch changes the variable to be unsigned, fixing the
compile.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
Meador Inge [Thu, 23 Feb 2012 03:44:14 +0000 (03:44 +0000)]
ppc: Correctly define POWERPC_INSNS2_DEFAULT
'POWERPC_INSNS2_DEFAULT' was defined incorrectly which was causing the
opcode table creation code to erroneously register 'eieio' and 'mbar'
for the "default" processor:
David Gibson [Wed, 7 Mar 2012 15:12:21 +0000 (15:12 +0000)]
pseries: Add support for level interrupts to XICS
The pseries "xics" interrupt controller, like most interrupt
controllers can support both message (i.e. edge sensitive) interrupts
and level sensitive interrupts, but it needs to know which are which.
When I implemented the xics emulation for qemu, the only devices we
supported were the PAPR virtual IO devices. These devices only use
message interrupts, so they were the only ones I implemented in xics.
Since then, however, we have added support for PCI devices, which use
level sensitive interrupts. It turns out the message interrupt logic
still actually works most of the time for these, but there are
circumstances where we can lost interrupts due to the incorrect
interrupt logic.
This patch, therefore, implements the correct xics level-sensitive
interrupt logic. The type of the interrupt is set when a device
allocates a new xics interrupt.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
Fix large page support in TCG. The old code would overwrite the large page
table entry with the fake 4 KB one generated here whenever the ref/change bits
were updated, causing it to point to the wrong area of memory.
Signed-off-by: Nathan Whitehorn <nwhitehorn@freebsd.org> Acked-by: David Gibson <david@gibson.drobpear.id.au>
[agraf: fix whitespace, braces] Signed-off-by: Alexander Graf <agraf@suse.de>
The POWER7 emulation is missing the Processor Identification Register,
mandatory in recent POWER CPUs, that is required for SMP on at least
some operating systems (e.g. FreeBSD) to function properly. This patch
copies the existing PIR code from the other CPUs that implement it.
Signed-off-by: Nathan Whitehorn <nwhitehorn@freebsd.org> Signed-off-by: Alexander Graf <agraf@suse.de>
pseries: Remove PCI device from PCI host bridge code
The sPAPR PCI code defines a PCI device "spapr-pci-host-bridge-pci" which
is never used. This came over from the earlier bridge driver we used as
a template. Some other bridges appear on their own PCI bus as a device,
but that is not true of pSeries bridges, which are pure host to PCI with
no visible presence on the PCI side.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Mon, 27 Feb 2012 17:18:11 +0000 (17:18 +0000)]
pseries: Remove unused constant from PCI code
The 'bars' constant array was used in experimental device allocation code
which is no longer necessary now that we always run the SLOF firmware.
This patch removes the now redundant variable.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Mon, 27 Feb 2012 17:18:10 +0000 (17:18 +0000)]
pseries: Update SLOF firmware image
This patch updates the SLOF firmware image used on the pseries
machine. The new version adds support for Cirrus VGA and virtfs, as
well as including a number of bugfixes.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
Thomas Huth [Mon, 27 Feb 2012 17:18:08 +0000 (17:18 +0000)]
PPC64: Add support for ldbrx and stdbrx instructions
These instructions for loading and storing byte-swapped 64-bit values have
been introduced in PowerISA 2.06.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Mon, 27 Feb 2012 17:18:07 +0000 (17:18 +0000)]
pseries: Don't try to munmap() a malloc()ed TCE table
For the pseries machine, TCE (IOMMU) tables can either be directly
malloc()ed in qemu or, when running on a KVM which supports it, mmap()ed
from a KVM ioctl. The latter option is used when available, because it
allows the (frequent bottlenext) H_PUT_TCE hypercall to be KVM accelerated.
However, even when KVM is persent, TCE acceleration is not always possible.
Only KVM HV supports this ioctl(), not KVM PR, or the kernel could run out
of contiguous memory to allocate the new table. In this case we need to
fall back on the malloc()ed table.
When a device is removed, and we need to remove the TCE table, we need to
either munmap() or free() the table as appropriate for how it was
allocated. The code is supposed to do that, but we buggily fail to
initialize the tcet->fd variable in the malloc() case, which is used as a
flag to determine which is the right choice.
This patch fixes the bug, and cleans up error messages relating to this
path while we're at it.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
Alex Barcelo [Thu, 9 Feb 2012 23:55:46 +0000 (23:55 +0000)]
Bad zero comparison for sas_ss_flags on powerpc
All architectures work the same way, and all check for sas_ss_flags ==
0. The powerpc lines are wrong, and do the check the other way round
(it's a qemu internal check, which is done wrong only for this
architecture, it's more a typo than a bug). It's NOT ppc specific,
it's POSIX standard (sigaltstack) and qemu internal.
I have a test source that I will send in a follow-up (it's longer than
I would have wished, I'm sure that a better test case can be written
if needed)
Signed-off-by: Alex Barcelo <abarcelo@ac.upc.edu> Signed-off-by: Alexander Graf <agraf@suse.de>
Corentin Chary [Wed, 14 Mar 2012 06:58:47 +0000 (07:58 +0100)]
vnc: don't mess up with iohandlers in the vnc thread
The threaded VNC servers messed up with QEMU fd handlers without
any kind of locking, and that can cause some nasty race conditions.
Using qemu_mutex_lock_iothread() won't work because vnc_dpy_cpy(),
which will wait for the current job queue to finish, can be called with
the iothread lock held.
Instead, we now store the data in a temporary buffer, and use a bottom
half to notify the main thread that new data is available.
vnc_[un]lock_ouput() is still needed to access VncState members like
abort, csock or jobs_buffer.
Signed-off-by: Corentin Chary <corentin.chary@gmail.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Sat, 28 Jan 2012 15:39:52 +0000 (16:39 +0100)]
qom: Introduce CPU class
Reintroduce CPUState as QOM object: It's abstract and derived directly
from TYPE_OBJECT for compatibility with the user emulators.
The identifier CPUState avoids conflicts between CPU() and the struct.
Introduce $(qom-twice-y) to build it separately for system and for user
emulators.
Prepare a virtual reset method, (re)introduce cpu_reset() as wrapper.
Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Wed, 14 Mar 2012 00:38:32 +0000 (01:38 +0100)]
Rename CPUState -> CPUArchState
Scripted conversion:
for file in *.[hc] hw/*.[hc] hw/kvm/*.[hc] linux-user/*.[hc] linux-user/m68k/*.[hc] bsd-user/*.[hc] darwin-user/*.[hc] tcg/*/*.[hc] target-*/cpu.h; do
sed -i "s/CPUState/CPUArchState/g" $file
done
All occurrences of CPUArchState are expected to be replaced by QOM CPUState,
once all targets are QOM'ified and common fields have been extracted.
Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Wed, 14 Mar 2012 00:38:23 +0000 (01:38 +0100)]
ppc hw/: Don't use CPUState
Scripted conversion:
for file in hw/ppc*.[hc] hw/mpc8544_guts.c hw/spapr*.[hc] hw/virtex_ml507.c hw/xics.c; do
sed -i "s/CPUState/CPUPPCState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de> Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Wed, 14 Mar 2012 00:38:23 +0000 (01:38 +0100)]
microblaze hw/: Don't use CPUState
Scripted conversion:
for file in hw/microblaze_*.[hc] hw/petalogix_ml605_mmu.c hw/petalogix_s3adsp1800_mmu.c; do
sed -i "s/CPUState/CPUMBState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de> Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Wed, 14 Mar 2012 00:38:23 +0000 (01:38 +0100)]
m68k hw/: Don't use CPUState
Scripted conversion:
for file in hw/an5206.c hw/dummy_m68k.c hw/mcf.h hw/mcf5206.c hw/mcf5208.c hw/mcf_intc.c; do
sed -i "s/CPUState/CPUM68KState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de> Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Wed, 14 Mar 2012 00:38:23 +0000 (01:38 +0100)]
i386 hw/: Don't use CPUState
Scripted conversion:
for file in hw/apic.h hw/kvm/apic.c hw/kvmvapic.c hw/pc.c hw/vmport.c hw/xen_machine_pv.c; do
sed -i "s/CPUState/CPUX86State/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de> Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Wed, 14 Mar 2012 00:38:23 +0000 (01:38 +0100)]
cris hw/: Don't use CPUState
Scripted conversion:
for file in hw/cris-boot.[hc] hw/cris_pic_cpu.c hw/axis_dev88.c hw/etraxfs.h hw/etraxfs_ser.c; do
sed -i "s/CPUState/CPUCRISState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de> Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Igor Mitsyanko [Tue, 28 Feb 2012 11:57:11 +0000 (15:57 +0400)]
qom/object.c: rename type_class_init() to type_initialize()
Function name type_class_init() gave us a wrong impression of separation
of type's "class" and "object" entities initialization. Name type_initialize()
is more appropriate for type_class_init() function (considering what operations
it performs).
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Igor Mitsyanko [Tue, 28 Feb 2012 11:57:10 +0000 (15:57 +0400)]
qom: if @instance_size==0, assign size of object to parent object size
QOM documentation states that for objects of type with @instance_size == 0 size
will be assigned to match parent object's size. But currently this feauture is
not implemented and qemu asserts during creation of object with zero instance_size.
Set appropriate value for type instance_size during type_class_init() call.
object_initialize_with_type() must call type_class_init() before asserting
type->instance_size, and object_new_with_type() must call type_class_init() before
object allocation.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avi Kivity [Tue, 6 Mar 2012 15:50:10 +0000 (17:50 +0200)]
kvmvapic: align start address as well as size
The kvmvapic code remaps a section of ROM as RAM to allow the guest to
maintain state there. It is careful to align the section size to a page
boundary, to avoid creating subpages, but neglects to do the same for
the start address. These leads to an assert later on when the memory
core tries to create a page which is half RAM and half ROM.
Fix by aligning the start address to a page boundary.
This can be triggered by running qemu-system-x86_64 -enable-kvm -vga none.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Tue, 13 Mar 2012 18:55:02 +0000 (13:55 -0500)]
Merge remote-tracking branch 'kraxel/usb.44' into staging
* kraxel/usb.44:
Endian fix an assertion in usb-msd
uhci: alloc can't fail, drop check.
uhci: new uhci_handle_td return code for tds still in flight
uhci: renumber uhci_handle_td return codes
uhci: use enum for uhci_handle_td return codes
uhci: tracing support
uhci: cancel on schedule stop.
uhci: fix uhci_async_cancel_all
uhci: pass addr to uhci_async_alloc
usb: improve packet state sanity checks
usb-ohci: DMA writeback bug fixes
usb-ehci: drop unused isoch_pause variable
usb: zap hw/ush-{ohic,uhci}.h + init wrappers
usb: the big rename
Andreas Färber [Sun, 4 Mar 2012 20:32:36 +0000 (21:32 +0100)]
qom: Add QOM support to user emulators
Link the Object base class and the module infrastructure for class
registration. Introduce $(universal-obj-y) for objects that are more
common than $(common-obj-y), so that those only get built once.
Call QOM module init for type registration.
Signed-off-by: Andreas Färber <afaerber@suse.de> Cc: Anthony Liguori <anthony@codemonkey.ws> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Sun, 4 Mar 2012 20:32:35 +0000 (21:32 +0100)]
qom: Register QOM infrastructure early
The constructors for QOM TYPE_INTERFACE were executed rather late in
vl.c's main(). Call them very early so that QOM can safely be used for
machines and CPUs.
Signed-off-by: Andreas Färber <afaerber@suse.de> Cc: Anthony Liguori <anthony@codemonkey.ws> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Sun, 4 Mar 2012 20:32:34 +0000 (21:32 +0100)]
kvmclock: Always register type
Currently, the "kvmclock" type is only registered when kvm_enabled().
This breaks when moving type registration to before command line
parsing (so that QOM types can be used for CPU and machine).
Since the QOM classes are lazy-initialized anyway and kvmclock_create()
has another kvm_enabled() check, simply drop the KVM check in
kvmclock_register_types().
kvm-i8259, kvm-apic and kvm-ioapic do not suffer from such a check.
Reviewed-by: please. Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> Cc: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Weil [Sat, 10 Mar 2012 20:20:53 +0000 (21:20 +0100)]
slirp: Fix compiler warning for w64
Casting a pointer to an integer value must use uintptr_t or intptr_t
(not long) for portable code. MinGW-w64 requires this because
sizeof(long) != sizeof(void *) for w64 hosts, so casting to long
raises a compiler warning.
I use uintptr_t instead of intptr_t because changing the sign does not
matter here and casting pointers to unsigned values seems more
reasonable (the unsigned value is a non negative offset.
Cc: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Mon, 5 Mar 2012 23:00:07 +0000 (00:00 +0100)]
slirp: Fix queue walking in if_start
Another attempt to get this right: We need to carefully walk both the
fastq and the batchq in if_start while trying to send packets to
possibly not yet resolved hosts on the virtual network.
So far we just requeued a delayed packet where it was and then started
walking the queues from the top again - that couldn't work. Now we pre-
calculate the next packet in the queue so that the current one can
safely be removed if it was sent successfully. We also need to take into
account that the next packet can be from the same session if the current
one was sent and there are no other sessions.
CC: Fabien Chouteau <chouteau@adacore.com> CC: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com> CC: Stefan Weil <sw@weilnetz.de> Tested-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Wei Yang [Thu, 8 Mar 2012 01:10:44 +0000 (12:10 +1100)]
usb-ohci: DMA writeback bug fixes
This patch fixes two bugs in the OHCI device where the device writes
back data to system memory that should be exclusively under the
control of the guest side driver.
In OHCI specification Section 5.2.7, it mentioned "In all cases, Host
Controller Driver is responsible for the insertion and removal of all
Endpoint Descriptors in the various Host Controller Endpoint
Descriptor lists". In the ohci_frame_boundary(), ohci_put_hcca()
writes the entire hcca back including the interrupt ED lists which
should be under driver control. This violates the specification and
can race with a host driver updating that list at the same time.
In the OHCI Spec Section 4.6, Transfer Descriptor Queue Processing, it
mentioned "Since the TD pointed to by TailP is not accessed by the HC,
the Host Controller Driver can initialize that TD and link at least
one other to it without creating a coherency or synchronization
problem". While the function ohci_put_ed() writes the entire endpoint
descriptor back including the TailP which should under driver
control. This violate the specification and can race with a host
driver updating the TD list at the same time.
In each case the solution is to make sure we don't write data which is
under driver control.
Cc: Gerd Hoffman <kraxel@redhat.com> Signed-off-by: Wei Yang <weiyang@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gerd Hoffmann [Wed, 7 Mar 2012 14:06:32 +0000 (15:06 +0100)]
usb: zap hw/ush-{ohic,uhci}.h + init wrappers
Remove the uhci and ohci init wrappers, which all wrapped a
pci_create_simple() one-liner. Switch callsites to call
pci_create_simple directly. Remove the header files where
the wrappers where declared.
Gerd Hoffmann [Wed, 7 Mar 2012 13:55:18 +0000 (14:55 +0100)]
usb: the big rename
Reorganize usb source files. Create a new hw/usb/ directory and move
all usb source code to that place. Also make filenames a bit more
descriptive. Host adapters are prefixed with "hch-" now, usb device
emulations are prefixed with "dev-". Fixup paths Makefile and include
paths to make it compile. No code changes.
Anthony Liguori [Tue, 13 Mar 2012 01:51:42 +0000 (20:51 -0500)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony:
test-coroutine: add performance test for nesting
coroutine: adding configure option for sigaltstack coroutine backend
coroutine: adding configure choose mechanism for coroutine backend
coroutine: adding sigaltstack method (.c source)
qcow2: Reduce number of I/O requests
qcow2: Add qcow2_alloc_clusters_at()
qcow2: Factor out count_cow_clusters
qmp: convert blockdev-snapshot-sync to a wrapper around transactions
add mode field to blockdev-snapshot-sync transaction item
rename blockdev-group-snapshot-sync
qapi: complete implementation of unions
use QSIMPLEQ_FOREACH_SAFE when freeing list elements
Add 'make check-block'
make check: Add qemu-iotests subset
qemu-iotests: Mark some tests as quick
qcow2: Add error messages in qcow2_truncate
block: handle -EBUSY in bdrv_commit_all()
qcow2: Add some tracing
qed: do not evict in-use L2 table cache entries
Group snapshot: Fix format name for backing file
Anthony Liguori [Tue, 13 Mar 2012 01:50:09 +0000 (20:50 -0500)]
Merge remote-tracking branch 'qemu-kvm/memory/core' into staging
* qemu-kvm/memory/core:
memory: get rid of cpu_register_io_memory()
memory: dispatch directly via MemoryRegion
exec: fix code tlb entry misused as iotlb in get_page_addr_code()
memory: store section indices in iotlb instead of io indices
memory: make phys_page_find() return an unadjusted section
Anthony Liguori [Tue, 13 Mar 2012 01:49:13 +0000 (20:49 -0500)]
Merge remote-tracking branch 'stefanha/tracing' into staging
* stefanha/tracing:
vga: add trace event for ppm_save
console: add some trace events
maintainers: Add docs/tracing.txt to Tracing
docs: correct ./configure line in tracing.txt
trace: make trace_thread_create() use its function arg
tracetool: Omit useless QEMU_*_ENABLED() check
trace: Provide a per-event status define for conditional compilation
Anthony Liguori [Tue, 13 Mar 2012 01:48:00 +0000 (20:48 -0500)]
Merge remote-tracking branch 'qmp/queue/qmp' into staging
* qmp/queue/qmp:
qapi-schema.json: fix comment for type ObjectPropretyInfo
qapi-schema: fix typos and explain 'spice' auth
qjson.h: include compiler.h for GCC_FMT_ATTR
Michael Roth [Tue, 7 Feb 2012 19:56:48 +0000 (13:56 -0600)]
qemu-ga: add guest-sync-delimited
guest-sync leaves it as an exercise to the user as to how to reliably
obtain the response to guest-sync if the client had previously read in a
partial response (due qemu-ga previously being restarted mid-"sentence"
due to reboot, forced restart, etc).
qemu-ga handles this situation on its end by having a client precede
their guest-sync request with a 0xFF byte (invalid UTF-8), which
qemu-ga/QEMU JSON parsers will treat as a flush event. Thus we can
reliably flush the qemu-ga parser state in preparation for receiving
the guest-sync request.
guest-sync-delimited provides the same functionality for a client: when
a guest-sync-delimited is issued, qemu-ga will precede it's response
with a 0xFF byte that the client can use as an indicator to flush its
buffer/parser state in preparation for reliably receiving the
guest-sync-delimited response.
It is also useful as an optimization for clients, since, after issuing a
guest-sync-delimited, clients can safely discard all stale data read
from the channel until the 0xFF is found.
projects / qemu-xen.git / log