Merge remote-tracking branch 'remotes/borntraeger/tags/kvm-s390-20140227' into staging
Several features, fixes and cleanups for kvm/s390:
- sclp event facility: cleanup structure. This allows to use realize/unrealize as well as migration support via vmsd...
Merge remote-tracking branch 'remotes/bonzini/scsi-next' into staging
Merge remote-tracking branch 'remotes/mcayland/qemu-sparc' into staging
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-pci-for-qemu-20140226.0' into staging
Updates include: - Coverify fixes for vfio & pci-assign (Markus) - VFIO blacklisting support for known brokwn PCI option ROMs (Bandan)
sun4m: fix slavio timer RUN/STOP bit
The sun4m architecture has one 'system' timer and one timer per CPU.The CPU timers can be configured in two modes:
sun4m: Add Sun CG3 framebuffer and corresponding OpenBIOS FCode ROM
The CG3 framebuffer is a simple 8-bit framebuffer for use with operatingsystems such as early Solaris that do not have drivers for TCX.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>...
sun4m: Add Sun CG3 framebuffer initialisation function
In order to allow the user to choose the framebuffer for sparc-softmmu, add-vga tcx and -vga cg3 options to the QEMU command line. If no option isspecified, the default TCX framebuffer is used.
Since proprietary FCode ROMs use a resolution of 1152x900, slightly relax the...
s390x/ipl: Fix crash of ELF images with arbitrary entry points
When loading S390 kernels, the current code expects an ELF file with thestart address 0x10000. Other ELF files cause a segmentation fault. To avoidthese crashes, we should get the start address from the ELF file instead...
s390x/kvm: implement floating-interrupt controller device
This patch implements a floating-interrupt controller device (flic)which interacts with the s390 flic kvm_device.
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>...
s390x/async_pf: Check for apf extension and enable pfault
S390 can also use async page faults, to enhance guest scheduling.In case of live migration we want to disable the feature and letall pending request finish.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>...
s390x/virtio-hcall: Add range check for hypervisor call
The handler for diag 500 did not check whether the requested functionwas in the supported range, so illegal values could crash QEMU in theworst case.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>...
s390x/virtio-hcall: Specification exception for illegal subcodes
So far, the DIAG 500 hypervisor call was only setting -EINVAL inR2 when a guest tried to call this function with an illegal subcode.This patch now changes the behavior so that a specification exception...
s390x/eventfacility: mask out commands
As a followup to commit 5f04c14a10fa7f259bc0808f35a0beda49f7821e(s390-sclp: Define New SCLP Codes) we should mask the sclp commandnot only in base sclp, but also in the event facility.
Based on an initial patch from Ralf Hoppe....
s390x/sclp: Fixed the size of sccb and code parameter
The pointer to the SCCB should not be limited to 32 bits only.In contrast to this, the command word parameter is only 32 bits(the upper 32 bits should be ignored).
s390x/sclp: Add missing checks to SCLP handler
If the 51 most significant bits of the SCCB address are zero or equal tothe prefix, we should throw an specification exception, too.Also moved the check for privileged mode to sclp_service_call() to haveall program checks in one place now....
s390x/event-facility: some renaming
Do some renaming to shorten some identifiers and to emphasize sclp.
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
s390x/event-facility: code restructure
Code restructure in order to simplify class hierarchy - remove S390SCLPDevice abstract base class and move function pointers into new SCLPEventFacilityClass - implement SCLPEventFacility as SysBusDevice - use define constants for instance creation strings...
s390x/event-facility: add support for live migration
Add support for live migration using VMStateDescription.
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
s390x/event-facility: exploit realize/unrealize
init/exit functionality of abstract SCLPEvent class is now exploitingrealize/unrealize.
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140226' into staging
target-arm queue: * fixes for various Coverity-spotted bugs * support new KVM device control API for VGIC * support KVM VGIC save/restore/migration * more AArch64 system mode foundations...
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
Net patches
Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-3' into staging
hda-audio: qom cleanups
vfio: blacklist loading of unstable roms
Certain cards such as the Broadcom BCM57810 have rom quirksthat exhibit unstable system behavior duing device assignment. Inthe particular case of 57810, rom execution hangs and if a FLRfollows, the device becomes inoperable until a power cycle. This...
pci-assign: Fix potential read beyond buffer on -EBUSY
readlink() doesn't write a terminating null byte.assign_failed_examine() passes the unterminated string to strrchr().Oops. Terminate it.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>...
vfio: Fix overrun after readlink() fills buffer completely
readlink() returns the number of bytes written to the buffer, and itdoesn't write a terminating null byte. vfio_init() writes it itself.Overruns the buffer when readlink() filled it completely....
dma/pl330: implement dmaadnh instruction
Implement the missing DMAADNH instruction. This is a minor variantof the DMAADDH instruction, so factor out to a common implementationfor both (dmaadxh).
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>...
dma/pl330: Fix misleading type
This type really should just be a regular int as no usages rely on it's32 bitness (it's only meaningful as a bit position and not a bit mask).This also fixes a printf which uses the variable with a regular %d.
dma/pl330: printf format type sweep.
Use PRI formats as appropriate rather than raw %x and %d. This fixesdebug printfery on some host platforms. Fix types of debug onlyvariables as appropriate.
dma/pl330: Rename parent_obj
As per current QOM conventions.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>Reviewed-by: Peter Maydell <peter.maydell@linaro.org>Message-id: abb137347ea1ee9c31487b544f3d5435fb17f6a4.1393372019.git.peter.crosthwaite@xilinx.com...
dma/pl330: Add event debugging printfs
These are helpful to anyone trying to debug event sequencing.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>Reviewed-by: Peter Maydell <peter.maydell@linaro.org>Message-id: e82a0ad804db3de4f46839e55a9d287735ef870d.1393372019.git.peter.crosthwaite@xilinx.com...
dma/pl330: Fix buffer depth
This is the product of the data-width and the depth arguments, I.e thedepth of the FIFO is in terms of data entries and not bytes (which iswhat the original implementation was suggesting). Fix.
dma/pl330: Delete overly verbose debug printf
When using event synchronisation, this particular debug printf floods.Just delete it.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>Reviewed-by: Peter Maydell <peter.maydell@linaro.org>Message-id: dd94d19493f97c47497b9d8caf74ca43e70d58fd.1393372019.git.peter.crosthwaite@xilinx.com...
target-arm: Store AIF bits in env->pstate for AArch32
To avoid complication in code that otherwise would not need tocare about whether EL1 is AArch32 or AArch64, we should storethe interrupt mask bits (CPSR.AIF in AArch32 and PSTATE.DAIFin AArch64) in one place consistently regardless of EL1's mode....
target-arm: Implement AArch64 TTBR*
Implement the AArch64 TTBR* registers. For v7 these were already 64 bitsto handle LPAE, but implemented as two separate uint32_t fields.Combine them into a single uint64_t which can be used for all purposes.Since this requires touching every use, take the opportunity to rename...
hw: arm_gic_kvm: Add KVM VGIC save/restore logic
Save and restore the ARM KVM VGIC state from the kernel. We rely onQEMU to marshal the GICState data structure and therefore simplysynchronize the kernel state with the QEMU emulated state in bothdirections....
arm: vgic device control api support
Support creating the ARM vgic device through the device control API andsetting the base address for the distributor and cpu interfaces in KVMVMs using this API.
Because the older KVM_CREATE_IRQCHIP interface needs the irq chip to be...
hw/arm/musicpal: Remove nonexistent CDTP2, CDTP3 registers
The ethernet device in the musicpal only has two tx queues,but we modelled it with four CTDP registers, presumably acut and paste from the rx queue registers. Since the tx_queue[]array is only 2 entries long this allowed a guest to overrun...
hw/intc/arm_gic: Fix GIC_SET_LEVEL
The GIC_SET_LEVEL macro unfortunately overwrote the entire levelbitmask instead of just or'ing on the necessary bits, causing activelevel PPIs on a core to clear PPIs on other cores.
Cc: qemu-stable@nongnu.orgReported-by: Rob Herring <rob.herring@linaro.org>...
hw/net/stellaris_enet: Avoid unintended sign extension
Add a cast to avoid an unintended sign extension thatwould mean we returned 0xffffffff in the high 32 bitsfor an IA0 read if bit 31 in the MAC address was 1.(This is harmless since we'll only be doing 4 byte...
hw/timer/arm_timer: Avoid array overrun for bad addresses
The integrator's timer read/write functions log an error forbad addresses in guest accesses, but were falling through andusing an out of bounds array index rather than returning early.Fix this....
hw/intc/exynos4210_combiner: Don't overrun output_irq array in init
The Exynos4210 combiner has IIC_NIRQ inputs and IIC_NGRP outputs;use the correct constant in the loop initializing our outputsysbus IRQs so that we don't overrun the output_irq[] array....
hw/misc/arm_sysctl: Fix bad boundary check on mb clock accesses
Fix incorrect use of sizeof() rather than ARRAY_SIZE() to guardaccesses into the mb_clock[] array, which was allowing a maliciousguest to overwrite the end of the array.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>...
microblaze/s3adsp_1800: Define macros for irq map
Define macros for the interrupt map for the sake of self documentation.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
ppc/virtex_ml507: Define macros for irq/memory maps
Define macros for the interrupt and memory maps for the sake of selfdocumentation.
microblaze/ml605: Define macros for irq/memory maps
Define (missing) macros for the interrupt and memory maps for the sakeof self documentation.
xilinx: Inline usages of xilinx_intc_create()
Inline these usages. Converts these init to at least a semi-recent QOMstyling.
xilinx: Inline usages of xilinx_timer_create()
xilinx: Inline usage of xilinx_ethlite_create()
Inline the only usage. Converts this init to at least a semi-recent QOMstyling.
xilinx: Inline usages of xilinx_axi*_init()
Inline the only usage of each of xilinx_axiethernet_init andxilinx_axidma_init. Converts this init to at least a semi-recent QOMstyling.
xilinx: Delete hw/include/xilinx.h
This is now obsolete - remove the header and all its inclusions.
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-3' into staging
qxl: add sanity check
net: remove implicit peer from offload API
The virtio_net offload APIs are used on the NIC's peer (i.e. the tapdevice). The API was defined to implicitly use nc->peer, saving thecaller the trouble.
This wasn't ideal because:1. There are callers who have the peer but not the NIC. Currently they...
vhost_net: use offload API instead of bypassing it
There is no need to access backend->info->has_vnet_hdr() and friendsanymore. Use the qemu_has_vnet_hdr() API instead.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
virtio-net: use qemu_get_queue() where possible
qemu_get_queue() is a shorthand for qemu_get_subqueue(n->nic, 0). Usethe shorthand where possible.
Merge remote-tracking branch 'remotes/xtensa/tags/20140224-xtensa' into staging
Xtensa fixes and improvements queue 2014-02-24:- add support for ML605 and KC705 FPGA boards;- flush opencores_eth queue when new RX descriptor is available;- add basic checks to cache opcodes;...
net: virtio-net and vmxnet3 use offloading API
With this patch, virtio-net and vmxnet3 frontends makeuse of the qemu_peer_* API for backend offloadings manipulations,instead of calling TAP-specific functions directly.We also remove the existing checks which prevent those frontends...
opencores_eth: flush queue whenever can_receive can go from false to true
The following registers control whether MAC can receive frames:- MODER.RXEN bit that enables/disables receiver;- TX_BD_NUM register that specifies number of RX descriptors.Notify QEMU networking core when the MAC is ready to receive frames....
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches
Merge remote-tracking branch 'remotes/sstabellini/xen-140220' into staging
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Add HDA_AUDIO type and macro, drop DO_UPCAST().
Had to add a abstract hda audio class as parentfor all hda-* variants to make that fly. Killedsome init code duplication while being at it.
Cc: Andreas Färber <afaerber@suse.de>...
hw/xtensa: add support for ML605 and KC705 FPGA board
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>Reviewed-by: Andreas Färber <afaerber@suse.de>
scsi-disk: Add support for port WWN and index descriptors in VPD page 83h
To make a VM more convincing to my application, it's useful to be ableto add a port WWN and relative target port index to the descriptorsreturned for VPD page 83h. Add device properties to allow setting...
scsi: Change scsi sense buf size to 252
Current buffer size fails the assersion check in like
hw/scsi/scsi-bus.c:1655: assert(req->sense_len <= sizeof(req->sense));
when backend (block/iscsi.c) returns more data then 96.
Exercise the core dump path by booting an Gentoo ISO with scsi-generic...
scsi: report thin provisioning errors with werror=report
SCSI defines a status code for when a thin-provisioned LUNs wouldexceed the allocated space, map ENOSPC to it.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b
The transfer length depends on field BYTCHK, which is encoded in byte1, bits 1..2. However, the guard for for case BYTCHK=11b doesn'twork, and we get case 01b instead. Fix it.
Note that since emulated scsi-hd fails the command outright, it takes...
block: Add reference parameter to bdrv_open()
Allow bdrv_open() to handle references to existing block devices just asbdrv_file_open() is already capable of.
Signed-off-by: Max Reitz <mreitz@redhat.com>Signed-off-by: Kevin Wolf <kwolf@redhat.com>
block: Change BDS parameter of bdrv_open() to **
Make bdrv_open() take a pointer to a BDS pointer, similarly tobdrv_file_open(). If a pointer to a NULL pointer is given, bdrv_open()will create a new BDS with an empty name; if the BDS pointer is notNULL, that existing BDS will be reused (in the same way as bdrv_open()...
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140220' into staging
target-arm queue: * Fix a bug causing an assertion in the NVIC on ARMv7M models * More A64 Neon instructions * Refactor cpreg API to separate out access check functions, as...
xen_disk: fix io accounting
bdrv_acct_done was called unconditional. But in case the ioreq has nosegments there is no matching bdrv_acct_start call. This could lead tobogus accounting values.
Found by code inspection.
Signed-off-by: Olaf Hering <olaf@aepfle.de>...
Call pci_piix3_xen_ide_unplug from unplug_disks
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-3' into staging
- xhci improvements and fixes.- uhci bugfix.- cleanups.
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
QOM infrastructure fixes and device conversions
Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
target-arm: Drop success/fail return from cpreg read and write functions
All cpreg read and write functions now return 0, so we can clean uptheir prototypes: * write functions return void * read functions return the value rather than taking a pointer to write the value to...
hw/intc/arm_gic: Fix NVIC assertion failure
Commit 40d225009ef accidentally changed the behaviour ofgic_acknowledge_irq() for the NVIC. The NVIC doesn't have SGIs,so this meant we hit an assertion: gic_acknowledge_irq: Assertion `s->sgi_pending[irq][cpu] != 0' failed....
uhci: invalidate queue on device address changes
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
xhci iso: fix time calculation
Frameid specifies frames not microframes, so weneed to shift it to get the microframe index.
xhci iso: allow for some latency
Allow the scheduled transfer time be a bit behind, tocompensate for latencies. Without this xhci will waitway to often for the mfindex wraparound, assuming thescheduled time is in the future just because qemu isa bit behind in processing the iso transfer requests....
xhci: switch debug printf to tracepoint
xhci: use DPRINTF instead of fprintf(stderr, ...)
So we don't spam stderr with (guest-triggerable) messages by default.
usb: Remove magic constants from device bmAttributes
Replace magic constants in device bmAttributes with symbolic onesfrom Linux kernel ch9.h
Signed-off-by: Pantelis Koukousoulas <pktoss@gmail.com>Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
xhci: fix overflow in usb_xhci_post_load
Found by Coverity.
Reported-by: Markus Armbruster <armbru@redhat.com>Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use error_is_set() only when necessary
error_is_set(&var) is the same as var != NULL, but it takeswhole-program analysis to figure that out. Unnecessarily hard foroptimizers, static checkers, and human readers. Dumb it down toobvious.
Gets rid of several dozen Coverity false positives....
Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-02-15' into staging
trivial patches for 2014-02-15
sparc/leon3: Initialize stack pointer
A lot of real world LEON3 systems are shipped with the GRMON bootloader. This boot loader initializes the stack pointer with the end ofRAM address. The application can use this to detect the RAM size of aparticular board variant....
char/serial: Fix emptyness check
This was guarding against a full fifo rather than an empty fifo whenpopping. Fix.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>Reviewed-by: Martin Kletzander <mkletzan@redhat.com>Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>...
qdev: Add enum property types to QAPI schema
Reviewed-by: Igor Mammedov <imammedo@redhat.com>Reviewed-by: Eric Blake <eblake@redhat.com>Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>Signed-off-by: Andreas Färber <afaerber@suse.de>
qdev: Use QAPI type names for properties
Use "drive", "chr", etc. only for legacy_name (which shows upin -device foo,? output).
Reviewed-by: Igor Mammedov <imammedo@redhat.com>Reviewed-by: Eric Blake <eblake@redhat.com>Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>...
qdev: Remove hex8/32/64 property types
Replace them with uint8/32/64.
block: Handle "rechs" and "large" translation options
Sure, CHS translation is an obscure topic, and legacy options forhard-disk geometries are obscure as well. But since QEMU does nothingwith it except telling the BIOS, and since there "large" and "rechs"...
qdev: Remove most legacy printers
Their functionality is either aesthetic only (e.g. on/off vs. true/false)or obtained by the "human mode" of StringOutputVisitor.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>Reviewed-by: Eric Blake <eblake@redhat.com>...
qdev: Sizes are now parsed by StringInputVisitor
qdev: Remove legacy parsers for hex8/32/64
The hexNN property types have not been accepting values not prefixedby "0x" since QEMU 1.2. Parse those values as decimals now.
qdev: Legacy properties are now read-only
qdev: Legacy properties are just strings
prop->info->legacy_name is still used by "-device foo,?".
qdev: Inline qdev_prop_parse()
ipack: Move IndustryPack out of hw/char/
Move the header defining an IPackBus and IPackDevice base class intoa new include/ directory and move their implementation and aPCI-IndustryPack bridge out of hw/char/ directory into a new hw/ipack/.
Acked-by: Alberto Garcia <agarcia@igalia.com>...
ipoctal232: QOM parent field cleanup
Clean up accesses to IPOctalState::dev field and rename it.
Acked-by: Alberto Garcia <agarcia@igalia.com>Signed-off-by: Andreas Färber <afaerber@suse.de>