git.maquefel.me Git - qemu.git/log

target-arm: Delete unused iwmmxt_msadb helper

The iwmmxt_msadb helper and its corresponding gen function are unused;
delete them. (This function appears to have never been used right back
to the initial implementation of iwMMXt; it is identical to iwmmxt_madduq,
and is presumably an accidental remnant from the initial development.)

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401822125-1822-1-git-send-email-peter.maydell@linaro.org

target-arm: Fix errors in writes to generic timer control registers

The code for handling writes to the generic timer control registers
had several bugs:
* ISTATUS (bit 2) is read-only but we forced it to zero on any write
* the check for "was IMASK (bit 1) toggled?" incorrectly used '&' where
it should be '^'
* the handling of IMASK was inverted: we should set the IRQ if
ISTATUS is set and IMASK is clear, not if both are set

The combination of these bugs meant that when running a Linux guest
that uses the generic timers we would fairly quickly end up either
forgetting that the timer output should be asserted, or failing to
set the IRQ when the timer was unmasked. The result is that the guest
never gets any more timer interrupts.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401803208-1281-1-git-send-email-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org

target-arm: A64: Implement two-register SHA instructions

Implement the two-register SHA instruction group from the optional
Crypto Extensions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401458125-27977-10-git-send-email-peter.maydell@linaro.org

target-arm: A64: Implement 3-register SHA instructions

Implement the 3-register SHA instruction group from the optional
Crypto Extensions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401458125-27977-9-git-send-email-peter.maydell@linaro.org

target-arm: A64: Implement AES instructions

Implement the AES instructions from the optional Crypto Extensions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401458125-27977-8-git-send-email-peter.maydell@linaro.org

target-arm: A32/T32: Mask CRC value in calling code, not helper

Bring the 32-bit CRC helper functions into line with the A64 ones,
by masking the high bytes of the value in the calling code rather
than the helper. This is more efficient since we can determine the
mask at translation time.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401458125-27977-7-git-send-email-peter.maydell@linaro.org

target-arm: A64: Implement CRC instructions

Implement the optional A64 CRC instructions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401458125-27977-6-git-send-email-peter.maydell@linaro.org

target-arm: VFPv4 implies half-precision extension

VFPv4 implies the presence of the half-precision floating point
extension (which is optional in VFPv3). Add this implied rule
to arm_cpu_realizefn() and remove some no-longer-needed explicit
setting of the bit in initfns.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401458125-27977-5-git-send-email-peter.maydell@linaro.org

target-arm: Clean up handling of ARMv8 optional feature bits

CRC and crypto are both optional v8 extensions, so FEATURE_V8
should not imply them. Instead we should set these bits in the
initfns for the 32-bit and 64-bit "cpu any" and for the Cortex-A57.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401458125-27977-4-git-send-email-peter.maydell@linaro.org

target-arm: Remove unnecessary setting of feature bits

FEATURE_V8 implies both FEATURE_V7MP and FEATURE_ARM_DIV, so
we don't need to set them explicitly in initfns which set the
V8 feature bit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401458125-27977-3-git-send-email-peter.maydell@linaro.org

target-arm: arm_any_initfn() should never set ARM_FEATURE_AARCH64

The arm_any_initfn() is used only for the 32-bit linux-user "cpu any",
so it only gets called in builds where TARGET_AARCH64 is not defined.
Remove the unreachable line which sets ARM_FEATURE_AARCH64.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401458125-27977-2-git-send-email-peter.maydell@linaro.org

target-arm: A64: Use PMULL feature bit for PMULL

Now that we have a separate ARM_FEATURE_V8_PMULL bit, use it for
the A64 PMULL, not the AES feature bit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: add support for v8 VMULL.P64 instruction

Add support for the VMULL.P64 polynomial 64x64 to 128 bit multiplication
instruction in the A32/T32 instruction sets; this is part of the v8
Crypto Extensions.

To do this we have to move the neon_pmull_64_{lo,hi} helpers from
helper-a64.c into neon_helper.c so they can be used by the AArch32
translator.

Inspired-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401386724-26529-4-git-send-email-peter.maydell@linaro.org

target-arm: Allow 3reg_wide undefreq to encode more bad size options

The current undefreq field in the neon_3reg_wide handling allows us
to encode "UNDEF if size != 0" and "UNDEF if size == 0". This is
no longer sufficient with the advent of 64-bit polynomial VMULL,
which means we want to UNDEF if size == 1. Change the undefreq
encoding to use separate bits for all of "UNDEF if size == 0",
"UNDEF if size == 1" and "UNDEF if size == 2".

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401386724-26529-3-git-send-email-peter.maydell@linaro.org

target-arm: add support for v8 SHA1 and SHA256 instructions

This adds support for the SHA1 and SHA256 instructions that are available
on some v8 implementations of Aarch32.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1401386724-26529-2-git-send-email-peter.maydell@linaro.org
[PMM:
* rebase
* fix bad indent
* add a missing UNDEF check for Q!=1 in the 3-reg SHA1/SHA256 case
* use g_assert_not_reached()
* don't re-extract bit 6 for the 2-reg-misc encodings
* set the ELF HWCAP2 bits for the new features
]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: Correct handling of UXN bit in ARMv8 LPAE page tables

In v8 page tables bit 54 in the PTE is UXN in the EL0/EL1 translation regimes
and XN elsewhere. In v7 the bit is always XN. Since we only emulate EL0/EL1 we
can just treat this bit as UXN whenever we are in v8 mode.

Also correctly extract the upper attributes from the PTE entry, the v8 version
tried to avoid extracting the CONTIG bit and ended up with the upper bits being
off-by-one. Instead behave the same as v7 and extract (but ignore) the CONTIG
bit.

This fixes "Bad mode in Synchronous Abort handler detected, code 0x8400000f"
seen when modprobing modules under Linux.

Signed-off-by: Ian Campbell <ijc@hellion.org.uk>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Claudio Fontana <claudio.fontana@huawei.com>
Cc: Rob Herring <robherring2@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: Prepare cpreg writefns/readfns for EL3/SecExt

This patch changes some readfns/writefns to use raw_write
and raw_read functions, which use the fieldoffset specified
in ARMCPRegInfo instead of directly accessing the field.
This will simplify patches for EL3 & Security Extensions.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Message-id: 1401962428-14749-1-git-send-email-aggelerf@ethz.ch
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm/cpu64.c: Actually register Cortex-A57 impdef registers

cpu64.c contains a reginfo list for the impdef registers on
the Cortex-A57; however we forgot to actually call define_arm_cp_regs(),
so it was sitting there doing nothing. Remedy this omission.

Message-id: 1401226259-23121-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Tested-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

vexpress: Add support for the -bios flag to provide firmware

Right now to run firmware inside the QEMU VExpress model requires
padding out the firmware image to the size of the virtual flash and
passing it in via the -pflash argument. If the firmware image is passed
without padding, then QEMU will fail. Also, when passed as a -pflash
argument, QEMU treats the file as persistent storage and will modify the
file.

The -bios flag provides the semantics that we want for providing a
firmware image. This patch maps the contents of the -bios file into the
address space at the boot flash location.

Tested with the vexpress-a15 model and the Tianocore port.

Signed-off-by: Grant Likely <grant.likely@linaro.org>
Tested-by: Roy Franz <roy.franz@linaro.org>
[PMM: folded long line, removed stray \n from error message,
use correct variable for printing image name, exit(1) rather than 0]
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging

Net patches

# gpg: Signature made Mon 09 Jun 2014 14:41:34 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/net-pull-request:
  e1000: remove broken support for 82573L
  tests: e1000: test additional device IDs
  e1000: allow command-line selection of card model
  vmxnet3: fix msix vectors unuse
  net: xilinx_ethlite: Fix Rx-pong interrupt

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

e1000: remove broken support for 82573L

Currently, e1000 support is based on the manual for the 8254xx
model series. 82573x models are documented in a separate manual
(see http://www.intel.com/content/dam/www/public/us/en/documents/manuals/pcie-gbe-controllers-open-source-manual.pdf)
and the 82573L device ID no longer works correctly on either Linux
(3.14.*) or Windows 7.

This patch removes stale code claiming to support 82573L, cleaning
up the code base for the remaining 8254xx model series.

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

tests: e1000: test additional device IDs

Update e1000-test.c to check all currently supported devices.

Suggested-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

e1000: allow command-line selection of card model

Allow selection of different card models from the qemu
command line, to better accomodate a wider range of guests.

Signed-off-by: Romain Dolbeau <romain@dolbeau.org>
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

vmxnet3: fix msix vectors unuse

In vmxnet3_cleanup_msix(), there is called msix_vector_unuse() with
VMXNET3_MAX_INTRS. That is not correct since vector of
value VMXNET3_MAX_INTRS was never used. Also all the used vectors
are not un-used. So call vmxnet3_unuse_msix_vectors() instead which
does the correct job.

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

net: xilinx_ethlite: Fix Rx-pong interrupt

There is no CTRL_I bit in the pong buffer control register. The
CTRL_I bit from the ping buffer masks both ping and pong buffers.
Fix.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Fri 06 Jun 2014 17:08:50 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request: (42 commits)
  qapi: Extract qapi/block.json definitions
  qapi: Extract qapi/block-core.json definitions
  qapi: create two block related json modules
  qapi: Extract qapi/common.json definitions
  sheepdog: reload only header in a case of live snapshot
  sheepdog: fix vdi object update after live snapshot
  rbd: Fix leaks in rbd_start_aio() error path
  qemu-img: Document check exit codes
  block: fix wrong order in live block migration setup
  blockdev: acquire AioContext in block_set_io_throttle
  throttle: add detach/attach test case
  throttle: add throttle_detach/attach_aio_context()
  dataplane: Support VIRTIO_BLK_T_SCSI_CMD
  virtio-blk: Factor out virtio_blk_handle_scsi_req from virtio_blk_handle_scsi
  virtio-blk: Allow config-wce in dataplane
  block: Move declaration of bdrv_get_aio_context to block.h
  raw-posix: drop raw_get_aio_fd() since it is no longer used
  dataplane: implement async flush
  dataplane: delete IOQueue since it is no longer used
  dataplane: use the QEMU block layer for I/O
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

slirp/arp: do not special-case bogus IP addresses

Do not special-case addresses with zero host part, as we do not
necessarily know how big it is, and the guest can fake them anyway.
Silently avoid having 0.0.0.0 as a destination, however.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[Edgar: Minor change to subject]
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>

target-cris/translate.c: Remove _t_gen_mov_TN_env and _t_gen_mov_env_TN

The wrapper functions _t_gen_mov_TN_env and _t_gen_mov_env_TN are only
used via their accompanying non-underscore macros. The check they add
on offset is thus pointless, since the compiler will complain if the
struct field passed to the macro is not part of the struct. Remove the
functions and make the macros directly expand to the appropriate
tcg_gen_{ld,st}_tl calls.

This conveniently avoids a warning due to _t_gen_mov_TN_env() being
unused.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

target-cris/translate.c: Remove t_gen_mov_TN_reg and t_gen_mov_reg_TN

Remove the t_gen_mov_TN_reg and t_gen_mov_reg_TN wrappers: the
latter is completely unused, and the former only used in a few
places (which are thus inconsistent with the rest of the decoder
which directly accesses cpu_R[]).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

intc: xilinx_uartlite: Convert SBD::init -> instance_init

SysBusDevice::init is depracated. Convert to Object::init
as prescribed by QOM conventions.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

char: xilinx_uartlite: Convert to realize()

SysBusDevice::init is depracated. Convert to Object::init and
Device::realize as prescribed by QOM conventions.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

char: xilinx_uartlite: Don't reset from init

This refresh of the device state is intended to be a reset side
effect. Move it to a proper reset handler rather than do it at
init time.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

net: xilinx_ethlite: Convert to realize()

SysBusDevice::init is depracated. Convert to Object::init and
Device::realize as prescribed by QOM conventions.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

net: xilinx_ethlite: Don't reset from init

This zeroing-out of the rxbuf variable (ping pong state) is a reset
side effect. Extract into a proper reset.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

timer: xilinx_timer: Convert to realize()

SysBusDevice::init is depracated. Convert to Object::init and
Device::realize as prescribed by QOM conventions.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

qapi: Extract qapi/block.json definitions

Signed-off-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qapi: Extract qapi/block-core.json definitions

Signed-off-by: Benoit Canet <benoit@irqsave.net
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qapi: create two block related json modules

qapi/block-core.json contains block definitions unrelated to emulation.

qapi/block.json is a superset of the previous and contains definitions related
to emulation.

The purpose of these extractions is to be able to hook qapi/block-core.json
generated code on qemu-nbd.

Signed-off-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qapi: Extract qapi/common.json definitions

Signed-off-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

sheepdog: reload only header in a case of live snapshot

sheepdog driver doesn't need to read data_vdi_id[] when a live snapshot is
created.

Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Liu Yuan <namei.unix@gmail.com>
Cc: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Hitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

sheepdog: fix vdi object update after live snapshot

sheepdog driver should decide a write request is COW or not based on inode
object which is active when the write request is issued.

Example of wrong inode update path in the previous driver:
1. drier issues an ordinal write request to an existing object
2. user creates a snapshot of the VDI before the write request is completed
3. the respones for the request is RDONLY, because the VDI is already a snapshot
4. the driver reload an inode object of the new active VDI, then issues a write
   request again
5. the second write request can be completed
6. driver decide the request is COW or not with the below conditional branch:
      if (s->inode.data_vdi_id[idx] != s->inode.vdi_id) {
7. the ID of the written object and VID of the new active VDI is different, so
   the driver updates data_vdi_id[idx] and writes inode object
8. the existing object cannot be seen by the new active VDI, it results object
   leaking

Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Liu Yuan <namei.unix@gmail.com>
Cc: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Hitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

rbd: Fix leaks in rbd_start_aio() error path

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge remote-tracking branch 'remotes/mcayland/qemu-sparc' into staging

* remotes/mcayland/qemu-sparc:
  apb: implement IOMMU translation for PCI host bridge
  apb: handle reading/writing of IOMMU control registers
  apb: fix IOMMU register sizes
  apb: Move IOMMU registers into a separate IOMMUState struct
  tcx: move initialisation from realizefn to initfn
  tcx: move initialisation from SysBusDevice class to TCX class realizefn
  cg3: add extra check to prevent CG3 register array overflow
  cg3: move initialisation from realizefn to initfn

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mdroth/qga-pull-2014-06-05' into staging

* remotes/mdroth/qga-pull-2014-06-05:
qga: Fix handle fd leak in acquire_privilege()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,pci,virtio,qdev fixes, tests

new tests for SMBIOS
SMBIOS fixes
pc, pci fixes
qdev patches stayed on list for a month with no review,
as I told people on KVM forum I'm merging stuch patches
if they look fine.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* remotes/mst/tags/for_upstream:
  qdev: Add test of qdev_prop_check_global
  qdev: Display warning about unused -global
  tests: add smbios testing
  tests: rename acpi-test to bios-tables-test
  virtio-balloon: return empty data when no stats are available
  pcie_host: Turn pcie_host_init() into an instance_init
  SMBIOS: Fix type 17 field sizes
  SMBIOS: Update Type 0 struct generator for machines >= 2.1
  SMBIOS: Fix endian-ness when populating multi-byte fields
  serial-pci: Set prog interface field of pci config to 16550 compatible

Conflicts:
include/hw/i386/pc.h
[PMM: fixed trivial conflict in pc.h]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/bonzini/softmmu-smap' into staging

* remotes/bonzini/softmmu-smap: (33 commits)
  target-i386: cleanup x86_cpu_get_phys_page_debug
  target-i386: fix protection bits in the TLB for SMEP
  target-i386: support long addresses for 4MB pages (PSE-36)
  target-i386: raise page fault for reserved bits in large pages
  target-i386: unify reserved bits and NX bit check
  target-i386: simplify pte/vaddr calculation
  target-i386: raise page fault for reserved physical address bits
  target-i386: test reserved PS bit on PML4Es
  target-i386: set correct error code for reserved bit access
  target-i386: introduce support for 1 GB pages
  target-i386: introduce do_check_protect label
  target-i386: tweak handling of PG_NX_MASK
  target-i386: commonize checks for PAE and non-PAE
  target-i386: commonize checks for 4MB and 4KB pages
  target-i386: commonize checks for 2MB and 4KB pages
  target-i386: fix coding standards in x86_cpu_handle_mmu_fault
  target-i386: simplify SMAP handling in MMU_KSMAP_IDX
  target-i386: fix kernel accesses with SMAP and CPL = 3
  target-i386: move check_io helpers to seg_helper.c
  target-i386: rename KSMAP to KNOSMAP
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

apb: implement IOMMU translation for PCI host bridge

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

apb: handle reading/writing of IOMMU control registers

While the registers are documented as being 64-bit, Linux seems to access
them in two halves as 2 x 32-bit accesses. Make sure that we can correctly
handle this case.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

apb: fix IOMMU register sizes

According to the referenced documentation, the IOMMU has 3 64-bit registers
consisting of a control register, base register and flush register.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

apb: Move IOMMU registers into a separate IOMMUState struct

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

tcx: move initialisation from realizefn to initfn

Initialisation cleanup as suggested by Andreas.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Andreas Färber <afaerber@suse.de>

tcx: move initialisation from SysBusDevice class to TCX class realizefn

This is an intermediate step to bring TCX in line with CG3.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Andreas Färber <afaerber@suse.de>

cg3: add extra check to prevent CG3 register array overflow

The case statements in the CG3 read and write register routines have a maximum
value of CG3_REG_SIZE, so if a value were written to this offset then it
would overflow the register array.

Currently this cannot be exploited since the MemoryRegion restricts accesses
to the range 0 ... CG3_REG_SIZE - 1, but it seems worth clarifying this for
future review and/or static analysis.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Paolo Bonzini <pbonzini@redhat.com>

cg3: move initialisation from realizefn to initfn

Initialisation cleanup as suggested by Andreas.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Andreas Färber <afaerber@suse.de>

Merge remote-tracking branch 'remotes/rth/tcg-next' into staging

* remotes/rth/tcg-next:
  TCG: Fix tcg_gen_extr_i64_tl for 32bit
  tcg: Remove TCG_TARGET_HAS_new_ldst
  tci: Convert to new ldst opcodes
  tcg-i386: Fix win64 qemu store

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/kvm/uq/master' into staging

* remotes/kvm/uq/master:
  kvm: Fix eax for cpuid leaf 0x40000000
  kvmclock: Ensure proper env->tsc value for kvmclock_current_nsec calculation
  kvm: Enable -cpu option to hide KVM
  kvm: Ensure negative return value on kvm_init() error handling path
  target-i386: set CC_OP to CC_OP_EFLAGS in cpu_load_eflags
  target-i386: get CPL from SS.DPL
  target-i386: rework CPL checks during task switch, preparing for next patch
  target-i386: fix segment flags for SMM and VM86 mode
  target-i386: Fix vm86 mode regression introduced in fd460606fd6f.
  kvm_stat: allow choosing between tracepoints and old stats
  kvmclock: Ensure time in migration never goes backward

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-10' into staging

updates for docs/multiseat.txt
input: add support for kbd delays

# gpg: Signature made Wed 04 Jun 2014 08:22:39 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-input-10:
  docs/multiseat.txt: add note about spice
  docs/multiseat.txt: gtk joined the party
  docs/multiseat.txt: use autoseat
  input/vnc: use kbd delays in press_key
  input/curses: add kbd delay between keydown and keyup events
  input: use kbd delays for send_key monitor command
  input: add support for kbd delays

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

qdev: Add test of qdev_prop_check_global

This will generate a warning from "make check":

...
GTESTER tests/test-qdev-global-props
Warning: "-global dynamic-prop-type-bad.prop3=103" not used
GTESTER tests/check-qom-interface
...

If the warning is not generated, the test will fail.

Signed-off-by: Don Slutz <dslutz@verizon.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>

qdev: Display warning about unused -global

This can help a user understand why -global was ignored.

For example: with "-vga cirrus"; "-global vga.vgamem_mb=16" is just
ignored when "-global cirrus-vga.vgamem_mb=16" is not.

This is currently clear when the wrong property is provided:

out/x86_64-softmmu/qemu-system-x86_64 -global cirrus-vga.vram_size_mb=16 -monitor pty -vga cirrus
char device redirected to /dev/pts/20 (label compat_monitor0)
qemu-system-x86_64: Property '.vram_size_mb' not found
Aborted (core dumped)

vs

out/x86_64-softmmu/qemu-system-x86_64 -global vga.vram_size_mb=16 -monitor pty -vga cirrus
char device redirected to /dev/pts/20 (label compat_monitor0)
VNC server running on `::1:5900'
^Cqemu: terminating on signal 2

Signed-off-by: Don Slutz <dslutz@verizon.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>

target-i386: cleanup x86_cpu_get_phys_page_debug

Make the code a bit more similar to x86_cpu_handle_mmu_fault.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: fix protection bits in the TLB for SMEP

User pages must be marked as non-executable when running under SMEP;
otherwise, fetching the page first and then calling it will fail.

With this patch, all SMEP testcases in kvm-unit-tests now pass.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: support long addresses for 4MB pages (PSE-36)

4MB pages can use 40-bit addresses by putting the higher 8 bits in bits
20-13 of the PDE. Bit 21 is reserved.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: raise page fault for reserved bits in large pages

In large pages, bit 12 is for PAT, but bits starting at 13 are reserved.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: unify reserved bits and NX bit check

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: simplify pte/vaddr calculation

They can moved to after the dirty bit processing, and unified between
CR0.PG=1 and CR0.PG=0.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: raise page fault for reserved physical address bits

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: test reserved PS bit on PML4Es

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: set correct error code for reserved bit access

The correct error code is 9 (present, reserved), not 8.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: introduce support for 1 GB pages

Given the simplifications to the code in the previous patches, this
is now very simple to do.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: introduce do_check_protect label

This will help adding 1GB page support in the next patch.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: tweak handling of PG_NX_MASK

Remove the tail of the PAE case, so that we can use "goto" in the
next patch to jump to the protection checks.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: commonize checks for PAE and non-PAE

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: commonize checks for 4MB and 4KB pages

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: commonize checks for 2MB and 4KB pages

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: fix coding standards in x86_cpu_handle_mmu_fault

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: simplify SMAP handling in MMU_KSMAP_IDX

Do not use this MMU index at all if CR4.SMAP is false, and drop
the SMAP check from x86_cpu_handle_mmu_fault.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: fix kernel accesses with SMAP and CPL = 3

With SMAP, implicit kernel accesses from user mode always behave as
if AC=0. To do this, kernel mode is not anymore a separate MMU mode.
Instead, KERNEL_IDX is renamed to KSMAP_IDX and the kernel mode accessors
wrap KSMAP_IDX and KNOSMAP_IDX.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: move check_io helpers to seg_helper.c

Prepare for adding _kernel accessors there in the next patch.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: rename KSMAP to KNOSMAP

This is the mode where SMAP is overridden, put "NO" in its name.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

softmmu: move all load/store functions to cpu_ldst.h

Unify pieces of cpu-all.h, exec-all.h, softmmu_exec.h and tcg/tcg.h
into a single new header file with all helpers.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

softmmu: introduce cpu_ldst.h

This will collect all load and store helpers soon. For now
it is just a replacement for softmmu_exec.h, which this patch
stops including directly, but we also include it where this will
be necessary in order to simplify the next patch.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-arm: move arm_*_code to a separate file

These will soon require cpu_ldst.h, so move them out of cpu.h.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

softmmu: move softmmu_template.h out of include/

It is only included in cputlb.c now.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

softmmu: commonize helper definitions

They do not need to be in op_helper.c. Because cputlb.c now includes
softmmu_template.h twice for each size, io_readX must be elided the
second time through.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

softmmu: move ALIGNED_ONLY to cpu.h

Prepare for moving softmmu_header.h inclusion out of .c files

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

softmmu: make do_unaligned_access a method of CPU

We will reference it from more files in the next patch. To avoid
ruining the small steps we're making towards multi-target, make
it a method of CPU rather than just a global.

Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

softmmu: move definition of CPU_MMU_INDEX to inclusion site, drop ACCESS_TYPE

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

softmmu: move MMUSUFFIX under SOFTMMU_CODE_ACCESS

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

softmmu: start introducing SOFTMMU_CODE_ACCESS in softmmu_header.h

This preprocessor symbol is already used in softmmu_template.h. We
will use it to distinguish the two "fake" ACCESS_TYPEs
NB_MMU_MODES and NB_MMU_MODES + 1.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

hw: use ld_p/st_p instead of ld_raw/st_raw

The ld_raw and st_raw definitions are only needed in code that
must compile for both user-mode and softmmu emulation. Device
models can use the equivalent ld_p/st_p which are simple
pointer accessors.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

nseries: clean up coding style

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

cputlb: Fix regression with TCG interpreter (bug 1310324)

Commit 0f842f8a246f2b5b51a11c13f933bf7a90ae8e96 replaced GETPC_EXT() which
was derived from GETPC() by GETRA_EXT() without fixing cputlb.c. A later
patch replaced GETRA_EXT() by GETRA() in exec/softmmu_template.h which
is included in cputlb.c.

The TCG interpreter failed because the values returned by GETRA() were no
longer explicitly set to 0. The redefinition of GETRA() introduced here
fixes this.

In addition, GETPC_ADJ which is also used in exec/softmmu_template.h is
set to 0. Both changes reduce the compiled code size for cputlb.c by more
than 100 bytes, so the normal TCG without interpreter also profits from
the reduced code size and slightly faster code.

Cc: qemu-stable@nongnu.org
Reported-by: Giovanni Mascellani <gio@debian.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

TCG: Fix tcg_gen_extr_i64_tl for 32bit

We expose a generic helper "tcg_gen_extr_i64_tl" for 64bit targets, but the
same function for 32bit targets is a misnomer and refers to an invalid function
name.

Fix up the definition to point to the correct internal helper names instead.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Remove TCG_TARGET_HAS_new_ldst

Since all backends have been converted, remove the compatibility code.

Acked-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tci: Convert to new ldst opcodes

Tested-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-i386: Fix win64 qemu store

The first non-register argument isn't placed at offset 0.

Cc: qemu-stable@nongnu.org
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>

qemu-img: Document check exit codes

The exit code 63 (check not supported by image format) was not even
documented in the comment above the check command in the source code;
add it, as it does indeed seem useful.

Also, document all of check's exit codes in the manpage.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: fix wrong order in live block migration setup

The function init_blk_migration is better to be called before
set_dirty_tracking as the reasons below.

If we want to track dirty blocks via dirty_maps on a BlockDriverState
when doing live block-migration, its correspoding 'BlkMigDevState' should be
added to block_mig_state.bmds_list first for subsequent processing.
Otherwise set_dirty_tracking will do nothing on an empty list than allocating
dirty_bitmaps for them. And bdrv_get_dirty_count will access the
bmds->dirty_maps directly, then there would be a segfault triggered.

If the set_dirty_tracking fails, qemu_savevm_state_cancel will handle
the cleanup of init_blk_migration automatically.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: chai wen <chaiw.fnst@cn.fujitsu.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

blockdev: acquire AioContext in block_set_io_throttle

The block_set_io_throttle QMP and HMP commands modify I/O throttling
limits for block devices.

Acquire the BlockDriverState's AioContext to protect against race
conditions with an IOThread that is running I/O for this device.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>

throttle: add detach/attach test case

Add a test case that checks the timer is really removed/added by the
detach/attach functions.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>