git.maquefel.me Git - qemu.git/log

add mode field to blockdev-snapshot-sync transaction item

The mode field lets a management application create the snapshot
destination outside QEMU.

Right now, the only modes are "existing" and "absolute-paths". Mirroring
introduces "no-backing-file". In the future "relative-paths" could be
implemented too.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

rename blockdev-group-snapshot-sync

We will add other kinds of operation. Prepare for this by adjusting
the schema.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qapi: complete implementation of unions

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

use QSIMPLEQ_FOREACH_SAFE when freeing list elements

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Add 'make check-block'

Runs the full qemu-iotests suite for various image formats.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

make check: Add qemu-iotests subset

Run the 'quick' group from qemu-iotests during 'make check'.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-iotests: Mark some tests as quick

This creates a new test group 'quick' for some test case that take at
most a couple of seconds each, so that the group can be run during a
quick 'make check'

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qcow2: Add error messages in qcow2_truncate

qemu-img resize has some limitations with qcow2, but the user is only
told that "this image format does not support resize". Quite confusing,
so add some more detailed error_report() calls and change "this image
format" into "this image".

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

block: handle -EBUSY in bdrv_commit_all()

Monitor operations that manipulate image files must not execute while a
background job (like image streaming) is in progress. This prevents
corruptions from happening when two pieces of code are manipulating the
image file without knowledge of each other.

The monitor "commit" command raises QERR_DEVICE_IN_USE when
bdrv_commit() returns -EBUSY but "commit all" has no error handling.
This is easy to fix, although note that we do not deliver a detailed
error about which device was busy in the "commit all" case.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qcow2: Add some tracing

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

qed: do not evict in-use L2 table cache entries

The L2 table cache reduces QED metadata reads that would be required
when translating LBAs to offsets into the image file.  Since requests
execute in parallel it is possible to share an L2 table between multiple
requests.

There is a potential data corruption issue when an in-use L2 table is
evicted from the cache because the following situation occurs:

  1. An allocating write performs an update to L2 table "A".

  2. Another request needs L2 table "B" and causes table "A" to be
     evicted.

  3. A new read request needs L2 table "A" but it is not cached.

As a result the L2 update from #1 can overlap with the L2 fetch from #3.
We must avoid doing overlapping I/O requests here since the worst case
outcome is that the L2 fetch completes before the L2 update and yields
stale data.  In that case we would effectively discard the L2 update and
lose data clusters!

Thanks to Benoît Canet <benoit.canet@gmail.com> for extensive testing
and debugging which lead to discovery of this bug.

Reported-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Tested-by: Benoît Canet <benoit.canet@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Group snapshot: Fix format name for backing file

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Add missing const attributes for MemoryRegionOps

Most MemoryRegionOps already had the const attribute.
This patch adds it to the remaining ones.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

tcg: Improve tcg_out_label and fix its usage for w64

tcg_out_label is always called with a third argument of pointer type
which was casted to tcg_target_long.

These casts can be avoided by changing the prototype of tcg_out_label.

There was also a cast to long. For most hosts with
sizeof(long) == sizeof(tcg_target_long) == sizeof(void *) this did not
matter, but for w64 it was wrong. This is fixed now.

Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

configure: Test for libiberty.a (mingw32)

MinGW-w64 and some versions of MinGW32 don't provide libiberty.a,
so add this library only if it was found.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

w64: Don't redefine lseek, ftruncate

MinGW-w64 already defines lseek and ftruncate (and uses the 64 bit
variants). The conditional compilation avoids redefinitions
(which would be wrong) and compiler warnings.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

cache-utils: Add missing include file for uintptr_t

Commit 021ecd8b9db37927059f5d3234b51ed766706437 breaks the build for
PPC hosts because it uses uintptr_t without the necessary include file.

uintptr_t is defined in stdint.h, so add this include.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

build: Include config-host.mak as soon as possible

Current code depends on variables defined in config-host.mak before it is
actually included.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Cc: Paul Brook <paul@codesourcery.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

gdbstub: Do not kill target in system emulation mode

Too many VM kittens were killed since 7d03f82f81. Another one just died
under my fat fingers.

When you quit a kgdb session, does the Linux kernel power off? Or when
you terminate gdb attached to a hardware debugger, does your board
vanish in space? No.

So let's stop terminating QEMU when the gdbstub receives a kill commando
in system emulation mode. Real termination can still be achieved via
"monitor quit". We keep the behavior for user mode emulation which is
arguably more like a gdbserver scenario.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

target-i386: Mask NX bit from cpu_get_phys_page_debug result

This was a long pending bug, now revealed by the assert in
phys_page_find that stumbled over the large page index returned by
cpu_get_phys_page_debug for NX-marked pages: We need to mask out NX and
all user-definable bits 52..62 from PDEs and the final PTE to avoid
corrupting physical addresses.

Reviewed-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Merge remote-tracking branch 'stefanha/trivial-patches' into staging

* stefanha/trivial-patches:
  configure: Quote the configure args printed in config.log
  osdep: Remove local definition of macro offsetof
  libcacard: Spelling and grammar fixes in documentation
  Spelling fixes in comments (it's -> its)
  vnc: Add break statement
  libcacard: Use format specifier %u instead of %d for unsigned values
  Fix sign of sscanf format specifiers
  block/vmdk: Fix warning from splint (comparision of unsigned value)
  qmp: Fix spelling fourty -> forty
  qom: Fix spelling in documentation
  sh7750: Remove redundant 'struct' from MemoryRegionOps

Merge remote-tracking branch 'qemu-kvm/uq/master' into staging

* qemu-kvm/uq/master:
  kvm: fill in padding to help valgrind
  kvm: x86: Add user space part for in-kernel i8254
  kvm: Add kvm_has_pit_state2 helper
  i8254: Open-code timer restore
  i8254: Factor out base class for KVM reuse

Merge remote-tracking branch 'kraxel/usb.42' into staging

* kraxel/usb.42:
  xhci: fix port status
  xhci: fix control xfers
  usb: add shortcut for control transfers
  usb-host: enable pipelineing for bulk endpoints.
  usb: add pipelining option to usb endpoints
  usb: queue can have async packets
  uhci_fill_queue: zap debug printf
  usb: add USB_RET_IOERROR
  usb: return BABBLE rather then NAK when we receive too much data
  usb-ehci: Cleanup itd error handling
  usb-ehci: Fix and simplify nakcnt handling
  usb-ehci: Remove dead nakcnt code
  usb-ehci: Fix cerr tracking
  usb-ehci: Any packet completion except for NAK should set the interrupt
  usb-ehci: Rip the queues when the async or period schedule is halted
  usb-ehci: Drop cached qhs when the doorbell gets rung
  usb-ehci: always call ehci_queues_rip_unused for period queues
  usb-ehci: split our qh queue into async and periodic queues
  usb-ehci: Never follow table entries with the T-bit set
  usb-redir: Set ep type and interface

libcacard: Fix compilation with gcc-4.7

VCARD_ATR_PREFIX is used as part of an array initializer so it should
not have () around it, so far this happened to work, but gcc-4.7 does
not like it.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

xilinx_zynq: fix the build

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

configure: Quote the configure args printed in config.log

Use the same mechanism we use for printing the configure command
line to config-host.mak to print it to config.log. This fixes a
bug where the config.log version didn't quote arguments with spaces.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

osdep: Remove local definition of macro offsetof

The macro offsetof is defined in stddef.h. It is conforming to
the standards C89, C99 and POSIX.1-2001 (see man page), so it
is a sufficiently old standard.

Therefore chances are very high that QEMU never needs a local
definition of this macro.

osdep.h already includes stddef.h, so this patch simply removes
the unneeded code from the files configure and osdep.h.

If we ever need the local definition again, it should be added
to compiler.h (the macro is usually provided with the compiler,
it is not OS specific).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

libcacard: Spelling and grammar fixes in documentation

* it's -> its

* it's -> it is (that's no fix, but makes future checks easier)

* this functions -> this function

* replacable -> replaceable

* reader's -> readers

* logins into -> logs into

v2:
Also replace 'aid' by 'AID' (thanks to Peter Maydell for this hint).

v3:
Fix sentence (contributed by Alon Levy / Robert Relyea).

Cc: Alon Levy <alevy@redhat.com>
Cc: Robert Relyea <rrelyea@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

Spelling fixes in comments (it's -> its)

* it's -> its (fixed for all files)
* dont -> don't (only fixed in a line which was touched by the previous fix)
* distrub -> disturb (fixed in the same line)

Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

vnc: Add break statement

This was not a bug, but it is not common practice to omit the break statement
from the last case statement before an empty default case.

Any change of the default case would introduce a bug.

This was reported as a warning by splint.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

libcacard: Use format specifier %u instead of %d for unsigned values

splint reported warnings for those code statements.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

Fix sign of sscanf format specifiers

All values read by sscanf are unsigned, so replace %d by %u.

This signed / unsigned mismatch was detected by splint.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

block/vmdk: Fix warning from splint (comparision of unsigned value)

l1_entry_sectors will never be less than 0.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

qmp: Fix spelling fourty -> forty

This was found by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

qom: Fix spelling in documentation

This fixes a new spelling issue which was detected by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

sh7750: Remove redundant 'struct' from MemoryRegionOps

The 'struct' is not needed, and all other MemoryRegionOps don't use it.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

xhci: fix port status

Don't signal port status change if the usb device isn't in attached
state. Happens with usb-host devices with the pass-through device
being plugged out at the host.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

xhci: fix control xfers

Use the new, direct control transfer submission method instead of
bypassing the usb core by calling usb_device_handle_control directly.
The later fails for async control transfers.

This patch gets xhci + usb-host combo going.

usb: add shortcut for control transfers

Add a more direct code path to submit control transfers. Instead of
feeding three usb packets (setup, data, ack) to usb_handle_packet and
have the do_token_* functions in usb.c poke the control transfer
parameters out of it just submit a single packet carrying the actual
data with the control xfer parameters filled into USBPacket->parameters.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-host: enable pipelineing for bulk endpoints.

We really don't want to wait for packets finish before submitting the
next, we want keep the data flow running.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: add pipelining option to usb endpoints

With this patch applied USB drivers can enable pipelining per endpoint.
With pipelining enabled the usb core will continue submitting packets
even when there are still async transfers in flight instead of passing
them on one by one.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: queue can have async packets

This can happen today in case the ->complete() callback queues up the
next packet. Also we'll support pipelining soon, which allows to have
multiple packets per queue in flight (aka ASYNC) state.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

uhci_fill_queue: zap debug printf

usb: add USB_RET_IOERROR

We already have USB_RET_NAK, but that means that a device does not want
to send/receive right now. But with host / network redirection we can
actually have a transaction fail due to some io error, rather then ie
the device just not having any data atm.

This patch adds a new error code named USB_RET_IOERROR for this, and uses
it were appropriate.

Notes:
-Currently all usb-controllers handle this the same as NODEV, but that
may change in the future, OHCI could indicate a CRC error instead for example.
-This patch does not touch hw/usb-musb.c, that is because the code in there
handles STALL and NAK specially and has a if status < 0 generic catch all
for all other errors

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: return BABBLE rather then NAK when we receive too much data

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: Cleanup itd error handling

All error statuses except for NAK are handled in a switch case, move the
handling of NAK into the same switch case.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: Fix and simplify nakcnt handling

The nakcnt code in ehci_execute_complete() marked transactions as finished
when a packet completed with a result of USB_RET_NAK, but USB_RET_NAK
means that the device cannot receive / send data at that time and that
the transaction should be retried later, which is also what the usb-uhci
and usb-ohci code does.

Note that there already was some special code in place to handle this
for interrupt endpoints in the form of doing a return from
ehci_execute_complete() when reload == 0, but that for bulk transactions
this was not handled correctly (where as for example the usb-ccid device does
return USB_RET_NAK for bulk packets).

Besides that the code in ehci_execute_complete() decrement nakcnt by 1
on a packet result of USB_RET_NAK, but
-since the transaction got marked as finished,
nakcnt would never be decremented again
-there is no code checking for nakcnt becoming 0
-there is no use in re-trying the transaction within the same usb frame /
usb-ehci frame-timer call, since the status of emulated devices won't change
as long as the usb-ehci frame-timer is running
So we should simply set the nakcnt to 0 when we get a USB_RET_NAK, thus
claiming that we've tried reload times (or as many times as possible if
reload is 0).

Besides the code in ehci_execute_complete() handling USB_RET_NAK there
was also code handling it in ehci_state_executing(), which calls
ehci_execute_complete(), and then does its own handling on top of the handling
in ehci_execute_complete(), this code would decrement nakcnt *again* (if not
already 0), or restore the reload value (which was never changed) on success.

Since the double decrement was wrong to begin with, and is no longer needed
now that we set nakcnt directly to 0 on USB_RET_NAK, and the restore of reload
is not needed either, this patch simply removes all nakcnt handling from
ehci_state_executing().

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: Remove dead nakcnt code

This patch removes 2 bits of dead nakcnt code:

1) usb_ehci_execute calls ehci_qh_do_overlay which does:
nakcnt = reload;
and then has a block of code which is conditional on:
if (reload && !nakcnt) {
which ofcourse is never true now as nakcnt == reload.

2) ehci_state_fetchqh does:
nakcnt = reload;
but before nakcnt is ever used ehci_state_fetchqh is always followed
by a ehci_qh_do_overlay call which also does:
nakcnt = reload;
So doing this from ehci_state_fetchqh is redundant.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: Fix cerr tracking

cerr should only be decremented on errors which cause XactErr to be set, and
when that happens the failing transaction should be retried until cerr reaches
0 and only then should USBSTS_ERRINT be set (and inactive cleared and
USBSTS_INT set if requested).

Since we don't have any hardware level errors (and in case of redirection
the real hardware has already retried), re-trying makes no sense, so
immediately set cerr to 0 on errors which set XactErr.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: Any packet completion except for NAK should set the interrupt

As clearly stated in the 2.3.2 of the EHCI spec, any time USBERRINT get
sets then if the td has its IOC bit set USBINT should be set as well.

This means that for any status except for USB_RET_NAK we should set
USBINT if the IOC bit is set.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: Rip the queues when the async or period schedule is halted

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: Drop cached qhs when the doorbell gets rung

The purpose of the IAAD bit / the doorbell is to make the ehci controller
forget about cached qhs, this is mainly used when cancelling transactions,
the qh is unlinked from the async schedule and then the doorbell gets rung,
once the doorbell is acked by the controller the hcd knows that the qh is
no longer in use and that it can do something else with the memory, such
as re-use it for a new qh! But we keep our struct representing this qh around
for circa 250 ms. This allows for a (mightily large) race window where the
following could happen:
-hcd submits a qh at address 0xdeadbeef
-our ehci code sees the qh, sends a request to a usb-device, gets a result
of USB_RET_ASYNC, sets the async_state of the qh to EHCI_ASYNC_INFLIGHT
-hcd unlinks the qh at address 0xdeadbeef
-hcd rings the doorbell, wait for us to ack it
-hcd re-uses the qh at address 0xdeadbeef
-our ehci code sees the qh, looks in the async_queue, sees there already is
a qh at address 0xdeadbeef there with async_state of EHCI_ASYNC_INFLIGHT,
does nothing
-the *original* (which the hcd thinks it has cancelled) transaction finishes
-our ehci code sees the qh on yet another pass through the async list,
looks in the async_queue, sees there already is a qh at address 0xdeadbeef
there with async_state of EHCI_ASYNC_COMPLETED, and finished the transaction
with the results of the *original* transaction.

Not good (tm), this patch fixes this race by removing all qhs which have not
been seen during the last cycle through the async list immidiately when the
doorbell is rung.

Note this patch does not fix any actually observed problem, but upon
reading of the EHCI spec it became apparent to me that the above race could
happen and the usb-ehci behavior from before this patch is not good.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: always call ehci_queues_rip_unused for period queues

Before this patch USB 2 devices with interrupt endpoints were not working
properly. The problem is that to avoid loops we stop processing as soon
as we encounter a queue-head (qh) we've already seen since qhs can be linked
in a circular fashion, this is tracked by the seen flag in our qh struct.

The resetting of the seen flag is done from ehci_queues_rip_unused which
before this patch was only called when executing the statemachine for the
async schedule.

But packets for interrupt endpoints are part of the periodic schedule! So what
would happen is that when there were no ctrl or bulk packets for a USB 2
device with an interrupt endpoint, the async schedule would become non
active, then ehci_queues_rip_unused would no longer get called and when
processing the qhs for the interrupt endpoints from the periodic schedule
their seen bit would still be 1 and they would be skipped.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: split our qh queue into async and periodic queues

qhs can be part of both the async and the periodic schedule, as is shown
in later patches in this series it is useful to keep track of the qhs on
a per schedule basis.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: Never follow table entries with the T-bit set

Before this patch the T-bit was not checked in 2 places, while it should be.

Once we properly check the T-bit everywhere we no longer need the weird
entry < 0x1000 and entry > 0x1000 checks, so this patch removes them.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-redir: Set ep type and interface

Since we don't use usb_desc.c we need to do this ourselves. This fixes
iso transfers no longer working for USB 2 devices due to the ep->type
check in ehci.c

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

kvm: fill in padding to help valgrind

valgrind warns about padding fields which are passed
to vcpu ioctls uninitialized.
This is not an error in practice because kvm ignored padding.
Since the ioctls in question are off data path and
the cost is zero anyway, initialize padding to 0
to suppress these errors.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

kvm: x86: Add user space part for in-kernel i8254

This provides the required user space stubs to enable the in-kernel
i8254 emulation of KVM.

The in-kernel model supports lost tick compensation according to the
"delay" policy. This is enabled by default and can be switched off via a
device property.

Depending on the feature set of the host kernel (before 2.6.32), we may
have to disable the HPET or lack sound output from the PC speaker.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

kvm: Add kvm_has_pit_state2 helper

To be used for in-kernel PIT emulation.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

i8254: Open-code timer restore

Same as for the APIC: To enable migration between accelerated and
non-accelerated models, we need to arm the channel 0 timer only inside
the emulated PIT model. The common code just saves/restores that timer
to the the next_transition_time field.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

i8254: Factor out base class for KVM reuse

Applying the concept used for the *PICs once again: establish a base
class for the i8254 that can be used both by the current user space
emulation and the upcoming KVM in-kernel version. We share most of the
public interface of the i8254, specifically to the pcspk, vmstate, reset
and certain init parts.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

xilinx_zynq: machine model initial version

Xilinx zynq-7000 machine model. Also includes device model for the zynq-specific
system level control register (SLCR) module.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

cadence_gem: initial version of device model

Device model for cadence gem ethernet controller.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: John Linn <john.linn@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

cadence_ttc: initial version of device model

Implemented cadence Triple Timer Counter (TCC)

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: John Linn <john.linn@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

cadence_uart: initial version of device model

Implemented cadence UART serial controller

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: John Linn <john.linn@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

microblaze_boot: enabled -dtb argument

Use the -dtb argument for passing is a custom dtb rather than the old
hardcoded "mb.dtb"

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

qemu-options.hx: allow -dtb argument for all archs

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

petalogix_s2adsp1800: macro'd magic numbers

defined macros for the addresses of the peripherals in machine model

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

petalogix_s2adsp1800: moved rst logic to rst fn

This belongs in the machine specific reset function

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

microblaze: factored out common boot code

factored out the copy-pasted common boot code from the two microblaze platforms
into a dedicated microblaze bootloader (microblaze_boot.o).

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

Merge branch 's390-for-upstream' of git://repo.or.cz/qemu/agraf

* 's390-for-upstream' of git://repo.or.cz/qemu/agraf:
Move helpers.h to helper.h
s390: Rework kernel loading: supports elf and newer kernels

Move helpers.h to helper.h

Provides a file naming scheme consistent with other targets.

Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Signed-off-by: Alexander Graf <agraf@suse.de>

s390: Rework kernel loading: supports elf and newer kernels

This reworks the image loading on s390.

Newer kernels will not always have a 0dd0 (basr 13,0) at address 0x10000.
We must not rely on specific code at certain addresses. This check was
introduced to warn users that tried to load vmlinux, since ELF loading
was not supported. Lets wire that up. If elf loading fails, we assume
that this is a standard kernel image and load that via load_image_targphys.
This patch also changes all other users of load_image to
load_image_targphys to be consistent. (the elf loader registers the kernel
as rom).

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

memory: fix I/O port aliases

Commit e58ac72b6a0 ("ioport: change portio_list not to use
memory_region_set_offset()") started using aliases of I/O memory
regions. Since the IORange used for the I/O was contained in the
target region, the alias information (specifically, the offset
into the region) was lost. This broke -vga std.

Fix by allocating an independent object to hold the IORange and
also the new offset.

Note that I/O memory regions were conceptually broken wrt aliases
in a different way: an alias can cause the same region to appear
twice in an address space, but we had just one IORange to service it.
This patch fixes that problem as well, since we can now have multiple
IORange/MemoryRegion associations.

Signed-off-by: Avi Kivity <avi@redhat.com>

ioport: add destructor method to IORange

Previously all callers had a containing object with a destructor that
could be used to trigger cleanup of the IORange objects (typically
just freeing the containing object), but a forthcoming memory API
change doesn't fit this pattern. Rather than setting up a new global
table, extend the ioport system to support destructors.

Signed-off-by: Avi Kivity <avi@redhat.com>

w64: fix type casts when calling flush_icache_range

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

cache-utils: Change data type of parameters for flush_icache_range

The TCG targets i386 and tci needed a change of the function
prototype for w64.

This change is currently not needed here, but it can be applied
to avoid code differences.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

w64: Change data type of parameters for flush_icache_range

The TCG targets i386 and tci needed a change of the function
prototype for w64.

This change is currently not needed for the other TCG targets,
but it can be applied to avoid code differences.

Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

w64: Fix data type of parameters for flush_icache_range

flush_icache_range takes two address parameters which must be large
enough to address any address of the host.

For hosts with sizeof(unsigned long) == sizeof(void *), this patch
changes nothing. All currently supported hosts fall into this category.

For w64 hosts, sizeof(unsigned long) is 4 while sizeof(void *) is 8,
so the use of tcg_target_ulong is needed for i386 and tci (the tcg
targets which work with w64).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

tcg: Rearrange definitions and include statements

This change makes tcg_target_ulong available in tcg-target.h.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

w64: Fix size of ram_addr_t

ram_addr_t must be large enough to address any address of the host.

For hosts with sizeof(unsigned long) == sizeof(void *), this patch
changes nothing. All currently supported hosts fall into this category.

For w64 hosts, sizeof(unsigned long) is 4 while sizeof(void *) is 8,
so the use of uintptr_t is needed.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Merge branch 'upstream' of git://qemu.weilnetz.de/qemu

* 'upstream' of git://qemu.weilnetz.de/qemu:
  Move definition of HOST_LONG_BITS to qemu-common.h
  target-xtensa: Clean includes
  target-unicore32: Clean includes
  target-sh4: Clean includes
  target-s390x: Clean includes
  target-ppc: Clean includes
  target-mips: Clean includes
  target-microblaze: Clean includes
  target-m68k: Clean includes
  target-lm32: Clean includes
  target-i386: Clean includes
  target-cris: Clean includes
  target-arm: Clean includes
  target-alpha: Clean includes
  Remove macro HOST_LONG_SIZE

usb: Fix signature of stub usb_host_device_open

This was a breakage of 3741715cf2.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Merge branch 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm

* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
  hw/arm11mpcore: Fix broken realview_mpcore/arm11mpcore_priv properties
  arm: add device tree support
  arm: make sure that number of irqs can be represented in GICD_TYPER.
  arm: clean up GIC constants

Merge branch 'xtensa' of git://jcmvbkbc.spb.ru/dumb/qemu-xtensa

* 'xtensa' of git://jcmvbkbc.spb.ru/dumb/qemu-xtensa:
  target-xtensa: add breakpoint tests
  target-xtensa: add DEBUG_SECTION to overlay tool
  target-xtensa: add DBREAK data breakpoints
  exec: let cpu_watchpoint_insert accept larger watchpoints
  exec: fix check_watchpoint exiting cpu_loop
  exec: add missing breaks to the watch_mem_write
  target-xtensa: add ICOUNT SR and debug exception
  target-xtensa: implement instruction breakpoints
  target-xtensa: add DEBUGCAUSE SR and configuration
  target-xtensa: fetch 3rd opcode byte only when needed
  target-xtensa: implement info tlb monitor command
  target-xtensa: define TLB_TEMPLATE for MMU-less cores

hw/arm11mpcore: Fix broken realview_mpcore/arm11mpcore_priv properties

Fix confusion in the Property arrays for the "arm11mpcore_priv"
(per-CPU devices for the ARM11MPcore CPU) and "realview_mpcore"
(realview-eb board specific device encapsulating CPU and some
extra interrupt controllers) -- the num-irq property was defined
on the wrong device and the mpcore_rirq_properties were defined
as offsets in the wrong structure. The effect was that the
realview-eb-mpcore machine would abort on startup trying to
allocate an insane amount of memory. (This bug was introduced in
the QOM conversion in commit 999e12bb.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

arm: add device tree support

If compiled with CONFIG_FDT, allow user to specify a device tree file using
the -dtb argument. If the machine supports it then the dtb will be loaded
into memory and passed to the kernel on boot.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
[Peter Maydell: Use machine opt rather than global to pass dtb filename]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

arm: make sure that number of irqs can be represented in GICD_TYPER.

We currently assume that the number of interrupts (ITLinesNumber in
the architecture reference manual) is divisible by 32, since we
present it to the guest when it reads GICD_TYPER (in gic_dist_readb())
as (N / 32) - 1.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

arm: clean up GIC constants

Interrupts numbers 0-31 are private to the processor interface, 32-1019 are
general interrupts. Add GIC_INTERNAL and substitute everywhere.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
[Peter Maydell: converted some tabs to spaces]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'qemu-kvm/memory/urgent' into staging

* qemu-kvm/memory/urgent:
kvm: fix unaligned slots

Merge remote-tracking branch 'qemu-kvm/memory/core' into staging

* qemu-kvm/memory/core: (30 commits)
  memory: allow phys_map tree paths to terminate early
  memory: unify PhysPageEntry::node and ::leaf
  memory: change phys_page_set() to set multiple pages
  memory: switch phys_page_set() to a recursive implementation
  memory: replace phys_page_find_alloc() with phys_page_set()
  memory: simplify multipage/subpage registration
  memory: give phys_page_find() its own tree search loop
  memory: make phys_page_find() return a MemoryRegionSection
  memory: move tlb flush to MemoryListener commit callback
  memory: unify the two branches of cpu_register_physical_memory_log()
  memory: fix RAM subpages in newly initialized pages
  memory: compress phys_map node pointers to 16 bits
  memory: store MemoryRegionSection pointers in phys_map
  memory: unify phys_map last level with intermediate levels
  memory: remove first level of l1_phys_map
  memory: change memory registration to rebuild the memory map on each change
  memory: support stateless memory listeners
  memory: split memory listener for the two address spaces
  xen: ignore I/O memory regions
  memory: allow MemoryListeners to observe a specific address space
  ...

Merge remote-tracking branch 'qemu-kvm/uq/master' into staging

* qemu-kvm/uq/master:
  pc-bios: update kvmvapic.bin
  kvmvapic: Use optionrom helpers
  optionsrom: Reserve space for checksum
  kvmvapic: Simplify mp/up_set_tpr
  kvmvapic: Introduce TPR access optimization for Windows guests
  kvmvapic: Add option ROM
  target-i386: Add infrastructure for reporting TPR MMIO accesses
  Allow to use pause_all_vcpus from VCPU context
  Process pending work while waiting for initial kick-off in TCG mode
  Remove useless casts from cpu iterators
  kvm: Set cpu_single_env only once
  kvm: Synchronize cpu state in kvm_arch_stop_on_emulation_error()

kvm: fix unaligned slots

kvm_set_phys_mem() may be passed sections that are not aligned to a page
boundary. The current code simply brute-forces the alignment which leads
to an inconsistency and an abort().

Fix by aligning the start and the end of the section correctly, discarding
and unaligned head or tail.

This was triggered by a guest sizing a 64-bit BAR that is smaller than a page
with PCI_COMMAND_MEMORY enabled and the upper dword clear.

Signed-off-by: Avi Kivity <avi@redhat.com>

pc-bios: update kvmvapic.bin

Signed-off-by: Avi Kivity <avi@redhat.com>

Merge remote-tracking branch 'kwolf/for-anthony' into staging

* kwolf/for-anthony: (27 commits)
  qemu-img: fix segment fault when the image format is qed
  qemu-io: fix segment fault when the image format is qed
  qemu-tool: revert cpu_get_clock() abort(3)
  qemu-iotests: Test rebase with short backing file
  qemu-iotests: 026: Reduce output changes for cache=none qcow2
  qemu-iotests: Filter out DOS line endings
  test: add image streaming tests
  qemu-iotests: add iotests Python module
  qemu-iotests: export TEST_DIR for non-bash tests
  QMP: Add qmp command for blockdev-group-snapshot-sync
  qapi: Introduce blockdev-group-snapshot-sync command
  qcow2: Reject too large header extensions
  qcow2: Fix offset in qcow2_read_extensions
  block: drop aio_multiwrite in BlockDriver
  block: remove unused fields in BlockDriverState
  qcow2: Fix build with DEBUG_EXT enabled
  ide: fail I/O to empty disk
  fdc: DIR (Digital Input Register) should return status of current drive...
  fdc: fix seek command, which shouldn't check tracks
  fdc: check if media rate is correct before doing any transfer
  ...

Merge remote-tracking branch 'spice/spice.v49' into staging

* spice/spice.v49:
  qxl: properly handle upright and non-shared surfaces
  Error out when tls-channel option is used without TLS
  spice: use error_report to report errors
  qxl: add optinal 64bit vram bar
  qxl: make qxl_render_update async
  qxl: introduce QXLCookie
  qxl: remove flipped
  qxl: require spice >= 0.8.2
  qxl: drop qxl_spice_update_area_async definition
  sdl: remove NULL check, g_malloc0 can't fail
  qxl: fix spice+sdl no cursor regression

Merge remote-tracking branch 'kraxel/usb.39' into staging

* kraxel/usb.39: (21 commits)
  usb: Resolve warnings about unassigned bus on usb device creation
  usb-redir: Return USB_RET_NAK when we've no data for an interrupt endpoint
  usb-redir: Limit return values returned by iso packets
  usb-redir: Let the usb-host know about our device filtering
  usb-redir: Always clear device state on filter reject
  usb-redir: Fix printing of device version
  ehci: drop old stuff
  usb-ehci: Handle ISO packets failing with an error other then NAK
  libcacard: fix reported ATR length
  usb-ccid: advertise SELF_POWERED
  libcacard: link with glib for g_strndup
  usb-desc: fix user trigerrable segfaults (!config)
  usb-ehci: sanity-check iso xfers
  usb: add tracepoint for usb packet state changes.
  usb-xhci: enable packet queuing
  usb-uhci: implement packet queuing
  usb-uhci: process uhci_handle_td return code via switch.
  usb-uhci: add UHCIQueue
  usb-uhci: cleanup UHCIAsync allocation & initialization.
  usb-ehci: fix reset
  ...

qemu-img: fix segment fault when the image format is qed

[root@f15 qemu]# qemu-img info /home/zwu/work/misc/rh6.img
image: /home/zwu/work/misc/rh6.img
file format: qed
virtual size: 4.0G (4294967296 bytes)
disk size: 1.2G
cluster_size: 65536
Segmentation fault (core dumped)

Today when i were fixing another issue, i found this issue; After simple
investigation, i found that the required clock vm_clock is not created
for qemu tool.

Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-io: fix segment fault when the image format is qed

[root@f15 qemu]# qemu-io -c info /home/zwu/work/misc/rh6.img
format name: qed
cluster size: 64 KiB
vm state offset: 0.000000 bytes
Segmentation fault (core dumped)

This reason is same as the former patch

Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-tool: revert cpu_get_clock() abort(3)

Despite the fact that the qemu-tool environment has no guest running and
vm_clock therefore does not make sense, there is code that gets the
vm_clock time even in qemu-tool. Therefore, revert the abort(3) call
and just return 0 like we used to. This unbreaks qemu-img/qemu-io with
QED and Kevin has also expressed interest in this for qcow2.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>