git.maquefel.me Git - qemu.git/log

kvm: x86: Implicitly clear nmi_injected/pending on reset

All CPUX86State variables before CPU_COMMON are automatically cleared on
reset. Reorder nmi_injected and nmi_pending to avoid having to touch
them explicitly.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: Do not use qemu_fair_mutex

The imbalance in the hold time of qemu_global_mutex only exists in TCG
mode. In contrast to TCG VCPUs, KVM drops the global lock during guest
execution. We already avoid touching the fairness lock from the
IO-thread in KVM mode, so also stop using it from the VCPU threads.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: Flush coalesced mmio buffer on IO window exits

We must flush pending mmio writes if we leave kvm_cpu_exec for an IO
window. Otherwise we risk to loose those requests when migrating to a
different host during that window.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: x86: Rework identity map and TSS setup for larger BIOS sizes

In order to support loading BIOSes > 256K, reorder the code, adjusting
the base if the kernel supports moving the identity map.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: Consolidate must-have capability checks

Instead of splattering the code with #ifdefs and runtime checks for
capabilities we cannot work without anyway, provide central test
infrastructure for verifying their availability both at build and
runtime.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: Drop smp_cpus argument from init functions

No longer used.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: x86: Fix !CONFIG_KVM_PARA build

If we lack kvm_para.h, MSR_KVM_ASYNC_PF_EN is not defined. The change in
kvm_arch_init_vcpu is just for consistency reasons.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: x86: Reset paravirtual MSRs

Make sure to write the cleared MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK,
and MSR_KVM_ASYNC_PF_EN to the kernel state so that a freshly booted
guest cannot be disturbed by old values.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
CC: Glauber Costa <glommer@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: x86: Refactor msr_star/hsave_pa setup and checks

Simplify kvm_has_msr_star/hsave_pa to booleans and push their one-time
initialization into kvm_arch_init. Also handle potential errors of that
setup procedure.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: x86: Fix xcr0 reset mismerge

For unknown reasons, xcr0 reset ended up in kvm_arch_update_guest_debug
on upstream merge. Fix this and also remove the misleading comment (1 is
THE reset value).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: x86: Remove redundant mp_state initialization

kvm_arch_reset_vcpu initializes mp_state, and that function is invoked
right after kvm_arch_init_vcpu.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: x86: Prepare kvm_get_mp_state for in-kernel irqchip

This code path will not yet be taken as we still lack in-kernel irqchip
support. But qemu-kvm can already make use of it and drop its own
mp_state access services.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: x86: Align kvm_arch_put_registers code with comment

The ordering doesn't matter in this case, but better keep it consistent.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

x86: Optionally dump code bytes on cpu_dump_state

Introduce the cpu_dump_state flag CPU_DUMP_CODE and implement it for
x86. This writes out the code bytes around the current instruction
pointer. Make use of this feature in KVM to help debugging fatal vm
exits.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: Improve reporting of fatal errors

Report KVM_EXIT_UNKNOWN, KVM_EXIT_FAIL_ENTRY, and KVM_EXIT_EXCEPTION
with more details to stderr. The latter two are so far x86-only, so move
them into the arch-specific handler. Integrate the Intel real mode
warning on KVM_EXIT_FAIL_ENTRY that qemu-kvm carries, but actually
restrict it to Intel CPUs. Moreover, always dump the CPU state in case
we fail.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: Stop on all fatal exit reasons

Ensure that we stop the guest whenever we face a fatal or unknown exit
reason. If we stop, we also have to enforce a cpu loop exit.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: x86: Swallow KVM_EXIT_SET_TPR

This exit only triggers activity in the common exit path, but we should
accept it in order to be able to detect unknown exit types.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: Fix coding style violations

No functional changes.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: x86: Fix a few coding style violations

No functional changes.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

kvm: x86: Prevent sign extension of DR7 in guest debugging mode

This unbreaks guest debugging when the 4th hardware breakpoint used for
guest debugging is a watchpoint of 4 or 8 byte lenght. The 31st bit of
DR7 is set in that case and used to cause a sign extension to the high
word which was breaking the guest state (vm entry failure).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

kvm: x86: Remove obsolete SS.RPL/DPL aligment

This seems to date back to the days KVM didn't support real mode. The
check is no longer needed and, even worse, is corrupting the guest state
in case SS.RPL != DPL.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

kvm: x86: Fix DPL write back of segment registers

The DPL is stored in the flags and not in the selector. In fact, the RPL
may differ from the DPL at some point in time, and so we were corrupting
the guest state so far.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

kvm: introduce kvm_inject_x86_mce_on

Pass a table instead of multiple args.

Note:

    kvm_inject_x86_mce(env, bank, status, mcg_status, addr, misc,
                       abort_on_error);

is equal to:

    struct kvm_x86_mce mce = {
        .bank = bank,
        .status = status,
        .mcg_status = mcg_status,
        .addr = addr,
        .misc = misc,
    };
    kvm_inject_x86_mce_on(env, &mce, abort_on_error);

Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: kvm_mce_inj_* subroutines for templated error injections

Refactor codes for maintainability.

Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: introduce kvm_mce_in_progress

Share same error handing, and rename this function after
MCIP (Machine Check In Progress) flag.

Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

Add function for checking mca broadcast of CPU

Add function for checking whether current CPU support mca broadcast.

Signed-off-by: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

Add "broadcast" option for mce command

When the following test case is injected with mce command, maybe user could not
get the expected result.
    DATA
               command cpu bank status             mcg_status  addr   misc
        (qemu) mce     1   1    0xbd00000000000000 0x05        0x1234 0x8c

    Expected Result
           panic type: "Fatal Machine check"

That is because each mce command can only inject the given cpu and could not
inject mce interrupt to other cpus. So user will get the following result:
    panic type: "Fatal machine check on current CPU"

"broadcast" option is used for injecting dummy data into other cpus. Injecting
mce with this option the expected result could be gotten.

Usage:
    Broadcast[on]
           command broadcast cpu bank status             mcg_status  addr   misc
    (qemu) mce     -b        1   1    0xbd00000000000000 0x05        0x1234 0x8c

    Broadcast[off]
           command cpu bank status             mcg_status  addr   misc
    (qemu) mce     1   1    0xbd00000000000000 0x05        0x1234 0x8c

Signed-off-by: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

Clean up cpu_inject_x86_mce()

Clean up cpu_inject_x86_mce() for later patch.

Signed-off-by: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: convert kvm_ioctl(KVM_CHECK_EXTENSION) to kvm_check_extension()

simple cleanup and use existing helper: kvm_check_extension().

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

kvm: Enable user space NMI injection for kvm guest

Make use of the new KVM_NMI IOCTL to send NMIs into the KVM guest if the
user space raised them. (example: qemu monitor's "nmi" command)

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

checkpatch: adjust to QEMUisms

Change checkpatch.pl for QEMU use:
- Root directory detection
- Forbid tabs
- Indent at 4 spaces
- Allow typedefs
- Enforce brace use even for single statement blocks
- Don't suggest nonexistent cleanup tools

Mention the script in CODING_STYLE.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Add checkpatch.pl from Linux kernel

Unchanged import from
http://www.kernel.org/pub/linux/kernel/people/apw/checkpatch/checkpatch.pl-0.31

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Add scripts directory

Move build and user scripts into scripts directory.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

gt64xxx: set isa_mem_base during registration

isa_mem_base is computed from registers during reset, but due to QEMU
limitations some devices (e.g. VGA card) need to know it earlier when
they are registered.

Workaround this by setting the value during registration instead of
reset.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/pl190.c: Fix writing of default vector address

The PL190 implementation keeps the default vector address
in vect_addr[16], but we weren't using this for writes to
the DEFVECTADDR register. As a result of this fix the
default_addr structure member is unused and we can delete it.

Reported-by: Himanshu Chauhan <hschauhan@nulltrace.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Merge remote branch 'mst/for_anthony' into staging

target-ppc: fix wrong NaN tests

Some tests in FPU emulation code were wrongly using float64_is_nan()
before commit 185698715dfb18c82ad2a5dbc169908602d43e81, and wrongly
using float64_is_quiet_nan() after. Fix them by using float64_is_any_nan()
instead.

Reviewed-by: Nathan Froyd <froydnj@codesourcery.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-ppc: fix sNaN propagation

The current FPU code returns 0.0 if one of the operand is a
signaling NaN and the VXSNAN exception is disabled.

fload_invalid_op_excp() doesn't return a qNaN in case of a VXSNAN
exception as the operand should be propagated instead of a new
qNaN to be generated. Fix that by calling fload_invalid_op_excp()
only for the exception generation (if enabled), and use the softfloat
code to correctly compute the result.

Reviewed-by: Nathan Froyd <froydnj@codesourcery.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

pci: use qemu_malloc() in pcibus_get_dev_path()

use qemu_malloc() instead of direct use of malloc().

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

msix: simplify write config

use pci_device_deassert_intx().

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

msi: simplify write config a bit.

use pci_device_deassert_intx().

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

pci: deassert intx on reset.

deassert intx on device reset.
So far pci_device_reset() is used for system reset.
In that case, interrupt controller is reset at the same time so that
all irq is are deasserted.
But now pci bus reset/flr is supported, and in that case irq needs to be
disabled explicitly.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

pxa2xx_lcd: restore updating of display

Recently PXA2xx lcd have stopped to be updated incrementally (picture
frozen). This patch fixes that by passing non min/max x/y, but rather
(correctly) x/y and w/h.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

pxa2xx: fix vmstate_pxa2xx_i2c

vmstate_pxa2xx_i2c incorrectly recursed to itself instead of going
to store slave device. Fix that stop stop qemu from segfaulting
during savevm for pxa2xx-based devices.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

scoop: fix access to registers from second instance

Second instance of scoop contains registers shifted to 0x40 from the start
of the page. Instead of messing with register mapping, just limit register
address to 0x00..0x3f.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

mainstone: fix name of the allocated memory for roms

Mainstone board has two flash chips (emulated by two ram regions), however
currently code tries to allocate them with the same name, which fails.
Fix that to make mainstone emulation work again.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

add bepo (french dvorak) keyboard layout

I'm using the Qemu program with VNC I/O, and I had some problems with
my keyboard layout, so I've prepared a definition to be included in
Qemu, built from Xorg description.

Signed-off-by: Frédéric Boiteux <fboiteux@free.fr>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

stc91c111: Implement save/restore

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

pl080: Implement save/restore

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

pl110: Implement save/restore

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

pl031: Implement save/restore

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

pl050: Implement save/restore

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

arm_sysctl: Implement save/restore

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

vpb_sic: Implement save/restore

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

pl190: Implement save/restore

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

gt64xxx: qdev conversion

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

sh_pci: qdev conversion

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

sh_serial: process all received characters

When operating on the SCIF, process all the received characters, as long
as the FIFO can handle them.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

sh_serial: remove one level of indirection

The indirection functions are empty since commit
8da3ff180974732fc4272cb4433fef85c1822961.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

usb-hid: modifiers should generate an event

When a modifier key is pressed or released, the USB HID keyboard still
answers NAK, unless another key is also pressed or released.

The patch fixes that by calling usb_hid_changed() when a modifier key
is pressed or released.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

softfloat: fix floatx80_is_{quiet,signaling}_nan()

floatx80_is_{quiet,signaling}_nan() functions are incorrectly detecting
the type of NaN, depending on SNAN_BIT_IS_ONE, one of the two is
returning the correct value, and the other true for any kind of NaN.

This patch fixes that by applying the same kind of comparison as for
other float formats, but taking into account the explicit bit.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

tcg: README, name deposit second argument len/LEN

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

target-i386: Use deposit operation.

Use this for assignment to the low byte or low word of a register.

Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

tcg: Define "deposit" as an optional operation.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

microblaze: Add support for load/store reversed

Load/store reversed (lwr/swr) are insns that endian translate
the sub-word part of the address and byteswap the data lanes.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@petalogix.com>

microblaze: Tweak comment, fast cases -> common cases

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

pci: fix device paths

Patch a6a7005d14b3c32d4864a718fb1cb19c789f58a5 generated
broken device paths. We snprintf with a length shorter
than the output, so the last character is discarded and replaced
by the null byte. Fix it up by snprintf to a buffer
which is larger by 1 byte and then memcpy the data (without
the null byte) to where we need it.

Reported-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

sparc: fix NaN handling

Fix several bugs in NaN handling:
* e in fcmpe* only changes qNaN handling
* FCC is unchanged if an exception is raised
* clear previous FTT before setting it

Reported-by: Mateusz Loskot <mateusz@loskot.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

target-arm: Log instruction start in TCG code

Add support for logging the start of instructions in TCG
code debug dumps for ARM targets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

mips: Break TBs after mfc0_count

Break the TB after reading the count register. This makes it
possible to take timer interrupts immediately after a read of
a possibly expired timer.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

mips: Expire late timers when reading cp0_count

When reading cp0_count from a timer with a late trigger that should
already have expired, expire it and raise the timer irq.

This makes it possible for guest code (e.g, Linux) that first read
cp0_count, then compare it with cp0_compare and check for raised
timer interrupt lines to run reliably.

Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

mips: Break out cpu_mips_timer_expire

Reorganize for future patches, no functional change.

Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

Replace 'extern inline' with 'static inline'

Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

bsd-user: Fix possible memory leaks and wrong realloc call

These errors were reported by cppcheck:

[bsd-user/elfload.c:1108]: (error) Common realloc mistake: "syms" nulled but not freed upon failure
[bsd-user/elfload.c:1076]: (error) Memory leak: s
[bsd-user/elfload.c:1079]: (error) Memory leak: syms

v2:
* The previous fix for memory leaks was incomplete (thanks to Peter Maydell for te hint).
* Fix wrong realloc usage, too.

Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

sm501: add 2D engine copyrect support

Linux kernel started to use the SM501 2D engine for the console, and
especially the copyrect operation.

Implement this operation so that recent kernels can be used with QEMU.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

savevm: Fix no_migrate

The no_migrate save state flag is currently only checked in the
last phase of migration.  This means that we potentially waste
a lot of time and bandwidth with the live state handlers before
we ever check the no_migrate flags.  The error message printed
when we catch a non-migratable device doesn't get printed for
a detached migration.  And, no_migrate does nothing to prevent
an incoming migration to a target that includes a non-migratable
device.  This attempts to fix all of these.

One notable difference in behavior is that an outgoing migration
now checks for non-migratable devices before ever connecting to
the target system.  This means the target will remain listening
rather than exit from failure.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote branch 'mst/for_anthony' into staging

acpi_piix4: expose no_hotplug attribute via i/o port

Expose no_hotplug attribute via I/O port, so ACPI BIOS can indicate
removability status to guest OS.

An updated seabios is required to make use of this feature (seabios.git
commit ID 3c241edf3d7ef29c21).

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Tested-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

document QEMU<->ACPIBIOS PCI hotplug interface

Document how QEMU communicates with ACPI BIOS for PCI hotplug.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

m48t59: Fix a wrong opaque passed to nvram read and write routines

This fixes boot on PPC prep.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

gdbstub: Close connection in gdb_exit

On Windows, this is required to flush the remaining data in the IO stream,
otherwise Gdb do not receive the last packet.

Version 2:
Fix linux-user build error.

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@petalogix.com>

USB keyboard emulation key mapping error

The USB keyboard emulation's translation table in hw/usb-hid.c doesn't
match the codes actually sent for the Logo (a.k.a. "Windows") or Menu
keys. This results in the guest OS not being able to receive these keys
at all when the USB keyboard emulation is being used.

In particular, both the keymap in /usr/share/kvm/keymaps/modifiers and
the evdev table in x_keymap.c map these keys to 0xdb, 0xdc, and 0xdd,
while usb_hid_usage_keys[] seems to be expecting them to be mapped to
0x7d, 0x7e, and 0x7f.

The attached patch seems to fix the problem, at least in my (limited)
testing.

http://bugs.debian.org/578846
http://bugs.debian.org/600593 (cloned from the above against different pkg)
https://bugs.launchpad.net/qemu/+bug/584139

Signed-Off-By: Brad Jorsch <anomie@users.sourceforge.net>
Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-sh4: implement negc using TCG

Using setcond it's now possible to generate a relatively short negc
instruction in TCG.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-sh4: use rotl/rotr when possible

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

tcg/sparc64: fix segfault

With current OpenBSD, code_gen_buffer was mapped 8GB away from
text segment. Then any helpers were beyond the 2GB range of call
instruction genereated by TCG and so the calls would go nowhere,
leading to a segfault.

Fix by specifying an address for the code_gen_buffer,
hopefully free and nearby the helpers.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

target-sh4: correct use of ! and &

Fix wrong usage of ! and & in MMU related functions. Thanks to Blue
Swirl for reporting the issue.

Reported-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

monitor: fix a typo

Fix usage of wrong variable, spotted by clang:
/src/qemu/monitor.c:2278:36: warning: The left operand of '&' is a garbage value
prot = pde & (PG_USER_MASK | PG_RW_MASK |

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

make_device_config: Fix non-fatal error message with dash and other shells

ORS=" " adds a blank to the name of the include file.
Some shells (e.g. dash) don't accept input redirection
(tr -d '\r' < $f) when $f ends with a blank, so they
print an error message instead of reading pci.mak.
This is a non-fatal error because pci.mak does not
contain an include line. It was introduced by commit
5d6b423c5cd6f9dfac30959ff1d5c088996719c3.

Using printf avoids adding a blank and is also supported
by older awk versions (this solution was suggested by
Paolo Bonzini, thank you).

Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Tested-by: Andreas Färber <andreas.faerber@web.de>

MAINTAINERS: add entries for TCG

The MAINTAINERS file was lacking entries concerning the TCG code, add
them based on the git history.

For the common TCG code, is probably better to keep qemu-devel@non-gnu.org
as this code can break easily, so it's better to get it reviewed by a few
persons.

Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

MAINTAINERS: Change MIPS and SH4 maintainers

Since nobody else seems interested in maintaining MIPS and SH4 targets,
and as I have done most of the recent code changes, let officialize
that.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

MAINTAINERS: fix typos

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-arm: Restore IT bits when resuming after an exception

We were not correctly restoring the IT bits when resuming execution
after taking an unexpected exception in the middle of an IT block.
Fix this by tracking them along with PC changes and restoring in
gen_pc_load().

This fixes bug https://bugs.launchpad.net/qemu/+bug/581335

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

linux-user: ARM: clear the IT bits when invoking a signal handler

When invoking a signal handler for an ARM target, make sure the IT
bits in the CPSR are cleared. (This would otherwise cause incorrect
execution if the IT state was non-zero when an exception occured.
This bug has been masked previously because we weren't getting the
IT state bits at exception entry right anyway.)

Also use the proper cpsr_read()/cpsr_write() interface to update
the CPSR rather than manipulating CPUState fields directly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-arm: Refactor translation of exception generating instructions

Create a new function which does the common sequence of gen_set_condexec,
gen_set_pc_im, gen_exception, set is_jmp to DISAS_JUMP.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-arm: Remove redundant setting of IT bits before Thumb SWI

Remove a redundant call to gen_set_condexec() in the translation of Thumb
mode SWI. (SWI and WFI generate "exceptions" which happen after the
execution of the instruction, ie when PC and IT bits have updated.
So the condexec bits at this point are not correct. However, the code
that handles finishing the translation of the TB will write the correct
value of the condexec bits later, so the only effect was that a conditional
Thumb SWI would generate slightly worse code than necessary.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-arm: Translate with user-state from TB flags, not CPUState

When translating, get the user/priv state from the TB flags, not
the CPUState.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-arm: Set privileged bit in TB flags correctly for M profile

M profile ARM cores don't have a CPSR mode field. Set the bit in the
TB flags that indicates non-user mode correctly for these cores.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-arm: Translate with condexec bits from TB flags, not CPUState

When translating, the condexec bits for the TB are in the TB flags;
the CPUState condexec bits may be different.

This patch fixes https://bugs.launchpad.net/bugs/604872 where we might
segfault if we took an exception in the middle of a TB with an IT
block, because when we came to retranslate in cpu_restore_state()
the CPUState condexec bits would have advanced compared to the start
of the TB and we would generate different (wrong) code.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-arm: Translate with Thumb state from TB flags, not CPUState

The Thumb/ARM state for the TB being translated should come from
the TB flags, not the CPUState.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-arm: Translate with VFP len/stride from TB flags, not CPUState

When translating, the VFP vector length and stride for this TB are encoded
in the TB flags; the CPUState copies may be different and must not be used.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>