aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-05-26scsi: reference-count requestsPaolo Bonzini
With the next patch, a device may hold SCSIRequest for an indefinite time. Split a rather big patch, and protect against access errors, by reference counting them. There is some ugliness in scsi_send_command implementation due to the need to unref the request when it fails. This will go away with the next patches, which move the unref'ing to the devices. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Christoph Hellwig <hch@lst.de>
2011-05-26scsi-generic: do not use a stale aiocbPaolo Bonzini
If a request is canceled after it has been completed, scsi_cancel_io would pass a stale aiocb to bdrv_aio_cancel. Avoid this. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: introduce SCSIBusOpsPaolo Bonzini
There are more operations than a SCSI bus can handle, besides completing commands. One example, which this series will introduce, is cleaning up after a request is cancelled. More long term, a "SCSI bus" can represent the LUNs attached to a target; in this case, while all commands will ultimately reach a logical unit, it is the target who is in charge of answering REPORT LUNs. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: introduce scsi_req_dataPaolo Bonzini
This abstracts calling the command_complete callback, reducing churn in the following patches. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi-generic: Remove bogus double completePaolo Bonzini
scsi-generic scsi_read_complete() should not -both- call the client complete callback with SCSI_REASON_DATA -and- call scsi_command_complete(). The former will cause the client to queue a new read or write request, while the later will free the request data structure, thus causing the new read or write request to use a freed/stale structure when it completes. This patch fixes the bug, fixing a crash with scsi-generic & RHEL5.5 installer. Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: add tracing of scsi requestsPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-25Merge remote-tracking branch 'kraxel/CVE-2011-1751' into stagingAnthony Liguori
2011-05-23configure: Document --disable-slirp option in --helpPeter Maydell
The --disable-slirp option was undocumented; add it to configure's --help output. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-05-23target-arm/exec.h: Remove unused #define of M0Peter Maydell
Remove a preprocessor #define which is never used. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-05-23target-arm: Signal InvalidOp for Neon GE and GT compares of QNaNPeter Maydell
If the input to a Neon float comparison is a quiet NaN, the ARM ARM specifies that we should raise InvalidOp if the comparison is GE or GT but not for EQ. (Signaling NaNs raise InvalidOp regardless). This means only EQ should use the _quiet version of the comparison function. We implement this by cleaning up the comparison helpers to call the appopriate versions of the softfloat simple comparison functions (float32_le and friends) rather than the generic float32_compare functions. This makes them simple enough that they are clearer opencoded rather than macroised. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-05-23target-arm: Use correct float status for Neon int-float conversionsPeter Maydell
The Neon versions of int-float conversions must use the "standard FPSCR" rather than the default FPSCR. Implement this by having the helper functions take a pointer to the appropriate float_status value rather than simply taking a pointer to the entire CPUState, and making translate.c pass a pointer to vfp.fp_status or vfp.standard_fp_status appropriately for whether the instruction being translated is Neon or VFP. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-05-23target-arm: Signal Underflow when denormal flushed to zero on outputPeter Maydell
On ARM the architecture mandates that when an output denormal is flushed to zero we must set the FPSCR UFC (underflow) bit, so map softfloat's float_flag_output_denormal accordingly. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-05-23softfloat: Add new flag for when denormal result is flushed to zeroPeter Maydell
Add a new float_flag_output_denormal which is set when the result of a floating point operation would be denormal but is flushed to zero because we are in flush_to_zero mode. This is necessary because some architectures signal this condition as an underflow and others signal it as an inexact result. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-05-23target-arm: Signal InputDenormal for VRECPE, VRSQRTE, VRECPS, VRSQRTSPeter Maydell
The helpers for VRECPE.F32, VSQRTE.F32, VRECPS and VRSQRTS handle denormals as special cases, so we must set the InputDenormal exception flag ourselves. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-05-23target-arm: Don't set FP exceptions in recip, recip_sqrt estimate fnsPeter Maydell
The functions which do the core estimation algorithms for the VRSQRTE and VRECPE instructions should not set floating point exception flags, so use a local fp status for doing these calculations. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-05-23tcg: don't keep dead outputs in registersAurelien Jarno
If an op with dead outputs is not removed, because it has side effects or has multiple output and only one dead, mark the registers as dead instead of saving them. This avoid a few register spills on TCG targets with low register count, especially with div2 and mul2 ops, or when a qemu_ld* result is not used (prefetch emulation for example). Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-05-23tcg: mark dead output argument in op_dead_argsAurelien Jarno
If an op is not removed and has dead output arguments, mark it in op_dead_args similarly to what is done for input arguments. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-05-23tcg: replace op_dead_iargs by op_dead_argsAurelien Jarno
Allow all args to be dead by replacing the input specific op_dead_iargs variable by op_dead_args. Note this is a purely mechanical change. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-05-23Merge branch 'trivial-patches' of git://repo.or.cz/qemu/stefanhaAurelien Jarno
* 'trivial-patches' of git://repo.or.cz/qemu/stefanha: Fix typos in comments (chek -> check) hw/sd.c: Don't complain about SDIO commands CMD52/CMD53 hw/realview.c: Remove duplicate #include line piix_pci: fix piix3_set_irq_pic()
2011-05-23Merge branch 'ppc-next' of git://repo.or.cz/qemu/agrafAurelien Jarno
* 'ppc-next' of git://repo.or.cz/qemu/agraf: Fix a bug in mtsr/mtsrin emulation on ppc64 pSeries: Clean up write-only variables w32: Fix compilation and replace non-portable usage of ulong
2011-05-23Merge branch 's390-next' of git://repo.or.cz/qemu/agrafAurelien Jarno
* 's390-next' of git://repo.or.cz/qemu/agraf: s390x: complain when allocating ram fails s390x: fix memory detection for guests > 64GB s390x: change mapping base to allow guests > 2GB s390x: Fix debugging for unknown sigp order codes s390x: build s390x by default s390x: remove compatibility cc field s390x: Adjust GDB stub s390x: translate engine for s390x CPU s390x: Adjust internal kvm code s390x: Implement opcode helpers s390x: helper functions for system emulation s390x: Shift variables in CPUState for memset(0) s390x: keep hint on virtio managing size s390x: make kvm exported functions conditional on kvm s390x: s390x-linux-user support tcg: extend max tcg opcodes when using 64-on-32bit s390x: fix smp support for kvm
2011-05-22Fix typos in comments (chek -> check)Stefan Weil
Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-05-22hw/sd.c: Don't complain about SDIO commands CMD52/CMD53Peter Maydell
The SDIO specification introduces new commands 52 and 53. Handle as illegal command but do not complain on stderr, as SDIO-aware OSes (including Linux) may legitimately use these in their probing for presence of an SDIO card. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-05-22hw/realview.c: Remove duplicate #include linePeter Maydell
Remove a duplicate #include of sysbus.h. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-05-22piix_pci: fix piix3_set_irq_pic()TeLeMan
If pic_irq is greater than 7, the irq level is always 0 on 32bits. Signed-off-by: TeLeMan <geleman@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-05-22Delete unused tb_invalidate_page_rangeBlue Swirl
tb_invalidate_page_range() was intended to be used to invalidate an area of a TB which the guest explicitly flushes from i-cache. However, QEMU detects writes to code areas where TBs have been generated, so his has never been useful. Delete the function, adjust callers. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-05-20Fix a bug in mtsr/mtsrin emulation on ppc64David Gibson
Early ppc64 CPUs include a hack to partially simulate the ppc32 segment registers, by translating writes to them into writes to the SLB. This is not used by any current Linux kernel, but it is used by the openbios used in the qemu mac99 model. Commit 81762d6dd0d430d87024f2c83e9c4dcc4329fb7d, cleaning up the SLB handling introduced a bug in this code, breaking the openbios currently in qemu. Specifically, there was an off by one error bitshuffling the register format used by mtsr into the format needed for the SLB load, causing the flag bits to end up in the wrong place. This caused the storage keys to be wrong under openbios, meaning that the translation code incorrectly thought a legitimate access was a permission violation. This patch fixes the bug, at the same time it fixes some build bug in the MMU debugging code (only exposed when DEBUG_MMU is enabled). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20pSeries: Clean up write-only variablesDavid Gibson
A few pieces of the pSeries emulation code have variables which are set but never used, which causes warnings on gcc 4.6. This patch removes these instances. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20w32: Fix compilation and replace non-portable usage of ulongStefan Weil
ulong is undefined for w32 (and maybe other) compilations. Replace it by uintptr_t (which also fixes compilation for w64 and is a better choice for pointer to integer conversions). Cc: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Stefan Weil <weil@mail.berlios.de> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: complain when allocating ram failsAlexander Graf
While trying out the > 64GB guest RAM patch, I hit some virtual address limitations of my host system, which resulted in mmap failing. Unfortunately, qemu didn't tell me about this failure, but just used the NULL pointer happily, resulting in either segmentation faults or other fun errors. To spare other users from tracing this down, let's print a nice message instead so the user can figure out what's wrong from there. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: fix memory detection for guests > 64GBChristian Borntraeger
the s390 memory detection has a 16bit field that specifies the amount of increments. This patch adopts the memory size to always fit into that scheme. This also fixes virtio detection for these guests, since the descriptor page is located after the main memory. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: change mapping base to allow guests > 2GBChristian Borntraeger
the current s390x qemu memory layout is 0x1000000: guest start 0x80000000: qemu binary which limits the amount of available memory to <2GB. This patch moves the guest pages to 32GB to not collide with the binary and to leave some space for the program break of qemu. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: Fix debugging for unknown sigp order codesChristian Borntraeger
On unknown sigp order codes we print a debug message. This patch fixes the output, since we want to see the order_code and not the register numbers. Patch applies on agraf tree. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: build s390x by defaultAlexander Graf
This patch enables building of s390x-softmmu and s390x-linux-user targets by default. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: remove compatibility cc fieldAlexander Graf
Remove the now unused cc field that was only required to not break bisectability. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: Adjust GDB stubAlexander Graf
We have successfully lazilized cc computation, so we need to manually trigger its calculation when gdb wants to fetch it. We also changed the variable name, so writing it writes into a different field now. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: translate engine for s390x CPUAlexander Graf
This is the main meat part of the patch set. It implements emulation for an s390x CPU. The code does all the optimizations that are common for TCG code: - direct branches - cc optimization - unrolling of simple microcode loops I'm still open for suggestions on speedups of course :). Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: Adjust internal kvm codeAlexander Graf
We're now finally emulating an s390x CPU, so we can move quite some logic from the kvm code out into generic CPU code. This patch does this and adjusts the interfaces according to what the code around now expects to be able to call. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: Implement opcode helpersAlexander Graf
There are some instructions that can't (or shouldn't) be expressed by pure tcg code. For those, we call into externally compiled C functions. This patch implements those C functions. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: helper functions for system emulationAlexander Graf
When running system emulation, we need to transverse through the MMU and deliver interrupts according to the specification. This patch implements those two pieces and in addition adjusts the CPU initialization code to account for the new fields in CPUState. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: Shift variables in CPUState for memset(0)Alexander Graf
The default reset handler does a memset(0) until right in between CPU_COMMON. I incorrectly changed that behavior on the s390x port, so let's move the fields in CPUState around to reflect the correct split up to which point memset(0) zeros out everything. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: keep hint on virtio managing sizeAlexander Graf
The s390x virtio bus keeps management information on virtio after the top of the guest's RAM. We need to be able to tell the guest the size of its RAM (without virtio stuff), but also be able to trap when the guest accesses RAM outside of its scope (including virtio stuff). So we need a variable telling us the size of the virtio stuff, so we can calculate the highest available RAM address from that. While at it, also increase the maximum number of virtio pages, so we play along well with more recent kernels that spawn a ridiculous number of virtio console adapters. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: make kvm exported functions conditional on kvmAlexander Graf
We have some helper functions we use to directly invoke KVM functionality from device emulation code. This patch replaces those exported functions with static inline stubs when not building with KVM enabled. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: s390x-linux-user supportUlrich Hecht
This patch adds support for running s390x binaries in the linux-user emulation code. Signed-off-by: Ulrich Hecht <uli@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20tcg: extend max tcg opcodes when using 64-on-32bitAlexander Graf
When running a 64 bit guest on a 32 bit host, we tend to use more TCG ops than on a 64 bit host. Reflect that in the reserved opcode amount constant. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: fix smp support for kvmChristian Borntraeger
Currently smp support for kvm does not work. Qemu does a kvm run even on secondary CPUs which dont have a sane state (initial psw == 0) triggering some program faults. Architecturally these cpus are in the stopped state, so we should not do the kvm run ioctl. (these CPUs will be started by a SIGP restart later during the boot process) We need to tell the loop that this cpu should not run. Jan Kiszka pointed out that kvm_arch_process_async_events is the right place to do. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-19ahci: Fix non-NCQ accesses for LBA > 16bitsAlexander Graf
AHCI provides two ways of reading/writing data: 1) NCQ 2) ATA commands with the LBA in the command FIS In the second code path, we didn't handle any LBAs that were bigger than 16 bits, so whenever a guest that used high LBA numbers wanted to access data, the LBA got truncated down to 16 bits, giving the guest garbage. This patch adds support for LBAs higher than 16 bits. I've tested that it works just fine with SeaBIOS and Linux guests. This patch also unbreaks the often reported grub errors people have seen with AHCI. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-19Ignore pci unplug requests for unpluggable devices (CVE-2011-1751)Gerd Hoffmann
This patch makes qemu ignore unplug requests from the guest for pci devices which are tagged as non-hotpluggable. Trouble spot is the piix4 chipset with the ISA bridge. Requests to unplug that one will make it go away together with all ISA bus devices, which are not prepared to be unplugged and thus don't cleanup, leaving active qemu timers behind in free'ed memory. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-19block: Remove type hint, it's guest matter, doesn't belong hereMarkus Armbruster
No users of bdrv_get_type_hint() left. bdrv_set_type_hint() can make the media removable by side effect. Make that explicit. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-19blockdev: Store -drive option media in DriveInfoMarkus Armbruster
DriveInfo is closely tied to -drive, and like -drive, it mixes information about host and guest part of the block device. Unlike DriveInfo, BlockDriverState should be about the host part only. One of the remaining guest bits there is the "type hint". -drive option media sets it, and qdevs "ide-drive", "scsi-disk" and non-qdev IF_XEN devices check it to pick HD vs. CD. Communicate -drive option media via new DriveInfo member media_cd instead. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>