aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-03-23Add top level changes for moxieAnthony Green
Signed-off-by: Anthony Green <green@moxielogic.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-03-23Add sample moxie systemAnthony Green
Signed-off-by: Anthony Green <green@moxielogic.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-03-23Add moxie disassemblerAnthony Green
Signed-off-by: Anthony Green <green@moxielogic.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-03-23Add moxie target codeAnthony Green
Signed-off-by: Anthony Green <green@moxielogic.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-03-23Merge branch 'for-upstream' of git://github.com/mwalle/qemuBlue Swirl
* 'for-upstream' of git://github.com/mwalle/qemu: configure: rename OpenGL feature to GLX configure: proper OpenGL/GLX probe target-lm32: use HELPER() macro target-lm32: flush tlb after clearing env target-lm32: remove dead code target-lm32: fix cmpgui and cmpgeui opcodes tests: tcg: lm32: add more test cases target-lm32: don't log cpu state in translation lm32_uart: fix receive buffering milkymist-uart: fix receive buffering lm32-dis: fix NULL pointer dereference target-lm32: fix debug memory access
2013-03-22Merge branch 'ppc-for-upstream' of git://github.com/agraf/qemuAurelien Jarno
* 'ppc-for-upstream' of git://github.com/agraf/qemu: (58 commits) target-ppc: Use NARROW_MODE macro for tlbie target-ppc: Use NARROW_MODE macro for addresses target-ppc: Use NARROW_MODE macro for comparisons target-ppc: Use NARROW_MODE macro for branches target-ppc: Fix add and subf carry generation in narrow mode target-ppc: Use QOM method dispatch for MMU fault handling target-ppc: Move ppc tlb_fill implementation into mmu_helper.c target-ppc: Split user only code out of mmu_helper.c mmu-hash64: Implement Virtual Page Class Key Protection mmu-hash*: Merge translate and fault handling functions mmu-hash*: Don't use full ppc_hash{32, 64}_translate() path for get_phys_page_debug() mmu-hash*: Correctly mask RPN from hash PTE mmu-hash*: Clean up real address calculation mmu-hash*: Clean up PTE flags update mmu-hash64: Factor SLB N bit into permissions bits mmu-hash*: Clean up permission checking mmu-hash32: Remove nx from context structure mmu-hash*: Don't update PTE flags when permission is denied mmu-hash32: Don't look up page tables on BAT permission error mmu-hash32: Cleanup BAT lookup ...
2013-03-22tcg: Fix occasional TCG broken problem when ldst optimization enabledYeongkyoon Lee
is_tcg_gen_code() checks the upper limit of TCG generated code range wrong, so that TCG could get broken occasionally only when CONFIG_QEMU_LDST_OPTIMIZATION enabled. The reason is code_gen_buffer_max_size does not cover the upper range up to (TCG_MAX_OP_SIZE * OPC_BUF_SIZE), thus code_gen_buffer_max_size should be modified to code_gen_buffer_size. CC: qemu-stable@nongnu.org Signed-off-by: Yeongkyoon Lee <yeongkyoon.lee@samsung.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2013-03-22Merge remote-tracking branch 'kwolf/for-anthony' into stagingAnthony Liguori
# By Kevin Wolf (12) and Peter Lieven (2) # Via Kevin Wolf * kwolf/for-anthony: nbd: Check against invalid option combinations nbd: Use default port if only host is specified block: Allow omitting the file name when using driver-specific options block: Make find_image_format safe with NULL filename block: Rename variable to avoid shadowing block: Introduce .bdrv_parse_filename callback nbd: Accept -drive options for the network connection nbd: Remove unused functions nbd: Keep hostname and port separate qemu-socket: Make socket_optslist public block: Pass bdrv_file_open() options to block drivers block: Add options QDict to bdrv_file_open() prototypes block: complete all IOs before resizing a device Revert "block: complete all IOs before .bdrv_truncate"
2013-03-22Merge remote-tracking branch 'stefanha/trivial-patches' into stagingAnthony Liguori
# By liguang (2) and others # Via Stefan Hajnoczi * stefanha/trivial-patches: qdev: remove redundant abort() gitignore: ignore more files Use proper term in TCG README serial: Fix debug format strings Fix typos and misspellings Advertise --libdir in configure --help output memory: fix a bug of detection of memory region collision MinGW: Replace setsockopt by qemu_setsocketopt
2013-03-22Merge remote-tracking branch 'cohuck/virtio-ccw-upstr' into stagingAnthony Liguori
# By Cornelia Huck # Via Cornelia Huck * cohuck/virtio-ccw-upstr: virtio-ccw, s390-virtio: Use generic virtio-blk macro. s390-virtio, virtio-ccw: Add config_wce for virtio-blk. virtio-ccw: Add missing blk chs properties.
2013-03-22nbd: Check against invalid option combinationsKevin Wolf
A file name may only specified if no host or socket path is specified. The latter two may not appear at the same time either. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22nbd: Use default port if only host is specifiedKevin Wolf
The URL method already takes care to apply the default port when none is specfied. Directly specifying driver-specific options required the port number until now. Allow leaving it out and apply the default. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22block: Allow omitting the file name when using driver-specific optionsKevin Wolf
After this patch, using -drive with an empty file name continues to open the file if driver-specific options are used. If no driver-specific options are specified, the semantics stay as it was: It defines a drive without an inserted medium. In order to achieve this, bdrv_open() must be made safe to work with a NULL filename parameter. The assumption that is made is that only block drivers which implement bdrv_parse_filename() support using driver specific options and could therefore work without a filename. These drivers must make sure to cope with NULL in their implementation of .bdrv_open() (this is only NBD for now). For all other drivers, the block layer code will make sure to error out before calling into their code - they can't possibly work without a filename. Now an NBD connection can be opened like this: qemu-system-x86_64 -drive file.driver=nbd,file.port=1234,file.host=::1 Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22block: Make find_image_format safe with NULL filenameKevin Wolf
In order to achieve this, the .bdrv_probe callbacks of all drivers must cope with this. The DMG driver is the only one that bases its decision on the filename and it needs to be changed. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22block: Rename variable to avoid shadowingKevin Wolf
bdrv_open() uses two different variables called options. Rename one of them to avoid confusion and to allow the outer one to be accessed everywhere. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22block: Introduce .bdrv_parse_filename callbackKevin Wolf
If a driver needs structured data and not just a string, it can provide a .bdrv_parse_filename callback now that parses the command line string into separate options. Keeping this separate from .bdrv_open_filename ensures that the preferred way of directly specifying the options always works as well if parsing the string works. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22nbd: Accept -drive options for the network connectionKevin Wolf
The existing parsers for the file name now parse everything into the bdrv_open() options QDict. Instead of using these parsers, you can now directly specify the options on the command line, like this: qemu-system-x86_64 -drive file=nbd:,file.port=1234,file.host=::1 Clearly the file=... part could use further improvement, but it's a start. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22nbd: Remove unused functionsKevin Wolf
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22nbd: Keep hostname and port separateKevin Wolf
The NBD block supports an URL syntax, for which a URL parser returns separate hostname and port fields. It also supports the traditional qemu syntax encoded in a filename. Until now, after parsing the URL to get each piece of information, a new string is built to be fed to socket functions. Instead of building a string in the URL case that is immediately parsed again, parse the string in both cases and use the QemuOpts interface to qemu-sockets.c. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22qemu-socket: Make socket_optslist publicKevin Wolf
Allow other users to create the QemuOpts needed for inet_connect_opts(). Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22block: Pass bdrv_file_open() options to block driversKevin Wolf
Specify -drive file.option=... on the command line to pass the option to the protocol instead of the format driver. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22block: Add options QDict to bdrv_file_open() prototypesKevin Wolf
The new parameter is unused yet. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22block: complete all IOs before resizing a devicePeter Lieven
this patch ensures that all pending IOs are completed before a device is resized. this is especially important if a device is shrinked as it the bdrv_check_request() result is invalidated. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-03-22Revert "block: complete all IOs before .bdrv_truncate"Peter Lieven
brdv_truncate() is also called from readv/writev commands on self- growing file based storage. this will result in requests waiting for theirselves to complete. This reverts commit 9a665b2b8640e464f0a778216fc2dca8d02acf33. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-03-22qdev: remove redundant abort()liguang
Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-03-22gitignore: ignore more filesliguang
ignore *.patch, *.gcda, *.gcno Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-03-22Use proper term in TCG README陳韋任 (Wei-Ren Chen)
In TCG, "target" means the host architecture for which TCG generates the code. Using "guest" rather than "target" to make the document more consistent. Signed-off-by: Chen Wei-Ren <chenwj@iis.sinica.edu.tw> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-03-22target-ppc: Use NARROW_MODE macro for tlbieRichard Henderson
Removing conditional compilation in the process. Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Use NARROW_MODE macro for addressesRichard Henderson
Removing conditional compilation in the process. Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Use NARROW_MODE macro for comparisonsRichard Henderson
Removing conditional compilation in the process. Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Use NARROW_MODE macro for branchesRichard Henderson
Removing conditional compilation in the process. Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Fix add and subf carry generation in narrow modeRichard Henderson
The set of computations used in b5a73f8d8a57e940f9bbeb399a9e47897522ee9a are only valid if the current word size == target_long size. This failed to take ppc64 in 32-bit (narrow) mode into account. Add a NARROW_MODE macro to avoid conditional compilation. Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Use QOM method dispatch for MMU fault handlingDavid Gibson
After previous cleanups, the many scattered checks of env->mmu_model in the ppc MMU implementation have, at least for "classic" hash MMUs been reduced (almost) to a single switch at the top of cpu_ppc_handle_mmu_fault(). An explicit switch is still a pretty ugly way of handling this though. Now that Andreas Färber's CPU QOM cleanups for ppc have gone in, it's quite straightforward to instead make the handle_mmu_fault function a QOM method on the CPU object. This patch implements such a scheme, initializing the method pointer at the same time as the mmu_model variable. We need to keep the latter around for now, because of the MMU types (BookE, 4xx, et al) which haven't been converted to the new scheme yet, and also for a few other uses. It would be good to clean those up eventually. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Move ppc tlb_fill implementation into mmu_helper.cDavid Gibson
For softmmu builds the interface from the generic code to the target specific MMU implementation is through the tlb_fill() function. For ppc this is currently in mem_helper.c, whereas it would make more sense in mmu_helper.c. This patch moves it, which also allows cpu_ppc_handle_mmu_fault() to become a local function in mmu_helper.c Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Split user only code out of mmu_helper.cDavid Gibson
mmu_helper.c is, for obvious reasons, almost entirely concerned with softmmu builds of qemu. However, it does contain one stub function which is used when CONFIG_USER_ONLY=y - the user only versoin of cpu_ppc_handle_mmu_fault, which always triggers an exception. The entire rest of the file is surrounded by #if !defined(CONFIG_USER_ONLY). We clean this up by moving the user only stub into its own new file, removing the ifdefs and building mmu_helper.c only when CONFIG_SOFTMMU is set. This also lets us remove the #define of cpu_handle_mmu_fault to cpu_ppc_handle_mmu_fault - that name is only used from generic code for user only - so we just name our split user version by the generic name. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash64: Implement Virtual Page Class Key ProtectionDavid Gibson
Version 2.06 of the Power architecture describes an additional page protection mechanism. Each virtual page has a "class" (0-31) recorded in the PTE. The AMR register contains bits which can prohibit reads and/or writes on a class by class basis. Interestingly, the AMR is userspace readable and writable, however user mode writes are masked by the contents of the UAMOR which is privileged. This patch implements this protection mechanism, along with the AMR and UAMOR SPRs. The architecture also specifies a hypervisor-privileged AMOR register which masks user and supervisor writes to the AMR and UAMOR. We leave this out for now, since we don't at present model hypervisor mode correctly in any case. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [agraf: fix 32-bit hosts] Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Merge translate and fault handling functionsDavid Gibson
ppc_hash{32,64}_handle_mmu_fault() is now the only caller of ppc_hash{32,64{_translate(), so this patch combines them together. This means that instead of one returning a variety of non-obvious error codes which then get translated into the various mmu exception conditions, we can just generate the exceptions as we discover problems in the translation path. This also removes the last usage of mmu_ctx_hash{32,64}. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Don't use full ppc_hash{32, 64}_translate() path for ↵David Gibson
get_phys_page_debug() Currently the hash mmu versionsof get_phys_page_debug() use the same ppc64_hash64_translate() function to do the translation logic as the normal mm fault handler code. That sounds like a good idea, but has some complications. The debug path doesn't need, or even want some parts of the full translation path, like permissions checking. Furthermore, the pte flags update included in the normal path means that the debug call is not quite side effect free. This patch, therefore, reimplements get_phys_page_debug as the minimal required subset of the full translation path. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>`z Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Correctly mask RPN from hash PTEDavid Gibson
BEHAVIOUR CHANGE At present we take the whole of word 1 of the hash PTE as the real page number used to calculate the translated address. This is incorrect, because it leaves the flags from the low bits of PTE word 1 in place in the rpm. We mostly get away with that because the value is later masked by TARGET_PAGE_MASK. More recent 64-bit CPUs also have a small number of flag bits (PP0 and KEY) in the top bits of PTE word 1. Any guest which used those bits would fail with the current code. This patch fixes the problem by correctly masking out the RPN field of PTE word 1. This is safe, even for older CPUs which didn't have PP0 and KEY, because although the RPN notionally extended to the very top of PTE word 1, none of those CPUs actually implemented that many real address bits. We add analogous masking to the 32-bit code, even though it also doesn't have the high flag bits, for consistency and clarity. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Clean up real address calculationDavid Gibson
More recent 64-bit hash MMUs support multiple page sizes, and PTEs for large pages only include the offset of the whole large page. But the qemu tlb only handles pages of the base size (4k) so we need to break up the large pages into 4k pieces for the qemu tlb. To do that we have a somewhat awkward piece of code that adds the folds address bits 4k and the page size from the virtual address into the real address from the pte. This patch simplifies this redefining the raddr output of ppc_hash64_translate() to be the full real address of the faulting address, rather than just the (4k) page offset. Computing that turns out to be simpler, and is fine for the caller, since it already masks with TARGET_PAGE_MASK before inserting into the qemu tlb. The multiple page size complication doesn't exist for 32-bit hash mmus, but we make an analogous cleanup there for consistency. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Clean up PTE flags updateDavid Gibson
Currently the ppc_hash{32,64}_pte_update_flags() helper functions update a PTE's referenced and changed bits as necessary to reflect the access. It is somewhat long winded, though. This patch open codes them in their (single) callers, in a simpler way. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash64: Factor SLB N bit into permissions bitsDavid Gibson
BEHAVIOUR CHANGE Currently, for 64-bit hash mmu, the execute protection bit placed into the qemu tlb is based only on the N (No execute) bit from the PTE. However, No Execute can also be set at the segment level. We do check this on execute faults, but this still means we could incorrectly allow execution of code from a No Execute segment, if a prior read or write fault caused the page to be loaded into the qemu tlb with PROT_EXEC set. To correct this, we (re-)check the segment level no execute permission when generating the protection bits for the qemu tlb. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Clean up permission checkingDavid Gibson
Currently checking of PTE permission bits is split messily amongst ppc_hash{32,64}_pp_check(), ppc_hash{32,64}_check_prot() and their callers. This patch cleans this up to have the new function ppc_hash{32,64}_pte_prot() compute the page permissions from the SLBE (for 64-bit) or segment register (32-bit) and the pte. A greatly simplified version of the actual permissions check is then open coded in the callers. The 32-bit version of ppc_hash32_pte_prot() is implemented in terms of ppc_hash32_pp_prot(), a renamed and slightly cleaned up version of the old ppc_hash32_pp_check(), which is also used for checking BAT permissions on the 601. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash32: Remove nx from context structureDavid Gibson
Previous cleanups have meant the nx field of the mmu_ctx_hash32 structure is now only used within ppc_hash32_translate(), and so it can be replaced by a local variable. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Don't update PTE flags when permission is deniedDavid Gibson
BEHAVIOUR CHANGE Currently if ppc_hash{32,64}_translate() finds a PTE matching the given virtual address, it will always update the PTE's R & C (Referenced and Changed) bits. This happens even if the PTE's permissions mean we are about to deny the translation. This is clearly a bug, although we get away with it because: a) It will only incorrectly set, never reset the bits, which should not cause guest correctness problems. b) Linux guests never use the R & C bits anyway. This patch fixes the behaviour, only updating R & C when access is granted by the PTE. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash32: Don't look up page tables on BAT permission errorDavid Gibson
BEHAVIOUR CHANGE Currently, on any failure translating an address with BATs, we proceed to normal segment and page table translation. That's incorrect if the BAT error was due to permissions, rather than not finding a matching BAT. We've gotten away with it because a guest would not usually put translations for the same address in both BATs and page table. Nonetheless this patch corrects the logic, only doing page table lookup if no BAT is found. A matching BAT with bad permissions will now correctly trigger an exception. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash32: Cleanup BAT lookupDavid Gibson
This patch makes a general cleanup of the ppc_hash32_get_bat() function, renaming it to ppc_hash32_bat_lookup(). In particular, the new function only looks for a matching BAT, with the permissions check from the old function moved to the caller. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash32: Clean up BAT matching logicDavid Gibson
The code to search for a matching BAT for a virtual address is somewhat longwinded and awkward. In particular, it relies on seperate size and validity information being returned from the hash32_bat_size() function (and 601 specific variant). We simplify this by having hash32_bat_size() return instead a mask of the virtual address bits to match, and 0 for invalid (since a BAT can never match the entire address space). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash32: Split BAT size logic from permissions logicDavid Gibson
hash32_bat_size_prot() and its 601 variant, as the name suggests, returns both a BAT's size - needed to search for a matching BAT - and its permissions, only relevant once a matching BAT has been located. There's no particular advantage to combining these, so we split these roles into seperate functions for clarity. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash32: Remove odd pointer usage from BAT codeDavid Gibson
In the code for handling BATs, the hash32_bat_size_prot() and hash32_bat_601_size_prot() functions are passed the BAT contents by reference (pointer) for no clear reason, since they only need the values within. This patch removes this odd usage, and uses the resulting change to clean up the caller slightly. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>