aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-02-19mem: add share parameter to memory-backend-ramMarcel Apfelbaum
Currently only file backed memory backend can be created with a "share" flag in order to allow sharing guest RAM with other processes in the host. Add the "share" flag also to RAM Memory Backend in order to allow remapping parts of the guest RAM to different host virtual addresses. This is needed by the RDMA devices in order to remap non-contiguous QEMU virtual addresses to a contiguous virtual address range. Moved the "share" flag to the Host Memory base class, modified phys_mem_alloc to include the new parameter and a new interface memory_region_init_ram_shared_nomigrate. There are no functional changes if the new flag is not used. Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
2018-02-16Merge remote-tracking branch 'remotes/dgilbert/tags/pull-hmp-20180216' into ↵Peter Maydell
staging HMP pull 2018-02-16 # gpg: Signature made Fri 16 Feb 2018 17:45:06 GMT # gpg: using RSA key 0516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-hmp-20180216: monitor.c: Fix infinite loop in monitor's auto-complete monitor: Remove legacy "-mon default=on" parameter Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-16cuda.h: Fix multiple typedefDr. David Alan Gilbert
RHEL6's compilers don't like the repeated typedef. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-16monitor.c: Fix infinite loop in monitor's auto-completeDr. David Alan Gilbert
The QEMU monitor enters an infinite loop when trying to auto-complete commands that accept only optional parameters. The commands currently affected by this issue are 'info registers' and 'info mtree'. Reported-by: Dimitris Karagkasidis <t.pagef.lt@gmail.com> Fixes: 48fe86f6400574165979e0db6f5937ad487b6888 Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20180213125143.23488-1-dgilbert@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2018-02-16monitor: Remove legacy "-mon default=on" parameterThomas Huth
The "default" parameter of the "-mon" option is useless since QEMU v2.4.0, and marked as deprecated since QEMU v2.8.0. That should have been long enough to let people update their scripts, so time to remove it now. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1513700253-10045-1-git-send-email-thuth@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2018-02-16Merge remote-tracking branch 'remotes/kraxel/tags/ui-20180216-pull-request' ↵Peter Maydell
into staging bugfixes for vnc and sdl2 # gpg: Signature made Fri 16 Feb 2018 11:53:37 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/ui-20180216-pull-request: ui: extend VNC trottling tracing to SASL codepaths ui: check VNC audio frequency limit at time of reading from client ui: avoid 'local_err' variable shadowing in VNC SASL auth ui: avoid risk of 32-bit int overflow in VNC buffer check sdl2: fix mouse grab sdl: restore optimized redraw vnc: fix segfault in closed connection handling vnc: add qapi/error.h include to stubs vnc: remove bogus object_unref on client socket Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-16Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.12-20180216' ↵Peter Maydell
into staging ppc patch queue 2018-02-16 Highlights of this batch: * Conversion to TranslatorOps (Emilio Cota) * Further bugfixes and cleanups to vcpu id allocation for pseries (Greg Kurz) * Another bugfix for HPT resizing (Daniel Henrique-Barboza) * Macintosh CUDA cleanups (Mark Cave-Ayland) * Further tweaks to Spectre/Meltdown mitigations (Suraj Singh) # gpg: Signature made Fri 16 Feb 2018 10:00:02 GMT # gpg: using RSA key 6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.12-20180216: ppc4xx: Add device models found in PPC440 core SoCs ppc/spapr-caps: Disallow setting workaround for spapr-cap-ibs target/ppc: convert to TranslatorOps target/ppc: convert to DisasContextBase spapr: consolidate the VCPU id numbering logic in a single place spapr: rename spapr_vcpu_id() to spapr_get_vcpu_id() spapr: move VCPU calculation to core machine code spapr: use spapr->vsmt to compute VCPU ids ppc/spapr-caps: Change migration macro to take full spapr-cap name hw/char: remove legacy interface escc_init() hw/ppc/spapr_hcall: set htab_shift after kvmppc_resize_hpt_commit cuda: convert to trace-events ppc: move CUDAState and other CUDA-related definitions into separate cuda.h file cuda: convert to use the shared mos6522 device Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-16Merge remote-tracking branch ↵Peter Maydell
'remotes/dgilbert/tags/pull-migration-20180214a' into staging Migration pull 20180214 Note that the 'Add test for migration to bad destination' displays a 'Connection refused' during running, but still gives the correct exit code and OK (It's checking that the source doesn't fail when it can't connect, so that's the right error). If it's particularly disliked that patch can be skipped individually. # gpg: Signature made Wed 14 Feb 2018 15:33:04 GMT # gpg: using RSA key 0516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20180214a: migration: pass MigrationState to migrate_init() migration: allow send_rq to fail migration: provide postcopy_fault_thread_notify() migration: reuse mis->userfault_quit_fd migration: better error handling with QEMUFile tests/migration: Add test for migration to bad destination migration: Fix early failure cleanup tests/migration: Add source to PC boot block migration: improve documentation of postcopy-ram migration/xen: Check return value of qemu_fclose Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-16ui: extend VNC trottling tracing to SASL codepathsDaniel P. Berrangé
In previous commit: commit 6aa22a29187e1908f5db738d27c64a9efc8d0bfa Author: Daniel P. Berrange <berrange@redhat.com> Date: Mon Dec 18 19:12:27 2017 +0000 ui: add trace events related to VNC client throttling trace points related to unthrottling client I/O were missed from the SASL codepaths. Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 20180205114938.15784-5-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-16ui: check VNC audio frequency limit at time of reading from clientDaniel P. Berrangé
The 'vs->as.freq' value is a signed integer, which is read from an unsigned 32-bit int field on the wire. There is thus a risk of overflow on 32-bit platforms. Move the frequency limit checking to be done at time of read before casting to a signed integer. Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180205114938.15784-4-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-16ui: avoid 'local_err' variable shadowing in VNC SASL authDaniel P. Berrangé
The start_auth_sasl() method declares a 'Error *local_err' variable in an inner if () {...} scope, which shadows a variable of the same name declared at the start of the method. This is confusing for reviewers and may trigger compiler warnings. Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180205114938.15784-3-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-16ui: avoid risk of 32-bit int overflow in VNC buffer checkDaniel P. Berrangé
For very large framebuffers, it is theoretically possible for the result of 'vs->throttle_output_offset * VNC_THROTTLE_OUTPUT_LIMIT_SCALE' to exceed the size of a 32-bit int. For this to happen in practice, the video RAM would have to be set to a large enough value, which is not likely today. None the less we can be paranoid against future growth by using division instead of multiplication when checking the limits. Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180205114938.15784-2-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-16sdl2: fix mouse grabGerd Hoffmann
When qemu mouse mode changes from relative to absolute we must turn off sdl relative mouse mode too. Fixes: https://bugs.launchpad.net/qemu/+bug/1703795 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20180202120803.11501-1-kraxel@redhat.com>
2018-02-16sdl: restore optimized redrawAnatoly Trosinenko
The documentation on SDL_RenderPresent function states that "the backbuffer should be considered invalidated after each present", so copy the entire texture on each redraw. On the other hand, SDL_UpdateTexture function is described as "fairly slow function", so restrict it to just the changed pixels. Also added SDL_RenderClear call, as suggested in the documentation page on SDL_RenderPresent. Signed-off-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> Message-id: 20180205133228.25082-1-anatoly.trosinenko@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-16vnc: fix segfault in closed connection handlingKlim Kireev
On one of our client's node, due to trying to read from closed ioc, a segmentation fault occured. Corresponding backtrace: 0 object_get_class (obj=obj@entry=0x0) 1 qio_channel_readv_full (ioc=0x0, iov=0x7ffe55277180 ... 2 qio_channel_read (ioc=<optimized out> ... 3 vnc_client_read_buf (vs=vs@entry=0x55625f3c6000, ... 4 vnc_client_read_plain (vs=0x55625f3c6000) 5 vnc_client_read (vs=0x55625f3c6000) 6 vnc_client_io (ioc=<optimized out>, condition=G_IO_IN, ... 7 g_main_dispatch (context=0x556251568a50) 8 g_main_context_dispatch (context=context@entry=0x556251568a50) 9 glib_pollfds_poll () 10 os_host_main_loop_wait (timeout=<optimized out>) 11 main_loop_wait (nonblocking=nonblocking@entry=0) 12 main_loop () at vl.c:1909 13 main (argc=<optimized out>, argv=<optimized out>, ... Having analyzed the coredump, I understood that the reason is that ioc_tag is reset on vnc_disconnect_start and ioc is cleaned in vnc_disconnect_finish. Between these two events due to some reasons the ioc_tag was set again and after vnc_disconnect_finish the handler is running with freed ioc, which led to the segmentation fault. The patch checks vs->disconnecting in places where we call qio_channel_add_watch and resets handler if disconnecting == TRUE to prevent such an occurrence. Signed-off-by: Klim Kireev <klim.kireev@virtuozzo.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20180207094844.21402-1-klim.kireev@virtuozzo.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-16vnc: add qapi/error.h include to stubsGerd Hoffmann
Fixes --disable-vnc build failure. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 20180213070526.22475-1-kraxel@redhat.com
2018-02-16vnc: remove bogus object_unref on client socketDaniel P. Berrangé
vnc_listen_io() does not own the reference on the 'cioc' parameter is it passed, so should not be unref'ing it. Fixes: 13e1d0e71e78a925848258391a6e616b6b5ae219 Reported-by: Bandan Das <bsd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 20180215102602.10864-1-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-16Merge remote-tracking branch 'remotes/berrange/tags/qio-next-pull-request' ↵Peter Maydell
into staging # gpg: Signature made Thu 15 Feb 2018 17:50:22 GMT # gpg: using RSA key BE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/qio-next-pull-request: allow to build with older sed io/channel-command: Do not kill the child process after closing the pipe io: Add /dev/fdset/ support to QIOChannelFile io: Don't call close multiple times in QIOChannelFile io: Fix QIOChannelFile when creating and opening read-write io/channel-websock: handle continuous reads without any data io: fix QIONetListener memory leak Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-16tests/boot-serial-test: Fix problem with timeout due to dropped charactersThomas Huth
Commit 92b540dac9fc3a5 introduce a counter to handle the timeouts in a better way. But in case ccnt reaches 512, the current read character is ignored - and if that character is part of the string that we are looking for, the test fails to match the string. Almost all of the tests look for a string within the first 512 bytes of firmware output, so the problem never triggered there. But the hppa test that has been added recently looks for a longer string at the very end of a long output, thus there's a chance that we miss a character there so that the test fails unexpectedly. Fix it by *not* reading and dropping a character if the counter reaches 512. Fixes: 92b540dac9fc3a572c7342edd0b073000f5a6abf Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1518761564-9899-1-git-send-email-thuth@redhat.com [PMM: added initializer for nbd to silence false-positive warning from OpenBSD 6 compiler] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-16ppc4xx: Add device models found in PPC440 core SoCsBALATON Zoltan
These devices are found in newer SoCs based on 440 core e.g. the 460EX (http://www.embeddeddeveloper.com/assets/processors/amcc/datasheets/ PP460EX_DS2063.pdf) Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16ppc/spapr-caps: Disallow setting workaround for spapr-cap-ibsSuraj Jitindar Singh
The spapr-cap cap-ibs can only have values broken or fixed as there is no explicit workaround required. Currently setting the value workaround for this cap will hit an assert if the guest makes the hcall h_get_cpu_characteristics. Report an error when attempting to apply the setting with a more helpful error message. Reported-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16target/ppc: convert to TranslatorOpsEmilio G. Cota
A few changes worth noting: - Didn't migrate ctx->exception to DISAS_* since the exception field is in many cases architecturally relevant. - Moved the cross-page check from the end of translate_insn to tb_start. - Removed the exit(1) after a TCG temp leak; changed the fprintf there to qemu_log. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16target/ppc: convert to DisasContextBaseEmilio G. Cota
A couple of notes: - removed ctx->nip in favour of base->pc_next. Yes, it is annoying, but didn't want to waste its 4 bytes. - ctx->singlestep_enabled does a lot more than base.singlestep_enabled; this confused me at first. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16spapr: consolidate the VCPU id numbering logic in a single placeGreg Kurz
Several places in the code need to calculate a VCPU id: (cpu_index / smp_threads) * spapr->vsmt + cpu_index % smp_threads (core_id / smp_threads) * spapr->vsmt (1 user) index * spapr->vsmt (2 users) or guess that the VCPU id of a given VCPU is the first thread of a virtual core: index % spapr->vsmt != 0 Even if the numbering logic isn't that complex, it is rather fragile to have these assumptions open-coded in several places. FWIW this was proved with recent issues related to VSMT. This patch moves the VCPU id formula to a single function to be called everywhere the code needs to compute one. It also adds an helper to guess if a VCPU is the first thread of a VCORE. Signed-off-by: Greg Kurz <groug@kaod.org> [dwg: Rename spapr_is_vcore() to spapr_is_thread0_in_vcore() for clarity] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16spapr: rename spapr_vcpu_id() to spapr_get_vcpu_id()Greg Kurz
The spapr_vcpu_id() function is an accessor actually. Let's rename it for symmetry with the recently added spapr_set_vcpu_id() helper. The motivation behind this is that a later patch will consolidate the VCPU id formula in a function and spapr_vcpu_id looks like an appropriate name. Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16spapr: move VCPU calculation to core machine codeGreg Kurz
The VCPU ids are currently computed and assigned to each individual CPU threads in spapr_cpu_core_realize(). But the numbering logic of VCPU ids is actually a machine-level concept, and many places in hw/ppc/spapr.c also have to compute VCPU ids out of CPU indexes. The current formula used in spapr_cpu_core_realize() is: vcpu_id = (cc->core_id * spapr->vsmt / smp_threads) + i where: cc->core_id is a multiple of smp_threads cpu_index = cc->core_id + i 0 <= i < smp_threads So we have: cpu_index % smp_threads == i cc->core_id / smp_threads == cpu_index / smp_threads hence: vcpu_id = (cpu_index / smp_threads) * spapr->vsmt + cpu_index % smp_threads; This formula was used before VSMT at the time VCPU ids where computed at the target emulation level. It has the advantage of being useable to derive a VPCU id out of a CPU index only. It is fitted for all the places where the machine code has to compute a VCPU id. This patch introduces an accessor to set the VCPU id in a PowerPCCPU object using the above formula. It is a first step to consolidate all the VCPU id logic in a single place. Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16spapr: use spapr->vsmt to compute VCPU idsGreg Kurz
Since the introduction of VSMT in 2.11, the spacing of VCPU ids between cores is controllable through a machine property instead of being only dictated by the SMT mode of the host: cpu->vcpu_id = (cc->core_id * spapr->vsmt / smp_threads) + i Until recently, the machine code would try to change the SMT mode of the host to be equal to VSMT or exit. This allowed the rest of the code to assume that kvmppc_smt_threads() == spapr->vsmt is always true. Recent commit "8904e5a75005 spapr: Adjust default VSMT value for better migration compatibility" relaxed the rule. If the VSMT mode cannot be set in KVM for some reasons, but the requested CPU topology is compatible with the current SMT mode, then we let the guest run with kvmppc_smt_threads() != spapr->vsmt. This breaks quite a few places in the code, in particular when calculating DRC indexes. This is what happens on a POWER host with subcores-per-core=2 (ie, supports up to SMT4) when passing the following topology: -smp threads=4,maxcpus=16 \ -device host-spapr-cpu-core,core-id=4,id=core1 \ -device host-spapr-cpu-core,core-id=8,id=core2 qemu-system-ppc64: warning: Failed to set KVM's VSMT mode to 8 (errno -22) This is expected since KVM is limited to SMT4, but the guest is started anyway because this topology can run on SMT4 even with a VSMT8 spacing. But when we look at the DT, things get nastier: cpus { ... ibm,drc-indexes = <0x4 0x10000000 0x10000004 0x10000008 0x1000000c>; This means that we have the following association: CPU core device | DRC | VCPU id -----------------+------------+--------- boot core | 0x10000000 | 0 core1 | 0x10000004 | 4 core2 | 0x10000008 | 8 core3 | 0x1000000c | 12 But since the spacing of VCPU ids is 8, the DRC for core1 points to a VCPU that doesn't exist, the DRC for core2 points to the first VCPU of core1 and and so on... ... PowerPC,POWER8@0 { ... ibm,my-drc-index = <0x10000000>; ... }; PowerPC,POWER8@8 { ... ibm,my-drc-index = <0x10000008>; ... }; PowerPC,POWER8@10 { ... No ibm,my-drc-index property for this core since 0x10000010 doesn't exist in ibm,drc-indexes above. ... }; }; ... interrupt-controller { ... ibm,interrupt-server-ranges = <0x0 0x10>; With a spacing of 8, the highest VCPU id for the given topology should be: 16 * 8 / 4 = 32 and not 16 ... linux,phandle = <0x7e7323b8>; interrupt-controller; }; And CPU hot-plug/unplug is broken: (qemu) device_del core1 pseries-hotplug-cpu: Cannot find CPU (drc index 10000004) to remove (qemu) device_del core2 cpu 4 (hwid 8) Ready to die... cpu 5 (hwid 9) Ready to die... cpu 6 (hwid 10) Ready to die... cpu 7 (hwid 11) Ready to die... These are the VCPU ids of core1 actually (qemu) device_add host-spapr-cpu-core,core-id=12,id=core3 (qemu) device_del core3 pseries-hotplug-cpu: Cannot find CPU (drc index 1000000c) to remove This patches all the code in hw/ppc/spapr.c to assume the VSMT spacing when manipulating VCPU ids. Fixes: 8904e5a75005 Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16ppc/spapr-caps: Change migration macro to take full spapr-cap nameSuraj Jitindar Singh
Change the macro that generates the vmstate migration field and the needed function for the spapr-caps to take the full spapr-cap name. This has the benefit of meaning this instance will be picked up when greping for the spapr-caps and making it more obvious what this macro is doing. Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16hw/char: remove legacy interface escc_init()Laurent Vivier
Move necessary stuff in escc.h and update type names. Remove slavio_serial_ms_kbd_init(). Fix code style problems reported by checkpatch.pl Update mac_newworld, mac_oldworld and sun4m to use directly the QDEV interface. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16hw/ppc/spapr_hcall: set htab_shift after kvmppc_resize_hpt_commitDaniel Henrique Barboza
Newer kernels have a htab resize capability when adding or remove memory. At these situations, the guest kernel might reallocate its htab to a more suitable size based on the resulting memory. However, we're not setting the new value back into the machine state when a KVM guest resizes its htab. At first this doesn't seem harmful, but when migrating or saving the guest state (via virsh managedsave, for instance) this mismatch between the htab size of QEMU and the kernel makes the guest hangs when trying to load its state. Inside h_resize_hpt_commit, the hypercall that commits the hash page resize changes, let's set spapr->htab_shift to the new value if we're sure that kvmppc_resize_hpt_commit were successful. While we're here, add a "not RADIX" sanity check as it is already done in the related hypercall h_resize_hpt_prepare. Fixes: https://github.com/open-power-host-os/qemu/issues/28 Reported-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com> Signed-off-by: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16cuda: convert to trace-eventsMark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16ppc: move CUDAState and other CUDA-related definitions into separate cuda.h fileMark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-16cuda: convert to use the shared mos6522 deviceMark Cave-Ayland
Add the relevant hooks as required for the MacOS timer calibration and delayed SR interrupt. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-02-15Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20180215-1' into staging target-arm queue: * aspeed: code cleanup to use unimplemented_device * preparatory work for 'raspi3' RaspberryPi 3 machine model * more SVE prep work * v8M: add minor missing registers * v7M: fix bug where we weren't migrating v7m.other_sp * v7M: fix bugs in handling of interrupt registers for external interrupts beyond 32 # gpg: Signature made Thu 15 Feb 2018 18:34:40 GMT # gpg: using RSA key 3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20180215-1: raspi: Raspberry Pi 3 support bcm2836: Make CPU type configurable target/arm: Implement v8M MSPLIM and PSPLIM registers target/arm: Migrate v7m.other_sp target/arm: Add AIRCR to vmstate struct hw/intc/armv7m_nvic: Fix byte-to-interrupt number conversions target/arm: Implement writing to CONTROL_NS for v8M hw/intc/armv7m_nvic: Implement SCR hw/intc/armv7m_nvic: Implement cache ID registers hw/intc/armv7m_nvic: Implement v8M CPPWR register hw/intc/armv7m_nvic: Implement M profile cache maintenance ops hw/intc/armv7m_nvic: Fix ICSR PENDNMISET/CLR handling hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVIC target/arm: Handle SVE registers when using clear_vec_high target/arm: Enforce access to ZCR_EL at translation target/arm: Suppress TB end for FPCR/FPSR target/arm: Enforce FP access to FPCR/FPSR target/arm: Remove ARM_CP_64BIT from ZCR_EL registers hw/arm/aspeed: simplify using the 'unimplemented device' for aspeed_soc.io hw/arm/aspeed: directly map the serial device to the system address space Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-15raspi: Raspberry Pi 3 supportPekka Enberg
This patch adds Raspberry Pi 3 support to hw/arm/raspi.c. The differences to Pi 2 are: - Firmware address - Board ID - Board revision The CPU is different too, but that's going to be configured as part of the machine default CPU when we introduce a new machine type. The patch was written from scratch by me but the logic is similar to Zoltán Baldaszti's previous work, which I used as a reference (with permission from the author): https://github.com/bztsrc/qemu-raspi3 Signed-off-by: Pekka Enberg <penberg@iki.fi> [PMM: fixed trailing whitespace on one line] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-15bcm2836: Make CPU type configurablePekka Enberg
This patch adds a "cpu-type" property to BCM2836 SoC in preparation for reusing the code for the Raspberry Pi 3, which has a different processor model. Signed-off-by: Pekka Enberg <penberg@iki.fi> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-15target/arm: Implement v8M MSPLIM and PSPLIM registersPeter Maydell
The v8M architecture includes hardware support for enforcing stack pointer limits. We don't implement this behaviour yet, but provide the MSPLIM and PSPLIM stack pointer limit registers as reads-as-written, so that when we do implement the checks in future this won't break guest migration. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180209165810.6668-12-peter.maydell@linaro.org
2018-02-15target/arm: Migrate v7m.other_spPeter Maydell
In commit abc24d86cc0364f we accidentally broke migration of the stack pointer value for the mode (process, handler) the CPU is not currently running as. (The commit correctly removed the no-longer-used v7m.current_sp flag from the VMState but also deleted the still very much in use v7m.other_sp SP value field.) Add a subsection to migrate it again. (We don't need to care about trying to retain compatibility with pre-abc24d86cc0364f versions of QEMU, because that commit bumped the version_id and we've since bumped it again a couple of times.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180209165810.6668-11-peter.maydell@linaro.org
2018-02-15target/arm: Add AIRCR to vmstate structPeter Maydell
In commit commit 3b2e934463121 we added support for the AIRCR register holding state, but forgot to add it to the vmstate structs. Since it only holds r/w state if the security extension is implemented, we can just add it to vmstate_m_security. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180209165810.6668-10-peter.maydell@linaro.org
2018-02-15hw/intc/armv7m_nvic: Fix byte-to-interrupt number conversionsPeter Maydell
In many of the NVIC registers relating to interrupts, we have to convert from a byte offset within a register set into the number of the first interrupt which is affected. We were getting this wrong for: * reads of NVIC_ISPR<n>, NVIC_ISER<n>, NVIC_ICPR<n>, NVIC_ICER<n>, NVIC_IABR<n> -- in all these cases we were missing the "* 8" needed to convert from the byte offset to the interrupt number (since all these registers use one bit per interrupt) * writes of NVIC_IPR<n> had the opposite problem of a spurious "* 8" (since these registers use one byte per interrupt) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180209165810.6668-9-peter.maydell@linaro.org
2018-02-15target/arm: Implement writing to CONTROL_NS for v8MPeter Maydell
In commit 50f11062d4c896 we added support for MSR/MRS access to the NS banked special registers, but we forgot to implement the support for writing to CONTROL_NS. Correct the omission. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180209165810.6668-8-peter.maydell@linaro.org
2018-02-15hw/intc/armv7m_nvic: Implement SCRPeter Maydell
We were previously making the system control register (SCR) just RAZ/WI. Although we don't implement the functionality this register controls, we should at least provide the state, including the banked state for v8M. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180209165810.6668-7-peter.maydell@linaro.org
2018-02-15hw/intc/armv7m_nvic: Implement cache ID registersPeter Maydell
M profile cores have a similar setup for cache ID registers to A profile: * Cache Level ID Register (CLIDR) is a fixed value * Cache Type Register (CTR) is a fixed value * Cache Size ID Registers (CCSIDR) are a bank of registers; which one you see is selected by the Cache Size Selection Register (CSSELR) The only difference is that they're in the NVIC memory mapped register space rather than being coprocessor registers. Implement the M profile view of them. Since neither Cortex-M3 nor Cortex-M4 implement caches, we don't need to update their init functions and can leave the ctr/clidr/ccsidr[] fields in their ARMCPU structs at zero. Newer cores (like the Cortex-M33) will want to be able to set these ID registers to non-zero values, though. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180209165810.6668-6-peter.maydell@linaro.org
2018-02-15hw/intc/armv7m_nvic: Implement v8M CPPWR registerPeter Maydell
The Coprocessor Power Control Register (CPPWR) is new in v8M. It allows software to control whether coprocessors are allowed to power down and lose their state. QEMU doesn't have any notion of power control, so we choose the IMPDEF option of making the whole register RAZ/WI (indicating that no coprocessors can ever power down and lose state). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180209165810.6668-5-peter.maydell@linaro.org
2018-02-15hw/intc/armv7m_nvic: Implement M profile cache maintenance opsPeter Maydell
For M profile cores, cache maintenance operations are done by writing to special registers in the system register space. For QEMU, cache operations are always NOPs, since we don't implement the cache. Implementing these explicitly avoids a spurious LOG_GUEST_ERROR when the guest uses them. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180209165810.6668-4-peter.maydell@linaro.org
2018-02-15hw/intc/armv7m_nvic: Fix ICSR PENDNMISET/CLR handlingPeter Maydell
The PENDNMISET/CLR bits in the ICSR should be RAZ/WI from NonSecure state if the AIRCR.BFHFNMINS bit is zero. We had misimplemented this as making the bits RAZ/WI from both Secure and NonSecure states. Fix this bug by checking attrs.secure so that Secure code can pend and unpend NMIs. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180209165810.6668-3-peter.maydell@linaro.org
2018-02-15hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVICPeter Maydell
Instead of hardcoding the values of M profile ID registers in the NVIC, use the fields in the CPU struct. This will allow us to give different M profile CPU types different ID register values. This commit includes the addition of the missing ID_ISAR5, which exists as RES0 in both v7M and v8M. (The values of the ID registers might be wrong for the M4 -- this commit leaves the behaviour there unchanged.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180209165810.6668-2-peter.maydell@linaro.org
2018-02-15target/arm: Handle SVE registers when using clear_vec_highRichard Henderson
When storing to an AdvSIMD FP register, all of the high bits of the SVE register are zeroed. Therefore, call it more often with is_q as a parameter. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180211205848.4568-6-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-15target/arm: Enforce access to ZCR_EL at translationRichard Henderson
This also makes sure that we get the correct ordering of SVE vs FP exceptions. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180211205848.4568-5-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-15target/arm: Suppress TB end for FPCR/FPSRRichard Henderson
Nothing in either register affects the TB. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180211205848.4568-4-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>