aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-12-16exec: extract TB watchpoint checkBlue Swirl
Will be moved by the next patch. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-16exec: fix coding styleBlue Swirl
Fix coding style in areas to be moved by later patches. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-15Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agrafBlue Swirl
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf: (40 commits) pseries: Increase default NVRAM size target-ppc: Don't use hwaddr to represent hardware state PPC: e500: pci: Export slot2irq calculation PPC: E500plat: Make a lot of PCI slots available PPC: E500: Move PCI slot information into params PPC: E500: Generate dt pci irq map dynamically PPC: E500: PCI: Make IRQ calculation more generic PPC: E500: PCI: Make first slot qdev settable openpic: Accelerate pending irq search openpic: fix minor coding style issues MSI-X: Fix endianness PPC: e500: Declare pci bridge as bridge PPC: e500: Add MSI support openpic: add Shared MSI support openpic: make brr1 model specific openpic: convert to qdev openpic: remove irq_out openpic: rename openpic_t to OpenPICState openpic: convert simple reg operations to builtin bitops openpic: remove unused type variable ...
2012-12-15target-xtensa: fix ITLB/DTLB page protection flagsMax Filippov
With MMU option xtensa architecture has two TLBs: ITLB and DTLB. ITLB is only used for code access, DTLB is only for data. However TLB entries in both TLBs have attribute field controlling write and exec access. These bits need to be properly masked off depending on TLB type before being used as tlb_set_page prot argument. Otherwise the following happens: (1) ITLB entry for some PFN gets invalidated (2) DTLB entry for the same PFN gets updated, attributes allow code execution (3) code at the page with that PFN is executed (possible due to step 2), entry for the TB is written into the jump cache (4) QEMU TLB entry for the PFN gets replaced with an entry for some other PFN (5) code in the TB from step 3 is executed (possible due to jump cache) and it accesses data, for which there's no DTLB entry, causing DTLB miss exception (6) re-translation of the TB from step 5 is attempted, but there's no QEMU TLB entry nor xtensa ITLB entry for that PFN, which causes ITLB miss exception at the TB start address (7) ITLB miss exception is handled by the guest, but execution is resumed from the beginning of the faulting TB (the point where ITLB miss occured), not from the point where DTLB miss occured, which is wrong. With that fix the above scenario causes ITLB miss exception (that used to be step 7) at step 3, right at the beginning of the TB. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Cc: qemu-stable@nongnu.org Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-14console: clip update rectangleGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-14pixman: fix vnc tight png/jpeg supportGerd Hoffmann
This patch adds an x argument to qemu_pixman_linebuf_fill so it can also be used to convert a partial scanline. Then fix tight + png/jpeg encoding by passing in the x+y offset, so the data is read from the correct screen location instead of the upper left corner. Cc: 1087974@bugs.launchpad.net Cc: qemu-stable@nongnu.org Reported-by: Tim Hardeneck <thardeck@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-14pixman: update internal copy to pixman-0.28.2Gerd Hoffmann
Some w64 fixes by Stefan Weil found their way into 0.28.2, so update the internal copy to that version to improve windows support. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-14Revert "pixman: require 0.18.4 or newer"Gerd Hoffmann
This reverts commit 288fa40736e6eb63132d01aa6dc21ee831b796ae. The only reason old pixman versions didn't work was the missing PIXMAN_TYPE_BGRA, which is properly #ifdef'ed now. So we don't have to require a minimum pixman version. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-14pixman: fix version check for PIXMAN_TYPE_BGRAGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-12-14pseries: Increase default NVRAM sizeDavid Gibson
If no image file for NVRAM is specified, the pseries machine currently creates a 16K non-persistent NVRAM by default. This basically works, but is not large enough for current firmware and guest kernels to create all the NVRAM partitions they would like to. Increasing the default size to 64K addresses this and stops the guest generating error messages. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14target-ppc: Don't use hwaddr to represent hardware stateDavid Gibson
The hwaddr type is somewhat vaguely defined as being able to contain bus addresses on the widest possible bus in the system. For that reason it's discouraged for representing specific pieces of persistent hardware state, which should instead use an explicit width type that matches the bits available in real hardware. In particular, because of the possibility that the size of hwaddr might change if different buses are added to the target in future, it's not suitable for use in vm state descriptions for savevm and migration. This patch purges such unwise uses of hwaddr from the ppc target code, which turns out to be just one. The ppcemb_tlb_t struct, used on a number of embedded ppc models to represent a TLB entry contains a hwaddr for the real address field. This patch changes it to be a fixed uint64_t which is suitable enough for all machine types which use this structure. Other uses of hwaddr in CPUPPCState turn out not to be problematic: htab_base and htab_mask are just used for the convenience of the TCG code; the underlying machine state is the SDR1 register, which is stored with a suitable type already. Likewise the mpic_cpu_base field is only used internally and does not represent fundamental hardware state which needs to be saved. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14PPC: e500: pci: Export slot2irq calculationAlexander Graf
We need the calculation method to get from a PCI slot ID to its respective interrupt line twice. Once in the internal map function and once when assembling the device tree. So let's extract the calculation to a separate function that can be called by both users. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14PPC: E500plat: Make a lot of PCI slots availableAlexander Graf
The ppce500 machine doesn't have to stick to hardware limitations, as it's defined as being fully device tree based. Thus we can change the initial PCI slot ID to 0x1 which gives us a whopping 31 PCI devices we can support with this machine now! Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14PPC: E500: Move PCI slot information into paramsAlexander Graf
We have a params struct that allows us to expose differences between e500 machine models. Include PCI slot information there, so we can have different machines with different PCI slot topology. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14PPC: E500: Generate dt pci irq map dynamicallyAlexander Graf
Today we're hardcoding the PCI interrupt map in the e500 machine file. Instead, let's write it dynamically so that different machine types can have different slot properties. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14PPC: E500: PCI: Make IRQ calculation more genericAlexander Graf
The IRQ line calculation is more or less hardcoded today. Instead, let's write it as an algorithmic function that theoretically allows an arbitrary number of PCI slots. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14PPC: E500: PCI: Make first slot qdev settableAlexander Graf
Today the first slot id in our e500 pci implementation is hardcoded to 0x11. Keep it there as default, but allow users to change the default to a different id. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: Accelerate pending irq searchAlexander Graf
When we're done with one interrupt, we need to search for the next pending interrupt in the queue. This search has grown quite big now that we have more than 256 possible irq lines. So let's memorize how many interrupts we have pending in our bitmaps, so that we can always bail out in the usual case - the one where we're all done. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: fix minor coding style issuesAlexander Graf
This patch removes all remaining occurences of spaces before function parameter indicating parenthesis. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14MSI-X: Fix endiannessAlexander Graf
The MSI-X vector tables are usually stored in little endian in memory, so let's mark the accessors as such. This fixes MSI-X on e500 for me. Signed-off-by: Alexander Graf <agraf@suse.de> Acked-by: Michael S. Tsirkin <mst@redhat.com>
2012-12-14PPC: e500: Declare pci bridge as bridgeAlexander Graf
The new PCI host bridge device needs to identify itself as PCI host bridge. Declare it as such. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14PPC: e500: Add MSI supportAlexander Graf
Now that our interrupt controller supports MSIs, let's expose that feature to the guest through the device tree! Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: add Shared MSI supportAlexander Graf
The OpenPIC allows MSI access through shared MSI registers. Implement them for the MPC8544 MPIC, so we can support MSIs. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: make brr1 model specificAlexander Graf
Now that we can properly distinguish between openpic model differences, let's move brr1 out of the raven code path. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: convert to qdevAlexander Graf
This patch converts the OpenPIC device to qdev. Along the way it renames the "openpic" target to "raven" and the "mpic" target to "fsl_mpic_20", to better reflect the actual models they implement. This way we have a generic OpenPIC device now that can handle different flavors of the OpenPIC specification. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: remove irq_outAlexander Graf
The current openpic emulation contains half-ready code for bypass mode. Remove it, so that when someone wants to finish it they can start from a clean state. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: rename openpic_t to OpenPICStateAlexander Graf
Rename the openpic_t struct to OpenPICState, so it adheres better to the current coding style rules. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: convert simple reg operations to builtin bitopsAlexander Graf
The openpic code has its own bitmap code to access bits inside of a bitmap. However, that is overkill when we simply want to check for a bit inside of a uint32_t. So instead, let's use normal bit masks and C builtin shifts and ands. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: remove unused type variableAlexander Graf
The openpic source irqs are carrying around a type indicator that is never accessed by anything. Remove it. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: unify memory api subregionsAlexander Graf
The only difference between the "openpic" and "mpic" memory api subregion descriptors is the endianness. Unify them as openpic accessors with explicit endianness markers in their names. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: combine openpic and mpic reset functionsAlexander Graf
The openpic and mpic reset handlers are almost identical. Combine them and extract the differences into state variables. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: merge mpic and openpic timer handlingAlexander Graf
The openpic and mpic timer handling code is basically the same. Merge them. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: combine mpic and openpic irq raise functionsAlexander Graf
The IRQ raise mechanisms of the OpenPIC and MPIC controllers is identical, just that the MPIC one can also raise critical interrupts. Combine those two and check for critical raise capability during runtime. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: Convert subregions to memory apiAlexander Graf
The "openpic" controller is currently using one big region and does subregion dispatching manually. Move this to the memory api. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: combine mpic and openpic src handlersAlexander Graf
The MPIC source irq handler suddenly became identical to the standard OpenPIC source irq handler. Combine them into the same function. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: update to proper memory apiAlexander Graf
The openpic code was still using the old mmio memory api. Convert it to be a generic memory api user and clean up some code that becomes redundant that way. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14mpic: Unify numbering schemeAlexander Graf
MPIC interrupt numbers in Linux (device tree) and in QEMU are different, because QEMU takes the sparseness of the IRQ number space into account. Remove that cleverness and instead assume a flat number space. This makes the code easier to understand, because we are actually aligned with Linux on the view of our worlds. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14openpic: Remove unused codeAlexander Graf
The openpic code had a few WIP bits left that nobody reanimated within the last few years. Remove that code. Signed-off-by: Alexander Graf <agraf@suse.de> Acked-by: Hervé Poussineau <hpoussin@reactos.org>
2012-12-14pseries: Don't allow TCE (iommu) tables to be registered with duplicate LIOBNsDavid Gibson
The PAPR specification requires that every bus or device mediated by the IOMMU have a unique Logical IO Bus Number (LIOBN). This patch adds a check to enforce this, which will help catch errors in configuration earlier. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14Adding BAR0 for e500 PCI controllerBharat Bhushan
PCI Root complex have TYPE-1 configuration header while PCI endpoint have type-0 configuration header. The type-1 configuration header have a BAR (BAR0). In Freescale PCI controller BAR0 is used for mapping pci address space to CCSR address space. This can used for 2 purposes: 1) for MSI interrupt generation 2) Allow CCSR registers access when configured as PCI endpoint, which I am not sure is a use case with QEMU-KVM guest. What I observed is that when guest read the size of BAR0 of host controller configuration header (TYPE1 header) then it always reads it as 0. When looking into the QEMU hw/ppce500_pci.c, I do not find the PCI controller device registering BAR0. I do not find any other controller also doing so may they do not use BAR0. There are two issues when BAR0 is not there (which I can think of): 1) There should be BAR0 emulated for PCI Root complex (TYPE1 header) and when reading the size of BAR0, it should give size as per real h/w. 2) Do we need this BAR0 inbound address translation? When BAR0 is of non-zero size then it will be configured for PCI address space to local address(CCSR) space translation on inbound access. The primary use case is for MSI interrupt generation. The device is configured with an address offsets in PCI address space, which will be translated to MSI interrupt generation MPIC registers. Currently I do not understand the MSI interrupt generation mechanism in QEMU and also IIRC we do not use QEMU MSI interrupt mechanism on e500 guest machines. But this BAR0 will be used when using MSI on e500. I can see one more issue, There are ATMUs emulated in hw/ppce500_pci.c, but i do not see these being used for address translation. So far that works because pci address space and local address space are 1:1 mapped. BAR0 inbound translation + ATMU translation will complete the address translation of inbound traffic. Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com> [agraf: fix double variable assignment w/o read] Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14e500: Adding CCSR memory regionBharat Bhushan
All devices are also placed under CCSR memory region. The CCSR memory region is exported to pci device. The MSI interrupt generation is the main reason to export the CCSR region to PCI device. This put the requirement to move mpic under CCSR region, but logically all devices should be under CCSR. So this patch places all emulated devices under ccsr region. Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14pseries: Update SLOF for NVRAM supportDavid Gibson
Now that we have implemented PAPR compatible NVRAM interfaces in qemu, this updates the SLOF firmware to actually initialize and use the NVRAM as a PAPR guest firmware is expected to do. This SLOF update also includes an ugly but useful workaround for a bug in the SLES11 installer which caused it to fail under KVM. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14pseries: Implement PAPR NVRAMDavid Gibson
The PAPR specification requires a certain amount of NVRAM, accessed via RTAS, which we don't currently implement in qemu. This patch addresses this deficiency, implementing the NVRAM as a VIO device, with some glue to instantiate it automatically based on a machine option. The machine option specifies a drive id, which is used to back the NVRAM, making it persistent. If nothing is specified, the driver instead simply allocates space for the NVRAM, which will not be persistent Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14pseries: Split xics irq configuration from state informationDavid Gibson
Currently the XICS irq controller code has a per-irq state structure which amongst other things includes whether the interrupt is level or message triggered - this is configured by the platform code, and is not directly visible to the guest. This leads to a slightly awkward construct at reset time where we need to reset everything in the state structure _except_ the lsi/msi flag, which needs to retain the information given at platform init time. More importantly this flag will make matching the qemu state to the KVM state for the upcoming in-kernel XICS implementation more awkward. This patch, therefore, removes this flag from the per-irq state structure, instead adding a parallel array giving the lsi/msi configuration per irq. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14pseries: Add tracepoints to the XICS interrupt controllerDavid Gibson
This patch adds tracing / debugging calls to the XICS interrupt controller implementation used on the pseries machine. Signed-off-by: Ben Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14pseries: Allow RTAS tokens without a qemu handlerBen Herrenschmidt
Kernel-based RTAS calls will not have a qemu handler, but will still be registered in qemu in order to be assigned a token number and appear in the device-tree. Let's test for the name being NULL rather than the handler when deciding to skip an entry while building the device-tree Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14pseries: Return the token when we register an RTAS callMichael Ellerman
The kernel will soon be able to service some RTAS calls. However the choice of tokens will still be up to userspace. To support this have spapr_rtas_register() return the token that is allocated for an RTAS call, that allows the calling code to tell the kernel what the token value is. Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14pseries: Use #define for XICS base irq numberBen Herrenschmidt
Currently the lowest "real" irq number for the XICS irq controller (as opposed to numbers reserved for IPIs and other special purposes) is hard coded as 16 in two places - in xics_system_init() and in spapr.c. As well as being generally bad practice, we're going to need to change this number soon to fit in with the in-kernel XICS implementation. This patch adds a #define for this number to avoid future breakage. Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Ben Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-14pseries: Fix incorrect initialization of interrupt controllerDavid Gibson
Currently in the reset code for the XICS interrupt controller, we initialize the pending_priority field to 0 (most favored, by XICS convention). This is incorrect, since there is no pending interrupt, it should be set to least favored - 0xff. At the moment our XICS implementation doesn't get hurt by this edge case, but it does confuse the upcoming kernel XICS implementation. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-12-13Merge remote-tracking branch 'kwolf/for-anthony' into stagingAnthony Liguori
* kwolf/for-anthony: (43 commits) qcow2: Factor out handle_dependencies() qcow2: Execute run_dependent_requests() without lock qcow2: Enable dirty flag in qcow2_alloc_cluster_link_l2 qcow2: Allocate l2meta only for cluster allocations qcow2: Drop l2meta.cluster_offset qcow2: Allocate l2meta dynamically qcow2: Introduce Qcow2COWRegion qcow2: Round QCowL2Meta.offset down to cluster boundary atapi: reset cdrom tray statuses on ide_reset qemu-iotests: Test concurrent cluster allocations qcow2: Move BLKDBG_EVENT out of the lock qemu-io: Add AIO debugging commands blkdebug: Implement suspend/resume of AIO requests blkdebug: Factor out remove_rule() blkdebug: Allow usage without config file create new function: qemu_opt_set_number use qemu_opts_create_nofail introduce qemu_opts_create_nofail function qemu-option: qemu_opt_set_bool(): fix code duplication qemu-option: qemu_opts_validate(): fix duplicated code ... Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>