aboutsummaryrefslogtreecommitdiff
path: root/hw/misc
AgeCommit message (Collapse)Author
2014-08-19Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
SCSI changes that enable sending vendor-specific commands via virtio-scsi. Memory changes for QOMification and automatic tracking of MR lifetime. # gpg: Signature made Mon 18 Aug 2014 13:03:09 BST using RSA key ID 9B4D86F2 # gpg: Good signature from "Paolo Bonzini <pbonzini@redhat.com>" # gpg: aka "Paolo Bonzini <bonzini@gnu.org>" * remotes/bonzini/tags/for-upstream: mtree: remove write-only field memory: Use canonical path component as the name memory: Use memory_region_name for name access memory: constify memory_region_name exec: Abstract away ref to memory region names loader: Abstract away ref to memory region names tpm_tis: remove instance_finalize callback memory: remove memory_region_destroy memory: convert memory_region_destroy to object_unparent ioport: split deletion and destruction nic: do not destroy memory regions in cleanup functions vga: do not dynamically allocate chain4_alias sysbus: remove unused function sysbus_del_io qom: object: move unparenting to the child property's release callback qom: object: delete properties before calling instance_finalize virtio-scsi: implement parse_cdb scsi-block, scsi-generic: implement parse_cdb scsi-block: extract scsi_block_is_passthrough scsi-bus: introduce parse_cdb in SCSIDeviceClass and SCSIBusInfo scsi-bus: prepare scsi_req_new for introduction of parse_cdb Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-08-18memory: remove memory_region_destroyPaolo Bonzini
The function is empty after the previous patch, so remove it. Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-18memory: convert memory_region_destroy to object_unparentPaolo Bonzini
Explicitly call object_unparent in the few places where we will re-create the memory region. If the memory region is simply being destroyed as part of device teardown, let QOM handle it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-15Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-08-15' ↵Peter Maydell
into staging trivial patches for 2014-08-15 # gpg: Signature made Fri 15 Aug 2014 16:13:03 BST using RSA key ID A4C3D7DB # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 # Subkey fingerprint: 6F67 E18E 7C91 C5B1 5514 66A7 BEE5 9D74 A4C3 D7DB * remotes/mjt/tags/trivial-patches-2014-08-15: ivshmem: check the value returned by fstat() l2cap: fix access to freed memory intc: i8259: Convert Array allocation to g_new0 ppc: convert g_new(qemu_irq usages to g_new0 ssi: xilinx_spi: Initialise CS GPIOs as NULL vl: free err qemu-options.hx: fix typo about l2tpv3 vmxnet3: don't use 'Yoda conditions' vl: don't use 'Yoda conditions' spice: don't use 'Yoda conditions' don't use 'Yoda conditions' isa-bus: don't use 'Yoda conditions' audio: don't use 'Yoda conditions' usb: don't use 'Yoda conditions' CODING_STYLE: Section about conditional statement pci-host: update uncorresponding description pci-host: update obsolete reference about piix_pci.c qemu-options.hx: fix a typo of chardev memory: Update obsolete comment about AddrRange field type apic: Fix reported DFR content Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-08-15ivshmem: check the value returned by fstat()zhanghailiang
The function fstat() may fail, so check its return value. Acked-by: Levente Kurusa <lkurusa@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-08-14ivshmem: fix building when debug mode is enabledLevente Kurusa
ivsmem_offset was removed, however this debug statement was not updated. Modify the statement to fit the new mechanic. Signed-off-by: Levente Kurusa <lkurusa@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-08-05vfio: Don't cache MSIMessageAlex Williamson
Commit 40509f7f added a test to avoid updating KVM MSI routes when the MSIMessage is unchanged and f4d45d47 switched to relying on this rather than doing our own comparison. Our cached msg is effectively unused now. Remove it. Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-08-05vfio: Fix MSI-X vector expansionAlex Williamson
When new MSI-X vectors are enabled we need to disable MSI-X and re-enable it with the correct number of vectors. That means we need to reprogram the eventfd triggers for each vector. Prior to f4d45d47 vector->use tracked whether a vector was masked or unmasked and we could always pick the KVM path when available for unmasked vectors. Now vfio doesn't track mask state itself and vector->use and virq remains configured even for masked vectors. Therefore we need to ask the MSI-X code whether a vector is masked in order to select the correct signaling path. As noted in the comment, MSI relies on hardware to handle masking. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Cc: qemu-stable@nongnu.org # QEMU 2.1
2014-07-22hw/misc/imx_ccm.c: Add missing VMState list terminatorPeter Maydell
The VMStateDescription for the imx_ccm device was missing its terminator. Found by static search of the codebase using a regex based on one suggested by Ian Jackson: pcregrep -rMi '(?s)VMStateField(?:(?!END_OF_LIST).)*?;' $(git grep -l 'VMStateField\[\]') Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-stable@nongnu.org
2014-07-15sPAPR/IOMMU: Fix TCE entry permissionGavin Shan
The permission of TCE entry should exclude physical base address. Otherwise, unmapping TCE entry can be interpreted to mapping TCE entry wrongly for VFIO devices. Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-30hw: Fix qemu_allocate_irqs() leaksAndreas Färber
Replace qemu_allocate_irqs(foo, bar, 1)[0] with qemu_allocate_irq(foo, bar, 0). This avoids leaking the dereferenced qemu_irq *. Cc: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andreas Färber <afaerber@suse.de> [PC Changes: * Applied change to instance in sh4/sh7750.c ] Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Kirill Batuzov <batuzovk@ispras.ru> [AF: Fix IRQ index in sh4/sh7750.c] Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-06-30vfio: use correct runstatePaolo Bonzini
io-error is for block device errors; it should always be preceded by a BLOCK_IO_ERROR event. I think vfio wants to use RUN_STATE_INTERNAL_ERROR instead. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-06-30vfio: Make BARs native endianAlexey Kardashevskiy
Slow BAR access path is used when VFIO fails to mmap() BAR. Since this is just a transport between the guest and a device, there is no need to do endianness swapping. This changes BARs to use native endianness. Since non-ROM BARs were doing byte swapping, we need to remove it so does the patch. As the result, this eliminates cancelling byte swaps and there is no change in behavior for non-ROM BARs. ROM BARs were declared little endian too but byte swapping was not implemented for them so they never actually worked on big endian systems as there was no cancelling byte swap. This fixes endiannes for ROM BARs by declaring them native endian and only fixing access sizes as it is done for non-ROM BARs. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-06-30vfio-pci: Fix MSI-X masking performanceAlex Williamson
There are still old guests out there that over-exercise MSI-X masking. The current code completely sets-up and tears-down an MSI-X vector on the "use" and "release" callbacks. While this is functional, it can slow an old guest to a crawl. We can easily skip the KVM parts of this so that we keep the MSI route and irqfd setup. We do however need to switch VFIO to trigger a different eventfd while masked. Actually, we have the option of continuing to use -1 to disable the trigger, but by using another EventNotifier we can allow the MSI-X core to emulate pending bits and re-fire the vector once unmasked. MSI code gets updated as well to use the same setup and teardown structures and functions. Prior to this change, an igbvf assigned to a RHEL5 guest gets about 20Mbps and 50 transactions/s with netperf (remote or VF->PF). With this change, we get line rate and 3k transactions/s remote or 2Gbps and 6k+ transactions/s to the PF. No significant change is expected for newer guests with more well behaved MSI-X support. Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-06-30vfio-pci: Fix MSI/X debug codeAlex Williamson
Use the correct MSI message function for debug info. Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-06-27vfio: Enable for SPAPRAlexey Kardashevskiy
This turns the sPAPR support on and enables VFIO container use in the kernel. This extends vfio_connect_container to support VFIO_SPAPR_TCE_IOMMU type in the host kernel. This registers a memory listener which sPAPR IOMMU will notify when executing H_PUT_TCE/etc DMA calls. The listener then will notify the host kernel about DMA map/unmap operation via VFIO_IOMMU_MAP_DMA/ VFIO_IOMMU_UNMAP_DMA ioctls. This executes VFIO_IOMMU_ENABLE ioctl to make sure that the IOMMU is free of mappings and can be exclusively given to the user. At the moment SPAPR is the only platform requiring this call to be implemented. Note that the host kernel function implementing VFIO_IOMMU_DISABLE is called automatically when container's fd is closed so there is no need to call it explicitly from QEMU. We may need to call VFIO_IOMMU_DISABLE explicitly in the future for some sort of dynamic reconfiguration (PCI hotplug or dynamic IOMMU group management). Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-27vfio: Add vfio_container_ioctl()Alexey Kardashevskiy
While most operations with VFIO IOMMU driver are generic and used inside vfio.c, there are still some operations which only specific VFIO IOMMU drivers implement. The first example of it will be reading a DMA window start from the host. This adds a helper which passes an ioctl request to the container's fd. The helper will check if @req is known. For this, stub is added. This return -1 on any requests for now. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Acked-by: Alex Williamson <alex.williamson@redhat.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-06-23qapi event: convert GUEST_PANICKEDWenchao Xia
'monitor.h' is still included in target-s390x/kvm.c, since I have no good way to verify whether other code need it on my x86 host. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-16macio: Fix timer endiannessAlexander Graf
The timer registers on our KeyLargo macio emulation are read as byte reversed from the big endian guest, so we better expose them endian reversed as well. This fixes initial hickups of booting Mac OS X with -M mac99 for me. Signed-off-by: Alexander Graf <agraf@suse.de> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-06-16macio ide: Do remainder access asynchronouslyAlexander Graf
The macio IDE controller has some pretty nasty magic in its implementation to allow for unaligned sector accesses. We used to handle these accesses synchronously inside the IO callback handler. However, the block infrastructure changed below our feet and now it's impossible to call a synchronous block read/write from the aio callback handler of a previous block access. Work around that limitation by making the unaligned handling bits also go through our asynchronous handler. This fixes booting Mac OS X for me. Reported-by: John Arbuckle <programmingkidx@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-05-30vfio: Add guest side IOMMU supportDavid Gibson
This patch uses the new IOMMU notifiers to allow VFIO pass through devices to work with guest side IOMMUs, as long as the host-side VFIO iommu has sufficient capability and granularity to match the guest side. This works by tracking all map and unmap operations on the guest IOMMU using the notifiers, and mirroring them into VFIO. There are a number of FIXMEs, and the scheme involves rather more notifier structures than I'd like, but it should make for a reasonable proof of concept. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-05-30vfio: Create VFIOAddressSpace objects as neededDavid Gibson
So far, VFIO has a notion of different logical DMA address spaces, but only ever uses one (system memory). This patch extends this, creating new VFIOAddressSpace objects as necessary, according to the AddressSpace reported by the PCI subsystem for this device's DMAs. This isn't enough yet to support guest side IOMMUs with VFIO, but it does mean we could now support VFIO devices on, for example, a guest side PCI host bridge which maps system memory at somewhere other than 0 in PCI space. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-05-30vfio: Introduce VFIO address spacesDavid Gibson
The only model so far supported for VFIO passthrough devices is the model usually used on x86, where all of the guest's RAM is mapped into the (host) IOMMU and there is no IOMMU visible in the guest. This patch begins to relax this model, introducing the notion of a VFIOAddressSpace. This represents a logical DMA address space which will be visible to one or more VFIO devices by appropriate mapping in the (host) IOMMU. Thus the currently global list of containers becomes local to a VFIOAddressSpace, and we verify that we don't attempt to add a VFIO group to multiple address spaces. For now, only one VFIOAddressSpace is created and used, corresponding to main system memory, that will change in future patches. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-05-30vfio: Rework to have error pathsAlexey Kardashevskiy
This reworks vfio_connect_container() and vfio_get_group() to have common exit path at the end of the function bodies. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-05-30vfio: Fix 128 bit handlingAlexey Kardashevskiy
Upcoming VFIO on SPAPR PPC64 support will initialize the IOMMU memory region with UINT64_MAX (2^64 bytes) size so int128_get64() will assert. The patch takes care of this check. The existing type1 IOMMU code is not expected to map all 64 bits of RAM so the patch does not touch that part. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-05-30vfio-pci: Quirk RTL8168 NICAlex Williamson
This device is ridiculous. It has two MMIO BARs, BAR4 and BAR2. BAR4 hosts the MSI-X table, so oviously it would be too easy to access it directly, instead it creates a window register in BAR2 that, among other things, provides access to the MSI-X table. This means MSI-X doesn't work in the guest because the driver actually manages to program the physical table. When interrupt remapping is present, the device MSI will be blocked. The Linux driver doesn't make use of this window, so apparently it's not required to make use of MSI-X. This quirk makes the device work with the Windows driver that does use this window for MSI-X, but I certainly cannot recommend this device for assignment (the Windows 7 driver also constantly pokes PCI config space). Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-05-24lm32: remove lm32_sysMichael Walle
Since we have now semihosting on the lm32 target, this device is no longer needed. Remove it. Signed-off-by: Michael Walle <michael@walle.cc>
2014-05-15Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140515' ↵Peter Maydell
into staging migration/next for 20140515 # gpg: Signature made Thu 15 May 2014 02:32:25 BST using RSA key ID 5872D723 # gpg: Can't check signature: public key not found * remotes/juanquintela/tags/migration/20140515: usb: fix up post load checks migration: show average throughput when migration finishes savevm: Remove all the unneeded version_minimum_id_old (rest) savevm: Remove all the unneeded version_minimum_id_old (usb) Split ram_save_block arch_init: Simplify code for load_xbzrle() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-14savevm: Remove all the unneeded version_minimum_id_old (rest)Juan Quintela
After previous Peter patch, they are redundant. This way we don't assign them except when needed. Once there, there were lots of case where the ".fields" indentation was wrong: .fields = (VMStateField []) { and .fields = (VMStateField []) { Change all the combinations to: .fields = (VMStateField[]){ The biggest problem (appart from aesthetics) was that checkpatch complained when we copy&pasted the code from one place to another. Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-13hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFOPeter Maydell
In fill_prefetch_fifo(), if the device we are reading from is 16 bit, then we must not try to transfer an odd number of bytes into the FIFO. This could otherwise have resulted in our overrunning the prefetch.fifo array by one byte. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2014-05-13savevm: Remove all the unneeded version_minimum_id_old (arm)Juan Quintela
After commit 767adce2d, they are redundant. This way we don't assign them except when needed. Once there, there were lots of cases where the ".fields" indentation was wrong: .fields = (VMStateField []) { and .fields = (VMStateField []) { Change all the combinations to: .fields = (VMStateField[]){ The biggest problem (apart from aesthetics) was that checkpatch complained when we copy&pasted the code from one place to another. Signed-off-by: Juan Quintela <quintela@redhat.com> [PMM: fixed minor conflict, corrected commit message typos] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-05qom: Clean up fragile use of error_is_set() in set() methodsMarkus Armbruster
Using error_is_set(ERRP) to find out whether a function failed is either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP may be null, because errors go undetected when it is. It's fragile when proving ERRP non-null involves a non-local argument. Else, it's unnecessarily opaque (see commit 84d18f0). I guess the error_is_set(errp) in the ObjectProperty set() methods are merely fragile right now, because I can't find a call chain that passes a null errp argument. Make the code more robust and more obviously correct: receive the error in a local variable, then propagate it through the parameter. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-04-25qerror.h: Remove QERR defines that are only used onceCole Robinson
Just hardcode them in the callers Cc: Luiz Capitulino <lcapitulino@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Signed-off-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-04-17misc: zynq_slcr: Make DB_PRINTs always compilePeter Crosthwaite
Change the DB_PRINT macro over to a regular if() rather than conditional compilation to give constant compile testing of formats. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 942477847353c5cff5f45a228cc88c633dc012f3.1396503037.git.peter.crosthwaite@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17misc: zynq_slcr: Convert SBD::init to object initPeter Crosthwaite
To bring it up to date with styling guidelines. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 2e837af80a18216c21e73241032e048f39d78b99.1396503037.git.peter.crosthwaite@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17misc: zynq-slcr: RewritePeter Crosthwaite
Near total rewrite of this device model. It is stylistically obsolete, has numerous coverity fails and is not up to date with latest Xilinx documentation. Fix. The registers are flattened into a single array. This greatly simplifies the MMIO accessor functions. We take the oppurtunity to update the register Macro definitions to match the latest TRM. Xilinx has de-documented some regs hence there are some straight deletions. We only do this however in the case or a stock read-as-written reset-zero register. Non-zero resets are always preserved. New register definitions are added as needed. This all comes with a VMSD version break as the union layout from before was a bit strange and we are better off without it. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 3aa016167b352ed224666909217137285fd3351d.1396503037.git.peter.crosthwaite@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-31tmp105: Read temperature in milli-celsiusPaolo Bonzini
Right now, the temperature property must be written in milli-celsius, but it reads back the value in 8.8 fixed point. Fix this by letting the property read back the original value (possibly rounded). Also simplify the code that does the conversion. Before: (QEMU) qom-set path=/machine/peripheral/sensor property=temperature value=20000 {u'return': {}} (QEMU) qom-get path=sensor property=temperature {u'return': 5120} After: (QEMU) qom-set path=/machine/peripheral/sensor property=temperature value=20000 {u'return': {}} (QEMU) qom-get path=sensor property=temperature {u'return': 20000} Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-25vfio: Cosmetic error reporting fixesAlex Williamson
* Remove terminating newlines from hw_error() and error_report() calls * Fix cut-n-paste error in text (s/to/from/) Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-03-25vfio: Correction in vfio_rom_read when attempting rom loadingBandan Das
commit e638073c569e801ce9de added a flag to track whether a previous rom read had failed. Accidentally, the code ended up adding vfio_load_option_rom twice. (Thanks to Alex for spotting it) Signed-off-by: Bandan Das <bsd@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-03-12misc/max111x: QOM casting sweepPeter Crosthwaite
Define and use QOM cast macro. Removes some usages of legacy casting systems. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> [AF: Rename parent field] Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12misc/max111x: Create abstract max111x typePeter Crosthwaite
Create an abstract class that encompasses both max111x variants. This is needed for QOM cast macro creation (and is the right thing to do anyway). Macroify type-names in the process. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12ssi: Convert legacy SSI_SLAVE -> DEVICE castsPeter Crosthwaite
Convert legacy ->qdev style casts from TYPE_SSI_SLAVE to TYPE_DEVICE. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> [AF: Introduce local DeviceState variable for transition to QOM realize] Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-02-27Merge remote-tracking branch ↵Peter Maydell
'remotes/awilliam/tags/vfio-pci-for-qemu-20140226.0' into staging Updates include: - Coverify fixes for vfio & pci-assign (Markus) - VFIO blacklisting support for known brokwn PCI option ROMs (Bandan) # gpg: Signature made Wed 26 Feb 2014 18:15:28 GMT using RSA key ID 3BB08B22 # gpg: Can't check signature: public key not found * remotes/awilliam/tags/vfio-pci-for-qemu-20140226.0: vfio: blacklist loading of unstable roms qdev-monitor: set DeviceState opts before calling realize pci-assign: Fix potential read beyond buffer on -EBUSY vfio: Fix overrun after readlink() fills buffer completely Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-26vfio: blacklist loading of unstable romsBandan Das
Certain cards such as the Broadcom BCM57810 have rom quirks that exhibit unstable system behavior duing device assignment. In the particular case of 57810, rom execution hangs and if a FLR follows, the device becomes inoperable until a power cycle. This change blacklists loading of rom for such cards unless the user specifies a romfile or rombar=1 on the cmd line Signed-off-by: Bandan Das <bsd@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-02-26vfio: Fix overrun after readlink() fills buffer completelyMarkus Armbruster
readlink() returns the number of bytes written to the buffer, and it doesn't write a terminating null byte. vfio_init() writes it itself. Overruns the buffer when readlink() filled it completely. Fix by treating readlink() filling the buffer completely as error, like we do in pci-assign.c's assign_failed_examine(). Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-02-26hw/misc/arm_sysctl: Fix bad boundary check on mb clock accessesPeter Maydell
Fix incorrect use of sizeof() rather than ARRAY_SIZE() to guard accesses into the mb_clock[] array, which was allowing a malicious guest to overwrite the end of the array. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Message-id: 1392647854-8067-2-git-send-email-peter.maydell@linaro.org Cc: qemu-stable@nongnu.org
2014-02-14qdev: Remove hex8/32/64 property typesPaolo Bonzini
Replace them with uint8/32/64. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-02-11Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20140208' into staging target-arm queue: * more A64 Neon instructions * AArch32 VCVTB and VCVTT ARMv8 instructions * fixes to inaccuracies in GIC emulation * libvixl disassembler for A64 * Allwinner SoC ethernet controller * zynq software system reset support # gpg: Signature made Sat 08 Feb 2014 15:53:05 GMT using RSA key ID 14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" * remotes/pmaydell/tags/pull-target-arm-20140208: (29 commits) arm/zynq: Add software system reset via SCLR hw/arm/allwinner-a10: initialize EMAC hw/net: add support for Allwinner EMAC Fast Ethernet controller util/fifo8: clear fifo head upon reset util/fifo8: implement push/pop of multiple bytes disas: Implement disassembly output for A64 disas/libvixl: Fix upstream libvixl compilation issues disas: Add subset of libvixl sources for A64 disassembler rules.mak: Link with C++ if we have a C++ compiler rules.mak: Support .cc as a C++ source file suffix arm_gic: Add GICC_APRn state to the GICState vmstate: Add uint32 2D-array support arm_gic: Support setting/getting binary point reg arm_gic: Keep track of SGI sources arm_gic: Fix GIC pending behavior target-arm: Add support for AArch32 64bit VCVTB and VCVTT target-arm: A64: Add FNEG and FABS to the SIMD 2-reg-misc group target-arm: A64: Add 2-reg-misc REV* instructions target-arm: A64: Add narrowing 2-reg-misc instructions target-arm: A64: Implement 2-reg-misc CNT, NOT and RBIT ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-08arm/zynq: Add software system reset via SCLRSebastian Huber
Support software-driven system reset via the register in the SCLR. Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-02-04lm32_sys: dump cpu state if test case failsMichael Walle
This will ease debugging the test cases. Signed-off-by: Michael Walle <michael@walle.cc>