aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2017-01-20hw/intc/arm_gic: Add external IRQ lines for VIRQ and VFIQPeter Maydell
Augment the GIC's QOM device interface by adding two new sets of sysbus IRQ lines, to signal VIRQ and VFIQ to each CPU. We never use these, but it's helpful to keep the v2-and-earlier GIC's external interface in line with that of the GICv3 to avoid board code having to add extra code conditional on which version of the GIC is in use. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1483977924-14522-3-git-send-email-peter.maydell@linaro.org
2017-01-20hw/intc/arm_gicv3: Add external IRQ lines for VIRQ and VFIQPeter Maydell
Augment the GICv3's QOM device interface by adding two new sets of sysbus IRQ lines, to signal VIRQ and VFIQ to each CPU. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: 1483977924-14522-2-git-send-email-peter.maydell@linaro.org
2017-01-20hw/arm/virt-acpi - reserve ECAM space as PNP0C02 deviceArd Biesheuvel
Linux for arm64 v4.10 and later will complain if the ECAM config space is not reserved in the ACPI namespace: acpi PNP0A08:00: [Firmware Bug]: ECAM area [mem 0x3f000000-0x3fffffff] not reserved in ACPI namespace The rationale is that OSes that don't consume the MCFG table should still be able to infer that the PCI config space MMIO region is occupied. So update the ACPI table generation routine to add this reservation. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Message-id: 1484328738-21149-1-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20arm: virt: Fix segmentation fault when specifying an unsupported CPUShannon Zhao
Using -cpu cortex-a9 (or any other unsupported CPU) with the virt board will cause QEMU to segmentation fault. This bug was introduced in commit 9ac4ef77, which incorrectly added a NULL terminator when converting the VirtBoardInfo array into a simple array of strings defining the valid CPUs. The cpuname_valid() loop already has a termination condition based on ARRAY_SIZE, so the NULL is spurious and causes the strcmp() to segfault if we reach it. Delete the NULL. Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Message-id: 1484619334-10488-1-git-send-email-zhaoshenglong@huawei.com [PMM: expanded commit message] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20aspeed: use first FMC flash as a boot ROMCédric Le Goater
Create a ROM region, using the default size of the mapping window for the CE0 FMC flash module, and fill it with the flash content. This is a little hacky but until we can boot from a MMIO region, it seems difficult to do anything else. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Andrew Jeffery <andrew@aj.id.au> Message-id: 1483979087-32663-11-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20aspeed/smc: handle SPI flash Command modeCédric Le Goater
The Aspeed SMC controllers have a mode (Command mode) in which accesses to the flash content are no different than doing MMIOs. The controller generates all the necessary commands to load (or store) data in memory. However, accesses are restricted to the segment window assigned the the flash module by the controller. This window is defined by the Segment Address Register. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Andrew Jeffery <andrew@aj.id.au> Message-id: 1483979087-32663-8-git-send-email-clg@kaod.org [PMM: Deleted now-unused aspeed_smc_is_usermode() function] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20aspeed/smc: adjust the size of the register regionCédric Le Goater
The SPI controller of the AST2400 SoC has less registers. So we can adjust the size of the memory region holding the registers depending on the controller type. We can also remove the guest_error logging which is useless as the range of the region is strict enough. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Joel Stanley <joel@jms.id.au> Message-id: 1483979087-32663-7-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20aspeed/smc: unfold the AspeedSMCController arrayCédric Le Goater
This is getting difficult to read. Also add a 'has_dma' field for each controller type. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Andrew Jeffery <andrew@aj.id.au> Message-id: 1483979087-32663-6-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20aspeed/smc: autostrap CE0/1 configurationCédric Le Goater
On the AST2500 SoC, the FMC controller flash type is fixed to SPI for CE0 and CE1 and 4BYTE mode is autodetected for CE0. On the AST2400 SoC, the FMC controller flash type and 4BYTE mode are strapped with register SCU70. We use the default settings from the palmetto-bmc machine for now. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Andrew Jeffery <andrew@aj.id.au> Message-id: 1483979087-32663-5-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20aspeed/smc: rework the prototype of the AspeedSMCFlash helper routinesCédric Le Goater
Change the routines prototype to use a 'AspeedSMCFlash *' instead of 'AspeedSMCState *'. The result will help in making future changes clearer. Also change aspeed_smc_update_cs() which uselessly loops on all slave devices to update their status. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Andrew Jeffery <andrew@aj.id.au> Message-id: 1483979087-32663-4-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20aspeed/smc: remove call to aspeed_smc_update_cs() in reset functionCédric Le Goater
Instead, we can simply set the irq level when unselecting the slave devices. This change prepares ground for a subsequent cleanup of the aspeed_smc_update_cs() routine which uselessly loops on all slaves to update their status. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-id: 1483979087-32663-3-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20aspeed/smc: remove call to reset in realize functionCédric Le Goater
This is useless as reset will be called later on. Signed-off-by: Cédric Le Goater <clg@kaod.org> Acked-by: Marcin Krzemiński <mar.krzeminski@gmail.com> Message-id: 1483979087-32663-2-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20block: m25p80: Improve 1GiB Micron flash definitionMarcin Krzeminski
n25q00 and mt25q01 devices share the same JEDEC ID. The difference between those two devices is number of dies and one bit in extended JEDEC bytes. This commit adds proper entry for both devices by introduction the number of dies and and new 25q00 entries. Signed-off-by: Marcin Krzeminski <mar.krzeminski@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20170108083854.5006-4-mar.krzeminski@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20block: m25p80: Introduce die erase commandMarcin Krzeminski
Modern big flash NOR devices consist of more than one die. Some of them do not support chip erase and instead have a die erase command that can erase one die only. This commit adds support for defining the number of dies in the chip, and adds support for die erase command. The NOR flash model is not strict, so no option to disable chip erase has been added. Signed-off-by: Marcin Krzeminski <mar.krzeminski@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20170108083854.5006-3-mar.krzeminski@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20block: m25p80: Add Quad Page Program 4byteMarcin Krzeminski
Some flash chips have additional page program opcode that takes only 4 byte address. This commit adds support for such command in Qemu. Signed-off-by: Marcin Krzeminski <mar.krzeminski@gmail.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20170108083854.5006-2-mar.krzeminski@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20arm: Uniquely name imx25 I2C buses.Alastair D'Silva
The imx25 chip provides 3 i2c buses, but they have all been named "i2c", which makes it difficult to predict which bus a device will be connected to when specified on the command line. This patch addresses the issue by naming the buses uniquely: i2c-bus.0 i2c-bus.1 i2c-bus.2 Signed-off-by: Alastair D'Silva <alastair@d-silva.org> Message-id: 20170105043430.3176-2-alastair@au1.ibm.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-20virtio-ccw: fix ring sizingMichael S. Tsirkin
Current code seems to assume ring size is always decreased but this is not required by spec: what spec says is just that size can not exceed the maximum. Fix it up. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <1484256243-1982-1-git-send-email-mst@redhat.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-20s390x/pci: merge msix init functionsYi Min Zhao
Currently there're two functions, s390_pci_setup_msix() and s390_pci_msix_init(), for msix initialization, and being called once for each zpci device plugging. Let's integrate them. Moreover msix is mandatory in s390 architecture. So we ensure the pci device being plugged supports msix. For vfio (which is the only tested setup so far), nothing changes. Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com> Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-20s390x/pci: handle PCIBridge bus numberPierre Morel
The PCI bus number is usually set by the host during the enumeration. In the s390 architecture we neither get a Device Tree nor have an enumeration understanding bridge devices. Let's fake the enumeration on reset and set the PCI_PRIMARY_BUS, PCI_SECONDARY_BUS and PCI_SUBORDINATE_BUS config entries for the bridges. Let's add the configuration of these three config entries on bridge hot plug. The bus number is calculated based on a new entry, bus_num of the S390pciState device. This commit is inspired by what spapr pci does. Signed-off-by: Pierre Morel <pmorel@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-20s390x/pci: use hashtable to look up zpci via fhYi Min Zhao
After PCI multibus is supported, more than 32 PCI devices could be plugged. The current implementation of s390_pci_find_dev_by_fh() appears low performance if there's a huge number of PCI devices plugged. Therefore we introduce a hashtable using idx as key to store zpci device's pointer on account of translating fh to idx very easily. Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com> Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-20s390x/pci: PCI multibus bridge handlingPierre Morel
When the hotplug handler detects a PCI bridge, the secondary bus has been initialized by the core PCI code. We give the secondary bus the bridge name and associate to it the IOMMU handling and hotplug/hotunplug callbacks. Signed-off-by: Pierre Morel <pmorel@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-20s390x/pci: optimize calling s390_get_phb()Yi Min Zhao
A function may recursively call device search functions or may call serveral different device search function. Passing the S390pciState to search functions as an argument instead of looking up it inside the search functions lowers the number of calling s390_get_phb(). Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com> Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-20s390x/pci: change the device array to a listPierre Morel
In order to support a greater number of devices we use a QTAILQ list of devices instead of a limited array. This leads us to change: - every lookup function s390_pci_find_xxx() for QTAILQ - the FH_MASK_INDEX to index up to 65536 devices Signed-off-by: Pierre Morel <pmorel@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-20s390x/pci: dynamically allocate iommuYi Min Zhao
When initializing a PCI device, an address space is required during PCI core initialization and before the call to the embedding object hotplug callback. To provide this AS, we allocate a S390PCIIOMMU object containing this AS. Initialization of S390PCIIOMMU object is done before the PCI device is completely created. So that we cannot associate the IOMMU with the device at the moment. To track the IOMMU object, we use g_hash functions with the PCI device's bus address as a key to provide an array of pointers indexed by the PCI device's devfn to the allocated IOMMU. Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com> Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-20s390x/pci: make S390PCIIOMMU inherit ObjectYi Min Zhao
Currently S390PCIIOMMU is a normal struct. Let's make it inherit Object in order to take advantage of QOM. In addition, we move some stuff related to IOMMU from S390PCIBusDevice to S390PCIIOMMU. Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com> Acked-by: Pierre Morel <pmorel@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-20s390x/kvm: use kvm_gsi_routing_enabled in flicFei Li
Let's use kvm_gsi_routing_enabled() to check if kvm supports KVM_CAP_IRQ_ROUTING in order to avoid a needless ioctl invocation. Signed-off-by: Fei Li <sherrylf@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-20s390x: add compat machine for 2.9Cornelia Huck
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
2017-01-20s390x: remove double compat statementChristian Borntraeger
We chain our compat handler via the CCW_COMPAT macros and via the class_init function. (e.g. ccw_machine_2_7_class_options calls ccw_machine_2_8_class_options). As all class_init functions in that chain call SET_MACHINE_COMPAT for their compat settings, and SET_MACHINE_COMPAT will append there is no need to do that again. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-20hw/pci: use-after-free in pci_nic_init_nofail when nic device fails to ↵Alex Kompel
initialize object_property_set_bool(OBJECT(dev), true, "realized", &err) in pci_nic_init_nofail may release the object if device fails to initialize which leads to use-after-free in error handling block. qdev_init_nofail does the same thing while holding the reference. (gdb) run -net nic qemu-system-x86_64: failed to find romfile "efi-e1000.rom" Program received signal SIGSEGV, Segmentation fault. object_unparent (obj=0x7fffe96a0010) at qom/object.c:440 440 in qom/object.c (gdb) bt <nd_table>, rootbus=0x5555567ed990, default_model=<optimized out>, default_devaddr=<optimized out>) at hw/pci/pci.c:1812 pci_bus=0x5555567ed990) at hw/i386/pc.c:1634 pci_type=0x555555c1a523 "i440FX", host_type=0x555555ba564e "i440FX-pcihost") at hw/i386/pc_piix.c:241 out>, envp=<optimized out>) at vl.c:4481 Signed-off-by: Alex Kompel <barbos@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-01-20hw/net/dp8393x: Avoid unintentional sign extensions on addressesPeter Maydell
The dp8393x has several 32-bit values which are formed by concatenating two 16 bit device register values. Attempting to do these inline with ((s->reg[HI] << 16) | s->reg[LO]) can result in an unintended sign extension because "x << 16" is of type 'int' even though s->reg is unsigned, and so if the expression is used in a context where it is cast to uint64_t the value is incorrectly sign-extended. Fix this by using accessor functions with a uint32_t return type; this also makes the code a bit easier to read. This should fix Coverity issues 1307765, 1307766, 1307767, 1307768. (To avoid having a ctda read function only used in a DPRINTF, we move the DPRINTF down slightly so it can use the ttda function.) Reviewed-by: Laurent Vivier <laurent@vivier.eu> Tested-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-01-20m68k: QOMify the MCF Fast Ethernet Controller deviceThomas Huth
When running qemu-system-m68k with the "-net" parameter (for example simply "-net nic -net user"), there is currently a confusing warning message saying: Warning: requested NIC (anonymous, model mcf_fec) was not created (not supported by this machine?) This seems to happen because the MCF NIC has never been adapted to the currently expected QEMU device behavior. Thus let's QOMify the NIC now to get rid of the warning message. Signed-off-by: Thomas Huth <huth@tuxfamily.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-01-19Plumb the HAXM-based hardware acceleration supportVincent Palatin
Use the Intel HAX is kernel-based hardware acceleration module for Windows (similar to KVM on Linux). Based on the "target/i386: Add Intel HAX to android emulator" patch from David Chou <david.j.chou@intel.com> Signed-off-by: Vincent Palatin <vpalatin@chromium.org> Message-Id: <7b9cae28a0c379ab459c7a8545c9a39762bd394f.1484045952.git.vpalatin@chromium.org> [Drop hax_populate_ram stub. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-01-19kvm: move cpu synchronization codeVincent Palatin
Move the generic cpu_synchronize_ functions to the common hw_accel.h header, in order to prepare for the addition of a second hardware accelerator. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Vincent Palatin <vpalatin@chromium.org> Message-Id: <f5c3cffe8d520011df1c2e5437bb814989b48332.1484045952.git.vpalatin@chromium.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-01-19virtio: force VIRTIO_F_IOMMU_PLATFORMJason Wang
We allow vhost to clear VIRITO_F_IOMMU_PLATFORM which is wrong since VIRTIO_F_IOMMU_PLATFORM is mandatory for security. Fixing this by enforce it after vdc->get_features(). Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-01-19virtio: fix up max size checksMichael S. Tsirkin
Coverity reports that ARRAY_SIZE(elem->out_sg) (and all the others too) is wrong because elem->out_sg is a pointer. However, the check is not in the right place and the max_size argument of virtqueue_map_iovec can be removed. The check on in_num/out_num should be moved to qemu_get_virtqueue_element instead, before the call to virtqueue_alloc_element. Cc: qemu-stable@nongnu.org Reported-by: Paolo Bonzini <pbonzini@redhat.com> Fixes: 3724650db07057333879484c8bc7d900b5c1bf8e ("virtio: introduce virtqueue_alloc_element") Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-01-18target-sparc: fix up niagara machineArtyom Tarasenko
Remove the Niagara stub implementation from sun4u.c and add a machine, compatible with Legion simulator from the OpenSPARC T1 project. The machine uses the firmware supplied with the OpenSPARC T1 project, http://download.oracle.com/technetwork/systems/opensparc/OpenSPARCT1_Arch.1.5.tar.bz2 in the directory S10image/, and is able to boot the supplied Solaris 10 image. Note that for compatibility with the naming conventions for SPARC machines the new machine name is lowercase niagara. Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
2017-01-18target-sparc: move common cpu initialisation routines to sparc64.cArtyom Tarasenko
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
2017-01-18target-sparc: implement sun4v RTCArtyom Tarasenko
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
2017-01-18virtio-mmio: switch to linux headersMichael S. Tsirkin
Switch to virtio_mmio.h from Linux - will make it easier to implement virtio 1. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-01-18virtio: drop an obsolete commentMichael S. Tsirkin
virtio core has code to revert queue number to maximum on reset. Drop TODO to add that. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-01-18fw-cfg: bump "x-file-slots" to 0x20 for 2.9+ machine typesLaszlo Ersek
More precisely, the "x-file-slots" count is bumped for all machine types that: (a) use fw_cfg, and (b) are not versioned (hence migration is not expected to work for them across QEMU releases anyway), or have version 2.9. This affects machine types implemented in the following source files: - "hw/arm/virt.c". The "virt-*" machine type is versioned, and the <= 2.8 versions already depend on HW_COMPAT_2_8 (see commit e353aac51b944). Therefore adding the "x-file-slots" compat values to HW_COMPAT_2_8 suffices. - "hw/i386/pc.c". The "pc-i440fx-*" (including "pc-*") and "pc-q35-*" machine types are versioned. Modifying HW_COMPAT_2_8 is sufficient here too (see commit "pc: Add 2.9 machine-types"). The "isapc" machtype is not versioned. The "xenfv" machine type, which uses fw_cfg for direct kernel booting, is also not versioned. - "hw/ppc/mac_newworld.c". The "mac99" machine type is not versioned. - "hw/ppc/mac_oldworld.c". The "g3beige" machine type is not versioned. - "hw/sparc/sun4m.c". None of the 9 machine types defined in this file appear versioned. - "hw/sparc64/sun4u.c". None of the 3 machine types defined in this file appear versioned. Cc: "Gabriel L. Somlo" <somlo@cmu.edu> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Alexander Graf <agraf@suse.de> Cc: Anthony Perard <anthony.perard@citrix.com> Cc: Artyom Tarasenko <atar4qemu@gmail.com> Cc: David Gibson <david@gibson.dropbear.id.au> Cc: Eduardo Habkost <ehabkost@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Stefano Stabellini <sstabellini@kernel.org> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Gabriel Somlo <somlo@cmu.edu> Tested-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
2017-01-18pc: Add 2.9 machine-typesEduardo Habkost
Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Gabriel Somlo <somlo@cmu.edu> Tested-by: Gabriel Somlo <somlo@cmu.edu> Cc: Gabriel Somlo <somlo@cmu.edu> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
2017-01-18fw-cfg: turn FW_CFG_FILE_SLOTS into a device propertyLaszlo Ersek
We'd like to raise the value of FW_CFG_FILE_SLOTS. Doing it naively could lead to problems with backward migration: a more recent QEMU (running an older machine type) would allow the guest, in fw_cfg_select(), to select a high key value that is unavailable in the same machine type implemented by the older (target) QEMU. On the target host, fw_cfg_data_read() for example could dereference nonexistent entries. As first step, size the FWCfgState.entries[*] and FWCfgState.entry_order arrays dynamically. All three array sizes will be influenced by the new field FWCfgState.file_slots (and matching device property). Make the following changes: - Replace the FW_CFG_FILE_SLOTS macro with FW_CFG_FILE_SLOTS_MIN (minimum count of fw_cfg file slots) in the header file. The value remains 0x10. - Replace all uses of FW_CFG_FILE_SLOTS with a helper function called fw_cfg_file_slots(), returning the new property. - Eliminate the macro FW_CFG_MAX_ENTRY, and replace all its uses with a helper function called fw_cfg_max_entry(). - In the MMIO- and IO-mapped realize functions both, allocate all three arrays dynamically, based on the new property. - The new property defaults to FW_CFG_FILE_SLOTS_MIN. This is going to be customized in the following patches. Cc: "Gabriel L. Somlo" <somlo@cmu.edu> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Gabriel Somlo <somlo@cmu.edu> Tested-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
2017-01-18fw-cfg: support writeable blobsMichael S. Tsirkin
Useful to send guest data back to QEMU. Changes from Laszlo Ersek <lersek@redhat.com>: - rebase the patch from Michael Tsirkin's original postings at [1] and [2] to the following patches: - loader: Allow a custom AddressSpace when loading ROMs - loader: Add AddressSpace loading support to uImages - loader: fix handling of custom address spaces when adding ROM blobs - reject such writes immediately that would exceed the end of the array, rather than performing a partial write before setting the error bit: see the (len != dma.length) condition - document the write interface [1] http://lists.nongnu.org/archive/html/qemu-devel/2016-02/msg04968.html [2] http://lists.nongnu.org/archive/html/qemu-devel/2016-03/msg02735.html Cc: "Gabriel L. Somlo" <somlo@cmu.edu> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Michael Walle <michael@walle.cc> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Shannon Zhao <zhaoshenglong@huawei.com> Cc: qemu-arm@nongnu.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Acked-by: Gabriel Somlo <somlo@cmu.edu> Tested-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
2017-01-18vhost_net: device IOTLB supportJason Wang
This patches implements Device IOTLB support for vhost kernel. This is done through: 1) switch to use dma helpers when map/unmap vrings from vhost codes 2) introduce a set of VhostOps to: - setting up device IOTLB request callback - processing device IOTLB request - processing device IOTLB invalidation 2) kernel support for Device IOTLB API: - allow vhost-net to query the IOMMU IOTLB entry through eventfd - enable the ability for qemu to update a specified mapping of vhost - through ioctl. - enable the ability to invalidate a specified range of iova for the device IOTLB of vhost through ioctl. In x86/intel_iommu case this is triggered through iommu memory region notifier from device IOTLB invalidation descriptor processing routine. With all the above, kernel vhost_net can co-operate with userspace IOMMU. For vhost-user, the support could be easily done on top by implementing the VhostOps. Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-01-18virtio: disable notifications again after poll succeededStefan Hajnoczi
While AioContext is in polling mode virtqueue notifications are not necessary. Some device virtqueue handlers enable notifications. Make sure they stay disabled to avoid unnecessary vmexits. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Richard Henderson <rth@twiddle.net> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-01-18Revert "virtio: turn vq->notification into a nested counter"Stefan Hajnoczi
This reverts commit aff8fd18f1786fc5af259a9bc0077727222f51ca. Both virtio-net and virtio-crypto do not balance virtio_queue_set_notification() enable and disable calls. This makes the notifications_disabled counter unreliable and Doug Goldstein reported the following assertion failure: #3 0x00007ffff44d1c62 in __GI___assert_fail ( assertion=assertion@entry=0x555555ae8e8a "vq->notification_disabled > 0", file=file@entry=0x555555ae89c0 "/home/doug/work/qemu/hw/virtio/virtio.c", line=line@entry=215, function=function@entry=0x555555ae9630 <__PRETTY_FUNCTION__.43707> "virtio_queue_set_notification") at assert.c:101 #4 0x00005555557f25d6 in virtio_queue_set_notification (vq=0x55555666aa90, enable=enable@entry=1) at /home/doug/work/qemu/hw/virtio/virtio.c:215 #5 0x00005555557dc311 in virtio_net_has_buffers (q=<optimized out>, q=<optimized out>, bufsize=102) at /home/doug/work/qemu/hw/net/virtio-net.c:1008 #6 virtio_net_receive (nc=<optimized out>, buf=0x555557386b88 "", size=102) at /home/doug/work/qemu/hw/net/virtio-net.c:1148 #7 0x00005555559cad33 in nc_sendv_compat (flags=<optimized out>, iovcnt=1, iov=0x7fffead746d0, nc=0x55555788b340) at net/net.c:705 #8 qemu_deliver_packet_iov (sender=<optimized out>, flags=<optimized out>, iov=0x7fffead746d0, iovcnt=1, opaque=0x55555788b340) at net/net.c:732 #9 0x00005555559cd929 in qemu_net_queue_deliver (size=<optimized out>, data=<optimized out>, flags=<optimized out>, sender=<optimized out>, queue=0x55555788b550) at net/queue.c:164 #10 qemu_net_queue_flush (queue=0x55555788b550) at net/queue.c:261 This patch is safe to revert since it's just an optimization for virtqueue polling. The next patch will improve the situation again without resorting to nesting. Reported-by: Doug Goldstein <cardoe@cardoe.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Richard Henderson <rth@twiddle.net> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-01-18virtio-net: enable ioeventfd even if vhost=offPaolo Bonzini
virtio-net-pci does not enable ioeventfd for historical reasons (and nobody ever checked whether it should be revisited). Note that other backends do enable ioeventfd for virtio-net. However, it has a major effect on performance. On Windows, throughput is _multiplied_ by 2 or 3 on TCP_STREAM (on small packets it is "only" a 30% improvement) and a little less so on TCP_MAERTS albeit still very much statistically significant. Latency also has a single digit improvement. This is not visible when using vhost, which forces ioeventfd=on, but it is substantial without vhost. In addition, also on Windows and with the RHEL 7.3 kernel, APICv seems to slow down virtio-net performance a bit, but the penalty with this patch goes from -25% to -7%. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-01-16x86: ioapic: fix fail migration when irqchip=splitPeter Xu
Split irqchip works based on the fact that we kept the first 24 gsi routing entries inside KVM for userspace ioapic's use. When system boot, we'll reserve these MSI routing entries before hand. However, after migration, we forgot to re-configure it up in the destination side. The result is, we'll get invalid gsi routing entries after migration (all empty), and we get interrupts with vector=0, then strange things happen, like keyboard hang. The solution is simple - we update them after migration, which is a one line fix. Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1483952153-7221-4-git-send-email-peterx@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-01-16x86: ioapic: dump version for "info ioapic"Peter Xu
Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1483952153-7221-3-git-send-email-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>