aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2018-08-24hw/misc/iotkit-secctl: Wire up registers for controlling MSCsPeter Maydell
The IoTKit does not have any Master Security Contollers itself, but it does provide registers in the secure privilege control block which allow control of MSCs in the external system. Add support for these registers. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180820141116.9118-13-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2018-08-24hw/misc/tz-msc: Model TrustZone Master Security ControllerPeter Maydell
Implement a model of the TrustZone Master Securtiy Controller, as documented in the Arm CoreLink SIE-200 System IP for Embedded TRM (DDI0571G): https://developer.arm.com/products/architecture/m-profile/docs/ddi0571/g The MSC is intended to sit in front of a device which can be a bus master (eg a DMA controller) and programmably gate its transactions. This allows a bus-mastering device to be controlled by non-secure code but still restricted from making accesses to addresses which are secure-only. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180820141116.9118-12-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2018-08-24hw/misc/iotkit: Wire up the sysctl and sysinfo register blocksPeter Maydell
Wire up the system control element's register banks (sysctl and sysinfo). This is the last of the previously completely unimplemented components in the IoTKit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180820141116.9118-11-peter.maydell@linaro.org
2018-08-24hw/misc/iotkit-sysinfo: Implement IoTKit system information blockPeter Maydell
Implement the IoTKit system control element's system information block; this is just a pair of read-only version/config registers, plus the usual PID/CID ID registers. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180820141116.9118-10-peter.maydell@linaro.org
2018-08-24hw/misc/iotkit-sysctl: Implement IoTKit system control elementPeter Maydell
The Arm IoTKit includes a system control element which provides a block of read-only ID registers and a block of read-write control registers. Implement a minimal version of this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180820141116.9118-9-peter.maydell@linaro.org
2018-08-24hw/arm/iotkit: Wire up the S32KTIMERPeter Maydell
The IoTKit has a CMSDK timer device that runs on the S32KCLK. Create this and wire it up. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180820141116.9118-8-peter.maydell@linaro.org
2018-08-24hw/arm/iotkit: Wire up the watchdogsPeter Maydell
The IoTKit includes three different instances of the CMSDK APB watchdog; create and wire them up. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180820141116.9118-7-peter.maydell@linaro.org
2018-08-24hw/arm/mps2: Wire up dual-timer in mps2-an385 and mps2-an511Peter Maydell
The MPS2 FPGA images for the Cortex-M3 (mps2-an385 and mps2-511) both include a CMSDK dual-timer module. Wire this up. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180820141116.9118-6-peter.maydell@linaro.org
2018-08-24hw/arm/iotkit: Wire up the dualtimerPeter Maydell
Now we have a model of the CMSDK dual timer, we can wire it up in the IoTKit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180820141116.9118-5-peter.maydell@linaro.org
2018-08-24hw/timer/cmsdk-apb-dualtimer: Implement CMSDK dual timer modulePeter Maydell
The Arm Cortex-M System Design Kit includes a "dual-input timer module" which combines two programmable down-counters. Implement a model of this device. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180820141116.9118-4-peter.maydell@linaro.org
2018-08-24hw/misc/mps2-fpgaio: Implement PSCNTR and COUNTERPeter Maydell
In the MPS2 FPGAIO, PSCNTR is a free-running downcounter with a reload value configured via the PRESCALE register, and COUNTER counts up by 1 every time PSCNTR reaches zero. Implement these counters. We can just increment the counters migration subsection's version ID because we only added it in the previous commit, so no released QEMU versions will be using it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180820141116.9118-3-peter.maydell@linaro.org
2018-08-24hw/misc/mps2-fpgaio: Implement 1Hz and 100Hz countersPeter Maydell
The MPS2 FPGAIO block includes some simple free-running counters. Implement these. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180820141116.9118-2-peter.maydell@linaro.org
2018-08-24hw/arm/boot: AArch32 kernels should be started in Hyp mode if availablePeter Maydell
The kernel booting specification for an AArch32 kernel requires that it is booted in Hyp mode if available; otherwise the kernel can't enable KVM. We were incorrectly leaving the kernel in SVC mode. If we're booting an AArch32 kernel in the Nonsecure state and Hyp mode is available, start in it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180820153020.21478-7-peter.maydell@linaro.org
2018-08-24hw/arm/vexpress: Add "virtualization" property controlling presence of EL2Peter Maydell
Add a "virtualization" property to the vexpress-a15 board, controlling presence of EL2. As with EL3, we default to enabling it, but the user can disable it if they have an older guest which can't cope with it being present. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180821132811.17675-10-peter.maydell@linaro.org
2018-08-24hw/arm/vexpress: Don't set info->secure_boot if CPU doesn't have EL3Peter Maydell
Don't request that the arm_load_kernel() code should boot in secure state if the CPU doesn't have a secure state. Currently this doesn't make a difference because the boot.c code only examines the secure_boot flag in code guarded by an ARM_FEATURE_EL3 check, but upcoming changes for supporting booting into Hyp mode will change that. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180821132811.17675-9-peter.maydell@linaro.org
2018-08-24hw/cpu/a15mpcore: If CPU has EL2, enable it on the GIC and wire it upPeter Maydell
For the A15MPCore internal peripheral object, we handle GIC security extensions support by checking whether the CPUs have EL3 enabled; if so then we enable it also on the GIC. Handle the virtualization extensions in the same way: if the CPU has EL2 then enable it on the GIC and wire up the virtualization-specific memory regions and the maintenance interrupt. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180821132811.17675-8-peter.maydell@linaro.org
2018-08-24hw/arm/fsl-imx6ul: Connect VIRQ and VFIQPeter Maydell
Connect the VIRQ and VFIQ lines from the GIC to the CPU; these exist always for both CPU and GIC whether the virtualization extensions are enabled or not, so we can just unconditionally connect them. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180821132811.17675-7-peter.maydell@linaro.org
2018-08-24hw/arm/fsl-imx6ul: Connect VIRQ and VFIQPeter Maydell
Connect the VIRQ and VFIQ lines from the GIC to the CPU; these exist always for both CPU and GIC whether the virtualization extensions are enabled or not, so we can just unconditionally connect them. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180821132811.17675-6-peter.maydell@linaro.org
2018-08-24hw/arm/highbank: Connect VIRQ and VFIQPeter Maydell
Connect the VIRQ and VFIQ lines from the GIC to the CPU; these exist always for both CPU and GIC whether the virtualization extensions are enabled or not, so we can just unconditionally connect them. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180821132811.17675-5-peter.maydell@linaro.org
2018-08-24hw/arm/vexpress: Connect VIRQ and VFIQPeter Maydell
Connect the VIRQ and VFIQ lines from the GIC to the CPU; these exist always for both CPU and GIC whether the virtualization extensions are enabled or not, so we can just unconditionally connect them. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180821132811.17675-4-peter.maydell@linaro.org
2018-08-24hw/intc/arm_gic: Make per-cpu GICH memory regions 0x200 bytes largePeter Maydell
Reduce the size of the per-cpu GICH memory regions from 0x1000 to 0x200. The registers only cover 0x200 bytes, and the Cortex-A15 wants to map them at a spacing of 0x200 bytes apart. Having the region be too large interferes with mapping them like that, so reduce it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180821132811.17675-3-peter.maydell@linaro.org
2018-08-23Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* x86 TCG fixes for 64-bit call gates (Andrew) * qumu-guest-agent freeze-hook tweak (Christian) * pm_smbus improvements (Corey) * Move validation to pre_plug for pc-dimm (David) * Fix memory leaks (Eduardo, Marc-André) * synchronization profiler (Emilio) * Convert the CPU list to RCU (Emilio) * LSI support for PPR Extended Message (George) * vhost-scsi support for protection information (Greg) * Mark mptsas as a storage device in the help (Guenter) * checkpatch tweak cherry-picked from Linux (me) * Typos, cleanups and dead-code removal (Julia, Marc-André) * qemu-pr-helper support for old libmultipath (Murilo) * Annotate fallthroughs (me) * MemoryRegionOps cleanup (me, Peter) * Make s390 qtests independent from libqos, which doesn't actually support it (me) * Make cpu_get_ticks independent from BQL (me) * Introspection fixes (Thomas) * Support QEMU_MODULE_DIR environment variable (ryang) # gpg: Signature made Thu 23 Aug 2018 17:46:30 BST # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (69 commits) KVM: cleanup unnecessary #ifdef KVM_CAP_... target/i386: update MPX flags when CPL changes i2c: pm_smbus: Add the ability to force block transfer enable i2c: pm_smbus: Don't delay host status register busy bit when interrupts are enabled i2c: pm_smbus: Add interrupt handling i2c: pm_smbus: Add block transfer capability i2c: pm_smbus: Make the I2C block read command read-only i2c: pm_smbus: Fix the semantics of block I2C transfers i2c: pm_smbus: Clean up some style issues pc-dimm: assign and verify the "addr" property during pre_plug pc: drop memory region alignment check for 0 util/oslib-win32: indicate alignment for qemu_anon_ram_alloc() pc-dimm: assign and verify the "slot" property during pre_plug ipmi: Use proper struct reference for BT vmstate vhost-scsi: expose 't10_pi' property for VIRTIO_SCSI_F_T10_PI vhost-scsi: unify vhost-scsi get_features implementations vhost-user-scsi: move host_features into VHostSCSICommon cpus: allow cpu_get_ticks out of BQL cpus: protect TimerState writes with a spinlock seqlock: add QemuLockable support ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-23i2c: pm_smbus: Add the ability to force block transfer enableCorey Minyard
The PIIX4 hardware has block transfer buffer always enabled in the hardware, but the i801 does not. Add a parameter to pm_smbus_init to force on the block transfer so the PIIX4 handler can enable this by default, as it was disabled by default before. Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1534796770-10295-9-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23i2c: pm_smbus: Don't delay host status register busy bit when interrupts are ↵Corey Minyard
enabled Change 880b1ffe6ec2f0ae "smbus: do not immediately complete commands" changed pm_smbus to delay setting the host busy bit until the status register was read, to work around a bug in AMIBIOS. Unfortunately, when interrupts are enabled, the status register will never get read and the processing will never happen. Modify the code to only delay setting the host busy bit if interrupts are not enabled. Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Hervé Poussineau <hpoussin@reactos.org> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <1534796770-10295-8-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23i2c: pm_smbus: Add interrupt handlingCorey Minyard
Add the necessary code so that interrupts actually work from the pm_smbus device. Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1534796770-10295-7-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23i2c: pm_smbus: Add block transfer capabilityCorey Minyard
There was no block transfer code in pm_smbus.c, and it is needed for some devices. So add it. This adds both byte-by-byte block transfers and buffered block transfers. Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1534796770-10295-5-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23i2c: pm_smbus: Make the I2C block read command read-onlyCorey Minyard
It did have write capability, but the manual says the behavior with write enabled is undefined. So just set an error in this case. Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1534796770-10295-4-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23i2c: pm_smbus: Fix the semantics of block I2C transfersCorey Minyard
The I2C block transfer commands was not implemented correctly, it read a length byte and such like it was an smbus transfer. So fix the smbus_read_block() and smbus_write_block() functions so they can properly handle I2C transfers, and normal SMBus transfers (for upcoming changes). Pass in a transfer size and a bool to know whether to use the size byte (like SMBus) or use the length given (like I2C). Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1534796770-10295-3-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23i2c: pm_smbus: Clean up some style issuesCorey Minyard
Fix some spacing issues, remove extraneous comments, add some defines instead of hard-coding numbers. Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1534796770-10295-2-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23pc-dimm: assign and verify the "addr" property during pre_plugDavid Hildenbrand
We can assign and verify the address before realizing and trying to plug. reading/writing the address property should never fail for DIMMs, so let's reduce error handling a bit by using &error_abort. Getting access to the memory region now might however fail. So forward errors from get_memory_region() properly. As all memory devices should use the alignment of the underlying memory region for guest physical address asignment, do detection of the alignment in pc_dimm_pre_plug(), but allow pc.c to overwrite the alignment for compatibility handling. Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180801133444.11269-5-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23pc: drop memory region alignment check for 0David Hildenbrand
All applicable memory regions always have an alignment > 0. All memory backends result in file_ram_alloc() or qemu_anon_ram_alloc() getting called, setting the alignment to > 0. So a PCDIMM memory region always has an alignment > 0. NVDIMM copy the alignment of the original memory memory region into the handcrafted memory region that will be used at this place. So the check for 0 can be dropped and we can reduce the special handling. Dropping this check makes factoring out of alignment handling easier as compat handling only has to look at pcmc->enforce_aligned_dimm and not care about the alignment of the memory region. Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180801133444.11269-4-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23pc-dimm: assign and verify the "slot" property during pre_plugDavid Hildenbrand
We can assign and verify the slot before realizing and trying to plug. reading/writing the slot property should never fail, so let's reduce error handling a bit by using &error_abort. To do this during pre_plug, add and use (x86, ppc) pc_dimm_pre_plug(). Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180801133444.11269-2-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23ipmi: Use proper struct reference for BT vmstateCorey Minyard
The vmstate for isa_ipmi_bt was referencing into the bt structure, instead create a bt structure separate and use that. The version 1 of the BT transfer was fairly broken, if a migration occured during an IPMI operation, it is likely the migration would be corrupted because I misunderstood the VMSTATE_VBUFFER_UINT32() handling, I thought it handled transferring the length field, too. So I just remove support for that. I doubt anyone is using it at this point. This also removes the transfer of use_irq, since that should come from configuration. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <1534798644-13587-1-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23vhost-scsi: expose 't10_pi' property for VIRTIO_SCSI_F_T10_PIGreg Edwards
Allow toggling on/off the VIRTIO_SCSI_F_T10_PI feature bit for both vhost-scsi and vhost-user-scsi devices. Signed-off-by: Greg Edwards <gedwards@ddn.com> Message-Id: <20180808195235.5843-4-gedwards@ddn.com> Reviewed-by: Felipe Franciosi <felipe@nutanix.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23vhost-scsi: unify vhost-scsi get_features implementationsGreg Edwards
Move the enablement of preset host features into the common vhost_scsi_common_get_features() function. This is in preparation for having vhost-scsi also make use of host_features. Signed-off-by: Greg Edwards <gedwards@ddn.com> Message-Id: <20180808195235.5843-3-gedwards@ddn.com> Reviewed-by: Felipe Franciosi <felipe@nutanix.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23vhost-user-scsi: move host_features into VHostSCSICommonGreg Edwards
In preparation for having vhost-scsi also make use of host_features, move it from struct VHostUserSCSI into struct VHostSCSICommon. Signed-off-by: Greg Edwards <gedwards@ddn.com> Message-Id: <20180808195235.5843-2-gedwards@ddn.com> Reviewed-by: Felipe Franciosi <felipe@nutanix.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23hw/intc/apic: Switch away from old_mmioPeter Maydell
Switch the apic away from using the old_mmio MemoryRegionOps accessor functions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180803101943.23722-1-peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23spapr: do not use CPU_FOREACH_REVERSEEmilio G. Cota
This paves the way for implementing the CPU list with an RCU list, which cannot be traversed in reverse order. Note that this is the only caller of CPU_FOREACH_REVERSE. Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Emilio G. Cota <cota@braap.org> Message-Id: <20180819091335.22863-11-cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23lsi_scsi: add support for PPR Extended MessageGeorge Kennedy
The LSI 53c895a code does not handle the PPR Extended Message. Add support to handle PPR Extended Message like SDTR and WDTR are handled. That is, to skip past the message bytes and ignore the message. Signed-off-by: George Kennedy <george.kennedy@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23fw_cfg: import & use linux/qemu_fw_cfg.hMarc-André Lureau
Use kernel common header for fw_cfg. (unfortunately, optionrom.h must have its own define, since it's actually an assembler header) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180817155910.5722-2-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2018-08-23vfio/pci: Fix failure to close file descriptor on errorAlex Williamson
A new error path fails to close the device file descriptor when triggered by a ballooning incompatibility within the group. Fix it. Fixes: 238e91728503 ("vfio/ccw/pci: Allow devices to opt-in for ballooning") Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-08-23vfio/pci: Handle subsystem realpath() returning NULLAlex Williamson
Fix error reported by Coverity where realpath can return NULL, resulting in a segfault in strcmp(). This should never happen given that we're working through regularly structured sysfs paths, but trivial enough to easily avoid. Fixes: 238e91728503 ("vfio/ccw/pci: Allow devices to opt-in for ballooning") Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-08-23hw/timer/mc146818rtc: Fix introspection problemThomas Huth
There is currently a funny problem with the "mc146818rtc" device: 1) Start QEMU like this: qemu-system-ppc64 -M pseries -S 2) At the HMP monitor, enter "info qom-tree". Note that there is an entry for "/rtc (spapr-rtc)". 3) Introspect the mc146818rtc device like this: device_add mc146818rtc,help 4) Run "info qom-tree" again. The "/rtc" entry is gone now! The rtc_finalize() function of the mc146818rtc device has two bugs: First, it tries to remove a "rtc" property, while the rtc_realizefn() added a "rtc-time" property instead. And second, it should have been done in an unrealize function, not in a finalize function, to avoid that this causes problems during introspection. But since adding aliases to the global machine state should not be done from a device's realize function anyway, let's rather fix this issue by moving the creation of the alias to the code that creates the device (and thus is run from the machine init functions instead), i.e. the mc146818_rtc_init() function for most machines. The prep machines are special, since the mc146818rtc device is created here in the realize function of the i82378 device. Since we certainly don't want to add the alias there, we add it to some code that is called from the ibm_40p_init() machine init function instead. Since the alias is now only created during the machine init, we can remove the object_property_del() completely. Fixes: 654a36d857ff949e0d1989904b76f53fded9dc83 Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1534419358-10932-5-git-send-email-thuth@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23hw/timer/mc146818rtc: White space clean-upThomas Huth
mc146818rtc.c still contains some TABs. Replace them with spaces. And while we're at it, also delete trailing whitespace in this file. Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1534419358-10932-4-git-send-email-thuth@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23megasas: fix sglist leakMarc-André Lureau
tests/cdrom-test -p /x86_64/cdrom/boot/megasas Produces the following ASAN leak. ==25700==ERROR: LeakSanitizer: detected memory leaks Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x7f06f8faac48 in malloc (/lib64/libasan.so.5+0xeec48) #1 0x7f06f87a73c5 in g_malloc (/lib64/libglib-2.0.so.0+0x523c5) #2 0x55a729f17738 in pci_dma_sglist_init /home/elmarco/src/qq/include/hw/pci/pci.h:818 #3 0x55a729f2a706 in megasas_map_dcmd /home/elmarco/src/qq/hw/scsi/megasas.c:698 #4 0x55a729f39421 in megasas_handle_dcmd /home/elmarco/src/qq/hw/scsi/megasas.c:1574 #5 0x55a729f3f70d in megasas_handle_frame /home/elmarco/src/qq/hw/scsi/megasas.c:1955 #6 0x55a729f40939 in megasas_mmio_write /home/elmarco/src/qq/hw/scsi/megasas.c:2119 #7 0x55a729f41102 in megasas_port_write /home/elmarco/src/qq/hw/scsi/megasas.c:2170 #8 0x55a729220e60 in memory_region_write_accessor /home/elmarco/src/qq/memory.c:527 #9 0x55a7292212b3 in access_with_adjusted_size /home/elmarco/src/qq/memory.c:594 #10 0x55a72922cf70 in memory_region_dispatch_write /home/elmarco/src/qq/memory.c:1473 #11 0x55a7290f5907 in flatview_write_continue /home/elmarco/src/qq/exec.c:3255 #12 0x55a7290f5ceb in flatview_write /home/elmarco/src/qq/exec.c:3294 #13 0x55a7290f6457 in address_space_write /home/elmarco/src/qq/exec.c:3384 #14 0x55a7290f64a8 in address_space_rw /home/elmarco/src/qq/exec.c:3395 #15 0x55a72929ecb0 in kvm_handle_io /home/elmarco/src/qq/accel/kvm/kvm-all.c:1729 #16 0x55a7292a0db5 in kvm_cpu_exec /home/elmarco/src/qq/accel/kvm/kvm-all.c:1969 #17 0x55a7291c4212 in qemu_kvm_cpu_thread_fn /home/elmarco/src/qq/cpus.c:1215 #18 0x55a72a966a6c in qemu_thread_start /home/elmarco/src/qq/util/qemu-thread-posix.c:504 #19 0x7f06ed486593 in start_thread (/lib64/libpthread.so.0+0x7593) Move the qemu_sglist_destroy() from megasas_complete_command() to megasas_unmap_frame(), so map/unmap are balanced. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180814141247.32336-1-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2018-08-23fix "Missing break in switch" coverity reportsPaolo Bonzini
Many of these are marked as "intentional/fix required" because they just need adding a fall through comment. This is exactly what this patch does, except for target/mips/translate.c where it is easier to duplicate the code, and hw/audio/sb16.c where I consulted the DOSBox sources and decide to just remove the LOG_UNIMP before the fallthrough. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23es1370: simplify MemoryRegionOpsPaolo Bonzini
Use the automatic subregister extraction from the memory API, and avoid that Coverity complains about missing fallthrough comments. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23scsi: mptsas: Mark as storage deviceGuenter Roeck
mptsas1068 is currently listed as uncategorized device. Mark it as storage device. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Message-Id: <1533076133-22745-1-git-send-email-linux@roeck-us.net> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-21check: Only test pvpanic when it is compiled inJuan Quintela
It was not possible to compile out pvpanic. Use the same trick than applesmc. Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
2018-08-21Merge remote-tracking branch 'remotes/kraxel/tags/usb-20180821-pull-request' ↵Peter Maydell
into staging usb: mtp write support, bugfixes. # gpg: Signature made Tue 21 Aug 2018 10:11:36 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/usb-20180821-pull-request: dev-mtp: rename x-root to rootdir dev-mtp: Add support for > 4GB file transfers dev-mtp: retry write for incomplete transfers dev-mtp: fix buffer allocation for writing file contents dev-mtp: add support for canceling transaction ohci: Clear the interrupt counter for erroneous transfers docs/usb2.txt: ehci has six ports Signed-off-by: Peter Maydell <peter.maydell@linaro.org>