aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2016-10-25Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into ↵Peter Maydell
staging x86 and CPU queue, 2016-10-24 x2APIC support to APIC code, cpu_exec_init() refactor on all architectures, and other x86 changes. # gpg: Signature made Mon 24 Oct 2016 20:51:14 BST # gpg: using RSA key 0x2807936F984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost/tags/x86-pull-request: exec: call cpu_exec_exit() from a CPU unrealize common function exec: move cpu_exec_init() calls to realize functions exec: split cpu_exec_init() pc: q35: Bump max_cpus to 288 pc: Require IRQ remapping and EIM if there could be x2APIC CPUs pc: Add 'etc/boot-cpus' fw_cfg file for machine with more than 255 CPUs Increase MAX_CPUMASK_BITS from 255 to 288 pc: Clarify FW_CFG_MAX_CPUS usage comment pc: kvm_apic: Pass APIC ID depending on xAPIC/x2APIC mode pc: apic_common: Reset APIC ID to initial ID when switching into x2APIC mode pc: apic_common: Restore APIC ID to initial ID on reset pc: apic_common: Extend APIC ID property to 32bit pc: Leave max apic_id_limit only in legacy cpu hotplug code acpi: cphp: Force switch to modern cpu hotplug if APIC ID > 254 pc: acpi: x2APIC support for SRAT table pc: acpi: x2APIC support for MADT table and _MAT method Conflicts: target-arm/cpu.c Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24pc: q35: Bump max_cpus to 288Igor Mammedov
Along with it for machine versions 2.7 and older keep it at 255. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Radim Krčmář <rkrcmar@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24pc: Require IRQ remapping and EIM if there could be x2APIC CPUsIgor Mammedov
It would prevent starting guest with incorrect configs where interrupts couldn't be delivered to CPUs with APIC IDs > 255. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Radim Krčmář <rkrcmar@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24pc: Add 'etc/boot-cpus' fw_cfg file for machine with more than 255 CPUsIgor Mammedov
Currently firmware uses 1 byte at 0x5F offset in RTC CMOS to get number of CPUs present at boot. However 1 byte is not enough to handle more than 255 CPUs. So add a new fw_cfg file that would allow QEMU to tell it. For compat reasons add file only for machine types that support more than 255 CPUs. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24Increase MAX_CPUMASK_BITS from 255 to 288Igor Mammedov
so that it would be possible to increase maxcpus limit for x86 target. Keep spapr/virt_arm at limit they used to have 255. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24pc: Clarify FW_CFG_MAX_CPUS usage commentIgor Mammedov
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24pc: kvm_apic: Pass APIC ID depending on xAPIC/x2APIC modeIgor Mammedov
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Radim Krčmář <rkrcmar@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24pc: apic_common: Reset APIC ID to initial ID when switching into x2APIC modeIgor Mammedov
SDM: x2APIC State Transitions: State Changes From xAPIC Mode to x2APIC Mode " Any APIC ID value written to the memory-mapped local APIC ID register is not preserved " Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Radim Krčmář <rkrcmar@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24pc: apic_common: Restore APIC ID to initial ID on resetIgor Mammedov
APIC ID should be restored to initial APIC ID state after Reset and Power-On. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24pc: apic_common: Extend APIC ID property to 32bitIgor Mammedov
ACPI ID is 32 bit wide on CPUs with x2APIC support. Extend 'id' property to support it. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24pc: Leave max apic_id_limit only in legacy cpu hotplug codeIgor Mammedov
That's enough to make old code that depends on it to prevent QEMU starting with more than 255 CPUs. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24acpi: cphp: Force switch to modern cpu hotplug if APIC ID > 254Igor Mammedov
Switch to modern cpu hotplug at machine startup time if a cpu present at boot has apic-id in range unsupported by legacy cpu hotplug interface (i.e. > 254), to avoid killing QEMU from legacy cpu hotplug code with error: "acpi: invalid cpu id: #apic-id#" Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24pc: acpi: x2APIC support for SRAT tableIgor Mammedov
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24pc: acpi: x2APIC support for MADT table and _MAT methodIgor Mammedov
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-24i2c: Add asserts for second smbus i2c_start_transfer()Corey Minyard
Some SMBus operations restart the transfer to convert from write to read mode without an intervening i2c_end_transfer(). The second call cannot fail, so the return code is unchecked, but this causes Coverity to complain. So add some asserts and documentation about this. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/display: QOM'ify pl110.cxiaoqiang zhao
Drop the old Sysbus init and use instance_init and DeviceClass::realize instead Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 20161023091816.3839-5-zxq_yx_007@163.com [PMM: added accidentally dropped blank line] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/arm: QOM'ify strongarm.cxiaoqiang zhao
Drop the old Sysbus init and use instance_init and DeviceClass::realize instead Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 20161023091816.3839-4-zxq_yx_007@163.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/arm: QOM'ify pxa2xx_gpio.cxiaoqiang zhao
Drop the old Sysbus init and use instance_init and DeviceClass::realize instead Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 20161023091816.3839-3-zxq_yx_007@163.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/arm: QOM'ify musicpal.cxiaoqiang zhao
Drop the old Sysbus init and use instance_init and DeviceClass::realize instead Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 20161023091816.3839-2-zxq_yx_007@163.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24timer: stm32f2xx_timer: add check for prescaler valuePrasad J Pandit
The STM32F2XX Timer emulator uses a 16 bit prescaler value to limit the timer clock rate. It does that by dividing the timer frequency. If the prescaler 's->tim_psc' was set to be UINT_MAX, it'd lead to divide by zero error. Limit prescaler value to 16 bits to avoid it. Reported-by: Huawei PSIRT <psirt@huawei.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 1476800269-31902-1-git-send-email-ppandit@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24i2c: Fix SMBus read transactions to avoid double eventsCorey Minyard
Change 2293c27faddf (i2c: implement broadcast write) added broadcast capability to the I2C bus, but it broke SMBus read transactions. An SMBus read transaction does two i2c_start_transaction() calls without an intervening i2c_end_transfer() call. This will result in i2c_start_transfer() adding the same device to the current_devs list twice, and then the ->event() for the same device gets called twice in the second call to i2c_start_transfer(), resulting in the smbus code getting confused. Note that this happens even with pure I2C devices when simulating SMBus over I2C. This fix only scans the bus if the current set of devices is empty. This means that the current set of devices stays fixed until i2c_end_transfer() is called, which is really what you want. This also deletes the empty check from the top of i2c_end_transfer(). It's unnecessary, and it prevents the broadcast variable from being set to false at the end of the transaction if no devices were on the bus. Cc: KONRAD Frederic <fred.konrad@greensocs.com> Cc: Alistair Francis <alistair.francis@xilinx.com> Cc: Peter Crosthwaite <crosthwaite.peter@gmail.com> Cc: Kwon <hyun.kwon@xilinx.com> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: KONRAD Frederic <fred.konrad@greensocs.com> Tested-by: KONRAD Frederic <fred.konrad@greensocs.com> Message-id: 1470153614-6657-1-git-send-email-minyard@acm.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24timer: a9gtimer: remove loop to auto-increment comparatorPrasad J Pandit
ARM A9MP processor has a peripheral timer with an auto-increment register, which holds an increment step value. A user could set this value to zero. When auto-increment control bit is enabled, it leads to an infinite loop in 'a9_gtimer_update' while updating comparator value. Remove this loop incrementing the comparator value. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 1476733226-11635-1-git-send-email-ppandit@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24ARM: Virt: ACPI: Build an IORT table with RC and ITS nodesPrem Mallappa
This patch builds an IORT table that features a root complex node and an ITS node. This complements the ITS description in the ACPI MADT table and allows vhost-net on ACPI guest. Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com> Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 1476707466-14300-3-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24arm_mptimer: Convert to use ptimerDmitry Osipenko
Current ARM MPTimer implementation uses QEMUTimer for the actual timer, this implementation isn't complete and mostly tries to duplicate of what generic ptimer is already doing fine. Conversion to ptimer brings the following benefits and fixes: - Simple timer pausing implementation - Fixes counter value preservation after stopping the timer - Properly handles prescaler != 0 / counter = 0 / load = 0 cases - Code simplification and reduction Bump VMSD to version 3, since VMState is changed and is not compatible with the previous implementation. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 37f378c33bb5a28d5cd71167a6bd5bff5e59cbc3.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/ptimer: Add "no counter round down" policyDmitry Osipenko
For most of the timers counter starts to decrement after first period expires. Due to rounding down performed by the ptimer_get_count, it returns counter - 1 for the running timer, so that for the ptimer user it looks like counter gets decremented immediately after running the timer. Add "no counter round down" policy that provides correct behaviour for those timers. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: ef39622d0ebfdc32a0877e59ffdf6910dc3db688.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/ptimer: Add "no immediate reload" policyDmitry Osipenko
Immediate counter re-load on setting (or on starting to run with) counter = 0 is a wrong behaviour for some of the timers. Add "no immediate reload" policy that provides correct behaviour for such timers. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: bf9385cd2550ca451d564fa46007688cee3f3d9d.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/ptimer: Add "no immediate trigger" policyDmitry Osipenko
Performing trigger on setting (or starting to run with) counter = 0 could be a wrong behaviour for some of the timers, provide "no immediate trigger" policy to maintain correct behaviour for such timers. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: 72c0319cf2ec599f22397b7da280c06c34dc40dd.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/ptimer: Add "continuous trigger" policyDmitry Osipenko
Currently, periodic timer that has load = delta = 0 performs trigger on timer reload and stops, printing a "period zero" error message. Introduce new policy that makes periodic timer to continuously trigger with a period interval in case of load = 0. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: 632b23dd11055d9bd5e338d66b38fac0bd51462e.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/ptimer: Add "wraparound after one period" policyDmitry Osipenko
Currently, periodic counter wraps around immediately once counter reaches "0", this is wrong behaviour for some of the timers, resulting in one period being lost. Add new ptimer policy that provides correct behaviour for such timers, so that counter stays with "0" for a one period before wrapping around. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: f22a670cf1f4be298b31640cb5f4be1df0f20ab6.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24hw/arm/virt: Set minimum_page_bits to 12Peter Maydell
Since the virt board model will never create a CPU which is pre-ARMv7, we know that our minimum page size is 4K and can set minimum_page_bits accordingly, for improved performance. Note that this is a migration compatibility break, so we introduce it only for the virt-2.8 machine and onward; virt-2.7 continues using the old 1K pages. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-10-24Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* KVM run_on_cpu fix (Alex) * atomic usage fixes (Emilio, me) * hugetlbfs alignment fix (Haozhong) * CharBackend refactoring (Marc-André) * test-i386 fixes (me) * MemoryListener optimizations (me) * Miscellaneous bugfixes (me) * iSER support (Roy) * --version formatting (Thomas) # gpg: Signature made Mon 24 Oct 2016 14:46:19 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (50 commits) exec.c: workaround regression caused by alignment change in d2f39ad char: remove explicit_be_open from CharDriverState char: use common error path in qmp_chardev_add char: replace avail_connections char: remove unused qemu_chr_fe_event char: use an enum for CHR_EVENT char: remove unused CHR_EVENT_FOCUS char: move fe_open in CharBackend char: remove explicit_fe_open, use a set_handlers argument char: rename chr_close/chr_free char: move front end handlers in CharBackend tests: start chardev unit tests char: make some qemu_chr_fe skip if no driver char: replace qemu_chr_claim/release with qemu_chr_fe_init/deinit vhost-user: only initialize queue 0 CharBackend char: fold qemu_chr_set_handlers in qemu_chr_fe_set_handlers char: use qemu_chr_fe* functions with CharBackend argument colo: claim in find_and_check_chardev char: rename some frontend functions char: remaining switch to CharBackend in frontend ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-24char: replace avail_connectionsMarc-André Lureau
No need to count the users of a CharDriverState, it can rely on the fact of whether there is a CharBackend associated or if there is enough space in the muxer. Simplify and fold chr_mux_new_fe() in qemu_chr_fe_init() since there is a single user now. Also switch from fprintf to raising error instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-5-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove unused CHR_EVENT_FOCUSMarc-André Lureau
Usage has long been removed, since commit f220174de8d9. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-2-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove explicit_fe_open, use a set_handlers argumentMarc-André Lureau
No need to keep explicit_fe_open around if it affects only a qemu_chr_fe_set_handlers(). Use an additional argument instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-24-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: move front end handlers in CharBackendMarc-André Lureau
Since the hanlders are associated with a CharBackend, rather than the CharDriverState, it is more appropriate to store in CharBackend. This avoids the handler copy dance in qemu_chr_fe_set_handlers() then mux_chr_update_read_handler(), by storing the CharBackend pointer directly. Also a mux CharDriver should go through mux->backends[focused], since chr->be will stay NULL. Before that, it was possible to call chr->handler by mistake with surprising results, for ex through qemu_chr_be_can_write(), which would result in calling the last set handler front end, not the one with focus. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-22-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: make some qemu_chr_fe skip if no driverMarc-André Lureau
In most cases, front ends do not care about the side effect of CharBackend, so we can simply skip the checks and call the qemu_chr_fe functions even without associated CharDriver. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-20-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: replace qemu_chr_claim/release with qemu_chr_fe_init/deinitMarc-André Lureau
Now that all front end use qemu_chr_fe_init(), we can move chardev claiming in init(), and add a function deinit() to release the chardev and cleanup handlers. The qemu_chr_fe_claim_no_fail() for property are gone, since the property will raise an error instead. In other cases, where there is already an error path, an error is raised instead. Finally, other cases are handled by &error_abort in qemu_chr_fe_init(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-19-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: use qemu_chr_fe* functions with CharBackend argumentMarc-André Lureau
This also switches from qemu_chr_add_handlers() to qemu_chr_fe_set_handlers(). Note that qemu_chr_fe_set_handlers() now takes the focus when fe_open (qemu_chr_add_handlers() did take the focus) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-16-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: rename some frontend functionsMarc-André Lureau
qemu_chr_accept_input() and qemu_chr_disconnect() are only used by frontend, so use qemu_chr_fe prefix. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-14-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remaining switch to CharBackend in frontendMarc-André Lureau
Similar to previous change, for the remaining CharDriverState front ends users. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-13-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: replace PROP_CHR with CharBackendMarc-André Lureau
Store the property in a CharBackend instead of CharDriverState*. This also replace systematically chr by chr.chr to access the CharDriverState*. The following patches will replace it with calls to qemu_chr_fe CharBackend functions. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-12-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24xilinx: fix buffer overflow on realizePaolo Bonzini
ASAN complains about buffer overflow when running: aarch64-softmmu/qemu-system-aarch64 -machine xilinx-zynq-a9 ==476==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000035e38 at pc 0x000000f75253 bp 0x7ffc597e0ec0 sp 0x7ffc597e0eb0 READ of size 8 at 0x602000035e38 thread T0 #0 0xf75252 in xilinx_spips_realize hw/ssi/xilinx_spips.c:623 #1 0xb9ef6c in device_set_realized hw/core/qdev.c:918 #2 0x129ae01 in property_set_bool qom/object.c:1854 #3 0x1296e70 in object_property_set qom/object.c:1088 #4 0x129dd1b in object_property_set_qobject qom/qom-qobject.c:27 #5 0x1297168 in object_property_set_bool qom/object.c:1157 #6 0xb9aeac in qdev_init_nofail hw/core/qdev.c:358 #7 0x78a5bf in zynq_init_spi_flashes /home/elmarco/src/qemu/hw/arm/xilinx_zynq.c:125 #8 0x78af60 in zynq_init /home/elmarco/src/qemu/hw/arm/xilinx_zynq.c:238 #9 0x998eac in main /home/elmarco/src/qemu/vl.c:4534 #10 0x7f96ed692730 in __libc_start_main (/lib64/libc.so.6+0x20730) #11 0x41d0a8 in _start (/home/elmarco/src/qemu/aarch64-softmmu/qemu-system-aarch64+0x41d0a8) 0x602000035e38 is located 0 bytes to the right of 8-byte region [0x602000035e30,0x602000035e38) allocated by thread T0 here: #0 0x7f970b014e60 in malloc (/lib64/libasan.so.3+0xc6e60) #1 0x7f96f15b0e18 in g_malloc (/lib64/libglib-2.0.so.0+0x4ee18) #2 0xb9ef6c in device_set_realized hw/core/qdev.c:918 #3 0x129ae01 in property_set_bool qom/object.c:1854 #4 0x1296e70 in object_property_set qom/object.c:1088 #5 0x129dd1b in object_property_set_qobject qom/qom-qobject.c:27 #6 0x1297168 in object_property_set_bool qom/object.c:1157 #7 0xb9aeac in qdev_init_nofail hw/core/qdev.c:358 #8 0x78a5bf in zynq_init_spi_flashes /home/elmarco/src/qemu/hw/arm/xilinx_zynq.c:125 #9 0x78af60 in zynq_init /home/elmarco/src/qemu/hw/arm/xilinx_zynq.c:238 #10 0x998eac in main /home/elmarco/src/qemu/vl.c:4534 #11 0x7f96ed692730 in __libc_start_main (/lib64/libc.so.6+0x20730) s->spi is allocated with the size of num_busses which may be 1 (by default). Change to use a loop up to s->num_busses also for the call to ssi_auto_connect_slaves(). Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove init callbackMarc-André Lureau
The CharDriverState.init() callback is no longer set since commit a61ae7f88ce and thus unused. The only user, the malta FGPA display has been converted to use an event "opened" callback instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-7-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24malta: replace chr init by CHR_EVENT_OPENED handlerMarc-André Lureau
The CharDriverState.init() callback was introduced in commit ceecf1d158. It is only called from text_console_do_init(), but it is no longer set since commit a61ae7f88 (init assignment has been removed by accident). It seems correct to use an event callback instead and print the console text on CHR_EVENT_OPENED. That way we can remove the single user of CharDriverState init(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-6-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24sun4uv: fix serial initialization regressionMarc-André Lureau
Since commit b6607a1a204d, serial_hds_isa_init() was introduced to factor out serial_isa_init() loops. However, sun4uv shouldn't start from 0 when there is a mm serial on 0 already. Add a "from" argument to serial_hds_isa_init(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-5-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: serial: check divider value against baud basePrasad J Pandit
16550A UART device uses an oscillator to generate frequencies (baud base), which decide communication speed. This speed could be changed by dividing it by a divider. If the divider is greater than the baud base, speed is set to zero, leading to a divide by zero error. Add check to avoid it. Reported-by: Huawei PSIRT <psirt@huawei.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-Id: <1476251888-20238-1-git-send-email-ppandit@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-21xen_platform: SUSE xenlinux unplug for emulated PCIOlaf Hering
Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests. Its a simple 'outl(1, (ioaddr + 4));'. This protocol was implemented and used since Xen 3.0.4. It is used in all SUSE/SLES/openSUSE releases up to SLES11SP3 and openSUSE 12.3. In addition old (pre-2011) VMDP versions are handled as well. Signed-off-by: Olaf Hering <olaf@aepfle.de> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
2016-10-21xen_platform: unplug also SCSI disksOlaf Hering
Using 'vdev=sd[a-o]' will create an emulated LSI controller, which can be used by the emulated BIOS to boot from disk. If the HVM domU has also PV driver the disk may appear twice in the guest. To avoid this an unplug of the emulated hardware is needed, similar to what is done for IDE and NIC drivers already. Since the SCSI controller provides only disks the entire controller can be unplugged at once. Impact of the change for classic and pvops based guest kernels: vdev=sda:disk0 before: pvops: disk0=pv xvda + emulated sda classic: disk0=pv sda + emulated sdq after: pvops: disk0=pv xvda classic: disk0=pv sda vdev=hda:disk0, vdev=sda:disk1 before: pvops: disk0=pv xvda disk1=emulated sda classic: disk0=pv hda disk1=pv sda + emulated sdq after: pvops: disk0=pv xvda disk1=not accessible by blkfront, index hda==index sda classic: disk0=pv hda disk1=pv sda vdev=hda:disk0, vdev=sda:disk1, vdev=sdb:disk2 before: pvops: disk0=pv xvda disk1=emulated sda disk2=pv xvdb + emulated sdb classic: disk0=pv hda disk1=pv sda + emulated sdq disk2=pv sdb + emulated sdr after: pvops: disk0=pv xvda disk1=not accessible by blkfront, index hda==index sda disk2=pv xvdb classic: disk0=pv hda disk1=pv sda disk2=pv sda Signed-off-by: Olaf Hering <olaf@aepfle.de> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
2016-10-21xen-usb: do not reference PAGE_SIZEStefano Stabellini
PAGE_SIZE is undefined on ARM64. Use XC_PAGE_SIZE instead, which is always 4096 even when page granularity is 64K. For this to actually work with 64K pages, more changes are required. Signed-off-by: Stefano Stabellini <sstabellini@kernel.org> Reviewed-by: Juergen Gross <jgross@suse.com> Release-acked-by: Wei Liu <wei.liu2@citrix.com>
2016-10-18Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20161017.0' ↵Peter Maydell
into staging VFIO updates 2016-10-17 - Convert to realize & improve error reporting (Eric Auger) - RTL quirk bug fix (Thorsten Kohfeldt) - Skip duplicate pre/post reset (Cao jin) # gpg: Signature made Mon 17 Oct 2016 20:42:44 BST # gpg: using RSA key 0x239B9B6E3BB08B22 # gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" # gpg: aka "Alex Williamson <alex@shazbot.org>" # gpg: aka "Alex Williamson <alwillia@redhat.com>" # gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" # Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B 8A90 239B 9B6E 3BB0 8B22 * remotes/awilliam/tags/vfio-updates-20161017.0: vfio: fix duplicate function call vfio/pci: Fix vfio_rtl8168_quirk_data_read address offset vfio/pci: Handle host oversight vfio/pci: Remove vfio_populate_device returned value vfio/pci: Remove vfio_msix_early_setup returned value vfio/pci: Conversion to realize vfio/platform: Pass an error object to vfio_base_device_init vfio/platform: fix a wrong returned value in vfio_populate_device vfio/platform: Pass an error object to vfio_populate_device vfio: Pass an error object to vfio_get_device vfio: Pass an error object to vfio_get_group vfio: Pass an Error object to vfio_connect_container vfio/pci: Pass an error object to vfio_pci_igd_opregion_init vfio/pci: Pass an error object to vfio_add_capabilities vfio/pci: Pass an error object to vfio_intx_enable vfio/pci: Pass an error object to vfio_msix_early_setup vfio/pci: Pass an error object to vfio_populate_device vfio/pci: Pass an error object to vfio_populate_vga vfio/pci: Use local error object in vfio_initfn Signed-off-by: Peter Maydell <peter.maydell@linaro.org>