aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2017-06-13hw/arm/exynos: Move DRAM initialization next boardsKrzysztof Kozlowski
Before QOM-ifying the Exynos4 SoC model, move the DRAM initialization from exynos4210.c to exynos4_boards.c because DRAM is board specific, not SoC. Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-13hw/timer/exynos4210_mct: Remove unused definesKrzysztof Kozlowski
Remove defines not used anywhere. Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-13hw/timer/exynos4210_mct: Cleanup indentation and empty new linesKrzysztof Kozlowski
Statements under 'case' were in some places wrongly indented bringing confusion and making the code less readable. Remove also few unneeded blank lines. No functional changes. Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-13hw/timer/exynos4210_mct: Fix checkpatch style errorsKrzysztof Kozlowski
Fix checkpatch errors: 1. ERROR: spaces required around that '+' (ctx:VxV) 2. ERROR: spaces required around that '&' (ctx:VxV) No functional changes. Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-13hw/intc/exynos4210_gic: Use more meaningful name for local variableKrzysztof Kozlowski
There are to SysBusDevice variables in exynos4210_gic_realize() function: one for the device itself and second for arm_gic device. Add a prefix "gic" to the second one so it will be easier to understand the code. While at it, put local uninitialized 'i' variable at the end, next to other uninitialized ones. Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-13Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20170613' ↵Peter Maydell
into staging migration/next for 20170613 # gpg: Signature made Tue 13 Jun 2017 10:01:45 BST # gpg: using RSA key 0xF487EF185872D723 # gpg: Good signature from "Juan Quintela <quintela@redhat.com>" # gpg: aka "Juan Quintela <quintela@trasno.org>" # Primary key fingerprint: 1899 FF8E DEBF 58CC EE03 4B82 F487 EF18 5872 D723 * remotes/juanquintela/tags/migration/20170613: migration: Move migration.h to migration/ migration: Move remaining exported functions to migration/misc.h migration: create global_state.c migration: ram_control_* are implemented in qemu_file migration: Commands are only used inside migration.c migration: Move constants to savevm.h migration: Move dump_vmsate_json_to_file() to misc.h migration: Split registration functions from vmstate.h migration: Move self_announce_delay() to misc.h migration: Remove MigrationState from migration_channel_incomming() ram: Now POSTCOPY_ACTIVE is the same that STATUS_ACTIVE ram: Print block stats also in the complete case migration: Don't try to set *errp directly migration: isolate return path on src Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-13Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.10-20170609' ↵Peter Maydell
into staging ppc patch queue 2017-06-09 This batch contains more patches to rework the pseries machine hotplug infrastructure, plus an assorted batch of bugfixes. It contains a start on fixes to restore migration from older machine types on older versions which was broken by some xics changes. There are still a few missing pieces here, though. # gpg: Signature made Fri 09 Jun 2017 06:26:03 BST # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.10-20170609: Revert "spapr: fix memory hot-unplugging" xics: drop ICPStateClass::cpu_setup() handler xics: setup cpu at realize time xics: pass appropriate types to realize() handlers. xics: introduce macros for ICP/ICS link properties hw/cpu: core.c can be compiled as common object hw/ppc/spapr: Adjust firmware name for PCI bridges xics: add reset() handler to ICPStateClass pnv_core: drop reference on ICPState object during CPU realization spapr: Rework DRC name handling spapr: Fold spapr_phb_{add,remove}_pci_device() into their only callers spapr: Change DRC attach & detach methods to functions spapr: Clean up handling of DR-indicator spapr: Clean up RTAS set-indicator spapr: Don't misuse DR-indicator in spapr_recover_pending_dimm_state() spapr: Clean up DR entity sense handling pseries: Correct panic behaviour for pseries machine type spapr: fix memory leak in spapr_memory_pre_plug() target/ppc: fix memory leak in kvmppc_is_mem_backend_page_size_ok() target/ppc: pass const string to kvmppc_is_mem_backend_page_size_ok() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-13Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc, pci, vhost: fixes Some fixes all over the place. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Thu 08 Jun 2017 20:04:24 BST # gpg: using RSA key 0x281F0DB8D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: hw/pcie: fix the generic pcie root port to support migration nvdimm acpi: fix region format interface code vhost-user-bridge: fix iov_restore_front() warning Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-13migration: Move remaining exported functions to migration/misc.hJuan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Xu <peterx@redhat.com>
2017-06-13migration: create global_state.cJuan Quintela
It don't belong anywhere else, just the global state where everybody can stick other things. Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <lvivier@redhat.com>
2017-06-13migration: Split registration functions from vmstate.hJuan Quintela
They are indpendent, and nowadays almost every device register things with qdev->vmsd. Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Xu <peterx@redhat.com>
2017-06-13migration: Move self_announce_delay() to misc.hJuan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com>
2017-06-13Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20170608' into ↵Peter Maydell
staging s390x: misc fixes bunch of fixes - reject MIDA accesses for CCWs - cpumodel fixes - cross-build fix for bios - migration improvements # gpg: Signature made Thu 08 Jun 2017 14:10:29 BST # gpg: using RSA key 0x117BBC80B5A61C7C # gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>" # Primary key fingerprint: F922 9381 A334 08F9 DBAB FBCA 117B BC80 B5A6 1C7C * remotes/borntraeger/tags/s390x-20170608: s390x/cpumodel: improve defintion search without an IBC s390x/cpumodel: take care of the cpuid format bit for KVM pc-bios/s390-ccw: use STRIP variable in Makefile s390x/css: fence off MIDA s390x/css: catch section mismatch on load Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-09Revert "spapr: fix memory hot-unplugging"Laurent Vivier
This reverts commit fe6824d12642b005c69123ecf8631f9b13553f8b. Conflicts hw/ppc/spapr_drc.c, because get_index() has been renamed spapr_get_index(). This didn't fix the problem. Once the hotplug has been started some memory is allocated and some structures are allocated. We don't free it when we ignore the unplug, and we can't because they can be in use by the kernel. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Tested-by: Daniel Barboza <danielhb@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-06-09xics: drop ICPStateClass::cpu_setup() handlerGreg Kurz
The cpu_setup() handler is only implemented by xics_kvm, where it really does a typical "realize" job. Moreover, the realize() handler is called shortly after cpu_setup(), on the same path. This patch converts xics_kvm to implement realize() instead of cpu_setup(). Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-06-09xics: setup cpu at realize timeGreg Kurz
Until recently, spapr used to allocate ICPState objects for the lifetime of the machine. They would only be associated to vCPUs in xics_cpu_setup() when plugging a CPU core. Now that ICPState objects have the same lifecycle as vCPUs, it is possible to associate them during realization. This patch hence open-codes xics_cpu_setup() in icp_realize(). The vCPU is passed as a property. Note that vCPU now needs to be realized first for the IRQs to be allocated. It also needs to resetted before ICPState realization in order to synchronize with KVM. Since ICPState objects are freed when unrealized, xics_cpu_destroy() isn't needed anymore and can be safely dropped. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-06-09xics: pass appropriate types to realize() handlers.Greg Kurz
It makes more sense to pass an IPCState * to handlers of ICPStateClass instead of a DeviceState *, if only to benefit from compile time type checking. The same goes with ICSStateClass. While here, we also change the declaration of ICPStateClass in xics.h for consistency. Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-06-09xics: introduce macros for ICP/ICS link propertiesGreg Kurz
These properties are part of the XICS API. They deserve to appear explicitely in the XICS header file. Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-06-09hw/cpu: core.c can be compiled as common objectThomas Huth
There does not seem to be any target specific code in core.c, so we can put it into "common-obj" instead of "obj" to compile it only once for all targets. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-06-08hw/pcie: fix the generic pcie root port to support migrationMarcel Apfelbaum
Add msix state to pcie-root-ports's vmstate in order to support migration. Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-06-08nvdimm acpi: fix region format interface codeHaozhong Zhang
Per ACPI 6.2, section 5.2.25.6 and JEDEC Annex L Release 3, the current region format interface code 0x201 indicates the block addressed function interface 1, rather than a byte addressable interface. Fix it by using 0x301 which indicates the byte addressable no energy backed function interface 1. Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-06-08hw/ppc/spapr: Adjust firmware name for PCI bridgesThomas Huth
SLOF uses "pci" as name for PCI bridges nodes in the device tree instead of "pci-bridges", so booting via bootindex from a device behind a PCI bridge currently does not work since QEMU passes the wrong name in the "qemu,boot-list" property. Fix it by changing the name of the PCI bridge nodes to "pci" instead. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1459170 Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-06-08xics: add reset() handler to ICPStateClassGreg Kurz
Taking into account that qemu_set_irq() returns immediatly if its first argument is NULL, icp_kvm_reset() largely duplicates icp_reset(). This patch introduces a reset() handler, so that the common logic can be implemented in icp_reset() only. While there we can also drop icp_kvm_realize() and icp_kvm_unrealize(). This causes icp-kvm to be realized in icp_realize(), which sets icp->xics, but it has no impact. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-06-08pnv_core: drop reference on ICPState object during CPU realizationGreg Kurz
Similarly to what was done to spapr with commit 249127d0dfeb, this patch ensures that we don't keep an extra reference on the ICPState object. Also since the object was just created and not reparented yet, the call to object_property_add_child() should never fail: let's pass &error_abort to make this clear. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-06-08spapr: Rework DRC name handlingDavid Gibson
DRC objects have a get_name method which returns the DRC name generated when the DRC is created. Replace that with a fixed spapr_drc_name() function which generates the name on the fly from other information. This means: * We get rid of a method with only one implementation, and only local callers * We don't have to carry the name string around for the lifetime of the DRC * We use information added to the class structure to generate the name in standard format, so we don't need an explicit switch on drc type any more We also eliminate the 'name' property; it's basically useless since the only information in it can easily be deduced from other things. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2017-06-08spapr: Fold spapr_phb_{add,remove}_pci_device() into their only callersDavid Gibson
Both functions are fairly short, and so are their callers. There's no particular logical distinction between them, so fold them together. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2017-06-08spapr: Change DRC attach & detach methods to functionsDavid Gibson
DRC objects have attach & detach methods, but there's only one implementation. Although there are some differences in its behaviour for different DRC types, the overall structure is the same, so while we might want different method implementations for some parts, we're unlikely to want them for the top-level functions. So, replace them with direct function calls. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2017-06-08spapr: Clean up handling of DR-indicatorDavid Gibson
There are 3 types of "indicator" associated with hotplug in the PAPR spec the "allocation state", "isolation state" and "DR-indicator". The first two are intimately tied to the various state transitions associated with hotplug. The DR-indicator, however, is different and simpler. It's basically just a guest controlled variable which can be used by the guest to flag state or problems associated with a device. The idea is that the hypervisor can use it to present information back on management consoles (on some machines with PowerVM it may even control physical LEDs on the machine case associated with the relevant device). For that reason, there's only ever likely to be a single update implementation so the set_indicator_state method isn't useful. Replace it with a direct function call. While we're there, make some small associated cleanups: * PAPR doesn't use the term "indicator state", just "DR-indicator" and the allocation state and isolation state are also considered "indicators". Rename things to be less confusing * Fold set_indicator_state() and rtas_set_indicator_state() into a single rtas_set_dr_indicator() function. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2017-06-08spapr: Clean up RTAS set-indicatorDavid Gibson
In theory the RTAS set-indicator call can be used for a number of "indicators" defined by PAPR. In practice the only ones we're ever likely to implement are those used for Dynamic Reconfiguration (i.e. hotplug). Because of this, the current implementation determines the associated DRC object, before dispatching based on the type of indicator. However, this means we also need a check that we're dealing with a DR related indicator at all, which duplicates some of the logic from the switch further down. Even though it means a bit of code duplication, things work out cleaner if we delegate the DRC lookup to the individual indicator type functions - and it also allows some further cleanups. While we're there, remove references to "sensor", a copy/paste artefact from the related, but distinct "get-sensor" call. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2017-06-08spapr: Don't misuse DR-indicator in spapr_recover_pending_dimm_state()David Gibson
With some combinations of migration and hotplug we can lost temporary state indicating how many DRCs (guest side hotplug handles) are still connected to a DIMM object in the process of removal. When we hit that situation spapr_recover_pending_dimm_state() is used to scan more extensively and work out the right number. It does this using drc->indicator state to determine what state of disconnection the DRC is in. However, this is not safe, because the indicator state is guest settable - in fact it's more-or-less a purely guest->host notification mechanism which should have no bearing on the internals of hotplug state management. So, replace the test for this with a test on drc->dev, which is a purely qemu side managed variable, and updated the same BQL critical section as the indicator state. This does introduce an off-by-one change, because the indicator state was updated before the call to spapr_lmb_release() on the current DRC, whereas drc->dev is updated afterwards. That's corrected by always decrementing the nr_lmbs value instead of only doing so in the case where we didn't have to recover information. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2017-06-08spapr: Clean up DR entity sense handlingDavid Gibson
DRC classes have an entity_sense method to determine (in a specific PAPR sense) the presence or absence of a device plugged into a DRC. However, we only have one implementation of the method, which explicitly tests for different DRC types. This changes it to instead have different method implementations for the two cases: "logical" and "physical" DRCs. While we're at it, the entity sense method always returns RTAS_OUT_SUCCESS, and the interesting value is returned via pass-by-reference. Simplify this to directly return the value we care about Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2017-06-08pseries: Correct panic behaviour for pseries machine typeDavid Gibson
The pseries machine type doesn't usually use the 'pvpanic' device as such, because it has a firmware/hypervisor facility with roughly the same purpose. The 'ibm,os-term' RTAS call notifies the hypervisor that the guest has crashed. Our implementation of this call was sending a GUEST_PANICKED qmp event; however, it was not doing the other usual panic actions, making its behaviour different from pvpanic for no good reason. To correct this, we should call qemu_system_guest_panicked() rather than directly sending the panic event. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Thomas Huth <thuth@redhat.com>
2017-06-08spapr: fix memory leak in spapr_memory_pre_plug()Greg Kurz
The string returned by object_property_get_str() is dynamically allocated. (Spotted by Coverity, CID 1375942) Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-06-07Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* virtio-scsi use-after-free fix (Fam) * SMM fixes and improvements for TCG (myself, Mihail) * irqchip and AddressSpaceDispatch cleanups and fixes (Peter) * Coverity fix (Stefano) * NBD cleanups and fixes (Vladimir, Eric, myself) * RTC accuracy improvements and code cleanups (Guangrong+Yunfang) * socket error reporting improvement (Daniel) * GDB XML description for SSE registers (Abdallah) * kvmclock update fix (Denis) * SMM memory savings (Gonglei) * -cpu 486 fix (myself) * various bugfixes (Roman, Peter, myself, Thomas) * rtc-test improvement (Guangrong) * migration throttling fix (Felipe) * create docs/ subdirectories (myself) # gpg: Signature made Wed 07 Jun 2017 17:22:07 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (31 commits) docs: create config/, devel/ and spin/ subdirectories cpus: reset throttle_thread_scheduled after sleep kvm: don't register smram_listener when smm is off nbd: make it thread-safe, fix qcow2 over nbd target/i386: Add GDB XML description for SSE registers i386/kvm: do not zero out segment flags if segment is unusable or not present edu: fix memory leak on msi_broken platforms linuxboot_dma: compile for i486 kvmclock: update system_time_msr address forcibly nbd: Fully initialize client in case of failed negotiation sockets: improve error reporting if UNIX socket path is too long i386: fix read/write cr with icount option target/i386: use multiple CPU AddressSpaces target/i386: enable A20 automatically in system management mode virtio-scsi: Unset hotplug handler when unrealize exec: simplify phys_page_find() params nbd/client.c: use errp instead of LOG nbd: add errp to read_sync, write_sync and drop_sync nbd: add errp parameter to nbd_wr_syncv() nbd: read_sync and friends: return 0 on success ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-07edu: fix memory leak on msi_broken platformsPaolo Bonzini
If msi_init fails, the thread has already been created and the mutex/condvar are not destroyed. Initialize everything only after the point where pci_edu_realize cannot fail. Reported-by: Markus Armbruster <armbru@redhat.com> Cc: Peter Xu <peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-07kvmclock: update system_time_msr address forciblyDenis Plotnikov
Do an update of system_time_msr address every time before reading the value of tsc_timestamp from guest's kvmclock page. There is no other code paths which ensure that qemu has an up-to-date value of system_time_msr. So, force this update on guest's tsc_timestamp reading. This bug causes effect on those nested setups which turn off TPR access interception for L2 guests and that access being intercepted by L0 doesn't show up in L1. Linux bootstrap initiate kvmclock before APIC initializing causing TPR access. That's why on L1 guests, having TPR interception turned on for L2, the effect of the bug is not revealed. This patch fixes this problem by making sure it knows the correct system_time_msr address every time it is needed. Signed-off-by: Denis Plotnikov <dplotnikov@virtuozzo.com> Message-Id: <1496054944-25623-1-git-send-email-dplotnikov@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-07arm_gicv3: Fix ICC_BPR1 reset value when EL3 not implementedPeter Maydell
If EL3 is not implemented (ie only one security state) then the one and only ICC_BPR1 register behaves like the Non-secure ICC_BPR1 in an EL3-present configuration. In particular, its reset value is GIC_MIN_BPR_NS, not GIC_MIN_BPR. Correct the erroneous reset value; this fixes a problem where we might hit the assert added in commit a89ff39ee901. Reported-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 1496849369-30282-1-git-send-email-peter.maydell@linaro.org
2017-06-07Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Wed 07 Jun 2017 04:29:20 BST # gpg: using RSA key 0xEF04965B398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: Revert "Change net/socket.c to use socket_*() functions" again net/rocker: Cleanup the useless return value check Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-07net/rocker: Cleanup the useless return value checkMao Zhongyi
None of pci_dma_read()'s callers check the return value except rocker. There is no need to check it because it always return 0. So the check work is useless. Remove it entirely. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-06-06virtio-scsi: Unset hotplug handler when unrealizeFam Zheng
This matches the qbus_set_hotplug_handler in realize, and it releases the final reference to the embedded VirtIODevice so that it is properly finalized. A use-after-free is fixed with this patch, indirectly: virtio_device_instance_finalize wasn't called at hot-unplug, and the vdev->listener would be a dangling pointer in the global and the per address space listener list. See also RHBZ 1449031. Cc: qemu-stable@nongnu.org Signed-off-by: Fam Zheng <famz@redhat.com> Message-Id: <20170518102808.30046-1-famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-06msix: trace control bit write opPeter Xu
Meanwhile, abstract a function to detect msix masked bit. Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1494309644-18743-3-git-send-email-peterx@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-06qtest: add rtc periodic timer testXiao Guangrong
It tests the accuracy of rtc periodic timer which is recently improved & fixed by commit 7ffcb539a3 ("mc146818rtc: precisely count the clock for periodic timer", 2017-05-19). Signed-off-by: Xiao Guangrong <xiaoguangrong@tencent.com> Message-Id: <20170527025301.23499-1-xiaoguangrong@tencent.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-06mc146818rtc: embrace all x86 specific codeXiao Guangrong
Introduce a function, rtc_policy_slew_deliver_irq(), which delivers irq if LOST_TICK_POLICY_SLEW is used, as which is only supported on x86, other platforms call it will trigger a assert After that, we can move the x86 specific code to the common place Signed-off-by: Xiao Guangrong <xiaoguangrong@tencent.com> Message-Id: <20170510083259.3900-6-xiaoguangrong@tencent.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-06mc146818rtc: drop unnecessary '#ifdef TARGET_I386'Xiao Guangrong
If the code purely depends on LOST_TICK_POLICY_SLEW, we can simply drop '#ifdef TARGET_I386' as only x86 can enable this tick policy Signed-off-by: Xiao Guangrong <xiaoguangrong@tencent.com> Message-Id: <20170510083259.3900-5-xiaoguangrong@tencent.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-06mc146818rtc: ensure LOST_TICK_POLICY_SLEW is only enabled on TARGET_I386Xiao Guangrong
Any tick policy specified on other platforms rather on TARGET_I386 will fall back to LOST_TICK_POLICY_DISCARD silently, this patch makes sure only TARGET_I386 can enable LOST_TICK_POLICY_SLEW After that, we can enable LOST_TICK_POLICY_SLEW in the common code which need not use '#ifdef TARGET_I386' to make these code be x86 specific anymore Signed-off-by: Xiao Guangrong <xiaoguangrong@tencent.com> Message-Id: <20170510083259.3900-4-xiaoguangrong@tencent.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-06mc146818rtc: precisely count the clock for periodic timerTai Yunfang
There are two issues in current code: 1) If the period is changed by re-configuring RegA, the coalesced irq will be scaled to reflect the new period, however, it calculates the new interrupt number like this: s->irq_coalesced = (s->irq_coalesced * s->period) / period; There are some clocks will be lost if they are not enough to be squeezed to a single new period that will cause the VM clock slower In order to fix the issue, we calculate the interrupt window based on the precise clock rather than period, then the clocks lost during period is scaled can be compensated properly 2) If periodic_timer_update() is called due to RegA reconfiguration, i.e, the period is updated, current time is not the start point for the next periodic timer, instead, which should start from the last interrupt, otherwise, the clock in VM will become slow This patch takes the clocks from last interrupt to current clock into account and compensates the clocks for the next interrupt, especially if a complete interrupt was lost in this window, the time can be caught up by LOST_TICK_POLICY_SLEW Signed-off-by: Tai Yunfang <yunfangtai@tencent.com> Signed-off-by: Xiao Guangrong <xiaoguangrong@tencent.com> Message-Id: <20170510083259.3900-3-xiaoguangrong@tencent.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-06mc146818rtc: update periodic timer only if it is neededXiao Guangrong
Currently, the timer is updated whenever RegA or RegB is written even if the periodic timer related configuration is not changed This patch optimizes it slightly to make the update happen only if its period or enable-status is changed, also later patches are depend on this optimization Signed-off-by: Xiao Guangrong <xiaoguangrong@tencent.com> Message-Id: <20170510083259.3900-2-xiaoguangrong@tencent.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-06Merge remote-tracking branch 'remotes/xtensa/tags/20170606-xtensa' into stagingPeter Maydell
target/xtensa fixes: - fix read/write simcall mapping flags and return value; - use -serial option to direct console output of sim machine to QEMU chardev; - fix handling of unknown registers in the gdbstub. # gpg: Signature made Tue 06 Jun 2017 11:46:05 BST # gpg: using RSA key 0x51F9CC91F83FA044 # gpg: Good signature from "Max Filippov <filippov@cadence.com>" # gpg: aka "Max Filippov <max.filippov@cogentembedded.com>" # gpg: aka "Max Filippov <jcmvbkbc@gmail.com>" # Primary key fingerprint: 2B67 854B 98E5 327D CDEB 17D8 51F9 CC91 F83F A044 * remotes/xtensa/tags/20170606-xtensa: target/xtensa: handle unknown registers in gdbstub target/xtensa: support output to chardev console target/xtensa: fix return value of read/write simcalls target/xtensa: fix mapping direction in read/write simcalls Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-06Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.10-20170606' ↵Peter Maydell
into staging ppc patch queue 2017-06-06 Accumulated patches for ppc targets and the pseries machine type. The big thing in this batch is a start on a substantial cleanup of the pseries hotplug mechanisms, which were pretty confusing. For now these shouldn't cause substantial behavioural changes, but I am hoping these lead to clearer code and eventually to fixes for the bugs we have in hotplug handling, particularly when hotplug and migration are combined. The remaining patches are mostly bugfixes. # gpg: Signature made Tue 06 Jun 2017 03:48:50 BST # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.10-20170606: spapr: Remove some non-useful properties on DRC objects spapr: Eliminate spapr_drc_get_type_str() spapr: Move configure-connector state into DRC spapr: Clean up spapr_dr_connector_by_*() spapr: Introduce DRC subclasses spapr/drc: don't migrate DRC of cold-plugged CPUs and LMBs spapr: Allow boot from vhost-*-scsi backends ppc/pnv: check the return value of fdt_setprop() spapr_nvram: Check return value from blk_getlength() target/ppc: Fixup set_spr error in h_register_process_table target-ppc: Fix openpic timer read register offset spapr: Make DRC get_index and get_type methods into plain functions spapr: Abolish DRC set_configured method spapr: Abolish DRC get_fdt method spapr: Move DRC RTAS calls into spapr_drc.c migration: Mark CPU states dirty before incoming migration/loadvm migration: remove register_savevm() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-06-06target/xtensa: support output to chardev consoleMax Filippov
In semihosting mode QEMU allows guest to read and write host file descriptors directly, including descriptors 0..2, a.k.a. stdin, stdout and stderr. Sometimes it's desirable to have semihosting console controlled by -serial option, e.g. to connect it to network. Add semihosting console to xtensa-semi.c, open it in the 'sim' machine in the presence of -serial option and direct stdout and stderr to it when it's present. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>