New VFIO_SPAPR_TCE_v2_IOMMU type supports dynamic DMA window management.
This adds ability to VFIO common code to dynamically allocate/remove
DMA windows in the host kernel when new VFIO container is added/removed.
This adds a helper to vfio_listener_region_add which makes
VFIO_IOMMU_SPAPR_TCE_CREATE ioctl and adds just created IOMMU into
the host IOMMU list; the opposite action is taken in
vfio_listener_region_del.
When creating a new window, this uses heuristic to decide on the TCE table
levels number.
This should cause no guest visible change in behavior.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
[dwg: Added some casts to prevent printf() warnings on certain targets
where the kernel headers' __u64 doesn't match uint64_t or PRIx64] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This makes use of the new "memory registering" feature. The idea is
to provide the userspace ability to notify the host kernel about pages
which are going to be used for DMA. Having this information, the host
kernel can pin them all once per user process, do locked pages
accounting (once) and not spent time on doing that in real time with
possible failures which cannot be handled nicely in some cases.
This adds a prereg memory listener which listens on address_space_memory
and notifies a VFIO container about memory which needs to be
pinned/unpinned. VFIO MMIO regions (i.e. "skip dump" regions) are skipped.
The feature is only enabled for SPAPR IOMMU v2. The host kernel changes
are required. Since v2 does not need/support VFIO_IOMMU_ENABLE, this does
not call it when v2 is detected and enabled.
This enforces guest RAM blocks to be host page size aligned; however
this is not new as KVM already requires memory slots to be host page
size aligned.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[dwg: Fix compile error on 32-bit host] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
spapr_iommu: Realloc guest visible TCE table when starting/stopping listening
The sPAPR TCE tables manage 2 copies when VFIO is using an IOMMU -
a guest view of the table and a hardware TCE table. If there is no VFIO
presense in the address space, then just the guest view is used, if
this is the case, it is allocated in the KVM. However since there is no
support yet for VFIO in KVM TCE hypercalls, when we start using VFIO,
we need to move the guest view from KVM to the userspace; and we need
to do this for every IOMMU on a bus with VFIO devices.
This implements the callbacks for the sPAPR IOMMU - notify_started()
reallocated the guest view to the user space, notify_stopped() does
the opposite.
This removes explicit spapr_tce_set_need_vfio() call from PCI hotplug
path as the new callbacks do this better - they notify IOMMU at
the exact moment when the configuration is changed, and this also
includes the case of PCI hot unplug.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
spapr: Ensure thread0 of CPU core is always realized first
During CPU core realization, we create all the thread objects and parent
them to the core object in a loop. However, the realization of thread
objects is done separately by walking the threads of a core using
object_child_foreach(). With this, there is no guarantee on the order
in which the child thread objects get realized. Since CPU device tree
properties are currently derived from the CPU thread object, we assume
thread0 of the core to be the representative thread of the core when
creating device tree properties for the core. If thread0 is not the
first thread that gets realized, then we would end up having an
incorrect dt_id for the core and this causes hotplug failures from
the guest.
Fix this by realizing each thread object by walking the core's thread
object list thereby ensuring that thread0 and other threads are always
realized in the correct order.
Future TODO: CPU DT nodes are per-core properties and we should
ideally base the creation of CPU DT nodes on core objects rather than
the thread objects.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Peter Maydell [Mon, 4 Jul 2016 15:28:58 +0000 (16:28 +0100)]
Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-07-04-1' into staging
Merge qcrypto 2016/07/04 v1
# gpg: Signature made Mon 04 Jul 2016 15:54:26 BST
# gpg: using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/pull-qcrypto-2016-07-04-1:
crypto: allow default TLS priority to be chosen at build time
crypto: add support for TLS priority string override
crypto: implement sha224, sha384, sha512 and ripemd160 hashes
crypto: switch hash code to use nettle/gcrypt directly
crypto: rename OUT to out in xts test to avoid clash on MinGW
crypto: fix handling of iv generator hash defaults
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Daniel P. Berrange [Mon, 6 Jun 2016 09:05:06 +0000 (10:05 +0100)]
crypto: allow default TLS priority to be chosen at build time
Modern gnutls can use a global config file to control the
crypto priority settings for TLS connections. For example
the priority string "@SYSTEM" instructs gnutls to find the
priority setting named "SYSTEM" in the global config file.
Latest gnutls GIT codebase gained the ability to reference
multiple priority strings in the config file, with the first
one that is found to existing winning. This means it is now
possible to configure QEMU out of the box with a default
priority of "@QEMU,SYSTEM", which says to look for the
settings "QEMU" first, and if not found, use the "SYSTEM"
settings.
To make use of this facility, we introduce the ability to
set the QEMU default priority at build time via a new
configure argument. It is anticipated that distro vendors
will set this when building QEMU to a suitable value for
use with distro crypto policy setup. eg current Fedora
would run
./configure --tls-priority=@SYSTEM
while future Fedora would run
./configure --tls-priority=@QEMU,SYSTEM
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Daniel P. Berrange [Mon, 6 Jun 2016 08:52:07 +0000 (09:52 +0100)]
crypto: add support for TLS priority string override
The gnutls default priority is either "NORMAL" (most historical
versions of gnutls) which is a built-in label in gnutls code,
or "@SYSTEM" (latest gnutls on Fedora at least) which refers
to an admin customizable entry in a gnutls config file.
Regardless of which default is used by a distro, they are both
global defaults applying to all applications using gnutls. If
a single application on the system needs to use a weaker set
of crypto priorities, this potentially forces the weakness onto
all applications. Or conversely if a single application wants a
strong default than all others, it can't do this via the global
config file.
This adds an extra parameter to the tls credential object which
allows the mgmt app / user to explicitly provide a priority
string to QEMU when configuring TLS.
For example, to use the "NORMAL" priority, but disable SSL 3.0
one can now configure QEMU thus:
If creating tls-creds-anon, whatever priority the user specifies
will always have "+ANON-DH" appended to it, since that's mandatory
to make the anonymous credentials work.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Peter Maydell [Mon, 4 Jul 2016 13:33:05 +0000 (14:33 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160704' into staging
target-arm queue:
* fix semihosting SYS_HEAPINFO call for A64 guests
* fix crash if guest tries to write to ROM on imx boards
* armv7m_nvic: fix crash for debugger reads from some registers
* virt: mark PCIe host controller as dma-coherent in the DT
* add data-driven register API
* Xilinx Zynq: add devcfg device model
* m25p80: fix various bugs
* ast2400: add SMC controllers and SPI flash slaves
* remotes/pmaydell/tags/pull-target-arm-20160704: (23 commits)
ast2400: create SPI flash slaves
ast2400: add SPI flash slaves
ast2400: add SMC controllers (FMC and SPI)
m25p80: qdev-ify drive property
m25p80: change cur_addr to 32 bit integer
m25p80: avoid out of bounds accesses
m25p80: do not put iovec on the stack
ssi: change ssi_slave_init to be a realize ops
xilinx_zynq: Connect devcfg to the Zynq machine model
dma: Add Xilinx Zynq devcfg device model
register: Add block initialise helper
register: QOMify
register: Define REG and FIELD macros
register: Add Memory API glue
register: Add Register API
bitops: Add MAKE_64BIT_MASK macro
hw/arm/virt: mark the PCIe host controller as DMA coherent in the DT
armv7m_nvic: Use qemu_get_cpu(0) instead of current_cpu
memory: Assert that memory_region_init_rom_device() ops aren't NULL
imx: Use memory_region_init_rom() for ROMs
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/kraxel/tags/pull-seabios-20160704-1:
seabios: update binaries from 1.9.1 to 1.9.3
seabios: update 128k config
bios: Add fast variant of SeaBIOS for use with -kernel on x86.
seabios: update submodule from 1.9.1 to 1.9.3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
A set of SPI flash slaves is attached under the flash controllers of
the palmetto platform. "n25q256a" flash modules are used for the BMC
and "mx25l25635e" for the host. These types are common in the
OpenPower ecosystem.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-9-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Each controller on the ast2400 has a memory range on which it maps its
flash module slaves. Each slave is assigned a memory segment for its
mapping that can be changed at bootime with the Segment Address
Register. This is not supported in the current implementation so we
are using the defaults provided by the specs.
Each SPI flash slave can then be accessed in two modes: Command and
User. When in User mode, accesses to the memory segment of the slaves
are translated in SPI transfers. When in Command mode, the HW
generates the SPI commands automatically and the memory segment is
accessed as if doing a MMIO. Other SPI controllers call that mode
linear addressing mode.
For this purpose, we are adding below each crontoller an array of
structs gathering for each SPI flash module, a segment rank, a
MemoryRegion to handle the memory accesses and the associated SPI
slave device, which should be a m25p80.
Only the User mode is supported for now but we are preparing ground
for the Command mode. The framework is sufficient to support Linux.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-8-git-send-email-clg@kaod.org
[PMM: Use g_new0() rather than g_malloc0()] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The Aspeed AST2400 soc includes a static memory controller for the BMC
which supports NOR, NAND and SPI flash memory modules. This controller
has two modes : the SMC for the legacy interface which supports only
one module and the FMC for the new interface which supports up to five
modules. The AST2400 also includes a SPI only controller used for the
host firmware, commonly called BIOS on Intel. It can be used in three
mode : a SPI master, SPI slave and SPI pass-through
Below is the initial framework for the SMC controller (FMC mode only)
and the SPI controller: the sysbus object, MMIO for registers
configuration and controls. Each controller has a SPI bus and a
configurable number of CS lines for SPI flash slaves.
The differences between the controllers are small, so they are
abstracted using indirections on the register numbers.
Only SPI flash modules are supported.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-7-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added one missing error_propagate] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Mon, 4 Jul 2016 12:06:37 +0000 (13:06 +0100)]
m25p80: qdev-ify drive property
This allows specifying the property via -drive if=none and creating
the flash device with -device.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-6-git-send-email-clg@kaod.org
[clg: added an extra fix for sabrelite_init()
keeping the test on flash_dev did not seem necessary. ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Mon, 4 Jul 2016 12:06:37 +0000 (13:06 +0100)]
m25p80: change cur_addr to 32 bit integer
The maximum amount of storage that can be addressed by the m25p80 command
set is 4 GiB. However, cur_addr is currently a 64-bit integer. To avoid
further problems related to sign extension of signed 32-bit integer
expressions, change cur_addr to a 32 bit integer. Preserve migration
format by adding a dummy 4-byte field in place of the (big-endian)
high four bytes in the formerly 64-bit cur_addr field.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-5-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Mon, 4 Jul 2016 12:06:37 +0000 (13:06 +0100)]
m25p80: avoid out of bounds accesses
s->cur_addr can be made to point outside s->storage, either by
writing a value >= 128 to s->ear (because s->ear * MAX_3BYTES_SIZE
is a signed integer and sign-extends into the 64-bit cur_addr),
or just by writing an address beyond the size of the flash being
emulated. Avoid the sign extension to make the code cleaner, and
on top of that mask s->cur_addr to s->size.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-4-git-send-email-clg@kaod.org
Reviewed by: Marcin Krzeminski <marcin.krzeminski@nokia.com> Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Mon, 4 Jul 2016 12:06:37 +0000 (13:06 +0100)]
m25p80: do not put iovec on the stack
When doing a read-modify-write cycle, QEMU uses the iovec after returning
from blk_aio_pwritev. m25p80 puts the iovec on the stack of blk_aio_pwritev's
caller, which causes trouble in this case. This has been a problem
since commit 243e6f6 ("m25p80: Switch to byte-based block access",
2016-05-12) started doing writes at a smaller granularity than 512 bytes.
In principle however it could have broken before when using -drive
if=mtd,cache=none on a disk with 4K native sectors.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-3-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This enables qemu to handle late inits and report errors. All the SSI
slave routine names were changed accordingly. Code was modified to
handle errors when possible (m25p80 and ssi-sd)
Tested with the m25p80 slave object.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-2-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Crosthwaite [Mon, 4 Jul 2016 12:06:37 +0000 (13:06 +0100)]
xilinx_zynq: Connect devcfg to the Zynq machine model
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 85f39c9a13569b1113dacac3b952b0af54fc1260.1467053537.git.alistair.francis@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alistair Francis [Mon, 4 Jul 2016 12:06:37 +0000 (13:06 +0100)]
dma: Add Xilinx Zynq devcfg device model
Add a minimal model for the devcfg device which is part of Zynq.
This model supports DMA capabilities and interrupt generation.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 83df49d8fa2d203a421ca71620809e4b04754e65.1467053537.git.alistair.francis@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Crosthwaite [Mon, 4 Jul 2016 12:06:36 +0000 (13:06 +0100)]
register: Add block initialise helper
Add a helper that will scan a static RegisterAccessInfo Array
and populate a container MemoryRegion with registers as defined.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 347b810b2799e413c98d5bbeca97bcb1557946c3.1467053537.git.alistair.francis@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Crosthwaite [Mon, 4 Jul 2016 12:06:36 +0000 (13:06 +0100)]
register: QOMify
QOMify registers as a child of TYPE_DEVICE. This allows registers to
define GPIOs.
Define an init helper that will do QOM initialisation.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: KONRAD Frederic <fred.konrad@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 2545f71db26bf5586ca0c08a3e3cf1b217450552.1467053537.git.alistair.francis@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Crosthwaite [Mon, 4 Jul 2016 12:06:36 +0000 (13:06 +0100)]
register: Define REG and FIELD macros
Define some macros that can be used for defining registers and fields.
The REG32 macro will define A_FOO, for the byte address of a register
as well as R_FOO for the uint32_t[] register number (A_FOO / 4).
The FIELD macro will define FOO_BAR_MASK, FOO_BAR_SHIFT and
FOO_BAR_LENGTH constants for field BAR in register FOO.
Finally, there are some shorthand helpers for extracting/depositing
fields from registers based on these naming schemes.
Usage can greatly reduce the verbosity of device code.
The deposit and extract macros (eg FIELD_EX32, FIELD_DP32 etc.) can be
used to generate extract and deposits without any repetition of the name
stems.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: bbd87a3c03b1f173b1ed73a6d502c0196c18a72f.1467053537.git.alistair.francis@xilinx.com
[ EI Changes:
* Add Deposit macros
] Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alistair Francis [Mon, 4 Jul 2016 12:06:36 +0000 (13:06 +0100)]
register: Add Memory API glue
Add memory io handlers that glue the register API to the memory API.
Just translation functions at this stage. Although it does allow for
devices to be created without all-in-one mmio r/w handlers.
This patch also adds the RegisterInfoArray struct, which allows all of
the individual RegisterInfo structs to be grouped into a single memory
region.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: f7704d8ac6ac0f469ed35401f8151a38bd01468b.1467053537.git.alistair.francis@xilinx.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alistair Francis [Mon, 4 Jul 2016 12:06:36 +0000 (13:06 +0100)]
register: Add Register API
This API provides some encapsulation of registers and factors out some
common functionality to common code. Bits of device state (usually MMIO
registers) often have all sorts of access restrictions and semantics
associated with them. This API allows you to define what those
restrictions are on a bit-by-bit basis.
Helper functions are then used to access the register which observe the
semantics defined by the RegisterAccessInfo struct.
Some features:
Bits can be marked as read_only (ro field)
Bits can be marked as write-1-clear (w1c field)
Bits can be marked as reserved (rsvd field)
Reset values can be defined (reset)
Bits can be marked clear on read (cor)
Pre and post action callbacks can be added to read and write ops
Verbose debugging info can be enabled/disabled
Useful for defining device register spaces in a data driven way. Cuts
down on a lot of the verbosity and repetition in the switch-case blocks
in the standard foo_mmio_read/write functions.
Also useful for automated generation of device models from hardware
design sources.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 40d62c7e1bf6e63bb4193ec46b15092a7d981e59.1467053537.git.alistair.francis@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alistair Francis [Mon, 4 Jul 2016 12:06:36 +0000 (13:06 +0100)]
bitops: Add MAKE_64BIT_MASK macro
Add a macro that creates a 64bit value which has length number of ones
shifted across by the value of shift.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 9773244aa1c8c26b8b82cb261d8f5dd4b7b9fcf9.1467053537.git.alistair.francis@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/virt: mark the PCIe host controller as DMA coherent in the DT
Since QEMU performs cacheable accesses to guest memory when doing DMA
as part of the implementation of emulated PCI devices, guest drivers
should use cacheable accesses as well when running under KVM. Since this
essentially means that emulated PCI devices are DMA coherent, set the
'dma-coherent' DT property on the PCIe host controller DT node.
This brings the DT description into line with the ACPI description,
which already marks the PCI bridge as cache coherent (see commit bc64b96c984abf).
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-id: 1467134090-5099-1-git-send-email-ard.biesheuvel@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
armv7m_nvic: Use qemu_get_cpu(0) instead of current_cpu
Starting QEMU with -S results in current_cpu containing its initial
value of NULL. It is however possible to connect to such QEMU instance
and query various CPU registers, one example being CPUID, and doing that
results in QEMU segfaulting.
Using qemu_get_cpu(0) seem reasonable enough given that ARMv7M
architecture is a single core architecture.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 4 Jul 2016 12:06:35 +0000 (13:06 +0100)]
memory: Assert that memory_region_init_rom_device() ops aren't NULL
It doesn't make sense to pass a NULL ops argument to
memory_region_init_rom_device(), because the effect will
be that if the guest tries to write to the memory region
then QEMU will segfault. Catch the bug earlier by sanity
checking the arguments to this function, and remove the
misleading documentation that suggests that passing NULL
might be sensible.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1467122287-24974-4-git-send-email-peter.maydell@linaro.org
Peter Maydell [Mon, 4 Jul 2016 12:06:35 +0000 (13:06 +0100)]
imx: Use memory_region_init_rom() for ROMs
The imx boards were all incorrectly creating ROMs using
memory_region_init_rom_device() with a NULL ops pointer. This
will cause QEMU to abort if the guest tries to write to the
ROM. Switch to the new memory_region_init_rom() instead.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1467122287-24974-3-git-send-email-peter.maydell@linaro.org
Peter Maydell [Mon, 4 Jul 2016 12:06:35 +0000 (13:06 +0100)]
memory: Provide memory_region_init_rom()
Provide a new helper function memory_region_init_rom() for memory
regions which are read-only (and unlike those created by
memory_region_init_rom_device() don't have special behaviour
for writes). This has the same behaviour as calling
memory_region_init_ram() and then memory_region_set_readonly()
(which is what we do today in boards with pure ROMs) but is a
more easily discoverable API for the purpose.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1467122287-24974-2-git-send-email-peter.maydell@linaro.org
Peter Maydell [Mon, 4 Jul 2016 12:06:35 +0000 (13:06 +0100)]
target-arm/arm-semi.c: Fix SYS_HEAPINFO for 64-bit guests
SYS_HEAPINFO is one of the few semihosting calls which has to write
values back into a parameter block in memory. When we added
support for 64-bit semihosting we updated the code which reads from
the parameter block to read 64-bit words but forgot to change the
code that writes back into the block. Update it to treat the
block as a set of words of the appropriate width for the guest.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1466783381-29506-3-git-send-email-peter.maydell@linaro.org
Peter Maydell [Mon, 4 Jul 2016 12:06:35 +0000 (13:06 +0100)]
linux-user: Make semihosting heap/stack fields abi_ulongs
The fields in the TaskState heap_base, heap_limit and stack_base
are all guest addresses (representing the locations of the heap
and stack for the guest binary), so they should be abi_ulong
rather than uint32_t. (This only in practice affects ARM AArch64
since all the other semihosting implementations are 32-bit.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 1466783381-29506-2-git-send-email-peter.maydell@linaro.org
Daniel P. Berrange [Fri, 11 Mar 2016 18:09:22 +0000 (18:09 +0000)]
crypto: switch hash code to use nettle/gcrypt directly
Currently the internal hash code is using the gnutls hash APIs.
GNUTLS in turn is wrapping either nettle or gcrypt. Not only
were the GNUTLS hash APIs not added until GNUTLS 2.9.10, but
they don't expose support for all the algorithms QEMU needs
to use with LUKS.
Address this by directly wrapping nettle/gcrypt in QEMU and
avoiding GNUTLS's extra layer of indirection. This gives us
support for hash functions on a much wider range of platforms
and opens up ability to support more hash functions. It also
avoids a GNUTLS bug which would not correctly handle hashing
of large data blocks if int != size_t.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Daniel P. Berrange [Tue, 14 Jun 2016 15:40:18 +0000 (16:40 +0100)]
crypto: rename OUT to out in xts test to avoid clash on MinGW
On MinGW one of the system headers already has "OUT" defined
which causes a compile failure of the test suite. Rename the
test suite var to 'out' to avoid this clash
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Daniel P. Berrange [Fri, 20 May 2016 16:43:44 +0000 (17:43 +0100)]
crypto: fix handling of iv generator hash defaults
When opening an existing LUKS volume, if the iv generator is
essiv, then the iv hash algorithm is mandatory to provide. We
must report an error if it is omitted in the cipher mode spec,
not silently default to hash 0 (md5). If the iv generator is
not essiv, then we explicitly ignore any iv hash algorithm,
rather than report an error, for compatibility with dm-crypt.
When creating a new LUKS volume, if the iv generator is essiv
and no iv hsah algorithm is provided, we should default to
using the sha256 hash.
Reported-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Richard W.M. Jones [Sat, 14 May 2016 18:50:51 +0000 (19:50 +0100)]
bios: Add fast variant of SeaBIOS for use with -kernel on x86.
This commit adds a fast variant of SeaBIOS called 'bios-fast.bin'.
It's designed to be the fastest (also the smallest, but that's not the
main aim) SeaBIOS that is just enough to boot a Linux kernel using the
-kernel option on i686 and x86_64.
This commit does not modify the -kernel option to use this. You have
to specify it by doing something like this:
-kernel vmlinuz -bios bios-fast.bin
Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Thomas Huth [Tue, 28 Jun 2016 10:48:31 +0000 (12:48 +0200)]
slirp: Add support for stateless DHCPv6
Provide basic support for stateless DHCPv6 (see RFC 3736) so
that guests can also automatically boot via IPv6 with SLIRP
(for IPv6 network booting, see RFC 5970 for details).
Tested with:
qemu-system-ppc64 -nographic -vga none -boot n -net nic \
-net user,ipv6=yes,ipv4=no,tftp=/path/to/tftp,bootfile=ppc64.img
Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Thomas Huth [Mon, 27 Jun 2016 10:41:36 +0000 (12:41 +0200)]
slirp: Remove superfluous memset() calls from the TFTP code
Commit fad7fb9ccd8013ea03 ("Add IPv6 support to the TFTP code")
refactored some common code for preparing the mbuf into a new
function called tftp_prep_mbuf_data(). One part of this common
code is to do a "memset(m->m_data, 0, m->m_size);" for the related
buffer first. However, at two spots, the memset() was not removed
from the calling function, so it currently done twice in these code
paths. Thus let's delete these superfluous memsets in the calling
functions now.
Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Samuel Thibault [Sun, 20 Mar 2016 15:02:52 +0000 (16:02 +0100)]
slirp: Add RDNSS advertisement
This adds the RDNSS option to IPv6 router advertisements, so that the guest
can autoconfigure the DNS server address.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
---
Changes since last submission:
- Disable on windows, until we have support for it
Samuel Thibault [Sun, 20 Mar 2016 14:16:21 +0000 (15:16 +0100)]
slirp: Support link-local DNS addresses
They look like fe80::%eth0
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
---
Changes since last submission:
- fix windows build
Peter Maydell [Fri, 1 Jul 2016 18:29:27 +0000 (19:29 +0100)]
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging
Only trivial fixes.
# gpg: Signature made Fri 01 Jul 2016 13:39:06 BST
# gpg: using DSA key 0x02FC3AEB0101DBC2
# gpg: Good signature from "Greg Kurz <gkurz@fr.ibm.com>"
# gpg: aka "Greg Kurz <groug@free.fr>"
# gpg: aka "Greg Kurz <gkurz@linux.vnet.ibm.com>"
# gpg: aka "Gregory Kurz (Groug) <groug@free.fr>"
# gpg: aka "Gregory Kurz (Cimai Technology) <gkurz@cimai.com>"
# gpg: aka "Gregory Kurz (Meiosys Technology) <gkurz@meiosys.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2BD4 3B44 535E C0A7 9894 DBA2 02FC 3AEB 0101 DBC2
* remotes/gkurz/tags/for-upstream:
9p: synth: drop v9fs_ prefix
9p: don't include <sys/uio.h>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alexander Shopov [Sun, 26 Jun 2016 10:59:22 +0000 (13:59 +0300)]
Added Bulgarian translation
Signed-off-by: Alexander Shopov <ash@kambanaria.org>
Message-id: 20160626105922.40590-2-ash@kambanaria.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Greg Kurz [Fri, 1 Jul 2016 12:38:54 +0000 (14:38 +0200)]
9p: don't include <sys/uio.h>
The <sys/uio.h> system header doesn't exist on all host platforms. Code
should include "qemu/osdep.h" instead to avoid build breaks on plafforms
that don't define CONFIG_IOVEC (like win32, if it is to support 9p one day).
Acked-by: Cédric Le Goater <clg@kaod.org> Acked-by: Michael Fritscher <michael@fritscher.net> Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Peter Maydell [Fri, 1 Jul 2016 12:31:48 +0000 (13:31 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160701' into staging
ppc patch queue 2016-07-01
Here's the current ppc patch queue. This is a fairly large batch,
containing:
* A number of further preliminary patches towards full hypervisor
mode emulation
* Some further fixes / cleanups for the recently merged device_add
based CPU hotplug
* Preliminary patches towards supporting a native (rather than
paravirtualized) XICS device. This will be needed to emulate a
physical Power machine, including hypervisor capabilities
* Assorted bug fixes
# gpg: Signature made Fri 01 Jul 2016 06:56:35 BST
# gpg: using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392
* remotes/dgibson/tags/ppc-for-2.7-20160701: (23 commits)
qmp: fix spapr example of query-hotpluggable-cpus
spapr: drop duplicate variable in spapr_core_release()
spapr: do proper error propagation in spapr_cpu_core_realize_child()
spapr: drop reference on child object during core realization
spapr: Restore support for 970MP and POWER8NVL CPU cores
target-ppc: gen_pause for instructions: yield, mdoio, mdoom, miso
ppc/xics: Replace "icp" with "xics" in most places
ppc/xics: Implement H_IPOLL using an accessor
ppc/xics: Move SPAPR specific code to a separate file
ppc/xics: Rename existing xics to xics_spapr
ppc: Fix 64K pages support in full emulation
target-ppc: Eliminate redundant and incorrect function booke206_page_size_to_tlb
spapr: Restore support for older PowerPC CPU cores
spapr: fix write-past-end-of-array error in cpu core device init code
hw/ppc/spapr: Add some missing hcall function set strings
ppc: Print HSRR0/HSRR1 in "info registers"
ppc: LPCR is a HV resource
ppc: Initial HDEC support
ppc: Enforce setting MSR:EE,IR and DR when MSR:PR is set
ppc: Fix conditions for delivering external interrupts to a guest
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 1 Jul 2016 10:18:00 +0000 (11:18 +0100)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-06-30' into staging
QAPI patches 2016-06-30
# gpg: Signature made Thu 30 Jun 2016 14:29:43 BST
# gpg: using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-qapi-2016-06-30:
qapi: Fix memleak in string visitors on int lists
qapi: Simplify use of range.h
range: Create range.c for code that should not be inline
qapi: Fix crash on missing alternate member of QAPI struct
checkpatch: There is no qemu_strtod()
qobject: Correct JSON lexer grammar comments
json-streamer: Don't leak tokens on incomplete parse
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Igor Mammedov [Thu, 30 Jun 2016 08:17:54 +0000 (10:17 +0200)]
qmp: fix spapr example of query-hotpluggable-cpus
27393c33 qapi: keep names in 'CpuInstanceProperties' in sync with struct CPUCore
added -id suffix to property names but forgot to fix example in qmp-commands.hx
Fix example to have 'core-id' instead of 'core' to match current code
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Greg Kurz [Wed, 29 Jun 2016 20:50:45 +0000 (22:50 +0200)]
spapr: drop duplicate variable in spapr_core_release()
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Greg Kurz [Wed, 29 Jun 2016 20:50:32 +0000 (22:50 +0200)]
spapr: do proper error propagation in spapr_cpu_core_realize_child()
This patch changes spapr_cpu_core_realize_child() to have a local error
pointer and use error_propagate() as it is supposed to be done.
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Greg Kurz [Wed, 29 Jun 2016 20:50:20 +0000 (22:50 +0200)]
spapr: drop reference on child object during core realization
When a core is being realized, we create a child object for each thread
of the core.
The child is first initialized with object_initialize() which sets its ref
count to 1, and then added to the core with object_property_add_child()
which bumps the ref count to 2.
When the core gets released, object_unparent() decreases the ref count to 1,
and we g_free() the object: we hence loose the reference on an unfinalized
object. This is likely to cause random crashes.
Let's drop the extra reference as soon as we don't need it, after the
thread is added to the core.
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Aaron Larson [Fri, 24 Jun 2016 20:18:28 +0000 (13:18 -0700)]
target-ppc: gen_pause for instructions: yield, mdoio, mdoom, miso
Call gen_pause for all "or rx,rx,rx" encodings other nop. This
provides a reasonable implementation for yield, and a better
approximation for mdoio, mdoom, and miso. The choice to pause for all
encodings !=0 leverages the PowerISA admonition that the reserved
encodings might change program priority, providing a slight "future
proofing".
Signed-off-by: Aaron Larson <alarson@ddci.com> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Benjamin Herrenschmidt [Tue, 28 Jun 2016 19:05:15 +0000 (00:35 +0530)]
ppc/xics: Replace "icp" with "xics" in most places
The "ICP" is a different object than the "XICS". For historical reasons,
we have a number of places where we name a variable "icp" while it contains
a XICSState pointer. There *is* an ICPState structure too so this makes
the code really confusing.
This is a mechanical replacement of all those instances to use the name
"xics" instead. There should be no functional change.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[spapr_cpu_init has been moved to spapr_cpu_core.c, change there] Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Benjamin Herrenschmidt [Tue, 28 Jun 2016 19:05:14 +0000 (00:35 +0530)]
ppc/xics: Implement H_IPOLL using an accessor
None of the other presenter functions directly mucks with the
internal state, so don't do it there either.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Benjamin Herrenschmidt [Tue, 28 Jun 2016 19:05:13 +0000 (00:35 +0530)]
ppc/xics: Move SPAPR specific code to a separate file
Leave the core ICP/ICS logic in xics.c and move the top level
class wrapper, hypercall and RTAS handlers to xics_spapr.c
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[add cpu.h in xics_spapr.c, move set_nr_irqs and set_nr_servers to
xics_spapr.c] Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Benjamin Herrenschmidt [Tue, 28 Jun 2016 19:05:12 +0000 (00:35 +0530)]
ppc/xics: Rename existing xics to xics_spapr
The common class doesn't change, the KVM one is sPAPR specific. Rename
variables and functions to xics_spapr.
Retain the type name as "xics" to preserve migration for existing sPAPR
guests.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Benjamin Herrenschmidt [Tue, 28 Jun 2016 06:48:34 +0000 (08:48 +0200)]
ppc: Fix 64K pages support in full emulation
We were always advertising only 4K & 16M. Additionally the code wasn't
properly matching the page size with the PTE content, which meant we
could potentially hit an incorrect PTE if the guest used multiple sizes.
Finally, honor the CPU capabilities when decoding the size from the SLB
so we don't try to use 64K pages on 970.
This still doesn't add support for MPSS (Multiple Page Sizes per Segment)
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[clg: fixed checkpatch.pl errors
commits 61a36c9b5a12 and 1114e712c998 reworked the hpte code
doing insertion/removal in hw/ppc/spapr_hcall.c. The hunks
modifying these areas were removed. ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Aaron Larson [Tue, 28 Jun 2016 13:50:05 +0000 (06:50 -0700)]
target-ppc: Eliminate redundant and incorrect function booke206_page_size_to_tlb
Eliminate redundant and incorrect booke206_page_size_to_tlb function
from ppce500_spin.c in preference to previously existing but newly
exported definition from e500.c
Defect analysis:
The booke206_page_size_to_tlb function in e500.c was updated in commit 2bd9543 "ppc: booke206: use MAV=2.0 TSIZE definition, fix 4G pages" to
reflect a change in the definition of MAS1_TSIZE_SHIFT from 8
(corresponding to a min TLB page size of 4kb) to a value of 7 (TLB
page size 2k). The booke206_page_size_to_tlb() function defined in
ppce500_spin.c was never updated to reflect the change in
MAS1_TSIZE_SHIFT.
In http://lists.nongnu.org/archive/html/qemu-ppc/2016-06/msg00533.html,
Scott Wood suggested this "root cause" explanation:
SW> The patch that changed MAS1_TSIZE_SHIFT from 8 to 7 was around the
SW> same time as the patch that added this code, which is probably why
SW> adjusting it got missed. Commit 2bd9543cd3 did update the
SW> equivalent code in ppce500_mpc8544ds.c, which now resides in
SW> hw/ppc/e500.c and has been changed to not assume a power-of-2
SW> size. The ppce500_spin version should be eliminated.
Signed-off-by: Aaron Larson <alarson@ddci.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Thomas Huth [Mon, 27 Jun 2016 11:25:03 +0000 (13:25 +0200)]
hw/ppc/spapr: Add some missing hcall function set strings
Add "hcall-sprg0" (for H_SET_SPRG0), "hcall-copy" (for H_PAGE_INIT)
and "hcall-debug" (for H_LOGICAL_CI_LOAD/STORE) to the property
"ibm,hypertas-functions" to indicate that we support these hypercalls.
Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Benjamin Herrenschmidt [Mon, 27 Jun 2016 06:55:20 +0000 (08:55 +0200)]
ppc: LPCR is a HV resource
Don't allow access in guest mode
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Benjamin Herrenschmidt [Mon, 27 Jun 2016 06:55:18 +0000 (08:55 +0200)]
ppc: Enforce setting MSR:EE,IR and DR when MSR:PR is set
The architecture specifies that any instruction that sets MSR:PR will also
set MSR:EE, IR and DR.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Benjamin Herrenschmidt [Mon, 27 Jun 2016 06:55:17 +0000 (08:55 +0200)]
ppc: Fix conditions for delivering external interrupts to a guest
External interrupts can bypass the MSR_EE test if they occur in guest
mode and LPES0 is clear. In that case they are directed to the hypervisor
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Benjamin Herrenschmidt [Mon, 27 Jun 2016 06:55:16 +0000 (08:55 +0200)]
ppc: Use a helper to filter writes to LPCR
This handles filtering bits based on what is implemented by a
given architecture version. We also use it to copy to LPCR
some of the relevant 970 HID4 bits.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[clg: fixed checkpatch.pl errors ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Benjamin Herrenschmidt [Mon, 27 Jun 2016 06:55:14 +0000 (08:55 +0200)]
ppc: Add a bunch of hypervisor SPRs to Book3s
We don't give them a KVM reg number yet as no current KVM version
supports HV mode.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[clg: SPRs AMOR,DAWR,DARWX were already included in commit f401dd32cb8e9] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Alex Williamson [Thu, 30 Jun 2016 19:00:24 +0000 (13:00 -0600)]
intel_iommu: Throw hw_error on notify_started
We don't currently support the MemoryRegionIOMMUOps notifier, so throw
an error should a device require it.
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Peter Xu <peterx@redhat.com> Tested-by: Peter Xu <peterx@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
The IOMMU driver may change behavior depending on whether a notifier
client is present. In the case of POWER, this represents a change in
the visibility of the IOTLB, for other drivers such as intel-iommu and
future AMD-Vi emulation, notifier support is not yet enabled and this
provides the opportunity to flag that incompatibility.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Peter Xu <peterx@redhat.com> Tested-by: Peter Xu <peterx@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
[new log & extracted from [PATCH qemu v17 12/12] spapr_iommu, vfio, memory: Notify IOMMU about starting/stopping listening] Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Alex Williamson [Thu, 30 Jun 2016 19:00:23 +0000 (13:00 -0600)]
vfio/pci: Hide SR-IOV capability
The kernel currently exposes the SR-IOV capability as read-only
through vfio-pci. This is sufficient to protect the host kernel, but
has the potential to confuse guests without further virtualization.
In particular, OVMF tries to size the VF BARs and comes up with absurd
results, ending with an assert. There's not much point in adding
virtualization to a read-only capability, so we simply hide it for
now. If the kernel ever enables SR-IOV virtualization, we should
easily be able to test it through VF BAR sizing or explicit flags.
Testing whether we should parse extended capabilities is also pulled
into the function to keep these assumptions in one place.
Tested-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Chen Fan [Thu, 30 Jun 2016 19:00:23 +0000 (13:00 -0600)]
vfio: add pcie extended capability support
For vfio pcie device, we could expose the extended capability on
PCIE bus. due to add a new pcie capability at the tail of the chain,
in order to avoid config space overwritten, we introduce a copy config
for parsing extended caps. and rebuild the pcie extended config space.
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Alex Williamson [Thu, 30 Jun 2016 19:00:22 +0000 (13:00 -0600)]
vfio/pci: Fix VGA quirks
Commit 2d82f8a3cdb2 ("vfio/pci: Convert all MemoryRegion to dynamic
alloc and consistent functions") converted VFIOPCIDevice.vga to be
dynamically allocted, negating the need for VFIOPCIDevice.has_vga.
Unfortunately not all of the has_vga users were converted, nor was
the field removed from the structure. Correct these oversights.
Reported-by: Peter Maloney <peter.maloney@brockmann-consult.de> Tested-by: Peter Maloney <peter.maloney@brockmann-consult.de> Fixes: 2d82f8a3cdb2 ("vfio/pci: Convert all MemoryRegion to dynamic alloc and consistent functions") Fixes: https://bugs.launchpad.net/qemu/+bug/1591628 Cc: qemu-stable@nongnu.org Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Peter Maydell [Thu, 30 Jun 2016 16:33:49 +0000 (17:33 +0100)]
linux-user: Fix compilation when F_SETPIPE_SZ isn't defined
Older kernels don't have F_SETPIPE_SZ and F_GETPIPE_SZ (in
particular RHEL6's system headers don't define these). Add
ifdefs so that we can gracefully fall back to not supporting
those guest ioctls rather than failing to build.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-id: 1467304429-21470-1-git-send-email-peter.maydell@linaro.org
Paolo Bonzini [Thu, 30 Jun 2016 14:57:37 +0000 (16:57 +0200)]
pcspk: fix KVM
The link property that was added to the pcspk device has the wrong type:
it is only correct for TCG and for KVM's userspace or split irqchip
options. The default KVM option (fully in-kernel irqchip) breaks
because it uses a PIT whose type is a sibling of TYPE_I8254.
Fixes: 873b4d3f0571a1e415cf089a67a230ea8a12d059 Tested-by: Peter Lieven <pl@kamp.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1467298657-6588-1-git-send-email-pbonzini@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Blake [Tue, 31 May 2016 16:41:30 +0000 (10:41 -0600)]
qapi: Fix memleak in string visitors on int lists
Commit 7f8f9ef1 introduced the ability to store a list of
integers as a sorted list of ranges, but when merging ranges,
it leaks one or more ranges. It was also using range_get_last()
incorrectly within range_compare() (a range is a start/end pair,
but range_get_last() is for start/len pairs), and will also
mishandle a range ending in UINT64_MAX (remember, we document
that no range covers 2**64 bytes, but that ranges that end on
UINT64_MAX have end < begin).
The whole merge algorithm was rather complex, and included
unnecessary passes over data within glib functions, and enough
indirection to make it hard to easily plug the data leaks.
Since we are already hard-coding things to a list of ranges,
just rewrite the thing to open-code the traversal and
comparisons, by making the range_compare() helper function give
us an answer that is easier to use, at which point we avoid the
need to pass any callbacks to g_list_*(). Then by reusing
range_extend() instead of duplicating effort with range_merge(),
we cover the corner cases correctly.
Drop the now-unused range_merge() and ranges_can_merge().
Doing this lets test-string-{input,output}-visitor pass under
valgrind without leaks.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1464712890-14262-4-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Comment hoisted out of loop] Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Tue, 31 May 2016 16:41:29 +0000 (10:41 -0600)]
qapi: Simplify use of range.h
Calling our function g_list_insert_sorted_merged is a misnomer,
since we are NOT writing a glib function. Furthermore, we are
making every caller pass the same comparator function of
range_merge(): any caller that would try otherwise would break
in weird ways since our internal call to ranges_can_merge() is
hard-coded to operate only on ranges, rather than paying
attention to the caller's comparator.
Better is to fix things so that callers don't have to care about
our internal comparator, by picking a function name and updating
the parameter type away from a gratuitous use of void*, to make
it obvious that we are operating specifically on a list of ranges
and not a generic list. Plus, refactoring the code here will
make it easier to plug a memory leak in the next patch.
range_compare() is now internal only, and moves to the .c file.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1464712890-14262-3-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Tue, 31 May 2016 16:41:28 +0000 (10:41 -0600)]
range: Create range.c for code that should not be inline
g_list_insert_sorted_merged() is rather large to be an inline
function; move it to its own file. range_merge() and
ranges_can_merge() can likewise move, as they are only used
internally. Also, it becomes obvious that the condition within
range_merge() is already satisfied by its caller, and that the
return value is not used.
The diffstat is misleading, because of the copyright boilerplate.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1464712890-14262-2-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Wed, 15 Jun 2016 17:37:51 +0000 (11:37 -0600)]
qapi: Fix crash on missing alternate member of QAPI struct
If a QAPI struct has a mandatory alternate member which is not
present on input, the input visitor reports an error for the
missing alternate without setting the discriminator, but the
cleanup code for the struct still tries to use the dealloc
visitor to clean up the alternate.
Commit dbf11922 changed visit_start_alternate to set *obj to NULL
when an error occurs, where it was previously left untouched.
Thus, before the patch, the dealloc visitor is blindly trying to
cleanup whatever branch corresponds to (*obj)->type == 0 (that is,
QTYPE_NONE, because *obj still pointed to zeroed memory), which
selects the default branch of the switch and sets an error, but
this second error is ignored by the way the dealloc visitor is
used; but after the patch, the attempt to switch dereferences NULL.
When cleaning up after a partial object parse, we specifically
check for !*obj after visit_start_struct() (see gen_visit_object());
doing the same for alternates fixes the crash. Enhance the testsuite
to give coverage for both missing struct and missing alternate
members.
Also add an abort - we expect visit_start_alternate() to either set an
error or to set (*obj)->type to a valid QType that corresponds to
actual user input, and QTYPE_NONE should never be reachable from valid
input. Had the abort() been in place earlier, we might have noticed
the dealloc visitor dereferencing bogus zeroed memory prior to when
commit dbf11922 forced our hand by setting *obj to NULL and causing a
fault.
The choice of 'driver':'raw' selects a BlockdevOptionsGenericFormat
struct, which has a mandatory 'file':'BlockdevRef' in QAPI. Since
'file' is missing as a sibling of 'driver', this should report a
graceful error rather than fault. After this patch, we are back to:
{"error": {"class": "GenericError", "desc": "Parameter 'file' is missing"}}
Eric Blake [Fri, 10 Jun 2016 02:48:07 +0000 (20:48 -0600)]
checkpatch: There is no qemu_strtod()
Maybe there should be; but until there is, we should not flag
strtod() calls as something to replaced with qemu_strtod().
We also lack qemu_strtof() and qemu_strtold(), but as no one
has been using strtof() or strtold(), it's not worth complicating
the regex for them.
(Ironically, I had to use 'git commit -n' since checkpatch uses
TAB indents, in violation of its own recommendations.)
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465526889-8339-3-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Fri, 10 Jun 2016 02:48:06 +0000 (20:48 -0600)]
qobject: Correct JSON lexer grammar comments
Fix the regex comments describing what we parse as JSON. No change
to the lexer itself, just to the comments:
- The "" and '' string construction was missing alternation between
different escape sequences
- The construction for numbers forgot to handle optional leading '-'
- The construction for numbers was grouped incorrectly so that it
didn't permit '0.1'
- The construction for numbers forgot to mark the exponent as optional
- No mention that our '' string and "\'" are JSON extensions
- No mention of our %d and related extensions when constructing JSON
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465526889-8339-2-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Eric's regexp simplification squashed in] Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Wed, 18 May 2016 21:46:52 +0000 (15:46 -0600)]
json-streamer: Don't leak tokens on incomplete parse
Valgrind complained about a number of leaks in
tests/check-qobject-json:
==12657== definitely lost: 17,247 bytes in 1,234 blocks
All of which had the same root cause: on an incomplete parse,
we were abandoning the token queue without cleaning up the
allocated data within each queue element. Introduced in
commit 95385fe, when we switched from QList (which recursively
frees contents) to g_queue (which does not).
We don't yet require glib 2.32 with its g_queue_free_full(),
so open-code it instead.
CC: qemu-stable@nongnu.org Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1463608012-12760-1-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Markus Armbruster [Mon, 20 Jun 2016 14:19:25 +0000 (16:19 +0200)]
MAINTAINERS: Remove Blue Swirl leftovers
Blue hasn't been active in the QEMU project for a long time. Drop his
last MAINTAINERS entries.
As per Paolo's recommendation, downgrade status of "BSD user" from
Maintained to Orphan since the FreeBSD guys effectively forked it, and
"SPARC target" from Maintained to Odd Fixes, since we still have the
overall TCG maintainer looking after it.
I'm leaving Checkpatch's status at Odd Fixes. Calling it Maintained
wouldn't be wrong, but I'm not comfortable upgrading it while nobody
is willing to have his name nailed to the thing.
Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Greg Kurz [Fri, 17 Jun 2016 14:35:05 +0000 (16:35 +0200)]
MAINTAINERS: update email address for Greg Kurz
While here, also add a section for the tree I use for 9p.
Signed-off-by: Greg Kurz <groug@kaod.org> Acked-by: Cédric Le Goater <clg@kaod.org> Acked-by: Cédric Le Goater <clg@fr.ibm.com> Acked-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Message-id: 146617410554.7281.1733165006203821878.stgit@bahia.lan Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 29 Jun 2016 15:08:49 +0000 (16:08 +0100)]
Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging
# gpg: Signature made Wed 29 Jun 2016 04:09:26 BST
# gpg: using RSA key 0xBDBE7B27C0DE3057
# gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>"
# gpg: aka "Jeffrey Cody <jeff@codyprime.org>"
# gpg: aka "Jeffrey Cody <codyprime@gmail.com>"
# Primary key fingerprint: 9957 4B4D 3474 90E7 9D98 D624 BDBE 7B27 C0DE 3057
* remotes/cody/tags/block-pull-request:
mirror: fix misleading comments
blockjob: assert(cb) when create job
iotests: add small-granularity mirror test
mirror: limit niov to IOV_MAX elements, again
mirror: clarify mirror_do_read return code
block/gluster: add support for selecting debug logging level
mirror: fix trace_mirror_yield_in_flight usage in mirror_iteration()
block/nfs: add support for libnfs pagecache
block/nfs: refuse readahead if cache.direct is on
block/gluster: add support for SEEK_DATA/SEEK_HOLE
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / qemu-nvme.git / log