aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-05-17migration: Create migration/blocker.hJuan Quintela20-35/+53
This allows us to remove lots of includes of migration/migration.h Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-05-17ram: Rename RAM_SAVE_FLAG_COMPRESS to RAM_SAVE_FLAG_ZEROJuan Quintela1-6/+12
Reflects better what it does now, and avoid confussions with RAM_SAVE_FLAG_COMPRESS_PAGE. Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com>
2017-05-17migration: Pass Error ** argument to {save,load}_vmstateJuan Quintela5-33/+43
This way we use the "normal" way of printing errors for hmp commands. Signed-off-by: Juan Quintela <quintela@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com>
2017-05-17migration: Fix regression with compression threadsJuan Quintela1-9/+10
Compression threads got broken on commit commit 247956946651ae0280f7b1ea88bb6237dd01c231 Author: Juan Quintela <quintela@redhat.com> Date: Tue Mar 21 11:45:01 2017 +0100 ram: reorganize last_sent_block On do_compress_ram_page() we use a different QEMUFile than the migration one. We need to pass it there. The failure can be seen as: (qemu) qemu-system-x86_64: Unknown combination of migration flags: 0 qemu-system-x86_64: error while loading state section id 3(ram) qemu-system-x86_64: load of migration failed: Invalid argument Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Tested-by: Peter Xu <peterx@redhat.com>
2017-05-16block/win32: fix 'ret not initialized' warningGerd Hoffmann1-0/+1
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Fam Zheng <famz@redhat.com> Message-id: 20170516074256.24731-1-kraxel@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-16fix mingw build failureGerd Hoffmann1-1/+1
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170516052439.16214-1-kraxel@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-16maintainers: Add myself as a NetBSD reviewerKamil Rytarowski2-0/+7
I volunteer to review NetBSD patches. Adding myself will help to not miss some of them. Restore NetBSD as a maintained host. All patches to make qemu/pkgsrc building have been emitted to review. Signed-off-by: Kamil Rytarowski <n54@gmx.com> Message-id: 20170513022143.2838-1-n54@gmx.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-16Merge remote-tracking branch 'gkurz/tags/security-fix-for-2.10' into stagingStefan Hajnoczi1-2/+56
Fix for CVE-2017-7493. # gpg: Signature made Mon 15 May 2017 07:48:20 PM BST # gpg: using DSA key 0x02FC3AEB0101DBC2 # gpg: Good signature from "Greg Kurz <groug@kaod.org>" # gpg: aka "Greg Kurz <groug@free.fr>" # gpg: aka "Greg Kurz <gkurz@fr.ibm.com>" # gpg: aka "Greg Kurz <gkurz@linux.vnet.ibm.com>" # gpg: aka "Gregory Kurz (Groug) <groug@free.fr>" # gpg: aka "Gregory Kurz (Cimai Technology) <gkurz@cimai.com>" # gpg: aka "Gregory Kurz (Meiosys Technology) <gkurz@meiosys.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 2BD4 3B44 535E C0A7 9894 DBA2 02FC 3AEB 0101 DBC2 * gkurz/tags/security-fix-for-2.10: 9pfs: local: forbid client access to metadata (CVE-2017-7493) Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-16Merge remote-tracking branch 'aurel32/tags/pull-target-sh4-20170513' into ↵Stefan Hajnoczi5-190/+181
staging Queued target/sh4 patches # gpg: Signature made Sat 13 May 2017 10:25:41 AM BST # gpg: using RSA key 0xBA9C78061DDD8C9B # gpg: Good signature from "Aurelien Jarno <aurelien@aurel32.net>" # gpg: aka "Aurelien Jarno <aurelien@jarno.fr>" # gpg: aka "Aurelien Jarno <aurel32@debian.org>" # Primary key fingerprint: 7746 2642 A9EF 94FD 0F77 196D BA9C 7806 1DDD 8C9B * aurel32/tags/pull-target-sh4-20170513: target/sh4: use cpu_loop_exit_restore target/sh4: trap unaligned accesses target/sh4: movua.l is an SH4-A only instruction target/sh4: implement tas.b using atomic helper target/sh4: generate fences for SH4 target/sh4: optimize gen_write_sr using extract op target/sh4: optimize gen_store_fpr64 target/sh4: fold ctx->bstate = BS_BRANCH into gen_conditional_jump target/sh4: only save flags state at the end of the TB target/sh4: fix BS_EXCP exit target/sh4: fix BS_STOP exit target/sh4: move DELAY_SLOT_TRUE flag into a separate global target/sh4: do not include DELAY_SLOT_TRUE in the TB state target/sh4: get rid of DELAY_SLOT_CLEARME target/sh4: split ctx->flags into ctx->tbflags and ctx->envflags Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-16Merge remote-tracking branch 'rth/tags/pull-s390-20170512' into stagingStefan Hajnoczi9-125/+288
Queued target/s390 patches # gpg: Signature made Sat 13 May 2017 12:33:08 AM BST # gpg: using RSA key 0xAD1270CC4DD0279B # gpg: Good signature from "Richard Henderson <rth7680@gmail.com>" # gpg: aka "Richard Henderson <rth@redhat.com>" # gpg: aka "Richard Henderson <rth@twiddle.net>" # Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC 16A4 AD12 70CC 4DD0 279B * rth/tags/pull-s390-20170512: target/s390x: implement serialization in BRANCH CONDITION target/s390x: fix SIGNAL PROCESSOR return value target/s390x: mask the SIGP order_code using SIGP_ORDER_MASK target/s390x: Use atomic operations for LOAD AND OP target/s390x: Use atomic operations for COMPARE SWAP target/s390x: Implement LOAD PAIR DISJOINT target/s390x: Diagnose specification exception for atomics target/s390x: Implement LOAD PROGRAM PARAMETER target/s390x: Implement STORE FACILITIES LIST EXTENDED Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-15Merge remote-tracking branch 'kraxel/tags/pull-usb-20170512-1' into stagingStefan Hajnoczi6-81/+65
usb: bugfixes, doc update # gpg: Signature made Fri 12 May 2017 01:20:29 PM BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * kraxel/tags/pull-usb-20170512-1: hw/usb/dev-serial: Do not try to set vendorid or productid properties xhci: relax link check usb-hub: clear PORT_STAT_SUSPEND on wakeup xhci: fix logging usb-redir: fix stack overflow in usbredir_log_data qemu-doc: Update to use the new way of attaching USB devices Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-15Merge remote-tracking branch 'kraxel/tags/pull-ui-20170512-1' into stagingStefan Hajnoczi23-116/+311
ui: add egl-headless ui: some vnc cleanups ui: absolute events for input-linux # gpg: Signature made Fri 12 May 2017 12:50:07 PM BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * kraxel/tags/pull-ui-20170512-1: vnc: replace hweight_long() with ctpopl() vnc: simple clean up opengl: add egl-headless display egl: explicitly ask for core context egl-helpers: add missing error check egl-helpers: fix display init for x11 egl-helpers: drop support for gles and debug logging virtio-gpu: move virtio_gpu_gl_block ui: input-linux: Add absolute event support ui: Support non-zero minimum values for absolute input axes Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-159pfs: local: forbid client access to metadata (CVE-2017-7493)Greg Kurz1-2/+56
When using the mapped-file security mode, we shouldn't let the client mess with the metadata. The current code already tries to hide the metadata dir from the client by skipping it in local_readdir(). But the client can still access or modify it through several other operations. This can be used to escalate privileges in the guest. Affected backend operations are: - local_mknod() - local_mkdir() - local_open2() - local_symlink() - local_link() - local_unlinkat() - local_renameat() - local_rename() - local_name_to_path() Other operations are safe because they are only passed a fid path, which is computed internally in local_name_to_path(). This patch converts all the functions listed above to fail and return EINVAL when being passed the name of the metadata dir. This may look like a poor choice for errno, but there's no such thing as an illegal path name on Linux and I could not think of anything better. This fixes CVE-2017-7493. Reported-by: Leo Gaspard <leo@gaspard.io> Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com>
2017-05-15Merge remote-tracking branch 'ehabkost/tags/x86-and-machine-pull-request' ↵Stefan Hajnoczi36-419/+1146
into staging x86 and machine queue, 2017-05-11 Highlights: * New "-numa cpu" option * NUMA distance configuration * migration/i386 vmstatification # gpg: Signature made Thu 11 May 2017 08:16:07 PM BST # gpg: using RSA key 0x2807936F984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" # gpg: Note: This key has expired! # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * ehabkost/tags/x86-and-machine-pull-request: (29 commits) migration/i386: Remove support for pre-0.12 formats vmstatification: i386 FPReg migration/i386: Remove old non-softfloat 64bit FP support tests: check -numa node,cpu=props_list usecase numa: add '-numa cpu,...' option for property based node mapping numa: remove node_cpu bitmaps as they are no longer used numa: use possible_cpus for not mapped CPUs check machine: call machine init from wrapper numa: remove no longer need numa_post_machine_init() tests: numa: add case for QMP command query-cpus QMP: include CpuInstanceProperties into query_cpus output output virt-arm: get numa node mapping from possible_cpus instead of numa_get_node_for_cpu() spapr: get numa node mapping from possible_cpus instead of numa_get_node_for_cpu() pc: get numa node mapping from possible_cpus instead of numa_get_node_for_cpu() numa: do default mapping based on possible_cpus instead of node_cpu bitmaps numa: mirror cpu to node mapping in MachineState::possible_cpus numa: add check that board supports cpu_index to node mapping virt-arm: add node-id property to CPU pc: add node-id property to CPU spapr: add node-id property to sPAPR core ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-15Merge remote-tracking branch 'kraxel/tags/pull-vga-20170511-1' into stagingStefan Hajnoczi4-85/+53
make display updates thread safe, batch #2 # gpg: Signature made Thu 11 May 2017 03:41:51 PM BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * kraxel/tags/pull-vga-20170511-1: vga: fix display update region calculation sm501: make display updates thread safe tcx: make display updates thread safe cg3: make display updates thread safe Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-15Merge remote-tracking branch 'dgibson/tags/ppc-for-2.10-20170511' into stagingStefan Hajnoczi29-63/+524
ppc patch queue for 2017-05-11 This pull request supersedes the one from yesterday (20170510), fixing an important style bug in one patch, and adding an extra couple of simple patches. Highlights of this set: * Some fixes for POWER9 * TCG support for POWER9 radix MMU * VGA rom for Mac machine types * Fixes for the XICS interrupt controller * MTTCG support for ppc targets As suggested by Paolo, I've tried to add the Docker tests to my standard pre-pull-request tests. I haven't wholly suceeded; this has been tested with some of the Docker images, but others I haven't managed due to problems that as best I can tell are not due to problems in this patch series. I'll continue working on this for future pull requests. Specifically, 'travis', 'fedora', and 'centos6' seem to work. 'min-glib' jammed while gtesting moxie, which seems very unlikely to be caused by this series. 'ubuntu', 'debian' and 'debian-bootstrap' hit build errors almost immediately that look like problems with the container configuration, and 'debian-*-cross' hit build errors later on which also look like missing dependencies from the container. # gpg: Signature made Thu 11 May 2017 05:13:46 AM BST # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * dgibson/tags/ppc-for-2.10-20170511: (23 commits) target/ppc: Avoid printing wrong aliases in CPU help text pnv: Fix build failures on some host platforms target/ppc: Allow workarounds for POWER9 DD1 spapr: Don't accidentally advertise HTM support on POWER9 ppc: xics: fix compilation with CentOS 6 target/ppc: Enable RADIX mmu mode for pseries TCG guest target/ppc: Implement ISA V3.00 radix page fault handler target/ppc: Change tlbie invalid fields for POWER9 support target/ppc: Update tlbie to check privilege level based on GTSE target/ppc: Set UPRT and GTSE on all cpus in H_REGISTER_PROCESS_TABLE ppc: add qemu_vga.ndrv ROM to fw_cfg interface for NewWorld Macs ppc: add qemu_vga.ndrv ROM to fw_cfg interface for OldWorld Macs Add QemuMacDrivers qemu_vga.ndrv revision d4e7d7a built as submodule Add QemuMacDrivers as submodule ppc/xics: preserve P and Q bits for KVM IRQs ppc/xics: Fix stale irq->status bits after get target/ppc: do not reset reserve_addr in exec_enter tcg: enable MTTCG by default for PPC64 on x86 cpus: Fix CPU unplug for MTTCG target/ppc: Generate fence operations ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-13target/sh4: use cpu_loop_exit_restoreAurelien Jarno1-8/+2
Use cpu_loop_exit_restore when using cpu_restore_state and cpu_loop_exit together. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: trap unaligned accessesAurelien Jarno4-2/+25
SH4 requires that memory accesses are naturally aligned, except for the SH4-A movua.l instructions which can do unaligned loads. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: movua.l is an SH4-A only instructionAurelien Jarno1-11/+15
At the same time change the comment describing the instruction the same way than other instruction, so that the code is easier to read and search. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: implement tas.b using atomic helperAurelien Jarno1-12/+7
We only emulate UP SH4, however as the tas.b instruction is used in the GNU libc, this improve linux-user emulation. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: generate fences for SH4Aurelien Jarno1-4/+5
synco is a SH4-A only instruction. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: optimize gen_write_sr using extract opAurelien Jarno1-6/+3
This doesn't change the generated code on x86, but optimizes it on most RISC architectures and makes the code simpler to read. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: optimize gen_store_fpr64Aurelien Jarno1-7/+1
Using extr and avoiding intermediate temps. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: fold ctx->bstate = BS_BRANCH into gen_conditional_jumpAurelien Jarno1-6/+3
Reviewed-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: only save flags state at the end of the TBAurelien Jarno1-36/+33
There is no need to save flags when entering and exiting the delay slot. They can be saved only when reaching the end of the TB. If the TB is interrupted before by an exception, they will be restored using restore_state_to_opc. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: fix BS_EXCP exitAurelien Jarno1-9/+7
In case of exception, there is no need to call tcg_gen_exit_tb as the exception helper won't return. Also fix a few cases where BS_BRANCH is called instead of BS_EXCP. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: fix BS_STOP exitAurelien Jarno1-2/+3
When stopping the translation because the state has changed, goto_tb should not be used as it might link TB with different flags. Reviewed-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: move DELAY_SLOT_TRUE flag into a separate globalAurelien Jarno3-18/+16
Instead of using one bit of the env flags to store the condition of the next delay slot, use a separate global. It simplifies reading and writing the flags variable and also removes some confusion between ctx->envflags and env->flags. Note that the global is first transfered to a temp in order to be able to discard the global before the brcond. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: do not include DELAY_SLOT_TRUE in the TB stateAurelien Jarno1-2/+1
DELAY_SLOT_TRUE is used as a dynamic condition for the branch after the delay slot instruction. It is not used in code generation, so there is no need to including in the TB state. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: get rid of DELAY_SLOT_CLEARMEAurelien Jarno3-16/+6
Now that ctx->flags has been split, it becomes clear that DELAY_SLOT_CLEARME has not impact on the code generation: in both case ctx->envflags is cleared, either by clearing all the flags, or by setting it to 0. This is left-over from pre-TCG era. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-13target/sh4: split ctx->flags into ctx->tbflags and ctx->envflagsAurelien Jarno1-79/+82
There is a confusion (and not only in the SH4 target) between tb->flags, env->flags and ctx->flags. To avoid it, split ctx->flags into ctx->tbflags and ctx->envflags. ctx->tbflags stays unchanged during the whole TB translation, while ctx->envflags evolves and is kept in sync with env->flags using TCG instructions. ctx->envflags now only contains the part that of env->flags that is contained in the TB state, i.e. the DELAY_SLOT* flags. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-05-12target/s390x: implement serialization in BRANCH CONDITIONAurelien Jarno1-0/+15
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Message-Id: <20170509082800.10756-4-aurelien@aurel32.net> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-05-12target/s390x: fix SIGNAL PROCESSOR return valueAurelien Jarno1-0/+1
The SIGNAL PROCESSOR helper returns its value through the CC register. set_cc_static should be called just after the helper. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Message-Id: <20170509082800.10756-3-aurelien@aurel32.net> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-05-12target/s390x: mask the SIGP order_code using SIGP_ORDER_MASKAurelien Jarno3-4/+4
For that move the definition from kvm.c to cpu.h Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Message-Id: <20170509082800.10756-2-aurelien@aurel32.net> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-05-12target/s390x: Use atomic operations for LOAD AND OPRichard Henderson2-38/+60
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-05-12target/s390x: Use atomic operations for COMPARE SWAPRichard Henderson4-74/+60
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-05-12target/s390x: Implement LOAD PAIR DISJOINTEric Bischoff2-1/+45
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Eric Bischoff <ebischoff@nerim.net> Message-Id: <20170228120134.7921-1-ebischoff@suse.com> [rth: Combine the two via insn->data; free the address temps.] Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-05-12target/s390x: Diagnose specification exception for atomicsRichard Henderson3-0/+20
All of the interlocked access facility instructions raise a specification exception for unaligned accesses. Do this by using the (previously unused) unaligned_access hook. Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-05-12target/s390x: Implement LOAD PROGRAM PARAMETERMiroslav Benes2-0/+11
Linux arch/s390/kernel/head(64).S uses LPP instruction if it is available in facilities list provided by stfl/stfle instruction. This is the case of newer z/System generations and their qemu definition. The description of LPP is at http://www-01.ibm.com/support/docview.wss?uid=isg26fcd1cc32246f4c8852574ce0044734a Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Miroslav Benes <mbenes@suse.cz> Message-Id: <20170227085353.20787-1-mbenes@suse.cz> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-05-12target/s390x: Implement STORE FACILITIES LIST EXTENDEDRichard Henderson4-8/+72
At the same time, improve STORE FACILITIES LIST so that we don't hard-code the list for all cpus. Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-05-12Merge tag 'tracing-pull-request' into stagingStefan Hajnoczi1-1/+5
# gpg: Signature made Fri 12 May 2017 10:38:07 AM EDT # gpg: using RSA key 0x9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * tag 'tracing-pull-request': trace: add sanity check Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-12Merge tag 'block-pull-request' into stagingStefan Hajnoczi5-220/+16
# gpg: Signature made Fri 12 May 2017 10:37:12 AM EDT # gpg: using RSA key 0x9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * tag 'block-pull-request': aio: add missing aio_notify() to aio_enable_external() block: Simplify BDRV_BLOCK_RAW recursion coroutine: remove GThread implementation Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-12Merge remote-tracking branch 'kwolf/tags/for-upstream' into stagingStefan Hajnoczi62-610/+3086
Block layer patches # gpg: Signature made Thu 11 May 2017 10:31:37 AM EDT # gpg: using RSA key 0x7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * kwolf/tags/for-upstream: (58 commits) MAINTAINERS: Add qemu-progress to the block layer qcow2: Discard/zero clusters by byte count qcow2: Assert that cluster operations are aligned qcow2: Optimize write zero of unaligned tail cluster iotests: Add test 179 to cover write zeroes with unmap iotests: Improve _filter_qemu_img_map qcow2: Optimize zero_single_l2() to minimize L2 churn qcow2: Make distinction between zero cluster types obvious qcow2: Name typedef for cluster type qcow2: Correctly report status of preallocated zero clusters block: Update comments on BDRV_BLOCK_* meanings qcow2: Use consistent switch indentation qcow2: Nicer variable names in qcow2_update_snapshot_refcount() tests: Add coverage for recent block geometry fixes blkdebug: Add ability to override unmap geometries blkdebug: Simplify override logic blkdebug: Add pass-through write_zero and discard support blkdebug: Refactor error injection blkdebug: Sanity check block layer guarantees qemu-io: Switch 'map' output to byte-based reporting ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-12trace: add sanity checkAnthony Xu1-1/+5
If trace backend is set to TRACE_NOP, trace_get_vcpu_event_count returns 0, cause bitmap_new call abort. The abort can be triggered as follows: $ ./configure --enable-trace-backend=nop --target-list=x86_64-softmmu $ gdb ./x86_64-softmmu/qemu-system-x86_64 -M q35,accel=kvm -m 1G (gdb) bt #0 0x00007ffff04e25f7 in raise () from /lib64/libc.so.6 #1 0x00007ffff04e3ce8 in abort () from /lib64/libc.so.6 #2 0x00005555559de905 in bitmap_new (nbits=<optimized out>) at /home/root/git/qemu2.git/include/qemu/bitmap.h:96 #3 cpu_common_initfn (obj=0x555556621d30) at qom/cpu.c:399 #4 0x0000555555a11869 in object_init_with_type (obj=0x555556621d30, ti=0x55555656bbb0) at qom/object.c:341 #5 0x0000555555a11869 in object_init_with_type (obj=0x555556621d30, ti=0x55555656bd30) at qom/object.c:341 #6 0x0000555555a11efc in object_initialize_with_type (data=data@entry=0x555556621d30, size=76560, type=type@entry=0x55555656bd30) at qom/object.c:376 #7 0x0000555555a12061 in object_new_with_type (type=0x55555656bd30) at qom/object.c:484 #8 0x0000555555a121c5 in object_new (typename=typename@entry=0x555556550340 "qemu64-x86_64-cpu") at qom/object.c:494 #9 0x00005555557f6e3d in pc_new_cpu (typename=typename@entry=0x555556550340 "qemu64-x86_64-cpu", apic_id=0, errp=errp@entry=0x5555565391b0 <error_fatal>) at /home/root/git/qemu2.git/hw/i386/pc.c:1101 #10 0x00005555557fa33e in pc_cpus_init (pcms=pcms@entry=0x5555565f9690) at /home/root/git/qemu2.git/hw/i386/pc.c:1184 #11 0x00005555557fe0f6 in pc_q35_init (machine=0x5555565f9690) at /home/root/git/qemu2.git/hw/i386/pc_q35.c:121 #12 0x000055555574fbad in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4562 Signed-off-by: Anthony Xu <anthony.xu@intel.com> Message-id: 1494369432-15418-1-git-send-email-anthony.xu@intel.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-12aio: add missing aio_notify() to aio_enable_external()Stefan Hajnoczi1-2/+8
The main loop uses aio_disable_external()/aio_enable_external() to temporarily disable processing of external AioContext clients like device emulation. This allows monitor commands to quiesce I/O and prevent the guest from submitting new requests while a monitor command is in progress. The aio_enable_external() API is currently broken when an IOThread is in aio_poll() waiting for fd activity when the main loop re-enables external clients. Incrementing ctx->external_disable_cnt does not wake the IOThread from ppoll(2) so fd processing remains suspended and leads to unresponsive emulated devices. This patch adds an aio_notify() call to aio_enable_external() so the IOThread is kicked out of ppoll(2) and will re-arm the file descriptors. The bug can be reproduced as follows: $ qemu -M accel=kvm -m 1024 \ -object iothread,id=iothread0 \ -device virtio-scsi-pci,iothread=iothread0,id=virtio-scsi-pci0 \ -drive if=none,id=drive0,aio=native,cache=none,format=raw,file=test.img \ -device scsi-hd,id=scsi-hd0,drive=drive0 \ -qmp tcp::5555,server,nowait $ scripts/qmp/qmp-shell localhost:5555 (qemu) blockdev-snapshot-sync device=drive0 snapshot-file=sn1.qcow2 mode=absolute-paths format=qcow2 After blockdev-snapshot-sync completes the SCSI disk will be unresponsive. This leads to request timeouts inside the guest. Reported-by: Qianqian Zhu <qizhu@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20170508180705.20609-1-stefanha@redhat.com Suggested-by: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-12block: Simplify BDRV_BLOCK_RAW recursionEric Blake1-2/+2
Since we are already in coroutine context during the body of bdrv_co_get_block_status(), we can shave off a few layers of wrappers when recursing to query the protocol when a format driver returned BDRV_BLOCK_RAW. Note that we are already using the correct recursion later on in the same function, when probing whether the protocol layer is sparse in order to find out if we can add BDRV_BLOCK_ZERO to an existing BDRV_BLOCK_DATA|BDRV_BLOCK_OFFSET_VALID. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Message-id: 20170504173745.27414-1-eblake@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-12coroutine: remove GThread implementationDaniel P. Berrange3-216/+6
The GThread implementation is not functional enough to actually run QEMU reliably. While it was potentially useful for debugging, we have a scripts/qemugdb/coroutine.py to enable tracing of ucontext coroutines in GDB, so that removes the only reason for GThread to exist. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Acked-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-12vnc: replace hweight_long() with ctpopl()Cédric Le Goater2-13/+3
ctpopl() has a better implementation than hweight_long() and ui/vnc.c being the last user of hweight_long(), we can simply remove it. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1489415605-13105-1-git-send-email-clg@kaod.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-05-12vnc: simple clean upWei Qi1-1/+0
It is unnecessary to assign 'packed_bytes' to 'estimated_bytes', because 'estimated_bytes' unused after assignment. Signed-off-by: Wei Qi <weiqi4@huawei.com> Reviewed-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-05-12hw/usb/dev-serial: Do not try to set vendorid or productid propertiesThomas Huth1-18/+6
When starting QEMU with the legacy USB serial device like this: qemu-system-x86_64 -usbdevice serial:vendorid=0x1234:stdio it currently aborts since the vendorid property does not exist anymore (it has been removed by commit f29783f72ea77dfbd7ea0c9): Unexpected error in object_property_find() at qemu/qom/object.c:1008: qemu-system-x86_64: -usbdevice serial:vendorid=0x1234:stdio: Property '.vendorid' not found Aborted (core dumped) Fix this crash by issuing a more friendly error message instead (and simplify the code also a little bit this way). Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1493883704-27604-1-git-send-email-thuth@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>