aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)AuthorFilesLines
2015-10-12megasas: fix megasas_get_sata_addrPaolo Bonzini1-1/+1
There are two bugs here. First, the 16-bit id loses the high 8 bits when shifted left by 24. Second, the address must be combined with an "or" or we just get zero. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-10-12scsi: switch from g_slice allocator to mallocPaolo Bonzini3-14/+12
Simplify memory allocation by sticking with a single API. GSlice is not that fast anyway (tcmalloc/jemalloc are better). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-10-12Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell5-30/+95
staging Pull request v2: * Fix virtio 16lx -> HWADDR_PRIx format specifier [Peter] # gpg: Signature made Mon 12 Oct 2015 11:19:06 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: sdhci.c: Limit the maximum block size block: switch from g_slice allocator to malloc virtio dataplane: adapt dataplane for virtio Version 1 virtio-blk: use blk_io_plug/unplug for Linux AIO batching sdhci: Pass drive parameter to sdhci-pci via qdev property Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-12Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into ↵Peter Maydell4-15/+37
staging # gpg: Signature made Mon 12 Oct 2015 08:56:47 BST using RSA key ID 398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: tests: add test cases for netfilter object netfilter: add a netbuffer filter net/queue: export qemu_net_queue_append_iov netfilter: print filter info associate with the netdev netfilter: add an API to pass the packet to next filter net/queue: introduce NetQueueDeliverFunc net: merge qemu_deliver_packet and qemu_deliver_packet_iov netfilter: hook packets before net queue send init/cleanup of netfilter object vl.c: init delayed object after net_init_clients vmxnet3: Add support for VMXNET3_CMD_GET_ADAPTIVE_RING_INFO command e1000: use alias for default model vmxnet3: Support reading IMR registers on bar0 net/vmxnet3: Refine l2 header validation Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-12sdhci.c: Limit the maximum block sizeAlistair Francis1-0/+10
It is possible for the guest to set an invalid block size which is larger then the fifo_buffer[] array. This could cause a buffer overflow. To avoid this limit the maximum size of the blksize variable. Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Reported-by: Intel Security ATR <secure@intel.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: abe4c51f513290bbb85d1ee271cb1a3d463d7561.1444067470.git.alistair.francis@xilinx.com Suggested-by: Igor Mitsyanko <i.mitsyanko@gmail.com> Reported-by: Intel Security ATR <secure@intel.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-10-12block: switch from g_slice allocator to mallocPaolo Bonzini1-2/+2
Simplify memory allocation by sticking with a single API. GSlice is not that fast anyway (tcmalloc/jemalloc are better). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-10-12virtio dataplane: adapt dataplane for virtio Version 1Pierre Morel1-14/+55
Let dataplane allocate different region for the desc/avail/used ring regions. Take VIRTIO_RING_F_EVENT_IDX into account to increase the used/avail rings accordingly. [Fix 32-bit builds by changing 16lx format specifier to HWADDR_PRIx. --Stefan] Signed-off-by: Pierre Morel <pmorel@linux.vnet.ibm.com> Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Message-id: 1441625636-23773-1-git-send-email-pmorel@linux.vnet.ibm.com (changed __virtio16 into uint16_t, map descriptor table and available ring read-only) Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-10-12Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2015-10-09' ↵Peter Maydell16-25/+74
into staging Fix device introspection regressions # gpg: Signature made Fri 09 Oct 2015 14:43:41 BST using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-monitor-2015-10-09: Revert "qdev: Use qdev_get_device_class() for -device <type>,help" qdev: Protect device-list-properties against broken devices qmp: Fix device-list-properties not to crash for abstract device device-introspect-test: New, covering device introspection libqtest: New hmp() & friends libqtest: Clean up unused QTestState member sigact_old tests: Fix how qom-test is run macio: move DBDMA_init from instance_init to realize hw: do not pass NULL to memory_region_init from instance_init memory: allow destroying a non-empty MemoryRegion virtio-input: Fix device introspection on non-Linux hosts update-linux-headers: Rename SW_MAX to SW_MAX_ Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-12virtio-blk: use blk_io_plug/unplug for Linux AIO batchingStefan Hajnoczi1-0/+4
The raw-posix block driver implements Linux AIO batching so multiple requests can be submitted with a single io_submit(2) system call. Batching is currently only used by virtio-scsi and virtio-blk-data-plane. Enable batching for regular virtio-blk so the number of io_submit(2) system calls is reduced for workloads with queue depth > 1. In 4KB random read performance tests with queue depth 32, the CPU utilization on the host is reduced by 9.4%. The fio job is as follows: [global] bs=4k ioengine=libaio iodepth=32 direct=1 sync=0 time_based=1 runtime=30 clocksource=gettimeofday ramp_time=5 [job1] rw=randread filename=/dev/vdb size=4096M write_bw_log=fio write_iops_log=fio write_lat_log=fio log_avg_msec=1000 This benchmark was run on an raw image on LVM. The disk was an SSD drive and -drive cache=none,aio=native was used. Tested-by: Pradeep Surisetty <psuriset@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com>
2015-10-12sdhci: Pass drive parameter to sdhci-pci via qdev propertyKevin O'Connor3-14/+24
Commit 19109131 disabled the sdhci-pci support because it used drive_get_next(). This patch reenables sdhci-pci and changes it to pass the drive via a qdev property - for example: -device sdhci-pci,drive=drive0 -drive id=drive0,if=sd,file=myimage Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-10-12vmxnet3: Add support for VMXNET3_CMD_GET_ADAPTIVE_RING_INFO commandShmulik Ladkani2-1/+14
Some drivers (e.g. vmware-tools) issue the VMXNET3_CMD_GET_ADAPTIVE_RING_INFO command. Currently, due to lack of support, a bogus value (-1) is returned. Support this command, returning the "adaptive-ring disabled" flag. Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-10-12e1000: use alias for default modelJason Wang1-7/+1
Instead of duplicating the "e1000-82540em" device model as "e1000", make the latter an alias for the former. Cc: Markus Armbruster <armbru@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com Reviewed-by: Markus Armbruster <armbru@redhat.com>
2015-10-12vmxnet3: Support reading IMR registers on bar0Shmulik Ladkani1-1/+5
Instead of asserting, return the actual IMR register value. This is aligned with what's returned on ESXi. Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com> Tested-by: Dana Rubin <dana.rubin@ravellosystems.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-10-12net/vmxnet3: Refine l2 header validationDana Rubin2-6/+17
Validation of l2 header length assumed minimal packet size as eth_header + 2 * vlan_header regardless of the actual protocol. This caused crash for valid non-IP packets shorter than 22 bytes, as 'tx_pkt->packet_type' hasn't been assigned for such packets, and 'vmxnet3_on_tx_done_update_stats()' expects it to be properly set. Refine header length validation in 'vmxnet_tx_pkt_parse_headers'. Check its return value during packet processing flow. As a side effect, in case IPv4 and IPv6 header validation failure, corrupt packets will be dropped. Signed-off-by: Dana Rubin <dana.rubin@ravellosystems.com> Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-10-09Merge remote-tracking branch 'remotes/kraxel/tags/pull-virgl-20151008-1' ↵Peter Maydell4-16/+743
into staging virtio-gpu: add 3d rendering support using virgl, misc fixes. ui/gtk: add opengl context and scanout support (for virtio-gpu). # gpg: Signature made Thu 08 Oct 2015 10:35:39 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-virgl-20151008-1: gtk/opengl: add opengl context and scanout support (GtkGLArea) gtk/opengl: add opengl context and scanout support (egl) opengl: add egl-context.[ch] helpers virtio-gpu: add cursor update tracepoint virtio-gpu: add 3d mode and virgl rendering support. virtio-gpu: update headers for virgl/3d virtio-gpu: change licence from GPLv2 to GPLv2+ virtio-gpu: move iov free to virtio_gpu_cleanup_mapping_iov ui/console: add opengl context and scanout support interfaces. sdl2: stop flickering shaders: initialize vertexes once Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-09qdev: Protect device-list-properties against broken devicesMarkus Armbruster6-0/+41
Several devices don't survive object_unref(object_new(T)): they crash or hang during cleanup, or they leave dangling pointers behind. This breaks at least device-list-properties, because qmp_device_list_properties() needs to create a device to find its properties. Broken in commit f4eb32b "qmp: show QOM properties in device-list-properties", v2.1. Example reproducer: $ qemu-system-aarch64 -nodefaults -display none -machine none -S -qmp stdio {"QMP": {"version": {"qemu": {"micro": 50, "minor": 4, "major": 2}, "package": ""}, "capabilities": []}} { "execute": "qmp_capabilities" } {"return": {}} { "execute": "device-list-properties", "arguments": { "typename": "pxa2xx-pcmcia" } } qemu-system-aarch64: /home/armbru/work/qemu/memory.c:1307: memory_region_finalize: Assertion `((&mr->subregions)->tqh_first == ((void *)0))' failed. Aborted (core dumped) [Exit 134 (SIGABRT)] Unfortunately, I can't fix the problems in these devices right now. Instead, add DeviceClass member cannot_destroy_with_object_finalize_yet to mark them: * Hang during cleanup (didn't debug, so I can't say why): "realview_pci", "versatile_pci". * Dangling pointer in cpus: most CPUs, plus "allwinner-a10", "digic", "fsl,imx25", "fsl,imx31", "xlnx,zynqmp", because they create such CPUs * Assert kvm_enabled(): "host-x86_64-cpu", host-i386-cpu", "host-powerpc64-cpu", "host-embedded-powerpc-cpu", "host-powerpc-cpu" (the powerpc ones can't currently reach the assertion, because the CPUs are only registered when KVM is enabled, but the assertion is arguably in the wrong place all the same) Make qmp_device_list_properties() fail cleanly when the device is so marked. This improves device-list-properties from "crashes, hangs or leaves dangling pointers behind" to "fails". Not a complete fix, just a better-than-nothing work-around. In the above reproducer, device-list-properties now fails with "Can't list properties of device 'pxa2xx-pcmcia'". This also protects -device FOO,help, which uses the same machinery since commit ef52358 "qdev-monitor: include QOM properties in -device FOO, help output", v2.2. Example reproducer: $ qemu-system-aarch64 -machine none -device pxa2xx-pcmcia,help Before: qemu-system-aarch64: .../memory.c:1307: memory_region_finalize: Assertion `((&mr->subregions)->tqh_first == ((void *)0))' failed. After: Can't list properties of device 'pxa2xx-pcmcia' Cc: "Andreas Färber" <afaerber@suse.de> Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com> Cc: Alexander Graf <agraf@suse.de> Cc: Anthony Green <green@moxielogic.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Eduardo Habkost <ehabkost@redhat.com> Cc: Guan Xuetao <gxt@mprc.pku.edu.cn> Cc: Jia Liu <proljc@gmail.com> Cc: Leon Alrae <leon.alrae@imgtec.com> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Cc: Max Filippov <jcmvbkbc@gmail.com> Cc: Michael Walle <michael@walle.cc> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Richard Henderson <rth@twiddle.net> Cc: qemu-ppc@nongnu.org Cc: qemu-stable@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <1443689999-12182-10-git-send-email-armbru@redhat.com>
2015-10-09macio: move DBDMA_init from instance_init to realizePaolo Bonzini1-4/+4
DBDMA_init is not idempotent, and calling it from instance_init breaks a simple object_new/object_unref pair. Work around this, pending qdev-ification of DBDMA, by moving the call to realize. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1443689999-12182-4-git-send-email-armbru@redhat.com>
2015-10-09hw: do not pass NULL to memory_region_init from instance_initPaolo Bonzini7-12/+12
This causes the region to outlive the object, because it attaches the region to /machine. This is not nice for the "realize" method, but much worse for "instance_init" because it can cause dangling pointers after a simple object_new/object_unref pair. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1443689999-12182-3-git-send-email-armbru@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
2015-10-09virtio-input: Fix device introspection on non-Linux hostsMarkus Armbruster3-9/+17
When CONFIG_LINUX is off, devices "virtio-keyboard-device", "virtio-mouse-device", "virtio-tablet-device" and "virtio-input-host-device" aren't compiled in, yet "virtio-keyboard-pci", "virtio-mouse-pci", "virtio-tablet-pci" and "virtio-input-host-pci" still are. Attempts to introspect them crash, e.g. $ qemu-system-x86_64 -device virtio-tablet-pci,help ** ERROR:/work/armbru/qemu/qom/object.c:333:object_initialize_with_type: assertion failed: (type != NULL) Broken in commit 710e2d9 and commit 006a5ed. Fix by compiling the "virtio-FOO-pci" exactly when compiling the "virtio-FOO-device": compile "virtio-keyboard-device", "virtio-mouse-device", "virtio-tablet-device" regardless of CONFIG_LINUX, and compile "virtio-input-host-pci" only for CONFIG_LINUX. Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <1444320700-26260-3-git-send-email-armbru@redhat.com>
2015-10-09Merge remote-tracking branch ↵Peter Maydell12-40/+43
'remotes/mjt/tags/pull-trivial-patches-2015-10-08' into staging trivial patches for 2015-10-08 # gpg: Signature made Thu 08 Oct 2015 17:51:05 BST using RSA key ID A4C3D7DB # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" * remotes/mjt/tags/pull-trivial-patches-2015-10-08: tests: Unique test path for /string-visitor/output linux-user: Remove type casts to union type linux-user: Use g_new() & friends where that makes obvious sense rocker: Use g_new() & friends where that makes obvious sense .travis.yml: Run make check for all targets, not just some hw: char: Remove unnecessary variable hw: timer: Remove unnecessary variable qapi: add missing @ MAINTAINERS: Add NSIS file for W32, W64 hosts target-ppc: Remove unnecessary variable target-microblaze: Remove unnecessary variable s/cpu_get_real_ticks/cpu_get_host_ticks/ pc: check for underflow in load_linux pci-assign: do not include sys/io.h block/ssh: remove dead code imx_serial: Generate interrupt on tx empty if enabled sdhci: Change debug prints to compile unconditionally sdhci: use PRIx64 for uint64_t type Add .dir-locals.el file to configure emacs coding style Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-08rocker: Use g_new() & friends where that makes obvious senseMarkus Armbruster4-9/+8
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Same Coccinelle semantic patchas in commit b45c03f. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Jiri Pirko <jiri@resnulli.us> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08hw: char: Remove unnecessary variableShraddha Barke1-3/+1
Compress lines and remove the variable. Signed-off-by: Shraddha Barke <shraddha.6596@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08hw: timer: Remove unnecessary variableShraddha Barke1-3/+1
Compress lines and remove the variable. Signed-off-by: Shraddha Barke <shraddha.6596@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08s/cpu_get_real_ticks/cpu_get_host_ticks/Christopher Covington2-3/+3
This should help clarify the purpose of the function that returns the host system's CPU cycle count. Signed-off-by: Christopher Covington <cov@codeaurora.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> ppc portion Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08pc: check for underflow in load_linuxPaolo Bonzini1-0/+4
If (setup_size+1)*512 is small enough, kernel_size -= setup_size can allocate a huge amount of memory. Avoid that. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08pci-assign: do not include sys/io.hPaolo Bonzini1-1/+0
This file does not exist on bionic libc and the functions it defines are in fact not used by pci-assign.c. Remove it. Reported-by: Houcheng Lin <houcheng@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08imx_serial: Generate interrupt on tx empty if enabledGuenter Roeck1-1/+3
Generate an interrupt if the tx buffer is empty and the tx empty interrupt is enabled. This fixes a problem seen when running a Linux image since Linux commit 55c3cb1358e ("serial: imx: remove unneeded imx_transmit_buffer() from imx_start_tx()"). Linux now waits for the tx empty interrupt before starting to send data, causing transmit stalls until there is an interrupt for another reason. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08sdhci: Change debug prints to compile unconditionallySai Pavan Boddu1-18/+18
Conditional compilation hides few type mismatch warnings, fix it to compile unconditionally. Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com> Suggested-by: Eric Blake <eblake@redhat.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08sdhci: use PRIx64 for uint64_t typeSai Pavan Boddu1-2/+5
Fix compile time warnings, because of type mismatch for unsigned long long type. Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20151007.0' ↵Peter Maydell2-100/+156
into staging VFIO updates 2015-10-07 - Change platform device IRQ setup sequence for compatibility with upcoming IRQ forwarding (Eric Auger) - Extensions to support vfio-pci devices on spapr-pci-host-bridge (David Gibson) [clang problem patch dropped] # gpg: Signature made Wed 07 Oct 2015 16:30:52 BST using RSA key ID 3BB08B22 # gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" # gpg: aka "Alex Williamson <alex@shazbot.org>" # gpg: aka "Alex Williamson <alwillia@redhat.com>" # gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" * remotes/awilliam/tags/vfio-update-20151007.0: vfio: Allow hotplug of containers onto existing guest IOMMU mappings memory: Allow replay of IOMMU mapping notifications vfio: Record host IOMMU's available IO page sizes vfio: Check guest IOVA ranges against host IOMMU capabilities vfio: Generalize vfio_listener_region_add failure path vfio: Remove unneeded union from VFIOContainer hw/vfio/platform: do not set resamplefd for edge-sensitive IRQS hw/vfio/platform: change interrupt/unmask fields into pointer hw/vfio/platform: irqfd setup sequence update Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-08Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into ↵Peter Maydell1-2/+3
staging NUMA queue, 2015-10-06 # gpg: Signature made Tue 06 Oct 2015 20:53:42 BST using RSA key ID 984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" * remotes/ehabkost/tags/numa-pull-request: pc-dimm: Fail realization for invalid nodes in non-NUMA config Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-08virtio-gpu: add cursor update tracepointGerd Hoffmann1-1/+8
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2015-10-08virtio-gpu: add 3d mode and virgl rendering support.Gerd Hoffmann3-10/+731
Add virglrenderer library detection. Add 3d mode to virtio-gpu, wire up virglrenderer library. When in 3d mode render using the new context management and texture scanout callbacks. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2015-10-08virtio-gpu: change licence from GPLv2 to GPLv2+Gerd Hoffmann2-3/+3
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-10-08virtio-gpu: move iov free to virtio_gpu_cleanup_mapping_iovGerd Hoffmann1-2/+1
For symmetry reasons: virtio_gpu_create_mapping_iov() allocates it so virtio_gpu_cleanup_mapping_iov() should free it, otherwise it's easy to miss a free() needed and leak memory. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2015-10-06pc-dimm: Fail realization for invalid nodes in non-NUMA configBharata B Rao1-2/+3
pc_dimm_realize() validates the NUMA node to which memory hotplug is being performed only in case of NUMA configuration. Include a check to fail for invalid nodes in case of non-NUMA configuration too. Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-10-06Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20151006' into ↵Peter Maydell2-11/+11
staging s390: fixes Some fixes all over the place: - ccw bios and gcc 5.1 (avoid floating point ops) - properly print vector registers - sclp and sclp-event-facility no longer hang on object_unref(object_new(T)) - better name for io_subsystem_reset One feature - the gdb server now exposes several virtualization specific register # gpg: Signature made Tue 06 Oct 2015 11:20:24 BST using RSA key ID B5A61C7C # gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>" * remotes/borntraeger/tags/s390x-20151006: s390x: rename io_subsystem_reset -> subsystem_reset s390x/info registers: print vector registers properly s390x: set missing parent for hotplug and quiesce events s390x/gdb: expose virtualization specific registers pc-bios/s390-ccw: avoid floating point operations Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-05vfio: Allow hotplug of containers onto existing guest IOMMU mappingsDavid Gibson1-14/+9
At present the memory listener used by vfio to keep host IOMMU mappings in sync with the guest memory image assumes that if a guest IOMMU appears, then it has no existing mappings. This may not be true if a VFIO device is hotplugged onto a guest bus which didn't previously include a VFIO device, and which has existing guest IOMMU mappings. Therefore, use the memory_region_register_iommu_notifier_replay() function in order to fix this case, replaying existing guest IOMMU mappings, bringing the host IOMMU into sync with the guest IOMMU. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05vfio: Record host IOMMU's available IO page sizesDavid Gibson1-0/+13
Depending on the host IOMMU type we determine and record the available page sizes for IOMMU translation. We'll need this for other validation in future patches. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05vfio: Check guest IOVA ranges against host IOMMU capabilitiesDavid Gibson1-3/+37
The current vfio core code assumes that the host IOMMU is capable of mapping any IOVA the guest wants to use to where we need. However, real IOMMUs generally only support translating a certain range of IOVAs (the "DMA window") not a full 64-bit address space. The common x86 IOMMUs support a wide enough range that guests are very unlikely to go beyond it in practice, however the IOMMU used on IBM Power machines - in the default configuration - supports only a much more limited IOVA range, usually 0..2GiB. If the guest attempts to set up an IOVA range that the host IOMMU can't map, qemu won't report an error until it actually attempts to map a bad IOVA. If guest RAM is being mapped directly into the IOMMU (i.e. no guest visible IOMMU) then this will show up very quickly. If there is a guest visible IOMMU, however, the problem might not show up until much later when the guest actually attempt to DMA with an IOVA the host can't handle. This patch adds a test so that we will detect earlier if the guest is attempting to use IOVA ranges that the host IOMMU won't be able to deal with. For now, we assume that "Type1" (x86) IOMMUs can support any IOVA, this is incorrect, but no worse than what we have already. We can't do better for now because the Type1 kernel interface doesn't tell us what IOVA range the IOMMU actually supports. For the Power "sPAPR TCE" IOMMU, however, we can retrieve the supported IOVA range and validate guest IOVA ranges against it, and this patch does so. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05vfio: Generalize vfio_listener_region_add failure pathDavid Gibson1-11/+15
If a DMA mapping operation fails in vfio_listener_region_add() it checks to see if we've already completed initial setup of the container. If so it reports an error so the setup code can fail gracefully, otherwise throws a hw_error(). There are other potential failure cases in vfio_listener_region_add() which could benefit from the same logic, so move it to its own fail: block. Later patches can use this to extend other failure cases to fail as gracefully as possible under the circumstances. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05vfio: Remove unneeded union from VFIOContainerDavid Gibson1-33/+19
Currently the VFIOContainer iommu_data field contains a union with different information for different host iommu types. However: * It only actually contains information for the x86-like "Type1" iommu * Because we have a common listener the Type1 fields are actually used on all IOMMU types, including the SPAPR TCE type as well In fact we now have a general structure for the listener which is unlikely to ever need per-iommu-type information, so this patch removes the union. In a similar way we can unify the setup of the vfio memory listener in vfio_connect_container() that is currently split across a switch on iommu type, but is effectively the same in both cases. The iommu_data.release pointer was only needed as a cleanup function which would handle potentially different data in the union. With the union gone, it too can be removed. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05hw/vfio/platform: do not set resamplefd for edge-sensitive IRQSEric Auger1-15/+27
In irqfd mode, current code attempts to set a resamplefd whatever the type of the IRQ. For an edge-sensitive IRQ this attempt fails and as a consequence, the whole irqfd setup fails and we fall back to the slow mode. This patch bypasses the resamplefd setting for non level-sentive IRQs. Signed-off-by: Eric Auger <eric.auger@linaro.org> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05hw/vfio/platform: change interrupt/unmask fields into pointerEric Auger1-15/+20
unmask EventNotifier might not be initialized in case of edge sensitive irq. Using EventNotifier pointers make life simpler to handle the edge-sensitive irqfd setup. Signed-off-by: Eric Auger <eric.auger@linaro.org> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05hw/vfio/platform: irqfd setup sequence updateEric Auger1-22/+29
With current implementation, eventfd VFIO signaling is first set up and then irqfd is setup, if supported and allowed. This start sequence causes several issues with IRQ forwarding setup which, if supported, is transparently attempted on irqfd setup: IRQ forwarding setup is likely to fail if the IRQ is detected as under injection into the guest (active at irqchip level or VFIO masked). This currently always happens because the current sequence explicitly VFIO-masks the IRQ before setting irqfd. Even if that masking were removed, we couldn't prevent the case where the IRQ is under injection into the guest. So the simpler solution is to remove this 2-step startup and directly attempt irqfd setup. This is what this patch does. Also in case the eventfd setup fails, there is no reason to go farther: let's abort. Signed-off-by: Eric Auger <eric.auger@linaro.org> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-02icc_bus: drop the unused filesZhu Guihua2-119/+0
ICC bus impl has been droped, so all icc related files are not useful any more; delete them. Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-10-02cpu/apic: drop icc bus/bridgeChen Fan4-34/+8
After CPU hotplug has been converted to BUS-less hot-plug infrastructure, the only function ICC bus performs is to propagate reset to LAPICs. However LAPIC could be reset by registering its reset handler after all device are initialized. Do so and drop ~30LOC of not needed anymore ICCBus related code. Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com> Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-10-02x86: use new method to correct reset sequenceZhu Guihua1-0/+20
During reset some devices (such as hpet, rtc) might send IRQ to APIC which changes APIC's state from default one it's supposed to have at machine startup time. Fix this by resetting APIC after devices have been reset to cancel any changes that qemu_devices_reset() might have done to its state. Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-10-02apic: move APIC's MMIO region mapping into APICChen Fan2-13/+0
When ICC bus/bridge is removed, APIC MMIO will be left unmapped since it was mapped into system's address space indirectly by ICC bridge. Fix it by moving mapping into APIC code, so it would be possible to remove ICC bus/bridge code later. Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com> Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-10-02target-i386: Convert kvm_default_*features to property/value pairsEduardo Habkost2-6/+6
Convert the kvm_default_features and kvm_default_unset_features arrays into a simple list of property/value pairs that will be applied to X86CPU objects when using KVM. Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>