aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)AuthorFilesLines
2015-09-18target-mips: fix corner case in TLBWR causing QEMU to hangLeon Alrae1-2/+7
cpu_mips_get_random() function is used to generate a random index from CP0.Wired to TLBSize-1 range. Current implementation avoids generating the same as before value, hence the while loop. If the guest sets CP0.Wired to TLBSize-1 (which actually does not sound to be very practical) QEMU will get stuck in the loop infinitely as we always generate the same index. Signed-off-by: Leon Alrae <leon.alrae@imgtec.com> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
2015-09-18pic32: use LCG algorithm for generated random index of TLBWR instructionSerge Vakulenko1-3/+6
The LFSR algorithm, used for generating random TLB indexes for TLBWR instruction, was inclined to produce a degenerate sequence in some cases. For example, for 16-entry TLB size and Wired=1, it gives: 15, 6, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2... When replaced with LCG algorithm from ISO/IEC 9899 standard, the sequence looks much better, with about the same computational effort needed. Signed-off-by: Serge Vakulenko <serge.vakulenko@gmail.com> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Leon Alrae <leon.alrae@imgtec.com> Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2015-09-17Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into ↵Peter Maydell1-8/+25
staging # gpg: Signature made Thu 17 Sep 2015 12:43:56 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/net-pull-request: net: smc91c111: flush packets on RCR register changes net: smc91c111: gate can_receive() on rx FIFO having a slot net: smc91c111: guard flush_queued_packets() on can_rx() MAINTAINERS: Stefan will not maintain net subsystem Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-17net: smc91c111: flush packets on RCR register changesPeter Crosthwaite1-0/+1
The SOFT_RST or RXEN in the control register can be used as a condition to unblock the net layer via can_receive(). So check for possible flushes on RCR changes. This will drop all pending packets on soft reset or disable which is the functional intent of the can_receive() logic. Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Reviewed-by: Fam Zheng <famz@redhat.com> Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org> Message-id: b114d4c96f4afbdaa15f1361d9c07e3021755915.1441873621.git.crosthwaite.peter@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-17net: smc91c111: gate can_receive() on rx FIFO having a slotPeter Crosthwaite1-1/+3
Return false from can_receive() when the FIFO doesn't have a free RX slot. This fixes a bug in the current code where the allocated buffer is freed before the fifo pop, triggering a premature flush of queued RX packets. It also will handle a corner case, where the guest manually frees the allocated buffer before popping the rx FIFO (hence it is not enough to just delay the flush_queued_packets()). Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Reviewed-by: Fam Zheng <famz@redhat.com> Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org> Message-id: 97bfdfc5cbce0bd5e0cbbbff35ce7a1bf6f8603d.1441873621.git.crosthwaite.peter@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-17net: smc91c111: guard flush_queued_packets() on can_rx()Peter Crosthwaite1-8/+22
Check that the core can once again receive packets before asking the net layer to do a flush. This will make it more convenient to flush packets when adding new conditions to can_receive. Add missing if braces while moving the can_receive() core code. Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Reviewed-by: Fam Zheng <famz@redhat.com> Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org> Message-id: 92e15e12a6964274f4bc0eb71b61a7d94326f6c6.1441873621.git.crosthwaite.peter@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-16Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell1-4/+0
* Linux header update and cleanup * Support for HyperV crash report * Cleanup of target-specific HMP commands * Multiarch batch * Checkpatch fix for Perl 5.22 * NBD fix * Revert incorrect commit 5243722376 # gpg: Signature made Wed 16 Sep 2015 16:39:01 BST using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" * remotes/bonzini/tags/for-upstream: (24 commits) nbd: release exp->blk after all clients are closed checkpatch: Escape left braces in regex monitor: uninclude cpu_ldst include/exec: Move cputlb exec.c defs out cputlb: Change tlb_set_dirty() arg to cpu cputlb: move CPU_LOOP() for tlb_reset() to exec.c translate: move real_host_page setting to -common tcg: Move tci_tb_ptr to -common tcg: split tcg_op_defs to -common translate-all: Move tcg_handle_interrupt() to -common cpu-exec: Migrate some generic fns to cpu-exec-common qemu-char: Use g_new() & friends where that makes obvious sense monitor: added generation of documentation for hmp-commands-info.hx hmp-commands.hx: fix end of table info monitor: remove target-specific code from monitor.c hmp-commands-info: move info_cmds content out of monitor.c i386/kvm: Hyper-v crash msrs set/get'ers and migration kvm: Add kvm system event crash handler cpu: Add crash_occurred flag into CPUState target-i386: move asm-x86/hyperv.h to standard-headers ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-16pci: remove Link Training error from AER error listPaolo Bonzini1-4/+0
The spec says: Undefined – The value read from this bit is undefined. In previous versions of this specification, this bit was used to indicate a Link Training Error. System software must ignore the value read from this bit. System software is permitted to write any value to this bit. Do not allow injecting it. Suggested-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-15net: avoid infinite loop when receiving packets(CVE-2015-5278)P J P1-1/+1
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152) bytes to process network packets. While receiving packets via ne2000_receive() routine, a local 'index' variable could exceed the ring buffer size, leading to an infinite loop situation. Reported-by: Qinghao Tang <luodalongde@gmail.com> Signed-off-by: P J P <pjp@fedoraproject.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-15net: add checks to validate ring buffer pointers(CVE-2015-5279)P J P1-4/+15
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152) bytes to process network packets. While receiving packets via ne2000_receive() routine, a local 'index' variable could exceed the ring buffer size, which could lead to a memory buffer overflow. Added other checks at initialisation. Reported-by: Qinghao Tang <luodalongde@gmail.com> Signed-off-by: P J P <pjp@fedoraproject.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-15e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815)P J P1-1/+2
While processing transmit descriptors, it could lead to an infinite loop if 'bytes' was to become zero; Add a check to avoid it. [The guest can force 'bytes' to 0 by setting the hdr_len and mss descriptor fields to 0. --Stefan] Signed-off-by: P J P <pjp@fedoraproject.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 1441383666-6590-1-git-send-email-stefanha@redhat.com
2015-09-14Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell14-89/+30
* Support for jemalloc * qemu_mutex_lock_iothread "No such process" fix * cutils: qemu_strto* wrappers * iohandler.c simplification * Many other fixes and misc patches. And some MTTCG work (with Emilio's fixes squashed): * Signal-free TCG kick * Removing spinlock in favor of QemuMutex * User-mode emulation multi-threading fixes/docs # gpg: Signature made Thu 10 Sep 2015 09:03:07 BST using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" * remotes/bonzini/tags/for-upstream: (44 commits) cutils: work around platform differences in strto{l,ul,ll,ull} cpu-exec: fix lock hierarchy for user-mode emulation exec: make mmap_lock/mmap_unlock globally available tcg: comment on which functions have to be called with mmap_lock held tcg: add memory barriers in page_find_alloc accesses remove unused spinlock. replace spinlock by QemuMutex. cpus: remove tcg_halt_cond and tcg_cpu_thread globals cpus: protect work list with work_mutex scripts/dump-guest-memory.py: fix after RAMBlock change configure: Add support for jemalloc add macro file for coccinelle configure: factor out adding disas configure vhost-scsi: fix wrong vhost-scsi firmware path checkpatch: remove tests that are not relevant outside the kernel checkpatch: adapt some tests to QEMU CODING_STYLE: update mixed declaration rules qmp: Add example usage of strto*l() qemu wrapper cutils: Add qemu_strtoull() wrapper cutils: Add qemu_strtoll() wrapper ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-14hw/cpu/{a15mpcore, a9mpcore}: Handle missing has_el3 CPU props gracefullyEdgar E. Iglesias2-2/+2
Handle missing CPU support for EL3 gracefully. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1442135278-25281-2-git-send-email-edgar.iglesias@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-14i.MX: Add GPIO devices to i.MX25 SOCJean-Christophe Dubois1-0/+29
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 2eb129ba8713aedfe877eaa3d8de80061d880fbb.1441828793.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-14i.MX: Add GPIO devices to i.MX31 SOCJean-Christophe Dubois1-0/+30
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 60b67c9a8b948159f4b4163ead86fbf701c011c6.1441828793.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-14i.MX: Add GPIO deviceJean-Christophe Dubois2-0/+341
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 5ea3b0021e47cf7f7d883a7edbabee44980f3df7.1441828793.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-14xlnx-zynqmp: Remove unnecessary brackets around error messagesAlistair Francis1-5/+5
The errp and err variable have unnecessary brackets around them, so remove the brackets. Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 9900393572b63f2ec3d68785ca98193d81e0ac71.1441758563.git.alistair.francis@xilinx.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-14Merge remote-tracking branch 'remotes/aurel/tags/pull-sh4-next-20150913' ↵Peter Maydell1-3/+3
into staging sh4-next: - TCG optimizations - fix initramfs endianness issue # gpg: Signature made Sun 13 Sep 2015 22:16:12 BST using RSA key ID 1DDD8C9B # gpg: Good signature from "Aurelien Jarno <aurelien@aurel32.net>" # gpg: aka "Aurelien Jarno <aurelien@jarno.fr>" # gpg: aka "Aurelien Jarno <aurel32@debian.org>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 7746 2642 A9EF 94FD 0F77 196D BA9C 7806 1DDD 8C9B * remotes/aurel/tags/pull-sh4-next-20150913: sh4: Fix initramfs initialization for endiannes-mismatched targets target-sh4: improve shad instruction target-sh4: improve shld instruction target-sh4: improve cmp/str instruction target-sh4: use deposit in swap.b instruction target-sh4: add flags markups for FP helpers Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-13sh4: Fix initramfs initialization for endiannes-mismatched targetsGuenter Roeck1-3/+3
If host and target endianness does not match, loding an initramfs does not work. Fix by writing boot parameters with appropriate endianness conversion. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2015-09-11hw/arm/spitz: Remove meaningless blank PropertyShannon Zhao1-5/+0
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11hw/gpio/zaurus: Remove meaningless blank PropertyShannon Zhao1-5/+0
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11hw/virtio/virtio-pci: Remove meaningless blank PropertyShannon Zhao1-5/+0
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11hw/s390x/s390-virtio-bus: Remove meaningless blank PropertyShannon Zhao1-5/+0
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11typofixes - v4Veres Lajos11-11/+11
Signed-off-by: Veres Lajos <vlajos@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11trivial: remove trailing newline from error_reportJohn Snow2-2/+2
Minor cleanup. Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11maint: avoid useless "if (foo) free(foo)" patternMarkus Armbruster5-24/+12
My Coccinelle semantic patch finds a few more, because it also fixes up the equally pointless conditional if (foo) { free(foo); foo = NULL; } Result (feel free to squash it into your patch): Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11maint: avoid useless "if (foo) free(foo)" patternDaniel P. Berrange13-43/+16
The free() and g_free() functions both happily accept NULL on any platform QEMU builds on. As such putting a conditional 'if (foo)' check before calls to 'free(foo)' merely serves to bloat the lines of code. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11maint: remove unused include for strings.hDaniel P. Berrange1-1/+0
A number of files were including strings.h but not using any of the functions it provides Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11maint: remove unused include for signal.hDaniel P. Berrange3-3/+0
A number of files were including signal.h but not using any of the functions it provides Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11maint: remove unused include for dirent.hDaniel P. Berrange3-4/+0
A number of files were including dirent.h but not using any of the functions it provides Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11maint: remove unused include for assert.hDaniel P. Berrange1-2/+0
A number of files were including assert.h but not using any of the functions it provides Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11maint: remove / fix many doubled wordsDaniel P. Berrange3-3/+3
Many source files have doubled words (eg "the the", "to to", and so on). Most of these can simply be removed, but a couple were actual mis-spellings (eg "to to" instead of "to do"). There was even one triple word score "to to to" :-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11maint: remove double semicolons in many filesDaniel P. Berrange2-3/+3
A number of source files have statements accidentally terminated by a double semicolon - eg 'foo = bar;;'. This is harmless but a mistake none the less. The tcg/ia64/tcg-target.c file is whitelisted because it has valid use of ';;' in a comment containing assembly code. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11i6300esb: fix timer overflowLaurent Vivier1-1/+1
We use muldiv64() to compute the time to wait: timeout = muldiv64(get_ticks_per_sec(), timeout, 33000000); but get_ticks_per_sec() is 10^9 (30 bit value) and timeout is a 35 bit value. Whereas muldiv64 is: uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c) So we loose 3 bits of timeout. Swapping get_ticks_per_sec() and timeout fixes it. We can also replace it by a multiplication by 30 ns, but this changes PCI clock frequency from 33MHz to 33.333333MHz and we need to do this on all the QEMU PCI devices (later...) Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-10Merge remote-tracking branch 'remotes/sstabellini/tags/xen-2015-09-10-tag' ↵Peter Maydell14-216/+1019
into staging xen-2015-09-10 # gpg: Signature made Thu 10 Sep 2015 17:52:08 BST using RSA key ID 70E1AE90 # gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>" * remotes/sstabellini/tags/xen-2015-09-10-tag: (29 commits) xen/pt: Don't slurp wholesale the PCI configuration registers xen/pt: Check for return values for xen_host_pci_[get|set] in init xen/pt: Move bulk of xen_pt_unregister_device in its own routine. xen/pt: Make xen_pt_unregister_device idempotent xen/pt: Log xen_host_pci_get/set errors in MSI code. xen/pt: Log xen_host_pci_get in two init functions xen/pt: Remove XenPTReg->data field. xen/pt: Check if reg->init function sets the 'data' past the reg->size xen/pt: Sync up the dev.config and data values. xen/pt: Use xen_host_pci_get_[byte|word] instead of dev.config xen/pt: Use XEN_PT_LOG properly to guard against compiler warnings. xen/pt/msi: Add the register value when printing logging and error messages xen: use errno instead of rc for xc_domain_add_to_physmap xen/pt: xen_host_pci_config_read returns -errno, not -1 on failure xen/pt: Make xen_pt_msi_set_enable static xen/pt: Update comments with proper function name. xen/HVM: atomically access pointers in bufioreq handling xen-hvm: When using xc_domain_add_to_physmap also include errno when reporting xen, gfx passthrough: add opregion mapping xen, gfx passthrough: register host bridge specific to passthrough ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-10xen/pt: Don't slurp wholesale the PCI configuration registersKonrad Rzeszutek Wilk1-6/+1
Instead we have the emulation registers ->init functions which consult the host values to see what the initial value should be and they are responsible for populating the dev.config. Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Check for return values for xen_host_pci_[get|set] in initKonrad Rzeszutek Wilk1-8/+16
and if we have failures we call xen_pt_destroy introduced in 'xen/pt: Move bulk of xen_pt_unregister_device in its own routine.' and free all of the allocated structures. Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Move bulk of xen_pt_unregister_device in its own routine.Konrad Rzeszutek Wilk1-58/+63
This way we can call it if we fail during init. This code movement introduces no changes. Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Make xen_pt_unregister_device idempotentKonrad Rzeszutek Wilk4-6/+22
To deal with xen_host_pci_[set|get]_ functions returning error values and clearing ourselves in the init function we should make the .exit (xen_pt_unregister_device) function be idempotent in case the generic code starts calling .exit (or for fun does it before calling .init!). Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Log xen_host_pci_get/set errors in MSI code.Konrad Rzeszutek Wilk1-4/+14
We seem to only use these functions when de-activating the MSI - so just log errors. Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Log xen_host_pci_get in two init functionsKonrad Rzeszutek Wilk1-0/+9
To help with troubleshooting in the field. Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Remove XenPTReg->data field.Konrad Rzeszutek Wilk2-30/+49
We do not want to have two entries to cache the guest configuration registers: XenPTReg->data and dev.config. Instead we want to use only the dev.config. To do without much complications we rip out the ->data field and replace it with an pointer to the dev.config. This way we have the type-checking (uint8_t, uint16_t, etc) and as well and pre-computed location. Alternatively we could compute the offset in dev.config by using the XenPTRRegInfo and XenPTRegGroup every time but this way we have the pre-computed values. This change also exposes some mis-use: - In 'xen_pt_status_reg_init' we used u32 for the Capabilities Pointer register, but said register is an an u16. - In 'xen_pt_msgdata_reg_write' we used u32 but should have only use u16. Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Check if reg->init function sets the 'data' past the reg->sizeKonrad Rzeszutek Wilk1-2/+8
It should never happen, but in case it does (an developer adds a new register and the 'init_val' expands past the register size) we want to report. The code will only write up to reg->size so there is no runtime danger of the register spilling across other ones - however to catch this sort of thing we still return an error. Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Sync up the dev.config and data values.Konrad Rzeszutek Wilk1-1/+58
For a passthrough device we maintain a state of emulated registers value contained within d->config. We also consult the host registers (and apply ro and write masks) whenever the guest access the registers. This is done in xen_pt_pci_write_config and xen_pt_pci_read_config. Also in this picture we call pci_default_write_config which updates the d->config and if the d->config[PCI_COMMAND] register has PCI_COMMAND_MEMORY (or PCI_COMMAND_IO) acts on those changes. On startup the d->config[PCI_COMMAND] are the host values, not what the guest initial values should be, which is exactly what we do _not_ want to do for 64-bit BARs when the guest just wants to read the size of the BAR. Huh you say? To get the size of 64-bit memory space BARs, the guest has to calculate ((BAR[x] & 0xFFFFFFF0) + ((BAR[x+1] & 0xFFFFFFFF) << 32)) which means it has to do two writes of ~0 to BARx and BARx+1. prior to this patch and with XSA120-addendum patch (Linux kernel) the PCI_COMMAND register is copied from the host it can have PCI_COMMAND_MEMORY bit set which means that QEMU will try to update the hypervisor's P2M with BARx+1 value to ~0 (0xffffffff) (to sync the guest state to host) instead of just having xen_pt_pci_write_config and xen_pt_bar_reg_write apply the proper masks and return the size to the guest. To thwart this, this patch syncs up the host values with the guest values taking into account the emu_mask (bit set means we emulate, PCI_COMMAND_MEMORY and PCI_COMMAND_IO are set). That is we copy the host values - masking out any bits which we will emulate. Then merge it with the initial emulation register values. Lastly this value is then copied both in dev.config _and_ XenPTReg->data field. There is also reg->size accounting taken into consideration that ends up being used in patch. xen/pt: Check if reg->init function sets the 'data' past the reg->size This fixes errors such as these: (XEN) memory_map:add: dom2 gfn=fffe0 mfn=fbce0 nr=20 (DEBUG) 189 pci dev 04:0 BAR16 wrote ~0. (DEBUG) 200 pci dev 04:0 BAR16 read 0x0fffe0004. (XEN) memory_map:remove: dom2 gfn=fffe0 mfn=fbce0 nr=20 (DEBUG) 204 pci dev 04:0 BAR16 wrote 0x0fffe0004. (DEBUG) 217 pci dev 04:0 BAR16 read upper 0x000000000. (XEN) memory_map:add: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20 (XEN) p2m.c:883:d0v0 p2m_set_entry failed! mfn=ffffffffffffffff rc:-22 (XEN) memory_map:fail: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20 ret:-22 (XEN) memory_map:remove: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20 (XEN) p2m.c:920:d0v0 gfn_to_mfn failed! gfn=ffffffff00000 type:4 (XEN) p2m.c:920:d0v0 gfn_to_mfn failed! gfn=ffffffff00001 type:4 .. (XEN) memory_map: error -22 removing dom2 access to [fbce0,fbcff] (DEBUG) 222 pci dev 04:0 BAR16 read upper 0x0ffffffff. (XEN) memory_map:remove: dom2 gfn=ffffffff00000 mfn=fbce0 nr=20 (XEN) memory_map: error -22 removing dom2 access to [fbce0,fbcff] [The DEBUG is to illustate what the hvmloader was doing] Also we swap from xen_host_pci_long to using xen_host_pci_get_[byte,word,long]. Otherwise we get: xen_pt_config_reg_init: Offset 0x0004 mismatch! Emulated=0x0000, host=0x2300017, syncing to 0x2300014. xen_pt_config_reg_init: Error: Offset 0x0004:0x2300014 expands past register size(2)! which is not surprising. We read the value as an 32-bit (from host), then operate it as a 16-bit - and the remainder is left unchanged. We end up writing the value as 16-bit (so 0014) to dev.config (as we use proper xen_set_host_[byte,word,long] so we don't spill to other registers) but in XenPTReg->data it is as 32-bit (0x2300014)! It is harmless as the read/write functions end up using an size mask and never modify the bits past 16-bit (reg->size is 2). This patch fixes the warnings by reading the value using the proper size. Note that the check for size is still left in-case the developer sets bits past the reg->size in the ->init routines. The author tried to fiddle with QEMU_BUILD_BUG to make this work but failed. Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Use xen_host_pci_get_[byte|word] instead of dev.configKonrad Rzeszutek Wilk2-28/+73
During init time we treat the dev.config area as a cache of the host view. However during execution time we treat it as guest view (by the generic PCI API). We need to sync Xen's code to the generic PCI API view. This is the first step by replacing all of the code that uses dev.config or pci_get_[byte|word] to get host value to actually use the xen_host_pci_get_[byte|word] functions. Interestingly in 'xen_pt_ptr_reg_init' we also needed to swap reg_field from uint32_t to uint8_t - since the access is only for one byte not four bytes. We can split this as a seperate patch however we would have to use a cast to thwart compiler warnings in the meantime. We also truncated 'flags' to 'flag' to make the code fit within the 80 characters. Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Use XEN_PT_LOG properly to guard against compiler warnings.Konrad Rzeszutek Wilk1-1/+1
If XEN_PT_LOGGING_ENABLED is enabled the XEN_PT_LOG macros start using the first argument. Which means if within the function there is only one user of the argument ('d') and XEN_PT_LOGGING_ENABLED is not set, we get compiler warnings. This is not the case now but with the "xen/pt: Use xen_host_pci_get_[byte|word] instead of dev.config" we will hit - so this sync up the function to the rest of them. Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt/msi: Add the register value when printing logging and error messagesKonrad Rzeszutek Wilk1-3/+3
We would like to know what the MSI register value is to help in troubleshooting in the field. As such modify the logging logic to include such details in xen_pt_msgctrl_reg_write. Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: xen_host_pci_config_read returns -errno, not -1 on failureKonrad Rzeszutek Wilk1-1/+1
However the init routines assume that on errors the return code is -1 (as the libxc API is) - while those xen_host_* routines follow another paradigm - negative errno on return, 0 on success. Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Make xen_pt_msi_set_enable staticKonrad Rzeszutek Wilk2-2/+1
As we do not use it outside our code. Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10xen/pt: Update comments with proper function name.Konrad Rzeszutek Wilk1-2/+2
It has changed but the comments still refer to the old names. Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>