Commit Graph

62814 Commits

Author SHA1 Message Date
Cornelia Huck
44e8b4689c Revert "block: Remove deprecated -drive option serial"
This reverts commit b008326744.

Hold off removing this for one more QEMU release (current libvirt
release still uses it.)

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 14:36:11 +02:00
Cornelia Huck
19a49c5637 Revert "block: Remove dead deprecation warning code"
This reverts commit 6266e900b8.

Some deprecated -drive options were still in use by libvirt, only
fixed with libvirt commit b340c6c614 ("qemu: format serial and geometry
on frontend disk device"), which is not yet in any released version
of libvirt.

So let's hold off removing the deprecated options for one more QEMU
release.

Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 14:36:11 +02:00
Ari Sundholm
ba814c82bb block/blklogwrites: Make sure the log sector size is not too small
The sector size needs to be large enough to accommodate the data
structures for the log super block and log write entries. This was
previously not properly checked, which made it possible to cause
QEMU to badly misbehave.

Signed-off-by: Ari Sundholm <ari@tuxera.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 13:17:48 +02:00
Ari Sundholm
7769eaa578 qapi/block-core.json: Add missing documentation for blklogwrites log-append option
This was accidentally omitted. Thanks to Eric Blake for spotting this.

Signed-off-by: Ari Sundholm <ari@tuxera.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 13:16:51 +02:00
Vladimir Sementsov-Ogievskiy
f8d59dfb40 block/backup: fix fleecing scheme: use serialized writes
Fleecing scheme works as follows: we want a kind of temporary snapshot
of active drive A. We create temporary image B, with B->backing = A.
Then we start backup(sync=none) from A to B. From this point, B reads
as point-in-time snapshot of A (A continues to be active drive,
accepting guest IO).

This scheme needs some additional synchronization between reads from B
and backup COW operations, otherwise, the following situation is
theoretically possible:

(assume B is qcow2, client is NBD client, reading from B)

1. client starts reading and take qcow2 mutex in qcow2_co_preadv, and
   goes up to l2 table loading (assume cache miss)

2) guest write => backup COW => qcow2 write =>
   try to take qcow2 mutex => waiting

3. l2 table loaded, we see that cluster is UNALLOCATED, go to
   "case QCOW2_CLUSTER_UNALLOCATED" and unlock mutex before
   bdrv_co_preadv(bs->backing, ...)

4) aha, mutex unlocked, backup COW continues, and we finally finish
   guest write and change cluster in our active disk A

5. actually, do bdrv_co_preadv(bs->backing, ...) and read
   _new updated_ data.

To avoid this, let's make backup writes serializing, to not intersect
with reads from B.

Note: we expand range of handled cases from (sync=none and
B->backing = A) to just (A in backing chain of B), to finally allow
safe reading from B during backup for all cases when A in backing chain
of B, i.e. B formally looks like point-in-time snapshot of A.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 13:10:29 +02:00
Vladimir Sementsov-Ogievskiy
09d2f94846 block: add BDRV_REQ_SERIALISING flag
Serialized writes should be used in copy-on-write of backup(sync=none)
for image fleecing scheme.

We need to change an assert in bdrv_aligned_pwritev, added in
28de2dcd88. The assert may fail now, because call to
wait_serialising_requests here may become first call to it for this
request with serializing flag set. It occurs if the request is aligned
(otherwise, we should already set serializing flag before calling
bdrv_aligned_pwritev and correspondingly waited for all intersecting
requests). However, for aligned requests, we should not care about
outdating of previously read data, as there no such data. Therefore,
let's just update an assert to not care about aligned requests.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 13:10:25 +02:00
Vladimir Sementsov-Ogievskiy
67b51fb998 block: split flags in copy_range
Pass read flags and write flags separately. This is needed to handle
coming BDRV_REQ_NO_SERIALISING clearly in following patches.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 13:04:25 +02:00
Vladimir Sementsov-Ogievskiy
999658a05e block/io: fix copy_range
Here two things are fixed:

1. Architecture

On each recursion step, we go to the child of src or dst, only for one
of them. So, it's wrong to create tracked requests for both on each
step. It leads to tracked requests duplication.

2. Wait for serializing requests on write path independently of
   BDRV_REQ_NO_SERIALISING

Before commit 9ded4a0114 "backup: Use copy offloading",
BDRV_REQ_NO_SERIALISING was used for only one case: read in
copy-on-write operation during backup. Also, the flag was handled only
on read path (in bdrv_co_preadv and bdrv_aligned_preadv).

After 9ded4a0114, flag is used for not waiting serializing operations
on backup target (in same case of copy-on-write operation). This
behavior change is unsubstantiated and potentially dangerous, let's
drop it and add additional asserts and documentation.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 13:04:22 +02:00
Fam Zheng
e79c4cd190 iotests: 222: Don't run with luks
Luks needs special parameters to operate the image. Since this test is
focusing on image fleecing, skip skip that format.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 11:55:11 +02:00
Kevin Wolf
b0ddcbbb36 block: Fix copy-on-read crash with partial final cluster
If the virtual disk size isn't aligned to full clusters,
bdrv_co_do_copy_on_readv() may get pnum == 0 before having the full
cluster completed, which will let it run into an assertion failure:

qemu-io: block/io.c:1203: bdrv_co_do_copy_on_readv: Assertion `skip_bytes < pnum' failed.

Check for EOF, assert that we read at least as much as the read request
originally wanted to have (which is true at EOF because otherwise
bdrv_check_byte_request() would already have returned an error) and
return success early even though we couldn't copy the full cluster.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 10:36:15 +02:00
Kevin Wolf
b994c5bc51 test-bdrv-drain: Test bdrv_append() to drained node
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 10:36:15 +02:00
Kevin Wolf
4be6a6d118 block: Poll after drain on attaching a node
Commit dcf94a23b1 ('block: Don't poll in parent drain callbacks')
removed polling in bdrv_child_cb_drained_begin() on the grounds that the
original bdrv_drain() already will poll and BdrvChildRole.drained_begin
calls must not cause graph changes (and therefore must not call
aio_poll() or the recursion through the graph will break.

This reasoning is correct for calls through bdrv_do_drained_begin().
However, BdrvChildRole.drained_begin is also called when a node that is
already in a drained section (i.e. bdrv_do_drained_begin() has already
returned and therefore can't poll any more) is attached to a new parent.
In this case, we must explicitly poll to have all requests completed
before the drained new child can be attached to the parent.

In bdrv_replace_child_noperm(), we know that we're not inside the
recursion of bdrv_do_drained_begin() because graph changes are not
allowed there, and bdrv_replace_child_noperm() is a graph change. The
call of BdrvChildRole.drained_begin() must therefore be followed by a
BDRV_POLL_WHILE() that waits for the completion of requests.

Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10 10:36:15 +02:00
Peter Maydell
b34181056c Fix translation for gUSA regions.
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJbQ59aAAoJEGTfOOivfiFfjDEH/05tn0lTv3nikEZTRxzP2x4E
 DTaq+yr6jew8UVKjn1B+vYEMGpTiT44CydMK1cYXYD5UorySl0Grihc7cGzYT/qt
 AfZapMx32ZIUsc2FQBMx/6bMQaqHWyedbhx83AD6aqM+EE8UJQuFyfISllrnU5hd
 fSkz8L163KmqMHveVP/FrBhn3dcqIxXSfFki59eZ0ZXuUKxD30qchljdHvtim387
 Fkyl5HPiM9zWA8oJ+LYnixDNId798Ps/VwyBkJlXhy73ioC46RqrFeci1uWKA1lZ
 5LAYim0DmF4WeFYS7bE9Ubwbr3m9UVXLmL7TxSUwgwCsnLqymsLD4XKCgRxD9Dw=
 =MCRa
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-sh4-20180709' into staging

Fix translation for gUSA regions.

# gpg: Signature made Mon 09 Jul 2018 18:46:02 BST
# gpg:                using RSA key 64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-sh4-20180709:
  target/sh4: Fix translator.c assertion failure for gUSA

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 22:44:22 +01:00
Peter Maydell
ed811bed4a Machine/NUMA fixes for -rc0
* Properly free device_memory at machine_finalize()
 * Fix implicit NUMA initialization regression (for machines with
   auto_enable_numa_with_memhp=true)
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJbQ54WAAoJECgHk2+YTcWmR0AP/ijB6eIvXUjf38uJqJx9Zret
 ad5z9gsaEqUqYA1cV8xxUdVHeQN8VnhMHFbcwZIDkXI7bH72dnfqK1U4/3sDmPBY
 S1lKcS2tsu9KtZJHITtY0oBXTKlLo/801LvSzfl29LAifRSPKshn012rzgO9x6e3
 havNuViUbyK61JwOVQBgoGNrSgi1iyZOMzvJdqxz0vhbj2OtD4R0jzOBm4kI6aBl
 yFQ0BS8M0WLkg+cEjccjQczDVcrcRHK6W8kiyftEoTbwqz7JokbtlEy369dt/FXC
 9c78Fcx/7j5X0qV9mCMvF3PWc7hQnVRMBE/i7OIHFCigLykmn57MhmUoXhZokpAH
 kCzskb0XUAQpbT0VUkO6M8936RoiG++1Zzb8q9EscLs5/8QWQBQB9xf+uLXwrSb3
 H9FIqN+01QG3waPzkMfsD1fSmBE3BxZ0XI6twbGn5va993NvJ5nJGbLy0k1PVSWh
 5aWKZD8dfurjkFdFK6AwJ7vTPfFOALFfjb3HD8P2R6cHE6KgYtgmydw6GxKB/lVV
 LhMK2Ij/uzHya0/70xnKS+DaL5JAIe3/XxfVkyIcN6Z16RbdI2afUUbPJUOZVxp2
 vIirfnjvrwUsX2jb5ENSMwsKQuYBS/Xy6f7gptVnU1AhkH/kXr9qFzVxwjm0GiCc
 R+4RUl1Lo67NYS7C5+qt
 =413b
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

Machine/NUMA fixes for -rc0

* Properly free device_memory at machine_finalize()
* Fix implicit NUMA initialization regression (for machines with
  auto_enable_numa_with_memhp=true)

# gpg: Signature made Mon 09 Jul 2018 18:40:38 BST
# gpg:                using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/machine-next-pull-request:
  hw/machine: Remove the Zero check of nb_numa_nodes for numa_complete_configuration()
  machine: properly free device_memory

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 21:31:40 +01:00
Dou Liyang
7747abf114 hw/machine: Remove the Zero check of nb_numa_nodes for numa_complete_configuration()
Commit 7a3099fc9c5c("numa: postpone options post-processing till machine_run_board_init()")
broke the commit 7b8be49d36fc("NUMA: Enable adding NUMA node implicitly").

The machine_run_board_init() doesn't do NUMA setup if nb_numa_nodes=0,
but the numa_complete_configuration need add a new node if memory hotplug
is enabled (slots > 0) even nb_numa_nodes=0.

So, Remove the check for numa_complete_configuration() to fix this.

Fixes 7a3099fc9c5c("numa: postpone options post-processing till machine_run_board_init()")
Signed-off-by: Dou Liyang <douly.fnst@cn.fujitsu.com>
Message-Id: <20180704132239.6506-1-douly.fnst@cn.fujitsu.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-07-09 14:37:48 -03:00
David Hildenbrand
2ff4f67cab machine: properly free device_memory
Machines might have inititalized device_memory if they support memory
devices, so let's properly free it.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180702094152.7882-1-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-07-09 14:37:48 -03:00
Richard Henderson
be0e3d7a1e target/sh4: Fix translator.c assertion failure for gUSA
The translator loop does not allow the tb_start hook to set
dc->base.is_jmp; the only hook allowed to do that is translate_insn.

Split the work between init_disas_context where we validate
the gUSA parameters, and translate_insn where we emit code.

Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-07-09 10:34:04 -07:00
Peter Maydell
3379c6cce7 x86 fix for -rc0
* Fix EPYC-IBPB compat code
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJbQ5mXAAoJECgHk2+YTcWmGOAP/iMEUcYhiNbucz9LfSZ7TjOB
 OuAxbTE+LW7bxfo7gL19lHwgXBqn+6r4V4chDMVDTfmxEqokmIK/SwG9TCVJmtlE
 xLonnQ1JAgtfFC3+Yk2R6UAifMIIa5Xh7tg/RCB5Tguh/k4EQbkxeVFbodpEfK6M
 ND/mVYfHxnPcgkCHBglqmL5xl0ziISqYYzyk4M+E2NOmSW8jbssEP/0ALiqYExNO
 qr4VQ1nKIFoK01GUblZu2/RkRXqmMwmzOHMXVGBnCVinLtAvRgOObh+dfks6BHza
 6XyrCDAUIk9qQ5I2XGIXHb21merHociIXke9OeybGgcBbdOG3NkTzEprsGBXAS25
 3LXhQ5uPP5W9zidGIwMen2AqhcrNdXTT7OQbsv15JYs+1Kxm4Uowy1JRUON+7be3
 Ks5YZm1X6d9OkWDom7haREAqJaNEYTLWw8LB2HjB9DiLS9AiAbllY6ZNQqhUkFxH
 JIZI3/r/KJ/+mU0sQjx5o2lYZI4BHVczkLR45be3KhMSgBpU/1HYwoMuOWKYr3SF
 W6Tcz6MhFa6mxHyLpU2CCJ3VGUcwQX6NqGXpQxZ8VS4hnnL+bFrweQQ7DfVGamWn
 z14nKuRD6WiKpzpss2ewpJkO/6bKEmAQmVu2HoLAzmYsCSfDIjtem3obT+BLt/iN
 /M5YR+lv3L0wedmSJJ4w
 =qSYY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging

x86 fix for -rc0

* Fix EPYC-IBPB compat code

# gpg: Signature made Mon 09 Jul 2018 18:21:27 BST
# gpg:                using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-next-pull-request:
  pc: Fix typo on PC_COMPAT_2_12

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 18:29:00 +01:00
Eduardo Habkost
97e50dd013 pc: Fix typo on PC_COMPAT_2_12
I forgot a hyphen when amending the compat code on commit
e0051647 ("i386: Enable TOPOEXT feature on AMD EPYC CPU").

Fixes: e00516475c
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20180703011026.18650-1-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-07-09 14:20:57 -03:00
Emilio G. Cota
ec7eb2ae77 translate-all: honour CF_NOCACHE in tb_gen_code
This fixes a record-replay regression introduced by 95590e2
("translate-all: discard TB when tb_link_page returns an existing
matching TB", 2018-06-15). The problem is that code using CF_NOCACHE
assumes that the TB returned from tb_gen_code is always a
newly-generated one. This assumption, however, was broken in
the aforementioned commit.

Fix it by honouring CF_NOCACHE, so that tb_gen_code always
returns a newly-generated TB when CF_NOCACHE is passed to it.
Do this by avoiding the TB hash table if CF_NOCACHE is set.

Reported-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Tested-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1530806837-5416-1-git-send-email-cota@braap.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 16:14:36 +01:00
Peter Maydell
6d1d4276ae target-arm queue:
* hw/net/dp8393x: don't make prom region 'nomigrate'
  * boards.h: Remove doc comment reference to nonexistent function
  * hw/sd/omap_mmc: Split 'pseudo-reset' from 'power-on-reset'
  * target/arm: Fix do_predset for large VL
  * tcg: Restrict check_size_impl to multiples of the line size
  * target/arm: Suppress Coverity warning for PRF
  * hw/timer/cmsdk-apb-timer: fix minor corner-case bugs and
    suppress spurious warnings when running Linux's timer driver
  * hw/arm/smmu-common: Fix devfn computation in smmu_iommu_mr
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJbQ2jiAAoJEDwlJe0UNgzeKRQQAKXVERFFNPgzJDaWGw/1tS0l
 Ase7pSA1WsiXpkXAeVq9TTxvOWs0TOPMlnTXCoLV352qoEQ7hZMg027j5GMVW8TA
 KKIP/wkdYhI+Fa38rL5XWtJkX9HMUOOjNMBlTBHZoCb8i6ZyOdOIyBQXrXRZ9ScG
 pOEiwEiDpBBLxy33bx80ZMXgX4B6RPp6qdYgCNhk8/a09X+DKspBnBRDP9b4dLMx
 YypARIOKFQh9n13CdgiX+LQUoJyq7mmomW/fzP+XKSsNE23gpSDlCSfrV/ikK34g
 /9XY6MM16V5cvhRBwA1BXJi8lIsCy8jZVK0aVwAqrOSncxTJ0HvNU6f3W6GY1t+u
 QsLud1Pq8/oHGCSL51ZwAIY5edMkubSZXpgX5TABMmi8Fq4xVdzpSgYZA94BHDI4
 5Tvymr3ctoe0yx/WePh67byDtwu2gCGftDA2NylLH821nBvB52kY/oXavb6Bzdsw
 BBtlDjNqFPCby6cg8gKZrf0RmtIf+p9Tj5lR/OWe3jMldf47lCI0pPK4vBR8/C/5
 O+SiELbcaJwV4M38N/TmFd4Cv6FhBuYJu121rDlHX1yVEBVOcxpfczmC26a2iX/U
 gFw3y1EtD4RBr2kTwfekKzvbnOCB1H9nemFlHRjdKVc+bIXXQn8EhvtOtxxD4l8e
 oivqm+zyigCw3BWfl2Hz
 =/nnX
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180709' into staging

target-arm queue:
 * hw/net/dp8393x: don't make prom region 'nomigrate'
 * boards.h: Remove doc comment reference to nonexistent function
 * hw/sd/omap_mmc: Split 'pseudo-reset' from 'power-on-reset'
 * target/arm: Fix do_predset for large VL
 * tcg: Restrict check_size_impl to multiples of the line size
 * target/arm: Suppress Coverity warning for PRF
 * hw/timer/cmsdk-apb-timer: fix minor corner-case bugs and
   suppress spurious warnings when running Linux's timer driver
 * hw/arm/smmu-common: Fix devfn computation in smmu_iommu_mr

# gpg: Signature made Mon 09 Jul 2018 14:53:38 BST
# gpg:                using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20180709:
  hw/net/dp8393x: don't make prom region 'nomigrate'
  boards.h: Remove doc comment reference to nonexistent function
  hw/sd/omap_mmc: Split 'pseudo-reset' from 'power-on-reset'
  target/arm: Fix do_predset for large VL
  tcg: Restrict check_size_impl to multiples of the line size
  target/arm: Suppress Coverity warning for PRF
  hw/timer/cmsdk-apb-timer: run or stop timer on writes to RELOAD and VALUE
  hw/timer/cmsdk-apb-timer: Correctly identify and set one-shot mode
  hw/timer/cmsdk-apb-timer: Correct ptimer policy settings
  ptimer: Add TRIGGER_ONLY_ON_DECREMENT policy option
  hw/arm/smmu-common: Fix devfn computation in smmu_iommu_mr

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 14:57:13 +01:00
Peter Maydell
8fad0a6558 hw/net/dp8393x: don't make prom region 'nomigrate'
Currently we use memory_region_init_rom_nomigrate() to create
the "dp3893x-prom" memory region, and we don't manually register
it with vmstate_register_ram(). This currently means that its
contents are migrated but as a ram block whose name is the empty
string; in future it may mean they are not migrated at all. Use
memory_region_init_ram() instead.

Note that this is a a cross-version migration compatibility break
for the MIPS "magnum" and "pica61" machines.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aleksandar Markovic <aleksandar.markovic@wavecomp.com>
Message-id: 20180706174309.27110-1-peter.maydell@linaro.org
2018-07-09 14:51:35 +01:00
Peter Maydell
5bd366b467 boards.h: Remove doc comment reference to nonexistent function
commit b08199c6fb accidentally added a reference to a doc
comment to a nonexistent memory_region_allocate_aux_memory().
This was a leftover from a previous version of the patchset
which defined memory_region_allocate_aux_memory() for
"allocate RAM MemoryRegion and register it for migration"
and left "memory_region_init_ram()" with its original semantics
of "allocate RAM MR but do not register for migration". In
the end we decided on the approach of "memory_region_init_ram()
registers the MR for migration, and memory_region_init_ram_nomigrate()
is a new function which does not", but this comment change
got left in by mistake. Revert that part of the commit.

Reported-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180702130605.13611-1-peter.maydell@linaro.org
2018-07-09 14:51:34 +01:00
Philippe Mathieu-Daudé
7abf56eed1 hw/sd/omap_mmc: Split 'pseudo-reset' from 'power-on-reset'
DeviceClass::reset models a "cold power-on" reset which can
also be used to powercycle a device; but there is no "hot reset"
(a.k.a. soft-reset) method available.

The OMAP MMC Power-Up Control bit is not designed to powercycle
a card, but to disable it without powering it off (pseudo-reset):

  Multimedia Card (MMC/SD/SDIO) Interface [SPRU765A]

  MMC_CON[11] Power-Up Control (POW)
  This bit must be set to 1 before any valid transaction to either
  MMC/SD or SPI memory cards.
  When 1, the card is considered powered-up and the controller core
  is enabled.
  When 0, the card is considered powered-down (system dependent),
  and the controller core logic is in pseudo-reset state. This is,
  the MMC_STAT flags and the FIFO pointers are reset, any access to
  MMC_DATA[DATA] has no effect, a write into the MMC.CMD register
  is ignored, and a setting of MMC_SPI[STR] to 1 is ignored.

By splitting the 'pseudo-reset' code out of the 'power-on' reset
function, this patch fixes a latent bug in omap_mmc_write(MMC_CON)i
recently exposed by ecd219f7ab.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180706162155.8432-2-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 14:51:34 +01:00
Richard Henderson
973558a3f8 target/arm: Fix do_predset for large VL
Use MAKE_64BIT_MASK instead of open-coding.  Remove an odd
vector size check that is unlikely to be more profitable
than 3 64-bit integer stores.  Correct the iteration for WORD
to avoid writing too much data.

Fixes RISU tests of PTRUE for VL 256.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20180705191929.30773-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 14:51:34 +01:00
Richard Henderson
499748d768 tcg: Restrict check_size_impl to multiples of the line size
Normally this is automatic in the size restrictions that are placed
on vector sizes coming from the implementation.  However, for the
legitimate size tuple [oprsz=8, maxsz=32], we need to clear the final
24 bytes of the vector register.  Without this check, do_dup selects
TCG_TYPE_V128 and clears only 16 bytes.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20180705191929.30773-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 14:51:34 +01:00
Richard Henderson
2f95a3b09a target/arm: Suppress Coverity warning for PRF
These instructions must perform the sve_access_check, but
since they are implemented as NOPs there is no generated
code to elide when the access check fails.

Fixes: Coverity issues 1393780 & 1393779.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 14:51:34 +01:00
Peter Maydell
1a9b30646e hw/timer/cmsdk-apb-timer: run or stop timer on writes to RELOAD and VALUE
If the CMSDK APB timer is set up with a zero RELOAD value
then it will count down to zero, fire once and then stay
at zero. From the point of view of the ptimer system, the
timer is disabled; but the enable bit in the CTRL register
is still set and if the guest subsequently writes to the
RELOAD or VALUE registers this should cause the timer to
start counting down again.

Add code to the write paths for RELOAD and VALUE so that
we correctly restart the timer in this situation.

Conversely, if the new RELOAD and VALUE are both zero,
we should stop the ptimer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20180703171044.9503-5-peter.maydell@linaro.org
2018-07-09 14:51:34 +01:00
Guenter Roeck
0e25683308 hw/timer/cmsdk-apb-timer: Correctly identify and set one-shot mode
The CMSDK APB timer is currently always configured as periodic timer.
This results in the following messages when trying to boot Linux.

Timer with delta zero, disabling

If the timer limit set with the RELOAD command is 0, the timer
needs to be enabled as one-shot timer.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 14:51:34 +01:00
Peter Maydell
6583080ed8 hw/timer/cmsdk-apb-timer: Correct ptimer policy settings
The CMSDK timer interrupt triggers when the counter goes from 1 to 0,
so we want to trigger immediately, rather than waiting for a
clock cycle. Drop the incorrect NO_IMMEDIATE_TRIGGER setting.
We also do not want to get an interrupt if the guest sets the
counter directly to zero, so use the new TRIGGER_ONLY_ON_DECREMENT
policy.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20180703171044.9503-3-peter.maydell@linaro.org
2018-07-09 14:51:34 +01:00
Peter Maydell
086ede32af ptimer: Add TRIGGER_ONLY_ON_DECREMENT policy option
The CMSDK timer behaviour is that an interrupt is triggered when the
counter counts down from 1 to 0; however one is not triggered if the
counter is manually set to 0 by a guest write to the counter register.
Currently ptimer can't handle this; add a policy option to allow
a ptimer user to request this behaviour.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20180703171044.9503-2-peter.maydell@linaro.org
2018-07-09 14:51:34 +01:00
Eric Auger
b78aae9bb6 hw/arm/smmu-common: Fix devfn computation in smmu_iommu_mr
smmu_iommu_mr() aims at returning the IOMMUMemoryRegion corresponding
to a given sid. The function extracts both the PCIe bus number and
the devfn to return this data. Current computation of devfn is wrong
as it only returns the PCIe function instead of slot | function.

Fixes 32cfd7f39e ("hw/arm/smmuv3: Cache/invalidate config data")

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 1530775623-32399-1-git-send-email-eric.auger@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 14:51:34 +01:00
Peter Maydell
a98ff0ec2b ppc patch queue 2018-07-09
Here's a final pull request before tomorrow's hard freeze.
 
 There are a number of fixes and improvements to the sm501 display
 driver (not strictly ppc related, but used only on ppc and SH).
 There's also a handful of unrelated fixes.
 
 Whether all the sm501 changes are bugfixes is somewhat debatable, but
 Peter has indicated he's ok with merging those for 3.0.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAltDEdcACgkQbDjKyiDZ
 s5KVpBAAy62FiH/f62zsY6zHsfZqyIK27ifFeVzdrCEU6Ql1+lroI9fSvmg3nfVW
 hUSyzvYrQy2jJkZqucAhcQtUGMjb/atDuojp30uGn87yr/yxctP29ITJQY6Sa6cG
 FASMKJl4ZAZx+saXTm/oxcxTrSi51G734kjY+v5ljDklnj3K1UjJhTtFVCWred9u
 pDsDjORswsuEOBpklR5pCnNgyNUA+hM9Ty+NEbIR+yYmd3K8t+d1NP0HSj7GAIZu
 BklI1b4jGTcm5av43D3UIWhAqDmQzUdpdGZnYD3Mn4C6qktmonk4u31yKe9nN/Xp
 e2lGHHJIjYK0YklrHolyxfJFfZi9RwdxioxD1eSS+DGq2xAPZ8PnM4D1swp/eS+c
 spQqv4BQfxcBYXks4E8fgyJJ6Qs1yuW/M11SQ7wnUZ3k8K1YgijMf7yrwXtwZDIJ
 W6zmojD9y7npjtacNcMT3Cu7JAYacyQRBZOE+S5JIw+E7xTzLBWNteBFpr4iNff6
 z790U3mATc95YsK2v9OMUPWxWaJWBF/UUbuBWLxG4F5rL1wJH+1sx/5yUXtnUGlh
 gRNRvn5GduJwfZY8kxfq08HmCyS5SE6ilqO7gUQKLzo1256FXReLJxDsjkqD782e
 qIVEJa1BT8KqR4AscPo0dhkn9GYJpQVGkmRNPJ1HMZHq+CcdLZg=
 =3f0D
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-3.0-20180709' into staging

ppc patch queue 2018-07-09

Here's a final pull request before tomorrow's hard freeze.

There are a number of fixes and improvements to the sm501 display
driver (not strictly ppc related, but used only on ppc and SH).
There's also a handful of unrelated fixes.

Whether all the sm501 changes are bugfixes is somewhat debatable, but
Peter has indicated he's ok with merging those for 3.0.

# gpg: Signature made Mon 09 Jul 2018 08:42:15 BST
# gpg:                using RSA key 6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-3.0-20180709:
  sam460ex: Make sam460ex_load_device_tree() handle all errors internally
  sam460ex: Don't check for errors from qemu_fdt_*()
  sam460ex: Check for errors from libfdt functions
  sam460ex: Update u-boot-sam460ex firmware
  ppc: fix default VGA display for PReP machines
  target/ppc: fix build on ppc64 host
  ppc440_uc: Fix a copy/paste error
  sm501: Set updated region dirty after 2D operation
  sm501: Fix support for non-zero frame buffer start address
  sm501: Log unimplemented raster operation modes
  sm501: Implement negated destination raster operation mode
  sm501: Use values from the pitch register for 2D operations
  sm501: Perform a full update after palette change
  sm501: Implement i2c part for reading monitor EDID
  spapr/vio: quiet down the "irq" property accessors
  ppc: fix default VGA display for Mac machines

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 11:00:45 +01:00
Peter Maydell
ab3257c281 nbd patches for 2018-07-07
Minor improvement for tracing of NBD block status
 
 - Vladimir Sementsov-Ogievskiy: nbd/server: fix nbd_co_send_block_status
 -----BEGIN PGP SIGNATURE-----
 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
 
 iQEcBAABCAAGBQJbQWyuAAoJEKeha0olJ0NqLz4H/0eaN5zRrbBR0taSgx0a/TL8
 ljZQGDQOef/NYXpPG/I96TwOCJ0JQVsPLexDeSr8QPlL20+kDAQfLce8JzE6y6Jq
 0LZMulUHq0Vzyzd0LkQsX13ywoQvN8oiSTPFx3mHeoZcUT7/8dfRQH5KBeXrK9Ft
 d5soehzsJRqnGsAGMrmTVSlRG4uq/0yv4p4Fgr4InazD7QCDRKuQxqGnzdhUOYb8
 R/X1YzhLEmvheYUZHN92k52xPi7zB4xL51hUghUwWZjJSfjOO96VNxLcxshG+kfB
 TpJXcYG3vNcwtlcf32gx0+9vniJMvBAoQK9u6QCwWlGoYed3W6q1oLJ6JnZMUQQ=
 =AUfu
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2018-07-07' into staging

nbd patches for 2018-07-07

Minor improvement for tracing of NBD block status

- Vladimir Sementsov-Ogievskiy: nbd/server: fix nbd_co_send_block_status

# gpg: Signature made Sun 08 Jul 2018 02:45:18 BST
# gpg:                using RSA key A7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>"
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>"
# gpg:                 aka "[jpeg image of size 6874]"
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* remotes/ericb/tags/pull-nbd-2018-07-07:
  nbd/server: fix nbd_co_send_block_status

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09 09:48:01 +01:00
David Gibson
51b0d834c4 sam460ex: Make sam460ex_load_device_tree() handle all errors internally
sam460ex_load_device_tree() handles nearly all possible errors by simply
exiting (within helper functions and macros).  It handles two early error
cases by returning an error.

There's no particular point to this, so make it handle those directly as
well, removing the need for the caller to handle a failure.  As a bonus it
gives us more specific error messages.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-09 14:38:45 +10:00
David Gibson
e753f33136 sam460ex: Don't check for errors from qemu_fdt_*()
The qemu_fdt_*() helper functions already exit with a message instead of
returning errors, so we don't need to check for errors in the caller.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-09 14:27:36 +10:00
David Gibson
ad633de6f5 sam460ex: Check for errors from libfdt functions
In a couple of places sam460ex_load_device_tree() calls "raw" libfdt
functions which can fail, but doesn't check for error codes.  At best,
if these fail the guest will be silently started in a non-standard state,
or it could fail entirely.

Fix this by using the _FDT() helper macro which aborts on a libfdt failure.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-09 14:23:05 +10:00
BALATON Zoltan
9ba58cb47f sam460ex: Update u-boot-sam460ex firmware
Update the submodule and u-boot-sam460-20100605.bin to include
following fixes from Sebastian Bauer:
- Fix build with newer gcc
- Decrease unnecessary delay which fixes slow booting from CD

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-09 13:31:20 +10:00
Vladimir Sementsov-Ogievskiy
0c0eaed147 nbd/server: fix nbd_co_send_block_status
Call nbd_co_send_extents() with correct length parameter
(extent.length may be smaller than original length).

Also, switch length parameter type to uint32_t, to correspond with
request->len and similar nbd_co_send_bitmap().

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20180704112302.471456-2-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2018-07-07 20:30:09 -05:00
Mark Cave-Ayland
4cb25fbb43 ppc: fix default VGA display for PReP machines
Commit 29f9cef "ppc: Include vga cirrus card into the compiling process"
changed the default display adapter for all PPC machines to cirrus. Unfortunately
it missed setting the default display type to stdvga for both PReP machines
causing the display to fail to initialise under OpenHackWare.

Update the MachineClass for both prep and 40p machines so that the default
std(vga) display adapter is the default if no options are specified
which fixes the display for the PReP machines.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-07 12:12:34 +10:00
Laurent Vivier
4fff72185b target/ppc: fix build on ppc64 host
When I try to build a ppc64 target on a ppc64 host (gcc 8.1.1), I have:

.../target/ppc/int_helper.c: In function 'helper_vinsertb':
.../target/ppc/int_helper.c:1954:32: error: array subscript 18446744073709551608 is above array bounds of 'uint8_t[16]' {aka 'unsigned char[16]'} [-Werror=array-bounds]
         memmove(&r->u8[index], &b->u8[8 - sizeof(r->element)],              \
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.../target/ppc/int_helper.c:1965:1: note: in expansion of macro 'VINSERT'

If we compare with the macro for ppc64le, we can see
sizeof(r->element[0]) should be used instead of sizeof(r->element).

And VINSERT uses only u8, u16, u32 and u64, so the maximum value
of sizeof(r->element[0]) is 8

Suggested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-07 12:12:27 +10:00
Philippe Mathieu-Daudé
7aeb1e5100 ppc440_uc: Fix a copy/paste error
Missed in 3c409c1927, hopefully reported by Coverity.

Fixes: Coverity CID 1393788 (Copy-paste error)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-07 12:12:27 +10:00
BALATON Zoltan
eb76243c9d sm501: Set updated region dirty after 2D operation
Set the changed memory region dirty after performed a 2D operation to
ensure that the screen is updated properly.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-07 12:12:27 +10:00
BALATON Zoltan
33159dd7ce sm501: Fix support for non-zero frame buffer start address
Display updates and drawing hardware cursor did not work when frame
buffer address was non-zero. Fix this by taking the frame buffer
address into account in these cases. This fixes screen dragging on
AmigaOS. Based on patch by Sebastian Bauer.

Signed-off-by: Sebastian Bauer <mail@sebastianbauer.info>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-07 12:12:27 +10:00
Sebastian Bauer
06cb926aaa sm501: Log unimplemented raster operation modes
The sm501 currently implements only a very limited set of raster operation
modes. After this change, unknown raster operation modes are logged so
these can be easily spotted.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-07 12:12:27 +10:00
Sebastian Bauer
debc7e7dad sm501: Implement negated destination raster operation mode
Add support for the negated destination operation mode. This is used e.g.
by AmigaOS for the INVERSEVID drawing mode. With this change, the cursor
in the shell and non-immediate window adjustment are working now.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-07 12:12:27 +10:00
Sebastian Bauer
54b2a4339c sm501: Use values from the pitch register for 2D operations
Before, crt_h_total was used for src_width and dst_width. This is a
property of the current display setting and not relevant for the 2D
operation that also can be done off-screen. The pitch register's purpose
is to describe line pitch relevant of the 2D operation.

Signed-off-by: Sebastian Bauer <mail@sebastianbauer.info>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-07 12:12:27 +10:00
Sebastian Bauer
d27335592a sm501: Perform a full update after palette change
Changing the palette of a color index has as an immediate effect on
all pixels with the corresponding index on real hardware. Performing a
full update after a palette change is a simple way to emulate this
effect.

Signed-off-by: Sebastian Bauer <mail@sebastianbauer.info>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-07 12:12:27 +10:00
BALATON Zoltan
4a1f253adb sm501: Implement i2c part for reading monitor EDID
Emulate the i2c part of SM501 which is used to access the EDID info
from a monitor.

The vmstate structure is changed and its version is increased but
SM501 is only used on SH and PPC sam460ex machines that don't support
cross-version migration.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-07 12:12:27 +10:00
Cédric Le Goater
9e3a83a15b spapr/vio: quiet down the "irq" property accessors
commit efe2add7cb ("spapr/vio: deprecate the "irq" property")
introduced get/set accessors for the "irq" property to warn of its
usage, but the warning in the get pollutes the monitor 'info qtree'.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-07 12:12:27 +10:00