summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge remote-tracking branch ↵Peter Maydell2017-10-2010-487/+383Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/stefanberger/tags/pull-tpm-2017-10-19-1' into staging Merge tpm 2017/10/19 v1 # gpg: Signature made Thu 19 Oct 2017 16:42:39 BST # gpg: using RSA key 0x75AD65802A0B4211 # gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211 * remotes/stefanberger/tags/pull-tpm-2017-10-19-1: (21 commits) tpm: move recv_data_callback to TPM interface tpm: add a QOM TPM interface tpm-tis: fold TPMTISEmuState in TPMState tpm-tis: remove tpm_tis.h header tpm-tis: move TPMState to TIS header tpm: remove locty_data from TPMState tpm-emulator: fix error handling tpm: add TPMBackendCmd to hold the request state tpm: remove locty argument from receive_cb tpm: remove needless cast tpm: remove unused TPMBackendCmd tpm: remove configure_tpm() hop tpm: remove init() class method tpm: remove TPMDriverOps tpm: move TPMSizedBuffer to tpm_tis.h tpm: remove tpm_register_driver() tpm: replace tpm_get_backend_driver() to drop be_drivers tpm: lookup tpm backend class in tpm_driver_find_by_type() tpm: make tpm_get_backend_driver() static tpm-tis: remove RAISE_STS_IRQ ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * tpm: move recv_data_callback to TPM interfaceMarc-André Lureau2017-10-196-15/+15
| | | | | | | | | | | | | | | | Simplify the TPM backend setup, move callback to TPM interface. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: add a QOM TPM interfaceMarc-André Lureau2017-10-193-0/+29
| | | | | | | | | | | | | | | | | | This will simplify backend / interface objects relationship, so the frontend interface will simply have to implement the TPM QOM interface. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm-tis: fold TPMTISEmuState in TPMStateMarc-André Lureau2017-10-191-179/+157Star
| | | | | | | | | | | | Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm-tis: remove tpm_tis.h headerMarc-André Lureau2017-10-193-96/+71Star
| | | | | | | | | | | | | | | | The definitions are now private to TIS implementation. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm-tis: move TPMState to TIS headerMarc-André Lureau2017-10-193-21/+22
| | | | | | | | | | | | Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: remove locty_data from TPMStateMarc-André Lureau2017-10-193-11/+6Star
| | | | | | | | | | | | | | | | Keep it internal to tpm-tis instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm-emulator: fix error handlingMarc-André Lureau2017-10-191-6/+8
| | | | | | | | | | | | | | | | | | | | The previous patch cleaned up a bit error handling, and exposed an existing bug: error_report_err() could be called with a NULL error. Instead, make tpm_emulator_set_locality() set the error. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: add TPMBackendCmd to hold the request stateMarc-André Lureau2017-10-196-44/+50
| | | | | | | | | | | | | | | | | | This simplifies a bit locality handling, and argument passing, and could pave the way to queuing requests (if that makes sense). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: remove locty argument from receive_cbMarc-André Lureau2017-10-194-9/+5Star
| | | | | | | | | | | | | | | | | | The tpm_state is passed as argument, the assert() is pointless since we give it the value of tpm_state->locty_number already. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: remove needless castMarc-André Lureau2017-10-191-1/+1
| | | | | | | | | | | | Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: remove unused TPMBackendCmdMarc-André Lureau2017-10-194-58/+29Star
| | | | | | | | | | | | | | | | There is only handling of request so far in both backends. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: remove configure_tpm() hopMarc-André Lureau2017-10-191-6/+1Star
| | | | | | | | | | | | Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: remove init() class methodMarc-André Lureau2017-10-192-5/+1Star
| | | | | | | | | | | | | | | | No backend use it. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: remove TPMDriverOpsMarc-André Lureau2017-10-196-68/+53Star
| | | | | | | | | | | | | | | | Use TPMBackendClass to hold class methods/fields. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: move TPMSizedBuffer to tpm_tis.hMarc-André Lureau2017-10-192-5/+5
| | | | | | | | | | | | | | | | Close to where it's being used. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: remove tpm_register_driver()Marc-André Lureau2017-10-194-11/+0Star
| | | | | | | | | | | | | | | | No more users of be_drivers[], drop that too. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: replace tpm_get_backend_driver() to drop be_driversMarc-André Lureau2017-10-191-8/+3Star
| | | | | | | | | | | | | | | | Use tpm_driver_find_by_type() instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: lookup tpm backend class in tpm_driver_find_by_type()Marc-André Lureau2017-10-191-8/+21
| | | | | | | | | | | | | | | | One step towards removing TPMDriverOps and driver registration. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm: make tpm_get_backend_driver() staticMarc-André Lureau2017-10-192-2/+1Star
| | | | | | | | | | | | | | | | No need to export the function. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm-tis: remove RAISE_STS_IRQMarc-André Lureau2017-10-191-23/+1Star
| | | | | | | | | | | | | | | | | | This look like temporary hacking code. It shouldn't be necessary in release code, or there should be a runtime option for it. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
| * tpm-tis: remove unused hw_access argumentMarc-André Lureau2017-10-191-10/+3Star
| | | | | | | | | | | | | | | | This argument is always false, simplify the code. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
* | Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' ↵Peter Maydell2017-10-204-0/+0
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging Update OpenBIOS images # gpg: Signature made Thu 19 Oct 2017 20:08:44 BST # gpg: using RSA key 0x5BC2C56FAE0F321F # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" # Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F * remotes/mcayland/tags/qemu-openbios-signed: Update OpenBIOS images to 83818bd built from submodule. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | Update OpenBIOS images to 83818bd built from submodule.Mark Cave-Ayland2017-10-194-0/+0
|/ / | | | | | | Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
* | Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into ↵Peter Maydell2017-10-193-28/+79
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging qemu-sparc update # gpg: Signature made Thu 19 Oct 2017 07:50:16 BST # gpg: using RSA key 0x5BC2C56FAE0F321F # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" # Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F * remotes/mcayland/tags/qemu-sparc-signed: sun4u: fix assert when adding NICs which aren't the in-built model sun4u: update PCI topology to include simba PCI bridges Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | sun4u: fix assert when adding NICs which aren't the in-built modelMark Cave-Ayland2017-10-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 8d93297 introduced a bug whereby non-inbuilt NICs are realized before setting the default MAC address causing an assert. Switch NIC creation over from pci_create_simple() to pci_create() which works exactly the same except omitting the realize as originally intended. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Artyom Tarasenko <atar4qemu@gmail.com>
| * | sun4u: update PCI topology to include simba PCI bridgesMark Cave-Ayland2017-10-193-28/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch updates the sun4u model to being much closer to a real Ultra 5 by moving devices behind the 2 simba PCI bridges (A and B) as found on real hardware. The most noticeable change introduced by this patchset is that in-built devices are no longer attached to the PCI root bus, but instead behind PCI bridge A. Along with this the interrupt routing is updated accordingly to match the official documentation. Since the existing code currently bypasses the PCI bridge interrupt swizzling, the interrupt mapping functions are reorganised so that pci_pbm_map_irq() is used by the PCI bridges and pci_apb_map_irq() is used by the PCI host bridge. Behind the sabre PCI host bridge, the PCI IO space now needs to be split into two separate halves at 0x8000000. Therefore we also setup a new PCI IO space region of increased size on the PCI host bridge and enable 32-bit PCI IO accesses to allow IO accesses to reach devices behind PCI bridge B correctly. As part of this change we also combine the onboard sunhme NIC and the ebus into a single multi-function device as done on a real Ultra 5. For other NICs the existing behaviour is preserved, i.e. we initialise them and place them into the next free slot on PCI bus B. Finally we mark the physically unavailable slots (plus slot 0 in busA) as reserved to ensure that users can't plug devices into non-existent slots which will break interrupt routing. Note: since this commit changes PCI topology and interrupt routing, an updated openbios-sparc64 binary is included with this commit containing the associated changes to maintain bisectability. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Artyom Tarasenko <atar4qemu@gmail.com>
* | | Merge remote-tracking branch ↵Peter Maydell2017-10-1910-0/+4
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/kraxel/tags/seabios-1.11-prerelease-20171019-pull-request' into staging seabios: update to 1.11 prerelease # gpg: Signature made Thu 19 Oct 2017 09:19:33 BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/seabios-1.11-prerelease-20171019-pull-request: seabios: update to 1.11 prerelease Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | | seabios: update to 1.11 prereleaseGerd Hoffmann2017-10-1910-0/+4
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the seabios update for qemu 2.11. Well, almost, seabios is in freeze for the upcoming 1.11 release. This updates seabios to current git master snapshot, and it will be updated again to 1.11 final before the 2.11 release. With this two-step seabios gets some more wide testing before the actual release and the update to 1.11 final (which will most likely happen after qemu freeze) should have bugfix patches only. git shortlog ============ Aleksandr Bezzubikov (3): pci: refactor pci_find_capapibilty to get bdf as the first argument instead of the whole pci_device pci: add QEMU-specific PCI capability structure pci: enable RedHat PCI bridges to reserve additional resources on PCI init Ben Warren (5): QEMU DMA: Add DMA write capability romfile-loader: Switch to using named structs QEMU fw_cfg: Add command to write back address of file QEMU fw_cfg: Add functions for accessing files by key QEMU fw_cfg: Write fw_cfg back on S3 resume Daniel Verkamp (5): nvme: support NVMe 1.0 controllers nvme: extend command timeout to 5 seconds nvme: fix reversed loop condition in cmd_readwrite nvme: fix extraction of status code bits nvme: fix copy-paste mistake in comment Filippo Sironi (1): nvme: Use the Maximum Queue Entries Supported (MQES) to initialize I/O queues Gerd Hoffmann (7): usb: add hub portmap usb-xhci: use hub portmap std: add cp437 to unicode map kbd: make enqueue_key public, add ascii_to_keycode romfile: add support for constant files. paravirt: serial console configuration. add serial console support Igor Mammedov (1): drop "etc/boot-cpus" fw_cfg file and reuse legacy QEMU_CFG_NB_CPUS Jason Wang (1): virtio: IOMMU support Julian Stecklina (2): block: add NVMe boot support nvme: fix out of memory behavior Julius Werner (1): coreboot: Adapt to upstream CBMEM console changes Kevin O'Connor (26): usb: Make usb_time_sigatt variable static tpm: Add comment banners to tcg.c separating major parts of spec tpm: Don't call tpm_set_failure() from tpm12_get_capability() tpm: Move code around in tcgbios.c to keep like code together acpi: Generalize find_fadt() and find_tcpa_by_rsdp() into find_acpi_table() tpm: Don't call tpm_build_and_send_cmd() from tpm20_stirrandom() tpm: Rework tpm_build_and_send_cmd() into tpm_simple_cmd() ps2port: Disable keyboard/mouse prior to resetting ps2 controller docs: Note release dates for 1.10.1 and 1.10.2 resume: Don't attempt to use generic reboot mechanisms on QEMU boot: Increase description size in boot menu src: Minor - remove tab characters that slipped into SeaBIOS C code NVMe: Allow NVMe to be enabled on real hardware smm: Backup and restore A20 on an SMI based mode switch stacks: Make sure to initialize Call16Data stacks: Don't update the A20 settings if they haven't changed stacks: There is no need to disable NMI if it is already disabled vga: Fix bug in stdvga_get_linesize() docs: Fix typos in Memory_Model.md tcgbios: Fix use of unitialized variable boot: Rename drive_g to drive disk: Don't require the 'struct drive_s' to be in the f-segment block: Rename disk_op_s->drive_gf to drive_fl virtio: Allocate drive_s storage in low memory xhci: Build TRBs directly in xhci_trb_queue() xhci: Verify the device is still present in xhci_cmd_submit() Ladi Prosek (1): ahci: Set upper 32-bit registers to zero Patrick Rudolph (4): SeaVGABios/cbvga: Advertise correct pixel format SeaVGABIOS/vbe: Query driver for scanline pitch v2 SeaVGABios/cbvga: Use active mode to clear screen SeaVGABios/cbvga: Advertise compatible VESA modes Paul Menzel (1): vgasrc: Increase debug level Petr Berky (1): config: Add function to check if fw_cfg exists Ricardo Ribalda Delgado (1): serialio: Support for mmap serial ports Roman Kagan (11): blockcmd: accept only disks and CD-ROMs blockcmd: generic SCSI luns enumeration virtio-scsi: enumerate luns with REPORT LUNS esp-scsi: enumerate luns with REPORT LUNS usb-uas: enumerate luns with REPORT LUNS pvscsi: fix the comment about lun enumeration mpt-scsi: try to enumerate luns with REPORT LUNS lsi-scsi: reset in case of a serious problem lsi-scsi: try to enumerate luns with REPORT LUNS blockcmd: start REPORT_LUNS with the smallest buffer Revert "lsi-scsi: reset in case of a serious problem" Stefan Berger (1): tpm: Log TPM 2 digest structure in little endian format Youness Alaoui (1): nvme: Enable NVMe support for non-qemu hardware Zeh, Werner (1): ahci: Disable Native Command Queueing Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* | | build: Fix dtc-checkout race condition in MakefileAaron Lindsay2017-10-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was introduced by: commit aef45d51d1204f3335fb99de6658e0c5612c2b67 Author: Daniel P. Berrange <berrange@redhat.com> Date: Fri Sep 29 11:11:56 2017 +0100 build: automatically handle GIT submodule checkout for dtc On my system, I see the following with a fresh clone: % ./configure --disable-gtk --target-list=aarch64-softmmu % make -j8 GEN aarch64-softmmu/config-devices.mak.tmp GEN config-host.h mkdir -p dtc/libfdt GIT ui/keycodemapdb dtc mkdir -p dtc/tests GEN qemu-options.def [snip] GEN migration/trace.h make: *** [git-submodule-update] Error 1 make: *** Waiting for unfinished jobs.... Upon closer inspection, the root cause of the error is: % git submodule update --init ui/keycodemapdb dtc fatal: destination path 'dtc' already exists and is not an empty directory. Clone of 'git://git.qemu-project.org/dtc.git' into submodule path 'dtc' failed This patch fixes this race condition by forcing the 'dtc/%' rule which caused 'dtc' to be non-empty to wait on '.git-submodule-status'. Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1508352023-28591-1-git-send-email-alindsay@codeaurora.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* | | Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell2017-10-1931-224/+777
|\ \ \ | |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * TCG 8-byte atomic accesses bugfix (Andrew) * Report disk rotation rate (Daniel) * Report invalid scsi-disk block size configuration (Mark) * KVM and memory API MemoryListener fixes (David, Maxime, Peter Xu) * x86 CPU hotplug crash fix (Igor) * Load/store API documentation (Peter Maydell) * Small fixes by myself and Thomas * qdev DEVICE_DELETED deferral (Michael) # gpg: Signature made Wed 18 Oct 2017 10:56:24 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (29 commits) scsi: reject configurations with logical block size > physical block size qdev: defer DEVICE_DEL event until instance_finalize() Revert "qdev: Free QemuOpts when the QOM path goes away" qdev: store DeviceState's canonical path to use when unparenting qemu-pr-helper: use new libmultipath API watch_mem_write: implement 8-byte accesses notdirty_mem_write: implement 8-byte accesses memory: reuse section_from_flat_range() kvm: simplify kvm_align_section() kvm: region_add and region_del is not called on updates kvm: fix error message when failing to unregister slot kvm: tolerate non-existing slot for log_start/log_stop/log_sync kvm: fix alignment of ram address memory: call log_start after region_add target/i386: trap on instructions longer than >15 bytes target/i386: introduce x86_ld*_code tco: add trace events docs/devel/loads-stores.rst: Document our various load and store APIs nios2: define tcg_env build: remove CONFIG_LIBDECNUMBER ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | scsi: reject configurations with logical block size > physical block sizeMark Kanda2017-10-181-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Logical block size of a SCSI disk should never be larger than physical block size. From an ATA/SCSI perspective, it makes no sense to have the logical block size greater than the physical block size, and it cannot even be effectively expressed in the command set. The whole point of adding the physical block size to the ATA/SCSI command set was to communicate a desire for a larger block size (than logical), while maintaining backwards compatibility with legacy 512 byte block size. When setting logical_block_size > physical_block_size, QEMU cannot express it in READ CAPACITY(16) output, and all it can do is set the physical block exponent to 0 (i.e. logical_block_size == physical_block_size). Reporting the error properly, however, is better. Signed-off-by: Mark Kanda <mark.kanda@oracle.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Message-Id: <1508185024-5840-1-git-send-email-mark.kanda@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | qdev: defer DEVICE_DEL event until instance_finalize()Michael Roth2017-10-181-11/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DEVICE_DEL is currently emitted when a Device is unparented, as opposed to when it is finalized. The main design motivation for this seems to be that after unparent()/unrealize(), the Device is no longer visible to the guest, and thus the operation is complete from the perspective of management. However, there are cases where remaining host-side cleanup is also pertinent to management. The is generally handled by treating these resources as aspects of the "backend", which can be managed via separate interfaces/events, such as blockdev_add/del, netdev_add/del, object_add/del, etc, but some devices do not have this level of compartmentalization, namely vfio-pci, and possibly to lend themselves well to it. In the case of vfio-pci, the "backend" cleanup happens as part of the finalization of the vfio-pci device itself, in particular the cleanup of the VFIO group FD. Failing to wait for this cleanup can result in tools like libvirt attempting to rebind the device to the host while it's still being used by VFIO, which can result in host crashes or other misbehavior depending on the host driver. Deferring DEVICE_DEL still affords us the ability to manage backends explicitly, while also addressing cases like vfio-pci's, so we implement that approach here. An alternative proposal involving having VFIO emit a separate event to denote completion of host-side cleanup was discussed, but the prevailing opinion seems to be that it is not worth the added complexity, and leaves the issue open for other Device implementations to solve in the future. Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: Greg Kurz <groug@kaod.org> Tested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20171016222315.407-4-mdroth@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | Revert "qdev: Free QemuOpts when the QOM path goes away"Michael Roth2017-10-181-3/+1Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit abed886ec60cf239a03515cf0b30fb11fa964c44. This patch originally addressed an issue where a DEVICE_DELETED event could be emitted (in device_unparent()) before a Device's QemuOpts were cleaned up (in device_finalize()), leading to a "duplicate ID" error if management attempted to immediately add a device with the same ID in response to the DEVICE_DELETED event. An alternative will be implemented in a subsequent patch where we defer the DEVICE_DELETED event until device_finalize(), which would also prevent the race, so we revert the original fix in preparation. Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: Greg Kurz <groug@kaod.org> Tested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20171016222315.407-3-mdroth@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | qdev: store DeviceState's canonical path to use when unparentingMichael Roth2017-10-182-3/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | device_unparent(dev, ...) is called when a device is unparented, either directly, or as a result of a parent device being finalized, and handles some final cleanup for the device. Part of this includes emiting a DEVICE_DELETED QMP event to notify management, which includes the device's path in the composition tree as provided by object_get_canonical_path(). object_get_canonical_path() assumes the device is still connected to the machine/root container, and will assert otherwise, but in some situations this isn't the case: If the parent is finalized as a result of object_unparent(), it will still be attached to the composition tree at the time any children are unparented as a result of that same call to object_unparent(). However, in some cases, object_unparent() will complete without finalizing the parent device, due to lingering references that won't be released till some time later. One such example is if the parent has MemoryRegion children (which take a ref on their parent), who in turn have AddressSpace's (which take a ref on their regions), since those AddressSpaces get cleaned up asynchronously by the RCU thread. In this case qdev:device_unparent() may be called for a child Device that no longer has a path to the root/machine container, causing object_get_canonical_path() to assert. Fix this by storing the canonical path during realize() so the information will still be available for device_unparent() in such cases. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Tested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20171016222315.407-2-mdroth@linux.vnet.ibm.com> [Clear dev->canonical_path at the post_realize_fail label, which is cleaner. Suggested by David Gibson. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | qemu-pr-helper: use new libmultipath APIPaolo Bonzini2017-10-182-5/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | libmultipath has recently changed its API. The new API supports multi-threaded clients better. Unfortunately there is no backwards-compatibility, so we just switch to the new one. Running QEMU compiled with the new library on the old library will likely crash, while doing the opposite will cause QEMU not to start at all (because udev, get_multipath_config and put_multipath_config are undefined). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | watch_mem_write: implement 8-byte accessesPaolo Bonzini2017-10-181-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Aligned 8-byte memory writes by a 64-bit target on a 64-bit host should always turn into atomic 8-byte writes on the host, however a write write watchpoint would end up tearing the 8-byte write into two 4-byte writes in access_with_adjusted_size(). Reported-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | notdirty_mem_write: implement 8-byte accessesAndrew Baumann2017-10-181-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Aligned 8-byte memory writes by a 64-bit target on a 64-bit host should always turn into atomic 8-byte writes on the host, however if we missed in the softmmu, and the TLB line was marked as not dirty, then we would end up tearing the 8-byte write into two 4-byte writes in access_with_adjusted_size(). Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Message-Id: <20171013181913.7556-1-Andrew.Baumann@microsoft.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | memory: reuse section_from_flat_range()David Hildenbrand2017-10-181-8/+2Star
| | | | | | | | | | | | | | | | | | | | | | | | We can use section_from_flat_range() instead of manually initializing. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171016144302.24284-8-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | kvm: simplify kvm_align_section()David Hildenbrand2017-10-181-12/+6Star
| | | | | | | | | | | | | | | | | | | | | | | | Use ROUND_UP and simplify the code a bit. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171016144302.24284-7-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | kvm: region_add and region_del is not called on updatesDavid Hildenbrand2017-10-181-7/+1Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Attributes are not updated via region_add()/region_del(). Attribute changes lead to a delete first, followed by a new add. If this would ever not be the case, we would get an error when trying to register the new slot. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171016144302.24284-6-david@redhat.com> Tested-by: Joe Clifford <joeclifford@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | kvm: fix error message when failing to unregister slotDavid Hildenbrand2017-10-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | "overlapping" is a leftover, let's drop it. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171016144302.24284-5-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | kvm: tolerate non-existing slot for log_start/log_stop/log_syncDavid Hildenbrand2017-10-181-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we want to trap every access to a section, we might not have a slot. So let's just tolerate if we don't have one. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171016144302.24284-4-david@redhat.com> Tested-by: Joe Clifford <joeclifford@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | kvm: fix alignment of ram addressDavid Hildenbrand2017-10-181-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the wrong calculation of the delta, used to align the ram address. This only strikes if alignment has to be done. Reported-by: Joe Clifford <joeclifford@gmail.com> Fixes: 5ea69c2e3614 ("kvm: factor out alignment of memory section") Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171016144302.24284-3-david@redhat.com> Tested-by: Joe Clifford <joeclifford@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | memory: call log_start after region_addDavid Hildenbrand2017-10-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It might be confusing for some listener implementations that implement both, region_add and log_start (e.g. KVM) if we call log_start before an actual region was added using region_add. This makes current KVM code trigger an assertion ("kvm_section_update_flags: error finding slot"). So let's just reverse the order instead of tolerating log_start on yet unknown regions. Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171016144302.24284-2-david@redhat.com> Tested-by: Joe Clifford <joeclifford@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | target/i386: trap on instructions longer than >15 bytesPaolo Bonzini2017-10-161-7/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Besides being more correct, arbitrarily long instruction allow the generation of a translation block that spans three pages. This confuses the generator and even allows ring 3 code to poison the translation block cache and inject code into other processes that are in guest ring 3. This is an improved (and more invasive) fix for commit 30663fd ("tcg/i386: Check the size of instruction being translated", 2017-03-24). In addition to being more precise (and generating the right exception, which is #GP rather than #UD), it distinguishes better between page faults and too long instructions, as shown by this test case: #include <sys/mman.h> #include <string.h> #include <stdio.h> int main() { char *x = mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0); memset(x, 0x66, 4096); x[4096] = 0x90; x[4097] = 0xc3; char *i = x + 4096 - 15; mprotect(x + 4096, 4096, PROT_READ|PROT_WRITE); ((void(*)(void)) i) (); } ... which produces a #GP without the mprotect, and a #PF with it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | target/i386: introduce x86_ld*_codePaolo Bonzini2017-10-161-103/+125
| | | | | | | | | | | | | | | | | | | | | These take care of advancing s->pc, and will provide a unified point where to check for the 15-byte instruction length limit. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | tco: add trace eventsPaolo Bonzini2017-10-162-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add trace events to the PCH watchdog timer, it can be useful to see how the guest is using it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1507816448-86665-1-git-send-email-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | docs/devel/loads-stores.rst: Document our various load and store APIsPeter Maydell2017-10-161-0/+396
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | QEMU has a wide selection of different functions for doing loads and stores; provide some overview documentation of what they do and how to pick which one to use. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <1507813181-11860-1-git-send-email-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | nios2: define tcg_envPaolo Bonzini2017-10-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This should be done by all target and, since commit 53f6672bcf ("gen-icount: use tcg_ctx.tcg_env instead of cpu_env", 2017-06-30), is causing the NIOS2 target to hang. This is because the test for "should I exit to the main loop" was being done with the correct offset to the icount decrementer, but using TCG temporary 0 (the frame pointer) rather than the env pointer. Cc: qemu-stable@nongnu.org Cc: Marek Vasut <marex@denx.de> Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>