summaryrefslogtreecommitdiffstats
path: root/hw
Commit message (Collapse)AuthorAgeFilesLines
* Merge remote-tracking branch 'remotes/vivier/tags/q800-for-6.0-pull-request' ↵Peter Maydell2021-03-182-121/+77Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging q800 pull request 20210316 Several fixes for mac_via needed for future support of MacOS ROM # gpg: Signature made Tue 16 Mar 2021 21:14:42 GMT # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier/tags/q800-for-6.0-pull-request: mac_via: remove VIA1 timer optimisations mac_via: fix 60Hz VIA1 timer interval mac_via: rename VBL timer to 60Hz timer mac_via: don't re-inject ADB response when switching to IDLE state mac_via: allow long accesses to VIA registers mac_via: fix up adb_via_receive() trace events mac_via: switch rtc pram trace-events to use hex rather than decimal for addresses Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * mac_via: remove VIA1 timer optimisationsMark Cave-Ayland2021-03-161-39/+4Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The original implementation of the Macintosh VIA devices in commit 6dca62a000 "hw/m68k: add VIA support" used timer optimisations to reduce high CPU usage on the host when booting Linux. These optimisations worked by waiting until VIA1 port B was accessed before re-arming the timers. The MacOS toolbox ROM constantly writes to VIA1 port B which calls via1_one_second_update() and via1_sixty_hz_update() to calculate the new expiry time, causing the timers to constantly reset and never fire. The effect of this is that the Ticks (0x16a) global variable holding the number of 60Hz timer ticks since reset is never incremented by the interrupt causing time to stand still. Whilst the code was introduced as a performance optimisation, it is likely that the high CPU usage was actually caused by the incorrect 60Hz timer interval fixed in the previous patch. Remove the optimisation to keep everything simple and enable the MacOS toolbox ROM to start keeping time. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210311100505.22596-8-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
| * mac_via: fix 60Hz VIA1 timer intervalMark Cave-Ayland2021-03-161-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 60Hz timer is initialised using timer_new_ns() meaning that the timer interval should be measured in ns, and therefore its period is a thousand times too short. Use a define for the 60Hz timer period taking the more precise value as documented in the Guide To The Macintosh Family Hardware. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Message-Id: <20210311100505.22596-7-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
| * mac_via: rename VBL timer to 60Hz timerMark Cave-Ayland2021-03-161-20/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to the "Guide To The Macintosh Family Hardware", the 60Hz VIA1 timer on newer Macs such as the Quadra only exists for compatibility with old software and is no longer synced to the VBL interval. Rename the VBL timer to 60Hz timer to emphasise this and to prevent confusion when the real VBL interrupt (now handled as a NuBus slot interrupt) is added in future. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Message-Id: <20210311100505.22596-6-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
| * mac_via: don't re-inject ADB response when switching to IDLE stateMark Cave-Ayland2021-03-161-51/+27Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current workaround for the Linux ADB state machine in kernels < 5.6 switching the VIA back to IDLE state between send and receive modes is to re-inject the first byte of the response in the IDLE state, and then force the state machine into generating an autopoll reply. In fact what is happening is much simpler: analysis of traces from a real Quadra suggest that the existing data is returned as the first autopoll response rather than generating an immediate response starting whilst still in IDLE state. Update the ADB receive code to work in the same way, which allows the re-injection code to be completely removed from adb_via_receive() and for adb_via_poll() to be simplified accordingly. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-Id: <20210311100505.22596-5-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
| * mac_via: allow long accesses to VIA registersMark Cave-Ayland2021-03-161-2/+2
| | | | | | | | | | | | | | | | | | | | The MacOS SCSI driver uses a long access to read the VIA registers rather than just a single byte during the message out phase. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210311100505.22596-4-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
| * mac_via: fix up adb_via_receive() trace eventsMark Cave-Ayland2021-03-161-17/+24
| | | | | | | | | | | | | | | | | | | | | | The use of the post-increment operator on adb_data_in_index meant that the trace-event was accidentally displaying the next byte in the incoming ADB data buffer rather than the current byte. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210311100505.22596-3-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
| * mac_via: switch rtc pram trace-events to use hex rather than decimal for ↵Mark Cave-Ayland2021-03-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | addresses Since all the documentation uses the hex offsets, this makes it much easier to see what is going on. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210311100505.22596-2-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
* | Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell2021-03-173-1/+153
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging * add --enable/--disable-libgio to configure (Denis) * small fixes (Pavel, myself) * fuzzing update (Alexander) # gpg: Signature made Tue 16 Mar 2021 18:30:38 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: qemu-timer: allow freeing a NULL timer hw/i8254: fix vmstate load scsi: fix sense code for EREMOTEIO Revert "accel: kvm: Add aligment assert for kvm_log_clear_one_slot" configure: add option to explicitly enable/disable libgio fuzz: move some DMA hooks fuzz: configure a sparse-mem device, by default memory: add a sparse memory device for fuzzing fuzz: add a am53c974 generic-fuzzer config fuzz: add instructions for building reproducers fuzz: add a script to build reproducers fuzz: don't leave orphan llvm-symbolizers around fuzz: fix the pro100 generic-fuzzer config MAINTAINERS: Cover fuzzer reproducer tests within 'Device Fuzzing' tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi is available tests/qtest: Only run fuzz-megasas-test if megasas device is available Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | hw/i8254: fix vmstate loadPavel Dovgalyuk2021-03-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | QEMU timer of channel 0 in i8254 is used to raise irq at the specified moment of time. This irq can be disabled with irq_disabled flag. But when vmstate of the pit is loaded, timer may be rearmed despite the disabled interrupts. This patch adds irq_disabled flag check to fix that. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Message-Id: <161537170060.6654.9430112746749476215.stgit@pasha-ThinkPad-X280> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | memory: add a sparse memory device for fuzzingAlexander Bulekov2021-03-162-0/+152
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | For testing, it can be useful to simulate an enormous amount of memory (e.g. 2^64 RAM). This adds an MMIO device that acts as sparse memory. When something writes a nonzero value to a sparse-mem address, we allocate a block of memory. For now, since the only user of this device is the fuzzer, we do not track and free zeroed blocks. The device has a very low priority (so it can be mapped beneath actual RAM, and virtual device MMIO regions). Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20210316.0' ↵Peter Maydell2021-03-177-95/+118
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging VFIO update 2021-03-16 * Fix "listerner" typo (Zenghui Yu) * Inclusive language and MAINTAINERS update (Philippe Mathieu-Daudé) * vIOMMU unmap notifier fixes (Eric Auger) * Migration fixes and optimizations (Shenming Lu) * Use host page size for dirty bitmap (Kunkun Jiang) * Use log_global_start/stop to switch dirty tracking (Keqian Zhu) # gpg: Signature made Tue 16 Mar 2021 16:59:10 GMT # gpg: using RSA key 239B9B6E3BB08B22 # gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" [full] # gpg: aka "Alex Williamson <alex@shazbot.org>" [full] # gpg: aka "Alex Williamson <alwillia@redhat.com>" [full] # gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" [full] # Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B 8A90 239B 9B6E 3BB0 8B22 * remotes/awilliam/tags/vfio-update-20210316.0: vfio/migrate: Move switch of dirty tracking into vfio_memory_listener vfio: Support host translation granule size vfio: Avoid disabling and enabling vectors repeatedly in VFIO migration vfio: Set the priority of the VFIO VM state change handler explicitly vfio: Move the saving of the config space to the right place in VFIO migration spapr_iommu: Fix vhost integration regression vfio: Do not register any IOMMU_NOTIFIER_DEVIOTLB_UNMAP notifier MAINTAINERS: Cover docs/igd-assign.txt in VFIO section hw/vfio/pci-quirks: Replace the word 'blacklist' vfio: Fix vfio_listener_log_sync function name typo Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | vfio/migrate: Move switch of dirty tracking into vfio_memory_listenerKeqian Zhu2021-03-162-44/+40Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For now the switch of vfio dirty page tracking is integrated into @vfio_save_handler. The reason is that some PCI vendor driver may start to track dirty base on _SAVING state of device, so if dirty tracking is started before setting device state, vfio will report full-dirty to QEMU. However, the dirty bmap of all ramblocks are fully set when setup ram saving, so it's not matter whether the device is in _SAVING state when start vfio dirty tracking. Moreover, this logic causes some problems [1]. The object of dirty tracking is guest memory, but the object of @vfio_save_handler is device state, which produces unnecessary coupling and conflicts: 1. Coupling: Their saving granule is different (perVM vs perDevice). vfio will enable dirty_page_tracking for each devices, actually once is enough. 2. Conflicts: The ram_save_setup() traverses all memory_listeners to execute their log_start() and log_sync() hooks to get the first round dirty bitmap, which is used by the bulk stage of ram saving. However, as vfio dirty tracking is not yet started, it can't get dirty bitmap from vfio. Then we give up the chance to handle vfio dirty page at bulk stage. Move the switch of vfio dirty_page_tracking into vfio_memory_listener can solve above problems. Besides, Do not require devices in SAVING state for vfio_sync_dirty_bitmap(). [1] https://www.spinics.net/lists/kvm/msg229967.html Reported-by: Zenghui Yu <yuzenghui@huawei.com> Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20210309031913.11508-1-zhukeqian1@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
| * | vfio: Support host translation granule sizeKunkun Jiang2021-03-161-23/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cpu_physical_memory_set_dirty_lebitmap() can quickly deal with the dirty pages of memory by bitmap-traveling, regardless of whether the bitmap is aligned correctly or not. cpu_physical_memory_set_dirty_lebitmap() supports pages in bitmap of host page size. So it'd better to set bitmap_pgsize to host page size to support more translation granule sizes. [aw: The Fixes commit below introduced code to restrict migration support to configurations where the target page size intersects the host dirty page support. For example, a 4K guest on a 4K host. Due to the above flexibility in bitmap handling, this restriction unnecessarily prevents mixed target/host pages size that could otherwise be supported. Use host page size for dirty bitmap.] Fixes: 87ea529c502 ("vfio: Get migration capability flags for container") Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com> Message-Id: <20210304133446.1521-1-jiangkunkun@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
| * | vfio: Avoid disabling and enabling vectors repeatedly in VFIO migrationShenming Lu2021-03-161-3/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In VFIO migration resume phase and some guest startups, there are already unmasked vectors in the vector table when calling vfio_msix_enable(). So in order to avoid inefficiently disabling and enabling vectors repeatedly, let's allocate all needed vectors first and then enable these unmasked vectors one by one without disabling. Signed-off-by: Shenming Lu <lushenming@huawei.com> Message-Id: <20210310030233.1133-4-lushenming@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
| * | vfio: Set the priority of the VFIO VM state change handler explicitlyShenming Lu2021-03-161-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the VFIO VM state change handler when stopping the VM, the _RUNNING bit in device_state is cleared which makes the VFIO device stop, including no longer generating interrupts. Then we can save the pending states of all interrupts in the GIC VM state change handler (on ARM). So we have to set the priority of the VFIO VM state change handler explicitly (like virtio devices) to ensure it is called before the GIC's in saving. Signed-off-by: Shenming Lu <lushenming@huawei.com> Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Message-Id: <20210310030233.1133-3-lushenming@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
| * | vfio: Move the saving of the config space to the right place in VFIO migrationShenming Lu2021-03-161-10/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On ARM64 the VFIO SET_IRQS ioctl is dependent on the VM interrupt setup, if the restoring of the VFIO PCI device config space is before the VGIC, an error might occur in the kernel. So we move the saving of the config space to the non-iterable process, thus it will be called after the VGIC according to their priorities. As for the possible dependence of the device specific migration data on it's config space, we can let the vendor driver to include any config info it needs in its own data stream. Signed-off-by: Shenming Lu <lushenming@huawei.com> Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com> Message-Id: <20210310030233.1133-2-lushenming@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
| * | spapr_iommu: Fix vhost integration regressionEric Auger2021-03-161-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previous work on dev-iotlb message broke spapr_iommu/vhost integration as it did for SMMU and virtio-iommu. The spapr_iommu currently only sends IOMMU_NOTIFIER_UNMAP notifications. Since commit 958ec334bca3 ("vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support"), VHOST first tries to register IOMMU_NOTIFIER_DEVIOTLB_UNMAP notifier and if it fails, falls back to legacy IOMMU_NOTIFIER_UNMAP. So spapr_iommu must fail on the IOMMU_NOTIFIER_DEVIOTLB_UNMAP registration. Reported-by: Peter Xu <peterx@redhat.com> Fixes: b68ba1ca5767 ("memory: Add IOMMU_NOTIFIER_DEVIOTLB_UNMAP IOMMUTLBNotificationType") Signed-off-by: Eric Auger <eric.auger@redhat.com> Message-Id: <20210209213233.40985-3-eric.auger@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
| * | vfio: Do not register any IOMMU_NOTIFIER_DEVIOTLB_UNMAP notifierEric Auger2021-03-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In an attempt to fix smmu/virtio-iommu - vhost regression, commit 958ec334bca3 ("vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support") broke virtio-iommu integration. This is due to the fact VFIO registers IOMMU_NOTIFIER_ALL notifiers, which includes IOMMU_NOTIFIER_DEVIOTLB_UNMAP and this latter now is rejected by the virtio-iommu. As a consequence, the registration fails. VHOST behaves like a device with an ATC cache. The VFIO device does not support this scheme yet. Let's register only legacy MAP and UNMAP notifiers. Fixes: 958ec334bca3 ("vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support") Signed-off-by: Eric Auger <eric.auger@redhat.com> Message-Id: <20210209213233.40985-2-eric.auger@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
| * | hw/vfio/pci-quirks: Replace the word 'blacklist'Philippe Mathieu-Daudé2021-03-164-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow the inclusive terminology from the "Conscious Language in your Open Source Projects" guidelines [*] and replace the word "blacklist" appropriately. [*] https://github.com/conscious-lang/conscious-lang-docs/blob/main/faq.md Reviewed-by: Alex Williamson <alex.williamson@redhat.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210205171817.2108907-9-philmd@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
| * | vfio: Fix vfio_listener_log_sync function name typoZenghui Yu2021-03-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | There is an obvious typo in the function name of the .log_sync() callback. Spell it correctly. Signed-off-by: Zenghui Yu <yuzenghui@huawei.com> Message-Id: <20201204014240.772-1-yuzenghui@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* | | Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20210316' ↵Peter Maydell2021-03-171-8/+4Star
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging 9pfs: code cleanup * Use lock-guard design pattern instead of manual lock/unlock. # gpg: Signature made Tue 16 Mar 2021 10:49:09 GMT # gpg: using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395 # gpg: issuer "qemu_oss@crudebyte.com" # gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: ECAB 1A45 4014 1413 BA38 4926 30DB 47C3 A012 D5F4 # Subkey fingerprint: 96D8 D110 CF7A F808 4F88 5901 34C2 B587 65A4 7395 * remotes/cschoenebeck/tags/pull-9p-20210316: hw/9pfs/9p-synth: Replaced qemu_mutex_lock with QEMU_LOCK_GUARD Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | | hw/9pfs/9p-synth: Replaced qemu_mutex_lock with QEMU_LOCK_GUARDMahmoud Mandour2021-03-161-8/+4Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replaced a call to qemu_mutex_lock and its respective call to qemu_mutex_unlock and used QEMU_LOCK_GUARD macro in their place. This simplifies the code by removing the call required to unlock and also eliminates goto paths. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Acked-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <20210311031538.5325-9-ma.mandourr@gmail.com> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
* | | | Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210316' ↵Peter Maydell2021-03-171-6/+3Star
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging s390x updates: - get rid of legacy_s390_alloc() and phys_mem_set_alloc() - tcg: implement the MVPG condition-code-option bit - fix g_autofree variable handing in the pci vfio code - use official z15 names in the cpu model definitions # gpg: Signature made Tue 16 Mar 2021 10:04:21 GMT # gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [unknown] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [unknown] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck-gitlab/tags/s390x-20210316: s390x/pci: Add missing initialization for g_autofree variables target/s390x: Store r1/r2 for page-translation exceptions during MVPG target/s390x: Implement the MVPG condition-code-option bit s390x/cpu_model: use official name for 8562 exec: Get rid of phys_mem_set_alloc() s390x/kvm: Get rid of legacy_s390_alloc() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | | | s390x/pci: Add missing initialization for g_autofree variablesMiroslav Rezanina2021-03-151-6/+3Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When declaring g_autofree variable without initialization, compiler will raise "may be used uninitialized in this function" warning due to automatic free handling. This is mentioned in docs/devel/style.rst (quote from section "Automatic memory deallocation"): * Variables declared with g_auto* MUST always be initialized, otherwise the cleanup function will use uninitialized stack memory Add initialization for these declarations to prevent the warning and comply with coding style. Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Fixes: cd7498d07fbb ("s390x/pci: Add routine to get the vfio dma available count") Fixes: 1e7552ff5c34 ("s390x/pci: get zPCI function info from host") Reviewed-by: Thomas Huth <thuth@redhat.com> Tested-by: Matthew Rosato <mjrosato@linux.ibm.com> Message-Id: <20210315101352.152888-1-mrezanin@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
* | | | | Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-6.0-pull-request' ↵Peter Maydell2021-03-1716-0/+1141
|\ \ \ \ \ | |_|_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging m68k pull request 20210315 Add m68k virt machine # gpg: Signature made Mon 15 Mar 2021 20:41:51 GMT # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier/tags/m68k-for-6.0-pull-request: m68k: add Virtual M68k Machine m68k: add a system controller m68k: add an interrupt controller hw/intc: add goldfish-pic hw/char: add goldfish-tty Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | | | m68k: add Virtual M68k MachineLaurent Vivier2021-03-153-0/+323
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The machine is based on Goldfish interfaces defined by Google for Android simulator. It uses Goldfish-rtc (timer and RTC), Goldfish-pic (PIC) and Goldfish-tty (for serial port and early tty). The machine is created with 128 virtio-mmio bus, and they can be used to use serial console, GPU, disk, NIC, HID, ... Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-6-laurent@vivier.eu>
| * | | | m68k: add a system controllerLaurent Vivier2021-03-154-0/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a system controller for the m68k-virt machine. This controller allows the kernel to power off or reset the machine. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-5-laurent@vivier.eu>
| * | | | m68k: add an interrupt controllerLaurent Vivier2021-03-153-0/+123
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A (generic) copy of the GLUE device we already have for q800 to use with the m68k-virt machine. The q800 one would disappear in the future as q800 uses actually the djMEMC controller. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-4-laurent@vivier.eu>
| * | | | hw/intc: add goldfish-picLaurent Vivier2021-03-154-0/+231
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the goldfish pic device as defined in https://android.googlesource.com/platform/external/qemu/+/master/docs/GOLDFISH-VIRTUAL-HARDWARE.TXT Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-3-laurent@vivier.eu>
| * | | | hw/char: add goldfish-ttyLaurent Vivier2021-03-154-0/+300
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the goldfish tty device as defined in https://android.googlesource.com/platform/external/qemu/+/master/docs/GOLDFISH-VIRTUAL-HARDWARE.TXT and based on the kernel driver code: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/tty/goldfish.c Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-2-laurent@vivier.eu>
* | | | | Merge remote-tracking branch 'remotes/kraxel/tags/usb-20210315-pull-request' ↵Peter Maydell2021-03-1613-335/+391
|\ \ \ \ \ | |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging usb: -usbdevice cleanup and un-deprecation. usb: split usb-storage. usb: misc fixes and cleanups. # gpg: Signature made Mon 15 Mar 2021 18:02:28 GMT # gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/usb-20210315-pull-request: usb/storage: clear csw on reset usb/storage: add kconfig symbols usb/storage move usb-storage device to separate source file usb/storage: move usb-bot device to separate source file usb/storage: move declarations to usb/msd.h header hw/usb: Extract VT82C686 UHCI PCI function into a new unit hw/usb/hcd-uhci: Expose generic prototypes to local header hw/southbridge: Add missing Kconfig dependency VT82C686 on USB_UHCI usb: Document the missing -usbdevice options usb: Un-deprecate -usbdevice (except for -usbdevice audio which gets removed) usb: remove '-usbdevice u2f-key' usb: remove support for -usbdevice parameters hw/usb/bus: Remove the "full-path" property Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | | | usb/storage: clear csw on resetGerd Hoffmann2021-03-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Stale data in csw (specifically residue) can confuse the state machine and allows the guest trigger an assert(). So clear csw on reset to avoid this happening in case the guest resets the device in the middle of a request. Buglink: https://bugs.launchpad.net/qemu/+bug/1523811 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210312094954.796799-1-kraxel@redhat.com>
| * | | | usb/storage: add kconfig symbolsGerd Hoffmann2021-03-152-3/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add new kconfig symbols so usb-storage and usb-bot can be enabled or disabled individually at build time. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20210312090425.772900-5-kraxel@redhat.com>
| * | | | usb/storage move usb-storage device to separate source fileGerd Hoffmann2021-03-153-135/+157
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pure code motion, no functional change. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20210312090425.772900-4-kraxel@redhat.com>
| * | | | usb/storage: move usb-bot device to separate source fileGerd Hoffmann2021-03-153-42/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pure code motion, no functional change. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20210312090425.772900-3-kraxel@redhat.com>
| * | | | usb/storage: move declarations to usb/msd.h headerGerd Hoffmann2021-03-151-42/+6Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In preparation for splitting the usb-storage.c file move declarations to the new usb/msd.h header file. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20210312090425.772900-2-kraxel@redhat.com>
| * | | | hw/usb: Extract VT82C686 UHCI PCI function into a new unitPhilippe Mathieu-Daudé2021-03-153-23/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Extract the VT82C686 PCI UHCI function into a new unit so it is only build when the VT82C686 south bridge is selected. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210309190802.830969-4-f4bug@amsat.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | | hw/usb/hcd-uhci: Expose generic prototypes to local headerPhilippe Mathieu-Daudé2021-03-152-57/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Extract generic UHCI prototypes into a new "hcd-uhci.h" local header so we can reuse them in other units. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210309190802.830969-3-f4bug@amsat.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | | hw/southbridge: Add missing Kconfig dependency VT82C686 on USB_UHCIPhilippe Mathieu-Daudé2021-03-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The VT82C686 south bridge provides a USB UHCI bus via a PCI function. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Message-Id: <20210309190802.830969-2-f4bug@amsat.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | | usb: Un-deprecate -usbdevice (except for -usbdevice audio which gets removed)Thomas Huth2021-03-151-1/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When trying to remove the -usbdevice option, there were complaints that "-usbdevice braille" is still a very useful shortcut for some people. Thus we never remove this option. Since it's not such a big burden to keep it around, and it's also convenient in the sense that you don't have to worry to enable a host controller explicitly with this option, we should remove it from he deprecation list again. However, there is one exception: "-usbdevice audio" should go away, since audio devices without "audiodev=..." parameter are also on the deprecation list and you cannot use "-usbdevice audio" with "audiodev". Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210310173323.1422754-4-thuth@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | | usb: remove '-usbdevice u2f-key'Paolo Bonzini2021-03-151-1/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It never worked. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210310173323.1422754-3-thuth@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | | usb: remove support for -usbdevice parametersPaolo Bonzini2021-03-152-26/+8Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | No device needs them anymore and in fact they're undocumented. Remove the code. The only change in behavior is that "-usbdevice braille:hello" now reports an error, which is a bugfix. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210310173323.1422754-2-thuth@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | | hw/usb/bus: Remove the "full-path" propertyThomas Huth2021-03-151-6/+1Star
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This property was only required for the pc-1.0 and earlier machine types. Since these have been removed now, we can delete the property as well. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210302120152.118042-1-thuth@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* | | | Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into ↵Peter Maydell2021-03-1617-42/+63
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging # gpg: Signature made Mon 15 Mar 2021 08:42:25 GMT # gpg: using RSA key EF04965B398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal] # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: net: Do not fill legacy info_str for backends hmp: Use QAPI NetdevInfo in hmp_info_network net: Move NetClientState.info_str to dynamic allocations tests: Add tests for query-netdev command qapi: net: Add query-netdev command pvrdma: wean code off pvrdma_ring.h kernel header lan9118: switch to use qemu_receive_packet() for loopback cadence_gem: switch to use qemu_receive_packet() for loopback pcnet: switch to use qemu_receive_packet() for loopback rtl8139: switch to use qemu_receive_packet() for loopback tx_pkt: switch to use qemu_receive_packet_iov() for loopback sungem: switch to use qemu_receive_packet() for loopback msf2-mac: switch to use qemu_receive_packet() for loopback dp8393x: switch to use qemu_receive_packet() for loopback packet e1000: switch to use qemu_receive_packet() for loopback net: introduce qemu_receive_packet() e1000: fail early for evil descriptor net: validate that ids are well formed net: Fix build error when DEBUG_NET is on virtio-net: calculating proper msix vectors on init Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # hw/core/machine.c
| * | | net: Move NetClientState.info_str to dynamic allocationsAlexey Kirillov2021-03-151-3/+2Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The info_str field of the NetClientState structure is static and has a size of 256 bytes. This amount is often unclaimed, and the field itself is used exclusively for HMP "info network". The patch translates info_str to dynamic memory allocation. This action is also allows us to painlessly discard usage of this field for backend devices. Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru> Signed-off-by: Jason Wang <jasowang@redhat.com>
| * | | pvrdma: wean code off pvrdma_ring.h kernel headerCornelia Huck2021-03-155-28/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The pvrdma code relies on the pvrdma_ring.h kernel header for some basic ring buffer handling. The content of that header isn't very exciting, but contains some (q)atomic_*() invocations that (a) cause manual massaging when doing a headers update, and (b) are an indication that we probably should not be importing that header at all. Let's reimplement the ring buffer handling directly in the pvrdma code instead. This arguably also improves readability of the code. Importing the header can now be dropped. Signed-off-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
| * | | lan9118: switch to use qemu_receive_packet() for loopbackAlexander Bulekov2021-03-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch switches to use qemu_receive_packet() which can detect reentrancy and return early. This is intended to address CVE-2021-3416. Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Jason Wang <jasowang@redhat.com>
| * | | cadence_gem: switch to use qemu_receive_packet() for loopbackAlexander Bulekov2021-03-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch switches to use qemu_receive_packet() which can detect reentrancy and return early. This is intended to address CVE-2021-3416. Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Jason Wang <jasowang@redhat.com>
| * | | pcnet: switch to use qemu_receive_packet() for loopbackAlexander Bulekov2021-03-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch switches to use qemu_receive_packet() which can detect reentrancy and return early. This is intended to address CVE-2021-3416. Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Buglink: https://bugs.launchpad.net/qemu/+bug/1917085 Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Jason Wang <jasowang@redhat.com>