aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-12-05target/arm: Extend PAR format determinationfsr-in-faultinfoEdgar E. Iglesias
Now that do_ats_write() is entirely in control of whether to generate a 32-bit PAR or a 64-bit PAR, we can make it use the correct (complicated) condition for doing so. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> [PMM: Rebased Edgar's patch on top of get_phys_addr() refactoring; use arm_s1_regime_using_lpae_format() rather than regime_using_lpae_format() because the latter will assert if passed ARMMMUIdx_S12NSE0 or ARMMMUIdx_S12NSE1; updated commit message appropriately] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-05target/arm: Remove fsr argument from get_phys_addr() and arm_tlb_fill()Peter Maydell
All of the callers of get_phys_addr() and arm_tlb_fill() now ignore the FSR values they return, so we can just remove the argument entirely. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-05target/arm: Ignore fsr from get_phys_addr() in do_ats_write()Peter Maydell
In do_ats_write(), rather than using the FSR value from get_phys_addr(), construct the PAR values using the information in the ARMMMUFaultInfo struct. This allows us to create a PAR of the correct format regardless of what the translation table format is. For the moment we leave the condition for "when should this be a 64 bit PAR" as it was previously; this will need to be fixed to properly support AArch32 Hyp mode. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-05target/arm: Use ARMMMUFaultInfo in deliver_fault()Peter Maydell
Now that ARMMMUFaultInfo is guaranteed to have enough information to construct a fault status code, we can pass it in to the deliver_fault() function and let it generate the correct type of FSR for the destination, rather than relying on the value provided by get_phys_addr(). I don't think there are any cases the old code was getting wrong, but this is more obviously correct. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-05target/arm: Convert get_phys_addr_pmsav8() to not return FSC valuesPeter Maydell
Make get_phys_addr_pmsav8() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-05target/arm: Convert get_phys_addr_pmsav7() to not return FSC valuesPeter Maydell
Make get_phys_addr_pmsav7() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-05target/arm: Convert get_phys_addr_pmsav5() to not return FSC valuesPeter Maydell
Make get_phys_addr_pmsav5() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Note that PMSAv5 does not define any guest-visible fault status register, so the different "fsr" values we were previously returning are entirely arbitrary. So we can just switch to using the most appropriae fi->type values without worrying that we need to special-case FaultInfo->FSC conversion for PMSAv5. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-05target/arm: Convert get_phys_addr_lpae() to not return FSC valuesPeter Maydell
Make get_phys_addr_v6() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-05target/arm: Convert get_phys_addr_v6() to not return FSC valuesPeter Maydell
Make get_phys_addr_v6() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-05target/arm: Convert get_phys_addr_v5() to not return FSC valuesPeter Maydell
Make get_phys_addr_v5() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-05target/arm: Remove fsr argument from arm_ld*_ptw()Peter Maydell
All the callers of arm_ldq_ptw() and arm_ldl_ptw() ignore the value that those functions store in the fsr argument on failure: if they return failure to their callers they will always overwrite the fsr value with something else. Remove the argument from these functions and S1_ptw_translate(). This will simplify removing fsr from the calling functions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04target/arm: Provide fault type enum and FSR conversion functionsPeter Maydell
Currently get_phys_addr() and its various subfunctions return a hard-coded fault status register value for translation failures. This is awkward because FSR values these days may be either long-descriptor format or short-descriptor format. Worse, the right FSR type to use doesn't depend only on the translation table being walked -- some cases, like fault info reported to AArch32 EL2 for some kinds of ATS operation, must be in long-descriptor format even if the translation table being walked was short format. We can't get those cases right with our current approach. Provide fields in the ARMMMUFaultInfo struct which allow get_phys_addr() to provide sufficient information for a caller to construct an FSR value themselves, and utility functions which do this for both long and short format FSR values, as a first step in switching get_phys_addr() and its children to only returning the failure cause in the ARMMMUFaultInfo struct. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04target/arm: Implement TT instructionPeter Maydell
Implement the TT instruction which queries the security state and access permissions of a memory location. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-8-git-send-email-peter.maydell@linaro.org
2017-12-04target/arm: Factor MPU lookup code out of get_phys_addr_pmsav8()Peter Maydell
For the TT instruction we're going to need to do an MPU lookup that also tells us which MPU region the access hit. This requires us to do the MPU lookup without first doing the SAU security access check, so pull the MPU lookup parts of get_phys_addr_pmsav8() out into their own function. The TT instruction also needs to know the MPU region number which the lookup hit, so provide this information to the caller of the MPU lookup code, even though get_phys_addr_pmsav8() doesn't need to know it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-7-git-send-email-peter.maydell@linaro.org
2017-12-04target/arm: Create new arm_v7m_mmu_idx_for_secstate_and_priv()Peter Maydell
The TT instruction is going to need to look up the MMU index for a specified security and privilege state. Refactor the existing arm_v7m_mmu_idx_for_secstate() into a version that lets you specify the privilege state and one that uses the current state of the CPU. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-6-git-send-email-peter.maydell@linaro.org
2017-12-04target/arm: Split M profile MNegPri mmu index into user and privPeter Maydell
For M profile, we currently have an mmu index MNegPri for "requested execution priority negative". This fails to distinguish "requested execution priority negative, privileged" from "requested execution priority negative, usermode", but the two can return different results for MPU lookups. Fix this by splitting MNegPri into MNegPriPriv and MNegPriUser, and similarly for the Secure equivalent MSNegPri. This takes us from 6 M profile MMU modes to 8, which means we need to bump NB_MMU_MODES; this is OK since the point where we are forced to reduce TLB sizes is 9 MMU modes. (It would in theory be possible to stick with 6 MMU indexes: {mpu-disabled,user,privileged} x {secure,nonsecure} since in the MPU-disabled case the result of an MPU lookup is always the same for both user and privileged code. However we would then need to rework the TB flags handling to put user/priv into the TB flags separately from the mmuidx. Adding an extra couple of mmu indexes is simpler.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-5-git-send-email-peter.maydell@linaro.org
2017-12-04target/arm: Add missing M profile case to regime_is_user()Peter Maydell
When we added the ARMMMUIdx_MSUser MMU index we forgot to add it to the case statement in regime_is_user(), so we weren't treating it as unprivileged when doing MPU lookups. Correct the omission. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-4-git-send-email-peter.maydell@linaro.org
2017-12-04target/arm: Allow explicit writes to CONTROL.SPSEL in Handler modePeter Maydell
In ARMv7M the CPU ignores explicit writes to CONTROL.SPSEL in Handler mode. In v8M the behaviour is slightly different: writes to the bit are permitted but will have no effect. We've already done the hard work to handle the value in CONTROL.SPSEL being out of sync with what stack pointer is actually in use, so all we need to do to fix this last loose end is to update the condition we use to guard whether we call write_v7m_control_spsel() on the register write. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-3-git-send-email-peter.maydell@linaro.org
2017-12-04target/arm: Handle SPSEL and current stack being out of sync in MSP/PSP readsPeter Maydell
For v8M it is possible for the CONTROL.SPSEL bit value and the current stack to be out of sync. This means we need to update the checks used in reads and writes of the PSP and MSP special registers to use v7m_using_psp() rather than directly checking the SPSEL bit in the control register. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-2-git-send-email-peter.maydell@linaro.org
2017-12-04hw/intc/arm_gicv3_its: Implement full resetEric Auger
Voiding the ITS caches is not supposed to happen via individual register writes. So we introduced a dedicated ITS KVM device ioctl to perform a cold reset of the ITS: KVM_DEV_ARM_VGIC_GRP_CTRL/KVM_DEV_ARM_ITS_CTRL_RESET. Let's use this latter if the kernel supports it. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1511883692-11511-5-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04linux-headers: update to 4.15-rc1Eric Auger
Update headers against v4.15-rc1. Signed-off-by: Eric Auger <eric.auger@redhat.com> Message-id: 1511883692-11511-4-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04hw/intc/arm_gicv3_its: Implement a minimalist resetEric Auger
At the moment the ITS is not properly reset and this causes various bugs on save/restore. We implement a minimalist reset through individual register writes but for kernel versions before v4.15 this fails voiding the vITS cache. We cannot claim we have a comprehensive reset (hence the error message) but that's better than nothing. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1511883692-11511-3-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04hw/intc/arm_gicv3_its: Don't call post_load on resetEric Auger
From the very beginning, post_load() was called from common reset. This is not standard and obliged to discriminate the reset case from the restore case using the iidr value. Let's get rid of that call. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1511883692-11511-2-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04xlnx-zcu102: Add support for the ZynqMP QSPIFrancisco Iglesias
Add support for the ZynqMP QSPI (consisting of the Generic QSPI and Legacy QSPI) and connect Numonyx n25q512a11 flashes to it. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20171126231634.9531-14-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04xilinx_spips: Add support for the ZynqMP Generic QSPIFrancisco Iglesias
Add support for the Zynq Ultrascale MPSoc Generic QSPI. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20171126231634.9531-13-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04xilinx_spips: Don't set TX FIFO UNDERFLOW at cmd doneFrancisco Iglesias
Don't set TX FIFO UNDERFLOW interrupt after transmitting the commands. Also update interrupts after reading out the interrupt status. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Acked-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20171126231634.9531-12-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04xilinx_spips: Add support for 4 byte addresses in the LQSPIFrancisco Iglesias
Add support for 4 byte addresses in the LQSPI and correct LQSPI_CFG_SEP_BUS. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20171126231634.9531-11-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04xilinx_spips: Add support for zero pumpingFrancisco Iglesias
Add support for zero pumping according to the transfer size register. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20171126231634.9531-10-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04xilinx_spips: Make tx/rx_data_bytes more generic and reusableFrancisco Iglesias
Make tx/rx_data_bytes more generic so they can be reused (when adding support for the Zynqmp Generic QSPI). Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20171126231634.9531-9-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04xilinx_spips: Add support for RX discard and RX drainFrancisco Iglesias
Add support for the RX discard and RX drain functionality. Also transmit one byte per dummy cycle (to the flash memories) with commands that require these. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20171126231634.9531-8-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04xilinx_spips: Update striping to be big-endian bit orderFrancisco Iglesias
Update striping functionality to be big-endian bit order (as according to the Zynq-7000 Technical Reference Manual). Output thereafter the even bits into the flash memory connected to the lower QSPI bus and the odd bits into the flash memory connected to the upper QSPI bus. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Acked-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20171126231634.9531-7-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04xilinx_spips: Move FlashCMD, XilinxQSPIPS and XilinxSPIPSClassFrancisco Iglesias
Move the FlashCMD enum, XilinxQSPIPS and XilinxSPIPSClass structures to the header for consistency (struct XilinxSPIPS is found there). Also move out a define and remove two double included headers (while touching the code). Finally, add 4 byte address commands to the FlashCMD enum. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20171126231634.9531-6-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04m25p80: Add support for n25q512a11 and n25q512a13Francisco Iglesias
Add support for Micron (Numonyx) n25q512a11 and n25q512a13 flashes. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Acked-by: Marcin Krzemiński <mar.krzeminski@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20171126231634.9531-5-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04m25p80: Add support for BRRD/BRWR and BULK_ERASE (0x60)Francisco Iglesias
Add support for the bank address register access commands (BRRD/BRWR) and the BULK_ERASE (0x60) command. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Acked-by: Marcin Krzemiński <mar.krzeminski@gmail.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20171126231634.9531-4-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04m25p80: Add support for SST READ ID 0x90/0xAB commandsFrancisco Iglesias
Add support for SST READ ID 0x90/0xAB commands for reading out the flash manufacturer ID and device ID. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20171126231634.9531-3-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04m25p80: Add support for continuous read out of RDSR and READ_FSRFrancisco Iglesias
Add support for continuous read out of the RDSR and READ_FSR status registers until the chip select is deasserted. This feature is supported by amongst others 1 or more flashtypes manufactured by Numonyx (Micron), Windbond, SST, Gigadevice, Eon and Macronix. Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com> Acked-by: Marcin Krzemiński<mar.krzeminski@gmail.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20171126231634.9531-2-frasse.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171204' ↵Peter Maydell
into staging ppc patch queue 2017-12-04 We are, alas, not yet to the bottom of ppc bugs. This pull request fixes several more. I believe they're important enough to include in 2.11. despite the late date. # gpg: Signature made Mon 04 Dec 2017 03:40:56 GMT # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.11-20171204: spapr: Include "pre-plugged" DIMMS in ram size calculation at reset target-ppc: Don't invalidate non-supported msr bits pseries: fix TCG migration Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-04spapr: Include "pre-plugged" DIMMS in ram size calculation at resetDavid Gibson
At guest reset time, we allocate a hash page table (HPT) for the guest based on the guest's RAM size. If dynamic HPT resizing is not available we use the maximum RAM size, if it is we use the current RAM size. But the "current RAM size" calculation is incorrect - we just use the "base" ram_size from the machine structure. This doesn't include any pluggable DIMMs that are already plugged at reset time. This means that if you try to start a 'pseries' machine with a DIMM specified on the command line that's much larger than the "base" RAM size, then the guest will get a woefully inadequate HPT. This can lead to a guest freeze during boot as it runs out of HPT space during initial MMU setup. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Tested-by: Greg Kurz <groug@kaod.org>
2017-11-30target-ppc: Don't invalidate non-supported msr bitsKurban Mallachiev
The msr invalidation code (commits 993eb and 2360b) inverts all bits except MSR_TGPR and MSR_HVB. On non PowerPC 601 processors this leads to incorrect change of excp_prefix in hreg_store_msr() function. The problem is that new msr value get multiplied by msr_mask and inverted msr does not, thus values of MSR_EP bit in new msr value and inverted msr are distinct, so that excp_prefix changes but should not. Signed-off-by: Kurban Mallachiev <mallachiev@ispras.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-30pseries: fix TCG migrationLaurent Vivier
Migration of pseries is broken with TCG because QEMU tries to restore KVM MMU state unconditionally. The result is a SIGSEGV in kvm_vm_ioctl(): #0 kvm_vm_ioctl (s=0x0, type=-2146390353) at qemu/accel/kvm/kvm-all.c:2032 #1 0x00000001003e3e2c in kvmppc_configure_v3_mmu (cpu=<optimized out>, radix=<optimized out>, gtse=<optimized out>, proc_tbl=<optimized out>) at qemu/target/ppc/kvm.c:396 #2 0x00000001002f8b88 in spapr_post_load (opaque=0x1019103c0, version_id=<optimized out>) at qemu/hw/ppc/spapr.c:1578 #3 0x000000010059e4cc in vmstate_load_state (f=0x106230000, vmsd=0x1009479e0 <vmstate_spapr>, opaque=0x1019103c0, version_id=<optimized out>) at qemu/migration/vmstate.c:165 #4 0x00000001005987e0 in vmstate_load (f=<optimized out>, se=<optimized out>) at qemu/migration/savevm.c:748 This patch fixes the problem by not calling the KVM function with the TCG mode. Fixes: d39c90f5f3 ("spapr: Fix migration of Radix guests") Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-29Update version for v2.11.0-rc3 releasePeter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-29Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches for 2.11.0-rc3 # gpg: Signature made Wed 29 Nov 2017 15:25:13 GMT # gpg: using RSA key 0x7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: block/nfs: fix nfs_client_open for filesize greater than 1TB blockjob: reimplement block_job_sleep_ns to allow cancellation blockjob: introduce block_job_do_yield blockjob: remove clock argument from block_job_sleep_ns block: Expect graph changes in bdrv_parent_drained_begin/end blockjob: Remove the job from the list earlier in block_job_unref() QAPI & interop: Clarify events emitted by 'block-job-cancel' qemu-options: Mention locking option of file driver docs: Add image locking subsection iotests: fix 075 and 078 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-29Merge remote-tracking branch 'mreitz/tags/pull-block-2017-11-29' into ↵Kevin Wolf
queue-block One block patch for 2.11.0-rc3 # gpg: Signature made Wed Nov 29 15:28:38 2017 CET # gpg: using RSA key F407DB0061D5CF40 # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" # Primary key fingerprint: 91BE B60A 30DB 3E88 57D1 1829 F407 DB00 61D5 CF40 * mreitz/tags/pull-block-2017-11-29: block/nfs: fix nfs_client_open for filesize greater than 1TB Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-11-29block/nfs: fix nfs_client_open for filesize greater than 1TBPeter Lieven
DIV_ROUND_UP(st.st_size, BDRV_SECTOR_SIZE) was overflowing ret (int) if st.st_size is greater than 1TB. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Lieven <pl@kamp.de> Message-id: 1511798407-31129-1-git-send-email-pl@kamp.de Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-11-29blockjob: reimplement block_job_sleep_ns to allow cancellationPaolo Bonzini
This reverts the effects of commit 4afeffc857 ("blockjob: do not allow coroutine double entry or entry-after-completion", 2017-11-21) This fixed the symptom of a bug rather than the root cause. Canceling the wait on a sleeping blockjob coroutine is generally fine, we just need to make it work correctly across AioContexts. To do so, use a QEMUTimer that calls block_job_enter. Use a mutex to ensure that block_job_enter synchronizes correctly with block_job_sleep_ns. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Tested-By: Jeff Cody <jcody@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-11-29blockjob: introduce block_job_do_yieldPaolo Bonzini
Hide the clearing of job->busy in a single function, and set it in block_job_enter. This lets block_job_do_yield verify that qemu_coroutine_enter is not used while job->busy = false. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Tested-By: Jeff Cody <jcody@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-11-29blockjob: remove clock argument from block_job_sleep_nsPaolo Bonzini
All callers are using QEMU_CLOCK_REALTIME, and it will not be possible to support more than one clock when block_job_sleep_ns switches to a single timer stored in the BlockJob struct. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Tested-By: Jeff Cody <jcody@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-11-29block: Expect graph changes in bdrv_parent_drained_begin/endKevin Wolf
The .drained_begin/end callbacks can (directly or indirectly via aio_poll()) cause block nodes to be removed or the current BdrvChild to point to a different child node. Use QLIST_FOREACH_SAFE() to make sure we don't access invalid BlockDriverStates or accidentally continue iterating the parents of the new child node instead of the node we actually came from. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Tested-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-11-28blockjob: Remove the job from the list earlier in block_job_unref()Alberto Garcia
When destroying a block job in block_job_unref() we should remove it from the job list before calling block_job_remove_all_bdrv(). This is because removing the BDSs can trigger an aio_poll() and wake up other jobs that might attempt to use the block job list. If that happens the job we're currently destroying should not be in that list anymore. Signed-off-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-11-28Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2017-11-28' into ↵Peter Maydell
staging nbd patches for 2017-11-28 Eric Blake - 0/2 fix two NBD server CVEs # gpg: Signature made Tue 28 Nov 2017 12:58:29 GMT # gpg: using RSA key 0xA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" # gpg: aka "[jpeg image of size 6874]" # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2017-11-28: nbd/server: CVE-2017-15118 Stack smash on large export name nbd/server: CVE-2017-15119 Reject options larger than 32M Signed-off-by: Peter Maydell <peter.maydell@linaro.org>