aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-10-07target-sparc: Remove gen_opc_jump_pcRichard Henderson
Since jump_pc[1] is always npc + 4, we can infer after incrementing that jump_pc[1] == pc + 4. Because of that, we can encode the branch destination into a single word, and store that in npc. Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-sparc: Split out gen_branch_nRichard Henderson
Unify three copies of this code from different branch types. Fix the case when npc == DYNAMIC_PC, i.e. a branch within a delay slot. Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-sparc: Tidy gen_branch_a interfaceRichard Henderson
We always pass pc2 == dc->npc and r_cond == cpu_cond, and always set is_br afterward. Infer all of that. Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-cris: Mirror gen_opc_pc into insn_startRichard Henderson
This perhaps isn't ideal in terms of (ab)using the "pc" field to encode both pc and ppc + delay branch state, as one has to be aware of this when examining opcode dumps. But it preserves existing logic, which will be good for bisection, and it certainly does save storage space. Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-sh4: Add flags state to insn_startRichard Henderson
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-s390x: Add cc_op state to insn_startRichard Henderson
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-mips: Add delayed branch state to insn_startRichard Henderson
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-i386: Add cc_op state to insn_startRichard Henderson
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-arm: Add condexec state to insn_startRichard Henderson
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07tcg: Allow extra data to be attached to insn_startRichard Henderson
With an eye toward having this data replace the gen_opc_* arrays that each target collects in order to enable restore_state_from_tb. Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-*: Introduce and use cpu_breakpoint_testRichard Henderson
Reduce the boilerplate required for each target. At the same time, move the test for breakpoint after calling tcg_gen_insn_start. Note that arm and aarch64 do not use cpu_breakpoint_test, but still move the inline test down after tcg_gen_insn_start. Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-*: Increment num_insns immediately after tcg_gen_insn_startRichard Henderson
This does tidy the icount test common to all targets. Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-*: Unconditionally emit tcg_gen_insn_startRichard Henderson
While we're at it, emit the opcode adjacent to where we currently record data for search_pc. This puts gen_io_start et al on the "correct" side of the marker. Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07tcg: Rename debug_insn_start to insn_startRichard Henderson
With an eye toward making it mandatory. Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Support iret instruction and related special registersChen Gang
EX_CONTEXT_0_0 is used for jumping address, and EX_CONTEXT_0_1 is for INTERRUPT_CRITICAL_SECTION, which should only be 0 or 1 in user mode, or it will cause target SIGILL (and the patch doesn't support system mode). Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Use TILEGX_EXCP_OPCODE_UNKNOWN and ↵Chen Gang
TILEGX_EXCP_OPCODE_UNIMPLEMENTED correctly For some cases, they are for TILEGX_EXCP_OPCODE_UNKNOWN, not for TILEGX_EXCP_OPCODE_UNIMPLEMENTED. Also for some cases, they are for TILEGX_EXCP_OPCODE_UNIMPLEMENTED, not for TILEGX_EXCP_OPCODE_UNKNOWN. When analyzing issues, the correct printing information is necessary, e.g. grep UIMP in gcc testsuite output log for finding qemu tilegx umimplementation issues, grep UNKNOWN for finding unknown instructions. Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Implement v2mults instructionChen Gang
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Message-Id: <1443956491-26850-3-git-send-email-gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Implement v?int_* instructions.Chen Gang
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Message-Id: <1443956491-26850-2-git-send-email-gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Implement v2sh* instructionsChen Gang
It is just according to v1sh* instructions implementation. Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Message-Id: <1443956491-26850-1-git-send-email-gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Handle nofault prefetch instructionsRichard Henderson
These are mapped onto some of the normal load instructions, when the destination is the zero register. Other load insns do fault even when targeting the zero register. Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Fix a typo for mnemonic about "ld_add"Chen Gang
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Message-Id: <1443562720-3008-1-git-send-email-gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Use TILEGX_EXCP_SIGNAL instead of TILEGX_EXCP_SEGVRichard Henderson
Consolidate signal handling under a single exception. Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Decode ill pseudo-instructionsChen Gang
Notice raise and bpt, decoding the constants embedded in the nop addil instruction in the x0 slot. [rth: Generalize TILEGX_EXCP_OPCODE_ILL to TILEGX_EXCP_SIGNAL. Drop validation of signal values.] Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Message-Id: <1443243635-4886-1-git-send-email-gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07linux-user/tilegx: Implement tilegx signal featuresChen Gang
[rth: Remove the spreg[EX1] handling, as it's irrelevant to user-mode.] Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Message-Id: <1443312618-13641-1-git-send-email-gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07linux-user/syscall_defs.h: Sync the latest si_code from Linux kernelChen Gang
They content several new macro members, also contents TARGET_N*. Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Message-Id: <1443240605-2924-1-git-send-email-gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Let x1 pipe process bpt instruction onlyChen Gang
According to the related document, bpt can be only in x1 pipe. Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Message-Id: <1443224574-2718-1-git-send-email-gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Implement complex multiply instructionsRichard Henderson
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Implement table index instructionsRichard Henderson
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Implement crc instructionsRichard Henderson
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Implement v1multu instructionChen Gang
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Message-Id: <1442874414-3578-1-git-send-email-gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Implement v*add and v*sub instructionsChen Gang
[rth: Implement everything inline; handle v1addi and v2addi as well.] Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Message-Id: <1442873918-3394-1-git-send-email-gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Implement v*shl, v*shru, and v*shrs instructionsChen Gang
v2sh* are implemented with helper functions; v4sh* are implmeneted with inline code. Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Message-Id: <1442872055-2836-1-git-send-email-gang.chen.5i5j@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-07target-tilegx: Tidy simd_helper.cRichard Henderson
Using the V1 macro when we want to replicate a byte across the 8 elements of the word. Using deposit and extract for manipulating specific elements. Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-10-06pc-dimm: Fail realization for invalid nodes in non-NUMA configBharata B Rao
pc_dimm_realize() validates the NUMA node to which memory hotplug is being performed only in case of NUMA configuration. Include a check to fail for invalid nodes in case of non-NUMA configuration too. Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-10-06Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20151006' into ↵Peter Maydell
staging s390: fixes Some fixes all over the place: - ccw bios and gcc 5.1 (avoid floating point ops) - properly print vector registers - sclp and sclp-event-facility no longer hang on object_unref(object_new(T)) - better name for io_subsystem_reset One feature - the gdb server now exposes several virtualization specific register # gpg: Signature made Tue 06 Oct 2015 11:20:24 BST using RSA key ID B5A61C7C # gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>" * remotes/borntraeger/tags/s390x-20151006: s390x: rename io_subsystem_reset -> subsystem_reset s390x/info registers: print vector registers properly s390x: set missing parent for hotplug and quiesce events s390x/gdb: expose virtualization specific registers pc-bios/s390-ccw: avoid floating point operations Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-06Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into ↵Peter Maydell
staging X86 queue, 2015-10-05 # gpg: Signature made Mon 05 Oct 2015 17:04:38 BST using RSA key ID 984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" * remotes/ehabkost/tags/x86-pull-request: icc_bus: drop the unused files cpu/apic: drop icc bus/bridge x86: use new method to correct reset sequence apic: move APIC's MMIO region mapping into APIC Correctly re-init EFER state during INIT IPI target-i386: add ABM to Haswell* and Broadwell* CPU models target-i386: get/put MSR_TSC_AUX across reset and migration target-i386: Make check_hw_breakpoints static target-i386: Move breakpoint related functions to new file target-i386: Convert kvm_default_*features to property/value pairs vl: Add another sanity check to smp_parse() function cpu: Introduce X86CPUTopoInfo structure for argument simplification Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-06Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into stagingPeter Maydell
# gpg: Signature made Mon 05 Oct 2015 17:01:11 BST using RSA key ID AAFC390E # gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" * remotes/jnsnow/tags/ide-pull-request: qtest/ide-test: ppc64be correction for ATAPI tests MAINTAINERS: Small IDE/FDC touchup qtest/ahci: fix redundant assertion Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-06tests: vhost-user: disable unless CONFIG_VHOST_NETMichael S. Tsirkin
vhost-user depends on vhost-net. We should probably fix that. For now, let's disable the test otherwise. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-05vfio: Allow hotplug of containers onto existing guest IOMMU mappingsDavid Gibson
At present the memory listener used by vfio to keep host IOMMU mappings in sync with the guest memory image assumes that if a guest IOMMU appears, then it has no existing mappings. This may not be true if a VFIO device is hotplugged onto a guest bus which didn't previously include a VFIO device, and which has existing guest IOMMU mappings. Therefore, use the memory_region_register_iommu_notifier_replay() function in order to fix this case, replaying existing guest IOMMU mappings, bringing the host IOMMU into sync with the guest IOMMU. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05memory: Allow replay of IOMMU mapping notificationsDavid Gibson
When we have guest visible IOMMUs, we allow notifiers to be registered which will be informed of all changes to IOMMU mappings. This is used by vfio to keep the host IOMMU mappings in sync with guest IOMMU mappings. However, unlike with a memory region listener, an iommu notifier won't be told about any mappings which already exist in the (guest) IOMMU at the time it is registered. This can cause problems if hotplugging a VFIO device onto a guest bus which had existing guest IOMMU mappings, but didn't previously have an VFIO devices (and hence no host IOMMU mappings). This adds a memory_region_iommu_replay() function to handle this case. It replays any existing mappings in an IOMMU memory region to a specified notifier. Because the IOMMU memory region doesn't internally remember the granularity of the guest IOMMU it has a small hack where the caller must specify a granularity at which to replay mappings. If there are finer mappings in the guest IOMMU these will be reported in the iotlb structures passed to the notifier which it must handle (probably causing it to flag an error). This isn't new - the VFIO iommu notifier must already handle notifications about guest IOMMU mappings too short for it to represent in the host IOMMU. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05vfio: Record host IOMMU's available IO page sizesDavid Gibson
Depending on the host IOMMU type we determine and record the available page sizes for IOMMU translation. We'll need this for other validation in future patches. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05vfio: Check guest IOVA ranges against host IOMMU capabilitiesDavid Gibson
The current vfio core code assumes that the host IOMMU is capable of mapping any IOVA the guest wants to use to where we need. However, real IOMMUs generally only support translating a certain range of IOVAs (the "DMA window") not a full 64-bit address space. The common x86 IOMMUs support a wide enough range that guests are very unlikely to go beyond it in practice, however the IOMMU used on IBM Power machines - in the default configuration - supports only a much more limited IOVA range, usually 0..2GiB. If the guest attempts to set up an IOVA range that the host IOMMU can't map, qemu won't report an error until it actually attempts to map a bad IOVA. If guest RAM is being mapped directly into the IOMMU (i.e. no guest visible IOMMU) then this will show up very quickly. If there is a guest visible IOMMU, however, the problem might not show up until much later when the guest actually attempt to DMA with an IOVA the host can't handle. This patch adds a test so that we will detect earlier if the guest is attempting to use IOVA ranges that the host IOMMU won't be able to deal with. For now, we assume that "Type1" (x86) IOMMUs can support any IOVA, this is incorrect, but no worse than what we have already. We can't do better for now because the Type1 kernel interface doesn't tell us what IOVA range the IOMMU actually supports. For the Power "sPAPR TCE" IOMMU, however, we can retrieve the supported IOVA range and validate guest IOVA ranges against it, and this patch does so. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05vfio: Generalize vfio_listener_region_add failure pathDavid Gibson
If a DMA mapping operation fails in vfio_listener_region_add() it checks to see if we've already completed initial setup of the container. If so it reports an error so the setup code can fail gracefully, otherwise throws a hw_error(). There are other potential failure cases in vfio_listener_region_add() which could benefit from the same logic, so move it to its own fail: block. Later patches can use this to extend other failure cases to fail as gracefully as possible under the circumstances. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05vfio: Remove unneeded union from VFIOContainerDavid Gibson
Currently the VFIOContainer iommu_data field contains a union with different information for different host iommu types. However: * It only actually contains information for the x86-like "Type1" iommu * Because we have a common listener the Type1 fields are actually used on all IOMMU types, including the SPAPR TCE type as well In fact we now have a general structure for the listener which is unlikely to ever need per-iommu-type information, so this patch removes the union. In a similar way we can unify the setup of the vfio memory listener in vfio_connect_container() that is currently split across a switch on iommu type, but is effectively the same in both cases. The iommu_data.release pointer was only needed as a cleanup function which would handle potentially different data in the union. With the union gone, it too can be removed. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05hw/vfio/platform: do not set resamplefd for edge-sensitive IRQSEric Auger
In irqfd mode, current code attempts to set a resamplefd whatever the type of the IRQ. For an edge-sensitive IRQ this attempt fails and as a consequence, the whole irqfd setup fails and we fall back to the slow mode. This patch bypasses the resamplefd setting for non level-sentive IRQs. Signed-off-by: Eric Auger <eric.auger@linaro.org> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05hw/vfio/platform: change interrupt/unmask fields into pointerEric Auger
unmask EventNotifier might not be initialized in case of edge sensitive irq. Using EventNotifier pointers make life simpler to handle the edge-sensitive irqfd setup. Signed-off-by: Eric Auger <eric.auger@linaro.org> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05hw/vfio/platform: irqfd setup sequence updateEric Auger
With current implementation, eventfd VFIO signaling is first set up and then irqfd is setup, if supported and allowed. This start sequence causes several issues with IRQ forwarding setup which, if supported, is transparently attempted on irqfd setup: IRQ forwarding setup is likely to fail if the IRQ is detected as under injection into the guest (active at irqchip level or VFIO masked). This currently always happens because the current sequence explicitly VFIO-masks the IRQ before setting irqfd. Even if that masking were removed, we couldn't prevent the case where the IRQ is under injection into the guest. So the simpler solution is to remove this 2-step startup and directly attempt irqfd setup. This is what this patch does. Also in case the eventfd setup fails, there is no reason to go farther: let's abort. Signed-off-by: Eric Auger <eric.auger@linaro.org> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-10-05qtest/ide-test: ppc64be correction for ATAPI testsJohn Snow
the 16bit ide data register is LE by definition. Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Message-id: 1443461938-30039-1-git-send-email-jsnow@redhat.com
2015-10-05MAINTAINERS: Small IDE/FDC touchupJohn Snow
libqos/ahci and tests/fdc-test are under my purview also, include them in the appropriate stanzas. Signed-off-by: John Snow <jsnow@redhat.com> Message-id: 1443117055-29240-1-git-send-email-jsnow@redhat.com
2015-10-05qtest/ahci: fix redundant assertionJohn Snow
Fixes https://bugs.launchpad.net/qemu/+bug/1497711 (!ncq || (ncq && lba48)) is the same as (!ncq || lba48). The intention is simply: "If a command is NCQ, it must also be LBA48." Signed-off-by: John Snow <jsnow@redhat.com> Message-id: 1442868929-17777-1-git-send-email-jsnow@redhat.com