Emilio G. Cota [Tue, 8 Aug 2017 17:54:42 +0000 (13:54 -0400)]
hmp-commands-info: add sync-profile
The command introduced here is just for developers. This means that:
- the info displayed and the output format could change in the future
- the command is only meant to be used from HMP, not from QMP
Sample output:
(qemu) sync-profile
sync-profile is off
(qemu) info sync-profile
Type Object Call site Wait Time (s) Count Average (us)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
(qemu) sync-profile on
(qemu) sync-profile
sync-profile is on
(qemu) info sync-profile 15
Type Object Call site Wait Time (s) Count Average (us)
----------------------------------------------------------------------------------------------
condvar 0x55a01813ced0 cpus.c:1165 91.38235 2842 32154.24
BQL mutex 0x55a0171b7140 cpus.c:1434 12.56490 5787 2171.23
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:432 7.75846 2844 2728.01
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:870 5.09889 2884 1767.99
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:529 3.46140 3254 1063.74
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:804 0.76333 8655 88.20
BQL mutex 0x55a0171b7140 cpus.c:1466 0.60893 2941 207.05
BQL mutex 0x55a0171b7140 util/main-loop.c:236 0.00894 6425 1.39
mutex [ 3] util/qemu-timer.c:520 0.00342 50611 0.07
mutex [ 2] util/qemu-timer.c:426 0.00254 31336 0.08
mutex [ 3] util/qemu-timer.c:234 0.00107 19275 0.06
mutex 0x55a0171d9960 vl.c:763 0.00043 6425 0.07
mutex 0x55a0180d1bb0 monitor.c:458 0.00015 1603 0.09
mutex 0x55a0180e4c78 chardev/char.c:109 0.00002 217 0.08
mutex 0x55a0180d1bb0 monitor.c:448 0.00001 162 0.08
----------------------------------------------------------------------------------------------
(qemu) info sync-profile -m 15
Type Object Call site Wait Time (s) Count Average (us)
----------------------------------------------------------------------------------------------
condvar 0x55a01813ced0 cpus.c:1165 95.11196 3051 31174.03
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:432 7.92108 3052 2595.37
BQL mutex 0x55a0171b7140 cpus.c:1434 13.38253 6210 2155.00
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:870 5.09901 3093 1648.57
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:529 4.21123 3468 1214.31
BQL mutex 0x55a0171b7140 cpus.c:1466 0.60895 3156 192.95
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:804 0.76337 9282 82.24
BQL mutex 0x55a0171b7140 util/main-loop.c:236 0.00944 6889 1.37
mutex 0x55a01813ce80 tcg/tcg.c:397 0.00000 24 0.15
mutex 0x55a0180d1bb0 monitor.c:458 0.00018 1922 0.09
mutex [ 2] util/qemu-timer.c:426 0.00266 32710 0.08
mutex 0x55a0180e4c78 chardev/char.c:109 0.00002 260 0.08
mutex 0x55a0180d1bb0 monitor.c:448 0.00001 187 0.08
mutex 0x55a0171d9960 vl.c:763 0.00047 6889 0.07
mutex [ 3] util/qemu-timer.c:520 0.00362 53377 0.07
----------------------------------------------------------------------------------------------
(qemu) info sync-profile -m -n 15
Type Object Call site Wait Time (s) Count Average (us)
----------------------------------------------------------------------------------------------
condvar 0x55a01813ced0 cpus.c:1165 101.39331 3398 29839.12
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:432 7.92112 3399 2330.43
BQL mutex 0x55a0171b7140 cpus.c:1434 14.28280 6922 2063.39
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:870 5.77505 3445 1676.36
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:529 5.66139 3883 1457.99
BQL mutex 0x55a0171b7140 cpus.c:1466 0.60901 3519 173.06
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:804 0.76351 10338 73.85
BQL mutex 0x55a0171b7140 util/main-loop.c:236 0.01032 7664 1.35
mutex 0x55a0180e4f08 util/qemu-timer.c:426 0.00041 901 0.45
mutex 0x55a01813ce80 tcg/tcg.c:397 0.00000 24 0.15
mutex 0x55a0180d1bb0 monitor.c:458 0.00022 2319 0.09
mutex 0x55a0180e4c78 chardev/char.c:109 0.00003 306 0.08
mutex 0x55a0180e4f08 util/qemu-timer.c:520 0.00068 8565 0.08
mutex 0x55a0180d1bb0 monitor.c:448 0.00002 215 0.08
mutex 0x55a0180e4f78 util/qemu-timer.c:426 0.00247 34224 0.07
----------------------------------------------------------------------------------------------
(qemu) sync-profile reset
(qemu) info sync-profile -m 2
Type Object Call site Wait Time (s) Count Average (us)
--------------------------------------------------------------------------------------------
condvar 0x55a01813ced0 cpus.c:1165 2.78756 99 28157.12
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:870 0.33054 102 3240.55
--------------------------------------------------------------------------------------------
(qemu) sync-profile off
(qemu) sync-profile
sync-profile is off
(qemu) sync-profile reset
(qemu) info sync-profile
Type Object Call site Wait Time (s) Count Average (us)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Emilio G. Cota [Wed, 15 Aug 2018 20:00:03 +0000 (16:00 -0400)]
hmp-commands: add sync-profile
The command introduced here is just for developers. This means that:
- the interface implemented here could change in the future
- the command is only meant to be used from HMP, not from QMP
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Emilio G. Cota [Sat, 28 Oct 2017 06:16:41 +0000 (02:16 -0400)]
qsp: track BQL callers explicitly
The BQL is acquired via qemu_mutex_lock_iothread(), which makes
the profiler assign the associated wait time (i.e. most of
BQL wait time) entirely to that function. This loses the original
call site information, which does not help diagnose BQL contention.
Fix it by tracking the callers explicitly.
Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Emilio G. Cota [Fri, 17 Aug 2018 03:29:49 +0000 (23:29 -0400)]
qsp: add qsp_reset
I first implemented this by deleting all entries in the global
hash table. But doing that safely slows down profiling, since
we'd need to introduce rcu_read_lock/unlock in the fast path.
What's implemented here avoids messing with the thread-local
data in the global hash table. It achieves this by taking a snapshot
of the current state, so that subsequent reports present the delta
wrt to the snapshot.
Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Emilio G. Cota [Tue, 8 Aug 2017 17:53:15 +0000 (13:53 -0400)]
qsp: QEMU's Synchronization Profiler
The goal of this module is to profile synchronization primitives (i.e.
mutexes, recursive mutexes and condition variables) so that scalability
issues can be quickly diagnosed.
Sync primitives are profiled by QSP based on the vaddr of the object accessed
as well as the call site (file:line_nr). That means the same object called
from two different call sites will be tracked in separate entries, which
might be reported together or separately (see subsequent commit on
call site coalescing).
That is, a negligible slowdown due to the now indirect call to
qemu_mutex_lock. Note that using a branch instead of an indirect
call introduces a more severe slowdown (53.65 Mops/s, i.e. 2% slowdown).
Enabling the profiler (with -p, added in this series) is more interesting:
- No profiling: 54.75 Mops/s
- W/ profiling: 12.53 Mops/s
That is, a 4.36X slowdown.
We can break down this slowdown by removing the get_clock calls or
the entry lookup:
Thomas Huth [Thu, 16 Aug 2018 11:35:57 +0000 (13:35 +0200)]
tests/device-introspect: Test with all machines, not only with "none"
Certain device introspection crashes used to only happen if you were
using a certain machine, e.g. if the machine was using serial_hd() or
nd_table[], and a device was trying to use these in its instance_init
function, too.
To be able to catch these problems, let's extend the device-introspect
test to check the devices on all machine types, with and without the
"-nodefaults" parameter (since this makes a difference sometimes, too).
Since this is a rather slow operation, and most of the problems are
already handled by testing with the "none" machine only, the test with
all machines is only run in the "make check SPEED=slow" mode.
Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1534419358-10932-8-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Thomas Huth [Thu, 16 Aug 2018 11:35:56 +0000 (13:35 +0200)]
tests/device-introspection: Check that the qom-tree and qtree do not change
Introspection should not change the qom-tree / qtree, so we should check
this in the device-introspect-test, too. This patch helped to find lots
of instrospection bugs during the QEMU v3.0 soft/hard-freeze period in the
last two months.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1534419358-10932-7-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Thomas Huth [Thu, 16 Aug 2018 11:35:55 +0000 (13:35 +0200)]
tests: Skip old versioned machine types in quick testing mode
The tests that check something for all machine types currently spend
a lot of time checking old machine types (like "pc-i440fx-2.0" for
example). The chances that we find something new there in addition
to checking the latest version of a machine type are pretty low, so
we should not waste the time of the developers by testing this again
and again in the "quick" testing mode.
Thus let's add some code to determine whether we are testing a current
machine type or an old one, and only test the old types if we are
running in "SPEED=slow" mode.
This decreases the testing time quite a bit now, e.g. the qom-test
now finishes within 4 seconds for qemu-system-x86_64 instead of 30
seconds when testing all machines.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1534419358-10932-6-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Thomas Huth [Thu, 16 Aug 2018 11:35:54 +0000 (13:35 +0200)]
hw/timer/mc146818rtc: Fix introspection problem
There is currently a funny problem with the "mc146818rtc" device:
1) Start QEMU like this:
qemu-system-ppc64 -M pseries -S
2) At the HMP monitor, enter "info qom-tree". Note that there is an
entry for "/rtc (spapr-rtc)".
3) Introspect the mc146818rtc device like this:
device_add mc146818rtc,help
4) Run "info qom-tree" again. The "/rtc" entry is gone now!
The rtc_finalize() function of the mc146818rtc device has two bugs: First,
it tries to remove a "rtc" property, while the rtc_realizefn() added a
"rtc-time" property instead. And second, it should have been done in an
unrealize function, not in a finalize function, to avoid that this causes
problems during introspection.
But since adding aliases to the global machine state should not be done
from a device's realize function anyway, let's rather fix this issue
by moving the creation of the alias to the code that creates the device
(and thus is run from the machine init functions instead), i.e. the
mc146818_rtc_init() function for most machines. The prep machines are
special, since the mc146818rtc device is created here in the realize
function of the i82378 device. Since we certainly don't want to add the
alias there, we add it to some code that is called from the ibm_40p_init()
machine init function instead.
Since the alias is now only created during the machine init, we can remove
the object_property_del() completely.
Fixes: 654a36d857ff949e0d1989904b76f53fded9dc83 Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1534419358-10932-5-git-send-email-thuth@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Thomas Huth [Thu, 16 Aug 2018 11:35:53 +0000 (13:35 +0200)]
hw/timer/mc146818rtc: White space clean-up
mc146818rtc.c still contains some TABs. Replace them with spaces.
And while we're at it, also delete trailing whitespace in this file.
Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1534419358-10932-4-git-send-email-thuth@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Thomas Huth [Thu, 16 Aug 2018 11:35:52 +0000 (13:35 +0200)]
net: Silence 'has no peer' messages in testing mode
When running qtests with -nodefaults, we are not interested in
these 'XYZ has no peer' messages.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1534419358-10932-3-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Thomas Huth [Thu, 16 Aug 2018 11:35:51 +0000 (13:35 +0200)]
tests/migration-test: Silence the kvm_hv message by default
When running "make check" on a non-POWER host, the output is quite
distorted like this:
[...]
GTESTER check-qtest-nios2
GTESTER check-qtest-or1k
GTESTER check-qtest-ppc64
Skipping test: kvm_hv not available Skipping test: kvm_hv not available Skipping test: kvm_hv not available Skipping test: kvm_hv not available GTESTER check-qtest-ppcemb
GTESTER check-qtest-ppc
GTESTER check-qtest-riscv32
GTESTER check-qtest-riscv64
[...]
Move the check to the beginning of the main function instead, so that
we do not have to test the condition again and again for each test,
and better use g_test_message() instead of g_print() here, like it is
also done in ufd_version_check() already.
Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1534419358-10932-2-git-send-email-thuth@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 14 Aug 2018 15:40:41 +0000 (17:40 +0200)]
MAINTAINERS: add maintainers for qtest
Thomas has been doing a lot of work on qom-test and device-introspection-test,
and Laurent has ported libqos to sPAPR and co-mentored Emanuele on the
upcoming qtest device framework. They deserve recognition. :)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x7f06f8faac48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x7f06f87a73c5 in g_malloc (/lib64/libglib-2.0.so.0+0x523c5)
#2 0x55a729f17738 in pci_dma_sglist_init /home/elmarco/src/qq/include/hw/pci/pci.h:818
#3 0x55a729f2a706 in megasas_map_dcmd /home/elmarco/src/qq/hw/scsi/megasas.c:698
#4 0x55a729f39421 in megasas_handle_dcmd /home/elmarco/src/qq/hw/scsi/megasas.c:1574
#5 0x55a729f3f70d in megasas_handle_frame /home/elmarco/src/qq/hw/scsi/megasas.c:1955
#6 0x55a729f40939 in megasas_mmio_write /home/elmarco/src/qq/hw/scsi/megasas.c:2119
#7 0x55a729f41102 in megasas_port_write /home/elmarco/src/qq/hw/scsi/megasas.c:2170
#8 0x55a729220e60 in memory_region_write_accessor /home/elmarco/src/qq/memory.c:527
#9 0x55a7292212b3 in access_with_adjusted_size /home/elmarco/src/qq/memory.c:594
#10 0x55a72922cf70 in memory_region_dispatch_write /home/elmarco/src/qq/memory.c:1473
#11 0x55a7290f5907 in flatview_write_continue /home/elmarco/src/qq/exec.c:3255
#12 0x55a7290f5ceb in flatview_write /home/elmarco/src/qq/exec.c:3294
#13 0x55a7290f6457 in address_space_write /home/elmarco/src/qq/exec.c:3384
#14 0x55a7290f64a8 in address_space_rw /home/elmarco/src/qq/exec.c:3395
#15 0x55a72929ecb0 in kvm_handle_io /home/elmarco/src/qq/accel/kvm/kvm-all.c:1729
#16 0x55a7292a0db5 in kvm_cpu_exec /home/elmarco/src/qq/accel/kvm/kvm-all.c:1969
#17 0x55a7291c4212 in qemu_kvm_cpu_thread_fn /home/elmarco/src/qq/cpus.c:1215
#18 0x55a72a966a6c in qemu_thread_start /home/elmarco/src/qq/util/qemu-thread-posix.c:504
#19 0x7f06ed486593 in start_thread (/lib64/libpthread.so.0+0x7593)
Move the qemu_sglist_destroy() from megasas_complete_command() to
megasas_unmap_frame(), so map/unmap are balanced.
Julia Suvorova [Mon, 13 Aug 2018 09:34:02 +0000 (12:34 +0300)]
chardev/char-fe: Fix typos
Fixup some typos in the comments.
Signed-off-by: Julia Suvorova <jusual@mail.ru>
Message-Id: <20180813093402.10852-1-jusual@mail.ru> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After commit b3f1c8c413bc83e4a2cc7a63e4eddf9fe6449052 "qemu-pr-helper: use new
libmultipath API", QEMU started using new libmultipath API, which is not
available on CentOS 7.x.
This fixes that by probing the new libmultipath API in configure. If it fails,
then try probing the old API. If it fails, then consider libmultipath not
available.
With this, configure script defines CONFIG_MPATH_NEW_API that is used in
scsi/qemu-pr-helper.c to use the new libmultipath API.
Paolo Bonzini [Fri, 10 Aug 2018 14:35:19 +0000 (16:35 +0200)]
checkpatch: fix filename detection when using -f
Fix $realfile filename when using -f/--file to not remove first level
directory as if the filename was used in a -P1 patch. Only strip the
first level directory (typically a or b) for P1 patches.
Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(extracted from Linux commit 2b7ab45395dc4d91ef30985f76d90a8f28f58c27) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 1 Aug 2018 15:14:09 +0000 (17:14 +0200)]
fix "Missing break in switch" coverity reports
Many of these are marked as "intentional/fix required" because they
just need adding a fall through comment. This is exactly what this
patch does, except for target/mips/translate.c where it is easier to
duplicate the code, and hw/audio/sb16.c where I consulted the DOSBox
sources and decide to just remove the LOG_UNIMP before the fallthrough.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 1 Aug 2018 13:26:22 +0000 (15:26 +0200)]
tests: virtio: separate ccw tests from libqos
Because qtest does not support s390 channel I/O, s390 only performs smoke tests on
those few devices that do not have any functional tests. Therefore, every time we
add functional tests for a virtio device, the choice is between removing
those tests from the s390 suite (so that s390 actually _loses_ coverage)
or sprinkling the test with architecture checks.
This patch simply creates a ccw-specific test that only performs smoke tests on
all virtio-ccw devices. If channel I/O support is ever added to qtest and libqos,
then this file can go away. In the meanwhile, it simplifies maintenance and
makes sure that all virtio devices are tested.
Acked-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* remotes/vivier2/tags/linux-user-for-3.1-pull-request:
linux-user: add QEMU_IFLA_INFO_KIND nested type for tun
linux-user: update netlink route types
linux-user: introduce QEMU_RTA_* to use with rtattr_type_t
linux-user: fix recvmsg()/recvfrom() with netlink and MSG_TRUNC
sh4: fix use_icount with linux-user
linux-user: fix 32bit g2h()/h2g()
qemu-binfmt-conf.sh: add x86_64 target
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 21 Aug 2018 09:23:53 +0000 (10:23 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc: fixes
This includes nvdimm persistence fixes queued before the release.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 20 Aug 2018 11:38:11 BST
# gpg: using RSA key 281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
migration/ram: ensure write persistence on loading all data to PMEM.
migration/ram: Add check and info message to nvdimm post copy.
mem/nvdimm: ensure write persistence to PMEM in label emulation
hostmem-file: add the 'pmem' option
configure: add libpmem support
memory, exec: switch file ram allocation functions to 'flags' parameters
memory, exec: Expose all memory block related flags.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 21 Aug 2018 08:24:19 +0000 (09:24 +0100)]
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc.for-upstream-20180820' into staging
qemu-sparc.for-upstream queue
# gpg: Signature made Mon 20 Aug 2018 19:38:04 BST
# gpg: using RSA key 5BC2C56FAE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F
* remotes/mcayland/tags/qemu-sparc.for-upstream-20180820:
sun4m: don't use legacy fw_cfg_init_mem() function
sun4u: ensure kernel_top is always initialised
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Laurent Vivier [Mon, 20 Aug 2018 17:15:55 +0000 (19:15 +0200)]
linux-user: introduce QEMU_RTA_* to use with rtattr_type_t
Following commit will introduce RTA_PREF that appears only with
kernel v4.1. To avoid to manage a specific case for it, this patch
introduces the full list of rtattr_type_t prefixed with QEMU_ (as we
did for IFLA values)
Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20180820171557.7734-3-laurent@vivier.eu>
[lv: added more RTA_* from linux v4.18]
Laurent Vivier [Mon, 20 Aug 2018 17:15:54 +0000 (19:15 +0200)]
linux-user: fix recvmsg()/recvfrom() with netlink and MSG_TRUNC
If recvmsg()/recvfrom() are used with the MSG_TRUNC flag, they return the
real length even if it was longer than the passed buffer.
So when we translate the buffer we must check we don't go beyond the
end of the buffer.
Bug: https://github.com/vivier/qemu-m68k/issues/33 Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20180820171557.7734-2-laurent@vivier.eu>
Mark Cave-Ayland [Fri, 10 Aug 2018 10:40:37 +0000 (11:40 +0100)]
sun4u: ensure kernel_top is always initialised
Valgrind reports that when loading a non-ELF kernel, kernel_top may be used
uninitialised when checking for an initrd.
Since there are no known non-ELF kernels for SPARC64 then we can simply
initialise kernel_top to 0 and then skip the initrd load process if it hasn't
been set by load_elf().
Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Peter Maydell [Mon, 20 Aug 2018 16:41:18 +0000 (17:41 +0100)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180820' into staging
First round of s390x patches for 3.1:
- add compat machine for 3.1
- remove deprecated 's390-squash-mcss' option
- cpu models: add "max" cpu model, enhance feature group code
- kvm: add support for etoken facility and huge page backing
Peter Maydell [Mon, 20 Aug 2018 12:48:11 +0000 (13:48 +0100)]
tests/vm: Clean out old working directories on build
When we do a build inside one of the BSD VMs, first
delete any stale old build directories from the VM's
/var/tmp. This prevents the VM from running out of
disk space after it has been used for a dozen or
so builds.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 20180820124811.7982-1-peter.maydell@linaro.org
Peter Maydell [Mon, 20 Aug 2018 14:44:40 +0000 (15:44 +0100)]
Merge remote-tracking branch 'remotes/marcel/tags/rdma-pull-request' into staging
RDMA queue
# gpg: Signature made Sat 18 Aug 2018 16:01:46 BST
# gpg: using RSA key 36D4C0F0CF2FE46D
# gpg: Good signature from "Marcel Apfelbaum <marcel.apfelbaum@zoho.com>"
# gpg: aka "Marcel Apfelbaum <marcel@redhat.com>"
# gpg: aka "Marcel Apfelbaum <marcel.apfelbaum@gmail.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B1C6 3A57 F92E 08F2 640F 31F5 36D4 C0F0 CF2F E46D
* remotes/marcel/tags/rdma-pull-request:
config: split PVRDMA from RDMA
hw/pvrdma: remove not needed include
hw/rdma: Add reference to pci_dev in backend_dev
hw/rdma: Bugfix - Support non-aligned buffers
hw/rdma: Print backend QP number in hex format
hw/rdma: Cosmetic change - move to generic function
hw/pvrdma: Cosmetic change - indent right
hw/rdma: Reorder resource cleanup
hw/rdma: Do not allocate memory for non-dma MR
hw/rdma: Delete useless structure RdmaRmUserMR
hw/pvrdma: Make default pkey 0xFFFF
hw/pvrdma: Clean CQE before use
hw/rdma: Modify debug macros
hw/pvrdma: Bugfix - provide the correct attr_mask to query_qp
hw/rdma: Make distinction between device init and start modes
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 20 Aug 2018 12:22:21 +0000 (13:22 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180820' into staging
target-arm queue:
* Fix crash on conditional instruction in an IT block
* docs/generic-loader: mention U-Boot and Intel HEX executable formats
* hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset
* imx_serial: Generate interrupt on receive data ready if enabled
* Fix various minor bugs in AArch32 Hyp related coprocessor registers
* Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
* Implement AArch32 ERET instruction
* hw/arm/virt: Add virt-3.1 machine type
* sdhci: add i.MX SD Stable Clock bit
* Remove now-obsolete MMIO request_ptr APIs
* hw/timer/m48t59: Move away from old_mmio accessors
* hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module
* nvic: Expose NMI line
* hw/dma/pl080: cleanups and new features required for use in MPS boards
# gpg: Signature made Mon 20 Aug 2018 11:30:12 BST
# gpg: using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg: aka "Peter Maydell <pmaydell@gmail.com>"
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-20180820: (25 commits)
hw/dma/pl080: Remove hw_error() if DMA is enabled
hw/dma/pl080: Correct bug in register address decode logic
hw/dma/pl080: Provide device reset function
hw/dma/pl080: Don't use CPU address space for DMA accesses
hw/dma/pl080: Support all three interrupt lines
hw/dma/pl080: Allow use as embedded-struct device
nvic: Expose NMI line
hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module
hw/timer/m48t59: Move away from old_mmio accessors
hw/misc: Remove mmio_interface device
memory: Remove MMIO request_ptr APIs
hw/ssi/xilinx_spips: Remove unneeded MMIO request_ptr code
sdhci: add i.MX SD Stable Clock bit
hw/arm/virt: Add virt-3.1 machine type
target/arm: Implement AArch32 ERET instruction
target/arm: Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
target/arm: Implement ESR_EL2/HSR for AArch32 and no-EL2
target/arm: Implement AArch32 Hyp FARs
target/arm: Implement AArch32 HVBAR
target/arm: Add missing .cp = 15 to HMAIR1 and HAMAIR1 regdefs
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Janosch Frank [Thu, 2 Aug 2018 07:02:01 +0000 (08:02 +0100)]
s390x: Enable KVM huge page backing support
QEMU has had huge page support for a longer time already, but KVM
memory management under s390x needed some changes to work with huge
backings.
Now that we have support, let's enable it if requested and
available. Otherwise we now properly tell the user if there is no
support and back out instead of failing to run the VM later on.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180802070201.257406-1-frankja@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
The "max" CPU model behaves like "-cpu host" when KVM is enabled, and like
a CPU with the maximum possible feature set when TCG is enabled.
While the "host" model can not be used under TCG ("kvm_required"), the
"max" model can and "Enables all features supported by the accelerator in
the current host".
So we can treat "host" just as a special case of "max" (like x86 does).
It differs to the "qemu" CPU model under TCG such that compatibility
handling will not be performed and that some experimental CPU features
not yet part of the "qemu" model might be indicated.
These are right now under TCG (see "qemu_MAX"):
- stfle53
- msa5-base
- zpci
This will result right now in the following warning when starting QEMU TCG
with the "max" model:
"qemu-system-s390x: warning: 'msa5-base' requires 'kimd-sha-512'."
The "qemu" model (used as default in QEMU under TCG) will continue to
work without such warnings. The "max" model in the current form
might be interesting for kvm-unit-tests (where we would e.g. now also
test "msa5-base").
The "max" model is neither static nor migration safe (like the "host"
model). It is independent of the machine but dependends on the accelerator.
It can be used to detect the maximum CPU model also under TCG from upper
layers without having to care about CPU model names for CPU model
expansion.
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180725091233.3300-1-david@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
[CH: minor wording changes] Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Michael Mueller [Wed, 25 Jul 2018 14:36:17 +0000 (16:36 +0200)]
s390x/cpumodel: enum type S390FeatGroup now gets generated
The enumeration type S390FeatGroup is now generated as well.
This shall simplify the definition of new feature groups
without the requirement to modify existing code.
Signed-off-by: Michael Mueller <mimu@linux.ibm.com>
Message-Id: <20180725143617.8731-1-mimu@linux.ibm.com> Acked-by: David Hildenbrand <david@redhat.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Peter Maydell [Mon, 20 Aug 2018 10:24:33 +0000 (11:24 +0100)]
hw/dma/pl080: Remove hw_error() if DMA is enabled
The PL08x model currently will unconditionally call hw_error()
if the DMA engine is enabled by the guest. This has been
present since the PL080 model was edded in 2006, and is
presumably either unintentional debug code left enabled,
or a guard against untested DMA engine code being used.
Remove the hw_error(), since we now have a guest which
will actually try to use the DMA engine (the self-test
binary for the AN505 MPS2 FPGA image).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Peter Maydell [Mon, 20 Aug 2018 10:24:33 +0000 (11:24 +0100)]
hw/dma/pl080: Correct bug in register address decode logic
A bug in the handling of the register address decode logic
for the PL08x meant that we were incorrectly treating
accesses to the DMA channel registers (DMACCxSrcAddr,
DMACCxDestaddr, DMACCxLLI, DMACCxControl, DMACCxConfiguration)
as bad offsets. Fix this long-standing bug.
Fixes: https://bugs.launchpad.net/qemu/+bug/1637974 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Peter Maydell [Mon, 20 Aug 2018 10:24:33 +0000 (11:24 +0100)]
hw/dma/pl080: Don't use CPU address space for DMA accesses
Currently our PL080/PL081 model uses a combination of the CPU's
address space (via cpu_physical_memory_{read,write}()) and the
system address space for performing DMA accesses.
For the PL081s in the MPS FPGA images, their DMA accesses
must go via Master Security Controllers. Switch the
PL080/PL081 model to take a MemoryRegion property which
defines its downstream for making DMA accesses.
Since the PL08x are only used in two board models, we
make provision of the 'downstream' link mandatory and convert
both users at once, rather than having it be optional with
a default to the system address space.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Peter Maydell [Mon, 20 Aug 2018 10:24:33 +0000 (11:24 +0100)]
hw/dma/pl080: Support all three interrupt lines
The PL080 and PL081 have three outgoing interrupt lines:
* DMACINTERR signals DMA errors
* DMACINTTC is the DMA count interrupt
* DMACINTR is a combined interrupt, the logical OR of the other two
We currently only implement DMACINTR, because that's all the
realview and versatile boards needed, but the instances of the
PL081 in the MPS2 firmware images use all three interrupt lines.
Implement the missing DMACINTERR and DMACINTTC.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Peter Maydell [Mon, 20 Aug 2018 10:24:33 +0000 (11:24 +0100)]
nvic: Expose NMI line
On real v7M hardware, the NMI line is an externally visible signal
that an SoC or board can toggle to assert an NMI. Expose it in
our QEMU NVIC and armv7m container objects so that a board model
can wire it up if it needs to.
In particular, the MPS2 watchdog is wired to NMI.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Peter Maydell [Mon, 20 Aug 2018 10:24:33 +0000 (11:24 +0100)]
hw/timer/m48t59: Move away from old_mmio accessors
Move the m48t59 device away from using old_mmio MemoryRegionOps
accessors.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-id: 20180802180602.22047-1-peter.maydell@linaro.org
Peter Maydell [Mon, 20 Aug 2018 10:24:32 +0000 (11:24 +0100)]
hw/misc: Remove mmio_interface device
The mmio_interface device was a purely internal artifact
of the implementation of the memory subsystem's request_ptr
APIs. Now that we have removed those APIs, we can remove
the mmio_interface device too.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-id: 20180817114619.22354-4-peter.maydell@linaro.org
Peter Maydell [Mon, 20 Aug 2018 10:24:32 +0000 (11:24 +0100)]
memory: Remove MMIO request_ptr APIs
Remove the obsolete MMIO request_ptr APIs; they have no
users now.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-id: 20180817114619.22354-3-peter.maydell@linaro.org
We now support direct execution from MMIO regions in the
core memory subsystem. This means that we don't need to
have device-specific support for it, and we can remove
the request_ptr handling from the Xilinx SPIPS device.
(It was broken anyway due to race conditions, and disabled
by default.)
This device is the only in-tree user of this API.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-id: 20180817114619.22354-2-peter.maydell@linaro.org
Andrew Jones [Mon, 20 Aug 2018 10:24:32 +0000 (11:24 +0100)]
hw/arm/virt: Add virt-3.1 machine type
Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 20 Aug 2018 10:24:32 +0000 (11:24 +0100)]
target/arm: Implement AArch32 ERET instruction
ARMv7VE introduced the ERET instruction, which is necessary to
return from an exception taken to Hyp mode. Implement this.
In A32 encoding it is a completely new encoding; in T32 it
is an adjustment of the behaviour of the existing
"SUBS PC, LR, #<imm8>" instruction.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180814124254.5229-10-peter.maydell@linaro.org
Peter Maydell [Mon, 20 Aug 2018 10:24:32 +0000 (11:24 +0100)]
target/arm: Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
The MSR (banked) and MRS (banked) instructions allow accesses to ELR_Hyp
from either Monitor or Hyp mode. Our translate time check
was overly strict and only permitted access from Monitor mode.
The runtime check we do in msr_mrs_banked_exc_checks() had the
correct code in it, but never got there because of the earlier
"currmode == tgtmode" check. Special case ELR_Hyp.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180814124254.5229-9-peter.maydell@linaro.org
Peter Maydell [Mon, 20 Aug 2018 10:24:32 +0000 (11:24 +0100)]
target/arm: Implement ESR_EL2/HSR for AArch32 and no-EL2
The AArch32 HSR is the equivalent of AArch64 ESR_EL2;
we can implement it by marking our existing ESR_EL2 regdef
as STATE_BOTH. It also needs to be "RES0 from EL3 if
EL2 not implemented", so add the missing stanza to
el3_no_el2_cp_reginfo.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180814124254.5229-8-peter.maydell@linaro.org
Peter Maydell [Mon, 20 Aug 2018 10:24:32 +0000 (11:24 +0100)]
target/arm: Implement AArch32 Hyp FARs
The AArch32 virtualization extensions support these fault address
registers:
* HDFAR: aliased with AArch64 FAR_EL2[31:0] and AArch32 DFAR(S)
* HIFAR: aliased with AArch64 FAR_EL2[63:32] and AArch32 IFAR(S)
Implement the accessors for these. This fixes in passing a bug
where we weren't implementing the "RES0 from EL3 if EL2 not
implemented" behaviour for AArch64 FAR_EL2.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180814124254.5229-7-peter.maydell@linaro.org
Peter Maydell [Mon, 20 Aug 2018 10:24:32 +0000 (11:24 +0100)]
target/arm: Implement AArch32 HVBAR
Implement the AArch32 HVBAR register; we can do this just by
making the existing VBAR_EL2 regdefs be STATE_BOTH.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180814124254.5229-5-peter.maydell@linaro.org
Peter Maydell [Mon, 20 Aug 2018 10:24:31 +0000 (11:24 +0100)]
target/arm: Add missing .cp = 15 to HMAIR1 and HAMAIR1 regdefs
ARMCPRegInfo structs will default to .cp = 15 if they
are ARM_CP_STATE_BOTH, but not if they are ARM_CP_STATE_AA32
(because a coprocessor number of 0 is valid for AArch32).
We forgot to explicitly set .cp = 15 for the HMAIR1 and
HAMAIR1 regdefs, which meant they would UNDEF when the guest
tried to access them under cp15.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180814124254.5229-3-peter.maydell@linaro.org
Peter Maydell [Mon, 20 Aug 2018 10:24:31 +0000 (11:24 +0100)]
target/arm: Correct typo in HAMAIR1 regdef name
We implement the HAMAIR1 register as RAZ/WI; we had a typo in the
regdef, though, and were incorrectly naming it HMAIR1 (which is
a different register which we also implement as RAZ/WI).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180814124254.5229-2-peter.maydell@linaro.org
Jia He [Mon, 20 Aug 2018 10:24:31 +0000 (11:24 +0100)]
hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset
In scripts/arch-run.bash of kvm-unit-tests, it will check the qemu
output log with:
if [ -z "$(echo "$errors" | grep -vi warning)" ]; then
Thus without the warning prefix, all of the test fail.
Since it is not unrecoverable error in kvm_arm_its_reset for
current implementation, downgrading the report from error to
warn makes sense.
Signed-off-by: Jia He <jia.he@hxt-semitech.com>
Message-id: 1531969910-32843-1-git-send-email-jia.he@hxt-semitech.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Mon, 20 Aug 2018 10:24:31 +0000 (11:24 +0100)]
docs/generic-loader: mention U-Boot and Intel HEX executable formats
The generic loader device supports the U-Boot and Intel HEX executable
formats in addition to the document raw and ELF formats. Reword the
documentation to include these formats and explain how various options
depend on the executable format.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20180816145554.9814-1-stefanha@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Roman Kapl [Mon, 20 Aug 2018 10:24:31 +0000 (11:24 +0100)]
target/arm: Fix crash on conditional instruction in an IT block
If an instruction is conditional (like CBZ) and it is executed
conditionally (using the ITx instruction), a jump to an undefined
label is generated, and QEMU crashes.
CBZ in IT block is an UNPREDICTABLE behavior, but we should not
crash. Honouring the condition code is allowed by the spec in this
case (constrained unpredictable, ARMv8, section K1.1.7), and matches
what we do for other "UNPREDICTABLE inside an IT block" instructions.
Fix the 'skip on condition' code to create a new label only if it
does not already exist. Previously multiple labels were created, but
only the last one of them was set.
Signed-off-by: Roman Kapl <rka@sysgo.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180816120533.6587-1-rka@sysgo.com
[PMM: fixed ^ 1 being applied to wrong argument, fixed typo] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 17 Aug 2018 16:14:04 +0000 (17:14 +0100)]
tests/boot-serial-test: Bump timeout to 6 minutes
On a SPARC host that I'm using as a build test machine, the
boot-serial-test for the SPARC guest machines takes about 65
seconds to execute. This means that it hits the current
60 second timer on these tests. Push the timeout up so
that it doesn't trigger spuriously on slow hosts like this one.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-id: 20180817161404.9420-1-peter.maydell@linaro.org
Peter Maydell [Mon, 20 Aug 2018 08:48:03 +0000 (09:48 +0100)]
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging
Machine queue, 2018-08-17
* Allow machine classes to specify if boot device suffixes should
be ignored by get_boot_devices_list()
* Tiny coding style fixup
# gpg: Signature made Fri 17 Aug 2018 19:29:22 BST
# gpg: using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/machine-next-pull-request:
fw_cfg: ignore suffixes in the bootdevice list dependent on machine class
sysbus: always allow explicit_ofw_unit_address() to override address generation
machine: Fix coding style at machine_run_board_init()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Laurent Vivier [Sat, 11 Aug 2018 08:23:28 +0000 (10:23 +0200)]
sh4: fix use_icount with linux-user
This fixes java in a linux-user chroot:
$ java --version
qemu-sh4: .../accel/tcg/cpu-exec.c:634: cpu_loop_exec_tb: Assertion `use_icount' failed.
qemu: uncaught target signal 6 (Aborted) - core dumped
Aborted (core dumped)
In gen_conditional_jump() in the GUSA_EXCLUSIVE part, we must reset
base.is_jmp to DISAS_NEXT after the gen_goto_tb() as it is done in
gen_delayed_conditional_jump() after the gen_jump().
Bug: https://bugs.launchpad.net/qemu/+bug/1768246 Fixes: 4834871bc95b67343248100e2a75ae0d287bc08b
("target/sh4: Convert to DisasJumpType") Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Message-Id: <20180811082328.11268-1-laurent@vivier.eu>
Yuval Shaia [Sun, 5 Aug 2018 15:35:17 +0000 (18:35 +0300)]
hw/rdma: Bugfix - Support non-aligned buffers
RDMA application can provide non-aligned buffers to be registered. In
such case the DMA address passed by driver is pointing to the beginning
of the physical address of the mapped page so we can't distinguish
between two addresses from the same page.
Fix it by keeping the offset of the virtual address in mr->virt.
Yuval Shaia [Sun, 5 Aug 2018 15:35:07 +0000 (18:35 +0300)]
hw/pvrdma: Bugfix - provide the correct attr_mask to query_qp
Calling rdma_rm_query_qp with attr_mask equals to -1 leads to error
where backend query_qp fails to retrieve the needed QP attributes.
Fix it by providing the attr_mask we got from driver.
Yuval Shaia [Sun, 5 Aug 2018 15:35:06 +0000 (18:35 +0300)]
hw/rdma: Make distinction between device init and start modes
There are certain operations that are well considered as part of device
configuration while others are needed only when "start" command is
triggered by the guest driver. An example of device initialization step
is msix_init and example of "device start" stage is the creation of a CQ
completion handler thread.
* remotes/awilliam/tags/vfio-update-20180817.0:
vfio/ccw/pci: Allow devices to opt-in for ballooning
vfio: Inhibit ballooning based on group attachment to a container
kvm: Use inhibit to prevent ballooning without synchronous mmu
balloon: Allow multiple inhibit users
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Williamson [Fri, 17 Aug 2018 15:27:16 +0000 (09:27 -0600)]
vfio/ccw/pci: Allow devices to opt-in for ballooning
If a vfio assigned device makes use of a physical IOMMU, then memory
ballooning is necessarily inhibited due to the page pinning, lack of
page level granularity at the IOMMU, and sufficient notifiers to both
remove the page on balloon inflation and add it back on deflation.
However, not all devices are backed by a physical IOMMU. In the case
of mediated devices, if a vendor driver is well synchronized with the
guest driver, such that only pages actively used by the guest driver
are pinned by the host mdev vendor driver, then there should be no
overlap between pages available for the balloon driver and pages
actively in use by the device. Under these conditions, ballooning
should be safe.
vfio-ccw devices are always mediated devices and always operate under
the constraints above. Therefore we can consider all vfio-ccw devices
as balloon compatible.
The situation is far from straightforward with vfio-pci. These
devices can be physical devices with physical IOMMU backing or
mediated devices where it is unknown whether a physical IOMMU is in
use or whether the vendor driver is well synchronized to the working
set of the guest driver. The safest approach is therefore to assume
all vfio-pci devices are incompatible with ballooning, but allow user
opt-in should they have further insight into mediated devices.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Alex Williamson [Fri, 17 Aug 2018 15:27:16 +0000 (09:27 -0600)]
vfio: Inhibit ballooning based on group attachment to a container
We use a VFIOContainer to associate an AddressSpace to one or more
VFIOGroups. The VFIOContainer represents the DMA context for that
AdressSpace for those VFIOGroups and is synchronized to changes in
that AddressSpace via a MemoryListener. For IOMMU backed devices,
maintaining the DMA context for a VFIOGroup generally involves
pinning a host virtual address in order to create a stable host
physical address and then mapping a translation from the associated
guest physical address to that host physical address into the IOMMU.
While the above maintains the VFIOContainer synchronized to the QEMU
memory API of the VM, memory ballooning occurs outside of that API.
Inflating the memory balloon (ie. cooperatively capturing pages from
the guest for use by the host) simply uses MADV_DONTNEED to "zap"
pages from QEMU's host virtual address space. The page pinning and
IOMMU mapping above remains in place, negating the host's ability to
reuse the page, but the host virtual to host physical mapping of the
page is invalidated outside of QEMU's memory API.
When the balloon is later deflated, attempting to cooperatively
return pages to the guest, the page is simply freed by the guest
balloon driver, allowing it to be used in the guest and incurring a
page fault when that occurs. The page fault maps a new host physical
page backing the existing host virtual address, meanwhile the
VFIOContainer still maintains the translation to the original host
physical address. At this point the guest vCPU and any assigned
devices will map different host physical addresses to the same guest
physical address. Badness.
The IOMMU typically does not have page level granularity with which
it can track this mapping without also incurring inefficiencies in
using page size mappings throughout. MMU notifiers in the host
kernel also provide indicators for invalidating the mapping on
balloon inflation, not for updating the mapping when the balloon is
deflated. For these reasons we assume a default behavior that the
mapping of each VFIOGroup into the VFIOContainer is incompatible
with memory ballooning and increment the balloon inhibitor to match
the attached VFIOGroups.
Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Alex Williamson [Fri, 17 Aug 2018 15:27:15 +0000 (09:27 -0600)]
kvm: Use inhibit to prevent ballooning without synchronous mmu
Remove KVM specific tests in balloon_page(), instead marking
ballooning as inhibited without KVM_CAP_SYNC_MMU support.
Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Alex Williamson [Fri, 17 Aug 2018 15:27:15 +0000 (09:27 -0600)]
balloon: Allow multiple inhibit users
A simple true/false internal state does not allow multiple users. Fix
this within the existing interface by converting to a counter, so long
as the counter is elevated, ballooning is inhibited.
Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Laurent Vivier [Tue, 14 Aug 2018 17:12:17 +0000 (19:12 +0200)]
linux-user: fix 32bit g2h()/h2g()
sparc32plus has 64bit long type but only 32bit virtual address space.
For instance, "apt-get upgrade" failed because of a mmap()/msync()
sequence.
mmap() returned 0xff252000 but msync() used g2h(0xffffffffff252000)
to find the host address. The "(target_ulong)" in g2h() doesn't fix the
address because it is 64bit long.
This patch introduces an "abi_ptr" that is set to uint32_t
if the virtual address space is addressed using 32bit in the linux-user
case. It stays set to target_ulong with softmmu case.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20180814171217.14680-1-laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
[lv: added "%" in TARGET_ABI_FMT_ptr "%"PRIx64]
Peter Maydell [Fri, 17 Aug 2018 08:46:00 +0000 (09:46 +0100)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging
x86 queue, 2018-08-16
Bug fix:
* Some guests may crash when using "-cpu host" due to TOPOEXT,
disable it by default
Features:
* PV_SEND_IPI feature bit
* Icelake-{Server,Client} CPU models
* New CPUID feature bits: PV_SEND_IPI, WBNOINVD, PCONFIG, ARCH_CAPABILITIES
Documentation:
* docs/qemu-cpu-models.texi
# gpg: Signature made Fri 17 Aug 2018 02:33:09 BST
# gpg: using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-next-pull-request:
i386: Disable TOPOEXT by default on "-cpu host"
target-i386: adds PV_SEND_IPI CPUID feature bit
i386: Add new CPU model Icelake-{Server,Client}
i386: Add CPUID bit for WBNOINVD
i386: Add CPUID bit for PCONFIG
i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR
i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES
docs: add guidance on configuring CPU models for x86
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Mark Cave-Ayland [Fri, 10 Aug 2018 12:40:27 +0000 (13:40 +0100)]
fw_cfg: ignore suffixes in the bootdevice list dependent on machine class
For the older machines (such as Mac and SPARC) the DT nodes representing
bootdevices for disk nodes are irregular for mainly historical reasons.
Since the majority of bootdevice nodes for these machines either do not have a
separate disk node or require different (custom) names then it is much easier
for processing to just disable all suffixes for a particular machine.
Introduce a new ignore_boot_device_suffixes MachineClass property to control
bootdevice suffix generation, defaulting to false in order to preserve
compatibility.
sysbus: always allow explicit_ofw_unit_address() to override address generation
Some SysBusDevices either use sysbus_init_mmio() without
sysbus_mmio_map() or the first MMIO memory region doesn't represent the
bus address, causing a firmware device path with an invalid address to
be generated.
SysBusDeviceClass does provide a virtual explicit_ofw_unit_address()
method that can be used to override this process, but it was originally intended
only as as a fallback option meaning that any existing MMIO memory regions still
take priority whilst determining the firmware device address.
There is currently only one user of explicit_ofw_unit_address() and that
is the PCI expander bridge (PXB) device which has no MMIO/PIO resources
defined. This enables us to allow explicit_ofw_unit_address() to take
priority without affecting backwards compatibility, allowing the address
to be customised as required.
projects / mirror_qemu.git / log