The load/store slow path has been broken in e141ab52d:
- We need to move 4 registers for store functions and 3 registers for
load functions and not the reverse.
- According to the s390x calling convention the arguments of a function
should be zero extended. This means that the register shift should be
done with TCG_TYPE_I64 to ensure the higher word is correctly zero
extended when needed.
I am aware that CONFIG_TCG_PASS_AREG0 is being removed and thus that
this patch can be improved, but doing so means it can also be applied to
the 1.1 and 1.2 stable branches.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
fcmp{s,d,q} instructions are supposed to ignore quiet NaN (contrary to
the fcmpe{s,d,q} instructions), but the current code is wrongly setting
the NV exception in that case. Moreover the current code is duplicated:
first the arguments are checked for NaN to generate an exception, and
later in case the comparison is unordered (which can only happens if one
of the argument is a NaN), the same check is done to generate an
exception.
Fix that by calling clear_float_exceptions() followed by
check_ieee_exceptions() as for the other floating point instructions.
Use the _compare_quiet functions for fcmp{s,d,q} and the _compare ones
for fcmpe{s,d,q}. Simplify the flag setting by not clearing a flag that
is set the line just below.
This fix allows the math glibc testsuite to pass.
Cc: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Max Filippov [Thu, 6 Sep 2012 00:36:46 +0000 (04:36 +0400)]
target-xtensa: fix missing errno codes for mingw32
Put the following errno value mappings under #ifdef:
xtensa-semi.c: In function 'errno_h2g':
xtensa-semi.c:113: error: 'ENOTBLK' undeclared (first use in this function)
xtensa-semi.c:113: error: (Each undeclared identifier is reported only once
xtensa-semi.c:113: error: for each function it appears in.)
xtensa-semi.c:113: error: array index in initializer not of integer type
xtensa-semi.c:113: error: (near initialization for 'guest_errno')
xtensa-semi.c:124: error: 'ETXTBSY' undeclared (first use in this function)
xtensa-semi.c:124: error: array index in initializer not of integer type
xtensa-semi.c:124: error: (near initialization for 'guest_errno')
xtensa-semi.c:134: error: 'ELOOP' undeclared (first use in this function)
xtensa-semi.c:134: error: array index in initializer not of integer type
xtensa-semi.c:134: error: (near initialization for 'guest_errno')
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This change updates the CPU reset sequence to use a common piece of code
that figures out CPU state flags, fixing the problem with MIPS_HFLAG_COP1X
not being set where applicable that causes floating-point MADD family
instructions (and other instructions from the MIPS IV FP subset) to trap.
As compute_hflags is now shared between op_helper.c and translate.c, the
function is now moved to a common header. There are no changes to this
function.
The problem was seen with the 24Kf MIPS32r2 processor in user emulation.
The new approach prevents system and user emulation from diverging -- all
the hflags state is initialized in one place now.
Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Stefan Weil [Sat, 1 Sep 2012 07:30:39 +0000 (09:30 +0200)]
qapi: Fix potential NULL pointer segfault
Report from smatch:
qapi-visit.c:1640 visit_type_BlockdevAction(8) error:
we previously assumed 'obj' could be null (see line 1639)
qapi-visit.c:2432 visit_type_NetClientOptions(8) error:
we previously assumed 'obj' could be null (see line 2431)
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Amos Kong [Fri, 31 Aug 2012 02:56:26 +0000 (10:56 +0800)]
qapi: convert sendkey
Convert 'sendkey' to use QAPI.
QAPI passes key's index of mapping table to qmp_send_key(),
not keycode. So we use help functions to convert key/code to
index of key_defs, and 'index' will be converted to 'keycode'
inside qmp_send_key().
For qmp, QAPI would check invalid key and raise error.
For hmp, invalid key is checked in hmp_send_key().
'send-key' of QMP doesn't support key in hexadecimal format.
Signed-off-by: Amos Kong <akong@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Amos Kong [Fri, 31 Aug 2012 02:56:25 +0000 (10:56 +0800)]
monitor: move key_defs[] table and introduce two help functions
This patch added two help functions to convert key/code to index of
mapping table, those functions will return Q_KEY_CODE_MAX if the
code/key is invalid.
Patch also moved key_defs[] to input.c, and removed useless KeyDef struct.
Key's index in QKeyCode enmu is same as keycode's index in new key_defs[].
Monitor functions were changed to access key_defs[] directly.
key_defs[] is used in do_send_key(), so export key_defs[]. It will be
changed to static in next patch.
Signed-off-by: Amos Kong <akong@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Amos Kong [Fri, 31 Aug 2012 02:56:24 +0000 (10:56 +0800)]
qapi: add the QKeyCode enum
key_defs[] in monitor.c is a mapping table of keys and keycodes,
this patch added a QKeyCode enum. Key's index in the enmu is same
as keycode's index in key_defs[].
Signed-off-by: Amos Kong <akong@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Amos Kong [Fri, 31 Aug 2012 02:56:21 +0000 (10:56 +0800)]
monitor: rename keyname '<' to 'less'
There are many maps of keycode 0x56 in pc-bios/keymaps/*
pc-bios/keymaps/common:less 0x56
pc-bios/keymaps/common:greater 0x56 shift
pc-bios/keymaps/common:bar 0x56 altgr
pc-bios/keymaps/common:brokenbar 0x56 shift altgr
This patch just renamed '<' to 'less', QAPI might add new
variable by adding a prefix to keyname, '$PREFIX_<' is not
available, '$PREFIX_less' is ok.
For compatibility, convert user inputted '<' to 'less'.
Signed-off-by: Amos Kong <akong@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The -net none is important otherwise it seems some events are generated
causing the things to work. When it doesn't work, the guest hangs when
measuring the CPU frequency, after the following line:
[ 0.000000] NR_IRQS:256
Pressing a key on the serial port unblocks it, hinting that the problem
is due to the recent elimination of the 1 second timeout in the main
loop.
The problem is that because init_timer_alarm sets the timer's pending
flag to true, the alarm timer is never armed until after the first time
through the main loop. Thus the bug started when QEMU started testing
the pending flag in qemu_mod_timer (commit 1828be3, more alarm timer
cleanup, 2010-03-10).
But actually, it isn't true at all that a timer is pending when the
alarm timer is created, and the real bug has been latent forever: the
fix is to remove the bogus setting of pending flag.
Reported-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> Tested-by: Aurelien Jarno <aurelien@aurel32.net> Tested-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Anthony Liguori [Fri, 31 Aug 2012 15:04:54 +0000 (10:04 -0500)]
Merge remote-tracking branch 'kraxel/usb.61' into staging
* kraxel/usb.61:
uas: move transfer kickoff
ehci: Fix interrupt endpoints no longer working
ehci: handle TD deactivation of inflight packets
ehci: add ehci_cancel_queue()
ehci: simplify ehci_state_executing
ehci: Remove unnecessary ehci_flush_qh call
ehci: Schedule async-bh when IAAD bit gets set
ehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream active
usb: unique packet ids
usb: Halt ep queue en cancel pending packets on a packet error
fix info qtree indention
Anthony Liguori [Fri, 31 Aug 2012 15:04:18 +0000 (10:04 -0500)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony:
qemu-iotests: add backing file smaller than image test case
stream: complete early if end of backing file is reached
qed: refuse unaligned zero writes with a backing file
Gerd Hoffmann [Fri, 31 Aug 2012 12:34:19 +0000 (14:34 +0200)]
uas: move transfer kickoff
Kick next scsi transfer from request release callback instead of command
completion callback, otherwise we might get stuck in case scsi_req_unref()
doesn't release the request instantly due to someone else holding a
reference too.
Hans de Goede [Fri, 17 Aug 2012 09:39:17 +0000 (11:39 +0200)]
ehci: simplify ehci_state_executing
ehci_state_executing does not need to check for p->usb_status == USB_RET_ASYNC
or USB_RET_PROCERR, since ehci_execute_complete already does a similar check
and will trigger an assert if either value is encountered.
USB_RET_ASYNC should never be the packet status when execute_complete runs
for obvious reasons, and USB_RET_PROCERR is only used by ehci_state_execute /
ehci_execute not by ehci_state_executing / ehci_execute_complete.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Thu, 30 Aug 2012 07:55:19 +0000 (09:55 +0200)]
ehci: Schedule async-bh when IAAD bit gets set
After the "ehci: Print a warning when a queue unexpectedly contains packets
on cancel" commit. Under certain reproducable conditions I was getting the
following message: "EHCI: Warning queue not empty on queue reset".
After aprox. 8 hours of debugging I've finally found the cause. The Linux EHCI
driver has an IAAD watchdog, to work around certain EHCI hardware sometimes
not acknowledging the doorbell at all. This watchdog has a timeout of 10 ms,
which is less then the time between 2 runs through the async schedule when
async_stepdown is at its highest value.
Thus the watchdog can trigger, after which Linux clears the IAAD bit and
re-uses the QH. IOW we were not properly detecting the unlink of the qh, due
to us missing (ignoring for more then 10 ms) the IAAD command, which triggered
the warning.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Gerd Hoffmann [Thu, 23 Aug 2012 11:30:13 +0000 (13:30 +0200)]
usb: unique packet ids
This patch adds IDs to usb packets. Those IDs are (a) supposed to be
unique for the lifecycle of a packet (from packet setup until the packet
is either completed or canceled) and (b) stable across migration.
uhci, ohci, ehci and xhci use the guest physical address of the transfer
descriptor for this.
musb needs a different approach because there is no transfer descriptor.
But musb also doesn't support pipelining, so we have never more than one
packet per endpoint in flight. So we go create an ID based on endpoint
and device address.
Hans de Goede [Fri, 17 Aug 2012 13:24:49 +0000 (15:24 +0200)]
usb: Halt ep queue en cancel pending packets on a packet error
For controllers which queue up more then 1 packet at a time, we must halt the
ep queue, and inside the controller code cancel all pending packets on an
error.
There are multiple reasons for this:
1) Guests expect the controllers to halt ep queues on error, so that they
get the opportunity to cancel transfers which the scheduled after the failing
one, before processing continues
2) Not cancelling queued up packets after a failed transfer also messes up
the controller state machine, in the case of EHCI causing the following
assert to trigger: "assert(p->qtdaddr == q->qtdaddr)" at hcd-ehci.c:2075
3) For bulk endpoints with pipelining enabled (redirection to a real USB
device), we must cancel all the transfers after this a failed one so that:
a) If they've completed already, they are not processed further causing more
stalls to be reported, originating from the same failed transfer
b) If still in flight, they are cancelled before the guest does
a clear stall, otherwise the guest and device can loose sync!
Note this patch only touches the ehci and uhci controller changes, since AFAIK
no other controllers actually queue up multiple transfer. If I'm wrong on this
other controllers need to be updated too!
Also note that this patch was heavily tested with the ehci code, where I had
a reproducer for a device causing a transfer to fail. The uhci code is not
tested with actually failing transfers and could do with a thorough review!
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The facility to use/unuse vectors dynamically is helpful
for virtio but little else: everyone just seems to use
vectors in their init function.
Avoid clearing msix vector use info on reset and load.
For virtio, clear it explicitly.
This should fix regressions reported with ivshmem - though
I didn't test this, I verified that virtio keeps
working like it did.
Tested-by: Cam Macdonell <cam@cs.ualberta.ca> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Support get/set of new PV EOI MSR, for migration.
Add an optional section for MSR value - send it
out in case MSR was changed from the default value (0).
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Wed, 29 Aug 2012 14:32:41 +0000 (09:32 -0500)]
target-i386: disable pv eoi to fix migration across QEMU versions
We have a problem with how we handle migration with KVM paravirt features.
We unconditionally enable paravirt features regardless of whether we know how
to migrate them.
We also don't tie paravirt features to specific machine types so an old QEMU on
a new kernel would expose features that never existed.
The 1.2 cycle is over and as things stand, migration is broken. Michael has
another series that adds support for migrating PV EOI and attempts to make it
work correctly for different machine types.
After speaking with Michael on IRC, we agreed to take this patch plus 1 & 4
from his series. This makes sure QEMU can migrate PV EOI if it's enabled, but
does not enable it by default.
This also means that we won't unconditionally enable new features for guests
future proofing us from this happening again in the future.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Cam Macdonell [Mon, 27 Aug 2012 18:12:19 +0000 (12:12 -0600)]
ivshmem: remove redundant ioeventfd configuration
setup_ioeventfds() is unnecessary and actually causes a segfault when used
ioeventfd=on is used on the command-line. Since ioeventfds are handled within
the memory API, it can be removed.
Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Wed, 29 Aug 2012 07:52:37 +0000 (08:52 +0100)]
hw/arm_gic.c: Define .class_size in arm_gic_info TypeInfo
Add the missing .class_size definition to the arm_gic_info TypeInfo.
This fixes the memory corruption and possible segfault that otherwise
results when the class struct is allocated at too small a size and
the class init function writes off the end of it.
Reported-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Hajnoczi [Tue, 28 Aug 2012 14:26:49 +0000 (15:26 +0100)]
qemu-iotests: add backing file smaller than image test case
This new test case checks that streaming completes successfully when the
backing file is smaller than the image file.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 28 Aug 2012 14:26:48 +0000 (15:26 +0100)]
stream: complete early if end of backing file is reached
It is possible to create an image that is larger than its backing file.
Reading beyond the end of the backing file produces zeroes if no writes
have been made to those sectors in the image file.
This patch finishes streaming early when the end of the backing file is
reached. Without this patch the block job hangs and continually tries
to stream the first sectors beyond the end of the backing file.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 28 Aug 2012 13:04:27 +0000 (14:04 +0100)]
qed: refuse unaligned zero writes with a backing file
Zero writes have cluster granularity in QED. Therefore they can only be
used to zero entire clusters.
If the zero write request leaves sectors untouched, zeroing the entire
cluster would obscure the backing file. Instead return -ENOTSUP, which
is handled by block.c:bdrv_co_do_write_zeroes() and falls back to a
regular write.
The qemu-iotests 034 test cases covers this scenario.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Anthony Liguori [Wed, 29 Aug 2012 13:23:18 +0000 (08:23 -0500)]
Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
iscsi: Set number of blocks to 0 for blank CDROM devices
scsi: more fixes to properties for passthrough devices
esp: support 24-bit DMA
megasas: Add 'hba_serial' property
Anthony Liguori [Wed, 29 Aug 2012 13:22:02 +0000 (08:22 -0500)]
Merge remote-tracking branch 'riku/linux-user-for-upstream' into staging
* riku/linux-user-for-upstream:
linux-user: Clarify "Unable to reserve guest address space" error
linux-user: fix emulation of getdents
linux-user: arg_table need not have global scope
Aurelien Jarno [Mon, 27 Aug 2012 20:13:27 +0000 (22:13 +0200)]
tcg/mips: fix broken CONFIG_TCG_PASS_AREG0 code
The CONFIG_TCG_PASS_AREG0 code for calling ld/st helpers was
broken in that it did not respect the ABI requirement that 64
bit values were passed in even-odd register pairs. The simplest
way to fix this is to implement some new utility functions
for marshalling function arguments into the correct registers
and stack, so that the code which sets up the address and
data arguments does not need to care whether there has been
a preceding env argument.
Based on commit 9716ef3b for ARM by Peter Maydell.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Aurelien Jarno [Tue, 28 Aug 2012 12:47:51 +0000 (14:47 +0200)]
Update OpenBIOS PPC image
Update OpenBIOS PPC image to SVN r1063 to fix issues introduced by
commit 9e56edcf. The code change in this revision only affects PPC,
so OpenBIOS SPARC images are not updated.
Aurelien Jarno [Sun, 26 Aug 2012 14:12:03 +0000 (16:12 +0200)]
target-ppc: fix altivec instructions
Altivec instructions are not working anymore in PowerPC emulation,
following commit d15f74fb, which inverted two registers in the call
to helper. Fix that.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Andreas Färber <afaerber@suse.de> Acked-by: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
munkyu.im [Tue, 28 Aug 2012 07:42:06 +0000 (16:42 +0900)]
audio/winwave: previous audio buffer should be flushed
Winwave audio backend has problem with pausing and restart audio out.
Unlike other backends, Winwave pausing API does not flush audio buffer.
As a result, the previous audio data are played in front of
user expected sound when user restart audio.
So changes it to waveOutReset()
Signed-off-by: Munkyu Im <munkyu.im@samsung.com> Signed-off-by: malc <av1474@comtv.ru>
Ronnie Sahlberg [Fri, 17 Aug 2012 02:36:20 +0000 (12:36 +1000)]
iscsi: Set number of blocks to 0 for blank CDROM devices
The number of blocks of the device is used to compute the device size
in bdrv_getlength()/iscsi_getlength().
For MMC devices, the ReturnedLogicalBlockAddress in the READCAPACITY10
has a special meaning when it is 0.
In this case it does not mean that LBA 0 is the last accessible LBA,
and thus the device has 1 readable block, but instead it means that the
disc is blank and there are no readable blocks.
This change ensures that when the iSCSI LUN is loaded with a blank
DVD-R disk or similar that bdrv_getlength() will return the correct
size of the device as 0 bytes.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Paolo Bonzini [Tue, 28 Aug 2012 10:46:18 +0000 (12:46 +0200)]
scsi: more fixes to properties for passthrough devices
Commit 0384783 (scsi-block: remove properties that are not relevant for
passthrough, 2012-07-09) removed one property that should have been
left there, "bootindex".
It also did not touch scsi-generic, while it should have.
Fix both problems.
Reported-by: Alexandre DERUMIER <aderumier@odiso.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Hannes Reinecke [Fri, 24 Aug 2012 10:36:41 +0000 (12:36 +0200)]
megasas: Add 'hba_serial' property
Add a 'hba_serial' property to the megasas driver. Originally
it would be using a pointer value which would break migration.
Reported-by: Stefan Weil <sw@weilnetz.de> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eric Johnson [Sun, 18 Sep 2011 00:28:16 +0000 (17:28 -0700)]
target-mips: allow microMIPS SWP and SDP to have RD equal to BASE
The microMIPS SWP and SDP instructions do not modify GPRs. So their
behavior is well defined when RD equals BASE. The MIPS Architecture
Verification Programs (AVPs) check that they work as expected. This
is required for AVPs to pass.
Signed-off-by: Eric Johnson <ericj@mips.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Eric Johnson [Sun, 18 Sep 2011 00:05:32 +0000 (17:05 -0700)]
target-mips: add privilege level check to several Cop0 instructions
The MIPS Architecture Verification Programs (AVPs) check privileged
instructions for the required privilege level. These changes are needed
to pass the AVP suite.
Signed-off-by: Eric Johnson <ericj@mips.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
projects / mirror_qemu.git / log