When a page with all identical bytes is transferred, it is counted
as a full page (TARGET_PAGE_SIZE) although only one byte is actually
sent. Fix this by changing ram_save_block() to return the number of
bytes sent instead of a boolean value. This makes bandwidth
estimation, and consequently downtime estimation, more precise.
Signed-off-by: NPierre Riteau <Pierre.Riteau@irisa.fr>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Fix for too small allocation to ports_map
Signed-off-by: NAlon Levy <alevy@redhat.com>
Signed-off-by: NAmit Shah <amit.shah@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Create a kvm32 CPU model that describes a least common denominator
for KVM capable guest CPUs. Useful for migration purposes.
Signed-off-by: NAndre Przywara <andre.przywara@amd.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Add palette tight encoding. Palette encoding will try to count the number
of colors for a given rectangle, and if this number is low enough
(< 256) it will send the palette + the rectangle with indexed colors.
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Fill encoding detects rectangles using only one color and send only
one pixel value.
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Add support for tight encoding [1]. This patch only add support
for "basic" tight compression without any filter.

[1] http://tigervnc.org/cgi-bin/rfbproto#tight-encoding.
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Some encodings like tight supports tiling (spliting in
multiple sub-rectangles). So we needed a way to tell
vnc_update_client() how much rectangles are in the buffer.

zlib, raw and hextile always send a full rectangle.
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Makes sure we free all ressources used in zlib encoding (zlib stream
and buffer).
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Add a buffer_free() helper to free vnc buffers and
remove some duplicated code in vnc_disconnect_finish().
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

On init, values are already NULL, but we shouldn't try
to reset them each time a client send a set encoding
command because this break everything. For example,
libvncclient re-send a set encoding command if the
framebuffer is resized.

This fix framebuffer resizing for zlib encoding.
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Adjust zlib compression level if needed by calling deflateParams.
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

According to http://tigervnc.org/cgi-bin/rfbproto#zlib-encoding
zlib encoding only uses a single stream. Current implementation defines
4 streams but only uses the first one. Remove them and only use a single
stream.
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

send_framebuffer_update() was calling hextile instead of zlib
since commit 70a4568f.
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Add a small comment to explain why we need to start from
the end of the array to set the right prefered encoding.
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This patch was wrong, because the loop was already reversed,
so the first encoding was correctly set at the end of the loopp.

This reverts commit 14eb8b68.
Signed-off-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Add a DPRINTF macro, use it also to see irq deliveries.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Commit 213acd2e introduced leul_to_cpu with a special code path for big endian
hosts. Unfortunately that code used preprocessor magic that didn't work.

This patch replaces the explicit ##s by glue() which is proven to work reliably,
enabling me to compile qemu on ppc again.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Booting an arm kernel has been broken a while when booting from non zero start
address. This is due to the order of events: board init loads the kernel and
sets register 15 to the start address and then qemu_system_reset reset the cpu
making register 15 zero again.

This patch fixes the usage of the register 15 start address trick in
combination with arm_load_kernel.
Signed-off-by: NLars Munch <lars@segv.dk>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

This line was a bit clear.
The next lines set or reset this bit (LE) depending of another bit (ILE).
So the first line is useless.
Signed-off-by: NThomas Monjalon <thomas@monjalon.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Since commit 2ada0ed7, "Return From Interrupt" is broken for PPC processors
because some interrupt specifics bits of SRR1 are copied to MSR.

SRR1 is a save of MSR during interrupt.
During RFI, MSR must be restored from SRR1.
But some bits of SRR1 are interrupt-specific and are not used for MSR saving.

This is the specification (ISA 2.06) at chapter 6.4.3 (Interrupt Processing):
"2. Bits 33:36 and 42:47 of SRR1 or HSRR1 are loaded with information specific
    to the interrupt type.
 3. Bits 0:32, 37:41, and 48:63 of SRR1 or HSRR1 are loaded with a copy of the
    corresponding bits of the MSR."

Below is a representation of MSR bits which are not saved:
0:15 16:31 32  33:36    37:41      42:47     48:63
——— | ——— | — X X X X — — — — — X X X X X X | ————
0000 0000 |    7   |   8   |   3   |   F    | 0000

History:
In the initial Qemu implementation (e1833e1f), the mask 0x783F0000 was used for
saving MSR in SRR1. But all the bits 32:47 were cleared during RFI restoring.
This was wrong. The commit 2ada0ed7 explains that this breaks Altivec.
Indeed, bit 38 (for Altivec support) must be saved and restored.
The change of 2ada0ed7 was to restore all the bits of SRR1 to MSR.
But it's also wrong.

Explanation:
As an example, let's see what's happening after a TLB miss.
According to the e300 manual (E300CORERM table 5-6), the TLB miss interrupts
set the bits 44-47 for KEY, I/D, WAY and S/L. These bits are specifics to the
interrupt and must not be copied into MSR at the end of the interrupt.
With the current implementation, a TLB miss overwrite bits POW, TGPR and ILE.

Fix:
It shouldn't be needed to filter-out bits on MSR saving when interrupt occurs.
Specific bits overwrite MSR ones in SRR1.
But at the end of interrupt (RFI), specifics bits must be cleared before
restoring MSR from SRR1. The mask 0x783F0000 apply here.

Discussion:
The bits of the mask 0x783F0000 are cleared after an interrupt.
I cannot find a specification which talks about this
but I assume it is the truth since Linux can run this way.
Maybe it's not perfect but it's better (works for e300).
Signed-off-by: NThomas Monjalon <thomas@monjalon.net>
Acked-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Add a separate flag for debugging coalesced interrupts.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

SuperSPARC MMU Breakpoint Action register is used by OBP at boot

The patch allows booting Solaris and some other OS with
SPARCStation-20 OBP.
Signed-off-by: NArtyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add a DPRINTF macro and use it for ISA and PIC interrupts.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add a DPRINTF macro. Use TARGET_FMT_plx for printing target_phys_addr_t
items. Add a separate flag for debugging coalescing interrupts.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add a DPRINTF macro.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Accesses with _nucleus prefix are not available when building user
emulators:
  CC    sparc64-linux-user/op_helper.o
cc1: warnings being treated as errors
/src/qemu/target-sparc/op_helper.c: In function 'helper_ldda_asi':
/src/qemu/target-sparc/op_helper.c:3063: error: implicit declaration of function 'ldq_nucleus'

Avoid making such accesses. Fixes breakage by 54a3c0f0.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

On the real hardware (SS-5, LX) the MMU is not padded, but aliased.
Software shouldn't use aliased addresses, neither should it crash
when it uses (on the real hardware it wouldn't). Using empty_slot
instead of aliasing can help with debugging such accesses.
Signed-off-by: NArtyom Tarasenko <atar4qemu@googlemail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

- change 128-bit atomic loads to reference nucleus context
v0->v1: dropped disassembler change
Signed-off-by: NIgor V. Kovalenko <igor.v.kovalenko@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Allow pre-allocation of the guest virtual address space in usermode emulation.
Signed-off-by: NPaul Brook <paul@codesourcery.com>

Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Since we're no longer setting PAGE_RESERVED, there's no need to
implement qemu_malloc via mmap.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Avoids the memset if the allocator has gotten new zeroed
storage from the operating system.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Signed-off-by: NRiccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Use TARGET_FMT_plx as format placeholder for target_phys_addr_t
Signed-off-by: NRiccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Fix launchpad #563883
Signed-off-by: NRiccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Reset is now triggered after init, no need for explicit calls anymore.
Signed-off-by: NJan Kiszka <jan.kiszka@web.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

The "info blockstats" documentation was copy-pasted as "info block"
instead of "info blockstats".  The documentation for "commands", "jit",
"numa", "qdm", and "roms" is missing.  This patch resolves these issues
in qemu-monitor.hx.
Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

The ram_size parameter can be larger than an int, so it may be truncated.

Fix by using the correct type.
Signed-off-by: NAvi Kivity <avi@redhat.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

This prevent coprocessor IO structure from being reset on cpu reset. This was
a problem for PXA which uses coprocessor 6 and 14.
Signed-off-by: NLars Munch <lars@segv.dk>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>