A transition from CPUFooState to FooCPU can be considered safe,
just like FooCPU::env access in the opposite direction.
The only benefit of the FOO_CPU() casts would be protection against
bogus CPUFooState pointers, but then surrounding code would likely
break, too.

This should slightly improve interrupt etc. performance when going from
CPUFooState to FooCPU.
For any additional CPU() casts see 3556c233
(qom: allow turning cast debugging off).
Reported-by: NAnthony Liguori <aliguori@us.ibm.com>
Acked-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

The functions cpu_clone_regs() and cpu_set_tls() are not purely CPU
related -- they are specific to the TLS ABI for a a particular OS.
Move them into the linux-user/ tree where they belong.

target-lm32 had entirely unused implementations, since it has no
linux-user target; just drop them.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Acked-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

This reverts commit c52a6b67, which
replaced cpu_index() with cpu_index field, leading to deviation from
thread ID for NTPL and off-by-one otherwise.
Reported-by: NMax Filippov <jcmvbkbc@gmail.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Commit 478032a9 (target-openrisc:
Rename CPU subtypes) suffixed CPU sub-types with "-or32-cpu" but forgot
to update openrisc_cpu_class_by_name(), so that it was still looking for
the types without suffix.

Make target-openrisc running OK by adding the suffix to the model name.

This means it is no longer possible to use -cpu or1200-or32-cpu or
-cpu any-or32-cpu though.

Cc: qemu-stable@nongnu.org
Signed-off-by: NDongxue Zhang <elta.era@gmail.com>
Tested-by: NJia Liu <proljc@gmail.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

pci,misc enhancements

This includes some pci enhancements:

Better support for systems with multiple PCI root buses
FW cfg interface for more robust pci programming in BIOS
Minor fixes/cleanups for fw cfg and cross-version migration -
    because of dependencies with other patches
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Sun 07 Jul 2013 03:11:18 PM CDT using RSA key ID D28D5469
# gpg: Can't check signature: public key not found

# By David Gibson (10) and others
# Via Michael S. Tsirkin
* mst/tags/for_anthony:
  pci: Fold host_buses list into PCIHostState functionality
  pci: Remove domain from PCIHostBus
  pci: Simpler implementation of primary PCI bus
  pci: Add root bus parameter to pci_nic_init()
  pci: Add root bus argument to pci_get_bus_devfn()
  pci: Replace pci_find_domain() with more general pci_root_bus_path()
  pci: Use helper to find device's root bus in pci_find_domain()
  pci: Abolish pci_find_root_bus()
  pci: Move pci_read_devaddr to pci-hotplug-old.c
  pci: Cleanup configuration for pci-hotplug.c
  pvpanic: fix fwcfg for big endian hosts
  pvpanic: initialization cleanup
  MAINTAINERS: s/Marcelo/Paolo/
  e1000: cleanup process_tx_desc
  pc_piix: cleanup init compat handling
  pc: pass PCI hole ranges to Guests
  pci: store PCI hole ranges in guestinfo structure
  range: add Range structure

Message-id: 1373228271-31223-1-git-send-email-mst@redhat.com
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The host_buses list is an odd structure - a list of pointers to PCI root
buses existing in parallel to the normal qdev tree structure.  This patch
removes it, instead putting the link pointers into the PCIHostState
structure, which have a 1:1 relationship to PCIHostBus structures anyway.
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

There are now no users of the domain field of PCIHostBus, so remove it
from the structure, and as a parameter from the pci_host_bus_register()
function which sets it.
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Currently pci_find_primary_bus() searches the list of root buses for one
with domain 0.  But since host buses are always registered with domain 0,
this just amounts to finding the only PCI host bus.  The only remaining
users of pci_find_primary_bus() are in pci-hotplug-old.c, which implements
the old style pci_add/pci_del commands.

Therefore, this patch redefines pci_find_primary_bus() to find the only
PCI root bus, returning an error if there are multiple roots.  The callers
in pci-hotplug-old.c are updated correspondingly, to produce sensible
error messages.
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

At present, pci_nic_init() and pci_nic_init_nofail() assume that they will
only create a NIC under the primary PCI root.  As we add support for
multiple PCI roots, that may no longer be the case.  This patch adds a root
bus parameter to pci_nic_init() (and updates callers accordingly) to allow
the machine init code using it to specify the right PCI root for NICs
created by old-style -net nic parameters.  NICs created new-style, with
-device can of course be put anywhere.
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

pci_get_bus_devfn() interprets a full PCI address string to give a PCIBus *
and device/function number within that bus.  Currently it assumes it is
working on an address under the primary PCI root bus.  This patch extends
it to allow the caller to specify a root bus.  This might seem a little odd
since the supplied address can (theoretically) include a PCI domain number.
However, attempting to use a non-zero domain number there is currently an
error, so that shouldn't really cause problems.
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

pci_find_domain() is used in a number of places where we want an id for a
whole PCI domain (i.e. the subtree under a PCI root bus).  The trouble is
that many platforms may support multiple independent host bridges with no
hardware supplied notion of domain number.

This patch, therefore, replaces calls to pci_find_domain() with calls to
a new pci_root_bus_path() returning a string.  The new call is implemented
in terms of a new callback in the host bridge class, so it can be defined
in some way that's well defined for the platform.  When no callback is
available we fall back on the qbus name.

Most current uses of pci_find_domain() are for error or informational
messages, so the change in identifiers should be harmless.  The exception
is pci_get_dev_path(), whose results form part of migration streams.  To
maintain compatibility with old migration streams, the PIIX PCI host is
altered to always supply "0000" for this path, which matches the old domain
number (since the code didn't actually support domains other than 0).

For the pseries (spapr) PCI bridge we use a different platform-unique
identifier (pseries machines can routinely have dozens of PCI host
bridges).  Theoretically that breaks migration streams, but given that we
don't yet have migration support for pseries, it doesn't matter.

Any other machines that have working migration support including PCI
devices will need to be updated to maintain migration stream compatibility.
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Currently pci_find_domain() performs two functions - it locates the PCI
root bus above the given bus, then looks up that root bus's domain number.
This patch adds a helper function to perform the first task, finding the
root bus for a given PCI device.  This is then used in pci_find_domain().
This changes pci_find_domain()'s signature slightly, taking a PCIDevice
instead of a PCIBus - since all callers passed something of the form
dev->bus, this simplifies things slightly.
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

pci_find_root_bus() takes a domain parameter.  Currently PCI root buses
with domain other than 0 can't be created, so this is more or less a long
winded way of retrieving the main PCI root bus.  Numbered domains don't
actually properly cover the (non x86) possibilities for multiple PCI root
buses, so this patch for now enforces the domain == 0 restriction in other
places to replace pci_find_root_bus() with an explicit
pci_find_primary_bus().
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Add myself into MAINTAINERS file, I'll looking at target-openrisc
and hw/openrisc.
Signed-off-by: NJia Liu <proljc@gmail.com>
Message-id: 1372769717-852-1-git-send-email-proljc@gmail.com
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This patch fixes a number of incorrect F: patterns which didn't
match any files in the source tree. This was caused by a mix
of minor typos (- for _ and the like) and a few entries which
hadn't been correctly updated following the rearrangement of hw/.

Offending entries were located with the following shell rune:

 for pattern in $(sed -ne 's/^F: //p' MAINTAINERS); do
   if ! stat --printf='' $pattern 2>/dev/null; then
     echo bad pattern: $pattern
   fi
 done
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Acked-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 1372070972-30776-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

# By Fam Zheng (2) and Stefan Hajnoczi (1)
# Via Stefan Hajnoczi
* stefanha/block:
  block: fix bdrv_flush() ordering in bdrv_close()
  curl: refuse to open URL from HTTP server without range support
  vmdk: Implement .bdrv_has_zero_init

Message-id: 1373023972-3587-1-git-send-email-stefanha@redhat.com
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

# By Paolo Bonzini (50) and others
# Via Paolo Bonzini
* bonzini/iommu-for-anthony: (66 commits)
  exec: change some APIs to take AddressSpaceDispatch
  exec: remove cur_map
  exec: put memory map in AddressSpaceDispatch
  exec: separate current radix tree from the one being built
  exec: move listener from AddressSpaceDispatch to AddressSpace
  memory: move MemoryListener declaration earlier
  exec: separate current memory map from the one being built
  exec: change well-known physical sections to macros
  qom: Use atomics for object refcounting
  memory: add reference counting to FlatView
  memory: use a new FlatView pointer on every topology update
  memory: access FlatView from a local variable
  add a header file for atomic operations
  hw/[u-x]*: pass owner to memory_region_init* functions
  hw/t*: pass owner to memory_region_init* functions
  hw/s*: pass owner to memory_region_init* functions
  hw/p*: pass owner to memory_region_init* functions
  hw/n*: pass owner to memory_region_init* functions
  hw/m*: pass owner to memory_region_init* functions
  hw/i*: pass owner to memory_region_init* functions
  ...

Message-id: 1372950842-32422-1-git-send-email-pbonzini@redhat.com
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Since 80ccf93b we flush the block device during close.  The
bdrv_drain_all() call should come before bdrv_flush() to ensure guest
write requests have completed.  Otherwise we may miss pending writes
when flushing.

Call bdrv_drain_all() again for safety as the final step after
bdrv_flush().  This should not be necessary but we can be paranoid here
in case bdrv_flush() left I/O pending.

Cc: qemu-stable@nongnu.org
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: NKevin Wolf <kwolf@redhat.com>

CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.

 * Removed curl_size_cb, which is not used: On one hand it's registered to
   libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
   which will get called with *data*, not *header*. On the other hand the
   s->len is assigned unconditionally later.

   In this gone function, the sscanf for "Content-Length: %zd", on
   (void *)ptr, which is not guaranteed to be zero-terminated, is
   potentially a security bug. So this patch fixes it as a side-effect. The
   bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
   (Note the bug is marked "private" so you might not be able to see it)

 * Introduced curl_header_cb, which is used to parse header and mark the
   server as accepting range if "Accept-Ranges: bytes" line is seen from
   response header. If protocol is HTTP or HTTPS, but server response has
   no not this support, refuse to open this URL.

Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: NFam Zheng <famz@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Depending on the subformat, has_zero_init queries underlying storage for
flat extent. If it has a flat extent and its underlying storage doesn't
have zero init, return 0. Otherwise return 1.

Aligns the operator assignments.
Signed-off-by: NFam Zheng <famz@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Reviewed-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

cur_map is not used anymore; instead, each AddressSpaceDispatch
has its own nodes/sections pair.  The priorities of the
MemoryListeners, and in the future RCU, guarantee that the
nodes/sections are not freed while they are still in use.

(In fact, next_map itself is not needed except to free the data on the
next update).

To avoid incorrect use, replace cur_map with a temporary copy that
is only valid while the topology is being updated.  If you use it,
the name prev_map makes it clear that you're doing something weird.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

After this patch, AddressSpaceDispatch holds a constistent tuple of
(phys_map, nodes, sections).  This will be important when updates
of the topology will run concurrently with reads.

cur_map is not used anymore except for freeing it at the end of the
topology update.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

This same treatment previously done to phys_node_map and phys_sections
is now applied to the dispatch field of AddressSpace.  Topology updates
use as->next_dispatch while accesses use as->dispatch.
Reviewed-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

This will help having two copies of AddressSpaceDispatch during the
recreation of the radix tree (one being built, and one that is complete
and will be protected by RCU).  We do not want to have to unregister and
re-register the listener.
Reviewed-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Reviewed-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Currently, phys_node_map and phys_sections are shared by all
of the AddressSpaceDispatch.  When updating mem topology, all
AddressSpaceDispatch will rebuild dispatch tables sequentially
on them.  In order to prepare for RCU access, leave the old
memory map alive while the next one is being accessed.

When rebuilding, the new dispatch tables will build and lookup
next_map; after all dispatch tables are rebuilt, we can switch
to next_* and free the previous table.

Based on a patch from Liu Ping Fan.
Signed-off-by: NLiu Ping Fan <qemulist@gmail.com>
Reviewed-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Sections like phys_section_unassigned always have fixed address
in phys_sections.  Declared as macro, so we can use them
when having more than one phys_sections array.
Signed-off-by: NLiu Ping Fan <pingfank@linux.vnet.ibm.com>
Signed-off-by: NLiu Ping Fan <qemulist@gmail.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Object reference counts will soon be changed outside the BQL. So we need
to use atomics in object_ref/unref.

Based on a patch by Liu Ping Fan.
Signed-off-by: NLiu Ping Fan <qemulist@gmail.com>
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

With this change, a FlatView can be used even after a concurrent
update has replaced it.  Because we do not yet have RCU, we use a
mutex to protect the small critical sections that read/write the
as->current_map pointer.  Accesses to the FlatView can be done
outside the mutex.

If a MemoryRegion will be used after the FlatView is unref-ed (or after
a MemoryListener callback is returned), a reference has to be added to
that MemoryRegion. memory_region_find already does it for the region
that it returns.  The same will be done for address_space_translate
as soon as the dispatch tree is also converted to RCU-style.
Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

This is the first step towards converting as->current_map to
RCU-style updates, where the FlatView updates run concurrently
with uses of an old FlatView.
Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

We will soon require accesses to as->current_map to be placed under
a lock (with reference counting so as to keep the critical section
small).  To simplify this change, always fetch as->current_map into
a local variable and access it through that variable.
Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

We're already using them in several places, but __sync builtins are just
too ugly to type, and do not provide seqcst load/store operations.
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>