Previously we allowed fully unaligned operations, but not operations
that are aligned but with less alignment than the operation size.

In addition, arm32, ia64, mips, and sparc had been omitted from the
previous overalignment patch, which would have led to that alignment
being enforced.
Signed-off-by: NRichard Henderson <rth@twiddle.net>

VFIO fixes 2016-09-15

Fix a 2.7.0 regression affecting POWER8 systems in relation to EEH,
possibly extending to subtle changes for other devices and archs.
(David Gibson)

# gpg: Signature made Thu 15 Sep 2016 18:31:42 BST
# gpg:                using RSA key 0x239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* remotes/awilliam/tags/vfio-fixes-20160915.0:
  vfio/pci: Fix regression in MSI routing configuration
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

* Support multiple -d trace:PATTERN arguments (Daniel)
* SCSI cleanups/fixes for removable meia (Fam)
* SCSI security fixes (Li Qiang, PJP)
* qemu-char segfault fix (Lin Ma)
* "make help" and qemu-socket cleanups (Marc-André)
* end of the buffer_is_zero reword (Richard)
* Fix target-i386 syscall segfault (Stanislav)
* split irqchip fix/robustification (Wanpeng)
* misc cleanups (me, Jiangang)
* x86 vmstate fixes (Pavel)

# gpg: Signature made Thu 15 Sep 2016 14:11:35 BST
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  pcspk: adding vmstate for save/restore
  kvmvapic: fix state change handler
  pc: apic: introduce APIC macro
  target-i386: Fixed syscall posssible segfault
  log: fix parsing of multiple trace:PATTERN log args
  qemu-char: avoid segfault if user lacks of permisson of a given logfile
  build-sys: add make 'help' target
  linux-user: complete omission of removing uses of strdup
  target-i386: fix ordering of fields in CPUX86State
  pc: apic: fix touch LAPIC when irqchip is split
  scsi: pvscsi: limit process IO loop to ring size
  memory: remove memory_region_destructor_rom_device
  Change net/socket.c to use socket_*() functions
  cutils: Rewrite x86 buffer zero checking
  scsi: mptsas: use g_new0 to allocate MPTSASRequest object
  virtio-scsi: Don't abort when media is ejected
  scsi-disk: Cleaning up around tray open state
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

d1f6af6a "kvm-irqchip: simplify kvm_irqchip_add_msi_route" was a cleanup
of kvmchip routing configuration, that was mostly intended for x86.
However, it also contains a subtle change in behaviour which breaks EEH[1]
error recovery on certain VFIO passthrough devices on spapr guests.  So far
it's only been seen on a BCM5719 NIC on a POWER8 server, but there may be
other hardware with the same problem.  It's also possible there could be
circumstances where it causes a bug on x86 as well, though I don't know of
any obvious candidates.

Prior to d1f6af6a, both vfio_msix_vector_do_use() and
vfio_add_kvm_msi_virq() used msg == NULL as a special flag to mark this
as the "dummy" vector used to make the host hardware state sync with the
guest expected hardware state in terms of MSI configuration.

Specifically that flag caused vfio_add_kvm_msi_virq() to become a no-op,
meaning the dummy irq would always be delivered via qemu. d1f6af6a changed
vfio_add_kvm_msi_virq() so it takes a vector number instead of the msg
parameter, and determines the correct message itself.  The test for !msg
was removed, and not replaced with anything there or in the caller.

With an spapr guest which has a VFIO device, if an EEH error occurs on the
host hardware, then the device will be isolated then reset.  This is a
combination of host and guest action, mediated by some EEH related
hypercalls.  I haven't fully traced the mechanics, but somehow installing
the kvm irqchip route for the dummy irq on the BCM5719 means that after EEH
reset and recovery, at least some irqs are no longer delivered to the
guest.

In particular, the guest never gets the link up event, and so the NIC is
effectively dead.

[1] EEH (Enhanced Error Handling) is an IBM POWER server specific PCI-*
    error reporting and recovery mechanism.  The concept is somewhat
    similar to PCI-E AER, but the details are different.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1373802

Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Gavin Shan <gwshan@au1.ibm.com>
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
Cc: qemu-stable@nongnu.org
Fixes: d1f6af6a ("kvm-irqchip: simplify kvm_irqchip_add_msi_route")
Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>

trivial patches for 2016-09-15

# gpg: Signature made Thu 15 Sep 2016 13:40:55 BST
# gpg:                using RSA key 0x701B4F6B1A693E59
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931  4B22 701B 4F6B 1A69 3E59

* remotes/mjt/tags/trivial-patches-fetch: (21 commits)
  mptsas: change .realize function name
  linux-user/qemu.h: change malloc to g_malloc, free to g_free
  win32: don't run subprocess tests on Mingw32 platform
  sheepdog: remove useless casts
  fw_cfg: remove useless casts
  tricore: remove useless cast
  s390x: remove useless cast
  linux-user,s390x: remove useless cast
  coccinelle: add a script to remove useless casts
  curl: Operate on zero-length file
  Remove unused function declarations
  ivshmem: Delete duplicate debug message
  sh4: fix broken link to documentation
  MAINTAINERS: Fix up F: entry bit rot
  MAINTAINERS: Add include/sysemu/cpus.h
  MAINTAINERS: Add include/hw/sh4/ to SH4 section
  MAINTAINERS: Add include/hw/tricore/ to TriCore section
  MAINTAINERS: Add include/hw/unicore32/ to UniCore32 section
  ui/console: Fix non-working backspace key in monitor of gtk UI
  tcg: Remove duplicate header includes
  ...
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

usb-mtp: add support for files larger than 4g (gsoc)
xhci & usb-host: bugfixes.

# gpg: Signature made Wed 14 Sep 2016 10:30:38 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-usb-20160914-1:
  usb-mtp: added object properties
  usb-mtp: fix sending files larger than 4gb
  usb:xhci:fix memory leak in usb_xhci_exit
  usb-host: fix streams detection in usb_host_speed_compat
  xhci: Fix remainder field for TR_SETUP completion event.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

VMState added by this patch preserves correct
loading of the PC speaker device state.
Signed-off-by: NPavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <20160915090133.6440.65457.stgit@PASHA-ISP>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

This patch fixes kvmvapic state change handler.
It clears vmsentry field to allow recreating it
at further vmstate loads.
Signed-off-by: NPavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <20160915090127.6440.48793.stgit@PASHA-ISP>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Introduce a new APIC macro to replace APIC_COMMON macro in
hw/intc/apic.c in order to capture access LAPIC in qemu
even if LAPIC is emulated in kvm.
Suggested-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: NWanpeng Li <wanpeng.li@hotmail.com>
Message-Id: <1473923759-13912-1-git-send-email-wanpeng.li@hotmail.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

All the other devices` .realize function name are xxx_realize, except this one.

cc: Michael S. Tsirkin <mst@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>
cc: Paolo Bonzini <pbonzini@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NMarcel Apfelbaum <marcel@redhat.com>
Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Signed-off-by: NMd Haris Iqbal <haris.phnx@gmail.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

On Tue, Jun 14, 2016 at 04:44:57PM +0100, Daniel P. Berrange wrote:
> The g_test_trap_subprocess() method does not work on the
> Mingw32 platform, causing the test-qdev-global-props
> test case to abort
>
> (test-logging.exe:230): GLib-ERROR **: g_test_trap_subprocess()
> failed: Failed to execute helper program (No such file or directory)
>
> This failure was introduced a while ago in
>
>   commit 2177801a
>   Author: Eduardo Habkost <ehabkost@redhat.com>
>   Date:   Fri Aug 8 16:03:27 2014 -0300
>
>     test-qdev-global-props: Run tests on subprocess
>
> Modify the configure time check to avoid enabling this feature
> on Mingw, rather than trying to rewrite the test to avoid this
> feature.

I would do the following instead, just in case we have extra code
looking at $glib_subprocess one day.
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

This patch is the result of coccinelle script
scripts/coccinelle/typecast.cocci

CC: Hitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp>
CC: qemu-block@nongnu.org
Signed-off-by: NLaurent Vivier <lvivier@redhat.com>
Reviewed-by: NHitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

This patch is the result of coccinelle script
scripts/coccinelle/typecast.cocci

CC: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: NLaurent Vivier <lvivier@redhat.com>
Reviewed-by: NLaszlo Ersek <lersek@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

This patch is the result of coccinelle script
scripts/coccinelle/typecast.cocci

CC: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: NLaurent Vivier <lvivier@redhat.com>
Reviewed-by: NBastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

This patch is the result of coccinelle script
scripts/coccinelle/typecast.cocci

CC: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: NLaurent Vivier <lvivier@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

This patch is the result of coccinelle script
scripts/coccinelle/typecast.cocci

CC: Riku Voipio <riku.voipio@iki.fi>
CC: Alexander Graf <agraf@suse.de>
Signed-off-by: NLaurent Vivier <lvivier@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Script from LKML.
Signed-off-by: NLaurent Vivier <lvivier@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Another attempt to fix the bug 1596870.

When creating new disk backed by remote file accessed via HTTPS and the
backing file has zero length, qemu-img terminates with uniformative
error message:

    qemu-img: disk.qcow2: CURL: Error opening file:

While it may not make much sense to operate on empty file, other block
backends (e.g. raw backend for regular files) seem to allow it. This
patch fixes it for the curl backend and improves the reported error.
Signed-off-by: NTomáš Golembiovský <tgolembi@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Unused function declarations were found using a simple gcc plugin and
manually verified by grepping the sources.
Signed-off-by: NLadi Prosek <lprosek@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Duplicated in commit ca0b7566.  Delete it.
Signed-off-by: NStefano Dong (董兴水) <opensource.dxs@aliyun.com>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

The page that was previously linked in the source code and the README file is
no longer available so it now returns a 404 error message.

This puts a previous snapshot from archive.org instead.
Signed-off-by: NReda Sallahi <fullmanet@gmail.com>
Acked-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

include/hw/xilinx.h is gone since commit d5001cf7, drop.

include/hw/*/xlnx*.c is a typo, change .c to .h.

include/hw/acpi/piix.h is a typo, change piix.h to piix4.h.

hw/i386/*dsl and scripts/acpi*py are gone since since commit 9fc65026,
drop.

hw/virtio/dataplane/* are gone since commit fee089e4, drop.

ICC Bus is gone since commit dfeb8679, drop.

block/raw-aio.h was moved to include/block/raw-aio.h in commit
0187f5c9, update.

Tracked down with

    for i in `grep "^[FX]: " MAINTAINERS | sed "s/^.: //"`
    do if [ ! -e "$i" ]; then echo "$i"; fi
    done
Reported-by: NThomas Huth <thuth@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NThomas Huth <thuth@redhat.com>
Acked-by: NStefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

This header seems to belong to the guest CPU section since it
contains prototypes for cpus.c.
Signed-off-by: NThomas Huth <thuth@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

get_maintainer.pl now properly recognizes that the files in
include/hw/sh4/ belong to SH4.
Signed-off-by: NThomas Huth <thuth@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

get_maintainer.pl now properly recognizes that the file in
include/hw/tricore/ belongs to TriCore.
Signed-off-by: NThomas Huth <thuth@redhat.com>
Reviewed-by: NBastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

get_maintainer.pl now properly recognizes that the file in
include/hw/unicore32/ belongs to UniCore32.
Signed-off-by: NThomas Huth <thuth@redhat.com>
Acked-by: NGuan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

In the QEMU monitor pane of the gtk user interface, the backspace
key is not working at all. This happens because of a missing mapping
of the key in the qcode_to_keysym[] table. Thus let's add an entry
there to get the backspace key working again.

Buglink: https://bugs.launchpad.net/qemu/+bug/1611979Signed-off-by: NThomas Huth <thuth@redhat.com>
Reviewed-by: NGerd Hoffmann <kraxel@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

host-utils.h and timer.h are included twice in tcg.c.
One time should be enough.
Signed-off-by: NThomas Huth <thuth@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

The HPPA backend has been removed by the following commit:

    802b5081
    tcg-hppa: Remove tcg backend

But some small pieces of the HPPA backend still survived until
today. Since we also do not have support for a HPPA target in
QEMU, we can nowadays safely remove the remaining HPPA parts
(like the disassembler code, or the detection of HPPA in the
configure script).
Signed-off-by: NThomas Huth <thuth@redhat.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

All operations that take a floatx80 as an operand need to have their
inputs checked for malformed encodings. In all of these cases, use the
function floatx80_invalid_encoding to perform the check. If an invalid
operand is found, raise an invalid operation exception, and then return
either NaN (for fp-typed results) or the integer indefinite value (the
minimum representable signed integer value, for int-typed results).

For the non-quiet comparison operations, this touches adjacent code in
order to pass style checks.
Signed-off-by: NAndrew Dutcher <andrew@andrewdutcher.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1471392895-17324-1-git-send-email-andrew@andrewdutcher.com
[PMM: changed "1 << 63" to "1ULL << 63" to fix compile errors]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The about dialog in QEMU on Mac OS X is very plain and unhelpful. This patch
makes the about dialog look a lot better and have some descriptive information
on what version of QEMU the user is running.
Signed-off-by: NJohn Arbuckle <programmingkidx@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: ED59936E-3EB2-46AB-9E33-AB26E382B884@gmail.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

* minor patches here and there
* MTTCG: lock-free TB lookup
* SCSI: bugfixes for MPTSAS, MegaSAS, LSI53c, vmw_pvscsi
* buffer_is_zero rewrite (except for one patch)
* chardev: qemu_chr_fe_write checks
* checkpatch improvement for markdown preformatted text
* default-configs cleanups
* atomics cleanups

# gpg: Signature made Tue 13 Sep 2016 18:14:30 BST
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (58 commits)
  cutils: Add generic prefetch
  cutils: Add SSE4 version
  cutils: Add test for buffer_is_zero
  cutils: Remove ppc buffer zero checking
  cutils: Remove aarch64 buffer zero checking
  cutils: Rearrange buffer_is_zero acceleration
  cutils: Export only buffer_is_zero
  cutils: Remove SPLAT macro
  cutils: Move buffer_is_zero and subroutines to a new file
  ppc: do not redefine CPUPPCState
  x86/lapic: Load LAPIC state at post_load
  optionrom: do not rely on compiler's bswap optimization
  checkpatch: Fix whitespace checks for documentation code blocks
  atomics: Use __atomic_*_n() variant primitives
  atomics: Remove redundant barrier()'s
  kvm-all: drop kvm_setup_guest_memory
  i8257: Make device "i8257" unavailable with -device
  Revert "megasas: remove useless check for cmd->frame"
  char: convert qemu_chr_fe_write to qemu_chr_fe_write_all
  hw: replace most use of qemu_chr_fe_write with qemu_chr_fe_write_all
  ...
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

 Conflicts:
	cpus.c
	tests/Makefile.include

In user-mode emulation env->idt.base memory is
allocated in linux-user/main.c with
size 8*512 = 4096 (for 64-bit).
When fake interrupt EXCP_SYSCALL is thrown
do_interrupt_user checks destination privilege level
for this fake exception, and tries to read 4 bytes
at address base + (256 * 2^4)=4096, that causes
segfault.

Privlege level was checked only for int's, so lets
read dpl from memory only for this case.
Signed-off-by: NStanislav Shmarov <snarpix@gmail.com>
Message-Id: <1473773008-2588376-1-git-send-email-snarpix@gmail.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

If giving QEMU a log arg which asks to enable multiple
different trace event patterns such as

  $QEMU -d trace:qio*,trace:qcrypto*

the parser will then invoke

  trace_enable_events("qio*,trace:qcrypto*")
  trace_enable_events("qcrypto*")

as when finding a 'trace:' prefix, it is not clever
enough to strip anything after the next comma. As
a result only the last 'trace:' match ever works.

Rather than trying to be more clever with parsing the
command line arg in place, simplify the code by
using g_strsplit to break it into individual strings
on ','. These resulting pieces can be directly used
without worrying about trailing data from the next
option.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
Message-Id: <1473186343-16704-1-git-send-email-berrange@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Function qemu_chr_alloc returns NULL if it failed to open logfile by any reason,
says no write permission. For backends tty, stdio and msmouse, They need to
check this return value to avoid segfault in this case.
Signed-off-by: NLin Ma <lma@suse.com>
Cc: qemu-stable <qemu-stable@nongnu.org>
Message-Id: <20160914062250.22226-1-lma@suse.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Add a make 'help', to print a summary of the main Makefile targets.
The format is loosely inspired by Linux make 'help' output.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20160913142033.7705-1-marcandre.lureau@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

The 900cfbca just removed two unchecked uses of strdup
in fill_psinfo and missed the rest in core_dump_filename.
This patch fixes it.
Signed-off-by: NWei Jiangang <weijg.fnst@cn.fujitsu.com>
Message-Id: <1459997185-15669-2-git-send-email-weijg.fnst@cn.fujitsu.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Make sure reset zeroes TSC_AUX, XCR0, PKRU.  Move XSTATE_BV from the
"vmstate only" section to the "KVM only" section.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Add -kernel_irqchip=split
./x86-run x86/eventinj.flat

qemu-system-x86_64 -enable-kvm -machine kernel_irqchip=split -cpu host
-device pc-testdev -device isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc
none -serial stdio -device pci-testdev -kernel x86/eventinj.flat
enabling apic
paging enabled
cr0 = 80010011
cr3 = 7fff000
cr4 = 20
Sending vec 33 and 62 and mask one with TPR
irq1 running
irq1 running
After 33/62 TPR test
FAIL: TPR
irq0 running
irq0 running

Both irq1 and irq0 are executing twice.

kvm_entry: vcpu 0
kvm_exit: reason MSR_WRITE rip 0x401f33 info 0 0
kvm_apic: apic_write APIC_EOI = 0x0
kvm_eoi: apicid 0 vector 62
kvm_msr: msr_write 80b = 0x0
kvm_entry: vcpu 0
kvm_exit: reason PENDING_INTERRUPT rip 0x401f35 info 0 0
kvm_userspace_exit: reason KVM_EXIT_IRQ_WINDOW_OPEN (7)
kvm_inj_virq: irq 62
kvm_entry: vcpu 0
kvm_exit: reason IO_INSTRUCTION rip 0x4016ec info 3fd0008 0

From the trace we can see there is an interrupt window exit
after the first interrupt EOI(irq 62), and the same irq(62)
is injected duplicately after the interrupt window.

QEMU does KVM_INTERRUPT(62) ioctl after KVM exits with
KVM_EXIT_IRQ_WINDOW_OPEN, which QEMU requested while the
guest was printing.  The printing calls

serial_update_irq() -> qemu_irq_lower() -> qemu_set_irq() ->
gsi_handler() -> qemu_set_irq() -> pic_irq_request() ->
apic_deliver_pic_intr() -> kvm_handle_interrupt()

kvm_handle_interrupt() does

	interrupt_request |= CPU_INTERRUPT_HARD

which later calls cpu_get_pic_interrupt() in kvm_arch_pre_run(),
but that function uses stale information from APIC and injects
62 again. If we synchronized the APIC, then the test would #GP,
because there would be no injectable interrupt in LAPIC or PIC,
so pic_read_irq() would return 15, thinking it was spurious.

This patch fix it by don't touch LAPIC if LAPIC is in kernel.
Suggested-by: NPaolo Bonzini <pbonzini@redhat.com>
Suggested-by: NRadim Krčmář <rkrcmar@redhat.com>
Cc: qemu-stable@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: NWanpeng Li <wanpeng.li@hotmail.com>
Message-Id: <1473832464-3478-1-git-send-email-wanpeng.li@hotmail.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>