Support guest CPUs which need 7 MMU index values.
Add a comment about what would be required to raise the limit
further (trivial for 8, TCG backend rework for 9 or more).
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NGreg Bellows <greg.bellows@linaro.org>
Reviewed-by: NRichard Henderson <rth@twiddle.net>

Signed-off-by: NLaszlo Ersek <lersek@redhat.com>
Message-id: 1422592273-4432-1-git-send-email-lersek@redhat.com
[PMM: added note recommending UUIDs]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The documentation states that if LSB > MSB in BFI instruction behaviour
is unpredictable. Currently QEMU crashes because of assertion failure in
this case:

tcg/tcg-op.h:2061: tcg_gen_deposit_i32: Assertion `len <= 32' failed.

While assertion failure may meet the "unpredictable" definition this
behaviour is undesirable because it allows an unprivileged guest program
to crash the emulator with the OS and other programs.

This patch addresses the issue by throwing illegal instruction exception
if LSB > MSB. Only ARM decoder is affected because Thumb decoder already
has this check in place.

To reproduce issue run the following program

int main(void) {
    asm volatile (".long 0x07c00c12" :: );
    return 0;
}

compiled with
  gcc -marm -static badop_arm.c -o badop_arm
Signed-off-by: NKirill Batuzov <batuzovk@ispras.ru>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The helper functions for FRECPS and FRSQRTS have special case
handling that includes checks for zero inputs, so squash input
denormals if necessary before those checks. This fixes incorrect
output when the FPCR DZ bit is set to enable squashing of input
denormals.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Tested-by: NLaurent Desnogues <laurent.desnogues@gmail.com>

While FMULX returns a 2.0f float when two operators are infinity and
zero, those operators should be unpacked from raw inputs first. Inconsistent
cases would occur when operators are denormalized floats in flush-to-zero
mode. A wrong codepath will be entered and 2.0f will not be returned
without this patch.
Fix by checking whether inputs need to be flushed before running into
different codepaths.
Signed-off-by: NXiangyu Hu <libhu.so@gmail.com>
Message-id: 1422459650-12490-1-git-send-email-libhu.so@gmail.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Add assertion checking when cpreg structures are registered that they
either forbid raw-access attempts or at least make an attempt at
handling them. Also add an assert in the raw-accessor-of-last-resort,
to avoid silently doing a read or write from offset zero, which is
actually AArch32 CPU register r0.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1422282372-13735-3-git-send-email-peter.maydell@linaro.org
Reviewed-by: NGreg Bellows <greg.bellows@linaro.org>

We currently mark ARM coprocessor/system register definitions with
the flag ARM_CP_NO_MIGRATE for two different reasons:
1) register is an alias on to state that's also visible via
   some other register, and that other register is the one
   responsible for migrating the state
2) register is not actually state at all (for instance the TLB
   or cache maintenance operation "registers") and it makes no
   sense to attempt to migrate it or otherwise access the raw state

This works fine for identifying which registers should be ignored
when performing migration, but we also use the same functions for
synchronizing system register state between QEMU and the kernel
when using KVM. In this case we don't want to try to sync state
into registers in category 2, but we do want to sync into registers
in category 1, because the kernel might have picked a different
one of the aliases as its choice for which one to expose for
migration. (In particular, on 32 bit hosts the kernel will
expose the state in the AArch32 version of the register, but
TCG's convention is to mark the AArch64 version as the version
to migrate, even if the CPU being emulated happens to be 32 bit,
so almost all system registers will hit this issue now that we've
added AArch64 system emulation.)

Fix this by splitting the NO_MIGRATE flag in two (ALIAS and NO_RAW)
corresponding to the two different reasons we might not want to
migrate a register. When setting up the TCG list of registers to
migrate we honour both flags; when populating the list from KVM,
only ignore registers which are NO_RAW.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NGreg Bellows <greg.bellows@linaro.org>
Message-id: 1422282372-13735-2-git-send-email-peter.maydell@linaro.org
[PMM: changed ARM_CP_NO_MIGRATE to ARM_CP_ALIAS on new SP_EL1 and
 SP_EL2 reginfo stanzas since there was a (semantic) merge conflict
 with the patchset that added those]

Added CP register definitions for SP_EL1 and SP_EL2.
Signed-off-by: NGreg Bellows <greg.bellows@linaro.org>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-5-git-send-email-greg.bellows@linaro.org
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Update to arm_cpu_reset() to reset into the highest available exception level
based on the set ARM features.
Signed-off-by: NGreg Bellows <greg.bellows@linaro.org>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-4-git-send-email-greg.bellows@linaro.org
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Added RVBAR_EL2 and RVBAR_EL3 CP register support.  All RVBAR_EL# registers
point to the same location and only the highest EL version exists at any one
time.
Signed-off-by: NGreg Bellows <greg.bellows@linaro.org>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-3-git-send-email-greg.bellows@linaro.org
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Fix the RVBAR_EL1 CP register opc2 encoding from 2 to 1
Signed-off-by: NGreg Bellows <greg.bellows@linaro.org>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-2-git-send-email-greg.bellows@linaro.org
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This patch allows the board to specifiy the number of NVIC interrupt
lines when using armv7m_init.
Signed-off-by: NAlistair Francis <alistair23@gmail.com>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 5a0b0fcc778df0340899f488053acc9493679e03.1422077994.git.alistair23@gmail.com
[PMM: removed stale FIXME comment]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This patch moves the memory region init code from the
armv7m_init function to the stellaris_init function
Signed-off-by: NAlistair Francis <alistair23@gmail.com>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 4836be7e1d708554d6eb0bc639dc2fbf7dac0458.1422077994.git.alistair23@gmail.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

qmp hmp balloon: Cleanups around error reporting

# gpg: Signature made Thu 05 Feb 2015 07:15:11 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-error-2015-02-05:
  balloon: Eliminate silly QERR_ macros
  balloon: Factor out common "is balloon active" test
  balloon: Inline qemu_balloon(), qemu_balloon_status()
  qmp: Eliminate silly QERR_COMMAND_NOT_FOUND macro
  qmp: Simplify recognition of capability negotiation command
  qmp: Clean up qmp_query_spice() #ifndef !CONFIG_SPICE dummy
  hmp: Compile hmp_info_spice() only with CONFIG_SPICE
  qmp hmp: Improve error messages when SPICE is not in use
  qmp hmp: Factor out common "using spice" test
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

VFIO fixes:
- Fix wrong initializer (Chen Fan)
- Add missing object_unparent (Alex Williamson)

# gpg: Signature made Wed 04 Feb 2015 18:49:24 GMT using RSA key ID 3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"

* remotes/awilliam/tags/vfio-update-20150204.0:
  vfio-pci: Fix missing unparent of dynamically allocated MemoryRegion
  vfio: fix wrong initialize vfio_group_list
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Commit d8d95814 added explicit object_unparent() calls for
dynamically allocated MemoryRegions.  The VFIOMSIXInfo structure also
contains such a MemoryRegion, covering the mmap'd region of a PCI BAR
above the MSI-X table.  This structure is freed as part of the class
exit function and therefore also needs an explicit object_unparent().
Failing to do this results in random segfaults due to fields within
the structure, often the class pointer, being reclaimed and corrupted
by the time object_finalize_child_property() is called for the object.
Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Cc: qemu-stable@nongnu.org # 2.2

Signed-off-by: NChen Fan <chen.fan.fnst@cn.fujitsu.com>
Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>

s390 translator bug fixes

# gpg: Signature made Tue 03 Feb 2015 20:39:15 GMT using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/pull-tg-s390-20150203:
  target-s390x: fix and optimize slb* and slbg* computation of carry/borrow flag
  target-s390x: support OC and NC in the EX instruction
  disas/s390.c: Remove unused variables
  target-s390x: Mark check_privileged() as !CONFIG_USER_ONLY
  target-s390: Implement ECAG
  target-s390: Implement LURA, LURAG, STURG
  target-s390: Fix STURA
  target-s390: Fix STIDP
  target-s390: Implement EPSW
  target-s390: Implement SAM specification exception
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This patch fixes the bug with borrow_in being set incorrectly, but it
also simplifies the logic to be much more plain, improving speed.  It
fixes both the 32-bit SLB* and 64-bit SLBG*.

The SLBG* change has been well-tested.  I haven't tested the SLB* change
explicitly, but the code was copy-pasted from the tested code.

The error of these functions' current implementations would not likely
be triggered by compiler-generated code, since the only error was in the
state of the carry/borrow flag.  Compilers rarely generate an
instruction sequence such as carry-set -> carry-set-and-use ->
carry-use.

(With Paolo's fix and mine, there are still a couple of failures from
GMP's testsuite, but they are almost surely due to incorrect code
generation from gcc 4.9.  But since this gcc is running under qemu, it
might be qemu bugs.  I intend to investigate this.)
Signed-off-by: NTorbjorn Granlund <torbjorng@google.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

This is needed to run the GMP testsuite.
Reported-by: NTorbjorn Granlund <torbjorng@google.com>
Tested-by: NTorbjorn Granlund <torbjorng@google.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

The variables s390_opformats and s390_num_opformats are unused and
provoke clang warnings:

disas/s390.c:849:33: warning: variable 's390_opformats' is not needed and will not be emitted [-Wunneeded-internal-declaration]
static const struct s390_opcode s390_opformats[] =
                                ^
disas/s390.c:875:18: warning: unused variable 's390_num_opformats' [-Wunused-const-variable]
static const int s390_num_opformats =
                 ^

Delete them, since QEMU doesn't use them.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Message-id: 1419373100-17690-3-git-send-email-peter.maydell@linaro.org
Signed-off-by: NRichard Henderson <rth@twiddle.net>

The function check_privileged() is only used in the softmmu configs;
wrap it in an #ifndef CONFIG_USER_ONLY to avoid clang warnings on the
linux-user builds.

[rth: Remove inline marker too; it was only there to prevent exactly
this warning in GCC.]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Message-id: 1419373100-17690-2-git-send-email-peter.maydell@linaro.org
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Signed-off-by: NRichard Henderson <rth@twiddle.net>

Signed-off-by: NRichard Henderson <rth@twiddle.net>

We were storing 16 bits instead of 32.
Signed-off-by: NRichard Henderson <rth@twiddle.net>

The implementation had been incomplete, as we did not store the
machine type.  Note that the machine_type member is still unset
during initialization, so this has no effect yet.
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Signed-off-by: NRichard Henderson <rth@twiddle.net>

Also, these are user-mode instructions; allow their use
in CONFIG_USER_ONLY.
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Some bugfixes and cleanups for s390x, both in the new pci code and
in old code.

# gpg: Signature made Tue 03 Feb 2015 13:01:04 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"

* remotes/cohuck/tags/s390x-20150203:
  pc-bios/s390-ccw: update binary
  pc-bios/s390-ccw: fix sparse warnings
  s390x/ipl: Improved code indentation in s390_ipl_init()
  s390x/kvm: unknown DIAGNOSE code should give a specification exception
  s390x/kvm: Fix diag-308 register decoding
  s390x/pci: fix dma notifications in rpcit instruction
  s390x/pci: check for invalid function handle
  s390x/pci: avoid sign extension in stpcifc
  s390: Plug memory leak on s390_pci_generate_event() error path
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com>

Fix some sparse warnings in the s390-ccw bios.
Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com>

The indentation of the code in s390_ipl_init() can be simplified
a little bit by removing superfluous else-statements.
Suggested-by: NMichael Mueller <mimu@linux.vnet.ibm.com>
Signed-off-by: NThomas Huth <thuth@linux.vnet.ibm.com>
Acked-by: NCornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com>

As described in CP programming services an unimplemented DIAGNOSE
function should return a specification exception. Today we give the
guest an operation exception.
As both exception types are suppressing and Linux as a guest does not
care about the type of program check in its exception table handler
as long as both types have the same kind of error handling (nullifying,
terminating, suppressing etc.) this was unnoticed.
Reviewed-by: NThomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com>

Fix the decoding of the r1 register number in the diagnose 308 handler.
Signed-off-by: NThomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: NMichael Mueller <mimu@linux.vnet.ibm.com>
Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com>

The virtual I/O address range passed to rpcit instruction might not
map to consecutive physical guest pages. For this we have to translate
and create mapping notifications for each vioa page separately.
Signed-off-by: NYi Min Zhao <zyimin@cn.ibm.com>
Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com>

broken guest may provide 0 (invalid) function handle to zpci
instructions. Since we use function handle 0 to indicate an empty
slot in the PHB we have to add an additional check to spot this
kind of error.
Signed-off-by: NFrank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com>

This patch avoids sign extension and fixes a data conversion
bug in stpcifc. Both issues where found by Coverity.
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NFrank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com>

Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com>

The important bits here are the first part of RCU.

v1->v2 changes are the new qemu-thread patch to fix Mac OS X,
and cleaning up warnings.

v2->v3 removed the patch to enable modules by default.

# gpg: Signature made Mon 02 Feb 2015 19:28:03 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  scsi: Fix scsi_req_cancel_async for no aiocb req
  cpu-exec: simplify init_delay_params
  cpu-exec: simplify align_clocks
  memory: avoid ref/unref in memory_region_find
  memory: protect current_map by RCU
  memory: remove assertion on memory_region_destroy
  rcu: add call_rcu
  rcu: allow nesting of rcu_read_lock/rcu_read_unlock
  rcu: add rcutorture
  rcu: add rcu library
  qemu-thread: fix qemu_event without futexes
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

scsi_req_cancel_complete is responsible for releasing the request, so we
shouldn't skip it in any case. This doesn't affect the only existing
caller, virtio-scsi, but is useful for other devices once they use it.
Suggested-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NFam Zheng <famz@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>