Fixes the previous TLB_WATCHPOINT patches because we are currently
failing to set cpu->mem_io_pc with the call to cpu_check_watchpoint.
Pass down the retaddr directly because it's readily available.

Fixes: 50b107c5Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

Rather than rely on cpu->mem_io_pc, pass retaddr down directly.

Within tb_invalidate_phys_page_range__locked, the is_cpu_write_access
parameter is non-zero exactly when retaddr would be non-zero, so that
is a simple replacement.

Recognize that current_tb_not_found is true only when mem_io_pc
(and now retaddr) are also non-zero, so remove a redundant test.
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

All callers pass false to this argument.  Remove it and pass the
constant on to tb_invalidate_phys_page_range__locked.
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

With the merge of notdirty handling into store_helper,
the last user of cpu->mem_io_vaddr was removed.
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

We can use notdirty_write for the write and return a valid host
pointer for this case.
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

Since 9458a9a1, all readers of the dirty bitmaps wait
for the rcu lock, which means that they wait until the end
of any executing TranslationBlock.

As a consequence, there is no need for the actual access
to happen in between the _prepare and _complete.  Therefore,
we can improve things by merging the two functions into
notdirty_write and dropping the NotDirtyInfo structure.

In addition, the only users of notdirty_write are in cputlb.c,
so move the merged function there.  Pass in the CPUIOTLBEntry
from which the ram_addr_t may be computed.
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

There is only one caller, tlb_set_page_with_attrs.  We cannot
inline the entire function because the AddressSpaceDispatch
structure is private to exec.c, and cannot easily be moved to
include/exec/memory-internal.h.

Compute is_ram and is_romd once within tlb_set_page_with_attrs.
Fold the number of tests against these predicates.  Compute
cpu_physical_memory_is_clean outside of the tlb lock region.
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

Pages that we want to track for NOTDIRTY are RAM.  We do not
really need to go through the I/O path to handle them.
Acked-by: NDavid Hildenbrand <david@redhat.com>
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

It does not require going through the whole I/O path
in order to discard a write.
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

The memory_region_tb_read tracepoint is unreachable, since notdirty
is supposed to apply only to writes.  The memory_region_tb_write
tracepoint is mis-named, because notdirty is not only used for TB
invalidation.  It is also used for e.g. VGA RAM updates and migration.

Replace memory_region_tb_write with memory_notdirty_write_access,
and place it in memory_notdirty_write_prepare where it can catch
all of the instances.  Add memory_notdirty_set_dirty to log when
we no longer intercept writes to a page.
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

Handle bswap on ram directly in load/store_helper.  This fixes a
bug with the previous implementation in that one cannot use the
I/O path for RAM.

Fixes: a26fc6f5Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

We will shortly be using these more than once.
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

Increase the current runtime assert to a compile-time assert.
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

Use this as a compile-time assert that a particular
code path is not reachable.
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

This forced inlining can result in missing symbols,
which makes a debugging build harder to follow.
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Reported-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

These bits do not need to vary with the actual page size
used by the guest.
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

Xen queue

* Update of maintainer email address
* Fixes for xen-bus and xen-block

# gpg: Signature made Tue 24 Sep 2019 12:27:56 BST
# gpg:                using RSA key F80C006308E22CFD8A92E7980CF5572FD7FB55AF
# gpg:                issuer "anthony.perard@citrix.com"
# gpg: Good signature from "Anthony PERARD <anthony.perard@gmail.com>" [marginal]
# gpg:                 aka "Anthony PERARD <anthony.perard@citrix.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5379 2F71 024C 600F 778A  7161 D8D5 7199 DF83 42C8
#      Subkey fingerprint: F80C 0063 08E2 2CFD 8A92  E798 0CF5 572F D7FB 55AF

* remotes/aperard/tags/pull-xen-20190924:
  xen-bus: only set the xen device frontend state if it is missing
  xen-block: treat XenbusStateUnknown the same as XenbusStateClosed
  MAINTAINERS: update my email address
  xen: perform XenDevice clean-up in XenBus watch handler
  xen: introduce separate XenWatchList for XenDevice objects
  xen / notify: introduce a new XenWatchList abstraction
  xen-bus: check whether the frontend is active during device reset...
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

audio: documentation fixes.
audio: new backend api (first part of the surround sound patch series).

# gpg: Signature made Tue 24 Sep 2019 07:19:31 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20190924-pull-request:
  audio: split ctl_* functions into enable_* and volume_*
  audio: common rate control code for timer based outputs
  audio: unify input and output mixeng buffer management
  audio: remove remains of the old backend api
  wavaudio: port to the new audio backend api
  spiceaudio: port to the new audio backend api
  sdlaudio: port to the new audio backend api
  paaudio: port to the new audio backend api
  ossaudio: port to the new audio backend api
  noaudio: port to the new audio backend api
  dsoundaudio: port to the new audio backend api
  coreaudio: port to the new audio backend api
  alsaaudio: port to the new audio backend api
  audio: api for mixeng code free backends
  audio: fix ALSA period-length typo in documentation
  audio: fix buffer-length typo in documentation
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Some toolstack implementations will set the frontend xenstore
keys to Initialising which will then trigger the in guest PV
drivers to begin initialising and some implementations will
then set their state to Closing. If this has occurred then
device realize must not overwrite the frontend keys as then
the handshake will stall.
Signed-off-by: NMark Syms <mark.syms@citrix.com>

Also avoid creating the frontend area if it already exists.
Signed-off-by: NPaul Durrant <paul.durrant@citrix.com>
Reviewed-by: NAnthony PERARD <anthony.perard@citrix.com>
Message-Id: <20190918115745.39006-1-paul.durrant@citrix.com>
Signed-off-by: NAnthony PERARD <anthony.perard@citrix.com>

When a frontend gracefully disconnects from an offline backend, it will
set its own state to XenbusStateClosed. The code in xen-block.c correctly
deals with this and sets the backend into XenbusStateClosed. Unfortunately
it is possible for toolstack to actually delete the frontend area
before the state key has been read, leading to an apparent frontend state
of XenbusStateUnknown. This prevents the backend state from transitioning
to XenbusStateClosed and hence leaves it limbo.

This patch simply treats a frontend state of XenbusStateUnknown the same
as XenbusStateClosed, which will unblock the backend in these circumstances.
Reported-by: NMark Syms <mark.syms@citrix.com>
Signed-off-by: NPaul Durrant <paul.durrant@citrix.com>
Acked-by: NAnthony PERARD <anthony.perard@citrix.com>
Reviewed-by: NJohn Snow <jsnow@redhat.com>
Message-Id: <20190918115702.38959-1-paul.durrant@citrix.com>
Signed-off-by: NAnthony PERARD <anthony.perard@citrix.com>

My Citrix email address will expire shortly.
Signed-off-by: NPaul Durrant <paul.durrant@citrix.com>
Reviewed-by: NAnthony PERARD <anthony.perard@citrix.com>
Message-Id: <20190913122418.848-1-paul.durrant@citrix.com>
Signed-off-by: NAnthony PERARD <anthony.perard@citrix.com>

Cleaning up offline XenDevice objects directly in
xen_device_backend_changed() is dangerous as xen_device_unrealize() will
modify the watch list that is being walked. Even the QLIST_FOREACH_SAFE()
used in notifier_list_notify() is insufficient as *two* notifiers (for
the frontend and backend watches) are removed, thus potentially rendering
the 'next' pointer unsafe.

The solution is to use the XenBus backend_watch handler to do the clean-up
instead, as it is invoked whilst walking a separate watch list.

This patch therefore adds a new 'inactive_devices' list to XenBus, to which
offline devices are added by xen_device_backend_changed(). The XenBus
backend_watch registration is also changed to not only invoke
xen_bus_enumerate() but also a new xen_bus_cleanup() function, which will
walk 'inactive_devices' and perform the necessary actions.
For safety an extra 'online' check is also added to xen_bus_type_enumerate()
to make sure that no attempt is made to create a new XenDevice object for a
backend that is offline.

NOTE: This patch also includes some cosmetic changes:
      - substitute the local variable name 'backend_state'
        in xen_bus_type_enumerate() with 'state', since there
        is no ambiguity with any other state in that context.
      - change xen_device_state_is_active() to
        xen_device_frontend_is_active() (and pass a XenDevice directly)
        since the state tests contained therein only apply to a frontend.
      - use 'state' rather then 'xendev->backend_state' in
        xen_device_backend_changed() to shorten the code.
Signed-off-by: NPaul Durrant <paul.durrant@citrix.com>
Reviewed-by: NAnthony PERARD <anthony.perard@citrix.com>
Message-Id: <20190913082159.31338-4-paul.durrant@citrix.com>
Signed-off-by: NAnthony PERARD <anthony.perard@citrix.com>

This patch uses the XenWatchList abstraction to add a separate watch list
for each device. This is more scalable than walking a single notifier
list for all watches and is also necessary to implement a bug-fix in a
subsequent patch.
Signed-off-by: NPaul Durrant <paul.durrant@citrix.com>
Reviewed-by: NAnthony Perard <anthony.perard@citrix.com>
Message-Id: <20190913082159.31338-3-paul.durrant@citrix.com>
Signed-off-by: NAnthony PERARD <anthony.perard@citrix.com>

Xenstore watch call-backs are already abstracted away from XenBus using
the XenWatch data structure but the associated NotifierList manipulation
and file handle registration is still open coded in various xen_bus_...()
functions.
This patch creates a new XenWatchList data structure to allow these
interactions to be abstracted away from XenBus as well. This is in
preparation for a subsequent patch which will introduce separate watch lists
for XenBus and XenDevice objects.

NOTE: This patch also introduces a new notifier_list_empty() helper function
      for the purposes of adding an assertion that a XenWatchList is not
      freed whilst its associated NotifierList is still occupied.
Signed-off-by: NPaul Durrant <paul.durrant@citrix.com>
Reviewed-by: NAnthony Perard <anthony.perard@citrix.com>
Message-Id: <20190913082159.31338-2-paul.durrant@citrix.com>
Signed-off-by: NAnthony PERARD <anthony.perard@citrix.com>

...not the backend

Commit cb323146 "xen-bus: Fix backend state transition on device reset"
contained a subtle mistake. The hunk

@@ -539,11 +556,11 @@ static void xen_device_backend_changed(void *opaque)

     /*
      * If the toolstack (or unplug request callback) has set the backend
-     * state to Closing, but there is no active frontend (i.e. the
-     * state is not Connected) then set the backend state to Closed.
+     * state to Closing, but there is no active frontend then set the
+     * backend state to Closed.
      */
     if (xendev->backend_state == XenbusStateClosing &&
-        xendev->frontend_state != XenbusStateConnected) {
+        !xen_device_state_is_active(state)) {
         xen_device_backend_set_state(xendev, XenbusStateClosed);
     }

mistakenly replaced the check of 'xendev->frontend_state' with a check
(now in a helper function) of 'state', which actually equates to
'xendev->backend_state'.

This patch fixes the mistake.

Fixes: cb323146Signed-off-by: NPaul Durrant <paul.durrant@citrix.com>
Reviewed-by: NAnthony PERARD <anthony.perard@citrix.com>
Message-Id: <20190910171753.3775-1-paul.durrant@citrix.com>
Signed-off-by: NAnthony PERARD <anthony.perard@citrix.com>

Improvements include:

 * Relaxed error code pattern on machine_m68k_nextcube.py
 * Better naming and separation of tests in x86_cpu_model_versions.py
 * New checks on guest side on linux_ssh_mips_malta.py
 * Use of avocado.utils.ssh, and thus "/usr/bin/ssh" for SSH
   interaction

# gpg: Signature made Mon 23 Sep 2019 14:38:01 BST
# gpg:                using RSA key 7ABB96EB8B46B94D5E0FE9BB657E8D33A5F209F3
# gpg: Good signature from "Cleber Rosa <crosa@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 7ABB 96EB 8B46 B94D 5E0F  E9BB 657E 8D33 A5F2 09F3

* remotes/cleber/tags/python-next-pull-request:
  Acceptance tests: use avocado.utils.ssh for SSH interaction
  tests/acceptance: Add new test cases in linux_ssh_mips_malta.py
  tests/acceptance: Refactor and improve reporting in linux_ssh_mips_malta.py
  Acceptance test x86_cpu_model_versions: split into smaller tests
  Acceptance test x86_cpu_model_versions: fix mismatches between test and messages
  Acceptance test x86_cpu_model_versions: shutdown VMs
  Acceptance test machine_m68k_nextcube.py: relax the error code pattern
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Fix a bunch of BUGs in the mem-helpers (including the MVC instruction),
especially, to make them behave correctly on faults.

# gpg: Signature made Mon 23 Sep 2019 09:01:21 BST
# gpg:                using RSA key 1BD9CAAD735C4C3A460DFCCA4DDE10F700FF835A
# gpg:                issuer "david@redhat.com"
# gpg: Good signature from "David Hildenbrand <david@redhat.com>" [unknown]
# gpg:                 aka "David Hildenbrand <davidhildenbrand@gmail.com>" [full]
# Primary key fingerprint: 1BD9 CAAD 735C 4C3A 460D  FCCA 4DDE 10F7 00FF 835A

* remotes/davidhildenbrand/tags/s390x-tcg-2019-09-23: (30 commits)
  tests/tcg: target/s390x: Test MVC
  tests/tcg: target/s390x: Test MVO
  s390x/tcg: MVO: Fault-safe handling
  s390x/tcg: MVST: Fault-safe handling
  s390x/tcg: MVZ: Fault-safe handling
  s390x/tcg: MVN: Fault-safe handling
  s390x/tcg: MVCIN: Fault-safe handling
  s390x/tcg: NC: Fault-safe handling
  s390x/tcg: XC: Fault-safe handling
  s390x/tcg: OC: Fault-safe handling
  s390x/tcg: MVCLU: Fault-safe handling
  s390x/tcg: MVC: Fault-safe handling on destructive overlaps
  s390x/tcg: MVCS/MVCP: Use access_memmove()
  s390x/tcg: Fault-safe memmove
  s390x/tcg: Fault-safe memset
  s390x/tcg: Always use MMU_USER_IDX for CONFIG_USER_ONLY
  s390x/tcg: MVST: Fix storing back the addresses to registers
  s390x/tcg: MVST: Check for specification exceptions
  s390x/tcg: MVCS/MVCP: Properly wrap the length
  s390x/tcg: MVCOS: Lengths are 32 bit in 24/31-bit mode
  ...
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

- bugfixes in ccw bios
- gen15a is called z15
- officially require a 3.15 kernel or later for kvm

# gpg: Signature made Mon 23 Sep 2019 08:18:32 BST
# gpg:                using RSA key 117BBC80B5A61C7C
# gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>" [full]
# Primary key fingerprint: F922 9381 A334 08F9 DBAB  FBCA 117B BC80 B5A6 1C7C

* remotes/borntraeger/tags/s390x-20190923:
  s390x/cpumodel: Add the z15 name to the description of gen15a
  s390x/kvm: Officially require at least kernel 3.15
  pc-bios/s390-ccw: Rebuild the s390-netboot.img firmware image
  pc-bios/s390-ccw/net: fix a possible memory leak in get_uuid()
  pc-bios/s390-ccw: Do not pre-initialize empty array
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This way we no longer need vararg functions, improving compile time
error detection.  Also now it's possible to check actually what commands
are supported, without needing to manually update ctl_caps.
Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: 2b08b3773569c5be055d0a0fb2f29ff64e79f0f4.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

This commit removes the ad-hoc rate-limiting code from noaudio and
wavaudio, and replaces them with a (slightly modified) code from
spiceaudio.  This way multiple write calls (for example when the
circular buffer wraps around) do not cause problems.
Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: fd0fe5b95b13fa26d09ae77a72f99d0ea411de14.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Usage notes: hw->samples became hw->{mix,conv}_buf->size, except before
initialization (audio_pcm_hw_alloc_resources_*), hw->samples gives the
initial size of the STSampleBuffer.  The next commit tries to fix this
inconsistency.
Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: a78caeb2eeb6348ecb45bb2c81709570ef8ac5b3.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: 497decab6d0f0fb9529bea63ec7ce0bd7b553038.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: eede77aeb9c17b379948b0b6d2ac10f45d74fa62.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: 4d3356df9ccbffee2f710b93d456443c81e3f011.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: ac1722a03fb1b530c2081f46585ce7fa80ebef6c.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: 21fe8f2cf949039c8c40a0352590c593b104917d.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: 22ab335146acd8099779583edcf6ed46de836bd6.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: 10eebdd2e1529c2bd403ef98dd9d346c6d4ca3d1.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: 2ca925ab551ea832c930fc2db213a9e73d8dab7f.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NKővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: 586a1e66de5cbc6c5234f9ae556d24befb6afada.1568927990.git.DirtY.iCE.hu@gmail.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>