Since mit_delay can never be 0 this if statement is
superfluous.
Signed-off-by: NSameeh Jubran <sameeh@daynix.com>
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Code that will be shared moved to a separate files.
Signed-off-by: NDmitry Fleytman <dmitry.fleytman@ravellosystems.com>
Signed-off-by: NLeonid Bloch <leonid.bloch@ravellosystems.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

This reverts commit 9596ef7c.

This workaround in order to fix endless interrupts is no
longer needed because it was superseded by the previous patch
(e1000: Fixing interrupt pace).
Signed-off-by: NSameeh Jubran <sameeh@daynix.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

This patch introduces an upper bound for number of interrupts
per second. Without this bound an interrupt storm can occur as
it has been observed on Windows 10 when disabling the device.

According to the SPEC - Intel PCI/PCI-X Family of Gigabit
Ethernet Controllers Software Developer's Manual, section
13.4.18 - the Ethernet controller guarantees a maximum
observable interrupt rate of 7813 interrupts/sec. If there is
no upper bound this could lead to an interrupt storm by e1000
(when mit_delay < 500) causing interrupts to fire at a very high
pace.
Thus if mit_delay < 500 then the delay should be set to the
minimum delay possible which is 500. This can be calculated
easily as follows:

Interval = 10^9 / (7813 * 256) = 500.
Signed-off-by: NSameeh Jubran <sameeh@daynix.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

The start_xmit() and e1000_receive_iov() functions implement DMA transfers
iterating over a set of descriptors that the guest's e1000 driver
prepares:

- the TDLEN and RDLEN registers store the total size of the descriptor
  area,

- while the TDH and RDH registers store the offset (in whole tx / rx
  descriptors) into the area where the transfer is supposed to start.

Each time a descriptor is processed, the TDH and RDH register is bumped
(as appropriate for the transfer direction).

QEMU already contains logic to deal with bogus transfers submitted by the
guest:

- Normally, the transmit case wants to increase TDH from its initial value
  to TDT. (TDT is allowed to be numerically smaller than the initial TDH
  value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe
  that QEMU currently has here is a check against reaching the original
  TDH value again -- a complete wraparound, which should never happen.

- In the receive case RDH is increased from its initial value until
  "total_size" bytes have been received; preferably in a single step, or
  in "s->rxbuf_size" byte steps, if the latter is smaller. However, null
  RX descriptors are skipped without receiving data, while RDH is
  incremented just the same. QEMU tries to prevent an infinite loop
  (processing only null RX descriptors) by detecting whether RDH assumes
  its original value during the loop. (Again, wrapping from RDLEN to 0 is
  normal.)

What both directions miss is that the guest could program TDLEN and RDLEN
so low, and the initial TDH and RDH so high, that these registers will
immediately be truncated to zero, and then never reassume their initial
values in the loop -- a full wraparound will never occur.

The condition that expresses this is:

  xdh_start >= s->mac_reg[XDLEN] / sizeof(desc)

i.e., TDH or RDH start out after the last whole rx or tx descriptor that
fits into the TDLEN or RDLEN sized area.

This condition could be checked before we enter the loops, but
pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for
bogus DMA addresses, so we just extend the existing failsafes with the
above condition.

This is CVE-2016-1981.

Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Prasad Pandit <ppandit@redhat.com>
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: qemu-stable@nongnu.org
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044Signed-off-by: NLaszlo Ersek <lersek@redhat.com>
Reviewed-by: NJason Wang <jasowang@redhat.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-19-git-send-email-peter.maydell@linaro.org

e1000 driver in Win2k12 is really well rotten. It 100% hangs on shutdown
of UP VM under flood ping. The guest checks card state and reinjects
itself interrupt in a loop. This is fatal for UP machine.

There is no good way to fix this misbehavior but to kludge it. The
emulation has interrupt throttling register aka ITR which limits
interrupt rate and allows the guest to proceed this phase.
There is no problem with this kludge for Linux guests - it adjust the
value of it itself.

On the other hand according to the initial research in
    commit e9845f09
    Author: Vincenzo Maffione <v.maffione@gmail.com>
    Date:   Fri Aug 2 18:30:52 2013 +0200

    e1000: add interrupt mitigation support

    ...

    Interrupt mitigation boosts performance when the guest suffers from
    an high interrupt rate (i.e. receiving short UDP packets at high packet
    rate). For some numerical results see the following link
    http://info.iet.unipi.it/~luigi/papers/20130520-rizzo-vm.pdf

this should also boost performance a bit.

See https://bugzilla.redhat.com/show_bug.cgi?id=874406 for additional
details.
Signed-off-by: NDenis V. Lunev <den@openvz.org>
CC: Vincenzo Maffione <v.maffione@gmail.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

This follows the previous patches, where support for migrating the
entire MAC registers' array, and some new MAC registers were introduced.

This patch introduces the e1000-specific boolean parameter
"extra_mac_registers", which is on by default. Setting it to off will
enable migration to older versions of QEMU, but will disable the read
and write access to the new registers, that were introduced since adding
the ability to migrate the entire MAC array.

Example for usage to enable backward compatibility and to disable the
new MAC registers:

    qemu-system-x86_64 -device e1000,extra_mac_registers=off,... ...

As mentioned above, the default value is "on".
Signed-off-by: NLeonid Bloch <leonid.bloch@ravellosystems.com>
Signed-off-by: NDmitry Fleytman <dmitry.fleytman@ravellosystems.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

This implements the following Statistic registers (various counters)
according to Intel's specs:

TSCTC  GOTCL  GOTCH  GORCL  GORCH  MPRC   BPRC   RUC    ROC
BPTC   MPTC   PTC... PRC...

PLEASE NOTE: these registers will not be active, nor will migrate, until
a compatibility flag will be set (in the next patch in this series).
Signed-off-by: NLeonid Bloch <leonid.bloch@ravellosystems.com>
Signed-off-by: NDmitry Fleytman <dmitry.fleytman@ravellosystems.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

Previously, if promiscuous unicast was enabled, a packet was received
straight away, even if it was a multicast or a broadcast packet. This
patch fixes that behavior, while making the filtering procedure a bit
more human-readable.
Signed-off-by: NLeonid Bloch <leonid.bloch@ravellosystems.com>
Signed-off-by: NDmitry Fleytman <dmitry.fleytman@ravellosystems.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

Previously, these 64-bit registers did not stick at their maximal
values when (and if) they reached them, as they should do, according to
the specs.

This patch introduces a function that takes care of such registers,
avoiding code duplication, making the relevant parts more compatible
with the QEMU coding style, while ensuring that in the unlikely case
of reaching the maximal value, the counter will stick there, as it
supposed to.
Signed-off-by: NLeonid Bloch <leonid.bloch@ravellosystems.com>
Signed-off-by: NDmitry Fleytman <dmitry.fleytman@ravellosystems.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

According to Intel's specs, these counters (as the other Statistic
registers) stick at 0xffffffff when this maximal value is reached.
Previously, they would reset after the max. value.
Signed-off-by: NLeonid Bloch <leonid.bloch@ravellosystems.com>
Signed-off-by: NDmitry Fleytman <dmitry.fleytman@ravellosystems.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

These registers appear in Intel's specs, but were not implemented.
These registers are now implemented trivially, i.e. they are initiated
with zero values, and if they are RW, they can be written or read by the
driver, or read only if they are R (essentially retaining their zero
values). For these registers no other procedures are performed.

For the trivially implemented Diagnostic registers, a debug warning is
produced on read/write attempts.

PLEASE NOTE: these registers will not be active, nor will migrate, until
a compatibility flag will be set (in a later patch in this series).

The registers implemented here are:

Transmit:
RW: AIT

Management:
RW: WUC     WUS     IPAV    IP6AT*  IP4AT*  FFLT*   WUPM*   FFMT*   FFVT*

Diagnostic:
RW: RDFH    RDFT    RDFHS   RDFTS   RDFPC   PBM*    TDFH    TDFT    TDFHS
    TDFTS   TDFPC

Statistic:
RW: FCRUC
R:  RNBC    TSCTFC  MGTPRC  MGTPDC  MGTPTC  RFC     RJC     SCC     ECOL
    LATECOL MCC     COLC    DC      TNCRS   SEC     CEXTERR RLEC    XONRXC
    XONTXC  XOFFRXC XOFFTXC
Signed-off-by: NLeonid Bloch <leonid.bloch@ravellosystems.com>
Signed-off-by: NDmitry Fleytman <dmitry.fleytman@ravellosystems.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

The array of uint8_t's which is introduced here, contains access metadata
about the MAC registers: if a register is accessible, but partly implemented,
or if a register requires a certain compatibility flag in order to be
accessed. Currently, 6 hypothetical flags are supported (3 exist for e1000
so far) but in the future, if more than 6 flags will be needed, the datatype
of this array can simply be swapped for a larger one.

This patch is intended to solve the following current problems:

1) In a scenario of migration between different versions of QEMU, which
differ by the MAC registers implemented in them, some registers need not to
be active if a compatibility flag is set, in order to preserve the machine's
state perfectly for the older version. Checking this for each register
individually, would create a lot of clutter in the code.

2) Some registers are (or may be) only partly implemented (e.g.
placeholders that allow reading and writing, but lack other functions).
In such cases it is better to print a debug warning on read/write attempts.
As above, dealing with this functionality on a per-register level, would
require longer and more messy code.
Signed-off-by: NLeonid Bloch <leonid.bloch@ravellosystems.com>
Signed-off-by: NDmitry Fleytman <dmitry.fleytman@ravellosystems.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

This patch makes the migration of the entire array of MAC registers
possible during live migration. The entire array is just 128 KB long, so
practically no penalty should be felt when transmitting it, additionally
to the previously transmitted individual registers. The advantage here is
eliminating the need to introduce new vmstate subsections in the future,
when additional MAC registers will be implemented.

Backward compatibility is preserved by introducing a e1000-specific
boolean parameter (in a later patch), which will be on by default.
Setting it to off would enable migration to older versions of QEMU.

Additionally, this parameter will be used to control the access to the
extra MAC registers in the future.
Signed-off-by: NLeonid Bloch <leonid.bloch@ravellosystems.com>
Signed-off-by: NDmitry Fleytman <dmitry.fleytman@ravellosystems.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

This fixes some alignment and cosmetic issues. The changes are made
in order that the following patches in this series will look like
integral parts of the code surrounding them, while conforming to the
coding style. Although some changes in unrelated areas are also made.
Signed-off-by: NLeonid Bloch <leonid.bloch@ravellosystems.com>
Signed-off-by: NDmitry Fleytman <dmitry.fleytman@ravellosystems.com>
Signed-off-by: NJason Wang <jasowang@redhat.com>

Instead of duplicating the "e1000-82540em" device model as "e1000",
make the latter an alias for the former.

Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>

While processing transmit descriptors, it could lead to an infinite
loop if 'bytes' was to become zero; Add a check to avoid it.

[The guest can force 'bytes' to 0 by setting the hdr_len and mss
descriptor fields to 0.
--Stefan]
Signed-off-by: NP J P <pjp@fedoraproject.org>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: NThomas Huth <thuth@redhat.com>
Message-id: 1441383666-6590-1-git-send-email-stefanha@redhat.com

e1000_can_receive() checks the link up status register bit.  If the bit
is clear, packets will be queued and the peer may disable receive to
avoid wasting CPU reading packets that cannot be delivered.  The queue
must be flushed once the link comes back up again.

This patch fixes broken e1000 receive with Mac OS X Snow Leopard guests
and tap networking.  Flushing the queue invokes the async send callback,
which re-enables tap fd read.
Reported-by: NJonathan Liu <net147@gmail.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: NFam Zheng <famz@redhat.com>
Message-id: 1435223885-12745-1-git-send-email-stefanha@redhat.com

We create optional sections with this patch.  But we already have
optional subsections.  Instead of having two mechanism that do the
same, we can just generalize it.

For subsections we just change:

- Add a needed function to VMStateDescription
- Remove VMStateSubsection (after removal of the needed function
  it is just a VMStateDescription)
- Adjust the whole tree, moving the needed function to the corresponding
  VMStateDescription
Signed-off-by: NJuan Quintela <quintela@redhat.com>

It's detected by coverity.In is_vlan_packet s->mac_reg[VET] is
unsigned int but is dereferenced as a narrower unsigned short.
This may lead to unexpected results depending on machine
endianness.
Signed-off-by: NShannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: NShannon Zhao <shannon.zhao@linaro.org>
Message-id: 1426224119-8352-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Convert the device models where initialization obviously can't fail.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NGonglei <arei.gonglei@huawei.com>

All NICs have a cleanup function that, in most cases, zeroes the pointer
to the NICState.  In some cases, it frees data belonging to the NIC.

However, this function is never called except when exiting from QEMU.
It is not necessary to NULL pointers and free data here; the right place
to do that would be in the device's unrealize function, after calling
qemu_del_nic.  Zeroing the NIC multiple times is also wrong for multiqueue
devices.

This cleanup function gets in the way of making the NetClientStates for
the NIC hold an object_ref reference to the object, so get rid of it.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Some guests seem to set BM for e1000 after
enabling RX.
If packets arrive in the window, device is wedged.
Probably works by luck on real hardware, work around
this by making can_receive depend on BM.
Tested-by: NGabriel Somlo <somlo@cmu.edu>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NJason Wang <jasowang@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

On this way, we can assure the new bootindex take effect
during vm rebooting.
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Reviewed-by: NGerd Hoffmann <kraxel@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Add a qom property with the same name 'bootindex',
when we remove it form qdev property, things will
continue to work just fine, and we can use qom features
which are not supported by qdev property.
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Reviewed-by: NGerd Hoffmann <kraxel@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

The function is empty after the previous patch, so remove it.
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Make phyreg_writeops responsible for actually writing their
respective phy registers, rather than rely on set_mdic() to
do it on their behalf.

The only current instance of phyreg_writeops is set_phy_ctrl();
modify it to write the register on its own, while also correctly
handling reserved and self-clearing bits.

have_autoneg() does not need to check for MII_CR_RESTART_AUTO_NEG,
since the only time the flag comes into play is during set_phy_ctrl(),
and, following this patch, never actually gets written to the phy
control register.
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Also fix minor indentation issues in the surrounding code.
Suggested-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Enable calling set_ics() from within e1000_autoneg_timer() without
the need for a forward declaration.

This patch contains no functional changes.
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Generate a link status change interrupt once link auto-netotiation
is successfully completed. This does not affect Linux and Windows
(XP and 7 tested) in any way, but is needed by the stock OS X driver
(AppleIntel8254XEthernet.kext), which would otherwise fail to notice
the link status change event.
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NAlexander Graf <agraf@suse.de>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Using mii-tool (on F20-live), the following output is produced:

  SIOCGMIIREG on ens3 failed: Input/output error
  ens3: no autonegotiation, 1000baseT-FD flow-control, link ok

The first line (SIOCGMIIREG error) is due to mii-tool's inability
to read the PHY auto-negotiation expansion register.
On the second line, "no autonegotiation" is wrong, and caused by
the absence of a flag in the link partner ability register which
would indicate that our link partner has acked us. This flag is
listed as "reserved" in the Intel e1000 manual, but mii-tool uses
it as LPA_LPACK from /usr/include/linux/mii.h.

This patch adds read access to PHY_AUTONEG_EXP and defines the
link partner ack flag, allowing mii-tool to generate output as
normally expected:

  ens3: negotiated 1000baseT-FD flow-control, link ok
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NAlexander Graf <agraf@suse.de>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

This patch emulates auto-negotiation when the network link status
is modified externally (i.e. via "set_link <id> off/on").

Also, a couple of cleanup items:
  - unset PHY status reg. AUTONEG_COMPLETE during link_down()
  - set PHY status reg. AUTONEG_COMPLETE during autoneg_timer() only
    if we actually brought the link up.
  - group all checks for "can we, and should we autonegotiate?"
    together for more clarity.
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NAlexander Graf <agraf@suse.de>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

After previous Peter patch, they are redundant.  This way we don't
assign them except when needed.  Once there, there were lots of case
where the ".fields" indentation was wrong:

     .fields = (VMStateField []) {
and
     .fields =      (VMStateField []) {

Change all the combinations to:

     .fields = (VMStateField[]){

The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: NJuan Quintela <quintela@redhat.com>
Acked-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>

Currently, e1000 support is based on the manual for the 8254xx
model series. 82573x models are documented in a separate manual
(see http://www.intel.com/content/dam/www/public/us/en/documents/manuals/pcie-gbe-controllers-open-source-manual.pdf)
and the 82573L device ID no longer works correctly on either Linux
(3.14.*) or Windows 7.

This patch removes stale code claiming to support 82573L, cleaning
up the code base for the remaining 8254xx model series.
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Allow selection of different card models from the qemu
command line, to better accomodate a wider range of guests.
Signed-off-by: NRomain Dolbeau <romain@dolbeau.org>
Signed-off-by: NGabriel Somlo <somlo@cmu.edu>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

This reverts commit cd5be582.
Digging into hardware specs shows this does not
actually make QEMU behave more like hardware:

There are valid arguments backed by the spec to indicate why the version
of e1000 prior to cd5be582 was more correct: the high byte actually
includes a valid bit, this is why all guests write it last.

For rtl8139 there's actually a separate undocumented valid bit, but we
don't implement it yet.

To summarize all the drivers we know about behave in one way
that allows us to make an assumption about write order and avoid
spurious, incorrect mac address updates to the monitor.

Let's stick to the tried heuristic for 1.7 and
possibly revisit for 1.8.
Reported-by: NVlad Yasevich <vyasevic@redhat.com>
Reviewed-by: NVlad Yasevich <vyasevic@redhat.com>
Cc: Amos Kong <akong@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

We currently just update the HMP NIC info when the last bit of macaddr
is written. This assumes that guest driver will write all the macaddr
from bit 0 to bit 5 when it changes the macaddr, this is the current
behavior of linux driver (e1000/rtl8139cp), but we can't do this
assumption.

The macaddr that is used for rx-filter will be updated when every bit
is changed. This patch updates the e1000/rtl8139 nic to update HMP NIC
info when every bit is changed. It will be same as virtio-net.
Signed-off-by: NAmos Kong <akong@redhat.com>
Reviewed-by: NAlex Williamson <alex.williamson@redhat.com>
Message-id: 1383650238-16015-1-git-send-email-akong@redhat.com
Signed-off-by: NAnthony Liguori <aliguori@amazon.com>

Replace the legacy cpu_to_be32wu() with stl_be_p().
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Message-id: 1383669517-25598-8-git-send-email-peter.maydell@linaro.org
Signed-off-by: NAnthony Liguori <aliguori@amazon.com>