Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

Conforming to the Intel spec, set the power-on value of PAT also on
reset, but save it across INIT.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

This avoids that early cpu_synchronize_state calls try to retrieve an
uninitialized state from the kernel. That even causes a deadlock if
io-thread is enabled.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

When an external interrupt is pending but IF is cleared, we must not
leave the halt state prematurely.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

With in-kernel irqchip support enabled, the vcpu threads sleep in kernel
space while halted. Account for this difference in cpu_thread_is_idle.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

This both detects invalid invocations of qemu_ram_free and
qemu_ram_remap when mem_path is non-NULL and fixes a build error on
s390 ("'area' may be used uninitialized in this function").
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Alexander Graf <agraf@suse.de>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

Commit 83f338f7 broke x86 hardware breakpoint emulation by moving the
debug exception handling out of cpu_exec. Fix this by moving all TCG
related bits back, only leaving the generic guest debugging parts in
cpus.c.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: TeLeMan <geleman@gmail.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

qemu_kvm_eat_signals requires POSIX support with realtime extensions for
sigtimedwait. Not all our target platforms provide this. Moreover,
undefined sigbus_reraise was referenced on non-Linux as well.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

In Linux kernel HWPoison processing implementation, the virtual
address in processes mapping the error physical memory page is marked
as HWPoison.  So that, the further accessing to the virtual
address will kill corresponding processes with SIGBUS.

If the error physical memory page is used by a KVM guest, the SIGBUS
will be sent to QEMU, and QEMU will simulate a MCE to report that
memory error to the guest OS.  If the guest OS can not recover from
the error (for example, the page is accessed by kernel code), guest OS
will reboot the system.  But because the underlying host virtual
address backing the guest physical memory is still poisoned, if the
guest system accesses the corresponding guest physical memory even
after rebooting, the SIGBUS will still be sent to QEMU and MCE will be
simulated.  That is, guest system can not recover via rebooting.

In fact, across rebooting, the contents of guest physical memory page
need not to be kept.  We can allocate a new host physical page to
back the corresponding guest physical address.

This patch fixes this issue in QEMU-KVM via calling qemu_ram_remap()
to clear the corresponding page table entry, so that make it possible
to allocate a new page to recover the issue.

[ Jan: rebasing and tiny cleanups]
Signed-off-by: NHuang Ying <ying.huang@intel.com>
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

qemu_ram_remap() unmaps the specified RAM pages, then re-maps these
pages again.  This is used by KVM HWPoison support to clear HWPoisoned
page tables across guest rebooting, so that a new page may be
allocated later to recover the memory error.

[ Jan: style fixlets, WIN32 fix ]
Signed-off-by: NHuang Ying <ying.huang@intel.com>
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

There is no reason to continue if the kernel claims to support MCE but
then fails to process our request.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Huang Ying <ying.huang@intel.com>
CC: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
CC: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

There is nothing to abstract here. Fold kvm_setup_mce into its caller
and fix up the error reporting (return code of kvm_vcpu_ioctl holds the
error value).
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Huang Ying <ying.huang@intel.com>
CC: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
CC: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

This switches KVM's MCE injection path to cpu_x86_inject_mce, both for
SIGBUS and monitor initiated events. This means we prepare the MCA MSRs
in the VCPUState also for KVM.

We have to drop the MSRs writeback restrictions for this purpose which
is now safe as every uncoordinated MSR injection is removed with this
patch.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Huang Ying <ying.huang@intel.com>
CC: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
CC: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

We will use the current TCG-only MCE injection path for KVM as well, and
then this read-modify-write of the target VCPU state has to be performed
synchronously in the corresponding thread.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

The current way of injecting MCE events without updating of and
synchronizing with the CPUState is broken and causes spurious
corruptions of the MCE-related parts of the CPUState.

As a first step towards a fix, enhance the state writeback code with
support for injecting events that are pending in the CPUState. A pending
exception will then be signaled via cpu_interrupt(CPU_INTERRUPT_MCE).
And, just like for TCG, we need to leave the halt state when
CPU_INTERRUPT_MCE is pending (left broken for the to-be-removed old KVM
code).

This will also allow to unify TCG and KVM injection code.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Huang Ying <ying.huang@intel.com>
CC: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
CC: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

We will broaden the scope of this function on x86 beyond irqchip events.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

Pure function suffling to avoid multiple #ifdef KVM_CAP_MCE sections,
no functional changes. While at it, annotate some #ifdef sections.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Huang Ying <ying.huang@intel.com>
CC: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
CC: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

This is required to support keeping VCPU states across a system reset.
If we do not read the current state before the reset,
cpu_synchronize_all_post_reset may write back incorrect state
information.

The first user of this will be MCE MSR synchronization which currently
works around the missing cpu_synchronize_all_states.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

Allow to tell cpu_x86_inject_mce that it should ignore Action Optional
MCE events when the target VCPU is still processing another one. This
will be used by KVM soon.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Huang Ying <ying.huang@intel.com>
CC: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
CC: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

As this service is used by the human monitor, make sure that errors get
reported to the right channel, and also raise the verbosity.

This requires to move Monitor typedef in qemu-common.h to resolve the
include dependency.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Huang Ying <ying.huang@intel.com>
CC: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
CC: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

Fix some code style issues, use proper headers, and align to cpu_x86
naming scheme. No functional changes.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Huang Ying <ying.huang@intel.com>
CC: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
CC: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

Reorder mcg_status in CPUState to achieve automatic clearing on reset.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Huang Ying <ying.huang@intel.com>
CC: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
CC: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

MCEs can be injected asynchronously, so they can also terminate the halt
state.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
CC: Huang Ying <ying.huang@intel.com>
CC: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
CC: Jin Dongming <jin.dongming@np.css.fujitsu.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

Original fix by David Gibson.

CC: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

Commit 7a39fe58 failed to convert the right arch function.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Whenever env->created becomes true, qemu_cpu_cond is signaled by
{kvm,tcg}_cpu_thread_fn.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

all_vcpus_paused can start returning true after penv->stopped changes
from 0 to 1.  When this is done, qemu_pause_cond is always signaled.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

qemu_main_loop_start is the only place where qemu_system_ready is set
to 1.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

The following conditions can cause cpu_has_work(env) to become true:

- env->queued_work_first: run_on_cpu is already kicking the VCPU

- env->stop = 1: pause_all_vcpus is already kicking the VCPU

- env->stopped = 0: resume_all_vcpus is already kicking the VCPU

- vm_running = 1: vm_start is calling resume_all_vcpus

- env->halted = 0: see previous patch

- qemu_cpu_has_work(env): when it becomes true, board code should set
  env->halted = 0 too.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Sometimes vcpus are stopped directly without going through ->stop = 1.
Exit the VCPU execution loop in this case as well.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

This ensures env->halt_cond is broadcast, and the loop in
qemu_tcg_wait_io_event and qemu_kvm_wait_io_event is exited
naturally rather than through a timeout.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

All implementations are now the same, and there is only one caller,
so inline the function there.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

These are already present in the Win32 implementation, add them to
the pthread wrappers as well.  Use PTHREAD_MUTEX_ERRORCHECK for mutex
operations. Later we'll add tracking of the owner for cond_signal/broadcast.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>