intel-iommu: add Intel IOMMU emulation to q35 and add a machine option "iommu" as a switch

Add Intel IOMMU emulation to q35 chipset and expose it to the guest.
1. Add a machine option. Users can use

intel-iommu: add Intel IOMMU emulation to q35 and add a machine option "iommu" as a switch

Add Intel IOMMU emulation to q35 chipset and expose it to the guest.
1. Add a machine option. Users can use "-machine iommu=on|off" in the command
line to enable/disable Intel IOMMU. The default is off.
2. Accroding to the machine option, q35 will initialize the Intel IOMMU and
use pci_setup_iommu() to setup q35_host_dma_iommu() as the IOMMU function for
the pci bus.
3. q35_host_dma_iommu() will return different address space according to the
bus_num and devfn of the device.

Signed-off-by: Le Tan <tamlokveer@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

cpus: Define callback for QEMU "nmi" command

This introduces an NMI (Non Maskable Interrupt) interface with
a single nmi_monitor_handler() method. A machine or a device can
implement it. This search

cpus: Define callback for QEMU "nmi" command

This introduces an NMI (Non Maskable Interrupt) interface with
a single nmi_monitor_handler() method. A machine or a device can
implement it. This searches for an QOM object with this interface
and if it is implemented, calls it. The callback implements an action
required to cause debug crash dump on in-kernel debugger invocation.
The callback returns Error**.

This adds a nmi_monitor_handle() helper which walks through
all objects to find the interface. The interface method is called
for all found instances.

This adds support for it in qmp_inject_nmi(). Since no architecture
supports it at the moment, there is no change in behaviour.

This changes inject-nmi command description for HMP and QMP.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

loader: Add load_image_gzipped function.

As the name suggests this lets you load a ROM/disk image that is
gzipped. It is uncompressed before storing it in guest memory.

Signed-off-by: Richard W.M.

loader: Add load_image_gzipped function.

As the name suggests this lets you load a ROM/disk image that is
gzipped. It is uncompressed before storing it in guest memory.

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1407831259-2115-2-git-send-email-rjones@redhat.com
[PMM: removed stray space before ')']
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

SCSI changes that enable sending vendor-specific commands via virtio-scsi.

Memory changes for QOMification and automati

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

SCSI changes that enable sending vendor-specific commands via virtio-scsi.

Memory changes for QOMification and automatic tracking of MR lifetime.

# gpg: Signature made Mon 18 Aug 2014 13:03:09 BST using RSA key ID 9B4D86F2
# gpg: Good signature from "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: aka "Paolo Bonzini <bonzini@gnu.org>"

* remotes/bonzini/tags/for-upstream:
mtree: remove write-only field
memory: Use canonical path component as the name
memory: Use memory_region_name for name access
memory: constify memory_region_name
exec: Abstract away ref to memory region names
loader: Abstract away ref to memory region names
tpm_tis: remove instance_finalize callback
memory: remove memory_region_destroy
memory: convert memory_region_destroy to object_unparent
ioport: split deletion and destruction
nic: do not destroy memory regions in cleanup functions
vga: do not dynamically allocate chain4_alias
sysbus: remove unused function sysbus_del_io
qom: object: move unparenting to the child property's release callback
qom: object: delete properties before calling instance_finalize
virtio-scsi: implement parse_cdb
scsi-block, scsi-generic: implement parse_cdb
scsi-block: extract scsi_block_is_passthrough
scsi-bus: introduce parse_cdb in SCSIDeviceClass and SCSIBusInfo
scsi-bus: prepare scsi_req_new for introduction of parse_cdb

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

loader: Abstract away ref to memory region names

Use the function provided rather than spying on the struct.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bon

loader: Abstract away ref to memory region names

Use the function provided rather than spying on the struct.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

sysbus: remove unused function sysbus_del_io

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

machine: Replace underscores in machine's property names

Replaced '_' with '-' to comply with QOM guidelines.
Made the conversion from command line to QMP in vl.c.

Signed-off-by: Marcel Apfelbaum <

machine: Replace underscores in machine's property names

Replaced '_' with '-' to comply with QOM guidelines.
Made the conversion from command line to QMP in vl.c.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>

show more ...

qdev: Fix crash when using non-device class name on -global

This fixes the following crash:

$ qemu-system-x86_64 -global container.xxx=y
hw/core/qdev-properties-system.c:399:qdev_add_one_gl

qdev: Fix crash when using non-device class name on -global

This fixes the following crash:

$ qemu-system-x86_64 -global container.xxx=y
hw/core/qdev-properties-system.c:399:qdev_add_one_global: Object 0x7f7eff234100 is not an instance of type device
Aborted (core dumped)

New behavior will be to just warn, just like when non-existing clas
names are used:

$ qemu-system-x86_64 -global container.xxx=y
qemu-system-x86_64: Warning: "-global container.xxx=y" not used

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Tested-by: Don Slutz <dslutz@verizon.com>

show more ...

qdev: Don't abort() in case globals can't be set

It would be much better if we didn't terminate QEMU inside
device_post_init(), but at least exiting cleanly is better than aborting
and dumping core.

qdev: Don't abort() in case globals can't be set

It would be much better if we didn't terminate QEMU inside
device_post_init(), but at least exiting cleanly is better than aborting
and dumping core.

Before this patch:

$ qemu-system-x86_64 -global cpu.xxx=y
qemu-system-x86_64: Property '.xxx' not found
Aborted (core dumped)

After this patch:

$ qemu-system-x86_64 -global cpu.xxx=y
qemu-system-x86_64: Property '.xxx' not found

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-By: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Tue 01 Jul 2014 09:47:15 BST using RSA key ID 81AB73C8
# gpg: Good sign

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Tue 01 Jul 2014 09:47:15 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request: (23 commits)
block: add backing-file option to block-stream
block: extend block-commit to accept a string for the backing file
block: add helper function to determine if a BDS is in a chain
block: add QAPI command to allow live backing file change
qapi: Change back sector-count to sectors-count in quorum QAPI events.
block/cow: Avoid use of uninitialized cow_bs in error path
block: simplify bdrv_find_base() and bdrv_find_overlay()
block: make 'top' argument to block-commit optional
iotests: Add more tests to quick group
iotests: Add qemu tests to quick group
iotests: Simplify qemu-iotests-quick.sh
qemu-img create: add 'nocow' option
virtio-blk: remove need for explicit x-data-plane=on option
qdev: drop iothread property type
virtio-blk: replace x-iothread with iothread link property
virtio-blk: move qdev properties into virtio-blk.c
virtio: fix virtio-blk child refcount in transports
virtio-blk: drop virtio_blk_set_conf()
virtio-blk: use aliases instead of duplicate qdev properties
qdev: add qdev_alias_all_properties()
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/bonzini/memory' into staging

* remotes/bonzini/memory:
qdev: correctly send DEVICE_DELETED for recursively-deleted devices
memory: do not give a name to the

Merge remote-tracking branch 'remotes/bonzini/memory' into staging

* remotes/bonzini/memory:
qdev: correctly send DEVICE_DELETED for recursively-deleted devices
memory: do not give a name to the internal exec.c regions
memory: MemoryRegion: Add size property
memory: MemoryRegion: Add may-overlap and priority props
memory: MemoryRegion: Add container and addr props
memory: MemoryRegion: replace owner field with QOM parent
memory: MemoryRegion: QOMify
memory: MemoryRegion: use /machine as default owner
libqtest: escape strings in QMP commands, fix leak
qom: object: Ignore refs/unrefs of NULL
qom: object: remove parent pointer when unparenting
mc146818rtc: add "rtc-time" link to "/machine/rtc"
qom: allow creating an alias of a child<> property
qom: add a generic mechanism to resolve paths
qom: add object_property_add_alias()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

qdev: correctly send DEVICE_DELETED for recursively-deleted devices

When a device is unparented (i.e. made completely hidden from management)
we want to send a DEVICE_DELETED event only if the devic

qdev: correctly send DEVICE_DELETED for recursively-deleted devices

When a device is unparented (i.e. made completely hidden from management)
we want to send a DEVICE_DELETED event only if the device actually was
realized. This avoids raising DEVICE_DELETED events when device_add
fails.

However, this does not work right for recursively-deleted
devices: the whole tree is _first_ unrealized, _then_ unparented.
Then device_unparent sees realized==false and fails to trigger
the event. The solution is simply to move have_realized into
the DeviceState struct. If device_add fails, we never set the
new field to true and DEVICE_DELETED is not sent.

Fixes qemu-iotests testcase 067 (broken by commit 5942a19, though that
commit in turn fixed a possible segfault in the same test).

Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

qdev: drop iothread property type

The iothread property type is no longer used and can be removed.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qdev: add qdev_alias_all_properties()

The qdev_alias_all_properties() function creates QOM alias properties
for each qdev property on a DeviceState. This is useful for parent
objects that wish to f

qdev: add qdev_alias_all_properties()

The qdev_alias_all_properties() function creates QOM alias properties
for each qdev property on a DeviceState. This is useful for parent
objects that wish to forward property accesses to their children.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

show more ...

irq: Slim conversion of qemu_irq to QOM

As a prequel to any big Pin refactoring plans, do an in-place conversion
of qemu_irq to an Object, so that we can reference it in link<> properties.

Signed-o

irq: Slim conversion of qemu_irq to QOM

As a prequel to any big Pin refactoring plans, do an in-place conversion
of qemu_irq to an Object, so that we can reference it in link<> properties.

Signed-off-by: Andreas Färber <afaerber@suse.de>
[ PC Changes:
* Removed array-alloctor ref counting logic (limit changes just to
* single IRQ allocator)
* Removed WIP marking from subject line
]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>

show more ...

irq: Allocate IRQs individually

Allocate each IRQ individually on array allocations. This prepares for
QOMification of IRQs, where pointers to individual IRQs may be taken
and handed around for usag

irq: Allocate IRQs individually

Allocate each IRQ individually on array allocations. This prepares for
QOMification of IRQs, where pointers to individual IRQs may be taken
and handed around for usage as QOM Links. The g_renew() scheme used here
is too fragile and would break all existing links should an IRQ list
be extended.

We now have to pass the IRQ count to qemu_free_irqs(). We have so few
call sites however, so this change is reasonably trivial.

Cc: agarcia@igalia.com
Cc: mst@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Alberto Garcia <agarcia@igalia.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>

show more ...

hw: Fix qemu_allocate_irqs() leaks

Replace qemu_allocate_irqs(foo, bar, 1)[0]
with qemu_allocate_irq(foo, bar, 0).

This avoids leaking the dereferenced qemu_irq *.

Cc: Markus Armbruster <armbru@re

hw: Fix qemu_allocate_irqs() leaks

Replace qemu_allocate_irqs(foo, bar, 1)[0]
with qemu_allocate_irq(foo, bar, 0).

This avoids leaking the dereferenced qemu_irq *.

Cc: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
[PC Changes:
* Applied change to instance in sh4/sh7750.c
]
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Kirill Batuzov <batuzovk@ispras.ru>
[AF: Fix IRQ index in sh4/sh7750.c]
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>

show more ...

net: move queue number into NICPeers

It indicates the number of elements in ncs field and makes sense to have
int inside NICPeers. Also in parse_netdev we do not need to access
container and work wi

net: move queue number into NICPeers

It indicates the number of elements in ncs field and makes sense to have
int inside NICPeers. Also in parse_netdev we do not need to access
container and work with NICPeers only.

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

qapi event: convert DEVICE_DELETED

Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Lu

qapi event: convert DEVICE_DELETED

Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

show more ...

qdev: recursively unrealize devices when unrealizing bus

When the patch was posted that became 5c21ce7 (qdev: Realize buses
on device realization, 2014-03-12), it included recursive realization
and

qdev: recursively unrealize devices when unrealizing bus

When the patch was posted that became 5c21ce7 (qdev: Realize buses
on device realization, 2014-03-12), it included recursive realization
and unrealization of devices when the bus's "realized" property
was toggled.

However, due to the same old worries about recursive realization
and prerequisites not being realized yet, those hunks were dropped when
committing the patch. Unfortunately, this causes a use-after-free bug
(easily reproduced by a PCI hot-unplug action).

Before the patch, device_unparent behaved as follows:

for each child bus
unparent bus ----------------------------.
| for each child device |
| unparent device ---------------. |
| | unrealize device | |
| | call dc->unparent | |
| '------------------------------- |
'----------------------------------------'
unrealize device

After the patch, it behaves as follows instead:

unrealize device --------------------.
| for each child bus |
| unrealize bus (A) |
'------------------------------------'
for each child bus
unparent bus ----------------------.
| for each child device |
| unrealize device (B) |
| call dc->unparent |
'----------------------------------'

At the step marked (B) the device might use data from the bus that is
not available anymore due to step (A).

To fix this, we need to unrealize devices before step (A). To sidestep
concerns about recursive realization, only do recursive unrealization
and leave the "value && !bus->realized" case as it is.

The resulting flow is:

for each child bus
unrealize bus ---------------------.
| for each child device |
| unrealize device (B) |
| call bc->unrealize (A) |
'----------------------------------'
unrealize device
for each child bus
unparent bus ----------------------.
| for each child device |
| unparent device |
'----------------------------------'

where everything is "powered down" before it is unassembled.

Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>

show more ...

qdev: reorganize error reporting in bus_set_realized

No semantic change.

Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>

qdev: reorganize error reporting in bus_set_realized

No semantic change.

Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>

show more ...

qdev: expose DeviceState.hotplugged field as a property

so that management could detect via QOM interface if device was
hotplugged

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Peter

qdev: expose DeviceState.hotplugged field as a property

so that management could detect via QOM interface if device was
hotplugged

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

qdev: hotplug for bus-less devices

Add get_hotplug_handler() method to machine, and
make bus-less device use it during hotplug
as a means to discover a hotplug handler controller.
The returned contr

qdev: hotplug for bus-less devices

Add get_hotplug_handler() method to machine, and
make bus-less device use it during hotplug
as a means to discover a hotplug handler controller.
The returned controller is used to perform hotplug
actions.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,pci,virtio,qdev fixes, tests

new tests for SMBIOS
SMBIOS fixes
pc, pci fixes
qdev patches stayed on list for a month wit

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,pci,virtio,qdev fixes, tests

new tests for SMBIOS
SMBIOS fixes
pc, pci fixes
qdev patches stayed on list for a month with no review,
as I told people on KVM forum I'm merging stuch patches
if they look fine.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

* remotes/mst/tags/for_upstream:
qdev: Add test of qdev_prop_check_global
qdev: Display warning about unused -global
tests: add smbios testing
tests: rename acpi-test to bios-tables-test
virtio-balloon: return empty data when no stats are available
pcie_host: Turn pcie_host_init() into an instance_init
SMBIOS: Fix type 17 field sizes
SMBIOS: Update Type 0 struct generator for machines >= 2.1
SMBIOS: Fix endian-ness when populating multi-byte fields
serial-pci: Set prog interface field of pci config to 16550 compatible

Conflicts:
include/hw/i386/pc.h
[PMM: fixed trivial conflict in pc.h]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

qdev: Display warning about unused -global

This can help a user understand why -global was ignored.

For example: with "-vga cirrus"; "-global vga.vgamem_mb=16" is just
ignored when "-global cirrus-

qdev: Display warning about unused -global

This can help a user understand why -global was ignored.

For example: with "-vga cirrus"; "-global vga.vgamem_mb=16" is just
ignored when "-global cirrus-vga.vgamem_mb=16" is not.

This is currently clear when the wrong property is provided:

out/x86_64-softmmu/qemu-system-x86_64 -global cirrus-vga.vram_size_mb=16 -monitor pty -vga cirrus
char device redirected to /dev/pts/20 (label compat_monitor0)
qemu-system-x86_64: Property '.vram_size_mb' not found
Aborted (core dumped)

vs

out/x86_64-softmmu/qemu-system-x86_64 -global vga.vram_size_mb=16 -monitor pty -vga cirrus
char device redirected to /dev/pts/20 (label compat_monitor0)
VNC server running on `::1:5900'
^Cqemu: terminating on signal 2

Signed-off-by: Don Slutz <dslutz@verizon.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>

show more ...