Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* "x" monitor command fix for KVM (Christian)
* MemoryRegion name documentation (David)
* mem-prealloc optimization (Jitendra)
* -icount/MTTCG fixes (me)
* "info mtree" niceness (Peter)
* NBD drop_sync buffer overflow (Vladimir/Eric)
* small cleanups and bugfixes (Li, Lin, Suramya, Thomas)
* fix for "-device kvmclock" w/TCG (Eduardo)
* debug output before crashing on KVM_{GET,SET}_MSRS (Eduardo)
# gpg: Signature made Tue 14 Mar 2017 13:42:05 GMT
# gpg: using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
nbd/client: fix drop_sync [CVE-2017-2630]
memory: info mtree check mr range overflow
icount: process QEMU_CLOCK_VIRTUAL timers in vCPU thread
main-loop: remove now unnecessary optimization
cpus: define QEMUTimerListNotifyCB for QEMU system emulation
qemu-timer: do not include sysemu/cpus.h from util/qemu-timer.h
qemu-timer: fix off-by-one
target/nios2: take BQL around interrupt check
scsi: mptsas: fix the wrong reading size in fetch request
util: Removed unneeded header from path.c
configure: add the missing help output for optional features
scripts/dump-guest-memory.py: fix int128_get64 on recent gcc
kvmclock: Don't crash QEMU if KVM is disabled
kvm: Print MSR information if KVM_{GET,SET}_MSRS failed
exec: add cpu_synchronize_state to cpu_memory_rw_debug
mem-prealloc: reduce large guest start-up and migration time.
docs: Add a note about mixing bootindex with "-boot order"
memory_region: Fix name comments
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
diff --git a/hw/misc/imx6_src.c b/hw/misc/imx6_src.c
index edbb756..cfb0871 100644
--- a/hw/misc/imx6_src.c
+++ b/hw/misc/imx6_src.c
@@ -143,13 +143,17 @@
unsigned long reset_shift)
{
struct SRCSCRResetInfo *ri;
+ CPUState *cpu = arm_get_cpu_by_id(cpuid);
+
+ if (!cpu) {
+ return;
+ }
ri = g_malloc(sizeof(struct SRCSCRResetInfo));
ri->s = s;
ri->reset_bit = reset_shift;
- async_run_on_cpu(arm_get_cpu_by_id(cpuid), imx6_clear_reset_bit,
- RUN_ON_CPU_HOST_PTR(ri));
+ async_run_on_cpu(cpu, imx6_clear_reset_bit, RUN_ON_CPU_HOST_PTR(ri));
}
diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
index b0f429b..6e23493 100644
--- a/hw/net/e1000e.c
+++ b/hw/net/e1000e.c
@@ -306,7 +306,7 @@
static void
e1000e_cleanup_msix(E1000EState *s)
{
- if (msix_enabled(PCI_DEVICE(s))) {
+ if (msix_present(PCI_DEVICE(s))) {
e1000e_unuse_msix_vectors(s, E1000E_MSIX_VEC_NUM);
msix_uninit(PCI_DEVICE(s), &s->msix, &s->msix);
}
diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
index a3eca7e..bfa6b4b 100644
--- a/hw/net/mcf_fec.c
+++ b/hw/net/mcf_fec.c
@@ -27,6 +27,7 @@
#define FEC_MAX_DESC 1024
#define FEC_MAX_FRAME_SIZE 2032
+#define FEC_MIB_SIZE 64
typedef struct {
SysBusDevice parent_obj;
@@ -51,6 +52,7 @@
uint32_t erdsr;
uint32_t etdsr;
uint32_t emrbr;
+ uint32_t mib[FEC_MIB_SIZE];
} mcf_fec_state;
#define FEC_INT_HB 0x80000000
@@ -111,6 +113,63 @@
#define FEC_BD_OV 0x0002
#define FEC_BD_TR 0x0001
+#define MIB_RMON_T_DROP 0
+#define MIB_RMON_T_PACKETS 1
+#define MIB_RMON_T_BC_PKT 2
+#define MIB_RMON_T_MC_PKT 3
+#define MIB_RMON_T_CRC_ALIGN 4
+#define MIB_RMON_T_UNDERSIZE 5
+#define MIB_RMON_T_OVERSIZE 6
+#define MIB_RMON_T_FRAG 7
+#define MIB_RMON_T_JAB 8
+#define MIB_RMON_T_COL 9
+#define MIB_RMON_T_P64 10
+#define MIB_RMON_T_P65TO127 11
+#define MIB_RMON_T_P128TO255 12
+#define MIB_RMON_T_P256TO511 13
+#define MIB_RMON_T_P512TO1023 14
+#define MIB_RMON_T_P1024TO2047 15
+#define MIB_RMON_T_P_GTE2048 16
+#define MIB_RMON_T_OCTETS 17
+#define MIB_IEEE_T_DROP 18
+#define MIB_IEEE_T_FRAME_OK 19
+#define MIB_IEEE_T_1COL 20
+#define MIB_IEEE_T_MCOL 21
+#define MIB_IEEE_T_DEF 22
+#define MIB_IEEE_T_LCOL 23
+#define MIB_IEEE_T_EXCOL 24
+#define MIB_IEEE_T_MACERR 25
+#define MIB_IEEE_T_CSERR 26
+#define MIB_IEEE_T_SQE 27
+#define MIB_IEEE_T_FDXFC 28
+#define MIB_IEEE_T_OCTETS_OK 29
+
+#define MIB_RMON_R_DROP 32
+#define MIB_RMON_R_PACKETS 33
+#define MIB_RMON_R_BC_PKT 34
+#define MIB_RMON_R_MC_PKT 35
+#define MIB_RMON_R_CRC_ALIGN 36
+#define MIB_RMON_R_UNDERSIZE 37
+#define MIB_RMON_R_OVERSIZE 38
+#define MIB_RMON_R_FRAG 39
+#define MIB_RMON_R_JAB 40
+#define MIB_RMON_R_RESVD_0 41
+#define MIB_RMON_R_P64 42
+#define MIB_RMON_R_P65TO127 43
+#define MIB_RMON_R_P128TO255 44
+#define MIB_RMON_R_P256TO511 45
+#define MIB_RMON_R_P512TO1023 46
+#define MIB_RMON_R_P1024TO2047 47
+#define MIB_RMON_R_P_GTE2048 48
+#define MIB_RMON_R_OCTETS 49
+#define MIB_IEEE_R_DROP 50
+#define MIB_IEEE_R_FRAME_OK 51
+#define MIB_IEEE_R_CRC 52
+#define MIB_IEEE_R_ALIGN 53
+#define MIB_IEEE_R_MACERR 54
+#define MIB_IEEE_R_FDXFC 55
+#define MIB_IEEE_R_OCTETS_OK 56
+
static void mcf_fec_read_bd(mcf_fec_bd *bd, uint32_t addr)
{
cpu_physical_memory_read(addr, bd, sizeof(*bd));
@@ -147,6 +206,31 @@
s->irq_state = active;
}
+static void mcf_fec_tx_stats(mcf_fec_state *s, int size)
+{
+ s->mib[MIB_RMON_T_PACKETS]++;
+ s->mib[MIB_RMON_T_OCTETS] += size;
+ if (size < 64) {
+ s->mib[MIB_RMON_T_FRAG]++;
+ } else if (size == 64) {
+ s->mib[MIB_RMON_T_P64]++;
+ } else if (size < 128) {
+ s->mib[MIB_RMON_T_P65TO127]++;
+ } else if (size < 256) {
+ s->mib[MIB_RMON_T_P128TO255]++;
+ } else if (size < 512) {
+ s->mib[MIB_RMON_T_P256TO511]++;
+ } else if (size < 1024) {
+ s->mib[MIB_RMON_T_P512TO1023]++;
+ } else if (size < 2048) {
+ s->mib[MIB_RMON_T_P1024TO2047]++;
+ } else {
+ s->mib[MIB_RMON_T_P_GTE2048]++;
+ }
+ s->mib[MIB_IEEE_T_FRAME_OK]++;
+ s->mib[MIB_IEEE_T_OCTETS_OK] += size;
+}
+
static void mcf_fec_do_tx(mcf_fec_state *s)
{
uint32_t addr;
@@ -180,6 +264,7 @@
/* Last buffer in frame. */
DPRINTF("Sending packet\n");
qemu_send_packet(qemu_get_queue(s->nic), frame, frame_size);
+ mcf_fec_tx_stats(s, frame_size);
ptr = frame;
frame_size = 0;
s->eir |= FEC_INT_TXF;
@@ -302,6 +387,7 @@
case 0x180: return s->erdsr;
case 0x184: return s->etdsr;
case 0x188: return s->emrbr;
+ case 0x200 ... 0x2e0: return s->mib[(addr & 0x1ff) / 4];
default:
hw_error("mcf_fec_read: Bad address 0x%x\n", (int)addr);
return 0;
@@ -399,12 +485,40 @@
case 0x188:
s->emrbr = value > 0 ? value & 0x7F0 : 0x7F0;
break;
+ case 0x200 ... 0x2e0:
+ s->mib[(addr & 0x1ff) / 4] = value;
+ break;
default:
hw_error("mcf_fec_write Bad address 0x%x\n", (int)addr);
}
mcf_fec_update(s);
}
+static void mcf_fec_rx_stats(mcf_fec_state *s, int size)
+{
+ s->mib[MIB_RMON_R_PACKETS]++;
+ s->mib[MIB_RMON_R_OCTETS] += size;
+ if (size < 64) {
+ s->mib[MIB_RMON_R_FRAG]++;
+ } else if (size == 64) {
+ s->mib[MIB_RMON_R_P64]++;
+ } else if (size < 128) {
+ s->mib[MIB_RMON_R_P65TO127]++;
+ } else if (size < 256) {
+ s->mib[MIB_RMON_R_P128TO255]++;
+ } else if (size < 512) {
+ s->mib[MIB_RMON_R_P256TO511]++;
+ } else if (size < 1024) {
+ s->mib[MIB_RMON_R_P512TO1023]++;
+ } else if (size < 2048) {
+ s->mib[MIB_RMON_R_P1024TO2047]++;
+ } else {
+ s->mib[MIB_RMON_R_P_GTE2048]++;
+ }
+ s->mib[MIB_IEEE_R_FRAME_OK]++;
+ s->mib[MIB_IEEE_R_OCTETS_OK] += size;
+}
+
static int mcf_fec_have_receive_space(mcf_fec_state *s, size_t want)
{
mcf_fec_bd bd;
@@ -500,6 +614,7 @@
}
}
s->rx_descriptor = addr;
+ mcf_fec_rx_stats(s, retsize);
mcf_fec_enable_rx(s);
mcf_fec_update(s);
return retsize;
diff --git a/net/colo-compare.c b/net/colo-compare.c
index 282727b..54e6d40 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -182,10 +182,18 @@
*/
static int colo_packet_compare_common(Packet *ppkt, Packet *spkt, int offset)
{
- trace_colo_compare_ip_info(ppkt->size, inet_ntoa(ppkt->ip->ip_src),
- inet_ntoa(ppkt->ip->ip_dst), spkt->size,
- inet_ntoa(spkt->ip->ip_src),
- inet_ntoa(spkt->ip->ip_dst));
+ if (trace_event_get_state(TRACE_COLO_COMPARE_MISCOMPARE)) {
+ char pri_ip_src[20], pri_ip_dst[20], sec_ip_src[20], sec_ip_dst[20];
+
+ strcpy(pri_ip_src, inet_ntoa(ppkt->ip->ip_src));
+ strcpy(pri_ip_dst, inet_ntoa(ppkt->ip->ip_dst));
+ strcpy(sec_ip_src, inet_ntoa(spkt->ip->ip_src));
+ strcpy(sec_ip_dst, inet_ntoa(spkt->ip->ip_dst));
+
+ trace_colo_compare_ip_info(ppkt->size, pri_ip_src,
+ pri_ip_dst, spkt->size,
+ sec_ip_src, sec_ip_dst);
+ }
if (ppkt->size == spkt->size) {
return memcmp(ppkt->data + offset, spkt->data + offset,
@@ -336,10 +344,19 @@
static int colo_packet_compare_other(Packet *spkt, Packet *ppkt)
{
trace_colo_compare_main("compare other");
- trace_colo_compare_ip_info(ppkt->size, inet_ntoa(ppkt->ip->ip_src),
- inet_ntoa(ppkt->ip->ip_dst), spkt->size,
- inet_ntoa(spkt->ip->ip_src),
- inet_ntoa(spkt->ip->ip_dst));
+ if (trace_event_get_state(TRACE_COLO_COMPARE_MISCOMPARE)) {
+ char pri_ip_src[20], pri_ip_dst[20], sec_ip_src[20], sec_ip_dst[20];
+
+ strcpy(pri_ip_src, inet_ntoa(ppkt->ip->ip_src));
+ strcpy(pri_ip_dst, inet_ntoa(ppkt->ip->ip_dst));
+ strcpy(sec_ip_src, inet_ntoa(spkt->ip->ip_src));
+ strcpy(sec_ip_dst, inet_ntoa(spkt->ip->ip_dst));
+
+ trace_colo_compare_ip_info(ppkt->size, pri_ip_src,
+ pri_ip_dst, spkt->size,
+ sec_ip_src, sec_ip_dst);
+ }
+
return colo_packet_compare_common(ppkt, spkt, 0);
}
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 25ceaab..a8aabce 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -536,8 +536,8 @@
/* These values map onto the return values for
* QEMU_PSCI_0_2_FN_AFFINITY_INFO */
typedef enum ARMPSCIState {
- PSCI_OFF = 0,
- PSCI_ON = 1,
+ PSCI_ON = 0,
+ PSCI_OFF = 1,
PSCI_ON_PENDING = 2
} ARMPSCIState;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 76b608f..8646a7a 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -885,7 +885,7 @@
*/
int el = arm_current_el(env);
- if (el == 0 && !env->cp15.c9_pmuserenr) {
+ if (el == 0 && !(env->cp15.c9_pmuserenr & 1)) {
return CP_ACCESS_TRAP;
}
if (el < 2 && (env->cp15.mdcr_el2 & MDCR_TPM)
@@ -899,8 +899,67 @@
return CP_ACCESS_OK;
}
+static CPAccessResult pmreg_access_xevcntr(CPUARMState *env,
+ const ARMCPRegInfo *ri,
+ bool isread)
+{
+ /* ER: event counter read trap control */
+ if (arm_feature(env, ARM_FEATURE_V8)
+ && arm_current_el(env) == 0
+ && (env->cp15.c9_pmuserenr & (1 << 3)) != 0
+ && isread) {
+ return CP_ACCESS_OK;
+ }
+
+ return pmreg_access(env, ri, isread);
+}
+
+static CPAccessResult pmreg_access_swinc(CPUARMState *env,
+ const ARMCPRegInfo *ri,
+ bool isread)
+{
+ /* SW: software increment write trap control */
+ if (arm_feature(env, ARM_FEATURE_V8)
+ && arm_current_el(env) == 0
+ && (env->cp15.c9_pmuserenr & (1 << 1)) != 0
+ && !isread) {
+ return CP_ACCESS_OK;
+ }
+
+ return pmreg_access(env, ri, isread);
+}
+
#ifndef CONFIG_USER_ONLY
+static CPAccessResult pmreg_access_selr(CPUARMState *env,
+ const ARMCPRegInfo *ri,
+ bool isread)
+{
+ /* ER: event counter read trap control */
+ if (arm_feature(env, ARM_FEATURE_V8)
+ && arm_current_el(env) == 0
+ && (env->cp15.c9_pmuserenr & (1 << 3)) != 0) {
+ return CP_ACCESS_OK;
+ }
+
+ return pmreg_access(env, ri, isread);
+}
+
+static CPAccessResult pmreg_access_ccntr(CPUARMState *env,
+ const ARMCPRegInfo *ri,
+ bool isread)
+{
+ /* CR: cycle counter read trap control */
+ if (arm_feature(env, ARM_FEATURE_V8)
+ && arm_current_el(env) == 0
+ && (env->cp15.c9_pmuserenr & (1 << 2)) != 0
+ && isread) {
+ return CP_ACCESS_OK;
+ }
+
+ return pmreg_access(env, ri, isread);
+}
+
static inline bool arm_ccnt_enabled(CPUARMState *env)
{
/* This does not support checking PMCCFILTR_EL0 register */
@@ -1068,7 +1127,11 @@
static void pmuserenr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
- env->cp15.c9_pmuserenr = value & 1;
+ if (arm_feature(env, ARM_FEATURE_V8)) {
+ env->cp15.c9_pmuserenr = value & 0xf;
+ } else {
+ env->cp15.c9_pmuserenr = value & 1;
+ }
}
static void pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -1212,25 +1275,25 @@
.raw_writefn = raw_write },
/* Unimplemented so WI. */
{ .name = "PMSWINC", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 4,
- .access = PL0_W, .accessfn = pmreg_access, .type = ARM_CP_NOP },
+ .access = PL0_W, .accessfn = pmreg_access_swinc, .type = ARM_CP_NOP },
#ifndef CONFIG_USER_ONLY
{ .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5,
.access = PL0_RW, .type = ARM_CP_ALIAS,
.fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmselr),
- .accessfn = pmreg_access, .writefn = pmselr_write,
+ .accessfn = pmreg_access_selr, .writefn = pmselr_write,
.raw_writefn = raw_write},
{ .name = "PMSELR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 5,
- .access = PL0_RW, .accessfn = pmreg_access,
+ .access = PL0_RW, .accessfn = pmreg_access_selr,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmselr),
.writefn = pmselr_write, .raw_writefn = raw_write, },
{ .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0,
.access = PL0_RW, .resetvalue = 0, .type = ARM_CP_IO,
.readfn = pmccntr_read, .writefn = pmccntr_write32,
- .accessfn = pmreg_access },
+ .accessfn = pmreg_access_ccntr },
{ .name = "PMCCNTR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 13, .opc2 = 0,
- .access = PL0_RW, .accessfn = pmreg_access,
+ .access = PL0_RW, .accessfn = pmreg_access_ccntr,
.type = ARM_CP_IO,
.readfn = pmccntr_read, .writefn = pmccntr_write, },
#endif
@@ -1251,7 +1314,7 @@
/* Unimplemented, RAZ/WI. */
{ .name = "PMXEVCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 2,
.access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0,
- .accessfn = pmreg_access },
+ .accessfn = pmreg_access_xevcntr },
{ .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0,
.access = PL0_R | PL1_RW, .accessfn = access_tpm,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr),
diff --git a/ui/cocoa.m b/ui/cocoa.m
index 26d4a1c..c81f7b6 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -879,7 +879,7 @@
// set the supported image file types that can be opened
supportedImageFileTypes = [NSArray arrayWithObjects: @"img", @"iso", @"dmg",
@"qcow", @"qcow2", @"cloop", @"vmdk", @"cdr",
- nil];
+ @"toast", nil];
[self make_about_window];
}
return self;
