Alex Bennée [Fri, 5 Jun 2020 15:49:19 +0000 (16:49 +0100)]
exec: flush the whole TLB if a watchpoint crosses a page boundary
There is no particular reason why you can't have a watchpoint in TCG
that covers a large chunk of the address space. We could be clever
about it but these cases are pretty rare and we can assume the user
will expect a little performance degradation.
NB: In my testing gdb will silently squash a watchpoint like:
watch (char[0x7fffffffff]) *0x0
to a 4 byte watchpoint. Practically it will limit the maximum size
based on max-value-size. However given enough of a tweak the sky is
the limit.
scripts/clean-includes: Mark 'qemu/qemu-plugin.h' as special header
"qemu/qemu-plugin.h" isn't meant to be include by QEMU codebase,
but by 3rd party plugins that QEMU can use. These plugins can be
built out of QEMU and don't include "qemu/osdep.h".
Mark "qemu/qemu-plugin.h" as a special header that doesn't need
to be cleaned for "qemu/osdep.h".
* remotes/vivier2/tags/linux-user-for-5.1-pull-request:
stubs: Restrict ui/win32-kbd-hook to system-mode
hw/core: Restrict CpuClass::get_crash_info() to system-mode
target/s390x: Restrict CpuClass::get_crash_info() to system-mode
target/i386: Restrict CpuClass::get_crash_info() to system-mode
arch_init: Remove unused 'qapi-commands-misc.h' include
exec: Assert CPU migration is not used on user-only build
target/riscv/cpu: Restrict CPU migration to system-mode
stubs/Makefile: Reduce the user-mode object list
util/Makefile: Reduce the user-mode object list
tests/Makefile: Restrict some softmmu-only tests
tests/Makefile: Only display TCG-related tests when TCG is available
configure: Avoid building TCG when not needed
Makefile: Only build virtiofsd if system-mode is enabled
linux-user: implement OFD locks
linux-user/mmap.c: fix integer underflow in target_mremap
linux-user/strace.list: fix epoll_create{,1} -strace output
linux-user: Add support for /proc/cpuinfo on hppa platform
linux-user: return target error codes for socket() and prctl()
linux-user, alpha: fix oldumount syscall
Peter Maydell [Fri, 5 Jun 2020 22:31:31 +0000 (23:31 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200605' into staging
target-arm queue:
hw/ssi/imx_spi: Handle tx burst lengths other than 8 correctly
hw/input/pxa2xx_keypad: Replace hw_error() by qemu_log_mask()
hw/arm/pxa2xx: Replace printf() call by qemu_log_mask()
target/arm: Convert crypto insns to gvec
hw/adc/stm32f2xx_adc: Correct memory region size and access size
tests/acceptance: Add a boot test for the xlnx-versal-virt machine
docs/system: Document Aspeed boards
raspi: Add model of the USB controller
target/arm: Convert 2-reg-and-shift and 1-reg-imm Neon insns to decodetree
In the next commit we are going to remove some objects from the
util-obj-y variable (objects which are not used by user-mode,
when configured with --disable-system).
Then some system-mode tests are going to fail, due to the missing
objects:
$ make check-unit -k
LINK tests/test-iov
/usr/bin/ld: tests/test-iov.o: in function `iov_from_buf':
include/qemu/iov.h:49: undefined reference to `iov_from_buf_full'
make: *** [rules.mak:124: tests/test-iov] Error 1
LINK tests/test-timed-average
/usr/bin/ld: tests/test-timed-average.o: in function `account':
tests/test-timed-average.c:27: undefined reference to `timed_average_account'
make: *** [rules.mak:124: tests/test-timed-average] Error 1
LINK tests/test-util-filemonitor
/usr/bin/ld: tests/test-util-filemonitor.o: in function `qemu_file_monitor_test_event_loop':
tests/test-util-filemonitor.c:83: undefined reference to `main_loop_wait'
make: *** [rules.mak:124: tests/test-util-filemonitor] Error 1
LINK tests/test-util-sockets
/usr/bin/ld: tests/test-util-sockets.o: in function `test_socket_fd_pass_name_good':
tests/test-util-sockets.c:91: undefined reference to `socket_connect'
make: *** [rules.mak:124: tests/test-util-sockets] Error 1
LINK tests/test-base64
/usr/bin/ld: tests/test-base64.o: in function `test_base64_good':
tests/test-base64.c:35: undefined reference to `qbase64_decode'
collect2: error: ld returned 1 exit status
make: *** [rules.mak:124: tests/test-base64] Error 1
LINK tests/test-bufferiszero
/usr/bin/ld: tests/test-bufferiszero.o: in function `test_1':
tests/test-bufferiszero.c:31: undefined reference to `buffer_is_zero'
make: *** [rules.mak:124: tests/test-bufferiszero] Error 1
make: Target 'check-unit' not remade because of errors.
Instead, restrict these tests to system-mode, by using the
$(CONFIG_SOFTMMU) variable.
Jonathan Marler [Sat, 2 May 2020 16:12:25 +0000 (10:12 -0600)]
linux-user/mmap.c: fix integer underflow in target_mremap
Fixes: https://bugs.launchpad.net/bugs/1876373
This code path in mmap occurs when a page size is decreased with mremap. When a section of pages is shrunk, qemu calls mmap_reserve on the pages that were released. However, it has the diff operation reversed, subtracting the larger old_size from the smaller new_size. Instead, it should be subtracting the smaller new_size from the larger old_size. You can also see in the previous line of the change that this mmap_reserve call only occurs when old_size > new_size.
Peter Maydell [Fri, 22 May 2020 14:55:20 +0000 (15:55 +0100)]
target/arm: Convert Neon one-register-and-immediate insns to decodetree
Convert the insns in the one-register-and-immediate group to decodetree.
In the new decode, our asimd_imm_const() function returns a 64-bit value
rather than a 32-bit one, which means we don't need to treat cmode=14 op=1
as a special case in the decoder (it is the only encoding where the two
halves of the 64-bit value are different).
Peter Maydell [Fri, 22 May 2020 14:55:18 +0000 (15:55 +0100)]
target/arm: Convert Neon VSHLL, VMOVL to decodetree
Convert the VSHLL and VMOVL insns from the 2-reg-shift group
to decodetree. Since the loop always has two passes, we unroll
it to avoid the awkward reassignment of one TCGv to another.
Convert the VSRA, VSRI, VRSHR, VRSRA 2-reg-shift insns to decodetree.
(These are the last instructions in the group that are vectorized;
the rest all require looping over each element.)
Paul Zimmerman [Wed, 20 May 2020 23:53:47 +0000 (16:53 -0700)]
usb: add short-packet handling to usb-storage driver
The dwc-hsotg (dwc2) USB host depends on a short packet to
indicate the end of an IN transfer. The usb-storage driver
currently doesn't provide this, so fix it.
I have tested this change rather extensively using a PC
emulation with xhci, ehci, and uhci controllers, and have
not observed any regressions.
Paul Zimmerman [Wed, 20 May 2020 23:53:46 +0000 (16:53 -0700)]
dwc-hsotg (dwc2) USB host controller emulation
Add the dwc-hsotg (dwc2) USB host controller emulation code.
Based on hw/usb/hcd-ehci.c and hw/usb/hcd-ohci.c.
Note that to use this with the dwc-otg driver in the Raspbian
kernel, you must pass the option "dwc_otg.fiq_fsm_enable=0" on
the kernel command line.
Emulation of slave mode and of descriptor-DMA mode has not been
implemented yet. These modes are seldom used.
I have used some on-line sources of information while developing
this emulation, including:
http://www.capital-micro.com/PDF/CME-M7_Family_User_Guide_EN.pdf
which has a pretty complete description of the controller starting
on page 370.
https://sourceforge.net/p/wive-ng/wive-ng-mt/ci/master/tree/docs/DataSheets/RT3050_5x_V2.0_081408_0902.pdf
which has a description of the controller registers starting on
page 130.
Thanks to Felippe Mathieu-Daude for providing a cleaner method
of implementing the memory regions for the controller registers.
Paul Zimmerman [Wed, 20 May 2020 23:53:44 +0000 (16:53 -0700)]
dwc-hsotg (dwc2) USB host controller register definitions
Import the dwc-hsotg (dwc2) register definitions file from the
Linux kernel. This is a copy of drivers/usb/dwc2/hw.h from the
mainline Linux kernel, the only changes being to the header, and
two instances of 'u32' changed to 'uint32_t' to allow it to
compile. Checkpatch throws a boatload of errors due to the tab
indentation, but I would rather import it as-is than reformat it.
Paul Zimmerman [Wed, 20 May 2020 23:53:43 +0000 (16:53 -0700)]
raspi: add BCM2835 SOC MPHI emulation
Add BCM2835 SOC MPHI (Message-based Parallel Host Interface)
emulation. It is very basic, only providing the FIQ interrupt
needed to allow the dwc-otg USB host controller driver in the
Raspbian kernel to function.
Rather than passing an opcode to a helper, fully decode the
operation at translate time. Use clear_tail_16 to zap the
balance of the SVE register with the AdvSIMD write.
Rather than passing an opcode to a helper, fully decode the
operation at translate time. Use clear_tail_16 to zap the
balance of the SVE register with the AdvSIMD write.
With this conversion, we will be able to use the same helpers
with sve. This also fixes a bug in which we failed to clear
the high bits of the SVE register after an AdvSIMD operation.
With this conversion, we will be able to use the same helpers
with sve. In particular, pass 3 vector parameters for the
3-operand operations; for advsimd the destination register
is also an input.
This also fixes a bug in which we failed to clear the high bits
of the SVE register after an AdvSIMD operation.
Eden Mikitas [Tue, 2 Jun 2020 12:44:34 +0000 (13:44 +0100)]
hw/ssi/imx_spi: Removed unnecessary cast of rx data received from slave
When inserting the value retrieved (rx) from the spi slave, rx is pushed to
rx_fifo after being cast to uint8_t. rx_fifo is a fifo32, and the rx
register the driver uses is also 32 bit. This zeroes the 24 most
significant bits of rx. This proved problematic with devices that expect to
use the whole 32 bits of the rx register.
Eden Mikitas [Tue, 2 Jun 2020 12:44:34 +0000 (13:44 +0100)]
hw/ssi/imx_spi: changed while statement to prevent underflow
The while statement in question only checked if tx_burst is not 0.
tx_burst is a signed int, which is assigned the value put by the
guest driver in ECSPI_CONREG. The burst length can be anywhere
between 1 and 4096, and since tx_burst is always decremented by 8
it could possibly underflow, causing an infinite loop.
Jared Rossi [Tue, 12 May 2020 18:15:35 +0000 (14:15 -0400)]
vfio-ccw: allow non-prefetch ORBs
Remove the explicit prefetch check when using vfio-ccw devices.
This check does not trigger in practice as all Linux channel programs
are intended to use prefetch.
Newer Linux kernel versions do not require to force the PFCH flag with
vfio-ccw devices anymore.
We need some little help in the code to reduce the valgrind noise.
This patch does this with some designated initializers for the cpu
model features and subfunctions.
Peter Maydell [Fri, 5 Jun 2020 10:53:37 +0000 (11:53 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Pull request
# gpg: Signature made Fri 05 Jun 2020 10:47:27 BST
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <[email protected]>" [full]
# gpg: aka "Stefan Hajnoczi <[email protected]>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/block-pull-request:
block: Factor out bdrv_run_co()
exec: Rename qemu_ram_writeback() as qemu_ram_msync()
hw/block: Let the NVMe emulated device be target-agnostic
memory: Extract memory_region_msync() from memory_region_writeback()
memory: Rename memory_region_do_writeback -> memory_region_writeback
fuzz: run the main-loop in fork-server process
fuzz: add mangled object name to linker script
fuzz: fix typo in i440fx-qtest-reboot arguments
fuzz: add datadir for oss-fuzz compatability
io_uring: use io_uring_cq_ready() to check for ready cqes
io_uring: retry io_uring_submit() if it fails with errno=EINTR
We have a few bdrv_*() functions that can either spawn a new coroutine
and wait for it with BDRV_POLL_WHILE() or use a fastpath if they are
alreeady running in a coroutine. All of them duplicate basically the
same code.
Factor the common code into a new function bdrv_run_co().
Without this, the time since the last main-loop keeps increasing, as the
fuzzer runs. The forked children need to handle all the "past-due"
timers, slowing them down, over time. With this change, the
parent/fork-server process runs the main-loop, while waiting on the
child, ensuring that the timer events do not pile up, over time.
Previously, we relied on "FuzzerTracePC*(.bss*)" to place libfuzzer's
fuzzer::TPC object into our contiguous shared-memory region. This does
not work for some libfuzzer builds, so this addition identifies the
region by its mangled name: *(.bss._ZN6fuzzer3TPCE);
io_uring: use io_uring_cq_ready() to check for ready cqes
In qemu_luring_poll_cb() we are not using the cqe peeked from the
CQ ring. We are using io_uring_peek_cqe() only to see if there
are cqes ready, so we can replace it with io_uring_cq_ready().
io_uring: retry io_uring_submit() if it fails with errno=EINTR
As recently documented [1], io_uring_enter(2) syscall can return an
error (errno=EINTR) if the operation was interrupted by a delivery
of a signal before it could complete.
This should happen when IORING_ENTER_GETEVENTS flag is used, for
example during io_uring_submit_and_wait() or during io_uring_submit()
when IORING_SETUP_IOPOLL is enabled.
We shouldn't have this problem for now, but it's better to prevent it.
While replacing fprintf() by qemu_log_mask() in commit 2b55f4d3504, we incorrectly used a 'tab = 4 spaces'
alignment, leading to misindented new code. Fix now.
ati-vga: check mm_index before recursive call (CVE-2020-13800)
While accessing VGA registers via ati_mm_read/write routines,
a guest may set 's->regs.mm_index' such that it leads to infinite
recursion. Check mm_index value to avoid such recursion. Log an
error message for wrong values.
Peter Maydell [Thu, 4 Jun 2020 10:38:47 +0000 (11:38 +0100)]
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20200603' into staging
This is a collection of RISC-V patches for 5.1.
This incldues removing deprecated features and part of the OpenTitan
support series.
# gpg: Signature made Wed 03 Jun 2020 17:12:43 BST
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <[email protected]>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-to-apply-20200603:
riscv: Initial commit of OpenTitan machine
target/riscv: Add the lowRISC Ibex CPU
target/riscv: Don't set PMP feature in the cpu init
target/riscv: Disable the MMU correctly
target/riscv: Don't overwrite the reset vector
riscv/boot: Add a missing header include
riscv: sifive_e: Manually define the machine
docs: deprecated: Update the -bios documentation
target/riscv: Drop support for ISA spec version 1.09.1
target/riscv: Remove the deprecated CPUs
hw/riscv: spike: Remove deprecated ISA specific machines
hw/riscv: virt: Remove the riscv_ prefix of the machine* functions
hw/riscv: sifive_u: Remove the riscv_ prefix of the soc* functions
riscv: Change the default behavior if no -bios option is specified
riscv: Suppress the error report for QEMU testing with riscv_find_firmware()
Alistair Francis [Thu, 28 May 2020 18:04:15 +0000 (11:04 -0700)]
target/riscv: Don't set PMP feature in the cpu init
The PMP is enabled by default via the "pmp" property so there is no need
for us to set it in the init function. As all CPUs have PMP support just
remove the set_feature() call in the CPU init functions.
Alistair Francis [Tue, 26 May 2020 23:06:02 +0000 (16:06 -0700)]
target/riscv: Disable the MMU correctly
Previously if we didn't enable the MMU it would be enabled in the
realize() function anyway. Let's ensure that if we don't want the MMU we
disable it. We also don't need to enable the MMU as it will be enabled
in realize() by default.
Alistair Francis [Thu, 23 Apr 2020 21:09:37 +0000 (14:09 -0700)]
riscv/boot: Add a missing header include
As the functions declared in this header use the symbol_fn_t
typedef itself declared in "hw/loader.h", we need to include
it here to make the header file self-contained.
Bin Meng [Fri, 1 May 2020 12:19:05 +0000 (05:19 -0700)]
riscv: Change the default behavior if no -bios option is specified
Per QEMU deprecated doc, QEMU 4.1 introduced support for the -bios
option in QEMU for RISC-V for the virt machine and sifive_u machine.
The default behavior has been that QEMU does not automatically load
any firmware if no -bios option is included.
Now 2 releases passed, it's time to change the default behavior to
load the default OpenSBI firmware automatically. The firmware is
included with the QEMU release and no user interaction is required.
All a user needs to do is specify the kernel they want to boot with
the -kernel option.
Bin Meng [Fri, 1 May 2020 15:50:54 +0000 (08:50 -0700)]
riscv: Suppress the error report for QEMU testing with riscv_find_firmware()
We only ship plain binary bios images in the QEMU source. With Spike
machine that uses ELF images as the default bios, running QEMU test
will complain hence let's suppress the error report for QEMU testing.
Peter Maydell [Tue, 2 Jun 2020 17:16:38 +0000 (18:16 +0100)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20200602' into staging
Vector rotate support
Signal handling support for NetBSD arm/aarch64
# gpg: Signature made Tue 02 Jun 2020 17:43:05 BST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "[email protected]"
# gpg: Good signature from "Richard Henderson <[email protected]>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth/tags/pull-tcg-20200602:
accel/tcg: Provide a NetBSD specific aarch64 cpu_signal_handler
accel/tcg: Adjust cpu_signal_handler for NetBSD/arm
tcg: Improve move ops in liveness_pass_2
target/s390x: Use tcg_gen_gvec_rotl{i,s,v}
target/ppc: Use tcg_gen_gvec_rotlv
tcg/ppc: Implement INDEX_op_rot[lr]v_vec
tcg/aarch64: Implement INDEX_op_rotl{i,v}_vec
tcg/i386: Implement INDEX_op_rotl{i,s,v}_vec
tcg: Implement gvec support for rotate by scalar
tcg: Remove expansion to shift by vector from do_shifts
tcg: Implement gvec support for rotate by vector
tcg: Implement gvec support for rotate by immediate
If the output of the move is dead, then the last use is in
the store. If we propagate the input to the store, then we
can remove the move opcode entirely.
projects / qemu.git / log