Janne Grunau [Wed, 1 Apr 2020 22:52:53 +0000 (00:52 +0200)]
target/i386: fix phadd* with identical destination and source register
Detected by asm test suite failures in dav1d
(https://code.videolan.org/videolan/dav1d). Can be reproduced by
`qemu-x86_64 -cpu core2duo ./tests/checkasm --test=mc_8bpc 1659890620`.
CPUID leaf CPUID_Fn80000008_ECX provides information about the
number of threads supported by the processor. It was found that
the field ApicIdSize(bits 15-12) was not set correctly.
ApicIdSize is defined as the number of bits required to represent
all the ApicId values within a package.
Valid Values: Value Description
3h-0h Reserved.
4h up to 16 threads.
5h up to 32 threads.
6h up to 64 threads.
7h up to 128 threads.
Fh-8h Reserved.
Jon Doron [Fri, 24 Apr 2020 12:34:43 +0000 (15:34 +0300)]
i386: Hyper-V VMBus ACPI DSDT entry
Guest OS uses ACPI to discover VMBus presence. Add a corresponding
entry to DSDT in case VMBus has been enabled.
Experimentally Windows guests were found to require this entry to
include two IRQ resources. They seem to never be used but they still
have to be there.
Make IRQ numbers user-configurable via corresponding properties; use 7
and 13 by default.
Jon Doron [Fri, 24 Apr 2020 12:34:41 +0000 (15:34 +0300)]
vmbus: vmbus implementation
Add the VMBus infrastructure -- bus, devices, root bridge, vmbus state
machine, vmbus channel interactions, etc.
VMBus is a collection of technologies. At its lowest layer, it's a message
passing and signaling mechanism, allowing efficient passing of messages to and
from guest VMs. A layer higher, it's a mechanism for defining channels of
communication, where each channel is tagged with a type (which implies a
protocol) and a instance ID. A layer higher than that, it's a bus driver,
serving as the basis of device enumeration within a VM, where a channel can
optionally be exposed as a paravirtual device. When a server-side (paravirtual
back-end) component wishes to offer a channel to a guest VM, it does so by
specifying a channel type, a mode, and an instance ID. VMBus then exposes this
in the guest.
More information about VMBus can be found in the file
vmbuskernelmodeclientlibapi.h in Microsoft's WDK.
TODO:
- split into smaller palatable pieces
- more comments
- check and handle corner cases
Igor Mammedov [Mon, 11 May 2020 14:11:03 +0000 (10:11 -0400)]
numa: prevent usage of -M memory-backend and -numa memdev at the same time
Options -M memory-backend and -numa memdev are mutually exclusive,
and if used together, it might lead to a crash in the worst case.
For example when the same backend is used with these options together:
-m 4G \
-object memory-backend-ram,id=mem0,size=4G \
-M pc,memory-backend=mem0 \
-numa node,memdev=mem0
QEMU will abort with:
exec.c:2006: qemu_ram_set_idstr: Assertion `!new_block->idstr[0]' failed.
and following backtrace:
abort ()
qemu_ram_set_idstr ()
vmstate_register_ram ()
vmstate_register_ram_global ()
machine_consume_memdev ()
numa_init_memdev_container ()
numa_complete_configuration ()
machine_run_board_init ()
add a check to error out in case the user tries to use both options at
the same time.
Igor Mammedov [Mon, 11 May 2020 14:11:02 +0000 (10:11 -0400)]
vl.c: run preconfig loop before creating default RAM backend
Default RAM backend depends on numa_uses_legacy_mem(), which is
infulenced by -numa options on CLI or set-numa-node QMP command
at preconfig time. If QEMU is started with '-preconfig'
without -numa, it will lead to creating default RAM backend
even if later set-numa-node is used to assing RAM to NUMA nodes
using 'memdev' NUMA option.
That at best will waste RAM object created by default and with
next patch adding a check to prevent usage of conflicting
'-M memory-backend' and '-numa memdev'
options, it will make QEMU error out if user tries to configure
NUMA at preconfig time with memdev option, making set-numa-node
unusable.
To fix issue, move preconfig loop before default RAM backend is
created, so that numa_uses_legacy_mem() would take into account
effects of set-numa-node commands executed at preconfig time.
Paolo Bonzini [Wed, 22 Apr 2020 14:38:57 +0000 (10:38 -0400)]
run-coverity-scan: support --update-tools-only --docker
Just build the container when run-coverity-scan is invoked with
--update-tools-only --docker. This requires moving the "docker build"
logic into the update_coverity_tools function.
The only snag is that --update-tools-only --docker requires access to
the dockerfile. For now just report an error for --src-tarball, and
"docker build" will fail if not in a source tree. Another possibility
could be to host our container images on a public registry, and use
"FROM qemu:fedora" to make the Dockerfile small enough that it can be
included directly in the run-coverity-scan script.
Paolo Bonzini [Wed, 22 Apr 2020 14:38:57 +0000 (10:38 -0400)]
run-coverity-scan: use docker.py
Our trusted docker wrapper allows run-coverity-scan to run with both
docker and podman.
For the "run" phase this is transparent; for the "build" phase however
scripts are replaced with a bind mount (-v). This is not an issue
because the secret option is meant for secrets stored globally in the
system and bind mounts are a valid substitute for secrets that are known
to whoever builds the container.
Paolo Bonzini [Wed, 22 Apr 2020 14:21:18 +0000 (10:21 -0400)]
run-coverity-scan: get Coverity token and email from special git config section
Support a [coverity] section in .git/config. It can be used to retrieve the
token and also, if it is different from user.email, the username of the
submitter.
Paolo Bonzini [Wed, 22 Apr 2020 14:17:08 +0000 (10:17 -0400)]
docker.py/build: support -t and -f arguments
The docker.py command line is subtly different from docker and podman's,
in that the tag and Dockerfile are passed via positional arguments.
Remove this gratuitous difference and just parse -f and -t.
-f was previously used by --extra-files, only keep the long option.
Peter Maydell [Tue, 9 Jun 2020 16:29:47 +0000 (17:29 +0100)]
Merge remote-tracking branch 'remotes/philmd-gitlab/tags/sparc-next-20200609' into staging
SPARC patches
HW:
- Use UNIMP device instead of EMPTY_SLOT
- Make EMPTY_SLOT similar to UNIMP device
- Map UART devices unconditionally
- Pair of fixes for AHB PnP
- Add trace events to AHB PnP
# gpg: Signature made Tue 09 Jun 2020 08:24:09 BST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <[email protected]>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd-gitlab/tags/sparc-next-20200609:
target/sparc/int32_helper: Extract and use excp_name_str()
target/sparc/int32_helper: Remove DEBUG_PCALL definition
hw/timer/grlib_gptimer: Display frequency in decimal
hw/misc/grlib_ahb_apb_pnp: Add trace events on read accesses
hw/misc/grlib_ahb_apb_pnp: Fix AHB PnP 8-bit accesses
hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to AHB PnP registers
hw/sparc64/niagara: Remove duplicated NIAGARA_UART_BASE definition
hw/sparc64/niagara: Map the UART device unconditionally
hw/sparc/leon3: Map the UART device unconditionally
hw/misc/empty_slot: Name the slots when created
hw/misc/empty_slot: Move the 'hw/misc' and cover in MAINTAINERS
hw/misc/empty_slot: Convert debug printf() to trace event
hw/misc/empty_slot: Add a 'name' qdev property
hw/misc/empty_slot: Convert 'size' field as qdev property
hw/misc/empty_slot: Lower address space priority
hw/sparc/sun4m: Use UnimplementedDevice for I/O devices
Similarly to commit 0fbe394a64 with the APB PnP registers,
set the MemoryRegionOps::impl min/max fields to 32-bit, so
memory.c::access_with_adjusted_size() can adjust when the
access is not 32-bit.
Empty slots model RAZ/WI access on a bus. Since we can still
(hot) plug devices on the bus, lower the slot priority, so
device added later is accessed first.
hw/sparc/sun4m: Use UnimplementedDevice for I/O devices
These devices are not slots on a bus, but real I/O devices
that we do not implement. As the ISDN ROM would be a ROMD
device, also model it as UnimplementedDevice.
* remotes/vivier2/tags/linux-user-for-5.1-pull-request:
stubs: Restrict ui/win32-kbd-hook to system-mode
hw/core: Restrict CpuClass::get_crash_info() to system-mode
target/s390x: Restrict CpuClass::get_crash_info() to system-mode
target/i386: Restrict CpuClass::get_crash_info() to system-mode
arch_init: Remove unused 'qapi-commands-misc.h' include
exec: Assert CPU migration is not used on user-only build
target/riscv/cpu: Restrict CPU migration to system-mode
stubs/Makefile: Reduce the user-mode object list
util/Makefile: Reduce the user-mode object list
tests/Makefile: Restrict some softmmu-only tests
tests/Makefile: Only display TCG-related tests when TCG is available
configure: Avoid building TCG when not needed
Makefile: Only build virtiofsd if system-mode is enabled
linux-user: implement OFD locks
linux-user/mmap.c: fix integer underflow in target_mremap
linux-user/strace.list: fix epoll_create{,1} -strace output
linux-user: Add support for /proc/cpuinfo on hppa platform
linux-user: return target error codes for socket() and prctl()
linux-user, alpha: fix oldumount syscall
Peter Maydell [Fri, 5 Jun 2020 22:31:31 +0000 (23:31 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200605' into staging
target-arm queue:
hw/ssi/imx_spi: Handle tx burst lengths other than 8 correctly
hw/input/pxa2xx_keypad: Replace hw_error() by qemu_log_mask()
hw/arm/pxa2xx: Replace printf() call by qemu_log_mask()
target/arm: Convert crypto insns to gvec
hw/adc/stm32f2xx_adc: Correct memory region size and access size
tests/acceptance: Add a boot test for the xlnx-versal-virt machine
docs/system: Document Aspeed boards
raspi: Add model of the USB controller
target/arm: Convert 2-reg-and-shift and 1-reg-imm Neon insns to decodetree
In the next commit we are going to remove some objects from the
util-obj-y variable (objects which are not used by user-mode,
when configured with --disable-system).
Then some system-mode tests are going to fail, due to the missing
objects:
$ make check-unit -k
LINK tests/test-iov
/usr/bin/ld: tests/test-iov.o: in function `iov_from_buf':
include/qemu/iov.h:49: undefined reference to `iov_from_buf_full'
make: *** [rules.mak:124: tests/test-iov] Error 1
LINK tests/test-timed-average
/usr/bin/ld: tests/test-timed-average.o: in function `account':
tests/test-timed-average.c:27: undefined reference to `timed_average_account'
make: *** [rules.mak:124: tests/test-timed-average] Error 1
LINK tests/test-util-filemonitor
/usr/bin/ld: tests/test-util-filemonitor.o: in function `qemu_file_monitor_test_event_loop':
tests/test-util-filemonitor.c:83: undefined reference to `main_loop_wait'
make: *** [rules.mak:124: tests/test-util-filemonitor] Error 1
LINK tests/test-util-sockets
/usr/bin/ld: tests/test-util-sockets.o: in function `test_socket_fd_pass_name_good':
tests/test-util-sockets.c:91: undefined reference to `socket_connect'
make: *** [rules.mak:124: tests/test-util-sockets] Error 1
LINK tests/test-base64
/usr/bin/ld: tests/test-base64.o: in function `test_base64_good':
tests/test-base64.c:35: undefined reference to `qbase64_decode'
collect2: error: ld returned 1 exit status
make: *** [rules.mak:124: tests/test-base64] Error 1
LINK tests/test-bufferiszero
/usr/bin/ld: tests/test-bufferiszero.o: in function `test_1':
tests/test-bufferiszero.c:31: undefined reference to `buffer_is_zero'
make: *** [rules.mak:124: tests/test-bufferiszero] Error 1
make: Target 'check-unit' not remade because of errors.
Instead, restrict these tests to system-mode, by using the
$(CONFIG_SOFTMMU) variable.
Jonathan Marler [Sat, 2 May 2020 16:12:25 +0000 (10:12 -0600)]
linux-user/mmap.c: fix integer underflow in target_mremap
Fixes: https://bugs.launchpad.net/bugs/1876373
This code path in mmap occurs when a page size is decreased with mremap. When a section of pages is shrunk, qemu calls mmap_reserve on the pages that were released. However, it has the diff operation reversed, subtracting the larger old_size from the smaller new_size. Instead, it should be subtracting the smaller new_size from the larger old_size. You can also see in the previous line of the change that this mmap_reserve call only occurs when old_size > new_size.
Peter Maydell [Fri, 22 May 2020 14:55:20 +0000 (15:55 +0100)]
target/arm: Convert Neon one-register-and-immediate insns to decodetree
Convert the insns in the one-register-and-immediate group to decodetree.
In the new decode, our asimd_imm_const() function returns a 64-bit value
rather than a 32-bit one, which means we don't need to treat cmode=14 op=1
as a special case in the decoder (it is the only encoding where the two
halves of the 64-bit value are different).
Peter Maydell [Fri, 22 May 2020 14:55:18 +0000 (15:55 +0100)]
target/arm: Convert Neon VSHLL, VMOVL to decodetree
Convert the VSHLL and VMOVL insns from the 2-reg-shift group
to decodetree. Since the loop always has two passes, we unroll
it to avoid the awkward reassignment of one TCGv to another.
Convert the VSRA, VSRI, VRSHR, VRSRA 2-reg-shift insns to decodetree.
(These are the last instructions in the group that are vectorized;
the rest all require looping over each element.)
Paul Zimmerman [Wed, 20 May 2020 23:53:47 +0000 (16:53 -0700)]
usb: add short-packet handling to usb-storage driver
The dwc-hsotg (dwc2) USB host depends on a short packet to
indicate the end of an IN transfer. The usb-storage driver
currently doesn't provide this, so fix it.
I have tested this change rather extensively using a PC
emulation with xhci, ehci, and uhci controllers, and have
not observed any regressions.
Paul Zimmerman [Wed, 20 May 2020 23:53:46 +0000 (16:53 -0700)]
dwc-hsotg (dwc2) USB host controller emulation
Add the dwc-hsotg (dwc2) USB host controller emulation code.
Based on hw/usb/hcd-ehci.c and hw/usb/hcd-ohci.c.
Note that to use this with the dwc-otg driver in the Raspbian
kernel, you must pass the option "dwc_otg.fiq_fsm_enable=0" on
the kernel command line.
Emulation of slave mode and of descriptor-DMA mode has not been
implemented yet. These modes are seldom used.
I have used some on-line sources of information while developing
this emulation, including:
http://www.capital-micro.com/PDF/CME-M7_Family_User_Guide_EN.pdf
which has a pretty complete description of the controller starting
on page 370.
https://sourceforge.net/p/wive-ng/wive-ng-mt/ci/master/tree/docs/DataSheets/RT3050_5x_V2.0_081408_0902.pdf
which has a description of the controller registers starting on
page 130.
Thanks to Felippe Mathieu-Daude for providing a cleaner method
of implementing the memory regions for the controller registers.
Paul Zimmerman [Wed, 20 May 2020 23:53:44 +0000 (16:53 -0700)]
dwc-hsotg (dwc2) USB host controller register definitions
Import the dwc-hsotg (dwc2) register definitions file from the
Linux kernel. This is a copy of drivers/usb/dwc2/hw.h from the
mainline Linux kernel, the only changes being to the header, and
two instances of 'u32' changed to 'uint32_t' to allow it to
compile. Checkpatch throws a boatload of errors due to the tab
indentation, but I would rather import it as-is than reformat it.
Paul Zimmerman [Wed, 20 May 2020 23:53:43 +0000 (16:53 -0700)]
raspi: add BCM2835 SOC MPHI emulation
Add BCM2835 SOC MPHI (Message-based Parallel Host Interface)
emulation. It is very basic, only providing the FIQ interrupt
needed to allow the dwc-otg USB host controller driver in the
Raspbian kernel to function.
Rather than passing an opcode to a helper, fully decode the
operation at translate time. Use clear_tail_16 to zap the
balance of the SVE register with the AdvSIMD write.
Rather than passing an opcode to a helper, fully decode the
operation at translate time. Use clear_tail_16 to zap the
balance of the SVE register with the AdvSIMD write.
With this conversion, we will be able to use the same helpers
with sve. This also fixes a bug in which we failed to clear
the high bits of the SVE register after an AdvSIMD operation.
With this conversion, we will be able to use the same helpers
with sve. In particular, pass 3 vector parameters for the
3-operand operations; for advsimd the destination register
is also an input.
This also fixes a bug in which we failed to clear the high bits
of the SVE register after an AdvSIMD operation.
Eden Mikitas [Tue, 2 Jun 2020 12:44:34 +0000 (13:44 +0100)]
hw/ssi/imx_spi: Removed unnecessary cast of rx data received from slave
When inserting the value retrieved (rx) from the spi slave, rx is pushed to
rx_fifo after being cast to uint8_t. rx_fifo is a fifo32, and the rx
register the driver uses is also 32 bit. This zeroes the 24 most
significant bits of rx. This proved problematic with devices that expect to
use the whole 32 bits of the rx register.
Eden Mikitas [Tue, 2 Jun 2020 12:44:34 +0000 (13:44 +0100)]
hw/ssi/imx_spi: changed while statement to prevent underflow
The while statement in question only checked if tx_burst is not 0.
tx_burst is a signed int, which is assigned the value put by the
guest driver in ECSPI_CONREG. The burst length can be anywhere
between 1 and 4096, and since tx_burst is always decremented by 8
it could possibly underflow, causing an infinite loop.
Jared Rossi [Tue, 12 May 2020 18:15:35 +0000 (14:15 -0400)]
vfio-ccw: allow non-prefetch ORBs
Remove the explicit prefetch check when using vfio-ccw devices.
This check does not trigger in practice as all Linux channel programs
are intended to use prefetch.
Newer Linux kernel versions do not require to force the PFCH flag with
vfio-ccw devices anymore.
We need some little help in the code to reduce the valgrind noise.
This patch does this with some designated initializers for the cpu
model features and subfunctions.
projects / qemu.git / log