Peter Maydell [Sun, 3 May 2020 13:12:56 +0000 (14:12 +0100)]
Merge remote-tracking branch 'remotes/marcel/tags/rdma-pull-request' into staging
RDMA queue
* hw/rdma: Destroy list mutex when list is destroyed
# gpg: Signature made Sat 02 May 2020 19:42:50 BST
# gpg: using RSA key 36D4C0F0CF2FE46D
# gpg: Good signature from "Marcel Apfelbaum <[email protected]>" [unknown]
# gpg: aka "Marcel Apfelbaum <[email protected]>" [marginal]
# gpg: aka "Marcel Apfelbaum <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B1C6 3A57 F92E 08F2 640F 31F5 36D4 C0F0 CF2F E46D
* remotes/marcel/tags/rdma-pull-request:
hw/rdma: Destroy list mutex when list is destroyed
Peter Maydell [Fri, 1 May 2020 22:10:22 +0000 (23:10 +0100)]
Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20200501' into staging
virtiofsd: Pull 2020-05-01 (includes CVE fix)
This set includes a security fix, other fixes and improvements.
Security fix:
The security fix is for CVE-2020-10717 where, on low RAM hosts,
the guest can potentially exceed the maximum fd limit.
This fix adds some more configuration so that the user
can explicitly set the limit.
Fixes:
Recursive mounting of the exported directory is now used in
the sandbox, such that if there was a mount underneath present at
the time the virtiofsd was started, that mount is also
visible to the guest; in the existing code, only mounts that
happened after startup were visible.
Security improvements:
The jailing for /proc/self/fd is improved - but it's something
that shouldn't be accessible anyway.
Most capabilities are now dropped at startup; again this shouldn't
change any behaviour but is extra protection.
# gpg: Signature made Fri 01 May 2020 20:06:46 BST
# gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <[email protected]>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert-gitlab/tags/pull-virtiofs-20200501:
virtiofsd: drop all capabilities in the wait parent process
virtiofsd: only retain file system capabilities
virtiofsd: Show submounts
virtiofsd: jail lo->proc_self_fd
virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
virtiofsd: add --rlimit-nofile=NUM option
Stefan Hajnoczi [Thu, 16 Apr 2020 16:49:06 +0000 (17:49 +0100)]
virtiofsd: only retain file system capabilities
virtiofsd runs as root but only needs a subset of root's Linux
capabilities(7). As a file server its purpose is to create and access
files on behalf of a client. It needs to be able to access files with
arbitrary uid/gid owners. It also needs to be create device nodes.
Introduce a Linux capabilities(7) whitelist and drop all capabilities
that we don't need, making the virtiofsd process less powerful than a
regular uid root process.
Note that file capabilities cannot be used to achieve the same effect on
the virtiofsd executable because mount is used during sandbox setup.
Therefore we drop capabilities programmatically at the right point
during startup.
This patch only affects the sandboxed child process. The parent process
that sits in waitpid(2) still has full root capabilities and will be
addressed in the next patch.
Max Reitz [Fri, 24 Apr 2020 13:35:16 +0000 (15:35 +0200)]
virtiofsd: Show submounts
Currently, setup_mounts() bind-mounts the shared directory without
MS_REC. This makes all submounts disappear.
Pass MS_REC so that the guest can see submounts again.
Fixes: 5baa3b8e95064c2434bd9e2f312edd5e9ae275dc Signed-off-by: Max Reitz <[email protected]>
Message-Id: <20200424133516[email protected]> Reviewed-by: Dr. David Alan Gilbert <[email protected]> Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Changed Fixes to point to the commit with the problem rather than
the commit that turned it on
While it's not possible to escape the proc filesystem through
lo->proc_self_fd, it is possible to escape to the root of the proc
filesystem itself through "../..".
Use a temporary mount for opening lo->proc_self_fd, that has it's root at
/proc/self/fd/, preventing access to the ancestor directories.
Stefan Hajnoczi [Fri, 1 May 2020 14:06:44 +0000 (15:06 +0100)]
virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
The system-wide fs.file-max sysctl value determines how many files can
be open. It defaults to a value calculated based on the machine's RAM
size. Previously virtiofsd would try to set RLIMIT_NOFILE to 1,000,000
and this allowed the FUSE client to exhaust the number of open files
system-wide on Linux hosts with less than 10 GB of RAM!
Take fs.file-max into account when choosing the default RLIMIT_NOFILE
value.
Stefan Hajnoczi [Fri, 1 May 2020 14:06:43 +0000 (15:06 +0100)]
virtiofsd: add --rlimit-nofile=NUM option
Make it possible to specify the RLIMIT_NOFILE on the command-line.
Users running multiple virtiofsd processes should allocate a certain
number to each process so that the system-wide limit can never be
exhausted.
When this option is set to 0 the rlimit is left at its current value.
This is useful when a management tool wants to configure the rlimit
itself.
The default behavior remains unchanged: try to set the limit to
1,000,000 file descriptors if the current rlimit is lower.
* remotes/kevin/tags/for-upstream:
qemu-storage-daemon: Fix non-string --object properties
qom: Factor out user_creatable_add_dict()
nvme: introduce PMR support from NVMe 1.4 spec
qcow2: Forward ZERO_WRITE flag for full preallocation
iotests: Test committing to short backing file
iotests: Filter testfiles out in filter_img_info()
block: truncate: Don't make backing file data visible
file-posix: Support BDRV_REQ_ZERO_WRITE for truncate
raw-format: Support BDRV_REQ_ZERO_WRITE for truncate
qcow2: Support BDRV_REQ_ZERO_WRITE for truncate
block-backend: Add flags to blk_truncate()
block: Add flags to bdrv(_co)_truncate()
block: Add flags to BlockDriver.bdrv_co_truncate()
qemu-iotests: allow qcow2 external discarded clusters to contain stale data
qcow2: Add incompatibility note between backing files and raw external data files
After processing the option string with the keyval parser, we get a
QDict that contains only strings. This QDict must be fed to a keyval
visitor which converts the strings into the right data types.
qmp_object_add(), however, uses the normal QObject input visitor, which
expects a QDict where all properties already have the QType that matches
the data type required by the QOM object type.
Change the --object implementation in qemu-storage-daemon so that it
doesn't call qmp_object_add(), but calls user_creatable_add_dict()
directly instead and pass it a new keyval boolean that decides which
visitor must be used.
Kevin Wolf [Thu, 16 Apr 2020 15:04:20 +0000 (17:04 +0200)]
qom: Factor out user_creatable_add_dict()
The QMP handler qmp_object_add() and the implementation of --object in
qemu-storage-daemon can share most of the code. Currently,
qemu-storage-daemon calls qmp_object_add(), but this is not correct
because different visitors need to be used.
As a first step towards a fix, make qmp_object_add() a wrapper around a
new function user_creatable_add_dict() that can get an additional
parameter. The handling of "props" is only required for compatibility
and not required for the qemu-storage-daemon command line, so it stays
in qmp_object_add().
Andrzej Jakowski [Mon, 30 Mar 2020 16:46:56 +0000 (09:46 -0700)]
nvme: introduce PMR support from NVMe 1.4 spec
This patch introduces support for PMR that has been defined as part of NVMe 1.4
spec. User can now specify a pmrdev option that should point to HostMemoryBackend.
pmrdev memory region will subsequently be exposed as PCI BAR 2 in emulated NVMe
device. Guest OS can perform mmio read and writes to the PMR region that will stay
persistent across system reboot.
Kevin Wolf [Fri, 24 Apr 2020 14:27:01 +0000 (16:27 +0200)]
qcow2: Forward ZERO_WRITE flag for full preallocation
The BDRV_REQ_ZERO_WRITE is currently implemented in a way that first the
image is possibly preallocated and then the zero flag is added to all
clusters. This means that a copy-on-write operation may be needed when
writing to these clusters, despite having used preallocation, negating
one of the major benefits of preallocation.
Instead, try to forward the BDRV_REQ_ZERO_WRITE to the protocol driver,
and if the protocol driver can ensure that the new area reads as zeros,
we can skip setting the zero flag in the qcow2 layer.
Unfortunately, the same approach doesn't work for metadata
preallocation, so we'll still set the zero flag there.
Kevin Wolf [Fri, 24 Apr 2020 12:54:46 +0000 (14:54 +0200)]
iotests: Filter testfiles out in filter_img_info()
We want to keep TEST_IMG for the full path of the main test image, but
filter_testfiles() must be called for other test images before replacing
other things like the image format because the test directory path could
contain the format as a substring.
Kevin Wolf [Fri, 24 Apr 2020 12:54:45 +0000 (14:54 +0200)]
block: truncate: Don't make backing file data visible
When extending the size of an image that has a backing file larger than
its old size, make sure that the backing file data doesn't become
visible in the guest, but the added area is properly zeroed out.
Consider the following scenario where the overlay is shorter than its
backing file:
When resizing (extending) overlay.qcow2, the new blocks should not stay
unallocated and make the additional As from base.qcow2 visible like
before this patch, but zeros should be read.
A similar case happens with the various variants of a commit job when an
intermediate file is short (- for unallocated):
Kevin Wolf [Fri, 24 Apr 2020 12:54:42 +0000 (14:54 +0200)]
qcow2: Support BDRV_REQ_ZERO_WRITE for truncate
If BDRV_REQ_ZERO_WRITE is set and we're extending the image, calling
qcow2_cluster_zeroize() with flags=0 does the right thing: It doesn't
undo any previous preallocation, but just adds the zero flag to all
relevant L2 entries. If an external data file is in use, a write_zeroes
request to the data file is made instead.
Kevin Wolf [Fri, 24 Apr 2020 12:54:40 +0000 (14:54 +0200)]
block: Add flags to bdrv(_co)_truncate()
Now that block drivers can support flags for .bdrv_co_truncate, expose
the parameter in the node level interfaces bdrv_co_truncate() and
bdrv_truncate().
Kevin Wolf [Fri, 24 Apr 2020 12:54:39 +0000 (14:54 +0200)]
block: Add flags to BlockDriver.bdrv_co_truncate()
This adds a new BdrvRequestFlags parameter to the .bdrv_co_truncate()
driver callbacks, and a supported_truncate_flags field in
BlockDriverState that allows drivers to advertise support for request
flags in the context of truncate.
For now, we always pass 0 and no drivers declare support for any flag.
Paolo Bonzini [Thu, 9 Apr 2020 19:10:06 +0000 (15:10 -0400)]
qemu-iotests: allow qcow2 external discarded clusters to contain stale data
Test 244 checks the expected behavior of qcow2 external data files
with respect to zero and discarded clusters. Filesystems however
are free to ignore discard requests, and this seems to be the
case for overlayfs. Relax the tests to skip checks on the
external data file for discarded areas, which implies not using
qemu-img compare in the data_file_raw=on case.
Alberto Garcia [Fri, 10 Apr 2020 12:18:15 +0000 (14:18 +0200)]
qcow2: Add incompatibility note between backing files and raw external data files
Backing files and raw external data files are mutually exclusive.
The documentation of the raw external data bit (in autoclear_features)
already indicates that, but we should also mention it on the other
side.
Peter Maydell [Thu, 30 Apr 2020 15:47:23 +0000 (16:47 +0100)]
Merge remote-tracking branch 'remotes/edgar/tags/edgar/xilinx-next-2020-04-30.for-upstream' into staging
For upstream
# gpg: Signature made Thu 30 Apr 2020 11:14:13 BST
# gpg: using RSA key AC44FEDC14F7F1EBEDBF415129C596780F6BCA83
# gpg: Good signature from "Edgar E. Iglesias (Xilinx key) <[email protected]>" [unknown]
# gpg: aka "Edgar E. Iglesias <[email protected]>" [full]
# Primary key fingerprint: AC44 FEDC 14F7 F1EB EDBF 4151 29C5 9678 0F6B CA83
* remotes/edgar/tags/edgar/xilinx-next-2020-04-30.for-upstream:
target/microblaze: Add the pvr-user2 property
target/microblaze: Add the pvr-user1 property
target/microblaze: Add the unaligned-exceptions property
target/microblaze: Add the div-zero-exception property
target/microblaze: Add the ill-opcode-exception property
target/microblaze: Add the opcode-0x0-illegal CPU property
* remotes/pmaydell/tags/pull-target-arm-20200430-1: (30 commits)
hw/arm: xlnx-zcu102: Disable unsupported FDT firmware nodes
hw/arm: xlnx-zcu102: Move arm_boot_info into XlnxZCU102
device_tree: Constify compat in qemu_fdt_node_path()
device_tree: Allow name wildcards in qemu_fdt_node_path()
target/arm/cpu: Update coding style to make checkpatch.pl happy
target/arm: Make cpu_register() available for other files
target/arm: Restrict the Address Translate write operation to TCG accel
hw/arm/virt: dt: add kaslr-seed property
hw/arm/virt: dt: move creation of /secure-chosen to create_fdt()
target/arm: Vectorize integer comparison vs zero
net: cadence_gem: clear RX control descriptor
Cadence: gem: fix wraparound in 64bit descriptors
hw/arm: versal: Setup the ADMA with 128bit bus-width
qdev-monitor: print the device's clock with info qtree
hw/arm/xilinx_zynq: connect uart clocks to slcr
hw/char/cadence_uart: add clock support
hw/misc/zynq_slcr: add clock generation for uarts
docs/clocks: add device's clock documentation
qdev-clock: introduce an init array to ease the device construction
qdev: add clock input&output support to devices.
...
target/arm: Restrict the Address Translate write operation to TCG accel
Under KVM these registers are written by the hardware.
Restrict the writefn handlers to TCG to avoid when building
without TCG:
LINK aarch64-softmmu/qemu-system-aarch64
target/arm/helper.o: In function `do_ats_write':
target/arm/helper.c:3524: undefined reference to `raise_exception'
Generate random seeds to be used by the non-secure and/or secure OSes
for ASLR. The seeds are 64-bit random values exported via the DT
properties /chosen/kaslr-seed [1] and /secure-chosen/kaslr-seed, the
latter being used by OP-TEE [2].
Ramon Fried [Sat, 18 Apr 2020 08:51:45 +0000 (11:51 +0300)]
net: cadence_gem: clear RX control descriptor
The RX ring descriptors control field is used for setting
SOF and EOF (start of frame and end of frame).
The SOF and EOF weren't cleared from the previous descriptors,
causing inconsistencies in ring buffer.
Fix that by clearing the control field of every descriptors we're
processing.
Ramon Fried [Fri, 17 Apr 2020 17:17:36 +0000 (20:17 +0300)]
Cadence: gem: fix wraparound in 64bit descriptors
Wraparound of TX descriptor cyclic buffer only updated
the low 32 bits of the descriptor.
Fix that by checking if we're working with 64bit descriptors.
qdev-monitor: print the device's clock with info qtree
This prints the clocks attached to a DeviceState when using
"info qtree" monitor command. For every clock, it displays the
direction, the name and if the clock is forwarded. For input clock,
it displays also the frequency.
This is based on the original work of Frederic Konrad.
Here follows a sample of `info qtree` output on xilinx_zynq machine
after linux boot with only one uart clocked:
> bus: main-system-bus
> type System
> [...]
> dev: cadence_uart, id ""
> gpio-out "sysbus-irq" 1
> clock-in "refclk" freq_hz=0.000000e+00
> chardev = ""
> mmio 00000000e0001000/0000000000001000
> dev: cadence_uart, id ""
> gpio-out "sysbus-irq" 1
> clock-in "refclk" freq_hz=1.375661e+07
> chardev = "serial0"
> mmio 00000000e0000000/0000000000001000
> [...]
> dev: xilinx,zynq_slcr, id ""
> clock-out "uart1_ref_clk" freq_hz=0.000000e+00
> clock-out "uart0_ref_clk" freq_hz=1.375661e+07
> clock-in "ps_clk" freq_hz=3.333333e+07
> mmio 00000000f8000000/0000000000001000
qdev-clock: introduce an init array to ease the device construction
Introduce a function and macro helpers to setup several clocks
in a device from a static array description.
An element of the array describes the clock (name and direction) as
well as the related callback and an optional offset to store the
created object pointer in the device state structure.
The array must be terminated by a special element QDEV_CLOCK_END.
This is based on the original work of Frederic Konrad.
Add functions to easily handle clocks with devices.
Clock inputs and outputs should be used to handle clock propagation
between devices.
The API is very similar the GPIO API.
This is based on the original work of Frederic Konrad.
* remotes/armbru/tags/pull-qapi-2020-04-30:
qapi: Generate simpler marshalling code when no arguments
qapi: Disallow qmp_marshal_FOO(NULL, ...)
qom: Simplify object_property_get_enum()
qapi: Only input visitors can actually fail
qapi: Assert non-input visitors see only valid alternate tags
qapi: Clean up visitor's recovery from input with invalid type
qapi: Assert non-input visitors see only valid narrow integers
qapi: Assert output visitors see only valid enum values
qapi: Fix Visitor contract for start_alternate()
qapi: Assert incomplete object occurs only in dealloc visitor
qapi: Polish prose in visitor.h
qapi: Document @errp usage more thoroughly in visitor.h
qapi: Fix typo in visit_start_list()'s contract
qapi: Fix the virtual walk example in visitor.h's big comment
qapi: Belatedly update visitor.h's big comment for QAPI modules
qemu-option: Clean up after the previous commit
qobject: Eliminate qdict_iter(), use qdict_first(), qdict_next()
qobject: Eliminate qlist_iter(), use QLIST_FOREACH_ENTRY() instead
qobject: Factor out helper json_pretty_newline()
qobject: Clean up QLIST_FOREACH_ENTRY()
Peter Maydell [Fri, 17 Apr 2020 15:54:28 +0000 (16:54 +0100)]
hw/core/clock: introduce clock object
This object may be used to represent a clock inside a clock tree.
A clock may be connected to another clock so that it receives update,
through a callback, whenever the source/parent clock is updated.
Although only the root clock of a clock tree controls the values
(represented as periods) of all clocks in tree, each clock holds
a local state containing the current value so that it can be fetched
independently. It will allows us to fullfill migration requirements
by migrating each clock independently of others.
This is based on the original work of Frederic Konrad.
The KVM_VGIC_ATTR macro expect the second parameter as gicr_typer,
of which high 32bit is constructed by mp_affinity. For most case,
the high 32bit of mp_affinity is zero, so it will always access the
ICC_CTLR_EL1 of CPU0.
NRF51_GPIO_REG_CNF_END doesn't actually refer to the start of the last
valid CNF register: it's referring to the last byte of the last valid
CNF register.
This hasn't been a problem up to now, as current implementation in
memory.c turns an unaligned 4-byte read from 0x77f to a single byte read
and the qtest only looks at the least-significant byte of the register.
But when running with patches which fix unaligned accesses in memory.c,
the qtest breaks.
Considering NRF51 doesn't support unaligned accesses, the simplest fix
is to actually set NRF51_GPIO_REG_CNF_END to the start of the last valid
CNF register: 0x77c.
Now, qtests work with or without the unaligned access patches.
For QMP commands without arguments, gen_marshal() laboriously
generates a qmp_marshal_FOO() that copes with null @args. Turns
there's just one caller that passes null instead of an empty QDict.
Adjust that caller, and simplify gen_marshal().
qapi: Assert non-input visitors see only valid alternate tags
An alternate type's visit_type_FOO() fails when it runs into an
invalid ->type.
This is appropriate with an input visitor: visit_start_alternate()
sets ->type according to the input, and bad input can lead to bad
->type.
It should never happen with an output, clone or dealloc visitor: if it
did, the alternate being output, cloned or deallocated would be messed
up beyond repair. Assert that.
qapi: Clean up visitor's recovery from input with invalid type
An alternate type's visit_type_FOO() fails when it runs into an
invalid ->type. If it's an input visit, we then need to free the the
object we got from visit_start_alternate(). We do that with
qapi_free_FOO(), which uses the dealloc visitor.
Trouble is that object is in a bad state: its ->type is invalid. So
the dealloc visitor will run into the same error again, and the error
recovery skips deallocating the alternate's (invalid) alternative.
Works, because qapi_free_FOO() ignores the error.
Avoid it instead: free the messed up object with by g_free().
qapi: Assert output visitors see only valid enum values
output_type_enum() fails when *obj is not a valid value of the enum
type. Should not happen. Drop the check, along with its unit tests.
This unmasks qapi_enum_lookup()'s assertion.
The contract demands v->start_alternate() for input and dealloc
visitors, but visit_start_alternate() actually requires it for input
and clone visitors. Fix the contract, and delete superfluous
qapi_dealloc_start_alternate().
Peter Maydell [Wed, 29 Apr 2020 20:43:03 +0000 (21:43 +0100)]
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20200429-2' into staging
RISC-V pull request for 5.1
This is the first pull request for the 5.1 development period. It
contains all of the patches that were sent during the 5.0 timeframe.
This is an assortment of fixes for RISC-V, including fixes for the
Hypervisor extension, the Spike machine and an update to OpenSBI.
# gpg: Signature made Wed 29 Apr 2020 21:17:17 BST
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <[email protected]>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-to-apply-20200429-2:
hw/riscv/spike: Allow more than one CPUs
hw/riscv/spike: Allow loading firmware separately using -bios option
hw/riscv: Add optional symbol callback ptr to riscv_load_firmware()
roms: opensbi: Upgrade from v0.6 to v0.7
linux-user/riscv: fix up struct target_ucontext definition
target/riscv: Add a sifive-e34 cpu type
riscv: sifive_e: Support changing CPU type
hw/riscv: Generate correct "mmu-type" for 32-bit machines
riscv: Fix Stage2 SV32 page table walk
riscv: AND stage-1 and stage-2 protection flags
riscv: Don't use stage-2 PTE lookup protection flags
riscv/sifive_u: Add a serial property to the sifive_u machine
riscv/sifive_u: Add a serial property to the sifive_u SoC
riscv/sifive_u: Fix up file ordering
hw/riscv: Add optional symbol callback ptr to riscv_load_firmware()
This patch adds an optional function pointer, "sym_cb", to
riscv_load_firmware() which provides the possibility to access
the symbol table during kernel loading.
The pointer is ignored, if supplied with flat (non-elf) firmware image.
The Spike board requires it locate the HTIF symbols from firmware ELF
passed via "-bios" option.
Bin Meng [Mon, 20 Apr 2020 13:18:44 +0000 (21:18 +0800)]
roms: opensbi: Upgrade from v0.6 to v0.7
Upgrade OpenSBI from v0.6 to v0.7 and the pre-built bios images.
The v0.7 release includes the following commits:
f64f4b9 lib: Add a new platform feature to bringup secondary harts b677a9b lib: Implement hart hotplug 5b48240 lib: Add possible hart status values e3f69fc lib: Implement Hart State Management (HSM) SBI extension 6704216 lib: Check MSIP bit after returning from WFI 82ae8e8 makefile: Do setup of the install target more flexible e1a5b73 platform: sifive: fu540: allow sv32 as an mmu-type 8c83fb2 lib: Fix return type of sbi_hsm_hart_started() 00d332b include: Move bits related defines and macros to sbi_bitops.h a148996 include: sbi_bitops: More useful bit operations 4a603eb platform: kendryte/k210: Set per-HART stack size to 8KB 678c3c3 include: sbi_scratch: Set per-HART scratch size to 4KB 2abc55b lib: Sort build objects in alphabetical order 6e87507 platform: ae350: Sort build objects in alphabetical order 650c0e5 lib: sbi: Fix coding style issues 078686d lib: serial: Fix coding style issues 3226bd9 lib: Simple bitmap library c741abc include: Simple hartmask library d6d7e18 lib: sbi_init: Don't allow HARTID greater than SBI_HARTMASK_MAX_BITS a4a6a81 lib: Introduce SBI_TLB_INFO_INIT() helper macro d963164 lib: sbi_tlb: Use sbi_hartmask in sbi_tlb_info 71d2b83 lib: Move all coldboot wait APIs to sbi_init.c 2b945fc lib: sbi_init: Use hartmask for coldboot wait 44ce5b9 include: Remove disabled_hart_mask from sbi_platform 2db381f lib: Introduce sbi_hsm_hart_started_mask() API 61f7768 lib: sbi_ecall_legacy: Use sbi_hsm_hart_started_mask() API 466fecb lib: sbi_system: Use sbi_hsm_hart_started_mask() API 9aad831 lib: sbi_ipi: Use sbi_hsm_hart_started_mask() API eede1aa lib: sbi_hart: Remove HART available mask and related APIs 757bb44 docs: Remove out-of-date documentation 86d37bb lib: sbi: Fix misaligned trap handling ffdc858 platform: ariane-fpga: Change license for ariane-fpga from GPL-2.0 to BSD-2 4b2f594 sbi: Add definitions for true/false 0cfe49a libfdt: Add INT32_MAX and UINT32_MAX in libfdt_env.h baac7e0 libfdt: Upgrade to v1.5.1 release f92147c include: Make sbi_hart_id_to_scratch() as macro eeae3d9 firmware: fw_base: Optimize _hartid_to_scratch() implementation 16e7071 lib: sbi_hsm: Optimize sbi_hsm_hart_get_state() implementation 823345e include: Make sbi_current_hartid() as macro in riscv_asm.h 9aabba2 Makefile: Fix distclean make target 9275ed3 platform: ariane-fpga: Set per-HART stack size to 8KB 2343efd platform: Set per-HART stack size to 8KB in the template platform codes 72a0628 platform: Use one unified per-HART stack size macro for all platforms 327ba36 scripts: Cover sifive/fu540 in the 32-bit build 5fbcd62 lib: sbi: Update pmp_get() to return decoded size directly dce8846 libfdt: Compile fdt_addresses.c fcb1ded lib: utils: Add a fdt_reserved_memory_fixup() helper 666be6d platform: Clean up include header files 6af5576 lib: utils: Move PLIC DT fix up codes to fdt_helper.c e846ce1 platform: andes/ae350: Fix up DT for reserved memory 8135520 platform: ariane-fpga: Fix up DT for reserved memory c9a5268 platform: qemu/virt: Fix up DT for reserved memory 6f9bb83 platform: sifive/fu540: Fix up DT for reserved memory 1071f05 platform: sifive/fu540: Remove "stdout-path" fix-up dd9439f lib: utils: Add a fdt_cpu_fixup() helper 3f1c847 platform: sifive/fu540: Replace cpu0 node fix-up with the new helper db6a2b5 lib: utils: Add a general device tree fix-up helper 3f8d754 platform: Update to call general DT fix-up helper 87a7ef7 lib: sbi_scratch: Introduce HART id to scratch table e23d3ba include: Simplify HART id to scratch macro 19bd531 lib: sbi_hsm: Simplify hart_get_state() and hart_started() APIs 3ebfe0e lib: sbi_tlb: Simplify sbi_tlb_entry_process() function 209134d lib: Handle failure of sbi_hartid_to_scratch() API bd6ef02 include: sbi_platform: Improve sbi_platform_hart_disabled() API c9f60fc lib: sbi_scratch: Don't set hartid_to_scratch table for disabled HART 680b098 lib: sbi_hsm: Don't use sbi_platform_hart_count() API db187d6 lib: sbi_hsm: Remove scratch parameter from hart_started_mask() API 814f38d lib: sbi_hsm: Don't use sbi_platform_hart_disabled() API 75eec9d lib: Don't use sbi_platform_hart_count() API c51f02c include: sbi_platform: Introduce HART index to HART id table 315a877 platform: sifive/fu540: Remove FU540_ENABLED_HART_MASK option a0c88dd lib: Fix sbi_ecall_register_extension to prevent extension IDs overlap 9a74a64 lib: Check MSIP bit after returning from WFI 5968894 platform: Move ariane standalone fpga project to its own project ed265b4 platform: fpga/ariane: Remove redundant plic address macros fb84879 platform: Add OpenPiton platform support d1d6560 platform: fpga/common: Add a fdt parsing helper functions 040e4e2 lib: utils: Move fdt fixup helper routines to a different file 4c37451 platform: openpiton: Read the device configurations from device tree 4d93586 lib: prevent coldboot_lottery from overflowing 550ba88 scripts: Extend create-binary-archive.sh for unified binary tar ball 160c885 lib: utils: Improve fdt_cpu_fixup() implementation 1de66d1 lib: Optimize unpriv load/store implementation 626467c lib: Remove scratch parameter from unpriv load/store functions cb78a48 lib: sbi_trap: Remove scratch parameter from sbi_trap_redirect() d11c79c lib: sbi_emulate_csr: Remove scratch and hartid parameter 5a7bd0c lib: sbi_illegal_insn: Remove mcause, scratch and hartid parameters fe37d7d lib: sbi_misaligned_ldst: Remove mcause, scratch and hartid parameters 7487116 lib: sbi_ecall: Remove mcause, scratch and hartid parameters 40b221b lib: sbi_trap: Simplify sbi_trap_handler() API 7b211ff include: sbi_platform: Remove priv parameter from hart_start() callback 5b6957e include: Use more consistent name for atomic xchg() and cmpxchg() dd0f21c lib: sbi_scratch: Introduce sbi_scratch_last_hartid() API 54b2779 include: sbi_tlb: Remove scratch parameter from sbi_tlb_request() 9e52a45 include: sbi_ipi: Remove scratch parameter from most functions ec0d80f include: sbi_system: Remove scratch parameter and redundant functions 0a28ea5 include: sbi_timer: Remove scratch parameter from most funcitons 648507a include: sbi_console: Remove scratch parameter from sbi_dprintf() e5a7f55 platform: thead/c910: Use HSM extension to boot secondary cores f281de8 lib: irqchip/plic: Fix maximum priority threshold value 6c7922e lib: Support vector extension 615587c docs: Update README about supported SBI versions 66d0184 lib: Allow overriding SBI implementation ID 9f1b72c include: Bump-up version to 0.7
Anup Patel [Mon, 30 Mar 2020 08:27:24 +0000 (13:57 +0530)]
riscv: Fix Stage2 SV32 page table walk
As-per RISC-V H-Extension v0.5 draft, the Stage2 SV32 page table has
12bits of VPN[1] and 10bits of VPN[0]. The additional 2bits in VPN[1]
is required to handle the 34bit intermediate physical address coming
from Stage1 SV32 page table. The 12bits of VPN[1] implies that Stage2
SV32 level-0 page table will be 16KB in size with total 4096 enteries
where each entry maps 4MB of memory (same as Stage1 SV32 page table).
The get_physical_address() function is broken for Stage2 SV32 level-0
page table because it incorrectly computes output physical address for
Stage2 SV32 level-0 page table entry.
The root cause of the issue is that get_physical_address() uses the
"widened" variable to compute level-0 physical address mapping which
changes level-0 mapping size (instead of 4MB). We should use the
"widened" variable only for computing index of Stage2 SV32 level-0
page table.
Alistair Francis [Thu, 26 Mar 2020 22:44:09 +0000 (15:44 -0700)]
riscv: AND stage-1 and stage-2 protection flags
Take the result of stage-1 and stage-2 page table walks and AND the two
protection flags together. This way we require both to set permissions
instead of just stage-2.
Alistair Francis [Thu, 26 Mar 2020 22:44:07 +0000 (15:44 -0700)]
riscv: Don't use stage-2 PTE lookup protection flags
When doing the fist of a two stage lookup (Hypervisor extensions) don't
set the current protection flags from the second stage lookup of the
base address PTE.
Bin Meng [Sat, 16 Nov 2019 15:08:50 +0000 (07:08 -0800)]
riscv/sifive_u: Add a serial property to the sifive_u machine
At present the board serial number is hard-coded to 1, and passed
to OTP model during initialization. Firmware (FSBL, U-Boot) uses
the serial number to generate a unique MAC address for the on-chip
ethernet controller. When multiple QEMU 'sifive_u' instances are
created and connected to the same subnet, they all have the same
MAC address hence it creates a unusable network.
A new "serial" property is introduced to specify the board serial
number. When not given, the default serial number 1 is used.
riscv/sifive_u: Add a serial property to the sifive_u SoC
At present the board serial number is hard-coded to 1, and passed
to OTP model during initialization. Firmware (FSBL, U-Boot) uses
the serial number to generate a unique MAC address for the on-chip
ethernet controller. When multiple QEMU 'sifive_u' instances are
created and connected to the same subnet, they all have the same
MAC address hence it creates a unusable network.
A new "serial" property is introduced to the sifive_u SoC to specify
the board serial number. When not given, the default serial number
1 is used.
projects / qemu.git / log