spapr_drc.c: handle hotunplug errors in drc_unisolate_logical()
At this moment, PAPR does not provide a way to report errors during a
device removal operation. This led the pSeries machine to implement
extra mechanisms to try to fallback and recover from an error that might
have happened during the hotunplug in the guest side. This started to
change a bit with commit fe1831eff8a4 ("spapr_drc.c: use DRC
reconfiguration to cleanup DIMM unplug state"), where one way to
fallback from a memory removal error was introduced.
Around the same time, in [1], the idea of using RTAS set-indicator for
this role was first introduced. The RTAS set-indicator call, when
attempting to UNISOLATE a DRC that is already UNISOLATED or CONFIGURED,
returns RTAS_OK and does nothing else for both QEMU and phyp. This gives
us an opportunity to use this behavior to signal the hypervisor layer
when a device removal errir happens, allowing QEMU/phyp to do a proper
error handling. Using set-indicator to report HP errors isn't strange to
PAPR, as per R1-13.5.3.4-4. of table 13.7 of current PAPR [2]:
"For all DR options: If this is a DR operation that involves the user
insert- ing a DR entity, then if the firmware can determine that the
inserted entity would cause a system disturbance, then the set-indicator
RTAS call must not unisolate the entity and must return an error status
which is unique to the particular error."
A change was proposed to the pSeries Linux kernel to call set-indicator
to move a DRC to 'unisolate' in the case of a hotunplug error in the
guest side [3]. Setting a DRC that is already unisolated or configured to
'unisolate' is a no-op (returns RTAS_OK) for QEMU and also for phyp.
Being a benign change for hypervisors that doesn't care about handling
such errors, we expect the kernel to accept this change at some point.
This patch prepares the pSeries machine for this new kernel feature by
changing drc_unisolate_logical() to handle guest side hotunplug errors.
For CPUs it's a simple matter of setting drc->unplug_requested to 'false',
while for LMBs the process is similar to the rollback that is done in
rtas_ibm_configure_connector().
spapr.c: do not use MachineClass::max_cpus to limit CPUs
Up to this patch, 'max_cpus' value is hardcoded to 1024 (commit 6244bb7e5811). In theory this patch would simply bump it to 2048, since
it's the default NR_CPUS kernel setting for ppc64 servers nowadays, but
the whole mechanic of MachineClass:max_cpus is flawed for the pSeries
machine. The two supported accelerators, KVM and TCG, can live without
it.
TCG guests don't have a theoretical limit. The user must be free to
emulate as many CPUs as the hardware is capable of. And even if there
were a limit, max_cpus is not the proper way to report it since it's a
common value checked by SMP code in machine_smp_parse() for KVM as well.
For KVM guests, the proper way to limit KVM CPUs is by host
configuration via NR_CPUS, not a QEMU hardcoded value. There is no
technical reason for a pSeries QEMU guest to forcefully stay below
NR_CPUS.
This hardcoded value also disregard hosts that might have a lower
NR_CPUS limit, say 512. In this case, machine.c:machine_smp_parse() will
allow a 1024 value to pass, but then kvm_init() will complain about it
because it will exceed NR_CPUS:
Number of SMP cpus requested (1024) exceeds the maximum cpus supported
by KVM (512)
A better 'max_cpus' value would consider host settings, but
MachineClass::max_cpus is defined well before machine_init() and
kvm_init(). We can't check for KVM limits because it's too soon, so we
end up making a guess.
This patch makes MachineClass:max_cpus settings innocuous by setting it
to INT32_MAX. machine.c:machine_smp_parse() will not fail the
verification based on max_cpus, letting kvm_init() do the checking with
actual host settings. And TCG guests get to do whatever the hardware is
capable of emulating.
Bin Meng [Tue, 6 Apr 2021 04:40:16 +0000 (12:40 +0800)]
roms/u-boot: Bump ppce500 u-boot to v2021.04 to fix broken pci support
When QEMU originally supported the ppce500 machine back in Jan 2014,
it was created with a 1:1 mapping of PCI bus address. Things seemed
to change rapidly that in Nov 2014 with the following QEMU commits:
commit e6b4e5f4795b ("PPC: e500: Move CCSR and MMIO space to upper end of address space")
and
commit cb3778a0455a ("PPC: e500 pci host: Add support for ATMUs")
the PCI memory and IO physical address were moved to beyond 4 GiB,
but PCI bus address remained below 4 GiB, hence a non-identity
mapping was created. Unfortunately corresponding U-Boot updates
were missed along with the QEMU changes and the U-Boot QEMU ppce500
PCI support has been broken since then, until this issue was fixed
recently in U-Boot mainline v2021.04 release, specifically by the
following U-Boot series:
The cross-compilation toolchain used to build the U-Boot image is:
https://mirrors.edge.kernel.org/pub/tools/crosstool/files/bin/x86_64/10.1.0/x86_64-gcc-10.1.0-nolibc-powerpc-linux.tar.xz
ppc/spapr: Add support for implement support for H_SCM_HEALTH
Add support for H_SCM_HEALTH hcall described at [1] for spapr
nvdimms. This enables guest to detect the 'unarmed' status of a
specific spapr nvdimm identified by its DRC and if its unarmed, mark
the region backed by the nvdimm as read-only.
The patch adds h_scm_health() to handle the H_SCM_HEALTH hcall which
returns two 64-bit bitmaps (health bitmap, health bitmap mask) derived
from 'struct nvdimm->unarmed' member.
Linux kernel side changes to enable handling of 'unarmed' nvdimms for
ppc64 are proposed at [2].
References:
[1] "Hypercall Op-codes (hcalls)"
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/powerpc/papr_hcalls.rst#n220
[2] "powerpc/papr_scm: Mark nvdimm as unarmed if needed during probe"
https://lore.kernel.org/linux-nvdimm/20210329113103[email protected]/
BALATON Zoltan [Thu, 25 Mar 2021 13:50:39 +0000 (14:50 +0100)]
hw/ppc: Add emulation of Genesi/bPlan Pegasos II
Add new machine called pegasos2 emulating the Genesi/bPlan Pegasos II,
a PowerPC board based on the Marvell MV64361 system controller and the
VIA VT8231 integrated south bridge/superio chips. It can run Linux,
AmigaOS and a wide range of MorphOS versions. Currently a firmware ROM
image is needed to boot and only MorphOS has a video driver to produce
graphics output. Linux could work too but distros that supported this
machine don't include usual video drivers so those only run with
serial console for now.
BALATON Zoltan [Thu, 25 Mar 2021 13:50:39 +0000 (14:50 +0100)]
hw/pci-host: Add emulation of Marvell MV64361 PPC system controller
The Marvell Discovery II aka. MV64361 is a PowerPC system controller
chip that is used on the pegasos2 PPC board. This adds emulation of it
that models the device enough to boot guests on this board. The
mv643xx.h header with register definitions is taken from Linux 4.15.10
only fixing white space errors, removing not needed parts and changing
formatting for QEMU coding style.
BALATON Zoltan [Thu, 25 Mar 2021 13:50:39 +0000 (14:50 +0100)]
vt82c686: Add emulation of VT8231 south bridge
Add emulation of VT8231 south bridge ISA part based on the similar
VT82C686B but implemented in a separate subclass that holds the
differences while reusing parts that can be shared.
BALATON Zoltan [Thu, 25 Mar 2021 13:50:39 +0000 (14:50 +0100)]
vt82c686: Introduce abstract TYPE_VIA_ISA and base vt82c686b_isa on it
To allow reusing ISA bridge emulation for vt8231_isa move the device
state of vt82c686b_isa emulation in an abstract via_isa class. This
change breaks migration back compatibility but this is not an issue
for Fuloong2E machine which is not versioned or migration supported.
BALATON Zoltan [Thu, 25 Mar 2021 13:50:39 +0000 (14:50 +0100)]
vt82c686: Add VT8231_SUPERIO based on VIA_SUPERIO
The VT8231 south bridge is very similar to VT82C686B but there are
some differences in register addresses and functionality, e.g. the
VT8231 only has one serial port. This commit adds VT8231_SUPERIO
subclass based on the abstract VIA_SUPERIO class to emulate the
superio part of VT8231.
BALATON Zoltan [Thu, 25 Mar 2021 13:50:39 +0000 (14:50 +0100)]
vt82c686: QOM-ify superio related functionality
Collect superio functionality and its controlling config registers
handling in an abstract VIA_SUPERIO class that is a subclass of
ISA_SUPERIO and put vt82c686b specific parts in a subclass of this
abstract class.
linux-user/ppc: Fix msr updates for signal handling
In save_user_regs, there are two bugs where we OR in a bit number
instead of the bit, clobbering the low bits of MSR. However:
The MSR_VR and MSR_SPE bits control the availability of the insns.
If the bits were not already set in MSR, then any attempt to access
those registers would result in SIGILL.
For linux-user, we always initialize MSR to the capabilities
of the cpu. We *could* add checks vs MSR where we currently
check insn_flags and insn_flags2, but we know they match.
Also, there's a stray cut-and-paste comment in restore.
Then, do not force little-endian binaries into big-endian mode.
Finally, use ppc_store_msr for the update to affect hflags.
Which is the reason none of these bugs were previously noticed.
target/ppc: Remove env->immu_idx and env->dmmu_idx
We weren't recording MSR_GS in hflags, which means that BookE
memory accesses were essentially random vs Guest State.
Instead of adding this bit directly, record the completed mmu
indexes instead. This makes it obvious that we are recording
exactly the information that we need.
This also means that we can stop directly recording MSR_IR.
Nothing within the translator -- or anywhere else for that
matter -- checks MSR_SA or MSR_AP on the 602. This may be
a mistake. However, for the moment, we need not record these
bits in hflags.
This allows us to simplify HFLAGS_VSX computation by moving
it to overlap with MSR_VSX.
Copying flags directly from msr has drawbacks: (1) msr bits
mean different things per cpu, (2) msr has 64 bits on 64 cpus
while tb->flags has only 32 bits.
Create a enum to define these bits. Document the origin of each bit
and validate those bits that must match MSR. This fixes the
truncation of env->hflags to tb->flags, because we no longer
have hflags bits set above bit 31.
Most of the code in ppc_tr_init_disas_context is moved over to
hreg_compute_hflags. Some of it is simple extractions from msr,
some requires examining other cpu flags. Anything that is moved
becomes a simple extract from hflags in ppc_tr_init_disas_context.
Several existing bugs are left in ppc_tr_init_disas_context, where
additional changes are required -- to be addressed in future patches.
We have eliminated all normal uses of hflags_nmsr. We need
not even compute it except when we want to migrate. Rename
the field to emphasize this.
Remove the fixme comment for migrating access_type. This value
is only ever used with the current executing instruction, and
is never live when the cpu is halted for migration.
target/ppc: Do not call hreg_compute_mem_idx after ppc_store_msr
In ppc_store_msr we call hreg_compute_hflags, which itself
calls hreg_compute_mem_idx. Rely on ppc_store_msr to update
everything required by the msr update.
target/ppc: Properly sync cpu state with new msr in cpu_load_old
Match cpu_post_load in using ppc_store_msr to set all of
the cpu state implied by the value of msr. Do not restore
hflags or hflags_nmsr, as we recompute them in ppc_store_msr.
target/ppc: Move 601 hflags adjustment to hreg_compute_hflags
Keep all hflags computation in one place, as this will be
especially important later.
Introduce a new POWERPC_FLAG_HID0_LE bit to indicate when
LE should be taken from HID0. This appears to be set if
and only if POWERPC_FLAG_RTC_CLK is set, but we're not
short of bits and having both names will avoid confusion.
Note that this was the only user of hflags_nmsr, so we can
perform a straight assignment rather than mask and set.
On Mac99 and newer machines, the Uninorth PCI host bridge maps
the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
accessible by the CPU. Restrict the memory to 2GiB to avoid
problems such the one reported in the buglink.
Peter Maydell [Sun, 2 May 2021 11:02:46 +0000 (12:02 +0100)]
Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210501' into staging
Include cleanups.
Decodetree enhancements for power10.
# gpg: Signature made Sat 01 May 2021 19:50:22 BST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "[email protected]"
# gpg: Good signature from "Richard Henderson <[email protected]>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth-gitlab/tags/pull-tcg-20210501:
decodetree: Extend argument set syntax to allow types
decodetree: Add support for 64-bit instructions
decodetree: More use of f-strings
decodetree: Introduce whex and whexC helpers
exec: Remove accel/tcg/ from include paths
Allow '64' to be specified for the instruction width command line params
and use the appropriate extract and deposit functions in that case.
This will be used to implement the new 64-bit Power ISA 3.1 instructions.
Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Luis Pires <[email protected]>
Message-Id: <CP2PR80MB3668E123E2EFDB0ACD3A46F1DA759@CP2PR80MB3668.lamprd80.prod.outlook.com>
[rth: Drop the change to the field type; use bitop_width instead of separate
variables for extract/deposit; use "ull" for 64-bit constants.] Reviewed-by: Luis Pires <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
When TCG is enabled, the accel/tcg/ include path is added to the
project global include search list. This accel/tcg/ directory
contains a header named "internal.h" which, while intented to
be internal to accel/tcg/, is accessible by all files compiled
when TCG is enabled. This might lead to problem with other
directories using the same "internal.h" header name:
As we don't need to expose accel/tcg/ internals to the rest of
the code base, simplify by removing it from the include search
list, and include the accel/tcg/ public headers relative to the
project root search path (which is already in the generic include
search path).
Taylor Simpson [Fri, 9 Apr 2021 01:07:34 +0000 (20:07 -0500)]
Hexagon (target/hexagon) decide if pred has been written at TCG gen time
Multiple writes to the same preg are and'ed together. Rather than
generating a runtime check, we can determine at TCG generation time
if the predicate has previously been written in the packet.
* remotes/armbru/tags/pull-qapi-2021-04-30: (25 commits)
qapi/error.py: enable mypy checks
qapi/error: Add type hints
qapi/error.py: enable pylint checks
qapi/error.py: move QAPIParseError to parser.py
qapi/error: assert QAPISourceInfo is not None
qapi/error: Make QAPISourceError 'col' parameter optional
qapi/error: Use Python3-style super()
qapi/error: Repurpose QAPIError as an abstract base exception class
qapi/expr: Update authorship and copyright information
qapi/expr.py: Use tuples instead of lists for static data
qapi/expr.py: Add docstrings
qapi/expr: Only explicitly prohibit 'Kind' nor 'List' for type names
qapi/expr.py: enable pylint checks
qapi/expr.py: Remove single-letter variable
qapi/expr.py: Consolidate check_if_str calls in check_if
qapi/expr.py: add type hint annotations
qapi/expr.py: Modify check_keys to accept any Collection
qapi/expr.py: Add casts in a few select cases
qapi/expr.py: Check type of union and alternate 'data' member
qapi/expr.py: move string check upwards in check_type
...
Peter Maydell [Fri, 30 Apr 2021 12:46:42 +0000 (13:46 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches
- Fix permission update order problems with block graph changes
- qemu-img convert: Unshare write permission for source
- vhost-user-blk: Fail gracefully on too large queue size
* remotes/kevin/tags/for-upstream: (39 commits)
vhost-user-blk: Fail gracefully on too large queue size
qemu-img convert: Unshare write permission for source
block: Add BDRV_O_NO_SHARE for blk_new_open()
block: refactor bdrv_node_check_perm()
block: rename bdrv_replace_child_safe() to bdrv_replace_child()
block: refactor bdrv_child_set_perm_safe() transaction action
block: inline bdrv_replace_child()
block: inline bdrv_check_perm_common()
block: drop unused permission update functions
block: bdrv_reopen_multiple: refresh permissions on updated graph
block: bdrv_reopen_multiple(): move bdrv_flush to separate pre-prepare
block: add bdrv_set_backing_noperm() transaction action
block: make bdrv_refresh_limits() to be a transaction action
block: make bdrv_unset_inherits_from to be a transaction action
block: drop ignore_children for permission update functions
block/backup-top: drop .active
block: introduce bdrv_drop_filter()
block: add bdrv_remove_filter_or_cow transaction action
block: adapt bdrv_append() for inserting filters
block: split out bdrv_replace_node_noperm()
...
John Snow [Wed, 21 Apr 2021 19:22:32 +0000 (15:22 -0400)]
qapi/error: Add type hints
No functional change.
Note: QAPISourceError's info parameter is Optional[] because schema.py
treats the info property of its various classes as Optional to
accommodate built-in types, which have no source. See prior commit
'qapi/error: assert QAPISourceInfo is not None'.
John Snow [Wed, 21 Apr 2021 19:22:30 +0000 (15:22 -0400)]
qapi/error.py: move QAPIParseError to parser.py
Keeping it in error.py will create some cyclic import problems when we
add types to the QAPISchemaParser. Callers don't need to know the
details of QAPIParseError unless they are parsing or dealing directly
with the parser, so this won't create any harsh new requirements for
callers in the general case.
Update error.py with a little docstring that gives a nod to where the
error may now be found.
John Snow [Wed, 21 Apr 2021 19:22:29 +0000 (15:22 -0400)]
qapi/error: assert QAPISourceInfo is not None
Built-in stuff is not parsed from a source file, and therefore have no
QAPISourceInfo. If such None info was used for reporting an error,
built-in stuff would be broken. Programming error. Instead of reporting
a confusing error with bogus source location then, we better crash.
We currently crash only if self.col was set. Assert that self.info is
not None in order to crash reliably.
We can not yet change the type of the initializer to prove this cannot
happen at static analysis time before the remainder of the code is fully
typed.
John Snow [Wed, 21 Apr 2021 19:22:28 +0000 (15:22 -0400)]
qapi/error: Make QAPISourceError 'col' parameter optional
It's already treated as optional, with one direct caller and some
subclass callers passing 'None'. Make it officially optional, which
requires moving the position of the argument to come after all required
parameters.
QAPISemError becomes functionally identical to QAPISourceError. Keep the
name to preserve its semantic meaning and avoid code churn, but remove
the now-useless __init__ wrapper.
John Snow [Wed, 21 Apr 2021 19:22:26 +0000 (15:22 -0400)]
qapi/error: Repurpose QAPIError as an abstract base exception class
Rename QAPIError to QAPISourceError, and then create a new QAPIError
class that serves as the basis for all of our other custom exceptions,
without specifying any class properties.
This leaves QAPIError as a package-wide error class that's suitable for
any current or future errors.
(Right now, we don't have any errors that DON'T also want to specify a
Source location, but this MAY change. In these cases, a common abstract
ancestor would be desired.)
Add docstrings to explain the intended function of each error class.
John Snow [Wed, 21 Apr 2021 18:20:26 +0000 (14:20 -0400)]
qapi/expr.py: Consolidate check_if_str calls in check_if
This is a small rewrite to address some minor style nits.
Don't compare against the empty list to check for the empty condition, and
move the normalization forward to unify the check on the now-normalized
structure.
With the check unified, the local nested function isn't needed anymore
and can be brought down into the normal flow of the function. With the
nesting level changed, shuffle the error strings around a bit to get
them to fit in 79 columns.
Note: although ifcond is typed as Sequence[str] elsewhere, we *know* that
the parser will produce real, bona-fide lists. It's okay to check
isinstance(ifcond, list) here.
John Snow [Wed, 21 Apr 2021 18:20:24 +0000 (14:20 -0400)]
qapi/expr.py: Modify check_keys to accept any Collection
This is a minor adjustment that lets parameters @required and
@optional take tuple arguments, in particular (). Later patches will
make use of that.
(Iterable would also have worked, but Iterable also includes things like
generator expressions which are consumed upon iteration, which would
require a rewrite to make sure that each input was only traversed
once. Collection implies the "can re-iterate" property.)
John Snow [Wed, 21 Apr 2021 18:20:23 +0000 (14:20 -0400)]
qapi/expr.py: Add casts in a few select cases
Casts are instructions to the type checker only, they aren't "safe" and
should probably be avoided in general. In this case, when we perform
type checking on a nested structure, the type of each field does not
"stick".
(See PEP 647 for an example of "type narrowing" that does "stick".
It is available in Python 3.10, so we can't use it yet.)
We don't need to assert that something is a str if we've already checked
or asserted that it is -- use a cast instead for these cases.
John Snow [Wed, 21 Apr 2021 18:20:22 +0000 (14:20 -0400)]
qapi/expr.py: Check type of union and alternate 'data' member
Prior to this commit, specifying a non-object value here causes the QAPI
parser to crash in expr.py with a stack trace with (likely) an
AttributeError when we attempt to call that value's items() method.
This member needs to be an object (Dict), and not anything else. Add a
check for this with a nicer error message, and formalize that check with
new test cases that exercise that error.
John Snow [Wed, 21 Apr 2021 18:20:20 +0000 (14:20 -0400)]
qapi/expr.py: Add assertion for union type 'check_dict'
mypy isn't fond of allowing you to check for bool membership in a
collection of str elements. Guard this lookup for precisely when we were
given a name.
projects / qemu.git / log