Cédric Le Goater [Sat, 22 Oct 2016 09:46:36 +0000 (11:46 +0200)]
ppc/pnv: add a PnvChip object
This is is an abstraction of a POWER8 chip which is a set of cores
plus other 'units', like the pervasive unit, the interrupt controller,
the memory controller, the on-chip microcontroller, etc. The whole can
be seen as a socket. It depends on a cpu model and its characteristics:
max cores and specific inits are defined in a PnvChipClass.
We start with an near empty PnvChip with only a few cpu constants
which we will grow in the subsequent patches with the controllers
required to run the system.
The Chip CFAM (Common FRU Access Module) ID gives the model of the
chip and its version number. It is generally the first thing firmwares
fetch, available at XSCOM PCB address 0xf000f, to start initialization.
The goal is to emulate a PowerNV system at the level of the skiboot
firmware, which loads the OS and provides some runtime services. Power
Systems have a lower firmware (HostBoot) that does low level system
initialization, like DRAM training. This is beyond the scope of what
qemu will address in a PowerNV guest.
No devices yet, not even an interrupt controller. Just to get started,
some RAM to load the skiboot firmware, the kernel and initrd. The
device tree is fully created in the machine reset op.
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
[clg: - updated for qemu-2.7
- replaced fprintf by error_report
- used a common definition of _FDT macro
- removed VMStateDescription as migration is not yet supported
- added IBM Copyright statements
- reworked kernel_filename handling
- merged PnvSystem and sPowerNVMachineState
- removed PHANDLE_XICP
- added ppc_create_page_sizes_prop helper
- removed nmi support
- removed kvm support
- updated powernv machine to version 2.8
- removed chips and cpus, They will be provided in another patches
- added a machine reset routine to initialize the device tree (also)
- french has a squelette and english a skeleton.
- improved commit log.
- reworked prototypes parameters
- added a check on the ram size (thanks to Michael Ellerman)
- fixed chip-id cell
- changed MAX_CPUS to 2048
- simplified memory node creation to one node only
- removed machine version
- rewrote the device tree creation with the fdt "rw" routines
- s/sPowerNVMachineState/PnvMachineState/
- etc.] Signed-off-by: Cédric Le Goater <[email protected]> Reviewed-by: David Gibson <[email protected]> Signed-off-by: David Gibson <[email protected]>
configure, ppc64: Copy skiboot.lid to build directory when configuring
When configured to compile out of tree, the configure script
copies BIOS blobs to the build directory. However since the PPC64 powernv
machine ROM has .lid extension, it is ignored and "make check" fails
when trying the powernv machine.
David Gibson [Thu, 20 Oct 2016 04:29:25 +0000 (15:29 +1100)]
pseries: Remove unused callbacks from sPAPR VIO bus state
The original QOMification of the spapr VIO devices in 3954d33 "spapr:
convert to QEMU Object Model (v2)" moved some callbacks from the
VIOsPAPRBus structure to the VIOsPAPRDeviceClass. Except, that it
forgot to actually remove them from the VIOsPAPRBus structure (which
still exists, though it doesn't fulfill quite the same function as it
did pre-QOM).
This patch removes those now unused callback fields.
Cédric Le Goater [Tue, 18 Oct 2016 08:06:32 +0000 (10:06 +0200)]
ppc/xics: add a xics_set_nr_servers common routine
xics_spapr and xics_kvm nearly define the same 'set_nr_servers'
handler. Only the type of the ICP differs. So let's make a common one
to remove some duplicated code.
Thomas Huth [Tue, 18 Oct 2016 20:46:41 +0000 (22:46 +0200)]
sparc: Use the new common NVRAM functions for system and free space partition
The system and free space NVRAM partitions (for OpenBIOS) are created
in exactly the same way as the Mac-style CHRP NVRAM partitions, so we
can use the new common helper functions to do this job here, too.
Thomas Huth [Tue, 18 Oct 2016 20:46:40 +0000 (22:46 +0200)]
nvram: Introduce helper functions for CHRP "system" and "free space" partitions
The "system partition" and "free space" partition layouts are
defined by the CHRP and LoPAPR specification, and used by
OpenBIOS and SLOF. We can re-use this code for other machines
that use OpenBIOS and SLOF, too. So let's make this code independent
from the MAC NVRAM environment and put it into two proper helper
functions.
Michael Roth [Tue, 18 Oct 2016 20:50:23 +0000 (15:50 -0500)]
spapr_pci: advertise explicit numa IDs even when there's 1 node
With the addition of "numa_node" properties for PHBs we began
advertising NUMA affinity in cases where nb_numa_nodes > 1.
Since the default on the guest side is to make no assumptions about
PHB NUMA affinity (defaulting to -1), there is still a valid use-case
for explicitly defining a PHB's NUMA affinity even when there's just
one node. In particular, some workloads make faulty assumptions about
/sys/bus/pci/<devid>/numa_node being >= 0, warranting the use of
this property as a workaround even if there's just 1 PHB or NUMA
node.
Enable this use-case by always advertising the PHB's NUMA affinity
if "numa_node" has been explicitly set.
We could achieve this by relaxing the check to simply be
nb_numa_nodes > 0, but even safer would be to check
numa_info[nodeid].present explicitly, and to fail at start time
for cases where it does not exist.
This has an additional affect of no longer advertising PHB NUMA
affinity unconditionally if nb_numa_nodes > 1 and "numa_node"
property is unset/-1, but since the default value on the guest
side for each PHB is also -1, the behavior should be the same for
that situation. We could still retain the old behavior if desired,
but the decision seems arbitrary, so we take the simpler route.
Laurent Vivier [Mon, 17 Oct 2016 10:30:23 +0000 (12:30 +0200)]
tests: use qtest_pc_boot()/qtest_shutdown() in virtio tests
This patch replaces calls to qtest_start() and qtest_end() by
calls to qtest_pc_boot() and qtest_shutdown().
This allows to initialize memory allocator and PCI interface
functions. This will ease to enable virtio tests on other
architectures by only adding a specific qtest_XXX_boot() (like
qtest_spapr_boot()).
Laurent Vivier [Mon, 17 Oct 2016 10:30:22 +0000 (12:30 +0200)]
tests: rename target_big_endian() as qvirtio_is_big_endian()
Move the definition to libqos/virtio.h as it must be used
only with virtio functions.
Add a QVirtioDevice parameter as it will be needed to
know if the virtio device is using virtio 1.0 specification
and thus is always little-endian (to do)
Laurent Vivier [Mon, 17 Oct 2016 10:30:20 +0000 (12:30 +0200)]
tests: don't check if qtest_spapr_boot() returns NULL
qtest_spapr_boot()/qtest_pc_boot()/qtest_boot() call qtest_vboot()
and qtest_vboot() calls g_malloc(),
and g_malloc() never fails:
if memory allocation fails, the application is terminated.
ppc/xics: Add xics to the monitor "info pic" command
Useful to debug interrupt problems.
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
[clg: - updated for qemu-2.7
- added a test on ->irqs as it is not necessarily allocated
(PHB3_MSI)
- removed static variable g_xics and replace with a loop on all
children to find the xics objects.
- rebased on InterruptStatsProvider interface ] Signed-off-by: Cédric Le Goater <[email protected]> Signed-off-by: David Gibson <[email protected]>
The main changes are:
* virtio-serial
* booting speed imrovement
* better PCI bridge support
The complete changelog is:
> virtio-serial: Fix compile error
> scsi: Remove debug functions from scsi-loader.fs
> scsi: Remove unused read-6 command
> obp-tftp: Remove the ciregs-buffer
> libnet: Simplify the net-load arguments passing
> libnet: Simplify the Forth-to-C wrapper of ping()
> Do not link libnet to net-snk anymore, and remove net-snk from board-qemu
> Add a Forth-to-C wrapper for the ping command, too
> Link libnet code to Paflof and add a wrapper for netboot()
> Remember execution tokens of "write" and "read" for socket operations
> Add virtio-serial device support
> Generalize output banner write routine
> Improve indentation in OF.fs
> scsi: implement READ (16) command
> rtas: Improve rtas-do-config-@ and rtas-do-config-! a little bit
> libnet: Make netapps.h includable from .code files
> libnet: Remove unused prototypes from netapps.h
> libnet: Fix the printout of the ping command
> libnet: Make sure to close sockets when we're done
> scsi: implement read-capacity-16
> pci: Fix secondary and subordinate PCI bus enumeration with board-qemu
> pci-phb: Fix stack underflow in phb-pci-walk-bridge
> paflof: Add a read() function to read keyboard input
> paflof: Add socket(), send() and recv() functions to paflof
> paflof: Provide get_timer() and set_timer() helper functions
> paflof: Add a write_mm_log helper function
> paflof: Copy sbrk code from net-snk
> paflof: Use CFLAGS from make.rules instead of completely redefining them
> Do not include the FCode evaluator by default anymore
> Source code beautification of board-qemu/slof/pci-interrupts.fs
> Allow PCI devices in PCI bridge slots greater than 4
> Fix bad interrupt pin numbering in interrupt-map property of PCI bridges
> Improve SLOF_alloc_mem_aligned()
> instance: Fix set-my-args for empty arguments
> Fix remaining compiler warnings in sloffs.c
> Remove misleading padding fields from ROM header definition
> Improve indentation in calculatecrc.h
> Do not include calculatecrc.h from assembler files
> Remove unused defines in calculatecrc.h
> libnet: Re-initialize global variables at the beginning of tftp()
> Remove dependency on cpu/@0 for booting
> usb: Set XHCI slot speed according to port status
> usb: Build correct route string for USB3 devices behind a hub
> usb: Initialize USB3 devices on a hub and keep track of hub topology
> usb: Increase amount of maximum slot IDs and add a sanity check
> usb: Move XHCI port state arrays from header to .c file
> tools: add copy functionality
> tools: added support to sloffs to read from /dev/slof_flash
> tools: added file append functionality
> tools: use crc checking code from romfs/tools
> tools: added initial version of sloffs
> romfs: factored out crc code, to make it usable from other locations
> tools: remove unused parts from the Makefile
> usb-hid: Fix non-working comma key
> fat-files: Fix access to FAT32 dir/files when cluster > 16-bits
> virtio-net: fix ring handling in receive
> net: Remove remainders of the MTFTP code
> net: Move also files from clients/net-snk/app/netapps/ to lib/libnet/
> net: Move files from clients/net-snk/app/netlib/ to lib/libnet/
> net-snk: Get rid of netlib and netapps prefixes in include statements
> usb-xhci: assign field4 before conditional
> Improve F12 key handling in boot menu
> Fix stack underflow that occurs with duplicated ESC in input
> rtas-nvram: optimize erase
> ipv6: Replace magic number 1500 with ETH_MTU_SIZE (i.e. 1518)
> ipv6: Fix NULL pointer dereference in ip6addr_add()
> ipv6: Fix memory leak in set_ipv6_address() / ip6_create_ll_address()
> ipv6: Clear memory after malloc if necessary
> ipv6: Fix possible NULL-pointer dereference in send_ipv6()
> ping: use gateway address for routing
> ping: add netmask in the ping argument
> xhci: fix missing keys from keyboard
> xhci: add memory barrier after filling the trb
> loaders: Remove netflash command
> boot: Remove legacy Forth words for network loading
> base: Move cnt-bits and bcd-to-bin to board-js2x folder
> base: Move huge-tftp-load variable to obp-tftp package
> base: Remove unused IP address conversion functions
> virtio: White space cleanup in virtio-9p.c
> virtio: Add modern version 1.0 support to 9p driver
> virtio: Set a proper name for virtio-9p device tree nodes
> pci: Fix mistype in "unkown-bridge"
> ipv6: Indent code with tabs, not with spaces
> ipv6: send_ipv6() has to return after doing NDP
> ipv6: Do not use unitialized MAC address array
> ipv6: Add support for sending packets through a router
> Remove unused sms code.
> virtio-net: initialize to populate mac address
> libbootmsg: Do not use '\b' characters when printing checkpoints
> dev-null: The "read" function has to return 0 if nothing has been read
Peter Maydell [Thu, 27 Oct 2016 11:45:45 +0000 (12:45 +0100)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Wed 26 Oct 2016 03:19:06 BST
# gpg: using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <[email protected]>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
colo-proxy: fix memory leak
net: rtl8139: limit processing of ring descriptors
net: vmxnet: initialise local tx descriptor
e1000e: Don't zero out buffer address in rx descriptor
net: rocker: set limit to DMA buffer size
net: eepro100: fix memory leak in device uninit
tap-bsd: OpenBSD uses tap(4) now
net: pcnet: fix source formatting and indentation
net: pcnet: check rx/tx descriptor ring length
* remotes/vivier/tags/m68k-part1-pull-request: (23 commits)
target-m68k: Optimize gen_flush_flags
target-m68k: Optimize some comparisons
target-m68k: Use setcond for scc
target-m68k: Introduce DisasCompare
target-m68k: Reorg flags handling
target-m68k: Remove incorrect clearing of cc_x
target-m68k: Some fixes to SR and flags management
target-m68k: Print flags properly
target-m68k: update CPU flags management
target-m68k: don't update cc_dest in helpers
target-m68k: update move to/from ccr/sr
target-m68k: remove m68k_cpu_exec_enter() and m68k_cpu_exec_exit()
target-m68k: Replace helper_xflag_lt with setcond
target-m68k: allow to update flags with operation on words and bytes
target-m68k: REG() macro cleanup
target-m68k: set PAGE_BITS to 12 for m68k
target-m68k: define operand sizes
target-m68k: set disassembler mode to 680x0 or coldfire
target-m68k: introduce read_imXX() functions
target-m68k: manage scaled index
...
Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem. However, portable parallel
code is written assuming only cmpxchg which means that in
practice this is a viable alternative.
Emilio G. Cota [Mon, 27 Jun 2016 19:02:13 +0000 (15:02 -0400)]
target-arm: emulate aarch64's LL/SC using cmpxchg helpers
Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem. Portable parallel code, however,
is written assuming only cmpxchg--and not LL/SC--is available.
This means that in practice emulating LL/SC with cmpxchg is
a viable alternative.
The appended emulates LL/SC pairs in aarch64 with cmpxchg helpers.
This works in both user and system mode. In usermode, it avoids
pausing all other CPUs to perform the LL/SC pair. The subsequent
performance and scalability improvement is significant, as the
plots below show. They plot the throughput of atomic_add-bench
compiled for ARM and executed on a 64-core x86 machine.
Emilio G. Cota [Mon, 27 Jun 2016 19:02:08 +0000 (15:02 -0400)]
target-arm: emulate LL/SC using cmpxchg helpers
Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem. Portable parallel code, however,
is written assuming only cmpxchg--and not LL/SC--is available.
This means that in practice emulating LL/SC with cmpxchg is
a viable alternative.
The appended emulates LL/SC pairs in ARM with cmpxchg helpers.
This works in both user and system mode. In usermode, it avoids
pausing all other CPUs to perform the LL/SC pair. The subsequent
performance and scalability improvement is significant, as the
plots below show. They plot the throughput of atomic_add-bench
compiled for ARM and executed on a 64-core x86 machine.
target-arm: Rearrange aa32 load and store functions
Stop specializing on TARGET_LONG_BITS == 32; unconditionally allocate
a temp and expand with tcg_gen_extu_i32_tl. Split out gen_aa32_addr,
gen_aa32_frob64, gen_aa32_ld_i32 and gen_aa32_st_i32 as separate interfaces.
Emilio G. Cota [Mon, 27 Jun 2016 19:02:05 +0000 (15:02 -0400)]
tests: add atomic_add-bench
With this microbenchmark we can measure the overhead of emulating atomic
instructions with a configurable degree of contention.
The benchmark spawns $n threads, each performing $o atomic ops (additions)
in a loop. Each atomic operation is performed on a different cache line
(assuming lines are 64b long) that is randomly selected from a range [0, $r).
Emilio G. Cota [Mon, 27 Jun 2016 19:02:06 +0000 (15:02 -0400)]
target-i386: remove helper_lock()
It's been superseded by the atomic helpers.
The use of the atomic helpers provides a significant performance and scalability
improvement. Below is the result of running the atomic_add-test microbenchmark with:
$ x86_64-linux-user/qemu-x86_64 tests/atomic_add-bench -o 5000000 -r $r -n $n
, where $n is the number of threads and $r is the allowed range for the additions.
The scenarios measured are:
- atomic: implements x86' ADDL with the atomic_add helper (i.e. this patchset)
- cmpxchg: implement x86' ADDL with a TCG loop using the cmpxchg helper
- master: before this patchset
Results sorted in ascending range, i.e. descending degree of contention.
Y axis is Throughput in Mops/s. Tests are run on an AMD machine with 64
Opteron 6376 cores.
For master I stopped measuring master after 8 threads, because there is little
point in measuring the well-known performance collapse of a contended lock.
Allow qemu to build on 32-bit hosts without 64-bit atomic ops.
Even if we only allow 32-bit hosts to multi-thread emulate 32-bit
guests, we still need some way to handle the 32-bit guest using a
64-bit atomic operation. Do so by dropping back to single-step.
Wikipedia suggests that only very old AMD64 (circa 2004) did not have
this instruction. Further, it's required by Windows 8 so no new cpus
will ever omit it.
If we truely care about these, then we could check this at startup time
and then avoid executing paths that use it.
Add all of cmpxchg, op_fetch, fetch_op, and xchg.
Handle both endian-ness, and sizes up to 8.
Handle expanding non-atomically, when emulating in serial.
Alex Bennée [Wed, 5 Oct 2016 18:13:04 +0000 (11:13 -0700)]
linux-user: enable parallel code generation on clone
The variable parallel_cpus controls the generation of thread aware
atomic code. We only need to set it once we clone our first thread.
At this point any existing translations need to be thrown away.
While the check against sizeof(void *) is appropriate for
normal usage within qemu, there are places in which we want
wider operaions and have checked for their existance.
audio: intel-hda: check stream entry count during transfer
Intel HDA emulator uses stream of buffers during DMA data
transfers. Each entry has buffer length and buffer pointer
position, which are used to derive bytes to 'copy'. If this
length and buffer pointer were to be same, 'copy' could be
set to zero(0), leading to an infinite loop. Add check to
avoid it.
net: rtl8139: limit processing of ring descriptors
RTL8139 ethernet controller in C+ mode supports multiple
descriptor rings, each with maximum of 64 descriptors. While
processing transmit descriptor ring in 'rtl8139_cplus_transmit',
it does not limit the descriptor count and runs forever. Add
check to avoid it.
Li Qiang [Wed, 10 Aug 2016 19:12:20 +0000 (00:42 +0530)]
net: vmxnet: initialise local tx descriptor
In Vmxnet3 device emulator while processing transmit(tx) queue,
when it reaches end of packet, it calls vmxnet3_complete_packet.
In that local 'txcq_descr' object is not initialised, which could
leak host memory bytes a guest.
Kevin Wolf [Sun, 16 Oct 2016 22:35:07 +0000 (00:35 +0200)]
e1000e: Don't zero out buffer address in rx descriptor
The e1000e emulation zeroes out any used rx descriptor and then writes a
completely newly constructed value there. By doing this, it doesn't only
update the write-back area of the descriptors (as it's supposed to do),
but it also clears the buffer address, which real hardware doesn't do.
The spec explicitly mentions in chapter 7.1.8 that it is valid for a
driver to reuse a descriptor and only update the status field while
doing so, i.e. reusing the old buffer address:
If software statically allocates buffers, and uses memory read to
check for completed descriptors, it simply has to zero the status
byte in the descriptor to make it ready for reuse by hardware.
This patch fixes the behaviour to leave the buffer address in
descriptors unchanged even after the descriptor has been used.
Rocker network switch emulator has test registers to help debug
DMA operations. While testing host DMA access, a buffer address
is written to register 'TEST_DMA_ADDR' and its size is written to
register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
test, if DMA buffer size was greater than 'INT_MAX', it leads to
an invalid buffer access. Limit the DMA buffer size to avoid it.
Li Qiang [Sat, 8 Oct 2016 12:07:25 +0000 (05:07 -0700)]
net: eepro100: fix memory leak in device uninit
The exit dispatch of eepro100 network card device doesn't free
the 's->vmstate' field which was allocated in device realize thus
leading a host memory leak. This patch avoid this.
The AMD PC-Net II emulator has set of control and status(CSR)
registers. Of these, CSR76 and CSR78 hold receive and transmit
descriptor ring length respectively. This ring length could range
from 1 to 65535. Setting ring length to zero leads to an infinite
loop in pcnet_rdra_addr() or pcnet_transmit(). Add check to avoid it.
Separate all ccr bits. Continue to batch updates via cc_op.
Signed-off-by: Richard Henderson <[email protected]>
Fix gen_logic_cc() to really extend the size of the result.
Fix gen_get_ccr(): update cc_op as it is used by the helper.
Factorize flags computing and src/ccr cleanup
Laurent Vivier [Wed, 24 Jun 2015 00:35:06 +0000 (02:35 +0200)]
target-m68k: manage scaled index
Scaled index is not supported by 68000, 68008, and 68010.
EA = (bd + PC) + Xn.SIZE*SCALE + od
Ignore it:
M68000 FAMILY PROGRAMMER’S REFERENCE MANUAL
2.4 BRIEF EXTENSION WORD FORMAT COMPATIBILITY
"If the MC68000 were to execute an instruction that
encoded a scaling factor, the scaling factor would be
ignored and would not access the desired memory address.
The earlier microprocessors do not recognize the brief
extension word formats implemented by newer processors.
Although they can detect illegal instructions, they do not
decode invalid encodings of the brief extension word formats
as exceptions."
projects / qemu.git / log