Liam Merwick [Tue, 15 Jan 2019 12:18:03 +0000 (12:18 +0000)]
elf: Add optional function ptr to load_elf() to parse ELF notes
This patch adds an optional function pointer, 'elf_note_fn', to
load_elf() which causes load_elf() to additionally parse any
ELF program headers of type PT_NOTE and check to see if the ELF
Note is of the type specified by the 'translate_opaque' arg.
If a matching ELF Note is found then the specfied function pointer
is called to process the ELF note.
Passing a NULL function pointer results in ELF Notes being skipped.
The first consumer of this functionality is the PVHboot support
which needs to read the XEN_ELFNOTE_PHYS32_ENTRY ELF Note while
loading the uncompressed kernel binary in order to discover the
boot entry address for the x86/HVM direct boot ABI.
Laurent Vivier [Wed, 2 Jan 2019 14:16:03 +0000 (15:16 +0100)]
cpus: ignore ESRCH in qemu_cpu_kick_thread()
We can have a race condition between qemu_cpu_kick_thread() and
qemu_kvm_cpu_thread_fn() when we hotunplug a CPU. In this case,
qemu_cpu_kick_thread() can try to kick a thread that is exiting.
pthread_kill() returns an error and qemu is stopped by an exit(1).
Thomas Huth [Thu, 17 Jan 2019 17:14:08 +0000 (18:14 +0100)]
configure: Add a proper check for openpty() in libutil
On Linux (and maybe some BSDs), we require libutil for the openpty()
function. However, this library is not available on some other systems, so
we currently use a fragile if-statement in the configure script to check
whether we need the library or not. Unfortunately, we also hard-coded a
"-lutil" in the tests/Makefile.include file, so this breaks the build on
Solaris, for example (see buglink below). To fix the issue, add the "-lutil"
to "libs_tools" in the configure script instead, then this gets properly
propagated to the tests, too.
And while we're at it, also replace the fragile if-statement in the confi-
gure script with a proper link-check for the availability of this function.
Emilio G. Cota [Tue, 15 Jan 2019 19:47:53 +0000 (14:47 -0500)]
cpu-exec: add assert_no_pages_locked() after longjmp
We forgot to add this check in faa9372c07 ("translate-all:
introduce assert_no_pages_locked", 2018-06-15); we only added
it after returning from a longjmp in cpu_exec_step_atomic. Fix it.
Paolo Bonzini [Mon, 3 Dec 2018 15:32:23 +0000 (16:32 +0100)]
vhost-user-test: skip if there is no memory at address 0
The virt machine cannot run the vhost-user qtests because they hardcode
the presence of memory at address 0. Report the tests as a skip so that
they can be converted to use qgraph.
Paolo Bonzini [Mon, 3 Dec 2018 15:32:19 +0000 (16:32 +0100)]
vhost-user-test: use g_cond_broadcast
g_cond_signal is rarely the right thing to do, it works now because
vhost-user-test only has two threads but it is not correct in general.
Fix it before adding more calls.
Peter Maydell [Tue, 5 Feb 2019 09:35:53 +0000 (09:35 +0000)]
Merge remote-tracking branch 'remotes/xtensa/tags/20190204-xtensa' into staging
target/xtensa: SMP updates and various fixes
- fix CPU wakeup on runstall changes; expose runstall as an IRQ line;
- place mini-bootloader at the BSP reset vector;
- expose CPU core frequency in XTFPGA board FPGA register;
- rearrange access to external interrupts of xtensa cores;
- add MX interrupt distributor and use it on SMP XTFPGA boards;
- add test_mmuhifi_c3 xtensa core variant;
- raise number of CPUs that can be instantiated on XTFPGA boards.
* remotes/xtensa/tags/20190204-xtensa:
hw/xtensa: xtfpga: raise CPU number limit
target/xtensa: add test_mmuhifi_c3 core
hw/xtensa: xtfpga: use MX PIC for SMP
target/xtensa: add MX interrupt controller
target/xtensa: expose core runstall as an IRQ line
target/xtensa: rearrange access to external interrupts
target/xtensa: drop function xtensa_timer_irq
target/xtensa: fix access to the INTERRUPT SR
hw/xtensa: xtfpga: use core frequency
hw/xtensa: xtfpga: fix bootloader placement in SMP
target/xtensa: add qemu_cpu_kick to xtensa_runstall
We have several paranoid checks for ioc != NULL. But ioc may become
NULL only on close, which should not happen during requests handling.
Also, we check ioc only sometimes, not after each yield, which is
inconsistent. Let's drop these checks. However, for safety, let's leave
asserts instead.
block/nbd-client: split channel errors from export errors
To implement nbd reconnect in further patches, we need to distinguish
error codes, returned by nbd server, from channel errors, to reconnect
only in the latter case.
We generally do very similar things around nbd_read: error_prepend
specifying what we have tried to read, and be_to_cpu conversion of
integers.
So, it seems reasonable to move common things to helper functions,
which:
1. simplify code a bit
2. generalize nbd_read error descriptions, all starting with
"Failed to read"
3. make it more difficult to forget to convert things from BE
Eric Blake [Fri, 25 Jan 2019 23:48:37 +0000 (17:48 -0600)]
qemu-nbd: Deprecate qemu-nbd --partition
The existing qemu-nbd --partition code claims to handle logical
partitions up to 8, since its introduction in 2008 (commit 7a5ca86).
However, the implementation is bogus (actual MBR logical partitions
form a sort of linked list, with one partition per extended table
entry, rather than four logical partitions in a single extended
table), making the code unlikely to work for anything beyond -P5 on
actual guest images. What's more, the code does not support GPT
partitions, which are becoming more popular, and maintaining device
subsetting in both NBD and the raw device is unnecessary duplication
of effort (even if it is not too difficult).
Note that obtaining the offsets of a partition (MBR or GPT) can be
learned by using 'qemu-nbd -c /dev/nbd0 file.qcow2 && sfdisk --dump
/dev/nbd0', but by the time you've done that, you might as well
just mount /dev/nbd0p1 that the kernel creates for you instead of
bothering with qemu exporting a subset. Or, keeping to just
user-space code, use nbdkit's partition filter, which has already
known both GPT and primary MBR partitions for a while, and was
just recently enhanced to support arbitrary logical MBR parititions.
Start the clock on the deprecation cycle, with examples of how
to accomplish device subsetting without using -P.
Jason Wang [Wed, 30 Jan 2019 03:14:27 +0000 (11:14 +0800)]
test-filter-mirror: pass UNIX domain socket through fd
The tests tries to let qemu server mode to process the connection
which turns out to be racy after commit 8258292e18c3 ("monitor: Remove
"x-oob", offer capability "oob" unconditionally"). This is because the
filter may try to mirror the packets before UNIX socket object is
ready (connected was set to true) from the view of qemu. In this case
the packet will be dropped silently.
Fixing this by passing pre-connected socket created by socketpair() to
qemu through fd.
Thomas Huth [Mon, 4 Feb 2019 08:25:43 +0000 (09:25 +0100)]
tests/docker/test-mingw and docs: Remove --with-sdlabi=2.0
Patchew currently reports failures with the mingw docker test - this
is due to --with-sdlabi=2.0 configure flag which does not exist anymore.
Remove this remainder from the docker test and the docs now.
Paul Durrant [Thu, 31 Jan 2019 15:33:16 +0000 (15:33 +0000)]
xen-block: handle resize callback
Some frontend drivers will handle dynamic resizing of PV disks, so set up
the BlockDevOps resize_cb() method during xen_block_realize() to allow
this to be done.
Paul Durrant [Tue, 22 Jan 2019 15:53:46 +0000 (15:53 +0000)]
xen: fix xen-bus state model to allow frontend re-connection
There is a flaw in the xen-bus state model. To allow a frontend to re-
connect the backend state of an online XenDevice is transitioned from
Closed to InitWait, but this is currently done unilaterally which is
incorrect. The backend state should remain Closed until the frontend state
transitions to Initialising.
This patch removes the automatic backend state transition from
xen_device_backend_state_changed() and, instead, adds an extra check in
xen_device_frontend_state_changed() to determine whether a frontend is
trying to re-connect to a previously Closed XenDevice. Only if this is
found to be the case is the backend state transitioned from Closed to
InitWait. Note that this transition will be common amongst all XenDevice
classes and hence xen_device_frontend_state_changed() returns immediately
afterwards without calling into the XenDeviceClass frontend_changed()
method.
Peter Maydell [Mon, 4 Feb 2019 10:33:40 +0000 (10:33 +0000)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-4.0-20190204' into staging
ppc patch queue 2019-02-04
Here's the next batch of ppc target and spapr related changes.
Highlights are:
* A number of endianness handling cleanups from Mark Cave-Ayland
* Updated Mac VGA driver
* Updated SLOF image
* Some XIVE cleanups and small fixes
* ppc4xx cleanups and fixes from BALATON Zoltan
There are a few chances not technically in the ppc target code:
* Several MAINTAINERS updates
* Fixes for unmapping of hugepages on power hosts
The latter is included because it's primarily of interest for ppc KVM setups.
* remotes/dgibson/tags/ppc-for-4.0-20190204: (37 commits)
mmap-alloc: fix hugetlbfs misaligned length in ppc64
mmap-alloc: unfold qemu_ram_mmap()
hw/ppc: Don't include m48t59.h if it is not necessary
spapr_pci: Fix endianness in assigned-addresses property
target/ppc: remove various HOST_WORDS_BIGENDIAN hacks in int_helper.c
target/ppc: remove ROTRu32 and ROTRu64 macros from int_helper.c
target/ppc: simplify VEXT_SIGNED macro in int_helper.c
target/ppc: eliminate use of EL_IDX macros from int_helper.c
target/ppc: eliminate use of HI_IDX and LO_IDX macros from int_helper.c
target/ppc: rework vmul{e,o}{s,u}{b,h,w} instructions to use Vsr* macros
target/ppc: rework vmrg{l,h}{b,h,w} instructions to use Vsr* macros
hw/ppc/spapr: Add support for "-vga cirrus"
QemuMacDrivers: update qemu_vga.ndrv to 90c488d built from submodule
MAINTAINERS: add myself as maintainer for Mac Old World and New World machines
spapr: Drop unused parameters from fdt building helper
MAINTAINERS: Merge the two e500 sections
MAINTAINERS: XIVE is an interrupt controller, not a machine
hw/ppc: Move ppc40x_*reset() functions from ppc405_uc.c to ppc.c
ppc: remove the interrupt presenters from under PowerPCCPU
target/ppc: implement complete set of Vsr* macros
...
However, we still need to consider the underlying huge page size
during munmap() because it requires that both address and length be a
multiple of the underlying huge page size for Huge TLB mappings.
Quote from "Huge page (Huge TLB) mappings" paragraph under NOTES
section of the munmap(2) manual:
"For munmap(), addr and length must both be a multiple of the
underlying huge page size."
On ppc64, the munmap() in qemu_ram_munmap() does not work for Huge TLB
mappings because the mapped segment can be aligned with the underlying
huge page size, not aligned with the native system page size, as
returned by getpagesize().
This has the side effect of not releasing huge pages back to the pool
after a hugetlbfs file-backed memory device is hot-unplugged.
This patch fixes the situation in qemu_ram_mmap() and
qemu_ram_munmap() by considering the underlying page size on ppc64.
After this patch, memory hot-unplug releases huge pages back to the
pool.
Unfold parts of qemu_ram_mmap() for the sake of understanding, moving
declarations to the top, and keeping architecture-specifics in the
ifdef-else blocks. No changes in the function behaviour.
Give ptr and ptr1 meaningful names:
ptr -> guardptr : pointer to the PROT_NONE guard region
ptr1 -> ptr : pointer to the mapped memory returned to caller
spapr_pci: Fix endianness in assigned-addresses property
reg->phys_hi and assigned->phys_hi are big endian but we do an extra
byteswap anyway when copying reg->phys_hi to assigned->phys_hi.
To make things slightly more messy, we also add a relocatable bit (b_n())
although in the right endianness.
This fixes endianness of assigned->phys_hi.
This is unlikely to produce any visible difference though as we should end up
there only in the case of PCI hotplug and even then I am not sure if
(d->io_regions[i].addr == PCI_BAR_UNMAPPED) == true.
Mark Cave-Ayland [Wed, 30 Jan 2019 20:36:37 +0000 (20:36 +0000)]
target/ppc: remove ROTRu32 and ROTRu64 macros from int_helper.c
Richard points out that these macros suffer from a -fsanitize=shift bug in that
they improperly handle n == 0 turning it into a shift by 32/64 respectively.
Replace them with QEMU's existing ror32() and ror64() functions instead.
Mark Cave-Ayland [Wed, 30 Jan 2019 20:36:36 +0000 (20:36 +0000)]
target/ppc: simplify VEXT_SIGNED macro in int_helper.c
As pointed out by Richard: it does not need the mask argument, nor does it need
the recast argument. The masking is implied by the cast argument, and the
recast is implied by the assignment.
Mark Cave-Ayland [Wed, 30 Jan 2019 20:36:34 +0000 (20:36 +0000)]
target/ppc: eliminate use of HI_IDX and LO_IDX macros from int_helper.c
The original purpose of these macros was to correctly reference the high and low
parts of the VSRs regardless of the host endianness.
Replace these direct references to high and low parts with the relevant VsrD
macro instead, and completely remove the now-unused HI_IDX and LO_IDX macros.
Mark Cave-Ayland [Wed, 30 Jan 2019 20:36:32 +0000 (20:36 +0000)]
target/ppc: rework vmrg{l,h}{b,h,w} instructions to use Vsr* macros
The current implementations make use of the endian-specific macros MRGLO/MRGHI
and also reference HI_IDX and LO_IDX directly to calculate array offsets.
Rework the implementation to use the Vsr* macros so that these per-endian
references can be removed.
Thomas Huth [Wed, 30 Jan 2019 13:36:39 +0000 (14:36 +0100)]
hw/ppc/spapr: Add support for "-vga cirrus"
The cirrus VGA card has been enabled in the PPC builds with
commit 29f9cef39eb1ae55e82c ("ppc: Include vga cirrus card into
the compiling process") last year. It also works on the pseries
machine, even SLOF contains support for this card, so we can
also support this for the "-vga" parameter here.
Mark Cave-Ayland [Mon, 28 Jan 2019 21:21:56 +0000 (21:21 +0000)]
MAINTAINERS: add myself as maintainer for Mac Old World and New World machines
I've unofficially been doing most of the work on the Mac machines for a while
now, so update MAINTAINERS to reflect this. David is still happy to be listed
as a reviewer as per our discussion at KVM forum.
spapr: Drop unused parameters from fdt building helper
spapr_load_rtas() handles now RTAS address and size information in the FDT
so drop them from spapr_build_fdt().
While we are here, fix a small typo.
Fixes: 3f5dabceba24 "pseries: Consolidate construction of /rtas device tree node" Signed-off-by: Alexey Kardashevskiy <[email protected]> Reviewed-by: Greg Kurz <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: David Gibson <[email protected]>
Thomas Huth [Wed, 30 Jan 2019 16:22:25 +0000 (17:22 +0100)]
MAINTAINERS: Merge the two e500 sections
There is currently a "e500" machine section and a "ppce500" device
section in the maintainers file - with some oddities: The wildcard
in the device section also covers the files from the machine section.
And hw/pci-host/ppce500.c is in the device section, while its header
is in the machine section.
This is really quite confusing, and I don't see a reason why we really
need two sections here, so let's simply merge them.
Thomas Huth [Wed, 30 Jan 2019 15:45:40 +0000 (16:45 +0100)]
MAINTAINERS: XIVE is an interrupt controller, not a machine
The "XIVE" section is currently listed in the "PowerPC Machines"
section, which is weird, since this is an interrupt controller
device. Move it to the "Devices" section instead.
Thomas Huth [Wed, 30 Jan 2019 14:30:49 +0000 (15:30 +0100)]
hw/ppc: Move ppc40x_*reset() functions from ppc405_uc.c to ppc.c
Currently, it is not possible to build a QEMU binary without the
ppc405_uc.c file, even if you do not want to have the embedded machines
in the binary. This is bad since it's quite a bit of code and this code
pulls in some more dependencies (e.g. via the usage of serial_mm_init())
which would not be needed otherwise - especially with the upcoming
Kconfig-style configuration system for QEMU.
The only functions from this file which are really always required for
linking are the ppc40x_*reset() functions, so move these functions to
ppc.c, close to the ppc40x_set_irq() function that calls them. Now we
can flag ppc405_uc.c and ppc4xx_devs.c with the CONFIG_PPC4XX config
switch, too.
And while we're at it, replace the printf()s in these ppc40x_*reset()
functions with proper calls to qemu_log_mask().
Cédric Le Goater [Thu, 17 Jan 2019 07:53:24 +0000 (08:53 +0100)]
xive: add a get_tctx() method to the XiveRouter
It provides a mean to retrieve the XiveTCTX of a CPU. This will become
necessary with future changes which move the interrupt presenter
object pointers under the PowerPCCPU machine_data.
The PowerNV machine has an extra requirement on TIMA accesses that
this new method addresses. The machine can perform indirect loads and
stores on the TIMA on behalf of another CPU. The PIR being defined in
the controller registers, we need a way to peek in the controller
model to find the PIR value.
The XiveTCTX is moved above the XiveRouter definition to avoid forward
typedef declarations.
While looking at the s390x implementation, looks like spapr has a
similar BUG when building the topology.
The primary bus number corresponds always to the bus number of the
bus the bridge is attached to.
Right now, if we have two bridges attached to the same bus (e.g. root
bus) this is however not the case. The first bridge will have primary
bus 0, the second bridge primary bus 1, which is wrong. Fix the assignment.
While at it, drop setting the PCI_SUBORDINATE_BUS temporarily to 0xff.
Setting it temporarily to that value (as discussed e.g. in [1]), is
only relevant for a running system that probes the buses. The value is
effectively unused for us just doing a DFS.
Thomas Huth [Wed, 9 Jan 2019 14:03:23 +0000 (15:03 +0100)]
hw/ppc/spapr: Encode the SCSI channel (bus) in the SRP LUNs
In hw/scsi/spapr_vio.c we declare that the controller supports multiple
buses by specifying "max_channel = 7" there. So in the code that fixes
up the device tree nodes, we must encode the channel number (a.k.a. bus
number in the "Logical unit addressing format" table of SAM5) into the
64-bit LUN, too.
commit efe2add7cb7f ("spapr/vio: deprecate the "irq" property") was
merged in QEMU version 3.0. The "irq" property" can be removed for
QEMU version 4.0.
BALATON Zoltan [Wed, 9 Jan 2019 22:37:33 +0000 (23:37 +0100)]
ppc440: Avoid reporting error when reading non-existent RAM slot
When reading base register of RAM slot with no RAM we should not try
to calculate register value because that will result printing an error
due to invalid RAM size. Just return 0 without the error in this case.
Greg Kurz [Thu, 10 Jan 2019 14:23:58 +0000 (15:23 +0100)]
target/ppc/kvm: Drop useless include directive
It has been there since the enablement of PR KVM for PAPR, ie, commit f61b4bedaf35 in 2011. Not sure why at that time, but it is definitely
not needed with the current code.
BALATON Zoltan [Thu, 3 Jan 2019 16:27:24 +0000 (17:27 +0100)]
sam460ex: Fix support for memory larger than 1GB
Fix the encoding of larger memory modules in the SoC registers which
allows specifying more than 1GB memory for sam460ex. Well, only 2GB
due to SoC and firmware restrictions which was the only missing value
compared to what the real hardware supports. The SoC should support up
to 4GB but when setting that the firmware hangs during memory test.
This may be an overflow bug in the firmware which I did not try to
debug but this may affect real hardware as well.
BALATON Zoltan [Thu, 3 Jan 2019 16:27:24 +0000 (17:27 +0100)]
ppc4xx: Pass array index to function instead of pointer into the array
The sdram_set_bcr() function in ppc440_uc.c takes a pointer into an
array then calculates its index from that. It's simpler and easier to
just pass the index which simplifies both the function and its callers.
Do similar cleanup in ppc4xx_devs.c to similar function.
BALATON Zoltan [Thu, 3 Jan 2019 16:27:24 +0000 (17:27 +0100)]
ppc4xx: Rename ppc4xx_sdram_t in ppc440_uc.c to ppc440_sdram_t
There's already a struct with the same name in ppc4xx_devs.c. They are
not used outside their files so don't clash but they are also not
identical so rename the ppc440 specific one to distinguish them.
BALATON Zoltan [Thu, 3 Jan 2019 16:27:24 +0000 (17:27 +0100)]
sam460ex: Clean up SPD EEPROM creation
Get rid of code from MIPS Malta board used to create SPD EEPROM data
(parts of which was not even needed for sam460ex) and use the generic
spd_data_generate() function to simplify this.
BALATON Zoltan [Thu, 3 Jan 2019 16:27:24 +0000 (17:27 +0100)]
smbus: Add a helper to generate SPD EEPROM data
There are several boards with SPD EEPROMs that are now using
duplicated or slightly different hard coded data. Add a helper to
generate SPD data for a memory module of given type and size that
could be used by these boards (either as is or with further changes if
needed) which should help cleaning this up and avoid further duplication.
This includes spapr-vio and usb-storage fixes, phandles fix for NVLink2
pass through support and other compile improvements.
The full list of changes is:
* vio-vscsi: Support multiple channels / buses
* board-qemu/slof/vio-vscsi: Scan up to 64 SCSI IDs
* usb/storage: Implement block write support
* usb/storage: Invert the logic of the IF-statements
* fdt: Fix phandles for NVLink/NVLink2
* fdt: Factor out code to replace a phandle in place
* pci: use appropriate base class ids
* Makefile: Set a proper DRIVER_NAME when building from a git tree
* romfs/tools: Silence more compiler warnings with GCC 8.1
* romfs/tools: Silence GCC 8.1 compiler warning with FLASHFS_MAGIC
* romfs/tools: Remove superfluous union around the rom header struct
* make.rules: Compile SLOF with -fno-asynchronous-unwind-tables
Peter Maydell [Fri, 1 Feb 2019 17:58:27 +0000 (17:58 +0000)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches:
- vmdk: Support for blockdev-create
- block: Apply auto-read-only for ro-whitelist drivers
- virtio-scsi: Fixes related to attaching/detaching iothreads
- scsi-disk: Fixed erroneously detected multipath setup with multiple
disks created with node-names. Added device_id property.
- block: Fix hangs in synchronous APIs with iothreads
- block: Fix invalidate_cache error path for parent activation
- block-backend, mirror, qcow2, vpc, vdi, qemu-iotests:
Minor fixes and code improvements
# gpg: Signature made Fri 01 Feb 2019 15:23:10 GMT
# gpg: using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <[email protected]>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream: (27 commits)
scsi-disk: Add device_id property
scsi-disk: Don't use empty string as device id
qtest.py: Wait for the result of qtest commands
block: Fix invalidate_cache error path for parent activation
iotests/236: fix transaction kwarg order
iotests: Filter second BLOCK_JOB_ERROR from 229
virtio-scsi: Forbid devices with different iothreads sharing a blockdev
scsi-disk: Acquire the AioContext in scsi_*_realize()
virtio-scsi: Move BlockBackend back to the main AioContext on unplug
block: Eliminate the S_1KiB, S_2KiB, ... macros
block: Remove blk_attach_dev_legacy() / legacy_dev code
block: Apply auto-read-only for ro-whitelist drivers
uuid: Make qemu_uuid_bswap() take and return a QemuUUID
block/vdi: Don't take address of fields in packed structs
block/vpc: Don't take address of fields in packed structs
vmdk: Reject excess extents in blockdev-create
iotests: Add VMDK tests for blockdev-create
iotests: Filter cid numbers in VMDK extent info
vmdk: Implement .bdrv_co_create callback
vmdk: Refactor vmdk_create_extent
...
Peter Maydell [Fri, 1 Feb 2019 16:39:17 +0000 (16:39 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190201' into staging
target-arm queue:
* New machine mps2-an521 -- this is a model of the AN521 FPGA image for the MPS2 devboard
* Fix various places where we failed to UNDEF invalid A64 instructions
* Don't UNDEF a valid FCMLA on 32-bit inputs
* Fix some bugs in the newly-added PAuth implementation
* microbit: Implement NVMC non-volatile memory controller
target/arm: fix AArch64 virtual address space size
Since QEMU does not support the ARMv8.2-LVA, Large Virtual Address,
extension (yet), the VA address space is 48-bits plus a sign bit. User
mode can only handle the positive half of the address space, so that
makes a limit of 48 bits.
(With LVA, it would be 53 and 52 bits respectively.)
The incorrectly large address space conflicts with PAuth instructions,
which use bits 48-54 and 56-63 for the pointer authentication code. This
also conflicts with (as yet unsupported by QEMU) data tagging and with
the ARMv8.5-MTE extension.
Drop the pac properties. This approach cannot work as written
because the properties are applied before arm_cpu_reset, which
zeros SCTLR_EL1 (amongst everything else).
We can re-introduce the properties if they turn out to be useful.
But since linux 5.0 enables all of the keys, they may not be.
Julia Suvorova [Fri, 1 Feb 2019 14:55:46 +0000 (14:55 +0000)]
arm: Clarify the logic of set_pc()
Until now, the set_pc logic was unclear, which raised questions about
whether it should be used directly, applying a value to PC or adding
additional checks, for example, set the Thumb bit in Arm cpu. Let's set
the set_pc logic for “Configure the PC, as was done in the ELF file”
and implement synchronize_with_tb hook for preserving PC to cpu_tb_exec.
target/arm: Add a timer to predict PMU counter overflow
Make PMU overflow interrupts more accurate by using a timer to predict
when they will overflow rather than waiting for an event to occur which
allows us to otherwise check them.
target/arm: Send interrupts on PMU counter overflow
Whenever we notice that a counter overflow has occurred, send an
interrupt. This is made more reliable with the addition of a timer in a
follow-on commit.
Peter Maydell [Fri, 1 Feb 2019 14:55:45 +0000 (14:55 +0000)]
target/arm/translate-a64: Fix mishandling of size in FCMLA decode
In disas_simd_indexed(), for the case of "complex fp", each indexable
element is a complex pair, so the total size is twice that indicated
in the 'size' field in the encoding. We were trying to do this
"double the size" operation with a left shift by 1, but this is
incorrect because the 'size' field is a MO_8/MO_16/MO_32/MO_64
value, and doubling the size should be done by a simple increment.
This meant we were mishandling FCMLA (by element) of values where
the real and imaginary parts are 32-bit floats, and would incorrectly
UNDEF this encoding. (No other insns take this code path, and for
16-bit floats it happens that 1 << 1 and 1 + 1 are both the same).
The FCMLA (by element) instruction exists in the
"vector x indexed element" encoding group, but not in
the "scalar x indexed element" group. Correctly UNDEF
the unallocated encodings.
Peter Maydell [Fri, 1 Feb 2019 14:55:45 +0000 (14:55 +0000)]
exec.c: Don't reallocate IOMMUNotifiers that are in use
The tcg_register_iommu_notifier() code has a GArray of
TCGIOMMUNotifier structs which it has registered by passing
memory_region_register_iommu_notifier() a pointer to the embedded
IOMMUNotifier field. Unfortunately, if we need to enlarge the
array via g_array_set_size() this can cause a realloc(), which
invalidates the pointer that memory_region_register_iommu_notifier()
put into the MemoryRegion's iommu_notify list. This can result
in segfaults.
Switch the GArray to holding pointers to the TCGIOMMUNotifier
structs, so that we can individually allocate and free them.
Peter Maydell [Fri, 1 Feb 2019 14:55:45 +0000 (14:55 +0000)]
target/arm/translate-a64: Don't underdecode SDOT and UDOT
In the AdvSIMD scalar x indexed element and vector x indexed element
encoding group, the SDOT and UDOT instructions are vector only,
and their opcode is unallocated in the scalar group. Correctly
UNDEF this unallocated encoding.
bit 31 is M and bit 29 is S (and bit 30 is 0, already checked at
this point in the decode). None of these groups allocate any
encoding for M=1 or S=1. We checked this in disas_fp_compare(),
disas_fp_ccomp() and disas_fp_csel(), but missed it in disas_fp_1src(),
disas_fp_2src(), disas_fp_3src() and disas_fp_imm().
We also missed that in the fp immediate encoding the imm5 field
must be all zeroes.
In the "add/subtract (extended register)" encoding group, the "opt"
field in bits [23:22] must be zero. Correctly UNDEF the unallocated
encodings where this field is not zero.
Peter Maydell [Fri, 1 Feb 2019 14:55:44 +0000 (14:55 +0000)]
target/arm/translate-a64: Don't underdecode SIMD ld/st single
In the AdvSIMD load/store single structure encodings, the
non-post-indexed case should have zeroes in [20:16] (which is the
Rm field for the post-indexed case). Bit 31 must also be zero
(a check we got right in ldst_multiple but not here). Correctly
UNDEF these unallocated encodings.
In the AdvSIMD load/store multiple structures encodings,
the non-post-indexed case should have zeroes in [20:16]
(which is the Rm field for the post-indexed case).
Correctly UNDEF the currently unallocated encodings which
have non-zeroes in those bits.
Peter Maydell [Fri, 1 Feb 2019 14:55:44 +0000 (14:55 +0000)]
target/arm/translate-a64: Don't underdecode PRFM
The PRFM prefetch insn in the load/store with imm9 encodings
requires idx field 0b00; we were underdecoding this by
only checking !is_unpriv (which is equivalent to idx != 2).
Correctly UNDEF the unallocated encodings where idx == 0b01
and 0b11 as well as 0b10.
Peter Maydell [Fri, 1 Feb 2019 14:55:44 +0000 (14:55 +0000)]
target/arm/translate-a64: Don't underdecode system instructions
The "system instructions" and "system register move" subcategories
of "branches, exception generating and system instructions" for A64
only apply if bits [23:22] are zero; other values are currently
unallocated. Correctly UNDEF these unallocated encodings.
Peter Maydell [Fri, 1 Feb 2019 14:55:44 +0000 (14:55 +0000)]
hw/arm/mps2-tz: Add mps2-an521 model
Add a model of the MPS2 FPGA image described in Application Note
AN521. This is identical to the AN505 image, except that it uses
the SSE-200 rather than the IoTKit and so has two Cortex-M33 CPUs.
Peter Maydell [Fri, 1 Feb 2019 14:55:43 +0000 (14:55 +0000)]
hw/arm/mps2-tz: Add IRQ infrastructure to support SSE-200
In preparation for adding support for the AN521 MPS2 image, we need
to handle wiring up the MPS2 device interrupt lines to both CPUs in
the SSE-200, rather than just the one that the IoTKit has.
Abstract out a "connect to the IoTKit interrupt line" function
and make it connect to a splitter which feeds both sets of inputs
for the SSE-200 case.
The SSE-200 has a CPU_IDENTITY register block, which is a set of
read-only registers. As well as the usual PID/CID registers, there
is a single CPUID register which indicates whether the CPU is CPU 0
or CPU 1. Implement a model of this register block.
Peter Maydell [Fri, 1 Feb 2019 14:55:43 +0000 (14:55 +0000)]
hw/arm/armsse: Add unimplemented-device stub for CPU local control registers
The SSE-200 has a "CPU local security control" register bank; add an
unimplemented-device stub for it. (The register bank has only one
interesting register, which allows the guest to lock down changes
to various CPU registers so they cannot be modified further. We
don't support that in our Cortex-M33 model anyway.)
Peter Maydell [Fri, 1 Feb 2019 14:55:43 +0000 (14:55 +0000)]
hw/arm/armsse: Add unimplemented-device stubs for MHUs
The SSE-200 has two Message Handling Units (MHUs), which sit behind
the APB PPC0. Wire up some unimplemented-device stubs for these,
since we don't yet implement a real model of this device.
projects / qemu.git / log