* remotes/kraxel/tags/usb-20180618-pull-request:
Revert "bus: do not unref the added child bus on realize"
Revert "usb: release the created buses"
Revert "usb-ccid: fix bus leak"
Peter Maydell [Tue, 19 Jun 2018 10:15:27 +0000 (11:15 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-3.0-20180618' into staging
ppc patch queue 2018-06-18
Next batch of ppc and spapr related patches for the 3.0 release.
* Improved handling of Spectre/Meltdown mitigations for POWER8
* Numerous Mac machine type cleanups and improvements
* Cleanup to cpu realize/unrealize path for spapr
* Create a place for machine-specific per-cpu information, and
start moving some things to it
* Assorted bugfixes
* remotes/dgibson/tags/ppc-for-3.0-20180618: (28 commits)
spapr: fix xics_system_init() error path
target/ppc, spapr: Move VPA information to machine_data
ppc/pnv: introduce a pnv_chip_core_realize() routine
spapr_cpu_core: introduce spapr_create_vcpu()
spapr_cpu_core: add missing rollback on realization path
spapr_cpu_core: fix potential leak in spapr_cpu_core_realize()
spapr_cpu_core: convert last snprintf() to g_strdup_printf()
pnv: Add cpu unrealize path
pnv: Clean up cpu realize path
pnv_core: Allocate cpu thread objects individually
pnv: Fix some error handling cpu realize()
spapr: Clean up cpu realize/unrealize paths
sm501: Do not clear read only bits when writing registers
mos6522: expose mos6522_update_irq() through MOS6522DeviceClass
mos6522: remove additional interrupt flag filter from mos6522_update_irq()
mos6522: only clear the shift register interrupt upon write
xics_kvm: fix a build break
mac_newworld: add PMU device
adb: add property to disable direct reg 3 writes
adb: fix read reg 3 byte ordering
...
Gerd Hoffmann [Wed, 13 Jun 2018 12:29:45 +0000 (14:29 +0200)]
hw/display: add ramfb, a simple boot framebuffer living in guest ram
The boot framebuffer is expected to be configured by the firmware, so it
uses fw_cfg as interface. Initialization goes as follows:
(1) Check whenever etc/ramfb is present.
(2) Allocate framebuffer from RAM.
(3) Fill struct RAMFBCfg, write it to etc/ramfb.
Done. You can write stuff to the framebuffer now, and it should appear
automagically on the screen.
Note that this isn't very efficient because it does a full display
update on each refresh. No dirty tracking. Dirty tracking would have
to be active for the whole ram slot, so that wouldn't be very efficient
either. For a boot display which is active for a short time only this
isn't a big deal. As permanent guest display something better should be
used (if possible).
This is the ramfb core code. Some windup is needed for display devices
which want have a ramfb boot display.
Revert "bus: do not unref the added child bus on realize"
This is wrong. object_finalize_child_property()'s unref balances the
ref in object_property_add_child(). qbus_realize's unref balances the
ref that was initially placed by object_new/object_initialize.
Greg Kurz [Fri, 15 Jun 2018 16:58:00 +0000 (18:58 +0200)]
spapr: fix xics_system_init() error path
Commit 3d85885a1b1f3 tried to fix error handling, but it actually
went into the wrong direction by dropping the local Error *.
In the default KVM case, the rationale is to try the in-kernel XICS first,
and if not possible, to fallback to userland XICS. Passing errp everywhere
makes this fallback impossible if errp is &error_fatal (which happens to
be the case). And anyway, if the caller would pass a regular &local_err,
things would be worse: we could possibly pass an already set *errp to
error_setg() and crash, or return an error even in case of success.
So we definitely need a local Error * and only propagate it when we're
done with the fallback logic. This is what this patch does.
David Gibson [Wed, 13 Jun 2018 06:22:18 +0000 (16:22 +1000)]
target/ppc, spapr: Move VPA information to machine_data
CPUPPCState currently contains a number of fields containing the state of
the VPA. The VPA is a PAPR specific concept covering several guest/host
shared memory areas used to communicate some information with the
hypervisor.
As a PAPR concept this is really machine specific information, although it
is per-cpu, so it doesn't really belong in the core CPU state structure.
There's also other information that's per-cpu, but platform/machine
specific. So create a (void *)machine_data in PowerPCCPU which can be
used by the machine to locate per-cpu data. Intialization, lifetime and
cleanup of machine_data is entirely up to the machine type.
Cédric Le Goater [Thu, 14 Jun 2018 14:00:41 +0000 (16:00 +0200)]
ppc/pnv: introduce a pnv_chip_core_realize() routine
This extracts from the PvChip realize routine the part creating the
cores. On Power9, we will need to create the cores after the Xive
interrupt controller is created.
Greg Kurz [Thu, 14 Jun 2018 21:50:42 +0000 (23:50 +0200)]
spapr_cpu_core: add missing rollback on realization path
The spapr_realize_vcpu() function doesn't rollback in case of error.
This isn't a problem with coldplugged CPUs because the machine won't
start and QEMU will exit. Hotplug is a different story though: the
CPU thread is started under object_property_set_bool() and it assumes
it can access the CPU object.
If icp_create() fails, we return an error without unregistering the
reset handler for this CPU, and we let the underlying QEMU thread for
this CPU alive. Since spapr_cpu_core_realize() doesn't care to unrealize
already realized CPUs either, but happily frees all of them anyway, the
CPU thread crashes instantly:
(qemu) device_add host-spapr-cpu-core,core-id=1,id=gku
GKU: failing icp_create (cpu 0x11497fd0)
^^^^^^^^^^
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffee3feaa0 (LWP 24725)]
0x00000000104c8374 in object_dynamic_cast_assert (obj=0x11497fd0,
^^^^^^^^^^^^^^
pointer to the CPU object
623 trace_object_dynamic_cast_assert(obj ? obj->class->type->name
(gdb) p obj->class->type
$1 = (Type) 0x0
(gdb) p * obj
$2 = {class = 0x10ea9c10, free = 0x11244620,
^^^^^^^^^^
should be g_free
(gdb) p g_free
$3 = {<text variable, no debug info>} 0x7ffff282bef0 <g_free>
obj is a dangling pointer to the CPU that was just destroyed in
spapr_cpu_core_realize().
This patch adds proper rollback to both spapr_realize_vcpu() and
spapr_cpu_core_realize().
Signed-off-by: Greg Kurz <[email protected]>
[dwg: Fixed a conflict due to a change in my tree] Signed-off-by: David Gibson <[email protected]>
Greg Kurz [Thu, 14 Jun 2018 21:50:27 +0000 (23:50 +0200)]
spapr_cpu_core: fix potential leak in spapr_cpu_core_realize()
Commit 94ad93bd97684 (QEMU 2.12) switched to instantiate CPUs separately
but it missed to adapt the error path accordingly. If something fails in
the CPU creation loop, then the CPU object that was just created is leaked.
The error paths in this function are a bit obfuscated, and adding
yet another label to free this CPU object makes it worse. We should
move the block of the loop to a separate function, with a proper
rollback path, but this is a bigger cleanup.
For now, let's just fix the bug by adding the missing calls to
object_unref(). This will allow easier backport to older QEMU
versions.
David Gibson [Wed, 13 Jun 2018 02:08:42 +0000 (12:08 +1000)]
pnv: Add cpu unrealize path
Currently we don't have any unrealize path for pnv cpu cores. We get away
with this because we don't yet support cpu hotplug for pnv.
However, we're going to want it eventually, and in the meantime, it makes
it non-obvious why there are a bunch of allocations on the realize() path
that don't have matching frees.
David Gibson [Wed, 13 Jun 2018 03:34:36 +0000 (13:34 +1000)]
pnv: Clean up cpu realize path
pnv_cpu_init() is only called from the the pnv cpu core realize path, and
really only can be called from there. So fold it into its caller, which
we also rename for brevity.
David Gibson [Wed, 13 Jun 2018 01:57:37 +0000 (11:57 +1000)]
pnv_core: Allocate cpu thread objects individually
Currently, we allocate space for all the cpu objects within a single core
in one big block. This was copied from an older version of the spapr code
and requires some ugly pointer manipulation to extract the individual
objects.
This design was due to a misunderstanding of qemu lifetime conventions and
has already been changed in spapr (in 94ad93bd "spapr_cpu_core: instantiate
CPUs separately".
Make an equivalent change in pnv_core to get rid of the nasty pointer
arithmetic.
David Gibson [Wed, 13 Jun 2018 01:55:31 +0000 (11:55 +1000)]
pnv: Fix some error handling cpu realize()
In pnv_core_realize() we call two functions with an Error * parameter in
succession, which will go badly if they both cause errors. In fact, a
failure in either of them indicates a qemu internal error, so we can just
use &error_abort in both cases.
David Gibson [Wed, 13 Jun 2018 01:48:26 +0000 (11:48 +1000)]
spapr: Clean up cpu realize/unrealize paths
spapr_cpu_init() and spapr_cpu_destroy() are only called from the spapr
cpu core realize/unrealize paths, and really can only be called from there.
Those are all short functions, so fold the pairs together for simplicity.
While we're there rename some functions and change some parameter types
for brevity and clarity.
BALATON Zoltan [Thu, 14 Jun 2018 00:17:00 +0000 (02:17 +0200)]
sm501: Do not clear read only bits when writing registers
When writing registers that have read only bits we have to avoid
changing these bits as they may have non zero values. Make sure we use
the correct masks to mask out read only and reserved bits when
changing registers.
Also remove extra spaces from dram_control and arbitration_control
assignments.
Mark Cave-Ayland [Wed, 13 Jun 2018 08:30:15 +0000 (09:30 +0100)]
mos6522: expose mos6522_update_irq() through MOS6522DeviceClass
In the case where we have an interrupt generated externally from inputs to
bits 1 and 2 of port A and/or port B, it is necessary to expose
mos6522_update_irq() so it can be called by the interrupt source.
Mark Cave-Ayland [Wed, 13 Jun 2018 08:30:14 +0000 (09:30 +0100)]
mos6522: remove additional interrupt flag filter from mos6522_update_irq()
The datasheet indicates that the interrupt is generated by ANDing the
interrupt flags register (IFR) with the interrupt enable register (IER)
but currently there is an extra filter for the SR and timer interrupts.
Remove this extra filter to allow interrupts to be generated by external
inputs on bits 1 and 2 of ports A and B.
Cédric Le Goater [Tue, 12 Jun 2018 10:11:35 +0000 (12:11 +0200)]
xics_kvm: fix a build break
On CentOS 7.5, gcc-4.8.5-28.el7_5.1.ppc64le fails to build QEMU due to :
hw/intc/xics_kvm.c: In function ‘ics_set_kvm_state’:
hw/intc/xics_kvm.c:281:13: error: ‘ret’ may be used uninitialized in this
function [-Werror=maybe-uninitialized]
return ret;
Fix the breakage and also remove the extra error reporting as
kvm_device_access() already provides a substantial error message.
Mark Cave-Ayland [Tue, 12 Jun 2018 16:44:01 +0000 (17:44 +0100)]
adb: add property to disable direct reg 3 writes
MacOS 9 has a bug in its PMU driver whereby after configuring the ADB bus
devices it sends another write to reg 3 on both devices resetting them
both back to the same address.
Add a new disable_direct_reg3_writes property to ADBDevice to disable these
direct writes which can enabled just for the upcoming pmu-adb support.
Mark Cave-Ayland [Tue, 12 Jun 2018 16:44:00 +0000 (17:44 +0100)]
adb: fix read reg 3 byte ordering
According to the Apple ADB documentation, register 3 is a 2-byte register
with the device address in the first byte, and the handler ID in the second
byte.
This is currently the opposite away to which QEMU returns them so switch the
order around.
Mark Cave-Ayland [Tue, 12 Jun 2018 16:43:57 +0000 (17:43 +0100)]
mac_newworld: add via machine option to control mac99 VIA/ADB configuration
This option allows the VIA configuration to be controlled between 3
different possible setups: cuda, pmu-adb and pmu with USB rather than ADB
keyboard/mouse.
For the moment we don't do anything with the configuration except to pass
it to the macio device (the via-cuda parent) and also to the firmware via
the fw_cfg interface so that it can present the correct device tree.
The default is cuda which is the current default and so will have no
change in behaviour.
Greg Kurz [Tue, 12 Jun 2018 17:01:26 +0000 (19:01 +0200)]
spapr: fix leak in h_client_architecture_support()
If the negotiated compat mode can't be set, but raw mode is supported,
we decide to ignore the error. An so, we should free it to prevent a
memory leak.
ppc/spapr_caps: Don't disable cap_cfpc on POWER8 by default
In default_caps_with_cpu() we set spapr_cap_cfpc to broken for POWER8
processors and before.
Since we no longer require private l1d cache on POWER8 for this cap to
be set to workaround change this to default to broken for POWER7
processors and before.
Cleber Rosa [Wed, 30 May 2018 18:41:56 +0000 (14:41 -0400)]
Acceptance tests: add Linux kernel boot and console checking test
This test boots a Linux kernel, and checks that the given command
line was effective in two ways:
* It makes the kernel use the set "console device" as a console
* The kernel records the command line as expected in the console
Given that way too many error conditions may occur, and detecting the
kernel boot progress status may not be trivial, this test relies on a
timeout to handle unexpected situations. Also, it's *not* tagged as a
quick test for obvious reasons.
It may be useful, while interactively running/debugging this test, or
tests similar to this one, to show some of the logging channels.
Example:
$ avocado --show=QMP,console run boot_linux_console.py
Cleber Rosa [Wed, 30 May 2018 18:41:55 +0000 (14:41 -0400)]
scripts/qemu.py: introduce set_console() method
The set_console() method is intended to ease higher level use cases
that require a console device.
The amount of intelligence is limited on purpose, requiring either the
device type explicitly, or the existence of a machine (pattern)
definition.
Because of the console device type selection criteria (by machine
type), users should also be able to define that. It'll then be used
for both '-machine' and for the console device type selection.
Users of the set_console() method will certainly be interested in
accessing the console device, and for that a console_socket property
has been added.
Eduardo Habkost [Mon, 11 Jun 2018 18:01:52 +0000 (15:01 -0300)]
Remove COPYING.PYTHON
The COPYING.PYTHON file was added when we added the compatibility
argparse.py module, which was licensed under the Python Software
Foundation License Version 2.
Now the compatibility argparse.py module was removed, and we are
not carrying any code under that license anymore. Remove
COPYING.PYTHON.
Peter Maydell [Fri, 15 Jun 2018 15:30:27 +0000 (16:30 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches:
- Fix options that work only with -drive or -blockdev, but not with
both, because of QDict type confusion
- rbd: Add options 'auth-client-required' and 'key-secret'
- Remove deprecated -drive options serial/addr/cyls/heads/secs/trans
- rbd, iscsi: Remove deprecated 'filename' option
- Fix 'qemu-img map' crash with unaligned image size
- Improve QMP documentation for jobs
# gpg: Signature made Fri 15 Jun 2018 15:20:03 BST
# gpg: using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <[email protected]>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream: (26 commits)
block: Remove dead deprecation warning code
block: Remove deprecated -drive option serial
block: Remove deprecated -drive option addr
block: Remove deprecated -drive geometry options
rbd: New parameter key-secret
rbd: New parameter auth-client-required
block: Fix -blockdev / blockdev-add for empty objects and arrays
check-block-qdict: Cover flattening of empty lists and dictionaries
check-block-qdict: Rename qdict_flatten()'s variables for clarity
block-qdict: Simplify qdict_is_list() some
block-qdict: Clean up qdict_crumple() a bit
block-qdict: Tweak qdict_flatten_qdict(), qdict_flatten_qlist()
block-qdict: Simplify qdict_flatten_qdict()
block: Make remaining uses of qobject input visitor more robust
block: Factor out qobject_input_visitor_new_flat_confused()
block: Clean up a misuse of qobject_to() in .bdrv_co_create_opts()
block: Fix -drive for certain non-string scalars
block: Fix -blockdev for certain non-string scalars
qobject: Move block-specific qdict code to block-qdict.c
block: Add block-specific QDict header
...
Peter Maydell [Fri, 15 Jun 2018 14:27:48 +0000 (15:27 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180615' into staging
target-arm and miscellaneous queue:
* fix KVM state save/restore for GICv3 priority registers for high IRQ numbers
* hw/arm/mps2-tz: Put ethernet controller behind PPC
* hw/sh/sh7750: Convert away from old_mmio
* hw/m68k/mcf5206: Convert away from old_mmio
* hw/block/pflash_cfi02: Convert away from old_mmio
* hw/watchdog/wdt_i6300esb: Convert away from old_mmio
* hw/input/pckbd: Convert away from old_mmio
* hw/char/parallel: Convert away from old_mmio
* armv7m: refactor to get rid of armv7m_init() function
* arm: Don't crash if user tries to use a Cortex-M CPU without an NVIC
* hw/core/or-irq: Support more than 16 inputs to an OR gate
* cpu-defs.h: Document CPUIOTLBEntry 'addr' field
* cputlb: Pass cpu_transaction_failed() the correct physaddr
* CODING_STYLE: Define our preferred form for multiline comments
* Add and use new stn_*_p() and ldn_*_p() memory access functions
* target/arm: More parts of the upcoming SVE support
* aspeed_scu: Implement RNG register
* m25p80: add support for two bytes WRSR for Macronix chips
* exec.c: Handle IOMMUs being in the path of TCG CPU memory accesses
* target/arm: Allow ARMv6-M Thumb2 instructions
* remotes/pmaydell/tags/pull-target-arm-20180615: (43 commits)
target/arm: Allow ARMv6-M Thumb2 instructions
exec.c: Handle IOMMUs in address_space_translate_for_iotlb()
iommu: Add IOMMU index argument to translate method
iommu: Add IOMMU index argument to notifier APIs
iommu: Add IOMMU index concept to IOMMU API
m25p80: add support for two bytes WRSR for Macronix chips
aspeed_scu: Implement RNG register
target/arm: Implement SVE Floating Point Arithmetic - Unpredicated Group
target/arm: Implement SVE Integer Wide Immediate - Unpredicated Group
target/arm: Implement FDUP/DUP
target/arm: Implement SVE Integer Compare - Scalars Group
target/arm: Implement SVE Predicate Count Group
target/arm: Implement SVE Partition Break Group
target/arm: Implement SVE Integer Compare - Immediate Group
target/arm: Implement SVE Integer Compare - Vectors Group
target/arm: Implement SVE Select Vectors Group
target/arm: Implement SVE vector splice (predicated)
target/arm: Implement SVE reverse within elements
target/arm: Implement SVE copy to vector (predicated)
target/arm: Implement SVE conditionally broadcast/extract element
...
Julia Suvorova [Fri, 15 Jun 2018 13:57:16 +0000 (14:57 +0100)]
target/arm: Allow ARMv6-M Thumb2 instructions
ARMv6-M supports 6 Thumb2 instructions. This patch checks for these
instructions and allows their execution.
Like Thumb2 cores, ARMv6-M always interprets BL instruction as 32-bit.
This patch is required for future Cortex-M0 support.
Peter Maydell [Fri, 15 Jun 2018 13:57:16 +0000 (14:57 +0100)]
exec.c: Handle IOMMUs in address_space_translate_for_iotlb()
Currently we don't support board configurations that put an IOMMU
in the path of the CPU's memory transactions, and instead just
assert() if the memory region fonud in address_space_translate_for_iotlb()
is an IOMMUMemoryRegion.
Remove this limitation by having the function handle IOMMUs.
This is mostly straightforward, but we must make sure we have
a notifier registered for every IOMMU that a transaction has
passed through, so that we can flush the TLB appropriately
when any of the IOMMUs change their mappings.
Peter Maydell [Fri, 15 Jun 2018 13:57:16 +0000 (14:57 +0100)]
iommu: Add IOMMU index argument to translate method
Add an IOMMU index argument to the translate method of
IOMMUs. Since all of our current IOMMU implementations
support only a single IOMMU index, this has no effect
on the behaviour.
Peter Maydell [Fri, 15 Jun 2018 13:57:16 +0000 (14:57 +0100)]
iommu: Add IOMMU index argument to notifier APIs
Add support for multiple IOMMU indexes to the IOMMU notifier APIs.
When initializing a notifier with iommu_notifier_init(), the caller
must pass the IOMMU index that it is interested in. When a change
happens, the IOMMU implementation must pass
memory_region_notify_iommu() the IOMMU index that has changed and
that notifiers must be called for.
IOMMUs which support only a single index don't need to change.
Callers which only really support working with IOMMUs with a single
index can use the result of passing MEMTXATTRS_UNSPECIFIED to
memory_region_iommu_attrs_to_index().
Peter Maydell [Fri, 15 Jun 2018 13:57:15 +0000 (14:57 +0100)]
iommu: Add IOMMU index concept to IOMMU API
If an IOMMU supports mappings that care about the memory
transaction attributes, then it no longer has a unique
address -> output mapping, but more than one. We can
represent these using an IOMMU index, analogous to TCG's
mmu indexes.
Cédric Le Goater [Fri, 15 Jun 2018 13:57:15 +0000 (14:57 +0100)]
m25p80: add support for two bytes WRSR for Macronix chips
On Macronix chips, two bytes can written to the WRSR. First byte will
configure the status register and the second the configuration
register. It is important to save the configuration value as it
contains the dummy cycle setting when using dual or quad IO mode.
Joel Stanley [Fri, 15 Jun 2018 13:57:15 +0000 (14:57 +0100)]
aspeed_scu: Implement RNG register
The ASPEED SoCs contain a single register that returns random data when
read. This models that register so that guests can use it.
The random number data register has a corresponding control register,
however it returns data regardless of the state of the enabled bit, so
the model follows this behaviour.
When the qcrypto call fails we exit as the guest uses the random number
device to feed it's entropy pool, which is used for cryptographic
purposes.
Rearrange the arithmetic so that we are agnostic about the total size
of the vector and the size of the element. This will allow us to index
up to the 32nd byte and with 16-byte elements.
Peter Maydell [Fri, 15 Jun 2018 13:57:14 +0000 (14:57 +0100)]
exec.c: Don't accidentally sign-extend 4-byte loads in subpage_read()
In subpage_read() we perform a load of the data into a local buffer
which we then access using ldub_p(), lduw_p(), ldl_p() or ldq_p()
depending on its size, storing the result into the uint64_t *data.
Since ldl_p() returns an 'int', this means that for the 4-byte
case we will sign-extend the data, whereas for 1 and 2 byte
reads we zero-extend it.
This ought not to matter since the caller will likely ignore values in
the high bytes of the data, but add a cast so that we're consistent.
Peter Maydell [Fri, 15 Jun 2018 13:57:14 +0000 (14:57 +0100)]
bswap: Add new stn_*_p() and ldn_*_p() memory access functions
There's a common pattern in QEMU where a function needs to perform
a data load or store of an N byte integer in a particular endianness.
At the moment this is handled by doing a switch() on the size and
calling the appropriate ld*_p or st*_p function for each size.
Provide a new family of functions ldn_*_p() and stn_*_p() which
take the size as an argument and do the switch() themselves.
Peter Maydell [Fri, 15 Jun 2018 13:57:14 +0000 (14:57 +0100)]
CODING_STYLE: Define our preferred form for multiline comments
The codebase has a bit of a mix of different multiline
comment styles. State a preference for the Linux kernel
style:
/*
* Star on the left for each line.
* Leading slash-star and trailing star-slash
* each go on a line of their own.
*/
Peter Maydell [Fri, 15 Jun 2018 13:57:14 +0000 (14:57 +0100)]
cputlb: Pass cpu_transaction_failed() the correct physaddr
The API for cpu_transaction_failed() says that it takes the physical
address for the failed transaction. However we were actually passing
it the offset within the target MemoryRegion. We don't currently
have any target CPU implementations of this hook that require the
physical address; fix this bug so we don't get confused if we ever
do add one.
Peter Maydell [Fri, 15 Jun 2018 13:57:14 +0000 (14:57 +0100)]
cpu-defs.h: Document CPUIOTLBEntry 'addr' field
The 'addr' field in the CPUIOTLBEntry struct has a rather non-obvious
use; add a comment documenting it (reverse-engineered from what
the code that sets it is doing).
Peter Maydell [Fri, 15 Jun 2018 13:57:14 +0000 (14:57 +0100)]
hw/core/or-irq: Support more than 16 inputs to an OR gate
For the IoTKit MPC support, we need to wire together the
interrupt outputs of 17 MPCs; this exceeds the current
value of MAX_OR_LINES. Increase MAX_OR_LINES to 32 (which
should be enough for anyone).
The tricky part is retaining the migration compatibility for
existing OR gates; we add a subsection which is only used
for larger OR gates, and define it such that we can freely
increase MAX_OR_LINES in future (or even move to a dynamically
allocated levels[] array without an upper size limit) without
breaking compatibility.
Peter Maydell [Fri, 15 Jun 2018 13:57:13 +0000 (14:57 +0100)]
arm: Don't crash if user tries to use a Cortex-M CPU without an NVIC
The Cortex-M CPU and its NVIC are two intimately intertwined parts of
the same hardware; it is not possible to use one without the other.
Unfortunately a lot of our board models don't do any sanity checking
on the CPU type the user asks for, so a command line like
qemu-system-arm -M versatilepb -cpu cortex-m3
will create an M3 without an NVIC, and coredump immediately.
In the other direction, trying a non-M-profile CPU in an M-profile
board won't blow up, but doesn't do anything useful either:
qemu-system-arm -M lm3s6965evb -cpu arm926
Add some checking in the NVIC and CPU realize functions that the
user isn't trying to use an NVIC without an M-profile CPU or
an M-profile CPU without an NVIC, so we can produce a helpful
error message rather than a core dump.
Peter Maydell [Fri, 15 Jun 2018 13:57:13 +0000 (14:57 +0100)]
hw/arm/armv7m: Remove unused armv7m_init() function
Remove the now-unused armv7m_init() function. This was a legacy from
before we properly QOMified ARMv7M, and it has some flaws:
* it combines work that needs to be done by an SoC object (creating
and initializing the TYPE_ARMV7M object) with work that needs to
be done by the board model (setting the system up to load the ELF
file specified with -kernel)
* TYPE_ARMV7M creation failure is fatal, but an SoC object wants to
arrange to propagate the failure outward
* it uses allocate-and-create via qdev_create() whereas the current
preferred style for SoC objects is to do creation in-place
Board and SoC models can instead do the two jobs this function
was doing themselves, in the right places and with whatever their
preferred style/error handling is.
Peter Maydell [Fri, 15 Jun 2018 13:57:13 +0000 (14:57 +0100)]
stellaris: Stop using armv7m_init()
The stellaris board is still using the legacy armv7m_init() function,
which predates conversion of the ARMv7M into a proper QOM container
object. Make the board code directly create the ARMv7M object instead.
Peter Maydell [Fri, 15 Jun 2018 13:57:13 +0000 (14:57 +0100)]
hw/char/parallel: Convert away from old_mmio
Convert the parallel device away from using the old_mmio field
of MemoryRegionOps. This change only affects the memory-mapped
variant, which is used by the MIPS Jazz boards 'magnum' and 'pica61'.
Peter Maydell [Fri, 15 Jun 2018 13:57:13 +0000 (14:57 +0100)]
hw/input/pckbd: Convert away from old_mmio
Convert the pckbd device away from using the old_mmio field
of MemoryRegionOps. This change only affects the memory-mapped
variant of the i8042, which is used by the Unicore32 'puv3'
board and the MIPS Jazz boards 'magnum' and 'pica61'.
Peter Maydell [Fri, 15 Jun 2018 13:57:13 +0000 (14:57 +0100)]
hw/arm/mps2-tz: Put ethernet controller behind PPC
The ethernet controller in the AN505 MPC FPGA image is behind
the same AHB Peripheral Protection Controller that handles
the graphics and GPIOs. (In the documentation this is clear
in the block diagram but the ethernet controller was omitted
from the table listing devices connected to the PPC.)
The ethernet sits behind AHB PPCEXP0 interface 5. We had
incorrectly claimed that this was a "gpio4", but there are
only 4 GPIOs in this image.
Shannon Zhao [Fri, 15 Jun 2018 13:57:13 +0000 (14:57 +0100)]
arm_gicv3_kvm: kvm_dist_get/put_priority: skip the registers banked by GICR_IPRIORITYR
While for_each_dist_irq_reg loop starts from GIC_INTERNAL, it forgot to
offset the date array and index. This will overlap the GICR registers
value and leave the last GIC_INTERNAL irq's registers out of update.
Balamuruhan S [Tue, 12 Jun 2018 08:50:09 +0000 (14:20 +0530)]
migration: calculate expected_downtime with ram_bytes_remaining()
expected_downtime value is not accurate with dirty_pages_rate * page_size,
using ram_bytes_remaining() would yeild it resonable.
consider to read the remaining ram just after having updated the dirty
pages count later migration_bitmap_sync_range() in migration_bitmap_sync()
and reuse the `remaining` field in ram_counters to hold ram_bytes_remaining()
for calculating expected_downtime.
migration/postcopy: Wake rate limit sleep on postcopy request
Use the 'urgent request' mechanism added in the previous patch
for entries added to the postcopy request queue for RAM. Ignore
the rate limiting while we have requests.
Rate limiting sleeps the migration thread for a while when it runs
out of bandwidth; but sometimes we want to wake up to get on with
something more urgent (like a postcopy request). Here we use
a semaphore with a timedwait instead of a simple sleep; Incrementing
the sempahore will wake it up sooner. Anything that consumes
these urgent events must decrement the sempahore.
Limit the background transfer bandwidth during the postcopy
phase to the value set on this new parameter. The default, 0,
corresponds to the existing behaviour which is unlimited bandwidth.
projects / qemu.git / log