Peter Maydell [Thu, 19 Nov 2020 21:56:02 +0000 (21:56 +0000)]
target/arm: Implement FPCXT_S fp system register
Implement the new-in-v8.1M FPCXT_S floating point system register.
This is for saving and restoring the secure floating point context,
and it reads and writes bits [27:0] from the FPSCR and the
CONTROL.SFPA bit in bit [31].
Peter Maydell [Thu, 19 Nov 2020 21:56:01 +0000 (21:56 +0000)]
target/arm: Factor out preserve-fp-state from full_vfp_access_check()
Factor out the code which handles M-profile lazy FP state preservation
from full_vfp_access_check(); accesses to the FPCXT_NS register are
a special case which need to do just this part (corresponding in the
pseudocode to the PreserveFPState() function), and not the full
set of actions matching the pseudocode ExecuteFPCheck() which
normal FP instructions need to do.
Peter Maydell [Thu, 19 Nov 2020 21:56:00 +0000 (21:56 +0000)]
target/arm: Use new FPCR_NZCV_MASK constant
We defined a constant name for the mask of NZCV bits in the FPCR/FPSCR
in the previous commit; use it in a couple of places in existing code,
where we're masking out everything except NZCV for the "load to Rt=15
sets CPSR.NZCV" special case.
Peter Maydell [Thu, 19 Nov 2020 21:55:59 +0000 (21:55 +0000)]
target/arm: Implement M-profile FPSCR_nzcvqc
v8.1M defines a new FP system register FPSCR_nzcvqc; this behaves
like the existing FPSCR, except that it reads and writes only bits
[31:27] of the FPSCR (the N, Z, C, V and QC flag bits). (Unlike the
FPSCR, the special case for Rt=15 of writing the CPSR.NZCV is not
permitted.)
Implement the register. Since we don't yet implement MVE, we handle
the QC bit as RES0, with todo comments for where we will need to add
support later.
Peter Maydell [Thu, 19 Nov 2020 21:55:57 +0000 (21:55 +0000)]
target/arm: Move general-use constant expanders up in translate.c
The constant-expander functions like negate, plus_2, etc, are
generally useful; move them up in translate.c so we can use them in
the VFP/Neon decoders as well as in the A32/T32/T16 decoders.
Peter Maydell [Thu, 19 Nov 2020 21:55:56 +0000 (21:55 +0000)]
target/arm: Refactor M-profile VMSR/VMRS handling
Currently M-profile borrows the A-profile code for VMSR and VMRS
(access to the FP system registers), because all it needs to support
is the FPSCR. In v8.1M things become significantly more complicated
in two ways:
* there are several new FP system registers; some have side effects
on read, and one (FPCXT_NS) needs to avoid the usual
vfp_access_check() and the "only if FPU implemented" check
* all sysregs are now accessible both by VMRS/VMSR (which
reads/writes a general purpose register) and also by VLDR/VSTR
(which reads/writes them directly to memory)
Refactor the structure of how we handle VMSR/VMRS to cope with this:
* keep the M-profile code entirely separate from the A-profile code
* abstract out the "read or write the general purpose register" part
of the code into a loadfn or storefn function pointer, so we can
reuse it for VLDR/VSTR.
For M-profile before v8.1M, the only valid register for VMSR/VMRS is
the FPSCR. We have a comment that states this, but the actual logic
to forbid accesses for any other register value is missing, so we
would end up with A-profile style behaviour. Add the missing check.
Peter Maydell [Thu, 19 Nov 2020 21:55:53 +0000 (21:55 +0000)]
target/arm: Implement VSCCLRM insn
Implement the v8.1M VSCCLRM insn, which zeros floating point
registers if there is an active floating point context.
This requires support in write_neon_element32() for the MO_32
element size, so add it.
Because we want to use arm_gen_condlabel(), we need to move
the definition of that function up in translate.c so it is
before the #include of translate-vfp.c.inc.
Peter Maydell [Thu, 19 Nov 2020 21:55:52 +0000 (21:55 +0000)]
target/arm: Don't clobber ID_PFR1.Security on M-profile cores
In arm_cpu_realizefn() we check whether the board code disabled EL3
via the has_el3 CPU object property, which we create if the CPU
starts with the ARM_FEATURE_EL3 feature bit. If it is disabled, then
we turn off ARM_FEATURE_EL3 and also zero out the relevant fields in
the ID_PFR1 and ID_AA64PFR0 registers.
This codepath was incorrectly being taken for M-profile CPUs, which
do not have an EL3 and don't set ARM_FEATURE_EL3, but which may have
the M-profile Security extension and so should have non-zero values
in the ID_PFR1.Security field.
Restrict the handling of the feature flag to A/R-profile cores.
Peter Maydell [Thu, 19 Nov 2020 21:55:51 +0000 (21:55 +0000)]
target/arm: Implement v8.1M PXN extension
In v8.1M the PXN architecture extension adds a new PXN bit to the
MPU_RLAR registers, which forbids execution of code in the region
from a privileged mode.
This is another feature which is just in the generic "in v8.1M" set
and has no ID register field indicating its presence.
Peter Maydell [Thu, 19 Nov 2020 21:55:50 +0000 (21:55 +0000)]
hw/intc/armv7m_nvic: Make all of system PPB range be RAZWI/BusFault
For M-profile CPUs, the range from 0xe0000000 to 0xe00fffff is the
Private Peripheral Bus range, which includes all of the memory mapped
devices and registers that are part of the CPU itself, including the
NVIC, systick timer, and debug and trace components like the Data
Watchpoint and Trace unit (DWT). Within this large region, the range
0xe000e000 to 0xe000efff is the System Control Space (NVIC, system
registers, systick) and 0xe002e000 to 0exe002efff is its Non-secure
alias.
The architecture is clear that within the SCS unimplemented registers
should be RES0 for privileged accesses and generate BusFault for
unprivileged accesses, and we currently implement this.
It is less clear about how to handle accesses to unimplemented
regions of the wider PPB. Unprivileged accesses should definitely
cause BusFaults (R_DQQS), but the behaviour of privileged accesses is
not given as a general rule. However, the register definitions of
individual registers for components like the DWT all state that they
are RES0 if the relevant component is not implemented, so the
simplest way to provide that is to provide RAZ/WI for the whole range
for privileged accesses. (The v7M Arm ARM does say that reserved
registers should be UNK/SBZP.)
Expand the container MemoryRegion that the NVIC exposes so that
it covers the whole PPB space. This means:
* moving the address that the ARMV7M device maps it to down by
0xe000 bytes
* moving the off and the offsets within the container of all the
subregions forward by 0xe000 bytes
* adding a new default MemoryRegion that covers the whole container
at a lower priority than anything else and which provides the
RAZWI/BusFault behaviour
Vikram Garhwal [Wed, 18 Nov 2020 19:48:45 +0000 (11:48 -0800)]
tests/qtest: Introduce tests for Xilinx ZynqMP CAN controller
The QTests perform five tests on the Xilinx ZynqMP CAN controller:
Tests the CAN controller in loopback, sleep and snoop mode.
Tests filtering of incoming CAN messages.
Vikram Garhwal [Wed, 18 Nov 2020 19:48:43 +0000 (11:48 -0800)]
hw/net/can: Introduce Xilinx ZynqMP CAN controller
The Xilinx ZynqMP CAN controller is developed based on SocketCAN, QEMU CAN bus
implementation. Bus connection and socketCAN connection for each CAN module
can be set through command lines.
Example for using single CAN:
-object can-bus,id=canbus0 \
-machine xlnx-zcu102.canbus0=canbus0 \
-object can-host-socketcan,id=socketcan0,if=vcan0,canbus=canbus0
Example for connecting both CAN to same virtual CAN on host machine:
-object can-bus,id=canbus0 -object can-bus,id=canbus1 \
-machine xlnx-zcu102.canbus0=canbus0 \
-machine xlnx-zcu102.canbus1=canbus1 \
-object can-host-socketcan,id=socketcan0,if=vcan0,canbus=canbus0 \
-object can-host-socketcan,id=socketcan1,if=vcan0,canbus=canbus1
To create virtual CAN on the host machine, please check the QEMU CAN docs:
https://github.com/qemu/qemu/blob/master/docs/can.txt
Igor Mammedov [Mon, 7 Dec 2020 14:07:36 +0000 (09:07 -0500)]
x86: acpi: let the firmware handle pending "CPU remove" events in SMM
if firmware and QEMU negotiated CPU hotunplug support, generate
_EJ0 method so that it will mark CPU for removal by firmware and
pass control to it by triggering SMI.
Adds bit #4 to status/control field of CPU hotplug MMIO interface.
New bit will be used OSPM to mark CPUs as pending for removal by firmware,
when it calls _EJ0 method on CPU device node. Later on, when firmware
sees this bit set, it will perform CPU eject which will clear bit #4
as well.
* remotes/huth-gitlab/tags/pull-request-2020-12-09:
hw/m68k/mcf5206: Don't leak IRQs in mcf5206_mbar_realize()
gitlab-ci: Move coroutine tests across to gitlab
gitlab-ci: Move user-static test across to gitlab
gitlab-ci: Update 'build-disabled' to cover all configurable options
gitlab-ci: Split CONFIGURE_ARGS one argument per line for build-disabled
fuzz: avoid double-fetches by default
tests/qtest/fuzz-test: Quit test_lp1878642 once done
test-qga: fix a resource leak in test_qga_guest_get_osinfo()
gitlab-ci: Add Xen cross-build jobs
gitlab-ci: Add KVM s390x cross-build jobs
gitlab-ci: Introduce 'cross_accel_build_job' template
gitlab-ci: Replace YAML anchors by extends (cross_system_build_job)
gitlab-ci: Document 'build-tcg-disabled' is a KVM X86 job
Peter Maydell [Fri, 20 Nov 2020 17:23:14 +0000 (17:23 +0000)]
hw/m68k/mcf5206: Don't leak IRQs in mcf5206_mbar_realize()
Coverity points out that the realize function for the TYPE_MCF5206_MBAR
device leaks the IRQ array it allocates with qemu_allocate_irqs().
Keep a pointer to it in the device state struct to avoid the leak.
(Since it needs to stay around for the life of the simulation there
is no need to actually free it, and the leak was harmless.)
gitlab-ci: Split CONFIGURE_ARGS one argument per line for build-disabled
We will keep adding/removing options to our 'configure' script,
so for easier maintainability it makes sense to have CONFIGURE_ARGS
declared as one option per line. This way we can review diff easily
(or rebase/cherry-pick).
The generic fuzzer can find double-fetch bugs. However:
* We currently have no good way of producing qemu-system reproducers for
double-fetch bugs. Even if we can get developers to run the binary-blob
reproducers with the qemu-fuzz builds, we currently don't have a minimizer for
these reproducers, so they are usually not easy to follow.
* Often times the fuzzer will provide a reproducer containing a
double-fetch for a bug that can be reproduced without double-fetching.
Until we find a way to build nice double-fetch reproducers that
developers are willing to look at, lets tell OSS-Fuzz to avoid
double-fetches.
Undo the damage from commit 5f9ff1eff3 ("libvhost-user: Support tracking
inflight I/O in shared memory") which introduced glib dependency through
osdep.h inclusion.
libvhost-user.c tries to stay free from glib usage.
Use glibc memfd_create directly when available (assumed so when
MFD_ALLOW_SEALING is defined). A following commit will make the project
standalone and check for memfd API at configure time, instead of a
panic at runtime.
Juan Quintela [Wed, 18 Nov 2020 08:37:39 +0000 (09:37 +0100)]
failover: Rename to failover_find_primary_device()
This commit:
* Rename them to failover_find_primary_devices() so
- it starts with failover_
- it don't connect anything, just find the primary device
* Create documentation for the function
Juan Quintela [Wed, 18 Nov 2020 08:37:36 +0000 (09:37 +0100)]
failover: should_be_hidden() should take a bool
We didn't use at all the -1 value, and we don't really care. It was
only used for the cases when this is not the device that we are
searching for. And in that case we should not hide the device.
Once there, simplify virtio-Snet_primary_should_be_hidden.
Yubo Miao [Thu, 19 Nov 2020 01:48:39 +0000 (09:48 +0800)]
unit-test: The files changed.
The unit-test is seperated into three patches:
1. The files changed and list in bios-tables-test-allowed-diff.h
2. The unit-test
3. The binary file and clear bios-tables-test-allowed-diff.h
The ASL diff would also be listed.
Sice there are 1000+lines diff, some changes would be omitted.
Yubo Miao [Thu, 19 Nov 2020 01:48:38 +0000 (09:48 +0800)]
acpi: Align the size to 128k
If table size is changed between virt_acpi_build and
virt_acpi_build_update, the table size would not be updated to
UEFI, therefore, just align the size to 128kb, which is enough
and same with x86. It would warn if 64k is not enough and the
align size should be updated.
Yubo Miao [Thu, 19 Nov 2020 01:48:37 +0000 (09:48 +0800)]
acpi/gpex: Build tables for pxb
The resources of pxbs are obtained by crs_build and the resources
used by pxbs would be moved from the resources defined for host-bridge.
The resources for pxb are composed of following two parts:
1. The bar space of the pci-bridge/pcie-root-port behined it
2. The config space of devices behind it.
Yubo Miao [Thu, 19 Nov 2020 01:48:36 +0000 (09:48 +0800)]
acpi: Extract crs build form acpi_build.c
Extract crs build form acpi_build.c, the function could also be used
to build the crs for pxbs for arm. The resources are composed by two parts:
1. The bar space of pci-bridge/pcie-root-ports
2. The resources needed by devices behind PXBs.
The base and limit of memory/io are obtained from the config via two APIs:
pci_bridge_get_base and pci_bridge_get_limit
Jiahui Cen [Thu, 19 Nov 2020 01:48:34 +0000 (09:48 +0800)]
fw_cfg: Refactor extra pci roots addition
Extract extra pci roots addition from pc machine, which could be used by
other machines.
In order to make uefi get the extra roots, it is necessary to write extra
roots into fw_cfg. And only if the uefi knows there are extra roots,
the config spaces of devices behind the root could be obtained.
Yubo Miao [Thu, 19 Nov 2020 01:48:33 +0000 (09:48 +0800)]
acpi/gpex: Extract two APIs from acpi_dsdt_add_pci
Extract two APIs acpi_dsdt_add_pci_route_table and
acpi_dsdt_add_pci_osc from acpi_dsdt_add_pci. The first
API is used to specify the pci route table and the second
API is used to declare the operation system capabilities.
These two APIs would be used to specify the pxb-pcie in DSDT.
John Levon [Fri, 20 Nov 2020 18:51:07 +0000 (18:51 +0000)]
virtio: reset device on bad guest index in virtio_load()
If we find a queue with an inconsistent guest index value, explicitly mark the
device as needing a reset - and broken - via virtio_error().
There's at least one driver implementation - the virtio-win NetKVM driver - that
is able to handle a VIRTIO_CONFIG_S_NEEDS_RESET notification and successfully
restore the device to a working state. Other implementations do not correctly
handle this, but as the VQ is not in a functional state anyway, this is still
worth doing.
Eugenio Pérez [Mon, 16 Nov 2020 16:55:06 +0000 (17:55 +0100)]
memory: Skip bad range assertion if notifier is DEVIOTLB_UNMAP type
Device IOTLB invalidations can unmap arbitrary ranges, eiter outside of
the memory region or even [0, ~0ULL] for all the space. The assertion
could be hit by a guest, and rhel7 guest effectively hit it.
projects / qemu.git / log