* remotes/vivier/tags/m68k-for-3.0-pull-request:
target/m68k: Merge disas_m68k_insn into m68k_tr_translate_insn
target/m68k: Improve ending TB at page boundaries
target/m68k: Convert to TranslatorOps
target/m68k: Convert to DisasContextBase
target/m68k: Rename DISAS_UPDATE and gen_lookup_tb
target/m68k: Use lookup_and_goto_tb for DISAS_JUMP
target/m68k: Remove DISAS_JUMP_NEXT as unused
target/m68k: Replace DISAS_TB_JUMP with DISAS_NORETURN
target/m68k: Use DISAS_NORETURN for exceptions
Rather than limit total TB size to PAGE-32 bytes, end the TB when
near the end of a page. This should provide proper semantics of
SIGSEGV when executing near the end of a page.
* remotes/jnsnow/tags/ide-pull-request: (30 commits)
ide: introduce ide_transfer_start_norecurse
atapi: call ide_set_irq before ide_transfer_start
ide: make ide_transfer_stop idempotent
ide: call ide_cmd_done from ide_transfer_stop
ide: push end_transfer_func out of start_transfer callback, rename callback
ahci: move PIO Setup FIS before transfer, fix it for ATAPI commands
libqos/ahci: track sector size
MAINTAINERS: Add the cdrom-test to John's section
tests/cdrom-test: Test that -cdrom parameter is working
tests/cdrom-test: Test booting from CD-ROM ISO image file
tests/boot-sector: Add magic bytes to s390x boot code header
ahci: make ahci_mem_write traces more descriptive
ahci: delete old host register address definitions
ahci: adjust ahci_mem_write to work on registers
ahci: fix spacing damage on ahci_mem_write
ahci: make mem_read_32 traces more descriptive
ahci: modify ahci_mem_read_32 to work on register numbers
ahci: fix host register max address
ahci: add host register enumeration
ahci: delete old port register address definitions
...
target/m68k: Rename DISAS_UPDATE and gen_lookup_tb
The name gen_lookup_tb is at odds with tcg_gen_lookup_and_goto_tb.
For these cases, we do indeed want to exit back to the main loop.
Similarly, DISAS_UPDATE performs no actual update, whereas DISAS_EXIT
does what it says.
Paolo Bonzini [Wed, 6 Jun 2018 19:09:55 +0000 (15:09 -0400)]
ide: introduce ide_transfer_start_norecurse
For the case where the end_transfer_func is also the caller of
ide_transfer_start, the mutual recursion can lead to unlimited
stack usage. Introduce a new version that can be used to change
tail recursion into a loop, and use it in trace_ide_atapi_cmd_reply_end.
Paolo Bonzini [Wed, 6 Jun 2018 19:09:54 +0000 (15:09 -0400)]
atapi: call ide_set_irq before ide_transfer_start
The ATAPI_INT_REASON_IO interrupt is raised when I/O starts, but in the
AHCI case ide_set_irq was actually called at the end of a mutual recursion.
Move it early, with the side effect that ide_transfer_start becomes a tail
call in ide_atapi_cmd_reply_end.
Paolo Bonzini [Wed, 6 Jun 2018 19:09:53 +0000 (15:09 -0400)]
ide: make ide_transfer_stop idempotent
There is code checking s->end_transfer_func and it was not taught about
ide_transfer_cancel. We can just use ide_transfer_stop because
s->end_transfer_func is only ever called in the DRQ phase.
ide_transfer_cancel can then be removed, since it would just be
calling ide_transfer_halt.
Paolo Bonzini [Wed, 6 Jun 2018 19:09:51 +0000 (15:09 -0400)]
ide: push end_transfer_func out of start_transfer callback, rename callback
Now that end_transfer_func is a tail call in ahci_start_transfer,
formalize the fact that the callback (of which ahci_start_transfer is
the sole implementation) takes care of the transfer too: rename it to
pio_transfer and, if it is present, call the end_transfer_func as soon
as it returns.
John Snow [Wed, 6 Jun 2018 19:09:50 +0000 (15:09 -0400)]
ahci: move PIO Setup FIS before transfer, fix it for ATAPI commands
The PIO Setup FIS is written in the PIO:Entry state, which comes before
the ATA and ATAPI data transfer states. As a result, the PIO Setup FIS
interrupt is now raised before DMA ends for ATAPI commands, and tests have
to be adjusted.
This is also hinted by the description of the command header in the AHCI
specification, where the "A" bit is described as
When ‘1’, indicates that a PIO setup FIS shall be sent by the device
indicating a transfer for the ATAPI command.
and also by the description of the ACMD (ATAPI command region):
The ATAPI command must be either 12 or 16 bytes in length. The length
transmitted by the HBA is determined by the PIO setup FIS that is sent
by the device requesting the ATAPI command.
QEMU, which conflates the "generator" and the "receiver" of the FIS into
one device, always uses ATAPI_PACKET_SIZE, aka 12, for the length.
John Snow [Wed, 6 Jun 2018 19:09:49 +0000 (15:09 -0400)]
libqos/ahci: track sector size
It's not always 512, and it does wind up mattering for PIO tranfers,
because this means DRQ blocks are four times as big for ATAPI.
Replace an instance of 2048 with the correct define, too.
This patch by itself winds changing no behavior. fis->count is ignored
for CMD_PACKET, and sect_count only gets used in non-ATAPI cases.
Thomas Huth [Fri, 8 Jun 2018 17:17:39 +0000 (13:17 -0400)]
MAINTAINERS: Add the cdrom-test to John's section
The cdrom-test checks various block types - IDE, SCSI and
virtio, so it's a little bit hard to decide where this should
belong to in the MAINTAINERS file. But John volunteered to take
it, so let's put it into the IDE section for now.
Thomas Huth [Fri, 8 Jun 2018 17:17:39 +0000 (13:17 -0400)]
tests/cdrom-test: Test that -cdrom parameter is working
Commit 1454509726719e0933c800 recently broke the "-cdrom" parameter
on a couple of boards without us noticing it immediately. Thus let's
add a test which checks that "-cdrom" can at least be used to start
QEMU with certain machine types.
Thomas Huth [Fri, 8 Jun 2018 17:17:39 +0000 (13:17 -0400)]
tests/cdrom-test: Test booting from CD-ROM ISO image file
We already have the code for a boot file in tests/boot-sector.c,
so if the genisoimage program is available, we can easily create
a bootable CD ISO image that we can use for testing whether our
CD-ROM emulation and the BIOS CD-ROM boot works correctly.
Thomas Huth [Fri, 8 Jun 2018 17:17:39 +0000 (13:17 -0400)]
tests/boot-sector: Add magic bytes to s390x boot code header
We're going to use the s390x boot code for testing CD-ROM booting.
But the ISO loader of the s390-ccw bios is a little bit more picky
than the network loader and expects some magic bytes in the header
of the file (see linux_s390_magic in pc-bios/s390-ccw/bootmap.c), so
we've got to add them in our boot code here, too.
John Snow [Fri, 8 Jun 2018 17:17:36 +0000 (13:17 -0400)]
ahci: make port read traces more descriptive
A trace is added to let us watch unimplemented registers specifically,
as these are more likely to cause us trouble. Otherwise, the port read
traces now tell us what register is getting hit, which is nicer.
John Snow [Fri, 8 Jun 2018 17:17:36 +0000 (13:17 -0400)]
ahci: fix PxCI register race
Fixes: https://bugs.launchpad.net/qemu/+bug/1769189
AHCI presently signals completion prior to the PxCI register being
cleared to indicate completion. If a guest driver attempts to issue
a new command in its IRQ handler, it might be surprised to learn there
is still a command pending.
In the case of Windows 10's boot driver, it will actually poll the IRQ
register hoping to find out when the command is done running -- which
will never happen, as there isn't a command running.
Fix this: clear PxCI in ahci_cmd_done and not in the asynchronous BH.
Because it now runs synchronously, we don't need to check if the command
is actually done by spying on the ATA registers. We know it's done.
Peter Maydell [Fri, 8 Jun 2018 15:26:51 +0000 (16:26 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180608' into staging
target-arm queue:
* arm_gicv3_kvm: fix migration of registers corresponding to
IRQs 992 to 1020 in the KVM GIC
* aspeed: remove ignore_memory_transaction_failures on all boards
* aspeed: add support for the witherspoon-bmc board
* aspeed: add an I2C RTC device and EEPROM I2C devices
* aspeed: add the pc9552 chips to the witherspoon machine
* ftgmac100: fix various bugs
* hw/arm: Remove the deprecated xlnx-ep108 machine
* hw/i2c: Add trace events
* add missing '\n' on various qemu_log() logging strings
* sdcard: clean up spec version support so we report the
right spec version to the guest and only implement the
commands that are supposed to be present in that version
CMD8 is newly added in the Physical Layer Specification Version
2.00 to support multiple voltage ranges and used to check whether
the card supports supplied voltage. The version 2.00 or later host
shall issue CMD8 and verify voltage before card initialization.
The host that does not support CMD8 shall supply high voltage range.
sdcard: Update the Configuration Register (SCR) to Spec Version 1.10
The initial implementation is based on the Specs v1.10 (see a1bb27b1e98).
However the SCR is anouncing the card being v1.01.
The new chapters added in version 1.10 are:
4.3.10 Switch function command
Switch function command (CMD6) 1 is used to switch or expand
memory card functions. [...]
This is a new feature, introduced in SD physical Layer
Specification Version 1.10. Therefore, cards that are
compatible with earlier versions of the spec do not support
it. The host shall check the "SD_SPEC" field in the SCR
register to recognize what version of the spec the card
complies with before using CMD6. It is mandatory for SD
memory card of Ver1.10 to support CMD6.
4.3.11 High-Speed mode (25MB/sec interface speed)
Though the Rev 1.01 SD memory card supports up to 12.5MB/sec
interface speed, the speed of 25MB/sec is necessary to support
increasing performance needs of the host and because of memory
size which continues to grow.
To achieve 25MB/sec interface speed, clock rate is increased to
50MHz and CLK/CMD/DAT signal timing and circuit conditions are
reconsidered and changed from Physical Layer Specification
Version 1.01.
4.3.12 Command system (This chapter is newly added in version 1.10)
SD commands CMD34-37, CMD50, CMD57 are reserved for SD command
system expansion via the switch command.
[These commands] will be considered as illegal commands (as
defined in revision 1.01 of the SD physical layer specification).
The SWITCH_FUNCTION is implemented since the first commit, a1bb27b1e98.
The 25MB/sec High-Speed mode was already updated in d7ecb867529.
The current implementation does not implements CMD34-37, CMD50 and
CMD57, thus these commands already return ILLEGAL.
With this patch, the SCR register now matches the description of the header:
* SD Memory Card emulation as defined in the "SD Memory Card Physical
* layer specification, Version 1.10."
Thomas Huth [Fri, 8 Jun 2018 12:15:32 +0000 (13:15 +0100)]
hw/arm: Remove the deprecated xlnx-ep108 machine
It has been marked as deprecated since QEMU v2.11, so it is time to
remove this now. The xlnx-zcu102 machine is very much the same and
can be used as a replacement instead.
The ftgmac100 NIC supports VLAN tag insertion and the MAC engine also
has a control to remove VLAN tags from received packets.
The VLAN control bits and VLAN tag information are contained in the
second word of the transmit and receive descriptors. The Insert VLAN
bit and the VLAN Tag available bit are only valid in the first segment
of the packet.
ftgmac100: compute maximum frame size depending on the protocol
The maximum frame size includes the CRC and depends if a VLAN tag is
inserted or not. Adjust the frame size limit in the transmit handler
using on the FTGMAC100State buffer size and in the receive handler use
the packet protocol.
This is an helper routine to add a single EEPROM on an I2C bus. It can
be directly used by smbus_eeprom_init() which adds a certain number of
EEPROMs on mips and x86 machines.
The Witherspoon boards are OpenPOWER system hosting POWER9 Processors.
Add support for their BMC including a couple of I2C devices as found
on real HW.
Shannon Zhao [Fri, 8 Jun 2018 12:15:32 +0000 (13:15 +0100)]
arm_gicv3_kvm: kvm_dist_get/put: skip the registers banked by GICR
While we skip the GIC_INTERNAL irqs, we don't change the register offset
accordingly. This will overlap the GICR registers value and leave the
last GIC_INTERNAL irq's registers out of update.
Fix this by skipping the registers banked by GICR.
Also for migration compatibility if the migration source (old version
qemu) doesn't send gicd_no_migration_shift_bug = 1 to destination, then
we shift the data of PPI to get the right data for SPI.
slirp: correct size computation while concatenating mbuf
While reassembling incoming fragmented datagrams, 'm_cat' routine
extends the 'mbuf' buffer, if it has insufficient room. It computes
a wrong buffer size, which leads to overwriting adjacent heap buffer
area. Correct this size computation in m_cat.
Peter Maydell [Thu, 7 Jun 2018 15:22:57 +0000 (16:22 +0100)]
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging
Mostly bug fixes and code sanitization motivated by the upcoming
support for Darwin hosts. Thanks to Keno Fischer.
# gpg: Signature made Thu 07 Jun 2018 11:30:56 BST
# gpg: using RSA key 71D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <[email protected]>"
# gpg: aka "Gregory Kurz <[email protected]>"
# gpg: aka "[jpeg image of size 3330]"
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6
* remotes/gkurz/tags/for-upstream:
9p: xattr: Properly translate xattrcreate flags
9p: Properly check/translate flags in unlinkat
9p: local: Avoid warning if FS_IOC_GETVERSION is not defined
9p: xattr: Fix crashes due to free of uninitialized value
9p: Move a couple xattr functions to 9p-util
9p: local: Properly set errp in fstatfs error path
9p: proxy: Fix size passed to `connect`
Keno Fischer [Thu, 7 Jun 2018 10:17:22 +0000 (12:17 +0200)]
9p: xattr: Properly translate xattrcreate flags
As with unlinkat, these flags come from the client and need to
be translated to their host values. The protocol values happen
to match linux, but that need not be true in general.
Keno Fischer [Thu, 7 Jun 2018 10:17:22 +0000 (12:17 +0200)]
9p: Properly check/translate flags in unlinkat
The 9p-local code previously relied on P9_DOTL_AT_REMOVEDIR and AT_REMOVEDIR
having the same numerical value and deferred any errorchecking to the
syscall itself. However, while the former assumption is true on Linux,
it is not true in general. 9p-handle did this properly however. Move
the translation code to the generic 9p server code and add an error
if unrecognized flags are passed.
Keno Fischer [Thu, 7 Jun 2018 10:17:22 +0000 (12:17 +0200)]
9p: xattr: Fix crashes due to free of uninitialized value
If the size returned from llistxattr/lgetxattr is 0, we skipped
the malloc call, leaving xattr.value uninitialized. However, this
value is later passed to `g_free` without any further checks,
causing an error. Fix that by always calling g_malloc unconditionally.
If `size` is 0, it will return NULL, which is safe to pass to g_free.
Keno Fischer [Thu, 7 Jun 2018 10:17:22 +0000 (12:17 +0200)]
9p: Move a couple xattr functions to 9p-util
These functions will need custom implementations on Darwin. Since the
implementation is very similar among all of them, and 9p-util already
has the _nofollow version of fgetxattrat, let's move them all there.
Peter Maydell [Thu, 7 Jun 2018 08:55:42 +0000 (09:55 +0100)]
Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2018-06-06-1' into staging
Merge tpm 2018/06/06 v1
# gpg: Signature made Wed 06 Jun 2018 20:48:33 BST
# gpg: using RSA key 75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* remotes/stefanberger/tags/pull-tpm-2018-06-06-1:
test: Add swtpm migration test for the TPM TIS interface
test: Pass TPM interface model to functions creating command line
test: Move common TPM test functions to tpm-tests.c
test: Move reusable code from tpm-crb-swtpm-test.c to tpm-util.c
Stefan Berger [Wed, 30 May 2018 16:30:26 +0000 (12:30 -0400)]
test: Move common TPM test functions to tpm-tests.c
Move common TPM test functions from tpm-crb-swtpm-test.c to tpm-tests.c
so that for example test cases with the TPM TIS interface can use the
same code. Prefix all funcions with 'tpm_test_'.
TriCore binutils is built from Bastian Koppelmann repository.
Note: There is no TriCore compiler in this image (only assembler/linker).
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
[AJB: base of Debian9, add to Makefile.include] Signed-off-by: Alex Bennée <[email protected]>
projects / qemu.git / log