Memory mapped serial device is in fact a sysbus device. The following
patches will make use of sysbus facilities for resource and
registration. In particular, "serial-mm: use sysbus facilities" will
move internal serial realization to serial_mm_realize callback to
follow qdev best practices.
Migration from old to new code works, however the other way fails for
devices that use serial_init/serial_mm_init with "base", used as
instance_id previously.
(with qdev_set_legacy_instance_id, the alias_id is only used in
savevm.c:find_se(), and thus can only be used to match against
"legacy" instance id values. On new code, instance_id is generated
incrementally from 0 with calculate_new_instance_id(), based on
"qdev-path/vmsd-name")
Make SerialState a device (the following patches will introduce IO/MM
sysbus serial devices)
None of the serial_{,mm}_init() callers actually free the returned
value (even if they did, it would be quite harmless), so we can change
the object allocation at will.
However, the devices that embed SerialState must now have their field
QOM-initialized manually (isa, pci, pci-multi).
The SM501 is a Mobile Multimedia Companion Chip with 2 UARTs.
This model only implements the first UART. Being part of the
chipset, the UART block is always mapped in memory, regardless
of whether we provide a chardev backend.
Since commit 12051d82f, qemu_chr_fe_init() accepts a NULL chardev.
Let's remove the chardev check and always map the UART in the
chipset memory.
* remotes/xtensa/tags/20200106-xtensa:
target/xtensa: use MPU background map from core configuration
target/xtensa: import xtensa/config/core-isa.h
target/xtensa: fix ps.ring use in MPU configs
Peter Maydell [Mon, 6 Jan 2020 18:22:42 +0000 (18:22 +0000)]
Merge remote-tracking branch 'remotes/elmarco/tags/dbus-vmstate7-pull-request' into staging
Add dbus-vmstate
Hi,
With external processes or helpers participating to the VM support, it
becomes necessary to handle their migration. Various options exist to
transfer their state:
1) as the VM memory, RAM or devices (we could say that's how
vhost-user devices can be handled today, they are expected to
restore from ring state)
2) other "vmstate" (as with TPM emulator state blobs)
3) left to be handled by management layer
1) is not practical, since an external processes may legitimatelly
need arbitrary state date to back a device or a service, or may not
even have an associated device.
2) needs ad-hoc code for each helper, but is simple and working
3) is complicated for management layer, QEMU has the migration timing
The proposed "dbus-vmstate" object will connect to a given D-Bus
address, and save/load from org.qemu.VMState1 owners on migration.
Thus helpers can easily have their state migrated with QEMU, without
implementing ad-hoc support (such as done for TPM emulation)
D-Bus is ubiquitous on Linux (it is systemd IPC), and can be made to
work on various other OSes. There are several implementations and good
bindings for various languages. (the tests/dbus-vmstate-test.c is a
good example of how simple the implementation of services can be, even
in C)
dbus-vmstate is put into use by the libvirt series "[PATCH 00/23] Use
a slirp helper process".
* remotes/elmarco/tags/dbus-vmstate7-pull-request:
tests: add dbus-vmstate-test
tests: add migration-helpers unit
dockerfiles: add dbus-daemon to some of latest distributions
configure: add GDBUS_CODEGEN
Add dbus-vmstate object
util: add dbus helper unit
docs: start a document to describe D-Bus usage
vmstate: replace DeviceState with VMStateIf
vmstate: add qom interface to get id
Peter Maydell [Mon, 6 Jan 2020 17:44:22 +0000 (17:44 +0000)]
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-01-06' into staging
Block patches:
- Minor fixes and tests from the freeze period (too minor to be included
in 4.2)
- Allow many bash iotests to test qcow2's external data file feature
- Add compress filter driver
- Fix Python iotests after 6f6e1698a6
- Fix for the backup job
* remotes/maxreitz/tags/pull-block-2020-01-06: (34 commits)
backup-top: Begin drain earlier
tests/qemu-iotests: Update tests to recent desugarized -accel option
tests/qemu-iotests: add case to write compressed data of multiple clusters
qcow2: Allow writing compressed data of multiple clusters
block: introduce compress filter driver
iotests: Allow check -o data_file
iotests: Disable data_file where it cannot be used
iotests: Make 198 work with data_file
iotests: Make 137 work with data_file
iotests: Make 110 work with data_file
iotests: Make 091 work with data_file
iotests: Avoid cp/mv of test images
iotests: Use _rm_test_img for deleting test images
iotests: Avoid qemu-img create
iotests: Drop IMGOPTS use in 267
iotests: Replace IMGOPTS='' by --no-opts
iotests: Replace IMGOPTS= by -o
iotests: Inject space into -ocompat=0.10 in 051
iotests: Add -o and --no-opts to _make_test_img
iotests: Let _make_test_img parse its parameters
...
* remotes/kraxel/tags/audio-20200106-pull-request:
audio: fix integer overflow
paaudio: wait until the recording stream is ready
paaudio: try to drain the recording stream
paaudio: drop recording stream in qpa_fini_in
hda-codec: fix recording rate control
hda-codec: fix playback rate control
Peter Maydell [Mon, 6 Jan 2020 14:51:51 +0000 (14:51 +0000)]
Merge remote-tracking branch 'remotes/elmarco/tags/screendump-pull-request' into staging
console: screendump improvements
Hi,
The following patches have been extracted from the "[PATCH v6 00/25]
monitor: add asynchronous command type", as they are
reviewable/mergeable independantly.
They introduce some internal API changes, and fix
qemu_open()/qemu_close()/unlink() misusages which should be quite
harmless.
When instantiated, this object will connect to the given D-Bus bus
"addr". During migration, it will take/restore the data from
org.qemu.VMState1 instances. See documentation for details.
* remotes/ehabkost/tags/x86-and-machine-pull-request:
numa: properly check if numa is supported
numa: remove not needed check
i386: Resolve CPU models to v1 by default
Max Reitz [Thu, 19 Dec 2019 18:26:38 +0000 (19:26 +0100)]
backup-top: Begin drain earlier
When dropping backup-top, we need to drain the node before freeing the
BlockCopyState. Otherwise, requests may still be in flight and then the
assertion in shres_destroy() will fail.
(This becomes visible in intermittent failure of 056.)
tests/qemu-iotests: Update tests to recent desugarized -accel option
Commit 6f6e1698a6 desugarized "-machine accel=" to a list
of "-accel" options. Since now "-machine accel" and "-accel"
became incompatible, update the iotests to the new format.
tests/qemu-iotests: add case to write compressed data of multiple clusters
Add the case to the iotest #214 that checks possibility of writing
compressed data of more than one cluster size. The test case involves
the compress filter driver showing a sample usage of that.
qcow2: Allow writing compressed data of multiple clusters
QEMU currently supports writing compressed data of the size equal to
one cluster. This patch allows writing QCOW2 compressed data that
exceed one cluster. Now, we split buffered data into separate clusters
and write them compressed using the block/aio_task API.
Allow writing all the data compressed through the filter driver.
The written data will be aligned by the cluster size.
Based on the QEMU current implementation, that data can be written to
unallocated clusters only. May be used for a backup job.
Max Reitz [Thu, 7 Nov 2019 16:37:08 +0000 (17:37 +0100)]
iotests: Allow check -o data_file
The problem with allowing the data_file option is that you want to use a
different data file per image used in the test. Therefore, we need to
allow patterns like -o data_file='$TEST_IMG.data_file'.
Then, we need to filter it out from qemu-img map, qemu-img create, and
remove the data file in _rm_test_img.
Max Reitz [Thu, 7 Nov 2019 16:37:05 +0000 (17:37 +0100)]
iotests: Make 137 work with data_file
When using an external data file, there are no refcounts for data
clusters. We thus have to adjust the corruption test in this patch to
not be based around a data cluster allocation, but the L2 table
allocation (L2 tables are still refcounted with external data files).
Furthermore, we should not print qcow2.py's list of incompatible
features because it differs depending on whether there is an external
data file or not.
With those two changes, the test will work both with and without
external data files (once that options works with the iotests at all).
Max Reitz [Thu, 7 Nov 2019 16:37:04 +0000 (17:37 +0100)]
iotests: Make 110 work with data_file
The only difference is that the json:{} filename of the image looks
different. We actually do not care about that filename in this test, we
are only interested in (1) that there is a json:{} filename, and (2)
whether the backing filename can be constructed.
So just filter out the json:{} data, thus making this test pass both
with and without data_file.
Max Reitz [Thu, 7 Nov 2019 16:37:03 +0000 (17:37 +0100)]
iotests: Make 091 work with data_file
The image end offset as reported by qemu-img check is different when
using an external data file; we do not care about its value here, so we
can just filter it. Incidentally, common.rc already has _check_test_img
for us which does exactly that.
Max Reitz [Thu, 7 Nov 2019 16:36:59 +0000 (17:36 +0100)]
iotests: Drop IMGOPTS use in 267
Overwriting IMGOPTS means ignoring all user-supplied options, which is
not what we want. Replace the current IMGOPTS use by a new BACKING_FILE
variable.
Max Reitz [Thu, 7 Nov 2019 16:36:57 +0000 (17:36 +0100)]
iotests: Replace IMGOPTS= by -o
Tests should not overwrite all user-supplied image options, but only add
to it (which will effectively overwrite conflicting values). Accomplish
this by passing options to _make_test_img via -o instead of $IMGOPTS.
For some tests, there is no functional change because they already only
appended options to IMGOPTS. For these, this patch is just a
simplification.
For others, this is a change, so they now heed user-specified $IMGOPTS.
Some of those tests do not work with all image options, though, so we
need to disable them accordingly.
Max Reitz [Thu, 7 Nov 2019 16:36:55 +0000 (17:36 +0100)]
iotests: Add -o and --no-opts to _make_test_img
Blindly overriding IMGOPTS is suboptimal as this discards user-specified
options. Whatever options the test needs should simply be appended.
Some tests do this (with IMGOPTS=$(_optstr_add "$IMGOPTS" "...")), but
that is cumbersome. It’s simpler to just give _make_test_img an -o
parameter with which tests can add options.
Some tests actually must override the user-specified options, though,
for example when creating an image in a different format than the test
$IMGFMT. For such cases, --no-opts allows clearing the current option
list.
Max Reitz [Thu, 7 Nov 2019 16:36:53 +0000 (17:36 +0100)]
iotests: Drop compat=1.1 in 050
IMGOPTS can never be empty for qcow2, because the check scripts adds
compat=1.1 unless the user specified any compat option themselves.
Thus, this block does not do anything and can be dropped.
Max Reitz [Thu, 7 Nov 2019 16:36:52 +0000 (17:36 +0100)]
iotests: Replace IMGOPTS by _unsupported_imgopts
Some tests require compat=1.1 and thus set IMGOPTS='compat=1.1'
globally. That is not how it should be done; instead, they should
simply set _unsupported_imgopts to compat=0.10 (compat=1.1 is the
default anyway).
This makes the tests heed user-specified $IMGOPTS. Some do not work
with all image options, though, so we need to disable them accordingly.
Max Reitz [Thu, 7 Nov 2019 16:36:51 +0000 (17:36 +0100)]
iotests: Filter refcount_order in 036
This test can run just fine with other values for refcount_bits, so we
should filter the value from qcow2.py's dump-header. In fact, we can
filter everything but the feature bits and header extensions, because
that is what the test is about.
(036 currently ignores user-specified image options, but that will be
fixed in the next patch.)
qcow2_can_store_new_dirty_bitmap works wrong, as it considers only
bitmaps already stored in the qcow2 image and ignores persistent
BdrvDirtyBitmap objects.
So, let's instead count persistent BdrvDirtyBitmaps. We load all qcow2
bitmaps on open, so there should not be any bitmap in the image for
which we don't have BdrvDirtyBitmaps version. If it is - it's a kind of
corruption, and no reason to check for corruptions here (open() and
close() are better places for it).
PanNengyuan [Wed, 27 Nov 2019 06:20:14 +0000 (14:20 +0800)]
throttle-groups: fix memory leak in throttle_group_set_limit:
This avoid a memory leak when qom-set is called to set throttle_group
limits, here is an easy way to reproduce:
1. run qemu-iotests as follow and check the result with asan:
./check -qcow2 184
Following is the asan output backtrack:
Direct leak of 912 byte(s) in 3 object(s) allocated from:
#0 0xffff8d7ab3c3 in __interceptor_calloc (/lib64/libasan.so.4+0xd33c3)
#1 0xffff8d4c31cb in g_malloc0 (/lib64/libglib-2.0.so.0+0x571cb)
#2 0x190c857 in qobject_input_start_struct /mnt/sdc/qemu-master/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:295
#3 0x19070df in visit_start_struct /mnt/sdc/qemu-master/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:49
#4 0x1948b87 in visit_type_ThrottleLimits qapi/qapi-visit-block-core.c:3759
#5 0x17e4aa3 in throttle_group_set_limits /mnt/sdc/qemu-master/qemu-4.2.0-rc0/block/throttle-groups.c:900
#6 0x1650eff in object_property_set /mnt/sdc/qemu-master/qemu-4.2.0-rc0/qom/object.c:1272
#7 0x1658517 in object_property_set_qobject /mnt/sdc/qemu-master/qemu-4.2.0-rc0/qom/qom-qobject.c:26
#8 0x15880bb in qmp_qom_set /mnt/sdc/qemu-master/qemu-4.2.0-rc0/qom/qom-qmp-cmds.c:74
#9 0x157e3e3 in qmp_marshal_qom_set qapi/qapi-commands-qom.c:154
Max Reitz [Fri, 8 Nov 2019 12:34:53 +0000 (13:34 +0100)]
blkdebug: Allow taking/unsharing permissions
Sometimes it is useful to be able to add a node to the block graph that
takes or unshare a certain set of permissions for debugging purposes.
This patch adds this capability to blkdebug.
(Note that you cannot make blkdebug release or share permissions that it
needs to take or cannot share, because this might result in assertion
failures in the block layer. But if the blkdebug node has no parents,
it will not take any permissions and share everything by default, so you
can then freely choose what permissions to take and share.)
Max Reitz [Fri, 8 Nov 2019 12:34:51 +0000 (13:34 +0100)]
block: Add bdrv_qapi_perm_to_blk_perm()
We need some way to correlate QAPI BlockPermission values with
BLK_PERM_* flags. We could:
(1) have the same order in the QAPI definition as the the BLK_PERM_*
flags are in LSb-first order. However, then there is no guarantee
that they actually match (e.g. when someone modifies the QAPI schema
without thinking of the BLK_PERM_* definitions).
We could add static assertions, but these would break what’s good
about this solution, namely its simplicity.
(2) define the BLK_PERM_* flags based on the BlockPermission values.
But this way whenever someone were to modify the QAPI order
(perfectly sensible in theory), the BLK_PERM_* values would change.
Because these values are used for file locking, this might break
file locking between different qemu versions.
Therefore, go the slightly more cumbersome way: Add a function to
translate from the QAPI constants to the BLK_PERM_* flags.
Volker Rümelin [Thu, 19 Dec 2019 20:34:05 +0000 (21:34 +0100)]
audio: fix integer overflow
Tell the compiler to do a 32bit * 32bit -> 64bit multiplication
because period_ticks is a 64bit variable. The overflow occurs
for audio timer periods larger than 4294967us.
Volker Rümelin [Sat, 4 Jan 2020 09:11:21 +0000 (10:11 +0100)]
paaudio: try to drain the recording stream
There is no guarantee a single call to pa_stream_peek every
timer_period microseconds can read a recording stream faster
than the data gets produced at the source. Let qpa_read try to
drain the recording stream.
To reproduce the problem:
Start qemu with -audiodev pa,id=audio0,in.mixing-engine=off
On the host connect the qemu recording stream to the monitor of
a hardware output device. While the problem can also be seen
with a hardware input device, it's obvious with the monitor of
a hardware output device.
In the guest start audio recording with audacity and notice the
slow recording data rate.
Volker Rümelin [Sat, 4 Jan 2020 09:11:20 +0000 (10:11 +0100)]
paaudio: drop recording stream in qpa_fini_in
Every call to pa_stream_peek which returns a data length > 0
should have a corresponding pa_stream_drop. A call to qpa_read
does not necessarily call pa_stream_drop immediately after a
call to pa_stream_peek. Test in qpa_fini_in if a last
pa_stream_drop is needed.
This prevents following messages in the libvirt log file after
a recording stream gets closed and a new one opened.
pulseaudio: pa_stream_drop failed
pulseaudio: Reason: Bad state
pulseaudio: pa_stream_drop failed
pulseaudio: Reason: Bad state
To reproduce start qemu with
-audiodev pa,id=audio0,in.mixing-engine=off
and in the guest start and stop Audacity several times.
Volker Rümelin [Sat, 4 Jan 2020 09:11:18 +0000 (10:11 +0100)]
hda-codec: fix playback rate control
Since commit 1930616b98 "audio: make mixeng optional" the
function hda_audio_output_cb can no longer assume the function
parameter avail contains the free buffer size. With the playback
mixing-engine turned off this leads to a broken playback rate
control and playback buffer drops in regular intervals.
This patch moves down the rate calculation, so the correct
buffer fill level is used for the calculation.
Peter Maydell [Fri, 3 Jan 2020 18:50:33 +0000 (18:50 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20191220' into staging
target-arm queue:
* Support emulating the generic timers at frequencies other than 62.5MHz
* Various fixes for SMMUv3 emulation bugs
* Improve assert error message for hflags mismatches
* arm-powerctl: rebuild hflags after setting CP15 bits in arm_set_cpu_on()
* remotes/pmaydell/tags/pull-target-arm-20191220:
arm/arm-powerctl: rebuild hflags after setting CP15 bits in arm_set_cpu_on()
target/arm: Display helpful message when hflags mismatch
hw/arm/smmuv3: Report F_STE_FETCH fault address in correct word position
hw/arm/smmuv3: Use correct bit positions in EVT_SET_ADDR2 macro
hw/arm/smmuv3: Align stream table base address to table size
hw/arm/smmuv3: Check stream IDs against actual table LOG2SIZE
hw/arm/smmuv3: Correct SMMU_BASE_ADDR_MASK value
hw/arm/smmuv3: Apply address mask to linear strtab base address
ast2600: Configure CNTFRQ at 1125MHz
target/arm: Prepare generic timer for per-platform CNTFRQ
target/arm: Abstract the generic timer frequency
target/arm: Remove redundant scaling of nexttick
Add a helper function to match qemu_open() which may return files
under the /dev/fdset prefix. Those shouldn't be removed, since it's
only a qemu namespace.
screendump: replace FILE with QIOChannel and fix close()/qemu_close()
The file opened for ppm_save() may be a /dev/fdset, in which case a
dup fd is added to the fdset. It should be removed by calling
qemu_close(), instead of the implicit close() on fclose().
I don't see a convenient way to solve that with stdio streams, so I
switched the code to QIOChannel which uses qemu_close().
Add a function to be called when a graphic update is done.
Declare the QXL renderer as async: render_update_cookie_num counts the
number of outstanding updates, and graphic_hw_update_done() is called
when it reaches none.
(note: this is preliminary work for asynchronous screendump support)
Peter Maydell [Fri, 20 Dec 2019 18:25:32 +0000 (18:25 +0000)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches:
- qemu-img: fix info --backing-chain --image-opts
- Error out on image creation with conflicting size options
- Fix external snapshot with VM state
- hmp: Allow using qdev ID for qemu-io command
- Misc code cleanup
- Many iotests improvements
# gpg: Signature made Thu 19 Dec 2019 17:23:11 GMT
# gpg: using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <[email protected]>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream: (30 commits)
iotests: Test external snapshot with VM state
hmp: Allow using qdev ID for qemu-io command
block: Activate recursively even for already active nodes
iotests: 211: Remove duplication with VM.blockdev_create()
iotests: 207: Remove duplication with VM.blockdev_create()
iotests: 266: Convert to VM.blockdev_create()
iotests: 237: Convert to VM.blockdev_create()
iotests: 213: Convert to VM.blockdev_create()
iotests: 212: Convert to VM.blockdev_create()
iotests: 210: Convert to VM.blockdev_create()
iotests: 206: Convert to VM.blockdev_create()
iotests: 255: Drop blockdev_create()
iotests: Create VM.blockdev_create()
qcow2: Move error check of local_err near its assignment
iotests: Fix IMGOPTSSYNTAX for nbd
iotests/273: Filter format-specific information
iotests: Add more "_require_drivers" checks to the shell-based tests
MAINTAINERS: fix qcow2-bitmap.c under Dirty Bitmaps header
qcow2: Use offset_into_cluster()
iotests: Support job-complete in run_job()
...
Eduardo Habkost [Wed, 16 Oct 2019 22:42:37 +0000 (19:42 -0300)]
configure: Require Python >= 3.5
Python 3.5 is the oldest Python version available on our
supported build platforms, and Python 2 end of life will be 3
weeks after the planned release date of QEMU 4.2.0. Drop Python
2 support from configure completely, and require Python 3.5 or
newer.
* remotes/cohuck/tags/s390x-20191219:
s390x: Properly fetch and test the short psw on diag308 subc 0/1
pc-bios/s390: Update firmware images
pc-bios/s390x: Fix reset psw mask
tests/boot-sector: Fix the bad s390x assembler code
target/s390x: Implement LOAD/STORE TO REAL ADDRESS inline
target/s390x: Split out helper_per_store_real
Niek Linnenbank [Fri, 20 Dec 2019 14:03:00 +0000 (14:03 +0000)]
arm/arm-powerctl: rebuild hflags after setting CP15 bits in arm_set_cpu_on()
After setting CP15 bits in arm_set_cpu_on() the cached hflags must
be rebuild to reflect the changed processor state. Without rebuilding,
the cached hflags would be inconsistent until the next call to
arm_rebuild_hflags(). When QEMU is compiled with debugging enabled
(--enable-debug), this problem is captured shortly after the first
call to arm_set_cpu_on() for CPUs running in ARM 32-bit non-secure mode:
Simon Veith [Fri, 20 Dec 2019 14:03:00 +0000 (14:03 +0000)]
hw/arm/smmuv3: Report F_STE_FETCH fault address in correct word position
The smmuv3_record_event() function that generates the F_STE_FETCH error
uses the EVT_SET_ADDR macro to record the fetch address, placing it in
32-bit words 4 and 5.
The correct position for this address is in words 6 and 7, per the
SMMUv3 Architecture Specification.
Update the function to use the EVT_SET_ADDR2 macro instead, which is the
macro intended for writing to these words.
Simon Veith [Fri, 20 Dec 2019 14:03:00 +0000 (14:03 +0000)]
hw/arm/smmuv3: Use correct bit positions in EVT_SET_ADDR2 macro
The bit offsets in the EVT_SET_ADDR2 macro do not match those specified
in the ARM SMMUv3 Architecture Specification. In all events that use
this macro, e.g. F_WALK_EABT, the faulting fetch address or IPA actually
occupies the 32-bit words 6 and 7 in the event record contiguously, with
the upper and lower unused bits clear due to alignment or maximum
supported address bits. How many bits are clear depends on the
individual event type.
Update the macro to write to the correct words in the event record so
that guest drivers can obtain accurate address information on events.
ref. ARM IHI 0070C, sections 7.3.12 through 7.3.16.
Simon Veith [Fri, 20 Dec 2019 14:03:00 +0000 (14:03 +0000)]
hw/arm/smmuv3: Align stream table base address to table size
Per the specification, and as observed in hardware, the SMMUv3 aligns
the SMMU_STRTAB_BASE address to the size of the table by masking out the
respective least significant bits in the ADDR field.
Apply this masking logic to our smmu_find_ste() lookup function per the
specification.
Simon Veith [Fri, 20 Dec 2019 14:03:00 +0000 (14:03 +0000)]
hw/arm/smmuv3: Check stream IDs against actual table LOG2SIZE
When checking whether a stream ID is in range of the stream table, we
have so far been only checking it against our implementation limit
(SMMU_IDR1_SIDSIZE). However, the guest can program the
STRTAB_BASE_CFG.LOG2SIZE field to a size that is smaller than this
limit.
Check the stream ID against this limit as well to match the hardware
behavior of raising C_BAD_STREAMID events in case the limit is exceeded.
Also, ensure that we do not go one entry beyond the end of the table by
checking that its index is strictly smaller than the table size.
Simon Veith [Fri, 20 Dec 2019 14:03:00 +0000 (14:03 +0000)]
hw/arm/smmuv3: Correct SMMU_BASE_ADDR_MASK value
There are two issues with the current value of SMMU_BASE_ADDR_MASK:
- At the lower end, we are clearing bits [4:0]. Per the SMMUv3 spec,
we should also be treating bit 5 as zero in the base address.
- At the upper end, we are clearing bits [63:48]. Per the SMMUv3 spec,
only bits [63:52] must be explicitly treated as zero.
Update the SMMU_BASE_ADDR_MASK value to mask out bits [63:52] and [5:0].
Simon Veith [Fri, 20 Dec 2019 14:03:00 +0000 (14:03 +0000)]
hw/arm/smmuv3: Apply address mask to linear strtab base address
In the SMMU_STRTAB_BASE register, the stream table base address only
occupies bits [51:6]. Other bits, such as RA (bit [62]), must be masked
out to obtain the base address.
The branch for 2-level stream tables correctly applies this mask by way
of SMMU_BASE_ADDR_MASK, but the one for linear stream tables does not.
Apply the missing mask in that case as well so that the correct stream
base address is used by guests which configure a linear stream table.
Linux guests are unaffected by this change because they choose a 2-level
stream table layout for the QEMU SMMUv3, based on the size of its stream
ID space.
Andrew Jeffery [Fri, 20 Dec 2019 14:02:59 +0000 (14:02 +0000)]
target/arm: Prepare generic timer for per-platform CNTFRQ
The ASPEED AST2600 clocks the generic timer at the rate of HPLL. On
recent firmwares this is at 1125MHz, which is considerably quicker than
the assumed 62.5MHz of the current generic timer implementation. The
delta between the value as read from CNTFRQ and the true rate of the
underlying QEMUTimer leads to sticky behaviour in AST2600 guests.
Add a feature-gated property exposing CNTFRQ for ARM CPUs providing the
generic timer. This allows platforms to configure CNTFRQ (and the
associated QEMUTimer) to the appropriate frequency prior to starting the
guest.
As the platform can now determine the rate of CNTFRQ we're exposed to
limitations of QEMUTimer that didn't previously materialise: In the
course of emulation we need to arbitrarily and accurately convert
between guest ticks and time, but we're constrained by QEMUTimer's use
of an integer scaling factor. The effect is QEMUTimer cannot exactly
capture the period of frequencies that do not cleanly divide
NANOSECONDS_PER_SECOND for scaling ticks to time. As such, provide an
equally inaccurate scaling factor for scaling time to ticks so at least
a self-consistent inverse relationship holds.
Andrew Jeffery [Fri, 20 Dec 2019 14:02:59 +0000 (14:02 +0000)]
target/arm: Abstract the generic timer frequency
Prepare for SoCs such as the ASPEED AST2600 whose firmware configures
CNTFRQ to values significantly larger than the static 62.5MHz value
currently derived from GTIMER_SCALE. As the OS potentially derives its
timer periods from the CNTFRQ value the lack of support for running
QEMUTimers at the appropriate rate leads to sticky behaviour in the
guest.
Substitute the GTIMER_SCALE constant with use of a helper to derive the
period from gt_cntfrq_hz stored in struct ARMCPU. Initially set
gt_cntfrq_hz to the frequency associated with GTIMER_SCALE so current
behaviour is maintained.
Andrew Jeffery [Fri, 20 Dec 2019 14:02:59 +0000 (14:02 +0000)]
target/arm: Remove redundant scaling of nexttick
The corner-case codepath was adjusting nexttick such that overflow
wouldn't occur when timer_mod() scaled the value back up. Remove a use
of GTIMER_SCALE and avoid unnecessary operations by calling
timer_mod_ns() directly.
projects / qemu.git / log