Hugo Landau [Thu, 22 Feb 2018 15:12:51 +0000 (15:12 +0000)]
Fix ast2500 protection register emulation
Some register blocks of the ast2500 are protected by protection key
registers which require the right magic value to be written to those
registers to allow those registers to be mutated.
Register manuals indicate that writing the correct magic value to these
registers should cause subsequent reads from those values to return 1,
and writing any other value should cause subsequent reads to return 0.
Previously, qemu implemented these registers incorrectly: the registers
were handled as simple memory, meaning that writing some value x to a
protection key register would result in subsequent reads from that
register returning the same value x. The protection was implemented by
ensuring that the current value of that register equaled the magic
value.
This modifies qemu to have the correct behaviour: attempts to write to a
ast2500 protection register results in a transition to 1 or 0 depending
on whether the written value is the correct magic. The protection logic
is updated to ensure that the value of the register is nonzero.
This bug caused deadlocks with u-boot HEAD: when u-boot is done with a
protectable register block, it attempts to lock it by writing the
bitwise inverse of the correct magic value, and then spinning forever
until the register reads as zero. Since qemu implemented writes to these
registers as ordinary memory writes, writing the inverse of the magic
value resulted in subsequent reads returning that value, leading to
u-boot spinning forever.
Richard Braun [Thu, 22 Feb 2018 15:12:51 +0000 (15:12 +0000)]
hw/char/stm32f2xx_usart: fix TXE/TC bit handling
I/O currently being synchronous, there is no reason to ever clear the
SR_TXE bit. However the SR_TC bit may be cleared by software writing
to the SR register, so set it on each write.
In addition, fix the reset value of the USART status register.
Signed-off-by: Richard Braun <[email protected]> Reviewed-by: Alistair Francis <[email protected]>
[PMM: removed XXX tag from comment, since it isn't something
we need to come back and fix in QEMU] Signed-off-by: Peter Maydell <[email protected]>
Pekka Enberg [Thu, 22 Feb 2018 15:12:51 +0000 (15:12 +0000)]
raspi: Add "raspi3" machine type
This patch adds a "raspi3" machine type, which can now be selected as
the machine to run on by users via the "-M" command line option to QEMU.
The machine type does *not* ignore memory transaction failures so we
likely need to add some dummy devices later when people run something
more complicated than what I'm using for testing.
Signed-off-by: Pekka Enberg <[email protected]>
[PMM: added #ifdef TARGET_AARCH64 so we don't provide the 64-bit
board in the 32-bit only arm-softmmu build.] Reviewed-by: Peter Maydell <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Peter Maydell <[email protected]>
Peter Maydell [Thu, 22 Feb 2018 15:12:51 +0000 (15:12 +0000)]
target/arm: Fix register definitions for VMIDR and VMPIDR
The register definitions for VMIDR and VMPIDR have separate
reginfo structs for the AArch32 and AArch64 registers. However
the 32-bit versions are wrong:
* they use offsetof instead of offsetoflow32 to mark where
the 32-bit value lives in the uint64_t CPU state field
* they don't mark themselves as ARM_CP_ALIAS
In particular this means that if you try to use an Arm guest CPU
which enables EL2 on a big-endian host it will assert at reset:
target/arm/cpu.c:114: cp_reg_check_reset: Assertion `oldvalue == newvalue' failed.
because the reset of the 32-bit register writes to the top
half of the uint64_t.
Correct the errors in the structures.
Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
---
This is necessary for 'make check' to pass on big endian
systems with the 'raspi3' board enabled, which is the
first board which has an EL2-enabled-by-default CPU.
Alex Bennée [Fri, 12 Jan 2018 11:24:02 +0000 (11:24 +0000)]
fpu/softfloat: re-factor sqrt
This is a little bit of a departure from softfloat's original approach
as we skip the estimate step in favour of a straight iteration. There
is a minor optimisation to avoid calculating more bits of precision
than we need however this still brings a performance drop, especially
for float64 operations.
Alex Bennée [Thu, 30 Nov 2017 10:57:08 +0000 (10:57 +0000)]
fpu/softfloat: re-factor int/uint to float
These are considerably simpler as the lower order integers can just
use the higher order conversion function. As the decomposed fractional
part is a full 64 bit rounding and inexact handling comes from the
pack functions.
Alex Bennée [Wed, 29 Nov 2017 10:21:25 +0000 (10:21 +0000)]
fpu/softfloat: re-factor round_to_int
We can now add float16_round_to_int and use the common round_decomposed and
canonicalize functions to have a single implementation for
float16/32/64 round_to_int functions.
Alex Bennée [Tue, 28 Nov 2017 17:04:44 +0000 (17:04 +0000)]
fpu/softfloat: re-factor muladd
We can now add float16_muladd and use the common decompose and
canonicalize functions to have a single implementation for
float16/32/64 muladd functions.
Alex Bennée [Mon, 27 Nov 2017 14:15:17 +0000 (14:15 +0000)]
fpu/softfloat: re-factor add/sub
We can now add float16_add/sub and use the common decompose and
canonicalize functions to have a single implementation for
float16/32/64 add and sub functions.
Alex Bennée [Fri, 8 Dec 2017 17:13:19 +0000 (17:13 +0000)]
include/fpu/softfloat: add some float16 constants
This defines the same set of common constants for float 16 as defined
for 32 and 64 bit floats. These are often used by target helper
functions. I've also removed constants that are not used by anybody.
Alex Bennée [Fri, 19 Jan 2018 18:24:22 +0000 (18:24 +0000)]
target/*/cpu.h: remove softfloat.h
As cpu.h is another typically widely included file which doesn't need
full access to the softfloat API we can remove the includes from here
as well. Where they do need types it's typically for float_status and
the rounding modes so we move that to softfloat-types.h as well.
As a result of not having softfloat in every cpu.h call we now need to
add it to various helpers that do need the full softfloat.h
definitions.
Alex Bennée [Fri, 19 Jan 2018 16:36:40 +0000 (16:36 +0000)]
fpu/softfloat-types: new header to prevent excessive re-builds
The main culprit here is bswap.h which pulled in softfloat.h so it
could use the types in its CPU_Float* and ldfl/stfql functions. As
bswap.h is very widely included this added a compile dependency every
time we touch softfloat.h. Move the typedefs for each float type into
their own file so we don't re-build the world every time we tweak the
main softfloat.h header.
It's not actively built and when enabled things fail to compile. I'm
not sure the type-checking is really helping here. Seeing as we "own"
our softfloat now lets remove the cruft.
* remotes/kraxel/tags/ui-20180220-pull-request:
ui: Reorder vte terminal packing to avoid gtk3 warnings
vl: drop display_type variable
vl: drop request_opengl variable
vl: drop full_screen variable
cocoa: use DisplayOptions
curses: use DisplayOptions
egl-headless: use DisplayOptions
vl: drop no_quit variable
sdl: use DisplayOptions
gtk: add and use DisplayOptions + DisplayGTK
vl: rename DisplayType to LegacyDisplayType
vl: deprecate -no-frame
Jan Kiszka [Sat, 17 Feb 2018 11:26:49 +0000 (12:26 +0100)]
ui: Reorder vte terminal packing to avoid gtk3 warnings
Fill the terminal box from right to left to avoid
Gtk-WARNING **: Allocating size to GtkScrollbar 0x55f6d54b0200 without
calling gtk_widget_get_preferred_width/height(). How does the code
know the size to allocate?
Gerd Hoffmann [Fri, 2 Feb 2018 11:10:22 +0000 (12:10 +0100)]
vl: drop display_type variable
Switch over all leftover users to qapi DisplayType.
Then delete the unused display_type variable.
Add 'default' DisplayType, which isn't an actual display type but
a placeholder for "user didn't specify a display". It will be replaced
by the DisplayType actually used, which in turn depends on the
DisplayTypes availabel in the particular build.
Direct leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x55995789ac90 in __interceptor_malloc (/home/elmarco/src/qemu/build/x86_64-softmmu/qemu-system-x86_64+0x1510c90)
#1 0x7f0a91190f0c in g_malloc /home/elmarco/src/gnome/glib/builddir/../glib/gmem.c:94
#2 0x5599580a281c in v9fs_path_copy /home/elmarco/src/qemu/hw/9pfs/9p.c:196:17
#3 0x559958f9ec5d in coroutine_trampoline /home/elmarco/src/qemu/util/coroutine-ucontext.c:116:9
#4 0x7f0a8766ebbf (/lib64/libc.so.6+0x50bbf)
Peter Maydell [Mon, 19 Feb 2018 16:44:12 +0000 (16:44 +0000)]
Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging
# gpg: Signature made Mon 19 Feb 2018 16:19:46 GMT
# gpg: using RSA key 9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <[email protected]>"
# gpg: aka "Stefan Hajnoczi <[email protected]>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/tracing-pull-request:
trace: avoid SystemTap "char const" warnings
tracetool: For ust trace bool type as ctf_integer
tracetool: Update argument format regex to non-greedy star
In QEMU we still wish to avoid warnings in the current SystemTap
release. It's simple enough to replace "char const" with "const char".
I'm not changing the documentation or implementing checks to prevent
this from occurring again in the future. The next release of SystemTap
will hopefully resolve this issue.
Jon Emil Jahren [Mon, 29 Jan 2018 04:16:47 +0000 (05:16 +0100)]
tracetool: Update argument format regex to non-greedy star
Using the greedy star matching, arguments like "...%"PRIx64 caused issues
for functions with multiple PRI formats.
The issue was only seen with the ust backend, as it is the only one
using the format regex.
The result for many functions was that the arguments coming after the
greedy star end was left out of the tracepoint, and in some cases some
of the arguments that was traced had the wrong format.
Peter Maydell [Mon, 19 Feb 2018 12:51:11 +0000 (12:51 +0000)]
Merge remote-tracking branch 'remotes/marcel/tags/rdma-pull-request' into staging
PVRDMA implementation
# gpg: Signature made Mon 19 Feb 2018 11:08:49 GMT
# gpg: using RSA key 36D4C0F0CF2FE46D
# gpg: Good signature from "Marcel Apfelbaum <[email protected]>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B1C6 3A57 F92E 08F2 640F 31F5 36D4 C0F0 CF2F E46D
* remotes/marcel/tags/rdma-pull-request:
MAINTAINERS: add entry for hw/rdma
hw/rdma: Implementation of PVRDMA device
hw/rdma: PVRDMA commands and data-path ops
hw/rdma: Implementation of generic rdma device layers
hw/rdma: Definitions for rdma device and rdma resource manager
hw/rdma: Add wrappers and macros
include/standard-headers: add pvrdma related headers
scripts/update-linux-headers: import pvrdma headers
docs: add pvrdma device documentation.
mem: add share parameter to memory-backend-ram
Yuval Shaia [Fri, 9 Feb 2018 13:44:14 +0000 (15:44 +0200)]
hw/rdma: Implementation of PVRDMA device
PVRDMA is the QEMU implementation of VMware's paravirtualized RDMA device.
It works with its Linux Kernel driver AS IS, no need for any special
guest modifications.
While it complies with the VMware device, it can also communicate with
bare metal RDMA-enabled machines and does not require an RDMA HCA in the
host, it can work with Soft-RoCE (rxe).
It does not require the whole guest RAM to be pinned allowing memory
over-commit and, even if not implemented yet, migration support will be
possible with some HW assistance.
Implementation is divided into 2 components, rdma general and pvRDMA
specific functions and structures.
The second PVRDMA sub-module - interaction with PCI layer.
- Device configuration and setup (MSIX, BARs etc).
- Setup of DSR (Device Shared Resources)
- Setup of device ring.
- Device management.
Yuval Shaia [Fri, 9 Feb 2018 13:39:19 +0000 (15:39 +0200)]
hw/rdma: PVRDMA commands and data-path ops
First PVRDMA sub-module - implementation of the PVRDMA device.
- PVRDMA commands such as create CQ and create MR.
- Data path QP operations - post_send and post_recv.
- Completion handler.
Yuval Shaia [Fri, 9 Feb 2018 13:23:18 +0000 (15:23 +0200)]
hw/rdma: Implementation of generic rdma device layers
This layer is composed of two sub-modules, backend and resource manager.
Backend sub-module is responsible for all the interaction with IB layers
such as ibverbs and umad (external libraries).
Resource manager is a collection of functions and structures to manage
RDMA resources such as QPs, CQs and MRs.
Marcel Apfelbaum [Mon, 12 Feb 2018 11:49:08 +0000 (13:49 +0200)]
include/standard-headers: add pvrdma related headers
Import the headers used by the pvrdma device.
Part of them are interfaces between the guest driver and the device,
imported under include/standart-headers/drivers/infiniband/... .
Modify the script to import the headers used by the pvrdma device.
Part of them are interfaces between the guest driver and the device,
import them under include/standart-headers/drivers/infiniband/... .
Remove the unused functions from pvrdma_verbs.h avoiding the
unnecessary import of several infiniband/networking/other headers.
Marcel Apfelbaum [Wed, 13 Dec 2017 14:37:37 +0000 (16:37 +0200)]
mem: add share parameter to memory-backend-ram
Currently only file backed memory backend can
be created with a "share" flag in order to allow
sharing guest RAM with other processes in the host.
Add the "share" flag also to RAM Memory Backend
in order to allow remapping parts of the guest RAM
to different host virtual addresses. This is needed
by the RDMA devices in order to remap non-contiguous
QEMU virtual addresses to a contiguous virtual address range.
Moved the "share" flag to the Host Memory base class,
modified phys_mem_alloc to include the new parameter
and a new interface memory_region_init_ram_shared_nomigrate.
There are no functional changes if the new flag is not used.
Peter Maydell [Tue, 13 Feb 2018 13:22:46 +0000 (13:22 +0000)]
linux-user: Remove THREAD macro
Back when we used to support compiling either with or without
NPTL threading library support, we used a macro THREAD which would
expand either to nothing (no thread support) or to __thread (threads
supported). For a long time now we have required thread support,
so remove the macro and just use __thread directly as other parts
of QEMU do.
Samuel Thibault [Sun, 11 Feb 2018 17:47:04 +0000 (18:47 +0100)]
linux-user: Fix sched_getaffinity mask size
We properly computed the capped mask size to be put to the application
buffer, but didn't actually used it. Also, we need to return the capped mask
size instead of 0 on success.
monitor.c: Fix infinite loop in monitor's auto-complete
The QEMU monitor enters an infinite loop when trying to auto-complete commands
that accept only optional parameters. The commands currently affected by this
issue are 'info registers' and 'info mtree'.
The "default" parameter of the "-mon" option is useless since
QEMU v2.4.0, and marked as deprecated since QEMU v2.8.0. That
should have been long enough to let people update their scripts,
so time to remove it now.
* remotes/kraxel/tags/ui-20180216-pull-request:
ui: extend VNC trottling tracing to SASL codepaths
ui: check VNC audio frequency limit at time of reading from client
ui: avoid 'local_err' variable shadowing in VNC SASL auth
ui: avoid risk of 32-bit int overflow in VNC buffer check
sdl2: fix mouse grab
sdl: restore optimized redraw
vnc: fix segfault in closed connection handling
vnc: add qapi/error.h include to stubs
vnc: remove bogus object_unref on client socket
Peter Maydell [Fri, 16 Feb 2018 14:26:12 +0000 (14:26 +0000)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.12-20180216' into staging
ppc patch queue 2018-02-16
Highlights of this batch:
* Conversion to TranslatorOps (Emilio Cota)
* Further bugfixes and cleanups to vcpu id allocation for pseries
(Greg Kurz)
* Another bugfix for HPT resizing (Daniel Henrique-Barboza)
* Macintosh CUDA cleanups (Mark Cave-Ayland)
* Further tweaks to Spectre/Meltdown mitigations (Suraj Singh)
* remotes/dgibson/tags/ppc-for-2.12-20180216:
ppc4xx: Add device models found in PPC440 core SoCs
ppc/spapr-caps: Disallow setting workaround for spapr-cap-ibs
target/ppc: convert to TranslatorOps
target/ppc: convert to DisasContextBase
spapr: consolidate the VCPU id numbering logic in a single place
spapr: rename spapr_vcpu_id() to spapr_get_vcpu_id()
spapr: move VCPU calculation to core machine code
spapr: use spapr->vsmt to compute VCPU ids
ppc/spapr-caps: Change migration macro to take full spapr-cap name
hw/char: remove legacy interface escc_init()
hw/ppc/spapr_hcall: set htab_shift after kvmppc_resize_hpt_commit
cuda: convert to trace-events
ppc: move CUDAState and other CUDA-related definitions into separate cuda.h file
cuda: convert to use the shared mos6522 device
Note that the 'Add test for migration to bad destination' displays
a 'Connection refused' during running, but still gives the correct exit
code and OK (It's checking that the source doesn't fail when
it can't connect, so that's the right error).
If it's particularly disliked that patch can be skipped individually.
# gpg: Signature made Wed 14 Feb 2018 15:33:04 GMT
# gpg: using RSA key 0516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <[email protected]>"
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert/tags/pull-migration-20180214a:
migration: pass MigrationState to migrate_init()
migration: allow send_rq to fail
migration: provide postcopy_fault_thread_notify()
migration: reuse mis->userfault_quit_fd
migration: better error handling with QEMUFile
tests/migration: Add test for migration to bad destination
migration: Fix early failure cleanup
tests/migration: Add source to PC boot block
migration: improve documentation of postcopy-ram
migration/xen: Check return value of qemu_fclose
ui: check VNC audio frequency limit at time of reading from client
The 'vs->as.freq' value is a signed integer, which is read from an
unsigned 32-bit int field on the wire. There is thus a risk of overflow
on 32-bit platforms. Move the frequency limit checking to be done at
time of read before casting to a signed integer.
ui: avoid 'local_err' variable shadowing in VNC SASL auth
The start_auth_sasl() method declares a 'Error *local_err' variable in
an inner if () {...} scope, which shadows a variable of the same name
declared at the start of the method. This is confusing for reviewers and
may trigger compiler warnings.
ui: avoid risk of 32-bit int overflow in VNC buffer check
For very large framebuffers, it is theoretically possible for the result
of 'vs->throttle_output_offset * VNC_THROTTLE_OUTPUT_LIMIT_SCALE' to
exceed the size of a 32-bit int. For this to happen in practice, the
video RAM would have to be set to a large enough value, which is not
likely today. None the less we can be paranoid against future growth by
using division instead of multiplication when checking the limits.
The documentation on SDL_RenderPresent function states that
"the backbuffer should be considered invalidated after each present",
so copy the entire texture on each redraw.
On the other hand, SDL_UpdateTexture function is described as
"fairly slow function", so restrict it to just the changed pixels.
Also added SDL_RenderClear call, as suggested in the documentation
page on SDL_RenderPresent.
Having analyzed the coredump, I understood that the reason is that
ioc_tag is reset on vnc_disconnect_start and ioc is cleaned
in vnc_disconnect_finish. Between these two events due to some
reasons the ioc_tag was set again and after vnc_disconnect_finish
the handler is running with freed ioc,
which led to the segmentation fault.
The patch checks vs->disconnecting in places where we call
qio_channel_add_watch and resets handler if disconnecting == TRUE
to prevent such an occurrence.
Peter Maydell [Fri, 16 Feb 2018 11:19:37 +0000 (11:19 +0000)]
Merge remote-tracking branch 'remotes/berrange/tags/qio-next-pull-request' into staging
# gpg: Signature made Thu 15 Feb 2018 17:50:22 GMT
# gpg: using RSA key BE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <[email protected]>"
# gpg: aka "Daniel P. Berrange <[email protected]>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/qio-next-pull-request:
allow to build with older sed
io/channel-command: Do not kill the child process after closing the pipe
io: Add /dev/fdset/ support to QIOChannelFile
io: Don't call close multiple times in QIOChannelFile
io: Fix QIOChannelFile when creating and opening read-write
io/channel-websock: handle continuous reads without any data
io: fix QIONetListener memory leak
Thomas Huth [Fri, 16 Feb 2018 06:12:44 +0000 (07:12 +0100)]
tests/boot-serial-test: Fix problem with timeout due to dropped characters
Commit 92b540dac9fc3a5 introduce a counter to handle the timeouts in a
better way. But in case ccnt reaches 512, the current read character is
ignored - and if that character is part of the string that we are looking
for, the test fails to match the string.
Almost all of the tests look for a string within the first 512 bytes of
firmware output, so the problem never triggered there. But the hppa test
that has been added recently looks for a longer string at the very end of
a long output, thus there's a chance that we miss a character there so
that the test fails unexpectedly. Fix it by *not* reading and dropping a
character if the counter reaches 512.
Fixes: 92b540dac9fc3a572c7342edd0b073000f5a6abf Signed-off-by: Thomas Huth <[email protected]>
Message-id: 1518761564[email protected]
[PMM: added initializer for nbd to silence false-positive warning
from OpenBSD 6 compiler] Signed-off-by: Peter Maydell <[email protected]>
BALATON Zoltan [Thu, 15 Feb 2018 21:27:06 +0000 (22:27 +0100)]
ppc4xx: Add device models found in PPC440 core SoCs
These devices are found in newer SoCs based on 440 core e.g. the 460EX
(http://www.embeddeddeveloper.com/assets/processors/amcc/datasheets/
PP460EX_DS2063.pdf)
ppc/spapr-caps: Disallow setting workaround for spapr-cap-ibs
The spapr-cap cap-ibs can only have values broken or fixed as there is
no explicit workaround required. Currently setting the value workaround
for this cap will hit an assert if the guest makes the hcall
h_get_cpu_characteristics.
Report an error when attempting to apply the setting with a more helpful
error message.
or guess that the VCPU id of a given VCPU is the first thread of a virtual
core:
index % spapr->vsmt != 0
Even if the numbering logic isn't that complex, it is rather fragile to
have these assumptions open-coded in several places. FWIW this was
proved with recent issues related to VSMT.
This patch moves the VCPU id formula to a single function to be called
everywhere the code needs to compute one. It also adds an helper to
guess if a VCPU is the first thread of a VCORE.
Signed-off-by: Greg Kurz <[email protected]>
[dwg: Rename spapr_is_vcore() to spapr_is_thread0_in_vcore() for clarity] Signed-off-by: David Gibson <[email protected]>
projects / qemu.git / log