Peter Maydell [Fri, 20 Jan 2017 11:15:10 +0000 (11:15 +0000)]
hw/intc/arm_gicv3: Implement EL2 traps for CPU i/f regs
Implement the architecturally required traps from NS EL1
to EL2 for the CPU interface registers. These fall into
several different groups:
* group-0-only registers all trap if ICH_HRC_EL2.TALL0 is set
(exactly the registers covered by gicv3_fiq_access())
* group-1-only registers all trap if ICH_HRC_EL2.TALL1 is set
(exactly the registers covered by gicv3_irq_access())
* DIR traps if ICH_HCR_EL2.TC or ICH_HCR_EL2.TDIR are set
* PMR, RPR, CTLR trap if ICH_HCR_EL2.TC is set
* SGI0R, SGI1R, ASGI1R trap if ICH_HCR_EL2.TC is set or
if HCR_EL2.IMO or HCR_EL2.FMO are set
We split DIR and the SGI registers out into their own access
functions, leaving the existing gicv3_irqfiq_access() just
handling PMR, RPR and CTLR.
This commit doesn't implement support for trapping on
HSTR_EL2.T12 for the 32-bit registers, as we don't implement
any of those per-coprocessor trap bits currently and
probably will want to do those in some more centralized way.
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
hw/intc/arm_gicv3: Implement ICV_ registers which are just accessors
If the HCR_EL2.IMO or FMO bits are set, accesses to ICC_
system registers are redirected to be accesses to ICV_
registers (the guest-visible interface to the virtual
interrupt controller). Implement this behaviour for the
ICV_ registers which are simple accessors to the underlying
register state.
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
hw/intc/arm_gicv3: Add accessors for ICH_ system registers
The GICv3 virtualization interface includes system registers
accessible only to the hypervisor which form the control
interface for interrupt virtualization. Implement these
registers.
The function gicv3_cpuif_virt_update() which determines
whether it needs to signal vIRQ, vFIQ or a maintenance
interrupt is introduced here as a stub function -- its
implementation will be added in a subsequent commit.
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
hw/intc/gicv3: Add data fields for virtualization support
As the first step in adding support for the virtualization
extensions to the GICv3 emulation:
* add the necessary data fields to the state structures
* add the fields to the migration state, as a subsection
which is only present if virtualization is enabled
The use of a subsection means we retain migration
compatibility as EL2 is not enabled on any CPUs currently.
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
target-arm: Add ARMCPU fields for GIC CPU i/f config
Add fields to the ARMCPU structure to allow CPU classes to
specify the configurable aspects of their GIC CPU interface.
In particular, the virtualization support allows different
values for number of list registers, priority bits and
preemption bits.
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
target-arm: Expose output GPIO line for VCPU maintenance interrupt
The GICv3 support for virtualization includes an outbound
maintenance interrupt signal which is asserted when the
CPU interface wants to signal to the hypervisor that it
needs attention. Expose this as an outbound GPIO line from
the CPU object which can be wired up as a physical interrupt
line by the board code (as we do already for the CPU timers).
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
hw/intc/arm_gic: Add external IRQ lines for VIRQ and VFIQ
Augment the GIC's QOM device interface by adding two
new sets of sysbus IRQ lines, to signal VIRQ and VFIQ to
each CPU.
We never use these, but it's helpful to keep the v2-and-earlier
GIC's external interface in line with that of the GICv3 to
avoid board code having to add extra code conditional on which
version of the GIC is in use.
Shannon Zhao [Fri, 20 Jan 2017 11:15:08 +0000 (11:15 +0000)]
arm: virt: Fix segmentation fault when specifying an unsupported CPU
Using -cpu cortex-a9 (or any other unsupported CPU) with the virt
board will cause QEMU to segmentation fault. This bug was introduced
in commit 9ac4ef77, which incorrectly added a NULL terminator when
converting the VirtBoardInfo array into a simple array of strings
defining the valid CPUs. The cpuname_valid() loop already has
a termination condition based on ARRAY_SIZE, so the NULL is
spurious and causes the strcmp() to segfault if we reach it.
Delete the NULL.
Cédric Le Goater [Fri, 20 Jan 2017 11:15:08 +0000 (11:15 +0000)]
aspeed/smc: extend tests for Command mode
The Aspeed SMC controllers have a mode (Command mode) in which
accesses to the flash content are no different than doing MMIOs. The
controller generates all the necessary commands to load (or store)
data in memory.
So add a couple of tests doing direct reads and writes on the AHB bus.
Cédric Le Goater [Fri, 20 Jan 2017 11:15:08 +0000 (11:15 +0000)]
aspeed/smc: handle SPI flash Command mode
The Aspeed SMC controllers have a mode (Command mode) in which
accesses to the flash content are no different than doing MMIOs. The
controller generates all the necessary commands to load (or store)
data in memory.
However, accesses are restricted to the segment window assigned the
the flash module by the controller. This window is defined by the
Segment Address Register.
Cédric Le Goater [Fri, 20 Jan 2017 11:15:08 +0000 (11:15 +0000)]
aspeed/smc: adjust the size of the register region
The SPI controller of the AST2400 SoC has less registers. So we can
adjust the size of the memory region holding the registers depending
on the controller type. We can also remove the guest_error logging
which is useless as the range of the region is strict enough.
Cédric Le Goater [Fri, 20 Jan 2017 11:15:07 +0000 (11:15 +0000)]
aspeed/smc: autostrap CE0/1 configuration
On the AST2500 SoC, the FMC controller flash type is fixed to SPI for
CE0 and CE1 and 4BYTE mode is autodetected for CE0.
On the AST2400 SoC, the FMC controller flash type and 4BYTE mode are
strapped with register SCU70. We use the default settings from the
palmetto-bmc machine for now.
Cédric Le Goater [Fri, 20 Jan 2017 11:15:07 +0000 (11:15 +0000)]
aspeed/smc: remove call to aspeed_smc_update_cs() in reset function
Instead, we can simply set the irq level when unselecting the slave
devices. This change prepares ground for a subsequent cleanup of the
aspeed_smc_update_cs() routine which uselessly loops on all slaves to
update their status.
Peter Maydell [Fri, 20 Jan 2017 11:15:07 +0000 (11:15 +0000)]
target/arm: Implement DBGVCR32_EL2 system register
The DBGVCR_EL2 system register is needed to run a 32-bit
EL1 guest under a Linux EL2 64-bit hypervisor. Its only
purpose is to provide AArch64 with access to the state of
the DBGVCR AArch32 register. Since we only have a dummy
DBGVCR, implement a corresponding dummy DBGVCR32_EL2.
Peter Maydell [Fri, 20 Jan 2017 11:15:07 +0000 (11:15 +0000)]
target/arm: Handle VIRQ and VFIQ in arm_cpu_do_interrupt_aarch32()
To run a VM in 32-bit EL1 our AArch32 interrupt handling code
needs to be able to cope with VIRQ and VFIQ exceptions.
These behave like IRQ and FIQ except that we don't need to try
to route them to Monitor mode.
n25q00 and mt25q01 devices share the same JEDEC ID. The difference
between those two devices is number of dies and one bit in extended
JEDEC bytes. This commit adds proper entry for both devices by
introduction the number of dies and and new 25q00 entries.
Modern big flash NOR devices consist of more than one die.
Some of them do not support chip erase and instead have a die
erase command that can erase one die only. This commit adds
support for defining the number of dies in the chip, and adds
support for die erase command.
The NOR flash model is not strict, so no option to
disable chip erase has been added.
Alastair D'Silva [Fri, 20 Jan 2017 11:15:06 +0000 (11:15 +0000)]
arm: Uniquely name imx25 I2C buses.
The imx25 chip provides 3 i2c buses, but they have all been named
"i2c", which makes it difficult to predict which bus a device will
be connected to when specified on the command line.
This patch addresses the issue by naming the buses uniquely:
i2c-bus.0 i2c-bus.1 i2c-bus.2
Peter Maydell [Thu, 19 Jan 2017 18:34:13 +0000 (18:34 +0000)]
Merge remote-tracking branch 'remotes/artyom/tags/pull-sun4v-20170118' into staging
add OpenSPARC T1 emulation
# gpg: Signature made Wed 18 Jan 2017 22:25:47 GMT
# gpg: using RSA key 0x3360C3F7411A125F
# gpg: Good signature from "Artyom Tarasenko <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2AD8 6149 17F4 B2D7 05C0 BB12 3360 C3F7 411A 125F
* remotes/artyom/tags/pull-sun4v-20170118: (30 commits)
target-sparc: fix up niagara machine
target-sparc: move common cpu initialisation routines to sparc64.c
target-sparc: implement sun4v RTC
target-sparc: add ST_BLKINIT_ ASIs for UA2005+ CPUs
target-sparc: store the UA2005 entries in sun4u format
target-sparc: implement UA2005 ASI_MMU (0x21)
target-sparc: add more registers to dump_mmu
target-sparc: implement auto-demapping for UA2005 CPUs
target-sparc: allow 256M sized pages
target-sparc: simplify ultrasparc_tsb_pointer
target-sparc: implement UA2005 TSB Pointers
target-sparc: use SparcV9MMU type for sparc64 I/D-MMUs
target-sparc: replace the last tlb entry when no free entries left
target-sparc: ignore writes to UA2005 CPU mondo queue register
target-sparc: allow priveleged ASIs in hyperprivileged mode
target-sparc: use direct address translation in hyperprivileged mode
target-sparc: fix immediate UA2005 traps
target-sparc: implement UA2005 rdhpstate and wrhpstate instructions
target-sparc: implement UA2005 GL register
target-sparc: implement UA2005 hypervisor traps
...
Remove the Niagara stub implementation from sun4u.c and add a machine,
compatible with Legion simulator from the OpenSPARC T1 project.
The machine uses the firmware supplied with the OpenSPARC T1 project,
http://download.oracle.com/technetwork/systems/opensparc/OpenSPARCT1_Arch.1.5.tar.bz2
in the directory S10image/, and is able to boot the supplied Solaris 10 image.
Note that for compatibility with the naming conventions for SPARC machines
the new machine name is lowercase niagara.
target-sparc: store the UA2005 entries in sun4u format
According to chapter 13.3 of the
UltraSPARC T1 Supplement to the UltraSPARC Architecture 2005,
only the sun4u format is available for data-access loads.
Store UA2005 entries in the sun4u format to simplify processing.
Artyom Tarasenko [Sun, 12 Jun 2016 20:19:43 +0000 (22:19 +0200)]
target-sparc: on UA2005 don't deliver Interrupt_level_n IRQs in hypervisor mode
As described in Chapter 5.7.6 of the UltraSPARC Architecture 2005,
outstanding disrupting exceptions that are destined for privileged mode can only
cause a trap when the virtual processor is in nonprivileged or privileged mode and
PSTATE.ie = 1. At all other times, they are held pending.
Artyom Tarasenko [Mon, 23 Jan 2012 13:31:21 +0000 (14:31 +0100)]
target-sparc: ignore MMU-faults if MMU is disabled in hypervisor mode
while IMMU/DMMU is disabled
- ignore MMU-faults in hypervisorv mode or if CPU doesn't have hypervisor
- signal TT_INSN_REAL_TRANSLATION_MISS/TT_DATA_REAL_TRANSLATION_MISS otherwise
This fixes
http://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg03062.html
While I think we could get away with relying on the undocumented
behaviour, the tcg constraint system isn't powerful enough to
properly describe the required (non-)overlap conditions.
Peter Maydell [Tue, 17 Jan 2017 11:20:27 +0000 (11:20 +0000)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
# gpg: Signature made Mon 16 Jan 2017 13:38:52 GMT
# gpg: using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <[email protected]>"
# gpg: aka "Stefan Hajnoczi <[email protected]>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/block-pull-request:
async: optimize aio_bh_poll
aio: document locking
aio-win32: remove walking_handlers, protecting AioHandler list with list_lock
aio-posix: remove walking_handlers, protecting AioHandler list with list_lock
aio: tweak walking in dispatch phase
aio-posix: split aio_dispatch_handlers out of aio_dispatch
qemu-thread: optimize QemuLockCnt with futexes on Linux
aio: make ctx->list_lock a QemuLockCnt, subsuming ctx->walking_bh
qemu-thread: introduce QemuLockCnt
aio: rename bh_lock to list_lock
block: get rid of bdrv_io_unplugged_begin/end
Peter Maydell [Mon, 16 Jan 2017 18:23:02 +0000 (18:23 +0000)]
Merge remote-tracking branch 'remotes/stsquad/tags/pull-tcg-common-tlb-reset-20170113-r1' into staging
This is the same as the v3 posted except a re-base and a few extra signoffs
# gpg: Signature made Fri 13 Jan 2017 14:26:46 GMT
# gpg: using RSA key 0xFBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <[email protected]>"
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* remotes/stsquad/tags/pull-tcg-common-tlb-reset-20170113-r1:
cputlb: drop flush_global flag from tlb_flush
cpu_common_reset: wrap TCG specific code in tcg_enabled()
qom/cpu: move tlb_flush to cpu_common_reset
Paolo Bonzini [Thu, 12 Jan 2017 18:07:53 +0000 (19:07 +0100)]
aio: make ctx->list_lock a QemuLockCnt, subsuming ctx->walking_bh
This will make it possible to walk the list of bottom halves without
holding the AioContext lock---and in turn to call bottom half
handlers without holding the lock.
Paolo Bonzini [Thu, 12 Jan 2017 18:07:52 +0000 (19:07 +0100)]
qemu-thread: introduce QemuLockCnt
A QemuLockCnt comprises a counter and a mutex, with primitives
to increment and decrement the counter, and to take and release the
mutex. It can be used to do lock-free visits to a data structure
whenever mutexes would be too heavy-weight and the critical section
is too long for RCU.
This could be implemented simply by protecting the counter with the
mutex, but QemuLockCnt is harder to misuse and more efficient.
Paolo Bonzini [Tue, 29 Nov 2016 11:33:34 +0000 (12:33 +0100)]
block: get rid of bdrv_io_unplugged_begin/end
bdrv_io_plug and bdrv_io_unplug are only called (via their
BlockBackend equivalents) after starting asynchronous I/O.
bdrv_drain is not going to be called while they are running,
because---even if a coroutine runs for some reason---it will
only drain in the next iteration of the event loop through
bdrv_co_yield_to_drain.
Peter Maydell [Mon, 16 Jan 2017 12:41:35 +0000 (12:41 +0000)]
Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-2.9-pull-request' into staging
# gpg: Signature made Sat 14 Jan 2017 09:06:31 GMT
# gpg: using RSA key 0xF30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <[email protected]>"
# gpg: aka "Laurent Vivier <[email protected]>"
# gpg: aka "Laurent Vivier (Red Hat) <[email protected]>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C
* remotes/vivier/tags/m68k-for-2.9-pull-request:
target-m68k: increment/decrement with SP
target-m68k: CAS doesn't need aligned access
target-m68k: manage pre-dec et post-inc in CAS
target-m68k: fix gen_flush_flags()
target-m68k: fix bit operation with immediate value
m68k: Remove PCI and USB from config file
target-m68k: Implement bfffo
target-m68k: Implement bitfield ops for memory
target-m68k: Implement bitfield ops for registers
* remotes/rth/tags/pull-tcg-20170113:
tcg/aarch64: Fix tcg_out_movi
tcg/aarch64: Fix addsub2 for 0+C
target/arm: Fix ubfx et al for aarch64
tcg/s390: Fix merge error with facilities
As the name suggests, the qapi2texi script converts JSON QAPI
description into a texi file suitable for different target
formats (info/man/txt/pdf/html...).
It parses the following kind of blocks:
Free-form:
##
# = Section
# == Subsection
#
# Some text foo with *emphasis*
# 1. with a list
# 2. like that
#
# And some code:
# | $ echo foo
# | -> do this
# | <- get that
#
##
Symbol description:
##
# @symbol:
#
# Symbol body ditto ergo sum. Foo bar
# baz ding.
#
# @param1: the frob to frobnicate
# @param2: #optional how hard to frobnicate
#
# Returns: the frobnicated frob.
# If frob isn't frobnicatable, GenericError.
#
# Since: version
# Notes: notes, comments can have
# - itemized list
# - like this
#
# Example:
#
# -> { "execute": "quit" }
# <- { "return": {} }
#
##
That's roughly following the following EBNF grammar:
api_comment = "##\n" comment "##\n"
comment = freeform_comment | symbol_comment
freeform_comment = { "# " text "\n" | "#\n" }
symbol_comment = "# @" name ":\n" { member | tag_section | freeform_comment }
member = "# @" name ':' [ text ] "\n" freeform_comment
tag_section = "# " ( "Returns:", "Since:", "Note:", "Notes:", "Example:", "Examples:" ) [ text ] "\n" freeform_comment
text = free text with markup
Note that the grammar is ambiguous: a line "# @foo:\n" can be parsed
both as freeform_comment and as symbol_comment. The actual parser
recognizes symbol_comment.
See docs/qapi-code-gen.txt for more details.
Deficiencies and limitations:
- the generated QMP documentation includes internal types
- union type support is lacking
- type information is lacking in generated documentation
- doc comment error message positions are imprecise, they point
to the beginning of the comment.
- a few minor issues, all marked TODO/FIXME in the code
projects / qemu.git / log