David Gibson [Fri, 18 Oct 2019 04:19:31 +0000 (15:19 +1100)]
spapr: Don't trigger a CAS reboot for XICS/XIVE mode changeover
PAPR allows the interrupt controller used on a POWER9 machine (XICS or
XIVE) to be selected by the guest operating system, by using the
ibm,client-architecture-support (CAS) feature negotiation call.
Currently, if the guest selects an interrupt controller different from the
one selected at initial boot, this causes the system to be reset with the
new model and the boot starts again. This means we run through the SLOF
boot process twice, as well as any other bootloader (e.g. grub) in use
before the OS calls CAS. This can be confusing and/or inconvenient for
users.
Thanks to two fairly recent changes, we no longer need this reboot. 1) we
now completely regenerate the device tree when CAS is called (meaning we
don't need special case updates for all the device tree changes caused by
the interrupt controller mode change), 2) we now have explicit code paths
to activate and deactivate the different interrupt controllers, rather than
just implicitly calling those at machine reset time.
We can therefore eliminate the reboot for changing irq mode, simply by
putting a call to spapr_irq_update_active_intc() before we call
spapr_h_cas_compose_response() (which gives the updated device tree to
the guest firmware and OS).
ppc: well form kvmppc_hint_smt_possible error hint helper
Make kvmppc_hint_smt_possible hint append helper well formed:
rename errp to errp_in, as it is IN-parameter here (which is unusual
for errp), rename function to be kvmppc_error_append_*_hint.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:20 +0000 (07:58 +0100)]
ppc/pnv: Dump the XIVE NVT table
This is useful to dump the saved contexts of the vCPUs : configuration
of the base END index of the vCPU and the Interrupt Pending Buffer
register, which is updated when an interrupt can not be presented.
When dumping the NVT table, we skip empty indirect pages which are not
necessarily allocated.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:18 +0000 (07:58 +0100)]
ppc/pnv: Introduce a pnv_xive_block_id() helper
When PC_TCTXT_CHIPID_OVERRIDE is configured, the PC_TCTXT_CHIPID field
overrides the hardwired chip ID in the Powerbus operations and for CAM
compares. This is typically used in the one block-per-chip configuration
to associate a unique block id number to each IC of the system.
Simplify the model with a pnv_xive_block_id() helper and remove
'tctx_chipid' which becomes useless.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:17 +0000 (07:58 +0100)]
ppc/xive: Synthesize interrupt from the saved IPB in the NVT
When a vCPU is dispatched on a HW thread, its context is pushed in the
thread registers and it is activated by setting the VO bit in the CAM
line word2. The HW grabs the associated NVT, pulls the IPB bits and
merges them with the IPB of the new context. If interrupts were missed
while the vCPU was not dispatched, these are synthesized in this
sequence.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:14 +0000 (07:58 +0100)]
ppc/xive: Move the TIMA operations to the controller model
On the P9 Processor, the thread interrupt context registers of a CPU
can be accessed "directly" when by load/store from the CPU or
"indirectly" by the IC through an indirect TIMA page. This requires to
configure first the PC_TCTXT_INDIRx registers.
Today, we rely on the get_tctx() handler to deduce from the CPU PIR
the chip from which the TIMA access is being done. By handling the
TIMA memory ops under the interrupt controller model of each machine,
we can uniformize the TIMA direct and indirect ops under PowerNV. We
can also check that the CPUs have been enabled in the XIVE controller.
This prepares ground for the future versions of XIVE.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:13 +0000 (07:58 +0100)]
ppc/pnv: Clarify how the TIMA is accessed on a multichip system
The TIMA region gives access to the thread interrupt context registers
of a CPU. It is mapped at the same address on all chips and can be
accessed by any CPU of the system. To identify the chip from which the
access is being done, the PowerBUS uses a 'chip' field in the
load/store messages. QEMU does not model these messages, instead, we
extract the chip id from the CPU PIR and do a lookup at the machine
level to fetch the targeted interrupt controller.
Introduce pnv_get_chip() and pnv_xive_tm_get_xive() helpers to clarify
this process in pnv_xive_get_tctx(). The latter will be removed in the
subsequent patches but the same principle will be kept.
Greg Kurz [Tue, 26 Nov 2019 16:46:33 +0000 (17:46 +0100)]
spapr/xive: Configure number of servers in KVM
The XIVE KVM devices now has an attribute to configure the number of
interrupt servers. This allows to greatly optimize the usage of the VP
space in the XIVE HW, and thus to start a lot more VMs.
Only set this attribute if available in order to support older POWER9
KVM.
The XIVE KVM device now reports the exhaustion of VPs upon the
connection of the first VCPU. Check that in order to have a chance
to provide a hint to the user.
Greg Kurz [Tue, 26 Nov 2019 16:46:28 +0000 (17:46 +0100)]
spapr/xics: Configure number of servers in KVM
The XICS-on-XIVE KVM devices now has an attribute to configure the number
of interrupt servers. This allows to greatly optimize the usage of the VP
space in the XIVE HW, and thus to start a lot more VMs.
Only set this attribute if available in order to support older POWER9 KVM
and pre-POWER9 XICS KVM devices.
Greg Kurz [Tue, 26 Nov 2019 16:46:23 +0000 (17:46 +0100)]
spapr: Pass the maximum number of vCPUs to the KVM interrupt controller
The XIVE and XICS-on-XIVE KVM devices on POWER9 hosts can greatly reduce
their consumption of some scarce HW resources, namely Virtual Presenter
identifiers, if they know the maximum number of vCPUs that may run in the
VM.
Prepare ground for this by passing the value down to xics_kvm_connect()
and kvmppc_xive_connect(). This is purely mechanical, no functional
change.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:12 +0000 (07:58 +0100)]
ppc/xive: Extend the TIMA operation with a XivePresenter parameter
The TIMA operations are performed on behalf of the XIVE IVPE sub-engine
(Presenter) on the thread interrupt context registers. The current
operations supported by the model are simple and do not require access
to the controller but more complex operations will need access to the
controller NVT table and to its configuration.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:11 +0000 (07:58 +0100)]
ppc/xive: Use the XiveFabric and XivePresenter interfaces
Now that the machines have handlers implementing the XiveFabric and
XivePresenter interfaces, remove xive_presenter_match() and make use
of the 'match_nvt' handler of the machine.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:10 +0000 (07:58 +0100)]
ppc/spapr: Implement the XiveFabric interface
The CAM line matching sequence in the pseries machine does not change
much apart from the use of the new QOM interfaces. There is an extra
indirection because of the sPAPR IRQ backend of the machine. Only the
XIVE backend implements the new 'match_nvt' handler.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:08 +0000 (07:58 +0100)]
ppc/xive: Introduce a XiveFabric interface
The XiveFabric QOM interface acts as the PowerBUS interface between
the interrupt controller and the system and should be implemented by
the QEMU machine. On HW, the XIVE sub-engine is responsible for the
communication with the other chip is the Common Queue (CQ) bridge
unit.
This interface offers a 'match_nvt' handler to perform the CAM line
matching when looking for a XIVE Presenter with a dispatched NVT.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:07 +0000 (07:58 +0100)]
ppc/pnv: Fix TIMA indirect access
When the TIMA of a CPU needs to be accessed from the indirect page,
the thread id of the target CPU is first stored in the PC_TCTXT_INDIR0
register. This thread id is relative to the chip and not to the system.
Introduce a helper routine to look for a CPU of a given PIR and fix
pnv_xive_get_indirect_tctx() to scan only the threads of the local
chip and not the whole machine.
Greg Kurz [Mon, 25 Nov 2019 06:58:03 +0000 (07:58 +0100)]
ppc/pnv: Instantiate cores separately
Allocating a big void * array to store multiple objects isn't a
recommended practice for various reasons:
- no compile time type checking
- potential dangling pointers if a reference on an individual is
taken and the array is freed later on
- duplicate boiler plate everywhere the array is browsed through
Allocate an array of pointers and populate it instead.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:02 +0000 (07:58 +0100)]
ppc/xive: Implement the XivePresenter interface
Each XIVE Router model, sPAPR and PowerNV, now implements the 'match_nvt'
handler of the XivePresenter QOM interface. This is simply moving code
and taking into account the new API.
To be noted that the xive_router_get_tctx() helper is not used anymore
when doing CAM matching and will be removed later on after other changes.
The XIVE presenter model is still too simple for the PowerNV machine
and the CAM matching algo is not correct on multichip system. Subsequent
patches will introduce more changes to scan all chips of the system.
Cédric Le Goater [Mon, 25 Nov 2019 06:58:01 +0000 (07:58 +0100)]
ppc/xive: Introduce a XivePresenter interface
When the XIVE IVRE sub-engine (XiveRouter) looks for a Notification
Virtual Target (NVT) to notify, it broadcasts a message on the
PowerBUS to find an XIVE IVPE sub-engine (Presenter) with the NVT
dispatched on one of its HW threads, and then forwards the
notification if any response was received.
The current XIVE presenter model is sufficient for the pseries machine
because it has a single interrupt controller device, but the PowerNV
machine can have multiple chips each having its own interrupt
controller. In this case, the XIVE presenter model is too simple and
the CAM line matching should scan all chips of the system.
To start fixing this issue, we first extend the XIVE Router model with
a new XivePresenter QOM interface representing the XIVE IVPE
sub-engine. This interface exposes a 'match_nvt' handler which the
sPAPR and PowerNV XIVE Router models will need to implement to perform
the CAM line matching.
Cédric Le Goater [Thu, 21 Nov 2019 16:23:40 +0000 (17:23 +0100)]
ppc/pnv: Create BMC devices at machine init
The BMC of the OpenPOWER systems monitors the machine state using
sensors, controls the power and controls the access to the PNOR flash
device containing the firmware image required to boot the host.
QEMU models the power cycle process, access to the sensors and access
to the PNOR device. But, for these features to be available, the QEMU
PowerNV machine needs two extras devices on the command line, an IPMI
BT device for communication and a BMC backend device:
The BMC properties are then defined accordingly in the device tree and
OPAL self adapts. If a BMC device and an IPMI BT device are not
available, OPAL does not try to communicate with the BMC in any
manner. This is not how real systems behave.
To be closer to the default behavior, create an IPMI BMC simulator
device and an IPMI BT device at machine initialization time. We loose
the ability to define an external BMC device but there are benefits:
- a better match with real systems,
- a better test coverage of the OPAL code,
- system powerdown and reset commands that work,
- a QEMU device tree compliant with the specifications (*).
Cédric Le Goater [Mon, 28 Oct 2019 07:00:27 +0000 (08:00 +0100)]
ppc/pnv: Add HIOMAP commands
This activates HIOMAP support on the QEMU PowerNV machine. The PnvPnor
model is used to access the flash contents. The model simply maps the
contents at a fix offset and enables or disables the mapping.
Cédric Le Goater [Fri, 15 Nov 2019 16:24:19 +0000 (17:24 +0100)]
ppc/xive: Introduce OS CAM line helpers
The OS CAM line has a special encoding exploited by the HW. Provide
helper routines to hide the details to the TIMA command handlers. This
also clarifies the endianness of different variables : 'qw1w2' is
big-endian and 'cam' is native.
Greg Kurz [Mon, 18 Nov 2019 15:12:07 +0000 (16:12 +0100)]
xive/kvm: Trigger interrupts from userspace
When using the XIVE KVM device, the trigger page is directly accessible
in QEMU. Unlike with XICS, no need to ask KVM to fire the interrupt. A
simple store on the trigger page does the job.
Just call xive_esb_trigger().
This may improve performance of emulated devices that go through
qemu_set_irq(), eg. virtio devices created with ioeventfd=off or
configured by the guest to use LSI interrupts, which aren't really
recommended setups.
Cédric Le Goater [Fri, 15 Nov 2019 16:24:16 +0000 (17:24 +0100)]
ppc/pnv: Remove pnv_xive_vst_size() routine
pnv_xive_vst_size() tries to compute the size of a VSD table from the
information given by FW. The number of entries of the table are
deduced from the result and the MMIO regions of the ESBs and the END
ESBs are then resized accordingly with the computed value. This
reduces the number of elements that can be addressed by the ESB pages.
The maximum number of elements of a direct table can contain is simply:
Table size / sizeof(XIVE structure)
An indirect table is a one page array of VSDs pointing to subpages
containing XIVE virtual structures and the maximum number of elements
an indirect table can contain :
which gives us 16M for XiveENDs, 8M for XiveNVTs. That's more than the
associated VC and PC BARS can address.
The result returned by pnv_xive_vst_size() for indirect tables is
incorrect and can not be used to reduce the size of the MMIO region of
a XIVE resource using an indirect table, such as ENDs in skiboot.
Remove pnv_xive_vst_size() and use a simpler form for direct tables
only. Keep the resizing of the MMIO region for direct tables only as
this is still useful for the ESB MMIO window.
Cédric Le Goater [Fri, 15 Nov 2019 16:24:15 +0000 (17:24 +0100)]
ppc/xive: Introduce helpers for the NVT id
Each vCPU in the system is identified with an NVT identifier which is
pushed in the OS CAM line (QW1W2) of the HW thread interrupt context
register when the vCPU is dispatched on a HW thread. This identifier
is used by the presenter subengine to find a matching target to notify
of an event. It is also used to fetch the associate NVT structure
which may contain pending interrupts that need a resend.
Add a couple of helpers for the NVT ids. The NVT space is 19 bits
wide, giving a maximum of 512K per chip.
Cédric Le Goater [Fri, 15 Nov 2019 16:24:14 +0000 (17:24 +0100)]
ppc/xive: Record the IPB in the associated NVT
When an interrupt can not be presented to a vCPU, because it is not
running on any of the HW treads, the XIVE presenter updates the
Interrupt Pending Buffer register of the associated XIVE NVT
structure. This is only done if backlog is activated in the END but
this is generally the case.
The current code assumes that the fields of the NVT structure is
architected with the same layout of the thread interrupt context
registers. Fix this assumption and define an offset for the IPB
register backup value in the NVT.
Greg Kurz [Sun, 17 Nov 2019 23:20:52 +0000 (00:20 +0100)]
spapr: Abort if XICS interrupt controller cannot be initialized
Failing to set any of the ICS property should really never happen:
- object_property_add_child() always succeed unless the child object
already has a parent, which isn't the case here obviously since the
ICS has just been created with object_new()
- the ICS has an "nr-irqs" property than can be set as long as the ICS
isn't realized
In both cases, an error indicates there is a bug in QEMU. Propagating the
error, ie. exiting QEMU since spapr_irq_init() is called with &error_fatal
doesn't make much sense. Abort instead. This is consistent with what is
done with XIVE : both qdev_create() and qdev_prop_set_uint32() abort QEMU
on error.
Greg Kurz [Sun, 17 Nov 2019 23:20:47 +0000 (00:20 +0100)]
xics: Link ICP_PROP_CPU property to ICPState::cs pointer
The ICP object has both a pointer and an ICP_PROP_CPU property pointing
to the cpu. Confusing bugs could arise if these ever go out of sync.
Change the property definition so that it explicitly sets the pointer.
The property isn't optional : not being able to set the link is a bug
and QEMU should rather abort than exit in this case.
Greg Kurz [Sun, 17 Nov 2019 23:20:41 +0000 (00:20 +0100)]
xics: Link ICP_PROP_XICS property to ICPState::xics pointer
The ICP object has both a pointer and an ICP_PROP_XICS property pointing
to the XICS fabric. Confusing bugs could arise if these ever go out of
sync.
Change the property definition so that it explicitly sets the pointer.
The property isn't optional : not being able to set the link is a bug
and QEMU should rather abort than exit in this case.
Greg Kurz [Sun, 17 Nov 2019 23:20:36 +0000 (00:20 +0100)]
xics: Link ICS_PROP_XICS property to ICSState::xics pointer
The ICS object has both a pointer and an ICS_PROP_XICS property pointing
to the XICS fabric. Confusing bugs could arise if these ever go out of
sync.
Change the property definition so that it explicitely sets the pointer.
The property isn't optional : not being able to set the link is a bug
and QEMU should rather abort than exit in this case.
Greg Kurz [Fri, 15 Nov 2019 15:55:37 +0000 (16:55 +0100)]
xive: Link "xive" property to XiveEndSource::xrtr pointer
The END source object has both a pointer and a "xive" property pointing to
the router object. Confusing bugs could arise if these ever go out of sync.
Change the property definition so that it explicitely sets the pointer.
The property isn't optional : not being able to set the link is a bug
and QEMU should rather abort than exit in this case.
Greg Kurz [Fri, 15 Nov 2019 15:55:32 +0000 (16:55 +0100)]
xive: Link "xive" property to XiveSource::xive pointer
The source object has both a pointer and a "xive" property pointing to the
notifier object. Confusing bugs could arise if these ever go out of sync.
Change the property definition so that it explicitely sets the pointer.
The property isn't optional : not being able to set the link is a bug
and QEMU should rather abort than exit in this case.
Cédric Le Goater [Mon, 21 Oct 2019 13:12:11 +0000 (15:12 +0200)]
ppc/pnv: Add a PNOR model
On a POWERPC PowerNV system, the host firmware is stored in a PNOR
flash chip which contents is mapped on the LPC bus. This model adds a
simple dummy device to map the contents of a block device in the host
address space.
Peter Maydell [Mon, 16 Dec 2019 13:04:33 +0000 (13:04 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20191216-1' into staging
target-arm queue:
* Add support for Cortex-M7 CPU
* exynos4210_gic: Suppress gcc9 format-truncation warnings
* aspeed: Various minor bug fixes and improvements
* aspeed: Add support for the tacoma-bmc board
* Honour HCR_EL32.TID1 and .TID2 trapping requirements
* Handle trapping to EL2 of AArch32 VMRS instructions
* Handle AArch32 CP15 trapping via HSTR_EL2
* Add support for missing Jazelle system registers
* arm/arm-powerctl: set NSACR.{CP11, CP10} bits in arm_set_cpu_on
* Add support for DC CVAP & DC CVADP instructions
* Fix assertion when SCR.NS is changed in Secure-SVC &c
* enable SHPC native hot plug in arm ACPI
* remotes/pmaydell/tags/pull-target-arm-20191216-1: (34 commits)
target/arm: ensure we use current exception state after SCR update
hw/arm/virt: Simplify by moving the gic in the machine state
hw/arm/acpi: enable SHPC native hot plug
hw/arm/acpi: simplify AML bit and/or statement
hw/arm/sbsa-ref: Simplify by moving the gic in the machine state
target/arm: Add support for DC CVAP & DC CVADP ins
migration: ram: Switch to ram block writeback
Memory: Enable writeback for given memory region
tcg: cputlb: Add probe_read
arm/arm-powerctl: set NSACR.{CP11, CP10} bits in arm_set_cpu_on()
target/arm: Add support for missing Jazelle system registers
target/arm: Handle AArch32 CP15 trapping via HSTR_EL2
target/arm: Handle trapping to EL2 of AArch32 VMRS instructions
target/arm: Honor HCR_EL2.TID1 trapping requirements
target/arm: Honor HCR_EL2.TID2 trapping requirements
aspeed: Change the "nic" property definition
aspeed: Change the "scu" property definition
gpio: fix memory leak in aspeed_gpio_init()
aspeed: Add support for the tacoma-bmc board
aspeed: Remove AspeedBoardConfig array and use AspeedMachineClass
...
File tests/acceptance/linux_ssh_mips_malta.py is crucial for
entire MIPS platform, so add it to the MIPS section. The
maintainership will be shared with others.
Add three files that were recently introduced in a refactoring,
that Malta emulation relies on. They are added by this patch
to Malta section, but they are not added to the general MIPS
section, since they are really not MIPS-specific, and there
may be some non-MIPS hardware using them in future.
The r4k machine was introduced in 2005 (6af0bf9c7) and its last
logical change was in 2005 (9542611a6). After that, one can
count 164 maintenance commits (QEMU API changes) with the
exception of 1 fix in 2015 (memory leak, commit 3ad9fd5a).
This machine was introduced as a proof of concept to run a MIPS
CPU. Two years later, the Malta machine was added (commit 5856de80), modeling a real platform.
Note also this machine has no specification except 5 lines in
the header of this file:
* emulates a simple machine with ISA-like bus.
* ISA IO space mapped to the 0x14000000 (PHYS) and
* ISA memory at the 0x10000000 (PHYS, 16Mb in size).
* All peripherial devices are attached to this "bus" with
* the standard PC ISA addresses.
The Linux kernel support for this machine has been dropped more
than 10 years ago in commit 302922e5.
It is time to deprecate this obsolete machine. Users are
recommended to use the Malta board, and its hardware is well
documented.
Filip Bozuta [Fri, 6 Dec 2019 13:58:07 +0000 (14:58 +0100)]
mips: fulong 2e: Renovate coding style
The script checkpatch.pl located in scripts folder was
used to detect all errors and warrnings in files:
hw/mips/mips_fulong2e.c
hw/isa/vt82c686.c
hw/pci-host/bonito.c
include/hw/isa/vt82c686.h
These mips Fulong 2E machine files were edited and
all the errors and warrings generated by the checkpatch.pl
script were corrected and then the script was
ran again to make sure there are no more errors and warnings.
Filip Bozuta [Fri, 6 Dec 2019 13:58:06 +0000 (14:58 +0100)]
mips: r4000: Renovate coding style
The script checkpatch.pl located in scripts folder was
used to detect all errors and warrnings in file:
hw/mips/mips_r4k.c
This mips r4000 machine file was edited and
all the errors and warrings generated by the checkpatch.pl
script were corrected and then the script was
ran again to make sure there are no more errors and warnings.
Filip Bozuta [Fri, 6 Dec 2019 13:58:05 +0000 (14:58 +0100)]
mips: mipssim: Renovate coding style
The script checkpatch.pl located in scripts folder was
used to detect all errors and warrnings in files:
hw/mips/mips_mipssim.c
hw/net/mipsnet.c
All these mips mipssim machine files were edited and
all the errors and warrings generated by the checkpatch.pl
script were corrected and then the script was
ran again to make sure there are no more errors and warnings.
Filip Bozuta [Fri, 6 Dec 2019 13:58:04 +0000 (14:58 +0100)]
mips: malta: Renovate coding style
The script checkpatch.pl located in scripts folder was
used to detect all errors and warrnings in files:
hw/mips/mips_malta.c
hw/mips/gt64xxx_pci.c
tests/acceptance/linux_ssh_mips_malta.py
All these mips malta machine files were edited and
all the errors and warrings generated by the checkpatch.pl
script were corrected and then the script was
ran again to make sure there are no more errors and warnings.
Filip Bozuta [Fri, 6 Dec 2019 13:58:03 +0000 (14:58 +0100)]
mips: jazz: Renovate coding style
The script checkpatch.pl located in scripts folder was
used to detect all errors and warrnings in files:
hw/mips/mips_jazz.c
hw/display/jazz_led.c
hw/dma/rc4030.c
All these mips jazz machine files were edited and
all the errors and warrings generated by the checkpatch.pl
script were corrected and then the script was
ran again to make sure there are no more errors and warnings.
Alex Bennée [Thu, 12 Dec 2019 11:47:34 +0000 (11:47 +0000)]
target/arm: ensure we use current exception state after SCR update
A write to the SCR can change the effective EL by droppping the system
from secure to non-secure mode. However if we use a cached current_el
from before the change we'll rebuild the flags incorrectly. To fix
this we introduce the ARM_CP_NEWEL CP flag to indicate the new EL
should be used when recomputing the flags.
hw/arm/virt: Simplify by moving the gic in the machine state
Make the gic a field in the machine state, and instead of filling
an array of qemu_irq and passing it around, directly call
qdev_get_gpio_in() on the gic field.
Heyi Guo [Mon, 9 Dec 2019 06:37:18 +0000 (14:37 +0800)]
hw/arm/acpi: simplify AML bit and/or statement
The last argument of AML bit and/or statement is the target variable,
so we don't need to use a NULL target and then an additional store
operation; using just aml_and() or aml_or() statement is enough.
Also update tests/data/acpi/virt/DSDT* to pass "make check".
hw/arm/sbsa-ref: Simplify by moving the gic in the machine state
Make the gic a field in the machine state, and instead of filling
an array of qemu_irq and passing it around, directly call
qdev_get_gpio_in() on the gic field.
Beata Michalska [Thu, 21 Nov 2019 00:08:43 +0000 (00:08 +0000)]
target/arm: Add support for DC CVAP & DC CVADP ins
ARMv8.2 introduced support for Data Cache Clean instructions
to PoP (point-of-persistence) - DC CVAP and PoDP (point-of-deep-persistence)
- DV CVADP. Both specify conceptual points in a memory system where all writes
that are to reach them are considered persistent.
The support provided considers both to be actually the same so there is no
distinction between the two. If none is available (there is no backing store
for given memory) both will result in Data Cache Clean up to the point of
coherency. Otherwise sync for the specified range shall be performed.
Beata Michalska [Thu, 21 Nov 2019 00:08:41 +0000 (00:08 +0000)]
Memory: Enable writeback for given memory region
Add an option to trigger memory writeback to sync given memory region
with the corresponding backing store, case one is available.
This extends the support for persistent memory, allowing syncing on-demand.
Niek Linnenbank [Mon, 2 Dec 2019 21:09:43 +0000 (22:09 +0100)]
arm/arm-powerctl: set NSACR.{CP11, CP10} bits in arm_set_cpu_on()
This change ensures that the FPU can be accessed in Non-Secure mode
when the CPU core is reset using the arm_set_cpu_on() function call.
The NSACR.{CP11,CP10} bits define the exception level required to
access the FPU in Non-Secure mode. Without these bits set, the CPU
will give an undefined exception trap on the first FPU access for the
secondary cores under Linux.
This is necessary because in this power-control codepath QEMU
is effectively emulating a bit of EL3 firmware, and has to set
the CPU up as the EL3 firmware would.
Marc Zyngier [Sun, 1 Dec 2019 12:20:18 +0000 (12:20 +0000)]
target/arm: Add support for missing Jazelle system registers
QEMU lacks the minimum Jazelle implementation that is required
by the architecture (everything is RAZ or RAZ/WI). Add it
together with the HCR_EL2.TID0 trapping that goes with it.
Signed-off-by: Marc Zyngier <[email protected]> Reviewed-by: Edgar E. Iglesias <[email protected]> Reviewed-by: Richard Henderson <[email protected]>
Message-id: 20191201122018[email protected]
[PMM: moved ARMCPRegInfo array to file scope, marked it
'static global', moved new condition down in
register_cp_regs_for_features() to go with other feature
things rather than up with the v6/v7/v8 stuff] Signed-off-by: Peter Maydell <[email protected]>
Marc Zyngier [Sun, 1 Dec 2019 12:20:17 +0000 (12:20 +0000)]
target/arm: Handle AArch32 CP15 trapping via HSTR_EL2
HSTR_EL2 offers a way to trap ranges of CP15 system register
accesses to EL2, and it looks like this register is completely
ignored by QEMU.
To avoid adding extra .accessfn filters all over the place (which
would have a direct performance impact), let's add a new TB flag
that gets set whenever HSTR_EL2 is non-zero and that QEMU translates
a context where this trap has a chance to apply, and only generate
the extra access check if the hypervisor is actively using this feature.
Tested with a hand-crafted KVM guest accessing CBAR.
Marc Zyngier [Sun, 1 Dec 2019 12:20:16 +0000 (12:20 +0000)]
target/arm: Handle trapping to EL2 of AArch32 VMRS instructions
HCR_EL2.TID3 requires that AArch32 reads of MVFR[012] are trapped to
EL2, and HCR_EL2.TID0 does the same for reads of FPSID.
In order to handle this, introduce a new TCG helper function that
checks for these control bits before executing the VMRC instruction.
Tested with a hacked-up version of KVM/arm64 that sets the control
bits for 32bit guests.
HCR_EL2.TID1 mandates that access from EL1 to REVIDR_EL1, AIDR_EL1
(and their 32bit equivalents) as well as TCMTR, TLBTR are trapped
to EL2. QEMU ignores it, making it harder for a hypervisor to
virtualize the HW (though to be fair, no known hypervisor actually
cares).
Do the right thing by trapping to EL2 if HCR_EL2.TID1 is set.
HCR_EL2.TID2 mandates that access from EL1 to CTR_EL0, CCSIDR_EL1,
CCSIDR2_EL1, CLIDR_EL1, CSSELR_EL1 are trapped to EL2, and QEMU
completely ignores it, making it impossible for hypervisors to
virtualize the cache hierarchy.
Do the right thing by trapping to EL2 if HCR_EL2.TID2 is set.
Cédric Le Goater [Tue, 19 Nov 2019 14:12:11 +0000 (15:12 +0100)]
aspeed: Change the "nic" property definition
The Aspeed MII model has a link pointing to its associated FTGMAC100
NIC in the machine.
Change the "nic" property definition so that it explicitly sets the
pointer. The property isn't optional : not being able to set the link
is a bug and QEMU should rather abort than exit in this case.
Cédric Le Goater [Tue, 19 Nov 2019 14:12:10 +0000 (15:12 +0100)]
aspeed: Change the "scu" property definition
The Aspeed Watchdog and Timer models have a link pointing to the SCU
controller model of the machine.
Change the "scu" property definition so that it explicitly sets the
pointer. The property isn't optional : not being able to set the link
is a bug and QEMU should rather abort than exit in this case.
Cédric Le Goater [Tue, 19 Nov 2019 14:12:08 +0000 (15:12 +0100)]
aspeed: Add support for the tacoma-bmc board
The Tacoma BMC board is replacement board for the BMC of the OpenPOWER
Witherspoon system. It uses a AST2600 SoC instead of a AST2500 and the
I2C layout is the same as it controls the same main board. Used for HW
bringup.
Cédric Le Goater [Tue, 19 Nov 2019 14:12:05 +0000 (15:12 +0100)]
aspeed/smc: Do not map disabled segment on the AST2600
The segments can be disabled on the AST2600 (zero register value).
CS0 is open by default but not the other CS. This is closing the
access to the flash device in user mode and forbids scanning.
In the model, check the segment size and disable the associated region
when the value is zero.
Cédric Le Goater [Tue, 19 Nov 2019 14:12:04 +0000 (15:12 +0100)]
aspeed/smc: Restore default AHB window mapping at reset
The current model only restores the Segment Register values but leaves
the previous CS mapping behind. Introduce a helper setting the
register value and mapping the region at the requested address. Use
this helper when a Segment register is set and at reset.
Joel Stanley [Tue, 19 Nov 2019 14:12:03 +0000 (15:12 +0100)]
watchdog/aspeed: Fix AST2600 frequency behaviour
The AST2600 control register sneakily changed the meaning of bit 4
without anyone noticing. It no longer controls the 1MHz vs APB clock
select, and instead always runs at 1MHz.
The AST2500 was always 1MHz too, but it retained bit 4, making it read
only. We can model both using the same fixed 1MHz calculation.
Joel Stanley [Tue, 19 Nov 2019 14:12:02 +0000 (15:12 +0100)]
watchdog/aspeed: Improve watchdog timeout message
Users benefit from knowing which watchdog timer has expired. The address
of the watchdog's registers unambiguously indicates which has expired,
so log that.
Cédric Le Goater [Tue, 19 Nov 2019 14:11:58 +0000 (15:11 +0100)]
aspeed/i2c: Add support for DMA transfers
The I2C controller of the Aspeed AST2500 and AST2600 SoCs supports DMA
transfers to and from DRAM.
A pair of registers defines the buffer address and the length of the
DMA transfer. The address should be aligned on 4 bytes and the maximum
length should not exceed 4K. The receive or transmit DMA transfer can
then be initiated with specific bits in the Command/Status register of
the controller.
Cédric Le Goater [Tue, 19 Nov 2019 14:11:57 +0000 (15:11 +0100)]
aspeed: Add a DRAM memory region at the SoC level
Currently, we link the DRAM memory region to the FMC model (for DMAs)
through a property alias at the SoC level. The I2C model will need a
similar region for DMA support, add a DRAM region property at the SoC
level for both model to use.
Cédric Le Goater [Tue, 19 Nov 2019 14:11:55 +0000 (15:11 +0100)]
aspeed/i2c: Add support for pool buffer transfers
The Aspeed I2C controller can operate in different transfer modes :
- Byte Buffer mode, using a dedicated register to transfer a
byte. This is what the model supports today.
- Pool Buffer mode, using an internal SRAM to transfer multiple
bytes in the same command sequence.
Each SoC has different SRAM characteristics. On the AST2400, 2048
bytes of SRAM are available at offset 0x800 of the controller AHB
window. The pool buffer can be configured from 1 to 256 bytes per bus.
On the AST2500, the SRAM is at offset 0x200 and the pool buffer is of
16 bytes per bus.
On the AST2600, the SRAM is at offset 0xC00 and the pool buffer is of
32 bytes per bus. It can be splitted in two for TX and RX but the
current model does not add support for it as it it unused by known
drivers.
exynos4210_gic_realize() prints the number of cpus into some temporary
buffers, but it only allows 3 bytes space for it. That's plenty:
existing machines will only ever set this value to EXYNOS4210_NCPUS
(2). But the compiler can't always figure that out, so some[*] gcc9
versions emit -Wformat-truncation warnings.
We can fix that by hinting the constraint to the compiler with a
suitably placed assert().
[*] The bizarre thing here, is that I've long gotten these warnings
compiling in a 32-bit x86 container as host - Fedora 30 with
gcc-9.2.1-1.fc30.i686 - but it compiles just fine on my normal
x86_64 host - Fedora 30 with and gcc-9.2.1-1.fc30.x86_64.
Peter Maydell [Mon, 16 Dec 2019 10:35:33 +0000 (10:35 +0000)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20191214-2' into staging
First s390x update for 5.0:
- compat machines (also for other architectures)
- cleanups and fixes in reset handling
- fence off guest-set-time, as we have no hwclock
- fix some misuses of the error API
- further cleanups
* remotes/cohuck/tags/s390x-20191214-2:
qga: fence guest-set-time if hwclock not available
s390x/tcg: clear local interrupts on reset normal
s390x/cpumodel: Fix query-cpu-definitions error API violations
s390x/cpumodel: Fix query-cpu-model-FOO error API violations
s390x/cpumodel: Fix realize() error API violations
s390x/cpumodel: Fix feature property error API violations
s390x/event-facility: Fix realize() error API violations
s390x: Fix cpu normal reset ri clearing
s390x: kvm: Make kvm_sclp_service_call void
s390x: Beautify diag308 handling
s390x: Move clear reset
s390x: Move initial reset
s390x: Move reset normal to shared reset handler
s390x: Don't do a normal reset on the initial cpu
hw: add compat machines for 5.0
vfio-ccw: Fix error message
projects / qemu.git / log