Paolo Bonzini [Sat, 2 Feb 2019 07:24:30 +0000 (15:24 +0800)]
arm: disable CONFIG_SERIAL_ISA
ARM should not have an ISA bus, this device should not be enabled.
Kconfig allows to clean up the dependencies and remove CONFIG_ISA_BUS=y
from ARM, and then catches a contradiction between the hardcoded
CONFIG_SERIAL_ISA=y and CONFIG_ISA_BUS=n.
Thomas Huth [Fri, 14 Dec 2018 12:21:13 +0000 (13:21 +0100)]
Remove deprecated -enable-hax option
Our command line interface is really quite overcrowded, we should avoid
duplicated options that do the same thing in just a slightly different
way. "-accel hax" is shorter and more generic that "-enable-hax", so
there is really no real usage for the latter option. "-enable-hax" has
been deprecated since two releases, and nobody complained so far, so
it's time to remove this now.
Paolo Bonzini [Fri, 11 Jan 2019 16:27:31 +0000 (17:27 +0100)]
scsi-generic: avoid possible out-of-bounds access to r->buf
Whenever the allocation length of a SCSI request is shorter than the size of the
VPD page list, page_idx is used blindly to index into r->buf. Even though
the stores in the insertion sort are protected against overflows, the same is not
true of the reads and the final store of 0xb0.
This basically does the same thing as commit 57dbb58d80 ("scsi-generic: avoid
out-of-bounds access to VPD page list", 2018-11-06), except that here the
allocation length can be chosen by the guest. Note that according to the SCSI
standard, the contents of the PAGE LENGTH field are not altered based
on the allocation length.
The code was introduced by commit 6c219fc8a1 ("scsi-generic: keep VPD
page list sorted", 2018-11-06) but the overflow was already possible before.
Reported-by: Kevin Wolf <[email protected]> Fixes: a71c775b24ebc664129eb1d9b4c360590353efd5 Signed-off-by: Paolo Bonzini <[email protected]>
Doug Gale [Thu, 24 Jan 2019 04:04:57 +0000 (00:34 -0330)]
gdbstub: Fix i386/x86_64 machine description and add control registers
The machine description we send is being (silently) thrown on the floor
by GDB and GDB silently uses the default machine description, because
the xml parse fails on <feature> nested within <feature>.
Changes to the xml in qemu source code have no effect.
In addition, the default machine description has fs_base, which fails to
be retrieved, which breaks the whole register window. Add it and the
other control registers.
Roman Bolshakov [Fri, 25 Jan 2019 15:47:43 +0000 (18:47 +0300)]
i386: hvf: Don't miss 16-bit displacement
In 16-bit addressing mode, when Mod = 0 and R/M = 6, decoded displacement
doesn't reach decode_linear_addr and gets lost. Instructions that
involve the combination of ModRM always get a pointer with zero offset
from the beginning of DS segment.
The change fixes drawing in F-BIRD from day 1 of '18 advent calendar.
Li Zhijian [Thu, 17 Jan 2019 12:49:04 +0000 (20:49 +0800)]
i386: allow to load initrd below 4 GB for recent linux
Since linux commit: cf8fa920cb42 ("i386: handle an initrd in highmem (version 2)")
linux has supported initrd up to 4 GB, but the header field
ramdisk_max is still set to 2 GB to avoid "possible bootloader bugs".
When use '-kernel vmlinux -initrd initrd.cgz' to launch a VM,
the firmware(it could be linuxboot_dma.bin) helps to read initrd
contents into guest memory(below ramdisk_max) and jump to kernel.
that's similar with what bootloader does, like grub.
In addition, initrd_max is uint32_t simply because QEMU doesn't support
the 64-bit boot protocol (specifically the ext_ramdisk_image field).
Therefore here just limit initrd_max to UINT32_MAX simply as well to
allow initrd to be loaded below 4 GB.
NOTE: it's possible that linux protocol within [0x208, 0x20c]
supports up to 4 GB initrd as well.
Li Zhijian [Thu, 17 Jan 2019 12:49:01 +0000 (20:49 +0800)]
unify len and addr type for memory/address APIs
Some address/memory APIs have different type between
'hwaddr/target_ulong addr' and 'int len'. It is very unsafe, especially
some APIs will be passed a non-int len by caller which might cause
overflow quietly.
Below is an potential overflow case:
dma_memory_read(uint32_t len)
-> dma_memory_rw(uint32_t len)
-> dma_memory_rw_relaxed(uint32_t len)
-> address_space_rw(int len) # len overflow
Paolo Bonzini [Fri, 28 Dec 2018 13:40:41 +0000 (14:40 +0100)]
monitor: do not use QTAILQ_FOREACH_SAFE across critical sections
monitor_qmp_requests_pop_any_with_lock cannot modify the monitor list
concurrently with monitor_cleanup, since the dispatch bottom half
runs in the main thread, but anyway it is a bit ugly to keep
"next" live across critical sections of monitor_lock and Coverity
complains (CID 1397072).
Replace QTAILQ_FOREACH_SAFE with a while loop and QTAILQ_FIRST,
it is cleaner and more future-proof.
Viktor Prutyanov [Thu, 20 Dec 2018 01:24:38 +0000 (04:24 +0300)]
contrib/elf2dmp: use GLib in PDB processing
Replace POSIX mmap with GLib g_mapped_file_new in PDB processing stage
to make elf2dmp cross-platform. There are no direct POSIX in elf2dmp
after this patch.
Paolo Bonzini [Thu, 20 Dec 2018 12:10:40 +0000 (13:10 +0100)]
target-i386: hvf: remove MPX support
MPX support is being phased out by Intel and actually I am not sure that
OS X has ever enabled it in XCR0. Drop it from the Hypervisor.framework
acceleration.
Paolo Bonzini [Fri, 21 Dec 2018 11:35:56 +0000 (12:35 +0100)]
i386: remove the 'INTEL_PT' CPUID bit from named CPU models
Processor tracing is not yet implemented for KVM and it will be an
opt in feature requiring a special module parameter.
Disable it, because it is wrong to enable it by default and
it is impossible that no one has ever used it.
Robert Hoo [Wed, 19 Dec 2018 13:44:40 +0000 (21:44 +0800)]
i386: remove the new CPUID 'PCONFIG' from Icelake-Server CPU model
PCONFIG is not available to guests; it must be specifically enabled
using the PCONFIG_ENABLE execution control. Disable it, because
no one can ever use it.
The new pvh.bin option rom can be used with SeaBIOS to boot
uncompressed kernel using the x86/HVM direct boot ABI.
pvh.S contains the entry point of the option rom. It runs
in real mode, loads the e820 table querying the BIOS, and
then it switches to 32bit protected mode and jumps to the
pvh_load_kernel() written in pvh_main.c.
pvh_load_kernel() loads the cmdline and kernel entry_point
using fw_cfg, then it looks for RSDP, fills the
hvm_start_info required by x86/HVM ABI, and finally jumps
to the kernel entry_point.
linuxboot_dma: move common functions in a new header
In order to allow other option roms to use these common
useful functions and definitions, this patch put them
in two new C header files called optrom.h and
optrom_fw_cfg.h. We also add useful out*() in*()
functions for different size, and new fw_cfg functions
to use when DMA feature is not available.
linuxboot_dma: remove duplicate definitions of FW_CFG
FW_CFG_DMA_CTL_* bits and struct fw_cfg_dma_access are
defined in the qemu_fw_cfg.h header file already included
in linuxboot_dma.c, so we can remove the definition of
BIOS_CFG_DMA_CTL_* and struct FWCfgDmaAccess.
Liam Merwick [Tue, 15 Jan 2019 12:18:06 +0000 (12:18 +0000)]
pvh: Boot uncompressed kernel using direct boot ABI
These changes (along with corresponding Linux kernel and qboot changes)
enable a guest to be booted using the x86/HVM direct boot ABI.
This commit adds a load_elfboot() routine to pass the size and
location of the kernel entry point to qboot (which will fill in
the start_info struct information needed to to boot the guest).
Having loaded the ELF binary, load_linux() will run qboot
which continues the boot.
The address for the kernel entry point is read from an ELF Note
in the uncompressed kernel binary by a helper routine passed
to load_elf().
Liam Merwick [Tue, 15 Jan 2019 12:18:04 +0000 (12:18 +0000)]
elf-ops.h: Add get_elf_note_type()
Introduce a routine which, given a pointer to a range of ELF Notes,
searches through them looking for a note matching the type specified
and returns a pointer to the matching ELF note.
get_elf_note_type() is used by elf_load[32|64]() to find the
specified note type required by the 'elf_note_fn' parameter
added in the previous commit.
Liam Merwick [Tue, 15 Jan 2019 12:18:03 +0000 (12:18 +0000)]
elf: Add optional function ptr to load_elf() to parse ELF notes
This patch adds an optional function pointer, 'elf_note_fn', to
load_elf() which causes load_elf() to additionally parse any
ELF program headers of type PT_NOTE and check to see if the ELF
Note is of the type specified by the 'translate_opaque' arg.
If a matching ELF Note is found then the specfied function pointer
is called to process the ELF note.
Passing a NULL function pointer results in ELF Notes being skipped.
The first consumer of this functionality is the PVHboot support
which needs to read the XEN_ELFNOTE_PHYS32_ENTRY ELF Note while
loading the uncompressed kernel binary in order to discover the
boot entry address for the x86/HVM direct boot ABI.
Laurent Vivier [Wed, 2 Jan 2019 14:16:03 +0000 (15:16 +0100)]
cpus: ignore ESRCH in qemu_cpu_kick_thread()
We can have a race condition between qemu_cpu_kick_thread() and
qemu_kvm_cpu_thread_fn() when we hotunplug a CPU. In this case,
qemu_cpu_kick_thread() can try to kick a thread that is exiting.
pthread_kill() returns an error and qemu is stopped by an exit(1).
Thomas Huth [Thu, 17 Jan 2019 17:14:08 +0000 (18:14 +0100)]
configure: Add a proper check for openpty() in libutil
On Linux (and maybe some BSDs), we require libutil for the openpty()
function. However, this library is not available on some other systems, so
we currently use a fragile if-statement in the configure script to check
whether we need the library or not. Unfortunately, we also hard-coded a
"-lutil" in the tests/Makefile.include file, so this breaks the build on
Solaris, for example (see buglink below). To fix the issue, add the "-lutil"
to "libs_tools" in the configure script instead, then this gets properly
propagated to the tests, too.
And while we're at it, also replace the fragile if-statement in the confi-
gure script with a proper link-check for the availability of this function.
Emilio G. Cota [Tue, 15 Jan 2019 19:47:53 +0000 (14:47 -0500)]
cpu-exec: add assert_no_pages_locked() after longjmp
We forgot to add this check in faa9372c07 ("translate-all:
introduce assert_no_pages_locked", 2018-06-15); we only added
it after returning from a longjmp in cpu_exec_step_atomic. Fix it.
Paolo Bonzini [Mon, 3 Dec 2018 15:32:23 +0000 (16:32 +0100)]
vhost-user-test: skip if there is no memory at address 0
The virt machine cannot run the vhost-user qtests because they hardcode
the presence of memory at address 0. Report the tests as a skip so that
they can be converted to use qgraph.
Paolo Bonzini [Mon, 3 Dec 2018 15:32:19 +0000 (16:32 +0100)]
vhost-user-test: use g_cond_broadcast
g_cond_signal is rarely the right thing to do, it works now because
vhost-user-test only has two threads but it is not correct in general.
Fix it before adding more calls.
Peter Maydell [Tue, 5 Feb 2019 09:35:53 +0000 (09:35 +0000)]
Merge remote-tracking branch 'remotes/xtensa/tags/20190204-xtensa' into staging
target/xtensa: SMP updates and various fixes
- fix CPU wakeup on runstall changes; expose runstall as an IRQ line;
- place mini-bootloader at the BSP reset vector;
- expose CPU core frequency in XTFPGA board FPGA register;
- rearrange access to external interrupts of xtensa cores;
- add MX interrupt distributor and use it on SMP XTFPGA boards;
- add test_mmuhifi_c3 xtensa core variant;
- raise number of CPUs that can be instantiated on XTFPGA boards.
* remotes/xtensa/tags/20190204-xtensa:
hw/xtensa: xtfpga: raise CPU number limit
target/xtensa: add test_mmuhifi_c3 core
hw/xtensa: xtfpga: use MX PIC for SMP
target/xtensa: add MX interrupt controller
target/xtensa: expose core runstall as an IRQ line
target/xtensa: rearrange access to external interrupts
target/xtensa: drop function xtensa_timer_irq
target/xtensa: fix access to the INTERRUPT SR
hw/xtensa: xtfpga: use core frequency
hw/xtensa: xtfpga: fix bootloader placement in SMP
target/xtensa: add qemu_cpu_kick to xtensa_runstall
We have several paranoid checks for ioc != NULL. But ioc may become
NULL only on close, which should not happen during requests handling.
Also, we check ioc only sometimes, not after each yield, which is
inconsistent. Let's drop these checks. However, for safety, let's leave
asserts instead.
block/nbd-client: split channel errors from export errors
To implement nbd reconnect in further patches, we need to distinguish
error codes, returned by nbd server, from channel errors, to reconnect
only in the latter case.
We generally do very similar things around nbd_read: error_prepend
specifying what we have tried to read, and be_to_cpu conversion of
integers.
So, it seems reasonable to move common things to helper functions,
which:
1. simplify code a bit
2. generalize nbd_read error descriptions, all starting with
"Failed to read"
3. make it more difficult to forget to convert things from BE
Eric Blake [Fri, 25 Jan 2019 23:48:37 +0000 (17:48 -0600)]
qemu-nbd: Deprecate qemu-nbd --partition
The existing qemu-nbd --partition code claims to handle logical
partitions up to 8, since its introduction in 2008 (commit 7a5ca86).
However, the implementation is bogus (actual MBR logical partitions
form a sort of linked list, with one partition per extended table
entry, rather than four logical partitions in a single extended
table), making the code unlikely to work for anything beyond -P5 on
actual guest images. What's more, the code does not support GPT
partitions, which are becoming more popular, and maintaining device
subsetting in both NBD and the raw device is unnecessary duplication
of effort (even if it is not too difficult).
Note that obtaining the offsets of a partition (MBR or GPT) can be
learned by using 'qemu-nbd -c /dev/nbd0 file.qcow2 && sfdisk --dump
/dev/nbd0', but by the time you've done that, you might as well
just mount /dev/nbd0p1 that the kernel creates for you instead of
bothering with qemu exporting a subset. Or, keeping to just
user-space code, use nbdkit's partition filter, which has already
known both GPT and primary MBR partitions for a while, and was
just recently enhanced to support arbitrary logical MBR parititions.
Start the clock on the deprecation cycle, with examples of how
to accomplish device subsetting without using -P.
Jason Wang [Wed, 30 Jan 2019 03:14:27 +0000 (11:14 +0800)]
test-filter-mirror: pass UNIX domain socket through fd
The tests tries to let qemu server mode to process the connection
which turns out to be racy after commit 8258292e18c3 ("monitor: Remove
"x-oob", offer capability "oob" unconditionally"). This is because the
filter may try to mirror the packets before UNIX socket object is
ready (connected was set to true) from the view of qemu. In this case
the packet will be dropped silently.
Fixing this by passing pre-connected socket created by socketpair() to
qemu through fd.
Thomas Huth [Mon, 4 Feb 2019 08:25:43 +0000 (09:25 +0100)]
tests/docker/test-mingw and docs: Remove --with-sdlabi=2.0
Patchew currently reports failures with the mingw docker test - this
is due to --with-sdlabi=2.0 configure flag which does not exist anymore.
Remove this remainder from the docker test and the docs now.
Paul Durrant [Thu, 31 Jan 2019 15:33:16 +0000 (15:33 +0000)]
xen-block: handle resize callback
Some frontend drivers will handle dynamic resizing of PV disks, so set up
the BlockDevOps resize_cb() method during xen_block_realize() to allow
this to be done.
Paul Durrant [Tue, 22 Jan 2019 15:53:46 +0000 (15:53 +0000)]
xen: fix xen-bus state model to allow frontend re-connection
There is a flaw in the xen-bus state model. To allow a frontend to re-
connect the backend state of an online XenDevice is transitioned from
Closed to InitWait, but this is currently done unilaterally which is
incorrect. The backend state should remain Closed until the frontend state
transitions to Initialising.
This patch removes the automatic backend state transition from
xen_device_backend_state_changed() and, instead, adds an extra check in
xen_device_frontend_state_changed() to determine whether a frontend is
trying to re-connect to a previously Closed XenDevice. Only if this is
found to be the case is the backend state transitioned from Closed to
InitWait. Note that this transition will be common amongst all XenDevice
classes and hence xen_device_frontend_state_changed() returns immediately
afterwards without calling into the XenDeviceClass frontend_changed()
method.
Peter Maydell [Mon, 4 Feb 2019 10:33:40 +0000 (10:33 +0000)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-4.0-20190204' into staging
ppc patch queue 2019-02-04
Here's the next batch of ppc target and spapr related changes.
Highlights are:
* A number of endianness handling cleanups from Mark Cave-Ayland
* Updated Mac VGA driver
* Updated SLOF image
* Some XIVE cleanups and small fixes
* ppc4xx cleanups and fixes from BALATON Zoltan
There are a few chances not technically in the ppc target code:
* Several MAINTAINERS updates
* Fixes for unmapping of hugepages on power hosts
The latter is included because it's primarily of interest for ppc KVM setups.
* remotes/dgibson/tags/ppc-for-4.0-20190204: (37 commits)
mmap-alloc: fix hugetlbfs misaligned length in ppc64
mmap-alloc: unfold qemu_ram_mmap()
hw/ppc: Don't include m48t59.h if it is not necessary
spapr_pci: Fix endianness in assigned-addresses property
target/ppc: remove various HOST_WORDS_BIGENDIAN hacks in int_helper.c
target/ppc: remove ROTRu32 and ROTRu64 macros from int_helper.c
target/ppc: simplify VEXT_SIGNED macro in int_helper.c
target/ppc: eliminate use of EL_IDX macros from int_helper.c
target/ppc: eliminate use of HI_IDX and LO_IDX macros from int_helper.c
target/ppc: rework vmul{e,o}{s,u}{b,h,w} instructions to use Vsr* macros
target/ppc: rework vmrg{l,h}{b,h,w} instructions to use Vsr* macros
hw/ppc/spapr: Add support for "-vga cirrus"
QemuMacDrivers: update qemu_vga.ndrv to 90c488d built from submodule
MAINTAINERS: add myself as maintainer for Mac Old World and New World machines
spapr: Drop unused parameters from fdt building helper
MAINTAINERS: Merge the two e500 sections
MAINTAINERS: XIVE is an interrupt controller, not a machine
hw/ppc: Move ppc40x_*reset() functions from ppc405_uc.c to ppc.c
ppc: remove the interrupt presenters from under PowerPCCPU
target/ppc: implement complete set of Vsr* macros
...
However, we still need to consider the underlying huge page size
during munmap() because it requires that both address and length be a
multiple of the underlying huge page size for Huge TLB mappings.
Quote from "Huge page (Huge TLB) mappings" paragraph under NOTES
section of the munmap(2) manual:
"For munmap(), addr and length must both be a multiple of the
underlying huge page size."
On ppc64, the munmap() in qemu_ram_munmap() does not work for Huge TLB
mappings because the mapped segment can be aligned with the underlying
huge page size, not aligned with the native system page size, as
returned by getpagesize().
This has the side effect of not releasing huge pages back to the pool
after a hugetlbfs file-backed memory device is hot-unplugged.
This patch fixes the situation in qemu_ram_mmap() and
qemu_ram_munmap() by considering the underlying page size on ppc64.
After this patch, memory hot-unplug releases huge pages back to the
pool.
Unfold parts of qemu_ram_mmap() for the sake of understanding, moving
declarations to the top, and keeping architecture-specifics in the
ifdef-else blocks. No changes in the function behaviour.
Give ptr and ptr1 meaningful names:
ptr -> guardptr : pointer to the PROT_NONE guard region
ptr1 -> ptr : pointer to the mapped memory returned to caller
spapr_pci: Fix endianness in assigned-addresses property
reg->phys_hi and assigned->phys_hi are big endian but we do an extra
byteswap anyway when copying reg->phys_hi to assigned->phys_hi.
To make things slightly more messy, we also add a relocatable bit (b_n())
although in the right endianness.
This fixes endianness of assigned->phys_hi.
This is unlikely to produce any visible difference though as we should end up
there only in the case of PCI hotplug and even then I am not sure if
(d->io_regions[i].addr == PCI_BAR_UNMAPPED) == true.
Mark Cave-Ayland [Wed, 30 Jan 2019 20:36:37 +0000 (20:36 +0000)]
target/ppc: remove ROTRu32 and ROTRu64 macros from int_helper.c
Richard points out that these macros suffer from a -fsanitize=shift bug in that
they improperly handle n == 0 turning it into a shift by 32/64 respectively.
Replace them with QEMU's existing ror32() and ror64() functions instead.
Mark Cave-Ayland [Wed, 30 Jan 2019 20:36:36 +0000 (20:36 +0000)]
target/ppc: simplify VEXT_SIGNED macro in int_helper.c
As pointed out by Richard: it does not need the mask argument, nor does it need
the recast argument. The masking is implied by the cast argument, and the
recast is implied by the assignment.
Mark Cave-Ayland [Wed, 30 Jan 2019 20:36:34 +0000 (20:36 +0000)]
target/ppc: eliminate use of HI_IDX and LO_IDX macros from int_helper.c
The original purpose of these macros was to correctly reference the high and low
parts of the VSRs regardless of the host endianness.
Replace these direct references to high and low parts with the relevant VsrD
macro instead, and completely remove the now-unused HI_IDX and LO_IDX macros.
Mark Cave-Ayland [Wed, 30 Jan 2019 20:36:32 +0000 (20:36 +0000)]
target/ppc: rework vmrg{l,h}{b,h,w} instructions to use Vsr* macros
The current implementations make use of the endian-specific macros MRGLO/MRGHI
and also reference HI_IDX and LO_IDX directly to calculate array offsets.
Rework the implementation to use the Vsr* macros so that these per-endian
references can be removed.
Thomas Huth [Wed, 30 Jan 2019 13:36:39 +0000 (14:36 +0100)]
hw/ppc/spapr: Add support for "-vga cirrus"
The cirrus VGA card has been enabled in the PPC builds with
commit 29f9cef39eb1ae55e82c ("ppc: Include vga cirrus card into
the compiling process") last year. It also works on the pseries
machine, even SLOF contains support for this card, so we can
also support this for the "-vga" parameter here.
Mark Cave-Ayland [Mon, 28 Jan 2019 21:21:56 +0000 (21:21 +0000)]
MAINTAINERS: add myself as maintainer for Mac Old World and New World machines
I've unofficially been doing most of the work on the Mac machines for a while
now, so update MAINTAINERS to reflect this. David is still happy to be listed
as a reviewer as per our discussion at KVM forum.
spapr: Drop unused parameters from fdt building helper
spapr_load_rtas() handles now RTAS address and size information in the FDT
so drop them from spapr_build_fdt().
While we are here, fix a small typo.
Fixes: 3f5dabceba24 "pseries: Consolidate construction of /rtas device tree node" Signed-off-by: Alexey Kardashevskiy <[email protected]> Reviewed-by: Greg Kurz <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: David Gibson <[email protected]>
Thomas Huth [Wed, 30 Jan 2019 16:22:25 +0000 (17:22 +0100)]
MAINTAINERS: Merge the two e500 sections
There is currently a "e500" machine section and a "ppce500" device
section in the maintainers file - with some oddities: The wildcard
in the device section also covers the files from the machine section.
And hw/pci-host/ppce500.c is in the device section, while its header
is in the machine section.
This is really quite confusing, and I don't see a reason why we really
need two sections here, so let's simply merge them.
Thomas Huth [Wed, 30 Jan 2019 15:45:40 +0000 (16:45 +0100)]
MAINTAINERS: XIVE is an interrupt controller, not a machine
The "XIVE" section is currently listed in the "PowerPC Machines"
section, which is weird, since this is an interrupt controller
device. Move it to the "Devices" section instead.
Thomas Huth [Wed, 30 Jan 2019 14:30:49 +0000 (15:30 +0100)]
hw/ppc: Move ppc40x_*reset() functions from ppc405_uc.c to ppc.c
Currently, it is not possible to build a QEMU binary without the
ppc405_uc.c file, even if you do not want to have the embedded machines
in the binary. This is bad since it's quite a bit of code and this code
pulls in some more dependencies (e.g. via the usage of serial_mm_init())
which would not be needed otherwise - especially with the upcoming
Kconfig-style configuration system for QEMU.
The only functions from this file which are really always required for
linking are the ppc40x_*reset() functions, so move these functions to
ppc.c, close to the ppc40x_set_irq() function that calls them. Now we
can flag ppc405_uc.c and ppc4xx_devs.c with the CONFIG_PPC4XX config
switch, too.
And while we're at it, replace the printf()s in these ppc40x_*reset()
functions with proper calls to qemu_log_mask().
Cédric Le Goater [Thu, 17 Jan 2019 07:53:24 +0000 (08:53 +0100)]
xive: add a get_tctx() method to the XiveRouter
It provides a mean to retrieve the XiveTCTX of a CPU. This will become
necessary with future changes which move the interrupt presenter
object pointers under the PowerPCCPU machine_data.
The PowerNV machine has an extra requirement on TIMA accesses that
this new method addresses. The machine can perform indirect loads and
stores on the TIMA on behalf of another CPU. The PIR being defined in
the controller registers, we need a way to peek in the controller
model to find the PIR value.
The XiveTCTX is moved above the XiveRouter definition to avoid forward
typedef declarations.
While looking at the s390x implementation, looks like spapr has a
similar BUG when building the topology.
The primary bus number corresponds always to the bus number of the
bus the bridge is attached to.
Right now, if we have two bridges attached to the same bus (e.g. root
bus) this is however not the case. The first bridge will have primary
bus 0, the second bridge primary bus 1, which is wrong. Fix the assignment.
While at it, drop setting the PCI_SUBORDINATE_BUS temporarily to 0xff.
Setting it temporarily to that value (as discussed e.g. in [1]), is
only relevant for a running system that probes the buses. The value is
effectively unused for us just doing a DFS.
Thomas Huth [Wed, 9 Jan 2019 14:03:23 +0000 (15:03 +0100)]
hw/ppc/spapr: Encode the SCSI channel (bus) in the SRP LUNs
In hw/scsi/spapr_vio.c we declare that the controller supports multiple
buses by specifying "max_channel = 7" there. So in the code that fixes
up the device tree nodes, we must encode the channel number (a.k.a. bus
number in the "Logical unit addressing format" table of SAM5) into the
64-bit LUN, too.
commit efe2add7cb7f ("spapr/vio: deprecate the "irq" property") was
merged in QEMU version 3.0. The "irq" property" can be removed for
QEMU version 4.0.
BALATON Zoltan [Wed, 9 Jan 2019 22:37:33 +0000 (23:37 +0100)]
ppc440: Avoid reporting error when reading non-existent RAM slot
When reading base register of RAM slot with no RAM we should not try
to calculate register value because that will result printing an error
due to invalid RAM size. Just return 0 without the error in this case.
Greg Kurz [Thu, 10 Jan 2019 14:23:58 +0000 (15:23 +0100)]
target/ppc/kvm: Drop useless include directive
It has been there since the enablement of PR KVM for PAPR, ie, commit f61b4bedaf35 in 2011. Not sure why at that time, but it is definitely
not needed with the current code.
BALATON Zoltan [Thu, 3 Jan 2019 16:27:24 +0000 (17:27 +0100)]
sam460ex: Fix support for memory larger than 1GB
Fix the encoding of larger memory modules in the SoC registers which
allows specifying more than 1GB memory for sam460ex. Well, only 2GB
due to SoC and firmware restrictions which was the only missing value
compared to what the real hardware supports. The SoC should support up
to 4GB but when setting that the firmware hangs during memory test.
This may be an overflow bug in the firmware which I did not try to
debug but this may affect real hardware as well.
BALATON Zoltan [Thu, 3 Jan 2019 16:27:24 +0000 (17:27 +0100)]
ppc4xx: Pass array index to function instead of pointer into the array
The sdram_set_bcr() function in ppc440_uc.c takes a pointer into an
array then calculates its index from that. It's simpler and easier to
just pass the index which simplifies both the function and its callers.
Do similar cleanup in ppc4xx_devs.c to similar function.
BALATON Zoltan [Thu, 3 Jan 2019 16:27:24 +0000 (17:27 +0100)]
ppc4xx: Rename ppc4xx_sdram_t in ppc440_uc.c to ppc440_sdram_t
There's already a struct with the same name in ppc4xx_devs.c. They are
not used outside their files so don't clash but they are also not
identical so rename the ppc440 specific one to distinguish them.
projects / qemu.git / log