BALATON Zoltan [Thu, 28 Jun 2018 22:38:33 +0000 (00:38 +0200)]
ppc4xx_i2c: Rewrite to model hardware more closely
Rewrite to make it closer to how real device works so that guest OS
drivers can access I2C devices. Previously this was only a hack to
allow U-Boot to get past accessing SPD EEPROMs but to support other
I2C devices and allow guests to access them we need to model real
device more properly.
David Gibson [Mon, 2 Jul 2018 01:59:35 +0000 (11:59 +1000)]
hw/ppc: Give sam46ex its own config option
At present the Sam460ex board is activated by the general CONFIG_PPC4XX
option. However that includes the board for both ppc-softmmu and
(deprecated) ppcemb-softmmu builds. As Sam460ex is developed, that would
require adding more things into ppcemb-softmmu, which we don't want to do.
John Arbuckle [Sun, 24 Jun 2018 23:12:48 +0000 (19:12 -0400)]
fpu_helper.c: fix setting FPSCR[FI] bit
The FPSCR[FI] bit indicates if the last floating point instruction had a result that was rounded. Each consecutive floating point instruction is suppose to set this bit to the correct value. What currently happens is this bit is not set as often as it should be. I have verified that this is the behavior of a real PowerPC 950. This patch fixes that problem by deciding to set this bit after each floating point instruction.
https://www.pdfdrive.net/powerpc-microprocessor-family-the-programming-environments-for-32-e3087633.html
Page 63 in table 2-4 is where the description of this bit can be found.
The store twin case was stubbed out. For now, implement it only within
a serial context, forcing parallel execution to synchronize. It would
be possible to implement with a cmpxchg loop, if we care, but the loose
alignment requirements (simply no crossing 32-byte boundary) might send
us back to the serial context anyway.
These cases were stubbed out. For now, implement them only within
a serial context, forcing parallel execution to synchronize. It
would be possible to implement these with cmpxchg loops, if we care.
Move the guts of ST_ATOMIC to a function. Use foo_tl for the operations
instead of foo_i32 or foo_i64 specifically. Use MO_ALIGN instead of an
explicit call to gen_check_align.
Move the guts of LD_ATOMIC to a function. Use foo_tl for the operations
instead of foo_i32 or foo_i64 specifically. Use MO_ALIGN instead of an
explicit call to gen_check_align.
Leave only the minimal amount of code within the LDAR macro,
moving the rest of the code into gen_load_locked. Use MO_ALIGN
and remove the explicit call to gen_check_align.
Leave only the minimal amount of code within the STCX macro,
moving the rest of the code into gen_conditional_store.
Remove the explicit call to gen_check_align; the matching LDAX will
have already checked alignment, and we verify the same address.
Always use the gen_conditional_store implementation that uses
atomic_cmpxchg. Make sure and clear reserve_addr across most
interrupts crossing the cpu_loop.
When running in a parallel context, we must use a helper in order
to perform the 128-bit atomic operation. When running in a serial
context, do the compare before the store.
Section 1.4 of the Power ISA v3.0B states that this insn is
single-copy atomic. As we cannot (yet) issue 128-bit stores
within TCG, use the generic helpers provided.
Section 1.4 of the Power ISA v3.0B states that both of these
instructions are single-copy atomic. As we cannot (yet) issue
128-bit loads within TCG, use the generic helpers provided.
Since TCG cannot (yet) return a 128-bit value, add a slot within
CPUPPCState for returning the high half of a 128-bit return value.
This solution is preferred to the helper assigning to architectural
registers directly, as it avoids clobbering all TCG live values.
Cédric Le Goater [Tue, 26 Jun 2018 14:22:14 +0000 (16:22 +0200)]
ppc/pnv: fix pnv_core_realize() error handling
commit d35aefa9ae15 ("ppc/pnv: introduce a new intc_create() operation
to the chip model") changed the object link in the pnv_core_realize()
routine but a return was forgotten in case of error, which can lead to
more problems afterwards (segv)
Cédric Le Goater [Mon, 25 Jun 2018 09:17:18 +0000 (11:17 +0200)]
ppc/xics: rework the ICS classes inheritance tree
With the previous changes, we can now let the ICS_KVM class inherit
directly from ICS_BASE class and not from the intermediate ICS_SIMPLE.
It makes the class hierarchy much cleaner.
What is left in the top classes is the low level interface to access
the KVM XICS device in ICS_KVM and the XICS emulating handlers in
ICS_SIMPLE.
Cédric Le Goater [Wed, 20 Jun 2018 10:24:13 +0000 (12:24 +0200)]
ppc/xics: introduce ICP DeviceRealize and DeviceReset handlers
This changes the ICP realize and reset handlers in DeviceRealize and
DeviceReset handlers. parent handlers are now called from the
inheriting classes which is a cleaner object pattern.
Guenter Roeck [Sat, 23 Jun 2018 21:18:05 +0000 (14:18 -0700)]
sam460ex: Fix sam460ex device tree when booting the Linux kernel
sam460ex (or at least this emulation) does not support the "ibm,cpm" power
management. As a result, Linux crashes when trying to access it. Remove
its device tree node. Also, if/when we boot the Linux kernel directly,
serial port clock frequencies in the device tree file will be unset, and
serial port initialization will fail. Add valid frequency values to
the serial ports to be able to use it. Also set valid values for the other
clock nodes otherwise set by u-boot.
Mark Cave-Ayland [Fri, 22 Jun 2018 08:00:09 +0000 (09:00 +0100)]
mac_newworld: always enable disable_direct_reg3_writes for ADB machines
Commit 84051eb400 "adb: add property to disable direct reg 3 writes" added a
workaround for MacOS 9 incorrectly setting the mouse address during boot of
PMU machines.
Further testing has shown that since fb6649f172 "adb: fix read reg 3 byte
ordering" this can still sometimes happen with the CUDA mac99 machine,
so let's enable this workaround for all New World machines using ADB for now.
Peter Maydell [Mon, 2 Jul 2018 16:57:46 +0000 (17:57 +0100)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20180702' into staging
Assorted tlb and tb caching fixes
# gpg: Signature made Mon 02 Jul 2018 17:03:07 BST
# gpg: using RSA key 64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <[email protected]>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth/tags/pull-tcg-20180702:
cpu: Assert asidx_from_attrs return value in range
accel/tcg: Avoid caching overwritten tlb entries
accel/tcg: Don't treat invalid TLB entries as needing recheck
accel/tcg: Correct "is this a TLB miss" check in get_page_addr_code()
tcg: Define and use new tlb_hit() and tlb_hit_page() functions
translate-all: fix locking of TBs whose two pages share the same physical page
Gerd Hoffmann [Wed, 20 Jun 2018 10:11:42 +0000 (12:11 +0200)]
vgabios: remove submodule and build rules.
It's the old, lgpl vgabios implementation.
Was left in as fallback when we switched to seavgabios, so we could
easily switch back in case we see regressions. It's unused since years
now, reportedly doesn't even build, and lacks support for recently (and
not so recently) added display devices.
Gerd Hoffmann [Wed, 20 Jun 2018 10:07:40 +0000 (12:07 +0200)]
seabios: enable ide dma
QNX reportedly requires this to boot.
Should also speed up booting other guests.
Note: Upstream seabios defaults this to 'n' to due to known problems
on physical hardware (qemu not affected), and wouldn't flip the default
to 'y'. So we adjust our local build config accordingly.
Gerd Hoffmann [Wed, 20 Jun 2018 10:05:55 +0000 (12:05 +0200)]
seabios: add vga configs for bochs-display and ramfb
Both bochs-display and ramfb are devices with a simple framebuffer and
no vga emulation or text mode. seavgabios has support for text mode
emulation (at vgabios call level), we are using that to provide some
vga compatibility support for these devices.
Gerd Hoffmann (11):
optionrom: enable non-vga display devices
cbvga: factor out cbvga_setup_modes()
qemu: add bochs-display support
cbvga_setup_modes: use real mode number instead of 0x140
cbvga_list_modes: don't list current mode twice
cbvga_set_mode: disable clearmem in windows x86 emulator.
bochs_display_setup: return error on failure
pmm: use tmp zone on oom
vgasrc: add allocate_pmm()
qemu: add qemu ramfb support
cbvga_set_mode: refine clear display logic
When installing a TLB entry, remove any cached version of the
same page in the VTLB. If the existing TLB entry matches, do
not copy into the VTLB, but overwrite it.
Peter Maydell [Fri, 29 Jun 2018 16:17:31 +0000 (17:17 +0100)]
accel/tcg: Don't treat invalid TLB entries as needing recheck
In get_page_addr_code() when we check whether the TLB entry
is marked as TLB_RECHECK, we should not go down that code
path if the TLB entry is not valid at all (ie the TLB_INVALID
bit is set).
Peter Maydell [Fri, 29 Jun 2018 16:21:22 +0000 (17:21 +0100)]
accel/tcg: Correct "is this a TLB miss" check in get_page_addr_code()
In commit 71b9a45330fe220d1 we changed the condition we use
to determine whether we need to refill the TLB in
get_page_addr_code() to
if (unlikely(env->tlb_table[mmu_idx][index].addr_code !=
(addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK)))) {
This isn't the right check (it will falsely fail if the
input addr happens to have the low bit corresponding to
TLB_INVALID_MASK set, for instance). Replace it with a
use of the new tlb_hit() function, which is the correct test.
Peter Maydell [Fri, 29 Jun 2018 16:21:21 +0000 (17:21 +0100)]
tcg: Define and use new tlb_hit() and tlb_hit_page() functions
The condition to check whether an address has hit against a particular
TLB entry is not completely trivial. We do this in various places, and
in fact in one place (get_page_addr_code()) we have got the condition
wrong. Abstract it out into new tlb_hit() and tlb_hit_page() inline
functions (one for a known-page-aligned address and one for an
arbitrary address), and use them in all the places where we had the
condition correct.
This is a no-behaviour-change patch; we leave fixing the buggy
code in get_page_addr_code() to a subsequent patch.
Emilio G. Cota [Mon, 25 Jun 2018 16:31:42 +0000 (12:31 -0400)]
translate-all: fix locking of TBs whose two pages share the same physical page
Commit 0b5c91f ("translate-all: use per-page locking in !user-mode",
2018-06-15) introduced per-page locking. It assumed that the physical
pages corresponding to a TB (at most two pages) are always distinct,
which is wrong. For instance, an xtensa test provided by Max Filippov
is broken by the commit, since the test maps two virtual pages
to the same physical page:
Fix it by removing the assumption from page_lock_pair.
If the two physical page addresses are equal, we only lock
the PageDesc once. Note that the two callers of page_lock_pair,
namely page_unlock_tb and tb_link_page, are also updated so that
we do not try to unlock the same PageDesc twice.
* remotes/cohuck/tags/s390x-20180702:
s390x/tcg: fix locking problem with tcg_s390_tod_updated
s390x/kvm: indicate alignment in legacy_s390_alloc()
s390x/kvm: legacy_s390_alloc() only supports one allocation
s390x/tcg: fix CPU hotplug with single-threaded TCG
s390x/tcg: rearm the CKC timer during migration
s390x/tcg: implement SET CLOCK
s390x/tcg: SET CLOCK COMPARATOR can clear CKC interrupts
s390x/tcg: properly implement the TOD
s390x/tcg: drop tod_basetime
s390x/tod: factor out TOD into separate device
s390x/kvm: pass values instead of pointers to kvm_s390_set_clock_*()
s390x/tcg: avoid overflows in time2tod/tod2time
s390x/cpumodel: default enable bpb and ppa15 for z196 and later
loader: Check access size when calling rom_ptr() to avoid crashes
s390/ipl: fix ipl with -no-reboot
Fix the --disable-tcg breakage introduced by 8bca9a03ec60d:
$ configure --disable-tcg
[...]
$ make -C i386-softmmu exec.o
make: Entering directory 'i386-softmmu'
CC exec.o
In file included from source/qemu/exec.c:62:0:
source/qemu/include/exec/ram_addr.h:96:6: error: conflicting types for ‘tb_invalidate_phys_range’
void tb_invalidate_phys_range(ram_addr_t start, ram_addr_t end);
^~~~~~~~~~~~~~~~~~~~~~~~
In file included from source/qemu/exec.c:24:0:
source/qemu/include/exec/exec-all.h:309:6: note: previous declaration of ‘tb_invalidate_phys_range’ was here
void tb_invalidate_phys_range(target_ulong start, target_ulong end);
^~~~~~~~~~~~~~~~~~~~~~~~
source/qemu/exec.c:1043:6: error: conflicting types for ‘tb_invalidate_phys_addr’
void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr, MemTxAttrs attrs)
^~~~~~~~~~~~~~~~~~~~~~~
In file included from source/qemu/exec.c:24:0:
source/qemu/include/exec/exec-all.h:308:6: note: previous declaration of ‘tb_invalidate_phys_addr’ was here
void tb_invalidate_phys_addr(target_ulong addr);
^~~~~~~~~~~~~~~~~~~~~~~
make: *** [source/qemu/rules.mak:69: exec.o] Error 1
make: Leaving directory 'i386-softmmu'
Tested to build x86_64-softmmu and i386-softmmu targets.
s390x/tcg: fix locking problem with tcg_s390_tod_updated
tcg_s390_tod_updated() is always called with the iothread being locked
(e.g. from S390TODClass->set() e.g. via HELPER(sck) or on incoming
migration). The helper we call takes the lock itself - bad.
Let's change that by factoring out updating the ckc timer. This now looks
much nicer than having to call a helper from another function.
While touching it we also make sure that env->ckc is updated even if the
new value is -1ULL, for now it would not have been modified in that case.
s390x/kvm: indicate alignment in legacy_s390_alloc()
Let's do this for completeness reason, although we don't support e.g.
PCDIMM/NVDIMM, which would use the alignment for placing the memory
region in guest physical memory. But maybe someday we would want to
support something like this - then we don't forget about this if
allowing multiple allocations in legacy_s390_alloc().
Use the same alignment as we would set in qemu_anon_ram_alloc(). Our
fixed address satisfies this alignment (1MB). This implicitly sets the
alignment of the underlying memory region.
s390x/kvm: legacy_s390_alloc() only supports one allocation
We always allocate at a fixed address, a second allocation can therefore
of course never work. We would simply overwrite mappings.
This can e.g. happen in s390_memory_init(), if trying to allocate more
than > 8TB. Let's just bail out, as there is no need for supporting it
(legacy handling for z/VM).
Right now, each CPU has its own TOD. Especially, the TOD will differ
based on creation time of a CPU - e.g. when hotplugging a CPU the times
will differ quite a lot, resulting in stall warnings in the guest.
Let's use a single TOD by implementing our new TOD device. Prepare it
for TOD-clock epoch extension.
Most importantly, whenever we set the TOD, we have to update the CKC
timer.
Introduce "tcg_s390x.h" just like "kvm_s390x.h" for tcg specific
function declarations that should not go into cpu.h.
s390x/kvm: pass values instead of pointers to kvm_s390_set_clock_*()
We are going to factor out the TOD into a separate device and use const
pointers for device class functions where possible. We are passing right
now ordinary pointers that should never be touched when setting the TOD.
Let's just pass the values directly.
Note that s390_set_clock() will be removed in a follow-on patch and
therefore its calling convention is not changed.
Big values for the TOD/ns clock can result in some overflows that can be
avoided. Not all overflows can be handled however, as the conversion either
multiplies by 4.096 or divided by 4.096.
Apply the trick used in the Linux kernel in arch/s390/include/asm/timex.h
for tod_to_ns() and use the same trick also for the conversion in the
other direction.
s390x/cpumodel: default enable bpb and ppa15 for z196 and later
Most systems and host kernels provide the necessary building blocks for
bpb and ppa15. We can reverse the logic and default enable those
features, while still allowing to disable it via cpu model.
So let us add bpb and ppa15 to z196 and later default CPU model for the
qemu 3.0 machine. (like -cpu z13). Older machine types (e.g.
s390-ccw-virtio-2.12) will retain the old value and not provide those
bits in the default model.
Thomas Huth [Tue, 26 Jun 2018 09:35:40 +0000 (11:35 +0200)]
loader: Check access size when calling rom_ptr() to avoid crashes
The rom_ptr() function allows direct access to the ROM blobs that we
load during startup. However, there are currently no checks for the
size of the accesses, so it's currently possible to crash QEMU for
example with:
We need a possibility to check the size of the ROM area that we want
to access, thus let's add a size parameter to the rom_ptr() function
to avoid these problems.
kexec/kdump as well as the bootloader use a subcode of diagnose 308
that is supposed to reset the I/O subsystem but not comprise a full
"reboot". With the latest refactoring this is now broken when
-no-reboot is used or when libvirt acts on a reboot QMP event, for
example a virt-install from iso images.
We need to mark these "subsystem resets" as special.
Peter Maydell [Sat, 30 Jun 2018 21:23:51 +0000 (22:23 +0100)]
Merge remote-tracking branch 'remotes/xtensa/tags/20180630-xtensa' into staging
target/xtensa updates:
- add diagnostic for zero-overhead loop alignment;
- convert to TranslatorOps;
- don't call get_page_addr_code() from helper functions.
# gpg: Signature made Sat 30 Jun 2018 22:16:30 BST
# gpg: using RSA key 51F9CC91F83FA044
# gpg: Good signature from "Max Filippov <[email protected]>"
# gpg: aka "Max Filippov <[email protected]>"
# gpg: aka "Max Filippov <[email protected]>"
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB 17D8 51F9 CC91 F83F A044
* remotes/xtensa/tags/20180630-xtensa:
xtensa: Avoid calling get_page_addr_code() from helper function
target/xtensa: Convert to TranslatorOps
target/xtensa: Change gen_intermediate_code dc to pointer
target/xtensa: Convert to DisasContextBase
target/xtensa: Replace DISAS_UPDATE with DISAS_NORETURN
target/xtensa: check zero overhead loop alignment
Peter Maydell [Fri, 22 Jun 2018 13:58:23 +0000 (14:58 +0100)]
xtensa: Avoid calling get_page_addr_code() from helper function
The xtensa frontend calls get_page_addr_code() from its
itlb_hit_test helper function. This function is really part
of the TCG core's internals, and calling it from a target
helper makes it awkward to make changes to that core code.
It also means that we don't pass the correct retaddr to
tlb_fill(), so we won't correctly handle the case where
an exception is generated.
The helper is used for the instructions IHI, IHU and IPFL.
Max Filippov [Fri, 27 Apr 2018 20:07:53 +0000 (13:07 -0700)]
target/xtensa: check zero overhead loop alignment
ISA book documents that the first instruction of zero overhead loop
must fit completely into naturally aligned region of an instruction
fetch unit size. Check that condition and log a message if it's
violated.
Peter Maydell [Sat, 30 Jun 2018 16:30:09 +0000 (17:30 +0100)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2018-06-30' into staging
Monitor patches for 2018-06-30
# gpg: Signature made Sat 30 Jun 2018 17:22:12 BST
# gpg: using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <[email protected]>"
# gpg: aka "Markus Armbruster <[email protected]>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-monitor-2018-06-30:
docs: mention shared state protect for OOB
tests: iotests: drop some stderr line
monitor: flush qmp responses when CLOSED
monitor: rename *_pop_one to *_pop_any
chardev: comment details for CLOSED event
Peter Xu [Wed, 20 Jun 2018 07:32:21 +0000 (15:32 +0800)]
docs: mention shared state protect for OOB
Out-Of-Band handlers need to protect shared state if there is any.
Mention it in the document. Meanwhile, touch up some other places too,
either with better English, or reordering of bullets.
The order of the event and the in/out error line is swapped. I didn't
dig up the reason, but AFAIU what we want to verify is the event rather
than stderr. Let's drop the stderr line directly for this test.
Peter Xu [Wed, 20 Jun 2018 07:32:19 +0000 (15:32 +0800)]
monitor: flush qmp responses when CLOSED
Previously we clean up the queues when we got CLOSED event. It was used
to make sure we won't send leftover replies/events of a old client to a
new client which makes perfect sense. However this will also drop the
replies/events even if the output port of the previous chardev backend
is still open, which can lead to missing of the last replies/events.
Now this patch does an extra operation to flush the response queue
before cleaning up.
In most cases, a QMP session will be based on a bidirectional channel (a
TCP port, for example, we read/write to the same socket handle), so in
port and out port of the backend chardev are fundamentally the same
port. In these cases, it does not really matter much on whether we'll
flush the response queue since flushing will fail anyway. However there
can be cases where in & out ports of the QMP monitor's backend chardev
are separated. Here is an example:
In this case, the backend is fd-typed, and it is connected to stdio
where in port is stdin and out port is stdout. Now if we drop all the
events on the response queue then filter_command process might miss some
events that it might expect. The thing is that, when stdin closes,
stdout might still be there alive!
In practice, I encountered SHUTDOWN event missing when running test with
iotest 087 with Out-Of-Band enabled. Here is one of the ways that this
can happen (after "quit" command is executed and QEMU quits the main
loop):
1. [main thread] QEMU queues a SHUTDOWN event into response queue.
2. "cat" terminates (to distinguish it from the animal, I quote it).
3. [monitor iothread] QEMU's monitor iothread reads EOF from stdin.
4. [monitor iothread] QEMU's monitor iothread calls the CLOSED event
hook for the monitor, which will destroy the response queue of the
monitor, then the SHUTDOWN event is dropped.
5. [main thread] QEMU's main thread cleans up the monitors in
monitor_cleanup(). When trying to flush pending responses, it sees
nothing. SHUTDOWN is lost forever.
Note that before the monitor iothread was introduced, step [4]/[5] could
never happen since the main loop was the only place to detect the EOF
event of stdin and run the CLOSED event hooks. Now things can happen in
parallel in the iothread.
Without this patch, iotest 087 will have ~10% chance to miss the
SHUTDOWN event and fail when with Out-Of-Band enabled:
--- /home/peterx/git/qemu/tests/qemu-iotests/087.out
+++ /home/peterx/git/qemu/bin/tests/qemu-iotests/087.out.bad
@@ -8,7 +8,6 @@
{"return": {}}
{"error": {"class": "GenericError", "desc": "'node-name' must be
specified for the root node"}}
{"return": {}}
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false}}
Peter Xu [Wed, 20 Jun 2018 07:32:18 +0000 (15:32 +0800)]
monitor: rename *_pop_one to *_pop_any
The old names are confusing since both of the old functions are popping
an item from multiple queues rather than a single queue. In that
sense, *_pop_any() suites better than *_pop_one().
Since at it, touch up the function monitor_qmp_response_pop_any() a bit
to let the callers pass in a QMPResponse struct instead of returning a
struct. Change the return value to boolean to mark whether we have
popped a valid response instead.
Peter Xu [Wed, 20 Jun 2018 07:32:17 +0000 (15:32 +0800)]
chardev: comment details for CLOSED event
It was unclear before on what does the CLOSED event mean. Meanwhile we
add a TODO to fix up the CLOSED event in the future when the in/out
ports are different for a chardev.
Peter Maydell [Sat, 30 Jun 2018 12:59:52 +0000 (13:59 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging
Pull request
* Python 3 support in simpletrace.py
* Convert DPRINTF() to trace events
# gpg: Signature made Fri 29 Jun 2018 18:53:05 BST
# gpg: using RSA key 9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <[email protected]>"
# gpg: aka "Stefan Hajnoczi <[email protected]>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/tracing-pull-request:
hw/block/pflash_cfi: Convert from DPRINTF() macro to trace events
hw/block/fdc: Convert from FLOPPY_DPRINTF() macro to trace events
hw/net/etraxfs_eth: Convert printf() calls to trace events
hw/net/ne2000: Convert printf() calls to trace events
hw/net/ne2000: Add trace events
hw/input/tsc2005: Convert a fprintf() call to trace events
hw/char/parallel: Convert from pdebug() macro to trace events
hw/char/serial: Convert from DPRINTF macro to trace events
sdcard: Reduce sdcard_set_blocklen() trace digits
trace: Fix format string for the struct timeval members casted to size_t
simpletrace: Convert name from mapping record to str
Peter Maydell [Sat, 30 Jun 2018 10:55:32 +0000 (11:55 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180629' into staging
target-arm queue:
* last of the SVE patches; SVE is now enabled for aarch64 linux-user
* sd: Don't trace SDRequest crc field (coverity bugfix)
* target/arm: Mark PMINTENSET accesses as possibly doing IO
* clean up v7VE feature bit handling
* i.mx7d: minor cleanups
* target/arm: support reading of CNT[VCT|FRQ]_EL0 from user-space
* target/arm: Implement ARMv8.2-DotProd
* virt: add addresses to dt node names (which stops dtc from
complaining that they're not correctly named)
* cleanups: replace error_setg(&error_fatal) by error_report() + exit()
* remotes/pmaydell/tags/pull-target-arm-20180629: (55 commits)
target/arm: Add ID_ISAR6
target/arm: Prune a15 features from max
target/arm: Prune a57 features from max
target/arm: Fix SVE system register access checks
target/arm: Fix SVE signed division vs x86 overflow exception
sdcard: Use the ldst API
sd: Don't trace SDRequest crc field
target/arm: Mark PMINTENSET accesses as possibly doing IO
target/arm: Remove redundant DIV detection for KVM
target/arm: Add ARM_FEATURE_V7VE for v7 Virtualization Extensions
i.mx7d: Change IRQ number type from hwaddr to int
i.mx7d: Change SRC unimplemented device name from sdma to src
i.mx7d: Remove unused header files
target/arm: support reading of CNT[VCT|FRQ]_EL0 from user-space
target/arm: Implement ARMv8.2-DotProd
target/arm: Enable SVE for aarch64-linux-user
target/arm: Implement SVE dot product (indexed)
target/arm: Implement SVE dot product (vectors)
target/arm: Implement SVE fp complex multiply add (indexed)
target/arm: Pass index to AdvSIMD FCMLA (indexed)
...
Peter Maydell [Fri, 29 Jun 2018 17:29:15 +0000 (18:29 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches:
- Make truncate operations asynchronous (so that preallocation in
blockdev-create doesn't block the main loop any more)
- usb-storage: Add rerror/werror properties
- nvme: Add num_queues property
- qemu-img convert: Copy offloading fixes (including data corruption fix)
- qcow2: Fix cluster leak on temporary write error
- Use byte-based functions instead of bdrv_co_readv/writev()
- Various small fixes and cleanups
# gpg: Signature made Fri 29 Jun 2018 15:08:34 BST
# gpg: using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <[email protected]>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream: (29 commits)
block: Remove unused sector-based vectored I/O
vhdx: Switch to byte-based calls
replication: Switch to byte-based calls
qcow: Switch to a byte-based driver
qcow: Switch qcow_co_writev to byte-based calls
qcow: Switch qcow_co_readv to byte-based calls
qcow: Switch get_cluster_offset to be byte-based
parallels: Switch to byte-based calls
file-posix: Fix EINTR handling
iscsi: Don't blindly use designator length in response for memcpy
qcow2: Fix src_offset in copy offloading
file-posix: Implement co versions of discard/flush
qemu-iotests: Test qcow2 not leaking clusters on write error
qcow2: Free allocated clusters on write error
qemu-iotests: Update 026.out.nocache reference output
block/crypto: Simplify block_crypto_{open,create}_opts_init()
block: Move request tracking to children in copy offloading
qcow2: Remove dead check on !ret
file-posix: Make .bdrv_co_truncate asynchronous
block: Use tracked request for truncate
...
Leave ARM_CP_SVE, removing ARM_CP_FPU; the sve_access_check
produced by the flag already includes fp_access_check. If
we also check ARM_CP_FPU the double fp_access_check asserts.
target/arm: Fix SVE signed division vs x86 overflow exception
We already check for the same condition within the normal integer
sdiv and sdiv64 helpers. Use a slightly different formation that
does not require deducing the expression type.
Peter Maydell [Fri, 29 Jun 2018 14:11:19 +0000 (15:11 +0100)]
sd: Don't trace SDRequest crc field
We don't actually implement SD command CRC checking, because
for almost all of our SD controllers the CRC generation is
done in hardware, and so modelling CRC generation and checking
would be a bit pointless. (The exception is that milkymist-memcard
makes the guest software compute the CRC.)
As a result almost all of our SD controller models don't bother
to set the SDRequest crc field, and the SD card model doesn't
check it. So the tracing of it in sdbus_do_command() provokes
Coverity warnings about use of uninitialized data.
Drop the CRC field from the trace; we can always add it back
if and when we do anything useful with the CRC.
Aaron Lindsay [Fri, 29 Jun 2018 14:11:18 +0000 (15:11 +0100)]
target/arm: Remove redundant DIV detection for KVM
KVM implies V7VE, which implies ARM_DIV and THUMB_DIV. The conditional
detection here is therefore unnecessary. Because V7VE is already
unconditionally specified for all KVM hosts, ARM_DIV and THUMB_DIV are
already indirectly specified and do not need to be included here at all.
Alex Bennée [Fri, 29 Jun 2018 14:11:16 +0000 (15:11 +0100)]
target/arm: support reading of CNT[VCT|FRQ]_EL0 from user-space
Since kernel commit a86bd139f2 (arm64: arch_timer: Enable CNTVCT_EL0
trap..), released in kernel version v4.12, user-space has been able
to read these system registers. As we can't use QEMUTimer's in
linux-user mode we just directly call cpu_get_clock().
We've already added the helpers with an SVE patch, all that remains
is to wire up the aa64 and aa32 translators. Enable the feature
within -cpu max for CONFIG_USER_ONLY.
target/arm: Implement SVE fp complex multiply add (indexed)
Enhance the existing helpers to support SVE, which takes the
index from each 128-bit segment. The change has no effect
for AdvSIMD, since there is only one such segment.
For aa64 advsimd, we had been passing the pre-indexed vector.
However, sve applies the index to each 128-bit segment, so we
need to pass in the index separately.
For aa32 advsimd, the fp32 operation always has index 0, but
we failed to interpret the fp16 index correctly.
projects / qemu.git / log