Michael Roth [Tue, 25 Oct 2016 04:47:27 +0000 (23:47 -0500)]
spapr_ovec: initial implementation of option vector helpers
PAPR guests advertise their capabilities to the platform by passing
an ibm,architecture-vec structure via an
ibm,client-architecture-support hcall as described by LoPAPR v11,
B.6.2.3. during early boot.
Using this information, the platform enables the capabilities it
supports, then encodes a subset of those enabled capabilities (the
5th option vector of the ibm,architecture-vec structure passed to
ibm,client-architecture-support) into the guest device tree via
"/chosen/ibm,architecture-vec-5".
The logical format of these these option vectors is a bit-vector,
where individual bits are addressed/documented based on the byte-wise
offset from the beginning of the bit-vector, followed by the bit-wise
index starting from the byte-wise offset. Thus the bits of each of
these bytes are stored in reverse order. Additionally, the first
byte of each option vector is encodes the length of the option vector,
so byte offsets begin at 1, and bit offset at 0.
This is not very intuitive for the purposes of mapping these bits to
a particular documented capability, so this patch introduces a set
of abstractions that encapsulate the work of parsing/encoding these
options vectors and testing for individual capabilities.
Cc: Bharata B Rao <[email protected]> Signed-off-by: Michael Roth <[email protected]>
[dwg: Tweaked double-include protection to not trigger a checkpatch
false positive] Signed-off-by: David Gibson <[email protected]>
David Gibson [Thu, 20 Oct 2016 05:05:00 +0000 (16:05 +1100)]
pseries: Remove spapr_create_fdt_skel()
For historical reasons construction of the guest device tree in spapr is
divided between spapr_create_fdt_skel() which is called at init time, and
spapr_build_fdt() which runs at reset time. Over time, more and more
things have needed to be moved to reset time.
Previous cleanups mean the only things left in spapr_create_fdt_skel() are
the properties of the root node itself. Finish consolidating these two
parts of device tree construction, by moving this to the start of
spapr_build_fdt(), and removing spapr_create_fdt_skel() entirely.
David Gibson [Thu, 20 Oct 2016 05:01:17 +0000 (16:01 +1100)]
pseries: Consolidate construction of /vdevice device tree node
Construction of the /vdevice node (and its children) is divided between
spapr_create_fdt_skel() (at init time), which creates the base node, and
spapr_populate_vdevice() (at reset time) which creates the nodes for each
individual virtual device.
This consolidates both into a single function called from
spapr_build_fdt().
David Gibson [Thu, 20 Oct 2016 04:59:36 +0000 (15:59 +1100)]
pseries: Move /hypervisor node construction to fdt_build_fdt()
Currently the /hypervisor device tree node is constructed in
spapr_create_fdt_skel(). As part of consolidating device tree construction
to reset time, move it to a function called from spapr_build_fdt().
David Gibson [Thu, 20 Oct 2016 04:56:48 +0000 (15:56 +1100)]
pseries: Move /event-sources construction to spapr_build_fdt()
The /event-sources device tree node is built from spapr_create_fdt_skel().
As part of consolidating device tree construction to reset time, this moves
it to spapr_build_fdt().
David Gibson [Thu, 20 Oct 2016 04:55:36 +0000 (15:55 +1100)]
pseries: Consolidate construction of /rtas device tree node
For historical reasons construction of the /rtas node in the device
tree (amongst others) is split into several places. In particular
it's split between spapr_create_fdt_skel(), spapr_build_fdt() and
spapr_rtas_device_tree_setup().
In fact, as well as adding the actual RTAS tokens to the device tree,
spapr_rtas_device_tree_setup() just adds the ibm,lrdr-capacity
property, which despite going in the /rtas node, doesn't have a lot to
do with RTAS.
This patch consolidates the code constructing /rtas together into a new
spapr_dt_rtas() function. spapr_rtas_device_tree_setup() is renamed to
spapr_dt_rtas_tokens() and now only adds the token properties.
David Gibson [Mon, 24 Oct 2016 01:05:57 +0000 (12:05 +1100)]
pseries: Consolidate construction of /chosen device tree node
For historical reasons, building the /chosen node in the guest device tree
is split across several places and includes both parts which write the DT
sequentially and others which use random access functions.
This patch consolidates construction of the node into one place, using
random access functions throughout.
David Gibson [Thu, 20 Oct 2016 05:07:56 +0000 (16:07 +1100)]
pseries: Move construction of /interrupt-controller fdt node
Currently the device tree node for the XICS interrupt controller is in
spapr_create_fdt_skel(). As part of consolidating device tree construction
to reset time, this moves it to a function called from spapr_build_fdt().
In addition we move the actual code into hw/intc/xics_spapr.c with the
rest of the PAPR specific interrupt controller code.
David Gibson [Thu, 20 Oct 2016 04:37:41 +0000 (15:37 +1100)]
pseries: Consolidate RTAS loading
At each system reset, the pseries machine needs to load RTAS (the runtime
portion of the guest firmware) into the VM. This means copying
the actual RTAS code into guest memory, and also updating the device
tree so that the guest OS and boot firmware can locate it.
For historical reasons the copy and update to the device tree were in
different parts of the code. This cleanup brings them both together in
an spapr_load_rtas() function.
David Gibson [Thu, 20 Oct 2016 04:34:59 +0000 (15:34 +1100)]
pseries: Move adding of fdt reserve map entries
The flattened device tree passed to pseries guests contains a list of
reserved memory areas. Currently we construct this list early in
spapr_create_fdt_skel() as we sequentially write the fdt.
This will be inconvenient for upcoming cleanups, so this patch moves
the reserve map changes to the end of fdt construction. This changes
fdt_add_reservemap_entry() calls - which work when writing the fdt
sequentially to fdt_add_mem_rsv() calls used when altering the fdt in
random access mode.
David Gibson [Thu, 20 Oct 2016 04:31:45 +0000 (15:31 +1100)]
pseries: Make spapr_create_fdt_skel() get information from machine state
Currently spapr_create_fdt_skel() takes a bunch of individual parameters
for various things it will put in the device tree. Some of these can
already be taken directly from sPAPRMachineState. This patch alters it so
that all of them can be taken from there, which will allow this code to
be moved away from its current caller in future.
David Gibson [Tue, 25 Oct 2016 00:51:33 +0000 (11:51 +1100)]
pseries: Split device tree construction from device tree load
spapr_finalize_fdt() both finishes building the device tree for the guest
and loads it into guest memory. For future cleanups, it's going to be
more convenient to do these two things separately. The loading portion is
pretty trivial, so we move it inline into the caller, ppc_spapr_reset().
We also rename spapr_finalize_fdt(), because the current name is going to
become inaccurate.
Cédric Le Goater [Sat, 22 Oct 2016 09:46:43 +0000 (11:46 +0200)]
ppc/pnv: add a ISA bus
As Qemu only supports a single instance of the ISA bus, we use the LPC
controller of chip 0 to create one and plug in a couple of useful
devices, like an UART and RTC. An IPMI BT device, which is also an ISA
device, can be defined on the command line to connect an external BMC.
That is for later.
The PowerNV machine now has a console. Skiboot should load a kernel
and jump into it but execution will stop quite early because we lack a
model for the native XICS controller for the moment :
Based on previous work from :
Benjamin Herrenschmidt <[email protected]>
Signed-off-by: Cédric Le Goater <[email protected]> Reviewed-by: David Gibson <[email protected]>
[dwg: Trivial fix for a change in the serial_hds_isa_init() interface] Signed-off-by: David Gibson <[email protected]>
The LPC (Low Pin Count) interface on a POWER8 is made accessible to
the system through the ADU (XSCOM interface). This interface is part
of set of units connected together via a local OPB (On-Chip Peripheral
Bus) which act as a bridge between the ADU and the off chip LPC
endpoints, like external flash modules.
The most important units of this OPB are :
- OPB Master: contains the ADU slave logic, a set of internal
registers and the logic to control the OPB.
- LPCHC (LPC HOST Controller): which implements a OPB Slave, a set of
internal registers and the LPC HOST Controller to control the LPC
interface.
Four address spaces are provided to the ADU :
- LPC Bus Firmware Memory
- LPC Bus Memory
- LPC Bus I/O (ISA bus)
- and the registers for the OPB Master and the LPC Host Controller
On POWER8, an intermediate hop is necessary to reach the OPB, through
a unit called the ECCB. OPB commands are simply mangled in ECCB write
commands.
On POWER9, the OPB master address space can be accessed via MMIO. The
logic is same but the code will be simpler as the XSCOM and ECCB hops
are not necessary anymore.
This version of the LPC controller model doesn't yet implement support
for the SerIRQ deserializer present in the Naples version of the chip
though some preliminary work is there.
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
[clg: - updated for qemu-2.7
- ported on latest PowerNV patchset
- changed the XSCOM interface to fit new model
- QOMified the model
- moved the ISA hunks in another patch
- removed printf logging
- added a couple of UNIMP logging
- rewrote commit log ] Signed-off-by: Cédric Le Goater <[email protected]> Reviewed-by: David Gibson <[email protected]> Signed-off-by: David Gibson <[email protected]>
Cédric Le Goater [Sat, 22 Oct 2016 09:46:41 +0000 (11:46 +0200)]
ppc/pnv: add XSCOM handlers to PnvCore
Now that we are using real HW ids for the cores in PowerNV chips, we
can route the XSCOM accesses to them. We just need to attach a
specific XSCOM memory region to each core in the appropriate window
for the core number.
To start with, let's install the DTS (Digital Thermal Sensor) handlers
which should return 38°C for each core.
Cédric Le Goater [Sat, 22 Oct 2016 09:46:40 +0000 (11:46 +0200)]
ppc/pnv: add XSCOM infrastructure
On a real POWER8 system, the Pervasive Interconnect Bus (PIB) serves
as a backbone to connect different units of the system. The host
firmware connects to the PIB through a bridge unit, the
Alter-Display-Unit (ADU), which gives him access to all the chiplets
on the PCB network (Pervasive Connect Bus), the PIB acting as the root
of this network.
XSCOM (serial communication) is the interface to the sideband bus
provided by the POWER8 pervasive unit to read and write to chiplets
resources. This is needed by the host firmware, OPAL and to a lesser
extent, Linux. This is among others how the PCI Host bridges get
configured at boot or how the LPC bus is accessed.
To represent the ADU of a real system, we introduce a specific
AddressSpace to dispatch XSCOM accesses to the targeted chiplets. The
translation of an XSCOM address into a PCB register address is
slightly different between the P9 and the P8. This is handled before
the dispatch using a 8byte alignment for all.
To customize the device tree, a QOM InterfaceClass, PnvXScomInterface,
is provided with a populate() handler. The chip populates the device
tree by simply looping on its children. Therefore, each model needing
custom nodes should not forget to declare itself as a child at
instantiation time.
Based on previous work done by :
Benjamin Herrenschmidt <[email protected]>
Signed-off-by: Cédric Le Goater <[email protected]>
[dwg: Added cpu parameter to xscom_complete()] Signed-off-by: David Gibson <[email protected]>
Cédric Le Goater [Sat, 22 Oct 2016 09:46:39 +0000 (11:46 +0200)]
ppc/pnv: add a PnvCore object
This is largy inspired by sPAPRCPUCore with some simplification, no
hotplug for instance. A set of PnvCore objects is added to the PnvChip
and the device tree is populated looping on these cores.
Real HW cpu ids are now generated depending on the chip cpu model, the
chip id and a core mask. The id is propagated to the CPU object, using
properties, to set the SPR_PIR (Processor Identification Register)
Cédric Le Goater [Sat, 22 Oct 2016 09:46:38 +0000 (11:46 +0200)]
ppc/pnv: add a PIR handler to PnvChip
The Processor Identification Register (PIR) is a register that holds a
processor identifier which is used for bus transactions (XSCOM) and
for processor differentiation in multiprocessor systems. It also used
in the interrupt vector entries (IVE) to identify the thread serving
the interrupts.
P9 and P8 have some differences in the CPU PIR encoding.
Cédric Le Goater [Sat, 22 Oct 2016 09:46:36 +0000 (11:46 +0200)]
ppc/pnv: add a PnvChip object
This is is an abstraction of a POWER8 chip which is a set of cores
plus other 'units', like the pervasive unit, the interrupt controller,
the memory controller, the on-chip microcontroller, etc. The whole can
be seen as a socket. It depends on a cpu model and its characteristics:
max cores and specific inits are defined in a PnvChipClass.
We start with an near empty PnvChip with only a few cpu constants
which we will grow in the subsequent patches with the controllers
required to run the system.
The Chip CFAM (Common FRU Access Module) ID gives the model of the
chip and its version number. It is generally the first thing firmwares
fetch, available at XSCOM PCB address 0xf000f, to start initialization.
The goal is to emulate a PowerNV system at the level of the skiboot
firmware, which loads the OS and provides some runtime services. Power
Systems have a lower firmware (HostBoot) that does low level system
initialization, like DRAM training. This is beyond the scope of what
qemu will address in a PowerNV guest.
No devices yet, not even an interrupt controller. Just to get started,
some RAM to load the skiboot firmware, the kernel and initrd. The
device tree is fully created in the machine reset op.
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
[clg: - updated for qemu-2.7
- replaced fprintf by error_report
- used a common definition of _FDT macro
- removed VMStateDescription as migration is not yet supported
- added IBM Copyright statements
- reworked kernel_filename handling
- merged PnvSystem and sPowerNVMachineState
- removed PHANDLE_XICP
- added ppc_create_page_sizes_prop helper
- removed nmi support
- removed kvm support
- updated powernv machine to version 2.8
- removed chips and cpus, They will be provided in another patches
- added a machine reset routine to initialize the device tree (also)
- french has a squelette and english a skeleton.
- improved commit log.
- reworked prototypes parameters
- added a check on the ram size (thanks to Michael Ellerman)
- fixed chip-id cell
- changed MAX_CPUS to 2048
- simplified memory node creation to one node only
- removed machine version
- rewrote the device tree creation with the fdt "rw" routines
- s/sPowerNVMachineState/PnvMachineState/
- etc.] Signed-off-by: Cédric Le Goater <[email protected]> Reviewed-by: David Gibson <[email protected]> Signed-off-by: David Gibson <[email protected]>
configure, ppc64: Copy skiboot.lid to build directory when configuring
When configured to compile out of tree, the configure script
copies BIOS blobs to the build directory. However since the PPC64 powernv
machine ROM has .lid extension, it is ignored and "make check" fails
when trying the powernv machine.
David Gibson [Thu, 20 Oct 2016 04:29:25 +0000 (15:29 +1100)]
pseries: Remove unused callbacks from sPAPR VIO bus state
The original QOMification of the spapr VIO devices in 3954d33 "spapr:
convert to QEMU Object Model (v2)" moved some callbacks from the
VIOsPAPRBus structure to the VIOsPAPRDeviceClass. Except, that it
forgot to actually remove them from the VIOsPAPRBus structure (which
still exists, though it doesn't fulfill quite the same function as it
did pre-QOM).
This patch removes those now unused callback fields.
Cédric Le Goater [Tue, 18 Oct 2016 08:06:32 +0000 (10:06 +0200)]
ppc/xics: add a xics_set_nr_servers common routine
xics_spapr and xics_kvm nearly define the same 'set_nr_servers'
handler. Only the type of the ICP differs. So let's make a common one
to remove some duplicated code.
Thomas Huth [Tue, 18 Oct 2016 20:46:41 +0000 (22:46 +0200)]
sparc: Use the new common NVRAM functions for system and free space partition
The system and free space NVRAM partitions (for OpenBIOS) are created
in exactly the same way as the Mac-style CHRP NVRAM partitions, so we
can use the new common helper functions to do this job here, too.
Thomas Huth [Tue, 18 Oct 2016 20:46:40 +0000 (22:46 +0200)]
nvram: Introduce helper functions for CHRP "system" and "free space" partitions
The "system partition" and "free space" partition layouts are
defined by the CHRP and LoPAPR specification, and used by
OpenBIOS and SLOF. We can re-use this code for other machines
that use OpenBIOS and SLOF, too. So let's make this code independent
from the MAC NVRAM environment and put it into two proper helper
functions.
Michael Roth [Tue, 18 Oct 2016 20:50:23 +0000 (15:50 -0500)]
spapr_pci: advertise explicit numa IDs even when there's 1 node
With the addition of "numa_node" properties for PHBs we began
advertising NUMA affinity in cases where nb_numa_nodes > 1.
Since the default on the guest side is to make no assumptions about
PHB NUMA affinity (defaulting to -1), there is still a valid use-case
for explicitly defining a PHB's NUMA affinity even when there's just
one node. In particular, some workloads make faulty assumptions about
/sys/bus/pci/<devid>/numa_node being >= 0, warranting the use of
this property as a workaround even if there's just 1 PHB or NUMA
node.
Enable this use-case by always advertising the PHB's NUMA affinity
if "numa_node" has been explicitly set.
We could achieve this by relaxing the check to simply be
nb_numa_nodes > 0, but even safer would be to check
numa_info[nodeid].present explicitly, and to fail at start time
for cases where it does not exist.
This has an additional affect of no longer advertising PHB NUMA
affinity unconditionally if nb_numa_nodes > 1 and "numa_node"
property is unset/-1, but since the default value on the guest
side for each PHB is also -1, the behavior should be the same for
that situation. We could still retain the old behavior if desired,
but the decision seems arbitrary, so we take the simpler route.
Laurent Vivier [Mon, 17 Oct 2016 10:30:23 +0000 (12:30 +0200)]
tests: use qtest_pc_boot()/qtest_shutdown() in virtio tests
This patch replaces calls to qtest_start() and qtest_end() by
calls to qtest_pc_boot() and qtest_shutdown().
This allows to initialize memory allocator and PCI interface
functions. This will ease to enable virtio tests on other
architectures by only adding a specific qtest_XXX_boot() (like
qtest_spapr_boot()).
Laurent Vivier [Mon, 17 Oct 2016 10:30:22 +0000 (12:30 +0200)]
tests: rename target_big_endian() as qvirtio_is_big_endian()
Move the definition to libqos/virtio.h as it must be used
only with virtio functions.
Add a QVirtioDevice parameter as it will be needed to
know if the virtio device is using virtio 1.0 specification
and thus is always little-endian (to do)
Laurent Vivier [Mon, 17 Oct 2016 10:30:20 +0000 (12:30 +0200)]
tests: don't check if qtest_spapr_boot() returns NULL
qtest_spapr_boot()/qtest_pc_boot()/qtest_boot() call qtest_vboot()
and qtest_vboot() calls g_malloc(),
and g_malloc() never fails:
if memory allocation fails, the application is terminated.
ppc/xics: Add xics to the monitor "info pic" command
Useful to debug interrupt problems.
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
[clg: - updated for qemu-2.7
- added a test on ->irqs as it is not necessarily allocated
(PHB3_MSI)
- removed static variable g_xics and replace with a loop on all
children to find the xics objects.
- rebased on InterruptStatsProvider interface ] Signed-off-by: Cédric Le Goater <[email protected]> Signed-off-by: David Gibson <[email protected]>
The main changes are:
* virtio-serial
* booting speed imrovement
* better PCI bridge support
The complete changelog is:
> virtio-serial: Fix compile error
> scsi: Remove debug functions from scsi-loader.fs
> scsi: Remove unused read-6 command
> obp-tftp: Remove the ciregs-buffer
> libnet: Simplify the net-load arguments passing
> libnet: Simplify the Forth-to-C wrapper of ping()
> Do not link libnet to net-snk anymore, and remove net-snk from board-qemu
> Add a Forth-to-C wrapper for the ping command, too
> Link libnet code to Paflof and add a wrapper for netboot()
> Remember execution tokens of "write" and "read" for socket operations
> Add virtio-serial device support
> Generalize output banner write routine
> Improve indentation in OF.fs
> scsi: implement READ (16) command
> rtas: Improve rtas-do-config-@ and rtas-do-config-! a little bit
> libnet: Make netapps.h includable from .code files
> libnet: Remove unused prototypes from netapps.h
> libnet: Fix the printout of the ping command
> libnet: Make sure to close sockets when we're done
> scsi: implement read-capacity-16
> pci: Fix secondary and subordinate PCI bus enumeration with board-qemu
> pci-phb: Fix stack underflow in phb-pci-walk-bridge
> paflof: Add a read() function to read keyboard input
> paflof: Add socket(), send() and recv() functions to paflof
> paflof: Provide get_timer() and set_timer() helper functions
> paflof: Add a write_mm_log helper function
> paflof: Copy sbrk code from net-snk
> paflof: Use CFLAGS from make.rules instead of completely redefining them
> Do not include the FCode evaluator by default anymore
> Source code beautification of board-qemu/slof/pci-interrupts.fs
> Allow PCI devices in PCI bridge slots greater than 4
> Fix bad interrupt pin numbering in interrupt-map property of PCI bridges
> Improve SLOF_alloc_mem_aligned()
> instance: Fix set-my-args for empty arguments
> Fix remaining compiler warnings in sloffs.c
> Remove misleading padding fields from ROM header definition
> Improve indentation in calculatecrc.h
> Do not include calculatecrc.h from assembler files
> Remove unused defines in calculatecrc.h
> libnet: Re-initialize global variables at the beginning of tftp()
> Remove dependency on cpu/@0 for booting
> usb: Set XHCI slot speed according to port status
> usb: Build correct route string for USB3 devices behind a hub
> usb: Initialize USB3 devices on a hub and keep track of hub topology
> usb: Increase amount of maximum slot IDs and add a sanity check
> usb: Move XHCI port state arrays from header to .c file
> tools: add copy functionality
> tools: added support to sloffs to read from /dev/slof_flash
> tools: added file append functionality
> tools: use crc checking code from romfs/tools
> tools: added initial version of sloffs
> romfs: factored out crc code, to make it usable from other locations
> tools: remove unused parts from the Makefile
> usb-hid: Fix non-working comma key
> fat-files: Fix access to FAT32 dir/files when cluster > 16-bits
> virtio-net: fix ring handling in receive
> net: Remove remainders of the MTFTP code
> net: Move also files from clients/net-snk/app/netapps/ to lib/libnet/
> net: Move files from clients/net-snk/app/netlib/ to lib/libnet/
> net-snk: Get rid of netlib and netapps prefixes in include statements
> usb-xhci: assign field4 before conditional
> Improve F12 key handling in boot menu
> Fix stack underflow that occurs with duplicated ESC in input
> rtas-nvram: optimize erase
> ipv6: Replace magic number 1500 with ETH_MTU_SIZE (i.e. 1518)
> ipv6: Fix NULL pointer dereference in ip6addr_add()
> ipv6: Fix memory leak in set_ipv6_address() / ip6_create_ll_address()
> ipv6: Clear memory after malloc if necessary
> ipv6: Fix possible NULL-pointer dereference in send_ipv6()
> ping: use gateway address for routing
> ping: add netmask in the ping argument
> xhci: fix missing keys from keyboard
> xhci: add memory barrier after filling the trb
> loaders: Remove netflash command
> boot: Remove legacy Forth words for network loading
> base: Move cnt-bits and bcd-to-bin to board-js2x folder
> base: Move huge-tftp-load variable to obp-tftp package
> base: Remove unused IP address conversion functions
> virtio: White space cleanup in virtio-9p.c
> virtio: Add modern version 1.0 support to 9p driver
> virtio: Set a proper name for virtio-9p device tree nodes
> pci: Fix mistype in "unkown-bridge"
> ipv6: Indent code with tabs, not with spaces
> ipv6: send_ipv6() has to return after doing NDP
> ipv6: Do not use unitialized MAC address array
> ipv6: Add support for sending packets through a router
> Remove unused sms code.
> virtio-net: initialize to populate mac address
> libbootmsg: Do not use '\b' characters when printing checkpoints
> dev-null: The "read" function has to return 0 if nothing has been read
Peter Maydell [Thu, 27 Oct 2016 11:45:45 +0000 (12:45 +0100)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Wed 26 Oct 2016 03:19:06 BST
# gpg: using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <[email protected]>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
colo-proxy: fix memory leak
net: rtl8139: limit processing of ring descriptors
net: vmxnet: initialise local tx descriptor
e1000e: Don't zero out buffer address in rx descriptor
net: rocker: set limit to DMA buffer size
net: eepro100: fix memory leak in device uninit
tap-bsd: OpenBSD uses tap(4) now
net: pcnet: fix source formatting and indentation
net: pcnet: check rx/tx descriptor ring length
* remotes/vivier/tags/m68k-part1-pull-request: (23 commits)
target-m68k: Optimize gen_flush_flags
target-m68k: Optimize some comparisons
target-m68k: Use setcond for scc
target-m68k: Introduce DisasCompare
target-m68k: Reorg flags handling
target-m68k: Remove incorrect clearing of cc_x
target-m68k: Some fixes to SR and flags management
target-m68k: Print flags properly
target-m68k: update CPU flags management
target-m68k: don't update cc_dest in helpers
target-m68k: update move to/from ccr/sr
target-m68k: remove m68k_cpu_exec_enter() and m68k_cpu_exec_exit()
target-m68k: Replace helper_xflag_lt with setcond
target-m68k: allow to update flags with operation on words and bytes
target-m68k: REG() macro cleanup
target-m68k: set PAGE_BITS to 12 for m68k
target-m68k: define operand sizes
target-m68k: set disassembler mode to 680x0 or coldfire
target-m68k: introduce read_imXX() functions
target-m68k: manage scaled index
...
Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem. However, portable parallel
code is written assuming only cmpxchg which means that in
practice this is a viable alternative.
Emilio G. Cota [Mon, 27 Jun 2016 19:02:13 +0000 (15:02 -0400)]
target-arm: emulate aarch64's LL/SC using cmpxchg helpers
Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem. Portable parallel code, however,
is written assuming only cmpxchg--and not LL/SC--is available.
This means that in practice emulating LL/SC with cmpxchg is
a viable alternative.
The appended emulates LL/SC pairs in aarch64 with cmpxchg helpers.
This works in both user and system mode. In usermode, it avoids
pausing all other CPUs to perform the LL/SC pair. The subsequent
performance and scalability improvement is significant, as the
plots below show. They plot the throughput of atomic_add-bench
compiled for ARM and executed on a 64-core x86 machine.
Emilio G. Cota [Mon, 27 Jun 2016 19:02:08 +0000 (15:02 -0400)]
target-arm: emulate LL/SC using cmpxchg helpers
Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem. Portable parallel code, however,
is written assuming only cmpxchg--and not LL/SC--is available.
This means that in practice emulating LL/SC with cmpxchg is
a viable alternative.
The appended emulates LL/SC pairs in ARM with cmpxchg helpers.
This works in both user and system mode. In usermode, it avoids
pausing all other CPUs to perform the LL/SC pair. The subsequent
performance and scalability improvement is significant, as the
plots below show. They plot the throughput of atomic_add-bench
compiled for ARM and executed on a 64-core x86 machine.
target-arm: Rearrange aa32 load and store functions
Stop specializing on TARGET_LONG_BITS == 32; unconditionally allocate
a temp and expand with tcg_gen_extu_i32_tl. Split out gen_aa32_addr,
gen_aa32_frob64, gen_aa32_ld_i32 and gen_aa32_st_i32 as separate interfaces.
Emilio G. Cota [Mon, 27 Jun 2016 19:02:05 +0000 (15:02 -0400)]
tests: add atomic_add-bench
With this microbenchmark we can measure the overhead of emulating atomic
instructions with a configurable degree of contention.
The benchmark spawns $n threads, each performing $o atomic ops (additions)
in a loop. Each atomic operation is performed on a different cache line
(assuming lines are 64b long) that is randomly selected from a range [0, $r).
Emilio G. Cota [Mon, 27 Jun 2016 19:02:06 +0000 (15:02 -0400)]
target-i386: remove helper_lock()
It's been superseded by the atomic helpers.
The use of the atomic helpers provides a significant performance and scalability
improvement. Below is the result of running the atomic_add-test microbenchmark with:
$ x86_64-linux-user/qemu-x86_64 tests/atomic_add-bench -o 5000000 -r $r -n $n
, where $n is the number of threads and $r is the allowed range for the additions.
The scenarios measured are:
- atomic: implements x86' ADDL with the atomic_add helper (i.e. this patchset)
- cmpxchg: implement x86' ADDL with a TCG loop using the cmpxchg helper
- master: before this patchset
Results sorted in ascending range, i.e. descending degree of contention.
Y axis is Throughput in Mops/s. Tests are run on an AMD machine with 64
Opteron 6376 cores.
For master I stopped measuring master after 8 threads, because there is little
point in measuring the well-known performance collapse of a contended lock.
Allow qemu to build on 32-bit hosts without 64-bit atomic ops.
Even if we only allow 32-bit hosts to multi-thread emulate 32-bit
guests, we still need some way to handle the 32-bit guest using a
64-bit atomic operation. Do so by dropping back to single-step.
Wikipedia suggests that only very old AMD64 (circa 2004) did not have
this instruction. Further, it's required by Windows 8 so no new cpus
will ever omit it.
If we truely care about these, then we could check this at startup time
and then avoid executing paths that use it.
Add all of cmpxchg, op_fetch, fetch_op, and xchg.
Handle both endian-ness, and sizes up to 8.
Handle expanding non-atomically, when emulating in serial.
Alex Bennée [Wed, 5 Oct 2016 18:13:04 +0000 (11:13 -0700)]
linux-user: enable parallel code generation on clone
The variable parallel_cpus controls the generation of thread aware
atomic code. We only need to set it once we clone our first thread.
At this point any existing translations need to be thrown away.
While the check against sizeof(void *) is appropriate for
normal usage within qemu, there are places in which we want
wider operaions and have checked for their existance.
audio: intel-hda: check stream entry count during transfer
Intel HDA emulator uses stream of buffers during DMA data
transfers. Each entry has buffer length and buffer pointer
position, which are used to derive bytes to 'copy'. If this
length and buffer pointer were to be same, 'copy' could be
set to zero(0), leading to an infinite loop. Add check to
avoid it.
net: rtl8139: limit processing of ring descriptors
RTL8139 ethernet controller in C+ mode supports multiple
descriptor rings, each with maximum of 64 descriptors. While
processing transmit descriptor ring in 'rtl8139_cplus_transmit',
it does not limit the descriptor count and runs forever. Add
check to avoid it.
Li Qiang [Wed, 10 Aug 2016 19:12:20 +0000 (00:42 +0530)]
net: vmxnet: initialise local tx descriptor
In Vmxnet3 device emulator while processing transmit(tx) queue,
when it reaches end of packet, it calls vmxnet3_complete_packet.
In that local 'txcq_descr' object is not initialised, which could
leak host memory bytes a guest.
Kevin Wolf [Sun, 16 Oct 2016 22:35:07 +0000 (00:35 +0200)]
e1000e: Don't zero out buffer address in rx descriptor
The e1000e emulation zeroes out any used rx descriptor and then writes a
completely newly constructed value there. By doing this, it doesn't only
update the write-back area of the descriptors (as it's supposed to do),
but it also clears the buffer address, which real hardware doesn't do.
The spec explicitly mentions in chapter 7.1.8 that it is valid for a
driver to reuse a descriptor and only update the status field while
doing so, i.e. reusing the old buffer address:
If software statically allocates buffers, and uses memory read to
check for completed descriptors, it simply has to zero the status
byte in the descriptor to make it ready for reuse by hardware.
This patch fixes the behaviour to leave the buffer address in
descriptors unchanged even after the descriptor has been used.
Rocker network switch emulator has test registers to help debug
DMA operations. While testing host DMA access, a buffer address
is written to register 'TEST_DMA_ADDR' and its size is written to
register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
test, if DMA buffer size was greater than 'INT_MAX', it leads to
an invalid buffer access. Limit the DMA buffer size to avoid it.
Li Qiang [Sat, 8 Oct 2016 12:07:25 +0000 (05:07 -0700)]
net: eepro100: fix memory leak in device uninit
The exit dispatch of eepro100 network card device doesn't free
the 's->vmstate' field which was allocated in device realize thus
leading a host memory leak. This patch avoid this.
The AMD PC-Net II emulator has set of control and status(CSR)
registers. Of these, CSR76 and CSR78 hold receive and transmit
descriptor ring length respectively. This ring length could range
from 1 to 65535. Setting ring length to zero leads to an infinite
loop in pcnet_rdra_addr() or pcnet_transmit(). Add check to avoid it.
projects / qemu.git / log