Leon Alrae [Fri, 19 Jun 2015 13:17:45 +0000 (14:17 +0100)]
semihosting: create SemihostingConfig structure and semihost.h
Remove semihosting_enabled and semihosting_target and replace them with
SemihostingConfig structure containing equivalent fields. The structure
is defined in vl.c where it is actually set.
Also introduce separate header file include/exec/semihost.h allowing to
access semihosting config related stuff from target specific semihosting
code.
Add a string property that specifies the primary boot cpu. All CPUs
except the one selected will start-powered-off. This allows for elf
boots on any CPU, which prepares support for booting R5 elfs directly
on the R5 processors.
arm: xlnx-zynqmp: Preface CPU variables with "apu"
The CPUs currently supported by zynqmp are the APU (application
processing unit) CPUs. There are other CPUs in Zynqmp so unqualified
"cpus" in ambiguous. Preface the variables with "APU" accordingly, to
prepare support adding the RPU (realtime processing unit) processors.
Introduce a CPU model for the Cortex R5 processor. ARMv7 with MPU,
and both thumb and ARM div instructions.
Also implement dummy ATCM and BTCM. These CPs are defined for R5 but
don't have a lot of meaning in QEMU yet. Raz them so the guest can
proceed if they are read. The TCM registers will return a size of 0,
indicating no TCM.
Unified MPU only. Uses ARM architecture major revision to switch
between PMSAv5 and v7 when ARM_FEATURE_MPU is set. PMSA v6 remains
unsupported and is asserted against.
Define the arm CP registers for PMSAv7 and their accessor functions.
RGNR serves as a shared index that indexes into arrays storing the
DRBAR, DRSR and DRACR registers. DRBAR and friends have to be VMSDd
separately from the CP interface using a new PMSA specific VMSD
subsection.
Define the MPUIR register for MPU supporting ARMv6 and onwards.
Currently we only support unified MPU.
The size of the unified MPU is defined via the number of "dregions".
So just a single config is added to specify this size. (When split MPU
is implemented we will add an extra iregions config).
Sergey Fedorov [Fri, 19 Jun 2015 13:17:44 +0000 (14:17 +0100)]
target-arm: Do not reset sysregs marked as ALIAS
cp_reg_reset() is called from g_hash_table_foreach() which does not
define a specific ordering of the hash table iteration. Thus doing reset
for registers marked as ALIAS would give an ambiguous result when
resetvalue is different for original and alias registers. Exit
cp_reg_reset() early when passed an alias register. Then clean up alias
register definitions from needless resetvalue and resetfn.
In particular, this fixes a bug in the handling of the PMCR register,
which had different resetvalues for its 32 and 64-bit views.
This patch adds the Cortex-M4 CPU. The M4 is basically the same as
the M3, the main differences being the DSP instructions and an
optional FPU. Only no-FPU cortex-M4 is implemented here, cortex-M4F
is not because the core target-arm code doesn't support the M-profile
FPU model yet.
Peter Maydell [Fri, 19 Jun 2015 11:54:08 +0000 (12:54 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-cocoa-20150619-1' into staging
cocoa queue:
* Add Machine menu, with entries for pause, resume, reset, power down, and
media change and eject for removable drives
# gpg: Signature made Fri Jun 19 11:24:11 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <[email protected]>"
* remotes/pmaydell/tags/pull-cocoa-20150619-1:
ui/cocoa.m: Add machine menu items to change and eject removable drive media
ui/cocoa.m: Add Reset and Power Down menu items to Machine menu
ui/cocoa.m: Add Machine menu with pause and resume menu items
Peter Maydell [Fri, 19 Jun 2015 10:30:57 +0000 (11:30 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, pci fixes, enhancements
Most notably this includes virtio cross-endian patches.
Signed-off-by: Michael S. Tsirkin <[email protected]>
# gpg: Signature made Fri Jun 19 11:18:05 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <[email protected]>"
# gpg: aka "Michael S. Tsirkin <[email protected]>"
* remotes/mst/tags/for_upstream:
vhost: enable vhost without without MSI-X
pci: Don't register a specialized 'config_write' if default behavior is intended
hw/core: rebase sysbus_get_fw_dev_path() to g_strdup_printf()
vhost_net: re-enable when cross endian
vhost-net: tell tap backend about the vnet endianness
tap: fix non-linux build
tap: add VNET_LE/VNET_BE operations
vhost: set vring endianness for legacy virtio
virtio: introduce virtio_legacy_is_cross_endian()
linux-headers: sync vhost.h
vhost-user: part of virtio
John Arbuckle [Fri, 19 Jun 2015 09:53:27 +0000 (10:53 +0100)]
ui/cocoa.m: Add machine menu items to change and eject removable drive media
Adds all removable devices to the Machine menu as a Change and Eject menu
item pair. ide-cd0 would have a "Change ide-cd0..." and "Eject ide-cd0"
menu items.
Pankaj Gupta [Tue, 16 Jun 2015 08:18:59 +0000 (13:48 +0530)]
vhost: enable vhost without without MSI-X
We use vhostforce to enable vhost even if Guests don't have MSI-X
support and we fall back to QEMU virtio-net.
This gives a very small performance gain, but the disadvantage
is that guest now controls which virtio code is running
(qemu or vhost) so our attack surface is doubled.
This patch will enable vhost unconditionally whenever it's requested.
For compatibility, enable vhost when vhostforce is set, as well.
Shmulik Ladkani [Tue, 16 Jun 2015 08:24:39 +0000 (11:24 +0300)]
pci: Don't register a specialized 'config_write' if default behavior is intended
Few devices have their specialized 'config_write' methods which simply
call 'pci_default_write_config' followed by a 'msix_write_config' or
'msi_write_config' calls, using exact same arguments.
This is unnecessary as 'pci_default_write_config' already invokes
'msi_write_config' and 'msix_write_config'.
Also, since 'pci_default_write_config' is the default 'config_write'
handler, we can simply avoid the registration of these specialized
versions.
Laszlo Ersek [Wed, 17 Jun 2015 12:45:03 +0000 (14:45 +0200)]
hw/core: rebase sysbus_get_fw_dev_path() to g_strdup_printf()
This is done mainly for improving readability, and in preparation for the
next patch, but Markus pointed out another bonus for the string being
returned:
"No arbitrary length limit. Before the patch, it's 39 characters, and the
code breaks catastrophically when qdev_fw_name() is longer: the second
snprintf() is called with its first argument pointing beyond path[], and
its second argument underflowing to a huge size."
John Arbuckle [Fri, 19 Jun 2015 09:53:27 +0000 (10:53 +0100)]
ui/cocoa.m: Add Machine menu with pause and resume menu items
Add Machine menu to the Macintosh interface with pause
and resume menu items. These items can either pause or
resume execution of the guest operating system.
Eduardo Habkost [Thu, 18 Jun 2015 16:49:28 +0000 (13:49 -0300)]
q35: Re-enable FDC on pc-q35-2.3 and older
commit ea96bc629cbd52be98b2967a4b4f72e91dfc3ee4 doesn't match the patch
submitted by Laszlo to qemu-devel. We reuse pc_q35_2_4_machine_options()
inside pc_q35_2_3_machine_options(), so we need to undo the no_floppy
change in pc_q35_2_3_machine_options().
(This discrepancy was due to a bad merge.)
This restores the previous behavior where all the 2.3 and older machines
had no_floppy=0.
Peter Maydell [Thu, 18 Jun 2015 12:32:39 +0000 (13:32 +0100)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-06-18' into staging
QAPI patches
# gpg: Signature made Thu Jun 18 13:20:00 2015 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <[email protected]>"
# gpg: aka "Markus Armbruster <[email protected]>"
* remotes/armbru/tags/pull-qapi-2015-06-18:
qapi-types: Bury code dead since commit 6b5abc7
qapi-types: Split generate_fwd_builtin() off generate_fwd_struct()
qapi-types: Drop unused members parameters
qapi-types: Don't filter out expressions with 'gen'
qapi: Catch and reject flat union branch of array type
tests/qapi-schema: New flat union array branch test case
qapi: Better separate the different kinds of helpers
qapi: Move exprs checking from parse_schema() to check_exprs()
qapi: Fix to reject stray 't', 'f' and 'n'
qapi: Simplify inclusion cycle detection
qapi: Fix file name in error messages for included files
qapi: Improve a couple of confusing variable names
qapi: Eliminate superfluous QAPISchema attribute input_dir
qapi: Drop bogus command from docs
MAINTAINERS: Fix up QAPI and QAPI schema file patterns
qapi: Improve a couple of confusing variable names
old name new name
----------------------------
input_file fname
input_relname fname
input_fname abs_fname
include_path incl_abs_fname
parent_info incl_info
Greg Kurz [Wed, 17 Jun 2015 13:23:44 +0000 (15:23 +0200)]
tap: add VNET_LE/VNET_BE operations
The linux tap and macvtap backends can be told to parse vnet headers
according to little or big endian. This is done through the TUNSETVNETLE
and TUNSETVNETBE ioctls.
This patch brings all the plumbing for QEMU to use these APIs.
Greg Kurz [Wed, 17 Jun 2015 13:23:39 +0000 (15:23 +0200)]
vhost: set vring endianness for legacy virtio
Legacy virtio is native endian: if the guest and host endianness differ,
we have to tell vhost so it can swap bytes where appropriate. This is
done through a vhost ring ioctl.
Peter Maydell [Wed, 17 Jun 2015 11:43:26 +0000 (12:43 +0100)]
Merge remote-tracking branch 'remotes/agraf/tags/signed-s390-for-upstream' into staging
Patch queue for s390 - 2015-06-17
This is a special one. Two awesome features in one pull request:
- CCW support for TCG
- Watchpoint support for TCG
To celebrate this, we also switch the default machine model from s390-virtio
to s390-ccw and give users a fully working s390x model again!
# gpg: Signature made Wed Jun 17 11:42:26 2015 BST using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <[email protected]>"
# gpg: aka "Alexander Graf <[email protected]>"
* remotes/agraf/tags/signed-s390-for-upstream: (26 commits)
s390x: Switch to s390-ccw machine as default
target-s390x: PER: add Breaking-Event-Address register
target-s390x: PER instruction-fetch nullification event support
target-s390x: PER store-using-real-address event support
target-s390x: PER storage-alteration event support
translate-all: fix watchpoints if retranslation not possible
target-s390x: PER instruction-fetch event support
target-s390x: PER successful-branching event support
target-s390x: basic PER event handling
target-s390x: add get_per_in_range function
target-s390x: add get_per_atmid function
target-s390x: add PER related constants
target-s390x: mvc_fast_memmove: access memory through softmmu
target-s390x: mvc_fast_memset: access memory through softmmu
target-s390x: function to adjust the length wrt page boundary
softmmu: provide tlb_vaddr_to_host function for user mode
target-s390x: wire up I/O instructions in TCG mode
target-s390x: wire up DIAG REIPL in TCG mode
target-s390x: wire up DIAG IPL in TCG mode
target-s390x: fix s390_cpu_initial_reset
...
Alexander Graf [Tue, 16 Jun 2015 21:06:33 +0000 (23:06 +0200)]
s390x: Switch to s390-ccw machine as default
We now finally have TCG support for the basic set of instructions necessary
to run the s390-ccw machine. That means in any aspect possible that machine
type is now superior to the legacy s390-virtio machine.
Switch over to the ccw machine as default. That way people don't get a halfway
broken machine with the s390x target.
This patch adds support for PER Breaking-Event-Address register. Like
real hardware, it save the current PSW address when the PSW address is
changed by an instruction. We have to take care of optimizations QEMU
does, a branch to the next instruction is still a branch.
This register is copied to low core memory when a program exception
happens.
Aurelien Jarno [Fri, 12 Jun 2015 22:46:01 +0000 (00:46 +0200)]
target-s390x: PER store-using-real-address event support
This PER event happens each time the STURA or STURG instructions are
used. As they use helpers, we can just save the event in the PER code
there, if enabled.
Aurelien Jarno [Fri, 12 Jun 2015 22:46:00 +0000 (00:46 +0200)]
target-s390x: PER storage-alteration event support
For the PER storage-alteration event we can use the QEMU watchpoint
infrastructure. When PER is enabled or PER control register changed we
enable the corresponding watchpoints. When a watchpoint arises we can
save the event. Unfortunately the current code does not provide the
address space used to trigger the watchpoint. For now we assume it comes
from the default ASC.
Aurelien Jarno [Fri, 12 Jun 2015 22:45:59 +0000 (00:45 +0200)]
translate-all: fix watchpoints if retranslation not possible
The tb_check_watchpoint function currently assumes that all memory
access is done either directly through the TCG code or through an
helper which knows its return address. This is obviously wrong as the
helpers use cpu_ldxx/stxx_data functions to access the memory.
Instead of aborting in that case, don't try to retranslate the code, but
assume that the CPU state (and especially the program counter) has been
saved before calling the helper. Then invalidate the TB based on this
address.
Aurelien Jarno [Fri, 12 Jun 2015 22:45:58 +0000 (00:45 +0200)]
target-s390x: PER instruction-fetch event support
For the PER instruction-fetch, we can't use the QEMU breakpoint
infrastructure as it triggers for a single address and not a full
address range, and as it actually stop before the instruction and
not before.
We therefore call an helper with the just fetched instruction address,
which check if the address is within the PER address range. If it is
the case, an event is recorded and will be signaled through an
exception.
Note that we implement here the PER-3 behaviour, that is an invalid
opcode is not considered as an instruction fetch. Without PER-3 this
behavious is undefined.
Aurelien Jarno [Fri, 12 Jun 2015 22:45:57 +0000 (00:45 +0200)]
target-s390x: PER successful-branching event support
For the PER successful-branching event support, we can't rely on any
QEMU infrastucture. We therefore call an helper in all places where
a branch can be taken. We have to pay attention to the branch to next
case, as it's still a taken branch.
We don't need to care about the cases using goto_tb, as we have disabled
them in the previous patch.
Aurelien Jarno [Fri, 12 Jun 2015 22:45:56 +0000 (00:45 +0200)]
target-s390x: basic PER event handling
This patch add basic support to generate PER exceptions. It adds two
fields to the cpu structure to record for the PER address and PER
code & ATMID values. When an exception is triggered and a PER event is
pending, the two PER values are copied to the lowcore area.
At the end of an instruction, an helper is checking for a possible
pending PER event and triggers an exception in that case. For that to
work with branches, we need to disable TB chaining when PER is
activated. Fortunately it's already in the TB flags.
Finally in case of a SERVICE CALL exception, we need to trigger the PER
exception immediately after.
Aurelien Jarno [Fri, 12 Jun 2015 22:45:52 +0000 (00:45 +0200)]
target-s390x: mvc_fast_memmove: access memory through softmmu
mvc_fast_memmove is bypassing the softmmu functions, getting the
physical source and destination addresses using the mmu_translate
function and accessing the corresponding physical memory. This
prevents watchpoints to work correctly.
Instead use the tlb_vaddr_to_host function to get the host addresses
corresponding to the guest source and destination addresses through the
softmmu code and fallback to the byte level code in case the
corresponding address are not in the QEMU TLB or being examined through
a watchpoint. As a bonus it works even for area crossing pages by
splitting the are into chunks contained in a single page, bringing some
performances improvements. We can therefore remove the 8-byte
loads/stores method, as it is now quite unlikely to be used.
At the same time change the name of the function to fast_memmove as it's
not specific to mvc and use the same argument order as the C memmove
function.
Aurelien Jarno [Fri, 12 Jun 2015 22:45:51 +0000 (00:45 +0200)]
target-s390x: mvc_fast_memset: access memory through softmmu
mvc_fast_memset is bypassing the softmmu functions, getting the
physical address using the mmu_translate function and accessing the
corresponding physical memory. This prevents watchpoints to work
correctly.
Instead use the tlb_vaddr_to_host function to get the host address
corresponding to the guest address through the softmmu code and fallback
to the byte level code in case the corresponding address is not in the
QEMU TLB or being examined through a watchpoint. As a bonus it works
even for area crossing pages by splitting the are into chunks contained
in a single page, bringing some performances improvements.
At the same time change the name of the function to fast_memset as it's
not specific to mvc and use the same argument order as the C memset
function.
Aurelien Jarno [Fri, 12 Jun 2015 22:45:49 +0000 (00:45 +0200)]
softmmu: provide tlb_vaddr_to_host function for user mode
To avoid to many #ifdef in target code, provide a tlb_vaddr_to_host for
both user and softmmu modes. In the first case the function always
succeed and just call the g2h function.
Aurelien Jarno [Mon, 15 Jun 2015 15:57:07 +0000 (17:57 +0200)]
target-s390x: wire up DIAG IPL in TCG mode
DIAG IPL is already implemented for KVM, but not wired from TCG. For
that change the format of the instruction so that we can get R1 and R3
numbers in addition to the function code.
The diag function can change plenty of things, including CC, so we
should enter with a static CC. Also it doesn't set the value of general
register 2 to 0 as in the current code. We also need to exit the CPU
loop after a reset, which means a new PSW.
Aurelien Jarno [Mon, 15 Jun 2015 15:57:06 +0000 (17:57 +0200)]
target-s390x: fix s390_cpu_initial_reset
The s390_cpu_initial_reset function zeroes a big part of the CPU state
structure, including CPU_COMMON, and thus the QEMU TLB structure. As
they should not be initialized with zeroes only, we need to call the
tlb_flush to initialize it correctly.
env->ext_index should be initialized to -1 to mark the external
interrupt queue as emtpy. This should not be done in s390_cpu_initfn
as all the interrupt fields are later reset to 0 by the memset in
s390_cpu_initial_reset or s390_cpu_full_reset. Move the initialization
there.
Aurelien Jarno [Mon, 15 Jun 2015 15:57:03 +0000 (17:57 +0200)]
target-s390x: fix setcc in TCG mode
In TCG mode we should store the CC value in env->cc_op. However do it
inconditionnaly because:
- the tcg_enabled function is not inlined
- it's probably faster to always store the value, especially given it
is likely in the same cache line than env->psw.mask.
Aurelien Jarno [Mon, 15 Jun 2015 15:57:00 +0000 (17:57 +0200)]
s390/ioinst: fix IO_INT_WORD_ISC macro
The I/O-Interruption Subclass field corresponds to bits 2 to 5 (BE
notation) of the Interruption-Identification Word. The value should
be shift by 27 instead of 24.
Peter Maydell [Wed, 17 Jun 2015 09:13:40 +0000 (10:13 +0100)]
Merge remote-tracking branch 'remotes/kvaneesh/tags/for-upstream-signed' into staging
VirtFS update:
* Fix for virtfs-proxy-helper crash
* Gracefully handle the error condition on input validation in virtfs-proxy-helper
# gpg: Signature made Tue Jun 16 16:21:28 2015 BST using RSA key ID 04C4E23A
# gpg: Good signature from "Aneesh Kumar K.V <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4846 9DE7 1860 360F A6E9 968C DE41 A4FE 04C4 E23A
* remotes/kvaneesh/tags/for-upstream-signed:
virtfs-proxy-helper: fail gracefully if socket path is too long
virtfs-proxy-helper: add missing long option terminator
Kevin O'Connor (5):
vgabios: Add config option for assembler fixups
vgabios: Emulate "leal" instruction
build: Support "make VERSION=xyz" to override the default build version
build: CONFIG_VGA_FIXUP_ASM should depend on CONFIG_BUILD_VGABIOS
vgabios: On bda_save_restore() the saved vbe_mode also has flags in it
Paolo Bonzini (1):
smm: ignore bits 16,18-31 of SMM revision ID
Stefan Hajnoczi [Mon, 30 Mar 2015 13:57:16 +0000 (14:57 +0100)]
virtfs-proxy-helper: fail gracefully if socket path is too long
Replace the assertion check with graceful failure when the socket path
is too long. Programs should not crash on invalid input. Print an
error message and exit properly.
Peter Maydell [Tue, 16 Jun 2015 08:07:22 +0000 (09:07 +0100)]
Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20150616' into staging
linux-user patches for 2.4 softfreeze
second spin with ioctl patch refreshed
# gpg: Signature made Tue Jun 16 08:03:14 2015 BST using RSA key ID DE3C9BC0
# gpg: Good signature from "Riku Voipio <[email protected]>"
# gpg: aka "Riku Voipio <[email protected]>"
* remotes/riku/tags/pull-linux-user-20150616:
linux-user: ioctl() command type is int
linux-user: fix the breakpoint inheritance in spawned threads
linux-user: use __get_user and __put_user in cmsg conversions
linux-user: Fix length handling in host_to_target_cmsg
linux-user: Use abi_ulong for TARGET_ELF_PAGESTART
linux-user: Allocate thunk size dynamically
Thierry Bultel [Fri, 12 Jun 2015 09:24:10 +0000 (11:24 +0200)]
linux-user: fix the breakpoint inheritance in spawned threads
When a thread is spawned, cpu_copy re-initializes
the bp & wp lists of current thread, instead of the ones
of the new thread.
The effect is that breakpoints are no longer hit.
Peter Maydell [Tue, 26 May 2015 18:46:32 +0000 (19:46 +0100)]
linux-user: use __get_user and __put_user in cmsg conversions
The target payloads in cmsg conversions may not have the alignment
required by the host. Using the get_user and put_user functions is
the easiest way to handle this and also do the byte-swapping we
require.
(Note that prior to this commit target_to_host_cmsg was incorrectly
using __put_user() rather than __get_user() for the SCM_CREDENTIALS
conversion, which meant it wasn't getting the benefit of the
misalignment handling.)
Peter Maydell [Tue, 26 May 2015 18:46:31 +0000 (19:46 +0100)]
linux-user: Fix length handling in host_to_target_cmsg
The previous code for handling payload length when converting
cmsg structures from host to target had a number of problems:
* we required the msg->msg_controllen to declare the buffer
to have enough space for final trailing padding (we were
checking against CMSG_SPACE), whereas the kernel does not
require this, and common userspace code assumes this. (In
particular, glibc's "try to talk to nscd" code that it will
run on startup will receive a cmsg with a 4 byte payload and
only allocate 4 bytes for it, which was causing us to do
the wrong thing on architectures that need 8-alignment.)
* we weren't correctly handling the fact that the SO_TIMESTAMP
payload may be larger for the target than the host
* we weren't marking the messages with MSG_CTRUNC when we did
need to truncate a message that wasn't truncated by the host,
but were instead logging a QEMU message; since truncation is
always the result of a guest giving us an insufficiently
sized buffer, we should report it to the guest as the kernel
does and don't log anything
Rewrite the parts of the function that deal with length to
fix these issues, and add a comment in target_to_host_cmsg
to explain why the overflow logging it does is a QEMU bug,
not a guest issue.
Peter Maydell [Mon, 15 Jun 2015 17:43:09 +0000 (18:43 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150615' into staging
target-arm queue:
* Handle "extended small page" descriptors correctly
* Use extended address bits from supersection short descriptors
* Update interrupt status for all cores in gic_update
* Fix off-by-one in exynos4210_fimd bit-swap code
* Remove stray unused 'pending_exception' field
* Add Cortex-A53 KVM support
* Fix reset value of REVIDR
* Add AArch32 MIDR aliases for ARMv8 cores
* MAINTAINERS update for ARM ACPI code
* Trust the kernel's value of MPIDR if we're using KVM
* Various pxa2xx device updates to avoid old APIs
* Mark pxa2xx copro registers as ARM_CP_IO so -icount works
* Correctly UNDEF Thumb2 DSP insns on Cortex-M3
* Initial work towards implementing PMSAv7
* Fix a reset order bug introduced recently
* Correct "preferred return address" for cpreg access exceptions
* Add ACPI SPCR table for the virt board
# gpg: Signature made Mon Jun 15 18:19:34 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <[email protected]>"
* remotes/pmaydell/tags/pull-target-arm-20150615: (28 commits)
hw/arm/virt-acpi-build: Add SPCR table
ACPI: Add definitions for the SPCR table
target-arm: Correct "preferred return address" for cpreg access exceptions
hw/arm/boot: fix rom_reset notifier registration order
arm: helper: rename get_phys_addr_mpu
arm: Add has-mpu property
arm: Implement uniprocessor with MP config
arm: Refactor get_phys_addr FSR return mechanism
arm: helper: Factor out CP regs common to [pv]msa
arm: Don't add v7mp registers in MPU systems
arm: Do not define TLBTR in PMSA systems
target-arm: Add the THUMB_DSP feature
hw/sd/pxa2xx_mmci: Stop using old_mmio in MemoryRegionOps
hw/arm/pxa2xx: Convert pxa2xx-ssp to VMState
hw/arm/pxa2xx: Add reset method for pxa2xx_ssp
hw/arm/pxa2xx: Convert pxa2xx-fir to QOM and VMState
hw/arm/pxa2xx: Mark coprocessor registers as ARM_CP_IO
target-arm: Use the kernel's idea of MPIDR if we're using KVM
MAINTAINERS: Add myself as ARM ACPI Subsystem maintainer
target-arm: add AArch32 MIDR aliases in ARMv8
...
Andrew Jones [Mon, 15 Jun 2015 17:06:11 +0000 (18:06 +0100)]
ACPI: Add definitions for the SPCR table
SPCR is the Serial Port Console Redirection Table. See the document
linked from http://uefi.org/acpi. For serial port types, "Interface
Type", see the documentation for the Debug Port Table 2 (DBG2).
Peter Maydell [Mon, 15 Jun 2015 17:06:11 +0000 (18:06 +0100)]
target-arm: Correct "preferred return address" for cpreg access exceptions
The architecture defines that when taking an exception trying to
access a coprocessor register, the "preferred return address" for
the exception is the address of the instruction that caused the
exception. Correct an off-by-4 error which meant we were returning
the address after the instruction for traps which happened because
of a failure of a runtime access-check function on an AArch32
register. (Traps caused by translate-time checkable permissions
failures had the correct address, as did traps on AArch64 registers.)
This fixes https://bugs.launchpad.net/qemu/+bug/1463338
Eric Auger [Mon, 15 Jun 2015 17:06:11 +0000 (18:06 +0100)]
hw/arm/boot: fix rom_reset notifier registration order
commit ac9d32e39664e060cd1b538ff190980d57ad69e4 had the consequence to
register the do_cpu_reset after the rom_reset one. Hence they get
executed in the wrong order. This commit restores the registration of
do_cpu_reset in arm_load_kernel.
For processors that support MPUs, add a property to de-feature it. This
is similar to the implementation of the EL3 feature.
The processor definition in init sets ARM_FEATURE_MPU if it can support
an MPU. post_init exposes the property, defaulting to true. If cleared
by the instantiator, ARM_FEATURE_MPU is then removed at realize time.
This is to support R profile processors that may or may-not have an MPU
configured.
Currently, the return code for get_phys_addr is overloaded for both
success/fail and FSR value return. This doesn't handle the case where
there is an error with a 0 FSR. This case exists in PMSAv7.
So rework get_phys_addr and friends to return a success/failure boolean
return code and populate the FSR via a caller provided uint32_t
pointer.
V6+ PMSA and VMSA share some common registers that are currently
in the VMSA definition block. Split them out into a new def that can
be shared to PMSA.
If doing a PMSA (MPU) system do not define the VMSA specific TLBTR CP.
The def is done separately from VMSA registers group as it is affected
by both the OMAP/STRONGARM RW errata and the MIDR backgrounding.
Create an ARM_FEATURE_THUMB_DSP controlling the Thumb encodings of
the 85 DSP instructions (these are all Thumb2). This is enabled for
all non-M-profile CPUs with Thumb2 support, as the instructions are
mandatory for R and A profiles. On M profile they are optional and
not present in the Cortex-M3 (though they are in the M4).
The effect of this commit is that we will now treat the DSP
encodings as illegal instructions on M3, when previously we
incorrectly implemented them.
Signed-off-by: Aurelio C. Remonda <[email protected]>
Message-id: 1434311355[email protected]
[PMM: added clz/crc32/crc32c and default case to the early-decode switch;
minor format/spacing fixups; reworded commit message a bit] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]>
Peter Maydell [Mon, 15 Jun 2015 17:06:09 +0000 (18:06 +0100)]
hw/sd/pxa2xx_mmci: Stop using old_mmio in MemoryRegionOps
Update the pxa2xx_mmci device to stop using the old_mmio read
and write callbacks in its MemoryRegionOps. This actually
simplifies the code because the separate byte/halfword/word
access functions were all calling into a single function to
do the work anyway.
projects / qemu.git / log