Peter Maydell [Thu, 31 May 2018 16:00:55 +0000 (17:00 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180531-1' into staging
target-arm queue:
* target/arm: Honour FPCR.FZ in FRECPX
* MAINTAINERS: Add entries for newer MPS2 boards and devices
* hw/intc/arm_gicv3: Fix APxR<n> register dispatching
* arm_gicv3_kvm: fix bug in writing zero bits back to the in-kernel
GIC state
* tcg: Fix helper function vs host abi for float16
* arm: fix qemu crash on startup with -bios option
* arm: fix malloc type mismatch
* xlnx-zdma: Correct mem leaks and memset to zero on desc unaligned errors
* Correct CPACR reset value for v7 cores
* memory.h: Improve IOMMU related documentation
* exec: Plumb transaction attributes through various functions in
preparation for allowing IOMMUs to see them
* vmstate.h: Provide VMSTATE_BOOL_SUB_ARRAY
* ARM: ACPI: Fix use-after-free due to memory realloc
* KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice
* remotes/pmaydell/tags/pull-target-arm-20180531-1: (25 commits)
KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice
ARM: ACPI: Fix use-after-free due to memory realloc
vmstate.h: Provide VMSTATE_BOOL_SUB_ARRAY
Make address_space_translate_iommu take a MemTxAttrs argument
Make flatview_do_translate() take a MemTxAttrs argument
Make address_space_get_iotlb_entry() take a MemTxAttrs argument
Make flatview_translate() take a MemTxAttrs argument
Make flatview_access_valid() take a MemTxAttrs argument
Make MemoryRegion valid.accepts callback take a MemTxAttrs argument
Make memory_region_access_valid() take a MemTxAttrs argument
Make flatview_extend_translation() take a MemTxAttrs argument
Make address_space_access_valid() take a MemTxAttrs argument
Make address_space_map() take a MemTxAttrs argument
Make address_space_translate{, _cached}() take a MemTxAttrs argument
Make tb_invalidate_phys_addr() take a MemTxAttrs argument
memory.h: Improve IOMMU related documentation
Correct CPACR reset value for v7 cores
xlnx-zdma: Correct mem leaks and memset to zero on desc unaligned errors
arm: fix malloc type mismatch
arm: fix qemu crash on startup with -bios option
...
Shannon Zhao [Thu, 31 May 2018 07:16:34 +0000 (15:16 +0800)]
KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice
kvm_irqchip_create called by kvm_init will call kvm_init_irq_routing to
initialize global capability variables. If we call kvm_init_irq_routing in
GIC realize function, previous allocated memory will leak.
Shannon Zhao [Thu, 31 May 2018 13:50:53 +0000 (14:50 +0100)]
ARM: ACPI: Fix use-after-free due to memory realloc
acpi_data_push uses g_array_set_size to resize the memory size. If there
is no enough contiguous memory, the address will be changed. So previous
pointer could not be used any more. It must update the pointer and use
the new one.
Also, previous codes wrongly use le32 conversion of iort->node_offset
for subsequent computations that will result incorrect value if host is
not litlle endian. So use the non-converted one instead.
Peter Maydell [Thu, 31 May 2018 13:50:52 +0000 (14:50 +0100)]
Make flatview_translate() take a MemTxAttrs argument
As part of plumbing MemTxAttrs down to the IOMMU translate method,
add MemTxAttrs as an argument to flatview_translate(); all its
callers now have attrs available.
Peter Maydell [Thu, 31 May 2018 13:50:52 +0000 (14:50 +0100)]
Make flatview_access_valid() take a MemTxAttrs argument
As part of plumbing MemTxAttrs down to the IOMMU translate method,
add MemTxAttrs as an argument to flatview_access_valid().
Its callers now all have an attrs value to hand, so we can
correct our earlier temporary use of MEMTXATTRS_UNSPECIFIED.
Peter Maydell [Thu, 31 May 2018 13:50:52 +0000 (14:50 +0100)]
Make MemoryRegion valid.accepts callback take a MemTxAttrs argument
As part of plumbing MemTxAttrs down to the IOMMU translate method,
add MemTxAttrs as an argument to the MemoryRegion valid.accepts
callback. We'll need this for subpage_accepts().
We could take the approach we used with the read and write
callbacks and add new a new _with_attrs version, but since there
are so few implementations of the accepts hook we just change
them all.
Peter Maydell [Thu, 31 May 2018 13:50:52 +0000 (14:50 +0100)]
Make memory_region_access_valid() take a MemTxAttrs argument
As part of plumbing MemTxAttrs down to the IOMMU translate method,
add MemTxAttrs as an argument to memory_region_access_valid().
Its callers either have an attrs value to hand, or don't care
and can use MEMTXATTRS_UNSPECIFIED.
The callsite in flatview_access_valid() is part of a recursive
loop flatview_access_valid() -> memory_region_access_valid() ->
subpage_accepts() -> flatview_access_valid(); we make it pass
MEMTXATTRS_UNSPECIFIED for now, until the next several commits
have plumbed an attrs parameter through the rest of the loop
and we can add an attrs parameter to flatview_access_valid().
Peter Maydell [Thu, 31 May 2018 13:50:52 +0000 (14:50 +0100)]
Make flatview_extend_translation() take a MemTxAttrs argument
As part of plumbing MemTxAttrs down to the IOMMU translate method,
add MemTxAttrs as an argument to flatview_extend_translation().
Its callers either have an attrs value to hand, or don't care
and can use MEMTXATTRS_UNSPECIFIED.
Peter Maydell [Thu, 31 May 2018 13:50:52 +0000 (14:50 +0100)]
Make address_space_access_valid() take a MemTxAttrs argument
As part of plumbing MemTxAttrs down to the IOMMU translate method,
add MemTxAttrs as an argument to address_space_access_valid().
Its callers either have an attrs value to hand, or don't care
and can use MEMTXATTRS_UNSPECIFIED.
Peter Maydell [Thu, 31 May 2018 13:50:52 +0000 (14:50 +0100)]
Make address_space_map() take a MemTxAttrs argument
As part of plumbing MemTxAttrs down to the IOMMU translate method,
add MemTxAttrs as an argument to address_space_map().
Its callers either have an attrs value to hand, or don't care
and can use MEMTXATTRS_UNSPECIFIED.
Peter Maydell [Thu, 31 May 2018 13:50:52 +0000 (14:50 +0100)]
Make address_space_translate{, _cached}() take a MemTxAttrs argument
As part of plumbing MemTxAttrs down to the IOMMU translate method,
add MemTxAttrs as an argument to address_space_translate()
and address_space_translate_cached(). Callers either have an
attrs value to hand, or don't care and can use MEMTXATTRS_UNSPECIFIED.
Peter Maydell [Thu, 31 May 2018 13:50:52 +0000 (14:50 +0100)]
Make tb_invalidate_phys_addr() take a MemTxAttrs argument
As part of plumbing MemTxAttrs down to the IOMMU translate method,
add MemTxAttrs as an argument to tb_invalidate_phys_addr().
Its callers either have an attrs value to hand, or don't care
and can use MEMTXATTRS_UNSPECIFIED.
Peter Maydell [Thu, 31 May 2018 13:50:52 +0000 (14:50 +0100)]
Correct CPACR reset value for v7 cores
In commit f0aff255700 we made cpacr_write() enforce that some CPACR
bits are RAZ/WI and some are RAO/WI for ARMv7 cores. Unfortunately
we forgot to also update the register's reset value. The effect
was that (a) a guest that read CPACR on reset would not see ones in
the RAO bits, and (b) if you did a migration before the guest did
a write to the CPACR then the migration would fail because the
destination would enforce the RAO bits and then complain that they
didn't match the zero value from the source.
Implement reset for the CPACR using a custom reset function
that just calls cpacr_write(), to avoid having to duplicate
the logic for which bits are RAO.
This bug would affect migration for TCG CPUs which are ARMv7
with VFP but without one of Neon or VFPv3.
xlnx-zdma: Correct mem leaks and memset to zero on desc unaligned errors
Coverity found that the string return by 'object_get_canonical_path' was not
being freed at two locations in the model (CID 1391294 and CID 1391293) and
also that a memset was being called with a value greater than the max of a byte
on the second argument (CID 1391286). This patch corrects this by adding the
freeing of the strings and also changing to memset to zero instead on
descriptor unaligned errors.
Igor Mammedov [Thu, 31 May 2018 13:50:51 +0000 (14:50 +0100)]
arm: fix qemu crash on startup with -bios option
When QEMU is started with following CLI
-machine virt,gic-version=3,accel=kvm -cpu host -bios AAVMF_CODE.fd
it crashes with abort at
accel/kvm/kvm-all.c:2164:
KVM_SET_DEVICE_ATTR failed: Group 6 attr 0x000000000000c665: Invalid argument
Which is caused by implicit dependency of kvm_arm_gicv3_reset() on
arm_gicv3_icc_reset() where the later is called by CPU reset
reset callback.
However commit: 3b77f6c arm/boot: split load_dtb() from arm_load_kernel()
broke CPU reset callback registration in case
arm_load_kernel()
...
if (!info->kernel_filename || info->firmware_loaded)
branch is taken, i.e. it's sufficient to provide a firmware
or do not provide kernel on CLI to skip cpu reset callback
registration, where before offending commit the callback
has been registered unconditionally.
Fix it by registering the callback right at the beginning of
arm_load_kernel() unconditionally instead of doing it at the end.
NOTE:
we probably should eliminate that dependency anyways as well as
separate arch CPU reset parts from arm_load_kernel() into CPU
itself, but that refactoring that I probably would have to do
anyways later for CPU hotplug to work.
Depending on the host abi, float16, aka uint16_t, values are
passed and returned either zero-extended in the host register
or with garbage at the top of the host register.
The tcg code generator has so far been assuming garbage, as that
matches the x86 abi, but this is incorrect for other host abis.
Further, target/arm has so far been assuming zero-extended results,
so that it may store the 16-bit value into a 32-bit slot with the
high 16-bits already clear.
Rectify both problems by mapping "f16" in the helper definition
to uint32_t instead of (a typedef for) uint16_t. This forces
the host compiler to assume garbage in the upper 16 bits on input
and to zero-extend the result on output.
There was a nasty flip in identifying which register group an access is
targeting. The issue caused spuriously raised priorities of the guest
when handing CPUs over in the Jailhouse hypervisor.
Peter Maydell [Thu, 31 May 2018 13:50:51 +0000 (14:50 +0100)]
target/arm: Honour FPCR.FZ in FRECPX
The FRECPX instructions should (like most other floating point operations)
honour the FPCR.FZ bit which specifies whether input denormals should
be flushed to zero (or FZ16 for the half-precision version).
We forgot to implement this, which doesn't affect the results (since
the calculation doesn't actually care about the mantissa bits) but did
mean we were failing to set the FPSR.IDC bit.
Peter Maydell [Thu, 31 May 2018 10:12:36 +0000 (11:12 +0100)]
Merge remote-tracking branch 'remotes/ehabkost/tags/numa-next-pull-request' into staging
NUMA queue, 2018-05-30
* New command-line option: --preconfig
This option allows pausing QEMU and allow the configuration
using QMP commands before running board initialization code.
* New QMP set-numa-node, now made possible because of --preconfig
* Small update on -numa error messages
# gpg: Signature made Thu 31 May 2018 00:02:59 BST
# gpg: using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <[email protected]>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/numa-next-pull-request:
tests: functional tests for QMP command set-numa-node
qmp: add set-numa-node command
qmp: permit query-hotpluggable-cpus in preconfig state
tests: extend qmp test with preconfig checks
cli: add --preconfig option
tests: qapi-schema tests for allow-preconfig
qapi: introduce new cmd option "allow-preconfig"
hmp: disable monitor in preconfig state
qapi: introduce preconfig runstate
numa: split out NumaOptions parsing into set_numa_options()
numa: postpone options post-processing till machine_run_board_init()
numa: clarify error message when node index is out of range in -numa dist, ...
Igor Mammedov [Thu, 17 May 2018 11:30:07 +0000 (13:30 +0200)]
tests: functional tests for QMP command set-numa-node
* start QEMU with 2 unmapped cpus,
* while in preconfig state
* add 2 numa nodes
* assign cpus to them
* exit preconfig and in running state check that cpus
are mapped correctly.
Igor Mammedov [Fri, 4 May 2018 08:37:48 +0000 (10:37 +0200)]
qmp: add set-numa-node command
Command is allowed to run only in preconfig stage and
will allow to configure numa mapping for CPUs depending
on possible CPUs layout (query-hotpluggable-cpus) for
given machine instance.
Example of configuration session:
$QEMU -smp 2 --preconfig ...
Igor Mammedov [Fri, 4 May 2018 08:37:47 +0000 (10:37 +0200)]
qmp: permit query-hotpluggable-cpus in preconfig state
it will allow mgmt to query possible CPUs, which depends on
used machine(version)/-smp options, without restarting
QEMU and use results to configure numa mapping or adding
CPUs with device_add* later.
PS:
*) device_add is not allowed to run at preconfig in this series
but later it could be dealt with by injecting -device
in preconfig state and letting existing -device handling
to actually plug devices
Igor Mammedov [Fri, 11 May 2018 17:24:43 +0000 (19:24 +0200)]
cli: add --preconfig option
This option allows pausing QEMU in the new RUN_STATE_PRECONFIG state,
allowing the configuration of QEMU from QMP before the machine jumps
into board initialization code of machine_run_board_init()
The intent is to allow management to query machine state and additionally
configure it using previous query results within one QEMU instance
(i.e. eliminate the need to start QEMU twice, 1st to query board specific
parameters and 2nd for actual VM start using query results for
additional parameters).
The new option complements -S option and could be used with or without
it. The difference is that -S pauses QEMU when the machine is completely
initialized with all devices wired up and ready to execute guest code
(QEMU needs only to unpause VCPUs to let guest execute its code),
while the "preconfig" option pauses QEMU early before board specific init
callback (machine_run_board_init) is executed and allows the configuration
of machine parameters which will be used by board init code.
When early introspection/configuration is done, command 'exit-preconfig'
should be used to exit RUN_STATE_PRECONFIG and transition to the next
requested state (i.e. if -S is used then QEMU will pause the second
time when board/device initialization is completed or start guest
execution if -S isn't provided on CLI)
PS:
Initially 'preconfig' is planned to be used for configuring numa
topology depending on board specified possible cpus layout.
Igor Mammedov [Fri, 11 May 2018 16:51:43 +0000 (18:51 +0200)]
qapi: introduce new cmd option "allow-preconfig"
New option will be used to allow commands, which are prepared/need
to run, during preconfig state. Other commands that should be able
to run in preconfig state, should be amended to not expect machine
in initialized state or deal with it.
For compatibility reasons, commands that don't use new flag
'allow-preconfig' explicitly are not permitted to run in
preconfig state but allowed in all other states like they used
to be.
Within this patch allow following commands in preconfig state:
qmp_capabilities
query-qmp-schema
query-commands
query-command-line-options
query-status
exit-preconfig
to allow qmp connection, basic introspection and moving to the next
state.
PS:
set-numa-node and query-hotpluggable-cpus will be enabled later in
a separate patches.
Igor Mammedov [Fri, 4 May 2018 08:37:41 +0000 (10:37 +0200)]
qapi: introduce preconfig runstate
New preconfig runstate will be used in follow up patches
related to introducing --preconfig CLI option and is
intended to replace prelaunch runstate from QEMU start
up to machine_init callback.
Igor Mammedov [Fri, 4 May 2018 08:37:39 +0000 (10:37 +0200)]
numa: postpone options post-processing till machine_run_board_init()
in preparation for numa options to being handled via QMP before
machine_run_board_init(), move final numa configuration checks
and processing to machine_run_board_init() so it could take into
account both CLI (via parse_numa_opts()) and QMP input
Igor Mammedov [Wed, 16 May 2018 15:06:14 +0000 (17:06 +0200)]
numa: clarify error message when node index is out of range in -numa dist, ...
When using following CLI:
-numa dist,src=128,dst=1,val=20
user gets a rather confusing error message:
"Invalid node 128, max possible could be 128"
Where 128 is number of nodes that QEMU supports (MAX_NODES),
while src/dst is an index up to that limit, so it should be
MAX_NODES - 1 in error message.
Make error message to explicitly state valid range for node
index to be more clear.
Kevin Wolf [Wed, 23 May 2018 16:19:00 +0000 (18:19 +0200)]
qemu-iotests: Rewrite 207 for blockdev-create job
This rewrites the test case 207 to work with the new x-blockdev-create
job rather than the old synchronous version of the command.
Most of the test cases stay the same as before (the exception being some
improved 'size' options that allow distinguishing which command created
the image), but in order to be able to implement proper job handling,
the test case is rewritten in Python.
Kevin Wolf [Tue, 29 May 2018 18:52:57 +0000 (20:52 +0200)]
qemu-iotests: Add VM.run_job()
Add an iotests.py function that runs a job and only returns when it is
destroyed. An error is logged when the job failed and job-finalize and
job-dismiss commands are issued if necessary.
Kevin Wolf [Thu, 24 May 2018 11:12:56 +0000 (13:12 +0200)]
qemu-iotests: Add iotests.img_info_log()
This adds a filter function to postprocess 'qemu-img info' input
(similar to what _img_info does), and an img_info_log() function that
calls 'qemu-img info' and logs the filtered output.
Kevin Wolf [Thu, 18 Jan 2018 13:33:04 +0000 (14:33 +0100)]
block/create: Make x-blockdev-create a job
This changes the x-blockdev-create QMP command so that it doesn't block
the monitor and the main loop any more, but starts a background job that
performs the image creation.
The basic job as implemented here is all that is necessary to make image
creation asynchronous and to provide a QMP interface that can be marked
stable, but it still lacks a few features that jobs usually provide: The
job will ignore pause commands and it doesn't publish more than very
basic progress yet (total-progress is 1 and current-progress advances
from 0 to 1 when the driver callbacks returns). These features can be
added later without breaking compatibility.
Kevin Wolf [Thu, 24 May 2018 13:26:10 +0000 (15:26 +0200)]
job: Add error message for failing jobs
So far we relied on job->ret and strerror() to produce an error message
for failed jobs. Not surprisingly, this tends to result in completely
useless messages.
This adds a Job.error field that can contain an error string for a
failing job, and a parameter to job_completed() that sets the field. As
a default, if NULL is passed, we continue to use strerror(job->ret).
All existing callers are changed to pass NULL. They can be improved in
separate patches.
OSX 10.13 deprecates the NSFileHandlingPanelOKButton constant, and
would rather you use NSModalResponseOK, which was introduced in OS 10.9.
Use the recommended new constant name, with a backward compatibility
define if we're building on an older OSX.
Alberto Garcia [Mon, 28 May 2018 15:01:28 +0000 (17:01 +0200)]
qcow2: Fix Coverity warning when calculating the refcount cache size
MIN_REFCOUNT_CACHE_SIZE is 4 and the cluster size is guaranteed to be
at most 2MB, so the minimum refcount cache size (in bytes) is always
going to fit in a 32-bit integer.
Coverity doesn't know that, and since we're storing the result in a
uint64_t (*refcount_cache_size) it thinks that we need the 64 bits and
that we probably want to do a 64-bit multiplication to prevent the
result from being truncated.
This is a false positive in this case, but it's a fair warning.
We could do a 64-bit multiplication to get rid of it, but since we
know that a 32-bit variable is enough to store this value let's simply
reuse min_refcount_cache, make it a normal int and stop doing casts.
Peter Maydell [Tue, 29 May 2018 08:57:09 +0000 (09:57 +0100)]
Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2018-05-23-4' into staging
Merge tpm 2018/05/23 v4
# gpg: Signature made Sat 26 May 2018 03:52:12 BST
# gpg: using RSA key 75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* remotes/stefanberger/tags/pull-tpm-2018-05-23-4:
test: Add test cases that use the external swtpm with CRB interface
docs: tpm: add VM save/restore example and troubleshooting guide
tpm: extend TPM TIS with state migration support
tpm: extend TPM emulator with state migration support
target-microblaze: mmu: Remove unused register state
Add explicit handling for MMU_R_TLBX and log accesses to
invalid MMU registers. We can now remove the state for
all regs but PID, ZPR and TLBX (0 - 2).
Break out trap_userspace() to avoid open coding it everywhere.
For privileged insns, we now always stop translation of the
current insn for cores without exceptions.
target-microblaze: Conditionalize setting of PVR11_USE_MMU
Conditionalize setting of PVR11_USE_MMU on the use_mmu
CPU property, otherwise we may incorrectly advertise an
MMU via PVR when the core in fact has none.
projects / qemu.git / log