Paolo Bonzini [Mon, 30 Nov 2020 12:16:11 +0000 (07:16 -0500)]
docs: temporarily disable the kernel-doc extension
Preserve bisectability while we update scripts/kernel-doc from Linux.
Without this patch, building with Sphinx 3 would break while we
revert our own Sphinx 3 support and replace it with Linux's.
Paolo Bonzini [Tue, 3 Nov 2020 08:26:05 +0000 (03:26 -0500)]
vl: remove serial_max_hds
serial_hd(i) is NULL if and only if i >= serial_max_hds(). Test
serial_hd(i) instead of bounding the loop at serial_max_hds(),
thus removing one more function that vl.c is expected to export.
Paolo Bonzini [Tue, 27 Oct 2020 08:40:02 +0000 (04:40 -0400)]
hmp: introduce cmd_available
Combine the RUN_STATE_PRECONFIG and cmd_can_preconfig checks
into a single function, to avoid repeating the same expression
(or its negation after applying DeMorgan's rule) over and
over again.
Paolo Bonzini [Tue, 27 Oct 2020 12:42:04 +0000 (08:42 -0400)]
vl: start VM via qmp_cont
Complement the previous patch by starting the VM with a QMP command.
The plan is that the user will be able to do the same, invoking two
commands "finish-machine-init" and "cont" instead of
"x-exit-preconfig".
Paolo Bonzini [Tue, 27 Oct 2020 08:22:57 +0000 (04:22 -0400)]
migration, vl: start migration via qmp_migrate_incoming
Make qemu_start_incoming_migration local to migration/migration.c.
By using the runstate instead of a separate flag, vl need not do
anything to setup deferred incoming migration.
qmp_migrate_incoming also does not need the deferred_incoming flag
anymore, because "-incoming PROTOCOL" will clear the "once" flag
before the main loop starts. Therefore, later invocations of
the migrate-incoming command will fail with the existing
"The incoming migration has already been started" error message.
Paolo Bonzini [Tue, 27 Oct 2020 08:07:30 +0000 (04:07 -0400)]
vl: initialize displays before preconfig loop
Displays should be available before the monitor starts, so that
it is possible to use the graphical console to interact with
the monitor itself.
This patch is quite ugly, but all this is temporary. The double
call to qemu_init_displays will go away as soon we can unify machine
initialization between the preconfig and "normal" flows, and so will
the preconfig_exit_requested variable (that is only preconfig_requested
remains).
Paolo Bonzini [Tue, 27 Oct 2020 15:16:18 +0000 (11:16 -0400)]
vl: separate qemu_resolve_machine_memdev
This is a bit nasty: the machine is storing a string and later
resolving it. We probably want to remove the memdev property
and instead make this a memory-set command. "-M memdev" can be
handled a legacy option that is special cased by
machine_set_property.
Paolo Bonzini [Mon, 9 Nov 2020 09:46:30 +0000 (04:46 -0500)]
qemu-option: restrict qemu_opts_set to merge-lists QemuOpts
qemu_opts_set is used to create default network backends and to
parse sugar options -kernel, -initrd, -append, -bios and -dtb.
These are very different uses:
I would *expect* a function named qemu_opts_set to set an option in a
merge-lists QemuOptsList, such as -kernel, and possibly to set an option
in a non-merge-lists QemuOptsList with non-NULL id, similar to -set.
However, it wouldn't *work* to use qemu_opts_set for the latter
because qemu_opts_set uses fail_if_exists==1. So, for non-merge-lists
QemuOptsList and non-NULL id, the semantics of qemu_opts_set (fail if the
(QemuOptsList, id) pair already exists) are debatable.
On the other hand, I would not expect qemu_opts_set to create a
non-merge-lists QemuOpts with a single option; which it does, though.
For this case of non-merge-lists QemuOptsList and NULL id, qemu_opts_set
hardly adds value over qemu_opts_parse. It does skip some parsing and
unescaping, but that's not needed when creating default network
backends.
So qemu_opts_set has warty behavior for non-merge-lists QemuOptsList
if id is non-NULL, and it's mostly pointless if id is NULL. My
solution to keeping the API as simple as possible is to limit
qemu_opts_set to merge-lists QemuOptsList. For them, it's useful (we
don't want comma-unescaping for -kernel) *and* has sane semantics.
Network backend creation is switched to qemu_opts_parse.
qemu_opts_set is now only used on merge-lists QemuOptsList... except
in the testcase, which is changed to use a merge-list QemuOptsList.
With this change we can also remove the id parameter. With the
parameter always NULL, we know that qemu_opts_create cannot fail
and can pass &error_abort to it.
Paolo Bonzini [Wed, 21 Oct 2020 14:21:22 +0000 (10:21 -0400)]
vl: extract various command line desugaring snippets to a new function
Keep the machine initialization sequence free of miscellaneous command
line parsing actions.
The only difference is that preallocation will always be done with one
thread if -smp is not provided; previously it was using mc->default_cpus,
which is almost always 1 anyway.
Paolo Bonzini [Wed, 21 Oct 2020 14:19:08 +0000 (10:19 -0400)]
vl: preconfig and loadvm are mutually exclusive
Just like -incoming. Later we will add support for "-incoming defer
-preconfig", because there are cases (Xen, block layer) that want
to look at RUNSTATE_INMIGRATE. -loadvm will remain mutually exclusive
with preconfig; the plan is to just do loadvm in the monitor, since
the user is already going to interact with it for preconfiguration.
Paolo Bonzini [Fri, 23 Oct 2020 12:04:29 +0000 (08:04 -0400)]
vl: move prelaunch part of qemu_init to new functions
The final part of qemu_init, starting with the completion of
board init, is already relatively clean. Split it out of
qemu_init so that qemu_init keeps only the messy parts.
Paolo Bonzini [Wed, 21 Oct 2020 09:33:40 +0000 (05:33 -0400)]
vl: extract qemu_init_subsystems
Group a bunch of subsystem initializations that can be done right
after command line parsing. Remove initializations that can be done
simply as global variable initializers.
Paolo Bonzini [Wed, 21 Oct 2020 09:17:39 +0000 (05:17 -0400)]
vl: split various early command line options to a separate function
Various options affect the global state of QEMU including the rest of
qemu_init, and they need to be called very early. Group them together
in a function that is called at the beginning.
Paolo Bonzini [Wed, 21 Oct 2020 10:07:55 +0000 (06:07 -0400)]
vl: remove bogus check
There is no reason to prevent -preconfig -daemonize. Of course if
no monitor is defined there will be no way to start the VM,
but that is a user error.
Since commit 5ec3a23e6c8 ("serial: convert PIO to new memory
api read/write") we don't need to worry about accesses bigger
than 8-bit. Use the extract()/deposit() functions to access
the correct part of the 16-bit 'divider' register.
Paolo Bonzini [Thu, 22 Oct 2020 15:12:46 +0000 (11:12 -0400)]
rx: move BIOS load from MCU to board
The ROM loader state is global and not part of the MCU, and the
BIOS is in machine->firmware. So just like the kernel case,
load it in the board.
Due to the ordering between CPU reset and ROM reset, the ROM
has to be registered before the CPU is realized, otherwise
the reset vector is loaded before the ROM is there.
In order to use inclusive terminology, rename SSI 'slave' as
'peripheral', following the specification resolution:
https://www.oshwa.org/a-resolution-to-redefine-spi-signal-names/
Patch created mechanically using:
$ sed -i s/SSISlave/SSIPeripheral/ $(git grep -l SSISlave)
$ sed -i s/SSI_SLAVE/SSI_PERIPHERAL/ $(git grep -l SSI_SLAVE)
$ sed -i s/ssi-slave/ssi-peripheral/ $(git grep -l ssi-slave)
$ sed -i s/ssi_slave/ssi_peripheral/ $(git grep -l ssi_slave)
$ sed -i s/ssi_create_slave/ssi_create_peripheral/ \
$(git grep -l ssi_create_slave)
Then in VMStateDescription vmstate_ssi_peripheral we restored
the "SSISlave" migration stream name (to avoid breaking migration).
Finally the following files have been manually tweaked:
- hw/ssi/pl022.c
- hw/ssi/xilinx_spips.c
Sunil Muthuswamy [Wed, 28 Oct 2020 02:23:19 +0000 (02:23 +0000)]
WHPX: support for the kernel-irqchip on/off
This patch adds support the kernel-irqchip option for
WHPX with on or off value. 'split' value is not supported
for the option. The option only works for the latest version
of Windows (ones that are coming out on Insiders). The
change maintains backward compatibility on older version of
Windows where this option is not supported.
Bin Meng [Fri, 13 Nov 2020 09:56:18 +0000 (17:56 +0800)]
target/i386: seg_helper: Correct segment selector nullification in the RET/IRET helper
Per the SDM, when returning to outer privilege level, for segment
registers (ES, FS, GS, and DS) if the check fails, the segment
selector becomes null, but QEMU clears the base/limit/flags as well
as nullifying the segment selector, which should be a spec violation.
Real hardware seems to be compliant with the spec, at least on one
Coffee Lake board I tested.
David Woodhouse [Mon, 5 Oct 2020 14:18:19 +0000 (15:18 +0100)]
target/i386: Support up to 32768 CPUs without IRQ remapping
The IOAPIC has an 'Extended Destination ID' field in its RTE, which maps
to bits 11-4 of the MSI address. Since those address bits fall within a
given 4KiB page they were historically non-trivial to use on real hardware.
The Intel IOMMU uses the lowest bit to indicate a remappable format MSI,
and then the remaining 7 bits are part of the index.
Where the remappable format bit isn't set, we can actually use the other
seven to allow external (IOAPIC and MSI) interrupts to reach up to 32768
CPUs instead of just the 255 permitted on bare metal.
Paolo Bonzini [Mon, 23 Nov 2020 12:17:47 +0000 (07:17 -0500)]
target/i386: fix operand order for PDEP and PEXT
For PDEP and PEXT, the mask is provided in the memory (mod+r/m)
operand, and therefore is loaded in s->T0 by gen_ldst_modrm.
The source is provided in the second source operand (VEX.vvvv)
and therefore is loaded in s->T1. Fix the order in which
they are passed to the helpers.
Peter Maydell [Thu, 10 Dec 2020 14:26:35 +0000 (14:26 +0000)]
Merge remote-tracking branch 'remotes/legoater/tags/pull-aspeed-20201210' into staging
Aspeed patches :
* New device model for EMC1413/EMC1414 temperature sensors (I2C)
* New g220a-bmc Aspeed machine
* couple of Aspeed cleanups
# gpg: Signature made Thu 10 Dec 2020 11:58:10 GMT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <[email protected]>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* remotes/legoater/tags/pull-aspeed-20201210:
aspeed: g220a-bmc: Add an FRU
aspeed/smc: Add support for address lane disablement
ast2600: SRAM is 89KB
aspeed: Add support for the g220a-bmc board
hw/misc: add an EMC141{3,4} device model
* remotes/kraxel/tags/microvm-20201210-pull-request:
tests/acpi: disallow updates for expected data files
tests/acpi: update expected data files
tests/acpi: add ioapic2=on test for microvm
tests/acpi: add data files for ioapic2 test variant
tests/acpi: allow updates for expected data files
microvm: add second ioapic
microvm: drop microvm_gsi_handler()
microvm: make pcie irq base runtime changeable
microvm: make number of virtio transports runtime changeable
x86: add support for second ioapic
x86: rewrite gsi_handler()
Peter Maydell [Thu, 10 Dec 2020 11:48:25 +0000 (11:48 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20201210' into staging
target-arm queue:
* hw/arm/smmuv3: Fix up L1STD_SPAN decoding
* xlnx-zynqmp: Support Xilinx ZynqMP CAN controllers
* sbsa-ref: allow to use Cortex-A53/57/72 cpus
* Various minor code cleanups
* hw/intc/armv7m_nvic: Make all of system PPB range be RAZWI/BusFault
* Implement more pieces of ARMv8.1M support
Peter Maydell [Thu, 19 Nov 2020 21:56:15 +0000 (21:56 +0000)]
hw/intc/armv7m_nvic: Implement read/write for RAS register block
The RAS feature has a block of memory-mapped registers at offset
0x5000 within the PPB. For a "minimal RAS" implementation we provide
no error records and so the only registers that exist in the block
are ERRIIDR and ERRDEVID.
The "RAZ/WI for privileged, BusFault for nonprivileged" behaviour
of the "nvic-default" region is actually valid for minimal-RAS,
so the main benefit of providing an explicit implementation of
the register block is more accurate LOG_UNIMP messages, and a
framework for where we could add a real RAS implementation later
if necessary.
For v8.1M the architecture mandates that CPUs must provide at
least the "minimal RAS implementation" from the Reliability,
Availability and Serviceability extension. This consists of:
* an ESB instruction which is a NOP
-- since it is in the HINT space we need only add a comment
* an RFSR register which will RAZ/WI
* a RAZ/WI AIRCR.IESB bit
-- the code which handles writes to AIRCR does not allow setting
of RES0 bits, so we already treat this as RAZ/WI; add a comment
noting that this is deliberate
* minimal implementation of the RAS register block at 0xe0005000
-- this will be in a subsequent commit
* setting the ID_PFR0.RAS field to 0b0010
-- we will do this when we add the Cortex-M55 CPU model
Peter Maydell [Thu, 19 Nov 2020 21:56:13 +0000 (21:56 +0000)]
hw/intc/armv7m_nvic: Fix "return from inactive handler" check
In commit 077d7449100d824a4 we added code to handle the v8M
requirement that returns from NMI or HardFault forcibly deactivate
those exceptions regardless of what interrupt the guest is trying to
deactivate. Unfortunately this broke the handling of the "illegal
exception return because the returning exception number is not
active" check for those cases. In the pseudocode this test is done
on the exception the guest asks to return from, but because our
implementation was doing this in armv7m_nvic_complete_irq() after the
new "deactivate NMI/HardFault regardless" code we ended up doing the
test on the VecInfo for that exception instead, which usually meant
failing to raise the illegal exception return fault.
In the case for "configurable exception targeting the opposite
security state" we detected the illegal-return case but went ahead
and deactivated the VecInfo anyway, which is wrong because that is
the VecInfo for the other security state.
Rearrange the code so that we first identify the illegal return
cases, then see if we really need to deactivate NMI or HardFault
instead, and finally do the deactivation.
Peter Maydell [Thu, 19 Nov 2020 21:56:12 +0000 (21:56 +0000)]
target/arm: Implement CCR_S.TRD behaviour for SG insns
v8.1M introduces a new TRD flag in the CCR register, which enables
checking for stack frame integrity signatures on SG instructions.
Add the code in the SG insn implementation for the new behaviour.
Peter Maydell [Thu, 19 Nov 2020 21:56:11 +0000 (21:56 +0000)]
hw/intc/armv7m_nvic: Support v8.1M CCR.TRD bit
v8.1M introduces a new TRD flag in the CCR register, which enables
checking for stack frame integrity signatures on SG instructions.
This bit is not banked, and is always RAZ/WI to Non-secure code.
Adjust the code for handling CCR reads and writes to handle this.
Peter Maydell [Thu, 19 Nov 2020 21:56:09 +0000 (21:56 +0000)]
target/arm: Implement new v8.1M VLLDM and VLSTM encodings
v8.1M adds new encodings of VLLDM and VLSTM (where bit 7 is set).
The only difference is that:
* the old T1 encodings UNDEF if the implementation implements 32
Dregs (this is currently architecturally impossible for M-profile)
* the new T2 encodings have the implementation-defined option to
read from memory (discarding the data) or write UNKNOWN values to
memory for the stack slots that would be D16-D31
We choose not to make those accesses, so for us the two
instructions behave identically assuming they don't UNDEF.
Peter Maydell [Thu, 19 Nov 2020 21:56:08 +0000 (21:56 +0000)]
target/arm: Implement new v8.1M NOCP check for exception return
In v8.1M a new exception return check is added which may cause a NOCP
UsageFault (see rule R_XLTP): before we clear s0..s15 and the FPSCR
we must check whether access to CP10 from the Security state of the
returning exception is disabled; if it is then we must take a fault.
(Note that for our implementation CPPWR is always RAZ/WI and so can
never cause CP10 accesses to fail.)
The other v8.1M change to this register-clearing code is that if MVE
is implemented VPR must also be cleared, so add a TODO comment to
that effect.
Peter Maydell [Thu, 19 Nov 2020 21:56:07 +0000 (21:56 +0000)]
target/arm: Implement v8.1M REVIDR register
In v8.1M a REVIDR register is defined, which is at address 0xe00ecfc
and is a read-only IMPDEF register providing implementation specific
minor revision information, like the v8A REVIDR_EL1. Implement this.
Peter Maydell [Thu, 19 Nov 2020 21:56:06 +0000 (21:56 +0000)]
target/arm: In v8.1M, don't set HFSR.FORCED on vector table fetch failures
In v8.1M, vector table fetch failures don't set HFSR.FORCED (see rule
R_LLRP). (In previous versions of the architecture this was either
required or IMPDEF.)
Peter Maydell [Thu, 19 Nov 2020 21:56:05 +0000 (21:56 +0000)]
target/arm: For v8.1M, always clear R0-R3, R12, APSR, EPSR on exception entry
In v8.0M, on exception entry the registers R0-R3, R12, APSR and EPSR
are zeroed for an exception taken to Non-secure state; for an
exception taken to Secure state they become UNKNOWN, and we chose to
leave them at their previous values.
In v8.1M the behaviour is specified more tightly and these registers
are always zeroed regardless of the security state that the exception
targets (see rule R_KPZV). Implement this.
Peter Maydell [Thu, 19 Nov 2020 21:56:04 +0000 (21:56 +0000)]
hw/intc/armv7m_nvic: Update FPDSCR masking for v8.1M
The FPDSCR register has a similar layout to the FPSCR. In v8.1M it
gains new fields FZ16 (if half-precision floating point is supported)
and LTPSIZE (always reads as 4). Update the reset value and the code
that handles writes to this register accordingly.
Peter Maydell [Thu, 19 Nov 2020 21:56:02 +0000 (21:56 +0000)]
target/arm: Implement FPCXT_S fp system register
Implement the new-in-v8.1M FPCXT_S floating point system register.
This is for saving and restoring the secure floating point context,
and it reads and writes bits [27:0] from the FPSCR and the
CONTROL.SFPA bit in bit [31].
Peter Maydell [Thu, 19 Nov 2020 21:56:01 +0000 (21:56 +0000)]
target/arm: Factor out preserve-fp-state from full_vfp_access_check()
Factor out the code which handles M-profile lazy FP state preservation
from full_vfp_access_check(); accesses to the FPCXT_NS register are
a special case which need to do just this part (corresponding in the
pseudocode to the PreserveFPState() function), and not the full
set of actions matching the pseudocode ExecuteFPCheck() which
normal FP instructions need to do.
Peter Maydell [Thu, 19 Nov 2020 21:56:00 +0000 (21:56 +0000)]
target/arm: Use new FPCR_NZCV_MASK constant
We defined a constant name for the mask of NZCV bits in the FPCR/FPSCR
in the previous commit; use it in a couple of places in existing code,
where we're masking out everything except NZCV for the "load to Rt=15
sets CPSR.NZCV" special case.
projects / qemu.git / log