Greg Kurz [Tue, 24 Jan 2017 23:23:49 +0000 (00:23 +0100)]
9pfs: fix offset error in v9fs_xattr_read()
The current code tries to copy `read_count' bytes starting at offset
`offset' from a `read_count`-sized iovec. This causes v9fs_pack() to
fail with ENOBUFS.
Since the PDU iovec is already partially filled with `offset' bytes,
let's skip them when creating `qiov_full' and have v9fs_pack() to
copy the whole of it. Moreover, this is consistent with the other
places where v9fs_init_qiov_from_pdu() is called.
This fixes commit "bcb8998fac16 9pfs: call v9fs_init_qiov_from_pdu
before v9fs_pack".
Greg Kurz [Fri, 13 Jan 2017 17:18:20 +0000 (18:18 +0100)]
9pfs: fix off-by-one error in PDU free list
The server can handle MAX_REQ - 1 PDUs at a time and the virtio-9p
device has a MAX_REQ sized virtqueue. If the client manages to fill
up the virtqueue, pdu_alloc() will fail and the request won't be
processed without any notice to the client (it actually causes the
linux 9p client to hang).
This has been there since the beginning (commit 9f10751365b2 "virtio-9p:
Add a virtio 9p device to qemu"), but it needs an agressive workload to
run in the guest to show up.
We actually allocate MAX_REQ PDUs and I see no reason not to link them
all into the free list, so let's fix the init loop.
Peter Maydell [Tue, 24 Jan 2017 17:26:26 +0000 (17:26 +0000)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20170124' into staging
Two s390x fixes: One for the kvm.c build failure, and one for a bug
that might cause random guest crashes with zeroed out pages on host
kernels with working cmma (< 4.6 and likely >= 4.10).
# gpg: Signature made Tue 24 Jan 2017 15:00:50 GMT
# gpg: using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <[email protected]>"
# gpg: aka "Cornelia Huck <[email protected]>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF
* remotes/cohuck/tags/s390x-20170124:
s390x/kvm: fix cmma reset for KVM
s390x/kvm: include hw_accel.h instead of kvm.h
Peter Maydell [Tue, 24 Jan 2017 15:39:09 +0000 (15:39 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-and-machine-pull-request' into staging
x86, machine, numa queue (2017-01-23)
# gpg: Signature made Mon 23 Jan 2017 23:26:59 GMT
# gpg: using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <[email protected]>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-and-machine-pull-request:
kvm: Allow invtsc migration if tsc-khz is set explicitly
kvm: Simplify invtsc check
hw/core/null-machine: Add the possibility to instantiate a CPU and RAM
qemu-options: Rename variables on the -numa "cpus" option
MAINTAINERS: Add an entry for hw/core/null-machine.c
machine: Make possible_cpu_arch_ids() return const pointer
pc: don't return cpu pointer from pc_new_cpu() as it's not needed anymore
pc: cleanup: move smbios_set_cpuid() into pc_build_smbios()
arch_init: Remove unnecessary default_config_files table
vl: Ensure the numa_post_machine_init func in the appropriate location
i386: Return migration-safe field on query-cpu-definitions
i386: Remove AMD feature flag aliases from Opteron models
x86: add AVX512_VPOPCNTDQ features
We must reset the CMMA states for normal memory (when not on mem path),
but the current code does the opposite. This was unnoticed for some time
as the kernel since 4.6 also had a bug which mostly disabled the paging
optimizations.
Cornelia Huck [Tue, 24 Jan 2017 09:18:02 +0000 (10:18 +0100)]
s390x/kvm: include hw_accel.h instead of kvm.h
Commit b394662 ("kvm: move cpu synchronization code") switched
to hw_accel.h instead of kvm.h, but missed s390x, resulting in
CC s390x-softmmu/target/s390x/kvm.o
/home/cohuck/git/qemu/target/s390x/kvm.c: In function ‘kvm_sclp_service_call’:
/home/cohuck/git/qemu/target/s390x/kvm.c:1034:5: error: implicit declaration of function ‘cpu_synchronize_state’ [-Werror=implicit-function-declaration]
cpu_synchronize_state(CPU(cpu));
^
/home/cohuck/git/qemu/target/s390x/kvm.c:1034:5: error: nested extern declaration of ‘cpu_synchronize_state’ [-Werror=nested-externs]
/home/cohuck/git/qemu/target/s390x/kvm.c: In function ‘sigp_initial_cpu_reset’:
/home/cohuck/git/qemu/target/s390x/kvm.c:1628:5: error: implicit declaration of function ‘cpu_synchronize_post_reset’ [-Werror=implicit-function-declaration]
cpu_synchronize_post_reset(cs);
^
/home/cohuck/git/qemu/target/s390x/kvm.c:1628:5: error: nested extern declaration of ‘cpu_synchronize_post_reset’ [-Werror=nested-externs]
/home/cohuck/git/qemu/target/s390x/kvm.c: In function ‘sigp_set_prefix’:
/home/cohuck/git/qemu/target/s390x/kvm.c:1665:5: error: implicit declaration of function ‘cpu_synchronize_post_init’ [-Werror=implicit-function-declaration]
cpu_synchronize_post_init(cs);
^
/home/cohuck/git/qemu/target/s390x/kvm.c:1665:5: error: nested extern declaration of ‘cpu_synchronize_post_init’ [-Werror=nested-externs]
cc1: all warnings being treated as errors
/home/cohuck/git/qemu/rules.mak:64: recipe for target 'target/s390x/kvm.o' failed
Fix this.
Fixes: b394662 ("kvm: move cpu synchronization code") Signed-off-by: Cornelia Huck <[email protected]> Acked-by: Vincent Palatin <[email protected]>
Peter Maydell [Tue, 24 Jan 2017 14:02:18 +0000 (14:02 +0000)]
Makefile: Add qemu-doc.txt to distclean and dependencies
When qemu-doc.txt was added as a new output format in
commit f8bab10b4c3f, it was not added to either the
list of files to remove in distclean or to the dependency
line that forces qemu-options.texi to be built before
attempting to build qemu-doc.*.
In particular, the missing dependency meant that on
some platforms (notably OSX hosts) we would try to
build qemu-doc.txt before qemu-options.texi had been
fully written out, and then makeinfo would complain
about missing cross-reference targets.
Eduardo Habkost [Sun, 8 Jan 2017 17:32:34 +0000 (15:32 -0200)]
kvm: Allow invtsc migration if tsc-khz is set explicitly
We can safely allow a VM to be migrated with invtsc enabled if
tsc-khz is set explicitly, because:
* QEMU already refuses to start if it can't set the TSC frequency
to the configured value.
* Management software is already required to keep device
configuration (including CPU configuration) the same on
migration source and destination.
Thomas Huth [Wed, 18 Jan 2017 12:44:50 +0000 (13:44 +0100)]
hw/core/null-machine: Add the possibility to instantiate a CPU and RAM
Sometimes it is useful to have just a machine with CPU and RAM, without
any further hardware in it, e.g. if you just want to do some instruction
debugging for TCG with a remote GDB attached to QEMU, or run some embedded
code with the "-semihosting" QEMU parameter. qemu-system-m68k already
features a "dummy" machine, and xtensa a "sim" machine for exactly this
purpose.
All target architectures have nowadays also a "none" machine, which would
be a perfect match for this, too - but it currently does not allow to add
CPU and RAM yet. Thus let's add these possibilities in a generic way to the
"none" machine, too, so that we hopefully do not need additional "dummy"
machines in the future anymore (and maybe can also get rid of the already
existing "dummy"/"sim" machines one day).
Note that the default behaviour of the "none" machine is not changed, i.e.
no CPU and no RAM is instantiated by default. You have explicitely got to
specify the CPU model with "-cpu" and the amount of RAM with "-m" to get
these new features.
Eduardo Habkost [Mon, 23 Jan 2017 18:06:31 +0000 (16:06 -0200)]
qemu-options: Rename variables on the -numa "cpus" option
Use @var{firstcpu} and @var{lastcpu} to make the metasyntatic
variables a bit clearer. While doing this, use @var only around
the metasyntatic variables, not including the square brackets and
hyphen.
The semantics of the "cpus" option will be clarified by rewriting
the whole -numa documentation in a follow-up patch.
The existing default_config_files table in arch_init.c has a
single entry, making it completely unnecessary. The whole code
can be replaced by a single qemu_read_config_file() call in vl.c.
Dou Liyang [Tue, 17 Jan 2017 14:42:31 +0000 (22:42 +0800)]
vl: Ensure the numa_post_machine_init func in the appropriate location
In the numa_post_machine_init(), we use CPU_FOREACH macro to set all
CPUs' namu_node. So, we should make sure that we call it after Qemu
has already initialied all the CPUs.
As we all know, the CPUs can be created by "-smp"(pc_new_cpu) or
"-device"(qdev_device_add) command. But, before the device init,
Qemu execute the numa_post_machine_init earlier. It makes the mapping
of NUMA nodes and CPUs incorrect.
The patch move the numa_post_machine_init func in the appropriate
location.
Eduardo Habkost [Fri, 13 Jan 2017 19:00:57 +0000 (17:00 -0200)]
i386: Remove AMD feature flag aliases from Opteron models
When CPU vendor is set to AMD, the AMD feature alias bits on
CPUID[0x80000001].EDX are already automatically copied from CPUID[1].EDX
on x86_cpu_realizefn(). When CPU vendor is Intel, those bits are
reserved and should be zero. On either case, those bits shouldn't be set
in the CPU model table.
Commit 726a8ff68677d8d5fba17eb0ffb85076bfb598dc removed those
bits from most CPU models, but the Opteron_* entries still have
them. Remove the alias bits from Opteron_* too.
Add an assert() to x86_register_cpudef_type() to ensure we don't
make the same mistake again.
For linux, page 0 is mapped as an execute-only gateway. A gateway
page is a special bit in the page table that allows a B,GATE insn
within that page to raise processor permissions. This is how system
calls are implemented for HPPA.
Rather than actually map anything here, or handle permissions at all,
implement the semantics of the actual linux syscall entry points.
The HPPA cpu has a unique form of predicated execution in which
almost any instruction can set the PSW[N] (or "nullify") bit,
which suppresses execution (and even decoding) of the following
instruction. Execution of a nullified insn clears the PSW[N] bit.
This adds a generic framework for branching over nullified insns,
or for sufficiently simple insns, transforming the writeback of
the result to a conditional move. In the process, we want to be
able to represent PSW[N] as a TCG condition, which implies management
of the related tcg temps.
This is just about the minimum required to enable compilation
without actually executing any instructions. This contains the
HPPACPU structure and the required callbacks, the gdbstub, the
basic translation loop, and a translate_one function that always
results in an illegal instruction.
Like the original MIPS, HPPA has the MSB of an SNaN set.
However, it has different rules for silencing an SNaN:
(1) msb is cleared and (2) msb-1 must be set if the fraction
is now zero, and (implementation defined) may be set always.
I haven't checked real hardware but chose the set always
alternative because it's easy and within spec.
Peter Maydell [Mon, 23 Jan 2017 15:59:09 +0000 (15:59 +0000)]
Merge remote-tracking branch 'remotes/berrange/tags/pull-qio-2017-01-23-2' into staging
Merge io/ 2017-01-23
# gpg: Signature made Mon 23 Jan 2017 15:56:14 GMT
# gpg: using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <[email protected]>"
# gpg: aka "Daniel P. Berrange <[email protected]>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/pull-qio-2017-01-23-2:
io: introduce a DNS resolver API
io: remove Error parameter from QIOTask thread worker
io: change the QIOTask callback signature
io: add ability to associate an error with a task
io: add ability to associate an opaque "result" with with a task
io: fix typo in docs for QIOTask
io: stop incrementing reference in qio_task_get_source
sockets: add ability to disable DNS resolution for InetSocketAddress
Currently DNS resolution is done automatically as part
of the creation of a QIOChannelSocket object instance.
This works ok for network clients where you just end
up a single network socket, but for servers, the results
of DNS resolution may require creation of multiple
sockets.
Introducing a DNS resolver API allows DNS resolution
to be separated from the socket object creation. This
will make it practical to create multiple QIOChannelSocket
instances for servers.
io: remove Error parameter from QIOTask thread worker
Now that task objects have a directly associated error,
there's no need for an an Error **errp parameter to
the QIOTask thread worker function. It already has a
QIOTask object, so can directly set the error on it.
Currently the QIOTaskFunc signature takes an Object * for
the source, and an Error * for any error. We also need to
be able to provide a result pointer. Rather than continue
to add parameters to QIOTaskFunc, remove the existing
ones and simply pass the QIOTask object instead. This
has methods to access all the other data items required
in the callback impl.
Currently when a task fails, the error is never explicitly
associated with the task object, it is just passed along
through the completion callback. This adds the ability to
explicitly associate an error with the task.
io: stop incrementing reference in qio_task_get_source
Incrementing the reference in qio_task_get_source is
not necessary, since we're not running concurrently
with any other code touching the QIOTask. This
minimizes chances of further memory leaks.
sockets: add ability to disable DNS resolution for InetSocketAddress
Add a 'numeric' flag to the InetSocketAddress struct to allow the
caller to indicate that DNS should be skipped for the host/port
fields. This is useful if the caller knows the address is already
numeric and wants to guarantee no (potentially blocking) DNS
lookups are attempted.
Helge Deller [Tue, 6 Dec 2016 15:24:03 +0000 (16:24 +0100)]
linux-user: Handle TIOCSTART and TIOCSTOP
Some architectures (ppc, alpha, sparc, parisc, sh and xtensa) define the
BSD TIOCSTART and TIOCSTOP ioctls in their kernel headers to provide
compatibility to other operating systems.
Those ioctls are not implemented in Linux, nevertheless, bash will use
this ioctl if it's available on those architectures.
To avoid false warnings, add code to simply ignore those ioctls.
HPPA is a (the) stack-grows-up target, and supporting that requires
rearranging how we compute addresses while laying out the initial
program stack. In addition, hppa32 requires 64-byte stack alignment
so parameterize that as well.
* remotes/bonzini/tags/for-upstream: (35 commits)
pc.h: move x-mach-use-reliable-get-clock compat entry to PC_COMPAT_2_8
bitmap: assert that start and nr are non negative
Revert "win32: don't run subprocess tests on Mingw32 platform"
hax: add Darwin support
Plumb the HAXM-based hardware acceleration support
target/i386: Add Intel HAX files
kvm: move cpu synchronization code
KVM: PPC: eliminate unnecessary duplicate constants
ramblock-notifier: new
char: fix ctrl-a b not working
exec: Add missing rcu_read_unlock
x86: ioapic: fix fail migration when irqchip=split
x86: ioapic: dump version for "info ioapic"
x86: ioapic: add traces for ioapic
hxtool: emit Texinfo headings as @subsection
qemu-thread: fix qemu_thread_set_name() race in qemu_thread_create()
serial: fix memory leak in serial exit
scsi-block: fix direction of BYTCHK test for VERIFY commands
pc: fix crash in rtc_set_memory() if initial cpu is marked as hotplugged
acpi: filter based on CONFIG_ACPI_X86 rather than TARGET
...
Peter Maydell [Fri, 20 Jan 2017 15:53:58 +0000 (15:53 +0000)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20170120-v2' into staging
First set of s390x patches for 2.9:
- rework of the zpci code, giving us proper multibus support
- introduction of the 2.9 machine
- fixes and improvements
# gpg: Signature made Fri 20 Jan 2017 09:11:58 GMT
# gpg: using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <[email protected]>"
# gpg: aka "Cornelia Huck <[email protected]>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF
* remotes/cohuck/tags/s390x-20170120-v2:
virtio-ccw: fix ring sizing
s390x/pci: merge msix init functions
s390x/pci: handle PCIBridge bus number
s390x/pci: use hashtable to look up zpci via fh
s390x/pci: PCI multibus bridge handling
s390x/pci: optimize calling s390_get_phb()
s390x/pci: change the device array to a list
s390x/pci: dynamically allocate iommu
s390x/pci: make S390PCIIOMMU inherit Object
s390x/kvm: use kvm_gsi_routing_enabled in flic
s390x: add compat machine for 2.9
s390x: remove double compat statement
Peter Maydell [Fri, 20 Jan 2017 14:56:40 +0000 (14:56 +0000)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Fri 20 Jan 2017 02:58:57 GMT
# gpg: using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <[email protected]>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
tap: fix memory leak on failure in net_init_tap()
hw/pci: use-after-free in pci_nic_init_nofail when nic device fails to initialize
hw/net/dp8393x: Avoid unintentional sign extensions on addresses
m68k: QOMify the MCF Fast Ethernet Controller device
net: optimize checksum computation
docs: Fix description of the sentence
Peter Maydell [Fri, 20 Jan 2017 14:05:44 +0000 (14:05 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, vhost, pc: fixes, features
writeable fw cfg blobs which will be used for guest to host
communication
fixes and cleanups all over the place
Signed-off-by: Michael S. Tsirkin <[email protected]>
# gpg: Signature made Thu 19 Jan 2017 21:08:04 GMT
# gpg: using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <[email protected]>"
# gpg: aka "Michael S. Tsirkin <[email protected]>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
virtio: force VIRTIO_F_IOMMU_PLATFORM
virtio: fix up max size checks
vhost: drop VHOST_F_DEVICE_IOTLB
update-linux-headers.sh: support __bitwise
virtio_crypto: header update
pci_regs: update to latest linux
virtio-mmio: switch to linux headers
virtio_mmio: add standard header file
virtio: drop an obsolete comment
fw-cfg: bump "x-file-slots" to 0x20 for 2.9+ machine types
pc: Add 2.9 machine-types
fw-cfg: turn FW_CFG_FILE_SLOTS into a device property
fw-cfg: support writeable blobs
vhost_net: device IOTLB support
virtio: disable notifications again after poll succeeded
Revert "virtio: turn vq->notification into a nested counter"
virtio-net: enable ioeventfd even if vhost=off
Marcelo Tosatti [Wed, 18 Jan 2017 17:53:45 +0000 (15:53 -0200)]
pc.h: move x-mach-use-reliable-get-clock compat entry to PC_COMPAT_2_8
As noticed by David Gilbert, commit 6053a86 'kvmclock: reduce kvmclock
differences on migration' added 'x-mach-use-reliable-get-clock' and a
compatibility entry that turns it off; however it got merged after 2.8.0
was released but the entry has gone into PC_COMPAT_2_7 where it should
have gone into PC_COMPAT_2_8.
Peter Lieven [Thu, 19 Jan 2017 16:43:50 +0000 (17:43 +0100)]
bitmap: assert that start and nr are non negative
commit e1123a3b introduced a data corruption regression
in the iscsi driver because it passed -1 as nr to bitmap_set
and bitmap_clear. Add an assertion to catch such flaws earlier.
Peter Maydell [Fri, 20 Jan 2017 11:36:47 +0000 (11:36 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20170120' into staging
target-arm queue:
* support virtualization in GICv3
* enable EL2 in AArch64 CPU models
* allow EL2 to be enabled on 'virt' board via -machine virtualization=on
* aspeed: SMC improvements
* m25p80: support die erase command
* m25p80: Add Quad Page Program 4byte
* m25p80: Improve 1GiB Micron flash definition
* arm: Uniquely name imx25 I2C buses
* remotes/pmaydell/tags/pull-target-arm-20170120: (36 commits)
hw/arm/virt: Add board property to enable EL2
target-arm: Enable EL2 feature bit on A53 and A57
target/arm/psci.c: If EL2 implemented, start CPUs in EL2
hw/arm/virt-acpi-build: use SMC if booting in EL2
hw/arm/virt: Support using SMC for PSCI
hw/intc/arm_gicv3: Implement EL2 traps for CPU i/f regs
hw/intc/arm_gicv3: Implement gicv3_cpuif_virt_update()
hw/intc/arm_gicv3: Implement ICV_ registers EOIR and IAR
hw/intc/arm_gicv3: Implement ICV_ HPPIR, DIR and RPR registers
hw/intc/arm_gicv3: Implement ICV_ registers which are just accessors
hw/intc/arm_gicv3: Add accessors for ICH_ system registers
hw/intc/gicv3: Add data fields for virtualization support
hw/intc/gicv3: Add defines for ICH system register fields
target-arm: Add ARMCPU fields for GIC CPU i/f config
hw/arm/virt: Wire VIRQ, VFIQ, maintenance irq lines from GIC to CPU
target-arm: Expose output GPIO line for VCPU maintenance interrupt
hw/intc/arm_gic: Add external IRQ lines for VIRQ and VFIQ
hw/intc/arm_gicv3: Add external IRQ lines for VIRQ and VFIQ
hw/arm/virt-acpi - reserve ECAM space as PNP0C02 device
arm: virt: Fix segmentation fault when specifying an unsupported CPU
...
Peter Maydell [Fri, 20 Jan 2017 11:15:11 +0000 (11:15 +0000)]
hw/arm/virt: Add board property to enable EL2
Add a board level property to the virt board which will
enable EL2 on the CPU if the user asks for it. The
default is not to provide EL2. If EL2 is enabled then
we will use SMC as our PSCI conduit, and report the
virtualization support in the GICv3 device tree node
and the ACPI tables.
Peter Maydell [Fri, 20 Jan 2017 11:15:10 +0000 (11:15 +0000)]
target-arm: Enable EL2 feature bit on A53 and A57
Enable the ARM_FEATURE_EL2 bit on Cortex-A52 and
Cortex-A57, since this is all now sufficiently implemented
to work with the GICv3. We provide the usual CPU property
to disable it for backwards compatibility with the older
virt boards.
In this commit, we disable the EL2 feature on the
virt and ZynpMP boards, so there is no overall effect.
Another commit will expose a board-level property to
allow the user to enable EL2.
Peter Maydell [Fri, 20 Jan 2017 11:15:10 +0000 (11:15 +0000)]
target/arm/psci.c: If EL2 implemented, start CPUs in EL2
The PSCI spec states that a CPU_ON call should cause the new
CPU to be started in the highest implemented Non-secure
exception level. We were incorrectly starting it at the
exception level of the caller, which happens to be correct
if EL2 is not implemented. Implement the correct logic
as described in the PSCI 1.0 spec section 6.4:
* if EL2 exists and SCR_EL3.HCE is set: start in EL2
* otherwise start in EL1
Andrew Jones [Fri, 20 Jan 2017 11:15:10 +0000 (11:15 +0000)]
hw/arm/virt-acpi-build: use SMC if booting in EL2
Signed-off-by: Andrew Jones <[email protected]> Acked-by: Alistair Francis <[email protected]> Signed-off-by: Peter Maydell <[email protected]>
Message-id: 1483977924[email protected]
[PMM: look at vms->psci_conduit rather than vms->virt
to decide whether to use HVC or SMC, and report no
PSCI support at all for the 'PSCI disabled' case] Signed-off-by: Peter Maydell <[email protected]>
Peter Maydell [Fri, 20 Jan 2017 11:15:10 +0000 (11:15 +0000)]
hw/arm/virt: Support using SMC for PSCI
If we are giving the guest a CPU with EL2, it is likely to
want to use the HVC instruction itself, for instance for
providing PSCI to inner guest VMs. This makes using HVC
as the PSCI conduit for the outer QEMU a bad idea. We will
want to use SMC instead is this case: this makes sense
because QEMU's PSCI implementation is effectively an
emulation of functionality provided by EL3 firmware.
Add code to support selecting the PSCI conduit to use,
rather than hardcoding use of HVC.
Peter Maydell [Fri, 20 Jan 2017 11:15:10 +0000 (11:15 +0000)]
hw/intc/arm_gicv3: Implement EL2 traps for CPU i/f regs
Implement the architecturally required traps from NS EL1
to EL2 for the CPU interface registers. These fall into
several different groups:
* group-0-only registers all trap if ICH_HRC_EL2.TALL0 is set
(exactly the registers covered by gicv3_fiq_access())
* group-1-only registers all trap if ICH_HRC_EL2.TALL1 is set
(exactly the registers covered by gicv3_irq_access())
* DIR traps if ICH_HCR_EL2.TC or ICH_HCR_EL2.TDIR are set
* PMR, RPR, CTLR trap if ICH_HCR_EL2.TC is set
* SGI0R, SGI1R, ASGI1R trap if ICH_HCR_EL2.TC is set or
if HCR_EL2.IMO or HCR_EL2.FMO are set
We split DIR and the SGI registers out into their own access
functions, leaving the existing gicv3_irqfiq_access() just
handling PMR, RPR and CTLR.
This commit doesn't implement support for trapping on
HSTR_EL2.T12 for the 32-bit registers, as we don't implement
any of those per-coprocessor trap bits currently and
probably will want to do those in some more centralized way.
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
hw/intc/arm_gicv3: Implement ICV_ registers which are just accessors
If the HCR_EL2.IMO or FMO bits are set, accesses to ICC_
system registers are redirected to be accesses to ICV_
registers (the guest-visible interface to the virtual
interrupt controller). Implement this behaviour for the
ICV_ registers which are simple accessors to the underlying
register state.
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
hw/intc/arm_gicv3: Add accessors for ICH_ system registers
The GICv3 virtualization interface includes system registers
accessible only to the hypervisor which form the control
interface for interrupt virtualization. Implement these
registers.
The function gicv3_cpuif_virt_update() which determines
whether it needs to signal vIRQ, vFIQ or a maintenance
interrupt is introduced here as a stub function -- its
implementation will be added in a subsequent commit.
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
hw/intc/gicv3: Add data fields for virtualization support
As the first step in adding support for the virtualization
extensions to the GICv3 emulation:
* add the necessary data fields to the state structures
* add the fields to the migration state, as a subsection
which is only present if virtualization is enabled
The use of a subsection means we retain migration
compatibility as EL2 is not enabled on any CPUs currently.
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
target-arm: Add ARMCPU fields for GIC CPU i/f config
Add fields to the ARMCPU structure to allow CPU classes to
specify the configurable aspects of their GIC CPU interface.
In particular, the virtualization support allows different
values for number of list registers, priority bits and
preemption bits.
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
target-arm: Expose output GPIO line for VCPU maintenance interrupt
The GICv3 support for virtualization includes an outbound
maintenance interrupt signal which is asserted when the
CPU interface wants to signal to the hypervisor that it
needs attention. Expose this as an outbound GPIO line from
the CPU object which can be wired up as a physical interrupt
line by the board code (as we do already for the CPU timers).
Peter Maydell [Fri, 20 Jan 2017 11:15:09 +0000 (11:15 +0000)]
hw/intc/arm_gic: Add external IRQ lines for VIRQ and VFIQ
Augment the GIC's QOM device interface by adding two
new sets of sysbus IRQ lines, to signal VIRQ and VFIQ to
each CPU.
We never use these, but it's helpful to keep the v2-and-earlier
GIC's external interface in line with that of the GICv3 to
avoid board code having to add extra code conditional on which
version of the GIC is in use.
Shannon Zhao [Fri, 20 Jan 2017 11:15:08 +0000 (11:15 +0000)]
arm: virt: Fix segmentation fault when specifying an unsupported CPU
Using -cpu cortex-a9 (or any other unsupported CPU) with the virt
board will cause QEMU to segmentation fault. This bug was introduced
in commit 9ac4ef77, which incorrectly added a NULL terminator when
converting the VirtBoardInfo array into a simple array of strings
defining the valid CPUs. The cpuname_valid() loop already has
a termination condition based on ARRAY_SIZE, so the NULL is
spurious and causes the strcmp() to segfault if we reach it.
Delete the NULL.
Cédric Le Goater [Fri, 20 Jan 2017 11:15:08 +0000 (11:15 +0000)]
aspeed/smc: extend tests for Command mode
The Aspeed SMC controllers have a mode (Command mode) in which
accesses to the flash content are no different than doing MMIOs. The
controller generates all the necessary commands to load (or store)
data in memory.
So add a couple of tests doing direct reads and writes on the AHB bus.
Cédric Le Goater [Fri, 20 Jan 2017 11:15:08 +0000 (11:15 +0000)]
aspeed/smc: handle SPI flash Command mode
The Aspeed SMC controllers have a mode (Command mode) in which
accesses to the flash content are no different than doing MMIOs. The
controller generates all the necessary commands to load (or store)
data in memory.
However, accesses are restricted to the segment window assigned the
the flash module by the controller. This window is defined by the
Segment Address Register.
Cédric Le Goater [Fri, 20 Jan 2017 11:15:08 +0000 (11:15 +0000)]
aspeed/smc: adjust the size of the register region
The SPI controller of the AST2400 SoC has less registers. So we can
adjust the size of the memory region holding the registers depending
on the controller type. We can also remove the guest_error logging
which is useless as the range of the region is strict enough.
Cédric Le Goater [Fri, 20 Jan 2017 11:15:07 +0000 (11:15 +0000)]
aspeed/smc: autostrap CE0/1 configuration
On the AST2500 SoC, the FMC controller flash type is fixed to SPI for
CE0 and CE1 and 4BYTE mode is autodetected for CE0.
On the AST2400 SoC, the FMC controller flash type and 4BYTE mode are
strapped with register SCU70. We use the default settings from the
palmetto-bmc machine for now.
Cédric Le Goater [Fri, 20 Jan 2017 11:15:07 +0000 (11:15 +0000)]
aspeed/smc: remove call to aspeed_smc_update_cs() in reset function
Instead, we can simply set the irq level when unselecting the slave
devices. This change prepares ground for a subsequent cleanup of the
aspeed_smc_update_cs() routine which uselessly loops on all slaves to
update their status.
Peter Maydell [Fri, 20 Jan 2017 11:15:07 +0000 (11:15 +0000)]
target/arm: Implement DBGVCR32_EL2 system register
The DBGVCR_EL2 system register is needed to run a 32-bit
EL1 guest under a Linux EL2 64-bit hypervisor. Its only
purpose is to provide AArch64 with access to the state of
the DBGVCR AArch32 register. Since we only have a dummy
DBGVCR, implement a corresponding dummy DBGVCR32_EL2.
Peter Maydell [Fri, 20 Jan 2017 11:15:07 +0000 (11:15 +0000)]
target/arm: Handle VIRQ and VFIQ in arm_cpu_do_interrupt_aarch32()
To run a VM in 32-bit EL1 our AArch32 interrupt handling code
needs to be able to cope with VIRQ and VFIQ exceptions.
These behave like IRQ and FIQ except that we don't need to try
to route them to Monitor mode.
n25q00 and mt25q01 devices share the same JEDEC ID. The difference
between those two devices is number of dies and one bit in extended
JEDEC bytes. This commit adds proper entry for both devices by
introduction the number of dies and and new 25q00 entries.
Modern big flash NOR devices consist of more than one die.
Some of them do not support chip erase and instead have a die
erase command that can erase one die only. This commit adds
support for defining the number of dies in the chip, and adds
support for die erase command.
The NOR flash model is not strict, so no option to
disable chip erase has been added.
projects / qemu.git / log