Commit Graph

30504 Commits

Author SHA1 Message Date
Jason Wang
5178d78f4b intel-iommu: correctly check passthrough during translation
When scalable mode is enabled, the passthrough more is not determined
by the context entry but PASID entry, so switch to use the logic of
vtd_dev_pt_enabled() to determine the passthrough mode in
vtd_do_iommu_translate().

Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20220105041945.13459-2-jasowang@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 19:30:13 -05:00
David Hildenbrand
60f1f77cab virtio-mem: Set "unplugged-inaccessible=auto" for the 7.0 machine on x86
Set the new default to "auto", keeping it set to "off" for compat
machines. This property is only available for x86 targets.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pankaj Gupta <pankaj.gupta@ionos.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20211217134039.29670-4-david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 19:30:13 -05:00
David Hildenbrand
23ad8dec8d virtio-mem: Support VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE
With VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE, we signal the VM that reading
unplugged memory is not supported. We have to fail feature negotiation
in case the guest does not support VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE.

First, VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE is required to properly handle
memory backends (or architectures) without support for the shared zeropage
in the hypervisor cleanly. Without the shared zeropage, even reading an
unpopulated virtual memory location can populate real memory and
consequently consume memory in the hypervisor. We have a guaranteed shared
zeropage only on MAP_PRIVATE anonymous memory.

Second, we want VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE to be the default
long-term as even populating the shared zeropage can be problematic: for
example, without THP support (possible) or without support for the shared
huge zeropage with THP (unlikely), the PTE page tables to hold the shared
zeropage entries can consume quite some memory that cannot be reclaimed
easily.

Third, there are other optimizations+features (e.g., protection of
unplugged memory, reducing the total memory slot size and bitmap sizes)
that will require VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE.

We really only support x86 targets with virtio-mem for now (and
Linux similarly only support x86), but that might change soon, so prepare
for different targets already.

Add a new "unplugged-inaccessible" tristate property for x86 targets:
- "off" will keep VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE unset and legacy
  guests working.
- "on" will set VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE and stop legacy guests
  from using the device.
- "auto" selects the default based on support for the shared zeropage.

Warn in case the property is set to "off" and we don't have support for the
shared zeropage.

For existing compat machines, the property will default to "off", to
not change the behavior but eventually warn about a problematic setup.
Short-term, we'll set the property default to "auto" for new QEMU machines.
Mid-term, we'll set the property default to "on" for new QEMU machines.
Long-term, we'll deprecate the parameter and disallow legacy
guests completely.

The property has to match on the migration source and destination. "auto"
will result in the same VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE setting as long
as the qemu command line (esp. memdev) match -- so "auto" is good enough
for migration purposes and the parameter doesn't have to be migrated
explicitly.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20211217134039.29670-3-david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 19:30:13 -05:00
Stefan Hajnoczi
750539c4c4 virtio: signal after wrapping packed used_idx
Packed Virtqueues wrap used_idx instead of letting it run freely like
Split Virtqueues do. If the used ring wraps more than once there is no
way to compare vq->signalled_used and vq->used_idx in
virtio_packed_should_notify() since they are modulo vq->vring.num.

This causes the device to stop sending used buffer notifications when
when virtio_packed_should_notify() is called less than once each time
around the used ring.

It is possible to trigger this with virtio-blk's dataplane
notify_guest_bh() irq coalescing optimization. The call to
virtio_notify_irqfd() (and virtio_packed_should_notify()) is deferred to
a BH. If the guest driver is polling it can complete and submit more
requests before the BH executes, causing the used ring to wrap more than
once. The result is that the virtio-blk device ceases to raise
interrupts and I/O hangs.

Cc: Tiwei Bie <tiwei.bie@intel.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20211130134510.267382-1-stefanha@redhat.com>
Fixes: 86044b24e8 ("virtio: basic packed virtqueue support")
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 19:30:13 -05:00
David Hildenbrand
09b3b7e092 virtio-mem: Support "prealloc=on" option
For scarce memory resources, such as hugetlb, we want to be able to
prealloc such memory resources in order to not crash later on access. On
simple user errors we could otherwise easily run out of memory resources
an crash the VM -- pretty much undesired.

For ordinary memory devices, such as DIMMs, we preallocate memory via the
memory backend for such use cases; however, with virtio-mem we're dealing
with sparse memory backends; preallocating the whole memory backend
destroys the whole purpose of virtio-mem.

Instead, we want to preallocate memory when actually exposing memory to the
VM dynamically, and fail plugging memory gracefully + warn the user in case
preallocation fails.

A common use case for hugetlb will be using "reserve=off,prealloc=off" for
the memory backend and "prealloc=on" for the virtio-mem device. This
way, no huge pages will be reserved for the process, but we can recover
if there are no actual huge pages when plugging memory. Libvirt is
already prepared for this.

Note that preallocation cannot protect from the OOM killer -- which
holds true for any kind of preallocation in QEMU. It's primarily useful
only for scarce memory resources such as hugetlb, or shared file-backed
memory. It's of little use for ordinary anonymous memory that can be
swapped, KSM merged, ... but we won't forbid it.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20211217134611.31172-9-david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 19:30:13 -05:00
Patrick Venture
b8905cc2dd hw/arm: kudo add lm75s on bus 13
Add the four lm75s behind the mux on bus 13.

Tested by booting the firmware:
lm75 42-0048: hwmon0: sensor 'lm75'
lm75 43-0049: supply vs not found, using dummy regulator
lm75 43-0049: hwmon1: sensor 'lm75'
lm75 44-0048: supply vs not found, using dummy regulator
lm75 44-0048: hwmon2: sensor 'lm75'
lm75 45-0049: supply vs not found, using dummy regulator
lm75 45-0049: hwmon3: sensor 'lm75'

Signed-off-by: Patrick Venture <venture@google.com>
Reviewed-by: Titus Rwantare <titusr@google.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220102215844.2888833-5-venture@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-07 17:08:01 +00:00
Patrick Venture
5b0829d38c hw/arm: add i2c muxes to kudo-bmc
Signed-off-by: Patrick Venture <venture@google.com>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220102215844.2888833-4-venture@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-07 17:08:00 +00:00
Shengtan Mao
b27de2c57b hw/arm: attach MMC to kudo-bmc
Signed-off-by: Shengtan Mao <stmao@google.com>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Chris Rauer <crauer@google.com>
Message-id: 20220102215844.2888833-3-venture@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-07 17:08:00 +00:00
Chris Rauer
560223dcf0 hw/arm: Add kudo i2c eeproms.
Signed-off-by: Chris Rauer <crauer@google.com>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Patrick Venture <venture@google.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220102215844.2888833-2-venture@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-07 17:08:00 +00:00
Peter Maydell
7f18ac3ab3 hw/intc/arm_gicv3_its: Rename max_l2_entries to num_l2_entries
In several places we have a local variable max_l2_entries which is
the number of entries which will fit in a level 2 table.  The
calculations done on this value are correct; rename it to
num_l2_entries to fit the convention we're using in this code.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-01-07 17:08:00 +00:00
Peter Maydell
80dcd37feb hw/intc/arm_gicv3_its: Fix various off-by-one errors
The ITS code has to check whether various parameters passed in
commands are in-bounds, where the limit is defined in terms of the
number of bits that are available for the parameter.  (For example,
the GITS_TYPER.Devbits ID register field specifies the number of
DeviceID bits minus 1, and device IDs passed in the MAPTI and MAPD
command packets must fit in that many bits.)

Currently we have off-by-one bugs in many of these bounds checks.
The typical problem is that we define a max_foo as 1 << n. In
the Devbits example, we set
  s->dt.max_ids = 1UL << (GITS_TYPER.Devbits + 1).
However later when we do the bounds check we write
  if (devid > s->dt.max_ids) { /* command error */ }
which incorrectly permits a devid of 1 << n.

These bugs will not cause QEMU crashes because the ID values being
checked are only used for accesses into tables held in guest memory
which we access with address_space_*() functions, but they are
incorrect behaviour of our emulation.

Fix them by standardizing on this pattern:
 * bounds limits are named num_foos and are the 2^n value
   (equal to the number of valid foo values)
 * bounds checks are either
   if (fooid < num_foos) { good }
   or
   if (fooid >= num_foos) { bad }

In this commit we fix the handling of the number of IDs
in the device table and the collection table, and the number
of commands that will fit in the command queue.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2022-01-07 17:08:00 +00:00
Peter Maydell
437dc0ea98 hw/intc/arm_gicv3_its: Use FIELD macros for CTEs
Use FIELD macros to handle CTEs, rather than ad-hoc mask-and-shift.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-01-07 17:07:59 +00:00
Peter Maydell
257bb6501c hw/intc/arm_gicv3_its: Correct comment about CTE RDBase field size
The comment says that in our CTE format the RDBase field is 36 bits;
in fact for us it is only 16 bits, because we use the RDBase format
where it specifies a 16-bit CPU number. The code already uses
RDBASE_PROCNUM_LENGTH (16) as the field width, so fix the comment
to match it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-01-07 17:07:59 +00:00
Peter Maydell
e07f844599 hw/intc/arm_gicv3_its: Use FIELD macros for DTEs
Currently the ITS code that reads and writes DTEs uses open-coded
shift-and-mask to assemble the various fields into the 64-bit DTE
word.  The names of the macros used for mask and shift values are
also somewhat inconsistent, and don't follow our usual convention
that a MASK macro should specify the bits in their place in the word.
Replace all these with use of the FIELD macro.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-01-07 17:07:59 +00:00
Peter Maydell
b87fab1c8e hw/intc/arm_gicv3_its: Correct handling of MAPI
The MAPI command takes arguments DeviceID, EventID, ICID, and is
defined to be equivalent to MAPTI DeviceID, EventID, EventID, ICID.
(That is, where MAPTI takes an explicit pINTID, MAPI uses the EventID
as the pINTID.)

We didn't quite get this right.  In particular the error checks for
MAPI include "EventID does not specify a valid LPI identifier", which
is the same as MAPTI's error check for the pINTID field.  QEMU's code
skips the pINTID error check entirely in the MAPI case.

We can fix this bug and in the process simplify the code by switching
to the obvious implementation of setting pIntid = eventid early
if ignore_pInt is true.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-01-07 17:07:59 +00:00
Peter Maydell
764d6ba10c hw/intc/arm_gicv3_its: Don't misuse GITS_TYPE_PHYSICAL define
The GITS_TYPE_PHYSICAL define is the value we set the
GITS_TYPER.Physical field to -- this is 1 to indicate that we support
physical LPIs.  (Support for virtual LPIs is the GITS_TYPER.Virtual
field.) We also use this define as the *value* that we write into an
interrupt translation table entry's INTTYPE field, which should be 1
for a physical interrupt and 0 for a virtual interrupt.  Finally, we
use it as a *mask* when we read the interrupt translation table entry
INTTYPE field.

Untangle this confusion: define an ITE_INTTYPE_VIRTUAL and
ITE_INTTYPE_PHYSICAL to be the valid values of the ITE INTTYPE
field, and replace the ad-hoc collection of ITE_ENTRY_* defines with
use of the FIELD() macro to define the fields of an ITE and the
FIELD_EX64() and FIELD_DP64() macros to read and write them.
We use ITE in the new setup, rather than ITE_ENTRY, because
ITE stands for "Interrupt translation entry" and so the extra
"entry" would be redundant.

We take the opportunity to correct the name of the field that holds
the GICv4 'doorbell' interrupt ID (this is always the value 1023 in a
GICv3, which is why we were calling it the 'spurious' field).

The GITS_TYPE_PHYSICAL define is then used in only one place, where
we set the initial GITS_TYPER value.  Since GITS_TYPER.Physical is
essentially a boolean, hiding the '1' value behind a macro is more
confusing than helpful, so expand out the macro there and remove the
define entirely.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-01-07 17:07:59 +00:00
Peter Maydell
9ae8543190 hw/intc/arm_gicv3_its: Correct setting of TableDesc entry_sz
We set the TableDesc entry_sz field from the appropriate
GITS_BASER.ENTRYSIZE field.  That ID register field specifies the
number of bytes per table entry minus one.  However when we use
td->entry_sz we assume it to be the number of bytes per table entry
(for instance we calculate the number of entries in a page by
dividing the page size by the entry size).

The effects of this bug are:
 * we miscalculate the maximum number of entries in the table,
   so our checks on guest index values are wrong (too lax)
 * when looking up an entry in the second level of an indirect
   table, we calculate an incorrect index into the L2 table.
   Because we make the same incorrect calculation on both
   reads and writes of the L2 table, the guest won't notice
   unless it's unlucky enough to use an index value that
   causes us to index off the end of the L2 table page and
   cause guest memory corruption in whatever follows

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-01-07 17:07:58 +00:00
Peter Maydell
e5487a4139 hw/intc/arm_gicv3_its: Reduce code duplication in extract_table_params()
The extract_table_params() decodes the fields in the GITS_BASER<n>
registers into TableDesc structs.  Since the fields are the same for
all the GITS_BASER<n> registers, there is currently a lot of code
duplication within the switch (type) statement.  Refactor so that the
cases include only what is genuinely different for each type:
the calculation of the number of bits in the ID value that indexes
into the table.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-01-07 17:07:58 +00:00
Peter Maydell
62df780e3d hw/intc/arm_gicv3_its: Don't return early in extract_table_params() loop
In extract_table_params() we process each GITS_BASER<n> register.  If
the register's Valid bit is not set, this means there is no
in-guest-memory table and so we should not try to interpret the other
fields in the register.  This was incorrectly coded as a 'return'
rather than a 'break', so instead of looping round to process the
next GITS_BASER<n> we would stop entirely, treating any later tables
as being not valid also.

This has no real guest-visible effects because (since we don't have
GITS_TYPER.HCC != 0) the guest must in any case set up all the
GITS_BASER<n> to point to valid tables, so this only happens in an
odd misbehaving-guest corner case.

Fix the check to 'break', so that we leave the case statement and
loop back around to the next GITS_BASER<n>.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-01-07 17:07:58 +00:00
Peter Maydell
6c1db43de4 hw/intc/arm_gicv3_its: Remove maxids union from TableDesc
The TableDesc struct defines properties of the in-guest-memory tables
which the guest tells us about by writing to the GITS_BASER<n>
registers.  This struct currently has a union 'maxids', but all the
fields of the union have the same type (uint32_t) and do the same
thing (record one-greater-than the maximum ID value that can be used
as an index into the table).

We're about to add another table type (the GICv4 vPE table); rather
than adding another specifically-named union field for that table
type with the same type as the other union fields, remove the union
entirely and just have a 'uint32_t max_ids' struct field.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-01-07 17:07:58 +00:00
Peter Maydell
8d2d6dd9bb hw/intc/arm_gicv3_its: Remove redundant ITS_CTLR_ENABLED define
We currently define a bitmask for the GITS_CTLR ENABLED bit in
two ways: as ITS_CTLR_ENABLED, and via the FIELD() macro as
R_GITS_CTLR_ENABLED_MASK. Consistently use the FIELD macro version
everywhere and remove the redundant ITS_CTLR_ENABLED define.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-01-07 17:07:58 +00:00
Peter Maydell
a120157b24 hw/intc/arm_gicv3_its: Correct off-by-one bounds check on rdbase
The checks in the ITS on the rdbase values in guest commands are
off-by-one: they permit the guest to pass us a value equal to
s->gicv3->num_cpu, but the valid values are 0...num_cpu-1.  This
meant the guest could cause us to index off the end of the
s->gicv3->cpu[] array when calling gicv3_redist_process_lpi(), and we
would probably crash.

(This is not a security bug, because this code is only usable
with emulation, not with KVM.)

Cc: qemu-stable@nongnu.org
Fixes: 17fb5e36aa ("hw/intc: GICv3 redistributor ITS processing")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-01-07 17:07:57 +00:00
Troy Lee
d9e9cd59df Add dummy Aspeed AST2600 Display Port MCU (DPMCU)
AST2600 Display Port MCU introduces 0x18000000~0x1803FFFF as it's memory
and io address. If guest machine try to access DPMCU memory, it will
cause a fatal error.

Signed-off-by: Troy Lee <troy_lee@aspeedtech.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20211210083034.726610-1-troy_lee@aspeedtech.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-07 17:07:57 +00:00
Andy Pei
0a963af3e3 hw/vhost-user-blk: turn on VIRTIO_BLK_F_SIZE_MAX feature for virtio blk device
Turn on pre-defined feature VIRTIO_BLK_F_SIZE_MAX for virtio blk device to
avoid guest DMA request sizes which are too large for hardware spec.

Signed-off-by: Andy Pei <andy.pei@intel.com>
Message-Id: <1641202092-149677-1-git-send-email-andy.pei@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
2022-01-07 05:19:55 -05:00
Eduardo Habkost
0e4edb3b3b hw/i386: expose a "smbios-entry-point-type" PC machine property
The i440fx and Q35 machine types are both hardcoded to use the
legacy SMBIOS 2.1 (32-bit) entry point. This is a sensible
conservative choice because SeaBIOS only supports SMBIOS 2.1

EDK2, however, can also support SMBIOS 3.0 (64-bit) entry points,
and QEMU already uses this on the ARM virt machine type.

This adds a property to allow the choice of SMBIOS entry point
versions For example to opt in to 64-bit SMBIOS entry point:

   $QEMU -machine q35,smbios-entry-point-type=64

Based on a patch submitted by Daniel Berrangé.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211026151100.1691925-4-ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2022-01-07 05:19:55 -05:00
Eduardo Habkost
10be11d0b4 smbios: Rename SMBIOS_ENTRY_POINT_* enums
Rename the enums to match the naming style used by QAPI, and to
use "32" and "64" instead of "20" and "31".  This will allow us
to more easily move the enum to the QAPI schema later.

About the naming choice: "SMBIOS 2.1 entry point"/"SMBIOS 3.0
entry point" and "32-bit entry point"/"64-bit entry point" are
synonymous in the SMBIOS specification.  However, the phrases
"32-bit entry point" and "64-bit entry point" are used more often.

The new names also avoid confusion between the entry point format
and the actual SMBIOS version reported in the entry point
structure.  For example: currently the 32-bit entry point
actually report SMBIOS 2.8 support, not 2.1.

Based on portions of a patch submitted by Daniel P. Berrangé.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211026151100.1691925-2-ehabkost@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 05:19:55 -05:00
Frederic Barrat
20766514d6 pcie_aer: Don't trigger a LSI if none are defined
Skip triggering an LSI when the AER root error status is updated if no
LSI is defined for the device. We can have a root bridge with no LSI,
MSI and MSI-X defined, for example on POWER systems.

Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20211116170133.724751-4-fbarrat@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
2022-01-07 05:19:55 -05:00
Frederic Barrat
2fedf46e34 pci: Export the pci_intx() function
Move the pci_intx() definition to the PCI header file, so that it can
be called from other PCI files. It is used by the next patch.

Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20211116170133.724751-3-fbarrat@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
2022-01-07 05:19:55 -05:00
Roman Kagan
fb76785934 vhost-user-blk: propagate error return from generic vhost
Fix the only callsite that doesn't propagate the error code from the
generic vhost code.

Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru>
Message-Id: <20211111153354.18807-11-rvkagan@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
2022-01-07 05:19:55 -05:00
Roman Kagan
5d33ae4b7a vhost: stick to -errno error return convention
The generic vhost code expects that many of the VhostOps methods in the
respective backends set errno on errors.  However, none of the existing
backends actually bothers to do so.  In a number of those methods errno
from the failed call is clobbered by successful later calls to some
library functions; on a few code paths the generic vhost code then
negates and returns that errno, thus making failures look as successes
to the caller.

As a result, in certain scenarios (e.g. live migration) the device
doesn't notice the first failure and goes on through its state
transitions as if everything is ok, instead of taking recovery actions
(break and reestablish the vhost-user connection, cancel migration, etc)
before it's too late.

To fix this, consolidate on the convention to return negated errno on
failures throughout generic vhost, and use it for error propagation.

Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru>
Message-Id: <20211111153354.18807-10-rvkagan@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 05:19:55 -05:00
Roman Kagan
025faa872b vhost-user: stick to -errno error return convention
VhostOps methods in user_ops are not very consistent in their error
returns: some return negated errno while others just -1.

Make sure all of them consistently return negated errno.  This also
helps error propagation from the functions being called inside.
Besides, this synchronizes the error return convention with the other
two vhost backends, kernel and vdpa, and will therefore allow for
consistent error propagation in the generic vhost code (in a followup
patch).

Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru>
Message-Id: <20211111153354.18807-9-rvkagan@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 05:19:55 -05:00
Roman Kagan
3631151b3e vhost-vdpa: stick to -errno error return convention
Almost all VhostOps methods in vdpa_ops follow the convention of
returning negated errno on error.

Adjust the few that don't.  To that end, rework vhost_vdpa_add_status to
check if setting of the requested status bits has succeeded and return
the respective error code it hasn't, and propagate the error codes
wherever it's appropriate.

Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru>
Message-Id: <20211111153354.18807-8-rvkagan@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 05:19:55 -05:00
Roman Kagan
2d88d9c65c vhost-backend: stick to -errno error return convention
Almost all VhostOps methods in kernel_ops follow the convention of
returning negated errno on error.

Adjust the only one that doesn't.

Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru>
Message-Id: <20211111153354.18807-7-rvkagan@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2022-01-07 05:19:55 -05:00
Roman Kagan
6dcae534e8 vhost-backend: avoid overflow on memslots_limit
Fix the (hypothetical) potential problem when the value parsed out of
the vhost module parameter in sysfs overflows the return value from
vhost_kernel_memslots_limit.

Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru>
Message-Id: <20211111153354.18807-6-rvkagan@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 05:19:55 -05:00
Roman Kagan
b7107e758f vhost-user-blk: reconnect on any error during realize
vhost-user-blk realize only attempts to reconnect if the previous
connection attempt failed on "a problem with the connection and not an
error related to the content (which would fail again the same way in the
next attempt)".

However this distinction is very subtle, and may be inadvertently broken
if the code changes somewhere deep down the stack and a new error gets
propagated up to here.

OTOH now that the number of reconnection attempts is limited it seems
harmless to try reconnecting on any error.

So relax the condition of whether to retry connecting to check for any
error.

This patch amends a527e312b5 "vhost-user-blk: Implement reconnection
during realize".

Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru>
Message-Id: <20211111153354.18807-2-rvkagan@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
2022-01-07 05:19:55 -05:00
Laurent Vivier
deeb956c40 trace-events,pci: unify trace events format
Unify format used by trace_pci_update_mappings_del(),
trace_pci_update_mappings_add(), trace_pci_cfg_write() and
trace_pci_cfg_read() to print the device name and bus number,
slot number and function number.

For instance:

  pci_cfg_read virtio-net-pci 00:0 @0x20 -> 0xffffc00c
  pci_cfg_write virtio-net-pci 00:0 @0x20 <- 0xfea0000c
  pci_update_mappings_del d=0x555810b92330 01:00.0 4,0xffffc000+0x4000
  pci_update_mappings_add d=0x555810b92330 01:00.0 4,0xfea00000+0x4000

becomes

  pci_cfg_read virtio-net-pci 01:00.0 @0x20 -> 0xffffc00c
  pci_cfg_write virtio-net-pci 01:00.0 @0x20 <- 0xfea0000c
  pci_update_mappings_del virtio-net-pci 01:00.0 4,0xffffc000+0x4000
  pci_update_mappings_add virtio-net-pci 01:00.0 4,0xfea00000+0x4000

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20211105192541.655831-1-lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 05:19:55 -05:00
Cindy Lu
d5d24d859c virtio-pci: add support for configure interrupt
Add support for configure interrupt, The process is used kvm_irqfd_assign
to set the gsi to kernel. When the configure notifier was signal by
host, qemu will inject a msix interrupt to guest

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20211104164827.21911-11-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 05:19:55 -05:00
Cindy Lu
d48185f1a4 virtio-mmio: add support for configure interrupt
Add configure interrupt support for virtio-mmio bus. This
interrupt will be working while the backend is vhost-vdpa

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20211104164827.21911-10-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 05:19:55 -05:00
Cindy Lu
497679d510 virtio-net: add support for configure interrupt
Add functions to support configure interrupt in virtio_net
The functions are config_pending and config_mask, while
this input idx is VIRTIO_CONFIG_IRQ_IDX will check the
function of configure interrupt.

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20211104164827.21911-9-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 05:19:55 -05:00
Cindy Lu
f7220a7ce2 vhost: add support for configure interrupt
Add functions to support configure interrupt.
The configure interrupt process will start in vhost_dev_start
and stop in vhost_dev_stop.

Also add the functions to support vhost_config_pending and
vhost_config_mask, for masked_config_notifier, we only
use the notifier saved in vq 0.

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20211104164827.21911-8-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-06 06:11:39 -05:00
Cindy Lu
081f864f56 virtio: add support for configure interrupt
Add the functions to support the configure interrupt in virtio
The function virtio_config_guest_notifier_read will notify the
guest if there is an configure interrupt.
The function virtio_config_set_guest_notifier_fd_handler is
to set the fd hander for the notifier

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20211104164827.21911-7-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-06 06:11:39 -05:00
Cindy Lu
634f7c89fb vhost-vdpa: add support for config interrupt
Add new call back function in vhost-vdpa, this function will
set the event fd to kernel. This function will be called
in the vhost_dev_start and vhost_dev_stop

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20211104164827.21911-6-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-06 06:11:39 -05:00
Cindy Lu
316011b8a7 virtio-pci: decouple the single vector from the interrupt process
To reuse the interrupt process in configure interrupt
Need to decouple the single vector from the interrupt process. Add new function
kvm_virtio_pci_vector_use_one and _release_one. These functions are use
for the single vector, the whole process will finish in a loop for the vq number.

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20211104164827.21911-4-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-06 06:11:39 -05:00
Cindy Lu
e3480ef81f virtio-pci: decouple notifier from interrupt process
To reuse the notifier process in configure interrupt.
Use the virtio_pci_get_notifier function to get the notifier.
the INPUT of this function is the IDX, the OUTPUT is notifier and
the vector

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20211104164827.21911-3-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-06 06:11:39 -05:00
Cindy Lu
bf1d85c166 virtio: introduce macro IRTIO_CONFIG_IRQ_IDX
To support configure interrupt for vhost-vdpa
Introduce VIRTIO_CONFIG_IRQ_IDX -1 as configure interrupt's queue index,
Then we can reuse the functions guest_notifier_mask and guest_notifier_pending.
Add the check of queue index in these drivers, if the driver does not support
configure interrupt, the function will just return

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20211104164827.21911-2-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-06 06:11:39 -05:00
Michael S. Tsirkin
9bd6565cce acpi: validate hotplug selector on access
When bus is looked up on a pci write, we didn't
validate that the lookup succeeded.
Fuzzers thus can trigger QEMU crash by dereferencing the NULL
bus pointer.

Fixes: b32bd763a1 ("pci: introduce acpi-index property for PCI device")
Fixes: CVE-2021-4158
Cc: "Igor Mammedov" <imammedo@redhat.com>
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/770
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Ani Sinha <ani@anisinha.ca>
2022-01-06 06:11:38 -05:00
David Hildenbrand
7656d9ce09 virtio-mem: Don't skip alignment checks when warning about block size
If we warn about the block size being smaller than the default, we skip
some alignment checks.

This can currently only fail on x86-64, when specifying a block size of
1 MiB, however, we detect the THP size of 2 MiB.

Fixes: 228957fea3 ("virtio-mem: Probe THP size to determine default block size")
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20211011173305.13778-1-david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-06 04:16:58 -05:00
Cornelia Huck
01854af2cf hw: Add compat machines for 7.0
Add 7.0 machine types for arm/i440fx/q35/s390x/spapr.

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211217143948.289995-1-cohuck@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-01-05 09:06:36 +01:00
Frank Chang
b66f73a0cb hw/sd: Add SDHC support for SD card SPI-mode
In SPI-mode, SD card's OCR register: Card Capacity Status (CCS) bit
is not set to 1 correclty when the assigned SD image size is larger
than 2GB (SDHC). This will cause the SD card to be indentified as SDSC
incorrectly. CCS bit should be set to 1 if we are using SDHC.

Also, as there's no power up emulation in SPI-mode.
The OCR register: Card power up status bit bit (busy) should also
be set to 1 when reset. (busy bit is set to LOW if the card has not
finished the power up routine.)

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211228125719.14712-1-frank.chang@sifive.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-01-04 08:50:28 +01:00
Philippe Mathieu-Daudé
6947feca58 hw/sd/sdcard: Rename Write Protect Group variables
'wp_groups' holds a bitmap, rename it as 'wp_group_bmap'.
'wpgrps_size' is the bitmap size (in bits), rename it as
'wp_group_bits'.

Patch created mechanically using:

  $ sed -i -e s/wp_groups/wp_group_bmap/ \
           -e s/wpgrps_size/wp_group_bits/ hw/sd/sd.c

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210728181728.2012952-4-f4bug@amsat.org>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
2022-01-04 08:50:27 +01:00
Cédric Le Goater
c316203c1e ppc/ppc405: Fix timer initialization
Timers are already initialized in ppc4xx_init(). No need to do it a
second time with a wrong set.

Fixes: d715ea9612 ("PPC: 405: Fix ppc405ep initialization")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211222064025.1541490-7-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220103063441.3424853-8-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-04 07:55:34 +01:00
Cédric Le Goater
b1273a5e13 ppc/ppc405: Rework ppc_40x_timers_init() to use a PowerPCCPU
This is a small cleanup to ease reading. It includes the removal of a
check done on the returned value of g_malloc0(), which can not fail.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211222064025.1541490-6-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220103063441.3424853-7-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-04 07:55:34 +01:00
Cédric Le Goater
cbd8f17d16 ppc/ppc405: Restore TCR and STR write handlers
The 405 timers were broken when booke support was added. Assumption
was made that the register numbers were the same but it's not :

    SPR_BOOKE_TSR         (0x150)
    SPR_BOOKE_TCR         (0x154)
    SPR_40x_TSR           (0x3D8)
    SPR_40x_TCR           (0x3DA)

Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Fixes: ddd1055b07 ("PPC: booke timers")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211222064025.1541490-5-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220103063441.3424853-6-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-04 07:55:34 +01:00
Cédric Le Goater
b3b5c5d38f ppc/ppc4xx: Convert printfs()
Use a QEMU log primitive for errors and trace events for debug.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: David Gibson <david@gibson.drobear.id.au>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211222064025.1541490-3-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220103063441.3424853-4-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-04 07:55:34 +01:00
Daniel Henrique Barboza
9747d061ca pnv_phb4.c: do not set 'root-bus' as bus name
This change has the same motivation as the one done for pnv-phb3-root-bus
buses previously. Defaulting every bus to 'root-bus' makes it impossible to attach
root ports to specific buses and it doesn't allow for custom bus
naming because we're ignoring the 'id' value when registering the root
bus.

After this patch, creating pnv-phb4 devices with 'id' being set will
result in the following qtree:

qemu-system-ppc64 -m 4G -machine powernv9,accel=tcg \
   -device pnv-phb4,chip-id=0,index=0,id=pcie.0 \
   -device pnv-phb4,chip-id=1,index=4,id=pcie.1

bus: main-system-bus
  type System
  dev: pnv-phb4, id "pcie.1"
    index = 4 (0x4)
    chip-id = 1 (0x1)
    version = 704374636546 (0xa400000002)
    device-id = 1217 (0x4c1)
    x-config-reg-migration-enabled = true
    bypass-iommu = false
    bus: pcie.1
      type pnv-phb4-root-bus
  dev: pnv-phb4, id "pcie.0"
    index = 0 (0x0)
    chip-id = 0 (0x0)
    version = 704374636546 (0xa400000002)
    device-id = 1217 (0x4c1)
    x-config-reg-migration-enabled = true
    bypass-iommu = false
    bus: pcie.0
      type pnv-phb4-root-bus

And without setting any ids:

qemu-system-ppc64 -m 4G -machine powernv9,accel=tcg \
   -device pnv-phb4,chip-id=0,index=0,id=pcie.0 \
   -device pnv-phb4,chip-id=1,index=4,id=pcie.1

bus: main-system-bus
  type System
  dev: pnv-phb4, id ""
    index = 4 (0x4)
    chip-id = 1 (0x1)
    version = 704374636546 (0xa400000002)
    device-id = 1217 (0x4c1)
    x-config-reg-migration-enabled = true
    bypass-iommu = false
    bus: pnv-phb4-root-bus.1
      type pnv-phb4-root-bus
  dev: pnv-phb4, id ""
    index = 0 (0x0)
    chip-id = 0 (0x0)
    version = 704374636546 (0xa400000002)
    device-id = 1217 (0x4c1)
    x-config-reg-migration-enabled = true
    bypass-iommu = false
    bus: pnv-phb4-root-bus.0
      type pnv-phb4-root-bus

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211228193806.1198496-17-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-04 07:55:34 +01:00
Daniel Henrique Barboza
dec4e2897c pnv_phb3.c: do not set 'root-bus' as bus name
All pnv-phb3-root-bus buses are being created as 'root-bus'. This
makes it impossible to, for example, add a pnv-phb3-root-port in
a specific root bus, since they all have the same name. By default
the device will be parented by the pnv-phb3 device that precedeced it in
the QEMU command line.

Moreover, this doesn't all for custom bus naming. Libvirt, for instance,
likes to name these buses as 'pcie.N', where 'N' is the index value of
the controller in the domain XML, by using the 'id' command line
attribute. At this moment this is also being ignored - the created root
bus will always be named 'root-bus'.

This patch fixes both scenarios by removing the 'root-bus' name from the
pci_register_root_bus() call. If an "id" is provided, use that.
Otherwise use 'NULL' as bus name. The 'NULL' value will be handled in
qbus_init_internal() and it will defaulted as lowercase bus type + the
global bus_id value.

After this path we can define the bus name by using the 'id' attribute:

qemu-system-ppc64 -m 4G -machine powernv8,accel=tcg \
    -device pnv-phb3,chip-id=0,index=1,id=pcie.0

  dev: pnv-phb3, id "pcie.0"
    index = 1 (0x1)
    chip-id = 0 (0x0)
    x-config-reg-migration-enabled = true
    bypass-iommu = false
    bus: pcie.0
      type pnv-phb3-root-bus

And without an 'id' we will have the following default:

qemu-system-ppc64 -m 4G -machine powernv8,accel=tcg \
    -device pnv-phb3,chip-id=0,index=1

  dev: pnv-phb3, id ""
    index = 1 (0x1)
    chip-id = 0 (0x0)
    x-config-reg-migration-enabled = true
    bypass-iommu = false
    bus: pnv-phb3-root-bus.0
      type pnv-phb3-root-bus

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211228193806.1198496-3-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-04 07:55:34 +01:00
Cédric Le Goater
c42b9c8b33 ppc/pnv: Remove the PHB4 "device-id" property
It's unused.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20211222063817.1541058-4-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-04 07:55:34 +01:00
Cédric Le Goater
81fbb57b7b ppc/pnv: Remove PHB4 reset handler
The PHB4 reset handler was preparing ground for PHB5 to set
appropriately the device id. We don't need it for the PHB4 since the
device id is already set in the root port complex. PH5 will introduce
its own.

"device-id" property is now useless. It should be removed.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20211222063817.1541058-3-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-04 07:55:34 +01:00
Cédric Le Goater
316717feb3 ppc/pnv: Change the maximum of PHB3 devices for Power8NVL
The POWER8 processors with a NVLink logic unit have 4 PHB3 devices per
chip.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20211222063817.1541058-2-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-04 07:55:33 +01:00
Yanan Wang
864c3b5c32 hw/core/machine: Introduce CPU cluster topology support
The new Cluster-Aware Scheduling support has landed in Linux 5.16,
which has been proved to benefit the scheduling performance (e.g.
load balance and wake_affine strategy) on both x86_64 and AArch64.

So now in Linux 5.16 we have four-level arch-neutral CPU topology
definition like below and a new scheduler level for clusters.
struct cpu_topology {
    int thread_id;
    int core_id;
    int cluster_id;
    int package_id;
    int llc_id;
    cpumask_t thread_sibling;
    cpumask_t core_sibling;
    cpumask_t cluster_sibling;
    cpumask_t llc_sibling;
}

A cluster generally means a group of CPU cores which share L2 cache
or other mid-level resources, and it is the shared resources that
is used to improve scheduler's behavior. From the point of view of
the size range, it's between CPU die and CPU core. For example, on
some ARM64 Kunpeng servers, we have 6 clusters in each NUMA node,
and 4 CPU cores in each cluster. The 4 CPU cores share a separate
L2 cache and a L3 cache tag, which brings cache affinity advantage.

In virtualization, on the Hosts which have pClusters (physical
clusters), if we can design a vCPU topology with cluster level for
guest kernel and have a dedicated vCPU pinning. A Cluster-Aware
Guest kernel can also make use of the cache affinity of CPU clusters
to gain similar scheduling performance.

This patch adds infrastructure for CPU cluster level topology
configuration and parsing, so that the user can specify cluster
parameter if their machines support it.

Signed-off-by: Yanan Wang <wangyanan55@huawei.com>
Message-Id: <20211228092221.21068-3-wangyanan55@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
[PMD: Added '(since 7.0)' to @clusters in qapi/machine.json]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-12-31 13:42:39 +01:00
Philippe Mathieu-Daudé
3e2f14981c hw/core: Rename smp_parse() -> machine_parse_smp_config()
All methods related to MachineState are prefixed with "machine_".
smp_parse() does not need to be an exception. Rename it and
const'ify the SMPConfiguration argument, since it doesn't need
to be modified.

Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
Tested-by: Yanan Wang <wangyanan55@huawei.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211216132015.815493-9-philmd@redhat.com>
2021-12-31 13:35:10 +01:00
Philippe Mathieu-Daudé
2ebd9ce19a hw/qdev: Rename qdev_connect_gpio_out*() 'input_pin' parameter
@pin is an input where we connect a device output.
Rename it @input_pin to simplify the documentation.

Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211218130437.1516929-5-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-12-31 13:21:36 +01:00
Philippe Mathieu-Daudé
4a63054bce pci: Let ld*_pci_dma() propagate MemTxResult
ld*_dma() returns a MemTxResult type. Do not discard
it, return it to the caller.

Update the few callers.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-24-philmd@redhat.com>
2021-12-31 01:05:27 +01:00
Philippe Mathieu-Daudé
398f9a84ac pci: Let ld*_pci_dma() take MemTxAttrs argument
Let devices specify transaction attributes when calling ld*_pci_dma().

Keep the default MEMTXATTRS_UNSPECIFIED in the few callers.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-22-philmd@redhat.com>
2021-12-31 01:05:27 +01:00
Philippe Mathieu-Daudé
a423a1b523 pci: Let st*_pci_dma() take MemTxAttrs argument
Let devices specify transaction attributes when calling st*_pci_dma().

Keep the default MEMTXATTRS_UNSPECIFIED in the few callers.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-21-philmd@redhat.com>
2021-12-31 01:05:27 +01:00
Philippe Mathieu-Daudé
cd1db8df74 dma: Let ld*_dma() propagate MemTxResult
dma_memory_read() returns a MemTxResult type. Do not discard
it, return it to the caller.

Update the few callers.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-19-philmd@redhat.com>
2021-12-31 01:05:27 +01:00
Philippe Mathieu-Daudé
34cdea1db6 dma: Let ld*_dma() take MemTxAttrs argument
Let devices specify transaction attributes when calling ld*_dma().

Keep the default MEMTXATTRS_UNSPECIFIED in the few callers.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-17-philmd@redhat.com>
2021-12-31 01:05:27 +01:00
Philippe Mathieu-Daudé
2280c27afc dma: Let st*_dma() take MemTxAttrs argument
Let devices specify transaction attributes when calling st*_dma().

Keep the default MEMTXATTRS_UNSPECIFIED in the few callers.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-16-philmd@redhat.com>
2021-12-31 01:05:27 +01:00
Philippe Mathieu-Daudé
1e5a3f8b2a dma: Let dma_buf_read() take MemTxAttrs argument
Let devices specify transaction attributes when calling
dma_buf_read().

Keep the default MEMTXATTRS_UNSPECIFIED in the few callers.

Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-13-philmd@redhat.com>
2021-12-31 01:05:27 +01:00
Philippe Mathieu-Daudé
392e48af34 dma: Let dma_buf_write() take MemTxAttrs argument
Let devices specify transaction attributes when calling
dma_buf_write().

Keep the default MEMTXATTRS_UNSPECIFIED in the few callers.

Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-12-philmd@redhat.com>
2021-12-31 01:05:27 +01:00
Philippe Mathieu-Daudé
e2d784b67d pci: Let pci_dma_rw() take MemTxAttrs argument
Let devices specify transaction attributes when calling pci_dma_rw().

Keep the default MEMTXATTRS_UNSPECIFIED in the few callers.

Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-10-philmd@redhat.com>
2021-12-31 01:05:23 +01:00
Philippe Mathieu-Daudé
5e468a36dc dma: Have dma_buf_read() / dma_buf_write() take a void pointer
DMA operations are run on any kind of buffer, not arrays of
uint8_t. Convert dma_buf_read/dma_buf_write functions to take
a void pointer argument and save us pointless casts to uint8_t *.

Remove this pointless casts in the megasas device model.

Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-9-philmd@redhat.com>
2021-12-30 17:16:32 +01:00
Philippe Mathieu-Daudé
a1d4b0a305 dma: Let dma_memory_map() take MemTxAttrs argument
Let devices specify transaction attributes when calling
dma_memory_map().

Patch created mechanically using spatch with this script:

  @@
  expression E1, E2, E3, E4;
  @@
  - dma_memory_map(E1, E2, E3, E4)
  + dma_memory_map(E1, E2, E3, E4, MEMTXATTRS_UNSPECIFIED)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20211223115554.3155328-7-philmd@redhat.com>
2021-12-30 17:16:32 +01:00
Philippe Mathieu-Daudé
ba06fe8add dma: Let dma_memory_read/write() take MemTxAttrs argument
Let devices specify transaction attributes when calling
dma_memory_read() or dma_memory_write().

Patch created mechanically using spatch with this script:

  @@
  expression E1, E2, E3, E4;
  @@
  (
  - dma_memory_read(E1, E2, E3, E4)
  + dma_memory_read(E1, E2, E3, E4, MEMTXATTRS_UNSPECIFIED)
  |
  - dma_memory_write(E1, E2, E3, E4)
  + dma_memory_write(E1, E2, E3, E4, MEMTXATTRS_UNSPECIFIED)
  )

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20211223115554.3155328-6-philmd@redhat.com>
2021-12-30 17:16:32 +01:00
Philippe Mathieu-Daudé
23faf5694f dma: Let dma_memory_rw() take MemTxAttrs argument
Let devices specify transaction attributes when calling
dma_memory_rw().

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20211223115554.3155328-5-philmd@redhat.com>
2021-12-30 17:16:32 +01:00
Philippe Mathieu-Daudé
7a36e42d91 dma: Let dma_memory_set() take MemTxAttrs argument
Let devices specify transaction attributes when calling
dma_memory_set().

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20211223115554.3155328-3-philmd@redhat.com>
2021-12-30 17:16:32 +01:00
Philippe Mathieu-Daudé
41d5e8da3d hw/scsi/megasas: Use uint32_t for reply queue head/tail values
While the reply queue values fit in 16-bit, they are accessed
as 32-bit:

  661:    s->reply_queue_head = ldl_le_pci_dma(pcid, s->producer_pa);
  662:    s->reply_queue_head %= MEGASAS_MAX_FRAMES;
  663:    s->reply_queue_tail = ldl_le_pci_dma(pcid, s->consumer_pa);
  664:    s->reply_queue_tail %= MEGASAS_MAX_FRAMES;

Having:

  41:#define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */

In order to update the ld/st*_pci_dma() API to pass the address
of the value to access, it is simpler to have the head/tail declared
as 32-bit values. Replace the uint16_t by uint32_t, wasting 4 bytes in
the MegasasState structure.

Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-20-philmd@redhat.com>
2021-12-30 17:16:32 +01:00
Laurent Vivier
1b529d908d failover: Silence warning messages during qtest
virtio-net-failover test tries several device combinations that produces
some expected warnings.
These warning can be confusing, so we disable them during the qtest
sequence.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20211220145314.390697-1-lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
[thuth: Fix memory leak by using error_free()]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-22 08:12:45 +01:00
Marc-André Lureau
f6ef71bded ui: move qemu_spice_fill_device_address to ui/util.c
Other backends can use it.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-12-21 10:50:21 +04:00
Marc-André Lureau
f6413cbfd0 ui: simplify gl unblock & flush
GraphicHw.gl_flushed was introduced to notify the
device (vhost-user-gpu) that the GL resources (the display scanout) are
no longer needed.

It was decoupled from QEMU own gl-blocking mechanism, but that
difference isn't helping. Instead, we can reuse QEMU gl-blocking and
notify virtio_gpu_gl_flushed() when unblocking (to unlock
vhost-user-gpu).

An extra block/unblock is added arount dpy_gl_update() so existing
backends that don't block will have the flush event handled. It will
also help when there are no backends associated.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-12-21 10:50:21 +04:00
Marc-André Lureau
46e4609e33 virtio-gpu: use VIRTIO_GPU_RESOURCE_FLAG_Y_0_TOP
It's part of Linux headers for a while now.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-12-21 10:50:21 +04:00
Marc-André Lureau
8f5f1ea0c0 hw/display: report an error if virgl initialization failed
Currently, virgl initialization error is silent. Make it verbose instead.

(this is likely going to bug later on, as the device isn't fully
initialized)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-12-21 10:50:21 +04:00
Jessica Clarke
7e322a7f23 hw/riscv: Use load address rather than entry point for fw_dynamic next_addr
The original BBL boot method had the kernel embedded as an opaque blob
that was blindly jumped to, which OpenSBI implemented as fw_payload.
OpenSBI then implemented fw_jump, which allows the payload to be loaded
elsewhere, but still blindly jumps to a fixed address at which the
kernel is to be loaded. Finally, OpenSBI introduced fw_dynamic, which
allows the previous stage to inform it where to jump to, rather than
having to blindly guess like fw_jump, or embed the payload as part of
the build like fw_payload. When used with an opaque binary (i.e. the
output of objcopy -O binary), it matches the behaviour of the previous
methods. However, when used with an ELF, QEMU currently passes on the
ELF's entry point address, which causes a discrepancy compared with all
the other boot methods if that entry point is not the first instruction
in the binary.

This difference specific to fw_dynamic with an ELF is not apparent when
booting Linux, since its entry point is the first instruction in the
binary. However, FreeBSD has a separate ELF entry point, following the
calling convention used by its bootloader, that differs from the first
instruction in the binary, used for the legacy SBI entry point, and so
the specific combination of QEMU's default fw_dynamic firmware with
booting FreeBSD as an ELF rather than a raw binary does not work.

Thus, align the behaviour when loading an ELF with the behaviour when
loading a raw binary; namely, use the base address of the loaded kernel
in place of the entry point.

The uImage code is left as-is in using the U-Boot header's entry point,
since the calling convention for that entry point is the same as the SBI
one and it mirrors what U-Boot will do.

Signed-off-by: Jessica Clarke <jrtc27@jrtc27.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20211214032456.70203-1-jrtc27@jrtc27.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-12-20 14:53:31 +10:00
Philippe Mathieu-Daudé
5a3a2eb3b1 hw/i386/vmmouse: Require 'i8042' property to be set
If the 'i8042' property is not set, mouse events handled by
vmmouse_mouse_event() end calling i8042_isa_mouse_fake_event()
with a NULL argument, resulting in ps2_mouse_fake_event() being
called with invalid PS2MouseState pointer. Fix by requiring
the 'i8042' property to be always set:

  $ qemu-system-x86_64 -device vmmouse
  qemu-system-x86_64: -device vmmouse: 'i8042' link is not set

Fixes: 91c9e09147 ("vmmouse: convert to qdev")
Reported-by: Calvin Buckley <calvin@cmpct.info>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/752
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211201223253.36080-1-f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-18 10:57:37 +01:00
Philippe Mathieu-Daudé
97a2b074d1 hw/scsi/megasas: Fails command if SGL buffer overflows
If we detect an overflow on the SGL buffer, do not
keep processing the command: discard it. TARGET_FAILURE
sense code will be returned (MFI_STAT_SCSI_DONE_WITH_ERROR).

Reported-by: Alexander Bulekov <alxndr@bu.edu>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/521
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20211119201141.532377-2-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-18 10:57:36 +01:00
Richard Henderson
90978e15bc Trivial patches pull request 20211217
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmG87o8SHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L7484L4QAIkEUWlOKfF+xjwGq5BRQhV9gdW2sYYD
 p+QA59lEUpdyfSw5fG6xqyhjywWMiwAyDDM2RnAGEwtqTbZPgcSLD7e0x4SW2DkE
 wGBQaGRpj6QsAYctSEaEwwAErvxkMR9nX43IWVQrFCH4NtHKys4GtiTTZuJK0hDp
 U+b9FrX5x9RmqqY+XT+mY51E/2qC50b36WlstBuleLKkPG7K/Eky8cIxr+O8WsLR
 30OoL50yVe/u5AVZuzOqouFMzlf8YagiaUFquh5HXe/TUHtdA311AVCrd9XOANSK
 TXIINcQ1gsUMZ84mmMWovO9G4alexQQz04tm3CH5+rnOSlQ51sw8R+uFQWppOwIg
 5oSEx2A/ibsgdd7XwHt7xGj0iVPy9gNBlCxjEYZtMXAZyWLmvYBZvlmF3764Psgm
 i9NQ/nAS0DnXd2HA2P9Ndttw3JF2U2pFLC5ti4LCs9SD3iwZs7KMr5VxXjpeVa90
 /I2dAFisc/07sFqR7Fch8048HFg5stodCrhv3MIFlew3JJcyWuNqQOSLG6bWOLA2
 7UVkoO6YSDGLdz/cEn00t0kx9Ps2/PpqIbLydLPjpp6NpL4GE003JAp6nZ8Lam0l
 xd5v3Cg7RY+tc/QyTnSvDoE1UF0XD67pMnhL3IcdfrtFAJNWu44i25pdFEqwvO9U
 WqYS8AcLCoAv
 =EP1J
 -----END PGP SIGNATURE-----

Merge tag 'trivial-branch-for-7.0-pull-request' of https://gitlab.com/laurent_vivier/qemu into staging

Trivial patches pull request 20211217

# gpg: Signature made Fri 17 Dec 2021 12:09:51 PM PST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [unknown]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [unknown]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* tag 'trivial-branch-for-7.0-pull-request' of https://gitlab.com/laurent_vivier/qemu:
  checkpatch: Do not allow deprecated g_memdup()
  tests/qtest: Replace g_memdup() by g_memdup2()
  glib-compat: Introduce g_memdup2() wrapper
  docs/block-replication.txt: Fix replication top-id command demo
  hw/virtio/vhost: Fix typo in comment.
  hw/avr: Realize AVRCPU qdev object using qdev_realize()
  qemu-keymap: Add license in generated files
  target/i386/kvm: Replace use of __u32 type
  configure: Symlink binaries using .exe suffix with MinGW

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-17 13:15:38 -08:00
Richard Henderson
93dc314c92 ppc 7.0 queue:
* General cleanup for Mac machines (Peter)
 * Fixes for FPU exceptions (Lucas)
 * Support for new ISA31 instructions (Matheus)
 * Fixes for ivshmem (Daniel)
 * Cleanups for PowerNV PHB (Christophe and Cedric)
 * Updates of PowerNV and pSeries documentation (Leonardo and Daniel)
 * Fixes for PowerNV (Daniel)
 * Large cleanup of FPU implementation (Richard)
 * Removal of SoftTLBs support for PPC74x CPUs (Fabiano)
 * Fixes for exception models in MPCx and 60x CPUs (Fabiano)
 * Removal of 401/403 CPUs (Cedric)
 * Deprecation of taihu machine (Thomas)
 * Large rework of PPC405 machine (Cedric)
 * Fixes for VSX instructions (Victor and Matheus)
 * Fix for e6500 CPU (Fabiano)
 * Initial support for PMU (Daniel)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmG8xt8ACgkQUaNDx8/7
 7KG3Dg/9EXK3GslNgUNRvB1pgRSimnrUirGUiDmZPXxevIbsoPsYaXmUcD1zOnlb
 zXiCzQ2Bvi8ZUjT1uScP7dkFCdzs6gXYbTEcTzscX3k2VnTjXHXhQ3cnb0uModP5
 U1QzrjV7K/q1usJW5OVSGZS1PoWOqWuZNdcp0mIUWcJHhSaYtUGGPohp7rH0JSug
 ncmkRA0KLgIX8eg8swyfJxrw9wCcXlFIcmwHipB8S/Dd/gUpmFEoaQsmugSJNYZe
 zi8Fd4jfzlRXVwb8EUSiOiaXSd/WKjEcQx/usbzzaBacbktk/nfy+rligUMryCpO
 vGFM5blxEX5SXD3Cd0vcFwYhCZImphD8K+Sxe6Us69rsUH11hJS+q29/Puk1MkHt
 DTubqB3k4BheiatOV1zeUMlbRm5svUhGj3VstFZYZeZ3Oh47Jsx3XH4hoytUuc/1
 lP9UGkaf3nIx12vSqBA/3Crc7zalWX5OhaUV5RG30+jxd8zHOKcasKbd22710DNz
 4WybQLb3bpUr091mWMKcaAkP6bxcE8S+mR4LE2kdELboAnkB+OgSmrdZ3slceaCv
 btV8qjNl4f8lBvyFQVxZ5bn05+TfxUXFlFxXipxf1fI64bYwRnyQQ3yRxMHipRYK
 CRta1akVgIgcBbeeRHBZLA12UgTQJY6WIoDaZMz9NxIDHJnX/jw=
 =APFd
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20211217' of https://github.com/legoater/qemu into staging

ppc 7.0 queue:

* General cleanup for Mac machines (Peter)
* Fixes for FPU exceptions (Lucas)
* Support for new ISA31 instructions (Matheus)
* Fixes for ivshmem (Daniel)
* Cleanups for PowerNV PHB (Christophe and Cedric)
* Updates of PowerNV and pSeries documentation (Leonardo and Daniel)
* Fixes for PowerNV (Daniel)
* Large cleanup of FPU implementation (Richard)
* Removal of SoftTLBs support for PPC74x CPUs (Fabiano)
* Fixes for exception models in MPCx and 60x CPUs (Fabiano)
* Removal of 401/403 CPUs (Cedric)
* Deprecation of taihu machine (Thomas)
* Large rework of PPC405 machine (Cedric)
* Fixes for VSX instructions (Victor and Matheus)
* Fix for e6500 CPU (Fabiano)
* Initial support for PMU (Daniel)

# gpg: Signature made Fri 17 Dec 2021 09:20:31 AM PST
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-ppc-20211217' of https://github.com/legoater/qemu: (101 commits)
  ppc/pnv: Use QOM hierarchy to scan PEC PHB4 devices
  ppc/pnv: Move realize of PEC stacks under the PEC model
  ppc/pnv: Remove "system-memory" property from PHB4 PEC
  ppc/pnv: Compute the PHB index from the PHB4 PEC model
  ppc/pnv: Introduce a num_stack class attribute
  ppc/pnv: Introduce a "chip" property under the PHB4 model
  ppc/pnv: Introduce version and device_id class atributes for PHB4 devices
  ppc/pnv: Introduce a num_pecs class attribute for PHB4 PEC devices
  ppc/pnv: Use QOM hierarchy to scan PHB3 devices
  ppc/pnv: Move mapping of the PHB3 CQ regions under pnv_pbcq_realize()
  ppc/pnv: Drop the "num-phbs" property
  ppc/pnv: Use the chip class to check the index of PHB3 devices
  ppc/pnv: Introduce a "chip" property under PHB3
  PPC64/TCG: Implement 'rfebb' instruction
  target/ppc/power8-pmu.c: add PM_RUN_INST_CMPL (0xFA) event
  target/ppc: enable PMU instruction count
  target/ppc: enable PMU counter overflow with cycle events
  target/ppc: PMU: update counters on MMCR1 write
  target/ppc: PMU: update counters on PMCs r/w
  target/ppc: PMU basic cycle count for pseries TCG
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-17 09:55:14 -08:00
Cédric Le Goater
0e6232bc3c ppc/pnv: Use QOM hierarchy to scan PEC PHB4 devices
When -nodefaults is supported for PHB4 devices, the pecs array under
the chip will be empty. This will break the 'info pic' HMP command.

Do a QOM loop on the chip children and look for PEC PHB4 devices
instead.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20211213132830.108372-15-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
13480fc58a ppc/pnv: Move realize of PEC stacks under the PEC model
This change will help us providing support for user created PHB4
devices.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211213132830.108372-14-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
8da4f8f7b7 ppc/pnv: Remove "system-memory" property from PHB4 PEC
This is not useful and will be in the way for support of user created
PHB4 devices.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211213132830.108372-13-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
aa8cc84d88 ppc/pnv: Compute the PHB index from the PHB4 PEC model
Use the num_stacks class attribute to compute the PHB index depending
on the PEC index :

  * PEC0 provides 1 PHB  (PHB0)
  * PEC1 provides 2 PHBs (PHB1 and PHB2)
  * PEC2 provides 3 PHBs (PHB3, PHB4 and PHB5)

The routine pnv_pec_phb_offset() is a bit complex but it also prepares
ground for PHB5 which has a different layout of stacks: 3 per PECs.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211213132830.108372-12-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
cf0ee6955c ppc/pnv: Introduce a num_stack class attribute
Each PEC device of the POWER9 chip has a predefined number of stacks,
equivalent of a root port complex:

  PEC0 -> 1 stack
  PEC1 -> 2 stacks
  PEC2 -> 3 stacks

Introduce a class attribute to hold these values and remove the
"num-stacks" property.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211213132830.108372-11-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
6f43d2551f ppc/pnv: Introduce a "chip" property under the PHB4 model
And check the PEC index using the chip class.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211213132830.108372-10-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
12060cbd3f ppc/pnv: Introduce version and device_id class atributes for PHB4 devices
It prepares ground for PHB5 which has different values.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211213132830.108372-9-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
422fd92e61 ppc/pnv: Introduce a num_pecs class attribute for PHB4 PEC devices
POWER9 processor comes with 3 PHB4 PEC (PCI Express Controller) and
each PEC can have several PHBs :

  * PEC0 provides 1 PHB  (PHB0)
  * PEC1 provides 2 PHBs (PHB1 and PHB2)
  * PEC2 provides 3 PHBs (PHB3, PHB4 and PHB5)

A num_pecs class attribute represents better the logic units of the
POWER9 chip. Use that instead of num_phbs which fits POWER8 chips.
This will ease adding support for user created devices.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211213132830.108372-8-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
2ff73dda02 ppc/pnv: Use QOM hierarchy to scan PHB3 devices
When -nodefaults is supported for PHB3 devices, the phbs array under
the chip will be empty. This will break the XICSFabric handlers, and
all interrupt delivery, and the 'info pic' HMP command.

Do a QOM loop on the chip children and look for PHB3 devices instead.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20211213132830.108372-7-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
10841a76eb ppc/pnv: Move mapping of the PHB3 CQ regions under pnv_pbcq_realize()
This change will help us providing support for user created PHB3
devices.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211213132830.108372-6-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
9e59b09ccf ppc/pnv: Drop the "num-phbs" property
It is never used.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211213132830.108372-5-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
a8fa95c7e6 ppc/pnv: Use the chip class to check the index of PHB3 devices
The maximum number of PHB3 devices per chip can be different depending
on the POWER8 processor model.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20211213132830.108372-4-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Cédric Le Goater
2c4d3a501e ppc/pnv: Introduce a "chip" property under PHB3
This change will help us move the mapping of XSCOM regions under the
PHB3 realize routine, which will be necessary for user created PHB3
devices.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211213132830.108372-3-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:19 +01:00
Daniel Henrique Barboza
8f2e9d4003 target/ppc: introduce PMUEventType and PMU overflow timers
This patch starts an IBM Power8+ compatible PMU implementation by adding
the representation of PMU events that we are going to sample,
PMUEventType. This enum represents a Perf event that is being sampled by
a specific counter 'sprn'. Events that aren't available (i.e. no event
was set in MMCR1) will be of type 'PMU_EVENT_INVALID'. Events that are
inactive due to frozen counter bits state are of type
'PMU_EVENT_INACTIVE'. Other types added in this patch are
PMU_EVENT_CYCLES and PMU_EVENT_INSTRUCTIONS.  More types will be added
later on.

Let's also add the required PMU cycle overflow timers. They will be used
to trigger cycle overflows when cycle events are being sampled. This
timer will call cpu_ppc_pmu_timer_cb(), which in turn calls
fire_PMC_interrupt().  Both functions are stubs that will be implemented
later on when EBB support is added.

Two new helper files are created to host this new logic.
cpu_ppc_pmu_init() will init all overflow timers during CPU init time.

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20211201151734.654994-2-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:18 +01:00
Cédric Le Goater
6518c0ede9 ppc/ppc405: Add update of bi_procfreq field
Adapt the fields offset in the board information for Linux. Since
Linux relies on the CPU frequency value, I wonder how it ever worked.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211206103712.1866296-15-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
e0caa8e64d ppc/ppc405: Fix bi_pci_enetaddr2 field in U-Boot board information
The board information for the 405EP first appeared in commit 04f20795ac
("Move PowerPC 405 specific definitions into a separate file ...")
An Ethernet address is a 6 byte number. Fix that.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211206103712.1866296-14-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
cada9f30d3 ppc/ppc405: Change default PLL values at reset
These values are computed and updated by U-Boot at startup. Use them
as defaults to improve direct Linux boot.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211206103712.1866296-13-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
337270b2a5 ppc/ppc405: Fix boot from kernel
The machine can already boot with kernel and initrd U-boot images if a
firmware is loaded first. Adapt and improve the load sequence to let
the machine boot directly from a Linux kernel ELF image and a usual
initrd image if a firmware image is not provided. For that, install a
custom CPU reset handler to setup the registers and to start the CPU
from the Linux kernel entry point.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211206103712.1866296-12-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
e3931ecab3 ppc/ppc405: Introduce ppc405_set_default_bootinfo()
This routine is a small helper to cleanup the code. The update of the
flash fields were removed because there are not of any use when booting
from a Linux kernel image. It should be functionally equivalent.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211206103712.1866296-11-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
13d63de59b ppc/ppc405: Rework FW load
QEMU installs a custom U-Boot in-memory descriptor to share board
information with Linux, which means that the QEMU machine was
initially designed to support booting Linux directly without using the
loaded FW. But, it's not that simple because the CPU still starts at
address 0xfffffffc where nothing is currently mapped. Support must
have been broken these last years.

Since we can not find a "ppc405_rom.bin" firmware file, request one to
be specified on the command line. A consequence of this change is that
the machine can be booted directly from Linux without any FW being
loaded. This is still broken and the CPU start address will be fixed
in the next changes.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211206103712.1866296-10-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
9fb100efa1 ppc/ppc405: Remove flash support
It is currently impossible to find a "ppc405_rom.bin" firmware file or
a full flash image for the PPC405EP evalution board. Even if it should
be technically possible to recreate such an image, it's unlikely that
anyone will do it since the board is obsolete and support in QEMU has
been broken for about 10 years.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211206103712.1866296-9-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
f61b99d35e ppc/ppc405: Add some address space definitions
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211206103712.1866296-8-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
a3e973e1bf ppc/ppc405: Change ppc405ep_init() return value
I will be useful to rework the boot from Linux.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211206103712.1866296-7-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
af9e361512 ppc/ppc405: Drop flag parameter in ppc405_set_bootinfo()
It was introduced in commit b8d3f5d126 ("Add flags to support
PowerPC 405 bootinfos variations.") but since its value has always
been set to '1'.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211206103712.1866296-6-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
09960a5be3 ppc/ppc405: Convert printfs to trace-events
and one error message to a LOG_GUEST_ERROR.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211206103712.1866296-5-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
de82dabead ppc: Add trace-events for DCR accesses
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211206103712.1866296-4-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Thomas Huth
26e8bed611 ppc: Mark the 'taihu' machine as deprecated
The PPC 405 CPU is a system-on-a-chip, so all 405 machines are very similar,
except for some external periphery. However, the periphery of the 'taihu'
machine is hardly emulated at all (e.g. neither the LCD nor the USB part had
been implemented), so there is not much value added by this board. The users
can use the 'ref405ep' machine to test their PPC405 code instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20211203164904.290954-2-thuth@redhat.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211206103712.1866296-3-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Cédric Le Goater
82f64c2384 ppc/ppc405: Change kernel load address
The default addresses to load the kernel, fdt, initrd of AMCC boards
in U-Boot v2015.10 are :

	"kernel_addr_r=1000000\0"
	"fdt_addr_r=1800000\0"
	"ramdisk_addr_r=1900000\0"

The taihu is one of these boards, the ref405ep is not but we don't
have much information on it and both boards have a very similar
address space layout.

Also, if loaded at address 0, U-Boot will partially overwrite the
uImage because of a bug in get_ram_size() (U-Boot v2015.10) not
restoring properly the probed RAM contents and because the exception
vectors are installed in the same range. Finally, a gzipped kernel
image will be uncompressed at 0x0. These are all good reasons for not
mappping a kernel image at this address.

Change the kernel load address to match U-Boot expectations and fix
loading.

Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20211202191446.1292125-1-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211206103712.1866296-2-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:17 +01:00
Daniel Henrique Barboza
bbfbbff5fc ppc/pnv.c: fix "system-id" FDT when -uuid is set
Setting -uuid in the pnv machine does not work:

./qemu-system-ppc64 -machine powernv8,accel=tcg  -uuid 7ff61ca1-a4a0-4bc1-944c-abd114a35e80
qemu-system-ppc64: error creating device tree: (fdt_property_string(fdt, "system-id", buf)): FDT_ERR_BADSTATE

This happens because we're using fdt_property_string(), which is a
sequential write function that is supposed to be used when we're
building a new FDT, in a case where read/writing into an existing FDT.

Fix it by using fdt_setprop_string() instead.

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20211207094858.744386-1-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:13 +01:00
Daniel Henrique Barboza
ebe6c3fab8 ppc/pnv.c: add a friendly warning when accel=kvm is used
If one tries to use -machine powernv9,accel=kvm in a Power9 host, a
cryptic error will be shown:

qemu-system-ppc64: Register sync failed... If you're using kvm-hv.ko, only "-cpu host" is possible
qemu-system-ppc64: kvm_init_vcpu: kvm_arch_init_vcpu failed (0): Invalid argument

Appending '-cpu host' will throw another error:

qemu-system-ppc64: invalid chip model 'host' for powernv9 machine

The root cause is that in IBM PowerPC we have different specs for the bare-metal
and the guests. The bare-metal follows OPAL, the guests follow PAPR. The kernel
KVM modules presented in the ppc kernels implements PAPR. This means that we
can't use KVM accel when using the powernv machine, which is the emulation of
the bare-metal host.

All that said, let's give a more informative error in this case.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20211130133153.444601-2-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:13 +01:00
Christophe Lombard
fa4b5eaaf9 pci-host: Allow extended config space access for PowerNV PHB4 model
The PCIe extended configuration space on the device is not currently
accessible to the host. if by default,  it is still inaccessible for
conventional for PCIe buses, add the current flag
PCI_BUS_EXTENDED_CONFIG_SPACE on the root bus permits PCI-E extended
config space access.

Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211109145053.43524-1-clombard@linux.vnet.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:13 +01:00
Daniel Henrique Barboza
ef80a708b5 ivshmem.c: change endianness to LITTLE_ENDIAN
The ivshmem device, as with most PCI devices, uses little endian byte
order. However, the endianness of its mmio_ops is marked as
DEVICE_NATIVE_ENDIAN. This presents not only the usual problems with big
endian hosts but also with PowerPC little endian hosts as well, since
the Power architecture in QEMU uses big endian hardware (XIVE controller,
PCI Host Bridges, etc) even if the host is in little endian byte order.

As it is today, the IVPosition of the device will be byte swapped when
running in Power BE and LE. This can be seen by changing the existing
qtest 'ivshmem-test' to run in ppc64 hosts and printing the IVPOSITION
regs in test_ivshmem_server() right after the VM ids assert. For x86_64
the VM id values read are '0' and '1', for ppc64 (tested in a Power8
RHEL 7.9 BE server) and ppc64le (tested in a Power9 RHEL 8.6 LE server)
the ids will be '0' and '0x1000000'.

Change this device to LITTLE_ENDIAN fixes the issue for Power hosts of
both endianness, and every other big-endian architecture that might use
this device, without impacting x86 users.

Fixes: cb06608e17 ("ivshmem: convert to memory API")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/168
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211124092948.335389-2-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:13 +01:00
Peter Maydell
83234b8289 hw/ppc/mac.h: Remove MAX_CPUS macro
The mac.h header defines a MAX_CPUS macro. This is confusingly named,
because it suggests it's a generic setting, but in fact it's used
by only the g3beige and mac99 machines. It's also using a single
macro for two values which aren't inherently the same -- if one
of these two machines was updated to support SMP configurations
then it would want a different max_cpus value to the other.

Since the macro is used in only two places, just expand it out
and get rid of it. If hypothetical future work to support SMP
in these boards needs a compile-time-known limit on the number
of CPUs, we can give it a suitable name at that point.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211105184216.120972-1-peter.maydell@linaro.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-12-17 17:57:12 +01:00
Leonardo Garcia
f71d31fa81 hw/virtio/vhost: Fix typo in comment.
Signed-off-by: Leonardo Garcia <lagarcia@br.ibm.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <a10a0ddab65b474ebea1e1141abe0f4aa463909b.1637668012.git.lagarcia@br.ibm.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-12-17 10:46:08 +01:00
Philippe Mathieu-Daudé
74fb2f4f4c hw/avr: Realize AVRCPU qdev object using qdev_realize()
TYPE_AVR_CPU inherits TYPE_CPU, which itself inherits TYPE_DEVICE.
TYPE_DEVICE instances are realized using qdev_realize(), we don't
need to access QOM internal values.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
Message-Id: <20211205224109.322152-1-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-12-17 10:43:24 +01:00
Matthew Rosato
ac6aa30ac4 s390x/pci: add supported DT information to clp response
The DTSM is a mask that specifies which I/O Address Translation designation
types are supported.  Today QEMU only supports DT=1.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <20211203142706.427279-5-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-17 09:12:37 +01:00
Matthew Rosato
cb6d6a3e6a s390x/pci: use the passthrough measurement update interval
We may have gotten a measurement update interval from the underlying host
via vfio -- Use it to set the interval via which we update the function
measurement block.

Fixes: 28dc86a072 ("s390x/pci: use a PCI Group structure")
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <20211203142706.427279-4-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-17 09:12:37 +01:00
Matthew Rosato
df7ce0a94d s390x/pci: don't use hard-coded dma range in reg_ioat
Instead use the values from clp info, they will either be the hard-coded
values or what came from the host driver via vfio.

Fixes: 9670ee7527 ("s390x/pci: use a PCI Function structure")
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <20211203142706.427279-3-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-17 09:12:37 +01:00
Richard Henderson
29eb5c2c86 * improve compatibility for macOS scripts/entitlement.sh (Evan)
* add support for KVM_GUESTDBG_BLOCKIRQ (Maxim)
 * update linux-headers to Linux 5.16 (myself)
 * configure cleanups (myself)
 * lsi53c895a assertion failure fix (Philippe)
 * fix incorrect description for die-id (Yanan)
 * support for NUMA in SGX enclave memory (Yang Zhong)
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmG5yEgUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroOFkwf9Glt3tnHfO/gWZectiMAjjM8vg3cR
 yEsWU0fa0iu8MO8NiOW0b6DT0yosZ8rl2SYSZBQGqwa/Lq2MZLO2v0JG4LblBom7
 WVmzNOG4t0OFoE2gwMlZ2J+ppaHV5zN1Yc6lMXOVQcefY0pXoyze+0Fq/cwKf2+p
 6WDZTuOpjtxMwt9n71b93kNAHagk422MpNi1xi+o37hNsm/Zh3BTtaSJ7WCkCmWq
 YmwwQZgyB/V0Ah42wchuf5zxEnQPMbjaQSu8jQU4iyCB7+2biBuh3Cqw5eR8tqC1
 cGNINGlo2Orl9ASyEunHyuDj8p0wN8J37wNuBo4kghhrTVsVKQYF0wmsqw==
 =U1Xy
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* improve compatibility for macOS scripts/entitlement.sh (Evan)
* add support for KVM_GUESTDBG_BLOCKIRQ (Maxim)
* update linux-headers to Linux 5.16 (myself)
* configure cleanups (myself)
* lsi53c895a assertion failure fix (Philippe)
* fix incorrect description for die-id (Yanan)
* support for NUMA in SGX enclave memory (Yang Zhong)

# gpg: Signature made Wed 15 Dec 2021 02:49:44 AM PST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  configure: remove dead variables
  doc: Add the SGX numa description
  numa: Support SGX numa in the monitor and Libvirt interfaces
  numa: Enable numa for SGX EPC sections
  kvm: add support for KVM_GUESTDBG_BLOCKIRQ
  gdbstub, kvm: let KVM report supported singlestep flags
  gdbstub: reject unsupported flags in handle_set_qemu_sstep
  linux-headers: update to 5.16-rc1
  virtio-gpu: do not byteswap padding
  scripts/entitlement.sh: Use backward-compatible cp flags
  qapi/machine.json: Fix incorrect description for die-id
  tests/qtest: Add fuzz-lsi53c895a-test
  hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-16 08:39:20 -08:00
Richard Henderson
e630bc7ec9 Block device patches patches for 2021-12-15
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmG59HYSHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZT5rEP/1tjHx9pZrpmIA3uJ8jIeoVJ1tkkr2VU
 vXF7hqypwgYOBOXlGmmqk3V4cN7/Yg23Xj6EeuO7FTdJOdAuucesChUC9sW38842
 N3Ba1Aj8cOVcAAxYckRZGyoTyM3xqcEit1Fs07HFRYRPFeGMZ7Cm7Nn0mUNARWC3
 d/ABtbWzYmF6thE3jDCGDdA+YrmyqLACw513QupXbRmJ0TxR3/NArwa2i9yUOuHI
 tAlSK4ZW+uPcR/5ezenWzynQyKwH/MBxG/voPYCFIeRzYK0/mHX0CLg7a4EW/p+B
 /q72FYztEDfbA6RfJMlhZPBGY9KFviAWWa2GT4JAb8CGh2cCx0GgbPZc0Q8k/oYl
 Ryqbx0g93ZKHLuePj32XX2MAReVfTW+kAENcGBcJYfYk45BaKi1VFKVEd6AHt7I8
 sPfZaX79EJlVpTGH3UaK+tcKtGQwDUvabESS5kkCjFcypdawXOwLJZucaLbIvDzR
 qPdd3YZiPU99jH2peYflsb36xOSxV3Q3RZ7oyVfi5TwYFNkDR9eaBjLp4VAqdHjy
 gjTWEOQlJmbSVuOJ4HTryT/FuO4kcSRnEESCjdZYjttqqDJD7gPjcBkwOhi1p1e8
 UNr87yfbYcURgTHlJn+hs5HWLSS8g93OG1+j3rx7i70gPc1p/7gjfqTvPYbj9PfX
 PGyeMFLjbWf3
 =rLNk
 -----END PGP SIGNATURE-----

Merge tag 'pull-block-2021-12-15' of git://repo.or.cz/qemu/armbru into staging

Block device patches patches for 2021-12-15

# gpg: Signature made Wed 15 Dec 2021 05:58:14 AM PST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]

* tag 'pull-block-2021-12-15' of git://repo.or.cz/qemu/armbru:
  blockdev: Drop unused drive_get_next()
  hw/arm/aspeed: Replace drive_get_next() by drive_get()
  hw/arm/xilinx_zynq: Replace drive_get_next() by drive_get()
  hw/arm/xlnx-zcu102: Replace drive_get_next() by drive_get()
  hw/microblaze: Replace drive_get_next() by drive_get()
  hw/arm/xlnx-versal-virt: Replace drive_get_next() by drive_get()
  hw/arm/mcimx7d-sabre: Replace drive_get_next() by drive_get()
  hw/arm/mcimx6ul-evk: Replace drive_get_next() by drive_get()
  hw/arm/imx25_pdk: Replace drive_get_next() by drive_get()
  hw/arm/versatilepb hw/arm/vexpress: Replace drive_get_next() by drive_get()
  hw/arm/npcm7xx_boards: Replace drive_get_next() by drive_get()
  hw: Replace trivial drive_get_next() by drive_get()
  hw/sd/ssi-sd: Do not create SD card within controller's realize

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-15 12:14:44 -08:00
Richard Henderson
aab8cfd4c3 target-arm queue:
* ITS: error reporting cleanup
  * aspeed: improve documentation
  * Fix STM32F2XX USART data register readout
  * allow emulated GICv3 to be disabled in non-TCG builds
  * fix exception priority for singlestep, misaligned PC, bp, etc
  * Correct calculation of tlb range invalidate length
  * npcm7xx_emc: fix missing queue_flush
  * virt: Add VIOT ACPI table for virtio-iommu
  * target/i386: Use assert() to sanity-check b1 in SSE decode
  * Don't include qemu-common unnecessarily
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmG5xekZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3ramD/0WL8YV70sW5B/tHdb+/em1
 xTBuABUUj5QDvKnxNoPIBwJI0vgmzwhAonYzcKKEUvlbL97crkgt6xSPvVxv2nf5
 wnSYMKTDEC11AuYVdEyIMm5KLc88mq1w78pTYkFSUJmujCpfqLAsyXdEastIPHfN
 MdrwkpQ3wVmMeMcNBTq2yCxiGlz7x/myeJtDU9ihgPTcsgXa8BzziK6qCZHAOGCL
 0/ljXDbVTJtLYUki9IqptPs8QUtlqOBt3rLplxHfKRKpmjiuD+xFlQ4GuIOBX+AL
 tQWgEyyiR9FnYpY1t3fWVtuKgjYXzlbh1A6cwdsK3Q68+qfi7Yr+lPryjwrmOkx7
 /Yupq+QB/xgK4nxF4ydDXLvqI3h6GjaF2U9qujK3H9DyMOEYJDpaX1TZMphtWI89
 9u7kLO6DNE00oUoiX+6Aty0qQtXv12SSaNpJmFON87/WLJJamHuiS6NiZp/r4ORU
 51ds2LPGJAKAy9duqmZJ/81WlNjmHmurq1v+FIl29XInc4a2SpwEUM0rsTrrQTaD
 16Qh2OZCnlYEg9nh6B54FQe8xP+pp69Gn/BRFhcwW9fPq4/pHSrwKEkI6lE+Yuiq
 +Fe8r0DbZczfhjcGdoUlIgMj+WSVY9Q8Opztsmv/kjZqxt0VvfdmAVp0odl5KdB4
 cKAeYciNSgq2bGd+N4kuHA==
 =KuTi
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20211215' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * ITS: error reporting cleanup
 * aspeed: improve documentation
 * Fix STM32F2XX USART data register readout
 * allow emulated GICv3 to be disabled in non-TCG builds
 * fix exception priority for singlestep, misaligned PC, bp, etc
 * Correct calculation of tlb range invalidate length
 * npcm7xx_emc: fix missing queue_flush
 * virt: Add VIOT ACPI table for virtio-iommu
 * target/i386: Use assert() to sanity-check b1 in SSE decode
 * Don't include qemu-common unnecessarily

# gpg: Signature made Wed 15 Dec 2021 02:39:37 AM PST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]

* tag 'pull-target-arm-20211215' of https://git.linaro.org/people/pmaydell/qemu-arm: (33 commits)
  tests/acpi: add expected blob for VIOT test on virt machine
  tests/acpi: add expected blobs for VIOT test on q35 machine
  tests/acpi: add test case for VIOT
  tests/acpi: allow updates of VIOT expected data files
  hw/arm/virt: Use object_property_set instead of qdev_prop_set
  hw/arm/virt: Reject instantiation of multiple IOMMUs
  hw/arm/virt: Remove device tree restriction for virtio-iommu
  hw/arm/virt-acpi-build: Add VIOT table for virtio-iommu
  hw/net: npcm7xx_emc fix missing queue_flush
  target/arm: Correct calculation of tlb range invalidate length
  hw/arm: Don't include qemu-common.h unnecessarily
  target/rx/cpu.h: Don't include qemu-common.h
  target/hexagon/cpu.h: don't include qemu-common.h
  include/hw/i386: Don't include qemu-common.h in .h files
  target/i386: Use assert() to sanity-check b1 in SSE decode
  tests/tcg: Add arm and aarch64 pc alignment tests
  target/arm: Suppress bp for exceptions with more priority
  target/arm: Assert thumb pc is aligned
  target/arm: Take an exception if PC is misaligned
  target/arm: Split compute_fsr_fsc out of arm_deliver_fault
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-15 10:33:45 -08:00
Markus Armbruster
8ec239f2d8 hw/arm/aspeed: Replace drive_get_next() by drive_get()
drive_get_next() is basically a bad idea.  It returns the "next" block
backend of a certain interface type.  "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.

This lets you define unit numbers implicitly by execution order.  If the
order changes, or new calls appear "in the middle", unit numbers change.
ABI break.  Hard to spot in review.

The aspeed machines connects backends with drive_get_next() in several
counting loops, one of them in a helper function, and a conditional.
Change it to use drive_get() directly.  This makes the unit numbers
explicit in the code.

Cc: "Cédric Le Goater" <clg@kaod.org>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Andrew Jeffery <andrew@aj.id.au>
Cc: Joel Stanley <joel@jms.id.au>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-13-armbru@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
2021-12-15 14:56:06 +01:00
Markus Armbruster
94d4bb4ff9 hw/arm/xilinx_zynq: Replace drive_get_next() by drive_get()
drive_get_next() is basically a bad idea.  It returns the "next" block
backend of a certain interface type.  "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.

This lets you define unit numbers implicitly by execution order.  If the
order changes, or new calls appear "in the middle", unit numbers change.
ABI break.  Hard to spot in review.

Machine "xlnx-zcu102" connects backends with drive_get_next() in two
counting loops, one of them in a helper function.  Change it to use
drive_get() directly.  This makes the unit numbers explicit in the
code.

Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Alistair Francis <alistair@alistair23.me>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-12-armbru@redhat.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2021-12-15 14:55:40 +01:00
Markus Armbruster
97ca6c2786 hw/arm/xlnx-zcu102: Replace drive_get_next() by drive_get()
drive_get_next() is basically a bad idea.  It returns the "next" block
backend of a certain interface type.  "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.

This lets you define unit numbers implicitly by execution order.  If the
order changes, or new calls appear "in the middle", unit numbers change.
ABI break.  Hard to spot in review.

Machine "xlnx-zcu102" connects backends with drive_get_next() in
several counting loops.  Change it to use drive_get() directly.  This
makes the unit numbers explicit in the code.

Cc: Alistair Francis <alistair@alistair23.me>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-11-armbru@redhat.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2021-12-15 14:55:25 +01:00
Jean-Philippe Brucker
317500fea8 hw/arm/virt: Use object_property_set instead of qdev_prop_set
To propagate errors to the caller of the pre_plug callback, use the
object_poperty_set*() functions directly instead of the qdev_prop_set*()
helpers.

Suggested-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-id: 20211210170415.583179-5-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 10:35:26 +00:00
Jean-Philippe Brucker
80d28ccdb9 hw/arm/virt: Reject instantiation of multiple IOMMUs
We do not support instantiating multiple IOMMUs. Before adding a
virtio-iommu, check that no other IOMMU is present. This will detect
both "iommu=smmuv3" machine parameter and another virtio-iommu instance.

Fixes: 70e89132c9 ("hw/arm/virt: Add the virtio-iommu device tree mappings")
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-id: 20211210170415.583179-4-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 10:35:26 +00:00
Jean-Philippe Brucker
092cba0350 hw/arm/virt: Remove device tree restriction for virtio-iommu
virtio-iommu is now supported with ACPI VIOT as well as device tree.
Remove the restriction that prevents from instantiating a virtio-iommu
device under ACPI.

Acked-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-id: 20211210170415.583179-3-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 10:35:26 +00:00
Jean-Philippe Brucker
cf1a5cc935 hw/arm/virt-acpi-build: Add VIOT table for virtio-iommu
When a virtio-iommu is instantiated, describe it using the ACPI VIOT
table.

Acked-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-id: 20211210170415.583179-2-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 10:35:26 +00:00
Patrick Venture
530cd6c26d hw/net: npcm7xx_emc fix missing queue_flush
The rx_active boolean change to true should always trigger a try_read
call that flushes the queue.

Signed-off-by: Patrick Venture <venture@google.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20211203221002.1719306-1-venture@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 10:35:26 +00:00
Peter Maydell
3508c0fac2 hw/arm: Don't include qemu-common.h unnecessarily
A lot of C files in hw/arm include qemu-common.h when they don't
need anything from it. Drop the include lines.

omap1.c, pxa2xx.c and strongarm.c retain the include because they
use it for the prototype of qemu_get_timedate().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Taylor Simpson <tsimpson@quicinc.com>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-id: 20211129200510.1233037-5-peter.maydell@linaro.org
2021-12-15 10:35:26 +00:00
Philippe Mathieu-Daudé
a8a5546798 hw/intc/arm_gicv3: Introduce CONFIG_ARM_GIC_TCG Kconfig selector
The TYPE_ARM_GICV3 device is an emulated one.  When using
KVM, it is recommended to use the TYPE_KVM_ARM_GICV3 device
(which uses in-kernel support).

When using --with-devices-FOO, it is possible to build a
binary with a specific set of devices. When this binary is
restricted to KVM accelerator, the TYPE_ARM_GICV3 device is
irrelevant, and it is desirable to remove it from the binary.

Therefore introduce the CONFIG_ARM_GIC_TCG Kconfig selector
which select the files required to have the TYPE_ARM_GICV3
device, but also allowing to de-select this device.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20211115223619.2599282-3-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 10:35:10 +00:00
Philippe Mathieu-Daudé
a1d742d88b hw/intc/arm_gicv3: Extract gicv3_set_gicv3state from arm_gicv3_cpuif.c
gicv3_set_gicv3state() is used by arm_gicv3_common.c in
arm_gicv3_common_realize(). Since we want to restrict
arm_gicv3_cpuif.c to TCG, extract gicv3_set_gicv3state()
to a new file. Add this file to the meson 'specific'
source set, since it needs access to "cpu.h".

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20211115223619.2599282-2-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 10:11:34 +00:00
Olivier Hériveaux
ab08c34676 Fix STM32F2XX USART data register readout
Fix issue where the data register may be overwritten by next character
reception before being read and returned.

Signed-off-by: Olivier Hériveaux <olivier.heriveaux@ledger.fr>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20211128120723.4053-1-olivier.heriveaux@ledger.fr
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 10:11:34 +00:00
Alex Bennée
229c57b198 hw/intc: clean-up error reporting for failed ITS cmd
While trying to debug a GIC ITS failure I saw some guest errors that
had poor formatting as well as leaving me confused as to what failed.
As most of the checks aren't possible without a valid dte split that
check apart and then check the other conditions in steps. This avoids
us relying on undefined data.

I still get a failure with the current kvm-unit-tests but at least I
know (partially) why now:

  Exception return from AArch64 EL1 to AArch64 EL1 PC 0x40080588
  PASS: gicv3: its-trigger: inv/invall: dev2/eventid=20 now triggers an LPI
  ITS: MAPD devid=2 size = 0x8 itt=0x40430000 valid=0
  INT dev_id=2 event_id=20
  process_its_cmd: invalid command attributes: invalid dte: 0 for 2 (MEM_TX: 0)
  PASS: gicv3: its-trigger: mapd valid=false: no LPI after device unmap
  SUMMARY: 6 tests, 1 unexpected failures

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20211112170454.3158925-1-alex.bennee@linaro.org
Cc: Shashi Mallela <shashi.mallela@linaro.org>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 10:11:34 +00:00
Markus Armbruster
0de89a8632 hw/microblaze: Replace drive_get_next() by drive_get()
drive_get_next() is basically a bad idea.  It returns the "next" block
backend of a certain interface type.  "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.

This lets you define unit numbers implicitly by execution order.  If the
order changes, or new calls appear "in the middle", unit numbers change.
ABI break.  Hard to spot in review.

Machine "petalogix-ml605" connects backends with drive_get_next() in a
counting loop.  Change it to use drive_get() directly.  This makes the
unit numbers explicit in the code.

Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-10-armbru@redhat.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2021-12-15 08:38:16 +01:00
Markus Armbruster
c29faeda3f hw/arm/xlnx-versal-virt: Replace drive_get_next() by drive_get()
drive_get_next() is basically a bad idea.  It returns the "next" block
backend of a certain interface type.  "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.

This lets you define unit numbers implicitly by execution order.  If the
order changes, or new calls appear "in the middle", unit numbers change.
ABI break.  Hard to spot in review.

Machine "xlnx-versal-virt" connects backends with drive_get_next() in
a counting loop.  Change it to use drive_get() directly.  This makes
the unit numbers explicit in the code.

Cc: Alistair Francis <alistair@alistair23.me>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-9-armbru@redhat.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2021-12-15 08:38:16 +01:00
Markus Armbruster
50659fc479 hw/arm/mcimx7d-sabre: Replace drive_get_next() by drive_get()
drive_get_next() is basically a bad idea.  It returns the "next" block
backend of a certain interface type.  "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.

This lets you define unit numbers implicitly by execution order.  If the
order changes, or new calls appear "in the middle", unit numbers change.
ABI break.  Hard to spot in review.

Machine "mcimx7d-sabre" connects backends with drive_get_next() in a
counting loop.  Change it to use drive_get() directly.  This makes the
unit numbers explicit in the code.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-8-armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 08:38:16 +01:00
Markus Armbruster
8acf052f7a hw/arm/mcimx6ul-evk: Replace drive_get_next() by drive_get()
drive_get_next() is basically a bad idea.  It returns the "next" block
backend of a certain interface type.  "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.

This lets you define unit numbers implicitly by execution order.  If the
order changes, or new calls appear "in the middle", unit numbers change.
ABI break.  Hard to spot in review.

Machine "mcimx6ul-evk" connects backends with drive_get_next() in a
counting loop.  Change it to use drive_get() directly.  This makes the
unit numbers explicit in the code.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Jean-Christophe Dubois <jcd@tribudubois.net>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-7-armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 08:38:16 +01:00
Markus Armbruster
6b87668b08 hw/arm/imx25_pdk: Replace drive_get_next() by drive_get()
drive_get_next() is basically a bad idea.  It returns the "next" block
backend of a certain interface type.  "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.

This lets you define unit numbers implicitly by execution order.  If the
order changes, or new calls appear "in the middle", unit numbers change.
ABI break.  Hard to spot in review.

Machine "imx25-pdk" connects backends with drive_get_next() in a
counting loop.  Change it to use drive_get() directly.  This makes the
unit numbers explicit in the code.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Jean-Christophe Dubois <jcd@tribudubois.net>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-6-armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 08:38:16 +01:00
Markus Armbruster
d83c29e981 hw/arm/versatilepb hw/arm/vexpress: Replace drive_get_next() by drive_get()
drive_get_next() is basically a bad idea.  It returns the "next" block
backend of a certain interface type.  "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.

This lets you define unit numbers implicitly by execution order.  If the
order changes, or new calls appear "in the middle", unit numbers change.
ABI break.  Hard to spot in review.

The versatile and vexpress machines ("versatileab", "versatilepb",
"vexpress-a9", "vexpress-a15") connect just one or two backends of a
type with drive_get_next().  Change them to use drive_get() directly.
This makes the unit numbers explicit in the code.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-5-armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15 08:38:16 +01:00
Markus Armbruster
93d8bc8f5b hw/arm/npcm7xx_boards: Replace drive_get_next() by drive_get()
drive_get_next() is basically a bad idea.  It returns the "next" block
backend of a certain interface type.  "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.

This lets you define unit numbers implicitly by execution order.  If the
order changes, or new calls appear "in the middle", unit numbers change.
ABI break.  Hard to spot in review.

Machine "quanta-gbs-bmc" connects just one backend with
drive_get_next(), but with a helper function.  Change it to use
drive_get() directly.  This makes the unit numbers explicit in the
code.

Cc: Havard Skinnemoen <hskinnemoen@google.com>
Cc: Tyrone Ting <kfting@nuvoton.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-4-armbru@redhat.com>
Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
2021-12-15 08:38:16 +01:00
Markus Armbruster
64eaa82095 hw: Replace trivial drive_get_next() by drive_get()
drive_get_next() is basically a bad idea.  It returns the "next" block
backend of a certain interface type.  "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.

This lets you define unit numbers implicitly by execution order.  If the
order changes, or new calls appear "in the middle", unit numbers change.
ABI break.  Hard to spot in review.

A number of machines connect just one backend with drive_get_next().
Change them to use drive_get() directly.  This makes the (zero) unit
number explicit in the code.

Cc: Beniamino Galvani <b.galvani@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Cc: Niek Linnenbank <nieklinnenbank@gmail.com>
Cc: Andrew Baumann <Andrew.Baumann@microsoft.com>
Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: Jean-Christophe Dubois <jcd@tribudubois.net>
Cc: Alistair Francis <Alistair.Francis@wdc.com>
Cc: Bin Meng <bin.meng@windriver.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Artyom Tarasenko <atar4qemu@gmail.com>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: Michael Tokarev <mjt@tls.msk.ru>
Cc: Laurent Vivier <laurent@vivier.eu>
Cc: qemu-arm@nongnu.org
Cc: qemu-riscv@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-3-armbru@redhat.com>
2021-12-15 08:38:16 +01:00
Markus Armbruster
36aa285f48 hw/sd/ssi-sd: Do not create SD card within controller's realize
ssi_sd_realize() creates an "sd-card" device.  This is inappropriate,
and marked FIXME.

Move it to the boards that create these devices.  Prior art: commit
eb4f566bbb for device "generic-sdhci", and commit 26c607b86b for
device "pl181".

The device remains not user-creatable, because its users should (and
do) wire up its GPIO chip-select line.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Alistair Francis <Alistair.Francis@wdc.com>
Cc: Bin Meng <bin.meng@windriver.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: qemu-arm@nongnu.org
Cc: qemu-riscv@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20211117163409.3587705-2-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
2021-12-15 08:38:16 +01:00
Eric Auger
6b77ae0531 virtio-iommu: Fix the domain_range end
in old times the domain range was defined by a domain_bits le32.
This was then converted into a domain_range struct. During the
upgrade the original value of '32' (bits) has been kept while
the end field now is the max value of the domain id (UINT32_MAX).
Fix that and also use UINT64_MAX for the input_range.end.

Reported-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-Id: <20211127072910.1261824-4-eric.auger@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15 08:08:59 +01:00
Eric Auger
3a411b2d96 virtio-iommu: Fix endianness in get_config
Endianess is not properly handled when populating
the returned config. Use the cpu_to_le* primitives
for each separate field. Also, while at it, trace
the domain range start.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-Id: <20211127072910.1261824-3-eric.auger@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15 08:08:59 +01:00
Eric Auger
7b140d2359 virtio-iommu: Remove set_config callback
The spec says "the driver must not write to device configuration
fields". So remove the set_config() callback which anyway did
not do anything.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-Id: <20211127072910.1261824-2-eric.auger@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15 08:08:59 +01:00
Yang Zhong
4755927ae1 numa: Support SGX numa in the monitor and Libvirt interfaces
Add the SGXEPCSection list into SGXInfo to show the multiple
SGX EPC sections detailed info, not the total size like before.
This patch can enable numa support for 'info sgx' command and
QMP interfaces. The new interfaces show each EPC section info
in one numa node. Libvirt can use QMP interface to get the
detailed host SGX EPC capabilities to decide how to allocate
host EPC sections to guest.

(qemu) info sgx
 SGX support: enabled
 SGX1 support: enabled
 SGX2 support: enabled
 FLC support: enabled
 NUMA node #0: size=67108864
 NUMA node #1: size=29360128

The QMP interface show:
(QEMU) query-sgx
{"return": {"sgx": true, "sgx2": true, "sgx1": true, "sections": \
[{"node": 0, "size": 67108864}, {"node": 1, "size": 29360128}], "flc": true}}

(QEMU) query-sgx-capabilities
{"return": {"sgx": true, "sgx2": true, "sgx1": true, "sections": \
[{"node": 0, "size": 17070817280}, {"node": 1, "size": 17079205888}], "flc": true}}

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20211101162009.62161-4-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-10 09:47:18 +01:00
Yang Zhong
1105812382 numa: Enable numa for SGX EPC sections
The basic SGX did not enable numa for SGX EPC sections, which
result in all EPC sections located in numa node 0. This patch
enable SGX numa function in the guest and the EPC section can
work with RAM as one numa node.

The Guest kernel related log:
[    0.009981] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x183ffffff]
[    0.009982] ACPI: SRAT: Node 1 PXM 1 [mem 0x184000000-0x185bfffff]
The SRAT table can normally show SGX EPC sections menory info in different
numa nodes.

The SGX EPC numa related command:
 ......
 -m 4G,maxmem=20G \
 -smp sockets=2,cores=2 \
 -cpu host,+sgx-provisionkey \
 -object memory-backend-ram,size=2G,host-nodes=0,policy=bind,id=node0 \
 -object memory-backend-epc,id=mem0,size=64M,prealloc=on,host-nodes=0,policy=bind \
 -numa node,nodeid=0,cpus=0-1,memdev=node0 \
 -object memory-backend-ram,size=2G,host-nodes=1,policy=bind,id=node1 \
 -object memory-backend-epc,id=mem1,size=28M,prealloc=on,host-nodes=1,policy=bind \
 -numa node,nodeid=1,cpus=2-3,memdev=node1 \
 -M sgx-epc.0.memdev=mem0,sgx-epc.0.node=0,sgx-epc.1.memdev=mem1,sgx-epc.1.node=1 \
 ......

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20211101162009.62161-2-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-10 09:47:18 +01:00
Damien Hedde
2958e5150d gicv3: fix ICH_MISR's LRENP computation
According to the "Arm Generic Interrupt Controller Architecture
Specification GIC architecture version 3 and 4" (version G: page 345
for aarch64 or 509 for aarch32):
LRENP bit of ICH_MISR is set when ICH_HCR.LRENPIE==1 and
ICH_HCR.EOIcount is non-zero.

When only LRENPIE was set (and EOI count was zero), the LRENP bit was
wrongly set and MISR value was wrong.

As an additional consequence, if an hypervisor set ICH_HCR.LRENPIE,
the maintenance interrupt was constantly fired. It happens since patch
9cee1efe92 ("hw/intc: Set GIC maintenance interrupt level to only 0 or 1")
which fixed another bug about maintenance interrupt (most significant
bits of misr, including this one, were ignored in the interrupt trigger).

Fixes: 83f036fe3d ("hw/intc/arm_gicv3: Add accessors for ICH_ system registers")
Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20211207094427.3473-1-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-07 15:30:08 +00:00
Richard Henderson
7635eff971 Pull request
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmGuK9cACgkQnKSrs4Gr
 c8gr7gf9Fe6WZ85sbefQcsOvqc6AKcmiC1dhQ9qsdT4Y22Ft8BneiVHPflkpYExP
 12n4DB8QIasU/j3RognHNdsh/SYV07TfsVBNJHrO3Z2f83HrfDd3BhUV2DnJgul0
 AjriZvwZUy+WSEpJ1oPBOsu1hAlNE4Os7euyMx7m4Y63sO9nngLQ5kwDsHZXfFgf
 jyinZ87hbtZMchYJBm6YAGiSGmdYMLbDU4/wj8tn61cF+uikMFU1CrdYQrZbHcFX
 X+WC6nrSCay/3e+vD0zB7CK3Y9E+iuX52mwkwATx5aTJaHvmNtDXDb+ENI0am2uX
 19XnpS5UGjuvca+1Su9gvvloVG5TSA==
 =iOTh
 -----END PGP SIGNATURE-----

Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging

Pull request

# gpg: Signature made Mon 06 Dec 2021 07:27:19 AM PST
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]

* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
  virtio-blk: Fix clean up of host notifiers for single MR transaction.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-06 11:18:06 -08:00
Mark Mielke
5b807181c2 virtio-blk: Fix clean up of host notifiers for single MR transaction.
The code that introduced "virtio-blk: Configure all host notifiers in
a single MR transaction" introduced a second loop variable to perform
cleanup in second loop, but mistakenly still refers to the first
loop variable within the second loop body.

Fixes: d0267da614 ("virtio-blk: Configure all host notifiers in a single MR transaction")
Signed-off-by: Mark Mielke <mark.mielke@gmail.com>
Message-id: CALm7yL08qarOu0dnQkTN+pa=BSRC92g31YpQQNDeAiT4yLZWQQ@mail.gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-06 14:21:14 +00:00
Alex Bennée
ac5837e330 Revert "vga: don't abort when adding a duplicate isa-vga device"
This reverts commit 7852a77f59.

The check is bogus as it ends up finding itself and falling over.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/733
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211206095209.2332376-1-alex.bennee@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-06 11:57:36 +01:00
Jiaxun Yang
d77c462bf2 hw/mips/boston: Fix load_elf() error detection
load_elf() gives negative return in case of error, not zero.

Fixes: 10e3f30ff7 ("hw/mips/boston: Allow loading elf kernel and dtb")
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211130211729.7116-3-jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-06 11:57:36 +01:00
Jiaxun Yang
24ade8c5de hw/mips/bootloader: Fix write_ulong()
bl_gen_write_ulong uses sd for both 32 and 64 bit CPU,
while sd is illegal on 32 bit CPUs.

Replace sd with sw on 32bit CPUs.

Fixes: 3ebbf86128 ("hw/mips: Add a bootloader helper")
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211130211729.7116-2-jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-06 11:57:31 +01:00
Philippe Mathieu-Daudé
1ab95af033 hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
Guest might select another drive on the bus by setting the
DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR).
The current controller model doesn't expect a BlockBackend
to be NULL. A simple way to fix CVE-2021-20196 is to create
an empty BlockBackend when it is missing. All further
accesses will be safely handled, and the controller state
machines keep behaving correctly.

Cc: qemu-stable@nongnu.org
Fixes: CVE-2021-20196
Reported-by: Gaoning Pan (Ant Security Light-Year Lab) <pgn@zju.edu.cn>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20211124161536.631563-3-philmd@redhat.com
BugLink: https://bugs.launchpad.net/qemu/+bug/1912780
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/338
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
2021-12-02 01:09:38 -05:00
Philippe Mathieu-Daudé
b154791e7b hw/block/fdc: Extract blk_create_empty_drive()
We are going to re-use this code in the next commit,
so extract it as a new blk_create_empty_drive() function.

Inspired-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20211124161536.631563-2-philmd@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2021-12-02 01:09:38 -05:00
Philippe Mathieu-Daudé
4051a1f062 hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued
If asked for DMA request and no data is available, simply wait
for data to be queued, do not abort. This fixes:

  $ cat << EOF | \
    qemu-system-i386 -nographic -M q35,accel=qtest -serial none \
      -monitor none -qtest stdio -trace lsi* \
      -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw \
      -device lsi53c895a,id=scsi0 -device scsi-hd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=0,lun=0
  lsi_reset Reset
  lsi_reg_write Write reg DSP2 0x2e = 0xff
  lsi_reg_write Write reg DSP3 0x2f = 0xff
  lsi_execute_script SCRIPTS dsp=0xffff0000 opcode 0x184a3900 arg 0x4a8b2d75
  qemu-system-i386: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed.

  (gdb) bt
  #5  0x00007ffff4e8a3a6 in __GI___assert_fail
      (assertion=0x5555560accbc "s->current", file=0x5555560acc28 "hw/scsi/lsi53c895a.c", line=624, function=0x5555560adb18 "lsi_do_dma") at assert.c:101
  #6  0x0000555555aa33b9 in lsi_do_dma (s=0x555557805ac0, out=1) at hw/scsi/lsi53c895a.c:624
  #7  0x0000555555aa5042 in lsi_execute_script (s=0x555557805ac0) at hw/scsi/lsi53c895a.c:1250
  #8  0x0000555555aa757a in lsi_reg_writeb (s=0x555557805ac0, offset=47, val=255 '\377') at hw/scsi/lsi53c895a.c:1984
  #9  0x0000555555aa875b in lsi_mmio_write (opaque=0x555557805ac0, addr=47, val=255, size=1) at hw/scsi/lsi53c895a.c:2095

Cc: qemu-stable@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Vadim Rozenfeld <vrozenfe@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Reported-by: Jérôme Poulin <jeromepoulin@gmail.com>
Reported-by: Ruhr-University <bugs-syssec@rub.de>
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
Fixes: b96a0da06b ("lsi: move dma_len+dma_buf into lsi_request")
BugLink: https://bugs.launchpad.net/qemu/+bug/697510
BugLink: https://bugs.launchpad.net/qemu/+bug/1905521
BugLink: https://bugs.launchpad.net/qemu/+bug/1908515
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/84
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/305
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/552
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20211123111732.83137-2-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-30 22:25:58 +01:00
Leandro Lupori
7bf00dfb51 target/ppc: fix Hash64 MMU update of PTE bit R
When updating the R bit of a PTE, the Hash64 MMU was using a wrong byte
offset, causing the first byte of the adjacent PTE to be corrupted.
This caused a panic when booting FreeBSD, using the Hash MMU.

Fixes: a2dd4e83e7 ("ppc/hash64: Rework R and C bit updates")
Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-11-29 21:00:08 +01:00
Richard Henderson
b1641c5097 virtio,pci,pc: bugfixes
Lots of small fixes all over the place.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmGk2o4PHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpAP0H/i47erp9gRr4XXUd71mhwVeIj7SOwGIJYvuf
 YAHnFPu/Hvtl0zMQ3tHsUFV4ak7SeyJpqTIspTrhRF5WN9RB2drF+bVEUM+zVLiC
 dNpstDu1E3Po3RBMLwVBQK0fheo+n680wmgiB5I4H9xTukszRmRm3evIjZQpMwZ+
 Gx9WLW4ghG3fRJyXbZFDzOW2nlD/LUIQQ9ZZk9no3jULzbFS5hDFP1yxTOKZOGYk
 JeITGHx+ODIIBla5KIUkH2yDYurHvKoOzpxo1qLr65EmVMuq4TT1DjaAM0SRg8YO
 X+osx1AZRW7ZznYOUEiJuWru8QDM/BD0t91oR1kZAaEdaF3gYB8=
 =w54r
 -----END PGP SIGNATURE-----

Merge tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio,pci,pc: bugfixes

Lots of small fixes all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 29 Nov 2021 02:50:06 PM CET
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]

* tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
  Fix bad overflow check in hw/pci/pcie.c
  intel-iommu: ignore leaf SNP bit in scalable mode
  virtio-balloon: correct used length
  virtio-balloon: process all in sgs for free_page_vq
  vdpa: Add dummy receive callback
  failover: fix unplug pending detection
  virtio-mmio : fix the crash in the vm shutdown

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29 15:23:17 +01:00
Daniella Lee
bacf58ca18 Fix bad overflow check in hw/pci/pcie.c
Orginal qemu commit hash:14d02cfbe4adaeebe7cb833a8cc71191352cf03b

In function pcie_add_capability, an assert contains the
"offset < offset + size" expression.
Both variable offset and variable size are uint16_t,
the comparison is always true due to type promotion.
The next expression may be the same.

It might be like this:
Thread 1 "qemu-system-x86" hit Breakpoint 1, pcie_add_capability (
    dev=0x555557ce5f10, cap_id=1, cap_ver=2 '\002', offset=256, size=72)
    at ../hw/pci/pcie.c:930
930	{
(gdb) n
931	    assert(offset >= PCI_CONFIG_SPACE_SIZE);
(gdb) n
932	    assert(offset < offset + size);
(gdb) p offset
$1 = 256
(gdb) p offset < offset + size
$2 = 1
(gdb) set offset=65533
(gdb) p offset < offset + size
$3 = 1
(gdb) p offset < (uint16_t)(offset + size)
$4 = 0

Signed-off-by: Daniella Lee <daniellalee111@gmail.com>
Message-Id: <20211126061324.47331-1-daniellalee111@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-29 08:49:36 -05:00
Jason Wang
0192d6677c intel-iommu: ignore leaf SNP bit in scalable mode
When booting with scalable mode, I hit this error:

qemu-system-x86_64: vtd_iova_to_slpte: detected splte reserve non-zero iova=0xfffff002, level=0x1slpte=0x102681803)
qemu-system-x86_64: vtd_iommu_translate: detected translation failure (dev=01:00:00, iova=0xfffff002)
qemu-system-x86_64: New fault is not recorded due to compression of faults

This is because the SNP bit is set for second level page table since
Linux kernel commit 6c00612d0cba1 ("iommu/vt-d: Report right snoop
capability when using FL for IOVA") even if SC is not supported by the
hardware.

To unbreak the guest, ignore the leaf SNP bit for scalable mode
first. In the future we may consider to add SC support.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211129033618.3857-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
2021-11-29 08:49:36 -05:00
Jason Wang
d3f1f940eb virtio-balloon: correct used length
Spec said:

"and len the total of bytes written into the buffer."

For inflateq, deflateq and statsq, we don't process in_sg so the used
length should be zero. For free_page_vq, tough the pages could be
changed by the device (in the destination), spec said:

"Note: len is particularly useful for drivers using untrusted buffers:
if a driver does not know exactly how much has been written by the
device, the driver would have to zero the buffer in advance to ensure
no data leakage occurs."

So 0 should be used as well here.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211129030841.3611-2-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
2021-11-29 08:49:36 -05:00
Jason Wang
0fe7245d8b virtio-balloon: process all in sgs for free_page_vq
We only process the first in sg which may lead to the bitmap of the
pages belongs to following sgs were not cleared. This may result more
pages to be migrated. Fixing this by process all in sgs for
free_page_vq.

Acked-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211129030841.3611-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-29 08:49:36 -05:00
Peter Maydell
90feffad2a hw/intc/arm_gicv3: fix handling of LPIs in list registers
It is valid for an OS to put virtual interrupt ID values into the
list registers ICH_LR<n> which are greater than 1023.  This
corresponds to (for example) KVM using the in-kernel emulated ITS to
give a (nested) guest an ITS.  LPIs are delivered by the L1 kernel to
the L2 guest via the list registers in the same way as non-LPI
interrupts.

QEMU's code for handling writes to ICV_IARn (which happen when the L2
guest acknowledges an interrupt) and to ICV_EOIRn (which happen at
the end of the interrupt) did not consider LPIs, so it would
incorrectly treat interrupt IDs above 1023 as invalid.  Fix this by
using the correct condition, which is gicv3_intid_is_special().

Note that the condition in icv_dir_write() is correct -- LPIs
are not valid there and so we want to ignore both "special" ID
values and LPIs.

(In the pseudocode this logic is in:
 - VirtualReadIAR0(), VirtualReadIAR1(), which call IsSpecial()
 - VirtualWriteEOIR0(), VirtualWriteEOIR1(), which call
     VirtualIdentifierValid(data, TRUE) meaning "LPIs OK"
 - VirtualWriteDIR(), which calls VirtualIdentifierValid(data, FALSE)
     meaning "LPIs not OK")

This bug doesn't seem to have any visible effect on Linux L2 guests
most of the time, because the two bugs cancel each other out: we
neither mark the interrupt active nor deactivate it.  However it does
mean that the L2 vCPU priority while the LPI handler is running will
not be correct, so the interrupt handler could be unexpectedly
interrupted by a different interrupt.

(NB: this has nothing to do with using QEMU's emulated ITS.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
2021-11-29 10:10:21 +00:00
Laurent Vivier
9323f892b3 failover: fix unplug pending detection
Failover needs to detect the end of the PCI unplug to start migration
after the VFIO card has been unplugged.

To do that, a flag is set in pcie_cap_slot_unplug_request_cb() and reset in
pcie_unplug_device().

But since
    17858a1695 ("hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35")
we have switched to ACPI unplug and these functions are not called anymore
and the flag not set. So failover migration is not able to detect if card
is really unplugged and acts as it's done as soon as it's started. So it
doesn't wait the end of the unplug to start the migration. We don't see any
problem when we test that because ACPI unplug is faster than PCIe native
hotplug and when the migration really starts the unplug operation is
already done.

See c000a9bd06 ("pci: mark device having guest unplug request pending")
    a99c4da9fc ("pci: mark devices partially unplugged")

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Ani Sinha <ani@anisinha.ca>
Message-Id: <20211118133225.324937-4-lvivier@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-28 17:03:52 -05:00
Cindy Lu
7abba7c638 virtio-mmio : fix the crash in the vm shutdown
The root cause for this crash is the ioeventfd not stopped while the VM stop.
The callback for vmstate_change was not implement in virtio-mmio bus

Reproduce step
load the vm with
 -M microvm \
  -netdev tap,id=net0,vhostforce,script=no,downscript=no  \
  -device virtio-net-device,netdev=net0\

After the VM boot, login the vm and then shutdown the vm

System will crash
[Current thread is 1 (Thread 0x7ffff6edde00 (LWP 374378))]
(gdb) bt
0  0x00005555558f18b4 in qemu_flush_or_purge_queued_packets (purge=false, nc=0x55500252e850) at ../net/net.c:636
1  qemu_flush_queued_packets (nc=0x55500252e850) at ../net/net.c:656
2  0x0000555555b6c363 in virtio_queue_notify_vq (vq=0x7fffe7e2b010) at ../hw/virtio/virtio.c:2339
3  virtio_queue_host_notifier_read (n=0x7fffe7e2b08c) at ../hw/virtio/virtio.c:3583
4  0x0000555555de7b5a in aio_dispatch_handler (ctx=ctx@entry=0x5555567c5780, node=0x555556b83fd0) at ../util/aio-posix.c:329
5  0x0000555555de8454 in aio_dispatch_ready_handlers (ready_list=<optimized out>, ctx=<optimized out>) at ../util/aio-posix.c:359
6  aio_poll (ctx=0x5555567c5780, blocking=blocking@entry=false) at ../util/aio-posix.c:662
7  0x0000555555cce0cc in monitor_cleanup () at ../monitor/monitor.c:645
8  0x0000555555b06bd2 in qemu_cleanup () at ../softmmu/runstate.c:822
9  0x000055555586e693 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../softmmu/main.c:51

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20211109023744.22387-1-lulu@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-28 17:03:52 -05:00
Peter Maydell
b74d7c0e50 hw/intc/arm_gicv3: Add new gicv3_intid_is_special() function
The GICv3/v4 pseudocode has a function IsSpecial() which returns true
if passed a "special" interrupt ID number (anything between 1020 and
1023 inclusive).  We open-code this condition in a couple of places,
so abstract it out into a new function gicv3_intid_is_special().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2021-11-26 16:58:57 +00:00
Peter Maydell
101f27f3c8 hw/intc/arm_gicv3: Update cached state after LPI state changes
The logic of gicv3_redist_update() is as follows:
 * it must be called in any code path that changes the state of
   (only) redistributor interrupts
 * if it finds a redistributor interrupt that is (now) higher
   priority than the previous highest-priority pending interrupt,
   then this must be the new highest-priority pending interrupt
 * if it does *not* find a better redistributor interrupt, then:
    - if the previous state was "no interrupts pending" then
      the new state is still "no interrupts pending"
    - if the previous best interrupt was not a redistributor
      interrupt then that remains the best interrupt
    - if the previous best interrupt *was* a redistributor interrupt,
      then the new best interrupt must be some non-redistributor
      interrupt, but we don't know which so must do a full scan

In commit 17fb5e36aa we effectively added the LPI interrupts
as a kind of "redistributor interrupt" for this purpose, by adding
cs->hpplpi to the set of things that gicv3_redist_update() considers
before it gives up and decides to do a full scan of distributor
interrupts. However we didn't quite get this right:
 * the condition check for "was the previous best interrupt a
   redistributor interrupt" must be updated to include LPIs
   in what it considers to be redistributor interrupts
 * every code path which updates the LPI state which
   gicv3_redist_update() checks must also call gicv3_redist_update():
   this is cs->hpplpi and the GICR_CTLR ENABLE_LPIS bit

This commit fixes this by:
 * correcting the test on cs->hppi.irq in gicv3_redist_update()
 * making gicv3_redist_update_lpi() always call gicv3_redist_update()
 * introducing a new gicv3_redist_update_lpi_only() for the one
   callsite (the post-load hook) which must not call
   gicv3_redist_update()
 * making gicv3_redist_lpi_pending() always call gicv3_redist_update(),
   either directly or via gicv3_redist_update_lpi()
 * removing a couple of now-unnecessary calls to gicv3_redist_update()
   from some callers of those two functions
 * calling gicv3_redist_update() when the GICR_CTLR ENABLE_LPIS
   bit is cleared

(This means that the not-file-local gicv3_redist_* LPI related
functions now all take care of the updates of internally cached
GICv3 information, in the same way the older functions
gicv3_redist_set_irq() and gicv3_redist_send_sgi() do.)

The visible effect of this bug was that when the guest acknowledged
an LPI by reading ICC_IAR1_EL1, we marked it as not pending in the
LPI data structure but still left it in cs->hppi so we would offer it
to the guest again.  In particular for setups using an emulated GICv3
and ITS and using devices which use LPIs (ie PCI devices) a Linux
guest would complain "irq 54: nobody cared" and then hang.  (The hang
was intermittent, presumably depending on the timing between
different interrupts arriving and being completed.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20211124202005.989935-1-peter.maydell@linaro.org
2021-11-26 16:57:51 +00:00
Shashi Mallela
2f459cd1a8 hw/intc: cannot clear GICv3 ITS CTLR[Enabled] bit
When Enabled bit is cleared in GITS_CTLR,ITS feature continues
to be enabled.This patch fixes the issue.

Signed-off-by: Shashi Mallela <shashi.mallela@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20211124182246.67691-1-shashi.mallela@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-11-26 16:54:09 +00:00
Alexander Graf
bede01170e hw/arm/virt: Extend nested and mte checks to hvf
The virt machine has properties to enable MTE and Nested Virtualization
support. However, its check to ensure the backing accel implementation
supports it today only looks for KVM and bails out if it finds it.

Extend the checks to HVF as well as it does not support either today.
This will cause QEMU to print a useful error message rather than
silently ignoring the attempt by the user to enable either MTE or
the Virtualization extensions.

Reported-by: saar amar <saaramar5@gmail.com>
Signed-off-by: Alexander Graf <agraf@csgraf.de>
Message-id: 20211123122859.22452-1-agraf@csgraf.de
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-11-26 16:51:21 +00:00
Eric Auger
33a0c404fb hw/intc/arm_gicv3_its: Revert version increments in vmstate_its
Commit 18f6290a6a ("hw/intc: GICv3 ITS initial framework")
incremented version_id and minimum_version_id fields of
VMStateDescription vmstate_its. This breaks the migration between
6.2 and 6.1 with the following message:

qemu-system-aarch64: savevm: unsupported version 1 for 'arm_gicv3_its' v0
qemu-system-aarch64: load of migration failed: Invalid argument

Revert that change.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20211122171020.1195483-1-eric.auger@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-11-22 18:17:19 +00:00
Richard Henderson
5d1f437fb4 fixes for 6.2: microvm, ui, modules.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmGbj5kACgkQTLbY7tPo
 cTiJrw//afZiIXG9/7nSkQety3L+IG5kNR+TpEGspo7alP4swIbdpndkpWL9+ipz
 Z+hLFekkDPQ56Ml8Q3qyBrDOVMZYxeHOrLeNcNtR2cxFLeXkrCjjY5apS5aDV9Yu
 ZI5WkGP57Hy2syUempFJEQsMNVjvXAe1Uwe692SZh4EPOW4qXoHlqui5iL7AfxjK
 XCThoY2MRRzdEuAO8gMNHUrB5URsDP85DMIGPtG3grM+CezxFeoj3WW+BYSuY0mn
 JO8BciZPSteh9bkjyYx70z2k159ue/99pjM81uRKOBFHv8KFOaUMfr8RmC1L+3Dx
 krc31misEDwvxumOEBp8SGTR5ZgcRdeW1iAzlQR7fXOCcSbEPuRuxmE3Bhc+1/qg
 8of2KWqayVFfIap6cSGE6A4lWl3RkFsOsqC7DZiwoYtDIt7nVT3BtpFTKvqeVIs9
 YRiCN3YQSxXhi2oxPnezNFcltBX2hZMdHnKS9Bkhfpmyxc2peEkWB18F+lTlEj2/
 KdUwCLGDonZ/LTh1sfU0SSqdTvw6Uw5ZUHThbftmPCEi8rf5RtF0G+/cvsypmJsv
 fch62M0J2urG0Oj0FygrTO4XIUR/PX/GU3Pt6MimeduL6t/hz3jUlCLrmriCnPMq
 BbDS/fOmCN3PjZtNtMZu4l/WYxaPeH/9BQJ/GahpTg57bUBoY4I=
 =QR2E
 -----END PGP SIGNATURE-----

Merge tag 'fixes-20211122-pull-request' of git://git.kraxel.org/qemu into staging

fixes for 6.2: microvm, ui, modules.

# gpg: Signature made Mon 22 Nov 2021 01:39:53 PM CET
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]

* tag 'fixes-20211122-pull-request' of git://git.kraxel.org/qemu:
  microvm: check g_file_set_contents() return value
  microvm: add missing g_free() call
  hw/i386/microvm: Reduce annoying debug message in dt_setup_microvm()
  migration: fix dump-vmstate with modules
  ui/vnc-clipboard: fix adding notifier twice
  ui/gtk: graphic_hw_gl_flushed after closing dmabuf->fence_fd
  ui: fix incorrect pointer position on highdpi with gtk
  ui: fix incorrect scaling on highdpi with gtk/opengl

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-22 14:17:14 +01:00
Gerd Hoffmann
b9e5628ca5 microvm: check g_file_set_contents() return value
Fixes: CID 1465239
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20211108130718.840216-3-kraxel@redhat.com>
2021-11-22 11:14:28 +01:00
Gerd Hoffmann
1b38ccc9a1 microvm: add missing g_free() call
Fixes: CID 1465240
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211108130718.840216-2-kraxel@redhat.com>
2021-11-22 11:14:28 +01:00
Philippe Mathieu-Daudé
d612405ed2 hw/i386/microvm: Reduce annoying debug message in dt_setup_microvm()
Fixes: f5918a9928 ("microvm: add device tree support.")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Sergio Lopez <slp@redhat.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20211117174331.1715144-1-philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-11-22 11:14:28 +01:00
Philippe Mathieu-Daudé
526e744302 hw/misc/sifive_u_otp: Do not reset OTP content on hardware reset
Once a "One Time Programmable" is programmed, it shouldn't be reset.

Do not re-initialize the OTP content in the DeviceReset handler,
initialize it once in the DeviceRealize one.

Fixes: 9fb45c62ae ("riscv: sifive: Implement a model for SiFive FU540 OTP")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20211119104757.331579-1-f4bug@amsat.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-11-22 10:46:22 +10:00
Thomas Huth
6b717a8d44 hw/misc/sifive_u_otp: Use IF_PFLASH for the OTP device instead of IF_NONE
Configuring a drive with "if=none" is meant for creation of a backend
only, it should not get automatically assigned to a device frontend.
Use "if=pflash" for the One-Time-Programmable device instead (like
it is e.g. also done for the efuse device in hw/arm/xlnx-zcu102.c).

Since the old way of configuring the device has already been published
with the previous QEMU versions, we cannot remove this immediately, but
have to deprecate it and support it for at least two more releases.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20211119102549.217755-1-thuth@redhat.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-11-22 10:43:54 +10:00
Mark Cave-Ayland
319e89cdc3 escc: update the R_SPEC register SPEC_ALLSENT bit when writing to W_TXCTRL1
The ESCC datasheet states that SPEC_ALLSENT is always set in sync mode and set
in async mode once all characters have cleared the transmitter. Since writes to
SERIAL_DATA use a synchronous chardev API, the guest can never see the state when
transmission is in progress so it is possible to set SPEC_ALLSENT in the
R_SPEC register unconditionally.

This fixes a hang when using the Sun PROM as it attempts to enumerate the
onboard serial devices, and a similar hang in OpenBSD SPARC32 where in both cases
the boot process will not proceed until SPEC_ALLSENT has been set after writing
to W_TXCTRL1.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20211118181835.18497-3-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-11-21 09:56:52 +00:00
Mark Cave-Ayland
c29cd47e82 escc: always set STATUS_TXEMPTY in R_STATUS on device reset
The "Transmit Interrupts and Transmit Buffer Empty Bit" section of the ESCC
datasheet states the following about the STATUS_TXEMPTY bit: "After a hardware
reset (including a hardware reset by software), or a channel reset, this bit
is set to 1".

Update escc_reset() to set the STATUS_TXEMPTY bit in the R_STATUS register
on device reset as described which fixes a regression whereby the Sun PROM
checks this bit early on startup and gets stuck in an infinite loop if it is
not set.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20211118181835.18497-2-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2021-11-21 09:56:52 +00:00
Richard Henderson
8627edfb3f Bugfixes for 6.2.
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmGXb2kUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroNkQggArLP8V1vL9XW9LJ6v4UdO4dp78MRb
 mP5zZhzY6CZ9NnbLW3rtS8GLrQ7XJdHl4huVIckIF3HW+TOBas2gXOiyWdskZRFS
 UGSoeejj2RHmTzBKWZN77G/GB0ElyKt3wvXeCEx0F8yiJXZhkw6n6tp3U/lGnic3
 sJmniTBZ+m3GGtrAaEL11x8ITdtdGEE4uIhspqN8X0kU+WkSsklm8+GAORzMpWGq
 Fqo46dd1C+st1GvbDOnghltYOEPPyKE6pZYOnZwB8X8hi01Ex53wXBXl98G8r8rt
 qA6P0lc5Eh8E3M7xm+kJBw1XNSkxjQioJ1SElmQFW5w5rVtYVSDEsaL4MQ==
 =3kjz
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

Bugfixes for 6.2.

# gpg: Signature made Fri 19 Nov 2021 10:33:29 AM CET
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  chardev/wctable: don't free the instance in wctablet_chr_finalize
  meson.build: Support ncurses on MacOS and OpenBSD
  docs: Spell QEMU all caps
  qtest/am53c974-test: add test for reset before transfer
  esp: ensure that async_len is reset to 0 during esp_hard_reset()
  nvmm: Fix support for stable version
  meson: fix botched compile check conversions

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-19 17:16:57 +01:00
Richard Henderson
d434a47905 ppc 6.2 queue:
* fix pmu vmstate
 * Fix compile of byte_reverse on new compilers
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmGXj0oACgkQUaNDx8/7
 7KE2Yw//YonJIl8xqa179mC1RDRzVb7hFMYYmtcn0pbN732A4Fc3acXu29FyKJpR
 91ZV/y4gMJKCFyH3KlSHuQD0Oe2tXE7PZk5sxzd0o8fElLmMr1nAmNoT8Udfm2y0
 9IbnuPcGPz78fX6saN5MKlswHNuzDJGUpOzZjDkAjo3JZFbIg/YS76tMuc4GbkDH
 tDWa0mCm+vmJVd5lD35I2iUcRwZcF2kH3DWbS95s0yg4x20YUclELDty35xDdXK4
 wmTpgs2crMkP1ctWNkei+GOEzhmki7qcj+9iUJCV+2oLDWwUoVlXG0h4eke87/4d
 x0y2eeqJYn4PcDR8X0wktUPd532hP9hFn6l26UVwZk1bHYQqWxg3JR32c18WkQlz
 T2OhuEoTFUOJjTTReotZXdeZyaCsQkMUr7HL0y7p4hbvdGfdtCLNAgn5ppEWpb5+
 dHRb7sKv613qUN1zaqb6Trepjn0MwEjrdnNJwoXXP+ALimKRCwcGsMlSGehmCyTI
 kY2ZksQEq7z3TKCPi1VAS/gRbHBDn+FBGkptYv+N8xY1v+cmKpLogOsyLbACutZW
 EhNDZC0YlqXZS2+OQ91SuNzhQZvARP88bVJFn29syFgS8WA6qoWihdRBXxkRFvFe
 La8L3jwk5Z2kDLhdzp/NcZWv3ua210ITpt1/oSjtyJTUTQKeS+4=
 =jJBv
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20211119' of https://github.com/legoater/qemu into staging

ppc 6.2 queue:

* fix pmu vmstate
* Fix compile of byte_reverse on new compilers

# gpg: Signature made Fri 19 Nov 2021 12:49:30 PM CET
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-ppc-20211119' of https://github.com/legoater/qemu:
  tests/tcg/ppc64le: Fix compile flags for byte_reverse
  pmu: fix pmu vmstate subsection list

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-19 13:39:19 +01:00
Richard Henderson
9c25e1db18 hw/nvme fixes
* Fix CVE-2021-3947
 * Controller hotplugging fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmGXWUcACgkQTeGvMW1P
 DelFZQgAjcyzkhxqCYRDIwCdnSa/E2kND5vkmF/CIb5CEi4TPOUygVKfW551fhJP
 0h8YfK2giD+d61iw+lgEED+4iCiqZzRqOQ62jNyEGejbw2ZTb7chGKEHzHznHx2w
 /2OamufO9rCS1bzqF0FyAi8dWBEXpIo88tWM717gCWmNEAKighI9gnJfEFqmsPkA
 g4GrxjtXdx5S0rhBUFKPRZ1fBheb2sUCDxPIV+kalCpYQn/ubjydBC7yAI7f5vNA
 GdKV8VjdXSEsGhtSSFgfJRyF/Tq4yrB9oWpq+h30QkqtuQlSvqxxxzsJKz7Y+YtA
 I/QaPATsq4qY8WPBKLvD9Kr4K1x0+Q==
 =BbXH
 -----END PGP SIGNATURE-----

Merge tag 'nvme-fixes-for-6.2-pull-request' of git://git.infradead.org/qemu-nvme into staging

hw/nvme fixes

* Fix CVE-2021-3947
* Controller hotplugging fixes

# gpg: Signature made Fri 19 Nov 2021 08:59:03 AM CET
# gpg:                using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9

* tag 'nvme-fixes-for-6.2-pull-request' of git://git.infradead.org/qemu-nvme:
  hw/nvme: fix buffer overrun in nvme_changed_nslist (CVE-2021-3947)
  hw/nvme: change nvme-ns 'shared' default
  hw/nvme: reattach subsystem namespaces on hotplug

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-19 11:01:46 +01:00
Mark Cave-Ayland
3f26c97577 esp: ensure that async_len is reset to 0 during esp_hard_reset()
If a reset command is sent after data has been transferred into the SCSI buffer
ensure that async_len is reset to 0. Otherwise a subsequent TI command assumes
the SCSI buffer contains data to be transferred to the device causing it to
dereference the stale async_buf pointer.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/724
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211118100327.29061-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-19 10:14:30 +01:00
Klaus Jensen
e2c57529c9 hw/nvme: fix buffer overrun in nvme_changed_nslist (CVE-2021-3947)
Fix missing offset verification.

Cc: qemu-stable@nongnu.org
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Fixes: f432fdfa12 ("support changed namespace asynchronous event")
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-11-19 07:32:19 +01:00
Klaus Jensen
916b0f0b52 hw/nvme: change nvme-ns 'shared' default
Change namespaces to be shared namespaces by default (parameter
shared=on). Keep shared=off for older machine types.

Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-11-19 07:31:56 +01:00
Hannes Reinecke
9fc6e86e8b hw/nvme: reattach subsystem namespaces on hotplug
With commit 5ffbaeed16 ("hw/nvme: fix controller hot unplugging")
namespaces get moved from the controller to the subsystem if one
is specified.
That keeps the namespaces alive after a controller hot-unplug, but
after a controller hotplug we have to reconnect the namespaces
from the subsystem to the controller.

Fixes: 5ffbaeed16 ("hw/nvme: fix controller hot unplugging")
Cc: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Hannes Reinecke <hare@suse.de>
[k.jensen: only attach to shared and non-detached namespaces]
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-11-19 07:31:34 +01:00
Prasad J Pandit
d05dcd94ae net: vmxnet3: validate configuration values during activate (CVE-2021-20203)
While activating device in vmxnet3_acticate_device(), it does not
validate guest supplied configuration values against predefined
minimum - maximum limits. This may lead to integer overflow or
OOB access issues. Add checks to avoid it.

Fixes: CVE-2021-20203
Buglink: https://bugs.launchpad.net/qemu/+bug/1913873
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-11-19 11:43:47 +08:00
Peng Liang
f3bc3a73c9 vfio: Fix memory leak of hostwin
hostwin is allocated and added to hostwin_list in vfio_host_win_add, but
it is only deleted from hostwin_list in vfio_host_win_del, which causes
a memory leak.  Also, freeing all elements in hostwin_list is missing in
vfio_disconnect_container.

Fix: 2e4109de8e ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)")
CC: qemu-stable@nongnu.org
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Link: https://lore.kernel.org/r/20211117014739.1839263-1-liangpeng10@huawei.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-11-17 11:25:55 -07:00
Laurent Vivier
14554b3dcc pmu: fix pmu vmstate subsection list
The subsection is not closed by a NULL marker so this can trigger
a segfault when the pmu vmstate is saved.

This can be easily shown with:

  $ ./qemu-system-ppc64  -dump-vmstate vmstate.json
  Segmentation fault (core dumped)

Fixes: d811d61fbc ("mac_newworld: add PMU device")
Cc: mark.cave-ayland@ilande.co.uk
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-11-17 19:10:44 +01:00
Richard Henderson
3e595538b8 target-arm queue:
* Support multiple redistributor regions for TCG GICv3
  * Send RTC_CHANGE QMP event from pl031
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmGSrLQZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3n9ID/9E4onDjL5f0UkRqISs72Kv
 q80tMer6qZHeyiJCKyomYBuHPRa4hGxZ28E2Zn/Y0qNSr/U2yjnkQiybIa2q4Th+
 8zLC+AsdXtJxk0vaDMr6uuWlXmbHKodA4OLAxbrom8e0q7H9SyzsvqaGWuLIoarl
 xXQuPumrBjjWR2jzUjSONupayKMKTHnRlqG8sl9Mw60W8BiNirar/lZP7s9tJI9/
 IIh1MvpMIYEPZnRHokI2JNA2HBHFFGEM9Pu2I84ApzNFk2zpTS8U0Uoa+ITb7E5A
 pn3Yd6tizNWRBQXbkE43/TSbNe4PIm43ZhO9mQiyDqZ7/+9T1fl3wGR39KI0oZNG
 47vTjR9MihG8BPuGvTIHyVzAFUL/cff6w+P0YQSBB9H/k39TKUVcujM2Z0TfeoUs
 rofzKnGSZ0eTR/tiNJUWzh8heF45gM4ZscOaoyX7mLznUPCq0CQQ0oJC26UMWeHn
 ngECVPbmQSsR4qiUdnVLAqQSiy6SUk+bd+QWKU+8Gh+UVqcJiGwSSLEhWqRrV7yX
 pOAgDBOcCu9hgMQN0zbdZnm2Cg/tOZLMR1tm+vLy4Mm450quWjGGcOgryejBqy2V
 TIONc4aWvxzPVyFy0AV9DP8iA7EG8pDuKjLg/5msUyA7a+HUsf1VWq3RC1CU2Aq6
 RfGl5xxZwA5ppKeq0dp4Ow==
 =XJbZ
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20211115-1' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * Support multiple redistributor regions for TCG GICv3
 * Send RTC_CHANGE QMP event from pl031

# gpg: Signature made Mon 15 Nov 2021 07:53:40 PM CET
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]

* tag 'pull-target-arm-20211115-1' of https://git.linaro.org/people/pmaydell/qemu-arm:
  hw/rtc/pl031: Send RTC_CHANGE QMP event
  hw/intc/arm_gicv3: Support multiple redistributor regions
  hw/intc/arm_gicv3: Set GICR_TYPER.Last correctly when nb_redist_regions > 1
  hw/intc/arm_gicv3: Move checking of redist-region-count to arm_gicv3_common_realize

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-16 09:56:28 +01:00
Richard Henderson
757b8dd4e9 pci,pc,virtio: bugfixes
pci power management fixes
 acpi hotplug fixes
 misc other fixes
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmGSh40PHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpH2AH/RLY+ONL98GT4D+hi8MGCOhN669jrPbAqJ1L
 l9p2GxDoXSD4PCDReU3VCzLtRsxsv/camgMx/DnDxaZtdgKm8SlXGJutMtNHpTY6
 PHZLMLoixZSsKi6Tm3xGut/FSzsTZl4Gc3rqwaryHQLqptNO+XQJSBmP+oEAdjAd
 nKVepHRveOTVVBBzCmoNpFA+BEXRTItdfG0ZKprPkXUobc2jeV7ymkTX9s2OBLEf
 /pE49tZj1K4ab8g4+RY4cFEFoDZbXZ55Aq3ck5LAb47qIr/1cXPVP7PxINmasy4Y
 H+oTUpWLBM7rFbdP/GBFANu5HkEQ5pnjeosWYOKsopE4UFCyDxc=
 =y9C8
 -----END PGP SIGNATURE-----

Merge tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

pci,pc,virtio: bugfixes

pci power management fixes
acpi hotplug fixes
misc other fixes

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 15 Nov 2021 05:15:09 PM CET
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]

* tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
  pcie: expire pending delete
  pcie: fast unplug when slot power is off
  pcie: factor out pcie_cap_slot_unplug()
  pcie: add power indicator blink check
  pcie: implement slot power control for pcie root ports
  pci: implement power state
  vdpa: Check for existence of opts.vhostdev
  vdpa: Replace qemu_open_old by qemu_open at
  virtio: use virtio accessor to access packed event
  virtio: use virtio accessor to access packed descriptor flags
  tests: bios-tables-test update expected blobs
  hw/i386/acpi-build: Deny control on PCIe Native Hot-plug in _OSC
  bios-tables-test: Allow changes in DSDT ACPI tables
  hw/acpi/ich9: Add compat prop to keep HPC bit set for 6.1 machine type
  pcie: rename 'native-hotplug' to 'x-native-hotplug'
  hw/mem/pc-dimm: Restrict NUMA-specific code to NUMA machines
  vhost: Fix last vq queue index of devices with no cvq
  vhost: Rename last_index to vq_index_end
  softmmu/qdev-monitor: fix use-after-free in qdev_set_id()
  net/vhost-vdpa: fix memory leak in vhost_vdpa_get_max_queue_pairs()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-15 21:56:15 +01:00
Eric Auger
1adf528ec3 hw/rtc/pl031: Send RTC_CHANGE QMP event
The PL031 currently is not able to report guest RTC change to the QMP
monitor as opposed to mc146818 or spapr RTCs. This patch adds the call
to qapi_event_send_rtc_change() when the Load Register is written. The
value which is reported corresponds to the difference between the guest
reference time and the reference time kept in softmmu/rtc.c.

For instance adding 20s to the guest RTC value will report 20. Adding
an extra 20s to the guest RTC value will report 20 + 20 = 40.

The inclusion of qapi/qapi-types-misc-target.h in hw/rtl/pl031.c
require to compile the PL031 with specific_ss.add() to avoid
./qapi/qapi-types-misc-target.h:18:13: error: attempt to use poisoned
"TARGET_<ARCH>".

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210920122535.269988-1-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-11-15 18:53:00 +00:00
Peter Maydell
e5cba10ee1 hw/intc/arm_gicv3: Support multiple redistributor regions
Our GICv3 QOM interface includes an array property
redist-region-count which allows board models to specify that the
registributor registers are not in a single contiguous range, but
split into multiple pieces.  We implemented this for KVM, but
currently the TCG GICv3 model insists that there is only one region.
You can see the limit being hit with a setup like:
  qemu-system-aarch64 -machine virt,gic-version=3 -smp 124

Add support for split regions to the TCG GICv3.  To do this we switch
from allocating a simple array of MemoryRegions to an array of
GICv3RedistRegion structs so that we can use the GICv3RedistRegion as
the opaque pointer in the MemoryRegion read/write callbacks.  Each
GICv3RedistRegion contains the MemoryRegion, a backpointer allowing
the read/write callback to get hold of the GICv3State, and an index
which allows us to calculate which CPU's redistributor is being
accessed.

Note that arm_gicv3_kvm always passes in NULL as the ops argument
to gicv3_init_irqs_and_mmio(), so the only MemoryRegion read/write
callbacks we need to update to handle this new scheme are the
gicv3_redist_read/write functions used by the emulated GICv3.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-15 16:12:59 +00:00
Peter Maydell
046164155a hw/intc/arm_gicv3: Set GICR_TYPER.Last correctly when nb_redist_regions > 1
The 'Last' bit in the GICR_TYPER GICv3 redistributor register is
supposed to be set to 1 if this is the last redistributor in a series
of contiguous redistributor pages.  Currently we set Last only for
the redistributor for CPU (num_cpu - 1).  This only works if there is
a single redistributor region; if there are multiple redistributor
regions then we need to set the Last bit for the last redistributor
in each region.

This doesn't cause any problems currently because only the KVM GICv3
supports multiple redistributor regions, and it ignores the value in
GICv3State::gicr_typer.  But we need to fix this before we can enable
support for multiple regions in the emulated GICv3.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-15 16:12:59 +00:00
Peter Maydell
01b5ab8cc0 hw/intc/arm_gicv3: Move checking of redist-region-count to arm_gicv3_common_realize
The GICv3 devices have an array property redist-region-count.
Currently we check this for errors (bad values) in
gicv3_init_irqs_and_mmio(), just before we use it.  Move this error
checking to the arm_gicv3_common_realize() function, where we
sanity-check all of the other base-class properties. (This will
always be before gicv3_init_irqs_and_mmio() is called, because
that function is called in the subclass realize methods, after
they have called the parent-class realize.)

The motivation for this refactor is:
 * we would like to use the redist_region_count[] values in
   arm_gicv3_common_realize() in a subsequent patch, so we need
   to have already done the sanity-checking first
 * this removes the only use of the Error** argument to
   gicv3_init_irqs_and_mmio(), so we can remove some error-handling
   boilerplate

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-15 16:12:59 +00:00
Gerd Hoffmann
18416c62e3 pcie: expire pending delete
Add an expire time for pending delete, once the time is over allow
pressing the attention button again.

This makes pcie hotplug behave more like acpi hotplug, where one can
try sending an 'device_del' monitor command again in case the guest
didn't respond to the first attempt.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20211111130859.1171890-7-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-15 11:10:11 -05:00
Gerd Hoffmann
0d33415a4e pcie: fast unplug when slot power is off
In case the slot is powered off (and the power indicator turned off too)
we can unplug right away, without round-trip to the guest.

Also clear pending attention button press, there is nothing to care
about any more.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20211111130859.1171890-6-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-15 11:10:11 -05:00
Gerd Hoffmann
44242d4d3d pcie: factor out pcie_cap_slot_unplug()
No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20211111130859.1171890-5-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-15 11:10:11 -05:00
Gerd Hoffmann
81124b3c7a pcie: add power indicator blink check
Refuse to push the attention button in case the guest is busy with some
hotplug operation (as indicated by the power indicator blinking).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20211111130859.1171890-4-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-15 11:10:11 -05:00
Gerd Hoffmann
d5daff7d31 pcie: implement slot power control for pcie root ports
With this patch hot-plugged pci devices will only be visible to the
guest if the guests hotplug driver has enabled slot power.

This should fix the hot-plug race which one can hit when hot-plugging
a pci device at boot, while the guest is in the middle of the pci bus
scan.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20211111130859.1171890-3-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-15 11:10:11 -05:00
Gerd Hoffmann
23786d1344 pci: implement power state
This allows to power off pci devices.  In "off" state the devices will
not be visible.  No pci config space access, no pci bar access, no dma.

Default state is "on", so this patch (alone) should not change behavior.

Use case:  Allows hotplug controllers implement slot power.  Hotplug
controllers doing so should set the inital power state for devices in
the ->plug callback.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20211111130859.1171890-2-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-15 11:10:11 -05:00
Jason Wang
d152cdd6f6 virtio: use virtio accessor to access packed event
We used to access packed descriptor event and off_wrap via
address_space_{write|read}_cached(). When we hit the cache, memcpy()
is used which is not atomic which may lead a wrong value to be read or
wrote.

This patch fixes this by switching to use
virito_{stw|lduw}_phys_cached() to make sure the access is atomic.

Fixes: 683f766567 ("virtio: event suppression support for packed ring")
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211111063854.29060-2-jasowang@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-15 09:44:46 -05:00
Jason Wang
f463e761a4 virtio: use virtio accessor to access packed descriptor flags
We used to access packed descriptor flags via
address_space_{write|read}_cached(). When we hit the cache, memcpy()
is used which is not an atomic operation which may lead a wrong value
is read or wrote.

So this patch switches to use virito_{stw|lduw}_phys_cached() to make
sure the aceess is atomic.

Fixes: 86044b24e8 ("virtio: basic packed virtqueue support")
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211111063854.29060-1-jasowang@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-15 09:44:46 -05:00
Julia Suvorova
211afe5c69 hw/i386/acpi-build: Deny control on PCIe Native Hot-plug in _OSC
There are two ways to enable ACPI PCI Hot-plug:

        * Disable the Hot-plug Capable bit on PCIe slots.

This was the first approach which led to regression [1-2], as
I/O space for a port is allocated only when it is hot-pluggable,
which is determined by HPC bit.

        * Leave the HPC bit on and disable PCIe Native Hot-plug in _OSC
          method.

This removes the (future) ability of hot-plugging switches with PCIe
Native hotplug since ACPI PCI Hot-plug only works with cold-plugged
bridges. If the user wants to explicitely use this feature, they can
disable ACPI PCI Hot-plug with:
        --global ICH9-LPC.acpi-pci-hotplug-with-bridge-support=off

Change the bit in _OSC method so that the OS selects ACPI PCI Hot-plug
instead of PCIe Native.

[1] https://gitlab.com/qemu-project/qemu/-/issues/641
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2006409

Signed-off-by: Julia Suvorova <jusual@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20211112110857.3116853-5-imammedo@redhat.com>
Reviewed-by: Ani Sinha <ani@anisinha.ca>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-15 09:44:46 -05:00
Julia Suvorova
c318bef762 hw/acpi/ich9: Add compat prop to keep HPC bit set for 6.1 machine type
To solve issues [1-2] the Hot Plug Capable bit in PCIe Slots will be
turned on, while the switch to ACPI Hot-plug will be done in the
DSDT table.

Introducing 'x-keep-native-hpc' property disables the HPC bit only
in 6.1 and as a result keeps the forced 'reserve-io' on
pcie-root-ports in 6.1 too.

[1] https://gitlab.com/qemu-project/qemu/-/issues/641
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2006409

Signed-off-by: Julia Suvorova <jusual@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20211112110857.3116853-3-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-15 09:44:46 -05:00
Igor Mammedov
2aa1842d6d pcie: rename 'native-hotplug' to 'x-native-hotplug'
Mark property as experimental/internal adding 'x-' prefix.

Property was introduced in 6.1 and it should have provided
ability to turn on native PCIE hotplug on port even when
ACPI PCI hotplug is in use is user explicitly sets property
on CLI. However that never worked since slot is wired to
ACPI hotplug controller.
Another non-intended usecase: disable native hotplug on slot
when APCI based hotplug is disabled, which works but slot has
'hotplug' property for this taks.

It should be relatively safe to rename it to experimental
as no users should exist for it and given that the property
is broken we don't really want to leave it around for much
longer lest users start using it.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Ani Sinha <ani@anisinha.ca>
Message-Id: <20211112110857.3116853-2-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-15 09:44:46 -05:00
Richard Henderson
42f6c9179b ppc 6.2 queue :
* Fix of a regression in floating point load instructions (Matheus)
 * Associativity fix for pseries machine (Daniel)
 * tlbivax fix for BookE machines (Danel)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmGOS+EACgkQUaNDx8/7
 7KF8OQ/8C1tgrQbzWpFBtPm6zHJhxUu8+pdlpV3Mc//g7f2OWij2lgiMLdlTmyo7
 xnIwBOv8AROCZ86V/Itn5pofyCbj9Ydo8Bnlpbq2dB5xoOWJIZANtEK8EBk81mkA
 /yj9nCtffpjkj0kzDZIxzAUh/bCUTxrXjnroXTflrcIR6gICheCAy3ZKSsM64Mle
 gDKFQVjFU/KOZhqM45WqKyx7dI1AWctw3pGLGQFAH2N8mdksamxLFijm0bnOgevM
 htmFPB74rJQ0KTy+pl+JujYaEF7i/XzE2Dhos3QQ6RTdxBFeXW/FbVoShdFLR24M
 D1L9o9IfADKwTlBCzA8s+K5S5W+/W6uuV/8fd57pPZ4DLH485uQ8C7jJQVo1SvXV
 M3Sf7x8vUtQRB1l0kWK9ymFQ6ShHSpT1i6RzcrEGtRlkj5ui42GjpRuFeRKmqg2h
 YoeYDeer2IoqPWUXrIzwNqxAQ8EVlB06OAGC9+oWYdAcBP0JAVA49JyO/vqL+jcL
 XLV5oPV8RG9KdNmo47J0lxKcXZ2T1BAWeh7OnBXnbrLVILh+oHvlhg9GJhNE+RAa
 whMhxdlkJPgkikrhU7MVvZ+I1cxINDqo0Pib7T8hGPxEKa16xoL9tOT9YIYLXGW7
 3q46Ts0D1g8Oiq2DXrFbRmWKLaKN/dzyY3jNKSDfyZJQKpmMvhg=
 =E3d7
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20211112' of https://github.com/legoater/qemu into staging

ppc 6.2 queue :

* Fix of a regression in floating point load instructions (Matheus)
* Associativity fix for pseries machine (Daniel)
* tlbivax fix for BookE machines (Danel)

# gpg: Signature made Fri 12 Nov 2021 12:11:29 PM CET
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-ppc-20211112' of https://github.com/legoater/qemu:
  ppc/mmu_helper.c: do not truncate 'ea' in booke206_invalidate_ea_tlb()
  spapr_numa.c: fix FORM1 distance-less nodes
  target/ppc: Fix register update on lf[sd]u[x]/stf[sd]u[x]

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-12 12:28:25 +01:00
Richard Henderson
1b9fc6d8ba * Fixes for SGX
* force_rcu notifiers
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmGMQFwUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroPDcAf8CBwO73zxJd0Z3eHzgiSlDavb+ORy
 vXkgGNMHBavaO+QuKzWrzuz42+6r+BW3mlMLEWGyEUGq7ZLbAwTGQ+zT+La8J+TG
 xK872G8skl1j9Xb1TL7t/DeT9ja4MlZbB0LehFa/GIgh2V6mFjXTzH05PH5p9hd0
 M8JGiLtrPEcIv4Df+T3pxbuQy45FqD4hLtEZJW4mKUm2oywxwHOLFty5+VVRxw5h
 Rl5Xuf5UfhAdmmBIyIjhVcVGJf+I2Fg7M+6uf62RQ2SlVdg2ufanEL2uCYYPt4sD
 kDbybursvyqf1IW4LF0vP2KznQE2Hckj6FeACYw32HrlQT6UzX7nbu2TdA==
 =70MJ
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* Fixes for SGX
* force_rcu notifiers

# gpg: Signature made Wed 10 Nov 2021 10:57:48 PM CET
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  sgx: Reset the vEPC regions during VM reboot
  numa: avoid crash with SGX and "info numa"
  accel/tcg: Register a force_rcu notifier
  rcu: Introduce force_rcu notifier
  target/i386: sgx: mark device not user creatable

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-11 09:56:22 +01:00
Philippe Mathieu-Daudé
be81ba6042 hw/mem/pc-dimm: Restrict NUMA-specific code to NUMA machines
When trying to use the pc-dimm device on a non-NUMA machine, we get:

  $ qemu-system-arm -M none -cpu max -S \
      -object memory-backend-file,id=mem1,size=1M,mem-path=/tmp/1m \
      -device pc-dimm,id=dimm1,memdev=mem1
  Segmentation fault (core dumped)

  (gdb) bt
  #0  pc_dimm_realize (dev=0x555556da3e90, errp=0x7fffffffcd10) at hw/mem/pc-dimm.c:184
  #1  0x0000555555fe1f8f in device_set_realized (obj=0x555556da3e90, value=true, errp=0x7fffffffce18) at hw/core/qdev.c:531
  #2  0x0000555555feb4a9 in property_set_bool (obj=0x555556da3e90, v=0x555556e54420, name=0x5555563c3c41 "realized", opaque=0x555556a704f0, errp=0x7fffffffce18) at qom/object.c:2257

To avoid that crash, restrict the pc-dimm NUMA check to machines
supporting NUMA, and do not allow the use of 'node' property on
non-NUMA machines.

Suggested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211106145016.611332-1-f4bug@amsat.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-11 03:13:05 -05:00
Eugenio Pérez
14c81b2191 vhost: Fix last vq queue index of devices with no cvq
The -1 assumes that cvq device model is accounted in data_queue_pairs,
if cvq does not exists, but it's actually the opposite: Devices with
!cvq are ok but devices with cvq does not add the last queue to
data_queue_pairs.

This is not a problem to vhost-net, but it is to vhost-vdpa:
* Devices with cvq gets initialized at last data vq device model, not
at cvq one.
* Devices with !cvq never gets initialized, since last_index is the
first queue of the last device model.

Because of that, the right change in last_index is to actually add the
cvq, not to remove the missing one.

This is not a problem to vhost-net, but it is to vhost-vdpa, which
device model trust to reach the last index to finish starting the
device.

Also, as the previous commit, rename it to index_end.

Tested with vp_vdpa with host's vhost=on and vhost=off, with ctrl_vq=on
and ctrl_vq=off.

Fixes: 049eb15b5f ("vhost: record the last virtqueue index for the virtio device")
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20211104085625.2054959-3-eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-11 03:13:05 -05:00
Eugenio Pérez
245cf2c24e vhost: Rename last_index to vq_index_end
The doc of this field pointed out that last_index is the last vq index.
This is misleading, since it's actually one past the end of the vqs.

Renaming and modifying comment.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211104085625.2054959-2-eperezma@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-11 03:13:05 -05:00
Yang Zhong
2c3132279b sgx: Reset the vEPC regions during VM reboot
For bare-metal SGX on real hardware, the hardware provides guarantees
SGX state at reboot.  For instance, all pages start out uninitialized.
The vepc driver provides a similar guarantee today for freshly-opened
vepc instances, but guests such as Windows expect all pages to be in
uninitialized state on startup, including after every guest reboot.

Qemu can invoke the ioctl to bring its vEPC pages back to uninitialized
state. There is a possibility that some pages fail to be removed if they
are SECS pages, and the child and SECS pages could be in separate vEPC
regions.  Therefore, the ioctl returns the number of EREMOVE failures,
telling Qemu to try the ioctl again after it's done with all vEPC regions.

The related kernel patches:
Link: https://lkml.kernel.org/r/20211021201155.1523989-3-pbonzini@redhat.com

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20211101162009.62161-6-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-10 22:57:40 +01:00
Daniel Henrique Barboza
1fde73bcd7 spapr_numa.c: fix FORM1 distance-less nodes
Commit 71e6fae3a9 fixed an issue with FORM2 affinity guests with NUMA
nodes in which the distance info is absent in
machine_state->numa_state->nodes. This happens when QEMU adds a default
NUMA node and when the user adds NUMA nodes without specifying the
distances.

During the discussions of the forementioned patch [1] it was found that
FORM1 guests were behaving in a strange way in the same scenario, with
the kernel seeing the distances between the nodes as '160', as we can
see in this example with 4 NUMA nodes without distance information:

$ numactl -H
available: 4 nodes (0-3)
(...)
node distances:
node   0   1   2   3
  0:  10  160  160  160
  1:  160  10  160  160
  2:  160  160  10  160
  3:  160  160  160  10

Turns out that we have the same problem with FORM1 guests - we are
calculating associativity domain using zeroed values. And as it also
turns out, the solution from 71e6fae3a9 applies to FORM1 as well.

This patch creates a wrapper called 'get_numa_distance' that contains
the logic used in FORM2 to define node distances when this information
is absent. This helper is then used in all places where we need to read
distance information from machine_state->numa_state->nodes. That way
we'll guarantee that the NUMA node distance is always being curated
before being used.

After this patch, the FORM1 guest mentioned above will have the
following topology:

$ numactl -H
available: 4 nodes (0-3)
(...)
node distances:
node   0   1   2   3
  0:  10  20  20  20
  1:  20  10  20  20
  2:  20  20  10  20
  3:  20  20  20  10

This is compatible with what FORM2 guests and other archs do in this
case.

[1] https://lists.gnu.org/archive/html/qemu-devel/2021-11/msg01960.html

Fixes: 690fbe4295 ("spapr_numa: consider user input when defining associativity")
CC: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
CC: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-11-10 13:48:13 +01:00
Paolo Bonzini
bd989ed44f numa: avoid crash with SGX and "info numa"
Add the MEMORY_DEVICE_INFO_KIND_SGX_EPC case, so that enclave
memory is included in the output of "info numa" instead of crashing
the monitor.

Fixes: a7c565a941 ("sgx-epc: Add the fill_device_info() callback support", 2021-09-30)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-10 13:37:36 +01:00
Paolo Bonzini
a0b9c5f75c target/i386: sgx: mark device not user creatable
The device is created by the machine based on the sgx-epc property.
It should not be created by users.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-09 18:51:53 +01:00
Laurent Vivier
5db83c7e90 macfb: fix a memory leak (CID 1465231)
Rewrite the function using g_string_append_printf() rather than
g_strdup_printf()/g_strconcat().

Fixes: df8abbbadf ("macfb: add common monitor modes supported by the MacOS toolbox ROM")
Cc: mark.cave-ayland@ilande.co.uk
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20211105165254.3544369-1-laurent@vivier.eu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-11-09 16:42:49 +01:00
Richard Henderson
2b22e7540d m68k pull request 20211109
Add virt machine types for 6.1 and 6.2
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmGKWB8SHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748lCcP/RlwTuI4TLP4LUzKgcw/+vCb+N0EYzhZ
 Fo8DHF+YOBs4bDyGcZiKxy7H1868Yp8Ri6uV38k8zaGwzhIJoxI7vEUyOBS8GSBu
 lE64u0M0zgkG2xiBsY/KRQwMnskvV5rN/nPCkkXT6EVLyOmM5O/fM3qhZgh7Eu2y
 Z8nwnMLKb9T0nRe+zdv2Ue3/S6ClzfLNiP4QkL7BhTzzNfSw2ibFN6cG9H5YLRpS
 f3lrO5a8qZisbD+frW0gz1IiET5eptISECZq7SuEQIK3brFlf27dMwMzx9nA0yY+
 jVPlKlMxLoMATBpvtez9tkTgY7Xd9DoPqKKzr04JfC2VkzGwZ/zXFF0J/0hnH0/Q
 jnuvT82dPK4fhXiygFLwXl76O85hD7RtGnOj2rhGIUwxvVCfuYwhT+rdIO+7kj9X
 0pIWPcnHQzZph4wIO+MlK3yslJvpf+nt+Xt6mvg9cCgXVYSFa5O9EtQBOjd+K15y
 +vG0ba4TZUkqMi9P8ZRem7zcEtjE78qHDYO0n+Cbu6XtR8zCmVamlw3sKrGBfuJ2
 2szv0s/r2Ww9Bd2YhYb+Nhpn5Ei24vTA0gc+O5mFbxLIc6pTP+1FeUFWuujBJORu
 B4slMBlQOnRnvcu172JYeNcmaA3sdOaqhrzkufZYUK+zmJA8ABZp0D42uZxW0s5e
 CG6lEmyzcmWO
 =vDhE
 -----END PGP SIGNATURE-----

Merge tag 'm68k-for-6.2-pull-request' of git://github.com/vivier/qemu-m68k into staging

m68k pull request 20211109

Add virt machine types for 6.1 and 6.2

# gpg: Signature made Tue 09 Nov 2021 12:14:39 PM CET
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]

* tag 'm68k-for-6.2-pull-request' of git://github.com/vivier/qemu-m68k:
  hw: m68k: virt: Add compat machine for 6.2
  hw: m68k: virt: Add compat machine for 6.1

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-09 13:16:56 +01:00
Laurent Vivier
6ed25621f2 hw: m68k: virt: Add compat machine for 6.2
Add the missing machine type for m68k/virt

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20211106194158.4068596-3-laurent@vivier.eu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-11-09 12:14:18 +01:00
Laurent Vivier
6837f29976 hw: m68k: virt: Add compat machine for 6.1
Add the missing machine type for m68k/virt

Cc: qemu-stable@nongnu.org
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20211106194158.4068596-2-laurent@vivier.eu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-11-09 12:14:07 +01:00
Philippe Mathieu-Daudé
65b4c8c759 hw/m68k: Fix typo in SPDX tag
Fix 'Identifer' -> 'Identifier' typo.

Cc: Laurent Vivier <laurent@vivier.eu>
Fixes: 8c6df16ff6 ("hw/char: add goldfish-tty")
Fixes: 8785559390 ("hw/intc: add goldfish-pic")
Fixes: 2fde99ee31 ("m68k: add an interrupt controller")
Fixes: 0791bc02b8 ("m68k: add a system controller")
Fixes: e1cecdca55 ("m68k: add Virtual M68k Machine")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20211103105311.3399293-1-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-11-09 10:11:27 +01:00
Nicholas Piggin
71e6fae3a9 spapr_numa.c: FORM2 table handle nodes with no distance info
A configuration that specifies multiple nodes without distance info
results in the non-local points in the FORM2 matrix having a distance of
0. This causes Linux to complain "Invalid distance value range" because
a node distance is smaller than the local distance.

Fix this by building a simple local / remote fallback for points where
distance information is missing.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20211105135137.1584840-1-npiggin@gmail.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-11-09 10:32:53 +11:00
BALATON Zoltan
88adcbf280 ppc/pegasos2: Suppress warning when qtest enabled
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <20211101151023.F0D02748F5A@zero.eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-11-09 10:32:52 +11:00
Cédric Le Goater
957c52aed5 ppc/pnv: Fix check on block device before updating drive contents
Test is wrong and the backend can never updated. It could have led to
a QEMU crash but since the firmware deactivates flash access if a valid
layout is not detected, it went unnoticed.

Reported-by: Coverity CID 1465223
Fixes: 35dde57662 ("ppc/pnv: Add a PNOR model")
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20211102162905.762078-1-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-11-09 10:32:52 +11:00
Mauro Matteo Cascella
b3af7fdf9c hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands
This avoids an off-by-one read of 'mode_sense_valid' buffer in
hw/scsi/scsi-disk.c:mode_sense_page().

Fixes: CVE-2021-3930
Cc: qemu-stable@nongnu.org
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: a8f4bbe290 ("scsi-disk: store valid mode pages in a table")
Fixes: #546
Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-08 08:55:29 +01:00
Richard Henderson
c39deb2181 gtk: a collection of egl fixes.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmGFFc0ACgkQTLbY7tPo
 cTifABAA285RPpgwuI5RIo9rA6OfnPEAEC5z+NUX/g5X5hnMUXnfIGrPVG1mRU8r
 yPqM0mAoLoYcVQcpGJZCUxOnpm0cTmYJDPIjZ28D8wtQtwEpCDagapckj9L87Sec
 1HgGDoYqdtQoG1HvHRCwR5a35gt9Qi7JwdedT6DkCVy2Tk1NcrR2nfNIl+P/lsBy
 zHZbPwPpPtHP1GirMGL8eq8tDLq6ymMG4wAVytFOHJkfkUxlsK7oB6640jKxGAzB
 j5BW/XyrD2nbPNhtu7JdoKHr3MuP4rCSejllSqzNu0gPsxN7/eLbKj74bW8eaRO1
 FZRneQgmgHwipKDgGFve9RBDlRWpMSNdkuM4h8VVW3ZSb1bWgFFmwStcRpas3Vcw
 Cvg4V7pmO/980Dq7gnbwlmK+QTM2bTEfsUCR74pekgimqxT//85HK10i5/5fRWCo
 cjQUz5809XlFMv7IDjb1wv/uUmIoUAzVSBYxWQF3CzTNlRaHl77K5C5NXgLohxl5
 m+/drFZIVFWNJP8ERa8Y2W/Mlf6jwU9r35wy0UsGOHm4skYHETa/TSvkDGfMsWhu
 QVRG/XmpBjbKk08tGCvPlrS8zdbT8XMR86WsBQj8kpouawd+Uvo+lRitLfv3+oXd
 VnYyXck8Wx/atodOQC7IeFFWyKqkqhKVf4spqYKg9s12YA+LM3U=
 =O6Wg
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/egl-20211105-pull-request' into staging

gtk: a collection of egl fixes.

# gpg: Signature made Fri 05 Nov 2021 07:30:21 AM EDT
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]

* remotes/kraxel/tags/egl-20211105-pull-request:
  ui/gtk-egl: blitting partial guest fb to the proper scanout surface
  ui/gtk: gd_draw_event returns FALSE when no cairo surface is bound
  ui/gtk-egl: guest fb texture needs to be regenerated when reinitializing egl
  ui/gtk-egl: make sure the right context is set as the current
  ui/gtk-egl: un-tab and re-tab should destroy egl surface and context
  virtio-gpu: splitting one extended mode guest fb into n-scanouts

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-05 11:42:06 -04:00
Dongwon Kim
e86a93f554 virtio-gpu: splitting one extended mode guest fb into n-scanouts
When guest is running Linux/X11 with extended multiple displays mode enabled,
the guest shares one scanout resource each time containing whole surface
rather than sharing individual display output separately. This extended frame
is properly splited and rendered on the corresponding scanout surfaces but
not in case of blob-resource (zero copy).

This code change lets the qemu split this one large surface data into multiple
in case of blob-resource as well so that each sub frame then can be blitted
properly to each scanout.

v2: resizing qemu console in virtio_gpu_update_dmabuf to scanout's width and
    height

v3: updating stub function of virtio_gpu_update_dmabuf to match the type

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Message-Id: <20211104065153.28897-5-dongwon.kim@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-11-05 12:29:19 +01:00
Eduardo Habkost
3fd641ac5e Fix virtio-net-pci* "vectors" compat
hw_compat_5_2 has an issue: it affects only "virtio-net-pci"
but not "virtio-net-pci-transitional" and
"virtio-net-pci-non-transitional".  The solution is to use the
"virtio-net-pci-base" type in compat_props.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999141

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Jean-Louis Dupond <jean-louis@dupond.be>
Acked-by: Jason Wang <jasowang@redhat.com>
Acked-by: Jean-Louis Dupond <jean-louis@dupond.be>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-11-05 11:32:00 +08:00
Jon Maloy
25ddb946e6 e1000: fix tx re-entrancy problem
The fact that the MMIO handler is not re-entrant causes an infinite
loop under certain conditions:

Guest write to TDT ->  Loopback -> RX (DMA to TDT) -> TX

We now eliminate the effect of this problem locally in e1000, by adding
a boolean in struct E1000State indicating when the TX side is busy. This
will cause any entering new call to return early instead of interfering
with the ongoing work, and eliminates any risk of looping.

This is intended to address CVE-2021-20257.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-11-05 11:31:42 +08:00
Richard Henderson
b1fd92137e * Build system fixes and cleanups
* DMA support in the multiboot option ROM
 * Rename default-bus-bypass-iommu
 * Deprecate -watchdog and cleanup -watchdog-action
 * HVF fix for <PAGE_SIZE regions
 * Support TSC scaling for AMD nested virtualization
 * Fix for ESP fuzzing bug
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmGBUeEUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroOh+Qf+OMRhRiv6dYjbK/5zXrx81AgxYAY3
 dBUSr8v16LyrMl1U3DZWzhD+MzQsC83m/Xsh4lGxlHDWtkK9QQA5xDG95JZdY26i
 MGCbbjnFHISbyBQV9Y724gPfPjOOODuoFbzafSx6VLITOcyv1ye0cm7TOjOPB+tt
 E4c3JqTZ7g8a5yMe8ItkVhz5pPY+oVw8dxMNRp6Sup5Dbfx0DjacIwLasLsHfPL7
 qBADfqB20ovHUzLjXu7oWgEd4KxJ6kiSCaJJu/KD36hg0wB8+WVP1o43j4PkczHT
 QjU7eZaeaTrN5Cf34ttPge6QReMi5SFNCaA9O9/HLqrQgdEtt/diZWuqjQ==
 =a2mC
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Build system fixes and cleanups
* DMA support in the multiboot option ROM
* Rename default-bus-bypass-iommu
* Deprecate -watchdog and cleanup -watchdog-action
* HVF fix for <PAGE_SIZE regions
* Support TSC scaling for AMD nested virtualization
* Fix for ESP fuzzing bug

# gpg: Signature made Tue 02 Nov 2021 10:57:37 AM EDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* remotes/bonzini/tags/for-upstream: (27 commits)
  configure: fix --audio-drv-list help message
  configure: Remove the check for the __thread keyword
  Move the l2tpv3 test from configure to meson.build
  meson: remove unnecessary coreaudio test program
  meson: remove pointless warnings
  meson.build: Allow to disable OSS again
  meson: bump submodule to 0.59.3
  qtest/am53c974-test: add test for cancelling in-flight requests
  esp: ensure in-flight SCSI requests are always cancelled
  KVM: SVM: add migration support for nested TSC scaling
  hw/i386: fix vmmouse registration
  watchdog: remove select_watchdog_action
  vl: deprecate -watchdog
  watchdog: add information from -watchdog help to -device help
  hw/i386: Rename default_bus_bypass_iommu
  hvf: Avoid mapping regions < PAGE_SIZE as ram
  configure: do not duplicate CPU_CFLAGS into QEMU_LDFLAGS
  configure: remove useless NPTL probe
  target/i386: use DMA-enabled multiboot ROM for new-enough QEMU machine types
  optionrom: add a DMA-enabled multiboot ROM
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-03 13:07:30 -04:00
Richard Henderson
c55e3370c3 Trivial patches branch pull request 20211101 v2
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmGByAgSHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748JyMP/RJmY8WPKvwFvmClyKe+ikgHRwDmTMST
 172rBEr4sj/PWSu0A2OfaoJxXVq6KPnKb4ECInC6xCdw6J5O79WQh999wSguiel3
 Lx8FScj6IBpWT97l4fKTBC8HeDk19BzwzVMXcw53mi3hRx1Rc9nZAFZ9NCn2UeqL
 1KURpnEy85oNKfsX2dLnuTFYL6g24qfQWxjZm76tuPsTii4q0cSAl+MAq5NamFZ5
 fR6LbyDIVvejeVtavhn6JNx0QA/Fjjmhploa6c3PrUZs0LG7QeM/00HU92GiMjbi
 1z2/TDeSFAqKM5friztgjOhaKssEe3CaYnL0S23cmgMkPzqGICRaXBIxL44tlrG+
 8noyhTSZMBJDSKaGGW4VxKd7uwXI6vFgh8To+AZOFktm4f93N51tCOd7yYSXpgFh
 y4s5+UbAuaGfypb1WN7aSmuYcADaarpdGI8AXiYI70tiVmVwUeMJs6AXV/a7xLLL
 LmaXVGFPAMgnTMyBPGLV9nxcJLAV6IqmErVTu2BPnIDWAvMVImVLI4kizPg3OzHC
 XGDifQmitgDVtKt8WJH2+tlKA9GysoruMGXTESUMKeEY3lqdkm/OgEIhw3yJDySo
 TrCEdN7WtERA9OrVcoQblOltEOrpvtPohryYmC7XRtvqB21fTa96VQMpOjwyHeNA
 o5Xt/14GCSkh
 =qh4o
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier/tags/trivial-branch-for-6.2-pull-request' into staging

Trivial patches branch pull request 20211101 v2

# gpg: Signature made Tue 02 Nov 2021 07:21:44 PM EDT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]

* remotes/vivier/tags/trivial-branch-for-6.2-pull-request:
  hw/input/lasips2: Fix typos in function names
  MAINTAINERS: Split HPPA TCG vs HPPA machines/hardware
  hw/core/machine: Add the missing delimiter in cpu_slot_to_string()
  monitor: Trim some trailing space from human-readable output

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-03 11:24:09 -04:00
Richard Henderson
cc23377516 Add nuvoton sd module for NPCM7XX
Add gdb-xml for MVE
 More uses of tcg_constant_* in target/arm
 Fix parameter naming for default-bus-bypass-iommu
 Ignore cache operations to mmio in HVF
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmGBgjkdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8sAAgAsHaW2sHH/W4TzCwl
 DfqFar4u047Q+ZtQHjNehGHF9Bxp4NS4A0qL52vk0hVoqeWlyF1N29MOnewgVDqY
 q1x+uxJtG9xjTse7oEEshEEFF/7J8eB8dN4E78TFn/6IhvVhGiUeeRu29s44Ot6N
 E2KABcXfd+4gEdqhepLGEbi5n0TnA8ARmmeffZNWVEbsxQjHnMQQYmqGmllB3xV3
 qPpnp3avvD1015zMwrLVmlDO+tSRr/1bed7k3k26ebga2B/zitxcpXFNCDlgePx0
 LNT5QYvBDpE7HOruGQjf4iXPJHfYw5VMtopK7K++rY9KWiJgBVSjQUcB462sdCPk
 wNAp0g==
 =vlZ5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-arm-20211102-2' into staging

Add nuvoton sd module for NPCM7XX
Add gdb-xml for MVE
More uses of tcg_constant_* in target/arm
Fix parameter naming for default-bus-bypass-iommu
Ignore cache operations to mmio in HVF

# gpg: Signature made Tue 02 Nov 2021 02:23:53 PM EDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* remotes/rth/tags/pull-arm-20211102-2:
  hvf: arm: Ignore cache operations on MMIO
  hw/arm/virt: Rename default_bus_bypass_iommu
  target/arm: Use tcg_constant_i32() in gen_rev16()
  target/arm: Use tcg_constant_i64() in do_sat_addsub_64()
  target/arm: Use the constant variant of store_cpu_field() when possible
  target/arm: Introduce store_cpu_field_constant() helper
  target/arm: Use tcg_constant_i32() in op_smlad()
  target/arm: Advertise MVE to gdb when present
  tests/qtest/libqos: add SDHCI commands
  hw/arm: Attach MMC to quanta-gbs-bmc
  hw/arm: Add Nuvoton SD module to board
  hw/sd: add nuvoton MMC

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-03 09:31:25 -04:00
Richard Henderson
e86e00a249 Initial conversion of HMP debugging commands to QMP
This introduces a new policy that all HMP commands will be converted to
 have QMP equivalents, marked unstable if no formal QAPI modelling is
 intended to be done.
 
 New unstable commands are added as follows:
 
   - HMP "info roms" => QMP "x-query-roms"
   - HMP "info profile" => QMP "x-query-profile"
   - HMP "info numa" => QMP "x-query-numa"
   - HMP "info usb" => QMP "x-query-usb"
   - HMP "info rdma" => QMP "x-query-rdma"
   - HMP "info ramblock" => QMP "x-query-ramblock"
   - HMP "info irq" => QMP "x-query-irq"
   - HMP "info jit" => QMP "x-query-jit"
   - HMP "info opcount" => QMP "x-query-opcount"
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmGBe1QACgkQvobrtBUQ
 T9+8XA/9Ex3VtJZpW3FEgk29hvCXxBqM7S6vMpJ+BoySzjf9zeN1b7DJx4uE7urI
 GeIB8x9gtwdlin2E7lFZPG0nzJ35YFctsPjWIn2Nm/i5uIYz68R+SwugJJ7z26Ep
 kn2eN814vONTUk0KL6e4+XQ+LkKI26o2R0mAEy+iWOB3lazCkalHY6u/Z/D5Xcqp
 aRBn/VIWnH4LyIGj9vJuc74nsfo6IbaxFQWnXCjgw7NUVHC33q6R+gXKenf5dXL6
 FhGRV8G6JVMIhRmp8n8BNQiysBLcve7r9LOeSlUMYwDMqBreeS7rNwd5jPoXu4v/
 KfYtqQaXV+YhqEoUR3AWBq0Legz2P2gEDxDg+QMIqb+5kX0+tg2/vTvRNsrhnpIm
 d+9TBqZ8BtJEIyz8MJ/R4G6a7Ytx6cyjLPL0CjswD/0Jsg7XWzyIpcUtJ5OH+tT3
 24NB/Aq++iSReAT53TmypAuijL5kNioB00A+RR0hW5ZPuAiqZzXAXoECOxjNSLOC
 9IBWugug3W7vj3HJIEgDGjFNWcdP0KmCL6dkiWjEfWThDeG39ApQmCL+FlKNRKdC
 7EPcuu3G7Yl8dkG4kmpwR9zCC4fin9TxJajagUlJyJkl/EpbWeebswh175kREnRE
 46CdCRcVTJ4HLbRzWlUkZAtmfzFKKvjQTcmH3cTlgH6vWpfCNCY=
 =AQdc
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange/tags/hmp-x-qmp-620-pull-request' into staging

Initial conversion of HMP debugging commands to QMP

This introduces a new policy that all HMP commands will be converted to
have QMP equivalents, marked unstable if no formal QAPI modelling is
intended to be done.

New unstable commands are added as follows:

  - HMP "info roms" => QMP "x-query-roms"
  - HMP "info profile" => QMP "x-query-profile"
  - HMP "info numa" => QMP "x-query-numa"
  - HMP "info usb" => QMP "x-query-usb"
  - HMP "info rdma" => QMP "x-query-rdma"
  - HMP "info ramblock" => QMP "x-query-ramblock"
  - HMP "info irq" => QMP "x-query-irq"
  - HMP "info jit" => QMP "x-query-jit"
  - HMP "info opcount" => QMP "x-query-opcount"

# gpg: Signature made Tue 02 Nov 2021 01:54:28 PM EDT
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]

* remotes/berrange/tags/hmp-x-qmp-620-pull-request:
  qapi: introduce x-query-opcount QMP command
  qapi: introduce x-query-jit QMP command
  qapi: introduce x-query-irq QMP command
  qapi: introduce x-query-ramblock QMP command
  qapi: introduce x-query-rdma QMP command
  qapi: introduce x-query-usb QMP command
  qapi: introduce x-query-numa QMP command
  qapi: introduce x-query-profile QMP command
  qapi: introduce x-query-roms QMP command
  docs/devel: document expectations for HMP commands in the future
  docs/devel: add example of command returning unstructured text
  docs/devel: document expectations for QAPI data modelling for QMP
  monitor: introduce HumanReadableText and HMP support
  docs/devel: update error handling guidance for HMP commands
  docs/devel: tweak headings in monitor command docs
  docs/devel: rename file for writing monitor commands
  monitor: make hmp_handle_error return a boolean
  monitor: remove 'info ioapic' HMP command

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-03 08:04:32 -04:00
Richard Henderson
58b6476164 MAINTAINERS: audio updates
microvm: device tree support
 console: chardev fixes
 misc: deprecate sga
 usb: fix struct usb_msd_csw
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmGBZp8ACgkQTLbY7tPo
 cTg/fxAAj4z7EqdQXykN4ra+JWbmxp9KE4Y7uDb7XIuzG1KRU/7zZeVaZ2+0X1R9
 9LicHo4wd0DN3JfHrkrQrpEN22zB0x7zUh9/5F7jtdOUzKf8GuhxBq9EmFpS5Uk1
 w4a/5bEmbfOf9G9kGm6DWFvUGj9AzmeCoJFCGxzWTjcqNQlyk/P1Plsq7m21RIXy
 le2tCevivE6LzxGZLXBH3YO0wjI6oSHBGaN9/0lOj4bUMGls5NpRB9gFR8IFcFeo
 XTGeJeB+INVt3/kTft65HkPqLif9FU/8Q/cqiglauLUyLFRVwe1sGtL7gnwmYBat
 xELqemBp0eVId+X1EOjkx2jdd70pwTxLT0alG/e34PsWF020AJIYvgLkXYS0FUqV
 PZDILgz6bGJ7o+vy0uYDzS20wMjBYhZ5UCuew4rN9xRxWA1qdJ8pk+4Bmal77oxQ
 cn/7pSkhD/Yz6ya/7yFNzzhy44Id8WRlYTbtjrgSvISSW+UHFotT/+io3dzdRuzC
 DnXl+DusxiCbNm0uE6xufS1gQLMlWqy8eAYrforIziVJG+RpxRjU0bTtzqyTqjm4
 MPiBWTM5InbM7IhoRo+x00vREPO5nGmtKCruaYW39uxT7MXQvociFObnspuwdfsc
 ZWwsMH79DSjpx8lXYyyls5uyEIgjY6mPYL9r8m1b2T05EF6Vy9E=
 =cLSX
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/misc-20211102-pull-request' into staging

MAINTAINERS: audio updates
microvm: device tree support
console: chardev fixes
misc: deprecate sga
usb: fix struct usb_msd_csw

# gpg: Signature made Tue 02 Nov 2021 12:26:07 PM EDT
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]

* remotes/kraxel/tags/misc-20211102-pull-request:
  usb-storage: tag usb_msd_csw as packed struct
  hw/misc: deprecate the 'sga' device
  ui/console: remove chardev frontend connected test
  ui/console: replace kbd_timer with chr_accept_input callback
  ui/console: replace QEMUFIFO with Fifo8
  ui/gtk: skip any extra draw of same guest scanout blob res
  ui/gtk: Update the refresh rate for gl-area too
  microvm: add device tree support.
  MAINTAINERS: add myself as partial audio reviewer
  MAINTAINERS: Add myself as a reviewer for SDL audio

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-03 02:28:14 -04:00
Richard Henderson
741bdeb1d5 Block layer patches
- Fail gracefully when blockdev-snapshot creates loops
 - ide: Fix IDENTIFY DEVICE for disks > 128 GiB
 - file-posix: Fix return value translation for AIO discards
 - file-posix: add 'aio-max-batch' option
 - rbd: implement bdrv_co_block_status
 - Code cleanups and build fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmGBYXIRHGt3b2xmQHJl
 ZGhhdC5jb20ACgkQfwmycsiPL9Y3Qw//S9iBIU0cemm5mX/LlDzkrb0VhB5zCQ/C
 8ReZh2R0j3kJl2n+ViRr3qRzvjKyjYuKKJ+bb8FNl/DC88evmiowuXj+csVnC6PM
 I6a6vfKPdioIk36MwACWw75N208eVRNHOPvWH/s3sjar1hMlDftdN1lDZA9sDLLx
 NGH9VRG8gSoKox9+Wg4x584XGI3YU/BqGdcM+W9E0T4OLT9X0RUmXbzVzspYFlPh
 O/r/gTZ0Ip5UXoPiHgyGhCalNep6Uc9A8n1sTaHIjaVcfSE86AuJgc5RcM0HFASn
 1fTNmxbX2taEeynISJAn2x77LASCvLSUErBmVQjHZOAkbNgJD4/R9MUlndxr+MAR
 tXJD+Pkah+M2LwUWdUIfm8UiBBX3LC4Qd/5byc85qr+s24q+EPvOmyqThLT2RNjq
 NLGO9WmRnf7sNvFjvmMXz1JAp1pV4P82j2P/4oy3ZZSW8AVaWr6xxS5hgePpqD4x
 yFP91lnce//UKVfU60VafPh6wUv1Isv0aN1JaW0Vz9wo0LF/i/6zbFO+RVS2PbMR
 VpGmGee7rbgPyWxPrjunyXv+FqciRmbd+IEAg2MlKacHk1F2pQiDLnJUPIGf+9tz
 nv+cq92FNd7hpx4qsuBhe0Ys89QJ2hueTk4RrQF/38tEoRzZ6IwppLlp7kRK39C2
 8TPSkiyqlIQ=
 =Jtih
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kwolf/tags/for-upstream' into staging

Block layer patches

- Fail gracefully when blockdev-snapshot creates loops
- ide: Fix IDENTIFY DEVICE for disks > 128 GiB
- file-posix: Fix return value translation for AIO discards
- file-posix: add 'aio-max-batch' option
- rbd: implement bdrv_co_block_status
- Code cleanups and build fixes

# gpg: Signature made Tue 02 Nov 2021 12:04:02 PM EDT
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]

* remotes/kwolf/tags/for-upstream:
  block/nvme: Extract nvme_free_queue() from nvme_free_queue_pair()
  block/nvme: Display CQ/SQ pointer in nvme_free_queue_pair()
  block/nvme: Automatically free qemu_memalign() with QEMU_AUTO_VFREE
  block-backend: Silence clang -m32 compiler warning
  linux-aio: add `dev_max_batch` parameter to laio_io_unplug()
  linux-aio: add `dev_max_batch` parameter to laio_co_submit()
  file-posix: add `aio-max-batch` option
  block/export/fuse.c: fix musl build
  ide: Cap LBA28 capacity announcement to 2^28-1
  block/rbd: implement bdrv_co_block_status
  block: Fail gracefully when blockdev-snapshot creates loops
  block/file-posix: Fix return value translation for AIO discards

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-03 00:32:56 -04:00
Richard Henderson
7fa736595e pc,pci,virtio: features, fixes
virtio-iommu support for x86/ACPI.
 Fixes, cleanups all over the place.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmGAefYPHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpiCUH/2pIs3FmOGIasEqn4BnqXr4dHMReUO5Ghg0v
 cXle4ZUrbg7Qpnxh07CwMuUpJV3Qv+xtVK7hzbD13nnxrkTZuKzBRV1AthkA1Hly
 zIKOxnEgV497LaXoaSOtqAx48fuznk5XOHju91usgu4mehJ0qe2gcwb4H8uWGkQi
 hrsR7a9woP0M4H/jvb3+aQRCJKMscj8ReabM1ulOugNpPdNI/jIKtBvZBtTxAqtQ
 CH9/DJLfVmzDRYdeBpnF06A+tXm4uU1Q5BmpmF9qaymk/PzthN54gdnDd6zH405Z
 Tmjp9UA2xfEYDmKzuTCBdPmoUe6OI7mU9o0WbB5MGYx5RRRBETw=
 =R7DD
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,pci,virtio: features, fixes

virtio-iommu support for x86/ACPI.
Fixes, cleanups all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 01 Nov 2021 07:36:22 PM EDT
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]

* remotes/mst/tags/for_upstream:
  hw/i386: fix vmmouse registration
  pci: Export pci_for_each_device_under_bus*()
  pci: Define pci_bus_dev_fn/pci_bus_fn/pci_bus_ret_fn
  hw/i386/pc: Allow instantiating a virtio-iommu device
  hw/i386/pc: Move IOMMU singleton into PCMachineState
  hw/i386/pc: Remove x86_iommu_get_type()
  hw/acpi: Add VIOT table
  vhost-vdpa: Set discarding of RAM broken when initializing the backend
  qtest: fix 'expression is always false' build failure in qtest_has_accel()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 19:24:17 -04:00
Richard Henderson
157f75435e MIPS patches queue
- Fine-grained MAINTAINERS sections
 - Fix MSA MADDV.B / MSUBV.B opcodes
 - Convert MSA opcodes to decodetree
 - Correct Loongson-3A4000 MSAIR register
 - Do not accept ELF nanoMIPS binaries on linux-user
 - Use ISA instead of PCI interrupts in VT82C686 PCI device
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmGBP/AACgkQ4+MsLN6t
 wN71pxAAlzPE8VVJAWP7TLL/Y+j4LhmHZwdkJMyZ1YhHg9loOOzbH+Pm9vgwHzjp
 O50I+e25LlJfmhR0/UA5nPSGDGQn6yK9bzB31R4ClQaMqyThDysA7HAJnnPQyUOF
 9COxd3QdfALn0+0N/Y8uVe8opMAy+pi9G0hIp84ngEXFFph3XZ8GFfdg+ThxhYGG
 ERQoNqkQpAxWg6Bh1iBH036z6FH8BzFM4Ja6Bm2cjrzLm2PbwOAeFDHJ//961TPK
 GLTicX3J0xO80X73lF5ipCpyQvo+vCgw/tbSv/I0XS3skMhTHEjucWVBZQ1Awu8e
 +cK9rRmXMywakMryMUC5C2/8CRNN6FznJYWbnL4TpifqFZ1gmlStKQoHKNKAmrr/
 h/plPbyugP2ELdH2gwfjF3uf13Cww2E0vsRJSBuBhSFwb+FEppFUQLykWji2BgyO
 azB2k3bp6sdLTPhpIWWu1Aq/V3cOq0p2zJip6bS0k8TTQV3q2lLMNc8BF5O0J7Jh
 KHb6hhqKkEAQhYksyOEsEf+5BtFhiDIfOI3ORu9Zz+L3ffzZlXZjCYgsGsNnGGz1
 syoLvrVcdXq7qA4qeocZJ+RSpvvkXpZt0pVBJaw4fenH5XED7GxaQGx9GjhC1UQa
 VC7mI3D2DUBJACPeUecCJ1MdJfCkAenT5y1bm/w6vqYEF8nLhDE=
 =XMNZ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd/tags/mips-20211102' into staging

MIPS patches queue

- Fine-grained MAINTAINERS sections
- Fix MSA MADDV.B / MSUBV.B opcodes
- Convert MSA opcodes to decodetree
- Correct Loongson-3A4000 MSAIR register
- Do not accept ELF nanoMIPS binaries on linux-user
- Use ISA instead of PCI interrupts in VT82C686 PCI device

# gpg: Signature made Tue 02 Nov 2021 09:41:04 AM EDT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]

* remotes/philmd/tags/mips-20211102: (41 commits)
  Revert "elf: Relax MIPS' elf_check_arch() to accept EM_NANOMIPS too"
  hw/usb/vt82c686-uhci-pci: Use ISA instead of PCI interrupts
  usb/uhci: Replace pci_set_irq with qemu_set_irq
  usb/uhci: Disallow user creating a vt82c686-uhci-pci device
  usb/uhci: Misc clean up
  target/mips: Remove obsolete FCR0_HAS2008 comment on P5600 CPU
  target/mips: Fix Loongson-3A4000 MSAIR config register
  target/mips: Remove one MSA unnecessary decodetree overlap group
  target/mips: Remove generic MSA opcode
  target/mips: Convert CTCMSA opcode to decodetree
  target/mips: Convert CFCMSA opcode to decodetree
  target/mips: Convert MSA MOVE.V opcode to decodetree
  target/mips: Convert MSA COPY_S and INSERT opcodes to decodetree
  target/mips: Convert MSA COPY_U opcode to decodetree
  target/mips: Convert MSA ELM instruction format to decodetree
  target/mips: Convert MSA 3R instruction format to decodetree (part 4/4)
  target/mips: Convert MSA 3R instruction format to decodetree (part 3/4)
  target/mips: Convert MSA 3R instruction format to decodetree (part 2/4)
  target/mips: Convert MSA 3R instruction format to decodetree (part 1/4)
  target/mips: Convert MSA 3RF instruction format to decodetree (DF_WORD)
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 15:12:11 -04:00
Jean-Philippe Brucker
9dad363a22 hw/arm/virt: Rename default_bus_bypass_iommu
Since commit d8fb7d0969 ("vl: switch -M parsing to keyval"), machine
parameter definitions cannot use underscores, because keyval_dashify()
transforms them to dashes and the parser doesn't find the parameter.

This affects option default_bus_bypass_iommu which was introduced in the
same release:

$ qemu-system-aarch64 -M virt,default_bus_bypass_iommu=on
qemu-system-aarch64: Property 'virt-6.1-machine.default-bus-bypass-iommu' not found

Rename the parameter to "default-bus-bypass-iommu". Passing
"default_bus_bypass_iommu" is still valid since the underscore are
transformed automatically.

Fixes: 6d7a85483a ("hw/arm/virt: Add default_bus_bypass_iommu machine option")
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Tested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211026093733.2144161-1-jean-philippe@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 14:14:55 -04:00
Shengtan Mao
2cb06d492d hw/arm: Attach MMC to quanta-gbs-bmc
Signed-off-by: Shengtan Mao <stmao@google.com>
Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Tyrone Ting <kfting@nuvoton.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20211008002628.1958285-4-wuhaotsh@google.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 14:14:55 -04:00
Shengtan Mao
0a9df6cb9f hw/arm: Add Nuvoton SD module to board
Signed-off-by: Shengtan Mao <stmao@google.com>
Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Chris Rauer <crauer@google.com>
Reviewed-by: Tyrone Ting <kfting@nuvoton.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20211008002628.1958285-3-wuhaotsh@google.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 14:14:55 -04:00
Shengtan Mao
8092b51849 hw/sd: add nuvoton MMC
Signed-off-by: Shengtan Mao <stmao@google.com>
Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Chris Rauer <crauer@google.com>
Reviewed-by: Tyrone Ting <kfting@nuvoton.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20211008002628.1958285-2-wuhaotsh@google.com>
[rth: Fix typos of "nonexistent"]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 14:14:55 -04:00
Daniel P. Berrangé
7c8d295b27 hw/misc: deprecate the 'sga' device
This is obsolete since SeaBIOS 1.11.0 introduced native support for
sending messages to the serial console. The new support can be
activated using -machine graphics=off on x86 targets.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20210909123219.862652-1-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-11-02 17:24:18 +01:00
Dongwon Kim
55f4b767f6 ui/gtk: skip any extra draw of same guest scanout blob res
Any extra draw call for the same blob resource representing guest scanout
before the previous drawing is not finished can break synchronous draw
sequence. To prevent this, drawing is now done only once for each draw
submission (when draw_submitted == true).

v2:
 - removed mutex
 - updated commit msg

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Message-Id: <20210924225105.24930-1-dongwon.kim@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-11-02 17:24:18 +01:00
Gerd Hoffmann
f5918a9928 microvm: add device tree support.
Allows edk2 detect virtio-mmio devices and pcie ecam.
See comment in hw/i386/microvm-dt.c for more details.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Sergio Lopez <slp@redhat.com>
Message-Id: <20211014193617.2475578-1-kraxel@redhat.com>
2021-11-02 17:24:17 +01:00
Daniel P. Berrangé
8dbbca5c05 qapi: introduce x-query-rdma QMP command
This is a counterpart to the HMP "info rdma" command. It is being
added with an "x-" prefix because this QMP command is intended as an
adhoc debugging tool and will thus not be modelled in QAPI as fully
structured data, nor will it have long term guaranteed stability.
The existing HMP command is rewritten to call the QMP command.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-11-02 15:55:14 +00:00
Daniel P. Berrangé
fc30920731 qapi: introduce x-query-usb QMP command
This is a counterpart to the HMP "info usb" command. It is being
added with an "x-" prefix because this QMP command is intended as an
adhoc debugging tool and will thus not be modelled in QAPI as fully
structured data, nor will it have long term guaranteed stability.
The existing HMP command is rewritten to call the QMP command.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-11-02 15:55:14 +00:00
Daniel P. Berrangé
1b8ae799d8 qapi: introduce x-query-numa QMP command
This is a counterpart to the HMP "info numa" command. It is being
added with an "x-" prefix because this QMP command is intended as an
adhoc debugging tool and will thus not be modelled in QAPI as fully
structured data, nor will it have long term guaranteed stability.
The existing HMP command is rewritten to call the QMP command.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-11-02 15:55:14 +00:00
Daniel P. Berrangé
dd98234c05 qapi: introduce x-query-roms QMP command
This is a counterpart to the HMP "info roms" command. It is being
added with an "x-" prefix because this QMP command is intended as an
adhoc debugging tool and will thus not be modelled in QAPI as fully
structured data, nor will it have long term guaranteed stability.
The existing HMP command is rewritten to call the QMP command.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-11-02 15:55:13 +00:00
Daniel P. Berrangé
0ca117a756 monitor: make hmp_handle_error return a boolean
This turns the pattern

  if (err) {
     hmp_handle_error(mon, err);
     return;
  }

into

  if (hmp_handle_error(mon, err)) {
     return;
  }

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-11-02 15:55:13 +00:00
Mark Cave-Ayland
de7e2cb155 esp: ensure in-flight SCSI requests are always cancelled
There is currently a check in esp_select() to cancel any in-flight SCSI requests
to ensure that issuing multiple select commands without continuing through the
rest of the ESP state machine ignores all but the last SCSI request. This is
also enforced through the addition of assert()s in esp_transfer_data() and
scsi_read_data().

The get_cmd() function does not call esp_select() when TC == 0 which means it is
possible for a fuzzer to trigger these assert()s by sending a select command when
TC == 0 immediately after a valid SCSI CDB has been submitted.

Since esp_select() is only called from get_cmd(), hoist the check to cancel
in-flight SCSI requests from esp_select() into get_cmd() to ensure it is always
called when executing a select command to initiate a new SCSI request.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Closes: https://gitlab.com/qemu-project/qemu/-/issues/662
Closes: https://gitlab.com/qemu-project/qemu/-/issues/663
Message-Id: <20211101183516.8455-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-02 15:57:27 +01:00
Pavel Dovgalyuk
6aedeb650e hw/i386: fix vmmouse registration
According to the logic of vmmouse_update_handler function,
vmmouse should be registered as an event handler when
it's status is zero.
vmmouse_read_id resets the status but does not register
the handler.
This patch adds vmmouse registration and activation when
status is reset.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-Id: <163524204515.1914131.16465061981774791228.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-02 15:57:27 +01:00
Paolo Bonzini
22afb46e7c watchdog: remove select_watchdog_action
Instead of invoking select_watchdog_action from both HMP and command line,
go directly from HMP to QMP and use QemuOpts as the intermediary for the
command line.

This makes -watchdog-action explicitly a shortcut for "-action watchdog",
so that "-watchdog-action" and "-action watchdog" override each other
based on the position on the command line; previously, "-action watchdog"
always won.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-02 15:57:27 +01:00
Paolo Bonzini
b10cb62752 watchdog: add information from -watchdog help to -device help
List all watchdog devices in a separate category, and populate
their descriptions.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-02 15:57:27 +01:00
Jean-Philippe Brucker
739b38630c hw/i386: Rename default_bus_bypass_iommu
Since commit d8fb7d0969 ("vl: switch -M parsing to keyval"), machine
parameter definitions cannot use underscores, because keyval_dashify()
transforms them to dashes and the parser doesn't find the parameter.

This affects option default_bus_bypass_iommu which was introduced in the
same release:

$ qemu-system-x86_64 -M q35,default_bus_bypass_iommu=on
qemu-system-x86_64: Property 'pc-q35-6.1-machine.default-bus-bypass-iommu' not found

Rename the parameter to "default-bus-bypass-iommu". Passing
"default_bus_bypass_iommu" is still valid since the underscore are
transformed automatically.

Fixes: c9e96b04fc ("hw/i386: Add a default_bus_bypass_iommu pc machine option")
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-Id: <20211025104737.1560274-1-jean-philippe@linaro.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-02 15:57:27 +01:00
Paolo Bonzini
3ca8ce720f target/i386: use DMA-enabled multiboot ROM for new-enough QEMU machine types
As long as fw_cfg supports DMA, the new ROM can be used also on older
machine types because it has the same size as the existing one.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-02 15:57:27 +01:00
Paolo Bonzini
f014c97459 target/i386: move linuxboot_dma_enabled to X86MachineState
This removes a parameter from x86_load_linux, and will avoid code
duplication between the linux and multiboot cases once multiboot
starts to support DMA.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-02 15:57:27 +01:00
Eugenio Pérez
a89b34be5e util: Make some iova_tree parameters const
As qemu guidelines:
Unless a pointer is used to modify the pointed-to storage, give it the
"const" attribute.

In the particular case of iova_tree_find it allows to enforce what is
requested by its comment, since the compiler would shout in case of
modifying or freeing the const-qualified returned pointer.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211013182713.888753-2-eperezma@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-02 15:57:21 +01:00
Richard Henderson
91e8394415 Migration Pull request
Hi
 
 this includes pending bits of migration patches.
 
 - virtio-mem support by David Hildenbrand
 - dirtyrate improvements by Hyman Huang
 - fix rdma wrid by Li Zhijian
 - dump-guest-memory fixes by Peter Xu
 
 Pleas apply.
 
 Thanks, Juan.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEGJn/jt6/WMzuA0uC9IfvGFhy1yMFAmGAZEAACgkQ9IfvGFhy
 1yPMlxAAx3HRMTCqlluM6B28TKHpGmg7O87g6F0U5fRZNJEro+8p08zYC1Yo2HNm
 Po7dd++lZxcGPKrq7q1IKPH+wbQ5Yg/3jCeruXP2GRq3AKo9MyUK4WKd2BKRZbnl
 q2oioUSLKYmsUqyl6YI/8nlgyDvmdGet8+GHxhmG5fVNGabWnGhwJDlCbOh1LAqb
 cqACvahXuIVj3X7nMbz3e3Xy4YY/hJqJb3+e0DrQwlPDQRLDhadlQ7zv9vJ75BeY
 Lt0/jnYI223m5LuiTecjv1S9AQjQpqJZq9N2K9miXmd3jtVkm2iqHdXZDK/Sr5oO
 TE5OCf8xtFEcZ2KNwxQYMW+gkx2Gj6aoxIobu3HJ5kELErmvVhdnM7rkLmSHf8WB
 Un/O55xUE/Hyg4G/oZOjAwk6eHS7RM+fIBq5wDGn5MNyYpBXid6JhWxSKv0i/gFX
 8JA5i8wyzkUD23c8Ez+Ms6nmIL9LJS7xpVx9jqV2fNBdf+15opHg2ufnB5NnQ9y8
 JJkzPjW2xKh5EsznY8iDeTztN7Im9Bn+4VcNl53Okugh5QFlTOtcAE21EjPrhv0K
 XC6PJmDnSZenhJkhgXeDzUe4wZu9wvAjH/R/yTVrW2jT51Azebw3dtreX8F/Dqap
 n+T+jupShCrrNFw0tCWsuLu+OZJrSwA83tFo+6DfH/idi0CJoJs=
 =8B3Y
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/migration-20211031-pull-request' into staging

Migration Pull request

Hi

this includes pending bits of migration patches.

- virtio-mem support by David Hildenbrand
- dirtyrate improvements by Hyman Huang
- fix rdma wrid by Li Zhijian
- dump-guest-memory fixes by Peter Xu

Pleas apply.

Thanks, Juan.

# gpg: Signature made Mon 01 Nov 2021 06:03:44 PM EDT
# gpg:                using RSA key 1899FF8EDEBF58CCEE034B82F487EF185872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>" [full]
# gpg:                 aka "Juan Quintela <quintela@trasno.org>" [full]

* remotes/juanquintela/tags/migration-20211031-pull-request:
  migration/dirtyrate: implement dirty-bitmap dirtyrate calculation
  memory: introduce total_dirty_pages to stat dirty pages
  migration/ram: Handle RAMBlocks with a RamDiscardManager on background snapshots
  migration/ram: Factor out populating pages readable in ram_block_populate_pages()
  migration: Simplify alignment and alignment checks
  migration/postcopy: Handle RAMBlocks with a RamDiscardManager on the destination
  virtio-mem: Drop precopy notifier
  migration/ram: Handle RAMBlocks with a RamDiscardManager on the migration source
  virtio-mem: Implement replay_discarded RamDiscardManager callback
  memory: Introduce replay_discarded callback for RamDiscardManager
  dump-guest-memory: Block live migration
  migration: Add migrate_add_blocker_internal()
  migration: Make migration blocker work for snapshots too
  migration/dirtyrate: implement dirty-ring dirtyrate calculation
  migration/dirtyrate: move init step of calculation to main thread
  migration/dirtyrate: adjust order of registering thread
  migration/dirtyrate: introduce struct and adjust DirtyRateStat
  memory: make global_dirty_tracking a bitmask
  KVM: introduce dirty_pages and kvm_dirty_ring_enabled
  migration/rdma: Fix out of order wrid

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 10:07:27 -04:00
BALATON Zoltan
4f3b0a4d75 hw/usb/vt82c686-uhci-pci: Use ISA instead of PCI interrupts
This device is part of a superio/ISA bridge chip and IRQs from it are
routed to an ISA interrupt set by the Interrupt Line PCI config
register. Implement this in a vt82c686-uhci-pci specific irq handler
Using via_isa_set_irq().

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <8d7ed385e33a847d8ddc669163a68b5ca57f82ce.1635161629.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-11-02 14:32:32 +01:00
BALATON Zoltan
e4f5b93986 usb/uhci: Replace pci_set_irq with qemu_set_irq
Instead of using pci_set_irq, store the irq in the device state and
use it explicitly so variants having different interrupt handling can
use their own.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <b39066e03c8731f4197d50bc79b403f797599999.1635161629.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-11-02 14:32:32 +01:00
BALATON Zoltan
ece29df33b usb/uhci: Disallow user creating a vt82c686-uhci-pci device
Because this device only works as part of VIA superio chips set user
creatable to false. Since the class init method is common for UHCI
variants introduce a flag in UHCIInfo for this.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <e6abf1f19ca72bbc2d8a5a6aa941edbf87a9845f.1635161629.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-11-02 14:32:32 +01:00
BALATON Zoltan
d3647ef1fd usb/uhci: Misc clean up
Fix a comment for coding style so subsequent patch will not get
checkpatch error and simplify and shorten uhci_update_irq().

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <b68a57dfcf181e73272b4dc951f8cc6e76b0d182.1635161629.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-11-02 14:32:32 +01:00
Samuel Thibault
46e018e9b7 ide: Cap LBA28 capacity announcement to 2^28-1
The LBA28 capacity (at offsets 60/61 of identification) is supposed to
express the maximum size supported by LBA28 commands. If the device is
larger than this, we have to cap it to 2^28-1.

At least NetBSD happens to be using this value to determine whether to use
LBA28 or LBA48 for its commands, using LBA28 for sectors that don't need
LBA48. This commit thus fixes NetBSD access to disks larger than 128GiB.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-Id: <20210824104344.3878849-1-samuel.thibault@ens-lyon.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-11-02 13:02:46 +01:00
Richard Henderson
844d6dfc3e VFIO update 2021-11-01
* Re-enable expanded sub-page BAR mappings after migration (Kunkun Jiang)
 
  * Trace dropped listener sections due to page alignment (Kunkun Jiang)
 -----BEGIN PGP SIGNATURE-----
 
 iQJPBAABCAA5FiEEQvbATlQL0amee4qQI5ubbjuwiyIFAmGARIwbHGFsZXgud2ls
 bGlhbXNvbkByZWRoYXQuY29tAAoJECObm247sIsiM+AP/3ZroIwg3EhUAEG6lmzq
 DaUNNIdYlRqamLSOWTCiGG3+S6DWnuvSMWiclCWV2arxgPC1xpuPBTQ8YcJEAXW6
 NLkQXLS+62SJ3ZYPcKCFFRxDuz9x6cBJzFBSjfmdxfem93MQxWXMrOsB3BGWz1Sy
 EEWFQv4FfnTNseA9sy0lIP42LNKS53Vti9ejBX/CpcGLOOGu6d9ScPrHS/tD/WCP
 ofnk6wMAGt9uRaor2EsOBdJGloq1h4JzzJL6/5wEoll1qEBbg2PsrkKhlKj2+JsQ
 Eq8MXoyb53xL0iHgJG0C4sFtd8Ir1S1cobLEmoboE8MKbPPmOi28E54rDXUnKc+y
 vQNQx9iVK54ia6ivr5evtotNb/2ITip8HLuUxScPxe3iB5c+4s/ic5ory4SYP0I6
 nbDPM0J+YAA3E+kc5tpj5M0b56rfpQkBjJZNrhQBMQZP8wC3ll1+XcY/xBkH23CG
 jrhDBdLYxyNz5N4CZEG4PFDdMMd4xspJtrurkDgjNageMZz/n2O5pz35rsqWMPyo
 ShKuoqCB8LHWw8qaK6UZfsGGzKw3QaJZK0vylXgG4xVbNdNJStSYSUN7djUrj7E2
 wm8tsv67QFIKYTLm/YsP0jxpyvbZeHhK/iaVSrcd6e5q6WA/hAMGDyb6Aex7BJAJ
 vFoHBTdV6aHDbgzEMOvoGXYZ
 =twB8
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/alex.williamson/tags/vfio-update-20211101.0' into staging

VFIO update 2021-11-01

 * Re-enable expanded sub-page BAR mappings after migration (Kunkun Jiang)

 * Trace dropped listener sections due to page alignment (Kunkun Jiang)

# gpg: Signature made Mon 01 Nov 2021 03:48:28 PM EDT
# gpg:                using RSA key 42F6C04E540BD1A99E7B8A90239B9B6E3BB08B22
# gpg:                issuer "alex.williamson@redhat.com"
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" [full]
# gpg:                 aka "Alex Williamson <alex@shazbot.org>" [full]
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>" [full]
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>" [full]

* remotes/alex.williamson/tags/vfio-update-20211101.0:
  vfio/common: Add a trace point when a MMIO RAM section cannot be mapped
  vfio/pci: Add support for mmapping sub-page MMIO BARs after live migration

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:25:59 -04:00
Pavel Dovgalyuk
d99e8b5fcb hw/i386: fix vmmouse registration
According to the logic of vmmouse_update_handler function,
vmmouse should be registered as an event handler when
it's status is zero.
vmmouse_read_id resets the status but does not register
the handler.
This patch adds vmmouse registration and activation when
status is reset.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-Id: <163524204515.1914131.16465061981774791228.stgit@pasha-ThinkPad-X280>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-01 19:36:11 -04:00
Peter Xu
2914fc61d5 pci: Export pci_for_each_device_under_bus*()
They're actually more commonly used than the helper without _under_bus, because
most callers do have the pci bus on hand.  After exporting we can switch a lot
of the call sites to use these two helpers.

Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20211028043129.38871-3-peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
2021-11-01 19:36:11 -04:00
Peter Xu
b3dcf94f77 pci: Define pci_bus_dev_fn/pci_bus_fn/pci_bus_ret_fn
They're used in quite a few places of pci.[ch] and also in the rest of the code
base.  Define them so that it doesn't need to be defined all over the places.

The pci_bus_fn is similar to pci_bus_dev_fn that only takes a PCIBus* and an
opaque.  The pci_bus_ret_fn is similar to pci_bus_fn but it allows to return a
void* pointer.

Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20211028043129.38871-2-peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-01 19:36:11 -04:00
Jean-Philippe Brucker
36efa250a4 hw/i386/pc: Allow instantiating a virtio-iommu device
Allow instantiating a virtio-iommu device by adding an ACPI Virtual I/O
Translation table (VIOT), which describes the relation between the
virtio-iommu and the endpoints it manages.

Add a hotplug handler for virtio-iommu on x86 and set the necessary
reserved region property. On x86, the [0xfee00000, 0xfeefffff] DMA
region is reserved for MSIs. DMA transactions to this range either
trigger IRQ remapping in the IOMMU or bypasses IOMMU translation.

Although virtio-iommu does not support IRQ remapping it must be informed
of the reserved region so that it can forward DMA transactions targeting
this region.

Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-Id: <20211026182024.2642038-5-jean-philippe@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-01 18:49:10 -04:00
Jean-Philippe Brucker
1b3bf13890 hw/i386/pc: Move IOMMU singleton into PCMachineState
We're about to support a third vIOMMU for x86, virtio-iommu which
doesn't inherit X86IOMMUState. Move the IOMMU singleton into
PCMachineState, so it can be shared between all three vIOMMUs.

The x86_iommu_get_default() helper is still needed by KVM and IOAPIC to
fetch the default IRQ-remapping IOMMU. Since virtio-iommu doesn't
support IRQ remapping, this interface doesn't need to change for the
moment. We could later replace X86IOMMUState with an "IRQ remapping
IOMMU" interface if necessary.

Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-Id: <20211026182024.2642038-4-jean-philippe@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-01 18:49:10 -04:00
Jean-Philippe Brucker
867e9c9f4c hw/i386/pc: Remove x86_iommu_get_type()
To generate the IOMMU ACPI table, acpi-build.c can use base QEMU types
instead of a special IommuType value.

Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-Id: <20211026182024.2642038-3-jean-philippe@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-01 18:49:10 -04:00
Jean-Philippe Brucker
1f85d74ac5 hw/acpi: Add VIOT table
Add a function that generates a Virtual I/O Translation table (VIOT),
describing the topology of paravirtual IOMMUs. The table is created if a
virtio-iommu device is present. It contains a virtio-iommu node and PCI
Range nodes for endpoints managed by the IOMMU. By default, a single
node describes all PCI devices. When passing the
"default_bus_bypass_iommu" machine option and "bypass_iommu" PXB option,
only buses that do not bypass the IOMMU are described by PCI Range
nodes.

Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-Id: <20211026182024.2642038-2-jean-philippe@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-01 18:49:10 -04:00
David Hildenbrand
e1c1915bef vhost-vdpa: Set discarding of RAM broken when initializing the backend
Similar to VFIO, vDPA will go ahead an map+pin all guest memory. Memory
that used to be discarded will get re-populated and if we
discard+re-access memory after mapping+pinning, the pages mapped into the
vDPA IOMMU will go out of sync with the actual pages mapped into the user
space page tables.

Set discarding of RAM broken such that:
- virtio-mem and vhost-vdpa run mutually exclusive
- virtio-balloon is inhibited and no memory discards will get issued

In the future, we might be able to support coordinated discarding of RAM
as used by virtio-mem and already supported by vfio via the
RamDiscardManager.

Acked-by: Jason Wang <jasowang@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Cindy Lu <lulu@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20211027130324.59791-1-david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
2021-11-01 18:49:10 -04:00
David Hildenbrand
f4578df399 virtio-mem: Drop precopy notifier
Migration code now properly handles RAMBlocks which are indirectly managed
by a RamDiscardManager. No need for manual handling via the free page
optimization interface, let's get rid of it.

Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2021-11-01 22:56:44 +01:00
David Hildenbrand
372aa6fd73 virtio-mem: Implement replay_discarded RamDiscardManager callback
Implement it similar to the replay_populated callback.

Acked-by: Peter Xu <peterx@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2021-11-01 22:56:44 +01:00
Hyman Huang(黄勇)
63b41db4bc memory: make global_dirty_tracking a bitmask
since dirty ring has been introduced, there are two methods
to track dirty pages of vm. it seems that "logging" has
a hint on the method, so rename the global_dirty_log to
global_dirty_tracking would make description more accurate.

dirty rate measurement may start or stop dirty tracking during
calculation. this conflict with migration because stop dirty
tracking make migration leave dirty pages out then that'll be
a problem.

make global_dirty_tracking a bitmask can let both migration and
dirty rate measurement work fine. introduce GLOBAL_DIRTY_MIGRATION
and GLOBAL_DIRTY_DIRTY_RATE to distinguish what current dirty
tracking aims for, migration or dirty rate.

Signed-off-by: Hyman Huang(黄勇) <huangy81@chinatelecom.cn>
Message-Id: <9c9388657cfa0301bd2c1cfa36e7cf6da4aeca19.1624040308.git.huangy81@chinatelecom.cn>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2021-11-01 22:56:43 +01:00
Damien Hedde
db78a60559 machine: remove the done notifier for dynamic sysbus device type check
Now that we check sysbus device types during device creation, we
can remove the check in the machine init done notifier.
This was the only thing done by this notifier, so we remove the
whole sysbus_notifier structure of the MachineState.

Note: This notifier was checking all /peripheral and /peripheral-anon
sysbus devices. Now we only check those added by -device cli option or
device_add qmp command when handling the command/option. So if there
are some devices added in one of these containers manually (eg in
machine C code), these will not be checked anymore.
This use case does not seem to appear apart from
hw/xen/xen-legacy-backend.c (it uses qdev_set_id() and in this case,
not for a sysbus device, so it's ok).

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211029142258.484907-4-damien.hedde@greensocs.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-11-01 19:44:11 +01:00
Damien Hedde
b5fdf4102f machine: add device_type_is_dynamic_sysbus function
Right now the allowance check for adding a sysbus device using
-device cli option (or device_add qmp command) is done well after
the device has been created. It is done during the machine init done
notifier: machine_init_notify() in hw/core/machine.c

This new function will allow us to do the check at the right time and
issue an error if it fails.

Also make device_is_dynamic_sysbus() use the new function.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211029142258.484907-2-damien.hedde@greensocs.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-11-01 19:44:11 +01:00
Yanan Wang
86ce2d28fa hw/core/machine: Split out the smp parsing code
We are going to introduce an unit test for the parser smp_parse()
in hw/core/machine.c, but now machine.c is only built in softmmu.

In order to solve the build dependency on the smp parsing code and
avoid building unrelated stuff for the unit tests, move the tested
code from machine.c into a separate file, i.e., machine-smp.c and
build it in common field.

Signed-off-by: Yanan Wang <wangyanan55@huawei.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211026034659.22040-2-wangyanan55@huawei.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-11-01 19:44:11 +01:00
Philippe Mathieu-Daudé
09112bef74 hw/core: Restrict hotplug to system emulation
Restrict hotplug to system emulation, add stubs for the other uses.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211028150521.1973821-5-philmd@redhat.com>
2021-11-01 19:44:11 +01:00
Philippe Mathieu-Daudé
81c7b38155 hw/core: Extract hotplug-related functions to qdev-hotplug.c
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211028150521.1973821-4-philmd@redhat.com>
2021-11-01 19:44:11 +01:00
Philippe Mathieu-Daudé
f73fb06395 hw/core: Declare meson source set
As we want to be able to conditionally add files to the hw/core
file list, use a source set.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
Tested-by: Yanan Wang <wangyanan55@huawei.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211028150521.1973821-3-philmd@redhat.com>
2021-11-01 19:44:11 +01:00
Philippe Mathieu-Daudé
d675b44ecc hw/core: Restrict sysemu specific files
All these files don't make sense for tools and user emulation,
restrict them to system emulation.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
Tested-by: Yanan Wang <wangyanan55@huawei.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211028150521.1973821-2-philmd@redhat.com>
2021-11-01 19:44:11 +01:00
Eduardo Habkost
b19a3e2cd9 machine: Move gpio code to hw/core/gpio.c
Only softmmu code uses gpio, so move gpio code from qdev.c to
gpio.c and compile it only on softmmu mode.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190425200051.19906-2-ehabkost@redhat.com>
[PMD: Rebased]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-11-01 19:44:00 +01:00
Kunkun Jiang
e4b3470838 vfio/common: Add a trace point when a MMIO RAM section cannot be mapped
The MSI-X structures of some devices and other non-MSI-X structures
may be in the same BAR. They may share one host page, especially in
the case of large page granularity, such as 64K.

For example, MSIX-Table size of 82599 NIC is 0x30 and the offset in
Bar 3(size 64KB) is 0x0. vfio_listener_region_add() will be called
to map the remaining range (0x30-0xffff). If host page size is 64KB,
it will return early at 'int128_ge((int128_make64(iova), llend))'
without any message. Let's add a trace point to inform users like commit
5c08600547 ("vfio: Use a trace point when a RAM section cannot be DMA mapped")
did.

Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
Link: https://lore.kernel.org/r/20211027090406.761-3-jiangkunkun@huawei.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-11-01 12:17:51 -06:00
Kunkun Jiang
f36d4fb85f vfio/pci: Add support for mmapping sub-page MMIO BARs after live migration
We can expand MemoryRegions of sub-page MMIO BARs in
vfio_pci_write_config() to improve IO performance for some
devices. However, the MemoryRegions of destination VM are
not expanded any more after live migration. Because their
addresses have been updated in vmstate_load_state()
(vfio_pci_load_config) and vfio_sub_page_bar_update_mapping()
will not be called.

This may result in poor performance after live migration.
So iterate BARs in vfio_pci_load_config() and try to update
sub-page BARs.

Reported-by: Nianyao Tang <tangnianyao@huawei.com>
Reported-by: Qixin Gan <ganqixin@huawei.com>
Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
Link: https://lore.kernel.org/r/20211027090406.761-2-jiangkunkun@huawei.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-11-01 12:17:51 -06:00
Philippe Mathieu-Daudé
5d2bd73588 hw/input/lasips2: Fix typos in function names
Artist is another device, this one is the Lasi PS/2.
Rename the functions accordingly.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Message-Id: <20210920064048.2729397-2-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-10-31 21:05:40 +01:00
Yanan Wang
3a23a0c061 hw/core/machine: Add the missing delimiter in cpu_slot_to_string()
The expected output string from cpu_slot_to_string() ought to be
like "socket-id: *, die-id: *, core-id: *, thread-id: *", so add
the missing ", " before "die-id". This affects the readability
of the error message.

Fixes: 176d2cda0d ("i386/cpu: Consolidate die-id validity in smp context")
Signed-off-by: Yanan Wang <wangyanan55@huawei.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20211008075040.18028-1-wangyanan55@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-10-31 21:05:40 +01:00
BALATON Zoltan
46e44759fc hw/timer/sh_timer: Remove use of hw_error
The hw_error function calls abort and is not meant to be used by
devices. Use qemu_log_mask instead to log and ignore invalid accesses.
Also fix format strings to allow dropping type casts of hwaddr and use
__func__ instead of hard coding function name in the message which
were wrong in two cases.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <f818dc3dd2ac8c3b3d53067f316a716d7f9683d8.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
65307c7792 hw/timer/sh_timer: Fix timer memory region size
The timer unit only has registers that fit in a region 0x30 bytes
long. No need to have the timer region larger than that.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <b1cd196cf1395a602c7a08a4f858e69e50c446a1.1635550060.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
f64ccec414 hw/timer/sh_timer: Do not wrap lines that are not too long
It's more readable to keep things on one line if it fits the length limit.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <97bc2a38991f33fd0c8cc2e4d0a3a29b20c47d1f.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
5d9b737e51 hw/timer/sh_timer: Rename sh_timer_state to SHTimerState
According to coding style types should be camel case, also remove
unneded casts from void *.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <d9a9d160c1153a583397e366ab06477f5a31c507.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
3233178789 hw/intc/sh_intc: Remove unneeded local variable initialisers
The sh_intc_locate function will either init these or not return so no
need to initialise them.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <15e04aa665c68ab5df47bbf505346d413be2fc1c.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
36cf5ee885 hw/intc/sh_intc: Simplify allocating sources array
Use g_new0 instead of g_malloc0 and avoid some unneeded temporary
variable assignments.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <72efc4f2c4ff8b96848d03dca08e4541ee4076f6.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
418a221c2b hw/intc/sh_intc: Avoid using continue in loops
Instead of if !expr continue else do something it is more straight
forward to say if expr then do something, especially if the action is
just a few lines. Remove such uses of continue to make the code easier
to follow.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <0efaa5e7a1a3ee11f82b3bb1942c287576c67f8b.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
85208f7a97 hw/intc/sh_intc: Replace abort() with g_assert_not_reached()
All the places that call abort should not happen which is better
marked by g_assert_not_reached.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <039e6a784532f2af27f8adeafdb8e0391722f567.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
9b12fb10b7 hw/intc/sh_intc: Inline and drop sh_intc_source() function
This function is very simple and provides no advantage. Call sites
become simpler without it so just write it in line and drop the
separate function.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <a98d1f7f94e91a42796b7d91e9153a7eaa3d1c44.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
12201fe38a hw/intc/sh_intc: Use array index instead of pointer arithmetics
Address of element i is one word thus clearer than array + i.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <f49c9b1dee1fcaf374b092d862a6821907d5fcdc.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
46ea1f8236 hw/intc/sh_intc: Remove excessive parenthesis
Drop unneded parenthesis and split up one complex expression to write
it with less brackets so it's easier to follow.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <a48e849e5b803a952ed15a2502cfece2bde68934.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
51cb902bac hw/intc/sh_intc: Move sh_intc_register() closer to its only user
The sh_intc_register() function is only used at one place. Move them
together so it's easier to see what's going on.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <49f2742bc67cba7164385fafad204ab1e1bd3a0b.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
92d1d3ada1 hw/intc/sh_intc: Drop another useless macro
The INT_REG_PARAMS macro was only used a few times within one function
on adjacent lines and is actually more complex than writing out the
parameters so simplify it by expanding the macro at call sites and
dropping the #define.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <d3bdfdc5ab5ae1c51a6c6c38bde3829a99f85ce5.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
81d18cd48a hw/intc/sh_intc: Rename iomem region
Rename the iomem region to "intc" from "interrupt-controller" which
makes the info mtree output less wide as it is already too wide
because of all the aliases. Also drop the format macro which was only
used twice in close proximity so we can just use the literal string
instead without a macro definition.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <cb6402dab6b44c804142b5cf9af68e6398cb613f.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
dc6f1734b7 hw/intc/sh_intc: Turn some defines into an enum
Turn the INTC_MODE defines into an enum and clean up the function
returning these to make it clearer by removing nested ifs and
superfluous parenthesis. The one remaining #define is a flag which is
moved further apart by changing its value from 8 to 0x80 to leave some
spare bits as this is or-ed with the enum value at some places.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <4adf4e1ac9d2e728e5a536c69e310d77f0c4455a.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
cfaf2806e8 hw/intc/sh_intc: Use existing macro instead of local one
The INTC_A7 local macro does the same as the A7ADDR from
include/sh/sh.h so use the latter and drop the local macro definition.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <53f033477c73b7c9b021d36033c590416d6199c7.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
44ae04f032 hw/char/sh_serial: Add device id to trace output
Normally there are at least two sh_serial instances. Add device id to
trace messages to make it clear which instance they belong to
otherwise its not possible to tell which serial device is accessed.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <cc1f9ff9f4259ae799750e452f8871849c7a104c.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
beeb520925 hw/char/sh_serial: QOM-ify
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <92902ba34fdf2c8c62232365fbb6531b1036d557.1635541329.git.balaton@eik.bme.hu>
[PMD: Use g_strdup() to initialize DeviceState::id]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
017f77bbf7 hw/char/sh_serial: Split off sh_serial_reset() from sh_serial_init()
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <ffb46f2814794c8dfc2c5a0cf83086a7bd754e10.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
5b344b02e1 hw/char/sh_serial: Embed QEMUTimer in state struct
Instead of allocating timer with timer_new store it directly in the
state struct. This makes it simpler to free it together with the device.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <fd01eb3720ec32dab06e03019f72f3e177033679.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
2f6df13748 hw/char/sh_serial: Rename type sh_serial_state to SHSerialState
Coding style says types should be camel case.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <0f185653528c99eeeb2b4e4afb8b818d93298c20.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
3cf7ce4337 hw/char/sh_serial: Do not abort on invalid access
Replace fprintf with qemu_log_mask LOG_GUEST_ERROR as the intention is
to handle valid accesses in these functions so if we get to these
errors then it's an invalid access. Do not abort as that would allow
the guest to crash QEMU and the practice in other devices is to not do
that just log and ignore the invalid access. While at it also simplify
the complex bit ops to check if a return value was set which can be
done much simpler and clearer.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <6b46045141d6d9cc32e17c223896fa1116384796.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
6e5dd76f21 hw/sh4/r2d: Use error_report instead of fprintf to stderr
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <7f320ab72f3d4d43cd62925230a9f83583413f67.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
ad52cfc137 hw/sh4: Change debug printfs to traces
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <b776043e811ab3caf200515e1350bdcccd1cc47b.1635541329.git.balaton@eik.bme.hu>
[PMD: Fixed format strings for 32-bit hosts]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 18:39:37 +02:00
BALATON Zoltan
3b885dabd0 hw/sh4: Fix typos in a comment
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <a84405db64ef81bff1a16526da290cc68f1444db.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 11:46:40 +02:00
BALATON Zoltan
373b96b9c6 hw/sh4: Coding style: Remove unnecessary casts
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <6cb1bcf24572ad8465c20b64fec81157f34bcbe9.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 11:46:40 +02:00
BALATON Zoltan
ac3c9e74c1 hw/sh4: Coding style: Add missing braces
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <b53a8cbcf57207fbd6408db1007b3e82008d60f7.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 11:46:40 +02:00
BALATON Zoltan
f94bff1337 hw/sh4: Coding style: White space fixes
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <91698c54fa493a4cfe93546211206439787d4b78.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 11:46:40 +02:00
BALATON Zoltan
221389657a hw/sh4: Coding style: Fix multi-line comments
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <3f192c699f4e5949ec0fcc436e5610f50afe2dbf.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 11:46:39 +02:00
BALATON Zoltan
b3793b8a91 hw/sh4: Coding style: Remove tabs
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <2d9b2c470ec022cc85a25b3e5de337b5e794f7f6.1635541329.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-10-30 11:46:39 +02:00
Alistair Francis
9b144ed444 hw/riscv: opentitan: Fixup the PLIC context addresses
Fixup the PLIC context address to correctly support the threshold and
claim register.

Fixes: ef63100648 ("hw/riscv: opentitan: Update to the latest build")
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-id: 20211025040657.262696-1-alistair.francis@opensource.wdc.com
2021-10-28 14:39:23 +10:00
Alistair Francis
7d10ff8a4d hw/riscv: virt: Use the PLIC config helper function
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Message-id: 20211022060133.3045020-5-alistair.francis@opensource.wdc.com
2021-10-28 14:39:23 +10:00
Alistair Francis
8486eb8cdc hw/riscv: microchip_pfsoc: Use the PLIC config helper function
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Message-id: 20211022060133.3045020-4-alistair.francis@opensource.wdc.com
2021-10-28 14:39:23 +10:00
Alistair Francis
4e8fb53c0b hw/riscv: sifive_u: Use the PLIC config helper function
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Message-id: 20211022060133.3045020-3-alistair.francis@opensource.wdc.com
2021-10-28 14:39:23 +10:00
Alistair Francis
bf357e1d72 hw/riscv: boot: Add a PLIC config string function
Add a generic function that can create the PLIC strings.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-id: 20211022060133.3045020-2-alistair.francis@opensource.wdc.com
2021-10-28 14:39:23 +10:00
Alistair Francis
9925c8bb81 hw/riscv: virt: Don't use a macro for the PLIC configuration
Using a macro for the PLIC configuration doesn't make the code any
easier to read. Instead it makes it harder to figure out what is going
on, so let's remove it.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20211022060133.3045020-1-alistair.francis@opensource.wdc.com
2021-10-28 14:39:23 +10:00
Christian Schoenebeck
7e985780aa 9pfs: use P9Array in v9fs_walk()
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <90c65d1c1ca11c1b434bb981b1fc7966f7711c8f.1633097129.git.qemu_oss@crudebyte.com>
2021-10-27 14:45:22 +02:00
Christian Schoenebeck
cc82fde9c7 9pfs: make V9fsPath usable via P9Array API
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <79a0ddf8375f6c95f0565ef155a1bf1e9387664f.1633097129.git.qemu_oss@crudebyte.com>
2021-10-27 14:45:22 +02:00
Christian Schoenebeck
04a7f9e55e 9pfs: simplify blksize_to_iounit()
Use QEMU_ALIGN_DOWN() macro to reduce code and to make it
more human readable.

Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <b84eb324d2ebdcc6f9c442c97b5b4d01eecb4f43.1632758315.git.qemu_oss@crudebyte.com>
2021-10-27 14:45:22 +02:00
Christian Schoenebeck
b565bccb00 9pfs: deduplicate iounit code
Remove redundant code that translates host fileystem's block
size into 9p client (guest side) block size.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <129bb71d5119e61d335f1e3107e472e4beea223a.1632758315.git.qemu_oss@crudebyte.com>
2021-10-27 14:45:22 +02:00
Christian Schoenebeck
669ced09b3 9pfs: fix wrong I/O block size in Rgetattr
When client sent a 9p Tgetattr request then the wrong I/O block
size value was returned by 9p server; instead of host file
system's I/O block size it should rather return an I/O block
size according to 9p session's 'msize' value, because the value
returned to client should be an "optimum" block size for I/O
(i.e. to maximize performance), it should not reflect the actual
physical block size of the underlying storage media.

The I/O block size of a host filesystem is typically 4k, so the
value returned was far too low for good 9p I/O performance.

This patch adds stat_to_iounit() with a similar approach as the
existing get_iounit() function.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <E1mT2Js-0000DW-OH@lizzy.crudebyte.com>
2021-10-27 14:45:22 +02:00
Richard Henderson
c5b2f55981 Trivial patches pull request 20211023
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmF0VNISHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748B5sP/i7jOKcLv+slO9wekWL9bjm2w4tQ6RQ/
 Z67z16Yc4rx8RWUILRe2ZpzsTsijazULrfJ/VBkrGxWwZ1RsSudATU53PgM5GtE+
 YM6z4j6j03QfnGCqFlnMvIPfBYEtL3Sc8x7IkiO1iWDDoijgItJPfplBM8s/WUsd
 HOXF7dDjuQV9v6uGBI1tb52rANB4d54YWLzQ0nDagujd36PznJLzHJoUM06670xn
 TFe4Hmg/eGmvmfKWYxI6HLaMx7zF27pqFlfts9JYporysD2ObaAQmxBw9IGzRvJN
 OYbUQqd39k2EpSUdHKwn8xKcnF09GtHpbY2O2HXSYmJ0suYIiAZKLfkAinrwa40K
 h4gbs8GMOIn4HaZ0zxdC4cOWy7UBeTZ6nXsRo5iYXcQ20E6LmyliE/RBv50Uudpu
 eMYb/zL/FV/Kh8E0MQVd8KzM1Kpg2EbIvInIlCtsxbWkqUynqCbijLCHaa5WlH0l
 +cYq8zMASV9B5D10wbnUMiQh8Lq5dYs/DqUUTh16TOXp0Z4EJtprkFtm1rVUkl0Z
 Jl7R5N9q6+VK8ydE4HUYvzNotAeqU8voBk1ywnMCLKslj4kwJ6em1zQY/1zWIw3D
 PS8BPi6CPIZmdFUTfcYXr+1u4NMsPB0c/1KwrCsqe9wouv2eLHLiWEh2c+0UVBoW
 CcbYn6PVLbRF
 =UER7
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier/tags/trivial-branch-for-6.2-pull-request' into staging

Trivial patches pull request 20211023

# gpg: Signature made Sat 23 Oct 2021 11:30:42 AM PDT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]

* remotes/vivier/tags/trivial-branch-for-6.2-pull-request:
  analyze-migration.py: fix extract contents ('-x') errors
  analyze-migration.py: fix a long standing typo
  README: Fix some documentation URLs
  hw/nvram: Fix Memory Leak in Xilinx ZynqMP eFuse device
  hw/nvram: Fix Memory Leak in Xilinx Versal eFuse device
  hw/nvram: Fix Memory Leak in Xilinx eFuse QOM
  softmmu/physmem.c: Fix typo in comment
  MAINTAINERS: Add myself as reviewer of 'Machine core' API
  disas/nios2: Simplify endianess conversion
  disas/nios2: Fix style in print_insn_nios2()
  po: update turkish translation

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-23 14:30:10 -07:00
Tong Ho
e3f368e0b2 hw/nvram: Fix Memory Leak in Xilinx ZynqMP eFuse device
Signed-off-by: Tong Ho <tong.ho@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211015203532.2463705-4-tong.ho@xilinx.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-10-23 18:50:33 +02:00
Tong Ho
512a63b2b0 hw/nvram: Fix Memory Leak in Xilinx Versal eFuse device
Signed-off-by: Tong Ho <tong.ho@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211015203532.2463705-3-tong.ho@xilinx.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-10-23 18:50:33 +02:00
Tong Ho
c4e4d0d92b hw/nvram: Fix Memory Leak in Xilinx eFuse QOM
Signed-off-by: Tong Ho <tong.ho@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211015203532.2463705-2-tong.ho@xilinx.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-10-23 18:50:33 +02:00
Richard Henderson
660efed8b3 Fourth RISC-V PR for QEMU 6.2
- Vector extension bug fixes
  - Bit manipulation extension bug fix
  - Support vhost-user and numa mem options on all boards
  - Rationalise XLEN and operand lengths
  - Bump the OpenTitan FPGA support
  - Remove the Ibex PLIC
  - General code cleanup
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmFyvkoACgkQIeENKd+X
 cFRvOQgAmSgFMu7BbiuLJ7W/0kK/a8vM53+HAMFyFvYiTS7ae2NRmxKyeR/OhFLf
 qm36G/SbBhymWAvJysACa7mjvn104WnXkMdhLYGimkne/65IbnQOImzpXk81WP/n
 45p/y0DdCs5pP2JNf9aIVxMMzgH2Lo4IgKxLFz+qpnphxtZGjdpocrCz837BOZQH
 p61hadfi3rTc06w0Auq8A4Zr+Rp/gpoGzXmB0ujfRGfqi+brg40TV4EAX33e3BJi
 249922MbFy2KqqO8H8So9rTZiK4gb/KJ0vGp61nwPcGsf1JPWXpeeb2g6L1syXHW
 8J9VezmnIs8bs2SXDvkf0aZpEvDrIA==
 =AKR1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/alistair23/tags/pull-riscv-to-apply-20211022-2' into staging

Fourth RISC-V PR for QEMU 6.2

 - Vector extension bug fixes
 - Bit manipulation extension bug fix
 - Support vhost-user and numa mem options on all boards
 - Rationalise XLEN and operand lengths
 - Bump the OpenTitan FPGA support
 - Remove the Ibex PLIC
 - General code cleanup

# gpg: Signature made Fri 22 Oct 2021 06:36:10 AM PDT
# gpg:                using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]

* remotes/alistair23/tags/pull-riscv-to-apply-20211022-2: (33 commits)
  hw/riscv: spike: Use MachineState::ram and MachineClass::default_ram_id
  hw/riscv: sifive_u: Use MachineState::ram and MachineClass::default_ram_id
  hw/riscv: sifive_e: Use MachineState::ram and MachineClass::default_ram_id
  hw/riscv: shakti_c: Use MachineState::ram and MachineClass::default_ram_id
  hw/riscv: opentitan: Use MachineState::ram and MachineClass::default_ram_id
  hw/riscv: microchip_pfsoc: Use MachineState::ram and MachineClass::default_ram_id
  hw/intc: sifive_plic: Cleanup the irq_request function
  hw/intc: sifive_plic: Cleanup the realize function
  hw/intc: sifive_plic: Move the properties
  hw/intc: Remove the Ibex PLIC
  hw/riscv: opentitan: Update to the latest build
  target/riscv: Compute mstatus.sd on demand
  target/riscv: Use riscv_csrrw_debug for cpu_dump
  target/riscv: Use gen_shift*_per_ol for RVB, RVI
  target/riscv: Use gen_unary_per_ol for RVB
  target/riscv: Adjust trans_rev8_32 for riscv64
  target/riscv: Use gen_arith_per_ol for RVM
  target/riscv: Replace DisasContext.w with DisasContext.ol
  target/riscv: Replace is_32bit with get_xl/get_xlen
  target/riscv: Properly check SEW in amo_op
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-22 12:09:17 -07:00
Richard Henderson
eb8f1d57bd Aspeed patches :
* New fp5280g2-bmc board (John)
 * Small cleanup in Aspeed SMC model (Cedric)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmFybmYACgkQUaNDx8/7
 7KEqzRAAigdJJDS+F7uVYN9srdu8GtbXKRaGYgBcaPIGMzC42Ot9hE46UMUPPbf/
 72QXynB09IvtkFgkX7xCaR3Lu1II7Ag+vf/VrjPltX1F05tdj9hTjPflJnPxWbBo
 2nTU1vlUPXseaD5HQV/0ygYzqvbqyjCIhjSn0RKoMgKwrimBo52UByemOzh1unbV
 nS4eCtQZlUj8ZPiwKViXk1XHscVyQY/7NhTTgdAUzkU74eIlf+op/mMRl3RWMOma
 TsarphUoAfzCiYYZwg7IkWZWhTZt/zNR8OslNRfMbRFDfzFicCK3iu9L45jLaUix
 W+N8z0xt1QxjWjzAAqHWVaNQion9zZS1Y219pI7rS76FI7m5CNDQ394lD3Pz3fqk
 iW1JOtJACL9majRnZ58P7ScdVk68R/2Kt9VVcR93mkL4uAdrdxiWFScMssI1GmwR
 CQ6m/Ktupw2YPqx87qNprsjpJriEx7ooU5SGdKpX7eLf2v5pcQRXLArfHOmL6mCe
 xK0GGGTyz8E+GqzV8KciZpz9sEz0FoxPyqTjqboArvRPNCGnBvSSBISi24KXPXj3
 MnOXiqLQ9BCAQRsSUMvWtof/X6DeAH7eQ8Pfk3+GxmnSsSInT6pOfbDESajMy7SY
 ADji7W87JzIPqXO46JCgKU5yXmxaNfUKrJHm5nH0nlmQDUVT21E=
 =qbBN
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/clg/tags/pull-aspeed-20211022' into staging

Aspeed patches :

* New fp5280g2-bmc board (John)
* Small cleanup in Aspeed SMC model (Cedric)

# gpg: Signature made Fri 22 Oct 2021 12:55:18 AM PDT
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* remotes/clg/tags/pull-aspeed-20211022:
  speed/sdhci: Add trace events
  aspeed/smc: Use a container for the flash mmio address space
  aspeed: Add support for the fp5280g2-bmc board

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-22 09:02:12 -07:00
Richard Henderson
1dafe7656a Pull request Q800 20211022
GLUE updates for A/UX mode
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmFyZU0SHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748glsQAILeRBSueH/1N6kpMPixc0R/M+1wC4JK
 UhGRMOQIkb47F4RjvN/5pYwbKMT4FiBpkTpNoYCpb9yTlIWVu/rEwQu+fqc3Mshl
 evBLSCwPJpnogt1b7XhjydiihnHdx54LEBpBWH+Vd0l7w8CRyZ/9INbiEOGdNu8G
 aQ0m1tYheP6IFAhXOIHO4XdAYRBVhy+GGDrE/4meNwL0NdZTjsgQvyrA7qVhkufU
 OhDpjnPH7L6+OUP4GipX+M1A9nY9Dp2ewiEox1iPoNAgrA1QQ1TQKCsNjHn5f6IZ
 YWESZiFVns8AvnBiQGY2yvqjRBbg8pqKWeWiA7SZ7S/vSAV7ZjImFTbJX8lCDygj
 OtTy/j9f6oX1tA4uLVszGX3WgVz1bQqZldte5uCVeWoQTTl/VN3o/bpfyTsLhy6o
 XoZugew6YOvXWDp+ZXwmJXRbPH75Gg6OTeJCckhbcuOD3ZYat1BSzSepMToAzDOF
 rY1o5qcP9bj5KD95VSS4obfhmKdBZa1ENBjPoij/LMg4ZavnnQQu321Hjepd4O+H
 QIvb/NBQ6v56FURQq/87jgbCynTWbONAcNYT+4EyN5mCEytIk25hHCStB5qN7jng
 DQD9zPw00/E0a2P7S24q58V7ZL8PAiueKw/y9ys4xwnew/5ht1llBayJEw591Wr6
 gmGCjQr4lmao
 =eqmO
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier-m68k/tags/q800-pull-request' into staging

Pull request Q800 20211022

GLUE updates for A/UX mode

# gpg: Signature made Fri 22 Oct 2021 12:16:29 AM PDT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]

* remotes/vivier-m68k/tags/q800-pull-request:
  q800: drop 8-bit graphic_depth check for Apple 21 inch display
  q800: add NMI handler
  q800: wire up remaining IRQs in classic mode
  q800: route SONIC on-board Ethernet IRQ via nubus IRQ 9 in classic mode
  q800: wire up auxmode GPIO to GLUE
  mac_via: add GPIO for A/UX mode
  q800: use GLUE IRQ numbers instead of IRQ level for GLUE IRQs
  q800: move VIA1 IRQ from level 1 to level 6
  mac_via: update comment for VIA1B_vMystery bit

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-22 07:47:13 -07:00
Bin Meng
11ec06f9ea hw/riscv: spike: Use MachineState::ram and MachineClass::default_ram_id
Using memory_region_init_ram(), which can't possibly handle vhost-user,
and can't work as expected with '-numa node,memdev' options.

Use MachineState::ram instead of manually initializing RAM memory
region, as well as by providing MachineClass::default_ram_id to
opt in to memdev scheme.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20211020014112.7336-7-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-10-22 23:35:47 +10:00
Bin Meng
c188a9c4f7 hw/riscv: sifive_u: Use MachineState::ram and MachineClass::default_ram_id
Using memory_region_init_ram(), which can't possibly handle vhost-user,
and can't work as expected with '-numa node,memdev' options.

Use MachineState::ram instead of manually initializing RAM memory
region, as well as by providing MachineClass::default_ram_id to
opt in to memdev scheme.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20211020014112.7336-6-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-10-22 23:35:47 +10:00
Bin Meng
e2b3ef7544 hw/riscv: sifive_e: Use MachineState::ram and MachineClass::default_ram_id
Using memory_region_init_ram(), which can't possibly handle vhost-user,
and can't work as expected with '-numa node,memdev' options.

Use MachineState::ram instead of manually initializing RAM memory
region, as well as by providing MachineClass::default_ram_id to
opt in to memdev scheme.

While at it add check for user supplied RAM size and error out if it
mismatches board expected value.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20211020014112.7336-5-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-10-22 23:35:47 +10:00
Bin Meng
56917307f4 hw/riscv: shakti_c: Use MachineState::ram and MachineClass::default_ram_id
Using memory_region_init_ram(), which can't possibly handle vhost-user,
and can't work as expected with '-numa node,memdev' options.

Use MachineState::ram instead of manually initializing RAM memory
region, as well as by providing MachineClass::default_ram_id to
opt in to memdev scheme.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20211020014112.7336-4-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-10-22 23:35:47 +10:00
Bin Meng
91b1fbdc0c hw/riscv: opentitan: Use MachineState::ram and MachineClass::default_ram_id
Using memory_region_init_ram(), which can't possibly handle vhost-user,
and can't work as expected with '-numa node,memdev' options.

Use MachineState::ram instead of manually initializing RAM memory
region, as well as by providing MachineClass::default_ram_id to
opt in to memdev scheme.

While at it add check for user supplied RAM size and error out if it
mismatches board expected value.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20211020014112.7336-3-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-10-22 23:35:47 +10:00
Bin Meng
d4c624f482 hw/riscv: microchip_pfsoc: Use MachineState::ram and MachineClass::default_ram_id
Using memory_region_init_ram(), which can't possibly handle vhost-user,
and can't work as expected with '-numa node,memdev' options.

Use MachineState::ram instead of manually initializing RAM memory
region, as well as by providing MachineClass::default_ram_id to
opt in to memdev scheme.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20211020014112.7336-2-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-10-22 23:35:47 +10:00
Alistair Francis
8d3dae162e hw/intc: sifive_plic: Cleanup the irq_request function
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-id: 4200da222a65c89ed1ba35f754dcca7fdd9f08d6.1634524691.git.alistair.francis@wdc.com
2021-10-22 23:35:47 +10:00
Alistair Francis
d680ff664e hw/intc: sifive_plic: Cleanup the realize function
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-id: b94c098cb221e744683349b1ac794c23102ef471.1634524691.git.alistair.francis@wdc.com
2021-10-22 23:35:47 +10:00
Alistair Francis
d8c6590f18 hw/intc: sifive_plic: Move the properties
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-id: 3c125e27c49a4969df82bf8b197535ccd1996939.1634524691.git.alistair.francis@wdc.com
2021-10-22 23:35:47 +10:00