aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-02-18xics: Drop the KVM ICP classGreg Kurz2-21/+0
The KVM ICP class isn't used anymore. Drop it. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <155023081228.1011724.12474992370439652538.stgit@bahia.lan> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-18spapr/irq: Use the base ICP class for KVMGreg Kurz2-4/+1
The base ICP class knows how to interact with KVM. Adapt sPAPR to use it instead of the ICP KVM class. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <155023080638.1011724.792095453419098948.stgit@bahia.lan> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-18xics: Handle KVM ICP realize from the common codeGreg Kurz3-9/+10
The realization of KVM ICP currently follows the parent_realize logic, which is a bit overkill here. Also we want to get rid of the KVM ICP class. Explicitely call icp_kvm_realize() from the base ICP realize function. Note that ICPStateClass::parent_realize is retained because powernv needs it. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <155023080049.1011724.15423463482790260696.stgit@bahia.lan> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-18xics: Handle KVM ICP reset from the common codeGreg Kurz3-20/+4
The KVM ICP reset handler simply writes the ICP state to KVM. This doesn't need the overkill parent_reset logic we have today. Call icp_set_kvm_state() from the base ICP reset function instead. Since there are no other users for ICPStateClass::parent_reset, and it isn't currently expected to change, drop it as well. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <155023079461.1011724.12644984391500635645.stgit@bahia.lan> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-18xics: Explicitely call KVM ICP methods from the common codeGreg Kurz3-25/+20
The pre_save(), post_load() and synchronize_state() methods of the ICPStateClass type are really KVM only things. Make that obvious by dropping the indirections and directly calling the KVM functions instead. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <155023078871.1011724.3083923389814185598.stgit@bahia.lan> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17spapr/irq: remove the XICS offset adjustmentCédric Le Goater1-26/+1
Now that we have changed the XICS and the XIVE interrupt backend to have different size for their IRQ number space, we do not need to align their source numbers anymore. Remove the offset adjustment and wire the dual 'qirq' handler to the 'qirq' handler of the current interrupt mode in use. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20190213210756.27032-3-clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17spapr/irq: add an 'nr_irq' parameter to initialize the backend.Cédric Le Goater2-9/+11
When using the 'dual' interrupt mode, the source numbers of both sPAPR IRQ backends are aligned to share a common IRQ number space and to use a similar mapping of the machine qemu_irq array which is indexed by the source number. The XICS IRQ number range initially being [ 0x1000 - 0x2000 ], this requires to change the XICS ICSState offset to 0 and to provision for an extra 4K of source numbers and qemu_irqs which will never be used by the machine when running under the XICS interrupt mode. This is not an optimal solution. Change the init() method to allocate an IRQ number space of the expected size for the XICS sPAPR IRQ backend. It breaks the interrupt signaling when under the 'dual' mode because source numbers have unexpected values but next patch will fix that. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20190213210756.27032-2-clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17spapr: fix out of bounds write in spapr_populate_drmem_v2Fabiano Rosas1-2/+2
buf_len is uint8_t which is not large enough to hold the result of: nr_entries * sizeof(struct sPAPRDrconfCellV2) + sizeof(uint32_t); for a nr_entries greater than 10. This causes the allocated buffer 'int_buf' to be smaller than expected and we eventually overwrite some of glibc's control structures (see "chunk" in https://sourceware.org/glibc/wiki/MallocInternals) The following error is seen while trying to free int_buf: "free(): invalid next size (fast)" Fixes: a324d6f166 "spapr: Support ibm,dynamic-memory-v2 property" Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> Message-Id: <20190213172926.21740-1-farosas@linux.ibm.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17target/ppc: Disable ISA 2.06 PM instructions on POWER9Benjamin Herrenschmidt1-1/+1
The ISA 2.06/2.07 Power Management instructions (doze, nap & rvwinkle) don't exist on POWER9, don't enable them. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20190128094625.4428-13-clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17qdev: pass an Object * to qbus_set_hotplug_handler()Michael Roth13-24/+16
Certain devices types, like memory/CPU, are now being handled using a hotplug interface provided by a top-level MachineClass. Hotpluggable host bridges are another such device where it makes sense to use a machine-level hotplug handler. However, unlike those devices, host-bridges have a parent bus (the main system bus), and devices with a parent bus use a different mechanism for registering their hotplug handlers: qbus_set_hotplug_handler(). This interface currently expects a handler to be a subclass of DeviceClass, but this is not the case for MachineClass, which derives directly from ObjectClass. Internally, the interface only requires an ObjectClass, so expose that in qbus_set_hotplug_handler(). Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Acked-by: Halil Pasic <pasic@linux.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <154999589921.690774.3640149277362188566.stgit@bahia.lan> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17xive: Only set source type for LSIsGreg Kurz2-9/+5
MSI is the default and LSI specific code is guarded by the xive_source_irq_is_lsi() helper. The xive_source_irq_set() helper is a nop for MSIs. Simplify the code by turning xive_source_irq_set() into xive_source_irq_set_lsi() and only call it for LSIs. The call to xive_source_irq_set(false) in spapr_xive_irq_free() is also a nop. Just drop it. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Message-Id: <154999584656.690774.18352404495120358613.stgit@bahia.lan> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17ppc: fix crash during branch steppingRoman Kapl1-22/+15
The PPC BRANCH exception could bubble up, but this is an QEMU internal exception and QEMU then crased. Instead it should trigger TRACE exception, according to PPC 2.07 book. It could happen only when using branch stepping, which is not commonly used. Change gen_prep_dbgex do do trigger TRACE. The excp, argument is now removed, since the type of exception can be inferred from the singlestep_enabled flags. removed the guards around gen_exception, since they are unnecessary. Fixes: 0e3bf48909 ("ppc: add DBCR based debugging"). Signed-off-by: Roman Kapl <rka@sysgo.com> Message-Id: <20190212121255.2279-1-rka@sysgo.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17target/ppc: Remove some #if 0'ed codeBenjamin Herrenschmidt2-24/+0
Some debug stuff we don't need to keep there Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20190128094625.4428-7-clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17mac_newworld: change default NIC to sungem for mac99 machineMark Cave-Ayland1-1/+1
This model brings out-of-the-box networking for all of Linux, MacOS 9 and OS X without requiring the installation of additional drivers. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-Id: <20190208172201.29001-1-mark.cave-ayland@ilande.co.uk> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17spapr: Disallow unsupported kernel-irqchip settingsGreg Kurz1-0/+13
Split mode doesn't make sense on pseries, neither with XICS nor XIVE. But passing kernel-irqchip=split silently behaves like kernel-irqchip=on. Other architectures that support kernel-irqchip do terminate QEMU when split mode is requested but not available though. Do the same with pseries for consistency. Similarly, passing kernel-irqchip=on,accel=tcg starts the machine with the emulated interrupt controller, ie, behaves like kernel-irqchip=off. However, when passing kernel-irqchip=on,accel=kvm, if we can't initialize the KVM XICS for some reason, ie, xics_kvm_init() fails, then QEMU is terminated. This is inconsistent. Terminate QEMU all the same when requesting the in-kernel interrupt controller without KVM. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <154964986747.291716.2679312373018476920.stgit@bahia.lan> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17cuda: decrease time delay before raising VIA SR interrupt and remove fast pathMark Cave-Ayland1-10/+1
In order to handle a race condition in the MacOS 9 CUDA driver, a delay was introduced when raising the VIA SR interrupt inspired by similar code in MacOnLinux. During original testing of the MacOS 9 patches it was found that the 30us delay used in MacOnLinux did not work reliably within QEMU, and a value of 300us was required to function correctly. Recent experiments have shown two things: firstly when booting Linux, MacOS 9 and MacOS X the fast path which bypasses the delay is never triggered once the OS kernel is loaded making it effectively useless. Rather than leave this code in place where a guest could potentially enable it by accident and break itself, we might as well just remove it. Secondly the previous reliability issues are no longer present, and this value can be reduced down to 20us with no apparent ill effects. This has the benefit of considerably improving the responsiveness of the ADB keyboard and mouse within the guest. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17spapr_pci: Fix interrupt leak in rtas_ibm_change_msi() error pathGreg Kurz1-0/+6
Now that IRQ allocation has been split in two (first allocate IRQ numbers, then claim them), if the claiming fails, we must release the IRQs. Fixes: 4fe75a8ccd80 "spapr: split the IRQ allocation sequence" Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17target/ppc: Fix msync to do what hardware doesBALATON Zoltan1-3/+8
According to BookE docs, invalid bits (while undefined behaviour) should not raise exception but be ignored. This seems to be implementation dependent though and QEMU currently does what e500 CPUs do and raise exception for invalid bits. Unfortunately some versions of libstdc++ (and so all programs compiled with it) have lwsync on PPC440 which is invalid but on real hardware it's just executed as msync ignoring the invalid bits (maybe that's why it got undetected) but they fail on QEMU. This patch changes invalid mask of msync to allow these programs to run but keep generating exception on e500 cores to follow what hardware does. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17target/ppc: Enable reporting of SPRs to GDBFabiano Rosas4-2/+130
This allows reading and writing of SPRs via GDB: (gdb) p/x $srr1 $1 = 0x8000000002803033 (gdb) p/x $pvr $2 = 0x4b0201 (gdb) set $pvr=0x4b0000 (gdb) p/x $pvr $3 = 0x4b0000 The `info` command can also be used: (gdb) info registers spr For this purpose, GDB needs to be provided with an XML description of the registers (see the gdb-xml directory for examples) and a set of callbacks for reading and writing the registers must be defined. The XML file in this case is created dynamically, based on the SPRs already defined in the machine. This way we avoid the need for several XML files to suit each possible ppc machine. The gdb_{get,set}_spr_reg callbacks take an index based on the order the registers appear in the XML file. This index does not match the actual location of the registers in the env->spr array so the gdb_find_spr_idx function does that conversion. Note: GDB currently needs to know the guest endianness in order to properly print the registers values. This is done automatically by GDB when provided with the ELF file or explicitly with the `set endian <big|little>` command. Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17spapr: Rename xics to intc in interrupt controller agnostic codeGreg Kurz6-10/+10
All this code is used with both the XICS and XIVE interrupt controllers. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-17hw/ppc/prep: Drop useless inclusion of "hw/i386/pc.h"Philippe Mathieu-Daudé1-1/+0
In 47973a2dbf we split the last generic chipset out of the PC board, but forgot to remove the include of "hw/i386/pc.h". Since it is now unused, remove it. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-15Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-20190215' ↵Peter Maydell4-0/+0
into staging qemu-openbios queue # gpg: Signature made Fri 15 Feb 2019 10:31:11 GMT # gpg: using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F # gpg: issuer "mark.cave-ayland@ilande.co.uk" # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full] # Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F * remotes/mcayland/tags/qemu-openbios-20190215: Update OpenBIOS images to 3464681b built from submodule. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15Merge remote-tracking branch ↵Peter Maydell18-195/+622
'remotes/pmaydell/tags/pull-target-arm-20190215' into staging target-arm queue: * gdbstub: Send a reply to the vKill packet * Improve codegen for neon min/max and saturating arithmetic * Fix a bug in clearing FPSCR exception status bits * hw/arm/armsse: Fix miswiring of expansion IRQs * hw/intc/armv7m_nvic: Allow byte accesses to SHPR1 * MAINTAINERS: Remove Peter Crosthwaite from various entries * arm: Allow system registers for KVM guests to be changed by QEMU code * linux-user: support HWCAP_CPUID which exposes ID registers to user code * Fix bug in 128-bit cmpxchg for BE Arm guests * Implement (no-op) HACR_EL2 * Fix CRn to be 14 for PMEVTYPER/PMEVCNTR # gpg: Signature made Fri 15 Feb 2019 10:19:14 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20190215: (25 commits) gdbstub: Send a reply to the vKill packet. target/arm: Add missing clear_tail calls target/arm: Use vector operations for saturation target/arm: Split out FPSCR.QC to a vector field target/arm: Fix set of bits kept in xregs[ARM_VFP_FPSCR] target/arm: Split out flags setting from vfp compares target/arm: Fix arm_cpu_dump_state vs FPSCR target/arm: Fix vfp_gdb_get/set_reg vs FPSCR target/arm: Remove neon min/max helpers target/arm: Use tcg integer min/max primitives for neon target/arm: Use vector minmax expanders for aarch32 target/arm: Use vector minmax expanders for aarch64 target/arm: Rely on optimization within tcg_gen_gvec_or hw/arm/armsse: Fix miswiring of expansion IRQs hw/intc/armv7m_nvic: Allow byte accesses to SHPR1 MAINTAINERS: Remove Peter Crosthwaite from various entries arm: Allow system registers for KVM guests to be changed by QEMU code linux-user/elfload: enable HWCAP_CPUID for AArch64 target/arm: expose remaining CPUID registers as RAZ target/arm: expose MPIDR_EL1 to userspace ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15Update OpenBIOS images to 3464681b built from submodule.Mark Cave-Ayland4-0/+0
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2019-02-15gdbstub: Send a reply to the vKill packet.Sandra Loosemore1-0/+1
Per the GDB remote protocol documentation https://sourceware.org/gdb/current/onlinedocs/gdb/Packets.html#index-vKill-packet the debug stub is expected to send a reply to the 'vKill' packet. At least some versions of GDB crash if the gdb stub simply exits without sending a reply. This patch fixes QEMU's gdb stub to conform to the expected behavior. Note that QEMU's existing handling of the legacy 'k' packet is correct: in that case GDB does not expect a reply, and QEMU does not send one. Signed-off-by: Sandra Loosemore <sandra@codesourcery.com> Message-id: 1550008033-26540-1-git-send-email-sandra@codesourcery.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Add missing clear_tail callsRichard Henderson1-0/+2
Fortunately, the functions affected are so far only called from SVE, so there is no tail to be cleared. But as we convert more of AdvSIMD to gvec, this will matter. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-13-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Use vector operations for saturationRichard Henderson5-44/+331
For same-sign saturation, we have tcg vector operations. We can compute the QC bit by comparing the saturated value against the unsaturated value. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-12-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Split out FPSCR.QC to a vector fieldRichard Henderson4-7/+21
Change the representation of this field such that it is easy to set from vector code. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-11-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Fix set of bits kept in xregs[ARM_VFP_FPSCR]Richard Henderson1-7/+8
Given that we mask bits properly on set, there is no reason to mask them again on get. We failed to clear the exception status bits, 0x9f, which means that the wrong value would be returned on get. Except in the (probably normal) case in which the set clears all of the bits. Simplify the code in set to also clear the RES0 bits. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-10-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Split out flags setting from vfp comparesRichard Henderson1-18/+27
Minimize the code within a macro by splitting out a helper function. Use deposit32 instead of manual bit manipulation. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-9-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Fix arm_cpu_dump_state vs FPSCRRichard Henderson1-1/+1
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-8-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Fix vfp_gdb_get/set_reg vs FPSCRRichard Henderson1-2/+2
The components of this register is stored in several different locations. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-7-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Remove neon min/max helpersRichard Henderson2-24/+0
These are now unused. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-6-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Use tcg integer min/max primitives for neonRichard Henderson1-4/+4
The 32-bit PMIN/PMAX has been decomposed to scalars, and so can be trivially expanded inline. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-5-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Use vector minmax expanders for aarch32Richard Henderson1-6/+19
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Use vector minmax expanders for aarch64Richard Henderson1-21/+14
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Rely on optimization within tcg_gen_gvec_orRichard Henderson3-19/+5
Since we're now handling a == b generically, we no longer need to do it by hand within target/arm/. Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190209033847.9014-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15hw/arm/armsse: Fix miswiring of expansion IRQsPeter Maydell1-1/+1
In commit 91c1e9fcbd7548db368 where we added dual-CPU support to the ARMSSE, we set up the wiring of the expansion IRQs via nested loops: the outer loop on 'i' loops for each CPU, and the inner loop on 'j' loops for each interrupt. Fix a typo which meant we were wiring every expansion IRQ line to external IRQ 0 on CPU 0 and to external IRQ 1 on CPU 1. Fixes: 91c1e9fcbd7548db368 ("hw/arm/armsse: Support dual-CPU configuration") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-02-15hw/intc/armv7m_nvic: Allow byte accesses to SHPR1Peter Maydell1-2/+2
The code for handling the NVIC SHPR1 register intends to permit byte and halfword accesses (as the architecture requires). However the 'case' line for it only lists the base address of the register, so attempts to access bytes other than the first one end up in the "bad write" default logic. This bug was added accidentally when we split out the SHPR1 logic from SHPR2 and SHPR3 to support v6M. Fixes: 7c9140afd594 ("nvic: Handle ARMv6-M SCS reserved registers") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- The Zephyr RTOS happens to access SHPR1 byte at a time, which is how I spotted this.
2019-02-15MAINTAINERS: Remove Peter Crosthwaite from various entriesPeter Maydell1-4/+0
Peter Crosthwaite hasn't had the bandwidth to do code review or other QEMU work for some time now -- remove his email address from MAINTAINERS file entries so we don't bombard him with patch emails. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20190207181422.4907-1-peter.maydell@linaro.org
2019-02-15arm: Allow system registers for KVM guests to be changed by QEMU codePeter Maydell5-22/+38
At the moment the Arm implementations of kvm_arch_{get,put}_registers() don't support having QEMU change the values of system registers (aka coprocessor registers for AArch32). This is because although kvm_arch_get_registers() calls write_list_to_cpustate() to update the CPU state struct fields (so QEMU code can read the values in the usual way), kvm_arch_put_registers() does not call write_cpustate_to_list(), meaning that any changes to the CPU state struct fields will not be passed back to KVM. The rationale for this design is documented in a comment in the AArch32 kvm_arch_put_registers() -- writing the values in the cpregs list into the CPU state struct is "lossy" because the write of a register might not succeed, and so if we blindly copy the CPU state values back again we will incorrectly change register values for the guest. The assumption was that no QEMU code would need to write to the registers. However, when we implemented debug support for KVM guests, we broke that assumption: the code to handle "set the guest up to take a breakpoint exception" does so by updating various guest registers including ESR_EL1. Support this by making kvm_arch_put_registers() synchronize CPU state back into the list. We sync only those registers where the initial write succeeds, which should be sufficient. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Dongjiu Geng <gengdongjiu@huawei.com>
2019-02-15linux-user/elfload: enable HWCAP_CPUID for AArch64Alex Bennée1-0/+1
Userspace programs should (in theory) query the ELF HWCAP before probing these registers. Now we have implemented them all make it public. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190205190224.2198-6-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: expose remaining CPUID registers as RAZAlex Bennée2-3/+26
There are a whole bunch more registers in the CPUID space which are currently not used but are exposed as RAZ. To avoid too much duplication we expand ARMCPRegUserSpaceInfo to understand glob patterns so we only need one entry to tweak whole ranges of registers. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20190205190224.2198-5-alex.bennee@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: expose MPIDR_EL1 to userspaceAlex Bennée1-7/+14
As this is a single register we could expose it with a simple ifdef but we use the existing modify_arm_cp_regs mechanism for consistency. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20190205190224.2198-4-alex.bennee@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: expose CPUID registers to userspaceAlex Bennée2-0/+80
A number of CPUID registers are exposed to userspace by modern Linux kernels thanks to the "ARM64 CPU Feature Registers" ABI. For QEMU's user-mode emulation we don't need to emulate the kernels trap but just return the value the trap would have done. To avoid too much #ifdef hackery we process ARMCPRegInfo with a new helper (modify_arm_cp_regs) before defining the registers. The modify routine is driven by a simple data structure which describes which bits are exported and which are fixed. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20190205190224.2198-3-alex.bennee@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: relax permission checks for HWCAP_CPUID registersAlex Bennée2-1/+17
Although technically not visible to userspace the kernel does make them visible via a trap and emulate ABI. We provide a new permission mask (PL0U_R) which maps to PL0_R for CONFIG_USER builds and adjust the minimum permission check accordingly. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20190205190224.2198-2-alex.bennee@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Fix int128_make128 lo, hi order in paired_cmpxchg64_beCatherine Ho1-2/+2
The lo,hi order is different from the comments. And in commit 1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128"), it changes the original code logic. So just restore the old code logic before this commit: do_paired_cmpxchg64_be(): cmpv = int128_make128(env->exclusive_high, env->exclusive_val); newv = int128_make128(new_hi, new_lo); This fixes a bug that would only be visible for big-endian AArch64 guest code. Fixes: 1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128") Signed-off-by: Catherine Ho <catherine.hecx@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1548985244-24523-1-git-send-email-catherine.hecx@gmail.com [PMM: added note that bug only affects BE guests] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-15target/arm: Implement HACR_EL2Peter Maydell1-0/+6
HACR_EL2 is a register with IMPDEF behaviour, which allows implementation specific trapping to EL2. Implement it as RAZ/WI, since QEMU's implementation has no extra traps. This also matches what h/w implementations like Cortex-A53 and A57 do. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190205181218.8995-1-peter.maydell@linaro.org
2019-02-15target/arm: Fix CRn to be 14 for PMEVTYPER/PMEVCNTRAaron Lindsay OS1-4/+4
This bug was introduced in: commit 5ecdd3e47cadae83a62dc92b472f1fe163b56f59 target/arm: Finish implementation of PM[X]EVCNTR and PM[X]EVTYPER Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com> Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Message-id: 20190205135129.19338-1-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-02-14Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-feb-14-2019' ↵Peter Maydell46-229/+5194
into staging MIPS queue for February 14th, 2019 # gpg: Signature made Thu 14 Feb 2019 16:48:39 GMT # gpg: using RSA key D4972A8967F75A65 # gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01 DD75 D497 2A89 67F7 5A65 * remotes/amarkovic/tags/mips-queue-feb-14-2019: tests/tcg: target/mips: Add tests for MSA logic instructions tests/tcg: target/mips: Add wrappers for MSA logic instructions tests/tcg: target/mips: Add tests for MSA interleave instructions tests/tcg: target/mips: Add wrappers for MSA interleave instructions tests/tcg: target/mips: Add tests for MSA bit counting instructions tests/tcg: target/mips: Add wrappers for MSA bit counting instructions tests/tcg: target/mips: Add a header with test utilities tests/tcg: target/mips: Add a header with test inputs tests/tcg: target/mips: Remove an unnecessary file target/mips: introduce MTTCG-enabled builds hw/mips_cpc: kick a VP when putting it into Run statewq target/mips: hold BQL in mips_vpe_wake() hw/mips_int: hold BQL for all interrupt requests target/mips: reimplement SC instruction emulation and use cmpxchg target/mips: compare virtual addresses in LL/SC sequence Signed-off-by: Peter Maydell <peter.maydell@linaro.org>