aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2020-08-31hw: ehci: check return value of 'usb_packet_map'Li Qiang1-2/+8
If 'usb_packet_map' fails, we should stop to process the usb request. Signed-off-by: Li Qiang <liq3ea@163.com> Message-Id: <20200812161727.29412-1-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31hw: ehci: destroy sglist in error pathLi Qiang1-0/+1
This may cause resource leak. Signed-off-by: Li Qiang <liq3ea@163.com> Message-Id: <20200812161712.29361-1-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31hw: xhci: check return value of 'usb_packet_map'Li Qiang1-1/+4
Currently we don't check the return value of 'usb_packet_map', this will cause an UAF issue. This is LP#1891341. Following is the reproducer provided in: -->https://bugs.launchpad.net/qemu/+bug/1891341 cat << EOF | ./i386-softmmu/qemu-system-i386 -device nec-usb-xhci \ -trace usb\* -device usb-audio -device usb-storage,drive=mydrive \ -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \ -nodefaults -nographic -qtest stdio outl 0xcf8 0x80001016 outl 0xcfc 0x3c009f0d outl 0xcf8 0x80001004 outl 0xcfc 0xc77695e writel 0x9f0d000000000040 0xffff3655 writeq 0x9f0d000000002000 0xff2f9e0000000000 write 0x1d 0x1 0x27 write 0x2d 0x1 0x2e write 0x17232 0x1 0x03 write 0x17254 0x1 0x06 write 0x17278 0x1 0x34 write 0x3d 0x1 0x27 write 0x40 0x1 0x2e write 0x41 0x1 0x72 write 0x42 0x1 0x01 write 0x4d 0x1 0x2e write 0x4f 0x1 0x01 writeq 0x9f0d000000002000 0x5c051a0100000000 write 0x34001d 0x1 0x13 write 0x340026 0x1 0x30 write 0x340028 0x1 0x08 write 0x34002c 0x1 0xfe write 0x34002d 0x1 0x08 write 0x340037 0x1 0x5e write 0x34003a 0x1 0x05 write 0x34003d 0x1 0x05 write 0x34004d 0x1 0x13 writeq 0x9f0d000000002000 0xff00010100400009 EOF This patch fixes this. Buglink: https://bugs.launchpad.net/qemu/+bug/1891341 Reported-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Li Qiang <liq3ea@163.com> Message-id: 20200812153139.15146-1-liq3ea@163.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-28Merge remote-tracking branch ↵Peter Maydell52-3223/+1792
'remotes/vivier2/tags/linux-user-for-5.2-pull-request' into staging add utimensat_time64, semtimedop_time64, rt_sigtimedwait_time64, sched_rr_get_interval_time64, clock_nanosleep_time64, clock_adjtime64, mq_timedsend_time64, mq_timedreceive_time64 fix semop, semtimedop, clock_nanosleep, mq_timedsend, target_to_host_timespec64 fix tembits.h add more strace function Add upport DRM_IOCTL_I915_GETPARAM detect mismatched ELF ABI in qemu-mips[n32][el] # gpg: Signature made Fri 28 Aug 2020 14:37:33 BST # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier2/tags/linux-user-for-5.2-pull-request: linux-user: Add support for utimensat_time64() and semtimedop_time64() linux-user: Add support for 'rt_sigtimedwait_time64()' and 'sched_rr_get_interval_time64()' linux-user: Add support for 'clock_nanosleep_time64()' and 'clock_adjtime64()' linux-user: Add support for 'mq_timedsend_time64()' and 'mq_timedreceive_time64()' linux-user: fix target_to_host_timespec64() linux-user: Fix 'mq_timedsend()' and 'mq_timedreceive()' linux-user: detect mismatched ELF ABI in qemu-mips[n32][el] linux-user: Add strace support for printing arguments for ioctls used for terminals and serial lines linux-user: Add missing termbits types and values definitions linux-user: Add generic 'termbits.h' for some archs linux-user: Add strace support for printing arguments of some clock and time functions linux-user: Add an api to print enumareted argument values with strace linux-user: Add strace support for printing arguments of syscalls used to lock and unlock memory linux-user: Add strace support for printing arguments of truncate()/ftruncate() and getsid() linux-user: Make cpu_env accessible in strace.c linux-user: syscall: ioctls: support DRM_IOCTL_I915_GETPARAM linux-user: Fix 'clock_nanosleep()' implementation linux-user: Fix 'semop()' and 'semtimedop()' implementation Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28Merge remote-tracking branch ↵Peter Maydell10-92/+54
'remotes/dgilbert/tags/pull-migration-20200828a' into staging Migration and virtiofsd pull 2020-08-28 Migration: vsock support for migration minor fixes virtiofsd: Disable remote posix locks by default - because we never supported blocking variants and this breaks things Some prep work for un/less priviliged modes Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> # gpg: Signature made Fri 28 Aug 2020 13:43:18 BST # gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full] # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20200828a: virtiofsd: probe unshare(CLONE_FS) and print an error virtiofsd: drop CAP_DAC_READ_SEARCH virtiofsd: Remove "norace" from cmdline help and docs virtiofsd: Disable remote posix locks by default migration: tls: fix memory leak in migration_tls_get_creds migration: improve error reporting of block driver state name migration: add vsock as data channel support migration: unify the framework of socket-type channel Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28Merge remote-tracking branch ↵Peter Maydell29-492/+626
'remotes/pmaydell/tags/pull-target-arm-20200828' into staging target-arm queue: * target/arm: Cleanup and refactoring preparatory to SVE2 * armsse: Define ARMSSEClass correctly * hw/misc/unimp: Improve information provided in log messages * hw/qdev-clock: Avoid calling qdev_connect_clock_in after DeviceRealize * hw/arm/xilinx_zynq: Call qdev_connect_clock_in() before DeviceRealize * hw/net/allwinner-sun8i-emac: Use AddressSpace for DMA transfers * hw/sd/allwinner-sdhost: Use AddressSpace for DMA transfers * target/arm: Fill in the WnR syndrome bit in mte_check_fail * target/arm: Clarify HCR_EL2 ARMCPRegInfo type * hw/arm/musicpal: Use AddressSpace for DMA transfers * hw/clock: Minor cleanups * hw/arm/sbsa-ref: fix typo breaking PCIe IRQs # gpg: Signature made Fri 28 Aug 2020 10:23:02 BST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20200828: (35 commits) target/arm: Convert sq{, r}dmulh to gvec for aa64 advsimd target/arm: Convert integer multiply-add (indexed) to gvec for aa64 advsimd target/arm: Convert integer multiply (indexed) to gvec for aa64 advsimd target/arm: Generalize inl_qrdmlah_* helper functions target/arm: Tidy SVE tszimm shift formats target/arm: Split out gen_gvec_ool_zz target/arm: Split out gen_gvec_ool_zzz target/arm: Split out gen_gvec_ool_zzp target/arm: Merge helper_sve_clr_* and helper_sve_movz_* target/arm: Split out gen_gvec_ool_zzzp target/arm: Use tcg_gen_gvec_bitsel for trans_SEL_pppp target/arm: Clean up 4-operand predicate expansion target/arm: Merge do_vector2_p into do_mov_p target/arm: Rearrange {sve,fp}_check_access assert target/arm: Split out gen_gvec_fn_zzz, do_zzz_fn target/arm: Split out gen_gvec_fn_zz qemu/int128: Add int128_lshift armsse: Define ARMSSEClass correctly hw/misc/unimp: Display the offset with width of the region size hw/misc/unimp: Display the value with width of the access size ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28linux-user: Add support for utimensat_time64() and semtimedop_time64()Filip Bozuta1-11/+53
This patch introduces functionality for following time64 syscalls: *utimensat_time64() int utimensat(int dirfd, const char *pathname, const struct timespec times[2], int flags); -- change file timestamps with nanosecond precision -- man page: https://man7.org/linux/man-pages/man2/utimensat.2.html *semtimedop_time64() int semtimedop(int semid, struct sembuf *sops, size_t nsops, const struct timespec *timeout); -- System V semaphore operations -- man page: https://www.man7.org/linux/man-pages/man2/semtimedop.2.html Implementation notes: Syscall 'utimensat_time64()' is implemented in similar way as its regular variants only difference being that time64 converting function is used to convert values of 'struct timespec' between host and target ('target_to_host_timespec64()'). For syscall 'semtimedop_time64()' and additional argument is added in function 'do_semtimedop()' through which the aproppriate 'struct timespec' converting function is called (false for regular target_to_host_timespec() and true for target_to_host_timespec64()). For 'do_ipc()' a check was added as that additional argument: 'TARGET_ABI_BITS == 64'. Signed-off-by: Filip Bozuta <Filip.Bozuta@syrmia.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20200824223050.92032-3-Filip.Bozuta@syrmia.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-08-28linux-user: Add support for 'rt_sigtimedwait_time64()' and ↵Filip Bozuta1-2/+56
'sched_rr_get_interval_time64()' This patch implements functionality for following time64 syscalls: *rt_sigtimedwait_time64() This is a year 2038 safe variant of syscall: int rt_sigtimedwait(const sigset_t *set, siginfo_t *info, const struct timespec *timeout, size_t sigsetsize) --synchronously wait for queued signals-- man page: https://man7.org/linux/man-pages/man2/rt_sigtimedwait.2.html *sched_rr_get_interval_time64() This is a year 2038 safe variant of syscall: int sched_rr_get_interval(pid_t pid, struct timespec *tp) --get the SCHED_RR interval for the named process-- man page: https://man7.org/linux/man-pages/man2/sched_rr_get_interval.2.html Implementation notes: These syscalls were implemented in similar ways like 'rt_sigtimedwait()' and 'sched_rr_get_interval()' except that functions 'target_to_host_timespec64()' and 'host_to_target_timespec64()' were used to convert values of 'struct timespec' between host and target. Signed-off-by: Filip Bozuta <Filip.Bozuta@syrmia.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20200824192116.65562-3-Filip.Bozuta@syrmia.com> [lv: add missing defined(TARGET_NR_rt_sigtimedwait_time64)] Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-08-28linux-user: Add support for 'clock_nanosleep_time64()' and 'clock_adjtime64()'Filip Bozuta2-3/+170
This patch implements functionality for following time64 syscall: *clock_nanosleep_time64() This is a year 2038 safe vairant of syscall: int clock_nanosleep(clockid_t clockid, int flags, const struct timespec *request, struct timespec *remain) --high-resolution sleep with specifiable clock-- man page: https://man7.org/linux/man-pages/man2/clock_nanosleep.2.html *clock_adjtime64() This is a year 2038 safe variant of syscall: int clock_adjtime(clockid_t clk_id, struct timex *buf) --tune kernel clock-- man page: https://man7.org/linux/man-pages/man2/clock_adjtime.2.html Implementation notes: Syscall 'clock_nanosleep_time64()' was implemented similarly to syscall 'clock_nanosleep()' except that 'host_to_target_timespec64()' and 'target_to_host_timespec64()' were used instead of the regular 'host_to_target_timespec()' and 'target_to_host_timespec()'. For 'clock_adjtime64()' a 64-bit target kernel version of 'struct timex' was defined in 'syscall_defs.h': 'struct target__kernel_timex'. This type was used to convert the values of 64-bit timex type between host and target. For this purpose a 64-bit timex converting functions 'target_to_host_timex64()' and 'host_to_target_timex64()'. An existing function 'copy_to_user_timeval64()' was used to convert the field 'time' which if of type 'struct timeval' from host to target. Function 'copy_from_user_timveal64()' was added in this patch and used to convert the 'time' field from target to host. Signed-off-by: Filip Bozuta <Filip.Bozuta@syrmia.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20200824192116.65562-2-Filip.Bozuta@syrmia.com> [lv: add missing ifdef's] Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-08-28virtiofsd: probe unshare(CLONE_FS) and print an errorStefan Hajnoczi1-0/+16
An assertion failure is raised during request processing if unshare(CLONE_FS) fails. Implement a probe at startup so the problem can be detected right away. Unfortunately Docker/Moby does not include unshare in the seccomp.json list unless CAP_SYS_ADMIN is given. Other seccomp.json lists always include unshare (e.g. podman is unaffected): https://raw.githubusercontent.com/seccomp/containers-golang/master/seccomp.json Use "docker run --security-opt seccomp=path/to/seccomp.json ..." if the default seccomp.json is missing unshare. Cc: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20200727190223.422280-4-stefanha@redhat.com> Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-08-28virtiofsd: drop CAP_DAC_READ_SEARCHStefan Hajnoczi1-1/+0
virtiofsd does not need CAP_DAC_READ_SEARCH because it already has the more powerful CAP_DAC_OVERRIDE. Drop it from the list of capabilities. This is important because container runtimes may not include CAP_DAC_READ_SEARCH by default. This patch allows virtiofsd to reduce its capabilities when running inside a Docker container. Note that CAP_DAC_READ_SEARCH may be necessary again in the future if virtiofsd starts using open_by_handle_at(2). Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20200727190223.422280-2-stefanha@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-08-28virtiofsd: Remove "norace" from cmdline help and docsSergio Lopez2-5/+0
Commit 93bb3d8d4cda ("virtiofsd: remove symlink fallbacks") removed the implementation of the "norace" option, so remove it from the cmdline help and the documentation too. Signed-off-by: Sergio Lopez <slp@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Message-Id: <20200717121110.50580-1-slp@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-08-28virtiofsd: Disable remote posix locks by defaultVivek Goyal2-2/+2
Right now we enable remote posix locks by default. That means when guest does a posix lock it sends request to server (virtiofsd). But currently we only support non-blocking posix lock and return -EOPNOTSUPP for blocking version. This means that existing applications which are doing blocking posix locks get -EOPNOTSUPP and fail. To avoid this, people have been running virtiosd with option "-o no_posix_lock". For new users it is still a surprise and trial and error takes them to this option. Given posix lock implementation is not complete in virtiofsd, disable it by default. This means that posix locks will work with-in applications in a guest but not across guests. Anyway we don't support sharing filesystem among different guests yet in virtiofs so this should not lead to any kind of surprise or regression and will make life little easier for virtiofs users. Reported-by: Aa Aa <jimbothom@yandex.com> Suggested-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-08-28migration: tls: fix memory leak in migration_tls_get_credsZhenyu Ye1-1/+0
Currently migration_tls_get_creds() adds the reference of creds but there was no place to unref it. So the OBJECT(creds) will never be freed and result in memory leak. The leak stack: Direct leak of 104 byte(s) in 1 object(s) allocated from: #0 0xffffa88bd20b in __interceptor_malloc (/usr/lib64/libasan.so.4+0xd320b) #1 0xffffa7f0cb1b in g_malloc (/usr/lib64/libglib-2.0.so.0+0x58b1b) #2 0x14b58cb in object_new_with_type qom/object.c:634 #3 0x14b597b in object_new qom/object.c:645 #4 0x14c0e4f in user_creatable_add_type qom/object_interfaces.c:59 #5 0x141c78b in qmp_object_add qom/qom-qmp-cmds.c:312 #6 0x140e513 in qmp_marshal_object_add qapi/qapi-commands-qom.c:279 #7 0x176ba97 in do_qmp_dispatch qapi/qmp-dispatch.c:165 #8 0x176bee7 in qmp_dispatch qapi/qmp-dispatch.c:208 #9 0x136e337 in monitor_qmp_dispatch monitor/qmp.c:150 #10 0x136eae3 in monitor_qmp_bh_dispatcher monitor/qmp.c:239 #11 0x1852e93 in aio_bh_call util/async.c:89 #12 0x18531b7 in aio_bh_poll util/async.c:117 #13 0x18616bf in aio_dispatch util/aio-posix.c:459 #14 0x1853f37 in aio_ctx_dispatch util/async.c:268 #15 0xffffa7f06a7b in g_main_context_dispatch (/usr/lib64/libglib-2.0.so.0+0x52a7b) Since we're fine to use the borrowed reference when using the creds, so just remove the object_ref() in migration_tls_get_creds(). Signed-off-by: Zhenyu Ye <yezhenyu2@huawei.com> Message-Id: <20200722033228.71-1-yezhenyu2@huawei.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-08-28migration: improve error reporting of block driver state nameDaniel P. Berrangé2-8/+8
With blockdev, a BlockDriverState may not have a device name, so using a node name is required as an alternative. Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20200827111606.1408275-2-berrange@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-08-28migration: add vsock as data channel supportLongpeng(Mike)1-2/+4
The vsock channel is more widely use in some new features, for example, the Nitro/Enclave. It can also be used as the migration channel. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Message-Id: <20200806074030.174-3-longpeng2@huawei.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-08-28migration: unify the framework of socket-type channelLongpeng(Mike)3-75/+26
Currently, the only difference of tcp channel and unix channel in migration/socket.c is the way to build SocketAddress, but socket_parse() can handle these two types, so use it to instead of tcp_build_address() and unix_build_address(). The socket-type channel can be further unified based on the up, this would be helpful for us to add other socket-type channels. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Message-Id: <20200806074030.174-2-longpeng2@huawei.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-08-28Merge remote-tracking branch ↵Peter Maydell90-621/+621
'remotes/ehabkost/tags/machine-next-pull-request' into staging Machine queue + QOM fixes and cleanups Bug fix: * numa: hmat: fix cache size check (Igor Mammedov) QOM fixes and cleanups: * Move QOM macros and typedefs to header files * Use TYPE_* constants on TypeInfo structs * Rename QOM type checking macros for consistency * Rename enum values and typedefs that conflict with QOM type checking amcros * Fix typos on QOM type checking macros * Delete unused QOM type checking macros that use non-existing typedefs * hvf: Add missing include * xen-legacy-backend: Add missing typedef XenLegacyDevice # gpg: Signature made Thu 27 Aug 2020 20:20:05 BST # gpg: using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6 # gpg: issuer "ehabkost@redhat.com" # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full] # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost/tags/machine-next-pull-request: (53 commits) dc390: Use TYPE_DC390_DEVICE constant ppce500: Use TYPE_PPC_E500_PCI_BRIDGE constant tosa: Use TYPE_TOSA_MISC_GPIO constant xlnx-zcu102: Use TYPE_ZCU102_MACHINE constant sclpconsole: Use TYPE_* constants amd_iommu: Use TYPE_AMD_IOMMU_PCI constant nios2_iic: Use TYPE_ALTERA_IIC constant etsec: Use TYPE_ETSEC_COMMON constant migration: Rename class type checking macros swim: Rename struct SWIM to Swim s390-virtio-ccw: Rename S390_MACHINE_CLASS macro nubus: Rename class type checking macros vfio/pci: Move QOM macros to header kvm: Move QOM macros to kvm.h mptsas: Move QOM macros to header pxa2xx: Move QOM macros to header rocker: Move QOM macros to header auxbus: Move QOM macros to header piix: Move QOM macros to header virtio-serial-bus: Move QOM macros to header ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Convert sq{, r}dmulh to gvec for aa64 advsimdRichard Henderson3-10/+81
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-21-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Convert integer multiply-add (indexed) to gvec for aa64 advsimdRichard Henderson3-0/+73
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-20-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Convert integer multiply (indexed) to gvec for aa64 advsimdRichard Henderson3-4/+45
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-19-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Generalize inl_qrdmlah_* helper functionsRichard Henderson1-51/+29
Unify add/sub helpers and add a parameter for rounding. This will allow saturating non-rounding to reuse this code. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> [PMM: fixed accidental use of '=' rather than '+=' in do_sqrdmlah_s] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-15-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Tidy SVE tszimm shift formatsRichard Henderson1-19/+16
Rather than require the user to fill in the immediate (shl or shr), create full formats that include the immediate. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-14-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Split out gen_gvec_ool_zzRichard Henderson1-8/+12
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-13-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Split out gen_gvec_ool_zzzRichard Henderson1-35/+18
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-12-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Split out gen_gvec_ool_zzpRichard Henderson1-15/+14
Model after gen_gvec_fn_zzz et al. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-11-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Merge helper_sve_clr_* and helper_sve_movz_*Richard Henderson3-92/+32
The existing clr functions have only one vector argument, and so can only clear in place. The existing movz functions have two vector arguments, and so can clear while moving. Merge them, with a flag that controls the sense of active vs inactive elements being cleared. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-10-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Split out gen_gvec_ool_zzzpRichard Henderson1-19/+16
Model after gen_gvec_fn_zzz et al. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-9-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Use tcg_gen_gvec_bitsel for trans_SEL_ppppRichard Henderson1-23/+8
The gvec operation was added after the initial implementation of the SEL instruction and was missed in the conversion. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-8-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Clean up 4-operand predicate expansionRichard Henderson1-68/+43
Move the check for !S into do_pppp_flags, which allows to merge in do_vecop4_p. Split out gen_gvec_fn_ppp without sve_access_check, to mirror gen_gvec_fn_zzz. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-7-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Merge do_vector2_p into do_mov_pRichard Henderson1-13/+6
This is the only user of the function. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-6-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Rearrange {sve,fp}_check_access assertRichard Henderson2-11/+17
We want to ensure that access is checked by the time we ask for a specific fp/vector register. We want to ensure that we do not emit two lots of code to raise an exception. But sometimes it's difficult to cleanly organize the code such that we never pass through sve_check_access exactly once. Allow multiple calls so long as the result is true, that is, no exception to be raised. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-5-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Split out gen_gvec_fn_zzz, do_zzz_fnRichard Henderson1-19/+24
Model gen_gvec_fn_zzz on gen_gvec_fn3 in translate-a64.c, but indicating which kind of register and in which order. Model do_zzz_fn on the other do_foo functions that take an argument set and verify sve enabled. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Split out gen_gvec_fn_zzRichard Henderson1-9/+10
Model the new function on gen_gvec_fn2 in translate-a64.c, but indicating which kind of register and in which order. Since there is only one user of do_vector2_z, fold it into do_mov_z. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28qemu/int128: Add int128_lshiftRichard Henderson1-0/+16
Add left-shift to match the existing right-shift. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200815013145.539409-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28armsse: Define ARMSSEClass correctlyEduardo Habkost2-1/+2
TYPE_ARM_SSE is a TYPE_SYS_BUS_DEVICE subclass, but ARMSSEClass::parent_class is declared as DeviceClass. It never caused any problems by pure luck: We were not setting class_size for TYPE_ARM_SSE, so class_size of TYPE_SYS_BUS_DEVICE was being used (sizeof(SysBusDeviceClass)). This made the system allocate enough memory for TYPE_ARM_SSE devices even though ARMSSEClass was too small for a sysbus device. Additionally, the ARMSSEClass::info field ended up at the same offset as SysBusDeviceClass::explicit_ofw_unit_address. This would make sysbus_get_fw_dev_path() crash for the device. Luckily, sysbus_get_fw_dev_path() never gets called for TYPE_ARM_SSE devices, because qdev_get_fw_dev_path() is only used by the boot device code, and TYPE_ARM_SSE devices don't appear at the fw_boot_order list. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-id: 20200826181006.4097163-1-ehabkost@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28hw/misc/unimp: Display the offset with width of the region sizePhilippe Mathieu-Daudé2-4/+7
To have a better idea of how big is the region where the offset belongs, display the value with the width of the region size (i.e. a region of 0x1000 bytes uses 0x000 format). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200812190206.31595-4-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28hw/misc/unimp: Display the value with width of the access sizePhilippe Mathieu-Daudé1-2/+2
To quickly notice the access size, display the value with the width of the access (i.e. 16-bit access is displayed 0x0000, while 8-bit access 0x00). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200812190206.31595-3-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28hw/misc/unimp: Display value after offsetPhilippe Mathieu-Daudé1-4/+4
To better align the read/write accesses, display the value after the offset (read accesses only display the offset). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200812190206.31595-2-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28hw/qdev-clock: Avoid calling qdev_connect_clock_in after DeviceRealizePhilippe Mathieu-Daudé2-0/+3
Clock canonical name is set in device_set_realized (see the block added to hw/core/qdev.c in commit 0e6934f264). If we connect a clock after the device is realized, this code is not executed. This is currently not a problem as this name is only used for trace events, however this disrupt tracing. Add a comment to document qdev_connect_clock_in() must be called before the device is realized, and assert this condition. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200803105647.22223-5-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28hw/qdev-clock: Uninline qdev_connect_clock_in()Philippe Mathieu-Daudé2-5/+6
We want to assert the device is not realized. To avoid overloading this header including "hw/qdev-core.h", uninline the function first. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200803105647.22223-4-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28hw/arm/xilinx_zynq: Call qdev_connect_clock_in() before DeviceRealizePhilippe Mathieu-Daudé1-9/+9
Clock canonical name is set in device_set_realized (see the block added to hw/core/qdev.c in commit 0e6934f264). If we connect a clock after the device is realized, this code is not executed. This is currently not a problem as this name is only used for trace events, however this disrupt tracing. Fix by calling qdev_connect_clock_in() before realizing. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200803105647.22223-3-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28hw/arm/xilinx_zynq: Uninline cadence_uart_create()Philippe Mathieu-Daudé2-19/+12
As we want to call qdev_connect_clock_in() before the device is realized, we need to uninline cadence_uart_create() first. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200803105647.22223-2-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28hw/net/allwinner-sun8i-emac: Use AddressSpace for DMA transfersPhilippe Mathieu-Daudé3-16/+38
Allow the device to execute the DMA transfers in a different AddressSpace. The H3 SoC keeps using the system_memory address space, but via the proper dma_memory_access() API. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com> Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com> Message-id: 20200814122907.27732-1-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28hw/sd/allwinner-sdhost: Use AddressSpace for DMA transfersPhilippe Mathieu-Daudé4-6/+41
Allow the device to execute the DMA transfers in a different AddressSpace. The A10 and H3 SoC keep using the system_memory address space, but via the proper dma_memory_access() API. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com> Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com> Message-id: 20200814110057.307-1-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Fill in the WnR syndrome bit in mte_check_failRichard Henderson1-4/+5
According to AArch64.TagCheckFault, none of the other ISS values are provided, so we do not need to go so far as merge_syn_data_abort. But we were missing the WnR bit. Tested-by: Andrey Konovalov <andreyknvl@google.com> Reported-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200813200816.3037186-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Pass the entire mte descriptor to mte_check_failRichard Henderson1-5/+5
We need more information than just the mmu_idx in order to create the proper exception syndrome. Only change the function signature so far. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200813200816.3037186-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28target/arm: Clarify HCR_EL2 ARMCPRegInfo typePhilippe Mathieu-Daudé1-1/+0
In commit ce4afed839 ("target/arm: Implement AArch32 HCR and HCR2") the HCR_EL2 register has been changed from type NO_RAW (no underlying state and does not support raw access for state saving/loading) to type CONST (TCG can assume the value to be constant), removing the read/write accessors. We forgot to remove the previous type ARM_CP_NO_RAW. This is not really a problem since the field is overwritten. However it makes code review confuse, so remove it. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200812111223.7787-1-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28hw/arm/musicpal: Use AddressSpace for DMA transfersPhilippe Mathieu-Daudé1-14/+31
Allow the device to execute the DMA transfers in a different AddressSpace. We keep using the system_memory address space, but via the proper dma_memory_access() API. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200814125533.4047-1-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-28hw/clock: Only propagate clock changes if the clock is changedPhilippe Mathieu-Daudé1-2/+3
Avoid propagating the clock change when the clock does not change. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200806123858.30058-4-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>