aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-01-21nbd/client: Add meta contexts to nbd_receive_export_list()Eric Blake2-2/+41
We want to be able to detect whether a given qemu NBD server is exposing the right export(s) and dirty bitmaps, at least for regression testing. We could use 'nbd-client -l' from the upstream NBD project to list exports, but it's annoying to rely on out-of-tree binaries; furthermore, nbd-client doesn't necessarily know about all of the qemu NBD extensions. Thus, we plan on adding a new mode to qemu-nbd that merely sniffs all possible information from the server during handshake phase, then disconnects and dumps the information. This patch continues the work of the previous patch, by adding the ability to track the list of available meta contexts into NBDExportInfo. It benefits from the recent refactoring patches with a new nbd_list_meta_contexts() that reuses much of the same framework as setting a meta context. Note: a malicious server could exhaust memory of a client by feeding an unending loop of contexts; perhaps we could place a limit on how many we are willing to receive. But this is no different from our earlier analysis on a server sending an unending list of exports, and the death of a client due to memory exhaustion when the client was going to exit soon anyways is not really a denial of service attack. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20190117193658.16413-19-eblake@redhat.com>
2019-01-21nbd/client: Add nbd_receive_export_list()Eric Blake2-4/+143
We want to be able to detect whether a given qemu NBD server is exposing the right export(s) and dirty bitmaps, at least for regression testing. We could use 'nbd-client -l' from the upstream NBD project to list exports, but it's annoying to rely on out-of-tree binaries; furthermore, nbd-client doesn't necessarily know about all of the qemu NBD extensions. Thus, we plan on adding a new mode to qemu-nbd that merely sniffs all possible information from the server during handshake phase, then disconnects and dumps the information. This patch adds the low-level client code for grabbing the list of exports. It benefits from the recent refactoring patches, in order to share as much code as possible when it comes to doing validation of server replies. The resulting information is stored in an array of NBDExportInfo which has been expanded to any description string, along with a convenience function for freeing the list. Note: a malicious server could exhaust memory of a client by feeding an unending loop of exports; perhaps we should place a limit on how many we are willing to receive. But note that a server could reasonably be serving an export for every file in a large directory, where an arbitrary limit in the client means we can't list anything from such a server; the same happens if we just run until the client fails to malloc() and thus dies by an abort(), where the limit is no longer arbitrary but determined by available memory. Since the client is already planning on being short-lived, it's hard to call this a denial of service attack that would starve off other uses, so it does not appear to be a security issue. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Message-Id: <20190117193658.16413-18-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2019-01-21nbd/client: Refactor nbd_opt_go() to support NBD_OPT_INFOEric Blake2-18/+26
Rename the function to nbd_opt_info_or_go() with an added parameter and slight changes to comments and trace messages, in order to reuse the function for NBD_OPT_INFO. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20190117193658.16413-17-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2019-01-21nbd/client: Pull out oldstyle size determinationEric Blake1-17/+32
Another refactoring creating nbd_negotiate_finish_oldstyle() for further reuse during 'qemu-nbd --list'. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Message-Id: <20190117193658.16413-16-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2019-01-21nbd/client: Split handshake into two functionsEric Blake2-51/+96
An upcoming patch will add the ability for qemu-nbd to list the services provided by an NBD server. Share the common code of the TLS handshake by splitting the initial exchange into a separate function, leaving only the export handling in the original function. Functionally, there should be no change in behavior in this patch, although some of the code motion may be difficult to follow due to indentation changes (view with 'git diff -w' for a smaller changeset). I considered an enum for the return code coordinating state between the two functions, but in the end just settled with ample comments. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20190117193658.16413-15-eblake@redhat.com>
2019-01-21nbd/client: Refactor return of nbd_receive_negotiate()Eric Blake1-28/+23
The function could only ever return 0 or -EINVAL; make this clearer by dropping a useless 'fail:' label. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20190117193658.16413-14-eblake@redhat.com>
2019-01-21nbd/client: Split out nbd_receive_one_meta_context()Eric Blake2-58/+91
Extract portions of nbd_negotiate_simple_meta_context() to a new function nbd_receive_one_meta_context() that copies the pattern of nbd_receive_list() for performing the argument validation of one reply. The error message when the server replies with more than one context changes slightly, but that shouldn't happen in the common case. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20190117193658.16413-13-eblake@redhat.com>
2019-01-21nbd/client: Split out nbd_send_meta_query()Eric Blake2-21/+45
Refactor nbd_negotiate_simple_meta_context() to pull out the code that can be reused to send a LIST request for 0 or 1 query. No semantic change. The old comment about 'sizeof(uint32_t)' being equivalent to '/* number of queries */' is no longer needed, now that we are computing 'sizeof(queries)' instead. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Message-Id: <20190117193658.16413-12-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2019-01-21nbd/client: Change signature of nbd_negotiate_simple_meta_context()Eric Blake3-31/+28
Pass 'info' instead of three separate parameters related to info, when requesting the server to set the meta context. Update the NBDExportInfo struct to rename the received id field to match the fact that we are currently overloading the field to match whatever context the user supplied through the x-dirty-bitmap hack, as well as adding a TODO comment to remind future patches about a desire to request two contexts at once. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20190117193658.16413-11-eblake@redhat.com>
2019-01-21nbd/client: Move export name into NBDExportInfoEric Blake5-30/+30
Refactor the 'name' parameter of nbd_receive_negotiate() from being a separate parameter into being part of the in-out 'info'. This also spills over to a simplification of nbd_opt_go(). The main driver for this refactoring is that an upcoming patch would like to add support to qemu-nbd to list information about all exports available on a server, where the name(s) will be provided by the server instead of the client. But another benefit is that we can now allow the client to explicitly specify the empty export name "" even when connecting to an oldstyle server (even if qemu is no longer such a server after commit 7f7dfe2a). Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20190117193658.16413-10-eblake@redhat.com>
2019-01-21nbd/client: Refactor nbd_receive_list()Eric Blake2-33/+59
Right now, nbd_receive_list() is only called by nbd_receive_query_exports(), which in turn is only called if the server lacks NBD_OPT_GO but has working option negotiation, and is merely used as a quality-of-implementation trick since servers can't give decent errors for NBD_OPT_EXPORT_NAME. However, servers that lack NBD_OPT_GO are becoming increasingly rare (nbdkit was a latecomer, in Aug 2018, but qemu has been such a server since commit f37708f6 in July 2017 and released in 2.10), so it no longer makes sense to micro-optimize that function for performance. Furthermore, when debugging a server's implementation, tracing the full reply (both names and descriptions) is useful, not to mention that upcoming patches adding 'qemu-nbd --list' will want to collect that data. And when you consider that a server can send an export name up to the NBD protocol length limit of 4k; but our current NBD_MAX_NAME_SIZE is only 256, we can't trace all valid server names without more storage, but 4k is large enough that the heap is better than the stack for long names. Thus, I'm changing the division of labor, with nbd_receive_list() now always malloc'ing a result on success (the malloc is bounded by the fact that we reject servers with a reply length larger than 32M), and moving the comparison to 'wantname' to the caller. There is a minor change in behavior where a server with 0 exports (an immediate NBD_REP_ACK reply) is now no longer distinguished from a server without LIST support (NBD_REP_ERR_UNSUP); this information could be preserved with a complication to the calling contract to provide a bit more information, but I didn't see the point. After all, the worst that can happen if our guess at a match is wrong is that the caller will get a cryptic disconnect when NBD_OPT_EXPORT_NAME fails (which is no different from what would happen if we had not tried LIST), while treating an empty list as immediate failure would prevent connecting to really old servers that really did lack LIST. Besides, NBD servers with 0 exports are rare (qemu can do it when using QMP nbd-server-start without nbd-server-add - but qemu understands NBD_OPT_GO and thus won't tickle this change in behavior). Fix the spelling of foundExport to match coding standards while in the area. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20190117193658.16413-9-eblake@redhat.com>
2019-01-21qemu-nbd: Avoid strtol open-codingEric Blake1-19/+9
Our copy-and-pasted open-coding of strtol handling forgot to handle overflow conditions. Use qemu_strto*() instead. In the case of --partition, since we insist on a user-supplied partition to be non-zero, we can use 0 rather than -1 for our initial value to distinguish when a partition is not being served, for slightly more optimal code. The error messages for out-of-bounds values are less specific, but should not be a terrible loss in quality. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Message-Id: <20190117193658.16413-8-eblake@redhat.com>
2019-01-21nbd/server: Favor [u]int64_t over off_tEric Blake3-29/+22
Although our compile-time environment is set up so that we always support long files with 64-bit off_t, we have no guarantee whether off_t is the same type as int64_t. This requires casts when printing values, and prevents us from directly using qemu_strtoi64() (which will be done in the next patch). Let's just flip to uint64_t where possible, and stick to int64_t for detecting failure of blk_getlength(); we also keep the assertions added in the previous patch that the resulting values fit in 63 bits. The overflow check in nbd_co_receive_request() was already sane (request->from is validated to fit in 63 bits, and request->len is 32 bits, so the addition can't overflow 64 bits), but rewrite it in a form easier to recognize as a typical overflow check. Rename the variable 'description' to keep line lengths reasonable. Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20190117193658.16413-7-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2019-01-21nbd/server: Hoist length check to qmp_nbd_server_addEric Blake2-8/+12
We only had two callers to nbd_export_new; qemu-nbd.c always passed a valid offset/length pair (because it already checked the file length, to ensure that offset was in bounds), while blockdev-nbd.c always passed 0/-1. Then nbd_export_new reduces the size to a multiple of BDRV_SECTOR_SIZE (can only happen when offset is not sector-aligned, since bdrv_getlength() currently rounds up) (someday, it would be nice to have byte-accurate lengths - but not today). However, I'm finding it easier to work with the code if we are consistent on having both callers pass in a valid length, and just assert that things are sane in nbd_export_new, meaning that no negative values were passed, and that offset+size does not exceed 63 bits (as that really is a fundamental limit to later operations, whether we use off_t or uint64_t). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20190117193658.16413-6-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2019-01-21qemu-nbd: Sanity check partition boundsEric Blake1-1/+21
When the user requests a partition, we were using data read from the disk as disk offsets without a bounds check. We got lucky that even when computed offsets are out-of-bounds, blk_pread() will gracefully catch the error later (so I don't think a malicious image can crash or exploit qemu-nbd, and am not treating this as a security flaw), but it's better to flag the problem up front than to risk permanent EIO death of the block device down the road. The new bounds check adds an assertion that will never fail, but rather exists to help the compiler see that adding two positive 41-bit values (given MBR constraints) can't overflow 64-bit off_t. Using off_t to represent a partition length is a bit of a misnomer; a later patch will update to saner types, but it is left separate in case the bounds check needs to be backported in isolation. Also, note that the partition code blindly overwrites any non-zero offset passed in by the user; so for now, make the -o/-P combo an error for less confusion. In the future, we may let -o and -P work together (selecting a subset of a partition); so it is okay that an explicit '-o 0' behaves no differently from omitting -o. This can be tested with nbdkit: $ echo hi > file $ nbdkit -fv --filter=truncate partitioning file truncate=64k Pre-patch: $ qemu-nbd -p 10810 -P 1 -f raw nbd://localhost:10809 & $ qemu-io -f raw nbd://localhost:10810 qemu-io> r -v 0 1 Disconnect client, due to: Failed to send reply: reading from file failed: Input/output error Connection closed read failed: Input/output error qemu-io> q [1]+ Done qemu-nbd -p 10810 -P 1 -f raw nbd://localhost:10809 Post-patch: $ qemu-nbd -p 10810 -P 1 -f raw nbd://localhost:10809 qemu-nbd: Discovered partition 1 at offset 1048576 size 512, but size exceeds file length 65536 Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Message-Id: <20190117193658.16413-5-eblake@redhat.com>
2019-01-21qemu-nbd: Enhance man pageEric Blake1-19/+75
Document some useful qemu-nbd command lines. Mention some restrictions on particular options, like -p being only for MBR images, or -c/-d being Linux-only. Update some text given the recent change to no longer serve oldstyle protocol (missed in commit 7f7dfe2a). Also, consistently use trailing '.' in describing options. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Message-Id: <20190117193658.16413-4-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2019-01-21maint: Allow for EXAMPLES in texi2podEric Blake2-1/+3
The next commit will add an EXAMPLES section to qemu-nbd.8; for that to work, we need to recognize EXAMPLES in texi2pod. We also need to add a dependency from all man pages against the generator script, since a change to the generator may cause the resulting man page to differ. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Message-Id: <20190117193658.16413-3-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2019-01-21iotests: Make 233 output more reliableEric Blake2-4/+11
We have a race between the nbd server and the client both trying to report errors at once which can make the test sometimes fail if the output lines swap order under load. Break the race by collecting server messages into a file and then replaying that at the end of the test. We may yet want to fix the server to not output ANYTHING for a client action except when -v was used (to avoid malicious clients from being able to DoS a server by filling up its logs), but that is saved for a future patch. Signed-off-by: Eric Blake <eblake@redhat.com> CC: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20190117193658.16413-2-eblake@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-21Merge remote-tracking branch ↵Peter Maydell9-648/+1042
'remotes/amarkovic/tags/mips-queue-january-17-2019-v2' into staging MIPS queue for January 17, 2019 - v2 # gpg: Signature made Fri 18 Jan 2019 15:55:35 GMT # gpg: using RSA key D4972A8967F75A65 # gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01 DD75 D497 2A89 67F7 5A65 * remotes/amarkovic/tags/mips-queue-january-17-2019-v2: target/mips: Introduce 32 R5900 multimedia registers target/mips: Rename 'rn' to 'register_name' target/mips: Add CP0 register MemoryMapID target/mips: Amend preprocessor constants for CP0 registers target/mips: Update ITU to handle bus errors target/mips: Update ITU to utilize SAARI and SAAR CP0 registers target/mips: Add field and R/W access to ITU control register ICR0 target/mips: Provide R/W access to SAARI and SAAR CP0 registers target/mips: Add fields for SAARI and SAAR CP0 registers target/mips: Use preprocessor constants for 32 major CP0 registers target/mips: Add preprocessor constants for 32 major CP0 registers target/mips: Move comment containing summary of CP0 registers Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21hw/virtio/virtio-balloon: zero-initialize the virtio_balloon_config structPeter Maydell1-1/+1
In virtio_balloon_get_config() we initialize a struct virtio_balloon_config which we then copy to guest memory. However, the local variable is not zero initialized. This works OK at the moment because we initialize all the fields in it; however an upcoming kernel header change will add some new fields. If we don't zero out the whole struct then we will start leaking a small amount of the contents of QEMU's stack to the guest as soon as we update linux-headers/ to a set of headers that includes the new fields. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190118183603.24757-1-peter.maydell@linaro.org
2019-01-21hw/block/xen: use proper format string for printing sectorsAlex Bennée1-1/+1
The %lu format string is different depending on the host architecture which causes builds like the debian-armhf-cross build to fail. Use the correct PRi64 format string. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190116121350.23863-1-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21Merge remote-tracking branch ↵Peter Maydell21-631/+2514
'remotes/pmaydell/tags/pull-target-arm-20190121' into staging target-arm queue: * hw/char/stm32f2xx_usart: Do not update data register when device is disabled * hw/arm/virt-acpi-build: Set COHACC override flag in IORT SMMUv3 node * target/arm: Allow Aarch32 exception return to switch from Mon->Hyp * ftgmac100: implement the new MDIO interface on Aspeed SoC * implement the ARMv8.3-PAuth extension * improve emulation of the ARM PMU # gpg: Signature made Mon 21 Jan 2019 10:42:11 GMT # gpg: using RSA key 3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20190121: (48 commits) target/arm: Implement PMSWINC target/arm: PMU: Set PMCR.N to 4 target/arm: PMU: Add instruction and cycle events target/arm: Finish implementation of PM[X]EVCNTR and PM[X]EVTYPER target/arm: Add array for supported PMU events, generate PMCEID[01]_EL0 target/arm: Make PMCEID[01]_EL0 64 bit registers, add PMCEID[23] target/arm: Define FIELDs for ID_DFR0 target/arm: Implement PMOVSSET target/arm: Allow AArch32 access for PMCCFILTR target/arm: Filter cycle counter based on PMCCFILTR_EL0 target/arm: Swap PMU values before/after migrations target/arm: Reorganize PMCCNTR accesses migration: Add post_save function to VMStateDescription target/arm: Tidy TBI handling in gen_a64_set_pc target/arm: Enable PAuth for user-only target/arm: Enable PAuth for -cpu max target/arm: Add PAuth system registers target/arm: Implement pauth_computepac target/arm: Implement pauth_addpac target/arm: Implement pauth_auth ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21tests: Disable ipmi-bt-testPeter Maydell1-1/+2
The ipmi-bt-test fails intermittently, especially on the NetBSD VM. The frequency of this failure has recently gone up sharply to the point that I'm having to retry the NetBSD build multiple times to get a pass when merging pull requests. Disable the test until we can figure out why it's failing. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190118185402.3065-1-peter.maydell@linaro.org
2019-01-21target/arm: Implement PMSWINCAaron Lindsay1-2/+37
Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181211151945.29137-14-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: PMU: Set PMCR.N to 4Aaron Lindsay1-5/+5
This both advertises that we support four counters and enables them because the pmu_num_counters() reads this value from PMCR. Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org> Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20181211151945.29137-13-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: PMU: Add instruction and cycle eventsAaron Lindsay1-46/+44
The instruction event is only enabled when icount is used, cycles are always supported. Always defining get_cycle_count (but altering its behavior depending on CONFIG_USER_ONLY) allows us to remove some CONFIG_USER_ONLY #defines throughout the rest of the code. Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org> Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20181211151945.29137-12-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Finish implementation of PM[X]EVCNTR and PM[X]EVTYPERAaron Lindsay2-17/+282
Add arrays to hold the registers, the definitions themselves, access functions, and logic to reset counters when PMCR.P is set. Update filtering code to support counters other than PMCCNTR. Support migration with raw read/write functions. Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org> Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181211151945.29137-11-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Add array for supported PMU events, generate PMCEID[01]_EL0Aaron Lindsay4-11/+79
This commit doesn't add any supported events, but provides the framework for adding them. We store the pm_event structs in a simple array, and provide the mapping from the event numbers to array indexes in the supported_event_map array. Because the value of PMCEID[01] depends upon which events are supported at runtime, generate it dynamically. Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20181211151945.29137-10-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Make PMCEID[01]_EL0 64 bit registers, add PMCEID[23]Aaron Lindsay2-4/+19
Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20181211151945.29137-9-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Define FIELDs for ID_DFR0Aaron Lindsay1-0/+9
This is immediately necessary for the PMUv3 implementation to check ID_DFR0.PerfMon to enable/disable specific features, but defines the full complement of fields for possible future use elsewhere. Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20181211151945.29137-8-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Implement PMOVSSETAaron Lindsay1-0/+28
Add an array for PMOVSSET so we only define it for v7ve+ platforms Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181211151945.29137-7-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Allow AArch32 access for PMCCFILTRAaron Lindsay1-1/+26
Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181211151945.29137-6-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Filter cycle counter based on PMCCFILTR_EL0Aaron Lindsay3-8/+101
Rename arm_ccnt_enabled to pmu_counter_enabled, and add logic to only return 'true' if the specified counter is enabled and neither prohibited or filtered. Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org> Signed-off-by: Aaron Lindsay <aclindsa@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181211151945.29137-5-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Swap PMU values before/after migrationsAaron Lindsay2-2/+28
Because of the PMU's design, many register accesses have side effects which are inter-related, meaning that the normal method of saving CP registers can result in inconsistent state. These side-effects are largely handled in pmu_op_start/finish functions which can be called before and after the state is saved/restored. By doing this and adding raw read/write functions for the affected registers, we avoid migration-related inconsistencies. Signed-off-by: Aaron Lindsay <aclindsa@gmail.com> Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20181211151945.29137-4-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Reorganize PMCCNTR accessesAaron Lindsay2-53/+98
pmccntr_read and pmccntr_write contained duplicate code that was already being handled by pmccntr_sync. Consolidate the duplicated code into two functions: pmccntr_op_start and pmccntr_op_finish. Add a companion to c15_ccnt in CPUARMState so that we can simultaneously save both the architectural register value and the last underlying cycle count - this ensures time isn't lost and will also allow us to access the 'old' architectural register value in order to detect overflows in later patches. Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org> Signed-off-by: Aaron Lindsay <aclindsa@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20181211151945.29137-3-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21migration: Add post_save function to VMStateDescriptionAaron Lindsay3-3/+20
In some cases it may be helpful to modify state before saving it for migration, and then modify the state back after it has been saved. The existing pre_save function provides half of this functionality. This patch adds a post_save function to provide the second half. Signed-off-by: Aaron Lindsay <aclindsa@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 20181211151945.29137-2-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Tidy TBI handling in gen_a64_set_pcRichard Henderson1-43/+23
We can perform this with fewer operations. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190108223129.5570-32-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Enable PAuth for user-onlyRichard Henderson2-0/+63
Add 4 attributes that controls the EL1 enable bits, as we may not always want to turn on pointer authentication with -cpu max. However, by default they are enabled. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20190108223129.5570-31-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Enable PAuth for -cpu maxRichard Henderson1-0/+4
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190108223129.5570-30-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Add PAuth system registersRichard Henderson1-0/+70
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190108223129.5570-29-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Implement pauth_computepacRichard Henderson1-1/+241
This is the main crypto routine, an implementation of QARMA. This matches, as much as possible, ARM pseudocode. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20190108223129.5570-28-richard.henderson@linaro.org [PMM: fixed minor checkpatch nits] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Implement pauth_addpacRichard Henderson1-1/+41
This is not really functional yet, because the crypto is not yet implemented. This, however follows the AddPAC pseudo function. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190108223129.5570-27-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Implement pauth_authRichard Henderson1-1/+20
This is not really functional yet, because the crypto is not yet implemented. This, however follows the Auth pseudo function. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190108223129.5570-26-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Implement pauth_stripRichard Henderson1-1/+13
Stripping out the authentication data does not require any crypto, it merely requires the virtual address parameters. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190108223129.5570-25-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Reuse aa64_va_parameters for setting tbflagsRichard Henderson2-81/+24
The arm_regime_tbi{0,1} functions are replacable with the new function by giving the lowest and highest address. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190108223129.5570-24-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Decode TBID from TCRRichard Henderson2-3/+12
Use TBID in aa64_va_parameters depending on the data parameter. This automatically updates all existing users of the function. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20190108223129.5570-23-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Add aa64_va_parameters_bothRichard Henderson2-5/+20
We will want to check TBI for I and D simultaneously. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20190108223129.5570-22-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Export aa64_va_parameters to internals.hRichard Henderson2-2/+19
We need to reuse this from helper-a64.c. Provide a stub definition for CONFIG_USER_ONLY. This matches the stub definitions that we removed for arm_regime_tbi{0,1} before. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190108223129.5570-21-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Merge TBFLAG_AA_TB{0, 1} to TBIIRichard Henderson4-13/+11
We will shortly want to talk about TBI as it relates to data. Passing around a pair of variables is less convenient than a single variable. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20190108223129.5570-20-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-21target/arm: Create ARMVAParameters and helpersRichard Henderson2-128/+164
Split out functions to extract the virtual address parameters. Let the functions choose T0 or T1 address space half, if present. Extract (most of) the control bits that vary between EL or Tx. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20190108223129.5570-19-richard.henderson@linaro.org [PMM: fixed minor checkpatch comment nits] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>