aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2020-07-06fuzz: do not use POSIX shm for coverage bitmapAlexander Bulekov1-27/+13
We used shm_open with mmap to share libfuzzer's coverage bitmap with child (runner) processes. The same functionality can be achieved with MAP_SHARED | MAP_ANONYMOUS, since we do not care about naming or permissioning the shared memory object. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200622165040.15121-1-alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-06fuzz: fix broken qtest check at rcu_disable_atforkAlexander Bulekov2-11/+4
The qtest_enabled check introduced in d6919e4 always returns false, as it is called prior to configure_accelerators(). Instead of trying to skip rcu_disable_atfork in qemu_main, simply call rcu_enable_atfork in the fuzzer, after qemu_main returns. Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200618160516.2817-1-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-04Merge remote-tracking branch ↵Peter Maydell45-311/+973
'remotes/pmaydell/tags/pull-target-arm-20200703' into staging target-arm queue: * i.MX6UL EVK board: put PHYs in the correct places * hw/arm/virt: Let the virtio-iommu bypass MSIs * target/arm: kvm: Handle DABT with no valid ISS * hw/arm/virt-acpi-build: Only expose flash on older machine types * target/arm: Fix temp double-free in sve ldr/str * hw/display/bcm2835_fb.c: Initialize all fields of struct * hw/arm/spitz: Code cleanup to fix Coverity-detected memory leak * Deprecate TileGX port # gpg: Signature made Fri 03 Jul 2020 17:53:05 BST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20200703: (34 commits) Deprecate TileGX port Replace uses of FROM_SSI_SLAVE() macro with QOM casts hw/arm/spitz: Provide usual QOM macros for corgi-ssp and spitz-lcdtg hw/arm/pxa2xx_pic: Use LOG_GUEST_ERROR for bad guest register accesses hw/arm/spitz: Use LOG_GUEST_ERROR for bad guest register accesses hw/gpio/zaurus.c: Use LOG_GUEST_ERROR for bad guest register accesses hw/arm/spitz: Encapsulate misc GPIO handling in a device hw/misc/max111x: Create header file for documentation, TYPE_ macros hw/misc/max111x: Use GPIO lines rather than max111x_set_input() hw/arm/spitz: Use max111x properties to set initial values ssi: Add ssi_realize_and_unref() hw/misc/max111x: Don't use vmstate_register() hw/misc/max111x: provide QOM properties for setting initial values hw/arm/spitz: Implement inbound GPIO lines for bit5 and power signals hw/arm/spitz: Keep pointers to scp0, scp1 in SpitzMachineState hw/arm/spitz: Keep pointers to MPU and SSI devices in SpitzMachineState hw/arm/spitz: Create SpitzMachineClass abstract base class hw/arm/spitz: Detabify hw/display/bcm2835_fb.c: Initialize all fields of struct target/arm: Fix temp double-free in sve ldr/str ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-04Merge remote-tracking branch ↵Peter Maydell6-13/+80
'remotes/dgilbert/tags/pull-migration-20200703a' into staging virtiofsd+migration pull 2020-07-03 A couple of small migration fixes, and some capability rework for virtiofsd. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> # gpg: Signature made Fri 03 Jul 2020 16:26:35 BST # gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full] # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20200703a: migration: Count new_dirty instead of real_dirty migration: postcopy take proper error return virtiofsd: Allow addition or removal of capabilities virtiofsd: Check capability calls virtiofsd: Terminate capability list Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-04Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200703' into stagingPeter Maydell22-126/+136
s390 update: - various fixes - cleanup in the s390x-ccw bios # gpg: Signature made Fri 03 Jul 2020 11:04:08 BST # gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [marginal] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [marginal] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [marginal] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20200703: s390x/pci: fix set_ind_atomic virtio-ccw: fix virtio_set_ind_atomic target/s390x: Fix SQXBR pc-bios/s390: Update s390-ccw bios binaries with the latest changes pc-bios/s390-ccw: Generate and include dependency files in the Makefile pc-bios: s390x: Make u32 ptr check explicit pc-bios: s390x: Use ebcdic2ascii table pc-bios: s390x: Move panic() into header and add infinite loop pc-bios: s390x: Use PSW masks where possible and introduce PSW_MASK_SHORT_ADDR pc-bios: s390x: Rename PSW_MASK_ZMODE to PSW_MASK_64 pc-bios: s390x: Get rid of magic offsets into the lowcore pc-bios: s390x: Move sleep and yield to helper.h pc-bios: s390x: Consolidate timing functions into time.h pc-bios: s390x: cio.c cleanup and compile fix Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell4-64/+51
Block layer patches: - qemu-img convert: Don't pre-zero images (removes nowadays counterproductive optimisation) - qemu-storage-daemon: Fix object-del, cleaner shutdown - vvfat: Check that the guest doesn't escape the given host directory with read-write vvfat drives - vvfat: Fix crash by out-of-bounds array writes for read-write drives - iotests fixes # gpg: Signature made Fri 03 Jul 2020 10:20:46 BST # gpg: using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6 # gpg: issuer "kwolf@redhat.com" # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full] # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: iotests: Fix 051 output after qdev_init_nofail() removal iotests.py: Do not wait() before communicate() vvfat: Fix array_remove_slice() vvfat: Check that updated filenames are valid qemu-storage-daemon: add missing cleanup calls qemu-storage-daemon: remember to add qemu_object_opts qemu-img convert: Don't pre-zero images Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03Deprecate TileGX portPeter Maydell1-0/+11
Deprecate our TileGX target support: * we have no active maintainer for it * it has had essentially no contributions (other than tree-wide cleanups and similar) since it was first added * the Linux kernel dropped support in 2018, as has glibc Note the deprecation in the manual, but don't try to print a warning when QEMU runs -- printing unsuppressable messages is more obtrusive for linux-user mode than it would be for system-emulation mode, and it doesn't seem worth trying to invent a new suppressible-error system for linux-user just for this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 20200619154831.26319-1-peter.maydell@linaro.org
2020-07-03Replace uses of FROM_SSI_SLAVE() macro with QOM castsPeter Maydell5-14/+22
The FROM_SSI_SLAVE() macro predates QOM and is used as a typesafe way to cast from an SSISlave* to the instance struct of a subtype of TYPE_SSI_SLAVE. Switch to using the QOM cast macros instead, which have the same effect (by writing the QOM macros if the types were previously missing them.) (The FROM_SSI_SLAVE() macro allows the SSISlave member of the subtype's struct to be anywhere as long as it is named "ssidev", whereas a QOM cast macro insists that it is the first thing in the subtype's struct. This is true for all the types we convert here.) This removes all the uses of FROM_SSI_SLAVE() so we can delete the definition. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-18-peter.maydell@linaro.org
2020-07-03hw/arm/spitz: Provide usual QOM macros for corgi-ssp and spitz-lcdtgPeter Maydell1-8/+15
The QOM types "spitz-lcdtg" and "corgi-ssp" are missing the usual QOM TYPE and casting macros; provide and use them. In particular, we can safely use the QOM cast macros instead of FROM_SSI_SLAVE() because in both cases the 'ssidev' field of the instance state struct is the first field in it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-17-peter.maydell@linaro.org
2020-07-03hw/arm/pxa2xx_pic: Use LOG_GUEST_ERROR for bad guest register accessesPeter Maydell2-3/+7
Instead of using printf() for logging guest accesses to invalid register offsets in the pxa2xx PIC device, use the usual qemu_log_mask(LOG_GUEST_ERROR,...). This was the only user of the REG_FMT macro in pxa.h, so we can remove that. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-16-peter.maydell@linaro.org
2020-07-03hw/arm/spitz: Use LOG_GUEST_ERROR for bad guest register accessesPeter Maydell1-5/+7
Instead of logging guest accesses to invalid register offsets in the Spitz flash device with zaurus_printf() (which just prints to stderr), use the usual qemu_log_mask(LOG_GUEST_ERROR,...). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-15-peter.maydell@linaro.org
2020-07-03hw/gpio/zaurus.c: Use LOG_GUEST_ERROR for bad guest register accessesPeter Maydell3-8/+10
Instead of logging guest accesses to invalid register offsets in this device using zaurus_printf() (which just prints to stderr), use the usual qemu_log_mask(LOG_GUEST_ERROR,...). Since this was the only use of the zaurus_printf() macro outside spitz.c, we can move the definition of that macro from sharpsl.h to spitz.c. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-14-peter.maydell@linaro.org
2020-07-03hw/arm/spitz: Encapsulate misc GPIO handling in a devicePeter Maydell1-43/+88
Currently we have a free-floating set of IRQs and a function spitz_out_switch() which handle some miscellaneous GPIO lines for the spitz board. Encapsulate this behaviour in a simple QOM device. At this point we can finally remove the 'max1111' global, because the ADC battery-temperature value is now handled by the misc-gpio device writing the value to its outbound "adc-temp" GPIO, which the board code wires up to the appropriate inbound GPIO line on the max1111. This commit also fixes Coverity issue CID 1421913 (which pointed out that the 'outsignals' in spitz_scoop_gpio_setup() were leaked), because it removes the use of the qemu_allocate_irqs() API from this code entirely. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-13-peter.maydell@linaro.org
2020-07-03hw/misc/max111x: Create header file for documentation, TYPE_ macrosPeter Maydell4-24/+60
Create a header file for the hw/misc/max111x device, in the usual modern style for QOM devices: * definition of the TYPE_ constants and macros * definition of the device's state struct so that it can be embedded in other structs if desired * documentation of the interface This allows us to use TYPE_MAX_1111 in the spitz.c code rather than the string "max1111". Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200628142429.17111-12-peter.maydell@linaro.org
2020-07-03hw/misc/max111x: Use GPIO lines rather than max111x_set_input()Peter Maydell3-14/+14
The max111x ADC device model allows other code to set the level on the 8 ADC inputs using the max111x_set_input() function. Replace this with generic qdev GPIO inputs, which also allow inputs to be set to arbitrary values. Using GPIO lines will make it easier for board code to wire things up, so that if device A wants to set the ADC input it doesn't need to have a direct pointer to the max111x but can just set that value on its output GPIO, which is then wired up by the board to the appropriate max111x input. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-11-peter.maydell@linaro.org
2020-07-03hw/arm/spitz: Use max111x properties to set initial valuesPeter Maydell1-4/+7
Use the new max111x qdev properties to set the initial input values rather than calling max111x_set_input(); this means that on system reset the inputs will correctly return to their initial values. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200628142429.17111-10-peter.maydell@linaro.org
2020-07-03ssi: Add ssi_realize_and_unref()Peter Maydell2-1/+32
Add an ssi_realize_and_unref(), for the benefit of callers who want to be able to create an SSI device, set QOM properties on it, and then do the realize-and-unref afterwards. The API works on the same principle as the recently added qdev_realize_and_undef(), sysbus_realize_and_undef(), etc. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-9-peter.maydell@linaro.org
2020-07-03hw/misc/max111x: Don't use vmstate_register()Peter Maydell1-2/+1
The max111x is a proper qdev device; we can use dc->vmsd rather than directly calling vmstate_register(). It's possible that this is a migration compat break, but the only boards that use this device are the spitz-family ('akita', 'borzoi', 'spitz', 'terrier'). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-8-peter.maydell@linaro.org
2020-07-03hw/misc/max111x: provide QOM properties for setting initial valuesPeter Maydell1-10/+47
Add some QOM properties to the max111x ADC device to allow the initial values to be configured. Currently this is done by board code calling max111x_set_input() after it creates the device, which doesn't work on system reset. This requires us to implement a reset method for this device, so while we're doing that make sure we reset the other parts of the device state. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-7-peter.maydell@linaro.org
2020-07-03hw/arm/spitz: Implement inbound GPIO lines for bit5 and power signalsPeter Maydell1-16/+12
Currently the Spitz board uses a nasty hack for the GPIO lines that pass "bit5" and "power" information to the LCD controller: the lcdtg realize function sets a global variable to point to the instance it just realized, and then the functions spitz_bl_power() and spitz_bl_bit5() use that to find the device they are changing the internal state of. There is a comment reading: FIXME: Implement GPIO properly and remove this hack. which was added in 2009. Implement GPIO properly and remove this hack. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-6-peter.maydell@linaro.org
2020-07-03hw/arm/spitz: Keep pointers to scp0, scp1 in SpitzMachineStatePeter Maydell1-17/+21
Keep pointers to scp0, scp1 in SpitzMachineState, and just pass that to spitz_scoop_gpio_setup(). (We'll want to use some of the other fields in SpitzMachineState in that function in the next commit.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-5-peter.maydell@linaro.org
2020-07-03hw/arm/spitz: Keep pointers to MPU and SSI devices in SpitzMachineStatePeter Maydell1-26/+32
Keep pointers to the MPU and the SSI devices in SpitzMachineState. We're going to want to make GPIO connections between some of the SSI devices and the SCPs, so we want to keep hold of a pointer to those; putting the MPU into the struct allows us to pass just one thing to spitz_ssp_attach() rather than two. We have to retain the setting of the global "max1111" variable for the moment as it is used in spitz_adc_temp_on(); later in this series of commits we will be able to remove it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-4-peter.maydell@linaro.org
2020-07-03hw/arm/spitz: Create SpitzMachineClass abstract base classPeter Maydell1-35/+54
For the four Spitz-family machines (akita, borzoi, spitz, terrier) create a proper abstract class SpitzMachineClass which encapsulates the common behaviour, rather than having them all derive directly from TYPE_MACHINE: * instead of each machine class setting mc->init to a wrapper function which calls spitz_common_init() with parameters, put that data in the SpitzMachineClass and make spitz_common_init the SpitzMachineClass machine-init function * move the settings of mc->block_default_type and mc->ignore_memory_transaction_failures into the SpitzMachineClass class init rather than repeating them in each machine's class init (The motivation is that we're going to want to keep some state in the SpitzMachineState so we can connect GPIOs between devices created in one sub-function of the machine init to devices created in a different sub-function.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200628142429.17111-3-peter.maydell@linaro.org
2020-07-03hw/arm/spitz: DetabifyPeter Maydell1-79/+79
The spitz board has been around a long time, and still has a fair number of hard-coded tab characters in it. We're about to do some work on this source file, so start out by expanding out the tabs. This commit is a pure whitespace only change. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200628142429.17111-2-peter.maydell@linaro.org
2020-07-03hw/display/bcm2835_fb.c: Initialize all fields of structPeter Maydell1-0/+4
In bcm2835_fb_mbox_push(), Coverity complains (CID 1429989) that we pass a pointer to a local struct to another function without initializing all its fields. This is a real bug: bcm2835_fb_reconfigure() copies the whole of our new BCM2385FBConfig struct into s->config, so any fields we don't initialize will corrupt the state of the device. Copy the two fields which we don't want to update (pixo and alpha) from the existing config so we don't accidentally change them. Fixes: cfb7ba983857e40e88 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200628195436.27582-1-peter.maydell@linaro.org
2020-07-03target/arm: Fix temp double-free in sve ldr/strRichard Henderson3-6/+9
The temp that gets assigned to clean_addr has been allocated with new_tmp_a64, which means that it will be freed at the end of the instruction. Freeing it earlier leads to assertion failure. The loop creates a complication, in which we allocate a new local temp, which does need freeing, and the final code path is shared between the loop and non-loop. Fix this complication by adding new_tmp_a64_local so that the new local temp is freed at the end, and can be treated exactly like the non-loop path. Fixes: bba87d0a0f4 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200702175605.1987125-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03tests/acpi: virt: update golden masters for DSDTAndrew Jones4-3/+0
Differences between disassembled ASL files for DSDT: @@ -5,13 +5,13 @@ * * Disassembling to symbolic ASL+ operators * - * Disassembly of a, Mon Jun 29 09:50:01 2020 + * Disassembly of b, Mon Jun 29 09:50:03 2020 * * Original Table Header: * Signature "DSDT" - * Length 0x000014BB (5307) + * Length 0x00001455 (5205) * Revision 0x02 - * Checksum 0xD1 + * Checksum 0xE1 * OEM ID "BOCHS " * OEM Table ID "BXPCDSDT" * OEM Revision 0x00000001 (1) @@ -45,32 +45,6 @@ }) } - Device (FLS0) - { - Name (_HID, "LNRO0015") // _HID: Hardware ID - Name (_UID, Zero) // _UID: Unique ID - Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings - { - Memory32Fixed (ReadWrite, - 0x00000000, // Address Base - 0x04000000, // Address Length - ) - }) - } - - Device (FLS1) - { - Name (_HID, "LNRO0015") // _HID: Hardware ID - Name (_UID, One) // _UID: Unique ID - Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings - { - Memory32Fixed (ReadWrite, - 0x04000000, // Address Base - 0x04000000, // Address Length - ) - }) - } - Device (FWCF) { Name (_HID, "QEMU0002") // _HID: Hardware ID The other two binaries have the same changes (the removal of the flash devices). Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 20200629140938.17566-5-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03hw/arm/virt-acpi-build: Only expose flash on older machine typesAndrew Jones3-1/+8
The flash device is exclusively for the host-controlled firmware, so we should not expose it to the OS. Exposing it risks the OS messing with it, which could break firmware runtime services and surprise the OS when all its changes disappear after reboot. As firmware needs the device and uses DT, we leave the device exposed there. It's up to firmware to remove the nodes from DT before sending it on to the OS. However, there's no need to force firmware to remove tables from ACPI (which it doesn't know how to do anyway), so we simply don't add the tables in the first place. But, as we've been adding the tables for quite some time and don't want to change the default hardware exposed to versioned machines, then we only stop exposing the flash device tables for 5.1 and later machine types. Suggested-by: Ard Biesheuvel <ard.biesheuvel@arm.com> Suggested-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 20200629140938.17566-4-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03tests/acpi: virt: allow DSDT acpi table changesAndrew Jones1-0/+3
Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Message-id: 20200629140938.17566-3-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03tests/acpi: remove stale allowed tablesAndrew Jones1-18/+0
Fixes: 93dd625f8bf7 ("tests/acpi: update expected data files") Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Message-id: 20200629140938.17566-2-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03target/arm: kvm: Handle misconfigured dabt injectionBeata Michalska5-1/+124
Injecting external data abort through KVM might trigger an issue on kernels that do not get updated to include the KVM fix. For those and aarch32 guests, the injected abort gets misconfigured to be an implementation defined exception. This leads to the guest repeatedly re-running the faulting instruction. Add support for handling that case. [ Fixed-by: 018f22f95e8a ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests') Fixed-by: 21aecdbd7f3a ('KVM: arm: Make inject_abt32() inject an external abort instead') ] Signed-off-by: Beata Michalska <beata.michalska@linaro.org> Acked-by: Andrew Jones <drjones@redhat.com> Message-id: 20200629114110.30723-3-beata.michalska@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03target/arm: kvm: Handle DABT with no valid ISSBeata Michalska1-0/+52
On ARMv7 & ARMv8 some load/store instructions might trigger a data abort exception with no valid ISS info to be decoded. The lack of decode info makes it at least tricky to emulate those instruction which is one of the (many) reasons why KVM will not even try to do so. Add support for handling those by requesting KVM to inject external dabt into the quest. Signed-off-by: Beata Michalska <beata.michalska@linaro.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 20200629114110.30723-2-beata.michalska@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03hw/arm/virt: Let the virtio-iommu bypass MSIsEric Auger2-0/+37
At the moment the virtio-iommu translates MSI transactions. This behavior is inherited from ARM SMMU. The virt machine code knows where the guest MSI doorbells are so we can easily declare those regions as VIRTIO_IOMMU_RESV_MEM_T_MSI. With that setting the guest will not map MSIs through the IOMMU and those transactions will be simply bypassed. Depending on which MSI controller is in use (ITS or GICV2M), we declare either: - the ITS interrupt translation space (ITS_base + 0x10000), containing the GITS_TRANSLATOR or - The GICV2M single frame, containing the MSI_SETSP_NS register. Signed-off-by: Eric Auger <eric.auger@redhat.com> Message-id: 20200629070404.10969-6-eric.auger@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03virtio-iommu-pci: Add array of Interval propertiesEric Auger1-0/+11
The machine may need to pass reserved regions to the virtio-iommu-pci device (such as the MSI window on x86 or the MSI doorbells on ARM). So let's add an array of Interval properties. Note: if some reserved regions are already set by the machine code - which should be the case in general -, the length of the property array is already set and prevents the end-user from modifying them. For example, attempting to use: -device virtio-iommu-pci,\ len-reserved-regions=1,reserved-regions[0]=0xfee00000:0xfeefffff:1 would result in the following error message: qemu-system-aarch64: -device virtio-iommu-pci,addr=0xa, len-reserved-regions=1,reserved-regions[0]=0xfee00000:0xfeefffff:1: array size property len-reserved-regions may not be set more than once Otherwise, for example, adding two reserved regions is achieved using the following options: -device virtio-iommu-pci,addr=0xa,len-reserved-regions=2,\ reserved-regions[0]=0xfee00000:0xfeefffff:1,\ reserved-regions[1]=0x1000000:100ffff:1 Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Reviewed-by: Peter Xu <peterx@redhat.com> Message-id: 20200629070404.10969-5-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03virtio-iommu: Handle reserved regions in the translation processEric Auger1-0/+20
When translating an address we need to check if it belongs to a reserved virtual address range. If it does, there are 2 cases: - it belongs to a RESERVED region: the guest should neither use this address in a MAP not instruct the end-point to DMA on them. We report an error - It belongs to an MSI region: we bypass the translation. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 20200629070404.10969-4-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03virtio-iommu: Implement RESV_MEM probe requestEric Auger3-4/+93
This patch implements the PROBE request. At the moment, only THE RESV_MEM property is handled. The first goal is to report iommu wide reserved regions such as the MSI regions set by the machine code. On x86 this will be the IOAPIC MSI region, [0xFEE00000 - 0xFEEFFFFF], on ARM this may be the ITS doorbell. In the future we may introduce per device reserved regions. This will be useful when protecting host assigned devices which may expose their own reserved regions Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 20200629070404.10969-3-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03qdev: Introduce DEFINE_PROP_RESERVED_REGIONEric Auger4-0/+99
Introduce a new property defining a reserved region: <low address>:<high address>:<type>. This will be used to encode reserved IOVA regions. For instance, in virtio-iommu use case, reserved IOVA regions will be passed by the machine code to the virtio-iommu-pci device (an array of those). The type of the reserved region will match the virtio_iommu_probe_resv_mem subtype value: - VIRTIO_IOMMU_RESV_MEM_T_RESERVED (0) - VIRTIO_IOMMU_RESV_MEM_T_MSI (1) on PC/Q35 machine, this will be used to inform the virtio-iommu-pci device it should bypass the MSI region. The reserved region will be: 0xfee00000:0xfeefffff:1. On ARM, we can declare the ITS MSI doorbell as an MSI region to prevent MSIs from being mapped on guest side. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 20200629070404.10969-2-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03Select MDIO device 2 and 1 as PHY devices for i.MX6UL EVK board.Jean-Christophe Dubois1-0/+2
The i.MX6UL EVK 14x14 board uses: - PHY 2 for FEC 1 - PHY 1 for FEC 2 Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: fb41992126c091a71d76ab3d1898959091f60583.1593296112.git.jcd@tribudubois.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03Add the ability to select a different PHY for each i.MX6UL FEC interfaceJean-Christophe Dubois2-0/+12
Add properties to the i.MX6UL processor to be able to select a particular PHY on the MDIO bus for each FEC device. Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: ea1d604198b6b73ea6521676e45bacfc597aba53.1593296112.git.jcd@tribudubois.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03Add a phy-num property to the i.MX FEC emulatorJean-Christophe Dubois3-9/+20
We need a solution to use an Ethernet PHY that is not the first device on the MDIO bus (device 0 on MDIO bus). As an example with the i.MX6UL the NXP SOC has 2 Ethernet devices but only one MDIO bus on which the 2 related PHY are connected but at unique addresses. Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: a1a5c0e139d1c763194b8020573dcb6025daeefa.1593296112.git.jcd@tribudubois.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03Merge remote-tracking branch ↵Peter Maydell15-51/+9535
'remotes/alistair/tags/pull-riscv-to-apply-20200702-1' into staging This PR contains two patches to improve PLIC support in QEMU. It also contains one patch that fixes CLINT accesses for RISC-V. This fixes a regression for most RISC-V boards. The rest of the PR is adding support for the v0.7.1 RISC-V vector extensions. This is experimental support as the vector extensions are still in a draft state. This is a v2 pull request that has fixed the building on big endian machines failure. # gpg: Signature made Thu 02 Jul 2020 17:21:54 BST # gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054 # gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full] # Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054 * remotes/alistair/tags/pull-riscv-to-apply-20200702-1: (64 commits) target/riscv: configure and turn on vector extension from command line target/riscv: vector compress instruction target/riscv: vector register gather instruction target/riscv: vector slide instructions target/riscv: floating-point scalar move instructions target/riscv: integer scalar move instruction target/riscv: integer extract instruction target/riscv: vector element index instruction target/riscv: vector iota instruction target/riscv: set-X-first mask bit target/riscv: vmfirst find-first-set mask bit target/riscv: vector mask population count vmpopc target/riscv: vector mask-register logical instructions target/riscv: vector widening floating-point reduction instructions target/riscv: vector single-width floating-point reduction instructions target/riscv: vector wideing integer reduction instructions target/riscv: vector single-width integer reduction instructions target/riscv: narrowing floating-point/integer type-convert instructions target/riscv: widening floating-point/integer type-convert instructions target/riscv: vector floating-point/integer type-convert instructions ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03migration: Count new_dirty instead of real_dirtyKeqian Zhu2-7/+6
real_dirty_pages becomes equal to total ram size after dirty log sync in ram_init_bitmaps, the reason is that the bitmap of ramblock is initialized to be all set, so old path counts them as "real dirty" at beginning. This causes wrong dirty rate and false positive throttling. Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com> Message-Id: <20200622032037.31112-1-zhukeqian1@huawei.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-07-03migration: postcopy take proper error returnDr. David Alan Gilbert1-1/+1
This function returns a boolean success and we're returning -1; lets just use the 'out' error path. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Fixes: 58b7c17e226 ("Disable mlock around incoming postcopy") Buglink: https://bugs.launchpad.net/qemu/+bug/1885720 Message-Id: <20200701093557.130096-1-dgilbert@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-07-03virtiofsd: Allow addition or removal of capabilitiesDr. David Alan Gilbert3-2/+58
Allow capabilities to be added or removed from the allowed set for the daemon; e.g. default: CapPrm: 00000000880000df CapEff: 00000000880000df -o modcaps=+sys_admin CapPrm: 00000000882000df CapEff: 00000000882000df -o modcaps=+sys_admin:-chown CapPrm: 00000000882000de CapEff: 00000000882000de Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20200629115420.98443-4-dgilbert@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-07-03virtiofsd: Check capability callsDr. David Alan Gilbert1-3/+13
Check the capability calls worked. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> Message-Id: <20200629115420.98443-3-dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-07-03virtiofsd: Terminate capability listDr. David Alan Gilbert1-1/+3
capng_updatev is a varargs function that needs a -1 to terminate it, but it was missing. In practice what seems to have been happening is that it's added the capabilities we asked for, then runs into junk on the stack, so if we're unlucky it might be adding some more, but in reality it's failing - but after adding the capabilities we asked for. Fixes: a59feb483b8 ("virtiofsd: only retain file system capabilities") Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> Message-Id: <20200629115420.98443-2-dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-07-03Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-06-24' ↵Peter Maydell3-39/+2
into staging Block patches: - Two iotest fixes # gpg: Signature made Wed 24 Jun 2020 09:00:51 BST # gpg: using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40 # gpg: issuer "mreitz@redhat.com" # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full] # Primary key fingerprint: 91BE B60A 30DB 3E88 57D1 1829 F407 DB00 61D5 CF40 * remotes/maxreitz/tags/pull-block-2020-06-24: iotests: don't test qcow2.py inside 291 iotests: Fix 051 output after qdev_init_nofail() removal Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03Merge tag 's390-ccw-bios-2020-07-02' into s390-next-stagingCornelia Huck19-110/+116
* Source code clean-ups from Janosch # gpg: Signature made Thu 02 Jul 2020 11:56:01 AM CEST # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [undefined] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [undefined] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] * tag 's390-ccw-bios-2020-07-02': pc-bios/s390: Update s390-ccw bios binaries with the latest changes pc-bios/s390-ccw: Generate and include dependency files in the Makefile pc-bios: s390x: Make u32 ptr check explicit pc-bios: s390x: Use ebcdic2ascii table pc-bios: s390x: Move panic() into header and add infinite loop pc-bios: s390x: Use PSW masks where possible and introduce PSW_MASK_SHORT_ADDR pc-bios: s390x: Rename PSW_MASK_ZMODE to PSW_MASK_64 pc-bios: s390x: Get rid of magic offsets into the lowcore pc-bios: s390x: Move sleep and yield to helper.h pc-bios: s390x: Consolidate timing functions into time.h pc-bios: s390x: cio.c cleanup and compile fix Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-07-03s390x/pci: fix set_ind_atomicHalil Pasic1-7/+9
The atomic_cmpxchg() loop is broken because we occasionally end up with old and _old having different values (a legit compiler can generate code that accessed *ind_addr again to pick up a value for _old instead of using the value of old that was already fetched according to the rules of the abstract machine). This means the underlying CS instruction may use a different old (_old) than the one we intended to use if atomic_cmpxchg() performed the xchg part. Let us use volatile to force the rules of the abstract machine for accesses to *ind_addr. Let us also rewrite the loop so, we that the new old is used to compute the new desired value if the xchg part is not performed. Fixes: 8cba80c3a0 ("s390: Add PCI bus support") Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Halil Pasic <pasic@linux.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20200616045035.51641-3-pasic@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-07-03virtio-ccw: fix virtio_set_ind_atomicHalil Pasic1-8/+10
The atomic_cmpxchg() loop is broken because we occasionally end up with old and _old having different values (a legit compiler can generate code that accessed *ind_addr again to pick up a value for _old instead of using the value of old that was already fetched according to the rules of the abstract machine). This means the underlying CS instruction may use a different old (_old) than the one we intended to use if atomic_cmpxchg() performed the xchg part. Let us use volatile to force the rules of the abstract machine for accesses to *ind_addr. Let us also rewrite the loop so, we that the new old is used to compute the new desired value if the xchg part is not performed. Fixes: 7e7494627f ("s390x/virtio-ccw: Adapter interrupt support.") Reported-by: Andre Wild <Andre.Wild1@ibm.com> Signed-off-by: Halil Pasic <pasic@linux.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20200616045035.51641-2-pasic@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>