aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)AuthorFilesLines
2022-03-18hw/misc/npcm7xx_clk: Don't leak string in npcm7xx_clk_sel_init()Peter Maydell1-2/+2
In npcm7xx_clk_sel_init() we allocate a string with g_strdup_printf(). Use g_autofree so we free it rather than leaking it. (Detected with the clang leak sanitizer.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220308170302.2582820-1-peter.maydell@linaro.org
2022-03-18hw/dma/xlnx_csu_dma: Set TYPE_XLNX_CSU_DMA class_sizePeter Maydell1-0/+1
In commit 00f05c02f9e7342f we gave the TYPE_XLNX_CSU_DMA object its own class struct, but forgot to update the TypeInfo::class_size accordingly. This meant that not enough memory was allocated for the class struct, and the initialization of xcdc->read in the class init function wrote off the end of the memory. Add the missing line. Found by running 'check-qtest-aarch64' with a clang address-sanitizer build, which complains: ==2542634==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61000000ab00 at pc 0x559a20aebc29 bp 0x7fff97df74d0 sp 0x7fff97df74c8 WRITE of size 8 at 0x61000000ab00 thread T0 #0 0x559a20aebc28 in xlnx_csu_dma_class_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../hw/dma/xlnx_csu_dma.c:722:16 #1 0x559a21bf297c in type_initialize /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:365:9 #2 0x559a21bf3442 in object_class_foreach_tramp /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1070:5 #3 0x7f09bcb641b7 in g_hash_table_foreach (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x401b7) #4 0x559a21bf3c27 in object_class_foreach /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1092:5 #5 0x559a21bf3c27 in object_class_get_list /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1149:5 #6 0x559a2081a2fd in select_machine /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/vl.c:1661:24 #7 0x559a2081a2fd in qemu_create_machine /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/vl.c:2146:35 #8 0x559a2081a2fd in qemu_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/vl.c:3706:5 #9 0x559a20720ed5 in main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/main.c:49:5 #10 0x7f09baec00b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 #11 0x559a2067673d in _start (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/qemu-system-aarch64+0xf4b73d) 0x61000000ab00 is located 0 bytes to the right of 192-byte region [0x61000000aa40,0x61000000ab00) allocated by thread T0 here: #0 0x559a206eeff2 in calloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/qemu-system-aarch64+0xfc3ff2) #1 0x7f09bcb7bef0 in g_malloc0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57ef0) #2 0x559a21bf3442 in object_class_foreach_tramp /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1070:5 Fixes: 00f05c02f9e7342f ("hw/dma/xlnx_csu_dma: Support starting a read transfer through a class method") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20220308150207.2546272-1-peter.maydell@linaro.org
2022-03-15Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingPeter Maydell3-3/+11
* whpx fixes in preparation for GDB support (Ivan) * VSS header fixes (Marc-André) * 5-level EPT support (Vitaly) * AMX support (Jing Liu & Yang Zhong) * Bundle changes to MSI routes (Longpeng) * More precise emulation of #SS (Gareth) * Disable ASAN testing # gpg: Signature made Tue 15 Mar 2022 10:51:00 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (22 commits) gitlab-ci: do not run tests with address sanitizer KVM: SVM: always set MSR_AMD64_TSC_RATIO to default value i386: Add Icelake-Server-v6 CPU model with 5-level EPT support x86: Support XFD and AMX xsave data migration x86: add support for KVM_CAP_XSAVE2 and AMX state migration x86: Add AMX CPUIDs enumeration x86: Add XFD faulting bit for state components x86: Grant AMX permission for guest x86: Add AMX XTILECFG and XTILEDATA components x86: Fix the 64-byte boundary enumeration for extended state linux-headers: include missing changes from 5.17 target/i386: Throw a #SS when loading a non-canonical IST target/i386: only include bits in pg_mode if they are not ignored kvm/msi: do explicit commit when adding msi routes kvm-irqchip: introduce new API to support route change update meson-buildoptions.sh qga/vss: update informative message about MinGW qga/vss-win32: check old VSS SDK headers meson: fix generic location of vss headers vmxcap: Add 5-level EPT bit ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-15Merge tag 'pull-ppc-20220314' of https://github.com/legoater/qemu into stagingPeter Maydell5-124/+24
ppc-7.0 queue : * Removal of user-created PHB devices * Avocado fixes for --disable-tcg * Instruction and Radix MMU fixes # gpg: Signature made Mon 14 Mar 2022 15:16:07 GMT # gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1 # gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1 * tag 'pull-ppc-20220314' of https://github.com/legoater/qemu: ppc/pnv: Remove user-created PHB{3,4,5} devices ppc/pnv: Always create the PHB5 PEC devices ppc/pnv: Introduce a pnv-phb5 device to match root port ppc/xive2: Make type Xive2EndSource not user creatable target/ppc: fix xxspltw for big endian hosts target/ppc: fix ISI fault cause for Radix MMU avocado/ppc_virtex_ml507.py: check TCG accel in test_ppc_virtex_ml507() avocado/ppc_prep_40p.py: check TCG accel in all tests avocado/ppc_mpc8544ds.py: check TCG accel in test_ppc_mpc8544ds() avocado/ppc_bamboo.py: check TCG accel in test_ppc_bamboo() avocado/ppc_74xx.py: check TCG accel for all tests avocado/ppc_405.py: check TCG accel in test_ppc_ref405ep() avocado/ppc_405.py: remove test_ppc_taihu() avocado/boot_linux_console.py: check TCG accel in test_ppc_mac99() avocado/boot_linux_console.py: check TCG accel in test_ppc_g3beige() avocado/replay_kernel.py: make tcg-icount check in run_vm() avocado/boot_linux_console.py: check tcg accel in test_ppc64_e500 avocado/boot_linux_console.py: check for tcg in test_ppc_powernv8/9 qtest/meson.build: check CONFIG_TCG for boot-serial-test in qtests_ppc qtest/meson.build: check CONFIG_TCG for prom-env-test in qtests_ppc Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-15kvm/msi: do explicit commit when adding msi routesLongpeng(Mike)3-3/+11
We invoke the kvm_irqchip_commit_routes() for each addition to MSI route table, which is not efficient if we are adding lots of routes in some cases. This patch lets callers invoke the kvm_irqchip_commit_routes(), so the callers can decide how to optimize. [1] https://lists.gnu.org/archive/html/qemu-devel/2021-11/msg00967.html Signed-off-by: Longpeng <longpeng2@huawei.com> Message-Id: <20220222141116.2091-3-longpeng2@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15vdpa: Expose VHOST_F_LOG_ALL on SVQEugenio Pérez1-4/+35
SVQ is able to log the dirty bits by itself, so let's use it to not block migration. Also, ignore set and clear of VHOST_F_LOG_ALL on set_features if SVQ is enabled. Even if the device supports it, the reports would be nonsense because SVQ memory is in the qemu region. The log region is still allocated. Future changes might skip that, but this series is already long enough. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vdpa: Never set log_base addr if SVQ is enabledEugenio Pérez1-1/+2
Setting the log address would make the device start reporting invalid dirty memory because the SVQ vrings are located in qemu's memory. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vdpa: Adapt vhost_vdpa_get_vring_base to SVQEugenio Pérez1-0/+17
This is needed to achieve migration, so the destination can restore its index. Setting base as last used idx, so destination will see as available all the entries that the device did not use, including the in-flight processing ones. This is ok for networking, but other kinds of devices might have problems with these retransmissions. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vdpa: Add custom IOTLB translations to SVQEugenio Pérez3-30/+184
Use translations added in VhostIOVATree in SVQ. Only introduce usage here, not allocation and deallocation. As with previous patches, we use the dead code paths of shadow_vqs_enabled to avoid commiting too many changes at once. These are impossible to take at the moment. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vhost: Add VhostIOVATreeEugenio Pérez3-1/+138
This tree is able to look for a translated address from an IOVA address. At first glance it is similar to util/iova-tree. However, SVQ working on devices with limited IOVA space need more capabilities, like allocating IOVA chunks or performing reverse translations (qemu addresses to iova). The allocation capability, as "assign a free IOVA address to this chunk of memory in qemu's address space" allows shadow virtqueue to create a new address space that is not restricted by guest's addressable one, so we can allocate shadow vqs vrings outside of it. It duplicates the tree so it can search efficiently in both directions, and it will signal overlap if iova or the translated address is present in any tree. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vhost: Shadow virtqueue buffers forwardingEugenio Pérez3-11/+522
Initial version of shadow virtqueue that actually forward buffers. There is no iommu support at the moment, and that will be addressed in future patches of this series. Since all vhost-vdpa devices use forced IOMMU, this means that SVQ is not usable at this point of the series on any device. For simplicity it only supports modern devices, that expects vring in little endian, with split ring and no event idx or indirect descriptors. Support for them will not be added in this series. It reuses the VirtQueue code for the device part. The driver part is based on Linux's virtio_ring driver, but with stripped functionality and optimizations so it's easier to review. However, forwarding buffers have some particular pieces: One of the most unexpected ones is that a guest's buffer can expand through more than one descriptor in SVQ. While this is handled gracefully by qemu's emulated virtio devices, it may cause unexpected SVQ queue full. This patch also solves it by checking for this condition at both guest's kicks and device's calls. The code may be more elegant in the future if SVQ code runs in its own iocontext. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vdpa: adapt vhost_ops callbacks to svqEugenio Pérez1-7/+41
First half of the buffers forwarding part, preparing vhost-vdpa callbacks to SVQ to offer it. QEMU cannot enable it at this moment, so this is effectively dead code at the moment, but it helps to reduce patch size. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15virtio: Add vhost_svq_get_vring_addrEugenio Pérez2-0/+38
It reports the shadow virtqueue address from qemu virtual address space. Since this will be different from the guest's vaddr, but the device can access it, SVQ takes special care about its alignment & lack of garbage data. It assumes that IOMMU will work in host_page_size ranges for that. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vhost: Add vhost_svq_valid_features to shadow vqEugenio Pérez3-0/+61
This allows SVQ to negotiate features with the guest and the device. For the device, SVQ is a driver. While this function bypasses all non-transport features, it needs to disable the features that SVQ does not support when forwarding buffers. This includes packed vq layout, indirect descriptors or event idx. Future changes can add support to offer more features to the guest, since the use of VirtQueue gives this for free. This is left out at the moment for simplicity. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vhost: Add Shadow VirtQueue call forwarding capabilitiesEugenio Pérez3-2/+71
This will make qemu aware of the device used buffers, allowing it to write the guest memory with its contents if needed. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vhost: Add Shadow VirtQueue kick forwarding capabilitiesEugenio Pérez3-2/+211
At this mode no buffer forwarding will be performed in SVQ mode: Qemu will just forward the guest's kicks to the device. Host memory notifiers regions are left out for simplicity, and they will not be addressed in this series. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vhost: Add VhostShadowVirtqueueEugenio Pérez3-1/+91
Vhost shadow virtqueue (SVQ) is an intermediate jump for virtqueue notifications and buffers, allowing qemu to track them. While qemu is forwarding the buffers and virtqueue changes, it is able to commit the memory it's being dirtied, the same way regular qemu's VirtIO devices do. This commit only exposes basic SVQ allocation and free. Next patches of the series add functionality like notifications and buffers forwarding. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15virtio-net: fix map leaking on error during receiveJason Wang1-0/+1
Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg") tries to fix the use after free of the sg by caching the virtqueue elements in an array and unmap them at once after receiving the packets, But it forgot to unmap the cached elements on error which will lead to leaking of mapping and other unexpected results. Fixing this by detaching the cached elements on error. This addresses CVE-2022-26353. Reported-by: Victor Tom <vv474172261@gmail.com> Cc: qemu-stable@nongnu.org Fixes: CVE-2022-26353 Fixes: bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg") Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-14ppc/pnv: Remove user-created PHB{3,4,5} devicesCédric Le Goater4-117/+10
On a real system with POWER{8,9,10} processors, PHBs are sub-units of the processor, they can be deactivated by firmware but not plugged in or out like a PCI adapter on a slot. Nevertheless, having user-created PHBs in QEMU seemed to be a good idea for testing purposes : 1. having a limited set of PHBs speedups boot time. 2. it is useful to be able to mimic a partially broken topology you some time have to deal with during bring-up. PowerNV is also used for distro install tests and having libvirt support eases these tasks. libvirt prefers to run the machine with -nodefaults to be sure not to drag unexpected devices which would need to be defined in the domain file without being specified on the QEMU command line. For this reason : 3. -nodefaults should not include default PHBs User-created PHB{3,4,5} devices satisfied all these needs but reality proves to be a bit more complex, internally when modeling such devices, and externally when dealing with the user interface. Req 1. and 2. can be simply addressed differently with a machine option: "phb-mask=<uint>", which QEMU would use to enable/disable PHB device nodes when creating the device tree. For Req 3., we need to make sure we are taking the right approach. It seems that we should expose a new type of user-created PHB device, a generic virtualized one, that libvirt would use and not one depending on the processor revision. This needs more thinking. For now, remove user-created PHB{3,4,5} devices. All the cleanups we did are not lost and they will be useful for the next steps. Fixes: 5bc67b052b51 ("ppc/pnv: Introduce user creatable pnv-phb4 devices") Fixes: 1f6a88fffc75 ("ppc/pnv: Introduce support for user created PHB3 devices") Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20220314130514.529931-1-clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-14ppc/pnv: Always create the PHB5 PEC devicesFrederic Barrat1-3/+1
Always create the PECs (PCI Express Controller) for the system. The PECs host the PHBs and we try to find the matching PEC when creating a PHB, so it must exist. It also matches what we do on POWER9 Fixes: 623575e16cd5 ("ppc/pnv: Add model for POWER10 PHB5 PCIe Host bridge") Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> [ clg: - Rewored commit log - Removed dynamic PHB5 ] Message-Id: <20220310155101.294568-3-fbarrat@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-14ppc/pnv: Introduce a pnv-phb5 device to match root portFrederic Barrat2-4/+12
We already have the pnv-phb3 and pnv-phb4 devices for POWER8 and POWER9 respectively. POWER10 uses version 5 of the PHB. It is very close to the PHB4 from POWER9, at least in our model and we could almost keep using the PHB4 model. However the matching root port pnv-phb5-root-port is specific to POWER10 so to avoid confusion as well as making it easy to introduce differences later, we create a pnv-phb5 class, which is mostly an alias for pnv-phb4 for now. With this patch, the command line for a user-created PHB on powernv10 becomes: -machine powernv10 -nodefaults -device pnv-phb5 -device pnv-phb5-root-port Fixes: 623575e16cd5 ("ppc/pnv: Add model for POWER10 PHB5 PCIe Host bridge") Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20220310155101.294568-2-fbarrat@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-14ppc/xive2: Make type Xive2EndSource not user creatableCédric Le Goater1-0/+1
Xive2EndSource objects can only be instantiated through a Xive2Router (PnvXive2). Reported-by: Thomas Huth <thuth@redhat.com> Fixes: f8a233dedf25 ("ppc/xive2: Introduce a XIVE2 core framework") Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-14hw/nvram: at24 return 0xff if 1 byte addressPatrick Venture1-1/+6
The at24 eeproms are 2 byte devices that return 0xff when they are read from with a partial (1-byte) address written. This distinction was found comparing model behavior to real hardware testing. Tested: `i2ctransfer -f -y 45 w1@85 0 r1` returns 0xff instead of next byte Signed-off-by: Patrick Venture <venture@google.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20211220212137.1244511-1-venture@google.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-03-10Merge remote-tracking branch ↵Peter Maydell8-129/+389
'remotes/mcayland/tags/q800-updates-for-7.0-20220309' into staging q800-updates-for-7.0 queue # gpg: Signature made Wed 09 Mar 2022 10:57:07 GMT # gpg: using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F # gpg: issuer "mark.cave-ayland@ilande.co.uk" # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full] # Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F * remotes/mcayland/tags/q800-updates-for-7.0-20220309: (22 commits) esp: recreate ESPState current_req after migration esp: include the current PDMA callback in the migration stream esp: convert ESPState pdma_cb from a function pointer to an integer esp: introduce esp_pdma_cb() function esp: introduce esp_set_pdma_cb() function macfb: set initial value of mode control registers in macfb_common_realize() macfb: add VMStateDescription fields for display type and VBL timer macfb: increase number of registers saved in MacfbState macfb: don't use special irq_state and irq_mask variables in MacfbState macfb: add VMStateDescription for MacfbNubusState and MacfbSysBusState macio/pmu.c: remove redundant code mos6522: implement edge-triggering for CA1/2 and CB1/2 control line IRQs mac_via: make SCSI_DATA (DRQ) bit live rather than latched mos6522: record last_irq_levels in mos6522_set_irq() mos6522: add "info via" HMP command for debugging mos6522: add register names to register read/write trace events mos6522: use device_class_set_parent_reset() to propagate reset to parent mos6522: remove update_irq() and set_sr_int() methods from MOS6522DeviceClass mos6522: switch over to use qdev gpios for IRQs mac_via: use IFR bit flag constants for VIA2 IRQs ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-09Merge remote-tracking branch 'remotes/philmd/tags/pmbus-20220308' into stagingPeter Maydell5-13/+384
I²C / SMBus / PMBus patches - Add some Renesas models - Add Titus Rwantare to MAINTAINERS # gpg: Signature made Tue 08 Mar 2022 18:11:46 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd/tags/pmbus-20220308: hw/sensor: add Renesas raa228000 device hw/sensor: add Renesas raa229004 PMBus device hw/sensor: add Intersil ISL69260 device model hw/i2c: Added linear mode translation for pmbus devices hw/i2c: pmbus: update MAINTAINERS hw/i2c: pmbus: refactor uint handling hw/i2c: pmbus: add PEC unsupported warning hw/i2c: pmbus: fix error returns and guard against out of range accesses hw/i2c: pmbus: add registers Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-09Merge remote-tracking branch 'remotes/legoater/tags/pull-aspeed-20220308' ↵Peter Maydell6-47/+113
into staging aspeed queue: * Fix for a potential memory leak * Aspeed SMC cleanups on the definition of the number of flash devices * New bletchley-bmc machine, AST2600 based # gpg: Signature made Tue 08 Mar 2022 08:19:25 GMT # gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1 # gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1 * remotes/legoater/tags/pull-aspeed-20220308: hw: aspeed_gpio: Cleanup stray semicolon after switch hw/arm/aspeed: add Bletchley machine type hw/arm/aspeed: allow missing spi_model hw/block: m25p80: Add support for w25q01jvq aspeed/smc: Fix error log aspeed/smc: Let the SSI core layer define the bus name aspeed/smc: Rename 'max_peripherals' to 'cs_num_max' aspeed/smc: Remove 'num_cs' field aspeed: Rework aspeed_board_init_flashes() interface aspeed/smc: Use max number of CE instead of 'num_cs' aspeed: Fix a potential memory leak bug in write_boot_rom() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-09esp: recreate ESPState current_req after migrationMark Cave-Ayland1-0/+10
Since PDMA reads/writes are driven by the guest, it is possible that migration can occur whilst a SCSIRequest is still active. Fortunately active SCSIRequests are already included in the migration stream and restarted post migration but this still leaves the reference in ESPState uninitialised. Implement the SCSIBusInfo .load_request callback to obtain a reference to the currently active SCSIRequest and use it to recreate ESPState current_req after migration. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-11-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09esp: include the current PDMA callback in the migration streamMark Cave-Ayland1-0/+31
This involves (re)adding a PDMA-specific subsection to hold the reference to the current PDMA callback. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-10-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09esp: convert ESPState pdma_cb from a function pointer to an integerMark Cave-Ayland1-13/+31
This prepares for the inclusion of the current PDMA callback in the migration stream since the callback is referenced by an integer instead of a function pointer. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-9-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09esp: introduce esp_pdma_cb() functionMark Cave-Ayland1-2/+7
This function is to be used to execute the current PDMA callback rather than dereferencing the ESPState pdma_cb function pointer directly. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-8-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09esp: introduce esp_set_pdma_cb() functionMark Cave-Ayland1-7/+12
This function is to be used to set the current PDMA callback rather than accessing the ESPState pdma_cb function pointer directly. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-7-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macfb: set initial value of mode control registers in macfb_common_realize()Mark Cave-Ayland1-0/+8
If booting Linux directly in the q800 machine using -kernel rather than using a MacOS toolbox ROM, the mode control registers are never initialised, causing macfb_mode_write() to fail to determine the current resolution after migration. Resolve this by always setting the initial values of the mode control registers based upon the initial macfb properties during realize. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-6-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macfb: add VMStateDescription fields for display type and VBL timerMark Cave-Ayland1-0/+2
These fields are required in the migration stream to restore macfb state correctly. Note this is a migration break, but since there are upcoming incompatible changes for the q800 machine (and migration does not even succeed without these patches) then this is not an issue. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-5-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macfb: increase number of registers saved in MacfbStateMark Cave-Ayland1-0/+8
The MacOS toolbox ROM accesses a number of addresses between 0x0 and 0x200 during initialisation and resolution changes. Whilst the function of many of these registers is unknown, it is worth the minimal cost of saving these extra values as part of migration to help future-proof the migration stream for the q800 machine as it starts to stabilise. Note this is a migration break, but since there are upcoming incompatible changes for the q800 machine (and migration does not even succeed without these patches) then this is not an issue. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-4-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macfb: don't use special irq_state and irq_mask variables in MacfbStateMark Cave-Ayland1-8/+7
The current IRQ state and IRQ mask are handled exactly the same as standard register accesses, so store these values directly in the regs array rather than having separate variables for them. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-3-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macfb: add VMStateDescription for MacfbNubusState and MacfbSysBusStateMark Cave-Ayland1-2/+22
Currently when QEMU tries to migrate the macfb framebuffer it crashes randomly because the opaque provided by the DeviceClass vmsd property for both devices is set to MacfbState rather than MacfbNubusState or MacfbSysBusState as appropriate. Resolve the issue by adding new VMStateDescriptions for MacfbNubusState and MacfbSysBusState which embed the existing vmstate_macfb VMStateDescription within them using VMSTATE_STRUCT. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-2-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macio/pmu.c: remove redundant codeMark Cave-Ayland1-33/+0
Now that the logic related to edge-triggered interrupts is all contained within the mos6522 device the redundant implementation for the mac99 PMU device can be removed. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-13-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: implement edge-triggering for CA1/2 and CB1/2 control line IRQsMark Cave-Ayland3-12/+94
The mos6522 datasheet describes how the control lines IRQs are edge-triggered according to the configuration in the PCR register. Implement the logic according to the datasheet so that the interrupt bits in IFR are latched when the edge is detected, and cleared when reading portA/portB or writing to IFR as necessary. To maintain bisectibility this change also updates the SCSI, SCSI data, Nubus and VIA2 60Hz/1Hz clocks in the q800 machine to be negative edge-triggered as confirmed by the PCR programming in all of Linux, NetBSD and MacOS. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-12-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mac_via: make SCSI_DATA (DRQ) bit live rather than latchedMark Cave-Ayland1-1/+16
The VIA2 on the Q800 machine is not a separate chip as in older Macs but instead is integrated into the on-board logic. From analysing the SCSI routines in the MacOS toolbox ROM (and to a lesser extent NetBSD and Linux) the expectation seems to be that the SCSI_DATA (DRQ) bit is live on the Q800 and not latched. Fortunately we can use the recently introduced mos6522 last_irq_levels variable which tracks the edge-triggered state to return the SCSI_DATA (DRQ) bit live to the guest OS. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220305150957.5053-11-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: record last_irq_levels in mos6522_set_irq()Mark Cave-Ayland1-2/+9
To detect edge-triggered IRQs it is necessary to store the last state of each IRQ in a last_irq_levels bitmap. Note: this is a migration break for machines which use mos6522 instances which are g3beige/mac99 (PPC) and q800 (m68k). Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-10-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: add "info via" HMP command for debuggingMark Cave-Ayland1-0/+103
This displays detailed information about the device registers and timers to aid debugging problems with timers and interrupts. Currently the QAPI generators for HumanReadableText don't work correctly if used in qapi/target-misc.json when a non-specified target is built, so for now manually add a hmp_info_via() wrapper until direct support for per-device HMP/QMP commands is implemented. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-9-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: add register names to register read/write trace eventsMark Cave-Ayland2-5/+12
This helps to follow how the guest is programming the mos6522 when debugging. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220305150957.5053-8-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: use device_class_set_parent_reset() to propagate reset to parentMark Cave-Ayland4-5/+9
Switch from using a legacy approach to the more formal approach for propagating device reset to the parent. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-7-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: remove update_irq() and set_sr_int() methods from MOS6522DeviceClassMark Cave-Ayland1-9/+0
Now that the mos6522 IRQs are managed using standard qdev gpios these methods are no longer required. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-6-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: switch over to use qdev gpios for IRQsMark Cave-Ayland4-51/+29
For historical reasons each mos6522 instance implements its own setting and update of the IFR flag bits using methods exposed by MOS6522DeviceClass. As of today this is no longer required, and it is now possible to implement the mos6522 IRQs as standard qdev gpios. Switch over to use qdev gpios for the mos6522 device and update all instances accordingly. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-5-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09Merge remote-tracking branch 'remotes/philmd/tags/mips-20220308' into stagingPeter Maydell18-137/+113
MIPS patches queue - Fix CP0 cycle counter timing - Fix VMState of gt64120 IRQs - Long due PIIX4 QOM cleanups - ISA IRQ QOM'ification / cleanups # gpg: Signature made Tue 08 Mar 2022 18:39:42 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd/tags/mips-20220308: tests/avocado/linux_ssh_mips_malta.py: add missing accel (tcg) tag hw/isa: Inline and remove one-line isa_init_irq() hw/isa: Drop unused attributes from ISADevice hw/isa/isa-bus: Remove isabus_dev_print() hw/input/pckbd: QOM'ify IRQ numbers hw/rtc/m48t59-isa: QOM'ify IRQ number hw/rtc/mc146818rtc: QOM'ify IRQ number hw/mips/gt64xxx_pci: Resolve gt64120_register() hw/isa/piix4: Replace some magic IRQ constants hw/isa/piix4: Resolve global instance variable hw/isa/piix4: Pass PIIX4State as opaque parameter for piix4_set_irq() hw/isa/piix4: Resolve redundant i8259[] attribute malta: Move PCI interrupt handling from gt64xxx_pci to piix4 hw/mips/gt64xxx_pci: Fix PCI IRQ levels to be preserved during migration target/mips: Remove duplicated MIPSCPU::cp0_count_rate target/mips: Fix cycle counter timing calculations Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-08Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell31-153/+719
virtio,pc,pci: features, cleanups, fixes vhost-user enabled on non-linux systems beginning of nvme sriov support bigger tx queue for vdpa virtio iommu bypass FADT flag to detect legacy keyboards Fixes, cleanups all over the place Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Mon 07 Mar 2022 22:43:31 GMT # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: (47 commits) hw/acpi/microvm: turn on 8042 bit in FADT boot architecture flags if present tests/acpi: i386: update FACP table differences hw/acpi: add indication for i8042 in IA-PC boot flags of the FADT table tests/acpi: i386: allow FACP acpi table changes docs: vhost-user: add subsection for non-Linux platforms configure, meson: allow enabling vhost-user on all POSIX systems vhost: use wfd on functions setting vring call fd event_notifier: add event_notifier_get_wfd() pci: drop COMPAT_PROP_PCP for 2.0 machine types hw/smbios: Add table 4 parameter, "processor-id" x86: cleanup unused compat_apic_id_mode vhost-vsock: detach the virqueue element in case of error pc: add option to disable PS/2 mouse/keyboard acpi: pcihp: pcie: set power on cap on parent slot pci: expose TYPE_XIO3130_DOWNSTREAM name pci: show id info when pci BDF conflict hw/misc/pvpanic: Use standard headers instead headers: Add pvpanic.h pci-bridge/xio3130_downstream: Fix error handling pci-bridge/xio3130_upstream: Fix error handling ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # docs/specs/index.rst
2022-03-08hw/isa: Inline and remove one-line isa_init_irq()Bernhard Beschow15-22/+16
isa_init_irq() has become a trivial one-line wrapper for isa_get_irq(). It can therefore be removed. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> (tpm_tis_isa) Acked-by: Corey Minyard <cminyard@mvista.com> (isa_ipmi_bt, isa_ipmi_kcs) Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20220301220037.76555-8-shentey@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220307134353.1950-14-philippe.mathieu.daude@gmail.com> Reviewed-by: Bernhard Beschow <shentey@gmail.com>
2022-03-08hw/isa: Drop unused attributes from ISADeviceBernhard Beschow1-13/+0
Now that the last users of ISADevice::isairq[] have been resolved during the previous commits, it can be removed for good. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220301220037.76555-7-shentey@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220307134353.1950-13-philippe.mathieu.daude@gmail.com> Reviewed-by: Bernhard Beschow <shentey@gmail.com>
2022-03-08hw/isa/isa-bus: Remove isabus_dev_print()Bernhard Beschow1-16/+0
All isabus_dev_print() did was to print up to two IRQ numbers per device. This is redundant if the IRQ numbers are present as QOM properties (see e.g. the modified tests/qemu-iotests/172.out). Now that the last devices relying on isabus_dev_print() had their IRQ numbers QOM'ified, the contribution of this function ultimately became redundant. Remove it. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220301220037.76555-5-shentey@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220307134353.1950-12-philippe.mathieu.daude@gmail.com> Reviewed-by: Bernhard Beschow <shentey@gmail.com>