aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)AuthorFilesLines
2022-02-02Merge remote-tracking branch ↵Peter Maydell4-271/+240
'remotes/hdeller/tags/hppa-updates-pull-request' into staging Fixes and updates for hppa target This patchset fixes some important bugs in the hppa artist graphics driver: - Fix artist graphics for HP-UX and Linux - Mouse cursor fixes for HP-UX - Fix draw_line() function on artist graphic and it adds new qemu features for hppa: - Allow up to 16 emulated CPUs (instead of 8) - Add support for an emulated TOC/NMI button A new Seabios-hppa firmware is included as well: - Update SeaBIOS-hppa to VERSION 3 - New opt/hostid fw_cfg option to change hostid - Add opt/console fw_cfg option to select default console - Added 16x32 font to STI firmware Signed-off-by: Helge Deller <deller@gmx.de> # gpg: Signature made Wed 02 Feb 2022 18:08:34 GMT # gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F # gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown] # gpg: aka "Helge Deller <deller@kernel.org>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603 # Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F * remotes/hdeller/tags/hppa-updates-pull-request: hw/display/artist: Fix draw_line() artefacts hw/display/artist: Mouse cursor fixes for HP-UX hw/display/artist: rewrite vram access mode handling hppa: Add support for an emulated TOC/NMI button. hw/hppa: Allow up to 16 emulated CPUs seabios-hppa: Update SeaBIOS-hppa to VERSION 3 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-02-02hw/display/artist: Fix draw_line() artefactsSven Schnelle1-2/+3
The draw_line() function left artefacts on the screen because it was using the x/y variables which were incremented in the loop before. Fix it by using the unmodified x1/x2 variables instead. Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: Helge Deller <deller@gmx.de> Cc: qemu-stable@nongnu.org Signed-off-by: Helge Deller <deller@gmx.de>
2022-02-02hw/display/artist: Mouse cursor fixes for HP-UXHelge Deller1-8/+34
This patch fix the behaviour and positioning of the X11 mouse cursor in HP-UX. The current code missed to subtract the offset of the CURSOR_CTRL register from the current mouse cursor position. The HP-UX graphics driver stores in this register the offset of the mouse graphics compared to the current cursor position. Without this adjustment the mouse behaves strange at the screen borders. Additionally, depending on the HP-UX version, the mouse cursor position in the cursor_pos register reports different values. To accommodate this track the current min and max reported values and auto-adjust at runtime. With this fix the mouse now behaves as expected on HP-UX 10 and 11. Signed-off-by: Helge Deller <deller@gmx.de> Cc: qemu-stable@nongnu.org Signed-off-by: Helge Deller <deller@gmx.de>
2022-02-02hw/display/artist: rewrite vram access mode handlingSven Schnelle2-258/+166
When writing this code it was assumed that register 0x118000 is the buffer access mode for color map accesses. It turned out that this is wrong. Instead register 0x118000 sets both src and dst buffer access mode at the same time. This required a larger rewrite of the code. The good thing is that both the linear framebuffer and the register based vram access can now be combined into one function. This makes the linux 'stifb' framebuffer work, and both HP-UX 10.20 and HP-UX 11.11 are still working. Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: Helge Deller <deller@gmx.de> Cc: qemu-stable@nongnu.org Signed-off-by: Helge Deller <deller@gmx.de>
2022-02-02hppa: Add support for an emulated TOC/NMI button.Helge Deller1-1/+34
Almost all PA-RISC machines have either a button that is labeled with 'TOC' or a BMC/GSP function to trigger a TOC. TOC is a non-maskable interrupt that is sent to the processor. This can be used for diagnostic purposes like obtaining a stack trace/register dump or to enter KDB/KGDB in Linux. This patch adds support for such an emulated TOC button. It wires up the qemu monitor "nmi" command to trigger a TOC. For that it provides the hppa_nmi function which is assigned to the nmi_monitor_handler function pointer. When called it raises the EXCP_TOC hardware interrupt in the hppa_cpu_do_interrupt() function. The interrupt function then calls the architecturally defined TOC function in SeaBIOS-hppa firmware (at fixed address 0xf0000000). According to the PA-RISC PDC specification, the SeaBIOS firmware then writes the CPU registers into PIM (processor internal memmory) for later analysis. In order to write all registers it needs to know the contents of the CPU "shadow registers" and the IASQ- and IAOQ-back values. The IAOQ/IASQ values are provided by qemu in shadow registers when entering the SeaBIOS TOC function. This patch adds a new aritificial opcode "getshadowregs" (0xfffdead2) which restores the original values of the shadow registers. With this opcode SeaBIOS can store those registers as well into PIM before calling an OS-provided TOC handler. To trigger a TOC, switch to the qemu monitor with Ctrl-A C, and type in the command "nmi". After the TOC started the OS-debugger, exit the qemu monitor with Ctrl-A C. Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-02-02hw/hppa: Allow up to 16 emulated CPUsHelge Deller1-2/+3
This brings the hppa_hardware.h file in sync with the copy in the SeaBIOS-hppa sources. In order to support up to 16 CPUs, it's required to move the HPA for MEMORY_HPA out of the address space of the new 16th CPU. The new address of 0xfffff000 worked well for Linux and HP-UX, while other addresses close to the former 0xfffbf000 area are used by the architecture for local and global broadcasts. The PIM_STORAGE_SIZE constant is used in SeaBIOS sources and is relevant for the TOC/NMI feature. Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-01-31Merge remote-tracking branch 'remotes/legoater/tags/pull-ppc-20220130' into ↵Peter Maydell7-22/+44
staging ppc 7.0 queue: * Exception and TLB fixes for the 405 CPU (Fabiano and Cedric) * spapr fixes (Alexey and Daniel) * PowerNV PHB3/4 fixes (Frederic and Daniel) * PowerNV XIVE improvements (Cedric) * 603 CPUs fixes (Christophe) * Book-E exception fixes (Vitaly) * Misc compile issues (Philippe and Fabiano) * Exception model rework for the BookS CPUs (Fabiano) * Exception model rework for the 74xx CPUs (Fabiano) * Removal of 602 CPUs # gpg: Signature made Sun 30 Jan 2022 17:42:23 GMT # gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1 # gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1 * remotes/legoater/tags/pull-ppc-20220130: (41 commits) target/ppc: Remove support for the PowerPC 602 CPU target/ppc: 74xx: Set SRRs directly in exception code target/ppc: 74xx: System Reset interrupt cleanup target/ppc: 74xx: System Call exception cleanup target/ppc: 74xx: Program exception cleanup target/ppc: 74xx: External interrupt cleanup target/ppc: 74xx: Machine Check exception cleanup target/ppc: Simplify powerpc_excp_74xx target/ppc: Introduce powerpc_excp_74xx target/ppc: books: Program exception cleanup target/ppc: books: External interrupt cleanup target/ppc: books: Machine Check exception cleanup target/ppc: Simplify powerpc_excp_books target/ppc: Introduce powerpc_excp_books target/ppc: 405: Watchdog timer exception cleanup target/ppc: 405: Program exception cleanup target/ppc: 405: Instruction storage interrupt cleanup target/ppc: 405: Data Storage exception cleanup target/ppc: 405: Debug exception cleanup target/ppc: 405: Alignment exception cleanup ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-29Merge remote-tracking branch ↵Peter Maydell23-30/+0
'remotes/quintela-gitlab/tags/migration-20220128-pull-request' into staging Migration Pull request (Take 2) Hi This time I have disabled vmstate canary patches form Dave Gilbert. Let's see if it works. Later, Juan. # gpg: Signature made Fri 28 Jan 2022 18:30:25 GMT # gpg: using RSA key 1899FF8EDEBF58CCEE034B82F487EF185872D723 # gpg: Good signature from "Juan Quintela <quintela@redhat.com>" [full] # gpg: aka "Juan Quintela <quintela@trasno.org>" [full] # Primary key fingerprint: 1899 FF8E DEBF 58CC EE03 4B82 F487 EF18 5872 D723 * remotes/quintela-gitlab/tags/migration-20220128-pull-request: (36 commits) migration: Move temp page setup and cleanup into separate functions migration: Simplify unqueue_page() migration: Add postcopy_has_request() migration: Enable UFFD_FEATURE_THREAD_ID even without blocktime feat migration: No off-by-one for pss->page update in host page size migration: Tally pre-copy, downtime and post-copy bytes independently migration: Introduce ram_transferred_add() migration: Don't return for postcopy_send_discard_bm_ram() migration: Drop return code for disgard ram process migration: Do chunk page in postcopy_each_ram_send_discard() migration: Drop postcopy_chunk_hostpages() migration: Don't return for postcopy_chunk_hostpages() migration: Drop dead code of ram_debug_dump_bitmap() migration/ram: clean up unused comment. migration: Report the error returned when save_live_iterate fails migration/migration.c: Remove the MIGRATION_STATUS_ACTIVE when migration finished migration/migration.c: Avoid COLO boot in postcopy migration migration/migration.c: Add missed default error handler for migration state Remove unnecessary minimum_version_id_old fields multifd: Rename pages_used to normal_pages ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28Merge remote-tracking branch ↵Peter Maydell37-54/+3967
'remotes/pmaydell/tags/pull-target-arm-20220128' into staging target-arm queue: * Update copyright dates to 2022 * hw/armv7m: Fix broken VMStateDescription * hw/char/exynos4210_uart: Fix crash on trying to load VM state * rtc: Move RTC function prototypes to their own header * xlnx-versal-virt: Support PMC SLCR * xlnx-versal-virt: Support OSPI flash memory controller * scripts: Explain the difference between linux-headers and standard-headers * target/arm: Log CPU index in 'Taking exception' log * arm_gicv3_its: Various bugfixes and cleanups * arm_gicv3_its: Implement the missing MOVI and MOVALL commands * ast2600: Fix address mapping of second SPI controller * target/arm: Use correct entrypoint for SVC taken from Hyp to Hyp # gpg: Signature made Fri 28 Jan 2022 15:29:36 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20220128: (32 commits) target/arm: Use correct entrypoint for SVC taken from Hyp to Hyp hw/arm: ast2600: Fix address mapping of second SPI controller hw/intc/arm_gicv3_its: Implement MOVI hw/intc/arm_gicv3_its: Implement MOVALL hw/intc/arm_gicv3_its: Check table bounds against correct limit hw/intc/arm_gicv3_its: Make GITS_BASER<n> RAZ/WI for unimplemented registers hw/intc/arm_gicv3_its: Provide read accessor for translation_ops hw/intc/arm_gicv3: Set GICR_CTLR.CES if LPIs are supported hw/intc/arm_gicv3_redist: Remove unnecessary zero checks hw/intc/arm_gicv3_its: Sort ITS command list into numeric order hw/intc/arm_gicv3: Honour GICD_CTLR.EnableGrp1NS for LPIs hw/intc/arm_gicv3_its: Don't clear GITS_CWRITER on writes to GITS_CBASER hw/intc/arm_gicv3_its: Don't clear GITS_CREADR when GITS_CTLR.ENABLED is set hw/intc/arm_gicv3: Initialise dma_as in GIC, not ITS hw/intc/arm_gicv3_its: Add tracepoints target/arm: Log CPU index in 'Taking exception' log scripts: Explain the difference between linux-headers and standard-headers MAINTAINERS: Remove myself (for raspi). MAINTAINERS: Add an entry for Xilinx Versal OSPI hw/arm/xlnx-versal-virt: Connect mt35xu01g flashes to the OSPI ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28Remove unnecessary minimum_version_id_old fieldsPeter Maydell23-30/+0
The migration code will not look at a VMStateDescription's minimum_version_id_old field unless that VMSD has set the load_state_old field to something non-NULL. (The purpose of minimum_version_id_old is to specify what migration version is needed for the code in the function pointed to by load_state_old to be able to handle it on incoming migration.) We have exactly one VMSD which still has a load_state_old, in the PPC CPU; every other VMSD which sets minimum_version_id_old is doing so unnecessarily. Delete all the unnecessary ones. Commit created with: sed -i '/\.minimum_version_id_old/d' $(git grep -l '\.minimum_version_id_old') with the one legitimate use then hand-edited back in. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com> --- It missed vmstate_ppc_cpu.
2022-01-28hw/arm: ast2600: Fix address mapping of second SPI controllerCédric Le Goater1-1/+1
Address should be 0x1E631000 and not 0x1E641000 as initially introduced. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/838 Fixes: f25c0ae1079d ("aspeed/soc: Add AST2600 support") Suggested-by: Troy Lee <troy_lee@aspeedtech.com> Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220126083520.4135713-1-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28hw/intc/arm_gicv3_its: Implement MOVIPeter Maydell3-0/+215
Implement the ITS MOVI command. This command specifies a (physical) LPI by DeviceID and EventID and provides a new ICID for it. The ITS must find the interrupt translation table entry for the LPI, which will tell it the old ICID. It then moves the pending state of the LPI from the old redistributor to the new one and updates the ICID field in the translation table entry. This is another GICv3 ITS command that we forgot to implement. Linux does use this one, but only if the guest powers off one of its CPUs. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-15-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3_its: Implement MOVALLPeter Maydell3-0/+125
Implement the ITS MOVALL command, which takes all the pending interrupts on a source redistributor and makes the not-pending on that source redistributor and pending on a destination redistributor. This is a GICv3 ITS command which we forgot to implement. (It is not used by Linux guests.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-14-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3_its: Check table bounds against correct limitPeter Maydell1-9/+9
Currently when we fill in a TableDesc based on the value the guest has written to the GITS_BASER<n> register, we calculate both: * num_entries : the number of entries in the table, constrained by the amount of memory the guest has given it * num_ids : the number of IDs we support for this table, constrained by the implementation choices and the architecture (eg DeviceIDs are 16 bits, so num_ids is 1 << 16) When validating ITS commands, however, we check only num_ids, thus allowing a broken guest to specify table entries that index off the end of it. This will only corrupt guest memory, but the ITS is supposed to reject such commands as invalid. Instead of calculating both num_entries and num_ids, set num_entries to the minimum of the two limits, and check that. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-13-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3_its: Make GITS_BASER<n> RAZ/WI for unimplemented registersPeter Maydell1-0/+8
The ITS has a bank of 8 GITS_BASER<n> registers, which allow the guest to specify the base address of various data tables. Each register has a read-only type field indicating which table it is for and a read-write field where the guest can write in the base address (among other things). We currently allow the guest to write the writeable fields for all eight registers, even if the type field is 0 indicating "Unimplemented". This means the guest can provoke QEMU into asserting by writing an address into one of these unimplemented base registers, which bypasses the "if (!value) continue" check in extract_table_params() and lets us hit the assertion that the type field is one of the permitted table types. Prevent the assertion by not allowing the guest to write to the unimplemented base registers. This means their value will remain 0 and extract_table_params() will ignore them. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-12-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3_its: Provide read accessor for translation_opsPeter Maydell1-0/+13
The MemoryRegionOps gicv3_its_translation_ops currently provides only a .write_with_attrs function, because the only register in this region is the write-only GITS_TRANSLATER. However, if you don't provide a read function and the guest tries reading from this memory region, QEMU will crash because memory_region_read_with_attrs_accessor() calls a NULL pointer. Add a read function which always returns 0, to cover both bogus attempts to read GITS_TRANSLATER and also reads from the rest of the region, which is documented to be reserved, RES0. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-11-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3: Set GICR_CTLR.CES if LPIs are supportedPeter Maydell2-0/+5
The GICR_CTLR.CES bit is a read-only bit which is set to 1 to indicate that the GICR_CTLR.EnableLPIs bit can be written to 0 to disable LPIs (as opposed to allowing LPIs to be enabled but not subsequently disabled). Our implementation permits this, so advertise it by setting CES to 1. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-10-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3_redist: Remove unnecessary zero checksPeter Maydell1-5/+3
The ITS-related parts of the redistributor code make some checks for whether registers like GICR_PROPBASER and GICR_PENDBASER are zero. There is no requirement in the specification for treating zeroes in these address registers specially -- they contain guest physical addresses and it is entirely valid (if unusual) for the guest to choose to put the tables they address at guest physical address zero. We use these values only to calculate guest addresses, and attempts by the guest to use a bad address will be handled by the address_space_* functions which we use to do the loads and stores. Remove the unnecessary checks. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-9-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3_its: Sort ITS command list into numeric orderPeter Maydell1-5/+5
The list of #defines for the ITS command packet numbers is neither in alphabetical nor numeric order. Sort it into numeric order. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-8-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3: Honour GICD_CTLR.EnableGrp1NS for LPIsPeter Maydell1-0/+1
The GICD_CTLR distributor register has enable bits which control whether the different interrupt groups (Group 0, Non-secure Group 1 and Secure Group 1) are forwarded to the CPU. We get this right for traditional interrupts, but forgot to account for it when adding LPIs. LPIs are always Group 1 NS and if the EnableGrp1NS bit is not set we must not forward them to the CPU. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-7-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3_its: Don't clear GITS_CWRITER on writes to GITS_CBASERPeter Maydell1-3/+0
The ITS specification says that when the guest writes to GITS_CBASER this causes GITS_CREADR to be cleared. However it does not have an equivalent clause for GITS_CWRITER. (This is because GITS_CREADR is read-only, but GITS_CWRITER is writable and the guest can initialize it.) Remove the code that clears GITS_CWRITER on GITS_CBASER writes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-6-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3_its: Don't clear GITS_CREADR when GITS_CTLR.ENABLED is setPeter Maydell1-1/+0
The current ITS code clears GITS_CREADR when GITS_CTLR.ENABLED is set. This is not correct -- guest code can validly clear ENABLED and then set it again and expect the ITS to continue processing where it left off. Remove the erroneous assignment. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-5-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3: Initialise dma_as in GIC, not ITSPeter Maydell2-3/+5
In our implementation, all ITSes connected to a GIC share a single AddressSpace, which we keep in the GICv3State::dma_as field and initialized based on the GIC's 'sysmem' property. The right place to set it up by calling address_space_init() is therefore in the GIC's realize method, not the ITS's realize. This fixes a theoretical bug where QEMU hangs on startup if the board model creates two ITSes connected to the same GIC -- we would call address_space_init() twice on the same AddressSpace*, which creates an infinite loop in the QTAILQ that softmmu/memory.c uses to store its list of AddressSpaces and causes any subsequent attempt to iterate through that list to loop forever. There aren't any board models like that in the tree at the moment, though. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-4-peter.maydell@linaro.org
2022-01-28hw/intc/arm_gicv3_its: Add tracepointsPeter Maydell2-0/+19
The ITS currently has no tracepoints; add a minimal set that allows basic monitoring of guest register accesses and reading of commands from the command queue. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220122182444.724087-3-peter.maydell@linaro.org
2022-01-28hw/arm/xlnx-versal-virt: Connect mt35xu01g flashes to the OSPIFrancisco Iglesias1-0/+23
Connect Micron Xccela mt35xu01g flashes to the OSPI flash memory controller. Signed-off-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20220121161141.14389-10-francisco.iglesias@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28hw/block/m25p80: Add support for Micron Xccela flash mt35xu01gFrancisco Iglesias1-0/+2
Add support for Micron Xccela flash mt35xu01g. Signed-off-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20220121161141.14389-9-francisco.iglesias@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28hw/arm/xlnx-versal: Connect the OSPI flash memory controller modelFrancisco Iglesias1-0/+93
Connect the OSPI flash memory controller model (including the source and destination DMA). Signed-off-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20220121161141.14389-8-francisco.iglesias@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28hw/ssi: Add a model of Xilinx Versal's OSPI flash memory controllerFrancisco Iglesias2-0/+1854
Add a model of Xilinx Versal's OSPI flash memory controller. Signed-off-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20220121161141.14389-7-francisco.iglesias@xilinx.com [PMM: fixed indent] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28hw/dma/xlnx_csu_dma: Support starting a read transfer through a class methodFrancisco Iglesias1-0/+17
An option on real hardware when embedding a DMA engine into a peripheral is to make the peripheral control the engine through a custom DMA control (hardware) interface between the two. Software drivers in this scenario configure and trigger DMA operations through the controlling peripheral's register API (for example, writing a specific bit in a register could propagate down to a transfer start signal on the DMA control interface). At the same time the status, results and interrupts for the transfer might still be intended to be read and caught through the DMA engine's register API (and signals). This patch adds a class 'read' method for allowing to start read transfers from peripherals embedding and controlling the Xilinx CSU DMA engine as in above scenario. Signed-off-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20220121161141.14389-6-francisco.iglesias@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28hw/arm/xlnx-versal: Connect Versal's PMC SLCRFrancisco Iglesias1-1/+70
Connect Versal's PMC SLCR (system-level control registers) model. Signed-off-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20220121161141.14389-4-francisco.iglesias@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28hw/arm/xlnx-versal: 'Or' the interrupts from the BBRAM and RTC modelsFrancisco Iglesias2-3/+27
Add an orgate and 'or' the interrupts from the BBRAM and RTC models. Signed-off-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20220121161141.14389-3-francisco.iglesias@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28hw/misc: Add a model of Versal's PMC SLCRFrancisco Iglesias2-1/+1450
Add a model of Versal's PMC SLCR (system-level control registers). Signed-off-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20220121161141.14389-2-francisco.iglesias@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28rtc: Move RTC function prototypes to their own headerPeter Maydell20-20/+20
softmmu/rtc.c defines two public functions: qemu_get_timedate() and qemu_timedate_diff(). Currently we keep the prototypes for these in qemu-common.h, but most files don't need them. Move them to their own header, a new include/sysemu/rtc.h. Since the C files using these two functions did not need to include qemu-common.h for any other reason, we can remove those include lines when we add the include of the new rtc.h. The license for the .h file follows that of the softmmu/rtc.c where both the functions are defined. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-01-28hw/char/exynos4210_uart: Fix crash on trying to load VM statePeter Maydell1-1/+1
The exynos4210_uart_post_load() function assumes that it is passed the Exynos4210UartState, but it has been attached to the VMStateDescription for the Exynos4210UartFIFO type. The result is a SIGSEGV when attempting to load VM state for any machine type including this device. Fix the bug by attaching the post-load function to the VMSD for the Exynos4210UartState. This is the logical place for it, because the actions it does relate to the entire UART state, not just the FIFO. Thanks to the bug reporter @TrungNguyen1909 for the clear bug description and the suggested fix. Fixes: c9d3396d80fe7ece9b ("hw/char/exynos4210_uart: Implement post_load function") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/638 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220120151648.433736-1-peter.maydell@linaro.org
2022-01-28hw/armv7m: Fix broken VMStateDescriptionPeter Maydell1-2/+2
In commit d5093d961585f02 we added a VMStateDescription to the TYPE_ARMV7M object, to handle migration of its Clocks. However a cut-and-paste error meant we used the wrong struct name in the VMSTATE_CLOCK() macro arguments. The result was that attempting a 'savevm' might result in an assertion failure. Cc: qemu-stable@nongnu.org Buglink: https://gitlab.com/qemu-project/qemu/-/issues/803 Fixes: d5093d961585f02 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Ani Sinha <ani@anisinha.ca> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220120151609.433555-1-peter.maydell@linaro.org
2022-01-28Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell3-6/+13
staging * configure and meson fixes * "meson test" switch for iotests * deprecation of old SGX QAPI * unexport InterruptStatsProviderClass-related functions # gpg: Signature made Fri 28 Jan 2022 10:13:36 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: configure: fix parameter expansion of --cross-cc-cflags options qapi: Cleanup SGX related comments and restore @section-size check-block: replace -makecheck with TAP output qemu-iotests: require at least an argument to check-block.sh build: make check-block a meson test scripts/mtest2make: add support for SPEED=thorough check-block.sh: passthrough -jN flag of make to -j N flag of check meson: Use find_program() to resolve the entitlement.sh script exec/cpu: Make host pages variables / macros 'target agnostic' meson.build: Use a function from libfdt 1.5.1 for the library check intc: Unexport InterruptStatsProviderClass-related functions docker: add msitools to Fedora/mingw cross build-sys: fix undefined ARCH error build-sys: fix a meson deprecation warning Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-01-28hw/ppc/vof: Add missing includesPhilippe Mathieu-Daudé1-1/+0
vof.h requires "qom/object.h" for DECLARE_CLASS_CHECKERS(), "exec/memory.h" for address_space_read/write(), "exec/address-spaces.h" for address_space_memory and more importantly "cpu.h" for target_ulong. vof.c doesn't need "exec/ram_addr.h". Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220122003104.84391-1-f4bug@amsat.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-28spapr.c: check bus != NULL in spapr_get_fw_dev_path()Daniel Henrique Barboza1-1/+1
spapr_get_fw_dev_path() is an impl of FWPathProviderClass::get_dev_path(). This interface is used by hw/core/qdev-fw.c via fw_path_provider_try_get_dev_path() in two functions: - static char *qdev_get_fw_dev_path_from_handler(), which is used only in qdev_get_fw_dev_path_helper() and it's guarded by "if (dev && dev->parent_bus)"; - char *qdev_get_own_fw_dev_path_from_handler(), which is used in softmmu/bootdevice.c in get_boot_device_path() like this: if (dev) { d = qdev_get_own_fw_dev_path_from_handler(dev->parent_bus, dev); This means that, when called via softmmu/bootdevice.c, there's no check of 'dev->parent_bus' being not NULL. The result is that the "BusState *bus" arg of spapr_get_fw_dev_path() can potentially be NULL and if, at the same time, "SCSIDevice *d" is not NULL, we'll hit this line: void *spapr = CAST(void, bus->parent, "spapr-vscsi"); And we'll SIGINT because 'bus' is NULL and we're accessing bus->parent. Adding a simple 'bus != NULL' check to guard the instances where we access 'bus->parent' can avoid this altogether. Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20220121213852.30243-1-danielhb413@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-28ppc/xive: check return value of ldq_be_dma()Cédric Le Goater1-4/+18
The ldq_be_dma() routine was recently changed to return a result of the transaction. Use it when loading the virtual structure descriptors in the XIVE PowerNV model. Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20220124081635.3672439-1-clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-28ppc/pnv: use a do-while() loop in pnv_phb4_translate_tve()Daniel Henrique Barboza1-2/+4
pnv_phb4_translate_tve() is quite similar to pnv_phb3_translate_tve(), and that includes the fact that 'taddr' can be considered uninitialized when throwing the "TCE access fault" error because, in theory, the loop that sets 'taddr' can be skippable due to 'lev' being an signed int. No one complained about this specific case yet, but since we took the time to handle the same situtation in pnv_phb3_translate_tve(), let's replicate it here as well. Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Matheus Ferst <matheus.ferst@eldorado.org.br> Message-Id: <20220127122234.842145-3-danielhb413@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-28ppc/pnv: use a do-while() loop in pnv_phb3_translate_tve()Daniel Henrique Barboza1-2/+4
The 'taddr' variable is left unintialized, being set only inside the "while ((lev--) >= 0)" loop where we get the TCE address. The 'lev' var is an int32_t that is being initiliazed by the GETFIELD() macro, which returns an uint64_t. For a human reader this means that 'lev' will always be positive or zero. But some compilers may beg to differ. 'lev' being an int32_t can in theory be set as negative, and the "while ((lev--) >= 0)" loop might never be reached, and 'taddr' will be left unitialized. This can cause phb3_error() to use 'taddr' uninitialized down below: if ((is_write & !(tce & 2)) || ((!is_write) && !(tce & 1))) { phb3_error(phb, "TCE access fault at 0x%"PRIx64, taddr); A quick way of fixing it is to use a do/while() loop. This will keep the same semanting as the existing while() loop does and the compiler will understand that 'taddr' will be initialized at least once. Suggested-by: Matheus K. Ferst <matheus.ferst@eldorado.org.br> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/573 Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20220127122234.842145-2-danielhb413@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-28ppc/pnv: Fail DMA access if page permissions are not correctFrederic Barrat2-10/+12
If an iommu page has wrong permissions, an error message is displayed, but the access is allowed, which is odd. This patch fixes it. Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20220121152350.381685-1-fbarrat@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-28spapr: Force 32bit when resetting a coreAlexey Kardashevskiy2-2/+5
"PowerPC Processor binding to IEEE 1275" says in "8.2.1. Initial Register Values" that the initial state is defined as 32bit so do it for both SLOF and VOF. This should not cause behavioral change as SLOF switches to 64bit very early anyway. As nothing enforces LE anywhere, this drops it for VOF. The goal is to make VOF work with TCG as otherwise it barfs with qemu: fatal: TCG hflags mismatch (current:0x6c000004 rebuilt:0x6c000000) Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20220107072423.2278113-1-aik@ozlabs.ru> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-01-28qapi: Cleanup SGX related comments and restore @section-sizeYang Zhong1-2/+9
The SGX NUMA patches were merged into Qemu 7.0 release, we need clarify detailed version history information and also change some related comments, which make SGX related comments clearer. The QMP command schema promises backwards compatibility as standard. We temporarily restore "@section-size", which can avoid incompatible API breakage. The "@section-size" will be deprecated in 7.2 version. Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220120223104.437161-1-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-01-27xen-mapcache: Avoid entry->lock overflowRoss Lagerwall1-1/+7
In some cases, a particular mapcache entry may be mapped 256 times causing the lock field to wrap to 0. For example, this may happen when using emulated NVME and the guest submits a large scatter-gather write. At this point, the entry map be remapped causing QEMU to write the wrong data or crash (since remap is not atomic). Avoid this overflow by increasing the lock field to a uint32_t and also detect it and abort rather than continuing regardless. Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com> Reviewed-by: Paul Durrant <paul@xen.org> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> Message-Id: <20220124104450.152481-1-ross.lagerwall@citrix.com> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2022-01-27xen-hvm: Allow disabling buffer_io_timerJason Andryuk1-2/+4
commit f37f29d31488 "xen: slightly simplify bufioreq handling" hard coded setting req.count = 1 during initial field setup before the main loop. This missed a subtlety that an early exit from the loop when there are no ioreqs to process, would have req.count == 0 for the return value. handle_buffered_io() would then remove state->buffered_io_timer. Instead handle_buffered_iopage() is basically always returning true and handle_buffered_io() always re-setting the timer. Restore the disabling of the timer by introducing a new handled_ioreq boolean and use as the return value. The named variable will more clearly show the intent of the code. Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Reviewed-by: Paul Durrant <paul@xen.org> Message-Id: <20211210193434.75566-1-jandryuk@gmail.com> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2022-01-27intc: Unexport InterruptStatsProviderClass-related functionsBernhard Beschow2-4/+4
The functions are only used within their respective source files, so no need for exporting. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Message-Id: <20220116122327.73048-1-shentey@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-01-21hw/riscv: Remove macros for ELF BIOS image namesAnup Patel1-2/+2
Now that RISC-V Spike machine can use BIN BIOS images, we remove the macros used for ELF BIOS image names. Signed-off-by: Anup Patel <apatel@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-01-21hw/riscv: spike: Allow using binary firmware as biosAnup Patel2-27/+47
Currently, we have to use OpenSBI firmware ELF as bios for the spike machine because the HTIF console requires ELF for parsing "fromhost" and "tohost" symbols. The latest OpenSBI can now optionally pick-up HTIF register address from HTIF DT node so using this feature spike machine can now use OpenSBI firmware BIN as bios. Signed-off-by: Anup Patel <apatel@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-01-21target/riscv: Support start kernel directly by KVMYifei Jiang3-31/+88
Get kernel and fdt start address in virt.c, and pass them to KVM when cpu reset. Add kvm_riscv.h to place riscv specific interface. In addition, PLIC is created without M-mode PLIC contexts when KVM is enabled. Signed-off-by: Yifei Jiang <jiangyifei@huawei.com> Signed-off-by: Mingwang Li <limingwang@huawei.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Anup Patel <anup@brainfault.org> Message-id: 20220112081329.1835-7-jiangyifei@huawei.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>