aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)AuthorFilesLines
2021-09-01hw/arm/stellaris: split stellaris_sys_init()Peter Maydell1-31/+25
Currently the stellaris_sys_init() function creates the TYPE_STELLARIS_SYS object, sets its properties, realizes it, maps its MMIO region and connects its IRQ. In order to support wiring the sysclk up to the armv7m object, we need to split this function apart, because to connect the clock output of the STELLARIS_SYS object to the armv7m object we need to create the STELLARIS_SYS object before the armv7m object, but we can't wire up the IRQ until after we've created the armv7m object. Remove the stellaris_sys_init() function, and instead put the create/configure/realize parts before we create the armv7m object and the mmio/irq connection parts afterwards. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Message-id: 20210812093356.1946-17-peter.maydell@linaro.org
2021-09-01hw/arm/nrf51: Wire up sysclkPeter Maydell1-0/+20
Wire up the sysclk input to the armv7m object. Strictly this SoC should not have a systick device at all, but our armv7m container object doesn't currently support disabling the systick device. For the moment, add a TODO comment, but note that this is why we aren't wiring up a refclk (no need for one). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Message-id: 20210812093356.1946-16-peter.maydell@linaro.org
2021-09-01hw/arm/stm32vldiscovery: Delete trailing blank linePeter Maydell1-1/+0
Delete the trailing blank line at the end of the source file. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-15-peter.maydell@linaro.org
2021-09-01hw/arm/stm32f405: Wire up sysclk and refclkPeter Maydell2-5/+37
Wire up the sysclk and refclk for the stm32f405 SoC. This SoC always runs the systick refclk at 1/8 the frequency of the main CPU clock, so the board code only needs to provide a single sysclk clock. Because there is only one board using this SoC, we convert the SoC and the board together, rather than splitting it into "add clock to SoC; connect clock in board; add error check in SoC code that clock is wired up". When the systick device starts honouring its clock inputs, this will fix an emulation inaccuracy in the netduinoplus2 board where the systick reference clock was running at 1MHz rather than 21MHz. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-14-peter.maydell@linaro.org
2021-09-01hw/arm/stm32f205: Wire up sysclk and refclkPeter Maydell2-5/+37
Wire up the sysclk and refclk for the stm32f205 SoC. This SoC always runs the systick refclk at 1/8 the frequency of the main CPU clock, so the board code only needs to provide a single sysclk clock. Because there is only one board using this SoC, we convert the SoC and the board together, rather than splitting it into "add clock to SoC; connect clock in board; add error check in SoC code that clock is wired up". When the systick device starts honouring its clock inputs, this will fix an emulation inaccuracy in the netduino2 board where the systick reference clock was running at 1MHz rather than 15MHz. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-13-peter.maydell@linaro.org
2021-09-01hw/arm/stm32f100: Wire up sysclk and refclkPeter Maydell2-5/+37
Wire up the sysclk and refclk for the stm32f100 SoC. This SoC always runs the systick refclk at 1/8 the frequency of the main CPU clock, so the board code only needs to provide a single sysclk clock. Because there is only one board using this SoC, we convert the SoC and the board together, rather than splitting it into "add clock to SoC; connect clock in board; add error check in SoC code that clock is wired up". When the systick device starts honouring its clock inputs, this will fix an emulation inaccuracy in the stm32vldiscovery board where the systick reference clock was running at 1MHz rather than 3MHz. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-12-peter.maydell@linaro.org
2021-09-01hw/arm: Don't allocate separate MemoryRegions in stm32 SoC realizePeter Maydell2-20/+14
In the realize methods of the stm32f100 and stm32f205 SoC objects, we call g_new() to create new MemoryRegion objects for the sram, flash, and flash_alias. This is unnecessary (and leaves open the possibility of leaking the allocations if we exit from realize with an error). Make these MemoryRegions member fields of the device state struct instead, as stm32f405 already does. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-11-peter.maydell@linaro.org
2021-09-01clock: Provide builtin multiplier/dividerPeter Maydell3-5/+67
It is quite common for a clock tree to involve possibly programmable clock multipliers or dividers, where the frequency of a clock is for instance divided by 8 to produce a slower clock to feed to a particular device. Currently we provide no convenient mechanism for modelling this. You can implement it by having an input Clock and an output Clock, and manually setting the period of the output clock in the period-changed callback of the input clock, but that's quite clunky. This patch adds support in the Clock objects themselves for setting a multiplier or divider. The effect of setting this on a clock is that when the clock's period is changed, all the children of the clock are set to period * multiplier / divider, rather than being set to the same period as the parent clock. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Luc Michel <luc@lmichel.fr> Reviewed-by: Damien Hedde <damien.hedde@greensocs.com> Message-id: 20210812093356.1946-10-peter.maydell@linaro.org
2021-09-01hw/arm/mps2.c: Connect up armv7m clocksPeter Maydell1-0/+15
Connect up the armv7m clocks on the mps2-an385/386/500/511. Connect up the armv7m object's clocks on the MPS boards defined in mps2.c. The documentation for these FPGA images doesn't specify what systick reference clock is used (if any), so for the moment we provide a 1MHz refclock, which will result in no behavioural change from the current hardwired 1MHz clock implemented in armv7m_systick.c:systick_scale(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-9-peter.maydell@linaro.org
2021-09-01armsse: Wire up systick cpuclk clockPeter Maydell1-0/+3
Wire up the cpuclk for the systick devices to the SSE object's existing mainclk clock. We do not wire up the refclk because the SSE subsystems do not provide a refclk. (This is documented in the IoTKit and SSE-200 TRMs; the SSE-300 TRM doesn't mention it but we assume it follows the same approach.) When we update the systick device later to honour "no refclk connected" this will fix a minor emulation inaccuracy for the SSE-based boards. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-8-peter.maydell@linaro.org
2021-09-01hw/arm/armv7m: Create input clocksPeter Maydell1-0/+23
Create input clocks on the armv7m container object which pass through to the systick timers, so that users of the armv7m object can specify the clocks being used. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-7-peter.maydell@linaro.org
2021-09-01hw/timer/armv7m_systick: Add input clocksPeter Maydell1-2/+8
The v7M systick timer can be programmed to run from either of two clocks: * an "external reference clock" (when SYST_CSR.CLKSOURCE == 0) * the main CPU clock (when SYST_CSR.CLKSOURCE == 1) Our implementation currently hardwires the external reference clock to be 1MHz, and allows boards to set the main CPU clock frequency via the global 'system_clock_scale'. (Most boards set that to a constant value; the Stellaris boards allow the guest to reprogram it via the board-specific RCC registers). As the first step in converting this to use the Clock infrastructure, add input clocks to the systick device for the reference clock and the CPU clock. The device implementation ignores them; once we have made all the users of the device correctly wire up the new Clocks we will switch the implementation to use them and ignore the old system_clock_scale. This is a migration compat break for all M-profile boards, because of the addition of the new clock objects to the vmstate struct. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-6-peter.maydell@linaro.org
2021-09-01arm: Move system PPB container handling to armv7mPeter Maydell2-142/+103
Instead of having the NVIC device provide a single sysbus memory region covering the whole of the "System PPB" space, which implements the default behaviour for unimplemented ranges and provides the NS alias window to the sysregs as well as the main sysreg MR, move this handling to the container armv7m device. The NVIC now provides a single memory region which just implements the system registers. This consolidates all the handling of "map various devices in the PPB" into the armv7m container where it belongs. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-4-peter.maydell@linaro.org
2021-09-01arm: Move systick device creation from NVIC to ARMv7M objectPeter Maydell2-73/+125
There's no particular reason why the NVIC should be owning the SysTick device objects; move them into the ARMv7M container object instead, as part of consolidating the "create the devices which are built into an M-profile CPU and map them into their architected locations in the address space" work into one place. This involves temporarily creating a duplicate copy of the nvic_sysreg_ns_ops struct and its read/write functions (renamed as v7m_sysreg_ns_*), but we will delete the NVIC's copy of this code in a subsequent patch. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-3-peter.maydell@linaro.org
2021-09-01arm: Move M-profile RAS register block into its own devicePeter Maydell4-56/+107
Currently we implement the RAS register block within the NVIC device. It isn't really very tightly coupled with the NVIC proper, so instead move it out into a sysbus device of its own and have the top level ARMv7M container create it and map it into memory at the right address. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Reviewed-by: Damien Hedde <damien.hedde@greensocs.com> Message-id: 20210812093356.1946-2-peter.maydell@linaro.org
2021-09-01hw/arm/virt: target-arm: Add A64FX processor support to virt machineShuuichirou Ishii1-0/+1
Add -cpu a64fx to use A64FX processor when -machine virt option is specified. In addition, add a64fx to the Supported guest CPU types in the virt.rst document. Signed-off-by: Shuuichirou Ishii <ishii.shuuichir@fujitsu.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01hw: Add compat machines for 6.2Yanan Wang7-6/+65
Add 6.2 machine types for arm/i440fx/q35/s390x/spapr. Signed-off-by: Yanan Wang <wangyanan55@huawei.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Pankaj Gupta <pankaj.gupta@ionos.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01hw/intc/arm_gicv3: Replace mis-used MEMTX_* constants by booleansPhilippe Mathieu-Daudé1-95/+106
Quoting Peter Maydell: These MEMTX_* aren't from the memory transaction API functions; they're just being used by gicd_readl() and friends as a way to indicate a success/failure so that the actual MemoryRegionOps read/write fns like gicv3_dist_read() can log a guest error. Arguably this is a bit of a misuse of the MEMTX_* constants and perhaps we should have gicd_readl etc return a bool instead. Follow his suggestion and replace the MEMTX_* constants by boolean values, simplifying a bit the gicv3_dist_read() / gicv3_dist_write() handlers. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20210826180704.2131949-3-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01hw/intc/arm_gicv3_dist: Rename 64-bit accessors with 'q' suffixPhilippe Mathieu-Daudé1-6/+6
QEMU load/store API (docs/devel/loads-stores.rst) uses the 'q' suffix for 64-bit accesses. Rename the current 'll' suffix to have the GIC dist accessors better match the rest of the codebase. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20210826180704.2131949-2-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01hw/arm/raspi: Remove deprecated raspi2/raspi3 aliasesPhilippe Mathieu-Daudé1-2/+0
Remove the raspi2/raspi3 machine aliases, deprecated since commit 155e1c82ed0. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210827060815.2384760-3-f4bug@amsat.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01Merge remote-tracking branch 'remotes/kraxel/tags/vga-20210901-pull-request' ↵Peter Maydell6-7/+49
into staging vga: misc fixes and cleanups. # gpg: Signature made Wed 01 Sep 2021 05:18:46 BST # gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20210901-pull-request: hw/display/artist: Fix bug in coordinate extraction in artist_vram_read() and artist_vram_write() hw/display/xlnx_dp: fix an out-of-bounds read in xlnx_dp_read vga: don't abort when adding a duplicate isa-vga device ui/console: Restrict udmabuf_fd() to Linux hw/display: Restrict virtio-gpu-udmabuf stubs to !Linux virtio-gpu: no point of checking res->iov Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01hw/usb: Fix typo in comments and printCai Huoqing6-12/+12
Fix typo: *informations ==> information *enougth ==> enough *enouth ==> enough *registy ==> registry *releated ==> related *Ouptut ==> Output *manualy ==> manually *Attemping ==> Attempting *contine ==> continue *tranceiver ==> transceiver *Tranceiver ==> Transceiver Signed-off-by: Cai Huoqing <caihuoqing@baidu.com> Message-Id: <20210730012720.2246-1-caihuoqing@baidu.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-09-01uas: add stream number sanity checks.Gerd Hoffmann1-0/+11
The device uses the guest-supplied stream number unchecked, which can lead to guest-triggered out-of-band access to the UASDevice->data3 and UASDevice->status3 fields. Add the missing checks. Fixes: CVE-2021-3713 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reported-by: Chen Zhe <chenzhe@huawei.com> Reported-by: Tan Jingguo <tanjingguo@huawei.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210818120505.1258262-2-kraxel@redhat.com>
2021-09-01hw/core/register: Add more 64-bit utilitiesJoe Komlodi1-0/+12
We already have some utilities to handle 64-bit wide registers, so this just adds some more for: - Initializing 64-bit registers - Extracting and depositing to an array of 64-bit registers Signed-off-by: Joe Komlodi <joe.komlodi@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 1626805903-162860-2-git-send-email-joe.komlodi@xilinx.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01hw/intc/sifive_clint: Fix muldiv64 overflow in sifive_clint_write_timecmp()David Hoppenbrouwers1-2/+23
`muldiv64` would overflow in cases where the final 96-bit value does not fit in a `uint64_t`. This would result in small values that cause an interrupt to be triggered much sooner than intended. The overflow can be detected in most cases by checking if the new value is smaller than the previous value. If the final result is larger than `diff` it is either correct or it doesn't matter as it is effectively infinite anyways. `next` is an `uint64_t` value, but `timer_mod` takes an `int64_t`. This resulted in high values such as `UINT64_MAX` being converted to `-1`, which caused an immediate timer interrupt. By limiting `next` to `INT64_MAX` no overflow will happen while the timer will still be effectively set to "infinitely" far in the future. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/493 Signed-off-by: David Hoppenbrouwers <david@salt-inc.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20210827152324.5201-1-david@salt-inc.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01hw/riscv/virt.c: Assemble plic_hart_config string with g_strjoinv()Peter Maydell1-13/+20
In the riscv virt machine init function, We assemble a string plic_hart_config which is a comma-separated list of N copies of the VIRT_PLIC_HART_CONFIG string. The code that does this has a misunderstanding of the strncat() length argument. If the source string is too large strncat() will write a maximum of length+1 bytes (length bytes from the source string plus a trailing NUL), but the code here assumes that it will write only length bytes at most. This isn't an actual bug because the code has correctly precalculated the amount of memory it needs to allocate so that it will never be too small (i.e. we could have used plain old strcat()), but it does mean that the code looks like it has a guard against accidental overrun when it doesn't. Rewrite the string handling here to use the glib g_strjoinv() function, which means we don't need to do careful accountancy of string lengths, and makes it clearer that what we're doing is "create a comma-separated string". Fixes: Coverity 1460752 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20210812144647.10516-1-peter.maydell@linaro.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01hw/riscv: virt: Move flash node to rootBin Meng1-1/+1
The flash is not inside the SoC, so it's inappropriate to put it under the /soc node. Move it to root instead. Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20210807035641.22449-1-bmeng.cn@gmail.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01hw/char: Add config for shakti uartVijai Kumar K3-5/+5
Use a dedicated UART config(CONFIG_SHAKTI_UART) to select shakti uart. Signed-off-by: Vijai Kumar K <vijai@behindbytes.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20210731190229.137483-1-vijai@behindbytes.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-08-31hw/display/artist: Fix bug in coordinate extraction in artist_vram_read() ↵Helge Deller1-4/+4
and artist_vram_write() The CDE desktop on HP-UX 10 shows wrongly rendered pixels when the local screen menu is closed. This bug was introduced by commit c7050f3f167b ("hw/display/artist: Refactor x/y coordination extraction") which converted the coordinate extraction in artist_vram_read() and artist_vram_write() to use the ADDR_TO_X and ADDR_TO_Y macros, but forgot to right-shift the address by 2 as it was done before. Signed-off-by: Helge Deller <deller@gmx.de> Fixes: c7050f3f167b ("hw/display/artist: Refactor x/y coordination extraction") Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Cc: Richard Henderson <richard.henderson@linaro.org> Cc: Sven Schnelle <svens@stackframe.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <YK1aPb8keur9W7h2@ls3530> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31hw/display/xlnx_dp: fix an out-of-bounds read in xlnx_dp_readQiang Liu1-1/+5
xlnx_dp_read allows an out-of-bounds read at its default branch because of an improper index. According to https://www.xilinx.com/html_docs/registers/ug1087/ug1087-zynq-ultrascale-registers.html (DP Module), registers 0x3A4/0x3A4/0x3AC are allowed. DP_INT_MASK 0x000003A4 32 mixed 0xFFFFF03F Interrupt Mask Register for intrN. DP_INT_EN 0x000003A8 32 mixed 0x00000000 Interrupt Enable Register. DP_INT_DS 0x000003AC 32 mixed 0x00000000 Interrupt Disable Register. In xlnx_dp_write, when the offset is 0x3A8 and 0x3AC, the virtual device will write s->core_registers[0x3A4 >> 2]. That is to say, the maxize of s->core_registers could be ((0x3A4 >> 2) + 1). However, the current size of s->core_registers is (0x3AF >> >> 2), that is ((0x3A4 >> 2) + 2), which is out of the range. In xlxn_dp_read, the access to offset 0x3A8 or 0x3AC will be directed to the offset 0x3A8 (incorrect functionality) or 0x3AC (out-of-bounds read) rather than 0x3A4. This patch enforces the read access to offset 0x3A8 and 0x3AC to 0x3A4, but does not adjust the size of s->core_registers to avoid breaking migration. Fixes: 58ac482a66de ("introduce xlnx-dp") Signed-off-by: Qiang Liu <cyruscyliu@gmail.com> Acked-by: Thomas Huth <thuth@redhat.com> Acked-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <1628059910-12060-1-git-send-email-cyruscyliu@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31vga: don't abort when adding a duplicate isa-vga deviceJose R. Ziviani1-0/+10
If users try to add an isa-vga device that was already registered, still in command line, qemu will crash: $ qemu-system-mips64el -M pica61 -device isa-vga RAMBlock "vga.vram" already registered, abort! Aborted (core dumped) That particular board registers the device automaticaly, so it's not obvious that a VGA device already exists. This patch changes this behavior by displaying a message and exiting without crashing. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/44 Signed-off-by: Jose R. Ziviani <jziviani@suse.de> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210817192629.12755-1-jziviani@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31hw/display: Restrict virtio-gpu-udmabuf stubs to !LinuxPhilippe Mathieu-Daudé2-1/+29
When using qemu configured with --enabled-modules, the generic stubs are used instead of the module symbols: qemu-system-x86_64: -device virtio-vga,blob=on: cannot enable blob resources without udmabuf Restrict the stubs to Linux and only link them when CONFIG_VIRTIO_GPU is disabled (only the modularized version is available when it is enabled). Reported-by: Maxim R. <mrom06@ya.ru> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/553 Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210823100454.615816-2-philmd@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31virtio-gpu: no point of checking res->iovDongwon Kim1-1/+1
The code should check the opposite condition of res->iov because it will be null if virtio_gpu_create_mapping_iov fails and actually this checking is not even required because checking on ret covers all failing cases. Signed-off-by: Dongwon Kim <dongwon.kim@intel.com> Message-Id: <20210830175033.29233-1-dongwon.kim@intel.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-27Merge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.2-20210827' ↵Peter Maydell7-44/+60
into staging ppc patch queue 2021-08-27 First ppc pull request for qemu-6.2. As usual, there's a fair bit here, since it's been queued during the 6.1 freeze. Highlights are: * Some fixes for 128 bit arithmetic and some vector opcodes that use them * Significant improvements to the powernv to support POWER10 cpus (more to come though) * Several cleanups to the ppc softmmu code * A few other assorted fixes # gpg: Signature made Fri 27 Aug 2021 08:09:12 BST # gpg: using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full] # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full] # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full] # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown] # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dg-gitlab/tags/ppc-for-6.2-20210827: target/ppc: fix vector registers access in gdbstub for little-endian include/qemu/int128.h: introduce bswap128s target/ppc: fix vextu[bhw][lr]x helpers include/qemu/int128.h: define struct Int128 according to the host endianness ppc/xive: Export xive_presenter_notify() ppc/xive: Export PQ get/set routines ppc/pnv: add a chip topology index for POWER10 ppc/pnv: Distribute RAM among the chips ppc/pnv: Use a simple incrementing index for the chip-id ppc/pnv: powerpc_excp: Do not discard HDECR exception when entering power-saving mode ppc/pnv: Change the POWER10 machine to support DD2 only ppc: Add a POWER10 DD2 CPU ppc/pnv: update skiboot to commit 820d43c0a775. target/ppc: moved store_40x_sler to helper_regs.c target/ppc: moved ppc_store_sdr1 to mmu_common.c target/ppc: divided mmu_helper.c in 2 files spapr_pci: Fix leak in spapr_phb_vfio_get_loc_code() with g_autofree xive: Remove extra '0x' prefix in trace events Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-27Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2021-08-26' ↵Peter Maydell9-43/+35
into staging Error reporting patches for 2021-08-26 # gpg: Signature made Thu 26 Aug 2021 16:17:05 BST # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-error-2021-08-26: vl: Clean up -smp error handling Remove superfluous ERRP_GUARD() vhost: Clean up how VhostOpts method vhost_backend_init() fails vhost: Clean up how VhostOpts method vhost_get_config() fails microvm: Drop dead error handling in microvm_machine_state_init() migration: Handle migration_incoming_setup() errors consistently migration: Unify failure check for migrate_add_blocker() whpx nvmm: Drop useless migrate_del_blocker() vfio: Avoid error_propagate() after migrate_add_blocker() i386: Never free migration blocker objects instead of sometimes vhost-scsi: Plug memory leak on migrate_add_blocker() failure multi-process: Fix pci_proxy_dev_realize() error handling spapr: Explain purpose of ->fwnmi_migration_blocker more clearly spapr: Plug memory leak when we can't add a migration blocker error: Use error_fatal to simplify obvious fatal errors (again) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-27ppc/xive: Export xive_presenter_notify()Cédric Le Goater1-4/+4
It's generic enough to be used from the XIVE2 router and avoid more duplication. Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210809134547.689560-9-clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27ppc/xive: Export PQ get/set routinesCédric Le Goater2-7/+7
These will be shared with the XIVE2 router. Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210809134547.689560-8-clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27ppc/pnv: add a chip topology index for POWER10Cédric Le Goater1-0/+2
Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210809134547.689560-7-clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27ppc/pnv: Distribute RAM among the chipsCédric Le Goater1-8/+25
But always give the first 1GB to chip 0 as skiboot requires it. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210809134547.689560-6-clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27ppc/pnv: Use a simple incrementing index for the chip-idCédric Le Goater1-5/+6
When the QEMU PowerNV machine was introduced, multi chip support modeled a two socket system with dual chip modules as found on some P8 Tuleta systems (8286-42A). But this is hardly used and not relevant for QEMU. Use a simple index instead. With this change, we can now increase the max socket number to 16 as found on high end systems. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210809134547.689560-5-clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27ppc/pnv: Change the POWER10 machine to support DD2 onlyCédric Le Goater2-2/+2
There is no need to keep the DD1 chip model as it will never be publicly available. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210809134547.689560-3-clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27spapr_pci: Fix leak in spapr_phb_vfio_get_loc_code() with g_autofreeDavid Gibson1-13/+9
This uses g_autofree to simplify logic in spapr_phb_vfio_get_loc_code(), in the process fixing a leak in one of the paths. I'm told this fixes Coverity error CID 1460454 Reported-by: Peter Maydell <peter.maydell@linaro.org> Fixes: 16b0ea1d852 ("spapr_pci: populate ibm,loc-code") Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27xive: Remove extra '0x' prefix in trace eventsCédric Le Goater1-5/+5
Cc: thuth@redhat.com Fixes: 4e960974d4ee ("xive: Add trace events") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/519 Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210809085227.288523-1-clg@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-26hw/arm/xlnx-zynqmp: Add unimplemented APU mmioTong Ho1-0/+32
Add unimplemented APU mmio region to xlnx-zynqmp for booting bare-metal guests built with standalone bsp, which access the region from one of the following places: https://github.com/Xilinx/embeddedsw/blob/release-2020.2/lib/bsp/standalone/src/arm/ARMv8/64bit/armclang/boot.S#L139 https://github.com/Xilinx/embeddedsw/blob/release-2020.2/lib/bsp/standalone/src/arm/ARMv8/64bit/gcc/boot.S#L183 Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Tong Ho <tong.ho@xilinx.com> Message-id: 20210823173818.201259-3-tong.ho@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-26hw/arm/xlnx-versal: Add unimplemented APU mmioTong Ho1-0/+2
Add unimplemented APU mmio region to xlnx-versal for booting bare-metal guests built with standalone bsp, which access the region from one of the following places: https://github.com/Xilinx/embeddedsw/blob/release-2020.2/lib/bsp/standalone/src/arm/ARMv8/64bit/armclang/boot.S#L139 https://github.com/Xilinx/embeddedsw/blob/release-2020.2/lib/bsp/standalone/src/arm/ARMv8/64bit/gcc/boot.S#L183 Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Tong Ho <tong.ho@xilinx.com> Message-id: 20210823173818.201259-2-tong.ho@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-26hw/arm/virt: Delete EL3 error checksnow provided in CPU realizePeter Maydell1-5/+0
Now that the CPU realize function will fail cleanly if we ask for EL3 when KVM is enabled, we don't need to check for errors explicitly in the virt board code. The reported message is slightly different; it is now: qemu-system-aarch64: Cannot enable KVM when guest CPU has EL3 enabled instead of: qemu-system-aarch64: mach-virt: KVM does not support Security extensions We don't delete the MTE check because there the logic is more complex; deleting the check would work but makes the error message less helpful, as it would read: qemu-system-aarch64: MTE requested, but not supported by the guest CPU instead of: qemu-system-aarch64: mach-virt: KVM does not support providing MTE to the guest CPU Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210816135842.25302-4-peter.maydell@linaro.org
2021-08-26raspi: Use error_fatal for SoC realize errors, not error_abortPeter Maydell1-1/+1
The SoC realize can fail for legitimate reasons, because it propagates errors up from CPU realize, which in turn can be provoked by user error in setting commandline options. Use error_fatal so we report the error message to the user and exit, rather than asserting via error_abort. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210816135842.25302-2-peter.maydell@linaro.org
2021-08-26hw/core/loader: In gunzip(), check index is in range before use, not afterPeter Maydell1-10/+25
The gunzip() function reads various fields from a passed in source buffer in order to skip a header before passing the actual compressed data to the zlib inflate() function. It does check whether the passed in buffer is too small, but unfortunately it checks that only after reading bytes from the src buffer, so it could read off the end of the buffer. You can see this with valgrind: $ printf "%b" '\x1f\x8b' > /tmp/image $ valgrind qemu-system-aarch64 -display none -M virt -cpu max -kernel /tmp/image [...] ==19224== Invalid read of size 1 ==19224== at 0x67302E: gunzip (loader.c:558) ==19224== by 0x673907: load_image_gzipped_buffer (loader.c:788) ==19224== by 0xA18032: load_aarch64_image (boot.c:932) ==19224== by 0xA18489: arm_setup_direct_kernel_boot (boot.c:1063) ==19224== by 0xA18D90: arm_load_kernel (boot.c:1317) ==19224== by 0x9F3651: machvirt_init (virt.c:2114) ==19224== by 0x794B7A: machine_run_board_init (machine.c:1272) ==19224== by 0xD5CAD3: qemu_init_board (vl.c:2618) ==19224== by 0xD5CCA6: qmp_x_exit_preconfig (vl.c:2692) ==19224== by 0xD5F32E: qemu_init (vl.c:3713) ==19224== by 0x5ADDB1: main (main.c:49) ==19224== Address 0x3802a873 is 0 bytes after a block of size 3 alloc'd ==19224== at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==19224== by 0x61E7657: g_file_get_contents (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4) ==19224== by 0x673895: load_image_gzipped_buffer (loader.c:771) ==19224== by 0xA18032: load_aarch64_image (boot.c:932) ==19224== by 0xA18489: arm_setup_direct_kernel_boot (boot.c:1063) ==19224== by 0xA18D90: arm_load_kernel (boot.c:1317) ==19224== by 0x9F3651: machvirt_init (virt.c:2114) ==19224== by 0x794B7A: machine_run_board_init (machine.c:1272) ==19224== by 0xD5CAD3: qemu_init_board (vl.c:2618) ==19224== by 0xD5CCA6: qmp_x_exit_preconfig (vl.c:2692) ==19224== by 0xD5F32E: qemu_init (vl.c:3713) ==19224== by 0x5ADDB1: main (main.c:49) Check that we have enough bytes of data to read the header bytes that we read before we read them. Fixes: Coverity 1458997 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210812141803.20913-1-peter.maydell@linaro.org
2021-08-26arch_init.h: Don't include arch_init.h unnecessarilyPeter Maydell10-10/+0
arch_init.h only defines the QEMU_ARCH_* enumeration and the arch_type global. Don't include it in files that don't use those. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20210730105947.28215-8-peter.maydell@linaro.org
2021-08-26hw/arm/Kconfig: no need to enable ACPI_MEMORY_HOTPLUG/ACPI_NVDIMM explicitlyAni Sinha1-2/+0
Since commit 36b79e3219d ("hw/acpi/Kconfig: Add missing Kconfig dependencies (build error)"), ACPI_MEMORY_HOTPLUG and ACPI_NVDIMM is implicitly turned on when ACPI_HW_REDUCED is selected. ACPI_HW_REDUCED is already enabled. No need to turn on ACPI_MEMORY_HOTPLUG or ACPI_NVDIMM explicitly. This is a minor cleanup. Signed-off-by: Ani Sinha <ani@anisinha.ca> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20210819162637.518507-1-ani@anisinha.ca Signed-off-by: Peter Maydell <peter.maydell@linaro.org>