aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)AuthorFilesLines
2021-12-15Merge tag 'pull-target-arm-20211215' of ↵Richard Henderson19-65/+93
https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue: * ITS: error reporting cleanup * aspeed: improve documentation * Fix STM32F2XX USART data register readout * allow emulated GICv3 to be disabled in non-TCG builds * fix exception priority for singlestep, misaligned PC, bp, etc * Correct calculation of tlb range invalidate length * npcm7xx_emc: fix missing queue_flush * virt: Add VIOT ACPI table for virtio-iommu * target/i386: Use assert() to sanity-check b1 in SSE decode * Don't include qemu-common unnecessarily # gpg: Signature made Wed 15 Dec 2021 02:39:37 AM PST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] * tag 'pull-target-arm-20211215' of https://git.linaro.org/people/pmaydell/qemu-arm: (33 commits) tests/acpi: add expected blob for VIOT test on virt machine tests/acpi: add expected blobs for VIOT test on q35 machine tests/acpi: add test case for VIOT tests/acpi: allow updates of VIOT expected data files hw/arm/virt: Use object_property_set instead of qdev_prop_set hw/arm/virt: Reject instantiation of multiple IOMMUs hw/arm/virt: Remove device tree restriction for virtio-iommu hw/arm/virt-acpi-build: Add VIOT table for virtio-iommu hw/net: npcm7xx_emc fix missing queue_flush target/arm: Correct calculation of tlb range invalidate length hw/arm: Don't include qemu-common.h unnecessarily target/rx/cpu.h: Don't include qemu-common.h target/hexagon/cpu.h: don't include qemu-common.h include/hw/i386: Don't include qemu-common.h in .h files target/i386: Use assert() to sanity-check b1 in SSE decode tests/tcg: Add arm and aarch64 pc alignment tests target/arm: Suppress bp for exceptions with more priority target/arm: Assert thumb pc is aligned target/arm: Take an exception if PC is misaligned target/arm: Split compute_fsr_fsc out of arm_deliver_fault ... Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-15hw/arm/aspeed: Replace drive_get_next() by drive_get()Markus Armbruster1-8/+13
drive_get_next() is basically a bad idea. It returns the "next" block backend of a certain interface type. "Next" means bus=0,unit=N, where subsequent calls count N up from zero, per interface type. This lets you define unit numbers implicitly by execution order. If the order changes, or new calls appear "in the middle", unit numbers change. ABI break. Hard to spot in review. The aspeed machines connects backends with drive_get_next() in several counting loops, one of them in a helper function, and a conditional. Change it to use drive_get() directly. This makes the unit numbers explicit in the code. Cc: "Cédric Le Goater" <clg@kaod.org> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Andrew Jeffery <andrew@aj.id.au> Cc: Joel Stanley <joel@jms.id.au> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-13-armbru@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org>
2021-12-15hw/arm/xilinx_zynq: Replace drive_get_next() by drive_get()Markus Armbruster1-7/+9
drive_get_next() is basically a bad idea. It returns the "next" block backend of a certain interface type. "Next" means bus=0,unit=N, where subsequent calls count N up from zero, per interface type. This lets you define unit numbers implicitly by execution order. If the order changes, or new calls appear "in the middle", unit numbers change. ABI break. Hard to spot in review. Machine "xlnx-zcu102" connects backends with drive_get_next() in two counting loops, one of them in a helper function. Change it to use drive_get() directly. This makes the unit numbers explicit in the code. Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com> Cc: Alistair Francis <alistair@alistair23.me> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-12-armbru@redhat.com> Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2021-12-15hw/arm/xlnx-zcu102: Replace drive_get_next() by drive_get()Markus Armbruster1-3/+3
drive_get_next() is basically a bad idea. It returns the "next" block backend of a certain interface type. "Next" means bus=0,unit=N, where subsequent calls count N up from zero, per interface type. This lets you define unit numbers implicitly by execution order. If the order changes, or new calls appear "in the middle", unit numbers change. ABI break. Hard to spot in review. Machine "xlnx-zcu102" connects backends with drive_get_next() in several counting loops. Change it to use drive_get() directly. This makes the unit numbers explicit in the code. Cc: Alistair Francis <alistair@alistair23.me> Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-11-armbru@redhat.com> Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2021-12-15hw/arm/virt: Use object_property_set instead of qdev_prop_setJean-Philippe Brucker1-2/+3
To propagate errors to the caller of the pre_plug callback, use the object_poperty_set*() functions directly instead of the qdev_prop_set*() helpers. Suggested-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-5-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/arm/virt: Reject instantiation of multiple IOMMUsJean-Philippe Brucker1-0/+5
We do not support instantiating multiple IOMMUs. Before adding a virtio-iommu, check that no other IOMMU is present. This will detect both "iommu=smmuv3" machine parameter and another virtio-iommu instance. Fixes: 70e89132c9 ("hw/arm/virt: Add the virtio-iommu device tree mappings") Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-4-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/arm/virt: Remove device tree restriction for virtio-iommuJean-Philippe Brucker2-18/+4
virtio-iommu is now supported with ACPI VIOT as well as device tree. Remove the restriction that prevents from instantiating a virtio-iommu device under ACPI. Acked-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-3-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/arm/virt-acpi-build: Add VIOT table for virtio-iommuJean-Philippe Brucker2-0/+8
When a virtio-iommu is instantiated, describe it using the ACPI VIOT table. Acked-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-2-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/net: npcm7xx_emc fix missing queue_flushPatrick Venture1-10/+8
The rx_active boolean change to true should always trigger a try_read call that flushes the queue. Signed-off-by: Patrick Venture <venture@google.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20211203221002.1719306-1-venture@google.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/arm: Don't include qemu-common.h unnecessarilyPeter Maydell8-8/+0
A lot of C files in hw/arm include qemu-common.h when they don't need anything from it. Drop the include lines. omap1.c, pxa2xx.c and strongarm.c retain the include because they use it for the prototype of qemu_get_timedate(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Taylor Simpson <tsimpson@quicinc.com> Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp> Message-id: 20211129200510.1233037-5-peter.maydell@linaro.org
2021-12-15hw/intc/arm_gicv3: Introduce CONFIG_ARM_GIC_TCG Kconfig selectorPhilippe Mathieu-Daudé3-5/+12
The TYPE_ARM_GICV3 device is an emulated one. When using KVM, it is recommended to use the TYPE_KVM_ARM_GICV3 device (which uses in-kernel support). When using --with-devices-FOO, it is possible to build a binary with a specific set of devices. When this binary is restricted to KVM accelerator, the TYPE_ARM_GICV3 device is irrelevant, and it is desirable to remove it from the binary. Therefore introduce the CONFIG_ARM_GIC_TCG Kconfig selector which select the files required to have the TYPE_ARM_GICV3 device, but also allowing to de-select this device. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20211115223619.2599282-3-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/intc/arm_gicv3: Extract gicv3_set_gicv3state from arm_gicv3_cpuif.cPhilippe Mathieu-Daudé3-9/+24
gicv3_set_gicv3state() is used by arm_gicv3_common.c in arm_gicv3_common_realize(). Since we want to restrict arm_gicv3_cpuif.c to TCG, extract gicv3_set_gicv3state() to a new file. Add this file to the meson 'specific' source set, since it needs access to "cpu.h". Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20211115223619.2599282-2-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15Fix STM32F2XX USART data register readoutOlivier Hériveaux1-1/+2
Fix issue where the data register may be overwritten by next character reception before being read and returned. Signed-off-by: Olivier Hériveaux <olivier.heriveaux@ledger.fr> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20211128120723.4053-1-olivier.heriveaux@ledger.fr Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/intc: clean-up error reporting for failed ITS cmdAlex Bennée1-12/+27
While trying to debug a GIC ITS failure I saw some guest errors that had poor formatting as well as leaving me confused as to what failed. As most of the checks aren't possible without a valid dte split that check apart and then check the other conditions in steps. This avoids us relying on undefined data. I still get a failure with the current kvm-unit-tests but at least I know (partially) why now: Exception return from AArch64 EL1 to AArch64 EL1 PC 0x40080588 PASS: gicv3: its-trigger: inv/invall: dev2/eventid=20 now triggers an LPI ITS: MAPD devid=2 size = 0x8 itt=0x40430000 valid=0 INT dev_id=2 event_id=20 process_its_cmd: invalid command attributes: invalid dte: 0 for 2 (MEM_TX: 0) PASS: gicv3: its-trigger: mapd valid=false: no LPI after device unmap SUMMARY: 6 tests, 1 unexpected failures Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20211112170454.3158925-1-alex.bennee@linaro.org Cc: Shashi Mallela <shashi.mallela@linaro.org> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/microblaze: Replace drive_get_next() by drive_get()Markus Armbruster1-1/+1
drive_get_next() is basically a bad idea. It returns the "next" block backend of a certain interface type. "Next" means bus=0,unit=N, where subsequent calls count N up from zero, per interface type. This lets you define unit numbers implicitly by execution order. If the order changes, or new calls appear "in the middle", unit numbers change. ABI break. Hard to spot in review. Machine "petalogix-ml605" connects backends with drive_get_next() in a counting loop. Change it to use drive_get() directly. This makes the unit numbers explicit in the code. Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-10-armbru@redhat.com> Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2021-12-15hw/arm/xlnx-versal-virt: Replace drive_get_next() by drive_get()Markus Armbruster1-1/+2
drive_get_next() is basically a bad idea. It returns the "next" block backend of a certain interface type. "Next" means bus=0,unit=N, where subsequent calls count N up from zero, per interface type. This lets you define unit numbers implicitly by execution order. If the order changes, or new calls appear "in the middle", unit numbers change. ABI break. Hard to spot in review. Machine "xlnx-versal-virt" connects backends with drive_get_next() in a counting loop. Change it to use drive_get() directly. This makes the unit numbers explicit in the code. Cc: Alistair Francis <alistair@alistair23.me> Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-9-armbru@redhat.com> Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2021-12-15hw/arm/mcimx7d-sabre: Replace drive_get_next() by drive_get()Markus Armbruster1-1/+1
drive_get_next() is basically a bad idea. It returns the "next" block backend of a certain interface type. "Next" means bus=0,unit=N, where subsequent calls count N up from zero, per interface type. This lets you define unit numbers implicitly by execution order. If the order changes, or new calls appear "in the middle", unit numbers change. ABI break. Hard to spot in review. Machine "mcimx7d-sabre" connects backends with drive_get_next() in a counting loop. Change it to use drive_get() directly. This makes the unit numbers explicit in the code. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Andrey Smirnov <andrew.smirnov@gmail.com> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-8-armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/arm/mcimx6ul-evk: Replace drive_get_next() by drive_get()Markus Armbruster1-1/+1
drive_get_next() is basically a bad idea. It returns the "next" block backend of a certain interface type. "Next" means bus=0,unit=N, where subsequent calls count N up from zero, per interface type. This lets you define unit numbers implicitly by execution order. If the order changes, or new calls appear "in the middle", unit numbers change. ABI break. Hard to spot in review. Machine "mcimx6ul-evk" connects backends with drive_get_next() in a counting loop. Change it to use drive_get() directly. This makes the unit numbers explicit in the code. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Jean-Christophe Dubois <jcd@tribudubois.net> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-7-armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/arm/imx25_pdk: Replace drive_get_next() by drive_get()Markus Armbruster1-1/+1
drive_get_next() is basically a bad idea. It returns the "next" block backend of a certain interface type. "Next" means bus=0,unit=N, where subsequent calls count N up from zero, per interface type. This lets you define unit numbers implicitly by execution order. If the order changes, or new calls appear "in the middle", unit numbers change. ABI break. Hard to spot in review. Machine "imx25-pdk" connects backends with drive_get_next() in a counting loop. Change it to use drive_get() directly. This makes the unit numbers explicit in the code. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Jean-Christophe Dubois <jcd@tribudubois.net> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-6-armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/arm/versatilepb hw/arm/vexpress: Replace drive_get_next() by drive_get()Markus Armbruster2-5/+5
drive_get_next() is basically a bad idea. It returns the "next" block backend of a certain interface type. "Next" means bus=0,unit=N, where subsequent calls count N up from zero, per interface type. This lets you define unit numbers implicitly by execution order. If the order changes, or new calls appear "in the middle", unit numbers change. ABI break. Hard to spot in review. The versatile and vexpress machines ("versatileab", "versatilepb", "vexpress-a9", "vexpress-a15") connect just one or two backends of a type with drive_get_next(). Change them to use drive_get() directly. This makes the unit numbers explicit in the code. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-5-armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-15hw/arm/npcm7xx_boards: Replace drive_get_next() by drive_get()Markus Armbruster1-3/+3
drive_get_next() is basically a bad idea. It returns the "next" block backend of a certain interface type. "Next" means bus=0,unit=N, where subsequent calls count N up from zero, per interface type. This lets you define unit numbers implicitly by execution order. If the order changes, or new calls appear "in the middle", unit numbers change. ABI break. Hard to spot in review. Machine "quanta-gbs-bmc" connects just one backend with drive_get_next(), but with a helper function. Change it to use drive_get() directly. This makes the unit numbers explicit in the code. Cc: Havard Skinnemoen <hskinnemoen@google.com> Cc: Tyrone Ting <kfting@nuvoton.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-4-armbru@redhat.com> Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
2021-12-15hw: Replace trivial drive_get_next() by drive_get()Markus Armbruster11-12/+12
drive_get_next() is basically a bad idea. It returns the "next" block backend of a certain interface type. "Next" means bus=0,unit=N, where subsequent calls count N up from zero, per interface type. This lets you define unit numbers implicitly by execution order. If the order changes, or new calls appear "in the middle", unit numbers change. ABI break. Hard to spot in review. A number of machines connect just one backend with drive_get_next(). Change them to use drive_get() directly. This makes the (zero) unit number explicit in the code. Cc: Beniamino Galvani <b.galvani@gmail.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Subbaraya Sundeep <sundeep.lkml@gmail.com> Cc: Niek Linnenbank <nieklinnenbank@gmail.com> Cc: Andrew Baumann <Andrew.Baumann@microsoft.com> Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org> Cc: Jean-Christophe Dubois <jcd@tribudubois.net> Cc: Alistair Francis <Alistair.Francis@wdc.com> Cc: Bin Meng <bin.meng@windriver.com> Cc: Palmer Dabbelt <palmer@dabbelt.com> Cc: Artyom Tarasenko <atar4qemu@gmail.com> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Cc: Michael Tokarev <mjt@tls.msk.ru> Cc: Laurent Vivier <laurent@vivier.eu> Cc: qemu-arm@nongnu.org Cc: qemu-riscv@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-3-armbru@redhat.com>
2021-12-15hw/sd/ssi-sd: Do not create SD card within controller's realizeMarkus Armbruster3-30/+27
ssi_sd_realize() creates an "sd-card" device. This is inappropriate, and marked FIXME. Move it to the boards that create these devices. Prior art: commit eb4f566bbb for device "generic-sdhci", and commit 26c607b86b for device "pl181". The device remains not user-creatable, because its users should (and do) wire up its GPIO chip-select line. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Alistair Francis <Alistair.Francis@wdc.com> Cc: Bin Meng <bin.meng@windriver.com> Cc: Palmer Dabbelt <palmer@dabbelt.com> Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org> Cc: qemu-arm@nongnu.org Cc: qemu-riscv@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20211117163409.3587705-2-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
2021-12-15virtio-iommu: Fix the domain_range endEric Auger1-2/+2
in old times the domain range was defined by a domain_bits le32. This was then converted into a domain_range struct. During the upgrade the original value of '32' (bits) has been kept while the end field now is the max value of the domain id (UINT32_MAX). Fix that and also use UINT64_MAX for the input_range.end. Reported-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-Id: <20211127072910.1261824-4-eric.auger@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15virtio-iommu: Fix endianness in get_configEric Auger2-9/+17
Endianess is not properly handled when populating the returned config. Use the cpu_to_le* primitives for each separate field. Also, while at it, trace the domain range start. Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-Id: <20211127072910.1261824-3-eric.auger@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15virtio-iommu: Remove set_config callbackEric Auger2-15/+0
The spec says "the driver must not write to device configuration fields". So remove the set_config() callback which anyway did not do anything. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-Id: <20211127072910.1261824-2-eric.auger@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-10numa: Support SGX numa in the monitor and Libvirt interfacesYang Zhong1-9/+42
Add the SGXEPCSection list into SGXInfo to show the multiple SGX EPC sections detailed info, not the total size like before. This patch can enable numa support for 'info sgx' command and QMP interfaces. The new interfaces show each EPC section info in one numa node. Libvirt can use QMP interface to get the detailed host SGX EPC capabilities to decide how to allocate host EPC sections to guest. (qemu) info sgx SGX support: enabled SGX1 support: enabled SGX2 support: enabled FLC support: enabled NUMA node #0: size=67108864 NUMA node #1: size=29360128 The QMP interface show: (QEMU) query-sgx {"return": {"sgx": true, "sgx2": true, "sgx1": true, "sections": \ [{"node": 0, "size": 67108864}, {"node": 1, "size": 29360128}], "flc": true}} (QEMU) query-sgx-capabilities {"return": {"sgx": true, "sgx2": true, "sgx1": true, "sections": \ [{"node": 0, "size": 17070817280}, {"node": 1, "size": 17079205888}], "flc": true}} Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20211101162009.62161-4-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-10numa: Enable numa for SGX EPC sectionsYang Zhong5-3/+55
The basic SGX did not enable numa for SGX EPC sections, which result in all EPC sections located in numa node 0. This patch enable SGX numa function in the guest and the EPC section can work with RAM as one numa node. The Guest kernel related log: [ 0.009981] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x183ffffff] [ 0.009982] ACPI: SRAT: Node 1 PXM 1 [mem 0x184000000-0x185bfffff] The SRAT table can normally show SGX EPC sections menory info in different numa nodes. The SGX EPC numa related command: ...... -m 4G,maxmem=20G \ -smp sockets=2,cores=2 \ -cpu host,+sgx-provisionkey \ -object memory-backend-ram,size=2G,host-nodes=0,policy=bind,id=node0 \ -object memory-backend-epc,id=mem0,size=64M,prealloc=on,host-nodes=0,policy=bind \ -numa node,nodeid=0,cpus=0-1,memdev=node0 \ -object memory-backend-ram,size=2G,host-nodes=1,policy=bind,id=node1 \ -object memory-backend-epc,id=mem1,size=28M,prealloc=on,host-nodes=1,policy=bind \ -numa node,nodeid=1,cpus=2-3,memdev=node1 \ -M sgx-epc.0.memdev=mem0,sgx-epc.0.node=0,sgx-epc.1.memdev=mem1,sgx-epc.1.node=1 \ ...... Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20211101162009.62161-2-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-07gicv3: fix ICH_MISR's LRENP computationDamien Hedde1-1/+2
According to the "Arm Generic Interrupt Controller Architecture Specification GIC architecture version 3 and 4" (version G: page 345 for aarch64 or 509 for aarch32): LRENP bit of ICH_MISR is set when ICH_HCR.LRENPIE==1 and ICH_HCR.EOIcount is non-zero. When only LRENPIE was set (and EOI count was zero), the LRENP bit was wrongly set and MISR value was wrong. As an additional consequence, if an hypervisor set ICH_HCR.LRENPIE, the maintenance interrupt was constantly fired. It happens since patch 9cee1efe92 ("hw/intc: Set GIC maintenance interrupt level to only 0 or 1") which fixed another bug about maintenance interrupt (most significant bits of misr, including this one, were ignored in the interrupt trigger). Fixes: 83f036fe3d ("hw/intc/arm_gicv3: Add accessors for ICH_ system registers") Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20211207094427.3473-1-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-06Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into stagingRichard Henderson1-1/+1
Pull request # gpg: Signature made Mon 06 Dec 2021 07:27:19 AM PST # gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full] # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full] * tag 'block-pull-request' of https://gitlab.com/stefanha/qemu: virtio-blk: Fix clean up of host notifiers for single MR transaction. Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-06virtio-blk: Fix clean up of host notifiers for single MR transaction.Mark Mielke1-1/+1
The code that introduced "virtio-blk: Configure all host notifiers in a single MR transaction" introduced a second loop variable to perform cleanup in second loop, but mistakenly still refers to the first loop variable within the second loop body. Fixes: d0267da61489 ("virtio-blk: Configure all host notifiers in a single MR transaction") Signed-off-by: Mark Mielke <mark.mielke@gmail.com> Message-id: CALm7yL08qarOu0dnQkTN+pa=BSRC92g31YpQQNDeAiT4yLZWQQ@mail.gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-06Revert "vga: don't abort when adding a duplicate isa-vga device"Alex Bennée1-10/+0
This reverts commit 7852a77f598635a67a222b6c1463c8b46098aed2. The check is bogus as it ends up finding itself and falling over. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/733 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20211206095209.2332376-1-alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-06hw/mips/boston: Fix load_elf() error detectionJiaxun Yang1-2/+3
load_elf() gives negative return in case of error, not zero. Fixes: 10e3f30ff73 ("hw/mips/boston: Allow loading elf kernel and dtb") Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20211130211729.7116-3-jiaxun.yang@flygoat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-06hw/mips/bootloader: Fix write_ulong()Jiaxun Yang1-1/+5
bl_gen_write_ulong uses sd for both 32 and 64 bit CPU, while sd is illegal on 32 bit CPUs. Replace sd with sw on 32bit CPUs. Fixes: 3ebbf86128f ("hw/mips: Add a bootloader helper") Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20211130211729.7116-2-jiaxun.yang@flygoat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-02hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196Philippe Mathieu-Daudé1-1/+13
Guest might select another drive on the bus by setting the DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR). The current controller model doesn't expect a BlockBackend to be NULL. A simple way to fix CVE-2021-20196 is to create an empty BlockBackend when it is missing. All further accesses will be safely handled, and the controller state machines keep behaving correctly. Cc: qemu-stable@nongnu.org Fixes: CVE-2021-20196 Reported-by: Gaoning Pan (Ant Security Light-Year Lab) <pgn@zju.edu.cn> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20211124161536.631563-3-philmd@redhat.com BugLink: https://bugs.launchpad.net/qemu/+bug/1912780 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/338 Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com>
2021-12-02hw/block/fdc: Extract blk_create_empty_drive()Philippe Mathieu-Daudé1-2/+7
We are going to re-use this code in the next commit, so extract it as a new blk_create_empty_drive() function. Inspired-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20211124161536.631563-2-philmd@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
2021-11-30hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queuedPhilippe Mathieu-Daudé1-2/+1
If asked for DMA request and no data is available, simply wait for data to be queued, do not abort. This fixes: $ cat << EOF | \ qemu-system-i386 -nographic -M q35,accel=qtest -serial none \ -monitor none -qtest stdio -trace lsi* \ -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw \ -device lsi53c895a,id=scsi0 -device scsi-hd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=0,lun=0 lsi_reset Reset lsi_reg_write Write reg DSP2 0x2e = 0xff lsi_reg_write Write reg DSP3 0x2f = 0xff lsi_execute_script SCRIPTS dsp=0xffff0000 opcode 0x184a3900 arg 0x4a8b2d75 qemu-system-i386: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed. (gdb) bt #5 0x00007ffff4e8a3a6 in __GI___assert_fail (assertion=0x5555560accbc "s->current", file=0x5555560acc28 "hw/scsi/lsi53c895a.c", line=624, function=0x5555560adb18 "lsi_do_dma") at assert.c:101 #6 0x0000555555aa33b9 in lsi_do_dma (s=0x555557805ac0, out=1) at hw/scsi/lsi53c895a.c:624 #7 0x0000555555aa5042 in lsi_execute_script (s=0x555557805ac0) at hw/scsi/lsi53c895a.c:1250 #8 0x0000555555aa757a in lsi_reg_writeb (s=0x555557805ac0, offset=47, val=255 '\377') at hw/scsi/lsi53c895a.c:1984 #9 0x0000555555aa875b in lsi_mmio_write (opaque=0x555557805ac0, addr=47, val=255, size=1) at hw/scsi/lsi53c895a.c:2095 Cc: qemu-stable@nongnu.org Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Vadim Rozenfeld <vrozenfe@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Reported-by: Jérôme Poulin <jeromepoulin@gmail.com> Reported-by: Ruhr-University <bugs-syssec@rub.de> Reported-by: Gaoning Pan <pgn@zju.edu.cn> Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr> Fixes: b96a0da06bd ("lsi: move dma_len+dma_buf into lsi_request") BugLink: https://bugs.launchpad.net/qemu/+bug/697510 BugLink: https://bugs.launchpad.net/qemu/+bug/1905521 BugLink: https://bugs.launchpad.net/qemu/+bug/1908515 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/84 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/305 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/552 Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Message-Id: <20211123111732.83137-2-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-29target/ppc: fix Hash64 MMU update of PTE bit RLeandro Lupori2-5/+5
When updating the R bit of a PTE, the Hash64 MMU was using a wrong byte offset, causing the first byte of the adjacent PTE to be corrupted. This caused a panic when booting FreeBSD, using the Hash MMU. Fixes: a2dd4e83e76b ("ppc/hash64: Rework R and C bit updates") Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-11-29Merge tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu ↵Richard Henderson6-10/+57
into staging virtio,pci,pc: bugfixes Lots of small fixes all over the place. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Mon 29 Nov 2021 02:50:06 PM CET # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] * tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu: Fix bad overflow check in hw/pci/pcie.c intel-iommu: ignore leaf SNP bit in scalable mode virtio-balloon: correct used length virtio-balloon: process all in sgs for free_page_vq vdpa: Add dummy receive callback failover: fix unplug pending detection virtio-mmio : fix the crash in the vm shutdown Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29Fix bad overflow check in hw/pci/pcie.cDaniella Lee1-2/+2
Orginal qemu commit hash:14d02cfbe4adaeebe7cb833a8cc71191352cf03b In function pcie_add_capability, an assert contains the "offset < offset + size" expression. Both variable offset and variable size are uint16_t, the comparison is always true due to type promotion. The next expression may be the same. It might be like this: Thread 1 "qemu-system-x86" hit Breakpoint 1, pcie_add_capability ( dev=0x555557ce5f10, cap_id=1, cap_ver=2 '\002', offset=256, size=72) at ../hw/pci/pcie.c:930 930 { (gdb) n 931 assert(offset >= PCI_CONFIG_SPACE_SIZE); (gdb) n 932 assert(offset < offset + size); (gdb) p offset $1 = 256 (gdb) p offset < offset + size $2 = 1 (gdb) set offset=65533 (gdb) p offset < offset + size $3 = 1 (gdb) p offset < (uint16_t)(offset + size) $4 = 0 Signed-off-by: Daniella Lee <daniellalee111@gmail.com> Message-Id: <20211126061324.47331-1-daniellalee111@gmail.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-29intel-iommu: ignore leaf SNP bit in scalable modeJason Wang2-0/+8
When booting with scalable mode, I hit this error: qemu-system-x86_64: vtd_iova_to_slpte: detected splte reserve non-zero iova=0xfffff002, level=0x1slpte=0x102681803) qemu-system-x86_64: vtd_iommu_translate: detected translation failure (dev=01:00:00, iova=0xfffff002) qemu-system-x86_64: New fault is not recorded due to compression of faults This is because the SNP bit is set for second level page table since Linux kernel commit 6c00612d0cba1 ("iommu/vt-d: Report right snoop capability when using FL for IOVA") even if SC is not supported by the hardware. To unbreak the guest, ignore the leaf SNP bit for scalable mode first. In the future we may consider to add SC support. Signed-off-by: Jason Wang <jasowang@redhat.com> Message-Id: <20211129033618.3857-1-jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com>
2021-11-29virtio-balloon: correct used lengthJason Wang1-3/+3
Spec said: "and len the total of bytes written into the buffer." For inflateq, deflateq and statsq, we don't process in_sg so the used length should be zero. For free_page_vq, tough the pages could be changed by the device (in the destination), spec said: "Note: len is particularly useful for drivers using untrusted buffers: if a driver does not know exactly how much has been written by the device, the driver would have to zero the buffer in advance to ensure no data leakage occurs." So 0 should be used as well here. Signed-off-by: Jason Wang <jasowang@redhat.com> Message-Id: <20211129030841.3611-2-jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com>
2021-11-29virtio-balloon: process all in sgs for free_page_vqJason Wang1-2/+5
We only process the first in sg which may lead to the bitmap of the pages belongs to following sgs were not cleared. This may result more pages to be migrated. Fixing this by process all in sgs for free_page_vq. Acked-by: David Hildenbrand <david@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Message-Id: <20211129030841.3611-1-jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-29hw/intc/arm_gicv3: fix handling of LPIs in list registersPeter Maydell1-3/+2
It is valid for an OS to put virtual interrupt ID values into the list registers ICH_LR<n> which are greater than 1023. This corresponds to (for example) KVM using the in-kernel emulated ITS to give a (nested) guest an ITS. LPIs are delivered by the L1 kernel to the L2 guest via the list registers in the same way as non-LPI interrupts. QEMU's code for handling writes to ICV_IARn (which happen when the L2 guest acknowledges an interrupt) and to ICV_EOIRn (which happen at the end of the interrupt) did not consider LPIs, so it would incorrectly treat interrupt IDs above 1023 as invalid. Fix this by using the correct condition, which is gicv3_intid_is_special(). Note that the condition in icv_dir_write() is correct -- LPIs are not valid there and so we want to ignore both "special" ID values and LPIs. (In the pseudocode this logic is in: - VirtualReadIAR0(), VirtualReadIAR1(), which call IsSpecial() - VirtualWriteEOIR0(), VirtualWriteEOIR1(), which call VirtualIdentifierValid(data, TRUE) meaning "LPIs OK" - VirtualWriteDIR(), which calls VirtualIdentifierValid(data, FALSE) meaning "LPIs not OK") This bug doesn't seem to have any visible effect on Linux L2 guests most of the time, because the two bugs cancel each other out: we neither mark the interrupt active nor deactivate it. However it does mean that the L2 vCPU priority while the LPI handler is running will not be correct, so the interrupt handler could be unexpectedly interrupted by a different interrupt. (NB: this has nothing to do with using QEMU's emulated ITS.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc Zyngier <maz@kernel.org>
2021-11-28failover: fix unplug pending detectionLaurent Vivier1-3/+27
Failover needs to detect the end of the PCI unplug to start migration after the VFIO card has been unplugged. To do that, a flag is set in pcie_cap_slot_unplug_request_cb() and reset in pcie_unplug_device(). But since 17858a169508 ("hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35") we have switched to ACPI unplug and these functions are not called anymore and the flag not set. So failover migration is not able to detect if card is really unplugged and acts as it's done as soon as it's started. So it doesn't wait the end of the unplug to start the migration. We don't see any problem when we test that because ACPI unplug is faster than PCIe native hotplug and when the migration really starts the unplug operation is already done. See c000a9bd06ea ("pci: mark device having guest unplug request pending") a99c4da9fc2a ("pci: mark devices partially unplugged") Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Ani Sinha <ani@anisinha.ca> Message-Id: <20211118133225.324937-4-lvivier@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-28virtio-mmio : fix the crash in the vm shutdownCindy Lu1-0/+12
The root cause for this crash is the ioeventfd not stopped while the VM stop. The callback for vmstate_change was not implement in virtio-mmio bus Reproduce step load the vm with -M microvm \ -netdev tap,id=net0,vhostforce,script=no,downscript=no \ -device virtio-net-device,netdev=net0\ After the VM boot, login the vm and then shutdown the vm System will crash [Current thread is 1 (Thread 0x7ffff6edde00 (LWP 374378))] (gdb) bt 0 0x00005555558f18b4 in qemu_flush_or_purge_queued_packets (purge=false, nc=0x55500252e850) at ../net/net.c:636 1 qemu_flush_queued_packets (nc=0x55500252e850) at ../net/net.c:656 2 0x0000555555b6c363 in virtio_queue_notify_vq (vq=0x7fffe7e2b010) at ../hw/virtio/virtio.c:2339 3 virtio_queue_host_notifier_read (n=0x7fffe7e2b08c) at ../hw/virtio/virtio.c:3583 4 0x0000555555de7b5a in aio_dispatch_handler (ctx=ctx@entry=0x5555567c5780, node=0x555556b83fd0) at ../util/aio-posix.c:329 5 0x0000555555de8454 in aio_dispatch_ready_handlers (ready_list=<optimized out>, ctx=<optimized out>) at ../util/aio-posix.c:359 6 aio_poll (ctx=0x5555567c5780, blocking=blocking@entry=false) at ../util/aio-posix.c:662 7 0x0000555555cce0cc in monitor_cleanup () at ../monitor/monitor.c:645 8 0x0000555555b06bd2 in qemu_cleanup () at ../softmmu/runstate.c:822 9 0x000055555586e693 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../softmmu/main.c:51 Signed-off-by: Cindy Lu <lulu@redhat.com> Message-Id: <20211109023744.22387-1-lulu@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-26hw/intc/arm_gicv3: Add new gicv3_intid_is_special() functionPeter Maydell2-2/+15
The GICv3/v4 pseudocode has a function IsSpecial() which returns true if passed a "special" interrupt ID number (anything between 1020 and 1023 inclusive). We open-code this condition in a couple of places, so abstract it out into a new function gicv3_intid_is_special(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc Zyngier <maz@kernel.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2021-11-26hw/intc/arm_gicv3: Update cached state after LPI state changesPeter Maydell3-6/+31
The logic of gicv3_redist_update() is as follows: * it must be called in any code path that changes the state of (only) redistributor interrupts * if it finds a redistributor interrupt that is (now) higher priority than the previous highest-priority pending interrupt, then this must be the new highest-priority pending interrupt * if it does *not* find a better redistributor interrupt, then: - if the previous state was "no interrupts pending" then the new state is still "no interrupts pending" - if the previous best interrupt was not a redistributor interrupt then that remains the best interrupt - if the previous best interrupt *was* a redistributor interrupt, then the new best interrupt must be some non-redistributor interrupt, but we don't know which so must do a full scan In commit 17fb5e36aabd4b2c125 we effectively added the LPI interrupts as a kind of "redistributor interrupt" for this purpose, by adding cs->hpplpi to the set of things that gicv3_redist_update() considers before it gives up and decides to do a full scan of distributor interrupts. However we didn't quite get this right: * the condition check for "was the previous best interrupt a redistributor interrupt" must be updated to include LPIs in what it considers to be redistributor interrupts * every code path which updates the LPI state which gicv3_redist_update() checks must also call gicv3_redist_update(): this is cs->hpplpi and the GICR_CTLR ENABLE_LPIS bit This commit fixes this by: * correcting the test on cs->hppi.irq in gicv3_redist_update() * making gicv3_redist_update_lpi() always call gicv3_redist_update() * introducing a new gicv3_redist_update_lpi_only() for the one callsite (the post-load hook) which must not call gicv3_redist_update() * making gicv3_redist_lpi_pending() always call gicv3_redist_update(), either directly or via gicv3_redist_update_lpi() * removing a couple of now-unnecessary calls to gicv3_redist_update() from some callers of those two functions * calling gicv3_redist_update() when the GICR_CTLR ENABLE_LPIS bit is cleared (This means that the not-file-local gicv3_redist_* LPI related functions now all take care of the updates of internally cached GICv3 information, in the same way the older functions gicv3_redist_set_irq() and gicv3_redist_send_sgi() do.) The visible effect of this bug was that when the guest acknowledged an LPI by reading ICC_IAR1_EL1, we marked it as not pending in the LPI data structure but still left it in cs->hppi so we would offer it to the guest again. In particular for setups using an emulated GICv3 and ITS and using devices which use LPIs (ie PCI devices) a Linux guest would complain "irq 54: nobody cared" and then hang. (The hang was intermittent, presumably depending on the timing between different interrupts arriving and being completed.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20211124202005.989935-1-peter.maydell@linaro.org
2021-11-26hw/intc: cannot clear GICv3 ITS CTLR[Enabled] bitShashi Mallela1-3/+4
When Enabled bit is cleared in GITS_CTLR,ITS feature continues to be enabled.This patch fixes the issue. Signed-off-by: Shashi Mallela <shashi.mallela@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20211124182246.67691-1-shashi.mallela@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-11-26hw/arm/virt: Extend nested and mte checks to hvfAlexander Graf1-6/+9
The virt machine has properties to enable MTE and Nested Virtualization support. However, its check to ensure the backing accel implementation supports it today only looks for KVM and bails out if it finds it. Extend the checks to HVF as well as it does not support either today. This will cause QEMU to print a useful error message rather than silently ignoring the attempt by the user to enable either MTE or the Virtualization extensions. Reported-by: saar amar <saaramar5@gmail.com> Signed-off-by: Alexander Graf <agraf@csgraf.de> Message-id: 20211123122859.22452-1-agraf@csgraf.de Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>