aboutsummaryrefslogtreecommitdiff
path: root/target
AgeCommit message (Collapse)AuthorFilesLines
2017-12-14s390x/tcg: drop potential_page_fault()David Hildenbrand1-7/+2
Only one user left, get rid of it so we don't get any new users. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-17-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/tcg: drop program_interrupt()David Hildenbrand2-18/+5
All users are gone, we can finally drop it and make sure that all new program interrupt injections are reminded of the retaddr - as they have to use s390_program_interrupt() now. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-16-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/tcg: use s390_program_interrupt() in STSIDavid Hildenbrand2-2/+1
STSI needs some more love, but let's do one step at a time. We can now drop potential_page_fault(). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-15-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/tcg: use s390_program_interrupt() in SACFDavid Hildenbrand1-1/+1
Convert this user, too. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-14-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/tcg: use s390_program_interrupt() in per_check_exception()David Hildenbrand2-4/+1
We can now drop updating the cc. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-13-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/tcg: use s390_program_interrupt() in DIAGDavid Hildenbrand2-4/+1
Now we can drop the two save statements in the translate function. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-12-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/tcg: use s390_program_interrupt() in SCLP Service CallDavid Hildenbrand2-4/+2
Now we can drop potential_page_fault(). While at it, move the unlock further up, looks cleaner. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-11-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/tcg: io instructions don't need potential_page_fault()David Hildenbrand1-10/+0
As we handle the retaddr in all cases properly now, we can drop it. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-10-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/tcg: don't exit the cpu loop in s390_cpu_virt_mem_rw()David Hildenbrand1-3/+6
s390_cpu_virt_mem_rw() must always return, so callers can react on an exception (e.g. see ioinst_handle_stcrw()). Therefore, using program_interrupt() is wrong. Fix that up. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-9-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x: handle exceptions during s390_cpu_virt_mem_rw() correctly (TCG)David Hildenbrand3-3/+32
s390_cpu_virt_mem_rw() must always return, so callers can react on an exception (e.g. see ioinst_handle_stcrw()). However, for TCG we always have to exit the cpu loop (and restore the cpu state before that) if we injected a program interrupt. So let's introduce and use s390_cpu_virt_mem_handle_exc() in code that is not purely KVM. Directly pass the retaddr we already have available in these functions. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-8-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/diag: pass the retaddr into handle_diag_308()David Hildenbrand4-10/+11
Needed to later drop potential_page_fault() from the diag TCG translate function. Convert program_interrupt() to s390_program_interrupt() directly, making use of the passed address. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-7-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/pci: pass the retaddr to all PCI instructionsDavid Hildenbrand1-7/+7
Once we wire up TCG, we will need the retaddr to correctly inject program interrupts. As we want to get rid of the function program_interrupt(), convert PCI code too. For KVM, we can simply use RA_IGNORED. Convert program_interrupt() to s390_program_interrupt() directly, making use of the passed address. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-6-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/ioinst: pass the retaddr to all IO instructionsDavid Hildenbrand5-69/+75
TCG needs the retaddr when injecting an interrupt. Let's just pass it along and use RA_IGNORED for KVM. The value will be completely ignored for KVM. Convert program_interrupt() to s390_program_interrupt() directly, making use of the passed address. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-5-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/tcg: rip out dead tpi codeDavid Hildenbrand2-27/+0
It is broken and not even wired up. We'll add a new handler soon, but that will live somewhere else. Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-4-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/tcg: get rid of runtime_exception()David Hildenbrand4-26/+8
Let's use s390_program_interrupt() instead. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-3-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/tcg: introduce and use s390_program_interrupt()David Hildenbrand6-35/+30
Allows to easily convert more callers of program_interrupt() and to easily introduce new exceptions without forgetting about the cpu state reset. Use s390_program_interrupt() in places where we already had the same pattern. We will later get rid of program_interrupt(). RA != 0 checks are already done behind the scenes. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171130162744.25442-2-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14target/s390x: nuke DPRINTF in helper.cCornelia Huck1-18/+0
It is not used anywhere. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14s390x/migration: use zero flag parameterChristian Borntraeger1-8/+8
valgrind pointed out that we call KVM_S390_GET_IRQ_STATE with an undefined value for flags. Kernels prior to 4.15 did not use that field, and later kernels ignore it for compatibility reasons, but we better play safe. The same is true for SET_IRQ_STATE. We should make sure to not use the flag field, either. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20171122142627.73170-2-borntraeger@de.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-13target/arm: Extend PAR format determinationEdgar E. Iglesias1-4/+29
Now that do_ats_write() is entirely in control of whether to generate a 32-bit PAR or a 64-bit PAR, we can make it use the correct (complicated) condition for doing so. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1512503192-2239-13-git-send-email-peter.maydell@linaro.org [PMM: Rebased Edgar's patch on top of get_phys_addr() refactoring; use arm_s1_regime_using_lpae_format() rather than regime_using_lpae_format() because the latter will assert if passed ARMMMUIdx_S12NSE0 or ARMMMUIdx_S12NSE1; updated commit message appropriately] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-13target/arm: Remove fsr argument from get_phys_addr() and arm_tlb_fill()Peter Maydell3-34/+16
All of the callers of get_phys_addr() and arm_tlb_fill() now ignore the FSR values they return, so we can just remove the argument entirely. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1512503192-2239-12-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Ignore fsr from get_phys_addr() in do_ats_write()Peter Maydell1-6/+10
In do_ats_write(), rather than using the FSR value from get_phys_addr(), construct the PAR values using the information in the ARMMMUFaultInfo struct. This allows us to create a PAR of the correct format regardless of what the translation table format is. For the moment we leave the condition for "when should this be a 64 bit PAR" as it was previously; this will need to be fixed to properly support AArch32 Hyp mode. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1512503192-2239-11-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Use ARMMMUFaultInfo in deliver_fault()Peter Maydell1-57/+22
Now that ARMMMUFaultInfo is guaranteed to have enough information to construct a fault status code, we can pass it in to the deliver_fault() function and let it generate the correct type of FSR for the destination, rather than relying on the value provided by get_phys_addr(). I don't think there are any cases the old code was getting wrong, but this is more obviously correct. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1512503192-2239-10-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Convert get_phys_addr_pmsav8() to not return FSC valuesPeter Maydell1-11/+18
Make get_phys_addr_pmsav8() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1512503192-2239-9-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Convert get_phys_addr_pmsav7() to not return FSC valuesPeter Maydell1-4/+7
Make get_phys_addr_pmsav7() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1512503192-2239-8-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Convert get_phys_addr_pmsav5() to not return FSC valuesPeter Maydell1-7/+13
Make get_phys_addr_pmsav5() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Note that PMSAv5 does not define any guest-visible fault status register, so the different "fsr" values we were previously returning are entirely arbitrary. So we can just switch to using the most appropriae fi->type values without worrying that we need to special-case FaultInfo->FSC conversion for PMSAv5. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1512503192-2239-7-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Convert get_phys_addr_lpae() to not return FSC valuesPeter Maydell1-23/+18
Make get_phys_addr_v6() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1512503192-2239-6-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Convert get_phys_addr_v6() to not return FSC valuesPeter Maydell1-18/+22
Make get_phys_addr_v6() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1512503192-2239-5-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Convert get_phys_addr_v5() to not return FSC valuesPeter Maydell1-15/+18
Make get_phys_addr_v5() return a fault type in the ARMMMUFaultInfo structure, which we convert to the FSC at the callsite. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1512503192-2239-4-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Remove fsr argument from arm_ld*_ptw()Peter Maydell1-13/+11
All the callers of arm_ldq_ptw() and arm_ldl_ptw() ignore the value that those functions store in the fsr argument on failure: if they return failure to their callers they will always overwrite the fsr value with something else. Remove the argument from these functions and S1_ptw_translate(). This will simplify removing fsr from the calling functions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1512503192-2239-3-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Provide fault type enum and FSR conversion functionsPeter Maydell1-0/+185
Currently get_phys_addr() and its various subfunctions return a hard-coded fault status register value for translation failures. This is awkward because FSR values these days may be either long-descriptor format or short-descriptor format. Worse, the right FSR type to use doesn't depend only on the translation table being walked -- some cases, like fault info reported to AArch32 EL2 for some kinds of ATS operation, must be in long-descriptor format even if the translation table being walked was short format. We can't get those cases right with our current approach. Provide fields in the ARMMMUFaultInfo struct which allow get_phys_addr() to provide sufficient information for a caller to construct an FSR value themselves, and utility functions which do this for both long and short format FSR values, as a first step in switching get_phys_addr() and its children to only returning the failure cause in the ARMMMUFaultInfo struct. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1512503192-2239-2-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Implement TT instructionPeter Maydell3-1/+138
Implement the TT instruction which queries the security state and access permissions of a memory location. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-8-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Factor MPU lookup code out of get_phys_addr_pmsav8()Peter Maydell1-51/+79
For the TT instruction we're going to need to do an MPU lookup that also tells us which MPU region the access hit. This requires us to do the MPU lookup without first doing the SAU security access check, so pull the MPU lookup parts of get_phys_addr_pmsav8() out into their own function. The TT instruction also needs to know the MPU region number which the lookup hit, so provide this information to the caller of the MPU lookup code, even though get_phys_addr_pmsav8() doesn't need to know it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-7-git-send-email-peter.maydell@linaro.org Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-12-13target/arm: Create new arm_v7m_mmu_idx_for_secstate_and_priv()Peter Maydell1-5/+16
The TT instruction is going to need to look up the MMU index for a specified security and privilege state. Refactor the existing arm_v7m_mmu_idx_for_secstate() into a version that lets you specify the privilege state and one that uses the current state of the CPU. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-6-git-send-email-peter.maydell@linaro.org Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-12-13target/arm: Split M profile MNegPri mmu index into user and privPeter Maydell4-29/+50
For M profile, we currently have an mmu index MNegPri for "requested execution priority negative". This fails to distinguish "requested execution priority negative, privileged" from "requested execution priority negative, usermode", but the two can return different results for MPU lookups. Fix this by splitting MNegPri into MNegPriPriv and MNegPriUser, and similarly for the Secure equivalent MSNegPri. This takes us from 6 M profile MMU modes to 8, which means we need to bump NB_MMU_MODES; this is OK since the point where we are forced to reduce TLB sizes is 9 MMU modes. (It would in theory be possible to stick with 6 MMU indexes: {mpu-disabled,user,privileged} x {secure,nonsecure} since in the MPU-disabled case the result of an MPU lookup is always the same for both user and privileged code. However we would then need to rework the TB flags handling to put user/priv into the TB flags separately from the mmuidx. Adding an extra couple of mmu indexes is simpler.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-5-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Add missing M profile case to regime_is_user()Peter Maydell1-0/+1
When we added the ARMMMUIdx_MSUser MMU index we forgot to add it to the case statement in regime_is_user(), so we weren't treating it as unprivileged when doing MPU lookups. Correct the omission. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-4-git-send-email-peter.maydell@linaro.org Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-12-13target/arm: Allow explicit writes to CONTROL.SPSEL in Handler modePeter Maydell1-1/+4
In ARMv7M the CPU ignores explicit writes to CONTROL.SPSEL in Handler mode. In v8M the behaviour is slightly different: writes to the bit are permitted but will have no effect. We've already done the hard work to handle the value in CONTROL.SPSEL being out of sync with what stack pointer is actually in use, so all we need to do to fix this last loose end is to update the condition we use to guard whether we call write_v7m_control_spsel() on the register write. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-3-git-send-email-peter.maydell@linaro.org
2017-12-13target/arm: Handle SPSEL and current stack being out of sync in MSP/PSP readsPeter Maydell1-6/+4
For v8M it is possible for the CONTROL.SPSEL bit value and the current stack to be out of sync. This means we need to update the checks used in reads and writes of the PSP and MSP special registers to use v7m_using_psp() rather than directly checking the SPSEL bit in the control register. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1512153879-5291-2-git-send-email-peter.maydell@linaro.org Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-12-11target/arm: Generate UNDEF for 32-bit Thumb2 insnsPeter Maydell1-1/+4
The refactoring of commit 296e5a0a6c3935 has a nasty bug: it accidentally dropped the generation of code to raise the UNDEF exception when disas_thumb2_insn() returns nonzero. This means that 32-bit Thumb2 instruction patterns that ought to UNDEF just act like nops instead. This is likely to break any number of things, including the kernel's "disable the FPU and use the UNDEF exception to identify when to turn it back on again" trick. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1513006964-3371-1-git-send-email-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2017-12-05target/ppc: Fix system lockups caused by interrupt_request state corruptionRichard Purdie2-6/+18
Occasionally in Linux guests on x86_64 we're seeing logs like: ppc_set_irq: 0x55b4e0d562f0 n_IRQ 8 level 1 => pending 00000100req 00000004 when they should read: ppc_set_irq: 0x55b4e0d562f0 n_IRQ 8 level 1 => pending 00000100req 00000002 The "00000004" is CPU_INTERRUPT_EXITTB yet the code calls cpu_interrupt(cs, CPU_INTERRUPT_HARD) ("00000002") in this function just before the log message. Something is causing the HARD bit setting to get lost. The knock on effect of losing that bit is the decrementer timer interrupts don't get delivered which causes the guest to sit idle in its idle handler and 'hang'. The issue occurs due to races from code which sets CPU_INTERRUPT_EXITTB. Rather than poking directly into cs->interrupt_request, that code needs to: a) hold BQL b) use the cpu_interrupt() helper This patch fixes the call sites to do this, fixing the hang. The calls are made from a variety of contexts so a helper function is added to handle the necessary locking. This can likely be improved and optimised in the future but it ensures the code is correct and doesn't lockup as it stands today. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-30target-ppc: Don't invalidate non-supported msr bitsKurban Mallachiev1-2/+2
The msr invalidation code (commits 993eb and 2360b) inverts all bits except MSR_TGPR and MSR_HVB. On non PowerPC 601 processors this leads to incorrect change of excp_prefix in hreg_store_msr() function. The problem is that new msr value get multiplied by msr_mask and inverted msr does not, thus values of MSR_EP bit in new msr value and inverted msr are distinct, so that excp_prefix changes but should not. Signed-off-by: Kurban Mallachiev <mallachiev@ispras.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-27target/ppc: Fix setting of cpu->compat_pvr on incoming migrationSuraj Jitindar Singh1-1/+3
cpu->compat_pvr is used to store the current compat mode of the cpu. On the receiving side during incoming migration we check compatibility with the compat mode by calling ppc_set_compat(). However we fail to set the compat mode with the hypervisor since the "new" compat mode doesn't differ from the current (due to a "cpu->compat_pvr != compat_pvr" check). This means that kvm runs the vcpus without a compat mode, which is the incorrect behaviour. The implication being that a compatibility mode will never be in effect after migration. To fix this so that the compat mode is correctly set with the hypervisor, store the desired compat mode and reset cpu->compat_pvr to zero before calling ppc_set_compat(). Fixes: 5dfaa532 ("ppc: fix ppc_set_compat() with KVM PR") Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-22ppc: fix VTB migrationLaurent Vivier1-2/+2
Migration of a system under stress (for example, with "stress-ng --numa 2") triggers on the destination some kernel watchdog messages like: NMI watchdog: BUG: soft lockup - CPU#0 stuck for 3489660870s! NMI watchdog: BUG: soft lockup - CPU#1 stuck for 3489660884s! This problem appears with the changes introduced by 42043e4 spapr: clock should count only if vm is running I think this commit only triggers the problem. Kernel computes the soft lockup duration using the Virtual Timebase register (VTB), not using the Timebase Register (TBR, the one 42043e4 stops). It appears VTB is not migrated, so this patch adds it in the list of the SPRs to migrate, and fixes the problem. For the migration, I've tested a migration from qemu-2.8.0 and pseries-2.8.0 to a patched master (qemu-2.11.0-rc1). The received VTB is 0 (as is it not initialized by qemu-2.8.0), but the value seems to be ignored by KVM and a non zero VTB is used by the kernel. I have no explanation for that, but as the original problem appears only with SMP system under stress I suspect some problems in KVM (I think because VTB is shared by all threads of a core). Signed-off-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-21Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20171120' ↵Peter Maydell1-0/+8
into staging late linux-user fixes for Qemu 2.11 # gpg: Signature made Mon 20 Nov 2017 21:19:00 GMT # gpg: using RSA key 0xB44890DEDE3C9BC0 # gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>" # gpg: aka "Riku Voipio <riku.voipio@linaro.org>" # Primary key fingerprint: FF82 03C8 C391 98AE 0581 41EF B448 90DE DE3C 9BC0 * remotes/riku/tags/pull-linux-user-20171120: linux-user: Fix calculation of auxv length linux-user: Handle rt_sigaction correctly for SPARC linux-user/sparc: Put address for data faults where linux-user expects it linux-user/ppc: Report correct fault address for data faults linux-user/s390x: Mask si_addr for SIGSEGV linux-user: return EINVAL from prctl(PR_*_SECCOMP) linux-user: fix 'finshed' typo in comment linux-user/syscall.c: Handle SH4's exceptional alignment for p{read, write}64 linux-user: Handle TARGET_MAP_STACK and TARGET_MAP_HUGETLB linux-user/hppa: Fix TARGET_F_RDLCK, TARGET_F_WRLCK, TARGET_F_UNLCK linux-user/hppa: Fix TARGET_MAP_TYPE linux-user/hppa: Fix typo for TARGET_NR_epoll_wait linux-user/hppa: Fix cpu_clone_regs linux-user/hppa: Fix TARGET_SA_* defines linux-user: Restrict usage of sa_restorer Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-21Merge remote-tracking branch ↵Peter Maydell1-5/+41
'remotes/pmaydell/tags/pull-target-arm-20171120' into staging target-arm queue: * hw/arm: Silence xlnx-ep108 deprecation warning during tests * hw/arm/aspeed: Unlock SCU when running kernel * arm: check regime, not current state, for ATS write PAR format * nvic: Fix ARMv7M MPU_RBAR reads * target/arm: Report GICv3 sysregs present in ID registers if needed # gpg: Signature made Mon 20 Nov 2017 17:35:25 GMT # gpg: using RSA key 0x3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20171120: hw/arm: Silence xlnx-ep108 deprecation warning during tests hw/arm/aspeed: Unlock SCU when running kernel arm: check regime, not current state, for ATS write PAR format nvic: Fix ARMv7M MPU_RBAR reads target/arm: Report GICv3 sysregs present in ID registers if needed Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-20arm: check regime, not current state, for ATS write PAR formatPeter Maydell1-1/+1
In do_ats_write(), rather than using extended_addresses_enabled() to decide whether the value we get back from get_phys_addr() is a 64-bit format PAR or a 32-bit one, use arm_s1_regime_using_lpae_format(). This is not really the correct answer, because the PAR format depends on the AT instruction being used, not just on the translation regime. However getting this correct requires a significant refactoring, so that get_phys_addr() returns raw information about the fault which the caller can then assemble into a suitable FSR/PAR/syndrome for its purposes, rather than get_phys_addr() returning a pre-formatted FSR. However this change at least improves the situation by making the PAR work correctly for address translation operations done at AArch64 EL2 on the EL2 translation regime. In particular, this is necessary for Xen to be able to run in our emulation, so this seems like a safer interim fix given that we are in freeze. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1509719814-6191-1-git-send-email-peter.maydell@linaro.org
2017-11-20target/arm: Report GICv3 sysregs present in ID registers if neededPeter Maydell1-4/+40
The CPU ID registers ID_AA64PFR0_EL1, ID_PFR1_EL1 and ID_PFR1 have a field for reporting presence of GICv3 system registers. We need to report this field correctly in order for Xen to work as a guest inside QEMU emulation. We mustn't incorrectly claim the sysregs exist when they don't, though, or Linux will crash. Unfortunately the way we've designed the GICv3 emulation in QEMU puts the system registers as part of the GICv3 device, which may be created after the CPU proper has been realized. This means that we don't know at the point when we define the ID registers what the correct value is. Handle this by switching them to calling a function at runtime to read the value, where we can fill in the GIC field appropriately. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1510066898-3725-1-git-send-email-peter.maydell@linaro.org
2017-11-20s390x/tcg: fix DIAG 308 with > 1 VCPU (MTTCG)David Hildenbrand1-0/+2
Currently, multi threaded TCG with > 1 VCPU gets stuck during IPL, when the bios tries to switch to the loaded kernel via DIAG 308. As run_on_cpu() is used, we run into a deadlock after handling the reset. We need the iolock (just like KVM). Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171116170526.12643-4-david@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-11-20s390x: fix storing CPU status (again)David Hildenbrand1-1/+1
Looks like the last fix + cleanup introduced another bug. (for now Linux guests don't seem to care) - we store the crs into ars. Fixes: 947a38bd6f13 ("s390x/kvm: fix and cleanup storing CPU status") Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20171116170526.12643-2-david@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-11-16Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell1-1/+1
Miscellaneous bugfixes # gpg: Signature made Wed 15 Nov 2017 15:27:25 GMT # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: fix scripts/update-linux-headers.sh here document exec: Do not resolve subpage in mru_section util/stats64: Fix min/max comparisons cpu-exec: avoid cpu_exec_nocache infinite loop with record/replay cpu-exec: don't overwrite exception_index vhost-user-scsi: add missing virtqueue_size param target-i386: adds PV_TLB_FLUSH CPUID feature bit thread-posix: fix qemu_rec_mutex_trylock macro Makefile: simpler/faster "make help" ioapic/tracing: Remove last DPRINTFs Enable 8-byte wide MMIO for 16550 serial devices Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-15target/arm: Fix GETPC usage in do_paired_cmpxchg64_l/beRichard Henderson1-8/+6
Use of GETPC must be restricted to those functions that are directly called from TCG generated code. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Fixes: 2399d4e7cec22ecf1c51062d2ebfd45220dbaace Signed-off-by: Richard Henderson <richard.henderson@linaro.org>