From 1cb169b27a7e78176de2101ce7c0a577945c8dec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Sat, 19 Sep 2020 15:24:35 +0200 Subject: hw/ssi/npcm7xx_fiu: Fix handling of unsigned integer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix integer handling issues handling issue reported by Coverity: hw/ssi/npcm7xx_fiu.c: 162 in npcm7xx_fiu_flash_read() >>> CID 1432730: Integer handling issues (NEGATIVE_RETURNS) >>> "npcm7xx_fiu_cs_index(fiu, f)" is passed to a parameter that cannot be negative. 162 npcm7xx_fiu_select(fiu, npcm7xx_fiu_cs_index(fiu, f)); hw/ssi/npcm7xx_fiu.c: 221 in npcm7xx_fiu_flash_write() 218 cs_id = npcm7xx_fiu_cs_index(fiu, f); 219 trace_npcm7xx_fiu_flash_write(DEVICE(fiu)->canonical_path, cs_id, addr, 220 size, v); >>> CID 1432729: Integer handling issues (NEGATIVE_RETURNS) >>> "cs_id" is passed to a parameter that cannot be negative. 221 npcm7xx_fiu_select(fiu, cs_id); Since the index of the flash can not be negative, return an unsigned type. Reported-by: Coverity (CID 1432729 & 1432730: NEGATIVE_RETURNS) Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Havard Skinnemoen Message-id: 20200919132435.310527-1-f4bug@amsat.org Signed-off-by: Peter Maydell --- hw/ssi/npcm7xx_fiu.c | 12 ++++++------ hw/ssi/trace-events | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'hw') diff --git a/hw/ssi/npcm7xx_fiu.c b/hw/ssi/npcm7xx_fiu.c index 104e8f2..5040132 100644 --- a/hw/ssi/npcm7xx_fiu.c +++ b/hw/ssi/npcm7xx_fiu.c @@ -103,7 +103,8 @@ enum NPCM7xxFIURegister { * Returns the index of flash in the fiu->flash array. This corresponds to the * chip select ID of the flash. */ -static int npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu, NPCM7xxFIUFlash *flash) +static unsigned npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu, + NPCM7xxFIUFlash *flash) { int index = flash - fiu->flash; @@ -113,20 +114,19 @@ static int npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu, NPCM7xxFIUFlash *flash) } /* Assert the chip select specified in the UMA Control/Status Register. */ -static void npcm7xx_fiu_select(NPCM7xxFIUState *s, int cs_id) +static void npcm7xx_fiu_select(NPCM7xxFIUState *s, unsigned cs_id) { trace_npcm7xx_fiu_select(DEVICE(s)->canonical_path, cs_id); if (cs_id < s->cs_count) { qemu_irq_lower(s->cs_lines[cs_id]); + s->active_cs = cs_id; } else { qemu_log_mask(LOG_GUEST_ERROR, "%s: UMA to CS%d; this module has only %d chip selects", DEVICE(s)->canonical_path, cs_id, s->cs_count); - cs_id = -1; + s->active_cs = -1; } - - s->active_cs = cs_id; } /* Deassert the currently active chip select. */ @@ -206,7 +206,7 @@ static void npcm7xx_fiu_flash_write(void *opaque, hwaddr addr, uint64_t v, NPCM7xxFIUFlash *f = opaque; NPCM7xxFIUState *fiu = f->fiu; uint32_t dwr_cfg; - int cs_id; + unsigned cs_id; int i; if (fiu->active_cs != -1) { diff --git a/hw/ssi/trace-events b/hw/ssi/trace-events index 2f83ef8..612d3d6 100644 --- a/hw/ssi/trace-events +++ b/hw/ssi/trace-events @@ -19,4 +19,4 @@ npcm7xx_fiu_deselect(const char *id, int cs) "%s deselect CS%d" npcm7xx_fiu_ctrl_read(const char *id, uint64_t addr, uint32_t data) "%s offset: 0x%04" PRIx64 " value: 0x%08" PRIx32 npcm7xx_fiu_ctrl_write(const char *id, uint64_t addr, uint32_t data) "%s offset: 0x%04" PRIx64 " value: 0x%08" PRIx32 npcm7xx_fiu_flash_read(const char *id, int cs, uint64_t addr, unsigned int size, uint64_t value) "%s[%d] offset: 0x%08" PRIx64 " size: %u value: 0x%" PRIx64 -npcm7xx_fiu_flash_write(const char *id, int cs, uint64_t addr, unsigned int size, uint64_t value) "%s[%d] offset: 0x%08" PRIx64 " size: %u value: 0x%" PRIx64 +npcm7xx_fiu_flash_write(const char *id, unsigned cs, uint64_t addr, unsigned int size, uint64_t value) "%s[%d] offset: 0x%08" PRIx64 " size: %u value: 0x%" PRIx64 -- cgit v1.1 From b8bf3472ccb4e5265dc6ec148a38f4b4dd5ac896 Mon Sep 17 00:00:00 2001 From: Graeme Gregory Date: Wed, 7 Oct 2020 11:07:31 +0100 Subject: hw/arm/sbsa-ref : Fix SMMUv3 Initialisation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SMMUv3 has an error in a previous patch where an i was transposed to a 1 meaning interrupts would not have been correctly assigned to the SMMUv3 instance. Fixes: 48ba18e6d3f3 ("hw/arm/sbsa-ref: Simplify by moving the gic in the machine state") Signed-off-by: Graeme Gregory Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Eric Auger Message-id: 20201007100732.4103790-2-graeme@nuviainc.com Signed-off-by: Peter Maydell --- hw/arm/sbsa-ref.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hw') diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c index 9c3a893..65e6488 100644 --- a/hw/arm/sbsa-ref.c +++ b/hw/arm/sbsa-ref.c @@ -525,7 +525,7 @@ static void create_smmu(const SBSAMachineState *sms, PCIBus *bus) sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); for (i = 0; i < NUM_SMMU_IRQS; i++) { sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, - qdev_get_gpio_in(sms->gic, irq + 1)); + qdev_get_gpio_in(sms->gic, irq + i)); } } -- cgit v1.1 From 04788fd5c5577cbe5fb61107cdd9732479c793ca Mon Sep 17 00:00:00 2001 From: Graeme Gregory Date: Wed, 7 Oct 2020 11:07:32 +0100 Subject: hw/arm/sbsa-ref : allocate IRQs for SMMUv3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original commit did not allocate IRQs for the SMMUv3 in the irqmap effectively using irq 0->3 (shared with other devices). Assuming original intent was to allocate unique IRQs then add an allocation to the irqmap. Fixes: e9fdf453240 ("hw/arm: Add arm SBSA reference machine, devices part") Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Graeme Gregory Reviewed-by: Eric Auger Message-id: 20201007100732.4103790-3-graeme@nuviainc.com Signed-off-by: Peter Maydell --- hw/arm/sbsa-ref.c | 1 + 1 file changed, 1 insertion(+) (limited to 'hw') diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c index 65e6488..0186351 100644 --- a/hw/arm/sbsa-ref.c +++ b/hw/arm/sbsa-ref.c @@ -133,6 +133,7 @@ static const int sbsa_ref_irqmap[] = { [SBSA_SECURE_UART_MM] = 9, [SBSA_AHCI] = 10, [SBSA_EHCI] = 11, + [SBSA_SMMU] = 12, /* ... to 15 */ }; static uint64_t sbsa_ref_cpu_mp_affinity(SBSAMachineState *sms, int idx) -- cgit v1.1 From 3059344f01e1bf9625570ef2e8396fa011e9431d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Fri, 2 Oct 2020 20:10:32 +0200 Subject: hw/char/bcm2835_aux: Allow less than 32-bit accesses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "BCM2835 ARM Peripherals" datasheet [*] chapter 2 ("Auxiliaries: UART1 & SPI1, SPI2"), list the register sizes as 3/8/16/32 bits. We assume this means this peripheral allows 8-bit accesses. This was not an issue until commit 5d971f9e67 which reverted ("memory: accept mismatching sizes in memory_region_access_valid"). The model is implemented as 32-bit accesses (see commit 97398d900c, all registers are 32-bit) so replace MemoryRegionOps.valid as MemoryRegionOps.impl, and re-introduce MemoryRegionOps.valid with a 8/32-bit range. [*] https://www.raspberrypi.org/app/uploads/2012/02/BCM2835-ARM-Peripherals.pdf Fixes: 97398d900c ("bcm2835_aux: add emulation of BCM2835 AUX (aka UART1) block") Signed-off-by: Philippe Mathieu-Daudé Message-id: 20201002181032.1899463-1-f4bug@amsat.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/char/bcm2835_aux.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'hw') diff --git a/hw/char/bcm2835_aux.c b/hw/char/bcm2835_aux.c index ee3dd40..dade2ab 100644 --- a/hw/char/bcm2835_aux.c +++ b/hw/char/bcm2835_aux.c @@ -249,7 +249,9 @@ static const MemoryRegionOps bcm2835_aux_ops = { .read = bcm2835_aux_read, .write = bcm2835_aux_write, .endianness = DEVICE_NATIVE_ENDIAN, - .valid.min_access_size = 4, + .impl.min_access_size = 4, + .impl.max_access_size = 4, + .valid.min_access_size = 1, .valid.max_access_size = 4, }; -- cgit v1.1 From fe11f058c5fda70360f810e7bddd4b6d69f76230 Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 1 Oct 2020 08:17:15 +0200 Subject: hw/arm/virt: Move post cpu realize check into its own function We'll add more to this new function in coming patches so we also state the gic must be created and call it below create_gic(). No functional change intended. Reviewed-by: Eric Auger Reviewed-by: Peter Maydell Signed-off-by: Andrew Jones Message-id: 20201001061718.101915-4-drjones@redhat.com Signed-off-by: Peter Maydell --- hw/arm/virt.c | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) (limited to 'hw') diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 1231a19..524eafe 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -1672,6 +1672,31 @@ static void finalize_gic_version(VirtMachineState *vms) } } +/* + * virt_cpu_post_init() must be called after the CPUs have + * been realized and the GIC has been created. + */ +static void virt_cpu_post_init(VirtMachineState *vms) +{ + bool aarch64; + + aarch64 = object_property_get_bool(OBJECT(first_cpu), "aarch64", NULL); + + if (!kvm_enabled()) { + if (aarch64 && vms->highmem) { + int requested_pa_size = 64 - clz64(vms->highest_gpa); + int pamax = arm_pamax(ARM_CPU(first_cpu)); + + if (pamax < requested_pa_size) { + error_report("VCPU supports less PA bits (%d) than " + "requested by the memory map (%d)", + pamax, requested_pa_size); + exit(1); + } + } + } +} + static void machvirt_init(MachineState *machine) { VirtMachineState *vms = VIRT_MACHINE(machine); @@ -1886,22 +1911,6 @@ static void machvirt_init(MachineState *machine) fdt_add_timer_nodes(vms); fdt_add_cpu_nodes(vms); - if (!kvm_enabled()) { - ARMCPU *cpu = ARM_CPU(first_cpu); - bool aarch64 = object_property_get_bool(OBJECT(cpu), "aarch64", NULL); - - if (aarch64 && vms->highmem) { - int requested_pa_size, pamax = arm_pamax(cpu); - - requested_pa_size = 64 - clz64(vms->highest_gpa); - if (pamax < requested_pa_size) { - error_report("VCPU supports less PA bits (%d) than requested " - "by the memory map (%d)", pamax, requested_pa_size); - exit(1); - } - } - } - memory_region_add_subregion(sysmem, vms->memmap[VIRT_MEM].base, machine->ram); if (machine->device_memory) { @@ -1913,6 +1922,8 @@ static void machvirt_init(MachineState *machine) create_gic(vms); + virt_cpu_post_init(vms); + fdt_add_pmu_nodes(vms); create_uart(vms, VIRT_UART, sysmem, serial_hd(0)); -- cgit v1.1 From 946f1bb18c342fa548f9c0f52f64836ff49d99c8 Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 1 Oct 2020 08:17:16 +0200 Subject: hw/arm/virt: Move kvm pmu setup to virt_cpu_post_init Move the KVM PMU setup part of fdt_add_pmu_nodes() to virt_cpu_post_init(), which is a more appropriate location. Now fdt_add_pmu_nodes() is also named more appropriately, because it no longer does anything but fdt node creation. No functional change intended. Reviewed-by: Peter Maydell Reviewed-by: Eric Auger Signed-off-by: Andrew Jones Message-id: 20201001061718.101915-5-drjones@redhat.com Signed-off-by: Peter Maydell --- hw/arm/virt.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) (limited to 'hw') diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 524eafe..92ab0fd 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -521,21 +521,12 @@ static void fdt_add_gic_node(VirtMachineState *vms) static void fdt_add_pmu_nodes(const VirtMachineState *vms) { - CPUState *cpu; - ARMCPU *armcpu; + ARMCPU *armcpu = ARM_CPU(first_cpu); uint32_t irqflags = GIC_FDT_IRQ_FLAGS_LEVEL_HI; - CPU_FOREACH(cpu) { - armcpu = ARM_CPU(cpu); - if (!arm_feature(&armcpu->env, ARM_FEATURE_PMU)) { - return; - } - if (kvm_enabled()) { - if (kvm_irqchip_in_kernel()) { - kvm_arm_pmu_set_irq(cpu, PPI(VIRTUAL_PMU_IRQ)); - } - kvm_arm_pmu_init(cpu); - } + if (!arm_feature(&armcpu->env, ARM_FEATURE_PMU)) { + assert(!object_property_get_bool(OBJECT(armcpu), "pmu", NULL)); + return; } if (vms->gic_version == VIRT_GIC_VERSION_2) { @@ -544,7 +535,6 @@ static void fdt_add_pmu_nodes(const VirtMachineState *vms) (1 << vms->smp_cpus) - 1); } - armcpu = ARM_CPU(qemu_get_cpu(0)); qemu_fdt_add_subnode(vms->fdt, "/pmu"); if (arm_feature(&armcpu->env, ARM_FEATURE_V8)) { const char compat[] = "arm,armv8-pmuv3"; @@ -1678,11 +1668,23 @@ static void finalize_gic_version(VirtMachineState *vms) */ static void virt_cpu_post_init(VirtMachineState *vms) { - bool aarch64; + bool aarch64, pmu; + CPUState *cpu; aarch64 = object_property_get_bool(OBJECT(first_cpu), "aarch64", NULL); + pmu = object_property_get_bool(OBJECT(first_cpu), "pmu", NULL); - if (!kvm_enabled()) { + if (kvm_enabled()) { + CPU_FOREACH(cpu) { + if (pmu) { + assert(arm_feature(&ARM_CPU(cpu)->env, ARM_FEATURE_PMU)); + if (kvm_irqchip_in_kernel()) { + kvm_arm_pmu_set_irq(cpu, PPI(VIRTUAL_PMU_IRQ)); + } + kvm_arm_pmu_init(cpu); + } + } + } else { if (aarch64 && vms->highmem) { int requested_pa_size = 64 - clz64(vms->highest_gpa); int pamax = arm_pamax(ARM_CPU(first_cpu)); -- cgit v1.1 From 68970d1e0d07e3a266141bbd9038fd9890ca88f2 Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 1 Oct 2020 08:17:18 +0200 Subject: hw/arm/virt: Implement kvm-steal-time We add the kvm-steal-time CPU property and implement it for machvirt. A tiny bit of refactoring was also done to allow pmu and pvtime to use the same vcpu device helper functions. Reviewed-by: Eric Auger Signed-off-by: Andrew Jones Message-id: 20201001061718.101915-7-drjones@redhat.com Signed-off-by: Peter Maydell --- hw/arm/virt.c | 44 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) (limited to 'hw') diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 92ab0fd..e465a98 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -151,6 +151,7 @@ static const MemMapEntry base_memmap[] = { [VIRT_PCDIMM_ACPI] = { 0x09070000, MEMORY_HOTPLUG_IO_LEN }, [VIRT_ACPI_GED] = { 0x09080000, ACPI_GED_EVT_SEL_LEN }, [VIRT_NVDIMM_ACPI] = { 0x09090000, NVDIMM_ACPI_IO_LEN}, + [VIRT_PVTIME] = { 0x090a0000, 0x00010000 }, [VIRT_MMIO] = { 0x0a000000, 0x00000200 }, /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */ [VIRT_PLATFORM_BUS] = { 0x0c000000, 0x02000000 }, @@ -1666,15 +1667,40 @@ static void finalize_gic_version(VirtMachineState *vms) * virt_cpu_post_init() must be called after the CPUs have * been realized and the GIC has been created. */ -static void virt_cpu_post_init(VirtMachineState *vms) +static void virt_cpu_post_init(VirtMachineState *vms, int max_cpus, + MemoryRegion *sysmem) { - bool aarch64, pmu; + bool aarch64, pmu, steal_time; CPUState *cpu; aarch64 = object_property_get_bool(OBJECT(first_cpu), "aarch64", NULL); pmu = object_property_get_bool(OBJECT(first_cpu), "pmu", NULL); + steal_time = object_property_get_bool(OBJECT(first_cpu), + "kvm-steal-time", NULL); if (kvm_enabled()) { + hwaddr pvtime_reg_base = vms->memmap[VIRT_PVTIME].base; + hwaddr pvtime_reg_size = vms->memmap[VIRT_PVTIME].size; + + if (steal_time) { + MemoryRegion *pvtime = g_new(MemoryRegion, 1); + hwaddr pvtime_size = max_cpus * PVTIME_SIZE_PER_CPU; + + /* The memory region size must be a multiple of host page size. */ + pvtime_size = REAL_HOST_PAGE_ALIGN(pvtime_size); + + if (pvtime_size > pvtime_reg_size) { + error_report("pvtime requires a %" HWADDR_PRId + " byte memory region for %d CPUs," + " but only %" HWADDR_PRId " has been reserved", + pvtime_size, max_cpus, pvtime_reg_size); + exit(1); + } + + memory_region_init_ram(pvtime, NULL, "pvtime", pvtime_size, NULL); + memory_region_add_subregion(sysmem, pvtime_reg_base, pvtime); + } + CPU_FOREACH(cpu) { if (pmu) { assert(arm_feature(&ARM_CPU(cpu)->env, ARM_FEATURE_PMU)); @@ -1683,6 +1709,10 @@ static void virt_cpu_post_init(VirtMachineState *vms) } kvm_arm_pmu_init(cpu); } + if (steal_time) { + kvm_arm_pvtime_init(cpu, pvtime_reg_base + + cpu->cpu_index * PVTIME_SIZE_PER_CPU); + } } } else { if (aarch64 && vms->highmem) { @@ -1853,6 +1883,11 @@ static void machvirt_init(MachineState *machine) object_property_set_bool(cpuobj, "kvm-no-adjvtime", true, NULL); } + if (vmc->no_kvm_steal_time && + object_property_find(cpuobj, "kvm-steal-time")) { + object_property_set_bool(cpuobj, "kvm-steal-time", false, NULL); + } + if (vmc->no_pmu && object_property_find(cpuobj, "pmu")) { object_property_set_bool(cpuobj, "pmu", false, NULL); } @@ -1924,7 +1959,7 @@ static void machvirt_init(MachineState *machine) create_gic(vms); - virt_cpu_post_init(vms); + virt_cpu_post_init(vms, possible_cpus->len, sysmem); fdt_add_pmu_nodes(vms); @@ -2566,8 +2601,11 @@ DEFINE_VIRT_MACHINE_AS_LATEST(5, 2) static void virt_machine_5_1_options(MachineClass *mc) { + VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc)); + virt_machine_5_2_options(mc); compat_props_add(mc->compat_props, hw_compat_5_1, hw_compat_5_1_len); + vmc->no_kvm_steal_time = true; } DEFINE_VIRT_MACHINE(5, 1) -- cgit v1.1