From ddd835f32a18c087d3161213f47e89566ce05cc8 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Mon, 19 Mar 2018 15:00:46 +0100 Subject: hw/misc/macio: Fix crash when listing device properties of macio device MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The macio-newworld device can currently be used to abort QEMU unexpectedly: $ ppc-softmmu/qemu-system-ppc -S -M ref405ep,accel=qtest -qmp stdio {"QMP": {"version": {"qemu": {"micro": 50, "minor": 11, "major": 2}, "package": "build-all"}, "capabilities": []}} { 'execute': 'qmp_capabilities' } {"return": {}} { 'execute': 'device-list-properties', 'arguments': {'typename': 'macio-newworld'}} Unexpected error in qemu_chr_fe_init() at chardev/char-fe.c:222: Device 'serial0' is in use Aborted (core dumped) qdev properties should be set during realize(), not during instance_init(), so move the related code there to fix this problem. Signed-off-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Acked-by: Mark Cave-Ayland Signed-off-by: David Gibson --- hw/misc/macio/macio.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'hw') diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c index 454244f..b74a657 100644 --- a/hw/misc/macio/macio.c +++ b/hw/misc/macio/macio.c @@ -115,6 +115,13 @@ static void macio_common_realize(PCIDevice *d, Error **errp) memory_region_add_subregion(&s->bar, 0x16000, sysbus_mmio_get_region(sysbus_dev, 0)); + qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0); + qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK); + qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4); + qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hds[0]); + qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hds[1]); + qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial); + qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial); object_property_set_bool(OBJECT(&s->escc), true, "realized", &err); if (err) { error_propagate(errp, err); @@ -341,13 +348,6 @@ static void macio_instance_init(Object *obj) object_property_add_child(obj, "dbdma", OBJECT(&s->dbdma), NULL); object_initialize(&s->escc, sizeof(s->escc), TYPE_ESCC); - qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0); - qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK); - qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4); - qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hds[0]); - qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hds[1]); - qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial); - qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial); qdev_set_parent_bus(DEVICE(&s->escc), sysbus_get_default()); object_property_add_child(obj, "escc", OBJECT(&s->escc), NULL); } -- cgit v1.1 From 127f03e4426a7a8c5c63e277e0cdd88af80d0c8f Mon Sep 17 00:00:00 2001 From: Alexey Kardashevskiy Date: Thu, 5 Apr 2018 12:07:38 +1000 Subject: spapr: Initialize reserved areas list in FDT in H_CAS handler At the moment the device tree produced by the H_CAS handler has no reserved map initialized at all which is not correct as at least one empty record is required to be present as a marker of the end. This does not cause problems now as the only consumer is SLOF which does not look at the reserved map area. However when DTC's "Improve libfdt's memory safety" changeset hits the QEMU upstream, there will be errors reported and crashes observed. This fixes the problem by adding an empty entry to the reserved map, just like create_device_tree() does already. Signed-off-by: Alexey Kardashevskiy Signed-off-by: David Gibson --- hw/ppc/spapr.c | 1 + 1 file changed, 1 insertion(+) (limited to 'hw') diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 2c0be8c..a81570e 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -865,6 +865,7 @@ int spapr_h_cas_compose_response(sPAPRMachineState *spapr, /* Create skeleton */ fdt_skel = g_malloc0(size); _FDT((fdt_create(fdt_skel, size))); + _FDT((fdt_finish_reservemap(fdt_skel))); _FDT((fdt_begin_node(fdt_skel, ""))); _FDT((fdt_end_node(fdt_skel))); _FDT((fdt_finish(fdt_skel))); -- cgit v1.1 From f8815532dcf145dfde8da42697556239bb95c849 Mon Sep 17 00:00:00 2001 From: BALATON Zoltan Date: Fri, 6 Apr 2018 00:42:48 +0200 Subject: sam460ex: Fix timer frequency and clock multipliers We only emulate timer running at CPU frequency which is what most guests expect so set the frequency to match real hardware. This also allows setting clock multipliers which caused slowdown previously due to wrong timer frequency. Signed-off-by: BALATON Zoltan Signed-off-by: David Gibson --- hw/ppc/ppc440_uc.c | 3 +-- hw/ppc/sam460ex.c | 7 ++++--- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'hw') diff --git a/hw/ppc/ppc440_uc.c b/hw/ppc/ppc440_uc.c index 976ab2b..e312fdb 100644 --- a/hw/ppc/ppc440_uc.c +++ b/hw/ppc/ppc440_uc.c @@ -392,8 +392,7 @@ static uint32_t dcr_read_sdr(void *opaque, int dcrn) case SDR0_CFGDATA: switch (sdr->addr) { case SDR0_STRP0: - /* FIXME: Is this correct? This breaks timing in U-Boot */ - ret = 0; /*(0xb5 << 8) | (1 << 4) | 9 */ + ret = (0xb5 << 8) | (1 << 4) | 9; break; case SDR0_STRP1: ret = (5 << 29) | (2 << 26) | (1 << 24); diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c index 70b8e76..dfff262 100644 --- a/hw/ppc/sam460ex.c +++ b/hw/ppc/sam460ex.c @@ -67,6 +67,7 @@ IRQ12 = SM502_INT */ +#define CPU_FREQ 1150000000 #define SDRAM_NR_BANKS 4 /* FIXME: See u-boot.git 8ac41e, also fix in ppc440_uc.c */ @@ -253,8 +254,8 @@ static int sam460ex_load_device_tree(hwaddr addr, char *filename; int fdt_size; void *fdt; - uint32_t tb_freq = 50000000; - uint32_t clock_freq = 50000000; + uint32_t tb_freq = CPU_FREQ; + uint32_t clock_freq = CPU_FREQ; filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE); if (!filename) { @@ -416,7 +417,7 @@ static void sam460ex_init(MachineState *machine) boot_info = g_malloc0(sizeof(*boot_info)); env->load_info = boot_info; - ppc_booke_timers_init(cpu, 50000000, 0); + ppc_booke_timers_init(cpu, CPU_FREQ, 0); ppc_dcr_init(env, NULL, NULL); /* PLB arbitrer */ -- cgit v1.1