From c39770cd63776516c4e244702e859d84913ba9ed Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Tue, 10 Apr 2018 13:02:24 +0100 Subject: hw/arm: Allow manually specified /psci node Change the code to avoid exiting QEMU if user provided DTB contains manually specified /psci node and skip any /psci related fixups instead. Fixes: 4cbca7d9b4 ("hw/arm: Move virt's PSCI DT fixup code to arm/boot.c") Signed-off-by: Andrey Smirnov Reported-by: Marc Zyngier Tested-by: Marc Zyngier Message-id: 20180402205654.14572-1-andrew.smirnov@gmail.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/boot.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'hw') diff --git a/hw/arm/boot.c b/hw/arm/boot.c index 9319b12..26184bc 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -422,6 +422,7 @@ static void fdt_add_psci_node(void *fdt) ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(0)); const char *psci_method; int64_t psci_conduit; + int rc; psci_conduit = object_property_get_int(OBJECT(armcpu), "psci-conduit", @@ -439,6 +440,15 @@ static void fdt_add_psci_node(void *fdt) g_assert_not_reached(); } + /* + * If /psci node is present in provided DTB, assume that no fixup + * is necessary and all PSCI configuration should be taken as-is + */ + rc = fdt_path_offset(fdt, "/psci"); + if (rc >= 0) { + return; + } + qemu_fdt_add_subnode(fdt, "/psci"); if (armcpu->psci_version == 2) { const char comp[] = "arm,psci-0.2\0arm,psci"; -- cgit v1.1 From 8720daad476fd9688b0c7e2453624c8a225c9c72 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 10 Apr 2018 13:02:24 +0100 Subject: hw/arm/integratorcp: Don't do things that could be fatal in the instance_init MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit An instance_init function must not fail - and might be called multiple times, e.g. during device introspection with the 'device-list-properties' QMP command. Since the integratorcm device ignores this rule, QEMU currently aborts in this case (though it really should not): echo "{'execute':'qmp_capabilities'}"\ "{'execute':'device-list-properties',"\ "'arguments':{'typename':'integrator_core'}}" \ | arm-softmmu/qemu-system-arm -M integratorcp,accel=qtest -qmp stdio {"QMP": {"version": {"qemu": {"micro": 91, "minor": 11, "major": 2}, "package": "build-all"}, "capabilities": []}} {"return": {}} RAMBlock "integrator.flash" already registered, abort! Aborted (core dumped) Move the problematic code to the realize() function instead to fix this problem. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Thomas Huth Message-id: 1522906473-11252-1-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell --- hw/arm/integratorcp.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) (limited to 'hw') diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c index e8303b8..58b40ef 100644 --- a/hw/arm/integratorcp.c +++ b/hw/arm/integratorcp.c @@ -266,7 +266,6 @@ static const MemoryRegionOps integratorcm_ops = { static void integratorcm_init(Object *obj) { IntegratorCMState *s = INTEGRATOR_CM(obj); - SysBusDevice *dev = SYS_BUS_DEVICE(obj); s->cm_osc = 0x01000048; /* ??? What should the high bits of this value be? */ @@ -276,20 +275,28 @@ static void integratorcm_init(Object *obj) s->cm_init = 0x00000112; s->cm_refcnt_offset = muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), 24, 1000); - memory_region_init_ram(&s->flash, obj, "integrator.flash", 0x100000, - &error_fatal); - memory_region_init_io(&s->iomem, obj, &integratorcm_ops, s, - "integratorcm", 0x00800000); - sysbus_init_mmio(dev, &s->iomem); - - integratorcm_do_remap(s); /* ??? Save/restore. */ } static void integratorcm_realize(DeviceState *d, Error **errp) { IntegratorCMState *s = INTEGRATOR_CM(d); + SysBusDevice *dev = SYS_BUS_DEVICE(d); + Error *local_err = NULL; + + memory_region_init_ram(&s->flash, OBJECT(d), "integrator.flash", 0x100000, + &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + + memory_region_init_io(&s->iomem, OBJECT(d), &integratorcm_ops, s, + "integratorcm", 0x00800000); + sysbus_init_mmio(dev, &s->iomem); + + integratorcm_do_remap(s); if (s->memsz >= 256) { integrator_spd[31] = 64; -- cgit v1.1 From b318f3265c4cdc7ae7c214bd931abad5bd7c6a5e Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 10 Apr 2018 13:02:25 +0100 Subject: hw/sd/bcm2835_sdhost: Add tracepoints MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add some tracepoints to the bcm2835_sdhost driver, to assist debugging. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Tested-by: Gerd Hoffmann Message-id: 20180319161556.16446-2-peter.maydell@linaro.org --- hw/sd/bcm2835_sdhost.c | 10 ++++++++++ hw/sd/trace-events | 6 ++++++ 2 files changed, 16 insertions(+) (limited to 'hw') diff --git a/hw/sd/bcm2835_sdhost.c b/hw/sd/bcm2835_sdhost.c index f7f4e65..79f3c5c 100644 --- a/hw/sd/bcm2835_sdhost.c +++ b/hw/sd/bcm2835_sdhost.c @@ -15,6 +15,7 @@ #include "qemu/log.h" #include "sysemu/blockdev.h" #include "hw/sd/bcm2835_sdhost.h" +#include "trace.h" #define TYPE_BCM2835_SDHOST_BUS "bcm2835-sdhost-bus" #define BCM2835_SDHOST_BUS(obj) \ @@ -99,6 +100,7 @@ static void bcm2835_sdhost_update_irq(BCM2835SDHostState *s) { uint32_t irq = s->status & (SDHSTS_BUSY_IRPT | SDHSTS_BLOCK_IRPT | SDHSTS_SDIO_IRPT); + trace_bcm2835_sdhost_update_irq(irq); qemu_set_irq(s->irq, !!irq); } @@ -211,6 +213,7 @@ static void bcm2835_sdhost_fifo_run(BCM2835SDHostState *s) s->edm &= ~0xf; s->edm |= SDEDM_FSM_DATAMODE; + trace_bcm2835_sdhost_edm_change("datacnt 0", s->edm); if (s->config & SDHCFG_DATA_IRPT_EN) { s->status |= SDHSTS_SDIO_IRPT; @@ -229,6 +232,7 @@ static void bcm2835_sdhost_fifo_run(BCM2835SDHostState *s) s->edm &= ~(0x1f << 4); s->edm |= ((s->fifo_len & 0x1f) << 4); + trace_bcm2835_sdhost_edm_change("fifo run", s->edm); } static uint64_t bcm2835_sdhost_read(void *opaque, hwaddr offset, @@ -280,6 +284,8 @@ static uint64_t bcm2835_sdhost_read(void *opaque, hwaddr offset, break; } + trace_bcm2835_sdhost_read(offset, res, size); + return res; } @@ -288,6 +294,8 @@ static void bcm2835_sdhost_write(void *opaque, hwaddr offset, { BCM2835SDHostState *s = (BCM2835SDHostState *)opaque; + trace_bcm2835_sdhost_write(offset, value, size); + switch (offset) { case SDCMD: s->cmd = value; @@ -314,6 +322,7 @@ static void bcm2835_sdhost_write(void *opaque, hwaddr offset, value &= ~0xf; } s->edm = value; + trace_bcm2835_sdhost_edm_change("guest register write", s->edm); break; case SDHCFG: s->config = value; @@ -390,6 +399,7 @@ static void bcm2835_sdhost_reset(DeviceState *dev) s->cmd = 0; s->cmdarg = 0; s->edm = 0x0000c60f; + trace_bcm2835_sdhost_edm_change("device reset", s->edm); s->config = 0; s->hbct = 0; s->hblc = 0; diff --git a/hw/sd/trace-events b/hw/sd/trace-events index 2059ace..bfd1d62 100644 --- a/hw/sd/trace-events +++ b/hw/sd/trace-events @@ -1,5 +1,11 @@ # See docs/devel/tracing.txt for syntax documentation. +# hw/sd/bcm2835_sdhost.c +bcm2835_sdhost_read(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" +bcm2835_sdhost_write(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" +bcm2835_sdhost_edm_change(const char *why, uint32_t edm) "(%s) EDM now 0x%x" +bcm2835_sdhost_update_irq(uint32_t irq) "IRQ bits 0x%x\n" + # hw/sd/core.c sdbus_command(const char *bus_name, uint8_t cmd, uint32_t arg, uint8_t crc) "@%s CMD%02d arg 0x%08x crc 0x%02x" sdbus_read(const char *bus_name, uint8_t value) "@%s value 0x%02x" -- cgit v1.1 From f3d9fe8f95964308564f0987f7a5e2a88cc887be Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 10 Apr 2018 13:02:25 +0100 Subject: hw/sd/bcm2835_sdhost: Don't raise spurious interrupts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Linux bcm2835_sdhost driver doesn't work on QEMU, because our model raises spurious data interrupts. Our function bcm2835_sdhost_fifo_run() will flag an interrupt any time it is called with s->datacnt == 0, even if the host hasn't actually issued a data read or write command yet. This means that the driver gets a spurious data interrupt as soon as it enables IRQs and then does something else that causes us to call the fifo_run routine, like writing to SDHCFG, and before it does the write to SDCMD to issue the read. The driver's IRQ handler then spins forever complaining that there's no data and the SD controller isn't in a state where there's going to be any data: [ 41.040738] sdhost-bcm2835 3f202000.mmc: fsm 1, hsts 00000000 [ 41.042059] sdhost-bcm2835 3f202000.mmc: fsm 1, hsts 00000000 (continues forever). Move the interrupt flag setting to more plausible places: * for BUSY, raise this as soon as a BUSYWAIT command has executed * for DATA, raise this when the FIFO has any space free (for a write) or any data in it (for a read) * for BLOCK, raise this when the data count is 0 and we've actually done some reading or writing This is pure guesswork since the documentation for this hardware is not public, but it is sufficient to get the Linux bcm2835_sdhost driver to work. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Tested-by: Gerd Hoffmann Message-id: 20180319161556.16446-3-peter.maydell@linaro.org --- hw/sd/bcm2835_sdhost.c | 46 ++++++++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 20 deletions(-) (limited to 'hw') diff --git a/hw/sd/bcm2835_sdhost.c b/hw/sd/bcm2835_sdhost.c index 79f3c5c..ebf3b92 100644 --- a/hw/sd/bcm2835_sdhost.c +++ b/hw/sd/bcm2835_sdhost.c @@ -137,6 +137,12 @@ static void bcm2835_sdhost_send_command(BCM2835SDHostState *s) } #undef RWORD } + /* We never really delay commands, so if this was a 'busywait' command + * then we've completed it now and can raise the interrupt. + */ + if ((s->cmd & SDCMD_BUSYWAIT) && (s->config & SDHCFG_BUSY_IRPT_EN)) { + s->status |= SDHSTS_BUSY_IRPT; + } return; error: @@ -187,18 +193,27 @@ static void bcm2835_sdhost_fifo_run(BCM2835SDHostState *s) n++; if (n == 4) { bcm2835_sdhost_fifo_push(s, value); + s->status |= SDHSTS_DATA_FLAG; + if (s->config & SDHCFG_DATA_IRPT_EN) { + s->status |= SDHSTS_SDIO_IRPT; + } n = 0; value = 0; } } if (n != 0) { bcm2835_sdhost_fifo_push(s, value); + s->status |= SDHSTS_DATA_FLAG; } } else { /* write */ n = 0; while (s->datacnt > 0 && (s->fifo_len > 0 || n > 0)) { if (n == 0) { value = bcm2835_sdhost_fifo_pop(s); + s->status |= SDHSTS_DATA_FLAG; + if (s->config & SDHCFG_DATA_IRPT_EN) { + s->status |= SDHSTS_SDIO_IRPT; + } n = 4; } n--; @@ -207,29 +222,20 @@ static void bcm2835_sdhost_fifo_run(BCM2835SDHostState *s) value >>= 8; } } - } - if (s->datacnt == 0) { - s->status |= SDHSTS_DATA_FLAG; - - s->edm &= ~0xf; - s->edm |= SDEDM_FSM_DATAMODE; - trace_bcm2835_sdhost_edm_change("datacnt 0", s->edm); - - if (s->config & SDHCFG_DATA_IRPT_EN) { - s->status |= SDHSTS_SDIO_IRPT; - } - - if ((s->cmd & SDCMD_BUSYWAIT) && (s->config & SDHCFG_BUSY_IRPT_EN)) { - s->status |= SDHSTS_BUSY_IRPT; - } - - if ((s->cmd & SDCMD_WRITE_CMD) && (s->config & SDHCFG_BLOCK_IRPT_EN)) { - s->status |= SDHSTS_BLOCK_IRPT; + if (s->datacnt == 0) { + s->edm &= ~SDEDM_FSM_MASK; + s->edm |= SDEDM_FSM_DATAMODE; + trace_bcm2835_sdhost_edm_change("datacnt 0", s->edm); + + if ((s->cmd & SDCMD_WRITE_CMD) && + (s->config & SDHCFG_BLOCK_IRPT_EN)) { + s->status |= SDHSTS_BLOCK_IRPT; + } } - - bcm2835_sdhost_update_irq(s); } + bcm2835_sdhost_update_irq(s); + s->edm &= ~(0x1f << 4); s->edm |= ((s->fifo_len & 0x1f) << 4); trace_bcm2835_sdhost_edm_change("fifo run", s->edm); -- cgit v1.1 From 8aabc5437ba5b69b8ea2f42deadbb9ea9be39b1f Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 10 Apr 2018 13:02:25 +0100 Subject: hw/arm/allwinner-a10: Do not use nd_table in instance_init function The instance_init function of a device can be called at any time, even if the device is not going to be used (i.e. not going to be realized). So a instance_init function must not do things that could cause QEMU to exit, like calling qemu_check_nic_model(&nd_table[0], ...) for example. But this is what the instance_init function of the allwinner-a10 device is currently doing - and this causes QEMU to quit unexpectedly when you run the 'device-list-properties' QMP command for example: $ echo "{'execute':'qmp_capabilities'}"\ "{'execute':'device-list-properties',"\ " 'arguments':{'typename':'allwinner-a10'}}" \ | arm-softmmu/qemu-system-arm -M mps2-an505,accel=qtest -qmp stdio {"QMP": {"version": {"qemu": {"micro": 91, "minor": 11, "major": 2}, "package": "build-all"}, "capabilities": []}} {"return": {}} Unsupported NIC model: lan9118 ... and QEMU quits after printing the last line (which should not happen just because of running 'device-list-properties' here). And with the cubieboard, this even causes QEMU to abort(): $ echo "{'execute':'qmp_capabilities'}"\ "{'execute':'device-list-properties',"\ " 'arguments':{'typename':'allwinner-a10'}}" \ | arm-softmmu/qemu-system-arm -M cubieboard,accel=qtest -qmp stdio {"QMP": {"version": {"qemu": {"micro": 91, "minor": 11, "major": 2}, "package": "build-all"}, "capabilities": []}} {"return": {}} Unexpected error in error_set_from_qdev_prop_error() at hw/core/qdev-properties.c:1095: Property 'allwinner-emac.netdev' can't take value 'hub0port0', it's in use Aborted (core dumped) To fix the problem we've got to move the offending code to the realize function instead. Signed-off-by: Thomas Huth Message-id: 1522862420-7484-1-git-send-email-thuth@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/allwinner-a10.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'hw') diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c index 43a3f01..5dbbacb 100644 --- a/hw/arm/allwinner-a10.c +++ b/hw/arm/allwinner-a10.c @@ -38,11 +38,6 @@ static void aw_a10_init(Object *obj) object_initialize(&s->emac, sizeof(s->emac), TYPE_AW_EMAC); qdev_set_parent_bus(DEVICE(&s->emac), sysbus_get_default()); - /* FIXME use qdev NIC properties instead of nd_table[] */ - if (nd_table[0].used) { - qemu_check_nic_model(&nd_table[0], TYPE_AW_EMAC); - qdev_set_nic_properties(DEVICE(&s->emac), &nd_table[0]); - } object_initialize(&s->sata, sizeof(s->sata), TYPE_ALLWINNER_AHCI); qdev_set_parent_bus(DEVICE(&s->sata), sysbus_get_default()); @@ -91,6 +86,11 @@ static void aw_a10_realize(DeviceState *dev, Error **errp) sysbus_connect_irq(sysbusdev, 4, s->irq[67]); sysbus_connect_irq(sysbusdev, 5, s->irq[68]); + /* FIXME use qdev NIC properties instead of nd_table[] */ + if (nd_table[0].used) { + qemu_check_nic_model(&nd_table[0], TYPE_AW_EMAC); + qdev_set_nic_properties(DEVICE(&s->emac), &nd_table[0]); + } object_property_set_bool(OBJECT(&s->emac), true, "realized", &err); if (err != NULL) { error_propagate(errp, err); @@ -118,7 +118,7 @@ static void aw_a10_class_init(ObjectClass *oc, void *data) DeviceClass *dc = DEVICE_CLASS(oc); dc->realize = aw_a10_realize; - /* Reason: Uses serial_hds in realize and nd_table in instance_init */ + /* Reason: Uses serial_hds and nd_table in realize function */ dc->user_creatable = false; } -- cgit v1.1 From f640a5914f5179aa1af00df70da470e24e055e8d Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 10 Apr 2018 13:02:25 +0100 Subject: hw/arm/fsl-imx: Fix introspection problem with fsl-imx6 and fsl-imx7 QEMU currently exits unexpectedly when trying to introspect the fsl-imx6 and fsl-imx7 devices on systems with many SMP CPUs: $ echo "{'execute':'qmp_capabilities'}"\ "{'execute':'device-list-properties',"\ " 'arguments':{'typename':'fsl,imx6'}}" \ | arm-softmmu/qemu-system-arm -M virt,accel=qtest -qmp stdio -smp 8 {"QMP": {"version": {"qemu": {"micro": 91, "minor": 11, "major": 2}, "package": "build-all"}, "capabilities": []}} {"return": {}} fsl,imx6: Only 4 CPUs are supported (8 requested) And: $ echo "{'execute':'qmp_capabilities'}"\ "{'execute':'device-list-properties',"\ " 'arguments':{'typename':'fsl,imx7'}}" \ | arm-softmmu/qemu-system-arm -M raspi2,accel=qtest -qmp stdio {"QMP": {"version": {"qemu": {"micro": 91, "minor": 11, "major": 2}, "package": "build-all"}, "capabilities": []}} {"return": {}} fsl,imx7: Only 2 CPUs are supported (4 requested) This happens because these devices are doing an exit() from their instance_init function - which should never be done since instance_init can be called at any time for device introspection! Fix it by moving the deadly check into the realize() function instead. Signed-off-by: Thomas Huth Message-id: 1522908551-14885-1-git-send-email-thuth@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/fsl-imx6.c | 14 +++++++------- hw/arm/fsl-imx7.c | 13 +++++++------ 2 files changed, 14 insertions(+), 13 deletions(-) (limited to 'hw') diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c index b6ac72d..9dfbc9a 100644 --- a/hw/arm/fsl-imx6.c +++ b/hw/arm/fsl-imx6.c @@ -37,13 +37,7 @@ static void fsl_imx6_init(Object *obj) char name[NAME_SIZE]; int i; - if (smp_cpus > FSL_IMX6_NUM_CPUS) { - error_report("%s: Only %d CPUs are supported (%d requested)", - TYPE_FSL_IMX6, FSL_IMX6_NUM_CPUS, smp_cpus); - exit(1); - } - - for (i = 0; i < smp_cpus; i++) { + for (i = 0; i < MIN(smp_cpus, FSL_IMX6_NUM_CPUS); i++) { object_initialize(&s->cpu[i], sizeof(s->cpu[i]), "cortex-a9-" TYPE_ARM_CPU); snprintf(name, NAME_SIZE, "cpu%d", i); @@ -119,6 +113,12 @@ static void fsl_imx6_realize(DeviceState *dev, Error **errp) uint16_t i; Error *err = NULL; + if (smp_cpus > FSL_IMX6_NUM_CPUS) { + error_setg(errp, "%s: Only %d CPUs are supported (%d requested)", + TYPE_FSL_IMX6, FSL_IMX6_NUM_CPUS, smp_cpus); + return; + } + for (i = 0; i < smp_cpus; i++) { /* On uniprocessor, the CBAR is set to 0 */ diff --git a/hw/arm/fsl-imx7.c b/hw/arm/fsl-imx7.c index 26ef36c..390b431 100644 --- a/hw/arm/fsl-imx7.c +++ b/hw/arm/fsl-imx7.c @@ -35,13 +35,8 @@ static void fsl_imx7_init(Object *obj) char name[NAME_SIZE]; int i; - if (smp_cpus > FSL_IMX7_NUM_CPUS) { - error_report("%s: Only %d CPUs are supported (%d requested)", - TYPE_FSL_IMX7, FSL_IMX7_NUM_CPUS, smp_cpus); - exit(1); - } - for (i = 0; i < smp_cpus; i++) { + for (i = 0; i < MIN(smp_cpus, FSL_IMX7_NUM_CPUS); i++) { object_initialize(&s->cpu[i], sizeof(s->cpu[i]), ARM_CPU_TYPE_NAME("cortex-a7")); snprintf(name, NAME_SIZE, "cpu%d", i); @@ -197,6 +192,12 @@ static void fsl_imx7_realize(DeviceState *dev, Error **errp) qemu_irq irq; char name[NAME_SIZE]; + if (smp_cpus > FSL_IMX7_NUM_CPUS) { + error_setg(errp, "%s: Only %d CPUs are supported (%d requested)", + TYPE_FSL_IMX7, FSL_IMX7_NUM_CPUS, smp_cpus); + return; + } + for (i = 0; i < smp_cpus; i++) { o = OBJECT(&s->cpu[i]); -- cgit v1.1