qemu.git
20 months agohw/arm/bcm2835_peripherals: Correctly wire the SYS_timer IRQs
Philippe Mathieu-Daudé [Sat, 10 Oct 2020 20:37:09 +0000 (22:37 +0200)] 
hw/arm/bcm2835_peripherals: Correctly wire the SYS_timer IRQs

The SYS_timer is not directly wired to the ARM core, but to the
SoC (peripheral) interrupt controller.

Fixes: 0e5bbd74064 ("hw/arm/bcm2835_peripherals: Use the SYS_timer")
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201010203709.3116542-5-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agohw/timer/bcm2835: Support the timer COMPARE registers
Philippe Mathieu-Daudé [Sat, 10 Oct 2020 20:37:08 +0000 (22:37 +0200)] 
hw/timer/bcm2835: Support the timer COMPARE registers

This peripheral has 1 free-running timer and 4 compare registers.

Only the free-running timer is implemented. Add support the
COMPARE registers (each register is wired to an IRQ).

Reference: "BCM2835 ARM Peripherals" datasheet [*]
            chapter 12 "System Timer":

  The System Timer peripheral provides four 32-bit timer channels
  and a single 64-bit free running counter. Each channel has an
  output compare register, which is compared against the 32 least
  significant bits of the free running counter values. When the
  two values match, the system timer peripheral generates a signal
  to indicate a match for the appropriate channel. The match signal
  is then fed into the interrupt controller.

This peripheral is used since Linux 3.7, commit ee4af5696720
("ARM: bcm2835: add system timer").

[*] https://www.raspberrypi.org/app/uploads/2012/02/BCM2835-ARM-Peripherals.pdf

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20201010203709.3116542-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agohw/timer/bcm2835: Rename variable holding CTRL_STATUS register
Philippe Mathieu-Daudé [Sat, 10 Oct 2020 20:37:07 +0000 (22:37 +0200)] 
hw/timer/bcm2835: Rename variable holding CTRL_STATUS register

The variable holding the CTRL_STATUS register is misnamed
'status'. Rename it 'ctrl_status' to make it more obvious
this register is also used to control the peripheral.

Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201010203709.3116542-3-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agohw/timer/bcm2835: Introduce BCM2835_SYSTIMER_COUNT definition
Philippe Mathieu-Daudé [Sat, 10 Oct 2020 20:37:06 +0000 (22:37 +0200)] 
hw/timer/bcm2835: Introduce BCM2835_SYSTIMER_COUNT definition

Use the BCM2835_SYSTIMER_COUNT definition instead of the
magic '4' value.

Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201010203709.3116542-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agohw/arm: Restrict APEI tables generation to the 'virt' machine
Philippe Mathieu-Daudé [Thu, 8 Oct 2020 16:14:14 +0000 (18:14 +0200)] 
hw/arm: Restrict APEI tables generation to the 'virt' machine

While APEI is a generic ACPI feature (usable by X86 and ARM64), only
the 'virt' machine uses it, by enabling the RAS Virtualization. See
commit 2afa8c8519: "hw/arm/virt: Introduce a RAS machine option").

Restrict the APEI tables generation code to the single user: the virt
machine. If another machine wants to use it, it simply has to 'select
ACPI_APEI' in its Kconfig.

Fixes: aa16508f1d ("ACPI: Build related register address fields via hardware error fw_cfg blob")
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dongjiu Geng <gengdongjiu@huawei.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20201008161414.2672569-1-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agohw/arm/strongarm: Fix 'time to transmit a char' unit comment
Philippe Mathieu-Daudé [Wed, 14 Oct 2020 21:36:01 +0000 (23:36 +0200)] 
hw/arm/strongarm: Fix 'time to transmit a char' unit comment

The time to transmit a char is expressed in nanoseconds, not in ticks.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201014213601.205222-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agotarget/arm: AArch32 VCVT fixed-point to float is always round-to-nearest
Peter Maydell [Tue, 13 Oct 2020 10:35:32 +0000 (11:35 +0100)] 
target/arm: AArch32 VCVT fixed-point to float is always round-to-nearest

For AArch32, unlike the VCVT of integer to float, which honours the
rounding mode specified by the FPSCR, VCVT of fixed-point to float is
always round-to-nearest. (AArch64 fixed-point-to-float conversions
always honour the FPCR rounding mode.)

Implement this by providing _round_to_nearest versions of the
relevant helpers which set the rounding mode temporarily when making
the call to the underlying softfloat function.

We only need to change the VFP VCVT instructions, because the
standard- FPSCR value used by the Neon VCVT is always set to
round-to-nearest, so we don't need to do the extra work of saving
and restoring the rounding mode.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201013103532.13391-1-peter.maydell@linaro.org

20 months agotarget/arm: Fix SMLAD incorrect setting of Q bit
Peter Maydell [Fri, 9 Oct 2020 14:47:12 +0000 (15:47 +0100)] 
target/arm: Fix SMLAD incorrect setting of Q bit

The SMLAD instruction is supposed to:
 * signed multiply Rn[15:0] * Rm[15:0]
 * signed multiply Rn[31:16] * Rm[31:16]
 * perform a signed addition of the products and Ra
 * set Rd to the low 32 bits of the theoretical
   infinite-precision result
 * set the Q flag if the sign-extension of Rd
   would differ from the infinite-precision result
   (ie on overflow)

Our current implementation doesn't quite do this, though: it performs
an addition of the products setting Q on overflow, and then it adds
Ra, again possibly setting Q.  This sometimes incorrectly sets Q when
the architecturally mandated only-check-for-overflow-once algorithm
does not. For instance:
 r1 = 0x80008000; r2 = 0x80008000; r3 = 0xffffffff
 smlad r0, r1, r2, r3
This is (-32768 * -32768) + (-32768 * -32768) - 1

The products are both 0x4000_0000, so when added together as 32-bit
signed numbers they overflow (and QEMU sets Q), but because the
addition of Ra == -1 brings the total back down to 0x7fff_ffff
there is no overflow for the complete operation and setting Q is
incorrect.

Fix this edge case by resorting to 64-bit arithmetic for the
case where we need to add three values together.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201009144712.11187-1-peter.maydell@linaro.org

20 months agoMerge remote-tracking branch 'remotes/aperard/tags/pull-xen-20201020' into staging
Peter Maydell [Tue, 20 Oct 2020 10:20:36 +0000 (11:20 +0100)] 
Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20201020' into staging

Xen queue

* cleanup patches.
* improve xen backend setup performance when other xen guests are
  running/booting.
* improve xen guest migration when running in a stubdomain.

# gpg: Signature made Tue 20 Oct 2020 10:55:11 BST
# gpg:                using RSA key F80C006308E22CFD8A92E7980CF5572FD7FB55AF
# gpg:                issuer "anthony.perard@citrix.com"
# gpg: Good signature from "Anthony PERARD <anthony.perard@gmail.com>" [marginal]
# gpg:                 aka "Anthony PERARD <anthony.perard@citrix.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5379 2F71 024C 600F 778A  7161 D8D5 7199 DF83 42C8
#      Subkey fingerprint: F80C 0063 08E2 2CFD 8A92  E798 0CF5 572F D7FB 55AF

* remotes/aperard/tags/pull-xen-20201020:
  hw/xen: Set suppress-vmdesc for Xen machines
  xen-bus: reduce scope of backend watch
  xen: Rename XENBACKEND_DEVICE to XENBACKEND
  xen: xenguest is not used so is not needed

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agohw/xen: Set suppress-vmdesc for Xen machines
Jason Andryuk [Tue, 13 Oct 2020 19:05:06 +0000 (15:05 -0400)] 
hw/xen: Set suppress-vmdesc for Xen machines

xen-save-devices-state doesn't currently generate a vmdesc, so restore
always triggers "Expected vmdescription section, but got 0".  This is
not a problem when restore comes from a file.  However, when QEMU runs
in a linux stubdom and comes over a console, EOF is not received.  This
causes a delay restoring - though it does restore.

Setting suppress-vmdesc skips looking for the vmdesc during restore and
avoids the wait.

The other approach would be generate a vmdesc in qemu_save_device_state.
Since COLO shared that function, and the vmdesc is just discarded on
restore, we choose to skip it.

Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20201013190506.3325-1-jandryuk@gmail.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
20 months agoxen-bus: reduce scope of backend watch
Paul Durrant [Thu, 1 Oct 2020 08:15:00 +0000 (09:15 +0100)] 
xen-bus: reduce scope of backend watch

Currently a single watch on /local/domain/X/backend is registered by each
QEMU process running in service domain X (where X is usually 0). The purpose
of this watch is to ensure that QEMU is notified when the Xen toolstack
creates a new device backend area.
Such a backend area is specific to a single frontend area created for a
specific guest domain and, since each QEMU process is also created to service
a specfic guest domain, it is unnecessary and inefficient to notify all QEMU
processes.
Only the QEMU process associated with the same guest domain need
receive the notification. This patch re-factors the watch registration code
such that notifications are targetted appropriately.

Reported-by: Jerome Leseinne <jerome.leseinne@gmail.com>
Signed-off-by: Paul Durrant <pdurrant@amazon.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20201001081500.1026-1-paul@xen.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
20 months agoxen: Rename XENBACKEND_DEVICE to XENBACKEND
Eduardo Habkost [Wed, 2 Sep 2020 22:43:05 +0000 (18:43 -0400)] 
xen: Rename XENBACKEND_DEVICE to XENBACKEND

Make the type checking macro name consistent with the TYPE_*
constant.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20200902224311.1321159-58-ehabkost@redhat.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
20 months agoxen: xenguest is not used so is not needed
Michael Tokarev [Mon, 27 Jul 2020 14:00:48 +0000 (17:00 +0300)] 
xen: xenguest is not used so is not needed

There's no references in only file which includes xenguest.h
to any xen definitions. And there's no references to -lxenguest
in qemu, either. Drop it.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20200727140048.19779-1-mjt@msgid.tls.msk.ru>
[perard: rebased]
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
20 months agoMerge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20201019' into staging
Peter Maydell [Mon, 19 Oct 2020 13:39:26 +0000 (14:39 +0100)] 
Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20201019' into staging

9pfs: add tests using local fs driver

The currently existing 9pfs test cases are all solely using the 9pfs 'synth'
fileystem driver, which is a very simple and purely simulated (in RAM only)
filesystem. There are issues though where the 'synth' fs driver is not
sufficient. For example the following two bugs need test cases running the
9pfs 'local' fs driver:

https://bugs.launchpad.net/qemu/+bug/1336794
https://bugs.launchpad.net/qemu/+bug/1877384

This patch set for that reason introduces 9pfs test cases using the 9pfs
'local' filesystem driver along to the already existing tests on 'synth'.

# gpg: Signature made Mon 19 Oct 2020 13:39:08 BST
# gpg:                using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395
# gpg:                issuer "qemu_oss@crudebyte.com"
# gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: ECAB 1A45 4014 1413 BA38  4926 30DB 47C3 A012 D5F4
#      Subkey fingerprint: 96D8 D110 CF7A F808 4F88  5901 34C2 B587 65A4 7395

* remotes/cschoenebeck/tags/pull-9p-20201019:
  tests/9pfs: add local Tmkdir test
  tests/9pfs: add virtio_9p_test_path()
  tests/9pfs: wipe local 9pfs test directory
  tests/9pfs: introduce local tests
  tests/9pfs: change qtest name prefix to synth
  9pfs: suppress performance warnings on qtest runs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agoMerge remote-tracking branch 'remotes/kraxel/tags/usb-20201019-pull-request' into...
Peter Maydell [Mon, 19 Oct 2020 12:43:43 +0000 (13:43 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/usb-20201019-pull-request' into staging

usb: fixes for dwc2 + ehci.

# gpg: Signature made Mon 19 Oct 2020 13:33:16 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20201019-pull-request:
  hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()
  usb/hcd-ehci: Fix error handling on missing device for iTD
  usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agotests/9pfs: add local Tmkdir test
Christian Schoenebeck [Thu, 8 Oct 2020 18:34:56 +0000 (20:34 +0200)] 
tests/9pfs: add local Tmkdir test

This test case uses the 9pfs 'local' driver to create a directory
and then checks if the expected directory was actually created
(as real directory) on host side.

This patch introduces a custom split() implementation, because
the test code requires non empty array elements as result. For
that reason g_strsplit() would not be a good alternative, as
it would require additional filter code for reshuffling the
array, and the resulting code would be even more complex than
this split() function.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <be342f236842272275f65dbe05587f0a5409ad77.1602182956.git.qemu_oss@crudebyte.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
20 months agotests/9pfs: add virtio_9p_test_path()
Christian Schoenebeck [Thu, 8 Oct 2020 18:34:56 +0000 (20:34 +0200)] 
tests/9pfs: add virtio_9p_test_path()

This new public function virtio_9p_test_path() allows 9pfs
'local' tests to translate a path from guest scope to host
scope. For instance by passing an empty string it would
return the root path on host of the exported 9pfs tree.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <b563d3c73c6391ec927a2622c9f65c09ca56bd83.1602182956.git.qemu_oss@crudebyte.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
20 months agotests/9pfs: wipe local 9pfs test directory
Christian Schoenebeck [Thu, 8 Oct 2020 18:34:56 +0000 (20:34 +0200)] 
tests/9pfs: wipe local 9pfs test directory

Before running the first 9pfs test case, make sure the test directory
for running the 9pfs 'local' tests on is entirely empty. For that
reason simply delete the test directory (if any) before (re)creating
it on test suite startup.

Note: The preferable precise behaviour would be the test directory
only being wiped once *before* a test suite run. Right now the test
directory is also wiped at the *end* of a test suite run because
libqos is calling the virtio_9p_register_nodes() callback for some
reason also when a test suite completed. This is suboptimal as
developers cannot immediately see what files and directories the
9pfs local tests created precisely after the test suite completed.
But fortunately the test directory is not wiped if some test failed.
So it is probably not worth it drilling another hole into libqos
for this issue.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <b30776ea3289dc40dabc7d0063d825d21d9a65bf.1602182956.git.qemu_oss@crudebyte.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
20 months agotests/9pfs: introduce local tests
Christian Schoenebeck [Thu, 8 Oct 2020 18:34:56 +0000 (20:34 +0200)] 
tests/9pfs: introduce local tests

This patch introduces 9pfs test cases using the 9pfs 'local'
filesystem driver which reads/writes/creates/deletes real files
and directories.

In this initial version, there is only one local test which actually
only checks if the 9pfs 'local' device was created successfully.

Before the 9pfs 'local' tests are run, a test directory 'qtest-9p-local'
is created (with world rwx permissions) under the current working
directory. At this point that test directory is not auto deleted yet.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <81fc4b3b6b6c9bf7999e79f5e7cbc364a5f09ddb.1602182956.git.qemu_oss@crudebyte.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
20 months agotests/9pfs: change qtest name prefix to synth
Christian Schoenebeck [Thu, 8 Oct 2020 18:34:56 +0000 (20:34 +0200)] 
tests/9pfs: change qtest name prefix to synth

All existing 9pfs test cases are using the 'synth' fs driver so far, which
means they are not accessing real files, but a purely simulated (in RAM
only) file system.

Let's make this clear by changing the prefix of the individual qtest case
names from 'fs/' to 'synth/'. That way they'll be easily distinguishable
from upcoming new 9pfs test cases supposed to be using a different fs
driver.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <e04e75acb849b085c6d6320b2433a15fa935bcff.1602182956.git.qemu_oss@crudebyte.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
20 months ago9pfs: suppress performance warnings on qtest runs
Christian Schoenebeck [Mon, 19 Oct 2020 11:10:18 +0000 (13:10 +0200)] 
9pfs: suppress performance warnings on qtest runs

Don't trigger any performance warning if we're just running test cases,
because tests intentionally run for edge cases.

So far performance warnings were suppressed for the 'synth' fs driver
backend only. This patch suppresses them for all 9p fs driver backends.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <a2d2ff2163f8853ea782a7a1d4e6f2afd7c29ffe.1603106145.git.qemu_oss@crudebyte.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
20 months agoMerge remote-tracking branch 'remotes/mcayland/tags/qemu-macppc-20201019' into staging
Peter Maydell [Mon, 19 Oct 2020 10:46:03 +0000 (11:46 +0100)] 
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-macppc-20201019' into staging

qemu-macppc updates

# gpg: Signature made Mon 19 Oct 2020 08:13:16 BST
# gpg:                using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg:                issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* remotes/mcayland/tags/qemu-macppc-20201019:
  mac_oldworld: Change PCI address of macio to match real hardware
  mac_oldworld: Drop some variables
  mac_oldworld: Drop a variable, use get_system_memory() directly
  mac_newworld: Allow loading binary ROM image
  mac_oldworld: Allow loading binary ROM image
  m48t59: remove legacy m48t59_init() function
  ppc405_boards: use qdev properties instead of legacy m48t59_init() function
  sun4u: use qdev properties instead of legacy m48t59_init() function
  sun4m: use qdev properties instead of legacy m48t59_init() function
  m48t59-isa: remove legacy m48t59_init_isa() function
  uninorth: use qdev gpios for PCI IRQs
  grackle: use qdev gpios for PCI IRQs
  macio: don't reference serial_hd() directly within the device

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agoMerge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-next-20201017' into...
Peter Maydell [Mon, 19 Oct 2020 09:52:56 +0000 (10:52 +0100)] 
Merge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-next-20201017' into staging

MIPS patches queue

. Fix some comment spelling errors
. Demacro some TCG helpers
. Add loongson-ext lswc2/lsdc2 group of instructions
. Log unimplemented cache opcode
. Increase number of TLB entries on the 34Kf core
. Allow the CPU to use dynamic frequencies
. Calculate the CP0 timer period using the CPU frequency
. Set CPU frequency for each machine
. Fix Malta FPGA I/O region size
. Allow running qtests when ROM is missing
. Add record/replay acceptance tests
. Update MIPS CPU documentation
. MAINTAINERS updates

CI jobs results:
  https://gitlab.com/philmd/qemu/-/pipelines/203931842
  https://travis-ci.org/github/philmd/qemu/builds/736491461
  https://cirrus-ci.com/build/6272264062631936
  https://app.shippable.com/github/philmd/qemu/runs/886/summary/console

# gpg: Signature made Sat 17 Oct 2020 14:59:53 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/mips-next-20201017: (44 commits)
  target/mips: Increase number of TLB entries on the 34Kf core (16 -> 64)
  MAINTAINERS: Remove duplicated Malta test entries
  MAINTAINERS: Downgrade MIPS Boston to 'Odd Fixes', fix Paul Burton mail
  MAINTAINERS: Put myself forward for MIPS target
  MAINTAINERS: Remove myself
  docs/system: Update MIPS CPU documentation
  tests/acceptance: Add MIPS record/replay tests
  hw/mips: Remove exit(1) in case of missing ROM
  hw/mips: Rename TYPE_MIPS_BOSTON to TYPE_BOSTON
  hw/mips: Simplify code using ROUND_UP(INITRD_PAGE_SIZE)
  hw/mips: Simplify loading 64-bit ELF kernels
  hw/mips/malta: Use clearer qdev style
  hw/mips/malta: Move gt64120 related code together
  hw/mips/malta: Fix FPGA I/O region size
  target/mips/cpu: Display warning when CPU is used without input clock
  hw/mips/cps: Do not allow use without input clock
  hw/mips/malta: Set CPU frequency to 320 MHz
  hw/mips/boston: Set CPU frequency to 1 GHz
  hw/mips/cps: Expose input clock and connect it to CPU cores
  hw/mips/jazz: Correct CPU frequencies
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agohw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()
Mauro Matteo Cascella [Thu, 15 Oct 2020 07:59:57 +0000 (09:59 +0200)] 
hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()

Check the value of mps to avoid potential divide-by-zero later in the function.
Since HCCHAR_MPS is guest controllable, this prevents a malicious/buggy guest
from crashing the QEMU process on the host.

Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Paul Zimmerman <pauldzim@gmail.com>
Reported-by: Gaoning Pan <gaoning.pgn@antgroup.com>
Reported-by: Xingwei Lin <linyi.lxw@antfin.com>
Message-id: 20201015075957.268823-1-mcascell@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
20 months agousb/hcd-ehci: Fix error handling on missing device for iTD
Anthony PERARD [Wed, 14 Oct 2020 10:41:06 +0000 (11:41 +0100)] 
usb/hcd-ehci: Fix error handling on missing device for iTD

The EHCI Host Controller emulation attempt to locate the device
associated with a periodic isochronous transfer description (iTD) and
when this fail the host controller is reset.

But according the EHCI spec 1.0 section 5.15.2.4 Host System
Error, the host controller is supposed to reset itself only when it
failed to communicate with the Host (Operating System), like when
there's an error on the PCI bus. If a transaction fails, there's
nothing in the spec that say to reset the host controller.

This patch rework the error path so that the host controller can keep
working when the OS setup a bogus transaction, it also revert to the
behavior of the EHCI emulation to before commits:
e94682f1fe ("ehci: check device is not NULL before calling usb_ep_get()")
7011baece2 ("usb: remove unnecessary NULL device check from usb_ep_get()")

The issue has been found while trying to passthrough a USB device to a
Windows Server 2012 Xen guest via "usb-ehci", which prevent the USB
device from working in Windows. ("usb-ehci" alone works, windows only
setup this weird periodic iTD to device 127 endpoint 15 when the USB
device is passthrough.)

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Message-id: 20201014104106.2962640-1-anthony.perard@citrix.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
20 months agousb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...)
Paul Zimmerman [Sun, 20 Sep 2020 02:14:49 +0000 (19:14 -0700)] 
usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...)

Change several assert()s to qemu_log_mask(LOG_GUEST_ERROR...),
to prevent the guest from causing Qemu to assert. Also fix up
several existing qemu_log_mask()s to include the function name in
the message.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paul Zimmerman <pauldzim@gmail.com>
Message-id: 20200920021449.830-1-pauldzim@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
20 months agomac_oldworld: Change PCI address of macio to match real hardware
BALATON Zoltan [Thu, 15 Oct 2020 23:47:17 +0000 (01:47 +0200)] 
mac_oldworld: Change PCI address of macio to match real hardware

The board firmware expect these to be at fixed addresses and programs
them without probing, this patch puts the macio device at the expected
PCI address.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <f14bcaf3cf129500710ba5289980a134086bd949.1602805637.git.balaton@eik.bme.hu>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agomac_oldworld: Drop some variables
BALATON Zoltan [Thu, 15 Oct 2020 23:47:17 +0000 (01:47 +0200)] 
mac_oldworld: Drop some variables

Values not used frequently enough may not worth putting in a local
variable, especially with names almost as long as the original value
because that does not improve readability, to the contrary it makes it
harder to see what value is used. Drop a few such variables.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <d67bc8d914a366ca6822b5190c1308d31af5c9b3.1602805637.git.balaton@eik.bme.hu>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agomac_oldworld: Drop a variable, use get_system_memory() directly
BALATON Zoltan [Thu, 15 Oct 2020 23:47:17 +0000 (01:47 +0200)] 
mac_oldworld: Drop a variable, use get_system_memory() directly

Half of the occurances already use get_system_memory() directly
instead of sysmem variable, convert the two other uses to
get_system_memory() too which seems to be more common and drop the
variable.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <b4c714e03690deb6f94f80f7a5b2af47d90550ae.1602805637.git.balaton@eik.bme.hu>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agomac_newworld: Allow loading binary ROM image
BALATON Zoltan [Thu, 15 Oct 2020 23:47:17 +0000 (01:47 +0200)] 
mac_newworld: Allow loading binary ROM image

Fall back to load binary ROM image if loading ELF fails. This also
moves PROM_BASE and PROM_SIZE defines to board as these are matching
the ROM size and address on this board and removes the now unused
PROM_ADDR and BIOS_SIZE defines from common mac.h.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <4d58ffe7645a0c746c8fed6aa8775c0867b624e0.1602805637.git.balaton@eik.bme.hu>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agomac_oldworld: Allow loading binary ROM image
BALATON Zoltan [Sat, 17 Oct 2020 15:47:29 +0000 (17:47 +0200)] 
mac_oldworld: Allow loading binary ROM image

The beige G3 Power Macintosh has a 4MB firmware ROM. Fix the size of
the rom region and fall back to loading a binary image with -bios if
loading ELF image failed. This allows testing emulation with a ROM
image from real hardware as well as using an ELF OpenBIOS image.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20201017155139.5A36A746331@zero.eik.bme.hu>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agom48t59: remove legacy m48t59_init() function
Mark Cave-Ayland [Fri, 16 Oct 2020 18:27:39 +0000 (19:27 +0100)] 
m48t59: remove legacy m48t59_init() function

Now that all of the callers of this function have been switched to use qdev
properties, this legacy init function can now be removed.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20201016182739.22875-6-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agoppc405_boards: use qdev properties instead of legacy m48t59_init() function
Mark Cave-Ayland [Fri, 16 Oct 2020 18:27:38 +0000 (19:27 +0100)] 
ppc405_boards: use qdev properties instead of legacy m48t59_init() function

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20201016182739.22875-5-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agosun4u: use qdev properties instead of legacy m48t59_init() function
Mark Cave-Ayland [Fri, 16 Oct 2020 18:27:37 +0000 (19:27 +0100)] 
sun4u: use qdev properties instead of legacy m48t59_init() function

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20201016182739.22875-4-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agosun4m: use qdev properties instead of legacy m48t59_init() function
Mark Cave-Ayland [Fri, 16 Oct 2020 18:27:36 +0000 (19:27 +0100)] 
sun4m: use qdev properties instead of legacy m48t59_init() function

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20201016182739.22875-3-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agom48t59-isa: remove legacy m48t59_init_isa() function
Mark Cave-Ayland [Fri, 16 Oct 2020 18:27:35 +0000 (19:27 +0100)] 
m48t59-isa: remove legacy m48t59_init_isa() function

This function is no longer used within the codebase.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20201016182739.22875-2-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agouninorth: use qdev gpios for PCI IRQs
Mark Cave-Ayland [Tue, 13 Oct 2020 11:49:22 +0000 (12:49 +0100)] 
uninorth: use qdev gpios for PCI IRQs

Currently an object link property is used to pass a reference to the OpenPIC
into the PCI host bridge so that pci_unin_init_irqs() can connect the PCI
IRQs to the PIC itself.

This can be simplified by defining the PCI IRQs as qdev gpios and then wiring
up the PCI IRQs to the PIC in the New World machine init function.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201013114922.2946-4-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agograckle: use qdev gpios for PCI IRQs
Mark Cave-Ayland [Tue, 13 Oct 2020 11:49:21 +0000 (12:49 +0100)] 
grackle: use qdev gpios for PCI IRQs

Currently an object link property is used to pass a reference to the Heathrow
PIC into the PCI host bridge so that grackle_init_irqs() can connect the PCI
IRQs to the PIC itself.

This can be simplified by defining the PCI IRQs as qdev gpios and then wiring
up the PCI IRQs to the PIC in the Old World machine init function.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201013114922.2946-3-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agomacio: don't reference serial_hd() directly within the device
Mark Cave-Ayland [Tue, 13 Oct 2020 11:49:20 +0000 (12:49 +0100)] 
macio: don't reference serial_hd() directly within the device

Instead use qdev_prop_set_chr() to configure the ESCC serial chardevs at the
Mac Old World and New World machine level.

Also remove the now obsolete comment referring to the use of serial_hd() and
the setting of user_creatable to false accordingly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20201013114922.2946-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
20 months agoMerge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
Peter Maydell [Sat, 17 Oct 2020 19:52:55 +0000 (20:52 +0100)] 
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

* Drop ninjatool and just require ninja (Paolo)
* Fix docs build under msys2 (Yonggang)
* HAX snafu fix (Claudio)
* Disable signal handlers during fuzzing (Alex)
* Miscellaneous fixes (Bruce, Greg)

# gpg: Signature made Sat 17 Oct 2020 15:45:56 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream: (22 commits)
  ci: include configure and meson logs in all jobs if configure fails
  hax: unbreak accelerator cpu code after cpus.c split
  fuzz: Disable QEMU's SIG{INT,HUP,TERM} handlers
  cirrus: Enable doc build on msys2/mingw
  meson: Move the detection logic for sphinx to meson
  meson: move SPHINX_ARGS references within "if build_docs"
  docs: Fix Sphinx configuration for msys2/mingw
  meson: Only install icons and qemu.desktop if have_system
  configure: fix handling of --docdir parameter
  meson: cleanup curses/iconv test
  meson.build: don't condition iconv detection on library detection
  build: add --enable/--disable-libudev
  build: replace ninjatool with ninja
  build: cleanups to Makefile
  add ninja to dockerfiles, CI configurations and test VMs
  dockerfiles: enable Centos 8 PowerTools
  configure: move QEMU_INCLUDES to meson
  tests: add missing generated sources to testqapi
  make: run shell with pipefail
  tests/Makefile.include: unbreak non-tcg builds
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20 months agoci: include configure and meson logs in all jobs if configure fails
Paolo Bonzini [Fri, 16 Oct 2020 09:49:28 +0000 (05:49 -0400)] 
ci: include configure and meson logs in all jobs if configure fails

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agohax: unbreak accelerator cpu code after cpus.c split
Claudio Fontana [Fri, 16 Oct 2020 08:00:32 +0000 (10:00 +0200)] 
hax: unbreak accelerator cpu code after cpus.c split

during my split of cpus.c, code line
"current_cpu = cpu"
was removed by mistake, causing hax to break.

This commit fixes the situation restoring it.

Reported-by: Volker Rümelin <vr_qemu@t-online.de>
Fixes: e92558e4bf8059ce4f0b310afe218802b72766bc
Signed-off-by: Claudio Fontana <cfontana@suse.de>
Message-Id: <20201016080032.13914-1-cfontana@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agofuzz: Disable QEMU's SIG{INT,HUP,TERM} handlers
Alexander Bulekov [Wed, 14 Oct 2020 14:21:57 +0000 (10:21 -0400)] 
fuzz: Disable QEMU's SIG{INT,HUP,TERM} handlers

Prior to this patch, the only way I found to terminate the fuzzer was
either to:
 1. Explicitly specify the number of fuzzer runs with the -runs= flag
 2. SIGKILL the process with "pkill -9 qemu-fuzz-*" or similar

In addition to being annoying to deal with, SIGKILLing the process skips
over any exit handlers(e.g. registered with atexit()). This is bad,
since some fuzzers might create temporary files that should ideally be
removed on exit using an exit handler. The only way to achieve a clean
exit now is to specify -runs=N , but the desired "N" is tricky to
identify prior to fuzzing.

Why doesn't the process exit with standard SIGINT,SIGHUP,SIGTERM
signals? QEMU installs its own handlers for these signals in
os-posix.c:os_setup_signal_handling, which notify the main loop that an
exit was requested. The fuzzer, however, does not run qemu_main_loop,
which performs the main_loop_should_exit() check.  This means that the
fuzzer effectively ignores these signals. As we don't really care about
cleanly stopping the disposable fuzzer "VM", this patch uninstalls
QEMU's signal handlers. Thus, we can stop the fuzzer with
SIG{INT,HUP,TERM} and the fuzzing code can optionally use atexit() to
clean up temporary files/resources.

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201014142157.46028-1-alxndr@bu.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agocirrus: Enable doc build on msys2/mingw
Yonggang Luo [Thu, 15 Oct 2020 22:06:26 +0000 (06:06 +0800)] 
cirrus: Enable doc build on msys2/mingw

Currently rST depends on old version sphinx-2.x.
Install it by downloading it.
Remove the need of university mirror, the main repo are recovered.

Signed-off-by: Yonggang Luo <luoyonggang@gmail.com>
Message-Id: <20201015220626.418-5-luoyonggang@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agomeson: Move the detection logic for sphinx to meson
Yonggang Luo [Thu, 15 Oct 2020 22:06:25 +0000 (06:06 +0800)] 
meson: Move the detection logic for sphinx to meson

Signed-off-by: Yonggang Luo <luoyonggang@gmail.com>
Message-Id: <20201015220626.418-4-luoyonggang@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agomeson: move SPHINX_ARGS references within "if build_docs"
Paolo Bonzini [Fri, 16 Oct 2020 08:05:26 +0000 (04:05 -0400)] 
meson: move SPHINX_ARGS references within "if build_docs"

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agodocs: Fix Sphinx configuration for msys2/mingw
Yonggang Luo [Thu, 15 Oct 2020 22:06:23 +0000 (06:06 +0800)] 
docs: Fix Sphinx configuration for msys2/mingw

Python doesn't support running ../scripts/kernel-doc directly.

Signed-off-by: Yonggang Luo <luoyonggang@gmail.com>
Message-Id: <20201015220626.418-2-luoyonggang@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agomeson: Only install icons and qemu.desktop if have_system
Bruce Rogers [Thu, 15 Oct 2020 20:18:40 +0000 (14:18 -0600)] 
meson: Only install icons and qemu.desktop if have_system

These files are not needed for a linux-user only install.

Signed-off-by: Bruce Rogers <brogers@suse.com>
Message-Id: <20201015201840.282956-1-brogers@suse.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agoconfigure: fix handling of --docdir parameter
Bruce Rogers [Thu, 15 Oct 2020 19:07:42 +0000 (13:07 -0600)] 
configure: fix handling of --docdir parameter

Commit ca8c0909f01 changed qemu_docdir to be docdir, then later uses the
qemu_docdir name in the final assignment. Unfortunately, one instance of
qemu_docdir was missed: the one which comes from the --docdir parameter.
This patch restores the proper handling of the --docdir parameter.

Fixes: ca8c0909f01 ("configure: build docdir like other suffixed
directories")

Signed-off-by: Bruce Rogers <brogers@suse.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201015190742.270629-1-brogers@suse.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agomeson: cleanup curses/iconv test
Paolo Bonzini [Thu, 15 Oct 2020 17:26:50 +0000 (13:26 -0400)] 
meson: cleanup curses/iconv test

Skip the test if it is system emulation is not requested, and
differentiate errors for lack of iconv and lack of curses.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agomeson.build: don't condition iconv detection on library detection
Bruce Rogers [Wed, 14 Oct 2020 22:19:39 +0000 (16:19 -0600)] 
meson.build: don't condition iconv detection on library detection

It isn't necessarily the case that use of iconv requires an additional
library. For that reason we shouldn't conditionalize iconv detection on
libiconv.found.

Fixes: 5285e593c33 (configure: Fixes ncursesw detection under msys2/mingw by convert them to meson)

Signed-off-by: Bruce Rogers <brogers@suse.com>
Reviewed-by: Yonggang Luo<l <brogers@suse.com>uoyonggang@gmail.com>
Reviewed-by:Yonggang Luo <luoyonggang@gmail.com>
Message-Id: <20201014221939.196958-1-brogers@suse.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agobuild: add --enable/--disable-libudev
Paolo Bonzini [Thu, 15 Oct 2020 10:09:27 +0000 (06:09 -0400)] 
build: add --enable/--disable-libudev

Initially, libudev detection was bundled with --enable-mpath because
qemu-pr-helper was the only user of libudev.  Recently however the USB
U2F emulation has also started using libudev, so add a separate
option.  This also allows 1) disabling libudev if desired for static
builds and 2) for non-static builds, requiring libudev even if
multipath support is undesirable.

The multipath test is adjusted, because it is now possible to enter it
with configurations that should fail, such as --static --enable-mpath
--disable-libudev.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agobuild: replace ninjatool with ninja
Paolo Bonzini [Thu, 13 Aug 2020 13:28:11 +0000 (09:28 -0400)] 
build: replace ninjatool with ninja

Now that the build is done entirely by Meson, there is no need
to keep the Makefile conversion.  Instead, we can ask Ninja about
the targets it exposes and forward them.

The main advantages are, from smallest to largest:

- reducing the possible namespace pollution within the Makefile

- removal of a relatively large Python program

- faster build because parsing Makefile.ninja is slower than
parsing build.ninja; and faster build after Meson runs because
we do not have to generate Makefile.ninja.

- tracking of command lines, which provides more accurate rebuilds

In addition the change removes the requirement for GNU make 3.82, which
was annoying on Mac, and avoids bugs on Windows due to ninjatool not
knowing how to convert Windows escapes to POSIX escapes.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agobuild: cleanups to Makefile
Paolo Bonzini [Thu, 15 Oct 2020 16:20:02 +0000 (12:20 -0400)] 
build: cleanups to Makefile

Group similar rules, add comments to "else" and "endif" lines,
detect too-old config-host.mak before messing things up.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agoadd ninja to dockerfiles, CI configurations and test VMs
Paolo Bonzini [Thu, 13 Aug 2020 13:58:50 +0000 (09:58 -0400)] 
add ninja to dockerfiles, CI configurations and test VMs

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agodockerfiles: enable Centos 8 PowerTools
Paolo Bonzini [Wed, 14 Oct 2020 11:12:37 +0000 (07:12 -0400)] 
dockerfiles: enable Centos 8 PowerTools

ninja is included in the CentOS PowerTools repository.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agoconfigure: move QEMU_INCLUDES to meson
Paolo Bonzini [Wed, 14 Oct 2020 12:45:42 +0000 (08:45 -0400)] 
configure: move QEMU_INCLUDES to meson

Confusingly, QEMU_INCLUDES is not used by configure tests.  Moving
it to meson.build ensures that Windows paths are specified instead of
the msys paths like /c/Users/...

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agotests: add missing generated sources to testqapi
Paolo Bonzini [Wed, 14 Oct 2020 11:20:17 +0000 (07:20 -0400)] 
tests: add missing generated sources to testqapi

Ninja notices them due to a different order in visiting the graph.

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agomake: run shell with pipefail
Paolo Bonzini [Wed, 14 Oct 2020 11:35:13 +0000 (07:35 -0400)] 
make: run shell with pipefail

Without pipefail, it is possible to miss failures if the recipes
include pipes.

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agotests/Makefile.include: unbreak non-tcg builds
Paolo Bonzini [Tue, 13 Oct 2020 19:21:21 +0000 (21:21 +0200)] 
tests/Makefile.include: unbreak non-tcg builds

Remove from check-block the requirement that all TARGET_DIRS are built.

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agoMakefile: Ensure cscope.out/tags/TAGS are generated in the source tree
Greg Kurz [Thu, 15 Oct 2020 14:49:06 +0000 (16:49 +0200)] 
Makefile: Ensure cscope.out/tags/TAGS are generated in the source tree

Tools usually expect the index files to be in the source tree, eg. emacs.
This is already the case when doing out-of-tree builds, but with in-tree
builds they end up in the build directory.

Force cscope, ctags and etags to put them in the source tree.

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <160277334665.1754102.10921580280105870386.stgit@bahia.lan>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agosubmodules: bump meson to 0.55.3
Paolo Bonzini [Thu, 15 Oct 2020 07:20:45 +0000 (03:20 -0400)] 
submodules: bump meson to 0.55.3

This adds some bugfixes, and allows MSYS2 to configure
without "--ninja=ninja".

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
20 months agotarget/mips: Increase number of TLB entries on the 34Kf core (16 -> 64)
Philippe Mathieu-Daudé [Fri, 16 Oct 2020 13:20:37 +0000 (15:20 +0200)] 
target/mips: Increase number of TLB entries on the 34Kf core (16 -> 64)

Per "MIPS32 34K Processor Core Family Software User's Manual,
Revision 01.13" page 8 in "Joint TLB (JTLB)" section:

  "The JTLB is a fully associative TLB cache containing 16, 32,
   or 64-dual-entries mapping up to 128 virtual pages to their
   corresponding physical addresses."

There is no particular reason to restrict the 34Kf core model to
16 TLB entries, so raise its config to 64.

This is helpful for other projects, in particular the Yocto Project:

  Yocto Project uses qemu-system-mips 34Kf cpu model, to run 32bit
  MIPS CI loop. It was observed that in this case CI test execution
  time was almost twice longer than 64bit MIPS variant that runs
  under MIPS64R2-generic model. It was investigated and concluded
  that the difference in number of TLBs 16 in 34Kf case vs 64 in
  MIPS64R2-generic is responsible for most of CI real time execution
  difference. Because with 16 TLBs linux user-land trashes TLB more
  and it needs to execute more instructions in TLB refill handler
  calls, as result it runs much longer.

(https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg03428.html)

Buglink: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13992
Reported-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20201016133317.553068-1-f4bug@amsat.org>

20 months agoMAINTAINERS: Remove duplicated Malta test entries
Philippe Mathieu-Daudé [Fri, 9 Oct 2020 15:11:00 +0000 (17:11 +0200)] 
MAINTAINERS: Remove duplicated Malta test entries

The Malta tests are already covered in the Malta section.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20201013101659.3557154-3-f4bug@amsat.org>

20 months agoMAINTAINERS: Downgrade MIPS Boston to 'Odd Fixes', fix Paul Burton mail
Philippe Mathieu-Daudé [Fri, 9 Oct 2020 16:15:59 +0000 (18:15 +0200)] 
MAINTAINERS: Downgrade MIPS Boston to 'Odd Fixes', fix Paul Burton mail

Paul's Wavecomp email has been bouncing for months. He told us
he "no longer has access to modern MIPS CPUs or Boston hardware,
and wouldn't currently have time to spend on them if he did." [1]
but "perhaps that might change in the future." [2].
Be fair and downgrade the status of the Boston board to "Odd Fixes"
(has a maintainer but they don't have time to do much other).
Similarly to commit 2b107c2c1c (".mailmap: Update Paul Burton email
address"), update his email address here too.

[1] https://www.mail-archive.com/qemu-devel@nongnu.org/msg718739.html
[2] https://www.mail-archive.com/qemu-devel@nongnu.org/msg728605.html

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20201013101659.3557154-4-f4bug@amsat.org>

20 months agoMAINTAINERS: Put myself forward for MIPS target
Philippe Mathieu-Daudé [Fri, 9 Oct 2020 15:05:13 +0000 (17:05 +0200)] 
MAINTAINERS: Put myself forward for MIPS target

To avoid the MIPS target being orphan, volunteer to keep an eye
on it and put together pull requests.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20201013101659.3557154-2-f4bug@amsat.org>

20 months agoMAINTAINERS: Remove myself
Aleksandar Markovic [Wed, 7 Oct 2020 20:37:21 +0000 (22:37 +0200)] 
MAINTAINERS: Remove myself

I have been working on project other than QEMU for some time, and would
like to devote myself to that project. It is impossible for me to find
enough time to perform maintainer's duties with needed meticulousness
and patience.

I wish prosperous future to QEMU and all colleagues in QEMU community.

Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <1602103041-32017-6-git-send-email-aleksandar.qemu.devel@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20 months agodocs/system: Update MIPS CPU documentation
Huacai Chen [Wed, 7 Oct 2020 08:39:35 +0000 (16:39 +0800)] 
docs/system: Update MIPS CPU documentation

Add Loongson-3A CPU models description.

Signed-off-by: Huacai Chen <chenhc@lemote.com>
Message-Id: <1602059975-10115-10-git-send-email-chenhc@lemote.com>
[PMD: Split patch in 2: CPU / machine]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20 months agotests/acceptance: Add MIPS record/replay tests
Pavel Dovgalyuk [Thu, 15 Oct 2020 11:25:02 +0000 (14:25 +0300)] 
tests/acceptance: Add MIPS record/replay tests

This patch adds MIPS-targeted acceptance tests for
record/replay functions.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <160276110297.2705.10918105269658307206.stgit@pasha-ThinkPad-X280>
[PMD: Moved 'override timeout' comment from instance to class,
      moved nanomips tests to ReplayKernelSlow class,
      tagged ReplayKernelSlow class with AVOCADO_TIMEOUT_EXPECTED]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20 months agohw/mips: Remove exit(1) in case of missing ROM
Pavel Dovgalyuk [Tue, 21 Jul 2020 06:15:05 +0000 (09:15 +0300)] 
hw/mips: Remove exit(1) in case of missing ROM

This patch updates MIPS-based machines to allow starting them without ROM.
In this case CPU starts to execute instructions from the empty memory,
but QEMU allows introspecting the machine configuration.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <159531210571.24117.231100997794891819.stgit@pasha-ThinkPad-X280>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20 months agohw/mips: Rename TYPE_MIPS_BOSTON to TYPE_BOSTON
Eduardo Habkost [Wed, 2 Sep 2020 22:42:26 +0000 (18:42 -0400)] 
hw/mips: Rename TYPE_MIPS_BOSTON to TYPE_BOSTON

This will make the type name constant consistent with the name of
the type checking macro.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200902224311.1321159-19-ehabkost@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20 months agohw/mips: Simplify code using ROUND_UP(INITRD_PAGE_SIZE)
Philippe Mathieu-Daudé [Sun, 27 Sep 2020 11:18:17 +0000 (13:18 +0200)] 
hw/mips: Simplify code using ROUND_UP(INITRD_PAGE_SIZE)

Instead of using a INITRD_PAGE_MASK definition, use the
simpler INITRD_PAGE_SIZE one which allows us to simplify
the code by using directly the self-explicit ROUND_UP()
macro.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200927163943.614604-3-f4bug@amsat.org>

20 months agohw/mips: Simplify loading 64-bit ELF kernels
Philippe Mathieu-Daudé [Sun, 27 Sep 2020 12:21:11 +0000 (14:21 +0200)] 
hw/mips: Simplify loading 64-bit ELF kernels

Since 82790064116 ("Cast ELF datatypes properly to host 64bit types")
we don't need to sign-extend the entry_point address. Remove this
unnecessary code.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200927163943.614604-2-f4bug@amsat.org>

20 months agohw/mips/malta: Use clearer qdev style
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 15:56:40 +0000 (17:56 +0200)] 
hw/mips/malta: Use clearer qdev style

In order to be consistent with the other code base uses,
rewrite slightly how the MIPS_MALTA object is created.
No logical change.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20201012160503.3472140-3-f4bug@amsat.org>

20 months agohw/mips/malta: Move gt64120 related code together
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 15:35:50 +0000 (17:35 +0200)] 
hw/mips/malta: Move gt64120 related code together

The 'empty_slot' region created is related to the gt64120.
Move its creation close to the gt64120 instance creation.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20201012160503.3472140-2-f4bug@amsat.org>

20 months agohw/mips/malta: Fix FPGA I/O region size
Philippe Mathieu-Daudé [Sat, 5 Sep 2020 20:01:24 +0000 (22:01 +0200)] 
hw/mips/malta: Fix FPGA I/O region size

The FPGA present on the CoreCard has an I/O region 1MiB wide.

Refs:
- Atlas User’s Manual (Document Number: MD00005)
- Malta User’s Manual (Document Number: MD00048)

Fixes: ea85df72b60 ("mips_malta: convert to memory API")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200905213049.761949-1-f4bug@amsat.org>

20 months agotarget/mips/cpu: Display warning when CPU is used without input clock
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:58:04 +0000 (11:58 +0200)] 
target/mips/cpu: Display warning when CPU is used without input clock

All our QOM users provides an input clock. In order to avoid
avoid future machines added without clock, display a warning.

User-mode emulation use the CP0 timer with the RDHWR instruction
(see commit cdfcad788394) so keep using the fixed 200 MHz clock
without diplaying any warning. Only display it in system-mode
emulation.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-22-f4bug@amsat.org>

20 months agohw/mips/cps: Do not allow use without input clock
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:58:03 +0000 (11:58 +0200)] 
hw/mips/cps: Do not allow use without input clock

Now than all QOM users provides the input clock, do not allow
using a CPS without input clock connected.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-21-f4bug@amsat.org>

20 months agohw/mips/malta: Set CPU frequency to 320 MHz
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:58:02 +0000 (11:58 +0200)] 
hw/mips/malta: Set CPU frequency to 320 MHz

The CoreLV card with ID 0x420's CPU clocked at 320 MHz. Create
a 'cpuclk' output clock and connect it to the CPU input clock.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-20-f4bug@amsat.org>

20 months agohw/mips/boston: Set CPU frequency to 1 GHz
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:58:01 +0000 (11:58 +0200)] 
hw/mips/boston: Set CPU frequency to 1 GHz

The I6400 can run at 1 GHz or more. Create a 'cpuclk'
output clock and connect it to the CPU input clock.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-19-f4bug@amsat.org>

20 months agohw/mips/cps: Expose input clock and connect it to CPU cores
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:58:00 +0000 (11:58 +0200)] 
hw/mips/cps: Expose input clock and connect it to CPU cores

Expose a qdev input clock named 'clk-in', and connect it to each
core to forward-propagate the clock.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-18-f4bug@amsat.org>

20 months agohw/mips/jazz: Correct CPU frequencies
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:59 +0000 (11:57 +0200)] 
hw/mips/jazz: Correct CPU frequencies

The Magnum 4000PC CPU runs at 100 MHz, and the Acer PICA-61
CPU at ~134 MHz.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-17-f4bug@amsat.org>

20 months agohw/mips/mipssim: Correct CPU frequency
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:58 +0000 (11:57 +0200)] 
hw/mips/mipssim: Correct CPU frequency

The MIPSsim machine CPU frequency is too fast running at 200 MHz,
while it should be 12 MHz for the 24K and 6 MHz for the 5K core.

Ref: Linux commit c78cbf49c4ed
("Support for MIPSsim, the cycle accurate MIPS simulator.")

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-16-f4bug@amsat.org>

20 months agohw/mips/fuloong2e: Set CPU frequency to 533 MHz
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:57 +0000 (11:57 +0200)] 
hw/mips/fuloong2e: Set CPU frequency to 533 MHz

The CPU frequency is normally provided by the firmware in the
"cpuclock" environment variable. The 2E board can handles up
to 660MHz, but be conservative and take the same value used
by the Linux kernel: 533 MHz.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <20201012095804.3335117-15-f4bug@amsat.org>

20 months agohw/mips/r4k: Explicit CPU frequency is 200 MHz
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:56 +0000 (11:57 +0200)] 
hw/mips/r4k: Explicit CPU frequency is 200 MHz

Since its introduction in commit 6af0bf9c7c3,
the 'r4k' machine runs at 200 MHz.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-14-f4bug@amsat.org>

20 months agotarget/mips/cpu: Introduce mips_cpu_create_with_clock() helper
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:55 +0000 (11:57 +0200)] 
target/mips/cpu: Introduce mips_cpu_create_with_clock() helper

Introduce an helper to create a MIPS CPU and connect it to
a reference clock. This helper is not MIPS specific, but so
far only MIPS CPUs need it.

Suggested-by: Huacai Chen <zltjiangshi@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-13-f4bug@amsat.org>

20 months agotarget/mips/cpu: Allow the CPU to use dynamic frequencies
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:54 +0000 (11:57 +0200)] 
target/mips/cpu: Allow the CPU to use dynamic frequencies

Use the Clock API and let the CPU object have an input clock.

If no clock is connected, keep using the default frequency of
200 MHz used since the introduction of the 'r4k' machine in
commit 6af0bf9c7c3.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-12-f4bug@amsat.org>

20 months agotarget/mips/cpu: Make cp0_count_rate a property
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:53 +0000 (11:57 +0200)] 
target/mips/cpu: Make cp0_count_rate a property

Since not all CPU implementations use a cores use a CP0 timer
at half the frequency of the CPU, make this variable a property.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-11-f4bug@amsat.org>

20 months agotarget/mips/cpu: Calculate the CP0 timer period using the CPU frequency
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:52 +0000 (11:57 +0200)] 
target/mips/cpu: Calculate the CP0 timer period using the CPU frequency

The CP0 timer period is a function of the CPU frequency.
Start using the default values, which will be replaced by
properties in the next commits.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <20201012095804.3335117-10-f4bug@amsat.org>

20 months agotarget/mips: Move cp0_count_ns to CPUMIPSState
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:51 +0000 (11:57 +0200)] 
target/mips: Move cp0_count_ns to CPUMIPSState

Currently the CP0 timer period is fixed at 10 ns, corresponding
to a fixed CPU frequency of 200 MHz (using half the speed of the
CPU).

In few commits we will be able to use a different CPU frequency.
In preparation, move the cp0_count_ns variable to CPUMIPSState
so we can modify it.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <20201012095804.3335117-9-f4bug@amsat.org>

20 months agotarget/mips/cp0_timer: Document TIMER_PERIOD origin
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:50 +0000 (11:57 +0200)] 
target/mips/cp0_timer: Document TIMER_PERIOD origin

TIMER_PERIOD value of '10 ns' can be explained looking at
commit 6af0bf9c7c3doc, where the CPU frequency is 200 MHz
and CP0 default count rate is half the frequency of the
CPU. Document that.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201012095804.3335117-8-f4bug@amsat.org>

20 months agotarget/mips/cp0_timer: Explicit unit in variable name
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:49 +0000 (11:57 +0200)] 
target/mips/cp0_timer: Explicit unit in variable name

Name variables holding nanoseconds with the '_ns' suffix.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20201012095804.3335117-7-f4bug@amsat.org>

20 months agotarget/mips: Move cpu_mips_get_random() with CP0 helpers
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 09:57:48 +0000 (11:57 +0200)] 
target/mips: Move cpu_mips_get_random() with CP0 helpers

The get_random() helper uses the CP0_Wired register, which is
unrelated to the CP0_Count register used as timer.
Commit e16fe40c872 ("Move the MIPS CPU timer in a separate file")
incorrectly moved this get_random() helper with timer specific
code. Move it back to generic CP0 helpers.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-Id: <20201012095804.3335117-6-f4bug@amsat.org>

20 months agotarget/mips/op_helper: Log unimplemented cache opcode
Philippe Mathieu-Daudé [Thu, 13 Aug 2020 17:48:32 +0000 (19:48 +0200)] 
target/mips/op_helper: Log unimplemented cache opcode

In case the guest uses a cache opcode we are not expecting,
log it to give us a chance to notice it, in case we should
actually do something.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <20200813181527.22551-4-f4bug@amsat.org>

20 months agotarget/mips/op_helper: Document Invalidate/Writeback opcodes as no-op
Philippe Mathieu-Daudé [Thu, 13 Aug 2020 17:49:22 +0000 (19:49 +0200)] 
target/mips/op_helper: Document Invalidate/Writeback opcodes as no-op

QEMU does not model caches, so there is not much to do with the
Invalidate/Writeback opcodes. Make it explicit adding a comment.

Suggested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <20200813181527.22551-3-f4bug@amsat.org>

20 months agotarget/mips/op_helper: Convert multiple if() to switch case
Philippe Mathieu-Daudé [Thu, 13 Aug 2020 17:48:49 +0000 (19:48 +0200)] 
target/mips/op_helper: Convert multiple if() to switch case

The cache operation is encoded in bits [20:18] of the instruction.
The 'op' argument of helper_cache() contains the bits [20:16].
Extract the 3 bits and parse them using a switch case. This allow
us to handle multiple cache types (the cache type is encoded in
bits [17:16]).

Previously the if() block was only checking the D-Cache (Primary
Data or Unified Primary). Now we also handle the I-Cache (Primary
Instruction), S-Cache (Secondary) and T-Cache (Terciary).

Reported-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <20200813181527.22551-2-f4bug@amsat.org>

20 months agotarget/mips: Add loongson-ext lsdc2 group of instructions
Jiaxun Yang [Fri, 16 Oct 2020 06:51:56 +0000 (14:51 +0800)] 
target/mips: Add loongson-ext lsdc2 group of instructions

LDC2/SDC2 opcodes have been rewritten as "load & store with offset"
group of instructions by loongson-ext ASE.

This patch add implementation of these instructions:

  gslbx: load 1 bytes to GPR
  gslhx: load 2 bytes to GPR
  gslwx: load 4 bytes to GPR
  gsldx: load 8 bytes to GPR
  gslwxc1: load 4 bytes to FPR
  gsldxc1: load 8 bytes to FPR
  gssbx: store 1 bytes from GPR
  gsshx: store 2 bytes from GPR
  gsswx: store 4 bytes from GPR
  gssdx: store 8 bytes from GPR
  gsswxc1: store 4 bytes from FPR
  gssdxc1: store 8 bytes from FPR

Details of Loongson-EXT is here:
https://github.com/FlyGoat/loongson-insn/blob/master/loongson-ext.md

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1602831120-3377-5-git-send-email-chenhc@lemote.com>

20 months agotarget/mips: Add loongson-ext lswc2 group of instructions (Part 2)
Jiaxun Yang [Fri, 16 Oct 2020 06:51:55 +0000 (14:51 +0800)] 
target/mips: Add loongson-ext lswc2 group of instructions (Part 2)

LWC2 & SWC2 have been rewritten by Loongson EXT vendor ASE
as "load/store quad word" and "shifted load/store" groups of
instructions.

This patch add implementation of these instructions:

  gslwlc1: similar to lwl but RT is FPR instead of GPR
  gslwrc1: similar to lwr but RT is FPR instead of GPR
  gsldlc1: similar to ldl but RT is FPR instead of GPR
  gsldrc1: similar to ldr but RT is FPR instead of GPR
  gsswlc1: similar to swl but RT is FPR instead of GPR
  gsswrc1: similar to swr but RT is FPR instead of GPR
  gssdlc1: similar to sdl but RT is FPR instead of GPR
  gssdrc1: similar to sdr but RT is FPR instead of GPR

Details of Loongson-EXT is here:
https://github.com/FlyGoat/loongson-insn/blob/master/loongson-ext.md

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Message-Id: <1602831120-3377-4-git-send-email-chenhc@lemote.com>
[PMD: Reuse t1 on MIPS32, reintroduce t2/fp0]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20 months agotarget/mips: Add loongson-ext lswc2 group of instructions (Part 1)
Jiaxun Yang [Fri, 16 Oct 2020 06:51:54 +0000 (14:51 +0800)] 
target/mips: Add loongson-ext lswc2 group of instructions (Part 1)

LWC2 & SWC2 have been rewritten by Loongson EXT vendor ASE
as "load/store quad word" and "shifted load/store" groups of
instructions.

This patch add implementation of these instructions:

  gslq: load 16 bytes to GPR
  gssq: store 16 bytes from GPR
  gslqc1: load 16 bytes to FPR
  gssqc1: store 16 bytes from FPR

Details of Loongson-EXT is here:
https://github.com/FlyGoat/loongson-insn/blob/master/loongson-ext.md

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Message-Id: <1602831120-3377-3-git-send-email-chenhc@lemote.com>
[PMD: Restrict t1 variable to TARGET_MIPS64, remove unused t2/fp0]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20 months agotarget/mips: Demacro helpers for <MAX|MAXA|MIN|MINA>.<D|S>
Aleksandar Markovic [Wed, 7 Oct 2020 20:37:19 +0000 (22:37 +0200)] 
target/mips: Demacro helpers for <MAX|MAXA|MIN|MINA>.<D|S>

Remove function definitions via macros to achieve better code clarity.

Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1602103041-32017-4-git-send-email-aleksandar.qemu.devel@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>