qemu.git
11 months agoblock/export: report flush errors
Stefan Hajnoczi [Thu, 24 Sep 2020 15:15:46 +0000 (16:15 +0100)] 
block/export: report flush errors

Propagate the flush return value since errors are possible.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-11-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoutil/vhost-user-server: rework vu_client_trip() coroutine lifecycle
Stefan Hajnoczi [Thu, 24 Sep 2020 15:15:45 +0000 (16:15 +0100)] 
util/vhost-user-server: rework vu_client_trip() coroutine lifecycle

The vu_client_trip() coroutine is leaked during AioContext switching. It
is also unsafe to destroy the vu_dev in panic_cb() since its callers
still access it in some cases.

Rework the lifecycle to solve these safety issues.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-10-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoutil/vhost-user-server: check EOF when reading payload
Stefan Hajnoczi [Thu, 24 Sep 2020 15:15:44 +0000 (16:15 +0100)] 
util/vhost-user-server: check EOF when reading payload

Unexpected EOF is an error that must be reported.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-9-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoutil/vhost-user-server: fix memory leak in vu_message_read()
Stefan Hajnoczi [Thu, 24 Sep 2020 15:15:43 +0000 (16:15 +0100)] 
util/vhost-user-server: fix memory leak in vu_message_read()

fds[] is leaked when qio_channel_readv_full() fails.

Use vmsg->fds[] instead of keeping a local fds[] array. Then we can
reuse goto fail to clean up fds. vmsg->fd_num must be zeroed before the
loop to make this safe.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-8-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoutil/vhost-user-server: drop unused DevicePanicNotifier
Stefan Hajnoczi [Thu, 24 Sep 2020 15:15:42 +0000 (16:15 +0100)] 
util/vhost-user-server: drop unused DevicePanicNotifier

The device panic notifier callback is not used. Drop it.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-7-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoblock/export: consolidate request structs into VuBlockReq
Stefan Hajnoczi [Thu, 24 Sep 2020 15:15:41 +0000 (16:15 +0100)] 
block/export: consolidate request structs into VuBlockReq

Only one struct is needed per request. Drop req_data and the separate
VuBlockReq instance. Instead let vu_queue_pop() allocate everything at
once.

This fixes the req_data memory leak in vu_block_virtio_process_req().

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-6-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoutil/vhost-user-server: drop unnecessary watch deletion
Stefan Hajnoczi [Thu, 24 Sep 2020 15:15:40 +0000 (16:15 +0100)] 
util/vhost-user-server: drop unnecessary watch deletion

Explicitly deleting watches is not necessary since libvhost-user calls
remove_watch() during vu_deinit(). Add an assertion to check this
though.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-5-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoutil/vhost-user-server: drop unnecessary QOM cast
Stefan Hajnoczi [Thu, 24 Sep 2020 15:15:39 +0000 (16:15 +0100)] 
util/vhost-user-server: drop unnecessary QOM cast

We already have access to the value with the correct type (ioc and sioc
are the same QIOChannel).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-4-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoutil/vhost-user-server: s/fileds/fields/ typo fix
Stefan Hajnoczi [Thu, 24 Sep 2020 15:15:38 +0000 (16:15 +0100)] 
util/vhost-user-server: s/fileds/fields/ typo fix

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-3-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoMAINTAINERS: Add vhost-user block device backend server maintainer
Coiby Xu [Fri, 18 Sep 2020 08:09:12 +0000 (16:09 +0800)] 
MAINTAINERS: Add vhost-user block device backend server maintainer

Suggested-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20200918080912.321299-8-coiby.xu@gmail.com
[Removed reference to vhost-user-blk-test.c, it will be sent in a
separate pull request.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoblock/export: vhost-user block device backend server
Coiby Xu [Fri, 18 Sep 2020 08:09:10 +0000 (16:09 +0800)] 
block/export: vhost-user block device backend server

By making use of libvhost-user, block device drive can be shared to
the connected vhost-user client. Only one client can connect to the
server one time.

Since vhost-user-server needs a block drive to be created first, delay
the creation of this object.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20200918080912.321299-6-coiby.xu@gmail.com
[Shorten "vhost_user_blk_server" string to "vhost_user_blk" to avoid the
following compiler warning:
../block/export/vhost-user-blk-server.c:178:50: error: ‘%s’ directive output truncated writing 21 bytes into a region of size 20 [-Werror=format-truncation=]
and fix "Invalid size %ld ..." ssize_t format string arguments for
32-bit hosts.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoblock: move logical block size check function to a common utility function
Coiby Xu [Fri, 18 Sep 2020 08:09:09 +0000 (16:09 +0800)] 
block: move logical block size check function to a common utility function

Move the constants from hw/core/qdev-properties.c to
util/block-helpers.h so that knowledge of the min/max values is

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 20200918080912.321299-5-coiby.xu@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoutil/vhost-user-server: generic vhost user server
Coiby Xu [Fri, 18 Sep 2020 08:09:08 +0000 (16:09 +0800)] 
util/vhost-user-server: generic vhost user server

Sharing QEMU devices via vhost-user protocol.

Only one vhost-user client can connect to the server one time.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20200918080912.321299-4-coiby.xu@gmail.com
[Fixed size_t %lu -> %zu format string compiler error.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agolibvhost-user: remove watch for kick_fd when de-initialize vu-dev
Coiby Xu [Fri, 18 Sep 2020 08:09:07 +0000 (16:09 +0800)] 
libvhost-user: remove watch for kick_fd when de-initialize vu-dev

When the client is running in gdb and quit command is run in gdb,
QEMU will still dispatch the event which will cause segment fault in
the callback function.

Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20200918080912.321299-3-coiby.xu@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agolibvhost-user: Allow vu_message_read to be replaced
Coiby Xu [Fri, 18 Sep 2020 08:09:06 +0000 (16:09 +0800)] 
libvhost-user: Allow vu_message_read to be replaced

Allow vu_message_read to be replaced by one which will make use of the
QIOChannel functions. Thus reading vhost-user message won't stall the
guest. For slave channel, we still use the default vu_message_read.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200918080912.321299-2-coiby.xu@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agoblock/nvme: Add driver statistics for access alignment and hw errors
Philippe Mathieu-Daudé [Thu, 1 Oct 2020 16:29:39 +0000 (18:29 +0200)] 
block/nvme: Add driver statistics for access alignment and hw errors

Keep statistics of some hardware errors, and number of
aligned/unaligned I/O accesses.

QMP example booting a full RHEL 8.3 aarch64 guest:

{ "execute": "query-blockstats" }
{
    "return": [
        {
            "device": "",
            "node-name": "drive0",
            "stats": {
                "flush_total_time_ns": 6026948,
                "wr_highest_offset": 3383991230464,
                "wr_total_time_ns": 807450995,
                "failed_wr_operations": 0,
                "failed_rd_operations": 0,
                "wr_merged": 3,
                "wr_bytes": 50133504,
                "failed_unmap_operations": 0,
                "failed_flush_operations": 0,
                "account_invalid": false,
                "rd_total_time_ns": 1846979900,
                "flush_operations": 130,
                "wr_operations": 659,
                "rd_merged": 1192,
                "rd_bytes": 218244096,
                "account_failed": false,
                "idle_time_ns": 2678641497,
                "rd_operations": 7406,
            },
            "driver-specific": {
                "driver": "nvme",
                "completion-errors": 0,
                "unaligned-accesses": 2959,
                "aligned-accesses": 4477
            },
            "qdev": "/machine/peripheral-anon/device[0]/virtio-backend"
        }
    ]
}

Suggested-by: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20201001162939.1567915-1-philmd@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 months agohw/misc/sifive_u_otp: Add backend drive support
Green Wan [Tue, 20 Oct 2020 03:37:32 +0000 (11:37 +0800)] 
hw/misc/sifive_u_otp: Add backend drive support

Add '-drive' support to OTP device. Allow users to assign a raw file
as OTP image.

test commands for 16k otp.img filled with zero:

$ dd if=/dev/zero of=./otp.img bs=1k count=16
$ ./qemu-system-riscv64 -M sifive_u -m 256M -nographic -bios none \
-kernel ../opensbi/build/platform/sifive/fu540/firmware/fw_payload.elf \
-d guest_errors -drive if=none,format=raw,file=otp.img

Signed-off-by: Green Wan <green.wan@sifive.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20201020033732.12921-3-green.wan@sifive.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
11 months agohw/misc/sifive_u_otp: Add write function and write-once protection
Green Wan [Tue, 20 Oct 2020 03:37:31 +0000 (11:37 +0800)] 
hw/misc/sifive_u_otp: Add write function and write-once protection

 - Add write operation to update fuse data bit when PWE bit is on.
 - Add array, fuse_wo, to store the 'written' status for all bits
   of OTP to block the write operation.

Signed-off-by: Green Wan <green.wan@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Message-id: 20201020033732.12921-2-green.wan@sifive.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
11 months agotarget/riscv: raise exception to HS-mode at get_physical_address
Yifei Jiang [Wed, 14 Oct 2020 10:17:28 +0000 (18:17 +0800)] 
target/riscv: raise exception to HS-mode at get_physical_address

VS-stage translation at get_physical_address needs to translate pte
address by G-stage translation. But the G-stage translation error
can not be distinguished from VS-stage translation error in
riscv_cpu_tlb_fill. On migration, destination needs to rebuild pte,
and this G-stage translation error must be handled by HS-mode. So
introduce TRANSLATE_STAGE2_FAIL so that riscv_cpu_tlb_fill could
distinguish and raise it to HS-mode.

Signed-off-by: Yifei Jiang <jiangyifei@huawei.com>
Signed-off-by: Yipeng Yin <yinyipeng1@huawei.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20201014101728.848-1-jiangyifei@huawei.com
[ Change by AF:
 - Clarify the fault_pte_addr shift
]
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
11 months agohw/riscv: Load the kernel after the firmware
Alistair Francis [Wed, 14 Oct 2020 00:17:33 +0000 (17:17 -0700)] 
hw/riscv: Load the kernel after the firmware

Instead of loading the kernel at a hardcoded start address, let's load
the kernel at the next aligned address after the end of the firmware.

This should have no impact for current users of OpenSBI, but will
allow loading a noMMU kernel at the start of memory.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Message-id: 46c00c4f15b42feb792090e3d74359e180a6d954.1602634524.git.alistair.francis@wdc.com

11 months agohw/riscv: Add a riscv_is_32_bit() function
Alistair Francis [Wed, 14 Oct 2020 00:17:30 +0000 (17:17 -0700)] 
hw/riscv: Add a riscv_is_32_bit() function

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Message-id: 4c6a85dfb6dd470aa79356ebc1b02f479c2758e0.1602634524.git.alistair.francis@wdc.com

11 months agohw/riscv: Return the end address of the loaded firmware
Alistair Francis [Wed, 14 Oct 2020 00:17:28 +0000 (17:17 -0700)] 
hw/riscv: Return the end address of the loaded firmware

Instead of returning the unused entry address from riscv_load_firmware()
instead return the end address. Also return the end address from
riscv_find_and_load_firmware().

This tells the caller if a firmware was loaded and how big it is. This
can be used to determine the load address of the next image (usually the
kernel).

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Message-id: 558cf67162342d65a23262248b040563716628b2.1602634524.git.alistair.francis@wdc.com

11 months agohw/riscv: sifive_u: Allow specifying the CPU
Alistair Francis [Wed, 14 Oct 2020 00:17:25 +0000 (17:17 -0700)] 
hw/riscv: sifive_u: Allow specifying the CPU

Allow the user to specify the main application CPU for the sifive_u
machine.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Message-id: b8412086c8aea0eff30fb7a17f0acf2943381b6a.1602634524.git.alistair.francis@wdc.com

11 months agotarget/riscv: Fix implementation of HLVX.WU instruction
Georg Kotheimer [Tue, 13 Oct 2020 17:22:23 +0000 (19:22 +0200)] 
target/riscv: Fix implementation of HLVX.WU instruction

The HLVX.WU instruction is supposed to read a machine word,
but prior to this change it read a byte instead.

Fixes: 8c5362acb57 ("target/riscv: Allow generating hlv/hlvx/hsv instructions")
Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20201013172223.443645-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
11 months agotarget/riscv: Fix update of hstatus.GVA in riscv_cpu_do_interrupt
Georg Kotheimer [Tue, 13 Oct 2020 17:30:54 +0000 (19:30 +0200)] 
target/riscv: Fix update of hstatus.GVA in riscv_cpu_do_interrupt

The hstatus.GVA bit was not set if the faulting guest virtual address
was zero.

Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20201013173054.451135-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
11 months agotarget/riscv: Fix update of hstatus.SPVP
Georg Kotheimer [Tue, 13 Oct 2020 15:10:54 +0000 (17:10 +0200)] 
target/riscv: Fix update of hstatus.SPVP

When trapping from virt into HS mode, hstatus.SPVP was set to
the value of sstatus.SPP, as according to the specification both
flags should be set to the same value.
However, the assignment of SPVP takes place before SPP itself is
updated, which results in SPVP having an outdated value.

Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20201013151054.396481-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
11 months agohw/intc: Move sifive_plic.h to the include directory
Bin Meng [Tue, 13 Oct 2020 08:33:53 +0000 (16:33 +0800)] 
hw/intc: Move sifive_plic.h to the include directory

Since sifive_plic.h is used by hw/intc/sifive_plic.c,
it has to be in the public include directory. Move it.

Fixes: 84fcf3c15111 ("hw/riscv: Move sifive_plic model to hw/intc")
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1602578033-68384-1-git-send-email-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
11 months agoriscv: Convert interrupt logs to use qemu_log_mask()
Alistair Francis [Fri, 2 Oct 2020 15:24:14 +0000 (08:24 -0700)] 
riscv: Convert interrupt logs to use qemu_log_mask()

Currently we log interrupts and exceptions using the trace backend in
riscv_cpu_do_interrupt(). We also log exceptions using the interrupt log
mask (-d int) in riscv_raise_exception().

This patch converts riscv_cpu_do_interrupt() to log both interrupts and
exceptions with the interrupt log mask, so that both are printed when a
user runs QEMU with -d int.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 29a8c766c7c4748d0f2711c3a0abb81208138c5e.1601652179.git.alistair.francis@wdc.com

11 months agoRemove deprecated -no-kvm option
Thomas Huth [Tue, 20 Oct 2020 16:05:04 +0000 (18:05 +0200)] 
Remove deprecated -no-kvm option

The option has never been mentioned in our documentation, it's been
deprecated since years, it's marked with QEMU_ARCH_I386 (which does
not make sense anymore since KVM is available on other architectures,
too), it does not do anything by default in upstream QEMU (since TCG
is the default here anyway), and we're spending too much precious time
each year discussing whether it makes sense to keep this option as a
nice suger or not... let's finally put an end on this and remove it.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20201020160504.62460-1-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 months agoreplay: do not build if TCG is not available
Claudio Fontana [Tue, 13 Oct 2020 19:21:23 +0000 (21:21 +0200)] 
replay: do not build if TCG is not available

this fixes non-TCG builds broken recently by replay reverse debugging.

Stub the needed functions in stub/, splitting roughly between functions
needed only by system emulation, by system emulation and tools,
and by everyone.  This includes duplicating some code in replay/, and
puts the logic for non-replay related events in the replay/ module (+
the stubs), so this should be revisited in the future.

Surprisingly, only _one_ qtest was affected by this, ide-test.c, which
resulted in a buzz as the bh events were never delivered, and the bh
never executed.

Many other subsystems _should_ have been affected.

This fixes the immediate issue, however a better way to group replay
functionality to TCG-only code could be developed in the long term.

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Message-Id: <20201013192123.22632-4-cfontana@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 months agoqtest: unbreak non-TCG builds in bios-tables-test
Claudio Fontana [Tue, 13 Oct 2020 19:21:22 +0000 (21:21 +0200)] 
qtest: unbreak non-TCG builds in bios-tables-test

the tests assume TCG is available, thus breaking
for TCG-only tests, where only the TCG accelerator option
is passed to the QEMU binary.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Claudio Fontana <cfontana@suse.de>
Message-Id: <20201013192123.22632-3-cfontana@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 months agohw/core/qdev-clock: add a reference on aliased clocks
Luc Michel [Tue, 20 Oct 2020 09:10:24 +0000 (11:10 +0200)] 
hw/core/qdev-clock: add a reference on aliased clocks

When aliasing a clock with the qdev_alias_clock() function, a new link
property is created on the device aliasing the clock. The link points
to the aliased clock and use the OBJ_PROP_LINK_STRONG flag. This
property is read only since it does not provide a check callback for
modifications.

The object_property_add_link() documentation stats that with
OBJ_PROP_LINK_STRONG properties, the linked object reference count get
decremented when the property is deleted. But it is _not_ incremented on
creation (object_property_add_link() does not actually know the link).

This commit increments the reference count on the aliased clock to
ensure the aliased clock stays alive during the property lifetime, and
to avoid a double-free memory error when the property gets deleted.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Luc Michel <luc@lmichel.fr>
Message-Id: <20201020091024.320381-1-luc@lmichel.fr>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 months agodo not use colons in test names
Paolo Bonzini [Mon, 19 Oct 2020 10:22:43 +0000 (06:22 -0400)] 
do not use colons in test names

Starting with meson 0.56, colons are used to separate the subproject name
from the test name.  Use dash or slash depending on what looks nicer.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 months agomeson: rewrite curses/iconv test
Paolo Bonzini [Mon, 19 Oct 2020 08:42:11 +0000 (04:42 -0400)] 
meson: rewrite curses/iconv test

Redo the curses test to do the same tests that the configure
check used to do.  OpenBSD triggers the warning because
it does not support NCURSES_WIDECHAR and thus the cc.links
test fails.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 months agobuild: fix macOS --enable-modules build
Paolo Bonzini [Tue, 20 Oct 2020 09:18:17 +0000 (05:18 -0400)] 
build: fix macOS --enable-modules build

Apple's nm implementation includes empty lines in the output that are not
found in GNU binutils.  This confuses scripts/undefsym.py, though it did
not confuse the scripts/undefsym.sh script that it replaced.  To fix
this, ignore lines that do not have two fields.

Reported-by: Emmanuel Blot <eblot.ml@gmail.com>
Tested-by: Emmanuel Blot <eblot.ml@gmail.com>
Fixes: 604f3e4e90 ("meson: Convert undefsym.sh to undefsym.py", 2020-09-08)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
11 months agos390x: pv: Fix diag318 PV fencing
Janosch Frank [Thu, 22 Oct 2020 10:31:35 +0000 (06:31 -0400)] 
s390x: pv: Fix diag318 PV fencing

Diag318 fencing needs to be determined on the current VM PV state and
not on the state that the VM has when we create the CPU model.

Fixes: fabdada935 ("s390: guest support for diagnose 0x318")
Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Acked-by: David Hildenbrand <david@redhat.com>
Message-Id: <20201022103135.126033-3-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
11 months agos390x: pv: Remove sclp boundary checks
Janosch Frank [Thu, 22 Oct 2020 10:31:34 +0000 (06:31 -0400)] 
s390x: pv: Remove sclp boundary checks

The SCLP boundary cross check is done by the Ultravisor for a
protected guest, hence we don't need to do it. As QEMU doesn't get a
valid SCCB address in protected mode this is even problematic and can
lead to QEMU reporting a false boundary cross error.

Fixes: db13387ca0 ("s390/sclp: rework sclp boundary checks")
Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Acked-by: David Hildenbrand <david@redhat.com>
Message-Id: <20201022103135.126033-2-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
11 months agos390x/s390-virtio-ccw: Reset PCI devices during subsystem reset
Matthew Rosato [Thu, 15 Oct 2020 13:16:07 +0000 (09:16 -0400)] 
s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset

Currently, a subsystem reset event leaves PCI devices enabled, causing
issues post-reset in the guest (an example would be after a kexec).  These
devices need to be reset during a subsystem reset, allowing them to be
properly re-enabled afterwards.  Add the S390 PCI host bridge to the list
of qdevs to be reset during subsystem reset.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: qemu-stable@nongnu.org
Message-Id: <1602767767-32713-1-git-send-email-mjrosato@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
11 months agoMerge remote-tracking branch 'remotes/kraxel/tags/modules-20201022-pull-request'...
Peter Maydell [Thu, 22 Oct 2020 11:33:20 +0000 (12:33 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/modules-20201022-pull-request' into staging

modules: build spice and opengl as module.

# gpg: Signature made Thu 22 Oct 2020 06:12:03 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/modules-20201022-pull-request:
  opengl: build opengl helper code modular
  opengl: build egl-headless display modular
  spice: flip modules switch
  modules: add spice dependencies
  modules: dependencies infrastructure
  spice: load module when enabled on the cmdline
  spice: wire up monitor in QemuSpiceOps.
  spice: move display_add_client() to QemuSpiceOps.
  spice: move auth functions to QemuSpiceOps.
  spice: move add_interface() to QemuSpiceOps.
  spice: move display_init() to QemuSpiceOps.
  spice: move qemu_spice_init() to QemuSpiceOps.
  spice: add QemuSpiceOps, move migrate_info
  spice: add module helpers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agoMerge remote-tracking branch 'remotes/philmd-gitlab/tags/sd-next-20201021' into staging
Peter Maydell [Thu, 22 Oct 2020 10:13:24 +0000 (11:13 +0100)] 
Merge remote-tracking branch 'remotes/philmd-gitlab/tags/sd-next-20201021' into staging

SD/MMC patches

Fix two heap-overflow reported by Alexander Bulekov while fuzzing:
- https://bugs.launchpad.net/qemu/+bug/1892960
- https://bugs.launchpad.net/qemu/+bug/1895310

CI jobs results:
. https://cirrus-ci.com/build/6399328187056128
. https://gitlab.com/philmd/qemu/-/pipelines/205701966
. https://travis-ci.org/github/philmd/qemu/builds/737708930

# gpg: Signature made Wed 21 Oct 2020 18:33:08 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/sd-next-20201021:
  hw/sd/sdcard: Assert if accessing an illegal group
  hw/sd/sdcard: Do not attempt to erase out of range addresses
  hw/sd/sdcard: Reset both start/end addresses on error
  hw/sd/sdcard: Do not use legal address '0' for INVALID_ADDRESS
  hw/sd/sdcard: Introduce the INVALID_ADDRESS definition
  hw/sd/sdcard: Add trace event for ERASE command (CMD38)
  hw/sd/sdhci: Yield if interrupt delivered during multiple transfer
  hw/sd/sdhci: Let sdhci_update_irq() return if IRQ was delivered
  hw/sd/sdhci: Resume pending DMA transfers on MMIO accesses
  hw/sd/sdhci: Stop multiple transfers when block count is cleared
  hw/sd/sdhci: Fix DMA Transfer Block Size field
  hw/sd/sdhci: Document the datasheet used
  hw/sd/sdhci: Fix qemu_log_mask() format string

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agoMerge remote-tracking branch 'remotes/kraxel/tags/microvm-20201021-pull-request'...
Peter Maydell [Wed, 21 Oct 2020 20:45:46 +0000 (21:45 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/microvm-20201021-pull-request' into staging

microvm: fix PCIe IRQs in APIC table.
microvm: add usb support.

# gpg: Signature made Wed 21 Oct 2020 15:48:00 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/microvm-20201021-pull-request:
  tests/acpi: update expected data files
  tests/acpi: add microvm rtc test
  tests/acpi: add microvm usb test
  tests/acpi: add empty tests/data/acpi/microvm/DSDT.{usb, rtc} files
  tests/acpi: allow updates for expected data files
  microvm: add usb support
  usb/xhci: fixup xhci kconfig deps
  usb/xhci: add xhci_sysbus_build_aml() helper
  usb/xhci: add include/hw/usb/xhci.h header file
  acpi: add aml builder stubs
  tests/acpi: disallow changes for microvm/APIC.pcie
  tests/acpi: update expected data files
  apci: drop has_pci arg for acpi_build_madt
  microvm: set pci_irq_mask
  x86: make pci irqs runtime configurable
  tests/acpi: add empty microvm/APIC.pcie
  tests/acpi: allow changes for microvm/APIC.pcie

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agoMerge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-10-21' into staging
Peter Maydell [Wed, 21 Oct 2020 15:56:35 +0000 (16:56 +0100)] 
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-10-21' into staging

QAPI patches patches for 2020-10-21

# gpg: Signature made Wed 21 Oct 2020 04:01:41 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2020-10-21:
  qapi: Restrict Xen migration commands to migration.json
  qapi: Restrict 'query-kvm' command to machine code
  qapi: Restrict '(p)memsave' command to machine code
  qapi: Restrict 'system wakeup/reset/powerdown' commands to machine.json
  qapi: Restrict 'inject-nmi' command to machine code

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agoopengl: build opengl helper code modular
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:24 +0000 (09:52 +0200)] 
opengl: build opengl helper code modular

Removes opengl dependency from core qemu.  The number of shared
libraries for qemu-system-x86_64 goes down from 66 to 60 on my system.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-15-kraxel@redhat.com

11 months agoopengl: build egl-headless display modular
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:23 +0000 (09:52 +0200)] 
opengl: build egl-headless display modular

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-14-kraxel@redhat.com

11 months agospice: flip modules switch
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:22 +0000 (09:52 +0200)] 
spice: flip modules switch

Build spice core code as module.  This removes libspice-server and a
handful of indirect dependencies from core qemu.  The number of shared
libraries for qemu-system-x86_64 goes down from 73 to 66 on my system.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-13-kraxel@redhat.com

11 months agomodules: add spice dependencies
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:21 +0000 (09:52 +0200)] 
modules: add spice dependencies

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-12-kraxel@redhat.com

11 months agomodules: dependencies infrastructure
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:20 +0000 (09:52 +0200)] 
modules: dependencies infrastructure

Allow modules depending on other modules.

module_load_file() gets the option to export symbols (by not adding the
G_MODULE_BIND_LOCAL flag).

module_load_one() will check the module dependency list to figure (a)
whenever are other modules must be loaded first, or (b) the module
should export the symbols.

The dependencies are specificed as static list in the source code for
now as I expect the list will stay small.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-11-kraxel@redhat.com

11 months agospice: load module when enabled on the cmdline
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:19 +0000 (09:52 +0200)] 
spice: load module when enabled on the cmdline

In case the spice opts are not registered, try loading the spice module.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-10-kraxel@redhat.com

11 months agospice: wire up monitor in QemuSpiceOps.
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:18 +0000 (09:52 +0200)] 
spice: wire up monitor in QemuSpiceOps.

Rename qmp_query_spice() to qmp_query_spice_real(), add to QemuSpiceOps.

Add new qmp_query_spice() function which calls the real function via
QemuSpiceOps if available, otherwise return SpiceInfo.enabled = false.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-9-kraxel@redhat.com

11 months agospice: move display_add_client() to QemuSpiceOps.
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:17 +0000 (09:52 +0200)] 
spice: move display_add_client() to QemuSpiceOps.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-8-kraxel@redhat.com

11 months agospice: move auth functions to QemuSpiceOps.
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:16 +0000 (09:52 +0200)] 
spice: move auth functions to QemuSpiceOps.

Move qemu_spice_set_passwd() and qemu_spice_set_pw_expire() functions to
QemuSpiceOps.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-7-kraxel@redhat.com

11 months agospice: move add_interface() to QemuSpiceOps.
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:15 +0000 (09:52 +0200)] 
spice: move add_interface() to QemuSpiceOps.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-6-kraxel@redhat.com

11 months agospice: move display_init() to QemuSpiceOps.
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:14 +0000 (09:52 +0200)] 
spice: move display_init() to QemuSpiceOps.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-5-kraxel@redhat.com

11 months agospice: move qemu_spice_init() to QemuSpiceOps.
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:13 +0000 (09:52 +0200)] 
spice: move qemu_spice_init() to QemuSpiceOps.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-4-kraxel@redhat.com

11 months agospice: add QemuSpiceOps, move migrate_info
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:12 +0000 (09:52 +0200)] 
spice: add QemuSpiceOps, move migrate_info

Add QemuSpiceOps struct.  This struct holds function pointers to the
spice functions.  It will be initialized with pointers to the stub
functions.  When spice gets initialized the function pointers will
be re-written to the real functions.

The spice stubs will move from qemu-spice.h to spice-module.c for that,
because they will be needed for both "CONFIG_SPICE=n" and "CONFIG_SPICE=y
but spice module not loaded" cases.

This patch adds the infrastructure and starts with moving
qemu_spice_migrate_info() to QemuSpiceOps.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-3-kraxel@redhat.com

11 months agospice: add module helpers
Gerd Hoffmann [Mon, 19 Oct 2020 07:52:11 +0000 (09:52 +0200)] 
spice: add module helpers

Add new spice-module.c + qemu-spice-module.h files.  The code needed to
support modular spice will be there.  For starters this will be only the
using_spice variable, more will follow ...

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-2-kraxel@redhat.com

11 months agohw/sd/sdcard: Assert if accessing an illegal group
Philippe Mathieu-Daudé [Fri, 18 Sep 2020 17:14:52 +0000 (19:14 +0200)] 
hw/sd/sdcard: Assert if accessing an illegal group

We can not have more group than 'wpgrps_size'.
Assert if we are accessing a group above this limit.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-7-f4bug@amsat.org>

11 months agohw/sd/sdcard: Do not attempt to erase out of range addresses
Philippe Mathieu-Daudé [Sun, 13 Sep 2020 11:18:52 +0000 (13:18 +0200)] 
hw/sd/sdcard: Do not attempt to erase out of range addresses

While the Spec v3 is not very clear, v6 states:

  If the host provides an out of range address as an argument
  to CMD32 or CMD33, the card shall indicate OUT_OF_RANGE error
  in R1 (ERX) for CMD38.

If an address is out of range, do not attempt to erase it:
return R1 with the error bit set.

Buglink: https://bugs.launchpad.net/qemu/+bug/1895310
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-6-f4bug@amsat.org>

11 months agohw/sd/sdcard: Reset both start/end addresses on error
Philippe Mathieu-Daudé [Sun, 13 Sep 2020 11:18:31 +0000 (13:18 +0200)] 
hw/sd/sdcard: Reset both start/end addresses on error

From the Spec "4.3.5 Erase":

  The host should adhere to the following command
  sequence: ERASE_WR_BLK_START, ERASE_WR_BLK_END and
  ERASE (CMD38).

  If an erase (CMD38) or address setting (CMD32, 33)
  command is received out of sequence, the card shall
  set the ERASE_SEQ_ERROR bit in the status register
  and reset the whole sequence.

Reset both addresses if the ERASE command occured
out of sequence (one of the start/end address is
not set).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-5-f4bug@amsat.org>

11 months agohw/sd/sdcard: Do not use legal address '0' for INVALID_ADDRESS
Philippe Mathieu-Daudé [Fri, 18 Sep 2020 17:06:41 +0000 (19:06 +0200)] 
hw/sd/sdcard: Do not use legal address '0' for INVALID_ADDRESS

As it is legal to WRITE/ERASE the address/block 0,
change the value of this definition to an illegal
address: UINT32_MAX.

Unfortunately this break the migration stream, so
bump the VMState version number. This affects some
ARM boards and the SDHCI_PCI device (which is only
used for testing).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-4-f4bug@amsat.org>

11 months agohw/sd/sdcard: Introduce the INVALID_ADDRESS definition
Philippe Mathieu-Daudé [Fri, 18 Sep 2020 17:05:20 +0000 (19:05 +0200)] 
hw/sd/sdcard: Introduce the INVALID_ADDRESS definition

'0' is used as a value to indicate an invalid (or unset)
address. Use a definition instead of a magic value.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-3-f4bug@amsat.org>

11 months agohw/sd/sdcard: Add trace event for ERASE command (CMD38)
Philippe Mathieu-Daudé [Sun, 13 Sep 2020 11:18:19 +0000 (13:18 +0200)] 
hw/sd/sdcard: Add trace event for ERASE command (CMD38)

Trace addresses provided to the ERASE command.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-2-f4bug@amsat.org>

11 months agohw/sd/sdhci: Yield if interrupt delivered during multiple transfer
Philippe Mathieu-Daudé [Thu, 3 Sep 2020 15:31:04 +0000 (17:31 +0200)] 
hw/sd/sdhci: Yield if interrupt delivered during multiple transfer

The Descriptor Table has a bit to allow the DMA to generates
Interrupt when the operation of the descriptor line is completed
(see "1.13.4. Descriptor Table" of 'SD Host Controller Simplified
Specification Version 2.00').

If we have pending interrupt and the descriptor requires it
to be generated as soon as it is completed, reschedule pending
transfers and yield to the CPU.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200903172806.489710-5-f4bug@amsat.org>

11 months agohw/sd/sdhci: Let sdhci_update_irq() return if IRQ was delivered
Philippe Mathieu-Daudé [Thu, 3 Sep 2020 16:48:36 +0000 (18:48 +0200)] 
hw/sd/sdhci: Let sdhci_update_irq() return if IRQ was delivered

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200903172806.489710-4-f4bug@amsat.org>

11 months agohw/sd/sdhci: Resume pending DMA transfers on MMIO accesses
Philippe Mathieu-Daudé [Thu, 3 Sep 2020 17:00:04 +0000 (19:00 +0200)] 
hw/sd/sdhci: Resume pending DMA transfers on MMIO accesses

If we have pending DMA requests scheduled, process them first.
So far we don't need to implement a bottom half to process them.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200903172806.489710-3-f4bug@amsat.org>

11 months agohw/sd/sdhci: Stop multiple transfers when block count is cleared
Philippe Mathieu-Daudé [Thu, 3 Sep 2020 16:05:41 +0000 (18:05 +0200)] 
hw/sd/sdhci: Stop multiple transfers when block count is cleared

Clearing BlockCount stops multiple transfers.

See "SD Host Controller Simplified Specification Version 2.00":

- 2.2.3. Block Count Register (Offset 006h)
- Table 2-8 : Determination of Transfer Type

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200903172806.489710-2-f4bug@amsat.org>

11 months agohw/sd/sdhci: Fix DMA Transfer Block Size field
Philippe Mathieu-Daudé [Tue, 1 Sep 2020 13:22:06 +0000 (15:22 +0200)] 
hw/sd/sdhci: Fix DMA Transfer Block Size field

The 'Transfer Block Size' field is 12-bit wide.

See section '2.2.2. Block Size Register (Offset 004h)' in datasheet.

Two different bug reproducer available:
- https://bugs.launchpad.net/qemu/+bug/1892960
- https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fsdhci_oob_write1

Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/qemu/+bug/1892960
Fixes: d7dfca0807a ("hw/sdhci: introduce standard SD host controller")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200901140411.112150-3-f4bug@amsat.org>

11 months agohw/sd/sdhci: Document the datasheet used
Philippe Mathieu-Daudé [Tue, 1 Sep 2020 13:23:14 +0000 (15:23 +0200)] 
hw/sd/sdhci: Document the datasheet used

Add datasheet name in the file header.

We can not add the direct download link since there is a disclaimers
to agree first on the SD Association website (www.sdcard.org).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200901140411.112150-3-f4bug@amsat.org>

11 months agohw/sd/sdhci: Fix qemu_log_mask() format string
Philippe Mathieu-Daudé [Tue, 1 Sep 2020 13:21:54 +0000 (15:21 +0200)] 
hw/sd/sdhci: Fix qemu_log_mask() format string

Add missing newline character in qemu_log_mask() format.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200901140411.112150-2-f4bug@amsat.org>

11 months agoMerge remote-tracking branch 'remotes/jsnow-gitlab/tags/python-pull-request' into... github/staging
Peter Maydell [Wed, 21 Oct 2020 10:09:13 +0000 (11:09 +0100)] 
Merge remote-tracking branch 'remotes/jsnow-gitlab/tags/python-pull-request' into staging

Pull request

# gpg: Signature made Tue 20 Oct 2020 20:04:54 BST
# gpg:                using RSA key F9B7ABDBBCACDF95BE76CBD07DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" [full]
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jsnow-gitlab/tags/python-pull-request: (21 commits)
  python/qemu/qmp.py: Fix settimeout operation
  python/qemu/qmp.py: re-raise OSError when encountered
  python: add mypy config
  python/qemu/qmp.py: Preserve error context on re-raise
  python/qemu/console_socket.py: avoid encoding to/from string
  python/qemu/console_socket.py: Add type hint annotations
  python/qemu/console_socket.py: Clarify type of drain_thread
  python/qemu/console_socket.py: fix typing of settimeout
  python/qemu/console_socket.py: Correct type of recv()
  python/qemu: Add mypy type annotations
  iotests.py: Adjust HMP kwargs typing
  python/qemu: make 'args' style arguments immutable
  python/machine.py: fix _popen access
  python/machine.py: Add _qmp access shim
  python/machine.py: use qmp.command
  python/machine.py: Handle None events in events_wait
  python/machine.py: Don't modify state in _base_args()
  python/machine.py: reorder __init__
  python/machine.py: Fix monitor address typing
  python/qemu: use isort to lay out imports
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotests/acpi: update expected data files
Gerd Hoffmann [Tue, 20 Oct 2020 07:48:44 +0000 (09:48 +0200)] 
tests/acpi: update expected data files

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201020074844.5304-11-kraxel@redhat.com

11 months agotests/acpi: add microvm rtc test
Gerd Hoffmann [Tue, 20 Oct 2020 07:48:43 +0000 (09:48 +0200)] 
tests/acpi: add microvm rtc test

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201020074844.5304-10-kraxel@redhat.com

11 months agotests/acpi: add microvm usb test
Gerd Hoffmann [Tue, 20 Oct 2020 07:48:42 +0000 (09:48 +0200)] 
tests/acpi: add microvm usb test

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201020074844.5304-9-kraxel@redhat.com

11 months agotests/acpi: add empty tests/data/acpi/microvm/DSDT.{usb, rtc} files
Gerd Hoffmann [Tue, 20 Oct 2020 07:48:41 +0000 (09:48 +0200)] 
tests/acpi: add empty tests/data/acpi/microvm/DSDT.{usb, rtc} files

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201020074844.5304-8-kraxel@redhat.com

11 months agotests/acpi: allow updates for expected data files
Gerd Hoffmann [Tue, 20 Oct 2020 07:48:40 +0000 (09:48 +0200)] 
tests/acpi: allow updates for expected data files

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201020074844.5304-7-kraxel@redhat.com

11 months agomicrovm: add usb support
Gerd Hoffmann [Tue, 20 Oct 2020 07:48:39 +0000 (09:48 +0200)] 
microvm: add usb support

Wire up "usb=on" machine option, when enabled add
a sysbus xhci controller with 8 ports.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201020074844.5304-6-kraxel@redhat.com

11 months agousb/xhci: fixup xhci kconfig deps
Gerd Hoffmann [Tue, 20 Oct 2020 07:48:38 +0000 (09:48 +0200)] 
usb/xhci: fixup xhci kconfig deps

USB_XHCI does not depend on PCI any more.
USB_XHCI_SYSBUS must select USB_XHCI not USB.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Message-id: 20201020074844.5304-5-kraxel@redhat.com

11 months agousb/xhci: add xhci_sysbus_build_aml() helper
Gerd Hoffmann [Tue, 20 Oct 2020 07:48:37 +0000 (09:48 +0200)] 
usb/xhci: add xhci_sysbus_build_aml() helper

The helper generates an acpi dsdt device entry
for the xhci sysbus device.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201020074844.5304-4-kraxel@redhat.com

11 months agousb/xhci: add include/hw/usb/xhci.h header file
Gerd Hoffmann [Tue, 20 Oct 2020 07:48:36 +0000 (09:48 +0200)] 
usb/xhci: add include/hw/usb/xhci.h header file

Move a bunch of defines which might be needed outside core xhci
code to that place.  Add XHCI_ prefixes to avoid name clashes.
No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Message-id: 20201020074844.5304-3-kraxel@redhat.com

11 months agoacpi: add aml builder stubs
Gerd Hoffmann [Tue, 20 Oct 2020 07:48:35 +0000 (09:48 +0200)] 
acpi: add aml builder stubs

Add stubs for aml_interrupt and aml_memory32_fixed,
these will be needed by followup patches,

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201020074844.5304-2-kraxel@redhat.com

11 months agotests/acpi: disallow changes for microvm/APIC.pcie
Gerd Hoffmann [Fri, 16 Oct 2020 11:38:35 +0000 (13:38 +0200)] 
tests/acpi: disallow changes for microvm/APIC.pcie

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201016113835.17465-8-kraxel@redhat.com

11 months agotests/acpi: update expected data files
Gerd Hoffmann [Fri, 16 Oct 2020 11:38:34 +0000 (13:38 +0200)] 
tests/acpi: update expected data files

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201016113835.17465-7-kraxel@redhat.com

11 months agoapci: drop has_pci arg for acpi_build_madt
Gerd Hoffmann [Fri, 16 Oct 2020 11:38:33 +0000 (13:38 +0200)] 
apci: drop has_pci arg for acpi_build_madt

Setting x86ms->pci_irq_mask to zero has the same effect,
so we don't need the has_pci argument any more.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201016113835.17465-6-kraxel@redhat.com

11 months agomicrovm: set pci_irq_mask
Gerd Hoffmann [Fri, 16 Oct 2020 11:38:32 +0000 (13:38 +0200)] 
microvm: set pci_irq_mask

Makes sure the PCI interrupt overrides are added to the
APIC table in case PCIe is enabled.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201016113835.17465-5-kraxel@redhat.com

11 months agox86: make pci irqs runtime configurable
Gerd Hoffmann [Fri, 16 Oct 2020 11:38:31 +0000 (13:38 +0200)] 
x86: make pci irqs runtime configurable

Add a variable to x86 machine state instead of
hard-coding the PCI interrupts.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201016113835.17465-4-kraxel@redhat.com

11 months agotests/acpi: add empty microvm/APIC.pcie
Gerd Hoffmann [Fri, 16 Oct 2020 11:38:30 +0000 (13:38 +0200)] 
tests/acpi: add empty microvm/APIC.pcie

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201016113835.17465-3-kraxel@redhat.com

11 months agotests/acpi: allow changes for microvm/APIC.pcie
Gerd Hoffmann [Fri, 16 Oct 2020 11:38:29 +0000 (13:38 +0200)] 
tests/acpi: allow changes for microvm/APIC.pcie

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201016113835.17465-2-kraxel@redhat.com

11 months agoqapi: Restrict Xen migration commands to migration.json
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 12:15:36 +0000 (14:15 +0200)] 
qapi: Restrict Xen migration commands to migration.json

Restricting xen-set-global-dirty-log and xen-load-devices-state
commands migration.json pulls slightly less QAPI-generated code
into user-mode and tools.

Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201012121536.3381997-6-philmd@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
11 months agoqapi: Restrict 'query-kvm' command to machine code
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 12:15:35 +0000 (14:15 +0200)] 
qapi: Restrict 'query-kvm' command to machine code

Restricting query-kvm to machine.json pulls slightly
less QAPI-generated code into user-mode and tools.

Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201012121536.3381997-5-philmd@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
11 months agoqapi: Restrict '(p)memsave' command to machine code
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 12:15:34 +0000 (14:15 +0200)] 
qapi: Restrict '(p)memsave' command to machine code

Restricting memsave/pmemsave to machine.json pulls slightly
less QAPI-generated code into user-mode and tools.

Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201012121536.3381997-4-philmd@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
11 months agoqapi: Restrict 'system wakeup/reset/powerdown' commands to machine.json
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 12:15:33 +0000 (14:15 +0200)] 
qapi: Restrict 'system wakeup/reset/powerdown' commands to machine.json

Restricting system_wakeup/system_reset/system_powerdown to
machine.json pulls slightly less QAPI-generated code into
user-mode and tools.

Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201012121536.3381997-3-philmd@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
11 months agoqapi: Restrict 'inject-nmi' command to machine code
Philippe Mathieu-Daudé [Mon, 12 Oct 2020 12:15:32 +0000 (14:15 +0200)] 
qapi: Restrict 'inject-nmi' command to machine code

Restricting 'inject-nmi' to machine.json pulls slightly
less QAPI-generated code into user-mode and tools.

Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201012121536.3381997-2-philmd@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
11 months agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20201020-1' into...
Peter Maydell [Tue, 20 Oct 2020 20:11:35 +0000 (21:11 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20201020-1' into staging

target-arm queue:
 * Fix AArch32 SMLAD incorrect setting of Q bit
 * AArch32 VCVT fixed-point to float is always round-to-nearest
 * strongarm: Fix 'time to transmit a char' unit comment
 * Restrict APEI tables generation to the 'virt' machine
 * bcm2835: minor code cleanups
 * bcm2835: connect all IRQs from SYS_timer device
 * correctly flush TLBs when TBI is enabled
 * tests/qtest: Add npcm7xx timer test
 * loads-stores.rst: add footnote that clarifies GETPC usage
 * Fix reported EL for mte_check_fail
 * Ignore HCR_EL2.ATA when {E2H,TGE} != 11
 * microbit_i2c: Fix coredump when dump-vmstate
 * nseries: Fix loading kernel image on n8x0 machines
 * Implement v8.1M low-overhead-loops

# gpg: Signature made Tue 20 Oct 2020 21:10:35 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20201020-1: (29 commits)
  target/arm: Implement FPSCR.LTPSIZE for M-profile LOB extension
  target/arm: Allow M-profile CPUs with FP16 to set FPSCR.FP16
  target/arm: Fix has_vfp/has_neon ID reg squashing for M-profile
  target/arm: Implement v8.1M low-overhead-loop instructions
  target/arm: Implement v8.1M branch-future insns (as NOPs)
  target/arm: Don't allow BLX imm for M-profile
  target/arm: Make the t32 insn[25:23]=111 group non-overlapping
  target/arm: Implement v8.1M conditional-select insns
  target/arm: Implement v8.1M NOCP handling
  decodetree: Fix codegen for non-overlapping group inside overlapping group
  hw/arm/nseries: Fix loading kernel image on n8x0 machines
  microbit_i2c: Fix coredump when dump-vmstate
  target/arm: Ignore HCR_EL2.ATA when {E2H,TGE} != 11
  target/arm: Fix reported EL for mte_check_fail
  target/arm: Remove redundant mmu_idx lookup
  hw/intc/bcm2836_control: Use IRQ definitions instead of magic numbers
  hw/intc/bcm2835_ic: Trace GPU/CPU IRQ handlers
  loads-stores.rst: add footnote that clarifies GETPC usage
  tests/qtest: Add npcm7xx timer test
  target/arm: Use tlb_flush_page_bits_by_mmuidx*
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agopython/qemu/qmp.py: Fix settimeout operation
John Snow [Fri, 9 Oct 2020 17:51:23 +0000 (13:51 -0400)] 
python/qemu/qmp.py: Fix settimeout operation

We enabled callers to interface directly with settimeout, but this
reacts poorly with blocking/nonblocking operation; as they are using the
same internal mechanism.

1. Whenever we change the blocking mechanism temporarily, always set it
back to what it was afterwards.

2. Disallow callers from setting a timeout of "0", which means
Non-blocking mode. This is going to create more weird problems than
anybody wants, so just forbid it.

I opt not to coerce '0' to 'None' to maintain the principal of least
surprise in mirroring the semantics of Python's interface.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20201009175123.249009-4-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
11 months agopython/qemu/qmp.py: re-raise OSError when encountered
John Snow [Fri, 9 Oct 2020 17:51:22 +0000 (13:51 -0400)] 
python/qemu/qmp.py: re-raise OSError when encountered

Nested if conditions don't change when the exception block fires; we
need to explicitly re-raise the error if we didn't intend to capture and
suppress it.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20201009175123.249009-3-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
11 months agotarget/arm: Implement FPSCR.LTPSIZE for M-profile LOB extension
Peter Maydell [Mon, 19 Oct 2020 15:13:01 +0000 (16:13 +0100)] 
target/arm: Implement FPSCR.LTPSIZE for M-profile LOB extension

If the M-profile low-overhead-branch extension is implemented, FPSCR
bits [18:16] are a new field LTPSIZE.  If MVE is not implemented
(currently always true for us) then this field always reads as 4 and
ignores writes.

These bits used to be the vector-length field for the old
short-vector extension, so we need to take care that they are not
misinterpreted as setting vec_len. We do this with a rearrangement
of the vfp_set_fpscr() code that deals with vec_len, vec_stride
and also the QC bit; this obviates the need for the M-profile
only masking step that we used to have at the start of the function.

We provide a new field in CPUState for LTPSIZE, even though this
will always be 4, in preparation for MVE, so we don't have to
come back later and split it out of the vfp.xregs[FPSCR] value.
(This state struct field will be saved and restored as part of
the FPSCR value via the vmstate_fpscr in machine.c.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201019151301.2046-11-peter.maydell@linaro.org

11 months agotarget/arm: Allow M-profile CPUs with FP16 to set FPSCR.FP16
Peter Maydell [Mon, 19 Oct 2020 15:13:00 +0000 (16:13 +0100)] 
target/arm: Allow M-profile CPUs with FP16 to set FPSCR.FP16

M-profile CPUs with half-precision floating point support should
be able to write to FPSCR.FZ16, but an M-profile specific masking
of the value at the top of vfp_set_fpscr() currently prevents that.
This is not yet an active bug because we have no M-profile
FP16 CPUs, but needs to be fixed before we can add any.

The bits that the masking is effectively preventing from being
set are the A-profile only short-vector Len and Stride fields,
plus the Neon QC bit. Rearrange the order of the function so
that those fields are handled earlier and only under a suitable
guard; this allows us to drop the M-profile specific masking,
making FZ16 writeable.

This change also makes the QC bit correctly RAZ/WI for older
no-Neon A-profile cores.

This refactoring also paves the way for the low-overhead-branch
LTPSIZE field, which uses some of the bits that are used for
A-profile Stride and Len.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201019151301.2046-10-peter.maydell@linaro.org

11 months agotarget/arm: Fix has_vfp/has_neon ID reg squashing for M-profile
Peter Maydell [Mon, 19 Oct 2020 15:12:59 +0000 (16:12 +0100)] 
target/arm: Fix has_vfp/has_neon ID reg squashing for M-profile

In arm_cpu_realizefn(), if the CPU has VFP or Neon disabled then we
squash the ID register fields so that we don't advertise it to the
guest.  This code was written for A-profile and needs some tweaks to
work correctly on M-profile:

 * A-profile only fields should not be zeroed on M-profile:
   - MVFR0.FPSHVEC,FPTRAP
   - MVFR1.SIMDLS,SIMDINT,SIMDSP,SIMDHP
   - MVFR2.SIMDMISC
 * M-profile only fields should be zeroed on M-profile:
   - MVFR1.FP16

In particular, because MVFR1.SIMDHP on A-profile is the same field as
MVFR1.FP16 on M-profile this code was incorrectly disabling FP16
support on an M-profile CPU (where has_neon is always false).  This
isn't a visible bug yet because we don't have any M-profile CPUs with
FP16 support, but the change is necessary before we introduce any.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20201019151301.2046-9-peter.maydell@linaro.org

11 months agotarget/arm: Implement v8.1M low-overhead-loop instructions
Peter Maydell [Mon, 19 Oct 2020 15:12:58 +0000 (16:12 +0100)] 
target/arm: Implement v8.1M low-overhead-loop instructions

v8.1M's "low-overhead-loop" extension has three instructions
for looping:
 * DLS (start of a do-loop)
 * WLS (start of a while-loop)
 * LE (end of a loop)

The loop-start instructions are both simple operations to start a
loop whose iteration count (if any) is in LR.  The loop-end
instruction handles "decrement iteration count and jump back to loop
start"; it also caches the information about the branch back to the
start of the loop to improve performance of the branch on subsequent
iterations.

As with the branch-future instructions, the architecture permits an
implementation to discard the LO_BRANCH_INFO cache at any time, and
QEMU takes the IMPDEF option to never set it in the first place
(equivalent to discarding it immediately), because for us a "real"
implementation would be unnecessary complexity.

(This implementation only provides the simple looping constructs; the
vector extension MVE (Helium) adds some extra variants to handle
looping across vectors.  We'll add those later when we implement
MVE.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201019151301.2046-8-peter.maydell@linaro.org

11 months agotarget/arm: Implement v8.1M branch-future insns (as NOPs)
Peter Maydell [Mon, 19 Oct 2020 15:12:57 +0000 (16:12 +0100)] 
target/arm: Implement v8.1M branch-future insns (as NOPs)

v8.1M implements a new 'branch future' feature, which is a
set of instructions that request the CPU to perform a branch
"in the future", when it reaches a particular execution address.
In hardware, the expected implementation is that the information
about the branch location and destination is cached and then
acted upon when execution reaches the specified address.
However the architecture permits an implementation to discard
this cached information at any point, and so guest code must
always include a normal branch insn at the branch point as
a fallback. In particular, an implementation is specifically
permitted to treat all BF insns as NOPs (which is equivalent
to discarding the cached information immediately).

For QEMU, implementing this caching of branch information
would be complicated and would not improve the speed of
execution at all, so we make the IMPDEF choice to implement
all BF insns as NOPs.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20201019151301.2046-7-peter.maydell@linaro.org