qemu.git
3 months agoMerge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210121' into staging 245122167 245403746
Peter Maydell [Thu, 21 Jan 2021 19:09:45 +0000 (19:09 +0000)] 
Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210121' into staging

s390x updates:
- headers update to Linux 5.11-rc2
- fix tcg emulation for some instructions that are generated by
  clang Linux kernel builds
- vfio-ccw: wire up the device unplug notification mechanism
- fix a gcc 11 warning

# gpg: Signature made Thu 21 Jan 2021 12:08:12 GMT
# gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [unknown]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [unknown]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck-gitlab/tags/s390x-20210121:
  s390x: Use strpadcpy for copying vm name
  vfio-ccw: Connect the device request notifier
  Update linux headers to 5.11-rc2
  update-linux-headers: Include const.h
  s390x/tcg: Ignore register content if b1/b2 is zero when handling EXECUTE
  tests/tcg/s390x: Fix EXRL tests
  s390x/tcg: Don't ignore content in r0 when not specified via "b" or "x"
  s390x/tcg: Fix RISBHG
  s390x/tcg: Fix ALGSI

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMerge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-01-20' into staging 244852969 244880378
Peter Maydell [Thu, 21 Jan 2021 10:44:27 +0000 (10:44 +0000)] 
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-01-20' into staging

nbd patches for 2021-01-20

- minor resource leak fixes in qemu-nbd
- ensure proper aio context when nbd server uses iothreads
- iotest refactorings in preparation for rewriting ./check to be more
flexible, and preparing for more nbd server reconnect features

# gpg: Signature made Thu 21 Jan 2021 02:28:19 GMT
# gpg:                using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg:                 aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* remotes/ericb/tags/pull-nbd-2021-01-20:
  iotests.py: qemu_io(): reuse qemu_tool_pipe_and_status()
  iotests.py: fix qemu_tool_pipe_and_status()
  iotests/264: fix style
  iotests: define group in each iotest
  iotests/294: add shebang line
  iotests: make tests executable
  iotests: fix some whitespaces in test output files
  iotests/303: use dot slash for qcow2.py running
  iotests/277: use dot slash for nbd-fault-injector.py running
  nbd/server: Quiesce coroutines on context switch
  block: Honor blk_set_aio_context() context requirements
  qemu-nbd: Fix a memleak in nbd_client_thread()
  qemu-nbd: Fix a memleak in qemu_nbd_client_list()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agos390x: Use strpadcpy for copying vm name
Miroslav Rezanina [Thu, 14 Jan 2021 07:07:36 +0000 (08:07 +0100)] 
s390x: Use strpadcpy for copying vm name

Using strncpy with length equal to the size of target array, GCC 11
reports following warning:

  warning: '__builtin_strncpy' specified bound 256 equals destination size [-Wstringop-truncation]

We can prevent this warning by using strpadcpy that copies string
up to specified length, zeroes target array after copied string
and does not raise warning when length is equal to target array
size (and ending '\0' is discarded).

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <6f86915755219cf6a671788075da4809b57f7d7b.1610607906.git.mrezanin@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 months agovfio-ccw: Connect the device request notifier
Eric Farman [Mon, 4 Jan 2021 20:20:57 +0000 (21:20 +0100)] 
vfio-ccw: Connect the device request notifier

Now that the vfio-ccw code has a notifier interface to request that
a device be unplugged, let's wire that together.

Signed-off-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20210104202057.48048-4-farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 months agoUpdate linux headers to 5.11-rc2
Eric Farman [Mon, 4 Jan 2021 20:20:56 +0000 (21:20 +0100)] 
Update linux headers to 5.11-rc2

Signed-off-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20210104202057.48048-3-farman@linux.ibm.com>
[CH: dropped qatomic->atomic changes in pvrdma_ring.h]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 months agoupdate-linux-headers: Include const.h
Eric Farman [Mon, 4 Jan 2021 20:20:55 +0000 (21:20 +0100)] 
update-linux-headers: Include const.h

Kernel commit a85cbe6159ff ("uapi: move constants from
<linux/kernel.h> to <linux/const.h>") breaks our script
because of the unrecognized include. Let's add that to
our processing.

Signed-off-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210104202057.48048-2-farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 months agos390x/tcg: Ignore register content if b1/b2 is zero when handling EXECUTE
David Hildenbrand [Mon, 11 Jan 2021 16:38:45 +0000 (17:38 +0100)] 
s390x/tcg: Ignore register content if b1/b2 is zero when handling EXECUTE

In our EXECUTE fast path, we have to ignore the content of r0, if
specified by b1 or b2.

Fixes: d376f123c7de ("target/s390x: Re-implement a few EXECUTE target insns directly")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210111163845.18148-6-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 months agotests/tcg/s390x: Fix EXRL tests
David Hildenbrand [Mon, 11 Jan 2021 16:38:44 +0000 (17:38 +0100)] 
tests/tcg/s390x: Fix EXRL tests

The current EXRL tests crash on real machines: we must not use r0 as a base
register for trt/trtr, otherwise the content gets ignored. Also, we must
not use r0 for exrl, otherwise it gets ignored.

Let's use the "a" constraint so we get a general purpose register != r0.
For op2, we can simply specify a memory operand directly via "Q" (Memory
reference without index register and with short displacement).

Fixes: ad8c851d2e77 ("target/s390x: add EX support for TRT and TRTR")
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210111163845.18148-5-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 months agos390x/tcg: Don't ignore content in r0 when not specified via "b" or "x"
David Hildenbrand [Mon, 11 Jan 2021 16:38:43 +0000 (17:38 +0100)] 
s390x/tcg: Don't ignore content in r0 when not specified via "b" or "x"

Using get_address() with register identifiers comming from an "r" field
is wrong: if the "r" field designates "r0", we don't read the content
and instead assume 0 - which should only be applied when the register
was specified via "b" or "x".

PoP 5-11 "Operand-Address Generation":
  "A zero in any of the B1, B2, X2, B3, or B4 fields indicates the absence
   of the corresponding address component. For the absent component, a zero
   is used in forming the intermediate sum, regardless of the contents of
   general register 0. A displacement of zero has no special significance."

This BUG became visible for CSPG as generated by LLVM-12 in the upstream
Linux kernel (v5.11-rc2), used while creating the linear mapping in
vmem_map_init(): Trying to store to address 0 results in a Low Address
Protection exception.

Debugging this was more complicated than it could have been: The program
interrupt handler in the kernel will try to crash the kernel: doing so, it
will enable DAT. As the linear mapping is not created yet (asce=0), we run
into an addressing exception while tring to walk non-existant DAT tables,
resulting in a program exception loop.

This allows for booting upstream Linux kernels compiled by clang-12. Most
of these cases seem to be broken forever.

Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210111163845.18148-4-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 months agos390x/tcg: Fix RISBHG
David Hildenbrand [Mon, 11 Jan 2021 16:38:42 +0000 (17:38 +0100)] 
s390x/tcg: Fix RISBHG

RISBHG is broken and currently hinders clang-11 builds of upstream kernels
from booting: the kernel crashes early, while decompressing the image.

  [...]
   Kernel fault: interruption code 0005 ilc:2
   Kernel random base: 0000000000000000
   PSW : 0000200180000000 0000000000017a1e
         R:0 T:0 IO:0 EX:0 Key:0 M:0 W:0 P:0 AS:0 CC:2 PM:0 RI:0 EA:3
   GPRS: 0000000000000001 0000000c00000000 00000003fffffff4 00000000fffffff0
         0000000000000000 00000000fffffff4 000000000000000c 00000000fffffff0
         00000000fffffffc 0000000000000000 00000000fffffff8 00000000008e25a8
         0000000000000009 0000000000000002 0000000000000008 000000000000bce0

One example of a buggy instruction is:

    17dde:       ec 1e 00 9f 20 5d       risbhg  %r1,%r14,0,159,32

With %r14 = 0x9 and %r1 = 0x7 should result in %r1 = 0x900000007, however,
results in %r1 = 0.

Let's interpret values of i3/i4 as documented in the PoP and make
computation of "mask" only based on i3 and i4 and use "pmask" only at the
very end to make sure wrapping is only applied to the high/low doubleword.

With this patch, I can successfully boot a v5.11-rc2 kernel built with
clang-11, and gcc builds keep on working.

Fixes: 2d6a869833d9 ("target-s390: Implement RISBG")
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210111163845.18148-3-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 months agos390x/tcg: Fix ALGSI
David Hildenbrand [Mon, 11 Jan 2021 16:38:41 +0000 (17:38 +0100)] 
s390x/tcg: Fix ALGSI

Looks like something went wrong whiel touching that line. Instead of "r1"
we need a new temporary. Also, we have to pass MO_TEQ, to indicate that
we are working with 64-bit values. Let's revert these changes.

Fixes: ff26d287bddc ("target/s390x: Improve cc computation for ADD LOGICAL")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210111163845.18148-2-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 months agoiotests.py: qemu_io(): reuse qemu_tool_pipe_and_status()
Vladimir Sementsov-Ogievskiy [Mon, 30 Nov 2020 13:40:20 +0000 (16:40 +0300)] 
iotests.py: qemu_io(): reuse qemu_tool_pipe_and_status()

Just drop code duplication.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20201130134024.19212-5-vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agoiotests.py: fix qemu_tool_pipe_and_status()
Vladimir Sementsov-Ogievskiy [Mon, 30 Nov 2020 13:40:19 +0000 (16:40 +0300)] 
iotests.py: fix qemu_tool_pipe_and_status()

qemu_img_args variable is unrelated here. We should print just args.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20201130134024.19212-4-vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agoiotests/264: fix style
Vladimir Sementsov-Ogievskiy [Wed, 18 Nov 2020 18:04:28 +0000 (21:04 +0300)] 
iotests/264: fix style

Fix long line, extra import and one mypy complaint about incompatible
int and float.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20201118180433.11931-7-vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agoiotests: define group in each iotest
Vladimir Sementsov-Ogievskiy [Sat, 16 Jan 2021 13:44:19 +0000 (16:44 +0300)] 
iotests: define group in each iotest

We are going to drop group file. Define group in tests as a preparatory
step.

The patch is generated by

    cd tests/qemu-iotests

    grep '^[0-9]\{3\} ' group | while read line; do
        file=$(awk '{print $1}' <<< "$line");
        groups=$(sed -e 's/^... //' <<< "$line");
        awk "NR==2{print \"# group: $groups\"}1" $file > tmp;
        cat tmp > $file;
    done

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210116134424.82867-7-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agoiotests/294: add shebang line
Vladimir Sementsov-Ogievskiy [Sat, 16 Jan 2021 13:44:18 +0000 (16:44 +0300)] 
iotests/294: add shebang line

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210116134424.82867-6-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agoiotests: make tests executable
Vladimir Sementsov-Ogievskiy [Sat, 16 Jan 2021 13:44:17 +0000 (16:44 +0300)] 
iotests: make tests executable

All other test files are executable. Fix these.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210116134424.82867-5-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agoiotests: fix some whitespaces in test output files
Vladimir Sementsov-Ogievskiy [Sat, 16 Jan 2021 13:44:16 +0000 (16:44 +0300)] 
iotests: fix some whitespaces in test output files

We are going to be stricter about comparing test result with .out
files. So, fix some whitespaces now.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210116134424.82867-4-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agoiotests/303: use dot slash for qcow2.py running
Vladimir Sementsov-Ogievskiy [Sat, 16 Jan 2021 13:44:15 +0000 (16:44 +0300)] 
iotests/303: use dot slash for qcow2.py running

If you run './check 303', check includes common.config which adjusts
$PATH to include '.' first, and therefore finds qcow2.py on PATH.  But
if you run './303' directly, there is nothing to adjust PATH, and if
'.' is not already on your PATH by other means, the test fails because
the executable is not found.  Adjust how we invoke the helper
executable to avoid needing a PATH search in the first place.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210116134424.82867-3-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agoiotests/277: use dot slash for nbd-fault-injector.py running
Vladimir Sementsov-Ogievskiy [Sat, 16 Jan 2021 13:44:14 +0000 (16:44 +0300)] 
iotests/277: use dot slash for nbd-fault-injector.py running

If you run './check 277', check includes common.config which adjusts
$PATH to include '.' first, and therefore finds nbd-fault-injector.py
on PATH.  But if you run './277' directly, there is nothing to adjust
PATH, and if '.' is not already on your PATH by other means, the test
fails because the executable is not found.  Adjust how we invoke the
helper executable to avoid needing a PATH search in the first place.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210116134424.82867-2-vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agonbd/server: Quiesce coroutines on context switch
Sergio Lopez [Mon, 14 Dec 2020 17:05:18 +0000 (18:05 +0100)] 
nbd/server: Quiesce coroutines on context switch

When switching between AIO contexts we need to me make sure that both
recv_coroutine and send_coroutine are not scheduled to run. Otherwise,
QEMU may crash while attaching the new context with an error like
this one:

aio_co_schedule: Co-routine was already scheduled in 'aio_co_schedule'

To achieve this we need a local implementation of
'qio_channel_readv_all_eof' named 'nbd_read_eof' (a trick already done
by 'nbd/client.c') that allows us to interrupt the operation and to
know when recv_coroutine is yielding.

With this in place, we delegate detaching the AIO context to the
owning context with a BH ('nbd_aio_detach_bh') scheduled using
'aio_wait_bh_oneshot'. This BH signals that we need to quiesce the
channel by setting 'client->quiescing' to 'true', and either waits for
the coroutine to finish using AIO_WAIT_WHILE or, if it's yielding in
'nbd_read_eof', actively enters the coroutine to interrupt it.

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1900326
Signed-off-by: Sergio Lopez <slp@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20201214170519.223781-4-slp@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agoblock: Honor blk_set_aio_context() context requirements
Sergio Lopez [Mon, 14 Dec 2020 17:05:16 +0000 (18:05 +0100)] 
block: Honor blk_set_aio_context() context requirements

The documentation for bdrv_set_aio_context_ignore() states this:

 * The caller must own the AioContext lock for the old AioContext of bs, but it
 * must not own the AioContext lock for new_context (unless new_context is the
 * same as the current context of bs).

As blk_set_aio_context() makes use of this function, this rule also
applies to it.

Fix all occurrences where this rule wasn't honored.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Sergio Lopez <slp@redhat.com>
Message-Id: <20201214170519.223781-2-slp@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agoqemu-nbd: Fix a memleak in nbd_client_thread()
Alex Chen [Tue, 8 Dec 2020 13:49:44 +0000 (13:49 +0000)] 
qemu-nbd: Fix a memleak in nbd_client_thread()

When the qio_channel_socket_connect_sync() fails
we should goto 'out_socket' label to free the 'sioc' instead of
goto 'out' label.
In addition, there's a lot of redundant code in the successful branch
and the error branch, optimize it.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20201208134944.27962-1-alex.chen@huawei.com>

3 months agoqemu-nbd: Fix a memleak in qemu_nbd_client_list()
Alex Chen [Mon, 30 Nov 2020 12:36:51 +0000 (12:36 +0000)] 
qemu-nbd: Fix a memleak in qemu_nbd_client_list()

When the qio_channel_socket_connect_sync() fails
we should goto 'out' label to free the 'sioc' instead of return.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Message-Id: <20201130123651.17543-1-alex.chen@huawei.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
3 months agoMerge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2021-01-20' into... 244511112 244816938
Peter Maydell [Wed, 20 Jan 2021 17:44:31 +0000 (17:44 +0000)] 
Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2021-01-20' into staging

* Fixes for compiling QEMU on Alpine Linux
* Add Alpine Linux to the gitlab-CI
* Some small fixes for qtests
* Updates to the MAINTAINERS file

# gpg: Signature made Wed 20 Jan 2021 12:56:14 GMT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2021-01-20:
  MAINTAINERS: Make status spellings consistent
  MAINTAINERS: Remove Ben Warren
  tests: Fix memory leak in tpm-util.c
  qtest/npcm7xx_pwm-test: Fix memleak in pwm_qom_get
  gitlab-ci: Add alpine to pipeline
  tests/check-block.sh: Refuse to run the iotests with BusyBox' sed
  tests/docker: Add dockerfile for Alpine Linux
  accel/kvm: avoid using predefined PAGE_SIZE
  tests: Rename PAGE_SIZE definitions
  elf2dmp: Rename PAGE_SIZE to ELF2DMP_PAGE_SIZE
  hw/block/nand: Rename PAGE_SIZE to NAND_PAGE_SIZE
  libvhost-user: Include poll.h instead of sys/poll.h
  configure: Add sys/timex.h to probe clock_adjtime
  osdep.h: Remove <sys/signal.h> include

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMAINTAINERS: Make status spellings consistent
John Snow [Fri, 30 Oct 2020 15:34:16 +0000 (11:34 -0400)] 
MAINTAINERS: Make status spellings consistent

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201030153416.429791-3-jsnow@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: Remove Ben Warren
John Snow [Fri, 30 Oct 2020 15:34:15 +0000 (11:34 -0400)] 
MAINTAINERS: Remove Ben Warren

Ben's email bounces and he no longer works for Skyport Systems. I was
unable to reach Ben, so mark this section as Orphaned for now.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <20201030153416.429791-2-jsnow@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agotests: Fix memory leak in tpm-util.c
Stefan Berger [Fri, 15 Jan 2021 20:46:37 +0000 (15:46 -0500)] 
tests: Fix memory leak in tpm-util.c

This patch fixes the following memory leak detected by asan:

Indirect leak of 560320 byte(s) in 136 object(s) allocated from:
    #0 0x556b3b3f9b57 in calloc (/home/stefanb/tmp/qemu-tip/build/tests/qtest/tpm-crb-swtpm-test+0x23fb57)
    #1 0x152b0e96b9b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
    #2 0x556b3b588f61 in parse_object /home/stefanb/tmp/qemu-tip/build/../qobject/json-parser.c:318:12
    #3 0x556b3b588f61 in parse_value /home/stefanb/tmp/qemu-tip/build/../qobject/json-parser.c:546:16
    #4 0x556b3b5886e8 in json_parser_parse /home/stefanb/tmp/qemu-tip/build/../qobject/json-parser.c:580:14
    #5 0x556b3b52ff4a in json_message_process_token /home/stefanb/tmp/qemu-tip/build/../qobject/json-streamer.c:92:12
    #6 0x556b3b59896f in json_lexer_feed_char /home/stefanb/tmp/qemu-tip/build/../qobject/json-lexer.c:313:13
    #7 0x556b3b598443 in json_lexer_feed /home/stefanb/tmp/qemu-tip/build/../qobject/json-lexer.c:350:9
    #8 0x556b3b436c70 in qmp_fd_receive /home/stefanb/tmp/qemu-tip/build/../tests/qtest/libqtest.c:614:9
    #9 0x556b3b435871 in qtest_qmp_receive_dict /home/stefanb/tmp/qemu-tip/build/../tests/qtest/libqtest.c:636:12
    #10 0x556b3b435871 in qtest_qmp_receive /home/stefanb/tmp/qemu-tip/build/../tests/qtest/libqtest.c:624:27
    #11 0x556b3b435c59 in qtest_vqmp /home/stefanb/tmp/qemu-tip/build/../tests/qtest/libqtest.c:715:12
    #12 0x556b3b435c59 in qtest_qmp /home/stefanb/tmp/qemu-tip/build/../tests/qtest/libqtest.c:756:16
    #13 0x556b3b4328c7 in tpm_util_wait_for_migration_complete /home/stefanb/tmp/qemu-tip/build/../tests/qtest/tpm-util.c:245:15
    #14 0x556b3b4333be in tpm_test_swtpm_migration_test /home/stefanb/tmp/qemu-tip/build/../tests/qtest/tpm-tests.c:117:5
    #15 0x152b0e98e29d  (/lib64/libglib-2.0.so.0+0x7b29d)

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210115204637.3332555-1-stefanb@linux.vnet.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoqtest/npcm7xx_pwm-test: Fix memleak in pwm_qom_get
Gan Qixin [Fri, 15 Jan 2021 07:56:34 +0000 (15:56 +0800)] 
qtest/npcm7xx_pwm-test: Fix memleak in pwm_qom_get

The pwm_qom_get function didn't free "response", which caused an indirect
memory leak. So use qobject_unref() to fix it.

ASAN shows memory leak stack:

Indirect leak of 74160000 byte(s) in 18000 object(s) allocated from:
    #0 0x7f96e2f79d4e in __interceptor_calloc (/lib64/libasan.so.5+0x112d4e)
    #1 0x7f96e2d98a50 in g_malloc0 (/lib64/libglib-2.0.so.0+0x55a50)
    #2 0x556313112180 in qdict_new ../qobject/qdict.c:30
    #3 0x556313115bca in parse_object ../qobject/json-parser.c:318
    #4 0x556313117810 in parse_value ../qobject/json-parser.c:546
    #5 0x556313117bda in json_parser_parse ../qobject/json-parser.c:580
    #6 0x55631310fe67 in json_message_process_token ../qobject/json-streamer.c:92
    #7 0x5563131210b7 in json_lexer_feed_char ../qobject/json-lexer.c:313
    #8 0x556313121662 in json_lexer_feed ../qobject/json-lexer.c:350
    #9 0x5563131101e9 in json_message_parser_feed ../qobject/json-streamer.c:121
    #10 0x5563130cb81e in qmp_fd_receive ../tests/qtest/libqtest.c:614
    #11 0x5563130cba2b in qtest_qmp_receive_dict ../tests/qtest/libqtest.c:636
    #12 0x5563130cb939 in qtest_qmp_receive ../tests/qtest/libqtest.c:624
    #13 0x5563130cbe0d in qtest_vqmp ../tests/qtest/libqtest.c:715
    #14 0x5563130cc40f in qtest_qmp ../tests/qtest/libqtest.c:756
    #15 0x5563130c5623 in pwm_qom_get ../tests/qtest/npcm7xx_pwm-test.c:180
    #16 0x5563130c595e in pwm_get_duty ../tests/qtest/npcm7xx_pwm-test.c:210
    #17 0x5563130c7529 in test_toggle ../tests/qtest/npcm7xx_pwm-test.c:447

Reported-by: Euler Robot <euler.robot@huawei.com>
Message-Id: <20210115075634.717909-1-ganqixin@huawei.com>
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agogitlab-ci: Add alpine to pipeline
Jiaxun Yang [Mon, 18 Jan 2021 06:38:08 +0000 (14:38 +0800)] 
gitlab-ci: Add alpine to pipeline

[thuth: Enable "make check" tests, too, after tests/check-block.sh got fixed]

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <20210118063808.12471-10-jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agotests/check-block.sh: Refuse to run the iotests with BusyBox' sed
Thomas Huth [Tue, 19 Jan 2021 13:47:49 +0000 (14:47 +0100)] 
tests/check-block.sh: Refuse to run the iotests with BusyBox' sed

BusyBox' sed reports itself as "This is not GNU sed version 4.0"
when being run with the --version parameter. However, the iotests
really need GNU sed, they do not work with the BusyBox version.
So let's make sure that we really have GNU sed and refuse to run
the tests with BusyBox' sed.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210119134749.401311-1-thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agotests/docker: Add dockerfile for Alpine Linux
Jiaxun Yang [Mon, 18 Jan 2021 06:38:07 +0000 (14:38 +0800)] 
tests/docker: Add dockerfile for Alpine Linux

Alpine Linux[1] is a security-oriented, lightweight Linux distribution
based on musl libc and busybox.

It it popular among Docker guests and embedded applications.

Adding it to test against different libc.

[1]: https://alpinelinux.org/

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <20210118063808.12471-9-jiaxun.yang@flygoat.com>
[thuth: Dropped some unnecessary packages, replaced build-base with its deps]
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoaccel/kvm: avoid using predefined PAGE_SIZE
Jiaxun Yang [Mon, 18 Jan 2021 06:38:06 +0000 (14:38 +0800)] 
accel/kvm: avoid using predefined PAGE_SIZE

As per POSIX specification of limits.h [1], OS libc may define
PAGE_SIZE in limits.h.

PAGE_SIZE is used in included kernel uapi headers.

To prevent collosion of definition, we discard PAGE_SIZE from
defined by libc and take QEMU's variable.

[1]: https://pubs.opengroup.org/onlinepubs/7908799/xsh/limits.h.html

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <20210118063808.12471-8-jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agotests: Rename PAGE_SIZE definitions
Jiaxun Yang [Mon, 18 Jan 2021 06:38:05 +0000 (14:38 +0800)] 
tests: Rename PAGE_SIZE definitions

As per POSIX specification of limits.h [1], OS libc may define
PAGE_SIZE in limits.h.

Self defined PAGE_SIZE is frequently used in tests, to prevent
collosion of definition, we give PAGE_SIZE definitons reasonable
prefixs.

[1]: https://pubs.opengroup.org/onlinepubs/7908799/xsh/limits.h.html

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210118063808.12471-7-jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoelf2dmp: Rename PAGE_SIZE to ELF2DMP_PAGE_SIZE
Jiaxun Yang [Mon, 18 Jan 2021 06:38:04 +0000 (14:38 +0800)] 
elf2dmp: Rename PAGE_SIZE to ELF2DMP_PAGE_SIZE

As per POSIX specification of limits.h [1], OS libc may define
PAGE_SIZE in limits.h.

To prevent collosion of definition, we rename PAGE_SIZE here.

[1]: https://pubs.opengroup.org/onlinepubs/7908799/xsh/limits.h.html

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210118063808.12471-6-jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agohw/block/nand: Rename PAGE_SIZE to NAND_PAGE_SIZE
Jiaxun Yang [Mon, 18 Jan 2021 06:38:03 +0000 (14:38 +0800)] 
hw/block/nand: Rename PAGE_SIZE to NAND_PAGE_SIZE

As per POSIX specification of limits.h [1], OS libc may define
PAGE_SIZE in limits.h.

To prevent collosion of definition, we rename PAGE_SIZE here.

[1]: https://pubs.opengroup.org/onlinepubs/7908799/xsh/limits.h.html

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210118063808.12471-5-jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agolibvhost-user: Include poll.h instead of sys/poll.h
Jiaxun Yang [Mon, 18 Jan 2021 06:38:01 +0000 (14:38 +0800)] 
libvhost-user: Include poll.h instead of sys/poll.h

Musl libc complains about it's wrong usage.

In file included from ../subprojects/libvhost-user/libvhost-user.h:20,
                 from ../subprojects/libvhost-user/libvhost-user-glib.h:19,
                 from ../subprojects/libvhost-user/libvhost-user-glib.c:15:
/usr/include/sys/poll.h:1:2: error: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Werror=cpp]
    1 | #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
      |  ^~~~~~~

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210118063808.12471-3-jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoconfigure: Add sys/timex.h to probe clock_adjtime
Jiaxun Yang [Mon, 18 Jan 2021 06:38:00 +0000 (14:38 +0800)] 
configure: Add sys/timex.h to probe clock_adjtime

It is not a part of standard time.h. Glibc put it under
time.h however musl treat it as a sys timex extension.

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210118063808.12471-2-jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoosdep.h: Remove <sys/signal.h> include
Michael Forney [Wed, 13 Jan 2021 21:56:00 +0000 (13:56 -0800)] 
osdep.h: Remove <sys/signal.h> include

Prior to 2a4b472c3c, sys/signal.h was only included on OpenBSD
(apart from two .c files). The POSIX standard location for this
header is just <signal.h> and in fact, OpenBSD's signal.h includes
sys/signal.h itself.

Unconditionally including <sys/signal.h> on musl causes warnings
for just about every source file:

  /usr/include/sys/signal.h:1:2: warning: #warning redirecting incorrect #include <sys/signal.h> to <signal.h> [-Wcpp]
      1 | #warning redirecting incorrect #include <sys/signal.h> to <signal.h>
        |  ^~~~~~~

Since there don't seem to be any platforms which require including
<sys/signal.h> in addition to <signal.h>, and some platforms like
Haiku lack it completely, just remove it.

Tested building on OpenBSD after removing this include.

Signed-off-by: Michael Forney <mforney@mforney.org>
Tested-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210113215600.16100-1-mforney@mforney.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210119-1' into... 243867919 243897079
Peter Maydell [Tue, 19 Jan 2021 15:47:23 +0000 (15:47 +0000)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210119-1' into staging

target-arm queue:
 * Implement IMPDEF pauth algorithm
 * Support ARMv8.4-SEL2
 * Fix bug where we were truncating predicate vector lengths in SVE insns
 * npcm7xx_adc-test: Fix memleak in adc_qom_set
 * target/arm/m_helper: Silence GCC 10 maybe-uninitialized error
 * docs: Build and install all the docs in a single manual

# gpg: Signature made Tue 19 Jan 2021 15:46:34 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20210119-1: (29 commits)
  docs: Build and install all the docs in a single manual
  target/arm/m_helper: Silence GCC 10 maybe-uninitialized error
  npcm7xx_adc-test: Fix memleak in adc_qom_set
  target/arm: Update REV, PUNPK for pred_desc
  target/arm: Update ZIP, UZP, TRN for pred_desc
  target/arm: Update PFIRST, PNEXT for pred_desc
  target/arm: Introduce PREDDESC field definitions
  target/arm: refactor vae1_tlbmask()
  target/arm: enable Secure EL2 in max CPU
  target/arm: Implement SCR_EL2.EEL2
  target/arm: revector to run-time pick target EL
  target/arm: set HPFAR_EL2.NS on secure stage 2 faults
  target/arm: secure stage 2 translation regime
  target/arm: generalize 2-stage page-walk condition
  target/arm: translate NS bit in page-walks
  target/arm: do S1_ptw_translate() before address space lookup
  target/arm: handle VMID change in secure state
  target/arm: add ARMv8.4-SEL2 system registers
  target/arm: add MMU stage 1 for Secure EL2
  target/arm: add 64-bit S-EL2 to EL exception table
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agodocs: Build and install all the docs in a single manual
Peter Maydell [Fri, 15 Jan 2021 15:44:49 +0000 (15:44 +0000)] 
docs: Build and install all the docs in a single manual

When we first converted our documentation to Sphinx, we split it into
multiple manuals (system, interop, tools, etc), which are all built
separately.  The primary driver for this was wanting to be able to
avoid shipping the 'devel' manual to end-users.  However, this is
working against the grain of the way Sphinx wants to be used and
causes some annoyances:
 * Cross-references between documents become much harder or
   possibly impossible
 * There is no single index to the whole documentation
 * Within one manual there's no links or table-of-contents info
   that lets you easily navigate to the others
 * The devel manual doesn't get published on the QEMU website
   (it would be nice to able to refer to it there)

Merely hiding our developer documentation from end users seems like
it's not enough benefit for these costs.  Combine all the
documentation into a single manual (the same way that the readthedocs
site builds it) and install the whole thing.  The previous manual
divisions remain as the new top level sections in the manual.

 * The per-manual conf.py files are no longer needed
 * The man_pages[] specifications previously in each per-manual
   conf.py move to the top level conf.py
 * docs/meson.build logic is simplified as we now only need to run
   Sphinx once for the HTML and then once for the manpages5B
 * The old index.html.in that produced the top-level page with
   links to each manual is no longer needed

Unfortunately this means that we now have to build the HTML
documentation into docs/manual in the build tree rather than directly
into docs/; otherwise it is too awkward to ensure we install only the
built manual and not also the dependency info, stamp file, etc.  The
manual still ends up in the same place in the final installed
directory, but anybody who was consulting documentation from within
the build tree will have to adjust where they're looking.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20210115154449.4801-1-peter.maydell@linaro.org

3 months agotarget/arm/m_helper: Silence GCC 10 maybe-uninitialized error
Philippe Mathieu-Daudé [Tue, 19 Jan 2021 06:27:39 +0000 (07:27 +0100)] 
target/arm/m_helper: Silence GCC 10 maybe-uninitialized error

When building with GCC 10.2 configured with --extra-cflags=-Os, we get:

  target/arm/m_helper.c: In function ‘arm_v7m_cpu_do_interrupt’:
  target/arm/m_helper.c:1811:16: error: ‘restore_s16_s31’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
   1811 |             if (restore_s16_s31) {
        |                ^
  target/arm/m_helper.c:1350:10: note: ‘restore_s16_s31’ was declared here
   1350 |     bool restore_s16_s31;
        |          ^~~~~~~~~~~~~~~
  cc1: all warnings being treated as errors

Initialize the 'restore_s16_s31' variable to silence the warning.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210119062739.589049-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agonpcm7xx_adc-test: Fix memleak in adc_qom_set
Gan Qixin [Mon, 18 Jan 2021 06:56:27 +0000 (14:56 +0800)] 
npcm7xx_adc-test: Fix memleak in adc_qom_set

The adc_qom_set function didn't free "response", which caused an indirect
memory leak. So use qobject_unref() to fix it.

ASAN shows memory leak stack:

Indirect leak of 593280 byte(s) in 144 object(s) allocated from:
    #0 0x7f9a5e7e8d4e in __interceptor_calloc (/lib64/libasan.so.5+0x112d4e)
    #1 0x7f9a5e607a50 in g_malloc0 (/lib64/libglib-2.0.so.0+0x55a50)
    #2 0x55b1bebf636b in qdict_new ../qobject/qdict.c:30
    #3 0x55b1bec09699 in parse_object ../qobject/json-parser.c:318
    #4 0x55b1bec0b2df in parse_value ../qobject/json-parser.c:546
    #5 0x55b1bec0b6a9 in json_parser_parse ../qobject/json-parser.c:580
    #6 0x55b1bec060d1 in json_message_process_token ../qobject/json-streamer.c:92
    #7 0x55b1bec16a12 in json_lexer_feed_char ../qobject/json-lexer.c:313
    #8 0x55b1bec16fbd in json_lexer_feed ../qobject/json-lexer.c:350
    #9 0x55b1bec06453 in json_message_parser_feed ../qobject/json-streamer.c:121
    #10 0x55b1bebc2d51 in qmp_fd_receive ../tests/qtest/libqtest.c:614
    #11 0x55b1bebc2f5e in qtest_qmp_receive_dict ../tests/qtest/libqtest.c:636
    #12 0x55b1bebc2e6c in qtest_qmp_receive ../tests/qtest/libqtest.c:624
    #13 0x55b1bebc3340 in qtest_vqmp ../tests/qtest/libqtest.c:715
    #14 0x55b1bebc3942 in qtest_qmp ../tests/qtest/libqtest.c:756
    #15 0x55b1bebbd64a in adc_qom_set ../tests/qtest/npcm7xx_adc-test.c:127
    #16 0x55b1bebbd793 in adc_write_input ../tests/qtest/npcm7xx_adc-test.c:140
    #17 0x55b1bebbdf92 in test_convert_external ../tests/qtest/npcm7xx_adc-test.c:246

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Message-id: 20210118065627.79903-1-ganqixin@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Update REV, PUNPK for pred_desc
Richard Henderson [Wed, 13 Jan 2021 06:26:50 +0000 (20:26 -1000)] 
target/arm: Update REV, PUNPK for pred_desc

Update all users of do_perm_pred2 for the new
predicate descriptor field definitions.

Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/bugs/1908551
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-5-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Update ZIP, UZP, TRN for pred_desc
Richard Henderson [Wed, 13 Jan 2021 06:26:49 +0000 (20:26 -1000)] 
target/arm: Update ZIP, UZP, TRN for pred_desc

Update all users of do_perm_pred3 for the new
predicate descriptor field definitions.

Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Update PFIRST, PNEXT for pred_desc
Richard Henderson [Wed, 13 Jan 2021 06:26:48 +0000 (20:26 -1000)] 
target/arm: Update PFIRST, PNEXT for pred_desc

These two were odd, in that do_pfirst_pnext passed the
count of 64-bit words rather than bytes.  Change to pass
the standard pred_full_reg_size to avoid confusion.

Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Introduce PREDDESC field definitions
Richard Henderson [Wed, 13 Jan 2021 06:26:47 +0000 (20:26 -1000)] 
target/arm: Introduce PREDDESC field definitions

SVE predicate operations cannot use the "usual" simd_desc
encoding, because the lengths are not a multiple of 8.
But we were abusing the SIMD_* fields to store values anyway.
This abuse broke when SIMD_OPRSZ_BITS was modified in e2e7168a214.

Introduce a new set of field definitions for exclusive use
of predicates, so that it is obvious what kind of predicate
we are manipulating.  To be used in future patches.

Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: refactor vae1_tlbmask()
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:11 +0000 (12:45 +0200)] 
target/arm: refactor vae1_tlbmask()

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-19-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: enable Secure EL2 in max CPU
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:10 +0000 (12:45 +0200)] 
target/arm: enable Secure EL2 in max CPU

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-18-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Implement SCR_EL2.EEL2
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:09 +0000 (12:45 +0200)] 
target/arm: Implement SCR_EL2.EEL2

This adds handling for the SCR_EL3.EEL2 bit.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Message-id: 20210112104511.36576-17-remi.denis.courmont@huawei.com
[PMM: Applied fixes for review issues noted by RTH:
 - check for FEATURE_AARCH64 before checking sel2 isar feature
 - correct the commit message subject line]
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: revector to run-time pick target EL
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:08 +0000 (12:45 +0200)] 
target/arm: revector to run-time pick target EL

On ARMv8-A, accesses by 32-bit secure EL1 to monitor registers trap to
the upper (64-bit) EL. With Secure EL2 support, we can no longer assume
that that is always EL3, so make room for the value to be computed at
run-time.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-16-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: set HPFAR_EL2.NS on secure stage 2 faults
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:07 +0000 (12:45 +0200)] 
target/arm: set HPFAR_EL2.NS on secure stage 2 faults

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-15-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: secure stage 2 translation regime
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:06 +0000 (12:45 +0200)] 
target/arm: secure stage 2 translation regime

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-14-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: generalize 2-stage page-walk condition
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:05 +0000 (12:45 +0200)] 
target/arm: generalize 2-stage page-walk condition

The stage_1_mmu_idx() already effectively keeps track of which
translation regimes have two stages. Don't hard-code another test.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-13-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: translate NS bit in page-walks
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:04 +0000 (12:45 +0200)] 
target/arm: translate NS bit in page-walks

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-12-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: do S1_ptw_translate() before address space lookup
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:03 +0000 (12:45 +0200)] 
target/arm: do S1_ptw_translate() before address space lookup

In the secure stage 2 translation regime, the VSTCR.SW and VTCR.NSW
bits can invert the secure flag for pagetable walks. This patchset
allows S1_ptw_translate() to change the non-secure bit.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-11-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: handle VMID change in secure state
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:02 +0000 (12:45 +0200)] 
target/arm: handle VMID change in secure state

The VTTBR write callback so far assumes that the underlying VM lies in
non-secure state. This handles the secure state scenario.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-10-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: add ARMv8.4-SEL2 system registers
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:01 +0000 (12:45 +0200)] 
target/arm: add ARMv8.4-SEL2 system registers

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-9-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: add MMU stage 1 for Secure EL2
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:45:00 +0000 (12:45 +0200)] 
target/arm: add MMU stage 1 for Secure EL2

This adds the MMU indices for EL2 stage 1 in secure state.

To keep code contained, which is largelly identical between secure and
non-secure modes, the MMU indices are reassigned. The new assignments
provide a systematic pattern with a non-secure bit.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-8-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: add 64-bit S-EL2 to EL exception table
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:44:59 +0000 (12:44 +0200)] 
target/arm: add 64-bit S-EL2 to EL exception table

With the ARMv8.4-SEL2 extension, EL2 is a legal exception level in
secure mode, though it can only be AArch64.

This patch adds the target EL for exceptions from 64-bit S-EL2.

It also fixes the target EL to EL2 when HCR.{A,F,I}MO are set in secure
mode. Those values were never used in practice as the effective value of
HCR was always 0 in secure mode.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-7-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Define isar_feature function to test for presence of SEL2
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:44:58 +0000 (12:44 +0200)] 
target/arm: Define isar_feature function to test for presence of SEL2

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-6-remi.denis.courmont@huawei.com
[PMM: tweaked commit message to match reduced scope of patch
 following rebase]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: factor MDCR_EL2 common handling
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:44:57 +0000 (12:44 +0200)] 
target/arm: factor MDCR_EL2 common handling

This adds a common helper to compute the effective value of MDCR_EL2.
That is the actual value if EL2 is enabled in the current security
context, or 0 elsewise.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-5-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: use arm_hcr_el2_eff() where applicable
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:44:56 +0000 (12:44 +0200)] 
target/arm: use arm_hcr_el2_eff() where applicable

This will simplify accessing HCR conditionally in secure state.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-4-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: use arm_is_el2_enabled() where applicable
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:44:55 +0000 (12:44 +0200)] 
target/arm: use arm_is_el2_enabled() where applicable

Do not assume that EL2 is available in and only in non-secure context.
That equivalence is broken by ARMv8.4-SEL2.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-3-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: add arm_is_el2_enabled() helper
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:44:54 +0000 (12:44 +0200)] 
target/arm: add arm_is_el2_enabled() helper

This checks if EL2 is enabled (meaning EL2 registers take effects) in
the current security context.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-2-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: remove redundant tests
Rémi Denis-Courmont [Tue, 12 Jan 2021 10:44:53 +0000 (12:44 +0200)] 
target/arm: remove redundant tests

In this context, the HCR value is the effective value, and thus is
zero in secure mode. The tests for HCR.{F,I}MO are sufficient.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210112104511.36576-1-remi.denis.courmont@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Use object_property_add_bool for "sve" property
Richard Henderson [Mon, 11 Jan 2021 23:57:40 +0000 (13:57 -1000)] 
target/arm: Use object_property_add_bool for "sve" property

The interface for object_property_add_bool is simpler,
making the code easier to understand.

Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210111235740.462469-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Add cpu properties to control pauth
Richard Henderson [Mon, 11 Jan 2021 23:57:39 +0000 (13:57 -1000)] 
target/arm: Add cpu properties to control pauth

The crypto overhead of emulating pauth can be significant for
some workloads.  Add two boolean properties that allows the
feature to be turned off, on with the architected algorithm,
or on with an implementation defined algorithm.

We need two intermediate booleans to control the state while
parsing properties lest we clobber ID_AA64ISAR1 into an invalid
intermediate state.

Tested-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210111235740.462469-3-richard.henderson@linaro.org
[PMM: fixed docs typo, tweaked text to clarify that the impdef
algorithm is specific to QEMU]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Implement an IMPDEF pauth algorithm
Richard Henderson [Mon, 11 Jan 2021 23:57:38 +0000 (13:57 -1000)] 
target/arm: Implement an IMPDEF pauth algorithm

Without hardware acceleration, a cryptographically strong
algorithm is too expensive for pauth_computepac.

Even with hardware accel, we are not currently expecting
to link the linux-user binaries to any crypto libraries,
and doing so would generally make the --static build fail.

So choose XXH64 as a reasonably quick and decent hash.

Tested-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210111235740.462469-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMerge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2021-01-19' into... 243732909 243796070
Peter Maydell [Tue, 19 Jan 2021 11:57:07 +0000 (11:57 +0000)] 
Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2021-01-19' into staging

* Refactor next-cube interrupt and register handling into a proper QOM device

# gpg: Signature made Tue 19 Jan 2021 08:15:39 GMT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "huth@tuxfamily.org"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2021-01-19:
  hw/m68k/next-cube: Add missing header comment to next-cube.h
  hw/m68k/next-cube: Add vmstate for NeXTPC device
  hw/m68k/next-cube: Remove unused fields from NeXTState
  hw/m68k/next-cube: Move rtc into NeXTPC struct
  hw/m68k/next-cube: Make next_irq GPIO inputs to NEXT_PC device
  hw/m68k/next-cube: Move int_status and int_mask to NeXTPC struct
  hw/m68k/next-cube: Make next_irq take NeXTPC* as its opaque
  hw/m68k/next-cube: Move scr_ops into NeXTPC device
  hw/m68k/next-cube: Move mmio_ops into NeXTPC device
  hw/m68k/next-cube: Move register/interrupt functionality into a device
  hw/m68k/next-cube: Make next_irq() function static

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMerge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.0-20210119' into staging 243728256
Peter Maydell [Tue, 19 Jan 2021 10:00:22 +0000 (10:00 +0000)] 
Merge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.0-20210119' into staging

ppc patch queue 2021-01-19

Next pull request for qemu-6.0.  Not a huge amount here, but it does
have some important fixes from Greg Kurz.  Includes:

 * A number of minor cleanups from Daniel Barboza (preliminaries for
   some hotplug changes that are still under review)
 * Improved handling of memory hotplug from Greg Kurz
 * A number of fixes for sam460ex and other 440 based platforms from
   Zolan Balaton
 * Some fixes for the QOMification of the PPC 4xx UIC interrupt
   controller from Peter Maydell

# gpg: Signature made Tue 19 Jan 2021 06:22:45 GMT
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dg-gitlab/tags/ppc-for-6.0-20210119:
  spapr_cpu_core.c: use g_auto* in spapr_create_vcpu()
  spapr_rtas.c: fix identation of rtas_ibm_suspend_me() args
  spapr_hcall.c: make do_client_architecture_support static
  spapr.h: fix trailing whitespace in phb_placement
  spapr: Improve handling of memory unplug with old guests
  sam460ex: Use type cast macro instead of simple cast
  Revert "ppc4xx: Move common dependency on serial to common option"
  Revert "sam460ex: Remove FDT_PPC dependency from KConfig"
  hw/ppc: Remove unused ppcuic_init()
  hw/ppc/ppc405_uc: Drop use of ppcuic_init()
  hw/intc/ppc-uic: Make default dcr-base 0xc0, not 0x30
  hw/ppc: Delete unused ppc405cr_init() code
  hw/ppc/sam460ex: Drop use of ppcuic_init()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/m68k/next-cube: Add missing header comment to next-cube.h
Peter Maydell [Fri, 15 Jan 2021 20:12:06 +0000 (20:12 +0000)] 
hw/m68k/next-cube: Add missing header comment to next-cube.h

The next-cube.h file is missing the usual copyright-and-license
header; add it (same as the next-cube.c one).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210115201206.17347-12-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
3 months agohw/m68k/next-cube: Add vmstate for NeXTPC device
Peter Maydell [Fri, 15 Jan 2021 20:12:05 +0000 (20:12 +0000)] 
hw/m68k/next-cube: Add vmstate for NeXTPC device

Add the vmstate for the new NeXTPC devic; this is in theory
a migration compatibility break, but this machine doesn't have
working migration currently anyway.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210115201206.17347-11-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
3 months agohw/m68k/next-cube: Remove unused fields from NeXTState
Peter Maydell [Fri, 15 Jan 2021 20:12:04 +0000 (20:12 +0000)] 
hw/m68k/next-cube: Remove unused fields from NeXTState

The fields scsi_irq, scsi_dma, scsi_reset and fd_irq in
NeXTState are all unused, except in commented out
"this should do something like this" code. Remove the
unused fields. As and when the functionality that might
use them is added, we can put in the correct kind of
wiring (which might or might not need to be a qemu_irq,
but which in any case will need to be in the NeXTPC
device, not in NeXTState).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210115201206.17347-10-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
3 months agohw/m68k/next-cube: Move rtc into NeXTPC struct
Peter Maydell [Fri, 15 Jan 2021 20:12:03 +0000 (20:12 +0000)] 
hw/m68k/next-cube: Move rtc into NeXTPC struct

Move the rtc into the NeXTPC struct. Since this is the last
use of the 'backdoor' NextState pointer we can now remove that.

Probably the RTC should be its own device at some point: in hardware
there is a separate MCS1850 RTC chip connected to the Peripheral
Controller via a 1-bit serial interface.  That goes beyond the remit
of the current refactoring, though.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210115201206.17347-9-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
3 months agohw/m68k/next-cube: Make next_irq GPIO inputs to NEXT_PC device
Peter Maydell [Fri, 15 Jan 2021 20:12:02 +0000 (20:12 +0000)] 
hw/m68k/next-cube: Make next_irq GPIO inputs to NEXT_PC device

Make the next_irq function be GPIO inputs to the NEXT_PC
device, rather than a freestanding set of qemu_irq lines.

This fixes a minor Coverity issue where it correctly points
out the trivial memory leak of the memory allocated in the
call to qemu_allocate_irqs().

Fixes: CID 1421962
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210115201206.17347-8-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
3 months agohw/m68k/next-cube: Move int_status and int_mask to NeXTPC struct
Peter Maydell [Fri, 15 Jan 2021 20:12:01 +0000 (20:12 +0000)] 
hw/m68k/next-cube: Move int_status and int_mask to NeXTPC struct

All the code which accesses int_status and int_mask is now doing
so via the NeXTPC->NeXTState indirection, so we can move these
fields into the NeXTPC struct where they belong.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210115201206.17347-7-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
3 months agohw/m68k/next-cube: Make next_irq take NeXTPC* as its opaque
Peter Maydell [Fri, 15 Jan 2021 20:12:00 +0000 (20:12 +0000)] 
hw/m68k/next-cube: Make next_irq take NeXTPC* as its opaque

Make the next_irq function take a NeXTPC* as its opaque rather than
the M68kCPU*.  This will make it simpler to turn the next_irq
function into a gpio input line of the NeXTPC device in the next
commit.

For this to work we have to pass the CPU to the NeXTPC device via a
link property, in the same way we do in q800.c (and for the same
reason).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210115201206.17347-6-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
3 months agohw/m68k/next-cube: Move scr_ops into NeXTPC device
Peter Maydell [Fri, 15 Jan 2021 20:11:59 +0000 (20:11 +0000)] 
hw/m68k/next-cube: Move scr_ops into NeXTPC device

Move the registers handled by the scr_ops struct into the NeXTPC
device.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210115201206.17347-5-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
3 months agohw/m68k/next-cube: Move mmio_ops into NeXTPC device
Peter Maydell [Fri, 15 Jan 2021 20:11:58 +0000 (20:11 +0000)] 
hw/m68k/next-cube: Move mmio_ops into NeXTPC device

Move the registers handled by the mmio_ops struct into the NeXTPC
device.  This allows us to also move the scr1 and scr2 data fields.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210115201206.17347-4-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
3 months agohw/m68k/next-cube: Move register/interrupt functionality into a device
Peter Maydell [Fri, 15 Jan 2021 20:11:57 +0000 (20:11 +0000)] 
hw/m68k/next-cube: Move register/interrupt functionality into a device

Currently the next-cube board code open-codes a lot of handling of
interrupts and some miscellaneous registers.  Move this into a proper
QOM device.

In the real hardware this functionality seems to be the
responsibility of the Peripheral Controller (PC) chip, so name the
device that.

There are several different things that will need to be moved into
this device:
 * the mmio_iops register set
 * the scr_ops register set
 * the next_irq IRQ handling

To ease review, we structure the change as a sequence of commits: in
this first commit we create the skeleton of the NeXTPC device with no
content, but with a backdoor pointer to the NeXTState machine's state
struct so we can move parts of the code and still have refactored and
non-refactored code using the same struct data fields.  Further
commits will move functionality into the new device piece by piece.
At the end we will be able to remove the backdoor pointer because all
the data fields will be in the NeXTPC struct and not the NeXTState
struct.

We'll add the VMState for the new device at the end of all that; this
is in theory a migration compatibility break but this machine does
not currently support migration at all anyway.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210115201206.17347-3-peter.maydell@linaro.org>
[huth: Add a comment in front of struct NeXTPC]
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
3 months agohw/m68k/next-cube: Make next_irq() function static
Peter Maydell [Fri, 15 Jan 2021 20:11:56 +0000 (20:11 +0000)] 
hw/m68k/next-cube: Make next_irq() function static

The next_irq() function is global, but isn't actually used anywhere
outside next-cube.c. Make it static.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210115201206.17347-2-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
3 months agospapr_cpu_core.c: use g_auto* in spapr_create_vcpu()
Daniel Henrique Barboza [Thu, 14 Jan 2021 18:06:26 +0000 (15:06 -0300)] 
spapr_cpu_core.c: use g_auto* in spapr_create_vcpu()

Use g_autoptr() with Object and g_autofree with the string to
avoid the need of a cleanup path.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20210114180628.1675603-6-danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agospapr_rtas.c: fix identation of rtas_ibm_suspend_me() args
Daniel Henrique Barboza [Thu, 14 Jan 2021 18:06:25 +0000 (15:06 -0300)] 
spapr_rtas.c: fix identation of rtas_ibm_suspend_me() args

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20210114180628.1675603-5-danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agospapr_hcall.c: make do_client_architecture_support static
Daniel Henrique Barboza [Thu, 14 Jan 2021 18:06:23 +0000 (15:06 -0300)] 
spapr_hcall.c: make do_client_architecture_support static

The function is called only inside spapr_hcall.c.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20210114180628.1675603-3-danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agospapr.h: fix trailing whitespace in phb_placement
Daniel Henrique Barboza [Thu, 14 Jan 2021 18:06:22 +0000 (15:06 -0300)] 
spapr.h: fix trailing whitespace in phb_placement

This whitespace was messing with lots of diffs if you happen
to use an editor that eliminates trailing whitespaces on file
save.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20210114180628.1675603-2-danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agospapr: Improve handling of memory unplug with old guests
Greg Kurz [Fri, 8 Jan 2021 17:31:27 +0000 (18:31 +0100)] 
spapr: Improve handling of memory unplug with old guests

Since commit 1e8b5b1aa16b ("spapr: Allow memory unplug to always succeed")
trying to unplug memory from a guest that doesn't support it (eg. rhel6)
no longer generates an error like it used to. Instead, it leaves the
memory around : only a subsequent reboot or manual use of drmgr within
the guest can complete the hot-unplug sequence. A flag was added to
SpaprMachineClass so that this new behavior only applies to the default
machine type.

We can do better. CAS processes all pending hot-unplug requests. This
means that we don't really care about what the guest supports if
the hot-unplug request happens before CAS.

All guests that we care for, even old ones, set enough bits in OV5
that lead to a non-empty bitmap in spapr->ov5_cas. Use that as a
heuristic to decide if CAS has already occured or not.

Always accept unplug requests that happen before CAS since CAS will
process them. Restore the previous behavior of rejecting them after
CAS when we know that the guest doesn't support memory hot-unplug.

This behavior is suitable for all machine types : this allows to
drop the pre_6_0_memory_unplug flag.

Fixes: 1e8b5b1aa16b ("spapr: Allow memory unplug to always succeed")
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <161012708715.801107.11418801796987916516.stgit@bahia.lan>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agosam460ex: Use type cast macro instead of simple cast
BALATON Zoltan [Fri, 8 Jan 2021 22:07:38 +0000 (23:07 +0100)] 
sam460ex: Use type cast macro instead of simple cast

Use the PCI_BUS type cast macro to convert result of qdev_get_child_bus().
Also remove the check for NULL afterwards which should not be needed
because sysbus_create_simple() uses error_abort and we create the PCI
host object here that's expected to have a PCI bus so this shouldn't
fail. Even if it would fail that would be due to a programmer error so
an error message is not necessary.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <a4dc55b56eed3ce899b7bf9835b980a114c52598.1610143658.git.balaton@eik.bme.hu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agoRevert "ppc4xx: Move common dependency on serial to common option"
BALATON Zoltan [Fri, 8 Jan 2021 22:07:38 +0000 (23:07 +0100)] 
Revert "ppc4xx: Move common dependency on serial to common option"

This reverts commit e6d5106786 which was added mistakenly. While this
change works it was suggested during review that keeping dependencies
explicit for each board may be better than listing them in a common
option so keep the previous version and revert this change.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <8c65807fc7dc1c4c4f6320f2fd6409a3091c88ff.1610143658.git.balaton@eik.bme.hu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agoRevert "sam460ex: Remove FDT_PPC dependency from KConfig"
BALATON Zoltan [Fri, 8 Jan 2021 22:07:38 +0000 (23:07 +0100)] 
Revert "sam460ex: Remove FDT_PPC dependency from KConfig"

This reverts commit 038da2adf that was mistakenly added, this
dependency is still needed to get libfdt dependencies even if fdt.o is
not needed by sam460ex.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <15a9fa72eed4f02bdbeaef206803d5e22260e2de.1610143658.git.balaton@eik.bme.hu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agohw/ppc: Remove unused ppcuic_init()
Peter Maydell [Fri, 8 Jan 2021 17:12:12 +0000 (17:12 +0000)] 
hw/ppc: Remove unused ppcuic_init()

Now we've converted all the callsites to directly create the QOM UIC
device themselves, the ppcuic_init() function is unused and can be
removed. The enum defining PPCUIC symbolic constants can be moved
to the ppc-uic.h header where it more naturally belongs.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-Id: <20210108171212.16500-5-peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agohw/ppc/ppc405_uc: Drop use of ppcuic_init()
Peter Maydell [Fri, 8 Jan 2021 17:12:11 +0000 (17:12 +0000)] 
hw/ppc/ppc405_uc: Drop use of ppcuic_init()

Switch the ppc405_uc boards to directly creating and configuring the
UIC, rather than doing it via the old ppcuic_init() helper function.

We retain the API feature of ppc405ep_init() where it passes back
something allowing the callers to wire up devices to the UIC if
they need to, even though neither of the callsites currently makes
use of this ability -- instead of passing back the qemu_irq array
we pass back the UIC DeviceState.

This fixes a trivial Coverity-detected memory leak where
we were leaking the array of IRQs returned by ppcuic_init().

Fixes: Coverity CID 1421922
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210108171212.16500-4-peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agohw/intc/ppc-uic: Make default dcr-base 0xc0, not 0x30
Peter Maydell [Mon, 11 Jan 2021 21:30:07 +0000 (21:30 +0000)] 
hw/intc/ppc-uic: Make default dcr-base 0xc0, not 0x30

In commit 34d0831f38fd8 the ppc-uic device was added, with a dcr-base
property. The intention was that the default value of dcr-base should be
the one that most of our boards need, so that in the common case they
don't need to specify a property value.

All QEMU boards with a UIC use a dcr-base of 0xc0, with the exception of
sam460ex which has four UICs and so puts them at 0xc0, 0xd0, 0xe0, 0xf0.
So 0xc0 is the obvious right choice for the default dcr-base.

The board code conversions in commits 0270d74ef88623505 (bamboo) and
c5ac9dc64fa552a6 (virtex_ml507) assumed that default was 0xc0. Unfortunately
the actual default in 34d0831f38fd8 was 0x30, by mistake, so the
bamboo and virtex_ml507 boards were broken as they were converted
away from ppcuic_init() (which always specifies the dcr_base property
value explicitly).

Set the default dcr-base to 0xc0 as was intended, fixing bamboo and
virtex_ml507.

Fixes: 34d0831f38fd8
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Suggested-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210111213007.7381-1-peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agohw/ppc: Delete unused ppc405cr_init() code
Peter Maydell [Fri, 8 Jan 2021 17:12:10 +0000 (17:12 +0000)] 
hw/ppc: Delete unused ppc405cr_init() code

The function ppc405cr_init() has apparently been unused since it was
added in commit 8ecc7913525ecb in 2007.

Remove this dead code, so we don't have to convert it away from using
ppcuic_init().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210108171212.16500-3-peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agohw/ppc/sam460ex: Drop use of ppcuic_init()
Peter Maydell [Fri, 8 Jan 2021 17:12:09 +0000 (17:12 +0000)] 
hw/ppc/sam460ex: Drop use of ppcuic_init()

Switch the sam460ex board to directly creating and configuring the
UIC, rather than doing it via the old ppcuic_init() helper function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210108171212.16500-2-peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agoMerge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-6.0-pull-reques...
Peter Maydell [Mon, 18 Jan 2021 15:19:06 +0000 (15:19 +0000)] 
Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-6.0-pull-request' into staging

Trivial patches 20210118

Fix memory leaks
Use qemu_log_mask(GUEST_ERROR) rather than error_report().

# gpg: Signature made Mon 18 Jan 2021 11:31:10 GMT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/trivial-branch-for-6.0-pull-request:
  hw/ide/ahci: Replace fprintf() by qemu_log_mask(GUEST_ERROR)
  misc/mos6522: Use timer_free() in the finalize function to avoid memleak
  pl031: Use timer_free() in the finalize function to avoid memleaks
  hw/virtio-pci: Replace error_report() by qemu_log_mask(GUEST_ERROR)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMerge remote-tracking branch 'remotes/stsquad/tags/pull-testing-and-misc-180121-2...
Peter Maydell [Mon, 18 Jan 2021 12:09:21 +0000 (12:09 +0000)] 
Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-and-misc-180121-2' into staging

Testing, gdbstub and semihosting patches:

  - clean-ups to docker images
  - drop duplicate jobs from shippable
  - prettier tag generation (+gtags)
  - generate browsable source tree
  - more Travis->GitLab migrations
  - fix checkpatch to deal with commits
  - gate gdbstub tests on 8.3.1, expand tests
  - support Xfer:auxv:read gdb packet
  - better gdbstub cleanup
  - use GDB's SVE register layout
  - make arm-compat-semihosting common
  - add riscv semihosting support
  - add HEAPINFO, ELAPSED, TICKFREQ, TMPNAM and ISERROR to semihosting

# gpg: Signature made Mon 18 Jan 2021 10:09:11 GMT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-testing-and-misc-180121-2: (30 commits)
  semihosting: Implement SYS_ISERROR
  semihosting: Implement SYS_TMPNAM
  semihosting: Implement SYS_ELAPSED and SYS_TICKFREQ
  riscv: Add semihosting support for user mode
  riscv: Add semihosting support
  semihosting: Support SYS_HEAPINFO when env->boot_info is not set
  semihosting: Change internal common-semi interfaces to use CPUState *
  semihosting: Change common-semi API to be architecture-independent
  semihosting: Move ARM semihosting code to shared directories
  target/arm: use official org.gnu.gdb.aarch64.sve layout for registers
  gdbstub: ensure we clean-up when terminated
  gdbstub: drop gdbserver_cleanup in favour of gdb_exit
  gdbstub: drop CPUEnv from gdb_exit()
  gdbstub: add support to Xfer:auxv:read: packet
  gdbstub: implement a softmmu based test
  Revert "tests/tcg/multiarch/Makefile.target: Disable run-gdbstub-sha1 test"
  configure: gate our use of GDB to 8.3.1 or above
  test/guest-debug: echo QEMU command as well
  scripts/checkpatch.pl: fix git-show invocation to include diffstat
  gitlab: migrate the minimal tools and unit tests from Travis
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
# Conflicts:
# default-configs/targets/riscv32-linux-user.mak
# default-configs/targets/riscv64-linux-user.mak

3 months agohw/ide/ahci: Replace fprintf() by qemu_log_mask(GUEST_ERROR)
Philippe Mathieu-Daudé [Tue, 12 Jan 2021 11:29:55 +0000 (12:29 +0100)] 
hw/ide/ahci: Replace fprintf() by qemu_log_mask(GUEST_ERROR)

Replace fprintf() calls by qemu_log_mask(LOG_GUEST_ERROR).

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210112112955.1849212-1-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
3 months agomisc/mos6522: Use timer_free() in the finalize function to avoid memleak
Gan Qixin [Tue, 12 Jan 2021 11:27:05 +0000 (19:27 +0800)] 
misc/mos6522: Use timer_free() in the finalize function to avoid memleak

When running device-introspect-test, a memory leak occurred in the mos6522_init
function, this patch use timer_free() in the finalize function to fix it.

ASAN shows memory leak stack:

Direct leak of 96 byte(s) in 2 object(s) allocated from:
    #0 0xfffd5fe9e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
    #1 0xfffd5f7b6800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
    #2 0xaaae50303d0c in timer_new_full qemu/include/qemu/timer.h:523
    #3 0xaaae50303d0c in timer_new qemu/include/qemu/timer.h:544
    #4 0xaaae50303d0c in timer_new_ns qemu/include/qemu/timer.h:562
    #5 0xaaae50303d0c in mos6522_init qemu/hw/misc/mos6522.c:490
    #6 0xaaae50b77d70 in object_init_with_type qemu/qom/object.c:371
    #7 0xaaae50b7ae84 in object_initialize_with_type qemu/qom/object.c:515
    #8 0xaaae50b7b0f8 in object_new_with_type qemu/qom/object.c:729
    #9 0xaaae50bb6d58 in qmp_device_list_properties qemu/qom/qom-qmp-cmds.c:153
    #10 0xaaae50d7e1dc in qmp_marshal_device_list_properties qemu/qapi/qapi-commands-qdev.c:59
    #11 0xaaae50dc87a0 in do_qmp_dispatch_bh qemu/qapi/qmp-dispatch.c:110
    #12 0xaaae50d931a0 in aio_bh_call qemu/util/async.c:136

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210112112705.380534-3-ganqixin@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
3 months agopl031: Use timer_free() in the finalize function to avoid memleaks
Gan Qixin [Tue, 12 Jan 2021 11:27:04 +0000 (19:27 +0800)] 
pl031: Use timer_free() in the finalize function to avoid memleaks

When running device-introspect-test, a memory leak occurred in the pl031_init
function, this patch use timer_free() in the finalize function to fix it.

ASAN shows memory leak stack:

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
    #1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
    #2 0xaaabf5621cfc in timer_new_full qemu/include/qemu/timer.h:523
    #3 0xaaabf5621cfc in timer_new qemu/include/qemu/timer.h:544
    #4 0xaaabf5621cfc in timer_new_ns qemu/include/qemu/timer.h:562
    #5 0xaaabf5621cfc in pl031_init qemu/hw/rtc/pl031.c:194
    #6 0xaaabf6339f6c in object_initialize_with_type qemu/qom/object.c:515
    #7 0xaaabf633a1e0 in object_new_with_type qemu/qom/object.c:729
    #8 0xaaabf6375e40 in qmp_device_list_properties qemu/qom/qom-qmp-cmds.c:153
    #9 0xaaabf5a95540 in qdev_device_help qemu/softmmu/qdev-monitor.c:283
    #10 0xaaabf5a96940 in qmp_device_add qemu/softmmu/qdev-monitor.c:801
    #11 0xaaabf5a96e70 in hmp_device_add qemu/softmmu/qdev-monitor.c:916
    #12 0xaaabf5ac0a2c in handle_hmp_command qemu/monitor/hmp.c:1100

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210112112705.380534-2-ganqixin@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>