qemu.git
3 years agotarget/ppc: Use MO_ALIGN for EXIWX and ECOWX
Richard Henderson [Tue, 26 Jun 2018 16:19:18 +0000 (09:19 -0700)] 
target/ppc: Use MO_ALIGN for EXIWX and ECOWX

This avoids the need for gen_check_align entirely.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agotarget/ppc: Split out gen_st_atomic
Richard Henderson [Tue, 26 Jun 2018 16:19:17 +0000 (09:19 -0700)] 
target/ppc: Split out gen_st_atomic

Move the guts of ST_ATOMIC to a function.  Use foo_tl for the operations
instead of foo_i32 or foo_i64 specifically.  Use MO_ALIGN instead of an
explicit call to gen_check_align.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agotarget/ppc: Split out gen_ld_atomic
Richard Henderson [Tue, 26 Jun 2018 16:19:16 +0000 (09:19 -0700)] 
target/ppc: Split out gen_ld_atomic

Move the guts of LD_ATOMIC to a function.  Use foo_tl for the operations
instead of foo_i32 or foo_i64 specifically.  Use MO_ALIGN instead of an
explicit call to gen_check_align.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agotarget/ppc: Split out gen_load_locked
Richard Henderson [Tue, 26 Jun 2018 16:19:15 +0000 (09:19 -0700)] 
target/ppc: Split out gen_load_locked

Leave only the minimal amount of code within the LDAR macro,
moving the rest of the code into gen_load_locked.  Use MO_ALIGN
and remove the explicit call to gen_check_align.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agotarget/ppc: Tidy gen_conditional_store
Richard Henderson [Tue, 26 Jun 2018 16:19:14 +0000 (09:19 -0700)] 
target/ppc: Tidy gen_conditional_store

Leave only the minimal amount of code within the STCX macro,
moving the rest of the code into gen_conditional_store.
Remove the explicit call to gen_check_align; the matching LDAX will
have already checked alignment, and we verify the same address.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agotarget/ppc: Remove POWERPC_EXCP_STCX
Richard Henderson [Tue, 26 Jun 2018 16:19:13 +0000 (09:19 -0700)] 
target/ppc: Remove POWERPC_EXCP_STCX

Always use the gen_conditional_store implementation that uses
atomic_cmpxchg.  Make sure and clear reserve_addr across most
interrupts crossing the cpu_loop.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agotarget/ppc: Use atomic cmpxchg for STQCX
Richard Henderson [Tue, 26 Jun 2018 16:19:12 +0000 (09:19 -0700)] 
target/ppc: Use atomic cmpxchg for STQCX

When running in a parallel context, we must use a helper in order
to perform the 128-bit atomic operation.  When running in a serial
context, do the compare before the store.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agotarget/ppc: Use atomic store for STQ
Richard Henderson [Tue, 26 Jun 2018 16:19:11 +0000 (09:19 -0700)] 
target/ppc: Use atomic store for STQ

Section 1.4 of the Power ISA v3.0B states that this insn is
single-copy atomic.  As we cannot (yet) issue 128-bit stores
within TCG, use the generic helpers provided.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agotarget/ppc: Use atomic load for LQ and LQARX
Richard Henderson [Tue, 26 Jun 2018 16:19:10 +0000 (09:19 -0700)] 
target/ppc: Use atomic load for LQ and LQARX

Section 1.4 of the Power ISA v3.0B states that both of these
instructions are single-copy atomic.  As we cannot (yet) issue
128-bit loads within TCG, use the generic helpers provided.

Since TCG cannot (yet) return a 128-bit value, add a slot within
CPUPPCState for returning the high half of a 128-bit return value.
This solution is preferred to the helper assigning to architectural
registers directly, as it avoids clobbering all TCG live values.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agotarget/ppc: Add do_unaligned_access hook
Richard Henderson [Tue, 26 Jun 2018 16:19:09 +0000 (09:19 -0700)] 
target/ppc: Add do_unaligned_access hook

This allows faults from MO_ALIGN to have the same effect
as from gen_check_align.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agoppc/pnv: fix pnv_core_realize() error handling
Cédric Le Goater [Tue, 26 Jun 2018 14:22:14 +0000 (16:22 +0200)] 
ppc/pnv: fix pnv_core_realize() error handling

commit d35aefa9ae15 ("ppc/pnv: introduce a new intc_create() operation
to the chip model") changed the object link in the pnv_core_realize()
routine but a return was forgotten in case of error, which can lead to
more problems afterwards (segv)

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agoppc/xics: rework the ICS classes inheritance tree
Cédric Le Goater [Mon, 25 Jun 2018 09:17:18 +0000 (11:17 +0200)] 
ppc/xics: rework the ICS classes inheritance tree

With the previous changes, we can now let the ICS_KVM class inherit
directly from ICS_BASE class and not from the intermediate ICS_SIMPLE.
It makes the class hierarchy much cleaner.

What is left in the top classes is the low level interface to access
the KVM XICS device in ICS_KVM and the XICS emulating handlers in
ICS_SIMPLE.

This should not break migration compatibility.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agoppc/xics: move the vmstate structures under the ics-base class
Cédric Le Goater [Mon, 25 Jun 2018 09:17:17 +0000 (11:17 +0200)] 
ppc/xics: move the vmstate structures under the ics-base class

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agoppx/xics: introduce a parent_reset in ICSStateClass
Cédric Le Goater [Mon, 25 Jun 2018 09:17:16 +0000 (11:17 +0200)] 
ppx/xics: introduce a parent_reset in ICSStateClass

Just like for the realize handlers, this makes possible to move the
common ICSState code of the reset handlers in the ics-base class.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agoppc/xics: move the instance_init handler under the ics-base class
Cédric Le Goater [Mon, 25 Jun 2018 09:17:15 +0000 (11:17 +0200)] 
ppc/xics: move the instance_init handler under the ics-base class

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agoppc/xics: introduce a parent_realize in ICSStateClass
Cédric Le Goater [Mon, 25 Jun 2018 09:17:14 +0000 (11:17 +0200)] 
ppc/xics: introduce a parent_realize in ICSStateClass

This makes possible to move the common ICSState code of the realize
handlers in the ics-base class.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agoppc/xics: introduce ICP DeviceRealize and DeviceReset handlers
Cédric Le Goater [Wed, 20 Jun 2018 10:24:13 +0000 (12:24 +0200)] 
ppc/xics: introduce ICP DeviceRealize and DeviceReset handlers

This changes the ICP realize and reset handlers in DeviceRealize and
DeviceReset handlers. parent handlers are now called from the
inheriting classes which is a cleaner object pattern.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agosam460ex: Fix sam460ex device tree when booting the Linux kernel
Guenter Roeck [Sat, 23 Jun 2018 21:18:05 +0000 (14:18 -0700)] 
sam460ex: Fix sam460ex device tree when booting the Linux kernel

sam460ex (or at least this emulation) does not support the "ibm,cpm" power
management. As a result, Linux crashes when trying to access it. Remove
its device tree node. Also, if/when we boot the Linux kernel directly,
serial port clock frequencies in the device tree file will be unset, and
serial port initialization will fail. Add valid frequency values to
the serial ports to be able to use it. Also set valid values for the other
clock nodes otherwise set by u-boot.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agomac_newworld: always enable disable_direct_reg3_writes for ADB machines
Mark Cave-Ayland [Fri, 22 Jun 2018 08:00:09 +0000 (09:00 +0100)] 
mac_newworld: always enable disable_direct_reg3_writes for ADB machines

Commit 84051eb400 "adb: add property to disable direct reg 3 writes" added a
workaround for MacOS 9 incorrectly setting the mouse address during boot of
PMU machines.

Further testing has shown that since fb6649f172 "adb: fix read reg 3 byte
ordering" this can still sometimes happen with the CUDA mac99 machine,
so let's enable this workaround for all New World machines using ADB for now.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agomac_dbdma: only dump commands for debug enabled channels
Mark Cave-Ayland [Fri, 22 Jun 2018 08:00:08 +0000 (09:00 +0100)] 
mac_dbdma: only dump commands for debug enabled channels

This enables us to apply the same filter in DEBUG_DBDMA_CHANMASK to the
DBDMA command execution debug output.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 years agoMerge remote-tracking branch 'remotes/rth/tags/pull-tcg-20180702' into staging
Peter Maydell [Mon, 2 Jul 2018 16:57:46 +0000 (17:57 +0100)] 
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20180702' into staging

Assorted tlb and tb caching fixes

# gpg: Signature made Mon 02 Jul 2018 17:03:07 BST
# gpg:                using RSA key 64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-tcg-20180702:
  cpu: Assert asidx_from_attrs return value in range
  accel/tcg: Avoid caching overwritten tlb entries
  accel/tcg: Don't treat invalid TLB entries as needing recheck
  accel/tcg: Correct "is this a TLB miss" check in get_page_addr_code()
  tcg: Define and use new tlb_hit() and tlb_hit_page() functions
  translate-all: fix locking of TBs whose two pages share the same physical page

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agoMerge remote-tracking branch 'remotes/kraxel/tags/seabios-1.11.2-20180702-pull-reques...
Peter Maydell [Mon, 2 Jul 2018 16:04:20 +0000 (17:04 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/seabios-1.11.2-20180702-pull-request' into staging

seabios: update to release 1.11.2, add/update configuration.
vgabios: remove (old unused lgpl'ed vgabios).
ramfb,bochs-display: use new vgabios roms.

# gpg: Signature made Mon 02 Jul 2018 16:42:06 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/seabios-1.11.2-20180702-pull-request:
  ramfb: enable vgabios
  bochs-display: enable vgabios
  seabios: update bios and vgabios binaries
  vgabios: remove submodule and build rules.
  seabios: enable ide dma
  seabios: add vga configs for bochs-display and ramfb
  seabios: update submodule to release 1.11.2

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agoramfb: enable vgabios
Gerd Hoffmann [Fri, 8 Jun 2018 10:38:47 +0000 (12:38 +0200)] 
ramfb: enable vgabios

Add vgabios binary to fw_cfg vgaroms.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
3 years agobochs-display: enable vgabios
Gerd Hoffmann [Wed, 30 May 2018 13:02:16 +0000 (15:02 +0200)] 
bochs-display: enable vgabios

Add vgabios binary to pci rom bar.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
3 years agoseabios: update bios and vgabios binaries
Gerd Hoffmann [Wed, 20 Jun 2018 10:17:34 +0000 (12:17 +0200)] 
seabios: update bios and vgabios binaries

Adds two new vgabios binaries, for ramfb and bochs-display.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
3 years agovgabios: remove submodule and build rules.
Gerd Hoffmann [Wed, 20 Jun 2018 10:11:42 +0000 (12:11 +0200)] 
vgabios: remove submodule and build rules.

It's the old, lgpl vgabios implementation.

Was left in as fallback when we switched to seavgabios, so we could
easily switch back in case we see regressions.  It's unused since years
now, reportedly doesn't even build, and lacks support for recently (and
not so recently) added display devices.

Zap it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
3 years agoseabios: enable ide dma
Gerd Hoffmann [Wed, 20 Jun 2018 10:07:40 +0000 (12:07 +0200)] 
seabios: enable ide dma

QNX reportedly requires this to boot.
Should also speed up booting other guests.

Note: Upstream seabios defaults this to 'n' to due to known problems
on physical hardware (qemu not affected), and wouldn't flip the default
to 'y'.  So we adjust our local build config accordingly.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
3 years agoseabios: add vga configs for bochs-display and ramfb
Gerd Hoffmann [Wed, 20 Jun 2018 10:05:55 +0000 (12:05 +0200)] 
seabios: add vga configs for bochs-display and ramfb

Both bochs-display and ramfb are devices with a simple framebuffer and
no vga emulation or text mode.  seavgabios has support for text mode
emulation (at vgabios call level), we are using that to provide some
vga compatibility support for these devices.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
3 years agoseabios: update submodule to release 1.11.2
Gerd Hoffmann [Wed, 20 Jun 2018 10:02:28 +0000 (12:02 +0200)] 
seabios: update submodule to release 1.11.2

git shortlog rel-1.11.1..rel-1.11.2
-----------------------------------

Gerd Hoffmann (11):
      optionrom: enable non-vga display devices
      cbvga: factor out cbvga_setup_modes()
      qemu: add bochs-display support
      cbvga_setup_modes: use real mode number instead of 0x140
      cbvga_list_modes: don't list current mode twice
      cbvga_set_mode: disable clearmem in windows x86 emulator.
      bochs_display_setup: return error on failure
      pmm: use tmp zone on oom
      vgasrc: add allocate_pmm()
      qemu: add qemu ramfb support
      cbvga_set_mode: refine clear display logic

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
3 years agocpu: Assert asidx_from_attrs return value in range
Richard Henderson [Fri, 29 Jun 2018 23:30:28 +0000 (16:30 -0700)] 
cpu: Assert asidx_from_attrs return value in range

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 years agoaccel/tcg: Avoid caching overwritten tlb entries
Richard Henderson [Fri, 29 Jun 2018 20:07:08 +0000 (13:07 -0700)] 
accel/tcg: Avoid caching overwritten tlb entries

When installing a TLB entry, remove any cached version of the
same page in the VTLB.  If the existing TLB entry matches, do
not copy into the VTLB, but overwrite it.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 years agoaccel/tcg: Don't treat invalid TLB entries as needing recheck
Peter Maydell [Fri, 29 Jun 2018 16:17:31 +0000 (17:17 +0100)] 
accel/tcg: Don't treat invalid TLB entries as needing recheck

In get_page_addr_code() when we check whether the TLB entry
is marked as TLB_RECHECK, we should not go down that code
path if the TLB entry is not valid at all (ie the TLB_INVALID
bit is set).

Tested-by: Laurent Vivier <laurent@vivier.eu>
Reported-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20180629161731.16239-1-peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 years agoaccel/tcg: Correct "is this a TLB miss" check in get_page_addr_code()
Peter Maydell [Fri, 29 Jun 2018 16:21:22 +0000 (17:21 +0100)] 
accel/tcg: Correct "is this a TLB miss" check in get_page_addr_code()

In commit 71b9a45330fe220d1 we changed the condition we use
to determine whether we need to refill the TLB in
get_page_addr_code() to
    if (unlikely(env->tlb_table[mmu_idx][index].addr_code !=
                 (addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK)))) {

This isn't the right check (it will falsely fail if the
input addr happens to have the low bit corresponding to
TLB_INVALID_MASK set, for instance). Replace it with a
use of the new tlb_hit() function, which is the correct test.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20180629162122.19376-3-peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 years agotcg: Define and use new tlb_hit() and tlb_hit_page() functions
Peter Maydell [Fri, 29 Jun 2018 16:21:21 +0000 (17:21 +0100)] 
tcg: Define and use new tlb_hit() and tlb_hit_page() functions

The condition to check whether an address has hit against a particular
TLB entry is not completely trivial. We do this in various places, and
in fact in one place (get_page_addr_code()) we have got the condition
wrong. Abstract it out into new tlb_hit() and tlb_hit_page() inline
functions (one for a known-page-aligned address and one for an
arbitrary address), and use them in all the places where we had the
condition correct.

This is a no-behaviour-change patch; we leave fixing the buggy
code in get_page_addr_code() to a subsequent patch.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20180629162122.19376-2-peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 years agotranslate-all: fix locking of TBs whose two pages share the same physical page
Emilio G. Cota [Mon, 25 Jun 2018 16:31:42 +0000 (12:31 -0400)] 
translate-all: fix locking of TBs whose two pages share the same physical page

Commit 0b5c91f ("translate-all: use per-page locking in !user-mode",
2018-06-15) introduced per-page locking. It assumed that the physical
pages corresponding to a TB (at most two pages) are always distinct,
which is wrong. For instance, an xtensa test provided by Max Filippov
is broken by the commit, since the test maps two virtual pages
to the same physical page:

virt1: 7fff, virt2: 8000
phys1 6000fff, phys2 6000000

Fix it by removing the assumption from page_lock_pair.
If the two physical page addresses are equal, we only lock
the PageDesc once. Note that the two callers of page_lock_pair,
namely page_unlock_tb and tb_link_page, are also updated so that
we do not try to unlock the same PageDesc twice.

Fixes: 0b5c91f74f3c83a36f37740969df8c775c997e69
Reported-by: Max Filippov <jcmvbkbc@gmail.com>
Tested-by: Max Filippov <jcmvbkbc@gmail.com>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1529944302-14186-1-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 years agoMerge remote-tracking branch 'remotes/cohuck/tags/s390x-20180702' into staging
Peter Maydell [Mon, 2 Jul 2018 13:57:43 +0000 (14:57 +0100)] 
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180702' into staging

s390x updates:
- add bpb/ppa15 features to default cpu model for z196 and later
- rework TOD handling and fix cpu hotplug under tcg
- various fixes

# gpg: Signature made Mon 02 Jul 2018 12:09:40 BST
# gpg:                using RSA key DECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20180702:
  s390x/tcg: fix locking problem with tcg_s390_tod_updated
  s390x/kvm: indicate alignment in legacy_s390_alloc()
  s390x/kvm: legacy_s390_alloc() only supports one allocation
  s390x/tcg: fix CPU hotplug with single-threaded TCG
  s390x/tcg: rearm the CKC timer during migration
  s390x/tcg: implement SET CLOCK
  s390x/tcg: SET CLOCK COMPARATOR can clear CKC interrupts
  s390x/tcg: properly implement the TOD
  s390x/tcg: drop tod_basetime
  s390x/tod: factor out TOD into separate device
  s390x/kvm: pass values instead of pointers to kvm_s390_set_clock_*()
  s390x/tcg: avoid overflows in time2tod/tod2time
  s390x/cpumodel: default enable bpb and ppa15 for z196 and later
  loader: Check access size when calling rom_ptr() to avoid crashes
  s390/ipl: fix ipl with -no-reboot

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agoMerge remote-tracking branch 'remotes/vivier/tags/m68k-for-3.0-pull-request' into...
Peter Maydell [Mon, 2 Jul 2018 12:43:10 +0000 (13:43 +0100)] 
Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-3.0-pull-request' into staging

Fix move16 instruction disassembly

# gpg: Signature made Mon 02 Jul 2018 11:25:51 BST
# gpg:                using RSA key F30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>"
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier/tags/m68k-for-3.0-pull-request:
  target/m68k: correctly disassemble move16

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotcg: Fix --disable-tcg build breakage
Philippe Mathieu-Daudé [Fri, 29 Jun 2018 20:07:10 +0000 (17:07 -0300)] 
tcg: Fix --disable-tcg build breakage

Fix the --disable-tcg breakage introduced by 8bca9a03ec60d:

    $ configure --disable-tcg
    [...]
    $ make -C i386-softmmu exec.o
    make: Entering directory 'i386-softmmu'
      CC      exec.o
    In file included from source/qemu/exec.c:62:0:
    source/qemu/include/exec/ram_addr.h:96:6: error: conflicting types for ‘tb_invalidate_phys_range’
     void tb_invalidate_phys_range(ram_addr_t start, ram_addr_t end);
          ^~~~~~~~~~~~~~~~~~~~~~~~
    In file included from source/qemu/exec.c:24:0:
    source/qemu/include/exec/exec-all.h:309:6: note: previous declaration of ‘tb_invalidate_phys_range’ was here
     void tb_invalidate_phys_range(target_ulong start, target_ulong end);
          ^~~~~~~~~~~~~~~~~~~~~~~~
    source/qemu/exec.c:1043:6: error: conflicting types for ‘tb_invalidate_phys_addr’
     void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr, MemTxAttrs attrs)
          ^~~~~~~~~~~~~~~~~~~~~~~
    In file included from source/qemu/exec.c:24:0:
    source/qemu/include/exec/exec-all.h:308:6: note: previous declaration of ‘tb_invalidate_phys_addr’ was here
     void tb_invalidate_phys_addr(target_ulong addr);
          ^~~~~~~~~~~~~~~~~~~~~~~
    make: *** [source/qemu/rules.mak:69: exec.o] Error 1
    make: Leaving directory 'i386-softmmu'

Tested to build x86_64-softmmu and i386-softmmu targets.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180629200710.27626-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/m68k: correctly disassemble move16
Laurent Vivier [Mon, 25 Jun 2018 20:35:59 +0000 (22:35 +0200)] 
target/m68k: correctly disassemble move16

"move16 %a0@+,%a1@" and "fmovel (cpid=3) %a0@-,%fpcr"
share the same opcode.

To fix that, backport the fix from binutils:

  2005-11-10  Andreas Schwab  <schwab@suse.de>

     * m68k-dis.c (print_insn_m68k): Only match FPU insns with
     coprocessor ID 1.

Reported-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Thomas Huth <huth@tuxfamily.org>
Message-Id: <20180625203559.21370-2-laurent@vivier.eu>

3 years agoaudio/hda: drop atomics
Gerd Hoffmann [Wed, 27 Jun 2018 11:19:36 +0000 (13:19 +0200)] 
audio/hda: drop atomics

Doesn't build on 32bit clang.  And because we run under qemu mutex
anyway they are not needed.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180627111936.31019-1-kraxel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agos390x/tcg: fix locking problem with tcg_s390_tod_updated
David Hildenbrand [Fri, 29 Jun 2018 17:05:20 +0000 (19:05 +0200)] 
s390x/tcg: fix locking problem with tcg_s390_tod_updated

tcg_s390_tod_updated() is always called with the iothread being locked
(e.g. from S390TODClass->set() e.g. via HELPER(sck) or on incoming
migration). The helper we call takes the lock itself - bad.

Let's change that by factoring out updating the ckc timer. This now looks
much nicer than having to call a helper from another function.

While touching it we also make sure that env->ckc is updated even if the
new value is -1ULL, for now it would not have been modified in that case.

Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180629170520.13671-1-david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/kvm: indicate alignment in legacy_s390_alloc()
David Hildenbrand [Thu, 28 Jun 2018 11:38:17 +0000 (13:38 +0200)] 
s390x/kvm: indicate alignment in legacy_s390_alloc()

Let's do this for completeness reason, although we don't support e.g.
PCDIMM/NVDIMM, which would use the alignment for placing the memory
region in guest physical memory. But maybe someday we would want to
support something like this - then we don't forget about this if
allowing multiple allocations in legacy_s390_alloc().

Use the same alignment as we would set in qemu_anon_ram_alloc(). Our
fixed address satisfies this alignment (1MB). This implicitly sets the
alignment of the underlying memory region.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180628113817.30814-3-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/kvm: legacy_s390_alloc() only supports one allocation
David Hildenbrand [Thu, 28 Jun 2018 11:38:16 +0000 (13:38 +0200)] 
s390x/kvm: legacy_s390_alloc() only supports one allocation

We always allocate at a fixed address, a second allocation can therefore
of course never work. We would simply overwrite mappings.

This can e.g. happen in s390_memory_init(), if trying to allocate more
than > 8TB. Let's just bail out, as there is no need for supporting it
(legacy handling for z/VM).

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180628113817.30814-2-david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/tcg: fix CPU hotplug with single-threaded TCG
David Hildenbrand [Wed, 27 Jun 2018 13:44:10 +0000 (15:44 +0200)] 
s390x/tcg: fix CPU hotplug with single-threaded TCG

run_on_cpu() doesn't seem to work reliably until the CPU has been fully
created if the single-threaded TCG main loop is already running.

Therefore, hotplugging a CPU under single-threaded TCG does currently
not work. We should use the direct call instead of going via
run_on_cpu().

So let's use run_on_cpu() for KVM only - KVM requires it due to the initial
CPU reset ioctl. As a nice side effect, we get rid of the ifdef.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180627134410.4901-10-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/tcg: rearm the CKC timer during migration
David Hildenbrand [Wed, 27 Jun 2018 13:44:09 +0000 (15:44 +0200)] 
s390x/tcg: rearm the CKC timer during migration

If the CPU data is migrated after the TOD clock, the CKC timer of a CPU
is not rearmed. Let's rearm it when loading the CPU state.

Introduce tcg-stub.c just like kvm-stub.c for tcg specific stubs.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180627134410.4901-9-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/tcg: implement SET CLOCK
David Hildenbrand [Wed, 27 Jun 2018 13:44:08 +0000 (15:44 +0200)] 
s390x/tcg: implement SET CLOCK

This allows a guest to change its TOD. We already take care of updating
all CKC timers from within S390TODClass.

Use MO_ALIGN to load the operand manually - this will properly trigger a
SPECIFICATION exception.

Acked-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180627134410.4901-8-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/tcg: SET CLOCK COMPARATOR can clear CKC interrupts
David Hildenbrand [Wed, 27 Jun 2018 13:44:07 +0000 (15:44 +0200)] 
s390x/tcg: SET CLOCK COMPARATOR can clear CKC interrupts

Let's stop the timer and delete any pending CKC IRQ before doing
anything else.

While at it, add a comment why the check for ckc == -1ULL is needed.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180627134410.4901-7-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/tcg: properly implement the TOD
David Hildenbrand [Wed, 27 Jun 2018 13:44:06 +0000 (15:44 +0200)] 
s390x/tcg: properly implement the TOD

Right now, each CPU has its own TOD. Especially, the TOD will differ
based on creation time of a CPU - e.g. when hotplugging a CPU the times
will differ quite a lot, resulting in stall warnings in the guest.

Let's use a single TOD by implementing our new TOD device. Prepare it
for TOD-clock epoch extension.

Most importantly, whenever we set the TOD, we have to update the CKC
timer.

Introduce "tcg_s390x.h" just like "kvm_s390x.h" for tcg specific
function declarations that should not go into cpu.h.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180627134410.4901-6-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/tcg: drop tod_basetime
David Hildenbrand [Wed, 27 Jun 2018 13:44:05 +0000 (15:44 +0200)] 
s390x/tcg: drop tod_basetime

Never set to anything but 0.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180627134410.4901-5-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/tod: factor out TOD into separate device
David Hildenbrand [Wed, 27 Jun 2018 13:44:04 +0000 (15:44 +0200)] 
s390x/tod: factor out TOD into separate device

Let's treat this like a separate device. TCG will have to store the
actual state/time later on.

Include cpu-qom.h in kvm_s390x.h (due to S390CPU) to compile tod-kvm.c.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180627134410.4901-4-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/kvm: pass values instead of pointers to kvm_s390_set_clock_*()
David Hildenbrand [Wed, 27 Jun 2018 13:44:03 +0000 (15:44 +0200)] 
s390x/kvm: pass values instead of pointers to kvm_s390_set_clock_*()

We are going to factor out the TOD into a separate device and use const
pointers for device class functions where possible. We are passing right
now ordinary pointers that should never be touched when setting the TOD.
Let's just pass the values directly.

Note that s390_set_clock() will be removed in a follow-on patch and
therefore its calling convention is not changed.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180627134410.4901-3-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/tcg: avoid overflows in time2tod/tod2time
David Hildenbrand [Wed, 27 Jun 2018 13:44:02 +0000 (15:44 +0200)] 
s390x/tcg: avoid overflows in time2tod/tod2time

Big values for the TOD/ns clock can result in some overflows that can be
avoided. Not all overflows can be handled however, as the conversion either
multiplies by 4.096 or divided by 4.096.

Apply the trick used in the Linux kernel in arch/s390/include/asm/timex.h
for tod_to_ns() and use the same trick also for the conversion in the
other direction.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180627134410.4901-2-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390x/cpumodel: default enable bpb and ppa15 for z196 and later
Christian Borntraeger [Tue, 26 Jun 2018 12:38:30 +0000 (14:38 +0200)] 
s390x/cpumodel: default enable bpb and ppa15 for z196 and later

Most systems and host kernels provide the necessary building blocks for
bpb and ppa15. We can reverse the logic and default enable those
features, while still allowing to disable it via cpu model.

So let us add bpb and ppa15 to z196 and later default CPU model for the
qemu 3.0 machine. (like -cpu z13).  Older machine types (e.g.
s390-ccw-virtio-2.12) will retain the old value and not provide those
bits in the default model.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20180626123830.18282-1-borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agoloader: Check access size when calling rom_ptr() to avoid crashes
Thomas Huth [Tue, 26 Jun 2018 09:35:40 +0000 (11:35 +0200)] 
loader: Check access size when calling rom_ptr() to avoid crashes

The rom_ptr() function allows direct access to the ROM blobs that we
load during startup. However, there are currently no checks for the
size of the accesses, so it's currently possible to crash QEMU for
example with:

$ echo "Insane in the mainframe" > /tmp/test.txt
$ s390x-softmmu/qemu-system-s390x -kernel /tmp/test.txt -append xyz
Segmentation fault (core dumped)
$ s390x-softmmu/qemu-system-s390x -kernel /tmp/test.txt -initrd /tmp/test.txt
Segmentation fault (core dumped)
$ echo -n HdrS > /tmp/hdr.txt
$ sparc64-softmmu/qemu-system-sparc64 -kernel /tmp/hdr.txt -initrd /tmp/hdr.txt
Segmentation fault (core dumped)

We need a possibility to check the size of the ROM area that we want
to access, thus let's add a size parameter to the rom_ptr() function
to avoid these problems.

Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1530005740-25254-1-git-send-email-thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agos390/ipl: fix ipl with -no-reboot
Christian Borntraeger [Fri, 22 Jun 2018 10:29:28 +0000 (12:29 +0200)] 
s390/ipl: fix ipl with -no-reboot

kexec/kdump as well as the bootloader use a subcode of diagnose 308
that is supposed to reset the I/O subsystem but not comprise a full
"reboot". With the latest refactoring this is now broken when
-no-reboot is used or when libvirt acts on a reboot QMP event, for
example a virt-install from iso images.

We need to mark these "subsystem resets" as special.

Fixes: a30fb811cbe9 (s390x: refactor reset/reipl handling)
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180622102928.173420-1-borntraeger@de.ibm.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
3 years agoMerge remote-tracking branch 'remotes/xtensa/tags/20180630-xtensa' into staging
Peter Maydell [Sat, 30 Jun 2018 21:23:51 +0000 (22:23 +0100)] 
Merge remote-tracking branch 'remotes/xtensa/tags/20180630-xtensa' into staging

target/xtensa updates:

- add diagnostic for zero-overhead loop alignment;
- convert to TranslatorOps;
- don't call get_page_addr_code() from helper functions.

# gpg: Signature made Sat 30 Jun 2018 22:16:30 BST
# gpg:                using RSA key 51F9CC91F83FA044
# gpg: Good signature from "Max Filippov <filippov@cadence.com>"
# gpg:                 aka "Max Filippov <max.filippov@cogentembedded.com>"
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>"
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20180630-xtensa:
  xtensa: Avoid calling get_page_addr_code() from helper function
  target/xtensa: Convert to TranslatorOps
  target/xtensa: Change gen_intermediate_code dc to pointer
  target/xtensa: Convert to DisasContextBase
  target/xtensa: Replace DISAS_UPDATE with DISAS_NORETURN
  target/xtensa: check zero overhead loop alignment

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agoxtensa: Avoid calling get_page_addr_code() from helper function
Peter Maydell [Fri, 22 Jun 2018 13:58:23 +0000 (14:58 +0100)] 
xtensa: Avoid calling get_page_addr_code() from helper function

The xtensa frontend calls get_page_addr_code() from its
itlb_hit_test helper function. This function is really part
of the TCG core's internals, and calling it from a target
helper makes it awkward to make changes to that core code.
It also means that we don't pass the correct retaddr to
tlb_fill(), so we won't correctly handle the case where
an exception is generated.

The helper is used for the instructions IHI, IHU and IPFL.

Change it to call cpu_ldb_code_ra() instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/xtensa: Convert to TranslatorOps
Richard Henderson [Sat, 12 May 2018 17:57:24 +0000 (10:57 -0700)] 
target/xtensa: Convert to TranslatorOps

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
3 years agotarget/xtensa: Change gen_intermediate_code dc to pointer
Richard Henderson [Sat, 12 May 2018 17:57:23 +0000 (10:57 -0700)] 
target/xtensa: Change gen_intermediate_code dc to pointer

This will reduce the size of the patch in the next patch,
where the context will have to be a pointer.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
3 years agotarget/xtensa: Convert to DisasContextBase
Richard Henderson [Sat, 12 May 2018 17:57:22 +0000 (10:57 -0700)] 
target/xtensa: Convert to DisasContextBase

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
3 years agotarget/xtensa: Replace DISAS_UPDATE with DISAS_NORETURN
Richard Henderson [Sat, 12 May 2018 17:57:21 +0000 (10:57 -0700)] 
target/xtensa: Replace DISAS_UPDATE with DISAS_NORETURN

The usage of DISAS_UPDATE is after noreturn helpers.
It is thus indistinguishable from DISAS_NORETURN.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
3 years agotarget/xtensa: check zero overhead loop alignment
Max Filippov [Fri, 27 Apr 2018 20:07:53 +0000 (13:07 -0700)] 
target/xtensa: check zero overhead loop alignment

ISA book documents that the first instruction of zero overhead loop
must fit completely into naturally aligned region of an instruction
fetch unit size. Check that condition and log a message if it's
violated.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
3 years agoMerge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2018-06-30' into staging
Peter Maydell [Sat, 30 Jun 2018 16:30:09 +0000 (17:30 +0100)] 
Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2018-06-30' into staging

Monitor patches for 2018-06-30

# gpg: Signature made Sat 30 Jun 2018 17:22:12 BST
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-monitor-2018-06-30:
  docs: mention shared state protect for OOB
  tests: iotests: drop some stderr line
  monitor: flush qmp responses when CLOSED
  monitor: rename *_pop_one to *_pop_any
  chardev: comment details for CLOSED event

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agodocs: mention shared state protect for OOB
Peter Xu [Wed, 20 Jun 2018 07:32:21 +0000 (15:32 +0800)] 
docs: mention shared state protect for OOB

Out-Of-Band handlers need to protect shared state if there is any.
Mention it in the document.  Meanwhile, touch up some other places too,
either with better English, or reordering of bullets.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180620073223.31964-6-peterx@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
3 years agotests: iotests: drop some stderr line
Peter Xu [Wed, 20 Jun 2018 07:32:20 +0000 (15:32 +0800)] 
tests: iotests: drop some stderr line

In my Out-Of-Band test, "check -qcow2 060" fail with this:

  --- /home/peterx/git/qemu/tests/qemu-iotests/060.out
  +++ /home/peterx/git/qemu/bin/tests/qemu-iotests/060.out.bad
  @@ -427,8 +427,8 @@
  QMP_VERSION
  {"return": {}}
  qcow2: Image is corrupt: L2 table offset 0x2a2a2a00 unaligned (L1
  index: 0); further non-fatal corruption events will be suppressed
  -{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_IMAGE_CORRUPTED", "data": {"device": "", "msg": "L2 table offset 0x2a2a2a0
  0 unaligned (L1 index: 0)", "node-name": "drive", "fatal": false}}
  read failed: Input/output error
  +{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_IMAGE_CORRUPTED", "data": {"device": "", "msg": "L2 table offset 0x2a2a2a0
  0 unaligned (L1 index: 0)", "node-name": "drive", "fatal": false}}
  {"return": ""}
  {"return": {}}
  {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP},
  "event": "SHUTDOWN", "data": {"guest": false}}

The order of the event and the in/out error line is swapped.  I didn't
dig up the reason, but AFAIU what we want to verify is the event rather
than stderr.  Let's drop the stderr line directly for this test.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180620073223.31964-5-peterx@redhat.com>
[Commit message touched up]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
3 years agomonitor: flush qmp responses when CLOSED
Peter Xu [Wed, 20 Jun 2018 07:32:19 +0000 (15:32 +0800)] 
monitor: flush qmp responses when CLOSED

Previously we clean up the queues when we got CLOSED event.  It was used
to make sure we won't send leftover replies/events of a old client to a
new client which makes perfect sense. However this will also drop the
replies/events even if the output port of the previous chardev backend
is still open, which can lead to missing of the last replies/events.
Now this patch does an extra operation to flush the response queue
before cleaning up.

In most cases, a QMP session will be based on a bidirectional channel (a
TCP port, for example, we read/write to the same socket handle), so in
port and out port of the backend chardev are fundamentally the same
port. In these cases, it does not really matter much on whether we'll
flush the response queue since flushing will fail anyway.  However there
can be cases where in & out ports of the QMP monitor's backend chardev
are separated.  Here is an example:

  cat $QMP_COMMANDS | qemu -qmp stdio ... | filter_commands

In this case, the backend is fd-typed, and it is connected to stdio
where in port is stdin and out port is stdout.  Now if we drop all the
events on the response queue then filter_command process might miss some
events that it might expect.  The thing is that, when stdin closes,
stdout might still be there alive!

In practice, I encountered SHUTDOWN event missing when running test with
iotest 087 with Out-Of-Band enabled.  Here is one of the ways that this
can happen (after "quit" command is executed and QEMU quits the main
loop):

1. [main thread] QEMU queues a SHUTDOWN event into response queue.

2. "cat" terminates (to distinguish it from the animal, I quote it).

3. [monitor iothread] QEMU's monitor iothread reads EOF from stdin.

4. [monitor iothread] QEMU's monitor iothread calls the CLOSED event
   hook for the monitor, which will destroy the response queue of the
   monitor, then the SHUTDOWN event is dropped.

5. [main thread] QEMU's main thread cleans up the monitors in
   monitor_cleanup().  When trying to flush pending responses, it sees
   nothing.  SHUTDOWN is lost forever.

Note that before the monitor iothread was introduced, step [4]/[5] could
never happen since the main loop was the only place to detect the EOF
event of stdin and run the CLOSED event hooks.  Now things can happen in
parallel in the iothread.

Without this patch, iotest 087 will have ~10% chance to miss the
SHUTDOWN event and fail when with Out-Of-Band enabled:

  --- /home/peterx/git/qemu/tests/qemu-iotests/087.out
  +++ /home/peterx/git/qemu/bin/tests/qemu-iotests/087.out.bad
  @@ -8,7 +8,6 @@
  {"return": {}}
  {"error": {"class": "GenericError", "desc": "'node-name' must be
  specified for the root node"}}
  {"return": {}}
  -{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false}}

  === Duplicate ID ===
  @@ -53,7 +52,6 @@
  {"return": {}}
  {"return": {}}
  {"return": {}}

  -{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false}}

This patch fixes the problem.

Fixes: 6d2d563f8c ("qmp: cleanup qmp queues properly", 2018-03-27)
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180620073223.31964-4-peterx@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message and a comment touched up]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
3 years agomonitor: rename *_pop_one to *_pop_any
Peter Xu [Wed, 20 Jun 2018 07:32:18 +0000 (15:32 +0800)] 
monitor: rename *_pop_one to *_pop_any

The old names are confusing since both of the old functions are popping
an item from multiple queues rather than a single queue.  In that
sense, *_pop_any() suites better than *_pop_one().

Since at it, touch up the function monitor_qmp_response_pop_any() a bit
to let the callers pass in a QMPResponse struct instead of returning a
struct.  Change the return value to boolean to mark whether we have
popped a valid response instead.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180620073223.31964-3-peterx@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
3 years agochardev: comment details for CLOSED event
Peter Xu [Wed, 20 Jun 2018 07:32:17 +0000 (15:32 +0800)] 
chardev: comment details for CLOSED event

It was unclear before on what does the CLOSED event mean.  Meanwhile we
add a TODO to fix up the CLOSED event in the future when the in/out
ports are different for a chardev.

CC: Paolo Bonzini <pbonzini@redhat.com>
CC: "Marc-André Lureau" <marcandre.lureau@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180620073223.31964-2-peterx@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
3 years agoMerge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging
Peter Maydell [Sat, 30 Jun 2018 12:59:52 +0000 (13:59 +0100)] 
Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

Pull request

 * Python 3 support in simpletrace.py
 * Convert DPRINTF() to trace events

# gpg: Signature made Fri 29 Jun 2018 18:53:05 BST
# gpg:                using RSA key 9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/tracing-pull-request:
  hw/block/pflash_cfi: Convert from DPRINTF() macro to trace events
  hw/block/fdc: Convert from FLOPPY_DPRINTF() macro to trace events
  hw/net/etraxfs_eth: Convert printf() calls to trace events
  hw/net/ne2000: Convert printf() calls to trace events
  hw/net/ne2000: Add trace events
  hw/input/tsc2005: Convert a fprintf() call to trace events
  hw/char/parallel: Convert from pdebug() macro to trace events
  hw/char/serial: Convert from DPRINTF macro to trace events
  sdcard: Reduce sdcard_set_blocklen() trace digits
  trace: Fix format string for the struct timeval members casted to size_t
  simpletrace: Convert name from mapping record to str

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180629' into...
Peter Maydell [Sat, 30 Jun 2018 10:55:32 +0000 (11:55 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180629' into staging

target-arm queue:
 * last of the SVE patches; SVE is now enabled for aarch64 linux-user
 * sd: Don't trace SDRequest crc field (coverity bugfix)
 * target/arm: Mark PMINTENSET accesses as possibly doing IO
 * clean up v7VE feature bit handling
 * i.mx7d: minor cleanups
 * target/arm: support reading of CNT[VCT|FRQ]_EL0 from user-space
 * target/arm: Implement ARMv8.2-DotProd
 * virt: add addresses to dt node names (which stops dtc from
   complaining that they're not correctly named)
 * cleanups: replace error_setg(&error_fatal) by error_report() + exit()

# gpg: Signature made Fri 29 Jun 2018 15:52:21 BST
# gpg:                using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20180629: (55 commits)
  target/arm: Add ID_ISAR6
  target/arm: Prune a15 features from max
  target/arm: Prune a57 features from max
  target/arm: Fix SVE system register access checks
  target/arm: Fix SVE signed division vs x86 overflow exception
  sdcard: Use the ldst API
  sd: Don't trace SDRequest crc field
  target/arm: Mark PMINTENSET accesses as possibly doing IO
  target/arm: Remove redundant DIV detection for KVM
  target/arm: Add ARM_FEATURE_V7VE for v7 Virtualization Extensions
  i.mx7d: Change IRQ number type from hwaddr to int
  i.mx7d: Change SRC unimplemented device name from sdma to src
  i.mx7d: Remove unused header files
  target/arm: support reading of CNT[VCT|FRQ]_EL0 from user-space
  target/arm: Implement ARMv8.2-DotProd
  target/arm: Enable SVE for aarch64-linux-user
  target/arm: Implement SVE dot product (indexed)
  target/arm: Implement SVE dot product (vectors)
  target/arm: Implement SVE fp complex multiply add (indexed)
  target/arm: Pass index to AdvSIMD FCMLA (indexed)
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Fri, 29 Jun 2018 17:29:15 +0000 (18:29 +0100)] 
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- Make truncate operations asynchronous (so that preallocation in
  blockdev-create doesn't block the main loop any more)
- usb-storage: Add rerror/werror properties
- nvme: Add num_queues property
- qemu-img convert: Copy offloading fixes (including data corruption fix)
- qcow2: Fix cluster leak on temporary write error
- Use byte-based functions instead of bdrv_co_readv/writev()
- Various small fixes and cleanups

# gpg: Signature made Fri 29 Jun 2018 15:08:34 BST
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream: (29 commits)
  block: Remove unused sector-based vectored I/O
  vhdx: Switch to byte-based calls
  replication: Switch to byte-based calls
  qcow: Switch to a byte-based driver
  qcow: Switch qcow_co_writev to byte-based calls
  qcow: Switch qcow_co_readv to byte-based calls
  qcow: Switch get_cluster_offset to be byte-based
  parallels: Switch to byte-based calls
  file-posix: Fix EINTR handling
  iscsi: Don't blindly use designator length in response for memcpy
  qcow2: Fix src_offset in copy offloading
  file-posix: Implement co versions of discard/flush
  qemu-iotests: Test qcow2 not leaking clusters on write error
  qcow2: Free allocated clusters on write error
  qemu-iotests: Update 026.out.nocache reference output
  block/crypto: Simplify block_crypto_{open,create}_opts_init()
  block: Move request tracking to children in copy offloading
  qcow2: Remove dead check on !ret
  file-posix: Make .bdrv_co_truncate asynchronous
  block: Use tracked request for truncate
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agoMerge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging
Peter Maydell [Fri, 29 Jun 2018 15:56:45 +0000 (16:56 +0100)] 
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging

The Darwin host support still needs some more work. It won't make it for
soft-freeze, but I'd like these preparatory patches to be merged anyway.

# gpg: Signature made Fri 29 Jun 2018 11:39:04 BST
# gpg:                using RSA key 71D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <groug@kaod.org>"
# gpg:                 aka "Gregory Kurz <gregory.kurz@free.fr>"
# gpg:                 aka "[jpeg image of size 3330]"
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3  4910 71D4 D5E5 822F 73D6

* remotes/gkurz/tags/for-upstream:
  9p: darwin: Explicitly cast comparisons of mode_t with -1
  cutils: Provide strchrnul

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Add ID_ISAR6
Richard Henderson [Fri, 29 Jun 2018 00:15:37 +0000 (17:15 -0700)] 
target/arm: Add ID_ISAR6

This register was added to aa32 state by ARMv8.2.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180629001538.11415-6-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Prune a15 features from max
Richard Henderson [Fri, 29 Jun 2018 00:15:36 +0000 (17:15 -0700)] 
target/arm: Prune a15 features from max

There is no need to re-set these 3 features already
implied by the call to aarch64_a15_initfn.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180629001538.11415-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Prune a57 features from max
Richard Henderson [Fri, 29 Jun 2018 00:15:35 +0000 (17:15 -0700)] 
target/arm: Prune a57 features from max

There is no need to re-set these 9 features already
implied by the call to aarch64_a57_initfn.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180629001538.11415-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Fix SVE system register access checks
Richard Henderson [Fri, 29 Jun 2018 00:15:34 +0000 (17:15 -0700)] 
target/arm: Fix SVE system register access checks

Leave ARM_CP_SVE, removing ARM_CP_FPU; the sve_access_check
produced by the flag already includes fp_access_check.  If
we also check ARM_CP_FPU the double fp_access_check asserts.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20180629001538.11415-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Fix SVE signed division vs x86 overflow exception
Richard Henderson [Fri, 29 Jun 2018 00:15:33 +0000 (17:15 -0700)] 
target/arm: Fix SVE signed division vs x86 overflow exception

We already check for the same condition within the normal integer
sdiv and sdiv64 helpers.  Use a slightly different formation that
does not require deducing the expression type.

Fixes: f97cfd596ed
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180629001538.11415-2-richard.henderson@linaro.org
[PMM: reworded a comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agosdcard: Use the ldst API
Philippe Mathieu-Daudé [Fri, 29 Jun 2018 14:11:20 +0000 (15:11 +0100)] 
sdcard: Use the ldst API

The load/store API will ease further code movement.

Per the Physical Layer Simplified Spec. "3.6 Bus Protocol":

  "In the CMD line the Most Significant Bit (MSB) is transmitted
   first, the Least Significant Bit (LSB) is the last."

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agosd: Don't trace SDRequest crc field
Peter Maydell [Fri, 29 Jun 2018 14:11:19 +0000 (15:11 +0100)] 
sd: Don't trace SDRequest crc field

We don't actually implement SD command CRC checking, because
for almost all of our SD controllers the CRC generation is
done in hardware, and so modelling CRC generation and checking
would be a bit pointless. (The exception is that milkymist-memcard
makes the guest software compute the CRC.)

As a result almost all of our SD controller models don't bother
to set the SDRequest crc field, and the SD card model doesn't
check it. So the tracing of it in sdbus_do_command() provokes
Coverity warnings about use of uninitialized data.

Drop the CRC field from the trace; we can always add it back
if and when we do anything useful with the CRC.

Fixes Coverity issues 1386072, 1386074, 1386076, 1390571.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180626180324.5537-1-peter.maydell@linaro.org

3 years agotarget/arm: Mark PMINTENSET accesses as possibly doing IO
Aaron Lindsay [Fri, 29 Jun 2018 14:11:18 +0000 (15:11 +0100)] 
target/arm: Mark PMINTENSET accesses as possibly doing IO

This makes it match its AArch64 equivalent, PMINTENSET_EL1

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Message-id: 1529699547-17044-13-git-send-email-alindsay@codeaurora.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Remove redundant DIV detection for KVM
Aaron Lindsay [Fri, 29 Jun 2018 14:11:18 +0000 (15:11 +0100)] 
target/arm: Remove redundant DIV detection for KVM

KVM implies V7VE, which implies ARM_DIV and THUMB_DIV. The conditional
detection here is therefore unnecessary. Because V7VE is already
unconditionally specified for all KVM hosts, ARM_DIV and THUMB_DIV are
already indirectly specified and do not need to be included here at all.

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Message-id: 1529699547-17044-6-git-send-email-alindsay@codeaurora.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Add ARM_FEATURE_V7VE for v7 Virtualization Extensions
Aaron Lindsay [Fri, 29 Jun 2018 14:11:17 +0000 (15:11 +0100)] 
target/arm: Add ARM_FEATURE_V7VE for v7 Virtualization Extensions

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Message-id: 1529699547-17044-5-git-send-email-alindsay@codeaurora.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agoi.mx7d: Change IRQ number type from hwaddr to int
Jean-Christophe Dubois [Fri, 29 Jun 2018 14:11:17 +0000 (15:11 +0100)] 
i.mx7d: Change IRQ number type from hwaddr to int

The qdev_get_gpio_in() function accept an int as second parameter.

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agoi.mx7d: Change SRC unimplemented device name from sdma to src
Jean-Christophe Dubois [Fri, 29 Jun 2018 14:11:16 +0000 (15:11 +0100)] 
i.mx7d: Change SRC unimplemented device name from sdma to src

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agoi.mx7d: Remove unused header files
Jean-Christophe Dubois [Fri, 29 Jun 2018 14:11:16 +0000 (15:11 +0100)] 
i.mx7d: Remove unused header files

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: support reading of CNT[VCT|FRQ]_EL0 from user-space
Alex Bennée [Fri, 29 Jun 2018 14:11:16 +0000 (15:11 +0100)] 
target/arm: support reading of CNT[VCT|FRQ]_EL0 from user-space

Since kernel commit a86bd139f2 (arm64: arch_timer: Enable CNTVCT_EL0
trap..), released in kernel version v4.12, user-space has been able
to read these system registers. As we can't use QEMUTimer's in
linux-user mode we just directly call cpu_get_clock().

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180625160009.17437-2-alex.bennee@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement ARMv8.2-DotProd
Richard Henderson [Fri, 29 Jun 2018 14:11:15 +0000 (15:11 +0100)] 
target/arm: Implement ARMv8.2-DotProd

We've already added the helpers with an SVE patch, all that remains
is to wire up the aa64 and aa32 translators.  Enable the feature
within -cpu max for CONFIG_USER_ONLY.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180627043328.11531-36-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Enable SVE for aarch64-linux-user
Richard Henderson [Fri, 29 Jun 2018 14:11:15 +0000 (15:11 +0100)] 
target/arm: Enable SVE for aarch64-linux-user

Enable ARM_FEATURE_SVE for the generic "max" cpu.

Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180627043328.11531-35-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement SVE dot product (indexed)
Richard Henderson [Fri, 29 Jun 2018 14:11:15 +0000 (15:11 +0100)] 
target/arm: Implement SVE dot product (indexed)

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20180627043328.11531-34-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement SVE dot product (vectors)
Richard Henderson [Fri, 29 Jun 2018 14:11:13 +0000 (15:11 +0100)] 
target/arm: Implement SVE dot product (vectors)

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180627043328.11531-33-richard.henderson@linaro.org
[PMM: moved 'ra=%reg_movprfx' here from following patch]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement SVE fp complex multiply add (indexed)
Richard Henderson [Fri, 29 Jun 2018 14:11:12 +0000 (15:11 +0100)] 
target/arm: Implement SVE fp complex multiply add (indexed)

Enhance the existing helpers to support SVE, which takes the
index from each 128-bit segment.  The change has no effect
for AdvSIMD, since there is only one such segment.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20180627043328.11531-32-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Pass index to AdvSIMD FCMLA (indexed)
Richard Henderson [Fri, 29 Jun 2018 14:11:12 +0000 (15:11 +0100)] 
target/arm: Pass index to AdvSIMD FCMLA (indexed)

For aa64 advsimd, we had been passing the pre-indexed vector.
However, sve applies the index to each 128-bit segment, so we
need to pass in the index separately.

For aa32 advsimd, the fp32 operation always has index 0, but
we failed to interpret the fp16 index correctly.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20180627043328.11531-31-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement SVE fp complex multiply add
Richard Henderson [Fri, 29 Jun 2018 14:11:12 +0000 (15:11 +0100)] 
target/arm: Implement SVE fp complex multiply add

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180627043328.11531-30-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement SVE floating-point complex add
Richard Henderson [Fri, 29 Jun 2018 14:11:11 +0000 (15:11 +0100)] 
target/arm: Implement SVE floating-point complex add

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180627043328.11531-29-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement SVE MOVPRFX
Richard Henderson [Fri, 29 Jun 2018 14:11:11 +0000 (15:11 +0100)] 
target/arm: Implement SVE MOVPRFX

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180627043328.11531-28-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement SVE floating-point unary operations
Richard Henderson [Fri, 29 Jun 2018 14:11:11 +0000 (15:11 +0100)] 
target/arm: Implement SVE floating-point unary operations

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180627043328.11531-27-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement SVE floating-point round to integral value
Richard Henderson [Fri, 29 Jun 2018 14:11:10 +0000 (15:11 +0100)] 
target/arm: Implement SVE floating-point round to integral value

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180627043328.11531-26-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement SVE floating-point convert to integer
Richard Henderson [Fri, 29 Jun 2018 14:11:10 +0000 (15:11 +0100)] 
target/arm: Implement SVE floating-point convert to integer

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180627043328.11531-25-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement SVE floating-point convert precision
Richard Henderson [Fri, 29 Jun 2018 14:11:10 +0000 (15:11 +0100)] 
target/arm: Implement SVE floating-point convert precision

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180627043328.11531-24-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 years agotarget/arm: Implement SVE floating-point trig multiply-add coefficient
Richard Henderson [Fri, 29 Jun 2018 14:11:09 +0000 (15:11 +0100)] 
target/arm: Implement SVE floating-point trig multiply-add coefficient

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180627043328.11531-23-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>