qemu.git
10 months agotarget/arm: Implement fp16 for Neon VMLA, VMLS operations
Peter Maydell [Fri, 28 Aug 2020 18:33:39 +0000 (19:33 +0100)] 
target/arm: Implement fp16 for Neon VMLA, VMLS operations

Convert the Neon floating-point VMLA and VMLS insns over to using a
gvec helper, and use this to implement the fp16 case.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-31-peter.maydell@linaro.org

10 months agotarget/arm: Implement fp16 for Neon VMAXNM, VMINNM
Peter Maydell [Fri, 28 Aug 2020 18:33:38 +0000 (19:33 +0100)] 
target/arm: Implement fp16 for Neon VMAXNM, VMINNM

Convert the Neon floating point VMAXNM and VMINNM insns to
using a gvec helper and use this to implement the fp16 case.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-30-peter.maydell@linaro.org

10 months agotarget/arm: Implement fp16 for Neon VMAX, VMIN
Peter Maydell [Fri, 28 Aug 2020 18:33:37 +0000 (19:33 +0100)] 
target/arm: Implement fp16 for Neon VMAX, VMIN

Convert the Neon float-point VMAX and VMIN insns over to using
a gvec helper, and use this to implement the fp16 case.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-29-peter.maydell@linaro.org

10 months agotarget/arm: Implement fp16 for VACGE, VACGT
Peter Maydell [Fri, 28 Aug 2020 18:33:36 +0000 (19:33 +0100)] 
target/arm: Implement fp16 for VACGE, VACGT

Convert the neon floating-point vector absolute comparison ops
VACGE and VACGT over to using a gvec hepler and use this to
implement the fp16 case.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-28-peter.maydell@linaro.org

10 months agotarget/arm: Implement fp16 for VCEQ, VCGE, VCGT comparisons
Peter Maydell [Fri, 28 Aug 2020 18:33:35 +0000 (19:33 +0100)] 
target/arm: Implement fp16 for VCEQ, VCGE, VCGT comparisons

Convert the Neon floating-point vector comparison ops VCEQ,
VCGE and VCGT over to using a gvec helper and use this to
implement the fp16 case.

(We put the float16_ceq() etc functions above the DO_2OP()
macro definition because later when we convert the
compare-against-zero instructions we'll want their
definitions to be visible at that point in the source file.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-27-peter.maydell@linaro.org

10 months agotarget/arm: Implement fp16 for Neon VABS, VNEG of floats
Peter Maydell [Fri, 28 Aug 2020 18:33:34 +0000 (19:33 +0100)] 
target/arm: Implement fp16 for Neon VABS, VNEG of floats

Rewrite Neon VABS/VNEG of floats to use gvec logical AND and XOR, so
that we can implement the fp16 version of the insns.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-26-peter.maydell@linaro.org

10 months agotarget/arm: Implement fp16 for Neon VRECPE, VRSQRTE using gvec
Peter Maydell [Fri, 28 Aug 2020 18:33:33 +0000 (19:33 +0100)] 
target/arm: Implement fp16 for Neon VRECPE, VRSQRTE using gvec

We already have gvec helpers for floating point VRECPE and
VRQSRTE, so convert the Neon decoder to use them and
add the fp16 support.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-25-peter.maydell@linaro.org

10 months agotarget/arm: Implement FP16 for Neon VADD, VSUB, VABD, VMUL
Peter Maydell [Fri, 28 Aug 2020 18:33:32 +0000 (19:33 +0100)] 
target/arm: Implement FP16 for Neon VADD, VSUB, VABD, VMUL

Implement FP16 support for the Neon insns which use the DO_3S_FP_GVEC
macro: VADD, VSUB, VABD, VMUL.

For VABD this requires us to implement a new gvec_fabd_h helper
using the machinery we have already for the other helpers.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-24-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 VMOV between gp and halfprec registers
Peter Maydell [Fri, 28 Aug 2020 18:33:30 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 VMOV between gp and halfprec registers

Implement the VFP fp16 variant of VMOV that transfers a 16-bit
value between a general purpose register and a VFP register.

Note that Rt == 15 is UNPREDICTABLE; since this insn is v8 and later
only we have no need to replicate the old "updates CPSR.NZCV"
behaviour that the singleprec version of this insn does.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-22-peter.maydell@linaro.org

10 months agotarget/arm: Implement new VFP fp16 insn VMOVX
Peter Maydell [Fri, 28 Aug 2020 18:33:29 +0000 (19:33 +0100)] 
target/arm: Implement new VFP fp16 insn VMOVX

The fp16 extension includes a new instruction VMOVX, which copies the
upper 16 bits of a 32-bit source VFP register into the lower 16
bits of the destination and zeroes the high half of the destination.
Implement it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-21-peter.maydell@linaro.org

10 months agotarget/arm: Implement new VFP fp16 insn VINS
Peter Maydell [Fri, 28 Aug 2020 18:33:28 +0000 (19:33 +0100)] 
target/arm: Implement new VFP fp16 insn VINS

The fp16 extension includes a new instruction VINS, which copies the
lower 16 bits of a 32-bit source VFP register into the upper 16 bits
of the destination.  Implement it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-20-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 VRINT*
Peter Maydell [Fri, 28 Aug 2020 18:33:27 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 VRINT*

Implement the fp16 version of the VFP VRINT* insns.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-19-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 VSEL
Peter Maydell [Fri, 28 Aug 2020 18:33:26 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 VSEL

Implement the fp16 versions of the VFP VSEL instruction.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-18-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP vp16 VCVT-with-specified-rounding-mode
Peter Maydell [Fri, 28 Aug 2020 18:33:25 +0000 (19:33 +0100)] 
target/arm: Implement VFP vp16 VCVT-with-specified-rounding-mode

Implement the fp16 versions of the VFP VCVT instruction forms
which convert between floating point and integer with a specified
rounding mode.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-17-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 VCVT between float and fixed-point
Peter Maydell [Fri, 28 Aug 2020 18:33:24 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 VCVT between float and fixed-point

Implement the fp16 versions of the VFP VCVT instruction forms which
convert between floating point and fixed-point.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-16-peter.maydell@linaro.org

10 months agotarget/arm: Use macros instead of open-coding fp16 conversion helpers
Peter Maydell [Fri, 28 Aug 2020 18:33:23 +0000 (19:33 +0100)] 
target/arm: Use macros instead of open-coding fp16 conversion helpers

Now the VFP_CONV_FIX macros can handle fp16's distinction between the
width of the operation and the width of the type used to pass operands,
use the macros rather than the open-coded functions.

This creates an extra six helper functions, all of which we are going
to need for the AArch32 VFP fp16 instructions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-15-peter.maydell@linaro.org

10 months agotarget/arm: Make VFP_CONV_FIX macros take separate float type and float size
Peter Maydell [Fri, 28 Aug 2020 18:33:22 +0000 (19:33 +0100)] 
target/arm: Make VFP_CONV_FIX macros take separate float type and float size

Currently the VFP_CONV_FIX macros take a single fsz argument for the
size of the float type, which is used both to select the name of
the functions to call (eg float32_is_any_nan()) and also for the
type to use for the float inputs and outputs (eg float32).

Separate these into fsz and ftype arguments, so that we can use them
for fp16, which uses 'float16' in the function names but is still
passing inputs and outputs in a 32-bit sized type.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-14-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 VCVT between float and integer
Peter Maydell [Fri, 28 Aug 2020 18:33:21 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 VCVT between float and integer

Implement the fp16 versions of the VFP VCVT instruction forms which
convert between floating point and integer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-13-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 VLDR and VSTR
Peter Maydell [Fri, 28 Aug 2020 18:33:20 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 VLDR and VSTR

Implement the fp16 versions of the VFP VLDR/VSTR (immediate).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-12-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 VCMP
Peter Maydell [Fri, 28 Aug 2020 18:33:19 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 VCMP

Implement fp16 version of VCMP.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-11-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 for VMOV immediate
Peter Maydell [Fri, 28 Aug 2020 18:33:18 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 for VMOV immediate

Implement VFP fp16 support for the VMOV immediate insn.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-10-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 for VABS, VNEG, VSQRT
Peter Maydell [Fri, 28 Aug 2020 18:33:17 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 for VABS, VNEG, VSQRT

Implement VFP fp16 for VABS, VNEG and VSQRT. This is all
the fp16 insns that use the DO_VFP_2OP macro, because there
is no fp16 version of VMOV_reg.

Notes:
 * the gen_helper_vfp_negh already exists as we needed to create
   it for the fp16 multiply-add insns
 * as usual we need to use the f16 version of the fp_status;
   this is only relevant for VSQRT

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-9-peter.maydell@linaro.org

10 months agotarget/arm: Macroify uses of do_vfp_2op_sp() and do_vfp_2op_dp()
Peter Maydell [Fri, 28 Aug 2020 18:33:16 +0000 (19:33 +0100)] 
target/arm: Macroify uses of do_vfp_2op_sp() and do_vfp_2op_dp()

Macroify the uses of do_vfp_2op_sp() and do_vfp_2op_dp(); this will
make it easier to add the halfprec support.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-8-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 for fused-multiply-add
Peter Maydell [Fri, 28 Aug 2020 18:33:15 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 for fused-multiply-add

Implement VFP fp16 support for fused multiply-add insns
VFNMA, VFNMS, VFMA, VFMS.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-7-peter.maydell@linaro.org

10 months agotarget/arm: Macroify trans functions for VFMA, VFMS, VFNMA, VFNMS
Peter Maydell [Fri, 28 Aug 2020 18:33:14 +0000 (19:33 +0100)] 
target/arm: Macroify trans functions for VFMA, VFMS, VFNMA, VFNMS

Macroify creation of the trans functions for single and double
precision VFMA, VFMS, VFNMA, VFNMS. The repetition was OK for
two sizes, but we're about to add halfprec and it will get a bit
more than seems reasonable.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-6-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 VMLA, VMLS, VNMLS, VNMLA, VNMUL
Peter Maydell [Fri, 28 Aug 2020 18:33:13 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 VMLA, VMLS, VNMLS, VNMLA, VNMUL

Implement fp16 versions of the VFP VMLA, VMLS, VNMLS, VNMLA, VNMUL
instructions. (These are all the remaining ones which we implement
via do_vfp_3op_[hsd]p().)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-5-peter.maydell@linaro.org

10 months agotarget/arm: Implement VFP fp16 for VFP_BINOP operations
Peter Maydell [Fri, 28 Aug 2020 18:33:12 +0000 (19:33 +0100)] 
target/arm: Implement VFP fp16 for VFP_BINOP operations

Implmeent VFP fp16 support for simple binary-operator VFP insns VADD,
VSUB, VMUL, VDIV, VMINNM and VMAXNM:

 * make the VFP_BINOP() macro generate float16 helpers as well as
   float32 and float64
 * implement a do_vfp_3op_hp() function similar to the existing
   do_vfp_3op_sp()
 * add decode for the half-precision insn patterns

Note that the VFP_BINOP macro use creates a couple of unused helper
functions vfp_maxh and vfp_minh, but they're small so it's not worth
splitting the BINOP operations into "needs halfprec" and "no
halfprec" groups.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-4-peter.maydell@linaro.org

10 months agotarget/arm: Use correct ID register check for aa32_fp16_arith
Peter Maydell [Fri, 28 Aug 2020 18:33:11 +0000 (19:33 +0100)] 
target/arm: Use correct ID register check for aa32_fp16_arith

The aa32_fp16_arith feature check function currently looks at the
AArch64 ID_AA64PFR0 register. This is (as the comment notes) not
correct. The bogus check was put in mostly to allow testing of the
fp16 variants of the VCMLA instructions and it was something of
a mistake that we allowed them to exist in master.

Switch the feature check function to testing VMFR1.FPHP, which is
what it ought to be.

This will remove emulation of the VCMLA and VCADD insns from
AArch32 code running on an AArch64 '-cpu max' using system emulation.
(They were never enabled for aarch32 linux-user and system-emulation.)
Since we weren't advertising their existence via the AArch32 ID
register, well-behaved guests wouldn't have been using them anyway.

Once we have implemented all the AArch32 support for the FP16 extension
we will advertise it in the MVFR1 ID register field, which will reenable
these insns along with all the others.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-3-peter.maydell@linaro.org

10 months agotarget/arm: Remove local definitions of float constants
Peter Maydell [Fri, 28 Aug 2020 18:33:10 +0000 (19:33 +0100)] 
target/arm: Remove local definitions of float constants

In several places the target/arm code defines local float constants
for 2, 3 and 1.5, which are also provided by include/fpu/softfloat.h.
Remove the unnecessary local duplicate versions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200828183354.27913-2-peter.maydell@linaro.org

10 months agoMerge remote-tracking branch 'remotes/kraxel/tags/usb-20200831-pull-request' into...
Peter Maydell [Mon, 31 Aug 2020 18:39:12 +0000 (19:39 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/usb-20200831-pull-request' into staging

usb: usb_packet_map fixes for ehci and xhci.
usb: setup_len fix (CVE-2020-14364).
usb: u2f key support (GSoC).
 * v2: 32bit build fixed.
 * v3: libu2f-emu dependency fixed.

# gpg: Signature made Mon 31 Aug 2020 09:32:49 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20200831-pull-request:
  usb: fix setup_len init (CVE-2020-14364)
  usb-host: workaround libusb bug
  hw/usb: Add U2F device autoscan to passthru mode
  hw/usb: Add U2F device check to passthru mode
  scripts: Add u2f-setup-gen script
  docs/qdev-device-use.txt: Add USB U2F key to the QDEV devices examples
  docs/system: Add U2F key to the USB devices examples
  meson: Add U2F key to meson
  hw/usb: Add U2F key emulated mode
  hw/usb: Add U2F key passthru mode
  hw/usb: Add U2F key base class implementation
  hw/usb: Add U2F key base class
  docs: Add USB U2F key device documentation
  hw/usb: Regroup USB HID protocol values
  ehci: drop pointless warn_report for guest bugs.
  hw: ehci: check return value of 'usb_packet_map'
  hw: ehci: destroy sglist in error path
  hw: xhci: check return value of 'usb_packet_map'

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 months agousb: fix setup_len init (CVE-2020-14364)
Gerd Hoffmann [Tue, 25 Aug 2020 05:36:36 +0000 (07:36 +0200)] 
usb: fix setup_len init (CVE-2020-14364)

Store calculated setup_len in a local variable, verify it, and only
write it to the struct (USBDevice->setup_len) in case it passed the
sanity checks.

This prevents other code (do_token_{in,out} functions specifically)
from working with invalid USBDevice->setup_len values and overrunning
the USBDevice->setup_buf[] buffer.

Fixes: CVE-2020-14364
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-id: 20200825053636.29648-1-kraxel@redhat.com

10 months agousb-host: workaround libusb bug
Gerd Hoffmann [Mon, 24 Aug 2020 11:00:57 +0000 (13:00 +0200)] 
usb-host: workaround libusb bug

libusb_get_device_speed() does not work for
libusb_wrap_sys_device() devices in v1.0.23.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1871090
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20200824110057.32089-1-kraxel@redhat.com

10 months agohw/usb: Add U2F device autoscan to passthru mode
César Belley [Wed, 26 Aug 2020 11:42:09 +0000 (13:42 +0200)] 
hw/usb: Add U2F device autoscan to passthru mode

This patch adds an autoscan to let u2f-passthru choose the first U2F
device it finds.

The autoscan is performed using libudev with an enumeration of all the
hidraw devices present on the host.

The first device which happens to be a U2F device is taken to do the
passtru.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-13-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agohw/usb: Add U2F device check to passthru mode
César Belley [Wed, 26 Aug 2020 11:42:08 +0000 (13:42 +0200)] 
hw/usb: Add U2F device check to passthru mode

This patchs adds a check to verify that the device passed through the
hidraw property is a U2F device.

The check is done by ensuring that the first values of the report
descriptor (USAGE PAGE and USAGE) correspond to those of a U2F device.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-12-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agoscripts: Add u2f-setup-gen script
César Belley [Wed, 26 Aug 2020 11:42:07 +0000 (13:42 +0200)] 
scripts: Add u2f-setup-gen script

This patch adds the script used to generate setup directories, needed
for the device u2f-emulated configuration in directory mode:

    python u2f-setup-gen.py $DIR
    qemu -usb -device u2f-emulated,dir=$DIR

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-11-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agodocs/qdev-device-use.txt: Add USB U2F key to the QDEV devices examples
César Belley [Wed, 26 Aug 2020 11:42:06 +0000 (13:42 +0200)] 
docs/qdev-device-use.txt: Add USB U2F key to the QDEV devices examples

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-10-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agodocs/system: Add U2F key to the USB devices examples
César Belley [Wed, 26 Aug 2020 11:42:05 +0000 (13:42 +0200)] 
docs/system: Add U2F key to the USB devices examples

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-9-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agomeson: Add U2F key to meson
César Belley [Wed, 26 Aug 2020 11:42:04 +0000 (13:42 +0200)] 
meson: Add U2F key to meson

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-8-cesar.belley@lse.epita.fr

[ fixes suggested by paolo ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agohw/usb: Add U2F key emulated mode
César Belley [Wed, 26 Aug 2020 11:42:03 +0000 (13:42 +0200)] 
hw/usb: Add U2F key emulated mode

This patch adds the U2F key emulated mode.

The emulated mode consists of completely emulating the behavior of a
U2F device through software part. Libu2f-emu is used for that.

The emulated mode is associated with a device inheriting from
u2f-key base.

To work, an emulated U2F device must have differents elements which
can be given in different ways. This is detailed in docs/u2f.txt.

The Ephemeral one is the simplest way to configure, it lets the device
generate all the elements it needs for a single use of the lifetime
of the device:

    qemu -usb -device u2f-emulated

For more information about libu2f-emu see this page:
https://github.com/MattGorko/libu2f-emu.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-7-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agohw/usb: Add U2F key passthru mode
César Belley [Wed, 26 Aug 2020 11:42:02 +0000 (13:42 +0200)] 
hw/usb: Add U2F key passthru mode

This patch adds the U2F key pass-through mode.

The pass-through mode consists of passing all requests made from the
guest to the physical security key connected to the host machine and
vice versa.

In addition, the dedicated pass-through allows to have a U2F security key
shared on several guests which is not possible with a simple host device
assignment pass-through.

The pass-through mode is associated with a device inheriting from
u2f-key base.

To work, it needs the path to a U2F hidraw, obtained from the Qemu
command line, and passed by the user:

    qemu -usb -device u2f-passthru,hidraw=/dev/hidrawX

Autoscan and U2F compatibility checking features are given at the end
of the patch series.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-6-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agohw/usb: Add U2F key base class implementation
César Belley [Wed, 26 Aug 2020 11:42:01 +0000 (13:42 +0200)] 
hw/usb: Add U2F key base class implementation

This patch adds the U2F key base class implementation.

The U2F key base mainly takes care of the HID interfacing with guest.
On the one hand, it retrieves the guest U2FHID packets and transmits
them to the variant associated according to the mode: pass-through
or emulated.
On the other hand, it provides the public API used by its variants to
send U2FHID packets to the guest.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-5-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agohw/usb: Add U2F key base class
César Belley [Wed, 26 Aug 2020 11:42:00 +0000 (13:42 +0200)] 
hw/usb: Add U2F key base class

This patch adds the specification for the U2F key base class.
Used to group the common characteristics, this device class will be
inherited by its two variants, corresponding to the two modes:
passthrough and emulated

This prepares the U2F devices hierarchy which is as follow:
USB device -> u2f-key -> {u2f-passthru, u2f-emulated}.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-4-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agodocs: Add USB U2F key device documentation
César Belley [Wed, 26 Aug 2020 11:41:59 +0000 (13:41 +0200)] 
docs: Add USB U2F key device documentation

Add USB U2F key device documentation:
- USB U2F key device
- Building
- Using u2f-emulated
- Using u2f-passthru
- Libu2f-emu

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-3-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agohw/usb: Regroup USB HID protocol values
César Belley [Wed, 12 Aug 2020 09:41:23 +0000 (11:41 +0200)] 
hw/usb: Regroup USB HID protocol values

Group some HID values that are used pretty much everywhere when
dealing with HID devices.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200812094135.20550-2-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agoehci: drop pointless warn_report for guest bugs.
Gerd Hoffmann [Wed, 22 Jul 2020 07:26:13 +0000 (09:26 +0200)] 
ehci: drop pointless warn_report for guest bugs.

We have a tracepoint at the same place which can be enabled if needed.

Buglink: https://bugzilla.redhat.com//show_bug.cgi?id=1859236
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200722072613.10390-1-kraxel@redhat.com>

10 months agohw: ehci: check return value of 'usb_packet_map'
Li Qiang [Wed, 12 Aug 2020 16:17:27 +0000 (09:17 -0700)] 
hw: ehci: check return value of 'usb_packet_map'

If 'usb_packet_map' fails, we should stop to process the usb
request.

Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20200812161727.29412-1-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agohw: ehci: destroy sglist in error path
Li Qiang [Wed, 12 Aug 2020 16:17:12 +0000 (09:17 -0700)] 
hw: ehci: destroy sglist in error path

This may cause resource leak.

Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20200812161712.29361-1-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agohw: xhci: check return value of 'usb_packet_map'
Li Qiang [Wed, 12 Aug 2020 15:31:39 +0000 (08:31 -0700)] 
hw: xhci: check return value of 'usb_packet_map'

Currently we don't check the return value of 'usb_packet_map',
this will cause an UAF issue. This is LP#1891341.
Following is the reproducer provided in:
-->https://bugs.launchpad.net/qemu/+bug/1891341

cat << EOF | ./i386-softmmu/qemu-system-i386 -device nec-usb-xhci \
-trace usb\* -device usb-audio -device usb-storage,drive=mydrive \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001016
outl 0xcfc 0x3c009f0d
outl 0xcf8 0x80001004
outl 0xcfc 0xc77695e
writel 0x9f0d000000000040 0xffff3655
writeq 0x9f0d000000002000 0xff2f9e0000000000
write 0x1d 0x1 0x27
write 0x2d 0x1 0x2e
write 0x17232 0x1 0x03
write 0x17254 0x1 0x06
write 0x17278 0x1 0x34
write 0x3d 0x1 0x27
write 0x40 0x1 0x2e
write 0x41 0x1 0x72
write 0x42 0x1 0x01
write 0x4d 0x1 0x2e
write 0x4f 0x1 0x01
writeq 0x9f0d000000002000 0x5c051a0100000000
write 0x34001d 0x1 0x13
write 0x340026 0x1 0x30
write 0x340028 0x1 0x08
write 0x34002c 0x1 0xfe
write 0x34002d 0x1 0x08
write 0x340037 0x1 0x5e
write 0x34003a 0x1 0x05
write 0x34003d 0x1 0x05
write 0x34004d 0x1 0x13
writeq 0x9f0d000000002000 0xff00010100400009
EOF

This patch fixes this.

Buglink: https://bugs.launchpad.net/qemu/+bug/1891341
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Li Qiang <liq3ea@163.com>
Message-id: 20200812153139.15146-1-liq3ea@163.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 months agoMerge remote-tracking branch 'remotes/rth/tags/pull-sf-20200829' into staging
Peter Maydell [Sun, 30 Aug 2020 13:01:25 +0000 (14:01 +0100)] 
Merge remote-tracking branch 'remotes/rth/tags/pull-sf-20200829' into staging

* float16 comparison wrappers
* float16 conversions to/from 8-bit integers
* bfloat16 support

# gpg: Signature made Sun 30 Aug 2020 03:29:54 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-sf-20200829:
  softfloat: Define comparison operations for bfloat16
  softfloat: Define misc operations for bfloat16
  softfloat: Define convert operations for bfloat16
  softfloat: Define operations for bfloat16
  softfloat: Add float16_is_normal
  softfloat: Add fp16 and uint8/int8 conversion functions
  softfloat: Implement the full set of comparisons for float16

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 months agosoftfloat: Define comparison operations for bfloat16
Richard Henderson [Sun, 16 Aug 2020 21:46:58 +0000 (14:46 -0700)] 
softfloat: Define comparison operations for bfloat16

Reviewed-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11 months agoMerge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.2-pull-request...
Peter Maydell [Fri, 28 Aug 2020 21:30:11 +0000 (22:30 +0100)] 
Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.2-pull-request' into staging

add utimensat_time64, semtimedop_time64, rt_sigtimedwait_time64,
    sched_rr_get_interval_time64, clock_nanosleep_time64, clock_adjtime64,
    mq_timedsend_time64, mq_timedreceive_time64
fix semop, semtimedop, clock_nanosleep, mq_timedsend, target_to_host_timespec64
fix tembits.h
add more strace function
Add upport DRM_IOCTL_I915_GETPARAM
detect mismatched ELF ABI in qemu-mips[n32][el]

# gpg: Signature made Fri 28 Aug 2020 14:37:33 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-5.2-pull-request:
  linux-user: Add support for utimensat_time64() and semtimedop_time64()
  linux-user: Add support for 'rt_sigtimedwait_time64()' and 'sched_rr_get_interval_time64()'
  linux-user: Add support for 'clock_nanosleep_time64()' and 'clock_adjtime64()'
  linux-user: Add support for 'mq_timedsend_time64()' and 'mq_timedreceive_time64()'
  linux-user: fix target_to_host_timespec64()
  linux-user: Fix 'mq_timedsend()' and 'mq_timedreceive()'
  linux-user: detect mismatched ELF ABI in qemu-mips[n32][el]
  linux-user: Add strace support for printing arguments for ioctls used for terminals and serial lines
  linux-user: Add missing termbits types and values definitions
  linux-user: Add generic 'termbits.h' for some archs
  linux-user: Add strace support for printing arguments of some clock and time functions
  linux-user: Add an api to print enumareted argument values with strace
  linux-user: Add strace support for printing arguments of syscalls used to lock and unlock memory
  linux-user: Add strace support for printing arguments of truncate()/ftruncate() and getsid()
  linux-user: Make cpu_env accessible in strace.c
  linux-user: syscall: ioctls: support DRM_IOCTL_I915_GETPARAM
  linux-user: Fix 'clock_nanosleep()' implementation
  linux-user: Fix 'semop()' and 'semtimedop()' implementation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agosoftfloat: Define misc operations for bfloat16
LIU Zhiwei [Thu, 13 Aug 2020 07:14:21 +0000 (15:14 +0800)] 
softfloat: Define misc operations for bfloat16

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200813071421.2509-4-zhiwei_liu@c-sky.com>
[rth: Fix merge conflict with NO_SIGNALING_NANS; use bool for predicates.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11 months agosoftfloat: Define convert operations for bfloat16
LIU Zhiwei [Thu, 13 Aug 2020 07:14:20 +0000 (15:14 +0800)] 
softfloat: Define convert operations for bfloat16

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200813071421.2509-3-zhiwei_liu@c-sky.com>
[rth: Use FloatRoundMode for conversion functions.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11 months agosoftfloat: Define operations for bfloat16
LIU Zhiwei [Thu, 13 Aug 2020 07:14:19 +0000 (15:14 +0800)] 
softfloat: Define operations for bfloat16

This patch implements operations for bfloat16 except conversion and some misc
operations. We also add FloatFmt and pack/unpack interfaces for bfloat16.
As they are both static fields, we can't make a sperate patch for them.

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200813071421.2509-2-zhiwei_liu@c-sky.com>
[rth: Use FloatRelation for comparison operations.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11 months agosoftfloat: Add float16_is_normal
Stephen Long [Tue, 16 Jun 2020 19:17:43 +0000 (12:17 -0700)] 
softfloat: Add float16_is_normal

This float16 predicate was missing from the normal set.

Signed-off-by: Stephen Long <steplong@quicinc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11 months agosoftfloat: Add fp16 and uint8/int8 conversion functions
Frank Chang [Thu, 30 Jul 2020 09:52:24 +0000 (02:52 -0700)] 
softfloat: Add fp16 and uint8/int8 conversion functions

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Message-Id: <1596102747-20226-4-git-send-email-chihmin.chao@sifive.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11 months agosoftfloat: Implement the full set of comparisons for float16
Kito Cheng [Thu, 30 Jul 2020 09:52:22 +0000 (02:52 -0700)] 
softfloat: Implement the full set of comparisons for float16

Implement them in softfloat and remove the local versions in riscv.

Signed-off-by: Kito Cheng <kito.cheng@sifive.com>
Signed-off-by: Chih-Min Chao <chihmin.chao@sifive.com>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <1596102747-20226-2-git-send-email-chihmin.chao@sifive.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11 months agoMerge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20200828a' into...
Peter Maydell [Fri, 28 Aug 2020 17:37:49 +0000 (18:37 +0100)] 
Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20200828a' into staging

Migration and virtiofsd pull 2020-08-28

Migration:
   vsock support for migration
   minor fixes

virtiofsd:
   Disable remote posix locks by default - because we
     never supported blocking variants and this breaks things
   Some prep work for un/less priviliged modes

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
# gpg: Signature made Fri 28 Aug 2020 13:43:18 BST
# gpg:                using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert/tags/pull-migration-20200828a:
  virtiofsd: probe unshare(CLONE_FS) and print an error
  virtiofsd: drop CAP_DAC_READ_SEARCH
  virtiofsd: Remove "norace" from cmdline help and docs
  virtiofsd: Disable remote posix locks by default
  migration: tls: fix memory leak in migration_tls_get_creds
  migration: improve error reporting of block driver state name
  migration: add vsock as data channel support
  migration: unify the framework of socket-type channel

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200828' into...
Peter Maydell [Fri, 28 Aug 2020 14:14:40 +0000 (15:14 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200828' into staging

target-arm queue:
 * target/arm: Cleanup and refactoring preparatory to SVE2
 * armsse: Define ARMSSEClass correctly
 * hw/misc/unimp: Improve information provided in log messages
 * hw/qdev-clock: Avoid calling qdev_connect_clock_in after DeviceRealize
 * hw/arm/xilinx_zynq: Call qdev_connect_clock_in() before DeviceRealize
 * hw/net/allwinner-sun8i-emac: Use AddressSpace for DMA transfers
 * hw/sd/allwinner-sdhost: Use AddressSpace for DMA transfers
 * target/arm: Fill in the WnR syndrome bit in mte_check_fail
 * target/arm: Clarify HCR_EL2 ARMCPRegInfo type
 * hw/arm/musicpal: Use AddressSpace for DMA transfers
 * hw/clock: Minor cleanups
 * hw/arm/sbsa-ref: fix typo breaking PCIe IRQs

# gpg: Signature made Fri 28 Aug 2020 10:23:02 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200828: (35 commits)
  target/arm: Convert sq{, r}dmulh to gvec for aa64 advsimd
  target/arm: Convert integer multiply-add (indexed) to gvec for aa64 advsimd
  target/arm: Convert integer multiply (indexed) to gvec for aa64 advsimd
  target/arm: Generalize inl_qrdmlah_* helper functions
  target/arm: Tidy SVE tszimm shift formats
  target/arm: Split out gen_gvec_ool_zz
  target/arm: Split out gen_gvec_ool_zzz
  target/arm: Split out gen_gvec_ool_zzp
  target/arm: Merge helper_sve_clr_* and helper_sve_movz_*
  target/arm: Split out gen_gvec_ool_zzzp
  target/arm: Use tcg_gen_gvec_bitsel for trans_SEL_pppp
  target/arm: Clean up 4-operand predicate expansion
  target/arm: Merge do_vector2_p into do_mov_p
  target/arm: Rearrange {sve,fp}_check_access assert
  target/arm: Split out gen_gvec_fn_zzz, do_zzz_fn
  target/arm: Split out gen_gvec_fn_zz
  qemu/int128: Add int128_lshift
  armsse: Define ARMSSEClass correctly
  hw/misc/unimp: Display the offset with width of the region size
  hw/misc/unimp: Display the value with width of the access size
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agolinux-user: Add support for utimensat_time64() and semtimedop_time64()
Filip Bozuta [Mon, 24 Aug 2020 22:30:50 +0000 (00:30 +0200)] 
linux-user: Add support for utimensat_time64() and semtimedop_time64()

This patch introduces functionality for following time64 syscalls:

*utimensat_time64()

    int utimensat(int dirfd, const char *pathname,
                  const struct timespec times[2], int flags);
    -- change file timestamps with nanosecond precision --
    man page: https://man7.org/linux/man-pages/man2/utimensat.2.html

*semtimedop_time64()

    int semtimedop(int semid, struct sembuf *sops, size_t nsops,
                   const struct timespec *timeout);
    -- System V semaphore operations --
    man page: https://www.man7.org/linux/man-pages/man2/semtimedop.2.html

Implementation notes:

   Syscall 'utimensat_time64()' is implemented in similar way as its
   regular variants only difference being that time64 converting function
   is used to convert values of 'struct timespec' between host and target
   ('target_to_host_timespec64()').

   For syscall 'semtimedop_time64()' and additional argument is added
   in function 'do_semtimedop()' through which the aproppriate 'struct timespec'
   converting function is called (false for regular target_to_host_timespec()
   and true for target_to_host_timespec64()). For 'do_ipc()' a
   check was added as that additional argument: 'TARGET_ABI_BITS == 64'.

Signed-off-by: Filip Bozuta <Filip.Bozuta@syrmia.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200824223050.92032-3-Filip.Bozuta@syrmia.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
11 months agolinux-user: Add support for 'rt_sigtimedwait_time64()' and 'sched_rr_get_interval_tim...
Filip Bozuta [Mon, 24 Aug 2020 19:21:16 +0000 (21:21 +0200)] 
linux-user: Add support for 'rt_sigtimedwait_time64()' and 'sched_rr_get_interval_time64()'

This patch implements functionality for following time64 syscalls:

*rt_sigtimedwait_time64()

    This is a year 2038 safe variant of syscall:

    int rt_sigtimedwait(const sigset_t *set, siginfo_t *info,
                        const struct timespec *timeout, size_t sigsetsize)
    --synchronously wait for queued signals--
    man page: https://man7.org/linux/man-pages/man2/rt_sigtimedwait.2.html

*sched_rr_get_interval_time64()

    This is a year 2038 safe variant of syscall:

    int sched_rr_get_interval(pid_t pid, struct timespec *tp)
    --get  the  SCHED_RR  interval  for the named process--
    man page: https://man7.org/linux/man-pages/man2/sched_rr_get_interval.2.html

Implementation notes:

    These syscalls were implemented in similar ways like
    'rt_sigtimedwait()' and 'sched_rr_get_interval()' except
    that functions 'target_to_host_timespec64()' and
    'host_to_target_timespec64()' were used to convert values
    of 'struct timespec' between host and target.

Signed-off-by: Filip Bozuta <Filip.Bozuta@syrmia.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200824192116.65562-3-Filip.Bozuta@syrmia.com>
[lv: add missing defined(TARGET_NR_rt_sigtimedwait_time64)]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
11 months agolinux-user: Add support for 'clock_nanosleep_time64()' and 'clock_adjtime64()'
Filip Bozuta [Mon, 24 Aug 2020 19:21:15 +0000 (21:21 +0200)] 
linux-user: Add support for 'clock_nanosleep_time64()' and 'clock_adjtime64()'

This patch implements functionality for following time64 syscall:

*clock_nanosleep_time64()

    This is a year 2038 safe vairant of syscall:
    int clock_nanosleep(clockid_t clockid, int flags,
                        const struct timespec *request,
                        struct timespec *remain)
    --high-resolution sleep with specifiable clock--
    man page: https://man7.org/linux/man-pages/man2/clock_nanosleep.2.html

*clock_adjtime64()

    This is a year 2038 safe variant of syscall:
    int clock_adjtime(clockid_t clk_id, struct timex *buf)
    --tune kernel clock--
    man page: https://man7.org/linux/man-pages/man2/clock_adjtime.2.html

Implementation notes:

    Syscall 'clock_nanosleep_time64()' was implemented similarly
    to syscall 'clock_nanosleep()' except that 'host_to_target_timespec64()'
    and 'target_to_host_timespec64()' were used instead of the regular
    'host_to_target_timespec()' and 'target_to_host_timespec()'.

    For 'clock_adjtime64()' a 64-bit target kernel version of 'struct timex'
    was defined in 'syscall_defs.h': 'struct target__kernel_timex'.
    This type was used to convert the values of 64-bit timex type between
    host and target. For this purpose a 64-bit timex converting functions
    'target_to_host_timex64()' and 'host_to_target_timex64()'. An existing
    function 'copy_to_user_timeval64()' was used to convert the field
    'time' which if of type 'struct timeval' from host to target.
    Function 'copy_from_user_timveal64()' was added in this patch and
    used to convert the 'time' field from target to host.

Signed-off-by: Filip Bozuta <Filip.Bozuta@syrmia.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200824192116.65562-2-Filip.Bozuta@syrmia.com>
[lv: add missing ifdef's]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
11 months agovirtiofsd: probe unshare(CLONE_FS) and print an error
Stefan Hajnoczi [Mon, 27 Jul 2020 19:02:23 +0000 (20:02 +0100)] 
virtiofsd: probe unshare(CLONE_FS) and print an error

An assertion failure is raised during request processing if
unshare(CLONE_FS) fails. Implement a probe at startup so the problem can
be detected right away.

Unfortunately Docker/Moby does not include unshare in the seccomp.json
list unless CAP_SYS_ADMIN is given. Other seccomp.json lists always
include unshare (e.g. podman is unaffected):
https://raw.githubusercontent.com/seccomp/containers-golang/master/seccomp.json

Use "docker run --security-opt seccomp=path/to/seccomp.json ..." if the
default seccomp.json is missing unshare.

Cc: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20200727190223.422280-4-stefanha@redhat.com>
Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
11 months agovirtiofsd: drop CAP_DAC_READ_SEARCH
Stefan Hajnoczi [Mon, 27 Jul 2020 19:02:21 +0000 (20:02 +0100)] 
virtiofsd: drop CAP_DAC_READ_SEARCH

virtiofsd does not need CAP_DAC_READ_SEARCH because it already has
the more powerful CAP_DAC_OVERRIDE. Drop it from the list of
capabilities.

This is important because container runtimes may not include
CAP_DAC_READ_SEARCH by default. This patch allows virtiofsd to reduce
its capabilities when running inside a Docker container.

Note that CAP_DAC_READ_SEARCH may be necessary again in the future if
virtiofsd starts using open_by_handle_at(2).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20200727190223.422280-2-stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
11 months agovirtiofsd: Remove "norace" from cmdline help and docs
Sergio Lopez [Fri, 17 Jul 2020 12:11:10 +0000 (14:11 +0200)] 
virtiofsd: Remove "norace" from cmdline help and docs

Commit 93bb3d8d4cda ("virtiofsd: remove symlink fallbacks") removed
the implementation of the "norace" option, so remove it from the
cmdline help and the documentation too.

Signed-off-by: Sergio Lopez <slp@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20200717121110.50580-1-slp@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
11 months agovirtiofsd: Disable remote posix locks by default
Vivek Goyal [Mon, 27 Jul 2020 16:18:41 +0000 (12:18 -0400)] 
virtiofsd: Disable remote posix locks by default

Right now we enable remote posix locks by default. That means when guest
does a posix lock it sends request to server (virtiofsd). But currently
we only support non-blocking posix lock and return -EOPNOTSUPP for
blocking version.

This means that existing applications which are doing blocking posix
locks get -EOPNOTSUPP and fail. To avoid this, people have been
running virtiosd with option "-o no_posix_lock". For new users it
is still a surprise and trial and error takes them to this option.

Given posix lock implementation is not complete in virtiofsd, disable
it by default. This means that posix locks will work with-in applications
in a guest but not across guests. Anyway we don't support sharing
filesystem among different guests yet in virtiofs so this should
not lead to any kind of surprise or regression and will make life
little easier for virtiofs users.

Reported-by: Aa Aa <jimbothom@yandex.com>
Suggested-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
11 months agomigration: tls: fix memory leak in migration_tls_get_creds
Zhenyu Ye [Wed, 22 Jul 2020 03:32:28 +0000 (11:32 +0800)] 
migration: tls: fix memory leak in migration_tls_get_creds

Currently migration_tls_get_creds() adds the reference of creds
but there was no place to unref it.  So the OBJECT(creds) will
never be freed and result in memory leak.

The leak stack:
Direct leak of 104 byte(s) in 1 object(s) allocated from:
    #0 0xffffa88bd20b in __interceptor_malloc (/usr/lib64/libasan.so.4+0xd320b)
    #1 0xffffa7f0cb1b in g_malloc (/usr/lib64/libglib-2.0.so.0+0x58b1b)
    #2 0x14b58cb in object_new_with_type qom/object.c:634
    #3 0x14b597b in object_new qom/object.c:645
    #4 0x14c0e4f in user_creatable_add_type qom/object_interfaces.c:59
    #5 0x141c78b in qmp_object_add qom/qom-qmp-cmds.c:312
    #6 0x140e513 in qmp_marshal_object_add qapi/qapi-commands-qom.c:279
    #7 0x176ba97 in do_qmp_dispatch qapi/qmp-dispatch.c:165
    #8 0x176bee7 in qmp_dispatch qapi/qmp-dispatch.c:208
    #9 0x136e337 in monitor_qmp_dispatch monitor/qmp.c:150
    #10 0x136eae3 in monitor_qmp_bh_dispatcher monitor/qmp.c:239
    #11 0x1852e93 in aio_bh_call util/async.c:89
    #12 0x18531b7 in aio_bh_poll util/async.c:117
    #13 0x18616bf in aio_dispatch util/aio-posix.c:459
    #14 0x1853f37 in aio_ctx_dispatch util/async.c:268
    #15 0xffffa7f06a7b in g_main_context_dispatch (/usr/lib64/libglib-2.0.so.0+0x52a7b)

Since we're fine to use the borrowed reference when using the creds,
so just remove the object_ref() in migration_tls_get_creds().

Signed-off-by: Zhenyu Ye <yezhenyu2@huawei.com>
Message-Id: <20200722033228.71-1-yezhenyu2@huawei.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
11 months agomigration: improve error reporting of block driver state name
Daniel P. Berrangé [Thu, 27 Aug 2020 11:16:00 +0000 (12:16 +0100)] 
migration: improve error reporting of block driver state name

With blockdev, a BlockDriverState may not have a device name,
so using a node name is required as an alternative.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200827111606.1408275-2-berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
11 months agomigration: add vsock as data channel support
Longpeng(Mike) [Thu, 6 Aug 2020 07:40:30 +0000 (15:40 +0800)] 
migration: add vsock as data channel support

The vsock channel is more widely use in some new features, for example,
the Nitro/Enclave. It can also be used as the migration channel.

Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
Message-Id: <20200806074030.174-3-longpeng2@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
11 months agomigration: unify the framework of socket-type channel
Longpeng(Mike) [Thu, 6 Aug 2020 07:40:29 +0000 (15:40 +0800)] 
migration: unify the framework of socket-type channel

Currently, the only difference of tcp channel and unix channel in
migration/socket.c is the way to build SocketAddress, but socket_parse()
can handle these two types, so use it to instead of tcp_build_address()
and unix_build_address().

The socket-type channel can be further unified based on the up, this
would be helpful for us to add other socket-type channels.

Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
Message-Id: <20200806074030.174-2-longpeng2@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
11 months agoMerge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into...
Peter Maydell [Fri, 28 Aug 2020 10:05:08 +0000 (11:05 +0100)] 
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

Machine queue + QOM fixes and cleanups

Bug fix:
* numa: hmat: fix cache size check (Igor Mammedov)

QOM fixes and cleanups:
* Move QOM macros and typedefs to header files
* Use TYPE_* constants on TypeInfo structs
* Rename QOM type checking macros for consistency
* Rename enum values and typedefs that conflict with QOM
  type checking amcros
* Fix typos on QOM type checking macros
* Delete unused QOM type checking macros that use
  non-existing typedefs
* hvf: Add missing include
* xen-legacy-backend: Add missing typedef XenLegacyDevice

# gpg: Signature made Thu 27 Aug 2020 20:20:05 BST
# gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg:                issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/machine-next-pull-request: (53 commits)
  dc390: Use TYPE_DC390_DEVICE constant
  ppce500: Use TYPE_PPC_E500_PCI_BRIDGE constant
  tosa: Use TYPE_TOSA_MISC_GPIO constant
  xlnx-zcu102: Use TYPE_ZCU102_MACHINE constant
  sclpconsole: Use TYPE_* constants
  amd_iommu: Use TYPE_AMD_IOMMU_PCI constant
  nios2_iic: Use TYPE_ALTERA_IIC constant
  etsec: Use TYPE_ETSEC_COMMON constant
  migration: Rename class type checking macros
  swim: Rename struct SWIM to Swim
  s390-virtio-ccw: Rename S390_MACHINE_CLASS macro
  nubus: Rename class type checking macros
  vfio/pci: Move QOM macros to header
  kvm: Move QOM macros to kvm.h
  mptsas: Move QOM macros to header
  pxa2xx: Move QOM macros to header
  rocker: Move QOM macros to header
  auxbus: Move QOM macros to header
  piix: Move QOM macros to header
  virtio-serial-bus: Move QOM macros to header
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Convert sq{, r}dmulh to gvec for aa64 advsimd
Richard Henderson [Fri, 28 Aug 2020 09:02:50 +0000 (10:02 +0100)] 
target/arm: Convert sq{, r}dmulh to gvec for aa64 advsimd

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-21-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Convert integer multiply-add (indexed) to gvec for aa64 advsimd
Richard Henderson [Fri, 28 Aug 2020 09:02:50 +0000 (10:02 +0100)] 
target/arm: Convert integer multiply-add (indexed) to gvec for aa64 advsimd

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-20-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Convert integer multiply (indexed) to gvec for aa64 advsimd
Richard Henderson [Fri, 28 Aug 2020 09:02:50 +0000 (10:02 +0100)] 
target/arm: Convert integer multiply (indexed) to gvec for aa64 advsimd

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-19-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Generalize inl_qrdmlah_* helper functions
Richard Henderson [Fri, 28 Aug 2020 09:02:49 +0000 (10:02 +0100)] 
target/arm: Generalize inl_qrdmlah_* helper functions

Unify add/sub helpers and add a parameter for rounding.
This will allow saturating non-rounding to reuse this code.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
[PMM: fixed accidental use of '=' rather than '+=' in do_sqrdmlah_s]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-15-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Tidy SVE tszimm shift formats
Richard Henderson [Fri, 28 Aug 2020 09:02:49 +0000 (10:02 +0100)] 
target/arm: Tidy SVE tszimm shift formats

Rather than require the user to fill in the immediate (shl or shr),
create full formats that include the immediate.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-14-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Split out gen_gvec_ool_zz
Richard Henderson [Fri, 28 Aug 2020 09:02:49 +0000 (10:02 +0100)] 
target/arm: Split out gen_gvec_ool_zz

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-13-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Split out gen_gvec_ool_zzz
Richard Henderson [Fri, 28 Aug 2020 09:02:49 +0000 (10:02 +0100)] 
target/arm: Split out gen_gvec_ool_zzz

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-12-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Split out gen_gvec_ool_zzp
Richard Henderson [Fri, 28 Aug 2020 09:02:49 +0000 (10:02 +0100)] 
target/arm: Split out gen_gvec_ool_zzp

Model after gen_gvec_fn_zzz et al.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-11-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Merge helper_sve_clr_* and helper_sve_movz_*
Richard Henderson [Fri, 28 Aug 2020 09:02:48 +0000 (10:02 +0100)] 
target/arm: Merge helper_sve_clr_* and helper_sve_movz_*

The existing clr functions have only one vector argument, and so
can only clear in place.  The existing movz functions have two
vector arguments, and so can clear while moving.  Merge them, with
a flag that controls the sense of active vs inactive elements
being cleared.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-10-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Split out gen_gvec_ool_zzzp
Richard Henderson [Fri, 28 Aug 2020 09:02:48 +0000 (10:02 +0100)] 
target/arm: Split out gen_gvec_ool_zzzp

Model after gen_gvec_fn_zzz et al.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-9-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Use tcg_gen_gvec_bitsel for trans_SEL_pppp
Richard Henderson [Fri, 28 Aug 2020 09:02:48 +0000 (10:02 +0100)] 
target/arm: Use tcg_gen_gvec_bitsel for trans_SEL_pppp

The gvec operation was added after the initial implementation
of the SEL instruction and was missed in the conversion.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-8-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Clean up 4-operand predicate expansion
Richard Henderson [Fri, 28 Aug 2020 09:02:48 +0000 (10:02 +0100)] 
target/arm: Clean up 4-operand predicate expansion

Move the check for !S into do_pppp_flags, which allows to merge in
do_vecop4_p.  Split out gen_gvec_fn_ppp without sve_access_check,
to mirror gen_gvec_fn_zzz.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Merge do_vector2_p into do_mov_p
Richard Henderson [Fri, 28 Aug 2020 09:02:48 +0000 (10:02 +0100)] 
target/arm: Merge do_vector2_p into do_mov_p

This is the only user of the function.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-6-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Rearrange {sve,fp}_check_access assert
Richard Henderson [Fri, 28 Aug 2020 09:02:47 +0000 (10:02 +0100)] 
target/arm: Rearrange {sve,fp}_check_access assert

We want to ensure that access is checked by the time we ask
for a specific fp/vector register.  We want to ensure that
we do not emit two lots of code to raise an exception.

But sometimes it's difficult to cleanly organize the code
such that we never pass through sve_check_access exactly once.
Allow multiple calls so long as the result is true, that is,
no exception to be raised.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Split out gen_gvec_fn_zzz, do_zzz_fn
Richard Henderson [Fri, 28 Aug 2020 09:02:47 +0000 (10:02 +0100)] 
target/arm: Split out gen_gvec_fn_zzz, do_zzz_fn

Model gen_gvec_fn_zzz on gen_gvec_fn3 in translate-a64.c, but
indicating which kind of register and in which order.

Model do_zzz_fn on the other do_foo functions that take an
argument set and verify sve enabled.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Split out gen_gvec_fn_zz
Richard Henderson [Fri, 28 Aug 2020 09:02:47 +0000 (10:02 +0100)] 
target/arm: Split out gen_gvec_fn_zz

Model the new function on gen_gvec_fn2 in translate-a64.c, but
indicating which kind of register and in which order.  Since there
is only one user of do_vector2_z, fold it into do_mov_z.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agoqemu/int128: Add int128_lshift
Richard Henderson [Fri, 28 Aug 2020 09:02:47 +0000 (10:02 +0100)] 
qemu/int128: Add int128_lshift

Add left-shift to match the existing right-shift.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200815013145.539409-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agoarmsse: Define ARMSSEClass correctly
Eduardo Habkost [Fri, 28 Aug 2020 09:02:47 +0000 (10:02 +0100)] 
armsse: Define ARMSSEClass correctly

TYPE_ARM_SSE is a TYPE_SYS_BUS_DEVICE subclass, but
ARMSSEClass::parent_class is declared as DeviceClass.

It never caused any problems by pure luck:

We were not setting class_size for TYPE_ARM_SSE, so class_size of
TYPE_SYS_BUS_DEVICE was being used (sizeof(SysBusDeviceClass)).
This made the system allocate enough memory for TYPE_ARM_SSE
devices even though ARMSSEClass was too small for a sysbus
device.

Additionally, the ARMSSEClass::info field ended up at the same
offset as SysBusDeviceClass::explicit_ofw_unit_address.  This
would make sysbus_get_fw_dev_path() crash for the device.
Luckily, sysbus_get_fw_dev_path() never gets called for
TYPE_ARM_SSE devices, because qdev_get_fw_dev_path() is only used
by the boot device code, and TYPE_ARM_SSE devices don't appear at
the fw_boot_order list.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 20200826181006.4097163-1-ehabkost@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agohw/misc/unimp: Display the offset with width of the region size
Philippe Mathieu-Daudé [Fri, 28 Aug 2020 09:02:46 +0000 (10:02 +0100)] 
hw/misc/unimp: Display the offset with width of the region size

To have a better idea of how big is the region where the offset
belongs, display the value with the width of the region size
(i.e. a region of 0x1000 bytes uses 0x000 format).

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200812190206.31595-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agohw/misc/unimp: Display the value with width of the access size
Philippe Mathieu-Daudé [Fri, 28 Aug 2020 09:02:46 +0000 (10:02 +0100)] 
hw/misc/unimp: Display the value with width of the access size

To quickly notice the access size, display the value with the
width of the access (i.e. 16-bit access is displayed 0x0000,
while 8-bit access 0x00).

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200812190206.31595-3-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agohw/misc/unimp: Display value after offset
Philippe Mathieu-Daudé [Fri, 28 Aug 2020 09:02:46 +0000 (10:02 +0100)] 
hw/misc/unimp: Display value after offset

To better align the read/write accesses, display the value after
the offset (read accesses only display the offset).

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200812190206.31595-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agohw/qdev-clock: Avoid calling qdev_connect_clock_in after DeviceRealize
Philippe Mathieu-Daudé [Fri, 28 Aug 2020 09:02:46 +0000 (10:02 +0100)] 
hw/qdev-clock: Avoid calling qdev_connect_clock_in after DeviceRealize

Clock canonical name is set in device_set_realized (see the block
added to hw/core/qdev.c in commit 0e6934f264).
If we connect a clock after the device is realized, this code is
not executed. This is currently not a problem as this name is only
used for trace events, however this disrupt tracing.

Add a comment to document qdev_connect_clock_in() must be called
before the device is realized, and assert this condition.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200803105647.22223-5-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agohw/qdev-clock: Uninline qdev_connect_clock_in()
Philippe Mathieu-Daudé [Fri, 28 Aug 2020 09:02:46 +0000 (10:02 +0100)] 
hw/qdev-clock: Uninline qdev_connect_clock_in()

We want to assert the device is not realized. To avoid overloading
this header including "hw/qdev-core.h", uninline the function first.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200803105647.22223-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agohw/arm/xilinx_zynq: Call qdev_connect_clock_in() before DeviceRealize
Philippe Mathieu-Daudé [Fri, 28 Aug 2020 09:02:45 +0000 (10:02 +0100)] 
hw/arm/xilinx_zynq: Call qdev_connect_clock_in() before DeviceRealize

Clock canonical name is set in device_set_realized (see the block
added to hw/core/qdev.c in commit 0e6934f264).
If we connect a clock after the device is realized, this code is
not executed. This is currently not a problem as this name is only
used for trace events, however this disrupt tracing.

Fix by calling qdev_connect_clock_in() before realizing.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200803105647.22223-3-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agohw/arm/xilinx_zynq: Uninline cadence_uart_create()
Philippe Mathieu-Daudé [Fri, 28 Aug 2020 09:02:45 +0000 (10:02 +0100)] 
hw/arm/xilinx_zynq: Uninline cadence_uart_create()

As we want to call qdev_connect_clock_in() before the device
is realized, we need to uninline cadence_uart_create() first.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200803105647.22223-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agohw/net/allwinner-sun8i-emac: Use AddressSpace for DMA transfers
Philippe Mathieu-Daudé [Fri, 28 Aug 2020 09:02:45 +0000 (10:02 +0100)] 
hw/net/allwinner-sun8i-emac: Use AddressSpace for DMA transfers

Allow the device to execute the DMA transfers in a different
AddressSpace.

The H3 SoC keeps using the system_memory address space,
but via the proper dma_memory_access() API.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-id: 20200814122907.27732-1-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agohw/sd/allwinner-sdhost: Use AddressSpace for DMA transfers
Philippe Mathieu-Daudé [Fri, 28 Aug 2020 09:02:45 +0000 (10:02 +0100)] 
hw/sd/allwinner-sdhost: Use AddressSpace for DMA transfers

Allow the device to execute the DMA transfers in a different
AddressSpace.

The A10 and H3 SoC keep using the system_memory address space,
but via the proper dma_memory_access() API.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-id: 20200814110057.307-1-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Fill in the WnR syndrome bit in mte_check_fail
Richard Henderson [Fri, 28 Aug 2020 09:02:45 +0000 (10:02 +0100)] 
target/arm: Fill in the WnR syndrome bit in mte_check_fail

According to AArch64.TagCheckFault, none of the other ISS values are
provided, so we do not need to go so far as merge_syn_data_abort.
But we were missing the WnR bit.

Tested-by: Andrey Konovalov <andreyknvl@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200813200816.3037186-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11 months agotarget/arm: Pass the entire mte descriptor to mte_check_fail
Richard Henderson [Fri, 28 Aug 2020 09:02:44 +0000 (10:02 +0100)] 
target/arm: Pass the entire mte descriptor to mte_check_fail

We need more information than just the mmu_idx in order
to create the proper exception syndrome.  Only change the
function signature so far.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200813200816.3037186-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>