Peter Maydell [Wed, 18 Mar 2020 17:57:40 +0000 (17:57 +0000)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2020-03-17' into staging
Error reporting patches for 2020-03-17
# gpg: Signature made Tue 17 Mar 2020 16:30:49 GMT
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-error-2020-03-17:
hw/sd/ssi-sd: fix error handling in ssi_sd_realize
xen-block: Use one Error * variable instead of two
hw/misc/ivshmem: Use one Error * variable instead of two
Use &error_abort instead of separate assert()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 18 Mar 2020 15:07:57 +0000 (15:07 +0000)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.0-20200317' into staging
ppc patch queue 2020-03-17
Here's my final pull request for the qemu-5.0 soft freeze. Sorry this
is just under the wire - I hit some last minute problems that took a
while to fix up and retest.
Highlights are:
* Numerous fixes for the FWNMI feature
* A handful of cleanups to the device tree construction code
* Numerous fixes for the spapr-vscsi device
* A number of fixes and cleanups for real mode (MMU off) softmmu
handling
* Fixes for handling of the PAPR RMA
* Better handling of hotplug/unplug events during boot
* Assorted other fixes
* remotes/dgibson/tags/ppc-for-5.0-20200317: (45 commits)
pseries: Update SLOF firmware image
ppc/spapr: Ignore common "ibm,nmi-interlock" Linux bug
ppc/spapr: Implement FWNMI System Reset delivery
target/ppc: allow ppc_cpu_do_system_reset to take an alternate vector
ppc/spapr: Allow FWNMI on TCG
ppc/spapr: Fix FWNMI machine check interrupt delivery
ppc/spapr: Add FWNMI System Reset state
ppc/spapr: Change FWNMI names
ppc/spapr: Fix FWNMI machine check failure handling
spapr: Rename DT functions to newer naming convention
spapr: Move creation of ibm,architecture-vec-5 property
spapr: Move creation of ibm,dynamic-reconfiguration-memory dt node
spapr/rtas: Reserve space for RTAS blob and log
pseries: Update SLOF firmware image
ppc/spapr: Move GPRs setup to one place
target/ppc: Fix rlwinm on ppc64
spapr/xive: use SPAPR_IRQ_IPI to define IPI ranges exposed to the guest
hw/scsi/spapr_vscsi: Convert debug fprintf() to trace event
hw/scsi/spapr_vscsi: Prevent buffer overflow
hw/scsi/spapr_vscsi: Do not mix SRP IU size with DMA buffer size
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 17 Mar 2020 18:33:05 +0000 (18:33 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* Bugfixes all over the place
* get/set_uint cleanups (Felipe)
* Lock guard support (Stefan)
* MemoryRegion ownership cleanup (Philippe)
* AVX512 optimization for buffer_is_zero (Robert)
* remotes/bonzini/tags/for-upstream: (62 commits)
hw/arm: Let devices own the MemoryRegion they create
hw/arm: Remove unnecessary memory_region_set_readonly() on ROM alias
hw/ppc/ppc405: Use memory_region_init_rom() with read-only regions
hw/arm/stm32: Use memory_region_init_rom() with read-only regions
hw/char: Let devices own the MemoryRegion they create
hw/riscv: Let devices own the MemoryRegion they create
hw/dma: Let devices own the MemoryRegion they create
hw/display: Let devices own the MemoryRegion they create
hw/core: Let devices own the MemoryRegion they create
scripts/cocci: Patch to let devices own their MemoryRegions
scripts/cocci: Patch to remove unnecessary memory_region_set_readonly()
scripts/cocci: Patch to detect potential use of memory_region_init_rom
hw/sparc: Use memory_region_init_rom() with read-only regions
hw/sh4: Use memory_region_init_rom() with read-only regions
hw/riscv: Use memory_region_init_rom() with read-only regions
hw/ppc: Use memory_region_init_rom() with read-only regions
hw/pci-host: Use memory_region_init_rom() with read-only regions
hw/net: Use memory_region_init_rom() with read-only regions
hw/m68k: Use memory_region_init_rom() with read-only regions
hw/display: Use memory_region_init_rom() with read-only regions
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Vladimir Sementsov-Ogievskiy [Tue, 17 Mar 2020 12:57:41 +0000 (15:57 +0300)]
hw/sd/ssi-sd: fix error handling in ssi_sd_realize
It's wrong to use same err object as errp parameter for several
function calls without intermediate checking for error: we'll crash if
try to set err object twice. Fix that.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200317125741.15301-1-vsementsov@virtuozzo.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Peter Maydell [Tue, 17 Mar 2020 16:23:03 +0000 (16:23 +0000)]
Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-mar-17-2020' into staging
MIPS queue for March 17th, 2020
# gpg: Signature made Tue 17 Mar 2020 12:53:50 GMT
# gpg: using RSA key D4972A8967F75A65
# gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>" [full]
# Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01 DD75 D497 2A89 67F7 5A65
* remotes/amarkovic/tags/mips-queue-mar-17-2020:
MAINTAINERS: Add a file to the main MIPS section
MAINTAINERS: Adjust maintainer's email
MAINTAINERS: Adjust maintainer's status for some MIPS items
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Markus Armbruster [Fri, 13 Mar 2020 17:05:16 +0000 (18:05 +0100)]
hw/misc/ivshmem: Use one Error * variable instead of two
Commit fe44dc9180 "migration: disallow migrate_add_blocker during
migration" accidentally added a second Error * variable. Use the
first one instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200313170517.22480-3-armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Peter Maydell [Tue, 17 Mar 2020 14:44:49 +0000 (14:44 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200317' into staging
target-arm:
* hw/arm/pxa2xx: Do not wire up OHCI for PXA255
* aspeed/smc: Fix number of dummy cycles for FAST_READ_4 command
* m25p80: Improve command handling for Jedec and unsupported commands
* hw/net/imx_fec: write TGSR and TCSR3 in imx_enet_write()
* hw/arm/fsl-imx6, imx6ul: Wire up USB controllers
* hw/arm/fsl-imx6ul: Instantiate unimplemented pwm and can devices
* remotes/pmaydell/tags/pull-target-arm-20200317:
hw/arm/pxa2xx: Do not wire up OHCI for PXA255
aspeed/smc: Fix number of dummy cycles for FAST_READ_4 command
m25p80: Improve command handling for unsupported commands
m25p80: Improve command handling for Jedec commands
m25p80: Convert to support tracing
hw/net/imx_fec: write TGSR and TCSR3 in imx_enet_write()
hw/arm/fsl-imx6: Wire up USB controllers
hw/arm/fsl-imx6ul: Wire up USB controllers
hw/arm/fsl-imx6ul: Instantiate unimplemented pwm and can devices
hw/arm/fsl-imx6ul: Fix USB interrupt numbers
hw/usb: Add basic i.MX USB Phy support
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Philippe Mathieu-Daudé [Mon, 24 Feb 2020 16:04:51 +0000 (17:04 +0100)]
hw/ppc/ppc405: Use memory_region_init_rom() with read-only regions
The scripts/coccinelle/memory-region-housekeeping.cocci reported:
* TODO [[view:./hw/ppc/ppc405_boards.c::face=ovl-face1::linb=195::colb=8::cole=30][potential use of memory_region_init_rom*() in ./hw/ppc/ppc405_boards.c::195]]
* TODO [[view:./hw/ppc/ppc405_boards.c::face=ovl-face1::linb=464::colb=8::cole=30][potential use of memory_region_init_rom*() in ./hw/ppc/ppc405_boards.c::464]]
We can indeed replace the memory_region_init_ram() and
memory_region_set_readonly() calls by memory_region_init_rom().
Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Philippe Mathieu-Daudé [Mon, 24 Feb 2020 15:58:53 +0000 (16:58 +0100)]
hw/arm/stm32: Use memory_region_init_rom() with read-only regions
The scripts/coccinelle/memory-region-housekeeping.cocci reported:
* TODO [[view:./hw/arm/stm32f205_soc.c::face=ovl-face1::linb=96::colb=4::cole=26][potential use of memory_region_init_rom*() in ./hw/arm/stm32f205_soc.c::96]]
* TODO [[view:./hw/arm/stm32f405_soc.c::face=ovl-face1::linb=98::colb=4::cole=26][potential use of memory_region_init_rom*() in ./hw/arm/stm32f405_soc.c::98]]
We can indeed replace the memory_region_init_ram() and
memory_region_set_readonly() calls by memory_region_init_rom().
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
As we are going to add various semantic changes related to the memory
region API, rename this script to be more generic.
Add a 'usage' header, and an entry in MAINTAINERS to avoid checkpatch
warning.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Philippe Mathieu-Daudé [Mon, 24 Feb 2020 09:58:17 +0000 (10:58 +0100)]
memory: Simplify memory_region_init_rom_nomigrate() to ease review
memory_region_init_rom_nomigrate() has the same content than
memory_region_init_ram_shared_nomigrate(), with setting the
readonly mode. The code is easier to review as creating a
readonly ram/shared/nomigrate region.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Philippe Mathieu-Daudé [Mon, 24 Feb 2020 09:13:00 +0000 (10:13 +0100)]
memory: Correctly return alias region type
Since memory region aliases are neither rom nor ram, they are
described as i/o, which is often incorrect. Return instead the
type of the original region we are aliasing.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Stefan Hajnoczi [Mon, 16 Mar 2020 11:09:57 +0000 (11:09 +0000)]
lockable: add QemuRecMutex support
The polymorphic locking macros don't support QemuRecMutex yet. Add it
so that lock guards can be used with QemuRecMutex.
Convert TCG plugins functions that benefit from these macros. Manual
qemu_rec_mutex_lock/unlock() callers are left unmodified in cases where
clarity would not improve by switching to the macros.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
WITH_QEMU_LOCK_GUARD(&mutex) {
if (!may_fail()) {
return; /* automatically unlocks mutex */
}
}
/* automatically unlocks mutex here */
...
Convert qemu-timer.c functions that benefit from these macros as an
example. Manual qemu_mutex_lock/unlock() callers are left unmodified in
cases where clarity would not improve by switching to the macros.
Many other QemuMutex users remain in the codebase that might benefit
from lock guards. Over time they can be converted, if that is
desirable.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[Use QEMU_MAKE_LOCKABLE_NONNULL. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 17 Mar 2020 14:17:20 +0000 (15:17 +0100)]
lockable: add QEMU_MAKE_LOCKABLE_NONNULL
This will be needed for lock guards, because if the lock is NULL the
dummy for loop of the lock guard never runs. This can cause confusion
and dummy warnings in the compiler, but even if it did not, aborting
with a NULL pointer dereference is a less surprising behavior.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* remotes/kraxel/tags/usb-20200317-pull-request:
usb-serial: Fix timeout closing the device
usb-serial: Increase receive buffer to 496
usb-serial: chunk data to wMaxPacketSize
usb-serial: Move USB_TOKEN_IN into a helper function
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Aleksandar Markovic [Fri, 13 Mar 2020 01:00:52 +0000 (02:00 +0100)]
MAINTAINERS: Add a file to the main MIPS section
A recently added acceptance test is important not only for
Malta machine, but for overall MIPS target, since it tests
smp feature.
CC: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <1584061252-16635-4-git-send-email-aleksandar.markovic@rt-rk.com>
Aleksandar Markovic [Fri, 13 Mar 2020 01:00:51 +0000 (02:00 +0100)]
MAINTAINERS: Adjust maintainer's email
For some longish time I've been using multiple email addresses
for mailing list communication, and would like to consolidate it
into a single email address that is the most convenient to me.
My other emails, from rt-rk.com and wavecomp.com domains remain
active and I will respond from them too, if needed, but I would
like to manage almost all communication using gmail.com account.
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <1584061252-16635-3-git-send-email-aleksandar.markovic@rt-rk.com>
Aleksandar Markovic [Fri, 13 Mar 2020 01:00:50 +0000 (02:00 +0100)]
MAINTAINERS: Adjust maintainer's status for some MIPS items
Aurelien has been and will forever remain an idol in QEMU for
MIPS world. However, since he decided to move on to other projects,
acknowledge the reality, and formally releive him from maintainer's
duties for QEMU for MIPS items. Aurelien is though welcome to come
back at any time. Some empty spots caused by this are filled in by
Aleksandar.
Guenter Roeck [Mon, 16 Mar 2020 15:52:24 +0000 (15:52 +0000)]
aspeed/smc: Fix number of dummy cycles for FAST_READ_4 command
The Linux kernel recently started using FAST_READ_4 commands.
This results in flash read failures. At the same time, the m25p80
emulation is seen to read 8 more bytes than expected. Adjusting the
expected number of dummy cycles to match FAST_READ fixes the problem.
Fixes: f95c4bffdc4c ("aspeed/smc: snoop SPI transfers to fake dummy cycles") Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Guenter Roeck [Mon, 16 Mar 2020 15:52:24 +0000 (15:52 +0000)]
m25p80: Improve command handling for unsupported commands
Whenever an unsupported command is encountered, the current code
interprets each transferred byte as new command. Most of the time, those
'commands' are interpreted as new unknown commands. However, in rare
cases, it may be that for example address or length information
passed with the original command is by itself a valid command.
If that happens, the state machine may get completely confused and,
worst case, start writing data into the flash or even erase it.
To avoid the problem, transition into STATE_READING_DATA and keep
sending a value of 0 until the chip is deselected after encountering
an unsupported command.
Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Guenter Roeck [Mon, 16 Mar 2020 15:52:23 +0000 (15:52 +0000)]
m25p80: Improve command handling for Jedec commands
When requesting JEDEC data using the JEDEC_READ command, the Linux kernel
always requests 6 bytes. The current implementation only returns three
bytes, and interprets the remaining three bytes as new commands.
While this does not matter most of the time, it is at the very least
confusing. To avoid the problem, always report up to 6 bytes of JEDEC
data. Fill remaining data with 0.
Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Chen Qun [Fri, 13 Mar 2020 12:32:42 +0000 (20:32 +0800)]
hw/net/imx_fec: write TGSR and TCSR3 in imx_enet_write()
The current code causes clang static code analyzer generate warning:
hw/net/imx_fec.c:858:9: warning: Value stored to 'value' is never read
value = value & 0x0000000f;
^ ~~~~~~~~~~~~~~~~~~
hw/net/imx_fec.c:864:9: warning: Value stored to 'value' is never read
value = value & 0x000000fd;
^ ~~~~~~~~~~~~~~~~~~
According to the definition of the function, the two “value” assignments
should be written to registers.
Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
Message-id: 20200313123242.13236-1-kuhn.chenqun@huawei.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Guenter Roeck [Fri, 13 Mar 2020 01:45:49 +0000 (18:45 -0700)]
hw/arm/fsl-imx6ul: Instantiate unimplemented pwm and can devices
Recent Linux kernels (post v4.20) crash due to accesses to flexcan
and pwm controllers. Instantiate as unimplemented devices to work
around the problem.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200313014551.12554-4-linux@roeck-us.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Guenter Roeck [Fri, 13 Mar 2020 01:45:48 +0000 (18:45 -0700)]
hw/arm/fsl-imx6ul: Fix USB interrupt numbers
USB1 and USB2 interrupt numbers were swapped. USB_PHY2 interrupt number
is 45. That didn't really matter up to now since the interrupts were not
used, but it needs to be fixed to be able to wire up the USB controllers.
Fixes: 31cbf933f0e ("i.MX6UL: Add i.MX6UL SOC") Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200313014551.12554-3-linux@roeck-us.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Guenter Roeck [Fri, 13 Mar 2020 01:45:47 +0000 (18:45 -0700)]
hw/usb: Add basic i.MX USB Phy support
Add basic USB PHY support as implemented in i.MX23, i.MX28, i.MX6,
and i.MX7 SoCs.
The only support really needed - at least to boot Linux - is support
for soft reset, which needs to reset various registers to their initial
value. Otherwise, just record register values.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200313014551.12554-2-linux@roeck-us.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 17 Mar 2020 11:05:08 +0000 (11:05 +0000)]
Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf5' into staging
RISC-V Patches for the 5.0 Soft Freeze, Part 5
This tag contains the last of the patches I'd like to target for the 5.0 soft
freeze. At this point we're mostly collecting fixes, but there are a few new
features. The changes include:
* An OpenSBI update, including the various bits necessary to put CI together
and an image for the 32-bit sifive_u board.
* A fix that disallows TSR when outside of machine mode.
* A fix for VS-mode interrupt forwarding.
# gpg: Signature made Tue 17 Mar 2020 03:59:58 GMT
# gpg: using RSA key 2B3C3747446843B24A943A7A2E1319F35FBB1889
# gpg: issuer "palmer@dabbelt.com"
# gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown]
# gpg: aka "Palmer Dabbelt <palmer@sifive.com>" [unknown]
# gpg: aka "Palmer Dabbelt <palmerdabbelt@google.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 00CE 76D1 8349 60DF CE88 6DF8 EF4C A150 2CCB AB41
# Subkey fingerprint: 2B3C 3747 4468 43B2 4A94 3A7A 2E13 19F3 5FBB 1889
* remotes/palmer/tags/riscv-for-master-5.0-sf5:
target/riscv: Fix VS mode interrupts forwarding.
gitlab-ci.yml: Add jobs to build OpenSBI firmware binaries
riscv: sifive_u: Update BIOS_FILENAME for 32-bit
roms: opensbi: Add 32-bit firmware image for sifive_u machine
roms: opensbi: Upgrade from v0.5 to v0.6
target/riscv: Correctly implement TSR trap
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Jason Andryuk [Mon, 16 Mar 2020 17:46:10 +0000 (13:46 -0400)]
usb-serial: Fix timeout closing the device
Linux guests wait ~30 seconds when closing the emulated /dev/ttyUSB0.
During that time, the kernel driver is sending many control URBs
requesting GetModemStat (5). Real hardware returns a status with
FTDI_THRE (Transmitter Holding Register) and FTDI_TEMT (Transmitter
Empty) set. QEMU leaves them clear, and it seems Linux is waiting for
FTDI_TEMT to be set to indicate the tx queue is empty before closing.
Set the bits when responding to a GetModemStat query and avoid the
shutdown delay.
Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-id: 20200316174610.115820-5-jandryuk@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Jason Andryuk [Mon, 16 Mar 2020 17:46:09 +0000 (13:46 -0400)]
usb-serial: Increase receive buffer to 496
A FTDI USB adapter on an xHCI controller can send 512 byte USB packets.
These are 8 * ( 2 bytes header + 62 bytes data). A 384 byte receive
buffer is insufficient to fill a 512 byte packet, so bump the receive
size to 496 ( 512 - 2 * 8 ).
Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-id: 20200316174610.115820-4-jandryuk@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Jason Andryuk [Mon, 16 Mar 2020 17:46:08 +0000 (13:46 -0400)]
usb-serial: chunk data to wMaxPacketSize
usb-serial has issues with xHCI controllers where data is lost in the
VM. Inspecting the URBs in the guest, EHCI starts every 64 byte boundary
(wMaxPacketSize) with a header. EHCI hands packets into
usb_serial_token_in() with size 64, so these cannot cross the 64 byte
boundary. The xHCI controller has packets of 512 bytes and the usb-serial
will just write through the 64 byte boundary. In the guest, this means
data bytes are interpreted as header, so data bytes don't make it out
the serial interface.
Re-work usb_serial_token_in to chunk data into 64 byte units - 2 byte
header and 62 bytes data. The Linux driver reads wMaxPacketSize to find
the chunk size, so we match that.
Real hardware was observed to pass in 512 byte URBs (496 bytes data +
8 * 2 byte headers). Since usb-serial only buffers 384 bytes of data,
usb-serial will pass in 6 64 byte blocks and 1 12 byte partial block for
462 bytes max.
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Message-id: 20200316174610.115820-3-jandryuk@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Jason Andryuk [Mon, 16 Mar 2020 17:46:07 +0000 (13:46 -0400)]
usb-serial: Move USB_TOKEN_IN into a helper function
We'll be adding a loop, so move the code into a helper function. breaks
are replaced with returns. While making this change, add braces to
single line if statements to comply with coding style and keep
checkpatch happy.
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Message-id: 20200316174610.115820-2-jandryuk@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Nicholas Piggin [Mon, 16 Mar 2020 14:26:13 +0000 (00:26 +1000)]
ppc/spapr: Ignore common "ibm,nmi-interlock" Linux bug
Linux kernels call "ibm,nmi-interlock" in their system reset handlers
contrary to PAPR. Returning an error because the CPU does not hold the
interlock here causes Linux to print warning messages. PowerVM returns
success in this case, so do the same for now.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200316142613.121089-9-npiggin@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Nicholas Piggin [Mon, 16 Mar 2020 14:26:12 +0000 (00:26 +1000)]
ppc/spapr: Implement FWNMI System Reset delivery
PAPR requires that if "ibm,nmi-register" succeeds, then the hypervisor
delivers all system reset and machine check exceptions to the registered
addresses.
System Resets are delivered with registers set to the architected state,
and with no interlock.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200316142613.121089-8-npiggin@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Nicholas Piggin [Mon, 16 Mar 2020 14:26:11 +0000 (00:26 +1000)]
target/ppc: allow ppc_cpu_do_system_reset to take an alternate vector
Provide for an alternate delivery location, -1 defaults to the
architected address.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200316142613.121089-7-npiggin@gmail.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Nicholas Piggin [Mon, 16 Mar 2020 14:26:10 +0000 (00:26 +1000)]
ppc/spapr: Allow FWNMI on TCG
There should no longer be a reason to prevent TCG providing FWNMI.
System Reset interrupts are generated to the guest with nmi monitor
command and H_SIGNAL_SYS_RESET. Machine Checks can not be injected
currently, but this could be implemented with the mce monitor cmd
similarly to i386.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200316142613.121089-6-npiggin@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org>
[dwg: Re-enable FWNMI in qtests, since that now works] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
FWNMI machine check delivery misses a few things that will make it fail
with TCG at least (which we would like to allow in future to improve
testing).
It's not nice to scatter interrupt delivery logic around the tree, so
move it to excp_helper.c and share code where possible.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200316142613.121089-5-npiggin@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Nicholas Piggin [Mon, 16 Mar 2020 14:26:08 +0000 (00:26 +1000)]
ppc/spapr: Add FWNMI System Reset state
The FWNMI option must deliver system reset interrupts to their
registered address, and there are a few constraints on the handler
addresses specified in PAPR. Add the system reset address state and
checks.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200316142613.121089-4-npiggin@gmail.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviwed-by: Mahesh Salgaonkar <mahesh@linux.ibm.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Nicholas Piggin [Mon, 16 Mar 2020 14:26:07 +0000 (00:26 +1000)]
ppc/spapr: Change FWNMI names
The option is called "FWNMI", and it involves more than just machine
checks, also machine checks can be delivered without the FWNMI option,
so re-name various things to reflect that.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200316142613.121089-3-npiggin@gmail.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
ppc_cpu_do_system_reset delivers a system rreset interrupt to the guest,
which is certainly not what is intended here. Panic the guest like other
failure cases here do.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200316142613.121089-2-npiggin@gmail.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
David Gibson [Wed, 22 Jan 2020 05:15:43 +0000 (16:15 +1100)]
spapr: Rename DT functions to newer naming convention
In the spapr code we've been gradually moving towards a convention that
functions which create pieces of the device tree are called spapr_dt_*().
This patch speeds that along by renaming most of the things that don't yet
match that so that they do.
For now we leave the *_dt_populate() functions which are actual methods
used in the DRCClass::dt_populate method.
While we're there we remove a few comments that don't really say anything
useful.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org>
David Gibson [Wed, 22 Jan 2020 04:50:42 +0000 (15:50 +1100)]
spapr: Move creation of ibm,architecture-vec-5 property
This is currently called from spapr_dt_cas_updates() which is a hang
over from when we created this only as a diff to the DT at CAS time.
Now that we fully rebuild the DT at CAS time, just create it along
with the rest of the properties in /chosen.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org>
David Gibson [Wed, 22 Jan 2020 04:46:35 +0000 (15:46 +1100)]
spapr: Move creation of ibm,dynamic-reconfiguration-memory dt node
Currently this node with information about hotpluggable memory is created
from spapr_dt_cas_updates(). But that's just a hangover from when we
created it only as a diff to the device tree at CAS time. Now that we
fully rebuild the DT as CAS time, it makes more sense to create this along
with the rest of the memory information in the device tree.
So, move it to spapr_populate_memory(). The patch is huge, but it's nearly
all just code motion.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org>
Alexey Kardashevskiy [Mon, 16 Mar 2020 01:18:41 +0000 (12:18 +1100)]
spapr/rtas: Reserve space for RTAS blob and log
At the moment SLOF reserves space for RTAS and instantiates the RTAS blob
which is 20 bytes binary blob calling an hypercall. The rest of the RTAS
area is a log which SLOF has no idea about but QEMU does.
This moves RTAS sizing to QEMU and this overrides the size from SLOF.
The only remaining problem is that SLOF copies the number of bytes it
reserved (2KB for now) so QEMU needs to reserve at least this much;
SLOF will be fixed separately to check that rtas-size from QEMU is
enough for those 20 bytes for the H_RTAS hcall.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20200316011841.99970-1-aik@ozlabs.ru> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Alexey Kardashevskiy [Tue, 10 Mar 2020 05:07:31 +0000 (16:07 +1100)]
ppc/spapr: Move GPRs setup to one place
At the moment "pseries" starts in SLOF which only expects the FDT blob
pointer in r3. As we are going to introduce a OpenFirmware support in
QEMU, we will be booting OF clients directly and these expect a stack
pointer in r1, Linux looks at r3/r4 for the initramdisk location
(although vmlinux can find this from the device tree but zImage from
distro kernels cannot).
This extends spapr_cpu_set_entry_state() to take more registers. This
should cause no behavioral change.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20200310050733.29805-2-aik@ozlabs.ru> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Vitaly Chikunov [Mon, 9 Mar 2020 20:45:57 +0000 (23:45 +0300)]
target/ppc: Fix rlwinm on ppc64
rlwinm cannot just AND with Mask if shift value is zero on ppc64 when
Mask Begin is greater than Mask End and high bits are set to 1.
Note that PowerISA 3.0B says that for `rlwinm' ROTL32 is used, and
ROTL32 is defined (in 3.3.14) so that rotated value should have two
copies of lower word of the source value.
This seems to be another incarnation of the fix from 820724d170
("target-ppc: Fix rlwimi, rlwinm, rlwnm again"), except I leave
optimization when Mask value is less than 32 bits.
Fixes: 7b4d326f47 ("target-ppc: Use the new deposit and extract ops") Cc: qemu-stable@nongnu.org Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Message-Id: <20200309204557.14836-1-vt@altlinux.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Cédric Le Goater [Fri, 6 Mar 2020 12:33:07 +0000 (13:33 +0100)]
spapr/xive: use SPAPR_IRQ_IPI to define IPI ranges exposed to the guest
The "ibm,xive-lisn-ranges" defines ranges of interrupt numbers that
the guest can use to configure IPIs. It starts at 0 today but it could
change to some other offset. Make clear which IRQ range we are
exposing by using SPAPR_IRQ_IPI in the property definition.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200306123307.1348-1-clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Philippe Mathieu-Daudé [Thu, 5 Mar 2020 12:12:53 +0000 (13:12 +0100)]
hw/scsi/spapr_vscsi: Convert debug fprintf() to trace event
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200305121253.19078-8-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Philippe Mathieu-Daudé [Thu, 5 Mar 2020 12:12:52 +0000 (13:12 +0100)]
hw/scsi/spapr_vscsi: Prevent buffer overflow
Depending on the length of sense data, vscsi_send_rsp() can
overrun the buffer size.
Do not copy more than SRP_MAX_IU_DATA_LEN bytes, and assert
that vscsi_send_iu() is always called with a size in range.
Reported-by: Paolo Bonzini <pbonzini@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200305121253.19078-7-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Philippe Mathieu-Daudé [Thu, 5 Mar 2020 12:12:51 +0000 (13:12 +0100)]
hw/scsi/spapr_vscsi: Do not mix SRP IU size with DMA buffer size
The 'union srp_iu' is meant as a pointer to any SRP Information
Unit type, it is not related to the size of a VIO DMA buffer.
Use a plain buffer for the VIO DMA read/write calls.
We can remove the reserved buffer from the 'union srp_iu'.
This issue was noticed when replacing the zero-length arrays
from hw/scsi/srp.h with flexible array member,
'clang -fsanitize=undefined' reported:
hw/scsi/spapr_vscsi.c:69:29: error: field 'iu' with variable sized type 'union viosrp_iu' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
union viosrp_iu iu;
^
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200305121253.19078-6-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Philippe Mathieu-Daudé [Thu, 5 Mar 2020 12:12:50 +0000 (13:12 +0100)]
hw/scsi/spapr_vscsi: Introduce req_iu() helper
Introduce the req_iu() helper which returns a pointer to
the viosrp_iu union held in the vscsi_req structure.
This simplifies the next patch.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200305121253.19078-5-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Philippe Mathieu-Daudé [Thu, 5 Mar 2020 12:12:49 +0000 (13:12 +0100)]
hw/scsi/spapr_vscsi: Simplify a bit
We already have a 'iu' pointer, use it
(this simplifies the next commit).
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200305121253.19078-4-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Philippe Mathieu-Daudé [Thu, 5 Mar 2020 12:12:48 +0000 (13:12 +0100)]
hw/scsi/spapr_vscsi: Use SRP_MAX_IU_LEN instead of sizeof flexible array
Replace sizeof() flexible arrays union srp_iu/viosrp_iu by the
SRP_MAX_IU_LEN definition, which is what this code actually meant
to use.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200305121253.19078-3-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Philippe Mathieu-Daudé [Thu, 5 Mar 2020 12:12:47 +0000 (13:12 +0100)]
hw/scsi/viosrp: Add missing 'hw/scsi/srp.h' include
This header use the srp_* structures declared in "hw/scsi/srp.h".
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200305121253.19078-2-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
David Gibson [Fri, 29 Nov 2019 00:49:04 +0000 (11:49 +1100)]
spapr: Clean up RMA size calculation
Move the calculation of the Real Mode Area (RMA) size into a helper
function. While we're there clean it up and correct it in a few ways:
* Add comments making it clearer where the various constraints come from
* Remove a pointless check that the RMA fits within Node 0 (we've just
clamped it so that it does)
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Rajnesh Kanwal [Sun, 23 Feb 2020 10:28:06 +0000 (15:28 +0500)]
target/riscv: Fix VS mode interrupts forwarding.
Currently riscv_cpu_local_irq_pending is used to find out pending
interrupt and VS mode interrupts are being shifted to represent
S mode interrupts in this function. So when the cause returned by
this function is passed to riscv_cpu_do_interrupt to actually
forward the interrupt, the VS mode forwarding check does not work
as intended and interrupt is actually forwarded to hypervisor. This
patch fixes this issue.
Bin Meng [Mon, 24 Feb 2020 13:39:44 +0000 (05:39 -0800)]
gitlab-ci.yml: Add jobs to build OpenSBI firmware binaries
Add two GitLab jobs to build the OpenSBI firmware binaries.
The first job builds a Docker image with the packages requisite
to build OpenSBI, and stores this image in the GitLab registry.
The second job pulls the image from the registry and builds the
OpenSBI firmware binaries.
The docker image is only rebuilt if the GitLab YAML or the
Dockerfile is updated. The second job is only built when the
roms/opensbi/ submodule is updated, when a git-ref starts with
'opensbi' or when the last commit contains 'OpenSBI'. The files
generated are archived in the artifacts.zip file.
With OpenSBI v0.6, it took 2 minutes 56 seconds to build
the docker image, and 1 minute 24 seconds to generate the
artifacts.zip with the firmware binaries (filesize: 111KiB).
Bin Meng [Mon, 24 Feb 2020 13:39:42 +0000 (05:39 -0800)]
roms: opensbi: Add 32-bit firmware image for sifive_u machine
Although the real world SiFive HiFive Unleashed board is a 64-bit
hardware configuration, with QEMU it is possible to test 32-bit
configuration with the same hardware features.
This updates the roms Makefile to add the build rules for creating
the 32-bit OpenSBI firmware image for sifive_u machine. A pre-built
OpenSBI v0.6 image has been added as the default bios for 32-bit
sifive_u machine.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Bin Meng [Mon, 24 Feb 2020 13:39:41 +0000 (05:39 -0800)]
roms: opensbi: Upgrade from v0.5 to v0.6
Upgrade OpenSBI from v0.5 to v0.6 and the pre-built bios images.
The v0.6 release includes the following commits:
dd8ef28 firmware: Fix compile error for FW_PAYLOAD with latest GCC binutils 98f4a20 firmware: Introduce relocation lottery f728a0b include: Sync-up encoding with priv v1.12-draft and hypervisor v0.5-draft 18897aa include: Use _UL() and _ULL() for defines in riscv_encoding.h 7a13beb firmware: Add preferred boot HART field in struct fw_dynamic_info 215421c lib: Remove date and time from init message 838657c include: Remove ilen member of struct unpriv_trap b1d8c98 lib: No need to set VSSTATUS.MXR bit in get_insn() 0e1322b lib: Better naming of unpriv APIs for wider use 75f903d lib: Simplify trap parameters in sbi_ecall functions c96cc03 lib: Fix CPU capabilities detection function ab14f94 lib: Fix probe extension 813f7f4 lib: Add error detection for misa_extension dc40042 include: sbi_platform: fix compilation for GCC-9 bd732ae include: Add guest external interrupt related defines 6590a7d lib: Delegate guest page faults to HS-mode 4370f18 include: Extend struct sbi_trap_info for mtval2 and mtinst 086dbdf lib: Fix sbi_get_insn() for load guest page fault 2be424b lib: Extend trap redirection for hypervisor v0.5 spec 7219477 lib: Use MTINST CSR in misaligned load/store emulation b8732fe lib: Add replacement extension and function ids aa0ed1d lib: Remove redundant IPI types 1092663 lib: Add TIME extension in SBI 9777aee lib: Add IPI extension in SBI 9407202 lib: Add hfence instruction encoding 331ff6a lib: Support stage1 and stage2 tlb flushing 86a31f5 lib: Implement RFENCE extension c7d1b12 firmware: Return real DTB address when FW_xyz_FDT_ADDR is not defined 9beb573 firmware: Improve comments for fw_prev_arg1() and fw_next_arg1() fc6bd90 docs: Improve docs for FDT address passing 46a90d9 lib: utils: Support CLINT with 32bit MMIO access on RV64 system c0849cd platform: Add T-head C910 initial support e746673 lib: Remove unnecessary checks from init_coldboot() and init_warmboot() c3e406f lib: Add initial sbi_exit() API 55e191e lib: Add system early_exit and final_exit APIs 6469ed1 lib: Add timer exit API b325f6b lib: Add ipi exit API 1993182 lib: Add irqchip exit API 2aa43a1 lib: save/restore MIE CSR in sbi_hart_wait_for_coldboot() b0c9787 lib: do sbi_exit() upon halt IPI 15ed1e7 lib: improve system reboot and shutdown implementation 73c19e6 lib: zero-out memory allocated using sbi_scratch_alloc_offset() a67fd68 lib: Add sbi_init_count() API 049ad0b build: Use -ffreestanding e340bbf include: Add OPENSBI_EXTERNAL_SBI_TYPES in sbi_types.h b28b8ac docs: Add description of using OPENSBI_EXTERNAL_SBI_TYPES adf8b73 platform: thead/c910: Remove SBI_PLATFORM_HAS_PMP f95dd39 docs: platform: Update SiFive FU540 doc as-per U-Boot v2020.01 6ffe1be firmware: Fix placement of .align directives 7daccae platform: thead/c910: Don't enable L2 cache in warm boot a73d45c platform: thead/c910: Don't set plic/clint address in warm boot 30cdf00 scripts: Add C910 to platform list in the binary archive script 0492c5d include: Typo fix in comment for SBI_SCRATCH_SIZE define 046cc16 lib: Move struct sbi_ipi_data definition to sbi_ipi.c 3d2aaac lib: Introduce sbi_ipi_send_smode() API da9b76b lib: Introduce sbi_ipi_send_halt() API a8b4b83 lib: Introduce sbi_tlb_fifo_request() API 5f762d1 lib: Introduce sbi_ipi_event_create/destroy() APIs 817d50d lib: Drop _fifo from the name of various sbi_tlb_fifo_xyz() functions 84cd4fc lib: Initialize TLB management directly from coldboot/warmboot path 0a411bf include: Add generic and simple list handling APIs 37923c4 lib: Add dynamic registration of SBI extensions 7668502 lib: Factor-out SBI legacy extension 161b348 lib: Factor-out SBI replacement extensions 43ac621 lib: Factor-out SBI vendor extension 021b9e7 lib: Factor-out SBI base extension 85647a1 platform: template: typo fix in system reboot/shutdown names ac1c229 platform: Update UART base addresses for qemu/sifve_u d79173b platform: Add an platform ops to return platform specific tlb flush limit 2c2bbe7 platform: sifive/fu540: Set tlb range flush limit to zero 5ff1ab0 makefile: add support for building on macOS 6d0b4c5 platform: Drop qemu/sifive_u support 9a717ec platform: sifive: fu540: Add platform specific 'make run' cmd d6fa7f9 doc: sifive: fu540: Update QEMU instruction when using U-Boot as the payload 179edde lib: sbi_scratch: use bitwise ops in sbi_scratch_alloc_offset() 897b8fb lib: Use __builtin_ctzl() in pmp_get() 1a8ca08 lib: Initialize out value in SBI calls c2bfa2b lib: irqchip/plic: Disable all contexts and IRQs c2f23cc platform: Add Spike initial support a062200 platform: Remove stale options from config.mk files c03c8a1 scripts: Add Spike to platform list of binary archive script 29bb2a6 docs: platform: Add documentation for Spike platform 48b06ad ThirdPartyNotices: Fix doc styles 892e879 doc: coreboot: Fix doc styles fdfb533 doc: payload_linux: Fix doc styles 44d1296 doc: andes-ae350: Fix doc styles a8ef0b5 doc: ariane-fpga: Fix doc styles 82fd42f doc: qemu_virt: Fix doc styles f8ce996 doc: sifive_fu540: Fix doc styles 27a5c7f doc: thead-c910: Fix doc styles 0b41453 Revert "lib: Use __builtin_ctzl() in pmp_get()" c66543d lib: utils: htif: Fix 32-bit build bc874e3 lib: Don't check MIDELEG and MEDELEG at end of delegate_traps() 24c3082 lib: Print interrupt and exception delegation in boot prints 66fb729 platform: sifive: fu540: Add 32-bit specific fdt/payload addresses 3e7d666 platform: qemu: virt: Correct the typo in config.mk c3b3b8f lib: Fix typo in atomic exchange functions 3936243 lib: Use available hart mask for correct hbase value f8b3bb8 lib: Simplify the for-loop in sbi_ipi_send_many() ac5e821 include: Bump-up version to 0.6
Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Alistair Francis [Tue, 21 Jan 2020 05:36:57 +0000 (21:36 -0800)]
target/riscv: Correctly implement TSR trap
As reported in: https://bugs.launchpad.net/qemu/+bug/1851939 we weren't
correctly handling illegal instructions based on the value of MSTATUS_TSR
and the current privledge level.
This patch fixes the issue raised in the bug by raising an illegal
instruction if TSR is set and we are in S-Mode.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Jonathan Behrens <jonathan@fintelia.io Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
David Gibson [Wed, 19 Feb 2020 09:53:13 +0000 (20:53 +1100)]
spapr: Don't clamp RMA to 16GiB on new machine types
In spapr_machine_init() we clamp the size of the RMA to 16GiB and the
comment saying why doesn't make a whole lot of sense. In fact, this was
done because the real mode handling code elsewhere limited the RMA in TCG
mode to the maximum value configurable in LPCR[RMLS], 16GiB.
But,
* Actually LPCR[RMLS] has been able to encode a 256GiB size for a very
long time, we just didn't implement it properly in the softmmu
* LPCR[RMLS] shouldn't really be relevant anyway, it only was because we
used to abuse the RMOR based translation mode in order to handle the
fact that we're not modelling the hypervisor parts of the cpu
We've now removed those limitations in the modelling so the 16GiB clamp no
longer serves a function. However, we can't just remove the limit
universally: that would break migration to earlier qemu versions, where
the 16GiB RMLS limit still applies, no matter how bad the reasons for it
are.
So, we replace the 16GiB clamp, with a clamp to a limit defined in the
machine type class. We set it to 16 GiB for machine types 4.2 and earlier,
but set it to 0 meaning unlimited for the new 5.0 machine type.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
David Gibson [Thu, 28 Nov 2019 05:37:04 +0000 (16:37 +1100)]
spapr: Don't attempt to clamp RMA to VRMA constraint
The Real Mode Area (RMA) is the part of memory which a guest can access
when in real (MMU off) mode. Of course, for a guest under KVM, the MMU
isn't really turned off, it's just in a special translation mode - Virtual
Real Mode Area (VRMA) - which looks like real mode in guest mode.
The mechanics of how this works when using the hash MMU (HPT) put a
constraint on the size of the RMA, which depends on the size of the
HPT. So, the latter part of spapr_setup_hpt_and_vrma() clamps the RMA
we advertise to the guest based on this VRMA limit.
There are several things wrong with this:
1) spapr_setup_hpt_and_vrma() doesn't actually clamp, it takes the minimum
of Node 0 memory size and the VRMA limit. That will *often* work the
same as clamping, but there can be other constraints on RMA size which
supersede Node 0 memory size. We have real bugs caused by this
(currently worked around in the guest kernel)
2) Some callers of spapr_setup_hpt_and_vrma() are in a situation where
we're past the point that we can actually advertise an RMA limit to the
guest
3) But most fundamentally, the VRMA limit depends on host configuration
(page size) which shouldn't be visible to the guest, but this partially
exposes it. This can cause problems with migration in certain edge
cases, although we will mostly get away with it.
In practice, this clamping is almost never applied anyway. With 64kiB
pages and the normal rules for sizing of the HPT, the theoretical VRMA
limit will be 4x(guest memory size) and so never hit. It will hit with
4kiB pages, where it will be (guest memory size)/4. However all mainstream
distro kernels for POWER have used a 64kiB page size for at least 10 years.
So, simply replace this logic with a check that the RMA we've calculated
based only on guest visible configuration will fit within the host implied
VRMA limit. This can break if running HPT guests on a host kernel with
4kiB page size. As noted that's very rare. There also exist several
possible workarounds:
* Change the host kernel to use 64kiB pages
* Use radix MMU (RPT) guests instead of HPT
* Use 64kiB hugepages on the host to back guest memory
* Increase the guest memory size so that the RMA hits one of the fixed
limits before the RMA limit. This is relatively easy on POWER8 which
has a 16GiB limit, harder on POWER9 which has a 1TiB limit.
* Use a guest NUMA configuration which artificially constrains the RMA
within the VRMA limit (the RMA must always fit within Node 0).
Previously, on KVM, we also temporarily reduced the rma_size to 256M so
that the we'd load the kernel and initrd safely, regardless of the VRMA
limit. This was a) confusing, b) could significantly limit the size of
images we could load and c) introduced a behavioural difference between
KVM and TCG. So we remove that as well.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: Greg Kurz <groug@kaod.org>
David Gibson [Thu, 28 Nov 2019 05:12:06 +0000 (16:12 +1100)]
spapr,ppc: Simplify signature of kvmppc_rma_size()
This function calculates the maximum size of the RMA as implied by the
host's page size of structure of the VRMA (there are a number of other
constraints on the RMA size which will supersede this one in many
circumstances).
The current interface takes the current RMA size estimate, and clamps it
to the VRMA derived size. The only current caller passes in an arguably
wrong value (it will match the current RMA estimate in some but not all
cases).
We want to fix that, but for now just keep concerns separated by having the
KVM helper function just return the VRMA derived limit, and let the caller
combine it with other constraints. We call the new function
kvmppc_vrma_limit() to more clearly indicate its limited responsibility.
The helper should only ever be called in the KVM enabled case, so replace
its !CONFIG_KVM stub with an assert() rather than a dummy value.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cedric Le Goater <clg@fr.ibm.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
David Gibson [Tue, 10 Dec 2019 05:25:04 +0000 (16:25 +1100)]
spapr: Don't use weird units for MIN_RMA_SLOF
MIN_RMA_SLOF records the minimum about of RMA that the SLOF firmware
requires. It lets us give a meaningful error if the RMA ends up too small,
rather than just letting SLOF crash.
It's currently stored as a number of megabytes, which is strange for global
constants. Move that megabyte scaling into the definition of the constant
like most other things use.
Change from M to MiB in the associated message while we're at it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
David Gibson [Thu, 27 Feb 2020 04:29:26 +0000 (15:29 +1100)]
target/ppc: Don't store VRMA SLBE persistently
Currently, we construct the SLBE used for VRMA translations when the LPCR
is written (which controls some bits in the SLBE), then use it later for
translations.
This is a bit complex and confusing - simplify it by simply constructing
the SLBE directly from the LPCR when we need it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
David Gibson [Mon, 6 Jan 2020 06:26:24 +0000 (17:26 +1100)]
target/ppc: Only calculate RMLS derived RMA limit on demand
When the LPCR is written, we update the env->rmls field with the RMA limit
it implies. Simplify things by just calculating the value directly from
the LPCR value when we need it.
It's possible this is a little slower, but it's unlikely to be significant,
since this is only for real mode accesses in a translation configuration
that's not used very often, and the whole thing is behind the qemu TLB
anyway. Therefore, keeping the number of state variables down and not
having to worry about making sure it's always in sync seems the better
option.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
David Gibson [Mon, 6 Jan 2020 06:18:54 +0000 (17:18 +1100)]
target/ppc: Correct RMLS table
The table of RMA limits based on the LPCR[RMLS] field is slightly wrong.
We're missing the RMLS == 0 => 256 GiB RMA option, which is available on
POWER8, so add that.
The comment that goes with the table is much more wrong. We *don't* filter
invalid RMLS values when writing the LPCR, and there's not really a
sensible way to do so. Furthermore, while in theory the set of RMLS values
is implementation dependent, it seems in practice the same set has been
available since around POWER4+ up until POWER8, the last model which
supports RMLS at all. So, correct that as well.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org>
David Gibson [Mon, 6 Jan 2020 05:52:26 +0000 (16:52 +1100)]
target/ppc: Streamline calculation of RMA limit from LPCR[RMLS]
Currently we use a big switch statement in ppc_hash64_update_rmls() to work
out what the right RMA limit is based on the LPCR[RMLS] field. There's no
formula for this - it's just an arbitrary mapping defined by the existing
CPU implementations - but we can make it a bit more readable by using a
lookup table rather than a switch. In addition we can use the MiB/GiB
symbols to make it a bit clearer.
While there we add a bit of clarity and rationale to the comment about
what happens if the LPCR[RMLS] doesn't contain a valid value.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
David Gibson [Mon, 6 Jan 2020 05:35:10 +0000 (16:35 +1100)]
target/ppc: Use class fields to simplify LPCR masking
When we store the Logical Partitioning Control Register (LPCR) we have a
big switch statement to work out which are valid bits for the cpu model
we're emulating.
As well as being ugly, this isn't really conceptually correct, since it is
based on the mmu_model variable, whereas the LPCR isn't (only) about the
MMU, so mmu_model is basically just acting as a proxy for the cpu model.
Handle this in a simpler way, by adding a suitable lpcr_mask to the QOM
class.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
David Gibson [Mon, 6 Jan 2020 02:14:16 +0000 (13:14 +1100)]
target/ppc: Remove RMOR register from POWER9 & POWER10
Currently we create the Real Mode Offset Register (RMOR) on all Book3S cpus
from POWER7 onwards. However the translation mode which the RMOR controls
is no longer supported in POWER9, and so the register has been removed from
the architecture.
Remove it from our model on POWER9 and POWER10.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org>
David Gibson [Mon, 6 Jan 2020 02:12:34 +0000 (13:12 +1100)]
spapr, ppc: Remove VPM0/RMLS hacks for POWER9
For the "pseries" machine, we use "virtual hypervisor" mode where we
only model the CPU in non-hypervisor privileged mode. This means that
we need guest physical addresses within the modelled cpu to be treated
as absolute physical addresses.
We used to do that by clearing LPCR[VPM0] and setting LPCR[RMLS] to a high
limit so that the old offset based translation for guest mode applied,
which does what we need. However, POWER9 has removed support for that
translation mode, which meant we had some ugly hacks to keep it working.
We now explicitly handle this sort of translation for virtual hypervisor
mode, so the hacks aren't necessary. We don't need to set VPM0 and RMLS
from the machine type code - they're now ignored in vhyp mode. On the cpu
side we don't need to allow LPCR[RMLS] to be set on POWER9 in vhyp mode -
that was only there to allow the hack on the machine side.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org>
projects / users / dwmw2 / qemu.git / log