summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * qemu/atomic: Drop special case for unsupported compilerPhilippe Mathieu-Daudé2020-12-151-17/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since commit efc6c070aca ("configure: Add a test for the minimum compiler version") the minimum compiler version required for GCC is 4.8, which has the GCC BZ#36793 bug fixed. We can safely remove the special case introduced in commit a281ebc11a6 ("virtio: add missing mb() on notification"). With clang 3.4, __ATOMIC_RELAXED is defined, so the chunk to remove (which is x86-specific), isn't reached either. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20201210134752.780923-2-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * hw/core: Restrict 'fw-path-provider.c' to system mode emulationPhilippe Mathieu-Daudé2020-12-151-1/+1
| | | | | | | | | | | | | | | | | | | | fw-path-provider.c is only consumed by qdev-fw.c, which itself is in softmmu_ss[], so we can restrict fw-path-provider.c to softmmu too. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20201207220709.4017938-1-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * docs: set CONFDIR when running sphinxMarc-André Lureau2020-12-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | The default configuration path /etc/qemu can be overriden with configure options, and the generated documentation used to reflect it. Fixes regression introduced in commit f8aa24ea9a82da38370470c6bc0eaa393999edfe ("meson: sphinx-build"). Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1902537 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20201201183704.299697-1-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * vl: rename local variable in configure_acceleratorsPaolo Bonzini2020-12-151-9/+9
| | | | | | | | | | | | | | | | | | | | Silly patch extracted from the next one, which is already big enough. Because there are already local variables named "accel", we will name the global vl.c variable for "-M accel" accelerators instead. Rename it already in configure_accelerators to be ready. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * qemu-option: pass QemuOptsList to opts_accepts_anyPaolo Bonzini2020-12-151-10/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A QemuOptsList can be of one of two kinds: either it is pre-validated, or it accepts any key and validation happens somewhere else (typically in a Visitor or against a list of QOM properties). opts_accepts_any returns true if a QemuOpts instance was created from a QemuOptsList of the latter kind, but there is no function to do the check on a QemuOptsList. Since this property comes from the QemuOptsList and almost all callers of opts_accepts_any use opts->list anyway, modify the function to accept QemuOptsList. Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * qemu-option: simplify search for end of keyPaolo Bonzini2020-12-151-22/+13Star
| | | | | | | | | | | | | | | | Use strcspn to find an equal or comma value, and pass the result directly to get_opt_name to avoid another strchr. Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * kvm: Take into account the unaligned section size when preparing bitmapZenghui Yu2020-12-151-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The kernel KVM_CLEAR_DIRTY_LOG interface has align requirement on both the start and the size of the given range of pages. We have been careful to handle the unaligned cases when performing CLEAR on one slot. But it seems that we forget to take the unaligned *size* case into account when preparing bitmap for the interface, and we may end up clearing dirty status for pages outside of [start, start + size). If the size is unaligned, let's go through the slow path to manipulate a temp bitmap for the interface so that we won't bother with those unaligned bits at the end of bitmap. I don't think this can happen in practice since the upper layer would provide us with the alignment guarantee. I'm not sure if kvm-all could rely on it. And this patch is mainly intended to address correctness of the specific algorithm used inside kvm_log_clear_one_slot(). Signed-off-by: Zenghui Yu <yuzenghui@huawei.com> Message-Id: <20201208114013.875-1-yuzenghui@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * scsi: fix device removal race vs IO restart callback on resumeMaxim Levitsky2020-12-151-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is (mostly theoretical) race between removal of a scsi device and scsi_dma_restart_bh. It used to be easier to hit this race prior to my / Paulo's patch series that added rcu to scsi bus device handling code, but IMHO this race should still be possible to hit, at least in theory. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1854811 Fix it anyway with a patch that was proposed by Paulo in the above bugzilla. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20201210125929.1136390-2-mlevitsk@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * icount: improve exec nocache usagePavel Dovgalyuk2020-12-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cpu-exec tries to execute TB without caching when current icount budget is over. But sometimes refilled budget is big enough to try executing cached blocks. This patch checks that instruction budget is big enough for next block execution instead of just running cpu_exec_nocache. It halves the number of calls of cpu_exec_nocache function during tested OS boot scenario. Signed-off-by: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru> Message-Id: <160741865825.348476.7169239332367828943.stgit@pasha-ThinkPad-X280> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * Remove the deprecated -show-cursor optionThomas Huth2020-12-154-21/+6Star
| | | | | | | | | | | | | | | | | | It has been marked as deprecated since QEMU v5.0, replaced by the corresponding parameter of the -display option. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20201210155808.233895-5-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * Remove the deprecated -realtime optionThomas Huth2020-12-155-48/+9Star
| | | | | | | | | | | | | | | | | | It has been marked as deprecated since QEMU v4.2, replaced by the -overcommit option. Time to remove it now. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20201210155808.233895-4-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * docs/system: Move the list of removed features to a separate fileThomas Huth2020-12-153-232/+232
| | | | | | | | | | | | | | | | | | | | | | Otherwise there is a chance that new deprecated features get added to the list of removed features at the end of the file by accident. It's way less confusing if the removed features reside in a separate file. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20201210155808.233895-3-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * accel/tcg: Remove deprecated '-tb-size' optionPhilippe Mathieu-Daudé2020-12-154-24/+6Star
| | | | | | | | | | | | | | | | | | | | | | | | The '-tb-size' option (replaced by '-accel tcg,tb-size') is deprecated since 5.0 (commit fe174132478). Remove it. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20201202112714.1223783-1-philmd@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20201210155808.233895-2-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * memory: clamp cached translation in case it points to an MMIO regionPaolo Bonzini2020-12-152-0/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In using the address_space_translate_internal API, address_space_cache_init forgot one piece of advice that can be found in the code for address_space_translate_internal: /* MMIO registers can be expected to perform full-width accesses based only * on their address, without considering adjacent registers that could * decode to completely different MemoryRegions. When such registers * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO * regions overlap wildly. For this reason we cannot clamp the accesses * here. * * If the length is small (as is the case for address_space_ldl/stl), * everything works fine. If the incoming length is large, however, * the caller really has to do the clamping through memory_access_size. */ address_space_cache_init is exactly one such case where "the incoming length is large", therefore we need to clamp the resulting length---not to memory_access_size though, since we are not doing an access yet, but to the size of the resulting section. This ensures that subsequent accesses to the cached MemoryRegionSection will be in range. With this patch, the enclosed testcase notices that the used ring does not fit into the MSI-X table and prints a "qemu-system-x86_64: Cannot map used" error. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * msix: assert that accesses are within boundsPaolo Bonzini2020-12-151-0/+3
| | | | | | | | | | | | This makes the testcase from the next patch fail. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * qtest/pvpanic: Test panic option that allows VM to continueAlejandro Jimenez2020-12-151-1/+25
| | | | | | | | | | | | | | | | | | | | | | Test the scenario where the -action panic=none parameter is used to signal that the VM must continue executing after a guest panic occurs. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com> Message-Id: <1607705564-26264-5-git-send-email-alejandro.j.jimenez@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * vl: Add option to avoid stopping VM upon guest panicAlejandro Jimenez2020-12-156-5/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current default action of pausing a guest after a panic event is received leaves the responsibility to resume guest execution to the management layer. The reasons for this behavior are discussed here: https://lore.kernel.org/qemu-devel/52148F88.5000509@redhat.com/ However, in instances like the case of older guests (Linux and Windows) using a pvpanic device but missing support for the PVPANIC_CRASHLOADED event, and Windows guests using the hv-crash enlightenment, it is desirable to allow the guests to continue running after sending a PVPANIC_PANICKED event. This allows such guests to proceed to capture a crash dump and automatically reboot without intervention of a management layer. Add an option to avoid stopping a VM after a panic event is received, by passing: -action panic=none in the command line arguments, or during runtime by using an upcoming QMP command. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com> Message-Id: <1607705564-26264-3-git-send-email-alejandro.j.jimenez@oracle.com> [Do not fix panic action in the variable, instead modify -no-shutdown. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * vl: Add an -action option specifying response to guest eventsAlejandro Jimenez2020-12-152-2/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several command line options currently in use are meant to modify the behavior of QEMU in response to certain guest events like: -no-reboot, -no-shutdown, -watchdog-action. These can be grouped into a single option of the form: -action event=action Which can be used to specify the existing options above in the following format: -action reboot=none|shutdown -action shutdown=poweroff|pause -action watchdog=reset|shutdown|poweroff|pause|debug|none|inject-nmi This is done in preparation for adding yet another option of this type, which modifies the QEMU behavior when a guest panic occurs. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com> Message-Id: <1607705564-26264-2-git-send-email-alejandro.j.jimenez@oracle.com> [Use QemuOpts help support, invoke QMP command. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * qmp: generalize watchdog-set-action to -no-reboot/-no-shutdownAlejandro Jimenez2020-12-1511-13/+134
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a QMP command to allow for the behaviors specified by the -no-reboot and -no-shutdown command line option to be set at runtime. The new command is named set-action and takes optional arguments, named after an event, that provide a corresponding action to take. Example: -> { "execute": "set-action", "arguments": { "reboot": "none", "shutdown": "poweroff", "watchdog": "debug" } } <- { "return": {} } Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com> Message-Id: <1607705564-26264-4-git-send-email-alejandro.j.jimenez@oracle.com> [Split the series differently, with -action based on the QMP command. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * monitor: allow quitting while in preconfig statePaolo Bonzini2020-12-152-1/+3
| | | | | | | | | | Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * memory: allow creating MemoryRegions before acceleratorsPaolo Bonzini2020-12-152-11/+7Star
| | | | | | | | | | | | | | | | | | Compute the DIRTY_MEMORY_CODE bit in memory_region_get_dirty_log_mask instead of memory_region_init_*. This makes it possible to allocate memory backend objects at any time. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * plugin: propagate errorsPaolo Bonzini2020-12-154-25/+21Star
| | | | | | | | | | | | | | | | | | | | | | | | qemu_finish_machine_init currently can only exit QEMU if it fails. Prepare for giving it proper error propagation, and possibly for adding a plugin_add monitor command that calls an accelerator method. While at it, make all errors from plugin_load look the same. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * vl: make qemu_get_machine_opts staticPaolo Bonzini2020-12-1512-39/+26Star
| | | | | | | | | | | | | | Machine options can be retrieved as properties of the machine object. Encourage that by removing the "easy" accessor to machine options. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * ppc/spapr: cleanup -machine pseries,nvdimm=X handlingIgor Mammedov2020-12-152-13/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since NVDIMM support was introduced on pseries machine, it ignored machine's nvdimm=on|off option and effectively was always enabled on machines that support NVDIMM. Later on commit (28f5a716212 ppc/spapr_nvdimm: do not enable support with 'nvdimm=off') makes QEMU error out in case user explicitly set 'nvdimm=off' on CLI by peeking at machine_opts. However that's a workaround and leaves 'nvdimms_state->is_enabled' in inconsistent state (false) when it should be set true by default. Instead of using on machine_opts, set default to true for pseries machine in initfn time. If user sets manually 'nvdimm=off' it will overwrite default value to false and QEMU will error as expected without need to peek into machine_opts. That way pseries will have, nvdimm enabled by default and will honor user provided 'nvdimm=on|off'. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20201208164606.4109134-1-imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * machine: introduce MachineInitPhasePaolo Bonzini2020-12-1511-32/+73
| | | | | | | | | | | | | | | | Generalize the qdev_hotplug variable to the different phases of machine initialization. We would like to allow different monitor commands depending on the phase. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * chardev: do not use machine_init_donePaolo Bonzini2020-12-159-88/+43Star
| | | | | | | | | | | | | | | | | | | | | | | | | | machine_init_done is not the right flag to check when preconfig is taken into account; for example "./qemu-system-x86_64 -serial mon:stdio -preconfig" does not print the QEMU monitor header until after exit_preconfig. Add back a custom bool for mux character devices. This partially undoes commit c7278b4355 ("chardev: introduce chr_machine_done hook", 2018-03-12), but it keeps the cleaner logic using a function pointer in ChardevClass. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * vl: move all generic initialization out of vl.cPaolo Bonzini2020-12-154-46/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | qdev_machine_creation_done is only setting a flag now. Extend it to move more code out of vl.c. Leave only consistency checks and gdbserver processing in qemu_machine_creation_done. gdbserver_start can be moved after qdev_machine_creation_done because it only does listen on the socket and creates some internal data structures; it does not send any data (e.g. guest state) over the socket. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * vl: extract softmmu/globals.cPaolo Bonzini2020-12-156-45/+83
| | | | | | | | | | Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * vl: extract softmmu/runstate.cPaolo Bonzini2020-12-154-751/+805
| | | | | | | | | | Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * vl: allow -incoming defer with -preconfigPaolo Bonzini2020-12-151-3/+2Star
| | | | | | | | | | | | | | | | Now that there is no RUN_STATE_PRECONFIG anymore that can conflict with RUN_STATE_INMIGRATE, we can allow -incoming defer with -preconfig. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * vl: remove separate preconfig main_loopPaolo Bonzini2020-12-153-64/+41Star
| | | | | | | | | | | | | | | | | | | | | | | | | | Move post-preconfig initialization to the x-exit-preconfig. If preconfig is not requested, just exit preconfig mode immediately with the QMP command. As a result, the preconfig loop will run with accel_setup_post and os_setup_post restrictions (xen_restrict, chroot, etc.) already done. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * remove preconfig statePaolo Bonzini2020-12-1511-29/+34
| | | | | | | | | | | | | | | | | | | | The preconfig state is only used if -incoming is not specified, which makes the RunState state machine more tricky than it need be. However there is already an equivalent condition which works even with -incoming, namely qdev_hotplug. Use it instead of a separate runstate. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | Merge remote-tracking branch ↵Peter Maydell2020-12-1532-304/+1557
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/pmaydell/tags/pull-target-arm-20201215' into staging target-arm queue: * gdbstub: Correct misparsing of vCont C/S requests * openrisc: Move pic_cpu code into CPU object proper * nios2: Move IIC code into CPU object proper * Improve reporting of ROM overlap errors * xlnx-versal: Add USB support * hw/misc/zynq_slcr: Avoid #DIV/0! error * Numonyx: Fix dummy cycles and check for SPI mode on cmds # gpg: Signature made Tue 15 Dec 2020 13:59:46 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20201215: hw/block/m25p80: Fix Numonyx fast read dummy cycle count hw/block/m25p80: Check SPI mode before running some Numonyx commands hw/block/m25p80: Fix when VCFG XIP bit is set for Numonyx hw/block/m25p80: Make Numonyx config field names more accurate hw/misc/zynq_slcr: Avoid #DIV/0! error arm: xlnx-versal: Connect usb to virt-versal usb: xlnx-usb-subsystem: Add xilinx usb subsystem usb: Add DWC3 model usb: Add versal-usb2-ctrl-regs module elf_ops.h: Be more verbose with ROM blob names elf_ops.h: Don't truncate name of the ROM blobs we create hw/core/loader.c: Improve reporting of ROM overlap errors hw/core/loader.c: Track last-seen ROM in rom_check_and_register_reset() target/nios2: Use deposit32() to update ipending register target/nios2: Move nios2_check_interrupts() into target/nios2 target/nios2: Move IIC code into CPU object proper target/openrisc: Move pic_cpu code into CPU object proper hw/openrisc/openrisc_sim: Abstract out "get IRQ x of CPU y" hw/openrisc/openrisc_sim: Use IRQ splitter when connecting IRQ to multiple CPUs gdbstub: Correct misparsing of vCont C/S requests Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * hw/block/m25p80: Fix Numonyx fast read dummy cycle countJoe Komlodi2020-12-151-3/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Numonyx chips determine the number of cycles to wait based on bits 7:4 in the volatile configuration register. However, if these bits are 0x0 or 0xF, the number of dummy cycles to wait is 10 for QIOR and QIOR4 commands or when in QIO mode, and otherwise 8 for the currently supported fast read commands. [1] [1] https://www.micron.com/-/media/client/global/documents/products/data-sheet/nor-flash/serial-nor/mt25q/die-rev-b/mt25q_qlkt_u_02g_cbb_0.pdf?rev=9b167fbf2b3645efba6385949a72e453 Signed-off-by: Joe Komlodi <komlodi@xilinx.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Message-id: 1605568264-26376-5-git-send-email-komlodi@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * hw/block/m25p80: Check SPI mode before running some Numonyx commandsJoe Komlodi2020-12-151-19/+95
| | | | | | | | | | | | | | | | | | | | Some Numonyx flash commands cannot be executed in DIO and QIO mode, such as trying to do DPP or DOR when in QIO mode. Signed-off-by: Joe Komlodi <komlodi@xilinx.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Message-id: 1605568264-26376-4-git-send-email-komlodi@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * hw/block/m25p80: Fix when VCFG XIP bit is set for NumonyxJoe Komlodi2020-12-151-1/+1
| | | | | | | | | | | | | | | | | | VCFG XIP is set (disabled) when the NVCFG XIP bits are all set (disabled). Signed-off-by: Joe Komlodi <komlodi@xilinx.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Message-id: 1605568264-26376-3-git-send-email-komlodi@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * hw/block/m25p80: Make Numonyx config field names more accurateJoe Komlodi2020-12-151-6/+6
| | | | | | | | | | | | | | | | | | | | The previous naming of the configuration registers made it sound like that if the bits were set the settings would be enabled, while the opposite is true. Signed-off-by: Joe Komlodi <komlodi@xilinx.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Message-id: 1605568264-26376-2-git-send-email-komlodi@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * hw/misc/zynq_slcr: Avoid #DIV/0! errorPhilippe Mathieu-Daudé2020-12-151-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Malicious user can set the feedback divisor for the PLLs to zero, triggering a floating-point exception (SIGFPE). As the datasheet [*] is not clear how hardware behaves when these bits are zeroes, use the maximum divisor possible (128) to avoid the software FPE. [*] Zynq-7000 TRM, UG585 (v1.12.2) B.28 System Level Control Registers (slcr) -> "Register (slcr) ARM_PLL_CTRL" 25.10.4 PLLs -> "Software-Controlled PLL Update" Fixes: 38867cb7ec9 ("hw/misc/zynq_slcr: add clock generation for uarts") Reported-by: Gaoning Pan <pgn@zju.edu.cn> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Damien Hedde <damien.hedde@greensocs.com> Message-id: 20201210141610.884600-1-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * arm: xlnx-versal: Connect usb to virt-versalVikram Garhwal2020-12-153-0/+90
| | | | | | | | | | | | | | | | | | | | | | | | Connect VersalUsb2 subsystem to xlnx-versal SOC, its placed in iou of lpd domain and configure it as dual port host controller. Add the respective guest dts nodes for "xlnx-versal-virt" machine. Signed-off-by: Vikram Garhwal <fnu.vikram@xilinx.com> Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1607023357-5096-5-git-send-email-sai.pavan.boddu@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * usb: xlnx-usb-subsystem: Add xilinx usb subsystemSai Pavan Boddu2020-12-154-0/+145
| | | | | | | | | | | | | | | | | | | | | | | | This model is a top level integration wrapper for hcd-dwc3 and versal-usb2-ctrl-regs modules, this is used by xilinx versal soc's and future xilinx usb subsystems would also be part of it. Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1607023357-5096-4-git-send-email-sai.pavan.boddu@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * usb: Add DWC3 modelVikram Garhwal2020-12-154-0/+750
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds skeleton model of dwc3 usb controller attached to xhci-sysbus device. It defines global register space of DWC3 controller, global registers control the AXI/AHB interfaces properties, external FIFO support and event count support. All of which are unimplemented at present,we are only supporting core reset and read of ID register. Signed-off-by: Vikram Garhwal <fnu.vikram@xilinx.com> Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1607023357-5096-3-git-send-email-sai.pavan.boddu@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * usb: Add versal-usb2-ctrl-regs moduleSai Pavan Boddu2020-12-153-0/+275
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This module emulates control registers of versal usb2 controller, this is added just to make guest happy. In general this module would control the phy-reset signal from usb controller, data coherency of the transactions, signals the host system errors received from controller. Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com> Signed-off-by: Vikram Garhwal <fnu.vikram@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1607023357-5096-2-git-send-email-sai.pavan.boddu@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * elf_ops.h: Be more verbose with ROM blob namesPeter Maydell2020-12-151-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Instead of making the ROM blob name something like: phdr #0: /home/petmay01/linaro/qemu-misc-tests/ldmia-fault.axf make it a little more self-explanatory for people who don't know ELF format details: /home/petmay01/linaro/qemu-misc-tests/ldmia-fault.axf ELF program header segment 0 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201129203923.10622-5-peter.maydell@linaro.org
| * elf_ops.h: Don't truncate name of the ROM blobs we createPeter Maydell2020-12-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Currently the load_elf code assembles the ROM blob name into a local 128 byte fixed-size array. Use g_strdup_printf() instead so that we don't truncate the pathname if it happens to be long. (This matters mostly for monitor 'info roms' output and for the error messages if ROM blobs overlap.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201129203923.10622-4-peter.maydell@linaro.org
| * hw/core/loader.c: Improve reporting of ROM overlap errorsPeter Maydell2020-12-152-7/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In rom_check_and_register_reset() we report to the user if there is a "ROM region overlap". This has a couple of problems: * the reported information is not very easy to intepret * the function just prints the overlap to stderr (and relies on its single callsite in vl.c to do an error_report() and exit) * only the first overlap encountered is diagnosed Make this function use error_report() and error_printf() and report a more user-friendly report with all the overlaps diagnosed. Sample old output: rom: requested regions overlap (rom dtb. free=0x0000000000008000, addr=0x0000000000000000) qemu-system-aarch64: rom check and register reset failed Sample new output: qemu-system-aarch64: Some ROM regions are overlapping These ROM regions might have been loaded by direct user request or by default. They could be BIOS/firmware images, a guest kernel, initrd or some other file loaded into guest memory. Check whether you intended to load all this guest code, and whether it has been built to load to the correct addresses. The following two regions overlap (in the cpu-memory-0 address space): phdr #0: /home/petmay01/linaro/qemu-misc-tests/ldmia-fault.axf (addresses 0x0000000000000000 - 0x0000000000008000) dtb (addresses 0x0000000000000000 - 0x0000000000100000) The following two regions overlap (in the cpu-memory-0 address space): phdr #1: /home/petmay01/linaro/qemu-misc-tests/bad-psci-call.axf (addresses 0x0000000040000000 - 0x0000000040000010) phdr #0: /home/petmay01/linaro/qemu-misc-tests/bp-test.elf (addresses 0x0000000040000000 - 0x0000000040000020) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201129203923.10622-3-peter.maydell@linaro.org
| * hw/core/loader.c: Track last-seen ROM in rom_check_and_register_reset()Peter Maydell2020-12-151-8/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In rom_check_and_register_reset() we detect overlaps by looking at whether the ROM blob we're currently examining is in the same address space and starts before the previous ROM blob ends. (This works because the ROM list is kept sorted in order by AddressSpace and then by address.) Instead of keeping the AddressSpace and last address of the previous ROM blob in local variables, just keep a pointer to it. This will allow us to print more useful information when we do detect an overlap. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201129203923.10622-2-peter.maydell@linaro.org
| * target/nios2: Use deposit32() to update ipending registerPeter Maydell2020-12-151-2/+1Star
| | | | | | | | | | | | | | | | | | In nios2_cpu_set_irq(), use deposit32() rather than raw shift-and-mask operations to set the appropriate bit in the ipending register. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201129174022.26530-4-peter.maydell@linaro.org
| * target/nios2: Move nios2_check_interrupts() into target/nios2Peter Maydell2020-12-154-39/+10Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The function nios2_check_interrupts)() looks only at CPU-internal state; it belongs in target/nios2, not hw/nios2. Move it into the same file as its only caller, so it can just be local to that file. This removes the only remaining code from cpu_pic.c, so we can delete that file entirely. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201129174022.26530-3-peter.maydell@linaro.org Reviewed-by: Wentong Wu <wentong.wu@intel.com> Tested-by: Wentong Wu <wentong.wu@intel.com>
| * target/nios2: Move IIC code into CPU object properPeter Maydell2020-12-157-140/+32Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Nios2 architecture supports two different interrupt controller options: * The IIC (Internal Interrupt Controller) is part of the CPU itself; it has 32 IRQ input lines and no NMI support. Interrupt status is queried and controlled via the CPU's ipending and istatus registers. * The EIC (External Interrupt Controller) interface allows the CPU to connect to an external interrupt controller. The interface allows the interrupt controller to present a packet of information containing: - handler address - interrupt level - register set - NMI mode QEMU does not model an EIC currently. We do model the IIC, but its implementation is split across code in hw/nios2/cpu_pic.c and hw/intc/nios2_iic.c. The code in those two files has no state of its own -- the IIC state is in the Nios2CPU state struct. Because CPU objects now inherit (indirectly) from TYPE_DEVICE, they can have GPIO input lines themselves, so we can implement the IIC directly in the CPU object the same way that real hardware does. Create named "IRQ" GPIO inputs to the Nios2 CPU object, and make the only user of the IIC wire up directly to those instead. Note that the old code had an "NMI" concept which was entirely unused and also as far as I can see not architecturally correct, since only the EIC has a concept of an NMI. This fixes a Coverity-reported trivial memory leak of the IRQ array allocated in nios2_cpu_pic_init(). Fixes: Coverity CID 1421916 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201129174022.26530-2-peter.maydell@linaro.org Reviewed-by: Wentong Wu <wentong.wu@intel.com> Tested-by: Wentong Wu <wentong.wu@intel.com>
| * target/openrisc: Move pic_cpu code into CPU object properPeter Maydell2020-12-155-65/+34Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The openrisc code uses an old style of interrupt handling, where a separate standalone set of qemu_irqs invoke a function openrisc_pic_cpu_handler() which signals the interrupt to the CPU proper by directly calling cpu_interrupt() and cpu_reset_interrupt(). Because CPU objects now inherit (indirectly) from TYPE_DEVICE, they can have GPIO input lines themselves, and the neater modern way to implement this is to simply have the CPU object itself provide the input IRQ lines. Create GPIO inputs to the OpenRISC CPU object, and make the only user of cpu_openrisc_pic_init() wire up directly to those instead. This allows us to delete the hw/openrisc/pic_cpu.c file entirely. This fixes a trivial memory leak reported by Coverity of the IRQs allocated in cpu_openrisc_pic_init(). Fixes: Coverity CID 1421934 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stafford Horne <shorne@gmail.com> Message-id: 20201127225127.14770-4-peter.maydell@linaro.org