Peter Maydell [Thu, 5 Feb 2015 13:37:23 +0000 (13:37 +0000)]
target-arm: Define correct mmu_idx values and pass them in TB flags
We currently claim that for ARM the mmu_idx should simply be the current
exception level. However this isn't actually correct -- secure EL0 and EL1
should have separate indexes from non-secure EL0 and EL1 since their
VA->PA mappings may differ. We also will want an index for stage 2
translations when we properly support EL2.
Define and document all seven mmu index values that we require, and
pass the mmu index in the TB flags rather than exception level or
priv/user bit.
This change doesn't update the get_phys_addr() code, so our page
table walking still assumes a simplistic "user or priv?" model for
the moment.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
---
This leaves some odd gaps in the TB flags usage. I will circle
back and clean this up later (including moving the other common
flags like the singlestep ones to the top of the flags word),
but I didn't want to bloat this patchseries further.
Peter Maydell [Thu, 5 Feb 2015 13:37:23 +0000 (13:37 +0000)]
target-arm/translate-a64: Fix wrong mmu_idx usage for LDT/STT
The LDT/STT (load/store unprivileged) instruction decode was using
the wrong MMU index value. This meant that instead of these insns
being "always access as if user-mode regardless of current privilege"
they were "always access as if kernel-mode regardless of current
privilege". This went unnoticed because AArch64 Linux doesn't use
these instructions.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
I'm not counting this as a security issue because I'm assuming
nobody treats TCG guests as a security boundary (certainly I
would not recommend doing so...)
Peter Maydell [Thu, 5 Feb 2015 13:37:23 +0000 (13:37 +0000)]
target-arm: Make arm_current_el() return sensible values for M profile
Although M profile doesn't have the same concept of exception level
as A profile, it does have a notion of privileged versus not, which
we currently track in the privmode TB flag. Support returning this
information if arm_current_el() is called on an M profile core, so
that we can identify the correct MMU index to use (and put the MMU
index in the TB flags) without having to special-case M profile.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Peter Maydell [Thu, 5 Feb 2015 13:37:23 +0000 (13:37 +0000)]
cpu_ldst.h: Allow NB_MMU_MODES to be 7
Support guest CPUs which need 7 MMU index values.
Add a comment about what would be required to raise the limit
further (trivial for 8, TCG backend rework for 9 or more).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net>
Kirill Batuzov [Thu, 5 Feb 2015 13:37:22 +0000 (13:37 +0000)]
target-arm: check that LSB <= MSB in BFI instruction
The documentation states that if LSB > MSB in BFI instruction behaviour
is unpredictable. Currently QEMU crashes because of assertion failure in
this case:
While assertion failure may meet the "unpredictable" definition this
behaviour is undesirable because it allows an unprivileged guest program
to crash the emulator with the OS and other programs.
This patch addresses the issue by throwing illegal instruction exception
if LSB > MSB. Only ARM decoder is affected because Thumb decoder already
has this check in place.
Peter Maydell [Thu, 5 Feb 2015 13:37:22 +0000 (13:37 +0000)]
target-arm: Squash input denormals in FRECPS and FRSQRTS
The helper functions for FRECPS and FRSQRTS have special case
handling that includes checks for zero inputs, so squash input
denormals if necessary before those checks. This fixes incorrect
output when the FPCR DZ bit is set to enable squashing of input
denormals.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Xiangyu Hu [Thu, 5 Feb 2015 13:37:22 +0000 (13:37 +0000)]
Fix FMULX not squashing denormalized inputs when FZ is set.
While FMULX returns a 2.0f float when two operators are infinity and
zero, those operators should be unpacked from raw inputs first. Inconsistent
cases would occur when operators are denormalized floats in flush-to-zero
mode. A wrong codepath will be entered and 2.0f will not be returned
without this patch.
Fix by checking whether inputs need to be flushed before running into
different codepaths.
Signed-off-by: Xiangyu Hu <libhu.so@gmail.com>
Message-id: 1422459650-12490-1-git-send-email-libhu.so@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 5 Feb 2015 13:37:22 +0000 (13:37 +0000)]
target-arm: Add checks that cpreg raw accesses are handled
Add assertion checking when cpreg structures are registered that they
either forbid raw-access attempts or at least make an attempt at
handling them. Also add an assert in the raw-accessor-of-last-resort,
to avoid silently doing a read or write from offset zero, which is
actually AArch32 CPU register r0.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422282372-13735-3-git-send-email-peter.maydell@linaro.org Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Peter Maydell [Thu, 5 Feb 2015 13:37:22 +0000 (13:37 +0000)]
target-arm: Split NO_MIGRATE into ALIAS and NO_RAW
We currently mark ARM coprocessor/system register definitions with
the flag ARM_CP_NO_MIGRATE for two different reasons:
1) register is an alias on to state that's also visible via
some other register, and that other register is the one
responsible for migrating the state
2) register is not actually state at all (for instance the TLB
or cache maintenance operation "registers") and it makes no
sense to attempt to migrate it or otherwise access the raw state
This works fine for identifying which registers should be ignored
when performing migration, but we also use the same functions for
synchronizing system register state between QEMU and the kernel
when using KVM. In this case we don't want to try to sync state
into registers in category 2, but we do want to sync into registers
in category 1, because the kernel might have picked a different
one of the aliases as its choice for which one to expose for
migration. (In particular, on 32 bit hosts the kernel will
expose the state in the AArch32 version of the register, but
TCG's convention is to mark the AArch64 version as the version
to migrate, even if the CPU being emulated happens to be 32 bit,
so almost all system registers will hit this issue now that we've
added AArch64 system emulation.)
Fix this by splitting the NO_MIGRATE flag in two (ALIAS and NO_RAW)
corresponding to the two different reasons we might not want to
migrate a register. When setting up the TCG list of registers to
migrate we honour both flags; when populating the list from KVM,
only ignore registers which are NO_RAW.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1422282372-13735-2-git-send-email-peter.maydell@linaro.org
[PMM: changed ARM_CP_NO_MIGRATE to ARM_CP_ALIAS on new SP_EL1 and
SP_EL2 reginfo stanzas since there was a (semantic) merge conflict
with the patchset that added those]
Greg Bellows [Thu, 5 Feb 2015 13:37:22 +0000 (13:37 +0000)]
target-arm: Add extended RVBAR support
Added RVBAR_EL2 and RVBAR_EL3 CP register support. All RVBAR_EL# registers
point to the same location and only the highest EL version exists at any one
time.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-3-git-send-email-greg.bellows@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target_arm: Parameterise the irq lines for armv7m_init
This patch allows the board to specifiy the number of NVIC interrupt
lines when using armv7m_init.
Signed-off-by: Alistair Francis <alistair23@gmail.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 5a0b0fcc778df0340899f488053acc9493679e03.1422077994.git.alistair23@gmail.com
[PMM: removed stale FIXME comment] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target_arm: Remove memory region init from armv7m_init
This patch moves the memory region init code from the
armv7m_init function to the stellaris_init function
Signed-off-by: Alistair Francis <alistair23@gmail.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 4836be7e1d708554d6eb0bc639dc2fbf7dac0458.1422077994.git.alistair23@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 5 Feb 2015 11:11:56 +0000 (11:11 +0000)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-02-05' into staging
qmp hmp balloon: Cleanups around error reporting
# gpg: Signature made Thu 05 Feb 2015 07:15:11 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/pull-error-2015-02-05:
balloon: Eliminate silly QERR_ macros
balloon: Factor out common "is balloon active" test
balloon: Inline qemu_balloon(), qemu_balloon_status()
qmp: Eliminate silly QERR_COMMAND_NOT_FOUND macro
qmp: Simplify recognition of capability negotiation command
qmp: Clean up qmp_query_spice() #ifndef !CONFIG_SPICE dummy
hmp: Compile hmp_info_spice() only with CONFIG_SPICE
qmp hmp: Improve error messages when SPICE is not in use
qmp hmp: Factor out common "using spice" test
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Williamson [Wed, 4 Feb 2015 18:45:32 +0000 (11:45 -0700)]
vfio-pci: Fix missing unparent of dynamically allocated MemoryRegion
Commit d8d95814609e added explicit object_unparent() calls for
dynamically allocated MemoryRegions. The VFIOMSIXInfo structure also
contains such a MemoryRegion, covering the mmap'd region of a PCI BAR
above the MSI-X table. This structure is freed as part of the class
exit function and therefore also needs an explicit object_unparent().
Failing to do this results in random segfaults due to fields within
the structure, often the class pointer, being reclaimed and corrupted
by the time object_finalize_child_property() is called for the object.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Cc: qemu-stable@nongnu.org # 2.2
Peter Maydell [Tue, 3 Feb 2015 21:37:16 +0000 (21:37 +0000)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tg-s390-20150203' into staging
s390 translator bug fixes
# gpg: Signature made Tue 03 Feb 2015 20:39:15 GMT using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg: aka "Richard Henderson <rth@redhat.com>"
# gpg: aka "Richard Henderson <rth@twiddle.net>"
* remotes/rth/tags/pull-tg-s390-20150203:
target-s390x: fix and optimize slb* and slbg* computation of carry/borrow flag
target-s390x: support OC and NC in the EX instruction
disas/s390.c: Remove unused variables
target-s390x: Mark check_privileged() as !CONFIG_USER_ONLY
target-s390: Implement ECAG
target-s390: Implement LURA, LURAG, STURG
target-s390: Fix STURA
target-s390: Fix STIDP
target-s390: Implement EPSW
target-s390: Implement SAM specification exception
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-s390x: fix and optimize slb* and slbg* computation of carry/borrow flag
This patch fixes the bug with borrow_in being set incorrectly, but it
also simplifies the logic to be much more plain, improving speed. It
fixes both the 32-bit SLB* and 64-bit SLBG*.
The SLBG* change has been well-tested. I haven't tested the SLB* change
explicitly, but the code was copy-pasted from the tested code.
The error of these functions' current implementations would not likely
be triggered by compiler-generated code, since the only error was in the
state of the carry/borrow flag. Compilers rarely generate an
instruction sequence such as carry-set -> carry-set-and-use ->
carry-use.
(With Paolo's fix and mine, there are still a couple of failures from
GMP's testsuite, but they are almost surely due to incorrect code
generation from gcc 4.9. But since this gcc is running under qemu, it
might be qemu bugs. I intend to investigate this.)
Signed-off-by: Torbjorn Granlund <torbjorng@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
Peter Maydell [Mon, 26 Jan 2015 16:28:31 +0000 (16:28 +0000)]
disas/s390.c: Remove unused variables
The variables s390_opformats and s390_num_opformats are unused and
provoke clang warnings:
disas/s390.c:849:33: warning: variable 's390_opformats' is not needed and will not be emitted [-Wunneeded-internal-declaration]
static const struct s390_opcode s390_opformats[] =
^
disas/s390.c:875:18: warning: unused variable 's390_num_opformats' [-Wunused-const-variable]
static const int s390_num_opformats =
^
Delete them, since QEMU doesn't use them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1419373100-17690-3-git-send-email-peter.maydell@linaro.org Signed-off-by: Richard Henderson <rth@twiddle.net>
Peter Maydell [Mon, 26 Jan 2015 16:28:30 +0000 (16:28 +0000)]
target-s390x: Mark check_privileged() as !CONFIG_USER_ONLY
The function check_privileged() is only used in the softmmu configs;
wrap it in an #ifndef CONFIG_USER_ONLY to avoid clang warnings on the
linux-user builds.
[rth: Remove inline marker too; it was only there to prevent exactly
this warning in GCC.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1419373100-17690-2-git-send-email-peter.maydell@linaro.org Signed-off-by: Richard Henderson <rth@twiddle.net>
The implementation had been incomplete, as we did not store the
machine type. Note that the machine_type member is still unset
during initialization, so this has no effect yet.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Peter Maydell [Tue, 3 Feb 2015 13:19:52 +0000 (13:19 +0000)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20150203' into staging
Some bugfixes and cleanups for s390x, both in the new pci code and
in old code.
# gpg: Signature made Tue 03 Feb 2015 13:01:04 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
* remotes/cohuck/tags/s390x-20150203:
pc-bios/s390-ccw: update binary
pc-bios/s390-ccw: fix sparse warnings
s390x/ipl: Improved code indentation in s390_ipl_init()
s390x/kvm: unknown DIAGNOSE code should give a specification exception
s390x/kvm: Fix diag-308 register decoding
s390x/pci: fix dma notifications in rpcit instruction
s390x/pci: check for invalid function handle
s390x/pci: avoid sign extension in stpcifc
s390: Plug memory leak on s390_pci_generate_event() error path
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
s390x/kvm: unknown DIAGNOSE code should give a specification exception
As described in CP programming services an unimplemented DIAGNOSE
function should return a specification exception. Today we give the
guest an operation exception.
As both exception types are suppressing and Linux as a guest does not
care about the type of program check in its exception table handler
as long as both types have the same kind of error handling (nullifying,
terminating, suppressing etc.) this was unnoticed.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Yi Min Zhao [Mon, 19 Jan 2015 07:15:56 +0000 (15:15 +0800)]
s390x/pci: fix dma notifications in rpcit instruction
The virtual I/O address range passed to rpcit instruction might not
map to consecutive physical guest pages. For this we have to translate
and create mapping notifications for each vioa page separately.
Signed-off-by: Yi Min Zhao <zyimin@cn.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Frank Blaschka [Fri, 16 Jan 2015 13:55:21 +0000 (14:55 +0100)]
s390x/pci: check for invalid function handle
broken guest may provide 0 (invalid) function handle to zpci
instructions. Since we use function handle 0 to indicate an empty
slot in the PHB we have to add an additional check to spot this
kind of error.
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Peter Maydell [Mon, 2 Feb 2015 19:36:02 +0000 (19:36 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
The important bits here are the first part of RCU.
v1->v2 changes are the new qemu-thread patch to fix Mac OS X,
and cleaning up warnings.
v2->v3 removed the patch to enable modules by default.
# gpg: Signature made Mon 02 Feb 2015 19:28:03 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
scsi: Fix scsi_req_cancel_async for no aiocb req
cpu-exec: simplify init_delay_params
cpu-exec: simplify align_clocks
memory: avoid ref/unref in memory_region_find
memory: protect current_map by RCU
memory: remove assertion on memory_region_destroy
rcu: add call_rcu
rcu: allow nesting of rcu_read_lock/rcu_read_unlock
rcu: add rcutorture
rcu: add rcu library
qemu-thread: fix qemu_event without futexes
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fam Zheng [Tue, 27 Jan 2015 09:16:59 +0000 (17:16 +0800)]
scsi: Fix scsi_req_cancel_async for no aiocb req
scsi_req_cancel_complete is responsible for releasing the request, so we
shouldn't skip it in any case. This doesn't affect the only existing
caller, virtio-scsi, but is useful for other devices once they use it.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 28 Jan 2015 09:09:55 +0000 (10:09 +0100)]
cpu-exec: simplify align_clocks
sc->diff_clk is already equal to sleep_delay (split in a second and a
nanosecond part). If you subtract sleep_delay - rem_delay, the result
is exactly rem_delay.
Cc: Sebastian Tanase <sebastian.tanase@openwide.fr> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Jan Kiszka [Tue, 2 Jul 2013 14:51:15 +0000 (16:51 +0200)]
memory: remove assertion on memory_region_destroy
Now that memory_region_destroy can be called from an RCU callback,
checking the BQL-protected global memory_region_transaction_depth
does not make much sense.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 13 May 2013 15:49:24 +0000 (17:49 +0200)]
rcu: add call_rcu
Asynchronous callbacks provided by call_rcu are particularly important
for QEMU, because the BQL makes it hard to use synchronize_rcu.
In addition, the current RCU implementation is not particularly friendly
to multiple concurrent synchronize_rcu callers, making call_rcu even
more important.
Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 13 May 2013 11:29:47 +0000 (13:29 +0200)]
rcu: add rcu library
This includes a (mangled) copy of the liburcu code. The main changes
are: 1) removing dependencies on many other header files in liburcu; 2)
removing for simplicity the tentative busy waiting in synchronize_rcu,
which has limited performance effects; 3) replacing futexes in
synchronize_rcu with QemuEvents for Win32 portability. The API is
the same as liburcu, so it should be possible in the future to require
liburcu on POSIX systems for example and use our copy only on Windows.
Among the various versions available I chose urcu-mb, which is the
least invasive implementation even though it does not have the
fastest rcu_read_{lock,unlock} implementation. The urcu flavor can
be changed later, after benchmarking.
Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Mon, 12 Jan 2015 14:38:28 +0000 (14:38 +0000)]
softfloat: Clarify license status
The code in the softfloat source files is under a mixture of
licenses: the original code and many changes from QEMU contributors
are under the base SoftFloat-2a license; changes from Stefan Weil
and RedHat employees are GPLv2-or-later; changes from Fabrice Bellard
are under the BSD license. Clarify this in the comments at the
top of each affected source file, including a statement about
the assumed licensing for future contributions, so we don't need
to remember to ask patch submitters explicitly to pick a license.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Andreas Färber <afaerber@suse.de> Acked-by: Aurelien Jarno <aurelien@aurel32.net> Acked-by: Avi Kivity <avi.kivity@gmail.com> Acked-by: Ben Taylor <bentaylor.solx86@gmail.com> Acked-by: Blue Swirl <blauwirbel@gmail.com> Acked-by: Christophe Lyon <christophe.lyon@st.com> Acked-by: Fabrice Bellard <fabrice@bellard.org> Acked-by: Guan Xuetao <gxt@mprc.pku.edu.cn> Acked-by: Juan Quintela <quintela@redhat.com> Acked-by: Max Filippov <jcmvbkbc@gmail.com> Acked-by: Paul Brook <paul@codesourcery.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Richard Henderson <rth@twiddle.net> Acked-by: Richard Sandiford <rdsandiford@googlemail.com> Acked-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421073508-23909-5-git-send-email-peter.maydell@linaro.org
Revert the parts of commits b645bb4885 and 5a6932d51d which are still
in the codebase and under a SoftFloat-2b license.
Reimplement support for architectures where the most significant bit
in the mantissa is 1 for a signaling NaN rather than a quiet NaN,
by adding handling for SNAN_BIT_IS_ONE being set to the functions
which test values for NaN-ness.
This includes restoring the bugfixes lost in the reversion where
some of the float*_is_quiet_nan() functions were returning true
for both signaling and quiet NaNs.
[This is a mechanical squashing together of two separate "revert"
and "reimplement" patches.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421073508-23909-4-git-send-email-peter.maydell@linaro.org
Revert the remaining portions of commits 75d62a5856 and 3430b0be36f
which are under a SoftFloat-2b license, ie the functions
uint64_to_float32() and uint64_to_float64(). (The float64_to_uint64()
and float64_to_uint64_round_to_zero() functions were completely
rewritten in commits fb3ea83aa and 0a87a3107d so can stay.)
Reimplement from scratch the uint64_to_float64() and uint64_to_float32()
conversion functions.
[This is a mechanical squashing together of two separate "revert"
and "reimplement" patches.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421073508-23909-3-git-send-email-peter.maydell@linaro.org
Peter Maydell [Mon, 12 Jan 2015 14:38:25 +0000 (14:38 +0000)]
softfloat: Apply patch corresponding to rebasing to softfloat-2a
This commit applies the changes to master which correspond to
replacing commit 158142c2c2df with a set of changes made by:
* taking the SoftFloat-2a release
* mechanically transforming the block comment style
* reapplying Fabrice's original changes from 158142c2c2df
This commit was created by:
diff -u 158142c2c2df import-sf-2a
patch -p1 --fuzz 10 <../relicense-patch.txt
(where import-sf-2a is the branch resulting from the changes above).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421073508-23909-2-git-send-email-peter.maydell@linaro.org
The QERR_ macros are leftovers from the days of "rich" error objects.
They're used with error_set() and qerror_report(), and expand into the
first *two* arguments. This trickiness has become pointless. Clean
up the balloon ones.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
The QERR_ macros are leftovers from the days of "rich" error objects.
They're used with error_set() and qerror_report(), and expand into the
first *two* arguments. This trickiness has become pointless. Clean
this one up.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qmp: Clean up qmp_query_spice() #ifndef !CONFIG_SPICE dummy
QMP command query-spice exists only #ifdef CONFIG_SPICE. Due to QAPI
limitations, we need a dummy function anyway, but it's unreachable.
Our current dummy function goes out of its way to produce the exact
same error as the QMP core does for unknown commands. Cute, but both
unclean and unnecessary. Replace by straight abort().
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
qmp hmp: Improve error messages when SPICE is not in use
Commit 7572150 adopted QERR_DEVICE_NOT_ACTIVE for the purpose,
probably because adding another error seemed cumbersome overkill.
Produces "No spice device has been activated", which is awkward.
We've since abandoned our quest for "rich" error objects. Time to
undo the damage to this error message. Replace it by "SPICE is not in
use".
Keep the stupid DeviceNotActive ErrorClass for compatibility, even
though Libvirt doesn't use it.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Peter Maydell [Tue, 27 Jan 2015 22:25:56 +0000 (22:25 +0000)]
Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20150127' into staging
linux-user updates since last pull request
# gpg: Signature made Tue 27 Jan 2015 20:52:54 GMT using RSA key ID DE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg: aka "Riku Voipio <riku.voipio@linaro.org>"
* remotes/riku/tags/pull-linux-user-20150127:
linux-user: support target-to-host SCM_CREDENTIALS
linux-user: Fix broken m68k signal handling on 64 bit hosts
mips64-linux-user: Fix definition of struct sigaltstack
linux-user: Fix ioctl cmd type mismatch on 64-bit targets
linux-user: translate resource also for prlimit64
linux-user/signal.c: Remove unnecessary wrapper copy_siginfo_to_user
linux-user/main.c: Mark end_exclusive() as possibly unused
linux-user/main.c: Call cpu_exec_start/end on all target archs
linux-user/arm/nwfpe: Delete unused aCC array
linux-user/alpha: Add define for NR_shmat to enable shmat syscall
linux-user/signal.c: Remove current_exec_domain_sig()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 22 Dec 2014 17:47:00 +0000 (17:47 +0000)]
linux-user: Fix broken m68k signal handling on 64 bit hosts
The m68k signal frame setup code which writes the signal return
trampoline code to the stack was assuming that a 'long' was 32 bits;
on 64 bit systems this meant we would end up writing the 32 bit
(2 insn) trampoline sequence to retaddr+4,retaddr+6 instead of
the intended retaddr+0,retaddr+2, resulting in a guest crash when
it tried to execute the invalid zero-bytes at retaddr+0.
Fix by using uint32_t instead; also use uint16_t rather than short
for consistency. This fixes bug LP:1404690.
Reported-by: Michel Boaventura Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Ed Swierk [Tue, 16 Dec 2014 20:55:18 +0000 (12:55 -0800)]
mips64-linux-user: Fix definition of struct sigaltstack
Without this fix, qemu segfaults when emulating the sigaltstack syscall,
because it incorrectly treats the ss_flags field as 64 bits rather than 32
bits.
Signed-off-by: Ed Swierk <eswierk@skyportsystems.com> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Ed Swierk [Tue, 16 Dec 2014 20:55:31 +0000 (12:55 -0800)]
linux-user: Fix ioctl cmd type mismatch on 64-bit targets
linux-user passes the cmd argument of the ioctl syscall as a signed long,
but compares it to an unsigned int when iterating through the ioctl_entries
list. When the cmd is a large value like 0x80047476 (TARGET_TIOCSWINSZ on
mips64) it gets sign-extended to 0xffffffff80047476, causing the comparison
to fail and resulting in lots of spurious "Unsupported ioctl" errors.
Changing the target_cmd field in the ioctl_entries list to a signed int
causes those values to be sign-extended as well during the comparison.
Signed-off-by: Ed Swierk <eswierk@skyportsystems.com> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The function copy_siginfo_to_user() just calls tswap_siginfo(), so
call the latter function directly and delete the wrapper function.
The wrapper is actually misleading since it implies that the
semantics are like the kernel function with the same name which
copies the data to a guest user-space address. In fact tswap_siginfo()
just does data-structure conversion between two structures whose
addresses are host addresses (the copy to userspace is handled
in QEMU by the lock_user/unlock_user calls).
This also fixes clang complaints about the wrapper being unused
in some configs.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Peter Maydell [Thu, 8 Jan 2015 12:19:46 +0000 (12:19 +0000)]
linux-user/main.c: Call cpu_exec_start/end on all target archs
The start_exclusive() infrastructure is used on all target
architectures, even if only to do the "stop all CPUs before
dumping core" in force_sig(), so be consistent and call
cpu_exec_start/end in the main loop of every target.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Peter Maydell [Thu, 8 Jan 2015 12:19:44 +0000 (12:19 +0000)]
linux-user/alpha: Add define for NR_shmat to enable shmat syscall
For historical reasons, the define for the shmat() syscall on Alpha is
NR_osf_shmat; however it has the same semantics as this syscall does
on all other architectures, so define TARGET_NR_shmat as well so that
QEMU's code for the syscall is enabled.
This patch brings our behaviour on the LTP shmat tests into line
with that for ARM (still not a perfect pass rate but not "this syscall
is completely broken" as we had before).
(Problem detected via a clang warning that the do_shmat() function
was unused on Alpha.)
Cc: Richard Henderson <rth@twiddle.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Remove the function current_exec_domain_sig(), which always returns
its argument. This was intended as a stub for supporting the kernel's
exec_domain handling, but:
* we don't have any of the other code for execution domains
* in the kernel this handling is architecture-specific, not generic
* we only call this function in the x86, ppc and sh4 signal code paths,
and the PPC one is wrong anyway because the PPC kernel doesn't
have this signal-remapping code
So it's best to simply delete the function; any future attempt to
implement exec domains will be better served by adding the correct
code from scratch based on the kernel sources at that time.
This change also fixes some clang warnings about the function being
defined but not used for some target architectures.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Peter Maydell [Tue, 27 Jan 2015 13:17:30 +0000 (13:17 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pci, pc, virtio fixes and cleanups
A bunch of fixes all over the place. Also, beginning to generalize acpi build
code for reuse by ARM.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 27 Jan 2015 13:12:25 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
pc-dimm: Add Error argument to pc_existing_dimms_capacity
pc-dimm: Make pc_existing_dimms_capacity global
pc: Fix DIMMs capacity calculation
smbios: Don't report unknown CPU speed (fix SVVP regression)
smbios: Fix dimm size calculation when RAM is multiple of 16GB
bios-linker-loader: move source to common location
bios-linker-loader: move header to common location
virtio: fix feature bit checks
bios-tables-test: split piix4 and q35 tests
acpi: build_append_nameseg(): add padding if necessary
acpi: update generated hex files
acpi-test: update expected DSDT
pc: acpi: fix WindowsXP BSOD when memory hotplug is enabled
pci: Split pcie_host_mmcfg_map()
Add some trace calls to pci.c.
ich9: add disable_s3, disable_s4, s4_val properties
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bharata B Rao [Tue, 27 Jan 2015 04:05:02 +0000 (09:35 +0530)]
pc-dimm: Add Error argument to pc_existing_dimms_capacity
Now that pc_existing_dimms_capacity() is an API, include Error pointer
as an argument and modify the caller appropriately.
Suggested-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Bharata B Rao [Tue, 27 Jan 2015 04:05:01 +0000 (09:35 +0530)]
pc-dimm: Make pc_existing_dimms_capacity global
Move pc_existing_dimms_capacity() to pc-dimm.c since it would be needed
by PowerPC memory hotplug code too.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Bharata B Rao [Tue, 27 Jan 2015 04:05:00 +0000 (09:35 +0530)]
pc: Fix DIMMs capacity calculation
pc_existing_dimms_capacity() is returning DIMMs count rather than capacity.
Fix this to return the capacity. Also consider only realized devices for
capacity calculation.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eduardo Habkost [Wed, 7 Jan 2015 17:36:34 +0000 (15:36 -0200)]
smbios: Don't report unknown CPU speed (fix SVVP regression)
SVVP requires processor speed on Type 4 structures to not be unknown.
This was fixed in SeaBIOS 0.5.0 (in 2009), but the bug was reintroduced
in QEMU 2.1.
Revert to old behavior and report CPU speed as 2000 MHz instead of
unknown.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Eduardo Habkost [Wed, 7 Jan 2015 17:36:33 +0000 (15:36 -0200)]
smbios: Fix dimm size calculation when RAM is multiple of 16GB
The Memory Device size calculation logic is broken when the RAM size is
a multiple of 16GB, making the size of the last entry be 0 instead of
16GB. Fix the logic to handle that case correctly.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Cornelia Huck [Fri, 12 Dec 2014 09:01:46 +0000 (10:01 +0100)]
virtio: fix feature bit checks
Several places check against the feature bit number instead of against
the feature bit. Fix them.
Cc: qemu-stable@nongnu.org Reported-by: Thomas Huth <thuth@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Paolo Bonzini [Mon, 19 Jan 2015 16:50:38 +0000 (17:50 +0100)]
bios-tables-test: split piix4 and q35 tests
This makes it clear which one is failing.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
Igor Mammedov [Fri, 19 Dec 2014 11:47:00 +0000 (11:47 +0000)]
acpi: build_append_nameseg(): add padding if necessary
According to ACPI spec NameSeg shorter than 4 characters
must be padded up to 4 characters with "_" symbol.
ACPI 5.0: 20.2.2 "Name Objects Encoding"
Do it in build_append_nameseg() so that caller shouldn't know
or care about it.
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell [Tue, 27 Jan 2015 11:15:09 +0000 (11:15 +0000)]
Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-20150127' into staging
tricore bugfixes and RR1, RR2, RRPW and RRR insn
# gpg: Signature made Tue 27 Jan 2015 12:02:06 GMT using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"
* remotes/bkoppelmann/tags/pull-tricore-20150127:
target-tricore: Add instructions of RRR opcode format
target-tricore: Add instructions of RRPW opcode format
target-tricore: Add instructions of RR2 opcode format
target-tricore: Add instructions of RR1 opcode format, that have 0x93 as first opcode
target-tricore: split up suov32 into suov32_pos and suov32_neg
target-tricore: Fix bugs found by coverity
target-tricore: calculate av bits before saturation
target-tricore: Several translator and cpu model fixes
target-tricore: Add missing ULL suffix on 64 bit constant
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-tricore: Add instructions of RRR opcode format
Add microcode generator function gen_cond_sub.
Add helper functions:
* ixmax/ixmin: search for the max/min value and its related index in a
vector of 16-bit values.
* pack: dack two data registers into an IEEE-754 single precision floating
point format number.
* dvadj: divide-adjust the result after dvstep instructions.
* dvstep: divide a reg by a divisor, producing 8-bits of quotient at a time.
OPCM_32_RRR_FLOAT -> OPCM_32_RRR_DIVIDE
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Reviewed-by: Richard Henderson <rth@twiddle.net>
target-tricore: split up suov32 into suov32_pos and suov32_neg
suov checks unsigned for an overflow and an underflow, after some arithmetic
operations and saturates the result to either max_uint32 or 0. So far we
handled this by expanding to the next bigger data type and compare whether
the result is > max_uint32 or < 0.
However this approach can fail for an 32 bit multiplication, if both operands of
the multiplication are 0x80000000. This sets the sign bit of the 64 bit integer
and would result in a false saturation to 0.
Since unsigned operations, e.g add, sub, mul always result in either a positive
or negative overflow, we split the functions for suov32 up into two functions
(suov32_pos, suov32_neg) for each case.
This fixes one bug and one false positive found by coverity. The bug is,
that gen_mtcr was missing a mask to check the flag, which resulted in dead code.
The false positive is a intentional missing break for a jump and link address
insn followed by a jump and link insn. This adds a fall through comment to avoid
the false positive in the future.
Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
target-tricore: calculate av bits before saturation
64 bit mac instructions calculated the av bits after the saturation, which
resulted in a wrong PSW. This moves the av bit calculation before the
saturation.
target-tricore: Several translator and cpu model fixes
Fix tc1796 cpu model using wrong ISA version.
Fix cond_add sometimes writing back wrong result.
Fix RCR_SEL and RCR_SELN using wrong registers for result and cond.
projects / mirror_qemu.git / log