]> git.proxmox.com Git - mirror_qemu.git/log
mirror_qemu.git
4 years agohw/arm/virt: Add nvdimm hotplug support
Shameer Kolothum [Tue, 21 Apr 2020 12:59:31 +0000 (13:59 +0100)]
hw/arm/virt: Add nvdimm hotplug support

This adds support for nvdimm hotplug events through GED
and enables nvdimm for the arm/virt. Now Guests with ACPI
can have both cold and hot plug of nvdimms.

Hot removal functionality is not yet supported.

Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-Id: <20200421125934.14952-5-shameerali.kolothum.thodi@huawei.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agohw/arm/virt: Add nvdimm hot-plug infrastructure
Kwangwoo Lee [Tue, 21 Apr 2020 12:59:30 +0000 (13:59 +0100)]
hw/arm/virt: Add nvdimm hot-plug infrastructure

This adds support to init nvdimm acpi state and build nvdimm acpi tables.
Please note nvdimm_support is not yet enabled.

Signed-off-by: Kwangwoo Lee <kwangwoo.lee@sk.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200421125934.14952-4-shameerali.kolothum.thodi@huawei.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agonvdimm: Use configurable ACPI IO base and size
Kwangwoo Lee [Tue, 21 Apr 2020 12:59:29 +0000 (13:59 +0100)]
nvdimm: Use configurable ACPI IO base and size

This patch makes IO base and size configurable to create NPIO AML for
ACPI NFIT. Since a different architecture like AArch64 does not use
port-mapped IO, a configurable IO base is required to create correct
mapping of ACPI IO address and size.

Signed-off-by: Kwangwoo Lee <kwangwoo.lee@sk.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200421125934.14952-3-shameerali.kolothum.thodi@huawei.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agohw/acpi/nvdimm: Fix for NVDIMM incorrect DSM output buffer length
Shameer Kolothum [Tue, 21 Apr 2020 12:59:28 +0000 (13:59 +0100)]
hw/acpi/nvdimm: Fix for NVDIMM incorrect DSM output buffer length

As per ACPI spec 6.3, Table 19-419 Object Conversion Rules, if
the Buffer Field <= to the size of an Integer (in bits), it will
be treated as an integer. Moreover, the integer size depends on
DSDT tables revision number. If revision number is < 2, integer
size is 32 bits, otherwise it is 64 bits. Current NVDIMM common
DSM aml code (NCAL) uses CreateField() for creating DSM output
buffer. This creates an issue in arm/virt platform where DSDT
revision number is 2 and results in DSM buffer with a wrong
size(8 bytes) gets returned when actual length is < 8 bytes.
This causes guest kernel to report,

"nfit ACPI0012:00: found a zero length table '0' parsing nfit"

In order to fix this, aml code is now modified such that it builds
the DSM output buffer in a byte by byte fashion when length is
smaller than Integer size.

Suggested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200421125934.14952-2-shameerali.kolothum.thodi@huawei.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agoacpi: DSDT without _STA
Michael S. Tsirkin [Mon, 4 May 2020 12:47:02 +0000 (08:47 -0400)]
acpi: DSDT without _STA

commit f6595976e699 ("acpi: drop pointless _STA method") replaced
_STA method with simple name object. Update DSDT accordingly.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agocheckpatch: ignore allowed diff list
Michael S. Tsirkin [Mon, 4 May 2020 11:47:17 +0000 (07:47 -0400)]
checkpatch: ignore allowed diff list

Allow changing allowed diff list at any point:
- when changing code under test
- when adding expected files

It's just a list of files so easy to review and merge anyway.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agocheckpatch: fix acpi check with multiple file name
Michael S. Tsirkin [Mon, 4 May 2020 11:22:49 +0000 (07:22 -0400)]
checkpatch: fix acpi check with multiple file name

Using global expected/nonexpected values causes
false positives when testing multiple patches in one
checkpatch run: one patch can change expected,
another one non-expected.

Use local variables within process() to fix that.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agovhost-user-blk: fix invalid memory access
Li Feng [Fri, 17 Apr 2020 10:17:07 +0000 (18:17 +0800)]
vhost-user-blk: fix invalid memory access

when s->inflight is freed, vhost_dev_free_inflight may try to access
s->inflight->addr, it will retrigger the following issue.

==7309==ERROR: AddressSanitizer: heap-use-after-free on address 0x604001020d18 at pc 0x555555ce948a bp 0x7fffffffb170 sp 0x7fffffffb160
READ of size 8 at 0x604001020d18 thread T0
    #0 0x555555ce9489 in vhost_dev_free_inflight /root/smartx/qemu-el7/qemu-test/hw/virtio/vhost.c:1473
    #1 0x555555cd86eb in virtio_reset /root/smartx/qemu-el7/qemu-test/hw/virtio/virtio.c:1214
    #2 0x5555560d3eff in virtio_pci_reset hw/virtio/virtio-pci.c:1859
    #3 0x555555f2ac53 in device_set_realized hw/core/qdev.c:893
    #4 0x5555561d572c in property_set_bool qom/object.c:1925
    #5 0x5555561de8de in object_property_set_qobject qom/qom-qobject.c:27
    #6 0x5555561d99f4 in object_property_set_bool qom/object.c:1188
    #7 0x555555e50ae7 in qdev_device_add /root/smartx/qemu-el7/qemu-test/qdev-monitor.c:626
    #8 0x555555e51213 in qmp_device_add /root/smartx/qemu-el7/qemu-test/qdev-monitor.c:806
    #9 0x555555e8ff40 in hmp_device_add /root/smartx/qemu-el7/qemu-test/hmp.c:1951
    #10 0x555555be889a in handle_hmp_command /root/smartx/qemu-el7/qemu-test/monitor.c:3404
    #11 0x555555beac8b in monitor_command_cb /root/smartx/qemu-el7/qemu-test/monitor.c:4296
    #12 0x555556433eb7 in readline_handle_byte util/readline.c:393
    #13 0x555555be89ec in monitor_read /root/smartx/qemu-el7/qemu-test/monitor.c:4279
    #14 0x5555563285cc in tcp_chr_read chardev/char-socket.c:470
    #15 0x7ffff670b968 in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x4a968)
    #16 0x55555640727c in glib_pollfds_poll util/main-loop.c:215
    #17 0x55555640727c in os_host_main_loop_wait util/main-loop.c:238
    #18 0x55555640727c in main_loop_wait util/main-loop.c:497
    #19 0x555555b2d0bf in main_loop /root/smartx/qemu-el7/qemu-test/vl.c:2013
    #20 0x555555b2d0bf in main /root/smartx/qemu-el7/qemu-test/vl.c:4776
    #21 0x7fffdd2eb444 in __libc_start_main (/lib64/libc.so.6+0x22444)
    #22 0x555555b3767a  (/root/smartx/qemu-el7/qemu-test/x86_64-softmmu/qemu-system-x86_64+0x5e367a)

0x604001020d18 is located 8 bytes inside of 40-byte region [0x604001020d10,0x604001020d38)
freed by thread T0 here:
    #0 0x7ffff6f00508 in __interceptor_free (/lib64/libasan.so.4+0xde508)
    #1 0x7ffff671107d in g_free (/lib64/libglib-2.0.so.0+0x5007d)

previously allocated by thread T0 here:
    #0 0x7ffff6f00a88 in __interceptor_calloc (/lib64/libasan.so.4+0xdea88)
    #1 0x7ffff6710fc5 in g_malloc0 (/lib64/libglib-2.0.so.0+0x4ffc5)

SUMMARY: AddressSanitizer: heap-use-after-free /root/smartx/qemu-el7/qemu-test/hw/virtio/vhost.c:1473 in vhost_dev_free_inflight
Shadow bytes around the buggy address:
  0x0c08801fc150: fa fa 00 00 00 00 04 fa fa fa fd fd fd fd fd fa
  0x0c08801fc160: fa fa fd fd fd fd fd fd fa fa 00 00 00 00 04 fa
  0x0c08801fc170: fa fa 00 00 00 00 00 01 fa fa 00 00 00 00 04 fa
  0x0c08801fc180: fa fa 00 00 00 00 00 01 fa fa 00 00 00 00 00 01
  0x0c08801fc190: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 04 fa
=>0x0c08801fc1a0: fa fa fd[fd]fd fd fd fa fa fa fd fd fd fd fd fa
  0x0c08801fc1b0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x0c08801fc1c0: fa fa 00 00 00 00 00 fa fa fa fd fd fd fd fd fd
  0x0c08801fc1d0: fa fa 00 00 00 00 00 01 fa fa fd fd fd fd fd fa
  0x0c08801fc1e0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
  0x0c08801fc1f0: fa fa 00 00 00 00 00 01 fa fa fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==7309==ABORTING

Signed-off-by: Li Feng <fengli@smartx.com>
Message-Id: <20200417101707.14467-1-fengli@smartx.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
4 years agovirtio-pci: update virtio pci bar layout documentation
Anthoine Bourgeois [Wed, 22 Apr 2020 21:54:55 +0000 (23:54 +0200)]
virtio-pci: update virtio pci bar layout documentation

The modern io bar was never documented.

Signed-off-by: Anthoine Bourgeois <anthoine.bourgeois@gmail.com>
Message-Id: <20200422215455.10244-2-anthoine.bourgeois@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
4 years agovirtio-vga: fix virtio-vga bar ordering
Anthoine Bourgeois [Wed, 22 Apr 2020 21:54:54 +0000 (23:54 +0200)]
virtio-vga: fix virtio-vga bar ordering

With virtio-vga, pci bar are reordered. Bar #2 is used for compatibility
with stdvga. By default, bar #2 is used by virtio modern io bar.
This bar is the last one introduce in the virtio pci bar layout and it's
crushed by the virtio-vga reordering. So virtio-vga and
modern-pio-notify are incompatible because virtio-vga failed to
initialize with this option.

This fix sets the modern io bar to the bar #5 to avoid conflict.

Signed-off-by: Anthoine Bourgeois <anthoine.bourgeois@gmail.com>
Message-Id: <20200422215455.10244-1-anthoine.bourgeois@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
4 years agortc: add RTC_ISA_BASE
Gerd Hoffmann [Wed, 29 Apr 2020 13:59:54 +0000 (15:59 +0200)]
rtc: add RTC_ISA_BASE

Add and use RTC_ISA_BASE define instead of hardcoding 0x70.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20200429140003.7336-7-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
4 years agoacpi: add ISADeviceClass->build_aml()
Gerd Hoffmann [Wed, 29 Apr 2020 13:59:53 +0000 (15:59 +0200)]
acpi: add ISADeviceClass->build_aml()

Also add isa_aml_build() function which walks all isa devices.
This allows to move aml builder code to isa devices.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200429140003.7336-6-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agoacpi: drop pointless _STA method
Gerd Hoffmann [Wed, 29 Apr 2020 13:59:52 +0000 (15:59 +0200)]
acpi: drop pointless _STA method

When returning a constant there is no point in having a method
in the first place, _STA can be a simple integer instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200429140003.7336-5-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
4 years agoqtest: allow DSDT acpi table changes
Gerd Hoffmann [Wed, 29 Apr 2020 13:59:51 +0000 (15:59 +0200)]
qtest: allow DSDT acpi table changes

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20200429140003.7336-4-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agoacpi: add aml builder stubs
Gerd Hoffmann [Wed, 29 Apr 2020 13:59:50 +0000 (15:59 +0200)]
acpi: add aml builder stubs

Needed when moving aml builder code to devices.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200429140003.7336-3-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
4 years agomove 'typedef Aml' to qemu/types.h
Gerd Hoffmann [Wed, 29 Apr 2020 13:59:49 +0000 (15:59 +0200)]
move 'typedef Aml' to qemu/types.h

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200429140003.7336-2-kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
4 years agohw/pci/pcie: Replace PCI_DEVICE() casts with existing variable
Julia Suvorova [Mon, 27 Apr 2020 18:24:40 +0000 (20:24 +0200)]
hw/pci/pcie: Replace PCI_DEVICE() casts with existing variable

A little cleanup is possible because of hotplug_pdev introduction.

Signed-off-by: Julia Suvorova <jusual@redhat.com>
Message-Id: <20200427182440.92433-3-jusual@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
4 years agohw/pci/pcie: Forbid hot-plug if it's disabled on the slot
Julia Suvorova [Mon, 27 Apr 2020 18:24:39 +0000 (20:24 +0200)]
hw/pci/pcie: Forbid hot-plug if it's disabled on the slot

Raise an error when trying to hot-plug/unplug a device through QMP to a device
with disabled hot-plug capability. This makes the device behaviour more
consistent and provides an explanation of the failure in the case of
asynchronous unplug.

Signed-off-by: Julia Suvorova <jusual@redhat.com>
Message-Id: <20200427182440.92433-2-jusual@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
4 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200504' into...
Peter Maydell [Mon, 4 May 2020 12:37:17 +0000 (13:37 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200504' into staging

target-arm queue:
 * Start of conversion of Neon insns to decodetree
 * versal board: support SD and RTC
 * Implement ARMv8.2-TTS2UXN
 * Make VQDMULL undefined when U=1
 * Some minor code cleanups

# gpg: Signature made Mon 04 May 2020 13:32:08 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200504: (39 commits)
  target/arm: Move gen_ function typedefs to translate.h
  target/arm: Convert Neon 3-reg-same VMUL, VMLA, VMLS, VSHL to decodetree
  target/arm: Convert Neon 3-reg-same VQADD/VQSUB to decodetree
  target/arm: Convert Neon 3-reg-same comparisons to decodetree
  target/arm: Convert Neon 3-reg-same VMAX/VMIN to decodetree
  target/arm: Convert Neon 3-reg-same logic ops to decodetree
  target/arm: Convert Neon 3-reg-same VADD/VSUB to decodetree
  target/arm: Convert Neon 'load/store single structure' to decodetree
  target/arm: Convert Neon 'load single structure to all lanes' to decodetree
  target/arm: Convert Neon load/store multiple structures to decodetree
  target/arm: Convert VFM[AS]L (scalar) to decodetree
  target/arm: Convert V[US]DOT (scalar) to decodetree
  target/arm: Convert VCMLA (scalar) to decodetree
  target/arm: Convert VFM[AS]L (vector) to decodetree
  target/arm: Convert V[US]DOT (vector) to decodetree
  target/arm: Convert VCADD (vector) to decodetree
  target/arm: Convert VCMLA (vector) to decodetree
  target/arm: Add stubs for AArch32 Neon decodetree
  target/arm: Don't allow Thumb Neon insns without FEATURE_NEON
  target/arm/translate-vfp.inc.c: Remove duplicate simd_r32 check
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget/arm: Move gen_ function typedefs to translate.h
Peter Maydell [Thu, 30 Apr 2020 18:09:49 +0000 (19:09 +0100)]
target/arm: Move gen_ function typedefs to translate.h

We're going to want at least some of the NeonGen* typedefs
for the refactored 32-bit Neon decoder, so move them all
to translate.h since it makes more sense to keep them in
one group.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-23-peter.maydell@linaro.org

4 years agotarget/arm: Convert Neon 3-reg-same VMUL, VMLA, VMLS, VSHL to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:46 +0000 (19:09 +0100)]
target/arm: Convert Neon 3-reg-same VMUL, VMLA, VMLS, VSHL to decodetree

Convert the Neon VMUL, VMLA, VMLS and VSHL insns in the
3-reg-same grouping to decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-20-peter.maydell@linaro.org

4 years agotarget/arm: Convert Neon 3-reg-same VQADD/VQSUB to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:45 +0000 (19:09 +0100)]
target/arm: Convert Neon 3-reg-same VQADD/VQSUB to decodetree

Convert the Neon VQADD/VQSUB insns in the 3-reg-same grouping
to decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-19-peter.maydell@linaro.org

4 years agotarget/arm: Convert Neon 3-reg-same comparisons to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:44 +0000 (19:09 +0100)]
target/arm: Convert Neon 3-reg-same comparisons to decodetree

Convert the Neon comparison ops in the 3-reg-same grouping
to decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-18-peter.maydell@linaro.org

4 years agotarget/arm: Convert Neon 3-reg-same VMAX/VMIN to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:43 +0000 (19:09 +0100)]
target/arm: Convert Neon 3-reg-same VMAX/VMIN to decodetree

Convert the Neon 3-reg-same VMAX and VMIN insns to decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-17-peter.maydell@linaro.org

4 years agotarget/arm: Convert Neon 3-reg-same logic ops to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:42 +0000 (19:09 +0100)]
target/arm: Convert Neon 3-reg-same logic ops to decodetree

Convert the Neon logic ops in the 3-reg-same grouping to decodetree.
Note that for the logic ops the 'size' field forms part of their
decode and the actual operations are always bitwise.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-16-peter.maydell@linaro.org

4 years agotarget/arm: Convert Neon 3-reg-same VADD/VSUB to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:41 +0000 (19:09 +0100)]
target/arm: Convert Neon 3-reg-same VADD/VSUB to decodetree

Convert the Neon 3-reg-same VADD and VSUB insns to decodetree.

Note that we don't need the neon_3r_sizes[op] check here because all
size values are OK for VADD and VSUB; we'll add this when we convert
the first insn that has size restrictions.

For this we need one of the GVecGen*Fn typedefs currently in
translate-a64.h; move them all to translate.h as a block so they
are visible to the 32-bit decoder.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-15-peter.maydell@linaro.org

4 years agotarget/arm: Convert Neon 'load/store single structure' to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:40 +0000 (19:09 +0100)]
target/arm: Convert Neon 'load/store single structure' to decodetree

Convert the Neon "load/store single structure to one lane" insns to
decodetree.

As this is the last set of insns in the neon load/store group,
we can remove the whole disas_neon_ls_insn() function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-14-peter.maydell@linaro.org

4 years agotarget/arm: Convert Neon 'load single structure to all lanes' to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:39 +0000 (19:09 +0100)]
target/arm: Convert Neon 'load single structure to all lanes' to decodetree

Convert the Neon "load single structure to all lanes" insns to
decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-13-peter.maydell@linaro.org

4 years agotarget/arm: Convert Neon load/store multiple structures to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:38 +0000 (19:09 +0100)]
target/arm: Convert Neon load/store multiple structures to decodetree

Convert the Neon "load/store multiple structures" insns to decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-12-peter.maydell@linaro.org

4 years agotarget/arm: Convert VFM[AS]L (scalar) to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:37 +0000 (19:09 +0100)]
target/arm: Convert VFM[AS]L (scalar) to decodetree

Convert the VFM[AS]L (scalar) insns in the 2reg-scalar-ext group
to decodetree. These are the last ones in the group so we can remove
all the legacy decode for the group.

Note that in disas_thumb2_insn() the parts of this encoding space
where the decodetree decoder returns false will correctly be directed
to illegal_op by the "(insn & (1 << 28))" check so they won't fall
into disas_coproc_insn() by mistake.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-11-peter.maydell@linaro.org

4 years agotarget/arm: Convert V[US]DOT (scalar) to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:36 +0000 (19:09 +0100)]
target/arm: Convert V[US]DOT (scalar) to decodetree

Convert the V[US]DOT (scalar) insns in the 2reg-scalar-ext group
to decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-10-peter.maydell@linaro.org

4 years agotarget/arm: Convert VCMLA (scalar) to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:35 +0000 (19:09 +0100)]
target/arm: Convert VCMLA (scalar) to decodetree

Convert VCMLA (scalar) in the 2reg-scalar-ext group to decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-9-peter.maydell@linaro.org

4 years agotarget/arm: Convert VFM[AS]L (vector) to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:34 +0000 (19:09 +0100)]
target/arm: Convert VFM[AS]L (vector) to decodetree

Convert the VFM[AS]L (vector) insns to decodetree.  This is the last
insn in the legacy decoder for the 3same_ext group, so we can
delete the legacy decoder function for the group entirely.

Note that in disas_thumb2_insn() the parts of this encoding space
where the decodetree decoder returns false will correctly be directed
to illegal_op by the "(insn & (1 << 28))" check so they won't fall
into disas_coproc_insn() by mistake.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-8-peter.maydell@linaro.org

4 years agotarget/arm: Convert V[US]DOT (vector) to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:33 +0000 (19:09 +0100)]
target/arm: Convert V[US]DOT (vector) to decodetree

Convert the V[US]DOT (vector) insns to decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-7-peter.maydell@linaro.org

4 years agotarget/arm: Convert VCADD (vector) to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:32 +0000 (19:09 +0100)]
target/arm: Convert VCADD (vector) to decodetree

Convert the VCADD (vector) insns to decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-6-peter.maydell@linaro.org

4 years agotarget/arm: Convert VCMLA (vector) to decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:31 +0000 (19:09 +0100)]
target/arm: Convert VCMLA (vector) to decodetree

Convert the VCMLA (vector) insns in the 3same extension group to
decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-5-peter.maydell@linaro.org

4 years agotarget/arm: Add stubs for AArch32 Neon decodetree
Peter Maydell [Thu, 30 Apr 2020 18:09:30 +0000 (19:09 +0100)]
target/arm: Add stubs for AArch32 Neon decodetree

Add the infrastructure for building and invoking a decodetree decoder
for the AArch32 Neon encodings.  At the moment the new decoder covers
nothing, so we always fall back to the existing hand-written decode.

We follow the same pattern we did for the VFP decodetree conversion
(commit 78e138bc1f672c145ef6ace74617d and following): code that deals
with Neon will be moving gradually out to translate-neon.vfp.inc,
which we #include into translate.c.

In order to share the decode files between A32 and T32, we
split Neon into 3 parts:
 * data-processing
 * load-store
 * 'shared' encodings

The first two groups of instructions have similar but not identical
A32 and T32 encodings, so we need to manually transform the T32
encoding into the A32 one before calling the decoder; the third group
covers the Neon instructions which are identical in A32 and T32.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200430181003.21682-4-peter.maydell@linaro.org

4 years agotarget/arm: Don't allow Thumb Neon insns without FEATURE_NEON
Peter Maydell [Thu, 30 Apr 2020 18:09:29 +0000 (19:09 +0100)]
target/arm: Don't allow Thumb Neon insns without FEATURE_NEON

We were accidentally permitting decode of Thumb Neon insns even if
the CPU didn't have the FEATURE_NEON bit set, because the feature
check was being done before the call to disas_neon_data_insn() and
disas_neon_ls_insn() in the Arm decoder but was omitted from the
Thumb decoder.  Push the feature bit check down into the called
functions so it is done for both Arm and Thumb encodings.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200430181003.21682-3-peter.maydell@linaro.org

4 years agotarget/arm/translate-vfp.inc.c: Remove duplicate simd_r32 check
Peter Maydell [Thu, 30 Apr 2020 18:09:28 +0000 (19:09 +0100)]
target/arm/translate-vfp.inc.c: Remove duplicate simd_r32 check

Somewhere along theline we accidentally added a duplicate
"using D16-D31 when they don't exist" check to do_vfm_dp()
(probably an artifact of a patchseries rebase). Remove it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200430181003.21682-2-peter.maydell@linaro.org

4 years agohw/arm: versal-virt: Add support for the RTC
Edgar E. Iglesias [Mon, 27 Apr 2020 18:16:49 +0000 (20:16 +0200)]
hw/arm: versal-virt: Add support for the RTC

Add support for the RTC.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200427181649.26851-12-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: versal-virt: Add support for SD
Edgar E. Iglesias [Mon, 27 Apr 2020 18:16:48 +0000 (20:16 +0200)]
hw/arm: versal-virt: Add support for SD

Add support for SD.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200427181649.26851-11-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: versal: Add support for the RTC
Edgar E. Iglesias [Mon, 27 Apr 2020 18:16:47 +0000 (20:16 +0200)]
hw/arm: versal: Add support for the RTC

hw/arm: versal: Add support for the RTC.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200427181649.26851-10-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: versal: Add support for SD
Edgar E. Iglesias [Mon, 27 Apr 2020 18:16:46 +0000 (20:16 +0200)]
hw/arm: versal: Add support for SD

Add support for SD.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200427181649.26851-9-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: versal: Embed the APUs into the SoC type
Edgar E. Iglesias [Mon, 27 Apr 2020 18:16:45 +0000 (20:16 +0200)]
hw/arm: versal: Embed the APUs into the SoC type

Embed the APUs into the SoC type.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200427181649.26851-8-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: versal: Embed the ADMAs into the SoC type
Edgar E. Iglesias [Mon, 27 Apr 2020 18:16:44 +0000 (20:16 +0200)]
hw/arm: versal: Embed the ADMAs into the SoC type

Embed the ADMAs into the SoC type.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200427181649.26851-7-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: versal: Embed the GEMs into the SoC type
Edgar E. Iglesias [Mon, 27 Apr 2020 18:16:43 +0000 (20:16 +0200)]
hw/arm: versal: Embed the GEMs into the SoC type

Embed the GEMs into the SoC type.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200427181649.26851-6-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: versal: Embed the UARTs into the SoC type
Edgar E. Iglesias [Mon, 27 Apr 2020 18:16:42 +0000 (20:16 +0200)]
hw/arm: versal: Embed the UARTs into the SoC type

Embed the UARTs into the SoC type.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200427181649.26851-5-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: versal-virt: Fix typo xlnx-ve -> xlnx-versal
Edgar E. Iglesias [Mon, 27 Apr 2020 18:16:41 +0000 (20:16 +0200)]
hw/arm: versal-virt: Fix typo xlnx-ve -> xlnx-versal

Fix typo xlnx-ve -> xlnx-versal.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200427181649.26851-4-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: versal: Move misplaced comment
Edgar E. Iglesias [Mon, 27 Apr 2020 18:16:40 +0000 (20:16 +0200)]
hw/arm: versal: Move misplaced comment

Move misplaced comment.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200427181649.26851-3-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: versal: Remove inclusion of arm_gicv3_common.h
Edgar E. Iglesias [Mon, 27 Apr 2020 18:16:39 +0000 (20:16 +0200)]
hw/arm: versal: Remove inclusion of arm_gicv3_common.h

Remove inclusion of arm_gicv3_common.h, this already gets
included via xlnx-versal.h.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200427181649.26851-2-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget/arm: Use uint64_t for midr field in CPU state struct
Philippe Mathieu-Daudé [Tue, 28 Apr 2020 17:26:34 +0000 (19:26 +0200)]
target/arm: Use uint64_t for midr field in CPU state struct

MIDR_EL1 is a 64-bit system register with the top 32-bit being RES0.
Represent it in QEMU's ARMCPU struct with a uint64_t, not a
uint32_t.

This fixes an error when compiling with -Werror=conversion
because we were manipulating the register value using a
local uint64_t variable:

  target/arm/cpu64.c: In function ‘aarch64_max_initfn’:
  target/arm/cpu64.c:628:21: error: conversion from ‘uint64_t’ {aka ‘long unsigned int’} to ‘uint32_t’ {aka ‘unsigned int’} may change value [-Werror=conversion]
    628 |         cpu->midr = t;
        |                     ^

and future-proofs us against a possible future architecture
change using some of the top 32 bits.

Suggested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20200428172634.29707-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget/arm: Use correct variable for setting 'max' cpu's ID_AA64DFR0
Peter Maydell [Thu, 23 Apr 2020 11:09:15 +0000 (12:09 +0100)]
target/arm: Use correct variable for setting 'max' cpu's ID_AA64DFR0

In aarch64_max_initfn() we update both 32-bit and 64-bit ID
registers.  The intended pattern is that for 64-bit ID registers we
use FIELD_DP64 and the uint64_t 't' register, while 32-bit ID
registers use FIELD_DP32 and the uint32_t 'u' register.  For
ID_AA64DFR0 we accidentally used 'u', meaning that the top 32 bits of
this 64-bit ID register would end up always zero.  Luckily at the
moment that's what they should be anyway, so this bug has no visible
effects.

Use the right-sized variable.

Fixes: 3bec78447a958d481991
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200423110915.10527-1-peter.maydell@linaro.org

4 years agotarget/arm: Implement ARMv8.2-TTS2UXN
Peter Maydell [Mon, 30 Mar 2020 21:04:00 +0000 (22:04 +0100)]
target/arm: Implement ARMv8.2-TTS2UXN

The ARMv8.2-TTS2UXN feature extends the XN field in stage 2
translation table descriptors from just bit [54] to bits [54:53],
allowing stage 2 to control execution permissions separately for EL0
and EL1. Implement the new semantics of the XN field and enable
the feature for our 'max' CPU.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200330210400.11724-5-peter.maydell@linaro.org

4 years agotarget/arm: Add new 's1_is_el0' argument to get_phys_addr_lpae()
Peter Maydell [Mon, 30 Mar 2020 21:03:59 +0000 (22:03 +0100)]
target/arm: Add new 's1_is_el0' argument to get_phys_addr_lpae()

For ARMv8.2-TTS2UXN, the stage 2 page table walk wants to know
whether the stage 1 access is for EL0 or not, because whether
exec permission is given can depend on whether this is an EL0
or EL1 access. Add a new argument to get_phys_addr_lpae() so
the call sites can pass this information in.

Since get_phys_addr_lpae() doesn't already have a doc comment,
add one so we have a place to put the documentation of the
semantics of the new s1_is_el0 argument.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200330210400.11724-4-peter.maydell@linaro.org

4 years agotarget/arm: Use enum constant in get_phys_addr_lpae() call
Peter Maydell [Mon, 30 Mar 2020 21:03:58 +0000 (22:03 +0100)]
target/arm: Use enum constant in get_phys_addr_lpae() call

The access_type argument to get_phys_addr_lpae() is an MMUAccessType;
use the enum constant MMU_DATA_LOAD rather than a literal 0 when we
call it in S1_ptw_translate().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200330210400.11724-3-peter.maydell@linaro.org

4 years agotarget/arm: Don't use a TLB for ARMMMUIdx_Stage2
Peter Maydell [Mon, 30 Mar 2020 21:03:57 +0000 (22:03 +0100)]
target/arm: Don't use a TLB for ARMMMUIdx_Stage2

We define ARMMMUIdx_Stage2 as being an MMU index which uses a QEMU
TLB.  However we never actually use the TLB -- all stage 2 lookups
are done by direct calls to get_phys_addr_lpae() followed by a
physical address load via address_space_ld*().

Remove Stage2 from the list of ARM MMU indexes which correspond to
real core MMU indexes, and instead put it in the set of "NOTLB" ARM
MMU indexes.

This allows us to drop NB_MMU_MODES to 11.  It also means we can
safely add support for the ARMv8.3-TTS2UXN extension, which adds
permission bits to the stage 2 descriptors which define execute
permission separatel for EL0 and EL1; supporting that while keeping
Stage2 in a QEMU TLB would require us to use separate TLBs for
"Stage2 for an EL0 access" and "Stage2 for an EL1 access", which is a
lot of extra complication given we aren't even using the QEMU TLB.

In the process of updating the comment on our MMU index use,
fix a couple of other minor errors:
 * NS EL2 EL2&0 was missing from the list in the comment
 * some text hadn't been updated from when we bumped NB_MMU_MODES
   above 8

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200330210400.11724-2-peter.maydell@linaro.org

4 years agohw/arm/mps2-tz: Use TYPE_IOTKIT instead of hardcoded string
Philippe Mathieu-Daudé [Tue, 28 Apr 2020 15:46:50 +0000 (17:46 +0200)]
hw/arm/mps2-tz: Use TYPE_IOTKIT instead of hardcoded string

By using the TYPE_* definitions for devices, we can:
 - quickly find where devices are used with 'git-grep'
 - easily rename a device (one-line change).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200428154650.21991-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget/arm: Make VQDMULL undefined when U=1
Fredrik Strupe [Wed, 8 Apr 2020 11:59:53 +0000 (13:59 +0200)]
target/arm: Make VQDMULL undefined when U=1

According to Arm ARM, VQDMULL is only valid when U=0, while having
U=1 is unallocated.

Signed-off-by: Fredrik Strupe <fredrik@strupe.net>
Fixes: 695272dcb976 ("target-arm: Handle UNDEF cases for Neon 3-regs-different-widths")
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoMerge remote-tracking branch 'remotes/marcel/tags/rdma-pull-request' into staging
Peter Maydell [Sun, 3 May 2020 13:12:56 +0000 (14:12 +0100)]
Merge remote-tracking branch 'remotes/marcel/tags/rdma-pull-request' into staging

RDMA queue

* hw/rdma: Destroy list mutex when list is destroyed

# gpg: Signature made Sat 02 May 2020 19:42:50 BST
# gpg:                using RSA key 36D4C0F0CF2FE46D
# gpg: Good signature from "Marcel Apfelbaum <marcel.apfelbaum@zoho.com>" [unknown]
# gpg:                 aka "Marcel Apfelbaum <marcel@redhat.com>" [marginal]
# gpg:                 aka "Marcel Apfelbaum <marcel.apfelbaum@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B1C6 3A57 F92E 08F2 640F  31F5 36D4 C0F0 CF2F E46D

* remotes/marcel/tags/rdma-pull-request:
  hw/rdma: Destroy list mutex when list is destroyed

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/rdma: Destroy list mutex when list is destroyed
Yuval Shaia [Mon, 13 Apr 2020 08:57:38 +0000 (11:57 +0300)]
hw/rdma: Destroy list mutex when list is destroyed

List mutex should be destroyed when gs list gets destroyed.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Message-Id: <20200413085738.11145-1-yuval.shaia.ml@gmail.com>
Reviewed-by: Marcel Apfelbaum<marcel.apfelbaum@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
4 years agoMerge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20200501...
Peter Maydell [Fri, 1 May 2020 22:10:22 +0000 (23:10 +0100)]
Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20200501' into staging

virtiofsd: Pull 2020-05-01 (includes CVE fix)

This set includes a security fix, other fixes and improvements.

Security fix:
The security fix is for CVE-2020-10717 where, on low RAM hosts,
the guest can potentially exceed the maximum fd limit.
This fix adds some more configuration so that the user
can explicitly set the limit.

Fixes:

Recursive mounting of the exported directory is now used in
the sandbox, such that if there was a mount underneath present at
the time the virtiofsd was started, that mount is also
visible to the guest; in the existing code, only mounts that
happened after startup were visible.

Security improvements:

The jailing for /proc/self/fd is improved - but it's something
that shouldn't be accessible anyway.

Most capabilities are now dropped at startup; again this shouldn't
change any behaviour but is extra protection.

# gpg: Signature made Fri 01 May 2020 20:06:46 BST
# gpg:                using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert-gitlab/tags/pull-virtiofs-20200501:
  virtiofsd: drop all capabilities in the wait parent process
  virtiofsd: only retain file system capabilities
  virtiofsd: Show submounts
  virtiofsd: jail lo->proc_self_fd
  virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
  virtiofsd: add --rlimit-nofile=NUM option

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agovirtiofsd: drop all capabilities in the wait parent process
Stefan Hajnoczi [Thu, 16 Apr 2020 16:49:07 +0000 (17:49 +0100)]
virtiofsd: drop all capabilities in the wait parent process

All this process does is wait for its child.  No capabilities are
needed.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
4 years agovirtiofsd: only retain file system capabilities
Stefan Hajnoczi [Thu, 16 Apr 2020 16:49:06 +0000 (17:49 +0100)]
virtiofsd: only retain file system capabilities

virtiofsd runs as root but only needs a subset of root's Linux
capabilities(7).  As a file server its purpose is to create and access
files on behalf of a client.  It needs to be able to access files with
arbitrary uid/gid owners.  It also needs to be create device nodes.

Introduce a Linux capabilities(7) whitelist and drop all capabilities
that we don't need, making the virtiofsd process less powerful than a
regular uid root process.

  # cat /proc/PID/status
  ...
          Before           After
  CapInh: 0000000000000000 0000000000000000
  CapPrm: 0000003fffffffff 00000000880000df
  CapEff: 0000003fffffffff 00000000880000df
  CapBnd: 0000003fffffffff 0000000000000000
  CapAmb: 0000000000000000 0000000000000000

Note that file capabilities cannot be used to achieve the same effect on
the virtiofsd executable because mount is used during sandbox setup.
Therefore we drop capabilities programmatically at the right point
during startup.

This patch only affects the sandboxed child process.  The parent process
that sits in waitpid(2) still has full root capabilities and will be
addressed in the next patch.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20200416164907.244868-2-stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
4 years agovirtiofsd: Show submounts
Max Reitz [Fri, 24 Apr 2020 13:35:16 +0000 (15:35 +0200)]
virtiofsd: Show submounts

Currently, setup_mounts() bind-mounts the shared directory without
MS_REC.  This makes all submounts disappear.

Pass MS_REC so that the guest can see submounts again.

Fixes: 5baa3b8e95064c2434bd9e2f312edd5e9ae275dc
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200424133516.73077-1-mreitz@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
  Changed Fixes to point to the commit with the problem rather than
          the commit that turned it on

4 years agovirtiofsd: jail lo->proc_self_fd
Miklos Szeredi [Wed, 29 Apr 2020 12:47:33 +0000 (14:47 +0200)]
virtiofsd: jail lo->proc_self_fd

While it's not possible to escape the proc filesystem through
lo->proc_self_fd, it is possible to escape to the root of the proc
filesystem itself through "../..".

Use a temporary mount for opening lo->proc_self_fd, that has it's root at
/proc/self/fd/, preventing access to the ancestor directories.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Message-Id: <20200429124733.22488-1-mszeredi@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
4 years agovirtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
Stefan Hajnoczi [Fri, 1 May 2020 14:06:44 +0000 (15:06 +0100)]
virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)

The system-wide fs.file-max sysctl value determines how many files can
be open.  It defaults to a value calculated based on the machine's RAM
size.  Previously virtiofsd would try to set RLIMIT_NOFILE to 1,000,000
and this allowed the FUSE client to exhaust the number of open files
system-wide on Linux hosts with less than 10 GB of RAM!

Take fs.file-max into account when choosing the default RLIMIT_NOFILE
value.

Fixes: CVE-2020-10717
Reported-by: Yuval Avrahami <yavrahami@paloaltonetworks.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20200501140644.220940-3-stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
4 years agovirtiofsd: add --rlimit-nofile=NUM option
Stefan Hajnoczi [Fri, 1 May 2020 14:06:43 +0000 (15:06 +0100)]
virtiofsd: add --rlimit-nofile=NUM option

Make it possible to specify the RLIMIT_NOFILE on the command-line.
Users running multiple virtiofsd processes should allocate a certain
number to each process so that the system-wide limit can never be
exhausted.

When this option is set to 0 the rlimit is left at its current value.
This is useful when a management tool wants to configure the rlimit
itself.

The default behavior remains unchanged: try to set the limit to
1,000,000 file descriptors if the current rlimit is lower.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20200501140644.220940-2-stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Thu, 30 Apr 2020 18:25:41 +0000 (19:25 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- Fix resize (extending) of short overlays
- nvme: introduce PMR support from NVMe 1.4 spec
- qemu-storage-daemon: Fix non-string --object properties

# gpg: Signature made Thu 30 Apr 2020 16:51:45 BST
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  qemu-storage-daemon: Fix non-string --object properties
  qom: Factor out user_creatable_add_dict()
  nvme: introduce PMR support from NVMe 1.4 spec
  qcow2: Forward ZERO_WRITE flag for full preallocation
  iotests: Test committing to short backing file
  iotests: Filter testfiles out in filter_img_info()
  block: truncate: Don't make backing file data visible
  file-posix: Support BDRV_REQ_ZERO_WRITE for truncate
  raw-format: Support BDRV_REQ_ZERO_WRITE for truncate
  qcow2: Support BDRV_REQ_ZERO_WRITE for truncate
  block-backend: Add flags to blk_truncate()
  block: Add flags to bdrv(_co)_truncate()
  block: Add flags to BlockDriver.bdrv_co_truncate()
  qemu-iotests: allow qcow2 external discarded clusters to contain stale data
  qcow2: Add incompatibility note between backing files and raw external data files

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoqemu-storage-daemon: Fix non-string --object properties
Kevin Wolf [Thu, 16 Apr 2020 15:26:06 +0000 (17:26 +0200)]
qemu-storage-daemon: Fix non-string --object properties

After processing the option string with the keyval parser, we get a
QDict that contains only strings. This QDict must be fed to a keyval
visitor which converts the strings into the right data types.

qmp_object_add(), however, uses the normal QObject input visitor, which
expects a QDict where all properties already have the QType that matches
the data type required by the QOM object type.

Change the --object implementation in qemu-storage-daemon so that it
doesn't call qmp_object_add(), but calls user_creatable_add_dict()
directly instead and pass it a new keyval boolean that decides which
visitor must be used.

Reported-by: Coiby Xu <coiby.xu@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoqom: Factor out user_creatable_add_dict()
Kevin Wolf [Thu, 16 Apr 2020 15:04:20 +0000 (17:04 +0200)]
qom: Factor out user_creatable_add_dict()

The QMP handler qmp_object_add() and the implementation of --object in
qemu-storage-daemon can share most of the code. Currently,
qemu-storage-daemon calls qmp_object_add(), but this is not correct
because different visitors need to be used.

As a first step towards a fix, make qmp_object_add() a wrapper around a
new function user_creatable_add_dict() that can get an additional
parameter. The handling of "props" is only required for compatibility
and not required for the qemu-storage-daemon command line, so it stays
in qmp_object_add().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agonvme: introduce PMR support from NVMe 1.4 spec
Andrzej Jakowski [Mon, 30 Mar 2020 16:46:56 +0000 (09:46 -0700)]
nvme: introduce PMR support from NVMe 1.4 spec

This patch introduces support for PMR that has been defined as part of NVMe 1.4
spec. User can now specify a pmrdev option that should point to HostMemoryBackend.
pmrdev memory region will subsequently be exposed as PCI BAR 2 in emulated NVMe
device. Guest OS can perform mmio read and writes to the PMR region that will stay
persistent across system reboot.

Signed-off-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20200330164656.9348-1-andrzej.jakowski@linux.intel.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoqcow2: Forward ZERO_WRITE flag for full preallocation
Kevin Wolf [Fri, 24 Apr 2020 14:27:01 +0000 (16:27 +0200)]
qcow2: Forward ZERO_WRITE flag for full preallocation

The BDRV_REQ_ZERO_WRITE is currently implemented in a way that first the
image is possibly preallocated and then the zero flag is added to all
clusters. This means that a copy-on-write operation may be needed when
writing to these clusters, despite having used preallocation, negating
one of the major benefits of preallocation.

Instead, try to forward the BDRV_REQ_ZERO_WRITE to the protocol driver,
and if the protocol driver can ensure that the new area reads as zeros,
we can skip setting the zero flag in the qcow2 layer.

Unfortunately, the same approach doesn't work for metadata
preallocation, so we'll still set the zero flag there.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200424142701.67053-1-kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoiotests: Test committing to short backing file
Kevin Wolf [Fri, 24 Apr 2020 12:54:47 +0000 (14:54 +0200)]
iotests: Test committing to short backing file

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200424125448.63318-10-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoiotests: Filter testfiles out in filter_img_info()
Kevin Wolf [Fri, 24 Apr 2020 12:54:46 +0000 (14:54 +0200)]
iotests: Filter testfiles out in filter_img_info()

We want to keep TEST_IMG for the full path of the main test image, but
filter_testfiles() must be called for other test images before replacing
other things like the image format because the test directory path could
contain the format as a substring.

Insert a filter_testfiles() call between both.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200424125448.63318-9-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoblock: truncate: Don't make backing file data visible
Kevin Wolf [Fri, 24 Apr 2020 12:54:45 +0000 (14:54 +0200)]
block: truncate: Don't make backing file data visible

When extending the size of an image that has a backing file larger than
its old size, make sure that the backing file data doesn't become
visible in the guest, but the added area is properly zeroed out.

Consider the following scenario where the overlay is shorter than its
backing file:

    base.qcow2:     AAAAAAAA
    overlay.qcow2:  BBBB

When resizing (extending) overlay.qcow2, the new blocks should not stay
unallocated and make the additional As from base.qcow2 visible like
before this patch, but zeros should be read.

A similar case happens with the various variants of a commit job when an
intermediate file is short (- for unallocated):

    base.qcow2:     A-A-AAAA
    mid.qcow2:      BB-B
    top.qcow2:      C--C--C-

After commit top.qcow2 to mid.qcow2, the following happens:

    mid.qcow2:      CB-C00C0 (correct result)
    mid.qcow2:      CB-C--C- (before this fix)

Without the fix, blocks that previously read as zeros on top.qcow2
suddenly turn into A.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200424125448.63318-8-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agofile-posix: Support BDRV_REQ_ZERO_WRITE for truncate
Kevin Wolf [Fri, 24 Apr 2020 12:54:44 +0000 (14:54 +0200)]
file-posix: Support BDRV_REQ_ZERO_WRITE for truncate

For regular files, we always get BDRV_REQ_ZERO_WRITE behaviour from the
OS, so we can advertise the flag and just ignore it.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200424125448.63318-7-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoraw-format: Support BDRV_REQ_ZERO_WRITE for truncate
Kevin Wolf [Fri, 24 Apr 2020 12:54:43 +0000 (14:54 +0200)]
raw-format: Support BDRV_REQ_ZERO_WRITE for truncate

The raw format driver can simply forward the flag and let its bs->file
child take care of actually providing the zeros.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200424125448.63318-6-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoqcow2: Support BDRV_REQ_ZERO_WRITE for truncate
Kevin Wolf [Fri, 24 Apr 2020 12:54:42 +0000 (14:54 +0200)]
qcow2: Support BDRV_REQ_ZERO_WRITE for truncate

If BDRV_REQ_ZERO_WRITE is set and we're extending the image, calling
qcow2_cluster_zeroize() with flags=0 does the right thing: It doesn't
undo any previous preallocation, but just adds the zero flag to all
relevant L2 entries. If an external data file is in use, a write_zeroes
request to the data file is made instead.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200424125448.63318-5-kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoblock-backend: Add flags to blk_truncate()
Kevin Wolf [Fri, 24 Apr 2020 12:54:41 +0000 (14:54 +0200)]
block-backend: Add flags to blk_truncate()

Now that node level interface bdrv_truncate() supports passing request
flags to the block driver, expose this on the BlockBackend level, too.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200424125448.63318-4-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoblock: Add flags to bdrv(_co)_truncate()
Kevin Wolf [Fri, 24 Apr 2020 12:54:40 +0000 (14:54 +0200)]
block: Add flags to bdrv(_co)_truncate()

Now that block drivers can support flags for .bdrv_co_truncate, expose
the parameter in the node level interfaces bdrv_co_truncate() and
bdrv_truncate().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200424125448.63318-3-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoblock: Add flags to BlockDriver.bdrv_co_truncate()
Kevin Wolf [Fri, 24 Apr 2020 12:54:39 +0000 (14:54 +0200)]
block: Add flags to BlockDriver.bdrv_co_truncate()

This adds a new BdrvRequestFlags parameter to the .bdrv_co_truncate()
driver callbacks, and a supported_truncate_flags field in
BlockDriverState that allows drivers to advertise support for request
flags in the context of truncate.

For now, we always pass 0 and no drivers declare support for any flag.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200424125448.63318-2-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoqemu-iotests: allow qcow2 external discarded clusters to contain stale data
Paolo Bonzini [Thu, 9 Apr 2020 19:10:06 +0000 (15:10 -0400)]
qemu-iotests: allow qcow2 external discarded clusters to contain stale data

Test 244 checks the expected behavior of qcow2 external data files
with respect to zero and discarded clusters.  Filesystems however
are free to ignore discard requests, and this seems to be the
case for overlayfs.  Relax the tests to skip checks on the
external data file for discarded areas, which implies not using
qemu-img compare in the data_file_raw=on case.

This fixes docker tests on RHEL8.

Cc: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-block@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200409191006.24429-1-pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoqcow2: Add incompatibility note between backing files and raw external data files
Alberto Garcia [Fri, 10 Apr 2020 12:18:15 +0000 (14:18 +0200)]
qcow2: Add incompatibility note between backing files and raw external data files

Backing files and raw external data files are mutually exclusive.
The documentation of the raw external data bit (in autoclear_features)
already indicates that, but we should also mention it on the other
side.

Suggested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20200410121816.8334-1-berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/edgar/tags/edgar/xilinx-next-2020-04-30.for...
Peter Maydell [Thu, 30 Apr 2020 15:47:23 +0000 (16:47 +0100)]
Merge remote-tracking branch 'remotes/edgar/tags/edgar/xilinx-next-2020-04-30.for-upstream' into staging

For upstream

# gpg: Signature made Thu 30 Apr 2020 11:14:13 BST
# gpg:                using RSA key AC44FEDC14F7F1EBEDBF415129C596780F6BCA83
# gpg: Good signature from "Edgar E. Iglesias (Xilinx key) <edgar.iglesias@xilinx.com>" [unknown]
# gpg:                 aka "Edgar E. Iglesias <edgar.iglesias@gmail.com>" [full]
# Primary key fingerprint: AC44 FEDC 14F7 F1EB EDBF  4151 29C5 9678 0F6B CA83

* remotes/edgar/tags/edgar/xilinx-next-2020-04-30.for-upstream:
  target/microblaze: Add the pvr-user2 property
  target/microblaze: Add the pvr-user1 property
  target/microblaze: Add the unaligned-exceptions property
  target/microblaze: Add the div-zero-exception property
  target/microblaze: Add the ill-opcode-exception property
  target/microblaze: Add the opcode-0x0-illegal CPU property

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200430-1' into...
Peter Maydell [Thu, 30 Apr 2020 14:45:34 +0000 (15:45 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200430-1' into staging

target-arm queue:
 * xlnx-zdma: Fix endianness handling of descriptor loading
 * nrf51: Fix last GPIO CNF address
 * gicv3: Use gicr_typer in arm_gicv3_icc_reset
 * msf2: Add EMAC block to SmartFusion2 SoC
 * New clock modelling framework
 * hw/arm: versal: Setup the ADMA with 128bit bus-width
 * Cadence: gem: fix wraparound in 64bit descriptors
 * cadence_gem: clear RX control descriptor
 * target/arm: Vectorize integer comparison vs zero
 * hw/arm/virt: dt: add kaslr-seed property
 * hw/arm: xlnx-zcu102: Disable unsupported FDT firmware nodes

# gpg: Signature made Thu 30 Apr 2020 15:43:54 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200430-1: (30 commits)
  hw/arm: xlnx-zcu102: Disable unsupported FDT firmware nodes
  hw/arm: xlnx-zcu102: Move arm_boot_info into XlnxZCU102
  device_tree: Constify compat in qemu_fdt_node_path()
  device_tree: Allow name wildcards in qemu_fdt_node_path()
  target/arm/cpu: Update coding style to make checkpatch.pl happy
  target/arm: Make cpu_register() available for other files
  target/arm: Restrict the Address Translate write operation to TCG accel
  hw/arm/virt: dt: add kaslr-seed property
  hw/arm/virt: dt: move creation of /secure-chosen to create_fdt()
  target/arm: Vectorize integer comparison vs zero
  net: cadence_gem: clear RX control descriptor
  Cadence: gem: fix wraparound in 64bit descriptors
  hw/arm: versal: Setup the ADMA with 128bit bus-width
  qdev-monitor: print the device's clock with info qtree
  hw/arm/xilinx_zynq: connect uart clocks to slcr
  hw/char/cadence_uart: add clock support
  hw/misc/zynq_slcr: add clock generation for uarts
  docs/clocks: add device's clock documentation
  qdev-clock: introduce an init array to ease the device construction
  qdev: add clock input&output support to devices.
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: xlnx-zcu102: Disable unsupported FDT firmware nodes
Edgar E. Iglesias [Thu, 23 Apr 2020 12:11:14 +0000 (14:11 +0200)]
hw/arm: xlnx-zcu102: Disable unsupported FDT firmware nodes

Disable unsupported FDT firmware nodes if a user passes us
a DTB with nodes enabled that the machine cannot support
due to lack of EL3 or EL2 support.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200423121114.4274-5-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: xlnx-zcu102: Move arm_boot_info into XlnxZCU102
Edgar E. Iglesias [Thu, 23 Apr 2020 12:11:13 +0000 (14:11 +0200)]
hw/arm: xlnx-zcu102: Move arm_boot_info into XlnxZCU102

Move arm_boot_info into XlnxZCU102.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200423121114.4274-4-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agodevice_tree: Constify compat in qemu_fdt_node_path()
Edgar E. Iglesias [Thu, 23 Apr 2020 12:11:12 +0000 (14:11 +0200)]
device_tree: Constify compat in qemu_fdt_node_path()

Make compat in qemu_fdt_node_path() const char *.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200423121114.4274-3-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agodevice_tree: Allow name wildcards in qemu_fdt_node_path()
Edgar E. Iglesias [Thu, 23 Apr 2020 12:11:11 +0000 (14:11 +0200)]
device_tree: Allow name wildcards in qemu_fdt_node_path()

Allow name wildcards in qemu_fdt_node_path(). This is useful
to find all nodes with a given compatibility string.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200423121114.4274-2-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget/arm/cpu: Update coding style to make checkpatch.pl happy
Philippe Mathieu-Daudé [Thu, 23 Apr 2020 07:33:57 +0000 (09:33 +0200)]
target/arm/cpu: Update coding style to make checkpatch.pl happy

We will move this code in the next commit. Clean it up
first to avoid checkpatch.pl errors.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200423073358.27155-5-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget/arm: Make cpu_register() available for other files
Thomas Huth [Thu, 23 Apr 2020 07:33:55 +0000 (09:33 +0200)]
target/arm: Make cpu_register() available for other files

Make cpu_register() (renamed to arm_cpu_register()) available
from internals.h so we can register CPUs also from other files
in the future.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200423073358.27155-3-philmd@redhat.com
Message-ID: <20190921150420.30743-2-thuth@redhat.com>
[PMD: Only take cpu_register() from Thomas's patch]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget/arm: Restrict the Address Translate write operation to TCG accel
Philippe Mathieu-Daudé [Thu, 23 Apr 2020 07:33:54 +0000 (09:33 +0200)]
target/arm: Restrict the Address Translate write operation to TCG accel

Under KVM these registers are written by the hardware.
Restrict the writefn handlers to TCG to avoid when building
without TCG:

      LINK    aarch64-softmmu/qemu-system-aarch64
    target/arm/helper.o: In function `do_ats_write':
    target/arm/helper.c:3524: undefined reference to `raise_exception'

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200423073358.27155-2-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm/virt: dt: add kaslr-seed property
Jerome Forissier [Mon, 20 Apr 2020 12:18:07 +0000 (14:18 +0200)]
hw/arm/virt: dt: add kaslr-seed property

Generate random seeds to be used by the non-secure and/or secure OSes
for ASLR. The seeds are 64-bit random values exported via the DT
properties /chosen/kaslr-seed [1] and /secure-chosen/kaslr-seed, the
latter being used by OP-TEE [2].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e5bc0c37c97e1
[2] https://github.com/OP-TEE/optee_os/commit/ef262691fe0e

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Message-id: 20200420121807.8204-3-jerome@forissier.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm/virt: dt: move creation of /secure-chosen to create_fdt()
Jerome Forissier [Mon, 20 Apr 2020 12:18:06 +0000 (14:18 +0200)]
hw/arm/virt: dt: move creation of /secure-chosen to create_fdt()

The /secure-chosen node is currently used only by create_uart(), but
this will change. Therefore move the creation of this node to
create_fdt().

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Message-id: 20200420121807.8204-2-jerome@forissier.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget/arm: Vectorize integer comparison vs zero
Richard Henderson [Sat, 18 Apr 2020 16:28:08 +0000 (09:28 -0700)]
target/arm: Vectorize integer comparison vs zero

These instructions are often used in glibc's string routines.
They were the final uses of the 32-bit at a time neon helpers.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200418162808.4680-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agonet: cadence_gem: clear RX control descriptor
Ramon Fried [Sat, 18 Apr 2020 08:51:45 +0000 (11:51 +0300)]
net: cadence_gem: clear RX control descriptor

The RX ring descriptors control field is used for setting
SOF and EOF (start of frame and end of frame).
The SOF and EOF weren't cleared from the previous descriptors,
causing inconsistencies in ring buffer.
Fix that by clearing the control field of every descriptors we're
processing.

Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200418085145.489726-1-rfried.dev@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoCadence: gem: fix wraparound in 64bit descriptors
Ramon Fried [Fri, 17 Apr 2020 17:17:36 +0000 (20:17 +0300)]
Cadence: gem: fix wraparound in 64bit descriptors

Wraparound of TX descriptor cyclic buffer only updated
the low 32 bits of the descriptor.
Fix that by checking if we're working with 64bit descriptors.

Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200417171736.441607-1-rfried.dev@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm: versal: Setup the ADMA with 128bit bus-width
Edgar E. Iglesias [Fri, 17 Apr 2020 15:38:00 +0000 (17:38 +0200)]
hw/arm: versal: Setup the ADMA with 128bit bus-width

Setup the ADMA with 128bit bus-width. This matters when
FIXED BURST mode is used.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20200417153800.27399-2-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoqdev-monitor: print the device's clock with info qtree
Damien Hedde [Mon, 6 Apr 2020 13:52:51 +0000 (15:52 +0200)]
qdev-monitor: print the device's clock with info qtree

This prints the clocks attached to a DeviceState when using
"info qtree" monitor command. For every clock, it displays the
direction, the name and if the clock is forwarded. For input clock,
it displays also the frequency.

This is based on the original work of Frederic Konrad.

Here follows a sample of `info qtree` output on xilinx_zynq machine
after linux boot with only one uart clocked:
> bus: main-system-bus
>  type System
>  [...]
>  dev: cadence_uart, id ""
>    gpio-out "sysbus-irq" 1
>    clock-in "refclk" freq_hz=0.000000e+00
>    chardev = ""
>    mmio 00000000e0001000/0000000000001000
>  dev: cadence_uart, id ""
>    gpio-out "sysbus-irq" 1
>    clock-in "refclk" freq_hz=1.375661e+07
>    chardev = "serial0"
>    mmio 00000000e0000000/0000000000001000
>  [...]
>  dev: xilinx,zynq_slcr, id ""
>    clock-out "uart1_ref_clk" freq_hz=0.000000e+00
>    clock-out "uart0_ref_clk" freq_hz=1.375661e+07
>    clock-in "ps_clk" freq_hz=3.333333e+07
>    mmio 00000000f8000000/0000000000001000

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200406135251.157596-10-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm/xilinx_zynq: connect uart clocks to slcr
Damien Hedde [Mon, 6 Apr 2020 13:52:50 +0000 (15:52 +0200)]
hw/arm/xilinx_zynq: connect uart clocks to slcr

Add the connection between the slcr's output clocks and the uarts inputs.

Also add the main board clock 'ps_clk', which is hard-coded to 33.33MHz
(the default frequency). This clock is used to feed the slcr's input
clock.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200406135251.157596-9-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>