Peter Maydell [Sun, 13 Feb 2022 20:33:28 +0000 (20:33 +0000)]
Merge remote-tracking branch 'remotes/legoater/tags/pull-ppc-20220210' into staging
ppc-7.0 queue
* Exception model rework (Fabiano)
* Unused CPU models removal (Fabiano and Cédric)
* Fix for VOF installation (Alexey)
* Misc fixes
# gpg: Signature made Thu 10 Feb 2022 12:59:07 GMT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* remotes/legoater/tags/pull-ppc-20220210: (42 commits)
spapr/vof: Install rom and nvram binaries
docs: rstfy confidential guest documentation
target/ppc: Change VSX instructions behavior to fill with zeros
target/ppc: books: Remove excp_model argument from ppc_excp_apply_ail
target/ppc: Assert if MSR bits differ from msr_mask during exceptions
target/ppc: powerpc_excp: Move common code to the caller function
target/ppc: Remove powerpc_excp_legacy
target/ppc: 7xx: Set SRRs directly in exception code
target/ppc: 7xx: Software TLB cleanup
target/ppc: 7xx: System Reset cleanup
target/ppc: 7xx: System Call exception cleanup
target/ppc: 7xx: Program exception cleanup
target/ppc: 7xx: External interrupt cleanup
target/ppc: 7xx: Machine Check exception cleanup
target/ppc: Simplify powerpc_excp_7xx
target/ppc: Introduce powerpc_excp_7xx
target/ppc: Merge 7x5 and 7x0 exception model IDs
target/ppc: 6xx: Set SRRs directly in exception code
target/ppc: 6xx: Software TLB exceptions cleanup
target/ppc: 6xx: System Reset interrupt cleanup
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sat, 12 Feb 2022 22:04:07 +0000 (22:04 +0000)]
Merge remote-tracking branch 'remotes/vsementsov/tags/pull-nbd-2022-02-09-v2' into staging
nbd: handle AioContext change correctly
v2: add my s-o-b marks to each commit
# gpg: Signature made Fri 11 Feb 2022 13:14:55 GMT
# gpg: using RSA key 8B9C26CDB2FD147C880E86A1561F24C1F19F79FB
# gpg: Good signature from "Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8B9C 26CD B2FD 147C 880E 86A1 561F 24C1 F19F 79FB
* remotes/vsementsov/tags/pull-nbd-2022-02-09-v2:
iotests/281: Let NBD connection yield in iothread
block/nbd: Move s->ioc on AioContext change
iotests/281: Test lingering timers
iotests.py: Add QemuStorageDaemon class
block/nbd: Assert there are no timers when closed
block/nbd: Delete open timer when done
block/nbd: Delete reconnect delay timer when done
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 11 Feb 2022 13:11:49 +0000 (13:11 +0000)]
Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-and-plugins-090222-1' into staging
Testing and plugin updates:
- include vhost tests in qtest
- clean-up gcov ephemera in clean/.gitignore
- lcitool and docker updates
- mention .editorconfig in devel notes
- switch Centos8 to Centos Stream 8
- remove TCG tracing support
- add coverage plugin using drcov format
- expand abilities of libinsn.so plugin
- use correct logging for i386 int cases
- move reset of plugin data to start of block
- deprecate ppc6432abi
- fix TARGET_ABI_FMT_ptr for softmmu builds
# gpg: Signature made Wed 09 Feb 2022 14:13:14 GMT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* remotes/stsquad/tags/pull-testing-and-plugins-090222-1: (28 commits)
include/exec: fix softmmu version of TARGET_ABI_FMT_lx
linux-user: Remove the deprecated ppc64abi32 target
plugins: move reset of plugin data to tb_start
target/i386: use CPU_LOG_INT for IRQ servicing
tests/plugins: add instruction matching to libinsn.so
tests/plugin: allow libinsn.so per-CPU counts
contrib/plugins: add a drcov plugin
plugins: add helper functions for coverage plugins
tracing: excise the tcg related from tracetool
tracing: remove the trace-tcg includes from the build
tracing: remove TCG memory access tracing
docs: remove references to TCG tracing
tests/tcg/sh4: disable another unreliable test
tests: Update CentOS 8 container to CentOS Stream 8
tests/lcitool: Allow lcitool-refresh in out-of-tree builds, too
gitlab: fall back to commit hash in qemu-setup filename
docs/devel: mention our .editorconfig
tests/lcitool: Install libibumad to cover RDMA on Debian based distros
tests: Manually remove libxml2 on MSYS2 runners
tests/lcitool: Refresh submodule and remove libxml2
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Hanna Reitz [Fri, 4 Feb 2022 11:10:12 +0000 (12:10 +0100)]
iotests/281: Let NBD connection yield in iothread
Put an NBD block device into an I/O thread, and then read data from it,
hoping that the NBD connection will yield during that read. When it
does, the coroutine must be reentered in the block device's I/O thread,
which will only happen if the NBD block driver attaches the connection's
QIOChannel to the new AioContext. It did not do that after 4ddb5d2fde
("block/nbd: drop connection_co") and prior to "block/nbd: Move s->ioc
on AioContext change", which would cause an assertion failure.
To improve our chances of yielding, the NBD server is throttled to
reading 64 kB/s, and the NBD client reads 128 kB, so it should yield at
some point.
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Hanna Reitz [Fri, 4 Feb 2022 11:10:11 +0000 (12:10 +0100)]
block/nbd: Move s->ioc on AioContext change
s->ioc must always be attached to the NBD node's AioContext. If that
context changes, s->ioc must be attached to the new context.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2033626 Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Hanna Reitz [Fri, 4 Feb 2022 11:10:10 +0000 (12:10 +0100)]
iotests/281: Test lingering timers
Prior to "block/nbd: Delete reconnect delay timer when done" and
"block/nbd: Delete open timer when done", both of those timers would
remain scheduled even after successfully (re-)connecting to the server,
and they would not even be deleted when the BDS is deleted.
This test constructs exactly this situation:
(1) Configure an @open-timeout, so the open timer is armed, and
(2) Configure a @reconnect-delay and trigger a reconnect situation
(which succeeds immediately), so the reconnect delay timer is armed.
Then we immediately delete the BDS, and sleep for longer than the
@open-timeout and @reconnect-delay. Prior to said patches, this caused
one (or both) of the timer CBs to access already-freed data.
Accessing freed data may or may not crash, so this test can produce
false successes, but I do not know how to show the problem in a better
or more reliable way. If you run this test on "block/nbd: Assert there
are no timers when closed" and without the fix patches mentioned above,
you should reliably see an assertion failure.
(But all other tests that use the reconnect delay timer (264 and 277)
will fail in that configuration, too; as will nbd-reconnect-on-open,
which uses the open timer.)
Remove this test from the quick group because of the two second sleep
this patch introduces.
(I decided to put this test case into 281, because the main bug this
series addresses is in the interaction of the NBD block driver and I/O
threads, which is precisely the scope of 281. The test case for that
other bug will also be put into the test class added here.
Also, excuse the test class's name, I couldn't come up with anything
better. The "yield" part will make sense two patches from now.)
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Hanna Reitz [Fri, 4 Feb 2022 11:10:09 +0000 (12:10 +0100)]
iotests.py: Add QemuStorageDaemon class
This is a rather simple class that allows creating a QSD instance
running in the background and stopping it when no longer needed.
The __del__ handler is a safety net for when something goes so wrong in
a test that e.g. the tearDown() method is not called (e.g. setUp()
launches the QSD, but then launching a VM fails). We do not want the
QSD to continue running after the test has failed, so __del__() will
take care to kill it.
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Hanna Reitz [Fri, 4 Feb 2022 11:10:08 +0000 (12:10 +0100)]
block/nbd: Assert there are no timers when closed
Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or
they will access freed data when they fire.
This patch is separate from the patches that actually fix the issue
(HEAD^^ and HEAD^) so that you can run the associated regression iotest
(281) on a configuration that reproducibly exposes the bug.
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Hanna Reitz [Fri, 4 Feb 2022 11:10:07 +0000 (12:10 +0100)]
block/nbd: Delete open timer when done
We start the open timer to cancel the connection attempt after a while.
Once nbd_do_establish_connection() has returned, the attempt is over,
and we no longer need the timer.
Delete it before returning from nbd_open(), so that it does not persist
for longer. It has no use after nbd_open(), and just like the reconnect
delay timer, it might well be dangerous if it were to fire afterwards.
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Hanna Reitz [Fri, 4 Feb 2022 11:10:06 +0000 (12:10 +0100)]
block/nbd: Delete reconnect delay timer when done
We start the reconnect delay timer to cancel the reconnection attempt
after a while. Once nbd_co_do_establish_connection() has returned, this
attempt is over, and we no longer need the timer.
Delete it before returning from nbd_reconnect_attempt(), so that it does
not persist beyond the I/O request that was paused for reconnecting; we
do not want it to fire in a drained section, because all sort of things
can happen in such a section (e.g. the AioContext might be changed, and
we do not want the timer to fire in the wrong context; or the BDS might
even be deleted, and so the timer CB would access already-freed data).
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Thomas Huth [Wed, 12 Jan 2022 11:27:22 +0000 (11:27 +0000)]
linux-user: Remove the deprecated ppc64abi32 target
It's likely broken, and nobody cared for picking it up again
during the deprecation phase, so let's remove this now.
Since this is the last entry in deprecated_targets_list, remove
the related code in the configure script, too.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Cédric Le Goater <clg@kaod.org> Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20211215084958.185214-1-thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220112112722.3641051-32-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:35 +0000 (20:43 +0000)]
plugins: move reset of plugin data to tb_start
We can't always guarantee we get to the end of a translator loop.
Although this can happen for a variety of reasons it does happen more
often on x86 system emulation when an instruction spans across to an
un-faulted page. This caused confusion of the instruction tracking
data resulting in apparent reverse execution (at least from the
plugins point of view).
Fix this by moving the reset code to plugin_gen_tb_start so we always
start with a clean slate.
We unconditionally reset tcg_ctx->plugin_insn as the
plugin_insn_append code uses this as a proxy for knowing if plugins
are enabled for the current instruction. Otherwise we can hit a race
where a previously instrumented thread leaves a stale value after the
main thread exits and disables instrumentation.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/824 Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220204204335.1689602-27-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:34 +0000 (20:43 +0000)]
target/i386: use CPU_LOG_INT for IRQ servicing
I think these have been wrong since f193c7979c (do not depend on
thunk.h - more log items). Fix them so as not to confuse other
debugging.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220204204335.1689602-26-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:33 +0000 (20:43 +0000)]
tests/plugins: add instruction matching to libinsn.so
This adds simple instruction matching to the libinsn.so plugin which
is useful for examining the execution distance between instructions.
For example to track how often we flush in ARM due to TLB updates:
-plugin ./tests/plugin/libinsn.so,match=tlbi
which leads to output like this:
0xffffffc01019a918, 'tlbi vale1is, x1', 5702 hits, 31825 match hits, Δ+8112 since last match, 68859 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5703 hits, 56593 match hits, Δ+17712125 since last match, 33455 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5704 hits, 56594 match hits, Δ+12689 since last match, 33454 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5705 hits, 56595 match hits, Δ+12585 since last match, 33454 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5706 hits, 56596 match hits, Δ+10491 since last match, 33454 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5707 hits, 56597 match hits, Δ+4721 since last match, 33453 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5708 hits, 56598 match hits, Δ+10733 since last match, 33453 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5709 hits, 56599 match hits, Δ+61959 since last match, 33453 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5710 hits, 56600 match hits, Δ+55235 since last match, 33454 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5711 hits, 56601 match hits, Δ+54373 since last match, 33454 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5712 hits, 56602 match hits, Δ+2705 since last match, 33453 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5713 hits, 56603 match hits, Δ+17262 since last match, 33453 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5714 hits, 56604 match hits, Δ+17206 since last match, 33453 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5715 hits, 56605 match hits, Δ+28940 since last match, 33453 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5716 hits, 56606 match hits, Δ+7370 since last match, 33452 avg insns/match
0xffffffc01019a918, 'tlbi vale1is, x1', 5717 hits, 56607 match hits, Δ+7066 since last match, 33452 avg insns/match
showing we do some sort of TLBI invalidation every 33 thousand
instructions.
Cc: Vasilev Oleg <vasilev.oleg@huawei.com> Cc: Richard Henderson <richard.henderson@linaro.org> Cc: Emilio Cota <cota@braap.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220204204335.1689602-25-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:32 +0000 (20:43 +0000)]
tests/plugin: allow libinsn.so per-CPU counts
We won't go fully flexible but for most system emulation 8 vCPUs
resolution should be enough for anybody ;-)
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220204204335.1689602-24-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:29 +0000 (20:43 +0000)]
tracing: excise the tcg related from tracetool
Now we have no TCG trace events and no longer handle them in the code
we can remove the handling from the tracetool to generate them. vcpu
tracing is still available although the existing syscall event is an
exercise in redundancy (plugins and -strace can also get the
information).
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Cc: Luis Vilanova <vilanova@imperial.ac.uk> Cc: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20220204204335.1689602-21-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:28 +0000 (20:43 +0000)]
tracing: remove the trace-tcg includes from the build
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Cc: Luis Vilanova <vilanova@imperial.ac.uk> Cc: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220204204335.1689602-20-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:27 +0000 (20:43 +0000)]
tracing: remove TCG memory access tracing
If you really want to trace all memory operations TCG plugins gives
you a more flexible interface for doing so.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Cc: Luis Vilanova <vilanova@imperial.ac.uk> Cc: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20220204204335.1689602-19-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:26 +0000 (20:43 +0000)]
docs: remove references to TCG tracing
Users wanting this sort of functionality should turn to TCG plugins
instead.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Cc: Luis Vilanova <vilanova@imperial.ac.uk> Cc: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20220204204335.1689602-18-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:25 +0000 (20:43 +0000)]
tests/tcg/sh4: disable another unreliable test
Given the other failures it looks like general thread handling on sh4
is sketchy. It fails more often on CI than on my developer machine
though. See https://gitlab.com/qemu-project/qemu/-/issues/856 for more
details.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Cc: Yoshinori Sato <ysato@users.sourceforge.jp> Cc: Laurent Vivier <laurent@vivier.eu> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220204204335.1689602-17-alex.bennee@linaro.org>
Thomas Huth [Fri, 4 Feb 2022 20:43:24 +0000 (20:43 +0000)]
tests: Update CentOS 8 container to CentOS Stream 8
Support for CentOS 8 has stopped at the end of 2021, so let's
switch to the Stream variant instead.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220201101911.97900-1-thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220204204335.1689602-16-alex.bennee@linaro.org>
Thomas Huth [Fri, 4 Feb 2022 20:43:23 +0000 (20:43 +0000)]
tests/lcitool: Allow lcitool-refresh in out-of-tree builds, too
When running "make lcitool-refresh" in an out-of-tree build, it
currently fails with an error message from git like this:
fatal: not a git repository (or any parent up to mount point /)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
Fix it by changing to the source directory first before updating
the submodule.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220201085554.85733-1-thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220204204335.1689602-15-alex.bennee@linaro.org>
Stefan Hajnoczi [Fri, 4 Feb 2022 20:43:22 +0000 (20:43 +0000)]
gitlab: fall back to commit hash in qemu-setup filename
Personal repos may not have release tags (v6.0.0, v6.1.0, etc) and this
causes cross_system_build_job to fail when pretty-printing a unique
qemu-setup-*.exe name:
Alex Bennée [Fri, 4 Feb 2022 20:43:21 +0000 (20:43 +0000)]
docs/devel: mention our .editorconfig
Ideally we should keep all our automatic formatting gubins in here.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220204204335.1689602-13-alex.bennee@linaro.org>
tests/lcitool: Install libibumad to cover RDMA on Debian based distros
On Debian we also need libibumad to enable RDMA:
$ ../configure --enable-rdma
ERROR: OpenFabrics librdmacm/libibverbs/libibumad not present.
Your options:
(1) Fast: Install infiniband packages (devel) from your distro.
(2) Cleanest: Install libraries from www.openfabrics.org
(3) Also: Install softiwarp if you don't have RDMA hardware
Add the dependency to lcitool's qemu.yml (where librdmacm and
libibverbs are already listed) and refresh the generated files
by running:
$ make lcitool-refresh
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220121154134.315047-8-f4bug@amsat.org>
Message-Id: <20220204204335.1689602-12-alex.bennee@linaro.org>
lcitool doesn't support MSYS2 targets, so manually remove
this now unnecessary library.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220121154134.315047-7-f4bug@amsat.org>
Message-Id: <20220204204335.1689602-11-alex.bennee@linaro.org>
tests/lcitool: Refresh submodule and remove libxml2
The previous commit removed all uses of libxml2.
Refresh lcitool submodule, update qemu.yml and refresh the generated
files by running:
$ make lcitool-refresh
Note: This refreshment also removes libudev dependency on Fedora
and CentOS due to libvirt-ci commit 18bfaee ("mappings: Improve
mapping for libudev"), since "The udev project has been absorbed
by the systemd project", and lttng-ust on FreeBSD runners due to
libvirt-ci commit 6dd9b6f ("guests: drop lttng-ust from FreeBSD
platform").
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220121154134.315047-6-f4bug@amsat.org>
Message-Id: <20220204204335.1689602-10-alex.bennee@linaro.org>
Michael Tokarev [Fri, 4 Feb 2022 20:43:17 +0000 (20:43 +0000)]
drop libxml2 checks since libxml is not actually used (for parallels)
For a long time, we assumed that libxml2 is necessary for parallels
block format support (block/parallels*). However, this format actually
does not use libxml [*]. Since this is the only user of libxml2 in
whole QEMU tree, we can drop all libxml2 checks and dependencies too.
It is even more: --enable-parallels configure option was the only
option which was silently ignored when it's (fake) dependency
(libxml2) isn't installed.
Drop all mentions of libxml2.
[*] Actually the basis for libxml use were introduced in commit ed279a06c53 ("configure: add dependency") but the implementation
was never merged:
https://lore.kernel.org/qemu-devel/70227bbd-a517-70e9-714f-e6e0ec431be9@openvz.org/
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20220119090423.149315-1-mjt@msgid.tls.msk.ru> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
[PMD: Updated description and adapted to use lcitool] Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220121154134.315047-5-f4bug@amsat.org> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20220204204335.1689602-9-alex.bennee@linaro.org>
tests/lcitool: Include local qemu.yml when refreshing cirrus-ci files
The script only include the local qemu.yml for Dockerfiles.
Since we want to keep the Cirrus-CI generated files in sync,
also use the --data-dir option in generate_cirrus().
Fixes: c45a540f4bd (".gitlab-ci.d/cirrus: auto-generate variables with lcitool") Reported-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220121154134.315047-4-f4bug@amsat.org>
Message-Id: <20220204204335.1689602-8-alex.bennee@linaro.org>
MAINTAINERS: Cover lcitool submodule with build test / automation
lcitool is used by build test / automation, we want maintainers
to get notified if the submodule is updated.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220121154134.315047-2-f4bug@amsat.org>
Message-Id: <20220204204335.1689602-6-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:13 +0000 (20:43 +0000)]
.gitignore: add .gcov pattern
The gcovr tool is very messy and can leave a lot of crap in the source
tree even when using build directories.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220204204335.1689602-5-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:12 +0000 (20:43 +0000)]
Makefile: also remove .gcno files when cleaning
Left over .gcno files from old builds can really confuse gcov and the
user expects a clean slate after "make clean". Make clean mean clean.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220204204335.1689602-4-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:11 +0000 (20:43 +0000)]
tests/qtest: enable more vhost-user tests by default
If this starts causing failures again we should probably fix that.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220204204335.1689602-3-alex.bennee@linaro.org>
Alex Bennée [Fri, 4 Feb 2022 20:43:10 +0000 (20:43 +0000)]
tests/Makefile.include: clean-up old code
This is no longer needed since a2ce7dbd91 ("meson: convert tests/qtest
to meson", 2020-08-21)
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220204204335.1689602-2-alex.bennee@linaro.org>
Víctor Colombo [Wed, 9 Feb 2022 08:08:56 +0000 (09:08 +0100)]
target/ppc: Change VSX instructions behavior to fill with zeros
ISA v3.1 changed some VSX instructions behavior by changing what the
other words/doubleword in the result should contain when the result is
only one word/doubleword. e.g. xsmaxdp operates on doubleword 0 and
saves the result also in doubleword 0.
Before, the second doubleword result was undefined according to the
ISA, but now it's stated that it should be zeroed.
Even tough the result was undefined before, hardware implementing these
instructions already filled these fields with 0s. Changing every ISA
version in QEMU to this behavior makes the results match what happens
in hardware.
Signed-off-by: Víctor Colombo <victor.colombo@eldorado.org.br> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220204181944.65063-1-victor.colombo@eldorado.org.br> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Fabiano Rosas [Wed, 9 Feb 2022 08:08:56 +0000 (09:08 +0100)]
target/ppc: Assert if MSR bits differ from msr_mask during exceptions
We currently abort QEMU during the dispatch of an interrupt if we try
to set MSR_HV without having MSR_HVB in the msr_mask. I think we
should verify this for all MSR bits. There is no reason to ever have a
MSR bit set if the corresponding bit is not set in that CPU's
msr_mask.
Note that this is not about the emulated code setting reserved
bits. We clear the new_msr when starting to dispatch an exception, so
if we end up with bits not present in the msr_mask that is a QEMU
programming error.
I kept the HSRR verification for BookS because it is the only CPU
family that has HSRRs.
Fabiano Rosas [Wed, 9 Feb 2022 08:08:56 +0000 (09:08 +0100)]
target/ppc: Simplify powerpc_excp_7xx
Differences from the generic powerpc_excp code:
- Not BookE, so some MSR bits are cleared at interrupt dispatch;
- No MSR_HV;
- No power saving states;
- No Hypervisor Emulation Assistance;
- Not 64 bits;
- No System call vectored;
- No Alternate Interrupt Location.
Fabiano Rosas [Wed, 9 Feb 2022 08:08:56 +0000 (09:08 +0100)]
target/ppc: Introduce powerpc_excp_7xx
Introduce a new powerpc_excp function specific for PowerPC 7xx CPUs
(740, 745, 750, 750cl, 750cx, 750fx, 750gx, 755). This commit copies
powerpc_excp_legacy verbatim so the next one has a clean diff.
Fabiano Rosas [Wed, 9 Feb 2022 08:08:55 +0000 (09:08 +0100)]
target/ppc: Simplify powerpc_excp_6xx
Differences from the generic powerpc_excp code:
- Not BookE, so some MSR bits are cleared at interrupt dispatch;
- No MSR_HV;
- No power saving states;
- No Hypervisor Emulation Assistance;
- Not 64 bits;
- No System call vectored;
- No Alternate Interrupt Location.
Fabiano Rosas [Wed, 9 Feb 2022 08:08:55 +0000 (09:08 +0100)]
target/ppc: Introduce powerpc_excp_6xx
Introduce a new powerpc_excp function specific for PowerPC 6xx CPUs
(603, 604, G2, MPC5xx, MCP8xx). This commit copies powerpc_excp_legacy
verbatim so the next one has a clean diff.
The PowerPC 601 processor is the first generation of processors to
implement the PowerPC architecture. It was designed as a bridge
processor and also could execute most of the instructions of the
previous POWER architecture. It was found on the first Macs and IBM
RS/6000 workstations.
There is not much interest in keeping the CPU model of this
POWER-PowerPC bridge processor. We have the 603 and 604 CPU models of
the 60x family which implement the complete PowerPC instruction set.
ppc_radix64_partition_scoped_xlate() logs the host page protection
bits variable but it is uninitialized. The value is set later on in
ppc_radix64_check_prot(). Remove the output.
Fixes: Coverity CID 1468942 Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <20220203142145.1301749-1-clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Fabiano Rosas [Wed, 9 Feb 2022 08:08:55 +0000 (09:08 +0100)]
target/ppc: Simplify powerpc_excp_booke
Differences from the generic powerpc_excp code:
- No MSR bits are cleared at interrupt dispatch;
- No MSR_HV;
- No power saving states;
- No Hypervisor Emulation Assistance;
- SPEU needs special handling;
- Big endian only;
- Both 64 and 32 bits;
- No System call vectored;
- No Alternate Interrupt Location.
Peter Maydell [Tue, 8 Feb 2022 11:40:08 +0000 (11:40 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20220208' into staging
target-arm queue:
* Fix handling of SVE ZCR_LEN when using VHE
* xlnx-zynqmp: 'Or' the QSPI / QSPI DMA IRQs
* Don't ever enable PSCI when booting guest in EL3
* Adhere to SMCCC 1.3 section 5.2
* highbank: Fix issues with booting SMP
* midway: Fix issues booting at all
* boot: Drop existing dtb /psci node rather than retaining it
* versal-virt: Always call arm_load_kernel()
* force flag recalculation when messing with DAIF
* hw/timer/armv7m_systick: Update clock source before enabling timer
* hw/arm/smmuv3: Fix device reset
* hw/intc/arm_gicv3_its: refactorings and minor bug fixes
* hw/sensor: Add lsm303dlhc magnetometer device
* remotes/pmaydell/tags/pull-target-arm-20220208: (39 commits)
hw/sensor: Add lsm303dlhc magnetometer device
hw/intc/arm_gicv3_its: Split error checks
hw/intc/arm_gicv3_its: Don't allow intid 1023 in MAPI/MAPTI
hw/intc/arm_gicv3_its: In MAPC with V=0, don't check rdbase field
hw/intc/arm_gicv3_its: Drop TableDesc and CmdQDesc valid fields
hw/intc/arm_gicv3_its: Make update_ite() use ITEntry
hw/intc/arm_gicv3_its: Pass ITE values back from get_ite() via a struct
hw/intc/arm_gicv3_its: Avoid nested ifs in get_ite()
hw/intc/arm_gicv3_its: Fix address calculation in get_ite() and update_ite()
hw/intc/arm_gicv3_its: Pass CTEntry to update_cte()
hw/intc/arm_gicv3_its: Keep CTEs as a struct, not a raw uint64_t
hw/intc/arm_gicv3_its: Pass DTEntry to update_dte()
hw/intc/arm_gicv3_its: Keep DTEs as a struct, not a raw uint64_t
hw/intc/arm_gicv3_its: Use address_space_map() to access command queue packets
hw/arm/smmuv3: Fix device reset
hw/timer/armv7m_systick: Update clock source before enabling timer
arm: force flag recalculation when messing with DAIF
hw/arm: versal-virt: Always call arm_load_kernel()
hw/arm/boot: Drop existing dtb /psci node rather than retaining it
hw/arm/boot: Drop nb_cpus field from arm_boot_info
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Kevin Townsend [Sun, 30 Jan 2022 09:50:32 +0000 (10:50 +0100)]
hw/sensor: Add lsm303dlhc magnetometer device
This commit adds emulation of the magnetometer on the LSM303DLHC.
It allows the magnetometer's X, Y and Z outputs to be set via the
mag-x, mag-y and mag-z properties, as well as the 12-bit
temperature output via the temperature property. Sensor can be
enabled with 'CONFIG_LSM303DLHC_MAG=y'.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
Message-id: 20220130095032.35392-1-kevin.townsend@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 1 Feb 2022 19:32:07 +0000 (19:32 +0000)]
hw/intc/arm_gicv3_its: Split error checks
In most of the ITS command processing, we check different error
possibilities one at a time and log them appropriately. In
process_mapti() and process_mapd() we have code which checks
multiple error cases at once, which means the logging is less
specific than it could be. Split those cases up.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-14-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:32:06 +0000 (19:32 +0000)]
hw/intc/arm_gicv3_its: Don't allow intid 1023 in MAPI/MAPTI
When handling MAPI/MAPTI, we allow the supplied interrupt ID to be
either 1023 or something in the valid LPI range. This is a mistake:
only a real valid LPI is allowed. (The general behaviour of the ITS
is that most interrupt ID fields require a value in the LPI range;
the exception is that fields specifying a doorbell value, which are
all in GICv4 commands, allow also 1023 to mean "no doorbell".)
Remove the condition that incorrectly allows 1023 here.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-13-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:32:05 +0000 (19:32 +0000)]
hw/intc/arm_gicv3_its: In MAPC with V=0, don't check rdbase field
In the MAPC command, if V=0 this is a request to delete a collection
table entry and the rdbase field of the command packet will not be
used. In particular, the specification says that the "UNPREDICTABLE
if rdbase is not valid" only applies for V=1.
We were doing a check-and-log-guest-error on rdbase regardless of
whether the V bit was set, and also (harmlessly but confusingly)
storing the contents of the rdbase field into the updated collection
table entry. Update the code so that if V=0 we don't check or use
the rdbase field value.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-12-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:32:04 +0000 (19:32 +0000)]
hw/intc/arm_gicv3_its: Drop TableDesc and CmdQDesc valid fields
Currently we track in the TableDesc and CmdQDesc structs the state of
the GITS_BASER<n> and GITS_CBASER Valid bits. However we aren't very
consistent abut checking the valid field: we test it in update_cte()
and update_dte(), but not anywhere else we look things up in tables.
The GIC specification says that it is UNPREDICTABLE if a guest fails
to set any of these Valid bits before enabling the ITS via
GITS_CTLR.Enabled. So we can choose to handle Valid == 0 as
equivalent to a zero-length table. This is in fact how we're already
catching this case in most of the table-access paths: when Valid is 0
we leave the num_entries fields in TableDesc or CmdQDesc set to zero,
and then the out-of-bounds check "index >= num_entries" that we have
to do anyway before doing any of these table lookups will always be
true, catching the no-valid-table case without any extra code.
So we can remove the checks on the valid field from update_cte()
and update_dte(): since these happen after the bounds check there
was never any case when the test could fail. That means the valid
fields would be entirely unused, so just remove them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-11-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:32:03 +0000 (19:32 +0000)]
hw/intc/arm_gicv3_its: Make update_ite() use ITEntry
Make the update_ite() struct use the new ITEntry struct, so that
callers don't need to assemble the in-memory ITE data themselves, and
only get_ite() and update_ite() need to care about that in-memory
layout. We can then drop the no-longer-used IteEntry struct
definition.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-10-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:32:02 +0000 (19:32 +0000)]
hw/intc/arm_gicv3_its: Pass ITE values back from get_ite() via a struct
In get_ite() we currently return the caller some of the fields of an
Interrupt Table Entry via a set of pointer arguments, and validate
some of them internally (interrupt type and valid bit) to return a
simple true/false 'valid' indication. Define a new ITEntry struct
which has all the fields that the in-memory ITE has, and bring the
get_ite() function in to line with get_dte() and get_cte().
This paves the way for handling virtual interrupts, which will want
a different subset of the fields in the ITE. Handling them under
the old "lots of pointer arguments" scheme would have meant a
confusingly large set of arguments for this function.
The new struct ITEntry is obviously confusably similar to the
existing IteEntry struct, whose fields are the raw 12 bytes
of the in-memory ITE. In the next commit we will make update_ite()
use ITEntry instead of IteEntry, which will allow us to delete
the IteEntry struct and remove the confusion.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-9-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:32:01 +0000 (19:32 +0000)]
hw/intc/arm_gicv3_its: Avoid nested ifs in get_ite()
The get_ite() code has some awkward nested if statements; clean
them up by returning early if the memory accesses fail.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-8-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:32:00 +0000 (19:32 +0000)]
hw/intc/arm_gicv3_its: Fix address calculation in get_ite() and update_ite()
In get_ite() and update_ite() we work with a 12-byte in-guest-memory
table entry, which we intend to handle as an 8-byte value followed by
a 4-byte value. Unfortunately the calculation of the address of the
4-byte value is wrong, because we write it as:
table_base_address + (index * entrysize) + 4
(obfuscated by the way the expression has been written)
when it should be + 8. This bug meant that we overwrote the top
bytes of the 8-byte value with the 4-byte value. There are no
guest-visible effects because the top half of the 8-byte value
contains only the doorbell interrupt field, which is used only in
GICv4, and the two bugs in the "write ITE" and "read ITE" codepaths
cancel each other out.
We can't simply change the calculation, because this would break
migration of a (TCG) guest from the old version of QEMU which had
in-guest-memory interrupt tables written using the buggy version of
update_ite(). We must also at the same time change the layout of the
fields within the ITE_L and ITE_H values so that the in-memory
locations of the fields we care about (VALID, INTTYPE, INTID and
ICID) stay the same.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-7-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:31:59 +0000 (19:31 +0000)]
hw/intc/arm_gicv3_its: Pass CTEntry to update_cte()
Make update_cte() take a CTEntry struct rather than all the fields
of the new CTE as separate arguments.
This brings it into line with the update_dte() API.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-6-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:31:58 +0000 (19:31 +0000)]
hw/intc/arm_gicv3_its: Keep CTEs as a struct, not a raw uint64_t
In the ITS, a CTE is an entry in the collection table, which contains
multiple fields. Currently the function get_cte() which reads one
entry from the device table returns a success/failure boolean and
passes back the raw 64-bit integer CTE value via a pointer argument.
We then extract fields from the CTE as we need them.
Create a real C struct with the same fields as the CTE, and
populate it in get_cte(), so that that function and update_cte()
are the only ones which need to care about the in-guest-memory
format of the CTE.
This brings get_cte()'s API into line with get_dte().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-5-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:31:57 +0000 (19:31 +0000)]
hw/intc/arm_gicv3_its: Pass DTEntry to update_dte()
Make update_dte() take a DTEntry struct rather than all the fields of
the new DTE as separate arguments.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-4-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:31:56 +0000 (19:31 +0000)]
hw/intc/arm_gicv3_its: Keep DTEs as a struct, not a raw uint64_t
In the ITS, a DTE is an entry in the device table, which contains
multiple fields. Currently the function get_dte() which reads one
entry from the device table returns it as a raw 64-bit integer,
which we then pass around in that form, only extracting fields
from it as we need them.
Create a real C struct with the same fields as the DTE, and
populate it in get_dte(), so that that function and update_dte()
are the only ones that need to care about the in-guest-memory
format of the DTE.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-3-peter.maydell@linaro.org
Peter Maydell [Tue, 1 Feb 2022 19:31:55 +0000 (19:31 +0000)]
hw/intc/arm_gicv3_its: Use address_space_map() to access command queue packets
Currently the ITS accesses each 8-byte doubleword in a 4-doubleword
command packet with a separate address_space_ldq_le() call. This is
awkward because the individual command processing functions have
ended up with code to handle "load more doublewords out of the
packet", which is both unwieldy and also a potential source of bugs
because it's not obvious when looking at a line that pulls a field
out of the 'value' variable which of the 4 doublewords that variable
currently holds.
Switch to using address_space_map() to map the whole command packet
at once and fish the four doublewords out of it. Then each process_*
function can start with a few lines of code that extract the fields
it cares about.
This requires us to split out the guts of process_its_cmd() into a
new do_process_its_cmd(), because we were previously overloading the
value and offset arguments as a backdoor way to directly pass the
devid and eventid from a write to GITS_TRANSLATER. The new
do_process_its_cmd() takes those arguments directly, and
process_its_cmd() is just a wrapper that does the "read fields from
command packet" part.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-2-peter.maydell@linaro.org
Eric Auger [Wed, 2 Feb 2022 11:16:02 +0000 (12:16 +0100)]
hw/arm/smmuv3: Fix device reset
We currently miss a bunch of register resets in the device reset
function. This sometimes prevents the guest from rebooting after
a system_reset (with virtio-blk-pci). For instance, we may get
the following errors:
invalid STE
smmuv3-iommu-memory-region-0-0 translation failed for iova=0x13a9d2000(SMMU_EVT_C_BAD_STE)
Invalid read at addr 0x13A9D2000, size 2, region '(null)', reason: rejected
invalid STE
smmuv3-iommu-memory-region-0-0 translation failed for iova=0x13a9d2000(SMMU_EVT_C_BAD_STE)
Invalid write at addr 0x13A9D2000, size 2, region '(null)', reason: rejected
invalid STE
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20220202111602.627429-1-eric.auger@redhat.com Fixes: 10a83cb988 ("hw/arm/smmuv3: Skeleton") Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Richard Petri [Tue, 1 Feb 2022 19:26:51 +0000 (20:26 +0100)]
hw/timer/armv7m_systick: Update clock source before enabling timer
Starting the SysTick timer and changing the clock source a the same time
will result in an error, if the previous clock period was zero. For exmaple,
on the mps2-tz platforms, no refclk is present. Right after reset, the
configured ptimer period is zero, and trying to enabling it will turn it off
right away. E.g., code running on the platform setting
should change the clock source and enable the timer on real hardware, but
resulted in an error in qemu.
Signed-off-by: Richard Petri <git@rpls.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220201192650.289584-1-git@rpls.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 2 Feb 2022 12:23:53 +0000 (12:23 +0000)]
arm: force flag recalculation when messing with DAIF
The recently introduced debug tests in kvm-unit-tests exposed an error
in our handling of singlestep cause by stale hflags. This is caught by
--enable-debug-tcg when running the tests.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reported-by: Andrew Jones <drjones@redhat.com> Tested-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220202122353.457084-1-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Always call arm_load_kernel() regardless of kernel_filename being
set. This is needed because arm_load_kernel() sets up reset for
the CPUs.
Fixes: 6f16da53ff (hw/arm: versal: Add a virtual Xilinx Versal board) Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20220130110313.4045351-2-edgar.iglesias@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 27 Jan 2022 15:46:39 +0000 (15:46 +0000)]
hw/arm/boot: Drop existing dtb /psci node rather than retaining it
If we're using PSCI emulation, we add a /psci node to the device tree
we pass to the guest. At the moment, if the dtb already has a /psci
node in it, we retain it, rather than replacing it. (This behaviour
was added in commit c39770cd637765 in 2018.)
This is a problem if the existing node doesn't match our PSCI
emulation. In particular, it might specify the wrong method (HVC vs
SMC), or wrong function IDs for cpu_suspend/cpu_off/etc, in which
case the guest will not get the behaviour it wants when it makes PSCI
calls.
An example of this is trying to boot the highbank or midway board
models using the device tree supplied in the kernel sources: this
device tree includes a /psci node that specifies function IDs that
don't match the (PSCI 0.2 compliant) IDs that QEMU uses. The dtb
cpu_suspend function ID happens to match the PSCI 0.2 cpu_off ID, so
the guest hangs after booting when the kernel tries to idle the CPU
and instead it gets turned off.
Instead of retaining an existing /psci node, delete it entirely
and replace it with a node whose properties match QEMU's PSCI
emulation behaviour. This matches the way we handle /memory nodes,
where we also delete any existing nodes and write in ones that
match the way QEMU is going to behave.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Cédric Le Goater <clg@kaod.org> Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-id: 20220127154639.2090164-17-peter.maydell@linaro.org