Peter Maydell [Tue, 13 Jul 2021 13:32:20 +0000 (14:32 +0100)]
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-07-09-v2' into staging
nbd patches for 2021-07-09
- enhance 'qemu-img map --output=json' to make it easier to duplicate
backing chain allocation patterns
- fix a race in the 'yank' QMP command in relation to NBD requests
* remotes/ericb/tags/pull-nbd-2021-07-09-v2:
nbd: register yank function earlier
qemu-img: Reword 'qemu-img map --output=json' docs
qemu-img: Make unallocated part of backing chain obvious in map
iotests: Improve and rename test 309 to nbd-qemu-allocation
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 12 Jul 2021 20:22:27 +0000 (21:22 +0100)]
Merge remote-tracking branch 'remotes/philmd/tags/sdmmc-20210712' into staging
SD/MMC patches queue
- sdcard: Check for valid address range in SEND_WRITE_PROT (CMD30)
# gpg: Signature made Mon 12 Jul 2021 11:28:13 BST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd/tags/sdmmc-20210712:
hw/sd/sdcard: Check for valid address range in SEND_WRITE_PROT (CMD30)
hw/sd/sdcard: Extract address_in_range() helper, log invalid accesses
hw/sd/sdcard: When card is in wrong state, log which state it is
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/cohuck-gitlab/tags/s390x-20210708:
target/s390x: split sysemu part of cpu models
target/s390x: move kvm files into kvm/
target/s390x: remove kvm-stub.c
target/s390x: use kvm_enabled() to wrap call to kvm_s390_get_hpage_1m
target/s390x: make helper.c sysemu-only
target/s390x: split cpu-dump from helper.c
target/s390x: move sysemu-only code out to cpu-sysemu.c
target/s390x: start moving TCG-only code to tcg/
target/s390x: rename internal.h to s390x-internal.h
target/s390x: remove tcg-stub.c
hw/s390x: only build tod-tcg from the CONFIG_TCG build
hw/s390x: tod: make explicit checks for accelerators when initializing
hw/s390x: rename tod-qemu.c to tod-tcg.c
target/s390x: meson: add target_user_arch
s390x/tcg: Fix m5 vs. m4 field for VECTOR MULTIPLY SUM LOGICAL
target/s390x: Fix CC set by CONVERT TO FIXED/LOGICAL
s390x/cpumodel: add 3931 and 3932
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Mon, 12 Jul 2021 15:57:10 +0000 (17:57 +0200)]
trace, lttng: require .pc files
The next version of lttng-libs will not require liburcu at run time anymore.
Therefore, it is expected that distros will not include the urcubp libraries
anymore when installing lttng-ust-devel.
To avoid future problems, just require pkg-config to detect lttng-ust.
The .pc files for lttng-ust correctly include liburcubp.a for static
builds, and have always done since pkg-config files were added in 2011.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20210712155710.520889-1-pbonzini@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Gerd Hoffmann [Tue, 1 Jun 2021 13:24:02 +0000 (15:24 +0200)]
qemu-trace-stap: changing SYSTEMTAP_TAPSET considered harmful.
Setting SYSTEMTAP_TAPSET to some value other than
/usr/share/systemtap/tapsets results in systemtap not finding the
standard tapset library any more, which in turn breaks tracing because
pid() and other standard systemtap functions are not available any more.
So using SYSTEMTAP_TAPSET to point systemtap to the qemu probes will
only work for the prefix=/usr installs because both qemu and system
tapsets in the same directory then. All other prefixes are broken.
Fix that by using the "-I $tapsetdir" command line switch instead.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20210601132414.432430-2-kraxel@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Eric Blake [Thu, 1 Jul 2021 19:06:55 +0000 (14:06 -0500)]
qemu-img: Make unallocated part of backing chain obvious in map
The recently-added NBD context qemu:allocation-depth is able to
distinguish between locally-present data (even when that data is
sparse) [shown as depth 1 over NBD], and data that could not be found
anywhere in the backing chain [shown as depth 0]; and the libnbd
project was recently patched to give the human-readable name "absent"
to an allocation-depth of 0. But qemu-img map --output=json predates
that addition, and has the unfortunate behavior that all portions of
the backing chain that resolve without finding a hit in any backing
layer report the same depth as the final backing layer. This makes it
harder to reconstruct a qcow2 backing chain using just 'qemu-img map'
output, especially when using "backing":null to artificially limit a
backing chain, because it is impossible to distinguish between a
QCOW2_CLUSTER_UNALLOCATED (which defers to a [missing] backing file)
and a QCOW2_CLUSTER_ZERO_PLAIN cluster (which would override any
backing file), since both types of clusters otherwise show as
"data":false,"zero":true" (but note that we can distinguish a
QCOW2_CLUSTER_ZERO_ALLOCATED, which would also have an "offset":
listing).
The task of reconstructing a qcow2 chain was made harder in commit 0da9856851 (nbd: server: Report holes for raw images), because prior
to that point, it was possible to abuse NBD's block status command to
see which portions of a qcow2 file resulted in BDRV_BLOCK_ALLOCATED
(showing up as NBD_STATE_ZERO in isolation) vs. missing from the chain
(showing up as NBD_STATE_ZERO|NBD_STATE_HOLE); but now qemu reports
more accurate sparseness information over NBD.
An obvious solution is to make 'qemu-img map --output=json' add an
additional "present":false designation to any cluster lacking an
allocation anywhere in the chain, without any change to the "depth"
parameter to avoid breaking existing clients. The iotests have
several examples where this distinction demonstrates the additional
accuracy.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210701190655.2131223-3-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
[eblake: fix more iotest fallout] Signed-off-by: Eric Blake <eblake@redhat.com>
Eric Blake [Thu, 1 Jul 2021 19:06:54 +0000 (14:06 -0500)]
iotests: Improve and rename test 309 to nbd-qemu-allocation
Enhance the test to inspect what qemu-nbd is advertising during
handshake, and rename it now that we support useful iotest names.
Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20210701190655.2131223-2-eblake@redhat.com>
Peter Maydell [Mon, 12 Jul 2021 14:58:16 +0000 (15:58 +0100)]
Merge remote-tracking branch 'remotes/philmd/tags/mips-20210711' into staging
MIPS patches queue
- Rename Raven ASIC PCI bridge, add PCI_IO_BASE_ADDR definition
- Various Toshiba TX79 opcodes implemented
- Rewrite UHI errno_mips() using switch statement
- Few fixes and improvements in the SONIC model (dp8393x)
# gpg: Signature made Sun 11 Jul 2021 22:12:49 BST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd/tags/mips-20210711:
dp8393x: don't force 32-bit register access
dp8393x: Rewrite dp8393x_get() / dp8393x_put()
dp8393x: Store CAM registers as 16-bit
dp8393x: Replace 0x40 magic value by SONIC_REG_COUNT definition
dp8393x: Replace address_space_rw(is_write=1) by address_space_write()
dp8393x: fix CAM descriptor entry index
target/mips: Rewrite UHI errno_mips() using switch statement
target/mips/tx79: Introduce SQ opcode (Store Quadword)
target/mips/tx79: Introduce LQ opcode (Load Quadword)
target/mips/tx79: Introduce PROT3W opcode (Parallel Rotate 3 Words)
target/mips/tx79: Introduce PPACW opcode (Parallel Pack to Word)
target/mips/tx79: Introduce PCGT* (Parallel Compare for Greater Than)
target/mips/tx79: Introduce PCEQ* opcodes (Parallel Compare for Equal)
target/mips/tx79: Introduce PEXTL[BHW] opcodes (Parallel Extend Lower)
target/mips/tx79: Introduce PEXTUW (Parallel Extend Upper from Word)
target/mips/tx79: Introduce PSUB* opcodes (Parallel Subtract)
target/mips/tx79: Introduce PAND/POR/PXOR/PNOR opcodes (parallel logic)
hw/pci-host/raven: Add PCI_IO_BASE_ADDR definition
hw/pci-host: Rename Raven ASIC PCI bridge as raven.c
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/sd/sdcard: Check for valid address range in SEND_WRITE_PROT (CMD30)
OSS-Fuzz found sending illegal addresses when querying the write
protection bits triggers an assertion:
qemu-fuzz-i386: hw/sd/sd.c:824: uint32_t sd_wpbits(SDState *, uint64_t): Assertion `wpnum < sd->wpgrps_size' failed.
==11578== ERROR: libFuzzer: deadly signal
#8 0x7ffff628e091 in __assert_fail
#9 0x5555588f1a3c in sd_wpbits hw/sd/sd.c:824:9
#10 0x5555588dd271 in sd_normal_command hw/sd/sd.c:1383:38
#11 0x5555588d777c in sd_do_command hw/sd/sd.c
#12 0x555558cb25a0 in sdbus_do_command hw/sd/core.c:100:16
#13 0x555558e02a9a in sdhci_send_command hw/sd/sdhci.c:337:12
#14 0x555558dffa46 in sdhci_write hw/sd/sdhci.c:1187:9
#15 0x5555598b9d76 in memory_region_write_accessor softmmu/memory.c:489:5
Similarly to commit 8573378e62d ("hw/sd: fix out-of-bounds check
for multi block reads"), check the address range before sending
the status of the write protection bits.
Include the qtest reproducer provided by Alexander Bulekov:
$ make check-qtest-i386
...
Running test qtest-i386/fuzz-sdcard-test
qemu-system-i386: ../hw/sd/sd.c:824: sd_wpbits: Assertion `wpnum < sd->wpgrps_size' failed.
Reported-by: OSS-Fuzz (Issue 29225)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/450 Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20210702155900.148665-4-f4bug@amsat.org>
Multiple commands have to check the address requested is valid.
Extract this code pattern as a new address_in_range() helper, and
log invalid accesses as guest errors.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210624142209.1193073-3-f4bug@amsat.org>
hw/sd/sdcard: When card is in wrong state, log which state it is
We report the card is in an inconsistent state, but don't precise
in which state it is. Add this information, as it is useful when
debugging problems.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210624142209.1193073-2-f4bug@amsat.org> Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Peter Maydell [Mon, 12 Jul 2021 10:02:38 +0000 (11:02 +0100)]
Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210710' into staging
Add translator_use_goto_tb.
Cleanups in prep of breakpoint fixes.
Misc fixes.
# gpg: Signature made Sat 10 Jul 2021 16:29:14 BST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth-gitlab/tags/pull-tcg-20210710: (41 commits)
cpu: Add breakpoint tracepoints
tcg: Remove TCG_TARGET_HAS_goto_ptr
accel/tcg: Log tb->cflags with -d exec
accel/tcg: Split out log_cpu_exec
accel/tcg: Move tb_lookup to cpu-exec.c
accel/tcg: Move helper_lookup_tb_ptr to cpu-exec.c
target/i386: Use cpu_breakpoint_test in breakpoint_handler
tcg: Fix prologue disassembly
target/xtensa: Use translator_use_goto_tb
target/tricore: Use tcg_gen_lookup_and_goto_ptr
target/tricore: Use translator_use_goto_tb
target/sparc: Use translator_use_goto_tb
target/sh4: Use translator_use_goto_tb
target/s390x: Remove use_exit_tb
target/s390x: Use translator_use_goto_tb
target/rx: Use translator_use_goto_tb
target/riscv: Use translator_use_goto_tb
target/ppc: Use translator_use_goto_tb
target/openrisc: Use translator_use_goto_tb
target/nios2: Use translator_use_goto_tb
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/bonzini-gitlab/tags/for-upstream: (48 commits)
meson: Use input/output for entitlements target
configure: allow the selection of alternate config in the build
configs: rename default-configs to configs and reorganise
hw/arm: move CONFIG_V7M out of default-devices
hw/arm: add dependency on OR_IRQ for XLNX_VERSAL
meson: Introduce target-specific Kconfig
meson: switch function tests from compilation to linking
vl: fix leak of qdict_crumple return value
target/i386: fix exceptions for MOV to DR
target/i386: Added DR6 and DR7 consistency checks
target/i386: Added MSRPM and IOPM size check
monitor/tcg: move tcg hmp commands to accel/tcg, register them dynamically
usb: build usb-host as module
monitor/usb: register 'info usbhost' dynamically
usb: drop usb_host_dev_is_scsi_storage hook
monitor: allow register hmp commands
accel: build tcg modular
accel: add tcg module annotations
accel: build qtest modular
accel: add qtest module annotations
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 3fe9a838ec "dp8393x: Always use 32-bit accesses" set .impl.min_access_size
and .impl.max_access_size to 4 to try and fix the Linux jazzsonic driver which uses
32-bit accesses.
The problem with forcing the register access to 32-bit in this way is that since the
dp8393x uses 16-bit registers, a manual endian swap is required for devices on big
endian machines with 32-bit accesses.
For both access sizes and machine endians the QEMU memory API can do the right thing
automatically: all that is needed is to set .impl.min_access_size to 2 to declare that
the dp8393x implements 16-bit registers.
Normally .impl.max_access_size should also be set to 2, however that doesn't quite
work in this case since the register stride is specified using a (dynamic) it_shift
property which is applied during the MMIO access itself. The effect of this is that
for a 32-bit access the memory API performs 2 x 16-bit accesses, but the use of
it_shift within the MMIO access itself causes the register value to be repeated in both
the top 16-bits and bottom 16-bits. The Linux jazzsonic driver expects the stride to be
zero-extended up to access size and therefore fails to correctly detect the dp8393x
device due to the extra data in the top 16-bits.
The solution here is to remove .impl.max_access_size so that the memory API will
correctly zero-extend the 16-bit registers to the access size up to and including
it_shift. Since it_shift is never greater than 2 than this will always do the right
thing for both 16-bit and 32-bit accesses regardless of the machine endian, allowing
the manual endian swap code to be removed.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Fixes: 3fe9a838ec ("dp8393x: Always use 32-bit accesses")
Message-Id: <20210705214929.17222-2-mark.cave-ayland@ilande.co.uk> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Finn Thain <fthain@linux-m68k.org> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Instead of accessing N registers via a single address_space API
call using a temporary buffer (stored in the device state) and
updating each register, move the address_space call in the
register put/get. The load/store and word size checks are moved
to put/get too. This simplifies a bit, making the code easier
to read.
Co-developed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Co-developed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Finn Thain <fthain@linux-m68k.org>
Message-Id: <20210710174954.2577195-8-f4bug@amsat.org>
The Content Addressable Memory (CAM) consists of sixteen
48-bit entries for complete address filtering of network
packets. Each entry corresponds to a 48-bit destination
address that is user programmable and can contain any
combination of Multicast or Physical addresses. Each entry
is partitioned into three 16-bit CAM cells accessible
through CAM Address Ports (CAP 2, CAP 1 and CAP 0) with
CAP0 corresponding to the least significant 16 bits of
the Destination Address and CAP2 corresponding to the
most significant bits.
Store the CAM registers as 16-bit as it simplifies the code.
Having now the CAM registers as arrays of 3 uint16_t, we can avoid
using the VMSTATE_BUFFER_UNSAFE macro by using VMSTATE_UINT16_2DARRAY
which is more appropriate. This breaks the migration stream however.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Finn Thain <fthain@linux-m68k.org>
Message-Id: <20210710174954.2577195-5-f4bug@amsat.org> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
dp8393x: Replace 0x40 magic value by SONIC_REG_COUNT definition
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Finn Thain <fthain@linux-m68k.org>
Message-Id: <20210710174954.2577195-3-f4bug@amsat.org> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
dp8393x: Replace address_space_rw(is_write=1) by address_space_write()
Replace address_space_rw(is_write=1) by address_space_write()
and remove pointless cast.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Finn Thain <fthain@linux-m68k.org>
Message-Id: <20210710174954.2577195-2-f4bug@amsat.org> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Mark Cave-Ayland [Fri, 25 Jun 2021 06:54:00 +0000 (07:54 +0100)]
dp8393x: fix CAM descriptor entry index
Currently when a LOAD CAM command is executed the entries are loaded into the
CAM from memory in order which is incorrect. According to the datasheet the
first entry in the CAM descriptor is the entry index which means that each
descriptor may update any single entry in the CAM rather than the Nth entry.
Decode the CAM entry index and use it store the descriptor in the appropriate
slot in the CAM. This fixes the issue where the MacOS toolbox loads a single
CAM descriptor into the final slot in order to perform a loopback test which
must succeed before the Ethernet port is enabled.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Finn Thain <fthain@linux-m68k.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210625065401.30170-10-mark.cave-ayland@ilande.co.uk> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
target/mips: Rewrite UHI errno_mips() using switch statement
Linking on Haiku OS fails:
/boot/system/develop/tools/bin/../lib/gcc/x86_64-unknown-haiku/8.3.0/../../../../x86_64-unknown-haiku/bin/ld:
error: libqemu-mips-softmmu.fa.p/target_mips_tcg_sysemu_mips-semi.c.o(.rodata) is too large (0xffff405a bytes)
/boot/system/develop/tools/bin/../lib/gcc/x86_64-unknown-haiku/8.3.0/../../../../x86_64-unknown-haiku/bin/ld:
final link failed: memory exhausted
collect2: error: ld returned 1 exit status
This is because the host_to_mips_errno[] uses errno as index,
for example:
Reported-by: Richard Zak <richard.j.zak@gmail.com> Suggested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210706130723.1178961-1-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210214175912.732946-27-f4bug@amsat.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Introduce the LQ opcode (Load Quadword) and remove unreachable code.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210214175912.732946-26-f4bug@amsat.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Introduce the PROT3W opcode (Parallel Rotate 3 Words).
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210214175912.732946-25-f4bug@amsat.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
target/mips/tx79: Introduce PPACW opcode (Parallel Pack to Word)
Introduce the PPACW opcode (Parallel Pack to Word).
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210214175912.732946-22-f4bug@amsat.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
target/mips/tx79: Introduce PCGT* (Parallel Compare for Greater Than)
Introduce the 'Parallel Compare for Greater Than' opcodes:
- PCGTB (Parallel Compare for Greater Than Byte)
- PCGTH (Parallel Compare for Greater Than Halfword)
- PCGTW (Parallel Compare for Greater Than Word)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210309145653.743937-15-f4bug@amsat.org>
target/mips/tx79: Introduce PCEQ* opcodes (Parallel Compare for Equal)
Introduce the 'Parallel Compare for Equal' opcodes:
- PCEQB (Parallel Compare for Equal Byte)
- PCEQH (Parallel Compare for Equal Halfword)
- PCEQW (Parallel Compare for Equal Word)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210309145653.743937-14-f4bug@amsat.org>
- PEXTLB (Parallel Extend Upper from Byte)
- PEXTLH (Parallel Extend Upper from Halfword)
- PEXTLW (Parallel Extend Upper from Word)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210309145653.743937-13-f4bug@amsat.org>
target/mips/tx79: Introduce PEXTUW (Parallel Extend Upper from Word)
Introduce the PEXTUW opcode (Parallel Extend Upper from Word).
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210309145653.743937-12-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <820210309145653.743937-11-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210214175912.732946-16-f4bug@amsat.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Rather than using the magic 0x80000000 number for the PCI I/O BAR
physical address on the main system bus, use a definition.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Acked-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20210417103028.601124-6-f4bug@amsat.org>
hw/pci-host: Rename Raven ASIC PCI bridge as raven.c
The ASIC PCI bridge chipset from Motorola is named 'Raven'.
This chipset is used in the PowerPC Reference Platform (PReP),
but not restricted to it. Rename it accordingly.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Acked-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20210417103028.601124-5-f4bug@amsat.org>
* remotes/vivier2/tags/trivial-branch-for-6.1-pull-request:
util/guest-random: Fix size arg to tail memcpy
migration: fix typo in mig_throttle_guest_down comment
target/xtensa/xtensa-semi: Fix compilation problem on Haiku
hw/virtio: Document *_should_notify() are called within rcu_read_lock()
misc: Remove redundant new line in perror()
virtiofsd: Add missing newline in error message
misc: Fix "havn't" typo
memory: Display MemoryRegion name in read/write ops trace events
qemu-option: Drop dead assertion
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sun, 11 Jul 2021 13:32:49 +0000 (14:32 +0100)]
Merge remote-tracking branch 'remotes/cminyard/tags/for-qemu-6.1-2' into staging
Some qemu updates for IPMI and I2C
Move some ADC file to where they belong and move some sensors to a
sensor directory, since with new BMCs coming in lots of different
sensors should be coming in. Keep from cluttering things up.
Add support for I2C PMBus devices.
Replace the confusing and error-prone i2c_send_recv and i2c_transfer with
specific send and receive functions. Several errors have already been
made with these, avoid any new errors.
Fix the watchdog_expired field in the IPMI watchdog, it's not a bool,
it's a u8. After a vmstate transfer, the new value could be wrong.
# gpg: Signature made Fri 09 Jul 2021 17:25:04 BST
# gpg: using RSA key FD0D5CE67CE0F59A6688268661F38C90919BFF81
# gpg: Good signature from "Corey Minyard <cminyard@mvista.com>" [unknown]
# gpg: aka "Corey Minyard <minyard@acm.org>" [unknown]
# gpg: aka "Corey Minyard <corey@minyard.net>" [unknown]
# gpg: aka "Corey Minyard <minyard@mvista.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FD0D 5CE6 7CE0 F59A 6688 2686 61F3 8C90 919B FF81
* remotes/cminyard/tags/for-qemu-6.1-2: (24 commits)
tests/qtest: add tests for MAX34451 device model
hw/misc: add MAX34451 device
tests/qtest: add tests for ADM1272 device model
hw/misc: add ADM1272 device
hw/i2c: add support for PMBus
ipmi/sim: fix watchdog_expired data type error in IPMIBmcSim struct
hw/i2c: Introduce i2c_start_recv() and i2c_start_send()
hw/i2c: Extract i2c_do_start_transfer() from i2c_start_transfer()
hw/i2c: Make i2c_start_transfer() direction argument a boolean
hw/i2c: Rename i2c_set_slave_address() -> i2c_slave_set_address()
hw/i2c: Remove confusing i2c_send_recv()
hw/misc/auxbus: Replace i2c_send_recv() by i2c_recv() & i2c_send()
hw/misc/auxbus: Replace 'is_write' boolean by its value
hw/misc/auxbus: Explode READ_I2C / WRITE_I2C_MOT cases
hw/misc/auxbus: Fix MOT/classic I2C mode
hw/i2c/ppc4xx_i2c: Replace i2c_send_recv() by i2c_recv() & i2c_send()
hw/i2c/ppc4xx_i2c: Add reference to datasheet
hw/display/sm501: Replace i2c_send_recv() by i2c_recv() & i2c_send()
hw/display/sm501: Simplify sm501_i2c_write() logic
hw/input/lm832x: Define TYPE_LM8323 in public header
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/pmaydell/tags/pull-target-arm-20210709:
hw/intc: Improve formatting of MEMTX_ERROR guest error message
target/arm: Correct the encoding of MDCCSR_EL0 and DBGDSCRint
hw/arm/stellaris: Expand comment about handling of OLED chipselect
hw/gpio/pl061: Document a shortcoming in our implementation
hw/gpio/pl061: Convert to 3-phase reset and assert GPIO lines correctly on reset
hw/arm/virt: Make PL061 GPIO lines pulled low, not high
hw/gpio/pl061: Make pullup/pulldown of outputs configurable
hw/gpio/pl061: Honour Luminary PL061 PUR and PDR registers
hw/gpio/pl061: Document the interface of this device
hw/gpio/pl061: Add tracepoints for register read and write
hw/gpio/pl061: Clean up read/write offset handling logic
hw/gpio/pl061: Convert DPRINTF to tracepoints
hw/intc/arm_gicv3_cpuif: Fix virtual irq number check in icv_[dir|eoir]_write
tests/boot-serial-test: Add STM32VLDISCOVERY board testcase
docs/system: arm: Add stm32 boards description
stm32vldiscovery: Add the STM32VLDISCOVERY Machine
stm32f100: Add the stm32f100 SoC
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sat, 10 Jul 2021 18:55:20 +0000 (19:55 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches
- Make blockdev-reopen stable
- Remove deprecated qemu-img backing file without format
- rbd: Convert to coroutines and add write zeroes support
- rbd: Updated MAINTAINERS
- export/fuse: Allow other users access to the export
- vhost-user: Fix backends without multiqueue support
- Fix drive-backup transaction endless drained section
# gpg: Signature made Fri 09 Jul 2021 13:49:22 BST
# gpg: using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg: issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream: (28 commits)
block: Make blockdev-reopen stable API
iotests: Test reopening multiple devices at the same time
block: Support multiple reopening with x-blockdev-reopen
block: Acquire AioContexts during bdrv_reopen_multiple()
block: Add bdrv_reopen_queue_free()
qcow2: Fix dangling pointer after reopen for 'file'
qemu-img: Improve error for rebase without backing format
qemu-img: Require -F with -b backing image
qcow2: Prohibit backing file changes in 'qemu-img amend'
blockdev: fix drive-backup transaction endless drained section
vhost-user: Fix backends without multiqueue support
MAINTAINERS: add block/rbd.c reviewer
block/rbd: fix type of task->complete
iotests/fuse-allow-other: Test allow-other
iotests/308: Test +w on read-only FUSE exports
export/fuse: Let permissions be adjustable
export/fuse: Give SET_ATTR_SIZE its own branch
export/fuse: Add allow-other option
export/fuse: Pass default_permissions for mount
util/uri: do not check argument of uri_free()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sat, 10 Jul 2021 15:06:24 +0000 (16:06 +0100)]
Merge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.1-20210709' into staging
ppc patch queue 2021-07-09
Here's a (probably) final pull request before the qemu-6.1 soft
freeze. Includes:
* Implementation of the new H_RPT_INVALIDATE hypercall
* Virtual Open Firmware for pSeries and pegasos2 machine types.
This is an experimental minimal Open Firmware implementation which
works by delegating nearly everything to qemu itself via a special
hypercall.
* A number of cleanups to the ppc soft MMU code
* Fix to handling of two-level radix mode translations for the
powernv machine type
* Update the H_GET_CPU_CHARACTERISTICS call with newly defined bits.
This will allow more flexible handling of possible future CPU
Spectre-like flaws
* Correctly treat mtmsrd as an illegal instruction on BookE cpus
* Firmware update for the ppce500 machine type
* remotes/dg-gitlab/tags/ppc-for-6.1-20210709: (33 commits)
target/ppc: Support for H_RPT_INVALIDATE hcall
linux-headers: Update
spapr: Fix implementation of Open Firmware client interface
target/ppc: Don't compile ppc_tlb_invalid_all without TCG
ppc/pegasos2: Implement some RTAS functions with VOF
ppc/pegasos2: Fix use of && instead of &
ppc/pegasos2: Use Virtual Open Firmware as firmware replacement
target/ppc/spapr: Update H_GET_CPU_CHARACTERISTICS L1D cache flush bits
target/ppc: Allow virtual hypervisor on CPU without HV
ppc/pegasos2: Introduce Pegasos2MachineState structure
target/ppc: mtmsrd is an illegal instruction on BookE
spapr: Implement Open Firmware client interface
docs/system: ppc: Update ppce500 documentation with eTSEC support
roms/u-boot: Bump ppce500 u-boot to v2021.07 to add eTSEC support
target/ppc: change ppc_hash32_xlate to use mmu_idx
target/ppc: introduce mmu-books.h
target/ppc: changed ppc_hash64_xlate to use mmu_idx
target/ppc: fix address translation bug for radix mmus
target/ppc: Fix compilation with DEBUG_BATS debug option
target/ppc: Fix compilation with FLUSH_ALL_TLBS debug option
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/i386: Use cpu_breakpoint_test in breakpoint_handler
The loop is performing a simple boolean test for the existence
of a BP_CPU breakpoint at EIP. Plus it gets the iteration wrong,
if we happen to have a BP_GDB breakpoint at the same address.
We have a function for this: cpu_breakpoint_test.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20210620062317.1399034-1-richard.henderson@linaro.org>
* remotes/ehabkost-gl/tags/machine-next-pull-request:
vfio: Disable only uncoordinated discards for VFIO_TYPE1 iommus
virtio-mem: Require only coordinated discards
softmmu/physmem: Extend ram_block_discard_(require|disable) by two discard types
softmmu/physmem: Don't use atomic operations in ram_block_discard_(disable|require)
vfio: Support for RamDiscardManager in the vIOMMU case
vfio: Sanity check maximum number of DMA mappings with RamDiscardManager
vfio: Query and store the maximum number of possible DMA mappings
vfio: Support for RamDiscardManager in the !vIOMMU case
virtio-mem: Implement RamDiscardManager interface
virtio-mem: Don't report errors when ram_block_discard_range() fails
virtio-mem: Factor out traversing unplugged ranges
memory: Helpers to copy/free a MemoryRegionSection
memory: Introduce RamDiscardManager for RAM memory regions
Deprecate pmem=on with non-DAX capable backend file
vmbus: Don't make QOM property registration conditional
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Olaf Hering <olaf@aepfle.de> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210708162159.18045-1-olaf@aepfle.de> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Thomas Huth [Tue, 6 Jul 2021 08:18:22 +0000 (10:18 +0200)]
target/xtensa/xtensa-semi: Fix compilation problem on Haiku
The errno numbers are very large on Haiku, so the linking currently
fails there with a "final link failed: memory exhausted" error
message. We should not use the errno number as array indexes here,
thus convert the code to a switch-case statement instead. A clever
compiler should be able to optimize this code in a similar way
anway.
Reported-by: Richard Zak <richard.j.zak@gmail.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Acked-by: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210706081822.1316551-1-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
We have not needed to end a TB for I/O since ba3e7926691
("icount: clean up cpu_can_io at the entry to the block").
In use_goto_tb, the check for singlestep_enabled is in the
generic translator_use_goto_tb. In s390x_tr_tb_stop, the
check for singlestep_enabled is in the preceding do_debug test.
Which leaves only FLAG_MASK_PER: fold that test alone into
the two callers of use_exit tb.
Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael Rolnik <mrolnik@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Single stepping is not the only reason not to use goto_tb.
If goto_tb is disallowed, and single-stepping is not enabled,
then use tcg_gen_lookup_and_goto_tb to indirectly chain.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
target/arm: Use translator_use_goto_tb for aarch64
We have not needed to end a TB for I/O since ba3e7926691
("icount: clean up cpu_can_io at the entry to the block"),
and gdbstub singlestep is handled by the generic function.
Drop the unused 'n' argument to use_goto_tb.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
We have not needed to end a TB for I/O since ba3e7926691
("icount: clean up cpu_can_io at the entry to the block").
We do not need to use exit_tb for singlestep, which only
means generate one insn per TB.
Which leaves only singlestep_enabled, which means raise a
debug trap after every TB, which does not use exit_tb,
which would leave the function mis-named.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Add a generic version of the common use_goto_tb test.
Various targets avoid the page crossing test for CONFIG_USER_ONLY,
but that is wrong: mmap and mprotect can change page permissions.
Reviewed-by: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
We can call do_tb_phys_invalidate from an iocontext, which has
no per-thread tcg_ctx. Move this to tb_ctx, which is global.
The actual update still takes place with a lock held, so only
an atomic set is required, not an atomic increment.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/457 Tested-by: Viktor Ashirov <vashirov@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The function is called only at tcg_gen_code() when duplicated TBs
are translated by different threads, and when the tcg_region_tree
is reset. Bake it into the underlying GTree as its value destroy
function to unite these situations.
Also remove tcg_region_tree_traverse() which now becomes useless.
Signed-off-by: Liren Wei <lrwei@bupt.edu.cn>
Message-Id: <8dc352f08d038c4e7a1f5f56962398cdc700c3aa.1625404483.git.lrwei@bupt.edu.cn>
[rth: Name the new tb_tc_cmp parameter correctly.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
accel/tcg: Hoist tcg_tb_insert() up above tb_link_page()
TranslationBlocks not inserted into the corresponding region
tree shall be regarded as partially initialized objects, and
needs to be finalized first before inserting into QHT.
therefore it is pointless to include "trace-tcg.h" in each target
(because it is not used). Remove it.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210629050935.2570721-1-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Alex Bennée [Wed, 7 Jul 2021 13:17:44 +0000 (14:17 +0100)]
configure: allow the selection of alternate config in the build
While the default config works well enough it does end up enabling a
lot of stuff. For more minimal builds we can select a different list
of devices and let Kconfig work out what we want. For example:
will override the aarch64-softmmu default set of devices with a more
minimal set of devices that just enables the virt and sbsa-ref models.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210707131744.26027-6-alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Alex Bennée [Wed, 7 Jul 2021 13:17:43 +0000 (14:17 +0100)]
configs: rename default-configs to configs and reorganise
In preparation for offering variation to our build configurations lets
move everything and rename it to default. Common included base configs
are also renamed.
During the cleanup the stale usb.mak and pci.mak references were
removed from MAINTAINERS.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Cc: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210707131744.26027-5-alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Alex Bennée [Wed, 7 Jul 2021 13:17:42 +0000 (14:17 +0100)]
hw/arm: move CONFIG_V7M out of default-devices
We currently select CONFIG_V7M for a bunch of our m-profile devices.
The last sticking point is translate.c which cannot be compiled
without expecting v7m support. Express this dependency in Kconfig
rather than in default devices as a stepping stone to a fully
configurable translate.c.
While we are at it we also need to select ARM_COMPATIBLE_SEMIHOSTING
as that is implied for M profile machines.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210707131744.26027-4-alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Alex Bennée [Wed, 7 Jul 2021 13:17:41 +0000 (14:17 +0100)]
hw/arm: add dependency on OR_IRQ for XLNX_VERSAL
We need this functionality due to:
/* XRAM IRQs get ORed into a single line. */
object_initialize_child(OBJECT(s), "xram-irq-orgate",
&s->lpd.xram.irq_orgate, TYPE_OR_IRQ);
Fixes: a55b441b2ca ("hw/arm: versal: Add support for the XRAMs") Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707131744.26027-3-alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
projects / mirror_qemu.git / log