Implement execveat()
un-parent OBJECT(cpu) when closing thread
Revert fix for glibc >= 2.36 sys/mount.h
Fix/update strace
move target_flat.h to target subdirs
Fix SO_ERROR return code of getsockopt()
Fix /proc/cpuinfo output for hppa
Add emulation for MADV_WIPEONFORK and MADV_KEEPONFORK in madvise()
Implement SOL_ALG encryption support
linux-user: Allow sendmsg() without IOV
* tag 'linux-user-for-8.0-pull-request' of https://gitlab.com/laurent_vivier/qemu: (22 commits)
linux-user: Allow sendmsg() without IOV
linux-user: Implement SOL_ALG encryption support
linux-user: Enhance strace output for various syscalls
linux-user: Show 4th argument of rt_sigprocmask() in strace
linux-user: Add emulation for MADV_WIPEONFORK and MADV_KEEPONFORK in madvise()
linux-user: Improve strace output of personality() and sysinfo()
linux-user: Fix /proc/cpuinfo output for hppa
linux-user: Fix SO_ERROR return code of getsockopt()
linux-user: move target_flat.h to target subdirs
linux-user: Improve strace output of getgroups() and setgroups()
linux-user: Add strace output for clock_getres_time64() and futex_time64()
Revert "linux-user: fix compat with glibc >= 2.36 sys/mount.h"
Revert "linux-user: add more compat ioctl definitions"
linux-user: add more netlink protocol constants
linux-user: fix strace build w/out munlockall
linux-user: un-parent OBJECT(cpu) when closing thread
linux-user: Add missing MAP_HUGETLB and MAP_STACK flags in strace
linux-user/syscall: Implement execveat()
linux-user/syscall: Extract do_execve() from do_syscall1()
linux-user/strace: Add output for execveat() syscall
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'pull-monitor-2023-02-03-v2' of https://repo.or.cz/qemu/armbru: (35 commits)
monitor: Rename misc.c to hmp-target.c
monitor: Loosen coupling between misc.c and monitor.c slightly
monitor: Move remaining QMP stuff from misc.c to qmp-cmds.c
monitor: Move remaining HMP commands from misc.c to hmp-cmds.c
monitor: Move target-dependent HMP commands to hmp-cmds-target.c
monitor: Move monitor_putc() next to monitor_puts & external linkage
monitor: Split file descriptor passing stuff off misc.c
qdev: Move HMP command completion from monitor to softmmu/
acpi: Move the QMP command from monitor/ to hw/acpi/
stats: Move HMP commands from monitor/ to stats/
stats: Move QMP commands from monitor/ to stats/
runstate: Move HMP commands from monitor/ to softmmu/
tpm: Move HMP commands from monitor/ to softmmu/
virtio: Move HMP commands from monitor/ to hw/virtio/
migration: Move the QMP command from monitor/ to migration/
migration: Move HMP commands from monitor/ to migration/
net: Move hmp_info_network() to net-hmp-cmds.c
net: Move HMP commands from monitor to net/
hmp: Rewrite strlist_from_comma_list() as hmp_split_at_comma()
rocker: Move HMP commands from monitor to hw/net/rocker/
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
acpi: Move the QMP command from monitor/ to hw/acpi/
This moves the command from MAINTAINERS section "QMP" to section
"ACPI/SMBIOS)".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230124121946.1139465-25-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
This moves these commands from MAINTAINERS section "Human
Monitor (HMP)" to "TPM".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230124121946.1139465-21-armbru@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
virtio: Move HMP commands from monitor/ to hw/virtio/
This moves these commands from MAINTAINERS section "Human
Monitor (HMP)" to "virtio".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230124121946.1139465-20-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
migration: Move the QMP command from monitor/ to migration/
This moves the command from MAINTAINERS sections "Human Monitor (HMP)"
and "QMP" to "Migration".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230124121946.1139465-19-armbru@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com>
migration: Move HMP commands from monitor/ to migration/
This moves these commands from MAINTAINERS sections "Human
Monitor (HMP)" and "QMP" to "Migration".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230124121946.1139465-18-armbru@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com>
block: Factor out hmp_change_medium(), and move to block/monitor/
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230124121946.1139465-13-armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
This moves these commands from MAINTAINERS sections "Human
Monitor (HMP)" and "QMP" to "QOM".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230124121946.1139465-12-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
This moves these commands from MAINTAINERS sections "Human
Monitor (HMP)" and "QMP" to "Tracing".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230124121946.1139465-9-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
hmp: Rename help_cmd() to hmp_help_cmd(), move declaration to hmp.h
The next commit will move a caller of help_cmd() to a new file.
Including monitor/monitor-internal.h there just for help_cmd() feels
silly. Better to provide it in monitor/hmp.h suitably renamed.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230124121946.1139465-8-armbru@redhat.com>
readline: Extract readline_add_completion_of() from monitor
monitor/misc.h has static add_completion_option(). It's useful
elsewhere in the monitor. Since it's not monitor-specific, move it to
util/readline.c renamed to readline_add_completion_of(), and put it to
use.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230124121946.1139465-7-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230124121946.1139465-2-armbru@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Helge Deller [Mon, 12 Dec 2022 17:34:16 +0000 (18:34 +0100)]
linux-user: Allow sendmsg() without IOV
Applications do call sendmsg() without any IOV, e.g.:
sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0,
msg_control=[{cmsg_len=36, cmsg_level=SOL_ALG, cmsg_type=0x2}],
msg_controllen=40, msg_flags=0}, MSG_MORE) = 0
sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="The quick brown fox jumps over t"..., iov_len=183}],
msg_iovlen=1, msg_control=[{cmsg_len=20, cmsg_level=SOL_ALG, cmsg_type=0x3}],
msg_controllen=24, msg_flags=0}, 0) = 183
The function do_sendrecvmsg_locked() is used for sndmsg() and recvmsg()
and calls lock_iovec() to lock the IOV into memory. For the first
sendmsg() above it returns NULL and thus wrongly skips the call the host
sendmsg() syscall, which will break the calling application.
Fix this issue by:
- allowing sendmsg() even with empty IOV
- skip recvmsg() if IOV is NULL
- skip both if the return code of do_sendrecvmsg_locked() != 0, which
indicates some failure like EFAULT on the IOV
Tested with the debian "ell" package with hppa guest on x86_64 host.
Helge Deller [Tue, 13 Dec 2022 17:03:09 +0000 (18:03 +0100)]
linux-user: Add emulation for MADV_WIPEONFORK and MADV_KEEPONFORK in madvise()
Both parameters have a different value on the parisc platform, so first
translate the target value into a host value for usage in the native
madvise() syscall.
Those parameters are often used by security sensitive applications (e.g.
tor browser, boringssl, ...) which expect the call to return a proper
return code on failure, so return -EINVAL if qemu fails to forward the
syscall to the host OS.
While touching this code, enhance the comments about MADV_DONTNEED.
Tested with testcase of tor browser when running hppa-linux guest on
x86-64 host.
Helge Deller [Fri, 27 Jan 2023 20:10:49 +0000 (21:10 +0100)]
linux-user: Fix /proc/cpuinfo output for hppa
The hppa architectures provides an own output for the emulated
/proc/cpuinfo file.
Some userspace applications count (even if that's not the recommended
way) the number of lines which start with "processor:" and assume that
this number then reflects the number of online CPUs. Since those 3
architectures don't provide any such line, applications may assume "0"
CPUs. One such issue can be seen in debian bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024653
Avoid such issues by adding a "processor:" line for each of the online
CPUs.
Mike Frysinger [Sun, 29 Jan 2023 00:46:25 +0000 (19:46 -0500)]
linux-user: move target_flat.h to target subdirs
This makes target_flat.h behave like every other target_xxx.h header.
It also makes it actually work -- while the current header says adding
a header to the target subdir overrides the common one, it doesn't.
This is for two reasons:
* meson.build adds -Ilinux-user before -Ilinux-user/$arch
* the compiler search path for "target_flat.h" looks in the same dir
as the source file before searching -I paths.
This can be seen with the xtensa port -- the subdir settings aren't
used which breaks stack setup.
Move it to the generic/ subdir and add include stubs like every
other target_xxx.h header is handled.
Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230129004625.11228-1-vapier@gentoo.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
glibc has fixed (in 2.36.9000-40-g774058d729) the problem
that caused a clash when both sys/mount.h annd linux/mount.h
are included, and backported this to the 2.36 stable release
too:
It is saner for QEMU to remove the workaround it applied for
glibc 2.36 and expect distros to ship the 2.36 maint release
with the fix. This avoids needing to add a further workaround
to QEMU to deal with the fact that linux/brtfs.h now also pulls
in linux/mount.h via linux/fs.h since Linux 6.1
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230110174901.2580297-3-berrange@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
glibc has fixed (in 2.36.9000-40-g774058d729) the problem
that caused a clash when both sys/mount.h annd linux/mount.h
are included, and backported this to the 2.36 stable release
too:
It is saner for QEMU to remove the workaround it applied for
glibc 2.36 and expect distros to ship the 2.36 maint release
with the fix. This avoids needing to add a further workaround
to QEMU to deal with the fact that linux/brtfs.h now also pulls
in linux/mount.h via linux/fs.h since Linux 6.1
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230110174901.2580297-2-berrange@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
While forcing the CPU to unrealize by hand does trigger the clean-up
code we never fully free resources because refcount never reaches
zero. This is because QOM automatically added objects without an
explicit parent to /unattached/, incrementing the refcount.
Instead of manually triggering unrealization just unparent the object
and let the device machinery deal with that for us.
Peter Maydell [Fri, 3 Feb 2023 15:33:05 +0000 (15:33 +0000)]
Merge tag 'pull-target-arm-20230203' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* Fix physical address resolution for Stage2
* pl011: refactoring, implement reset method
* Support GICv3 with hvf acceleration
* sbsa-ref: remove cortex-a76 from list of supported cpus
* Correct syndrome for ATS12NSO* traps at Secure EL1
* Fix priority of HSTR_EL2 traps vs UNDEFs
* Implement FEAT_FGT for '-cpu max'
* tag 'pull-target-arm-20230203' of https://git.linaro.org/people/pmaydell/qemu-arm: (33 commits)
target/arm: Enable FEAT_FGT on '-cpu max'
target/arm: Implement MDCR_EL2.TDCC and MDCR_EL3.TDCC traps
target/arm: Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 traps
target/arm: Implement the HFGITR_EL2.ERET trap
target/arm: Mark up sysregs for HFGITR bits 48..63
target/arm: Mark up sysregs for HFGITR bits 18..47
target/arm: Mark up sysregs for HFGITR bits 12..17
target/arm: Mark up sysregs for HFGITR bits 0..11
target/arm: Mark up sysregs for HDFGRTR bits 12..63
target/arm: Mark up sysregs for HDFGRTR bits 0..11
target/arm: Mark up sysregs for HFGRTR bits 36..63
target/arm: Mark up sysregs for HFGRTR bits 24..35
target/arm: Mark up sysregs for HFGRTR bits 12..23
target/arm: Mark up sysregs for HFGRTR bits 0..11
target/arm: Implement FGT trapping infrastructure
target/arm: Define the FEAT_FGT registers
target/arm: Disable HSTR_EL2 traps if EL2 is not enabled
target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1
target/arm: All UNDEF-at-EL0 traps take priority over HSTR_EL2 traps
target/arm: Move do_coproc_insn() syndrome calculation earlier
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 30 Jan 2023 18:24:58 +0000 (18:24 +0000)]
target/arm: Implement MDCR_EL2.TDCC and MDCR_EL3.TDCC traps
FEAT_FGT also implements an extra trap bit in the MDCR_EL2 and
MDCR_EL3 registers: bit TDCC enables trapping of use of the Debug
Comms Channel registers OSDTRRX_EL1, OSDTRTX_EL1, MDCCSR_EL0,
MDCCINT_EL0, DBGDTR_EL0, DBGDTRRX_EL0 and DBGDTRTX_EL0 (and their
AArch32 equivalents). This trapping is independent of whether
fine-grained traps are enabled or not.
Implement these extra traps. (We don't implement DBGDTR_EL0,
DBGDTRRX_EL0 and DBGDTRTX_EL0.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-23-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-23-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:57 +0000 (18:24 +0000)]
target/arm: Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 traps
Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 fine-grained traps.
These trap execution of the SVC instruction from AArch32 and AArch64.
(As usual, AArch32 can only trap from EL0, as fine grained traps are
disabled with an AArch32 EL1.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-22-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-22-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:56 +0000 (18:24 +0000)]
target/arm: Implement the HFGITR_EL2.ERET trap
Implement the HFGITR_EL2.ERET fine-grained trap. This traps
execution from AArch64 EL1 of ERET, ERETAA and ERETAB. The trap is
reported with a syndrome value of 0x1a.
The trap must take precedence over a possible pointer-authentication
trap for ERETAA and ERETAB.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-21-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-21-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:55 +0000 (18:24 +0000)]
target/arm: Mark up sysregs for HFGITR bits 48..63
Mark up the sysreg definitions for the system instructions
trapped by HFGITR bits 48..63.
Some of these bits are for trapping instructions which are
not in the system instruction encoding (i.e. which are
not handled by the ARMCPRegInfo mechanism):
* ERET, ERETAA, ERETAB
* SVC
We will have to handle those separately and manually.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-20-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-20-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:54 +0000 (18:24 +0000)]
target/arm: Mark up sysregs for HFGITR bits 18..47
Mark up the sysreg definitions for the system instructions
trapped by HFGITR bits 18..47. These bits cover TLBI
TLB maintenance instructions.
(If we implemented FEAT_XS we would need to trap some of the
instructions added by that feature using these bits; but we don't
yet, so will need to add the .fgt markup when we do.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-19-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-19-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:49 +0000 (18:24 +0000)]
target/arm: Mark up sysregs for HFGRTR bits 36..63
Mark up the sysreg definitions for the registers trapped
by HFGRTR/HFGWTR bits 36..63.
Of these, some correspond to RAS registers which we implement as
always-UNDEF: these don't need any extra handling for FGT because the
UNDEF-to-EL1 always takes priority over any theoretical
FGT-trap-to-EL2.
Bit 50 (NACCDATA_EL1) is for the ACCDATA_EL1 register which is part
of the FEAT_LS64_ACCDATA feature which we don't yet implement.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-14-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-14-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:45 +0000 (18:24 +0000)]
target/arm: Implement FGT trapping infrastructure
Implement the machinery for fine-grained traps on normal sysregs.
Any sysreg with a fine-grained trap will set the new field to
indicate which FGT register bit it should trap on.
FGT traps only happen when an AArch64 EL2 enables them for
an AArch64 EL1. They therefore are only relevant for AArch32
cpregs when the cpreg can be accessed from EL0. The logic
in access_check_cp_reg() will check this, so it is safe to
add a .fgt marking to an ARM_CP_STATE_BOTH ARMCPRegInfo.
The DO_BIT and DO_REV_BIT macros define enum constants FGT_##bitname
which can be used to specify the FGT bit, eg
.fgt = FGT_AFSR0_EL1
(We assume that there is no bit name duplication across the FGT
registers, for brevity's sake.)
Subsequent commits will add the .fgt fields to the relevant register
definitions and define the FGT_nnn values for them.
Note that some of the FGT traps are for instructions that we don't
handle via the cpregs mechanisms (mostly these are instruction traps).
Those we will have to handle separately.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-10-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-10-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:44 +0000 (18:24 +0000)]
target/arm: Define the FEAT_FGT registers
Define the system registers which are provided by the
FEAT_FGT fine-grained trap architectural feature:
HFGRTR_EL2, HFGWTR_EL2, HDFGRTR_EL2, HDFGWTR_EL2, HFGITR_EL2
All these registers are a set of bit fields, where each bit is set
for a trap and clear to not trap on a particular system register
access. The R and W register pairs are for system registers,
allowing trapping to be done separately for reads and writes; the I
register is for system instructions where trapping is on instruction
execution.
The data storage in the CPU state struct is arranged as a set of
arrays rather than separate fields so that when we're looking up the
bits for a system register access we can just index into the array
rather than having to use a switch to select a named struct member.
The later FEAT_FGT2 will add extra elements to these arrays.
The field definitions for the new registers are in cpregs.h because
in practice the code that needs them is code that also needs
the cpregs information; cpu.h is included in a lot more files.
We're also going to add some FGT-specific definitions to cpregs.h
in the next commit.
We do not implement HAFGRTR_EL2, because we don't implement
FEAT_AMUv1.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-9-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-9-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:43 +0000 (18:24 +0000)]
target/arm: Disable HSTR_EL2 traps if EL2 is not enabled
The HSTR_EL2 register is not supposed to have an effect unless EL2 is
enabled in the current security state. We weren't checking for this,
which meant that if the guest set up the HSTR_EL2 register we would
incorrectly trap even for accesses from Secure EL0 and EL1.
Add the missing checks. (Other places where we look at HSTR_EL2
for the not-in-v8A bits TTEE and TJDBX are already checking that
we are in NS EL0 or EL1, so there we alredy know EL2 is enabled.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-8-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-8-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:42 +0000 (18:24 +0000)]
target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1
The semantics of HSTR_EL2 require that it traps cpreg accesses
to EL2 for:
* EL1 accesses
* EL0 accesses, if the access is not UNDEFINED when the
trap bit is 0
(You can see this in the I_ZFGJP priority ordering, where HSTR_EL2
traps from EL1 to EL2 are priority 12, UNDEFs are priority 13, and
HSTR_EL2 traps from EL0 are priority 15.)
However, we don't get this right for EL1 accesses which UNDEF because
the register doesn't exist at all or because its ri->access bits
non-configurably forbid the access. At EL1, check for the HSTR_EL2
trap early, before either of these UNDEF reasons.
We have to retain the HSTR_EL2 check in access_check_cp_reg(),
because at EL0 any kind of UNDEF-to-EL1 (including "no such
register", "bad ri->access" and "ri->accessfn returns 'trap to EL1'")
takes precedence over the trap to EL2. But we only need to do that
check for EL0 now.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230130182459.3309057-7-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-7-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:41 +0000 (18:24 +0000)]
target/arm: All UNDEF-at-EL0 traps take priority over HSTR_EL2 traps
The HSTR_EL2 register has a collection of trap bits which allow
trapping to EL2 for AArch32 EL0 or EL1 accesses to coprocessor
registers. The specification of these bits is that when the bit is
set we should trap
* EL1 accesses
* EL0 accesses, if the access is not UNDEFINED when the
trap bit is 0
In other words, all UNDEF traps from EL0 to EL1 take precedence over
the HSTR_EL2 trap to EL2. (Since this is all AArch32, the only kind
of trap-to-EL1 is the UNDEF.)
Our implementation doesn't quite get this right -- we check for traps
in the order:
* no such register
* ARMCPRegInfo::access bits
* HSTR_EL2 trap bits
* ARMCPRegInfo::accessfn
So UNDEFs that happen because of the access bits or because the
register doesn't exist at all correctly take priority over the
HSTR_EL2 trap, but where a register can UNDEF at EL0 because of the
accessfn we are incorrectly always taking the HSTR_EL2 trap. There
aren't many of these, but one example is the PMCR; if you look at the
access pseudocode for this register you can see that UNDEFs taken
because of the value of PMUSERENR.EN are checked before the HSTR_EL2
bit.
Rearrange helper_access_check_cp_reg() so that we always call the
accessfn, and use its return value if it indicates that the access
traps to EL0 rather than continuing to do the HSTR_EL2 check.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-6-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-6-peter.maydell@linaro.org
Rearrange the code in do_coproc_insn() so that we calculate the
syndrome value for a potential trap early; we're about to add a
second check that wants this value earlier than where it is currently
determined.
(Specifically, a trap to EL2 because of HSTR_EL2 should take
priority over an UNDEF to EL1, even when the UNDEF is because
the register does not exist at all or because its ri->access
bits non-configurably fail the access. So the check we put in
for HSTR_EL2 trapping at EL1 (which needs the syndrome) is
going to have to be done before the check "is the ARMCPRegInfo
pointer NULL".)
This commit is just code motion; the change to HSTR_EL2
handling that will use the 'syndrome' variable is in a
subsequent commit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-5-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-5-peter.maydell@linaro.org
We added the CPAccessResult values CP_ACCESS_TRAP_UNCATEGORIZED_EL2
and CP_ACCESS_TRAP_UNCATEGORIZED_EL3 purely in order to use them in
the ats_access() function, but doing so was incorrect (a bug fixed in
a previous commit). There aren't any cases where we want an access
function to be able to request a trap to EL2 or EL3 with a zero
syndrome value, so remove these enum values.
As well as cleaning up dead code, the motivation here is that
we'd like to implement fine-grained-trap handling in
helper_access_check_cp_reg(). Although the fine-grained traps
to EL2 are always lower priority than trap-to-same-EL and
higher priority than trap-to-EL3, they are in the middle of
various other kinds of trap-to-EL2. Knowing that a trap-to-EL2
must always for us have the same syndrome (ie that an access
function will return CP_ACCESS_TRAP_EL2 and there is no other
kind of trap-to-EL2 enum value) means we don't have to try
to choose which of the two syndrome values to report if the
access would trap to EL2 both for the fine-grained-trap and
because the access function requires it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-4-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-4-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:38 +0000 (18:24 +0000)]
target/arm: Correct syndrome for ATS12NSO* at Secure EL1
The AArch32 ATS12NSO* address translation operations are supposed to
trap to either EL2 or EL3 if they're executed at Secure EL1 (which
can only happen if EL3 is AArch64). We implement this, but we got
the syndrome value wrong: like other traps to EL2 or EL3 on an
AArch32 cpreg access, they should report the 0x3 syndrome, not the
0x0 'uncategorized' syndrome. This is clear in the access pseudocode
for these instructions.
Fix the syndrome value for these operations by correcting the
returned value from the ats_access() function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-3-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-3-peter.maydell@linaro.org
Peter Maydell [Mon, 30 Jan 2023 18:24:37 +0000 (18:24 +0000)]
target/arm: Name AT_S1E1RP and AT_S1E1WP cpregs correctly
The encodings 0,0,C7,C9,0 and 0,0,C7,C9,1 are AT SP1E1RP and AT
S1E1WP, but our ARMCPRegInfo definitions for them incorrectly name
them AT S1E1R and AT S1E1W (which are entirely different
instructions). Fix the names.
(This has no guest-visible effect as the names are for debug purposes
only.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com>
Message-id: 20230130182459.3309057-2-peter.maydell@linaro.org
Message-id: 20230127175507.2895013-2-peter.maydell@linaro.org
sbsa-ref: remove cortex-a76 from list of supported cpus
Cortex-A76 supports 40bits of address space. sbsa-ref's memory
starts above this limit.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230126114416.2447685-1-marcin.juszkiewicz@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alexander Graf [Fri, 23 Dec 2022 09:01:07 +0000 (10:01 +0100)]
hw/arm/virt: Make accels in GIC finalize logic explicit
Let's explicitly list out all accelerators that we support when trying to
determine the supported set of GIC versions. KVM was already separate, so
the only missing one is HVF which simply reuses all of TCG's emulation
code and thus has the same compatibility matrix.
Signed-off-by: Alexander Graf <agraf@csgraf.de> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Zenghui Yu <yuzenghui@huawei.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20221223090107.98888-3-agraf@csgraf.de
[PMM: Added qtest to the list of accelerators] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alexander Graf [Fri, 23 Dec 2022 09:01:06 +0000 (10:01 +0100)]
hw/arm/virt: Consolidate GIC finalize logic
Up to now, the finalize_gic_version() code open coded what is essentially
a support bitmap match between host/emulation environment and desired
target GIC type.
This open coding leads to undesirable side effects. For example, a VM with
KVM and -smp 10 will automatically choose GICv3 while the same command
line with TCG will stay on GICv2 and fail the launch.
This patch combines the TCG and KVM matching code paths by making
everything a 2 pass process. First, we determine which GIC versions the
current environment is able to support, then we go through a single
state machine to determine which target GIC mode that means for us.
After this patch, the only user noticable changes should be consolidated
error messages as well as TCG -M virt supporting -smp > 8 automatically.
Signed-off-by: Alexander Graf <agraf@csgraf.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Zenghui Yu <yuzenghui@huawei.com>
Message-id: 20221223090107.98888-2-agraf@csgraf.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alexander Graf [Sat, 28 Jan 2023 22:44:59 +0000 (23:44 +0100)]
hvf: arm: Add support for GICv3
We currently only support GICv2 emulation. To also support GICv3, we will
need to pass a few system registers into their respective handler functions.
This patch adds support for HVF to call into the TCG callbacks for GICv3
system register handlers. This is safe because the GICv3 TCG code is generic
as long as we limit ourselves to EL0 and EL1 - which are the only modes
supported by HVF.
To make sure nobody trips over that, we also annotate callbacks that don't
work in HVF mode, such as EL state change hooks.
With GICv3 support in place, we can run with more than 8 vCPUs.
Signed-off-by: Alexander Graf <agraf@csgraf.de>
Message-id: 20230128224459.70676-1-agraf@csgraf.de Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Evgeny Iakovlev [Mon, 23 Jan 2023 16:23:03 +0000 (17:23 +0100)]
hw/char/pl011: better handling of FIFO flags on LCR reset
Current FIFO handling code does not reset RXFE/RXFF flags when guest
resets FIFO by writing to UARTLCR register, although internal FIFO state
is reset to 0 read count. Actual guest-visible flag update will happen
only on next data read or write attempt. As a result of that any guest
that expects RXFE flag to be set (and RXFF to be cleared) after resetting
FIFO will never see that happen.
Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230123162304.26254-5-eiakovlev@linux.microsoft.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Evgeny Iakovlev [Mon, 23 Jan 2023 16:23:01 +0000 (17:23 +0100)]
hw/char/pl011: add post_load hook for backwards-compatibility
Previous change slightly modified the way we handle data writes when
FIFO is disabled. Previously we kept incrementing read_pos and were
storing data at that position, although we only have a
single-register-deep FIFO now. Then we changed it to always store data
at pos 0.
If guest disables FIFO and the proceeds to read data, it will work out
fine, because we still read from current read_pos before setting it to
0.
However, to make code less fragile, introduce a post_load hook for
PL011State and move fixup read FIFO state when FIFO is disabled. Since
we are introducing a post_load hook, also do some sanity checking on
untrusted incoming input state.
Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>
Message-id: 20230123162304.26254-3-eiakovlev@linux.microsoft.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Evgeny Iakovlev [Mon, 23 Jan 2023 16:23:00 +0000 (17:23 +0100)]
hw/char/pl011: refactor FIFO depth handling code
PL011 can be in either of 2 modes depending guest config: FIFO and
single register. The last mode could be viewed as a 1-element-deep FIFO.
Current code open-codes a bunch of depth-dependent logic. Refactor FIFO
depth handling code to isolate calculating current FIFO depth.
One functional (albeit guest-invisible) side-effect of this change is
that previously we would always increment s->read_pos in UARTDR read
handler even if FIFO was disabled, now we are limiting read_pos to not
exceed FIFO depth (read_pos itself is reset to 0 if user disables FIFO).
Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230123162304.26254-2-eiakovlev@linux.microsoft.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use the macro instead of two explicit string literals.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20230124232059.4017615-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 3 Feb 2023 12:43:10 +0000 (12:43 +0000)]
Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging
Block layer patches
- qemu-img info: Show protocol-level information
- Move more functions to coroutines
- Make coroutine annotations ready for static analysis
- qemu-img: Fix exit code for errors closing the image
- qcow2 bitmaps: Fix theoretical corruption in error path
- pflash: Only load non-zero parts of backend image to save memory
- Code cleanup and test case improvements
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin: (38 commits)
qemu-img: Change info key names for protocol nodes
qemu-img: Let info print block graph
iotests/106, 214, 308: Read only one size line
iotests: Filter child node information
block/qapi: Add indentation to bdrv_node_info_dump()
block/qapi: Introduce BlockGraphInfo
block/qapi: Let bdrv_query_image_info() recurse
qemu-img: Use BlockNodeInfo
block: Split BlockNodeInfo off of ImageInfo
block/vmdk: Change extent info type
block/file: Add file-specific image info
block: Improve empty format-specific info dump
block/nbd: Add missing <qemu/bswap.h> include
block: Rename bdrv_load/save_vmstate() to bdrv_co_load/save_vmstate()
block: Convert bdrv_debug_event() to co_wrapper_mixed
block: Convert bdrv_lock_medium() to co_wrapper
block: Convert bdrv_eject() to co_wrapper
block: Convert bdrv_get_info() to co_wrapper_mixed
block: Convert bdrv_get_allocated_file_size() to co_wrapper
block: use bdrv_co_refresh_total_sectors when possible
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 2 Feb 2023 18:00:40 +0000 (18:00 +0000)]
Merge tag 'pull-jan-omnibus-020223-1' of https://gitlab.com/stsquad/qemu into staging
Testing, docs, semihosting and plugin updates
- update playbooks for custom runners
- add section timing support to gitlab
- upgrade fedora images to 37
- purge perl from the build system and deps
- disable unstable tests in CI
- improve intro, emulation and semihosting docs
- semihosting bug fix and O_BINARY default
- add memory-sve test
- fix some races in qht
- improve plugin handling of memory helpers
- optimise plugin hooks
- fix some plugin deadlocks
- reduce win64-cross build time by dropping some targets
* tag 'pull-jan-omnibus-020223-1' of https://gitlab.com/stsquad/qemu: (36 commits)
gitlab: cut even more from cross-win64-system build
plugins: Iterate on cb_lists in qemu_plugin_user_exit
cpu-exec: assert that plugin_mem_cbs is NULL after execution
tcg: exclude non-memory effecting helpers from instrumentation
translator: always pair plugin_gen_insn_{start, end} calls
plugins: fix optimization in plugin_gen_disable_mem_helpers
plugins: make qemu_plugin_user_exit's locking order consistent with fork_start's
util/qht: use striped locks under TSAN
thread: de-const qemu_spin_destroy
util/qht: add missing atomic_set(hashes[i])
cpu: free cpu->tb_jmp_cache with RCU
tests/tcg: add memory-sve test for aarch64
semihosting: add O_BINARY flag in host_open for NT compatibility
semihosting: Write back semihosting data before completion callback
docs: add an introduction to the system docs
semihosting: add semihosting section to the docs
docs: add a new section to outline emulation support
docs: add hotlinks to about preface text
MAINTAINERS: Fix the entry for tests/tcg/nios2
gitlab: wrap up test results for custom runners
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit bd688fc931 "accel: introduce accelerator blocker API" aded
include/sysemu/accel-blocker.h and accel/accel-blocker.c. MAINTAINERS
covers the latter in section "Guest CPU Cores (other accelerators) /
Overall", but not the former. Fix that.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230119091545.3116376-3-armbru@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com>
Commit 0e9b5cd6b2 "migration: introduce UFFD-WP low-level interface
helpers" added util/userfaultfd.c without covering it in MAINTAINERS.
Add it to section "Migration".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230119091545.3116376-2-armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Juan Quintela <quintela@redhat.com>
Peter Maydell [Thu, 2 Feb 2023 13:42:56 +0000 (13:42 +0000)]
Merge tag 'pull-request-2023-01-31' of https://gitlab.com/thuth/qemu into staging
* qtest improvements
* Remove the deprecated OTP config of sifive_u
* Add libfdt to some of our CI jobs that were still missing it
* Use __builtin_bswap() everywhere (all compiler versions support it now)
* Deprecate the HAXM accelerator
* Document PCI devices handling on s390x
* Make Audiodev introspectable
* Improve the runtime of some CI jobs
* tag 'pull-request-2023-01-31' of https://gitlab.com/thuth/qemu: (27 commits)
gitlab-ci.d/buildtest: Merge the --without-default-* jobs
tests/qtest/display-vga-test: Add proper checks if a device is available
gitlab-ci.d/buildtest: Remove ppc-softmmu from the clang-system job
qapi, audio: Make introspection reflect build configuration more closely
qapi, audio: add query-audiodev command
docs/s390x/pcidevices: document pci devices on s390x
tests/qtest/boot-serial-test: Constify tests[] array
tests/qtest/vnc-display-test: Disable on Darwin
tests/qtest/vnc-display-test: Use the 'none' machine
tests/qtest/vnc-display-test: Suppress build warnings on Windows
tests/tcg: Do not build/run TCG tests if TCG is disabled
docs/about/deprecated: Mark HAXM in QEMU as deprecated
MAINTAINERS: Abort HAXM maintenance
qemu/bswap: Use compiler __builtin_bswap() on NetBSD
qemu/bswap: Use compiler __builtin_bswap() on FreeBSD
qemu/bswap: Use compiler __builtin_bswap() on Haiku
qemu/bswap: Remove <byteswap.h> dependency
qemu/bswap: Replace bswapXXs() by compiler __builtin_bswap()
qemu/bswap: Replace bswapXX() by compiler __builtin_bswap()
tests/docker/dockerfiles: Add libfdt to the i386 and to the riscv64 container
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Emilio Cota [Tue, 24 Jan 2023 18:01:25 +0000 (18:01 +0000)]
tcg: exclude non-memory effecting helpers from instrumentation
There are actually a whole bunch of helpers that don't affect memory
that we shouldn't instrument. They are helpfully identified by the
TCG_CALL_NO_SIDE_EFFECTS flag which marks out lookup_tb_ptr as well as
a lot of the maths helpers. To avoid the string compare we introduce a
new flag for plugin internals so we skip that too.
Related: #1381 Signed-off-by: Emilio Cota <cota@braap.org>
Message-Id: <20230108164731.61469-4-cota@braap.org>
[AJB: updated to skip all no SE plugins, add flag for plugin helper] Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230124180127.1881110-34-alex.bennee@linaro.org>
Emilio Cota [Tue, 24 Jan 2023 18:01:23 +0000 (18:01 +0000)]
plugins: fix optimization in plugin_gen_disable_mem_helpers
We were mistakenly checking tcg_ctx->plugin_insn as a canary to know
whether the TB had emitted helpers that might have accessed memory.
The problem is that tcg_ctx->plugin_insn gets updated on every
instruction in the TB, which results in us wrongly performing the
optimization (i.e. not clearing cpu->plugin_mem_cbs) way too often,
since it's not rare that the last instruction in the TB doesn't
use helpers.
projects / mirror_qemu.git / log