Commit Graph

32921 Commits

Author SHA1 Message Date
Daniel Henrique Barboza 8d55f87688 hw/ppc: set machine->fdt in pegasos2_machine_reset()
We'll introduce a QMP/HMP command that requires machine->fdt to be set
properly.

Cc: BALATON Zoltan <balaton@eik.bme.hu>
Cc: qemu-ppc@nongnu.org
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220926173855.1159396-12-danielhb413@gmail.com>
2022-10-17 16:15:10 -03:00
Daniel Henrique Barboza 4b326f8985 hw/ppc: set machine->fdt in xilinx_load_device_tree()
This will enable support for 'dumpdtb' QMP/HMP command for the
virtex_ml507 machine.

Setting machine->fdt requires a MachineState pointer to be used inside
xilinx_load_device_tree(). Let's change the function to receive this
pointer from the caller. kernel_cmdline' can be retrieved directly from
the 'machine' pointer. 'ramsize' wasn't being used so can be removed.

Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220926173855.1159396-11-danielhb413@gmail.com>
2022-10-17 16:15:10 -03:00
Daniel Henrique Barboza 698af4cb35 hw/ppc: set machine->fdt in sam460ex_load_device_tree()
This will enable support for 'dumpdtb' QMP/HMP command for the sam460ex
machine.

Setting machine->fdt requires a MachineState pointer to be used inside
sam460ex_load_device_tree(). Let's change the function to receive this
pointer from the caller. 'ramsize' and 'kernel_cmdline' can be retrieved
directly from the 'machine' pointer.

Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220926173855.1159396-10-danielhb413@gmail.com>
2022-10-17 16:15:10 -03:00
Daniel Henrique Barboza 8d42c851ed hw/ppc: set machine->fdt in bamboo_load_device_tree()
This will enable support for 'dumpdtb' QMP/HMP command for the bamboo
machine.

Setting machine->fdt requires a MachineState pointer to be used inside
bamboo_load_device_tree(). Let's change the function to receive this
pointer from the caller. 'ramsize' and 'kernel_cmdline' can be retrieved
directly from the 'machine' pointer.

Cc: Cédric Le Goater <clg@kaod.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220926173855.1159396-9-danielhb413@gmail.com>
2022-10-17 16:15:10 -03:00
Daniel Henrique Barboza 610cba317c hw/nios2: set machine->fdt in nios2_load_dtb()
This will enable support for 'dumpdtb' QMP/HMP command for all nios2
machines that uses nios2_load_dtb().

Cc: Chris Wulff <crwulff@gmail.com>
Cc: Marek Vasut <marex@denx.de>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220926173855.1159396-7-danielhb413@gmail.com>
2022-10-17 16:15:10 -03:00
Peter Maydell 0a3364043d hw/ppc/spapr_pci.c: Use device_cold_reset() rather than device_legacy_reset()
In spapr_phb_children_reset() we call device_legacy_reset() to reset any
QOM children of the SPAPR PCI host bridge device. This will not reset
any qbus such a child might own. Switch to device_cold_reset(), which will
reset both the device and its buses. (If the child has no qbuses then
there will be no change in behaviour.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20221014142841.2092784-1-peter.maydell@linaro.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:10 -03:00
Bernhard Beschow 9f6621bd16 hw/ppc/e500: Remove if statement which is now always true
Now that the MPC8544DS board also has a platform bus, the if statement
is always true.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20221003203142.24355-8-shentey@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
Bernhard Beschow 47a0b1dff7 hw/ppc/mpc8544ds: Add platform bus
Models the real device more closely.

Address and size values are taken from mpc8544.dts from the linux-5.17.7
tree. The IRQ range is taken from e500plat.c.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20221003203142.24355-7-shentey@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
Bernhard Beschow 35ad5b7492 hw/ppc/mpc8544ds: Rename wrongly named method
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20221003203142.24355-6-shentey@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
Bernhard Beschow bacb4eb876 hw/ppc/e500: Reduce usage of sysbus API
PlatformBusDevice has an mmio attribute which gets aliased to
SysBusDevice::mmio[0]. So PlatformbusDevice::mmio can be used directly,
avoiding the sysbus API.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20221003203142.24355-5-shentey@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
Bernhard Beschow 2c860abfb6 hw/gpio/meson: Introduce dedicated config switch for hw/gpio/mpc8xxx
Having a dedicated config switch makes dependency handling cleaner.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20221003203142.24355-3-shentey@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
Bernhard Beschow 8cf7b3277d hw/ppc/meson: Allow e500 boards to be enabled separately
Gives users more fine-grained control over what should be compiled into
QEMU.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20221003203142.24355-2-shentey@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan eb0b242d36 ppc440_uc.c: Remove unneeded parenthesis
Remove unneeded parenthesis around case labels.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <19db326bea989c03e08f2853f789315bbe806fe9.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 2196d337c5 ppc440_uc.c: Move some macros to ppc4xx.h
These are used by both the SDRAM controller model and system DCRs. In
preparation to move SDRAM controller in its own file move these macros
to the ppc4xx.h header.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <74d9bf4891e2ccceb52bb6ca6b54fd3f37a9fb04.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 5f7effe4df ppc440_sdram: QOM'ify
Change the ppc440_sdram model to a QOM class derived from the
PPC4xx-dcr-device and name it ppc4xx-sdram-ddr2. This is mostly
modelling the DDR2 SDRAM controller found in the 460EX (used on the
sam460ex board). Newer SoCs (regardless of their PPC core, e.g. 405EX)
may have this controller but we only emulate enough of it for the
sam460ex u-boot firmware.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <3e82ae575c7c41e464a0082d55ecb4ebcc4d4329.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan ef10aebb9a ppc440_sdram: Move RAM size check to ppc440_sdram_init
Move the check for valid memory sizes from board to sdram controller
init. This adds the missing valid memory sizes of 16 and 8 MiB to the
DoC and the board now only checks for additional restrictions imposed
by its firmware then sdram init checks for valid sizes for SoC.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <41da3797392acaacc7963b79512c8af8005fa4b0.1664021647.git.balaton@eik.bme.hu>
[danielhb: avoid 4*GiB size due to 32 bit build problems]
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 1e545fbc88 ppc4xx_sdram: Rename functions to prevent name clashes
Rename functions to avoid name clashes when moving the DDR2 controller
model currently called ppc440_sdram to ppc4xx_devs. This also more
clearly shows which function belongs to which model.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <9c09d10fbf36940ebbe30d7038d69cf3f2e58371.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 3db19f124a ppc440_sdram: Rename local variable for readability
Rename local sdram variable in ppc440_sdram_init to s for readability.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <7351b80fa321c32a6229e685dfdc940232f8b788.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 03f7041bfd ppc440_sdram: Get rid of the init RAM hack
Remove the do_init parameter of ppc440_sdram_init and enable SDRAM
controller from the board. Firmware does this so it may only be needed
when booting with -kernel without firmware but we enable SDRAM
unconditionally to preserve previous behaviour.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <c2eda8f83c82f655aa7821a5a8c9310484bd6a1d.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan ea74acee98 ppc440_sdram: Implement enable bit in the DDR2 SDRAM controller
To allow removing the do_init hack we need to improve the DDR2 SDRAM
controller model to handle the enable/disable bit that it ignored so
far.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <f8900aadb1a4426a6444741e6876c898b3b77f7b.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 17221012b1 ppc440_sdram: Split off map/unmap of sdram banks for later reuse
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <23560b6a71682d513f3dd8e9ed3852f51d5eb309.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 052ae5dcc0 ppc4xx_sdram: Drop extra zeros for readability
Constants that are written zero padded for no good reason are hard to
read, it's easier to see what is meant if it's just 0 or 1 instead.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <93974622c3d398c7d3a3488b678b74c3807849de.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 4fc30e153a ppc4xx_sdram: QOM'ify
Change the ppc4xx_sdram model to a QOM class derived from the
PPC4xx-dcr-device and name it ppc4xx-sdram-ddr. This is mostly
modelling the DDR SDRAM controller found in the 440EP (used on the
bamboo board) but also backward compatible with the older DDR
controllers on some 405 SoCs so we also use it for those now. This
likely does not cause problems for guests we run as the new features
are just not accessed but to model 405 SoC accurately some features
may have to be disabled or the model split between 440 and older.

Newer SoCs (regardless of their PPC core, e.g. 405EX) may have an
updated DDR2 SDRAM controller implemented by the ppc440_sdram model
(only partially, enough for the 460EX on the sam460ex) that is not yet
QOM'ified in this patch. That is intended to become ppc4xx-sdram-ddr2
when QOM'ified later.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <8f820487fc9011343032c422ecdf3e8ee74d8c11.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 0aedcc8a8d ppc4xx_sdram: Move size check to ppc4xx_sdram_init()
Instead of checking if memory size is valid in board code move this
check to ppc4xx_sdram_init() as this is a restriction imposed by the
SDRAM controller.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <39e5129dd095b285676a6267c5753786da1bc30d.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 2cdfa6ef5c ppc440_bamboo: Add missing 4 MiB valid memory size
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <05836e38be84729c1c6b5b609e7aa2ea60435033.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 734c44ea13 ppc4xx: Use Ppc4xxSdramBank in ppc4xx_sdram_banks()
Change ppc4xx_sdram_banks() to take one Ppc4xxSdramBank array instead
of the separate arrays and adjust ppc4xx_sdram_init() and
ppc440_sdram_init() accordingly as well as machines using these.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <e3a1fea51f29779fd6a61be90a29c684f3299544.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 68b9a2e38d ppc4xx_sdram: Get rid of the init RAM hack
The do_init parameter of ppc4xx_sdram_init() is used to map memory
regions that is normally done by the firmware by programming the SDRAM
controller. Do this from board code emulating what firmware would do
when booting a kernel directly from -kernel without a firmware so we
can get rid of this do_init hack.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <d6c44c870befa1a075e21f1a59926dcdaff63f6b.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 8626982301 ppc4xx: Introduce Ppc4xxSdramBank struct
Instead of storing sdram bank parameters in unrelated arrays put them
in a struct so it's clear they belong to the same bank and simplify
the state struct using this bank type.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <5eb82d0424c584b2b9e6f7bc51560f8189ed21bb.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
BALATON Zoltan 1049ff55fe ppc440_bamboo: Remove unnecessary memsets
In ppc4xx_sdram_init() the struct is allocated with g_new0() so no
need to clear its elements. In the bamboo machine init memset can be
replaced with array initialiser which is shorter.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <529adc7705fb3e3e777439895bdaa136bacb9403.1664021647.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-10-17 16:15:09 -03:00
Xiaojuan Yang 5ef4a4af8b
hw/intc: Fix LoongArch ipi device emulation
In ipi_send function, it should not to set irq before
writing data to dest cpu iocsr space, as the irq will
trigger after data writing.
When call this function 'address_space_stl()', it will
trigger loongarch_ipi_writel(), the addr arg is 0x1008
('CORE_SET_OFF'), and qemu_irq_raise will be called in
this case.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220930095139.867115-3-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-10-17 10:28:35 +08:00
Jim Shu 1aae4a12da hw/intc: sifive_plic: change interrupt priority register to WARL field
PLIC spec [1] requires interrupt source priority registers are WARL
field and the number of supported priority is power-of-2 to simplify SW
discovery.

Existing QEMU RISC-V machine (e.g. shakti_c) don't strictly follow PLIC
spec, whose number of supported priority is not power-of-2. Just change
each bit of interrupt priority register to WARL field when the number of
supported priority is power-of-2.

[1] https://github.com/riscv/riscv-plic-spec/blob/master/riscv-plic.adoc#interrupt-priorities

Signed-off-by: Jim Shu <jim.shu@sifive.com>
Reviewed-by: Clément Chigot <chigot@adacore.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20221003041440.2320-3-jim.shu@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-10-14 14:29:50 +10:00
Jim Shu 55144a1fd0 hw/intc: sifive_plic: fix hard-coded max priority level
The maximum priority level is hard-coded when writing to interrupt
priority register. However, when writing to priority threshold register,
the maximum priority level is from num_priorities Property which is
configured by platform.

Also change interrupt priority register to use num_priorities Property
in maximum priority level.

Signed-off-by: Emmanuel Blot <emmanuel.blot@sifive.com>
Signed-off-by: Jim Shu <jim.shu@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20221003041440.2320-2-jim.shu@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-10-14 14:29:50 +10:00
Sunil V L a5b0249dfe hw/riscv: virt: Enable booting S-mode firmware from pflash
To boot S-mode firmware payload like EDK2 from persistent
flash storage, qemu needs to pass the flash address as the
next_addr in fw_dynamic_info to the opensbi.

When both -kernel and -pflash options are provided in command line,
the kernel (and initrd if -initrd) will be copied to fw_cfg table.
The S-mode FW will load the kernel/initrd from fw_cfg table.

If only pflash is given but not -kernel, then it is the job of
of the S-mode firmware to locate and load the kernel.

In either case, update the kernel_entry with the flash address
so that the opensbi can jump to the entry point of the S-mode
firmware.

Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20221004092351.18209-4-sunilvl@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-10-14 14:29:50 +10:00
Sunil V L 90e26984ee hw/riscv: virt: Move create_fw_cfg() prior to loading kernel
To enable both -kernel and -pflash options, the fw_cfg needs to be
created prior to loading the kernel.

Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20221004092351.18209-3-sunilvl@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-10-14 14:29:50 +10:00
Sunil V L 785a7383dd hw/arm, loongarch: Move load_image_to_fw_cfg() to common location
load_image_to_fw_cfg() is duplicated by both arm and loongarch. The same
function will be required by riscv too. So, it's time to refactor and
move this function to a common path.

Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20221004092351.18209-2-sunilvl@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-10-14 14:29:50 +10:00
Wilfred Mallawa 6c1876958b hw/ssi: ibex_spi: fixup/add rw1c functionality
This patch adds the `rw1c` functionality to the respective
registers. The status fields are cleared when the respective
field is set.

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220930033241.206581-3-wilfred.mallawa@opensource.wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-10-14 14:29:50 +10:00
Wilfred Mallawa ff3809ef34 hw/ssi: ibex_spi: fixup coverity issue
This patch addresses the coverity issues specified in [1],
as suggested, `FIELD_DP32()`/`FIELD_EX32()` macros have been
implemented to clean up the code.

[1] https://www.mail-archive.com/qemu-devel@nongnu.org/msg887713.html

Fixes: Coverity CID 1488107

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-Id: <20220930033241.206581-2-wilfred.mallawa@opensource.wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-10-14 14:29:50 +10:00
Bin Meng 838f717b22 hw/riscv: Update comment for qtest check in riscv_find_firmware()
Since commit 4211fc5532 ("roms/opensbi: Remove ELF images"), the
comment for qtest check in riscv_find_firmware() is out of date.
Update it to reflect the latest status.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <BN7PR08MB435525C92550BAC5467BE672BF219@BN7PR08MB4355.namprd08.prod.outlook.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-10-14 14:29:50 +10:00
Venu Busireddy 8cc5583abe virtio-scsi: Send "REPORTED LUNS CHANGED" sense data upon disk hotplug events
Section 5.6.6.3 of VirtIO specification states, "Events will also
be reported via sense codes..." However, no sense data is sent when
VIRTIO_SCSI_EVT_RESET_RESCAN or VIRTIO_SCSI_EVT_RESET_REMOVED events
are reported (when disk hotplug/hotunplug events occur). SCSI layer
on Solaris depends on this sense data, and hence does not handle disk
hotplug/hotunplug events.

When the disk inventory changes, use the bus unit attention mechanism
to return a CHECK_CONDITION status with sense data of 0x06/0x3F/0x0E
(sense code REPORTED_LUNS_CHANGED).  The first device on the bus to
execute a command successfully will report and consume the unit
attention status.

Signed-off-by: Venu Busireddy <venu.busireddy@oracle.com>
Message-Id: <20221006194946.24134-1-venu.busireddy@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-13 23:38:33 +02:00
Stefan Hajnoczi 2ba341b369 pci: cleanup virtio ids.
audio: bugfixes and latency improvements.
 misc fixes for hw/display and ui
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmNHtYsACgkQTLbY7tPo
 cTjHhg//RDkHbqVSExe+Odw5ISuLu/EXZSHAVjo3KOCUvaj7O2cXi8N7DVfEy5a5
 T3+WSv0v4X6TYSV0PoMb36a11rCuOKzeLZrtEOQeYfG3D1WCVc9gIWMt6omzBC7A
 YQ59P+u19qHD7xD2PP3WRtdcqmsceg1RG+47adX2EnsRZmmu/yJxD72w/Q1kXMuB
 jIzuJU2ZVorYX9y11hnIU3M5pvoX/vjFA+Ib2UGZZdlE3KlUKtJeAtLiZkHfoyd1
 5janU+PtSU6Z1yVirE7RVz3+IBbfqqEFTkDtMXJucJW/Eod0NHCyo4Q6D64HoiZe
 +JZKkHmuvn8ZUgXMtIOZdH+aOHlaIJzA5SoA2IFxCBVuxn7p4NtPbCRoHHg7gkDh
 BDsq+p/wsdOY06u1txFw9dYy+4tKvWS7+Dxhyme7GT2YUQHrEEG3pzGFmk3PE0Vi
 tEAhmfNRxWzUgIcynQiN/3SnShAI8lANq0SEiiTvqcX7h1TK+cjEYjOTMsjK43nL
 2W/pgQxJpEPcSs3jgFLnBLk9rUHRNRC+GtMBlwN+Wdc1y17leZHiIinqhHjXuts3
 cJTdv4veeGuJENPIl2rk5JOdvpVtzduDkz+Rzx0mGb+LnAYdK2lBUV5LY9FfdwaK
 2Bgg02ZYNBz7K2zzFeeV+7b7K/LYOuWkGdzGvKbpqjbefopZmTM=
 =6d/F
 -----END PGP SIGNATURE-----

Merge tag 'kraxel-20221013-pull-request' of https://gitlab.com/kraxel/qemu into staging

pci: cleanup virtio ids.
audio: bugfixes and latency improvements.
misc fixes for hw/display and ui

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmNHtYsACgkQTLbY7tPo
# cTjHhg//RDkHbqVSExe+Odw5ISuLu/EXZSHAVjo3KOCUvaj7O2cXi8N7DVfEy5a5
# T3+WSv0v4X6TYSV0PoMb36a11rCuOKzeLZrtEOQeYfG3D1WCVc9gIWMt6omzBC7A
# YQ59P+u19qHD7xD2PP3WRtdcqmsceg1RG+47adX2EnsRZmmu/yJxD72w/Q1kXMuB
# jIzuJU2ZVorYX9y11hnIU3M5pvoX/vjFA+Ib2UGZZdlE3KlUKtJeAtLiZkHfoyd1
# 5janU+PtSU6Z1yVirE7RVz3+IBbfqqEFTkDtMXJucJW/Eod0NHCyo4Q6D64HoiZe
# +JZKkHmuvn8ZUgXMtIOZdH+aOHlaIJzA5SoA2IFxCBVuxn7p4NtPbCRoHHg7gkDh
# BDsq+p/wsdOY06u1txFw9dYy+4tKvWS7+Dxhyme7GT2YUQHrEEG3pzGFmk3PE0Vi
# tEAhmfNRxWzUgIcynQiN/3SnShAI8lANq0SEiiTvqcX7h1TK+cjEYjOTMsjK43nL
# 2W/pgQxJpEPcSs3jgFLnBLk9rUHRNRC+GtMBlwN+Wdc1y17leZHiIinqhHjXuts3
# cJTdv4veeGuJENPIl2rk5JOdvpVtzduDkz+Rzx0mGb+LnAYdK2lBUV5LY9FfdwaK
# 2Bgg02ZYNBz7K2zzFeeV+7b7K/LYOuWkGdzGvKbpqjbefopZmTM=
# =6d/F
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 13 Oct 2022 02:51:55 EDT
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* tag 'kraxel-20221013-pull-request' of https://gitlab.com/kraxel/qemu: (26 commits)
  audio: improve out.voices test
  audio: fix in.voices test
  gtk: Add show_menubar=on|off command line option.
  qemu-edid: Restrict input parameter -d to avoid division by zero
  ui/gtk: Fix the implicit mouse ungrabbing logic
  pci-ids: document modern virtio-pci ids in pci.h too
  pci-ids: drop list of modern virtio devices
  pci-ids: drop PCI_DEVICE_ID_VIRTIO_PMEM
  pci-ids: drop PCI_DEVICE_ID_VIRTIO_MEM
  pci-ids: drop PCI_DEVICE_ID_VIRTIO_IOMMU
  docs: add firmware feature flags
  cirrus_vga: fix potential memory overflow
  ui/gtk-egl: egl context needs to be unbound in the end of gd_egl_switch
  ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext
  audio: prevent an integer overflow in resampling code
  audio: fix sw->buf size for audio recording
  audio: refactor audio_get_avail()
  audio: rename audio_sw_bytes_free()
  audio: swap audio_rate_get_bytes() function parameters
  spiceaudio: update comment
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-10-13 13:55:53 -04:00
Stefan Hajnoczi bb76f8e275 * scsi-disk: support setting CD-ROM block size via device options
* target/i386: Implement MSR_CORE_THREAD_COUNT MSR
 * target/i386: notify VM exit support
 * target/i386: PC-relative translation block support
 * target/i386: support for XSAVE state in signal frames (linux-user)
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmNFKP4UHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroNJnwgAgCcOOxmY4Qem0Gd1L+SJKpEtGMOd
 4LY7443vT36pMpvqFNSfp5GBjDT1MgTD8BIY28miLMq959LT89LyM9g/H7IKOT82
 uyCsW3jW+6F19EZVkNvzTt+3USn/kaHn50zA4Ss9kvdNZr31b2LYqtglVCznfZwH
 oI1rDhvsXubq8oWvwkqH7IwduK8mw+EB5Yz7AjYQ6eiYjenTrQBObpwQNbb4rlUf
 oRm8dk/YJ2gfI2HQkoznGEbgpngy2tIU1vHNEpIk5NpwXxrulOyui3+sWaG4pH8f
 oAOrSDC23M5A6jBJJAzDJ1q6M677U/kwJypyGQ7IyvyhECXE3tR+lHX1eA==
 =tqeJ
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* scsi-disk: support setting CD-ROM block size via device options
* target/i386: Implement MSR_CORE_THREAD_COUNT MSR
* target/i386: notify VM exit support
* target/i386: PC-relative translation block support
* target/i386: support for XSAVE state in signal frames (linux-user)

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmNFKP4UHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNJnwgAgCcOOxmY4Qem0Gd1L+SJKpEtGMOd
# 4LY7443vT36pMpvqFNSfp5GBjDT1MgTD8BIY28miLMq959LT89LyM9g/H7IKOT82
# uyCsW3jW+6F19EZVkNvzTt+3USn/kaHn50zA4Ss9kvdNZr31b2LYqtglVCznfZwH
# oI1rDhvsXubq8oWvwkqH7IwduK8mw+EB5Yz7AjYQ6eiYjenTrQBObpwQNbb4rlUf
# oRm8dk/YJ2gfI2HQkoznGEbgpngy2tIU1vHNEpIk5NpwXxrulOyui3+sWaG4pH8f
# oAOrSDC23M5A6jBJJAzDJ1q6M677U/kwJypyGQ7IyvyhECXE3tR+lHX1eA==
# =tqeJ
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 11 Oct 2022 04:27:42 EDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (37 commits)
  linux-user: i386/signal: support XSAVE/XRSTOR for signal frame fpstate
  linux-user: i386/signal: support FXSAVE fpstate on 32-bit emulation
  linux-user: i386/signal: move fpstate at the end of the 32-bit frames
  KVM: x86: Implement MSR_CORE_THREAD_COUNT MSR
  i386: kvm: Add support for MSR filtering
  x86: Implement MSR_CORE_THREAD_COUNT MSR
  target/i386: Enable TARGET_TB_PCREL
  target/i386: Inline gen_jmp_im
  target/i386: Add cpu_eip
  target/i386: Create eip_cur_tl
  target/i386: Merge gen_jmp_tb and gen_goto_tb into gen_jmp_rel
  target/i386: Remove MemOp argument to gen_op_j*_ecx
  target/i386: Use gen_jmp_rel for DISAS_TOO_MANY
  target/i386: Use gen_jmp_rel for gen_jcc
  target/i386: Use gen_jmp_rel for loop, repz, jecxz insns
  target/i386: Create gen_jmp_rel
  target/i386: Use DISAS_TOO_MANY to exit after gen_io_start
  target/i386: Create eip_next_*
  target/i386: Truncate values for lcall_real to i32
  target/i386: Introduce DISAS_JUMP
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-10-13 13:55:03 -04:00
Stefan Hajnoczi cdcb7dcb40 pc,virtio: features, tests, fixes, cleanups
virtio introspection
 new serial number opton for cxl
 vhost user blk dynamic config size
 virtio-gpio vhost user backend
 
 Tests fixes cleanups all over the place
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmNEVeoPHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRph8YH+gMWpb5IglE0Q+H2JiQPBwB/Ghy1ohRKnOvZ
 lChB7+oy18o2xXRFTOXwG9Ijqsbdn0QMbU/r3NWxBuMzxDow012xiMDniJlJmcXw
 /4POOCSTKrIfzVBhsEErVSA9NwSE5cQKr1oiRBGIa9UdZfZ//v7s6SoP4vtyj8RZ
 UJVYVnMDtq/0PaN92IMs06lhqo/LkegE7gTGHMBf8Nvw4SgQoZgfPyp1eR+dKOhz
 lXNqqvTds9yt8yS65UWbuSrZ9d7GpCQf8nuyLaLaENHd6FQUVfmTTT37l2EKziwp
 PK0EwWMHeGkj7LHrylztradhE9xBlIW23ROP8wPdGZHmgLNHbC0=
 =20Zb
 -----END PGP SIGNATURE-----

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

pc,virtio: features, tests, fixes, cleanups

virtio introspection
new serial number opton for cxl
vhost user blk dynamic config size
virtio-gpio vhost user backend

Tests fixes cleanups all over the place

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmNEVeoPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRph8YH+gMWpb5IglE0Q+H2JiQPBwB/Ghy1ohRKnOvZ
# lChB7+oy18o2xXRFTOXwG9Ijqsbdn0QMbU/r3NWxBuMzxDow012xiMDniJlJmcXw
# /4POOCSTKrIfzVBhsEErVSA9NwSE5cQKr1oiRBGIa9UdZfZ//v7s6SoP4vtyj8RZ
# UJVYVnMDtq/0PaN92IMs06lhqo/LkegE7gTGHMBf8Nvw4SgQoZgfPyp1eR+dKOhz
# lXNqqvTds9yt8yS65UWbuSrZ9d7GpCQf8nuyLaLaENHd6FQUVfmTTT37l2EKziwp
# PK0EwWMHeGkj7LHrylztradhE9xBlIW23ROP8wPdGZHmgLNHbC0=
# =20Zb
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 10 Oct 2022 13:27:06 EDT
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (55 commits)
  x86: pci: acpi: consolidate PCI slots creation
  tests: acpi: update expected blobs
  x86: pci: acpi: reorder Device's _DSM method
  tests: acpi: whitelist pc/q35 DSDT before moving _ADR field
  tests: acpi: update expected blobs
  x86: pci: acpi: reorder Device's _ADR and _SUN fields
  tests: acpi: whitelist pc/q35 DSDT before moving _ADR field
  tests: acpi: update expected blobs
  x86: acpi: cleanup PCI device _DSM duplication
  tests: acpi: whitelist pc/q35 DSDT before switching _DSM to use ASUN
  tests: acpi: update expected blobs
  x86: acpi: _DSM: use Package to pass parameters
  acpi: x86: refactor PDSM method to reduce nesting
  tests: acpi: whitelist pc/q35 DSDT due to HPET AML move
  tests: acpi: update expected blobs after HPET move
  acpi: x86: deduplicate HPET AML building
  tests: acpi: whitelist pc/q35 DSDT due to HPET AML move
  hw/smbios: support for type 8 (port connector)
  pci: Sanity check mask argument to pci_set_*_by_mask()
  pci: Remove unused pci_get_*_by_mask() functions
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-10-12 16:00:15 -04:00
Stefan Hajnoczi cdda364e1d target-arm queue:
* Retry KVM_CREATE_VM call if it fails EINTR
  * allow setting SCR_EL3.EnTP2 when FEAT_SME is implemented
  * docs/nuvoton: Update URL for images
  * refactoring of page table walk code
  * hw/arm/boot: set CPTR_EL3.ESM and SCR_EL3.EnTP2 when booting Linux with EL3
  * Don't allow guest to use unimplemented granule sizes
  * Report FEAT_GTG support
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmNEK54ZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3kzHD/9StYmulAf0iwe1ZNp6NavK
 CioOgZi6XyZl4rS2DrCf6/IO5XRFJP68byZd4Po554r2jcPc149yTuQAn4wb7d5e
 kejMZRQeWsXdxschhoVzDp9fgfzyZBn9X+gbdEZFFPWzOHMyWuu4cTok0dAKQvQY
 tZDLGmKeTv4MRUFJCri0310Sq0T0v/nAX/AyFtpvIr2SBx7DVCWYY02s5R4Yy5+M
 ntDWb0j12r78/bPwI1ll+g19JXUV5Tfh9AsbcYjKv45kdftz/Xc8fBiSiEpxyMrF
 mnVrr3kesZHOYAnOr2K1MnwsF0vU41kRg7kMRqSnu7pZXlI/8tmRyXoPR3c2aDbW
 Q5HWtsA48j2h0CJ0ESzl5SQnl3TSPa94m/HmpRSBFrYkU727QgnWDhUmBb4n54xs
 9iBJDhcKGZLq68CB2+j6ENdRNTndolr14OwwEns0lbkoiCKUOQY3AigtZJQGRBGM
 J5r3ED7jfTWpvP6vpp5X484fK6KVprSMxsRFDkmiwhbb3J+WtKLxbSlgsWIrkZ7s
 +JgTGfGB8sD9hJVuFZYyPQb/XWP8Bb8jfgsLsTu1vW9Xs1ASrLimFYdRO3hhwSg3
 c5yubz6Vu9GB/JYh7hGprlMD5Yv48AA3if70hOu2d4P8A4OitavT7o+4Thwqjhds
 cSV1RsBJ8ha6L3CziZaKrQ==
 =s+1f
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20221010' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * Retry KVM_CREATE_VM call if it fails EINTR
 * allow setting SCR_EL3.EnTP2 when FEAT_SME is implemented
 * docs/nuvoton: Update URL for images
 * refactoring of page table walk code
 * hw/arm/boot: set CPTR_EL3.ESM and SCR_EL3.EnTP2 when booting Linux with EL3
 * Don't allow guest to use unimplemented granule sizes
 * Report FEAT_GTG support

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmNEK54ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3kzHD/9StYmulAf0iwe1ZNp6NavK
# CioOgZi6XyZl4rS2DrCf6/IO5XRFJP68byZd4Po554r2jcPc149yTuQAn4wb7d5e
# kejMZRQeWsXdxschhoVzDp9fgfzyZBn9X+gbdEZFFPWzOHMyWuu4cTok0dAKQvQY
# tZDLGmKeTv4MRUFJCri0310Sq0T0v/nAX/AyFtpvIr2SBx7DVCWYY02s5R4Yy5+M
# ntDWb0j12r78/bPwI1ll+g19JXUV5Tfh9AsbcYjKv45kdftz/Xc8fBiSiEpxyMrF
# mnVrr3kesZHOYAnOr2K1MnwsF0vU41kRg7kMRqSnu7pZXlI/8tmRyXoPR3c2aDbW
# Q5HWtsA48j2h0CJ0ESzl5SQnl3TSPa94m/HmpRSBFrYkU727QgnWDhUmBb4n54xs
# 9iBJDhcKGZLq68CB2+j6ENdRNTndolr14OwwEns0lbkoiCKUOQY3AigtZJQGRBGM
# J5r3ED7jfTWpvP6vpp5X484fK6KVprSMxsRFDkmiwhbb3J+WtKLxbSlgsWIrkZ7s
# +JgTGfGB8sD9hJVuFZYyPQb/XWP8Bb8jfgsLsTu1vW9Xs1ASrLimFYdRO3hhwSg3
# c5yubz6Vu9GB/JYh7hGprlMD5Yv48AA3if70hOu2d4P8A4OitavT7o+4Thwqjhds
# cSV1RsBJ8ha6L3CziZaKrQ==
# =s+1f
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 10 Oct 2022 10:26:38 EDT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20221010' of https://git.linaro.org/people/pmaydell/qemu-arm: (28 commits)
  docs/system/arm/emulation.rst: Report FEAT_GTG support
  target/arm: Use ARMGranuleSize in ARMVAParameters
  target/arm: Don't allow guest to use unimplemented granule sizes
  hw/arm/boot: set CPTR_EL3.ESM and SCR_EL3.EnTP2 when booting Linux with EL3
  target/arm: Use tlb_set_page_full
  target/arm: Fix cacheattr in get_phys_addr_disabled
  target/arm: Split out get_phys_addr_disabled
  target/arm: Fix ATS12NSO* from S PL1
  target/arm: Pass HCR to attribute subroutines.
  target/arm: Remove env argument from combined_attrs_fwb
  target/arm: Hoist read of *is_secure in S1_ptw_translate
  target/arm: Introduce arm_hcr_el2_eff_secstate
  target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M
  target/arm: Reorg regime_translation_disabled
  target/arm: Fold secure and non-secure a-profile mmu indexes
  target/arm: Add is_secure parameter to do_ats_write
  target/arm: Merge regime_is_secure into get_phys_addr
  target/arm: Add TBFLAG_M32.SECURE
  target/arm: Add is_secure parameter to v7m_read_half_insn
  target/arm: Split out get_phys_addr_with_secure
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-10-12 15:59:10 -04:00
Gerd Hoffmann 0468fe82d3 pci-ids: document modern virtio-pci ids in pci.h too
While being at it add a #define for the magic 0x1040 number.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-Id: <20221004112100.301935-6-kraxel@redhat.com>
2022-10-12 12:01:11 +02:00
Gerd Hoffmann cbd56573f7 pci-ids: drop PCI_DEVICE_ID_VIRTIO_PMEM
Not needed for a virtio 1.0 device.  virtio_pci_device_plugged()
overrides them anyway (so no functional change).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Pankaj Gupta <pankaj.gupta@amd.com>
Tested-by: Pankaj Gupta <pankaj.gupta@amd.com>
Message-Id: <20221004112100.301935-4-kraxel@redhat.com>
2022-10-12 12:01:11 +02:00
Gerd Hoffmann 58de96e2eb pci-ids: drop PCI_DEVICE_ID_VIRTIO_MEM
Not needed for a virtio 1.0 device.  virtio_pci_device_plugged()
overrides them anyway (so no functional change).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20221004112100.301935-3-kraxel@redhat.com>
2022-10-12 12:01:11 +02:00
Gerd Hoffmann c82190fa1b pci-ids: drop PCI_DEVICE_ID_VIRTIO_IOMMU
Not needed for a virtio 1.0 device.  virtio_pci_device_plugged()
overrides them anyway (so no functional change).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Message-Id: <20221004112100.301935-2-kraxel@redhat.com>
2022-10-12 12:01:11 +02:00
lu zhipeng 2fba4e9c49 cirrus_vga: fix potential memory overflow
Signed-off-by: lu zhipeng <luzhipeng@cestc.cn>
Message-Id: <20220929122352.1891-1-luzhipeng@cestc.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-10-12 11:00:55 +02:00
Jerome Forissier 0ff993193f hw/arm/boot: set CPTR_EL3.ESM and SCR_EL3.EnTP2 when booting Linux with EL3
According to the Linux kernel booting.rst [1], CPTR_EL3.ESM and
SCR_EL3.EnTP2 must be initialized to 1 when EL3 is present and FEAT_SME
is advertised. This has to be taken care of when QEMU boots directly
into the kernel (i.e., "-M virt,secure=on -cpu max -kernel Image").

Cc: qemu-stable@nongnu.org
Fixes: 78cb977666 ("target/arm: Enable SME for -cpu max")
Link: [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/arm64/booting.rst?h=v6.0#n321
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Message-id: 20221003145641.1921467-1-jerome.forissier@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-10-10 14:52:25 +01:00
John Millikin 298c31de98 scsi-disk: support setting CD-ROM block size via device options
SunOS expects CD-ROM devices to have a block size of 512, and will
fail to mount or install using QEMU's default block size of 2048.

When initializing the SCSI device, allow the `physical_block_size'
block device option to override the default block size.

Signed-off-by: John Millikin <john@john-millikin.com>
Message-Id: <20220804122950.1577012-1-john@john-millikin.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-10 09:23:16 +02:00
Igor Mammedov 3216ab2acb x86: pci: acpi: consolidate PCI slots creation
No functional changes nor AML bytecode changes.
Consolidate code that generates empty and populated slot
descriptors. Besides eliminating duplication,
it helps consolidate conditions for generating
parts of Device{} desriptor in one place, which makes
code more compact and easier to read.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220701133515.137890-18-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:46 -04:00
Igor Mammedov 87debd32a8 x86: pci: acpi: reorder Device's _DSM method
align _DSM method in empty slot descriptor with
a populated slot position.
Expected change:
  +            Device (SE8)
  +            {
  +                Name (_ADR, 0x001D0000)  // _ADR: Address
  +                Name (ASUN, 0x1D)
                   Method (_DSM, 4, Serialized)  // _DSM: Device-Specific Method
                   {
                       Local0 = Package (0x02)
                           {
                               BSEL,
                               ASUN
                           }
                       Return (PDSM (Arg0, Arg1, Arg2, Arg3, Local0))
                   }
  -            }

  -            Device (SE8)
  -            {
  -                Name (_ADR, 0x001D0000)  // _ADR: Address
  -                Name (ASUN, 0x1D)
                   Name (_SUN, 0x1D)  // _SUN: Slot User Number
                   Method (_EJ0, 1, NotSerialized)  // _EJx: Eject Device
                   {
                       PCEJ (BSEL, _SUN)
                   }
  +            }

i.e. put _DSM right after ASUN, with _SUN/_EJ0 following it.

that will eliminate contextual changes (causing test failures)
when follow up patches merge code generating populated and empty
slots descriptors.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220701133515.137890-16-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:46 -04:00
Igor Mammedov 366047d625 x86: pci: acpi: reorder Device's _ADR and _SUN fields
no functional change, align order of fields in empty slot
descriptor with a populated slot ordering.
Expected diff:
  -                Name (_SUN, 0x0X)  // _SUN: Slot User Number
                   Name (_ADR, 0xY)  // _ADR: Address
  ...
  +                Name (_SUN, 0xX)  // _SUN: Slot User Number

that will eliminate contextual changes (causing test failures)
when follow up patches merge code generating populated and empty
slots descriptors.

Put mandatory _ADR as the 1st field, then ASUN as it can be
present for both pupulated and empty slots and only then _SUN
which is present only when slot is hotpluggable.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220701133515.137890-13-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:45 -04:00
Igor Mammedov 5840a16364 x86: acpi: cleanup PCI device _DSM duplication
add ASUN variable to hotpluggable slots and use it
instead of _SUN which has the same value to reuse
_DMS code on both branches (hot- and non-hotpluggable).
No functional change.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220701133515.137890-10-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:45 -04:00
Igor Mammedov 467d099a29 x86: acpi: _DSM: use Package to pass parameters
Numer of possible arguments to pass to a method is limited
in ACPI. The following patches will need to pass over more
parameters to PDSM method, will hit that limit.

Prepare for this by passing structure (Package) to method,
which let us workaround arguments limitation.
Pass to PDSM all standard arguments of _DSM as is, and
pack custom parameters into Package that is passed as
the last argument to PDSM.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220701133515.137890-7-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:45 -04:00
Igor Mammedov a12cf6923c acpi: x86: refactor PDSM method to reduce nesting
.., it will help with code readability and make easier
to extend method in followup patches

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220701133515.137890-6-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:45 -04:00
Igor Mammedov e05acc360e acpi: x86: deduplicate HPET AML building
HPET AML doesn't depend on piix4 nor q35, move code buiding it
to common scope to avoid duplication.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220701133515.137890-3-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:45 -04:00
Hal Martin fd8caa253c hw/smbios: support for type 8 (port connector)
PATCH v1: add support for SMBIOS type 8 to qemu
PATCH v2: incorporate patch v1 feedback and add smbios type=8 to qemu-options

internal_reference: internal reference designator
external_reference: external reference designator
connector_type: hex value for port connector type (see SMBIOS 7.9.2)
port_type: hex value for port type (see SMBIOS 7.9.3)

After studying various vendor implementationsi (Dell, Lenovo, MSI),
the value of internal connector type was hard-coded to 0x0 (None).

Example usage:
-smbios type=8,internal_reference=JUSB1,external_reference=USB1,connector_type=0x12,port_type=0x10 \
-smbios type=8,internal_reference=JAUD1,external_reference="Audio Jack",connector_type=0x1f,port_type=0x1d \
-smbios type=8,internal_reference=LAN,external_reference=Ethernet,connector_type=0x0b,port_type=0x1f \
-smbios type=8,internal_reference=PS2,external_reference=Mouse,connector_type=0x0f,port_type=0x0e \
-smbios type=8,internal_reference=PS2,external_reference=Keyboard,connector_type=0x0f,port_type=0x0d

Signed-off-by: Hal Martin <hal.martin@gmail.com>

Message-Id: <20220812135153.17859-1-hal.martin@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:45 -04:00
Laurent Vivier 1ee7bb5bef qmp: add QMP command x-query-virtio-queue-element
This new command shows the information of a VirtQueue element.

[Note: Up until v10 of this patch series, virtio.json had many (15+)
 enums defined (e.g. decoded device features, statuses, etc.). In v10
 most of these enums were removed and replaced with string literals.
 By doing this we get (1) simpler schema, (2) smaller generated code,
 and (3) less maintenance burden for when new things are added (e.g.
 devices, device features, etc.).]

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <1660220684-24909-6-git-send-email-jonah.palmer@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:45 -04:00
Laurent Vivier 07536ddda7 qmp: add QMP commands for virtio/vhost queue-status
These new commands show the internal status of a VirtIODevice's
VirtQueue and a vhost device's vhost_virtqueue (if active).

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <1660220684-24909-5-git-send-email-jonah.palmer@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:45 -04:00
Laurent Vivier f3034ad71f qmp: decode feature & status bits in virtio-status
Display feature names instead of bitmaps for host, guest, and
backend for VirtIODevices.

Display status names instead of bitmaps for VirtIODevices.

Display feature names instead of bitmaps for backend, protocol,
acked, and features (hdev->features) for vhost devices.

Decode features according to device ID. Decode statuses
according to configuration status bitmap (config_status_map).
Decode vhost user protocol features according to vhost user
protocol bitmap (vhost_user_protocol_map).

Transport features are on the first line. Undecoded bits (if
any) are stored in a separate field.

[Jonah: Several changes made to this patch from prev. version (v14):
 - Moved all device features mappings to hw/virtio/virtio.c
 - Renamed device features mappings (less generic)
 - Generalized @FEATURE_ENTRY macro for all device mappings
 - Virtio device feature map definitions include descriptions of
   feature bits
 - Moved @VHOST_USER_F_PROTOCOL_FEATURES feature bit from transport
   feature map to vhost-user-supported device feature mappings
   (blk, fs, i2c, rng, net, gpu, input, scsi, vsock)
 - New feature bit added for virtio-vsock: @VIRTIO_VSOCK_F_SEQPACKET
 - New feature bit added for virtio-iommu: @VIRTIO_IOMMU_F_BYPASS_CONFIG
 - New feature bit added for virtio-mem: @VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE
 - New virtio transport feature bit added: @VIRTIO_F_IN_ORDER
 - Added device feature map definition for virtio-rng
]

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <1660220684-24909-4-git-send-email-jonah.palmer@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:45 -04:00
Laurent Vivier 90c066cd68 qmp: add QMP command x-query-virtio-status
This new command shows the status of a VirtIODevice, including
its corresponding vhost device's status (if active).

Next patch will improve output by decoding feature bits, including
vhost device's feature bits (backend, protocol, acked, and features).
Also will decode status bits of a VirtIODevice.

[Jonah: From patch v12; added a check to @virtio_device_find to ensure
 synchronicity between @virtio_list and the devices in the QOM
 composition tree.]

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <1660220684-24909-3-git-send-email-jonah.palmer@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:45 -04:00
Laurent Vivier a5ebce3857 qmp: add QMP command x-query-virtio
This new command lists all the instances of VirtIODevices with
their canonical QOM path and name.

[Jonah: @virtio_list duplicates information that already exists in
 the QOM composition tree. However, extracting necessary information
 from this tree seems to be a bit convoluted.

 Instead, we still create our own list of realized virtio devices
 but use @qmp_qom_get with the device's canonical QOM path to confirm
 that the device exists and is realized. If the device exists but
 is actually not realized, then we remove it from our list (for
 synchronicity to the QOM composition tree).

 Also, the QMP command @x-query-virtio is redundant as @qom-list
 and @qom-get are sufficient to search '/machine/' for realized
 virtio devices. However, @x-query-virtio is much more convenient
 in listing realized virtio devices.]

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <1660220684-24909-2-git-send-email-jonah.palmer@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-09 16:38:45 -04:00
Peter Xu 20ca47429e Revert "intel_iommu: Fix irqchip / X2APIC configuration checks"
It's true that when vcpus<=255 we don't require the length of 32bit APIC
IDs.  However here since we already have EIM=ON it means the hypervisor
will declare the VM as x2apic supported (e.g. VT-d ECAP register will have
EIM bit 4 set), so the guest should assume the APIC IDs are 32bits width
even if vcpus<=255.  In short, commit 77250171bd breaks any simple cmdline
that wants to boot a VM with >=9 but <=255 vcpus with:

  -device intel-iommu,intremap=on

For anyone who does not want to enable x2apic, we can use eim=off in the
intel-iommu parameters to skip enabling KVM x2apic.

This partly reverts commit 77250171bd, while
keeping the valid bit on checking split irqchip, but revert the other change.

One thing to mention is that this patch may break migration compatibility
of such VM, however that's probably the best thing we can do, because the
old behavior was simply wrong and not working for >8 vcpus.  For <=8 vcpus,
there could be a light guest ABI change (by enabling KVM x2apic after this
patch), but logically it shouldn't affect the migration from working.

Also, this is not the 1st commit to change x2apic behavior.  Igor provided
a full history of how this evolved for the past few years:

https://lore.kernel.org/qemu-devel/20220922154617.57d1a1fb@redhat.com/

Relevant commits for reference:

  fb506e701e ("intel_iommu: reject broken EIM", 2016-10-17)
  c1bb5418e3 ("target/i386: Support up to 32768 CPUs without IRQ remapping", 2020-12-10)
  77250171bd ("intel_iommu: Fix irqchip / X2APIC configuration checks", 2022-05-16)
  dc89f32d92 ("target/i386: Fix sanity check on max APIC ID / X2APIC enablement", 2022-05-16)

We may want to have this for stable too (mostly for 7.1.0 only).  Adding a
fixes tag.

Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Claudio Fontana <cfontana@suse.de>
Cc: Igor Mammedov <imammedo@redhat.com>
Fixes: 77250171bd ("intel_iommu: Fix irqchip / X2APIC configuration checks")
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20220926153206.10881-1-peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2022-10-09 16:38:45 -04:00
Jonathan Cameron 9c769e0446 mem/cxl-type3: Add sn option to provide serial number for PCI ecap
The Device Serial Number Extended Capability PCI r6.0 sec 7.9.3
provides a standard way to provide a device serial number as
an IEEE defined 64-bit extended unique identifier EUI-64.

CXL 2.0 section 8.1.12.2 Memory Device PCIe Capabilities and
Extended Capabilities requires this to be used to uniquely
identify CXL memory devices.

Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220923161835.9805-1-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Ben Widawsky <bwidawsk@kernel.org>
2022-10-09 16:38:45 -04:00
Miguel Luis 5dbc9a2785 acpi: arm/virt: build_gtdt: fix invalid 64-bit physical addresses
Per the ACPI 6.5 specification, on the GTDT Table Structure, the Counter Control
Block Address and Counter Read Block Address fields of the GTDT table should be
set to 0xFFFFFFFFFFFFFFFF if not provided, rather than 0x0.

Fixes: 41041e5708 ("acpi: arm/virt: build_gtdt: use acpi_table_begin()/acpi_table_end() instead of build_header()")

Signed-off-by: Miguel Luis <miguel.luis@oracle.com>
Message-Id: <20220920162137.75239-3-miguel.luis@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Ani Sinha <ani@anisinha.ca>
2022-10-09 16:38:45 -04:00
Daniil Tatianin 8edd56735b vhost-user-blk: dynamically resize config space based on features
Make vhost-user-blk backwards compatible when migrating from older VMs
running with modern features turned off, the same way it was done for
virtio-blk in 20764be042 ("virtio-blk: set config size depending on the features enabled")

It's currently impossible to migrate from an older VM with
vhost-user-blk (with disable-legacy=off) because of errors like this:

qemu-system-x86_64: get_pci_config_device: Bad config data: i=0x10 read: 41 device: 1 cmask: ff wmask: 80 w1cmask:0
qemu-system-x86_64: Failed to load PCIDevice:config
qemu-system-x86_64: Failed to load virtio-blk:virtio
qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:05.0:00.0:02.0/virtio-blk'
qemu-system-x86_64: load of migration failed: Invalid argument

This is caused by the newer (destination) VM requiring a bigger BAR0
alignment because it has to cover a bigger configuration space, which
isn't actually needed since those additional config fields are not
active (write-zeroes/discard).

Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20220906073111.353245-6-d-tatianin@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-07 09:41:51 -04:00
Daniil Tatianin f1c25f295d vhost-user-blk: make 'config_wce' part of 'host_features'
No reason to have this be a separate field. This also makes it more akin
to what the virtio-blk device does.

Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20220906073111.353245-5-d-tatianin@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-07 09:41:51 -04:00
Daniil Tatianin 246db16d43 vhost-user-blk: make it possible to disable write-zeroes/discard
It is useful to have the ability to disable these features for
compatibility with older VMs that don't have these implemented.

Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20220906073111.353245-4-d-tatianin@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-07 09:41:51 -04:00
Daniil Tatianin d9cf55a86d virtio-blk: move config size params to virtio-blk-common
This way we can reuse it for other virtio-blk devices, e.g
vhost-user-blk, which currently does not control its config space size
dynamically.

Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20220906073111.353245-3-d-tatianin@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-07 09:41:51 -04:00
Daniil Tatianin d74c30c811 virtio: introduce VirtIOConfigSizeParams & virtio_get_config_size
This is the first step towards moving all device config size calculation
logic into the virtio core code. In particular, this adds a struct that
contains all the necessary information for common virtio code to be able
to calculate the final config size for a device. This is expected to be
used with the new virtio_get_config_size helper, which calculates the
final length based on the provided host features.

This builds on top of already existing code like VirtIOFeature and
virtio_feature_get_config_size(), but adds additional fields, as well as
sanity checking so that device-specifc code doesn't have to duplicate it.

An example usage would be:

    static const VirtIOFeature dev_features[] = {
        {.flags = 1ULL << FEATURE_1_BIT,
         .end = endof(struct virtio_dev_config, feature_1)},
        {.flags = 1ULL << FEATURE_2_BIT,
         .end = endof(struct virtio_dev_config, feature_2)},
        {}
    };

    static const VirtIOConfigSizeParams dev_cfg_size_params = {
        .min_size = DEV_BASE_CONFIG_SIZE,
        .max_size = sizeof(struct virtio_dev_config),
        .feature_sizes = dev_features
    };

    // code inside my_dev_device_realize()
    size_t config_size = virtio_get_config_size(&dev_cfg_size_params,
                                                host_features);
    virtio_init(vdev, VIRTIO_ID_MYDEV, config_size);

Currently every device is expected to write its own boilerplate from the
example above in device_realize(), however, the next step of this
transition is moving VirtIOConfigSizeParams into VirtioDeviceClass,
so that it can be done automatically by the virtio initialization code.

All of the users of virtio_feature_get_config_size have been converted
to use virtio_get_config_size so it's no longer needed and is removed
with this commit.

Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Message-Id: <20220906073111.353245-2-d-tatianin@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-07 09:41:51 -04:00
Viresh Kumar 25c60a4612 hw/virtio: add vhost-user-gpio-pci boilerplate
This allows is to instantiate a vhost-user-gpio device as part of a PCI
bus. It is mostly boilerplate which looks pretty similar to the
vhost-user-fs-pci device.

Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <5f560cab92d0d789b1c94295ec74b9952907d69d.1641987128.git.viresh.kumar@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

Message-Id: <20220802095010.3330793-14-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-07 09:41:51 -04:00
Viresh Kumar 27ba7b027f hw/virtio: add boilerplate for vhost-user-gpio device
This creates the QEMU side of the vhost-user-gpio device which connects
to the remote daemon. It is based of vhost-user-i2c code.

Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <5390324a748194a21bc99b1538e19761a8c64092.1641987128.git.viresh.kumar@linaro.org>
[AJB: fixes for qtest, tweaks to feature bits]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Vincent Whitchurch <vincent.whitchurch@axis.com>

Message-Id: <20220802095010.3330793-13-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-07 09:41:51 -04:00
Alex Bennée b8f3e6a18d hw/virtio: move vhd->started check into helper and add FIXME
The `started` field is manipulated internally within the vhost code
except for one place, vhost-user-blk via f5b22d06fb (vhost: recheck
dev state in the vhost_migration_log routine). Mark that as a FIXME
because it introduces a potential race. I think the referenced fix
should be tracking its state locally.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220802095010.3330793-12-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwittz@nutanix.com>
2022-10-07 09:41:51 -04:00
Alex Bennée 9f6bcfd99f hw/virtio: move vm_running check to virtio_device_started
All the boilerplate virtio code does the same thing (or should at
least) of checking to see if the VM is running before attempting to
start VirtIO. Push the logic up to the common function to avoid
getting a copy and paste wrong.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220802095010.3330793-11-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-07 09:41:51 -04:00
Alex Bennée a276123119 hw/virtio: add some vhost-user trace events
These are useful for tracing the lifetime of vhost-user connections.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220802095010.3330793-10-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-10-07 09:41:51 -04:00
Alex Bennée 8d11c10d06 hw/virtio: log potentially buggy guest drivers
If the guest driver attempts to use the UNUSED(30) bit it is
potentially buggy as 6.3 Legacy Interface: Reserved Feature Bits
states it "SHOULD NOT be negotiated". For now just log this guest
error.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20220802095010.3330793-9-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-10-07 09:41:51 -04:00
Alex Bennée c97c76b3e7 hw/virtio: fix some coding style issues
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20220802095010.3330793-8-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-10-07 09:41:51 -04:00
Alex Bennée 02b61f38d3 hw/virtio: incorporate backend features in features
There are some extra bits used over a vhost-user connection which are
hidden from the device itself. We need to set them here to ensure we
enable things like the protocol extensions.

Currently net/vhost-user.c has it's own inscrutable way of persisting
this data but it really should live in the core vhost_user code.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220726192150.2435175-7-alex.bennee@linaro.org>
Message-Id: <20220802095010.3330793-2-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-10-07 09:41:51 -04:00
Marc-André Lureau 9204028dbb 9p: add missing coroutine_fn annotations
Callers of coroutine_fn must be coroutine_fn themselves, or the call
must be within "if (qemu_in_coroutine())".  Apply coroutine_fn to
functions where this holds.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Alberto Faria <afaria@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20220922084924.201610-25-pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2022-10-07 12:11:41 +02:00
Alex Bennée bf0c50d4aa monitor: expose monitor_puts to rest of code
This helps us construct strings elsewhere before echoing to the
monitor. It avoids having to jump through hoops like:

  monitor_printf(mon, "%s", s->str);

It will be useful in following patches but for now convert all
existing plain "%s" printfs to use the _puts api.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220929114231.583801-33-alex.bennee@linaro.org>
2022-10-06 11:53:40 +01:00
Stefan Hajnoczi 4a9c04672a Cache CPUClass for use in hot code paths.
Add CPUTLBEntryFull, probe_access_full, tlb_set_page_full.
 Add generic support for TARGET_TB_PCREL.
 tcg/ppc: Optimize 26-bit jumps using STQ for POWER 2.07
 target/sh4: Fix TB_FLAG_UNALIGN
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmM8jXEdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/oEggArAHK8FtydfQ4ZwnF
 SjXfpdP50OC0SZn3uBN93FZOrxz9UYG9t1oDHs39J/+b/u2nwJYch//EH2k+NtOW
 hc3iIgS9bWgs/UWZESkViKQccw7gpYlc21Br38WWwFNEFyecX0p+e9pJgld5rSv1
 mRGvCs5J2svH2tcXl/Sb/JWgcumOJoG7qy2aLyJGolR6UOfwcfFMzQXzq8qjpRKH
 Jh84qusE/rLbzBsdN6snJY4+dyvUo03lT5IJ4d+FQg2tUip+Qqt7pnMbsqq6qF6H
 R6fWU1JTbsh7GxXJwQJ83jLBnUsi8cy6FKrZ3jyiBq76+DIpR0PqoEe+PN/weInU
 TN0z4g==
 =RfXJ
 -----END PGP SIGNATURE-----

Merge tag 'pull-tcg-20221004' of https://gitlab.com/rth7680/qemu into staging

Cache CPUClass for use in hot code paths.
Add CPUTLBEntryFull, probe_access_full, tlb_set_page_full.
Add generic support for TARGET_TB_PCREL.
tcg/ppc: Optimize 26-bit jumps using STQ for POWER 2.07
target/sh4: Fix TB_FLAG_UNALIGN

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmM8jXEdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/oEggArAHK8FtydfQ4ZwnF
# SjXfpdP50OC0SZn3uBN93FZOrxz9UYG9t1oDHs39J/+b/u2nwJYch//EH2k+NtOW
# hc3iIgS9bWgs/UWZESkViKQccw7gpYlc21Br38WWwFNEFyecX0p+e9pJgld5rSv1
# mRGvCs5J2svH2tcXl/Sb/JWgcumOJoG7qy2aLyJGolR6UOfwcfFMzQXzq8qjpRKH
# Jh84qusE/rLbzBsdN6snJY4+dyvUo03lT5IJ4d+FQg2tUip+Qqt7pnMbsqq6qF6H
# R6fWU1JTbsh7GxXJwQJ83jLBnUsi8cy6FKrZ3jyiBq76+DIpR0PqoEe+PN/weInU
# TN0z4g==
# =RfXJ
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 04 Oct 2022 15:45:53 EDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20221004' of https://gitlab.com/rth7680/qemu:
  target/sh4: Fix TB_FLAG_UNALIGN
  tcg/ppc: Optimize 26-bit jumps
  accel/tcg: Introduce TARGET_TB_PCREL
  accel/tcg: Introduce tb_pc and log_pc
  hw/core: Add CPUClass.get_pc
  include/hw/core: Create struct CPUJumpCache
  accel/tcg: Inline tb_flush_jmp_cache
  accel/tcg: Do not align tb->page_addr[0]
  accel/tcg: Use DisasContextBase in plugin_gen_tb_start
  accel/tcg: Use bool for page_find_alloc
  accel/tcg: Remove PageDesc code_bitmap
  include/exec: Introduce TARGET_PAGE_ENTRY_EXTRA
  accel/tcg: Introduce tlb_set_page_full
  accel/tcg: Introduce probe_access_full
  accel/tcg: Suppress auto-invalidate in probe_access_internal
  accel/tcg: Drop addr member from SavedIOTLB
  accel/tcg: Rename CPUIOTLBEntry to CPUTLBEntryFull
  cputlb: used cached CPUClass in our hot-paths
  hw/core/cpu-sysemu: used cached class in cpu_asidx_from_attrs
  cpu: cache CPUClass in CPUState for hot code paths

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-10-05 10:17:02 -04:00
Richard Henderson a976a99a29 include/hw/core: Create struct CPUJumpCache
Wrap the bare TranslationBlock pointer into a structure.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-10-04 12:13:12 -07:00
Stefan Hajnoczi fafd35a6da Pull request trivial patches branch 20220930-v2
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmM7XoISHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748D/0QAKbYtTWjhFPeapjZVoTv13YrTvczWrcF
 omL6IZivVq0t7hun4iem0DwmvXJELMGexEOTvEJOzM19IIlvvwvOsI8xnxpcMnEY
 6GKVbs53Ba0bg2yh7Dll2W9jkou9eX27DwUHMVF8KX7qqsbU+WyD/vdGZitgGt+T
 8yna7kzVvNVsdB3+DbIatI5RzzHeu4OqeuH/WCtAyzCaLB64UYTcHprskxIp4+wp
 dR+EUSoDEr9Qx4PC+uVEsTFK1zZjyAYNoNIkh6fhlkRvDJ1uA75m3EJ57P8xPPqe
 VbVkPMKi0d4c52m6XvLsQhyYryLx/qLLUAkJWVpY66aHcapYbZAEAfZmNGTQLrOJ
 qIOJzIkOdU6l3pRgXVdVCgkHRc2HETwET2LyVbNkUz/vBlW2wOZQbZFbezComael
 bQ/gNBYqP+eOGnZzeWbKBGHr/9QDBClNufidIMC+sOiUw0iSifzjkFwvH7IElx6K
 EQCOSV6pOhKVlinTpmBbk1XD3xDkQ7ZidiLT9g+P1c8dExrXBhWOnfUHueISb8+s
 KKMozuxQ/6/3c/DP5hwI9cKPEWEbqJfq1kMuxIvEivKGwUIqX2yq4VJ+hSlYJ+CW
 nGjXZldtf4KwH+cTsxyPmdZRR5Q7+ODr5Xo7GNvEKBuDsHs7uUl1c3vvOykQgje9
 +dyJR6TfbQWn
 =aK29
 -----END PGP SIGNATURE-----

Merge tag 'trivial-branch-for-7.2-pull-request' of https://gitlab.com/laurent_vivier/qemu into staging

Pull request trivial patches branch 20220930-v2

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmM7XoISHGxhdXJlbnRA
# dml2aWVyLmV1AAoJEPMMOL0/L748D/0QAKbYtTWjhFPeapjZVoTv13YrTvczWrcF
# omL6IZivVq0t7hun4iem0DwmvXJELMGexEOTvEJOzM19IIlvvwvOsI8xnxpcMnEY
# 6GKVbs53Ba0bg2yh7Dll2W9jkou9eX27DwUHMVF8KX7qqsbU+WyD/vdGZitgGt+T
# 8yna7kzVvNVsdB3+DbIatI5RzzHeu4OqeuH/WCtAyzCaLB64UYTcHprskxIp4+wp
# dR+EUSoDEr9Qx4PC+uVEsTFK1zZjyAYNoNIkh6fhlkRvDJ1uA75m3EJ57P8xPPqe
# VbVkPMKi0d4c52m6XvLsQhyYryLx/qLLUAkJWVpY66aHcapYbZAEAfZmNGTQLrOJ
# qIOJzIkOdU6l3pRgXVdVCgkHRc2HETwET2LyVbNkUz/vBlW2wOZQbZFbezComael
# bQ/gNBYqP+eOGnZzeWbKBGHr/9QDBClNufidIMC+sOiUw0iSifzjkFwvH7IElx6K
# EQCOSV6pOhKVlinTpmBbk1XD3xDkQ7ZidiLT9g+P1c8dExrXBhWOnfUHueISb8+s
# KKMozuxQ/6/3c/DP5hwI9cKPEWEbqJfq1kMuxIvEivKGwUIqX2yq4VJ+hSlYJ+CW
# nGjXZldtf4KwH+cTsxyPmdZRR5Q7+ODr5Xo7GNvEKBuDsHs7uUl1c3vvOykQgje9
# +dyJR6TfbQWn
# =aK29
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Oct 2022 18:13:22 EDT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* tag 'trivial-branch-for-7.2-pull-request' of https://gitlab.com/laurent_vivier/qemu:
  docs: Update TPM documentation for usage of a TPM 2
  Use g_new() & friends where that makes obvious sense
  Drop superfluous conditionals around g_free()
  block/qcow2-bitmap: Add missing cast to silent GCC error
  checkpatch: ignore target/hexagon/imported/* files
  mem/cxl_type3: fix GPF DVSEC
  .gitignore: add .cache/ to .gitignore
  hw/virtio/vhost-shadow-virtqueue: Silence GCC error "maybe-uninitialized"

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-10-04 14:04:18 -04:00
Stefan Hajnoczi f8ec554cb8 * x86: re-enable rng seeding via SetupData
* x86: reinitialize RNG seed on system reboot and after kernel load
 * qboot: rebuild based on latest commit
 * watchdog: remove -watchdog option
 * update Meson to 0.61.5, move more configure tests
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmM4kiAUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroNfbgf+IHhIHVxtBVWqayVRkwpQC+oAFV/V
 4bvJI90rHmTNPA36n1ocUmQmXyNVTQFW/t7mlln5BhOwNzxnQycVe2idfMa6ntkb
 hHpe2NbICF9Crzb9BkK4wnaBLwEWA/X3WlnCqPYtxlxEhjmxu+HPtF7vm12OTkOV
 JevH3EN1gMiAfMo+gcRBlrwb5kntLm3nGZTCd218Ope22PoU6MVvxb9ivieJG8kD
 xDUGPQNU0mB9pypwLYZAqmu34xJ8Stly9UuJ1M2iQoawIs7W2Qy7svpOrsKZ3W/7
 D7J18QLAjI7Hq6rUWPgK5ugnUvVMdaTXM7MZSuIDIxRJuj5YryIsHRPybQ==
 =HEmX
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* x86: re-enable rng seeding via SetupData
* x86: reinitialize RNG seed on system reboot and after kernel load
* qboot: rebuild based on latest commit
* watchdog: remove -watchdog option
* update Meson to 0.61.5, move more configure tests

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmM4kiAUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNfbgf+IHhIHVxtBVWqayVRkwpQC+oAFV/V
# 4bvJI90rHmTNPA36n1ocUmQmXyNVTQFW/t7mlln5BhOwNzxnQycVe2idfMa6ntkb
# hHpe2NbICF9Crzb9BkK4wnaBLwEWA/X3WlnCqPYtxlxEhjmxu+HPtF7vm12OTkOV
# JevH3EN1gMiAfMo+gcRBlrwb5kntLm3nGZTCd218Ope22PoU6MVvxb9ivieJG8kD
# xDUGPQNU0mB9pypwLYZAqmu34xJ8Stly9UuJ1M2iQoawIs7W2Qy7svpOrsKZ3W/7
# D7J18QLAjI7Hq6rUWPgK5ugnUvVMdaTXM7MZSuIDIxRJuj5YryIsHRPybQ==
# =HEmX
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 01 Oct 2022 15:16:48 EDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  x86: re-initialize RNG seed when selecting kernel
  target/i386/kvm: fix kvmclock_current_nsec: Assertion `time.tsc_timestamp <= migration_tsc' failed
  configure, meson: move linker flag detection to meson
  configure, meson: move C++ compiler detection to meson.build
  meson: multiple names can be passed to dependency()
  meson: require 0.61.3
  meson: -display dbus and CFI are incompatible
  ui: fix path to dbus-display1.h
  watchdog: remove -watchdog option
  configure: do not invoke as/ld directly for pc-bios/optionrom
  qboot: rebuild based on latest commit
  x86: re-enable rng seeding via SetupData
  x86: reinitialize RNG seed on system reboot
  x86: use typedef for SetupData struct
  x86: return modified setup_data only if read as memory, not as file

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-10-04 14:03:21 -04:00
Alex Bennée b404ca370e hw/core/cpu-sysemu: used cached class in cpu_asidx_from_attrs
This is a heavily used function so lets avoid the cost of
CPU_GET_CLASS. On the romulus-bmc run it has a modest effect:

  Before: 36.812 s ±  0.506 s
  After:  35.912 s ±  0.168 s

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220811151413.3350684-4-alex.bennee@linaro.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220923084803.498337-4-clg@kaod.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-10-03 20:53:30 -07:00
Markus Armbruster c5e8d51824 Use g_new() & friends where that makes obvious sense
g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
for two reasons.  One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

This commit only touches allocations with size arguments of the form
sizeof(T).

Patch created mechanically with:

    $ spatch --in-place --sp-file scripts/coccinelle/use-g_new-etc.cocci \
	     --macro-file scripts/cocci-macro-file.h FILES...

The previous iteration was commit a95942b50c.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20220923084254.4173111-1-armbru@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-10-04 00:10:11 +02:00
Stefan Hajnoczi efbf38d73e Block layer patches
- Fix missing block_acct_setup() with -blockdev
 - Keep auto_backing_file post-migration
 - file-posix: Fixed O_DIRECT memory alignment
 - ide: Fix state after EXECUTE DEVICE DIAGNOSTIC and implement
   INITIALIZE DEVICE PARAMETERS
 - qemu-img: Wean documentation and help output off '?' for help
 - qcow2: fix memory leak and compiler warning
 - Code cleanups
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmM3Hm4RHGt3b2xmQHJl
 ZGhhdC5jb20ACgkQfwmycsiPL9ZhqA//WGN9tlx3Pf1D6SG3PtIG6/2DOJ6/gVNw
 R17BwoGTw36Nmt9xDzrHih753dcguLS19Kd6EySTg6j8mPogmFszquORMgGmcYcW
 0KtneRR7Y9XsamIGgentek1zsWajsP5muvZQF+hFJyZ24MZtWB+5Ucw2VuUTWnRl
 YaKP/tGMP5sC8nK3Npste/o7yh9Wgv4cv/mdKuyKoxjZhELeTTpHoTC2IZK9bV5I
 Bh19zjPRUPodm37nzONruUVzn53xKK3Qn26ZT5Hgx39HOdccPEu9N8wawQyqLr/x
 2whcn8kFfpFBLLxVbMYjwcWNo41SCn1itRcgV38PilBvG2UInUFK2QCmVgYxWluB
 9I5sRasfD3/BPPmw3n+j2TRJ+uvrLkkwXqIhAg+mAeiS0MccWUnLhJLW2S1Yai5L
 nkjkLmuV7KCLQTY39WvKBq0TPgj3QR0WJtEYHuUDtduvzKxAWd47Ff1tEPvFm5Ys
 RpmLSUQdPZiOkiwnV1qVg6a3gbIjUcT0Pai/Knc3iYrwCWLdNSCGoPkVemOg5wvN
 GxsQcKnfayQqIdZU6lBQehUjPamm3ffAEELeqLQXCbZe9lsbhNBXLJjVnA3cOu3f
 1PX6w+4MNeTg5ZekUJGS1fnYlq9CDOWGSv37+csB8dBhi6vQTc6YjABWU1IrB0S5
 1ihOYtc8fOo=
 =IIJz
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of git://repo.or.cz/qemu/kevin into staging

Block layer patches

- Fix missing block_acct_setup() with -blockdev
- Keep auto_backing_file post-migration
- file-posix: Fixed O_DIRECT memory alignment
- ide: Fix state after EXECUTE DEVICE DIAGNOSTIC and implement
  INITIALIZE DEVICE PARAMETERS
- qemu-img: Wean documentation and help output off '?' for help
- qcow2: fix memory leak and compiler warning
- Code cleanups

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmM3Hm4RHGt3b2xmQHJl
# ZGhhdC5jb20ACgkQfwmycsiPL9ZhqA//WGN9tlx3Pf1D6SG3PtIG6/2DOJ6/gVNw
# R17BwoGTw36Nmt9xDzrHih753dcguLS19Kd6EySTg6j8mPogmFszquORMgGmcYcW
# 0KtneRR7Y9XsamIGgentek1zsWajsP5muvZQF+hFJyZ24MZtWB+5Ucw2VuUTWnRl
# YaKP/tGMP5sC8nK3Npste/o7yh9Wgv4cv/mdKuyKoxjZhELeTTpHoTC2IZK9bV5I
# Bh19zjPRUPodm37nzONruUVzn53xKK3Qn26ZT5Hgx39HOdccPEu9N8wawQyqLr/x
# 2whcn8kFfpFBLLxVbMYjwcWNo41SCn1itRcgV38PilBvG2UInUFK2QCmVgYxWluB
# 9I5sRasfD3/BPPmw3n+j2TRJ+uvrLkkwXqIhAg+mAeiS0MccWUnLhJLW2S1Yai5L
# nkjkLmuV7KCLQTY39WvKBq0TPgj3QR0WJtEYHuUDtduvzKxAWd47Ff1tEPvFm5Ys
# RpmLSUQdPZiOkiwnV1qVg6a3gbIjUcT0Pai/Knc3iYrwCWLdNSCGoPkVemOg5wvN
# GxsQcKnfayQqIdZU6lBQehUjPamm3ffAEELeqLQXCbZe9lsbhNBXLJjVnA3cOu3f
# 1PX6w+4MNeTg5ZekUJGS1fnYlq9CDOWGSv37+csB8dBhi6vQTc6YjABWU1IrB0S5
# 1ihOYtc8fOo=
# =IIJz
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 30 Sep 2022 12:50:54 EDT
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* tag 'for-upstream' of git://repo.or.cz/qemu/kevin:
  hw/ide/core.c: Implement ATA INITIALIZE_DEVICE_PARAMETERS command
  tests/qtest/ide-test: Verify that DIAGNOSTIC clears DEV to zero
  hw/ide/core: Clear LBA and drive bits for EXECUTE DEVICE DIAGNOSTIC
  tests/qtest/ide-test.c: Create disk image for use as a secondary
  piix_ide_reset: Use pci_set_* functions instead of direct access
  block: use the request length for iov alignment
  block: move bdrv_qiov_is_aligned to file-posix
  iotests/backing-file-invalidation: Add new test
  block/qed: Keep auto_backing_file if possible
  block/qcow2: Keep auto_backing_file if possible
  gluster: stop using .bdrv_needs_filename
  block: make serializing requests functions 'void'
  block: use bdrv_is_sg() helper instead of raw bs->sg reading
  block: add missed block_acct_setup with new block device init procedure
  block: pass OnOffAuto instead of bool to block_acct_setup()
  qemu-img: Wean documentation and help output off '?' for help
  block/qcow2-bitmap: Add missing cast to silent GCC error
  qcow2: fix memory leak in qcow2_read_extensions

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-10-03 15:06:07 -04:00
Stefan Hajnoczi 81f12b8cdf target-arm queue:
* Fix breakage of icount mode when guest touches MDCR_EL3, MDCR_EL2,
    PMCNTENSET_EL0 or PMCNTENCLR_EL0
  * Make writes to MDCR_EL3 use PMU start/finish calls
  * Let AArch32 write to SDCR.SCCD
  * Rearrange cpu64.c so all the CPU initfns are together
  * hw/arm/xlnx-zynqmp: Connect ZynqMP's USB controllers
  * hw/arm/virt: fix some minor issues with generated device tree
  * Fix regression where EL3 could not write to SP_EL1 if there is no EL2
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmM28EYZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3mw9D/44e72KHZdfr3F/Cmd0Jku2
 g5NQ4ooKV90rY4Y4+/VR9Z2k7a72lWFgFl7/54AKXSZsZSmNomeh2WxWJAs1lA2W
 4rmGPlLwxZYMQumYcMOArYxJQgRK5exVtE6ECKM/JERjhKSbnL1lyLWGUyLtFJfq
 SjxoTWEigPHu+0fX/nk04rFzrA6Bo1qKQqZZTuN9zcT6JXyQMjZNF89Fxy9OlV4s
 dlOXsZILV8oREnGdDFPYLgwSTMn+1rrD8xfjK/DTQrlUVX/9zhlIeKg5O4JadxCy
 8ThIFCyODUanlRvyjHiwvcvStHn8wwyCp4uJrxmZGyyp4t4u3etG0hpsZaPtiN9O
 NKtad4Aoc6lSmIDhYYZA1LIIdSIeyUPD/LyWTd+qKK7A7mxH6ORr0uyjhb01jWs3
 ceyne1i0n66oRLbHxPyjQEkLqwLl2CsqWr41BNM5RVoYjCU8HYSvEwlh7t+EZCL5
 IRkfAWJkA9bdXL30ZmYSzJ7hfvVkWhDsHD+eOzAcsxoApgzI5Mfi7gCIZ+LNY20P
 W0akGbA6l0InsmIcBpyXEztPOi6tOD/J55qeOCrzHjgfhoJWCoa/mS8bVqN0mKIA
 yJ7QbiK/JY6+G1v2oM8aARLn8/C7oLnMYiKntXNBMj67Ry5GwjDt+A37MUHgQbZb
 yUzUjr3O2N1qJRKi+Dd7eA==
 =edYy
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20220930' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * Fix breakage of icount mode when guest touches MDCR_EL3, MDCR_EL2,
   PMCNTENSET_EL0 or PMCNTENCLR_EL0
 * Make writes to MDCR_EL3 use PMU start/finish calls
 * Let AArch32 write to SDCR.SCCD
 * Rearrange cpu64.c so all the CPU initfns are together
 * hw/arm/xlnx-zynqmp: Connect ZynqMP's USB controllers
 * hw/arm/virt: fix some minor issues with generated device tree
 * Fix regression where EL3 could not write to SP_EL1 if there is no EL2

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmM28EYZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3mw9D/44e72KHZdfr3F/Cmd0Jku2
# g5NQ4ooKV90rY4Y4+/VR9Z2k7a72lWFgFl7/54AKXSZsZSmNomeh2WxWJAs1lA2W
# 4rmGPlLwxZYMQumYcMOArYxJQgRK5exVtE6ECKM/JERjhKSbnL1lyLWGUyLtFJfq
# SjxoTWEigPHu+0fX/nk04rFzrA6Bo1qKQqZZTuN9zcT6JXyQMjZNF89Fxy9OlV4s
# dlOXsZILV8oREnGdDFPYLgwSTMn+1rrD8xfjK/DTQrlUVX/9zhlIeKg5O4JadxCy
# 8ThIFCyODUanlRvyjHiwvcvStHn8wwyCp4uJrxmZGyyp4t4u3etG0hpsZaPtiN9O
# NKtad4Aoc6lSmIDhYYZA1LIIdSIeyUPD/LyWTd+qKK7A7mxH6ORr0uyjhb01jWs3
# ceyne1i0n66oRLbHxPyjQEkLqwLl2CsqWr41BNM5RVoYjCU8HYSvEwlh7t+EZCL5
# IRkfAWJkA9bdXL30ZmYSzJ7hfvVkWhDsHD+eOzAcsxoApgzI5Mfi7gCIZ+LNY20P
# W0akGbA6l0InsmIcBpyXEztPOi6tOD/J55qeOCrzHjgfhoJWCoa/mS8bVqN0mKIA
# yJ7QbiK/JY6+G1v2oM8aARLn8/C7oLnMYiKntXNBMj67Ry5GwjDt+A37MUHgQbZb
# yUzUjr3O2N1qJRKi+Dd7eA==
# =edYy
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 30 Sep 2022 09:33:58 EDT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20220930' of https://git.linaro.org/people/pmaydell/qemu-arm:
  target/arm: mark SP_EL1 with ARM_CP_EL3_NO_EL2_KEEP
  hw/arm/virt: Fix devicetree warning about the SMMU node
  hw/arm/virt: Use "msi-map" devicetree property for PCI
  hw/arm/virt: Fix devicetree warning about the GIC node
  hw/arm/virt: Fix devicetree warning about the root node
  hw/arm/xlnx-zynqmp: Connect ZynqMP's USB controllers
  target/arm: Rearrange cpu64.c so all the CPU initfns are together
  target/arm: Update SDCR_VALID_MASK to include SCCD
  target/arm: Make writes to MDCR_EL3 use PMU start/finish calls
  target/arm: Mark registers which call pmu_op_start() as ARM_CP_IO

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-10-03 15:00:36 -04:00
Jason A. Donenfeld cc63374a5a x86: re-initialize RNG seed when selecting kernel
We don't want it to be possible to re-read the RNG seed after ingesting
it, because this ruins forward secrecy. Currently, however, the setup
data section can just be re-read. Since the kernel is always read after
the setup data, use the selection of the kernel as a trigger to
re-initialize the RNG seed, just like we do on reboot, to preserve
forward secrecy.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Message-Id: <20220922152847.3670513-1-Jason@zx2c4.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-01 21:16:36 +02:00
Lev Kujawski 176e4961bb hw/ide/core.c: Implement ATA INITIALIZE_DEVICE_PARAMETERS command
CHS-based disk utilities and operating systems may adjust the logical
geometry of a hard drive to cope with the expectations or limitations
of software using the ATA INITIALIZE_DEVICE_PARAMETERS command.

Prior to this patch, INITIALIZE_DEVICE_PARAMETERS was a nop that
always returned success, raising the possibility of data loss or
corruption if the CHS<->LBA translation redirected a write to the
wrong sector.

* hw/ide/core.c
ide_reset():
  Reset the logical CHS geometry of the hard disk when the power-on
  defaults feature is enabled.
cmd_specify():
  a) New function implementing INITIALIZE_DEVICE_PARAMETERS.
  b) Ignore calls for empty or ATAPI devices.
cmd_set_features():
  Implement the power-on defaults enable and disable features.
struct ide_cmd_table:
  Switch WIN_SPECIFY from cmd_nop() to cmd_specify().
ide_init_drive():
  Set new fields 'drive_heads' and 'drive_sectors' based upon the
  actual disk geometry.

* include/hw/ide/internal.h
struct IDEState:
a) Store the actual drive CHS values within the new fields
   'drive_heads' and 'drive_sectors.'
b) Track whether a soft IDE reset should also reset the logical CHS
   geometry of the hard disk within the new field 'reset_reverts'.

Signed-off-by: Lev Kujawski <lkujaw@member.fsf.org>
Message-Id: <20220707031140.158958-7-lkujaw@member.fsf.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2022-09-30 18:43:44 +02:00
Lev Kujawski 3195c9e6ab hw/ide/core: Clear LBA and drive bits for EXECUTE DEVICE DIAGNOSTIC
Prior to this patch, cmd_exec_dev_diagnostic relied upon
ide_set_signature to clear the device register.  While the
preservation of the drive bit by ide_set_signature is necessary for
the DEVICE RESET, IDENTIFY DEVICE, and READ SECTOR commands,
ATA/ATAPI-6 specifies that "DEV shall be cleared to zero" for EXECUTE
DEVICE DIAGNOSTIC.

This deviation was uncovered by the ATACT Device Testing Program
written by Hale Landis.

Signed-off-by: Lev Kujawski <lkujaw@member.fsf.org>
Message-Id: <20220707031140.158958-3-lkujaw@member.fsf.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2022-09-30 18:43:44 +02:00
Lev Kujawski 4851a986b2 piix_ide_reset: Use pci_set_* functions instead of direct access
Eliminate the remaining TODOs in hw/ide/piix.c by:
* Using pci_set_{size} functions to write the PIIX PCI configuration
  space instead of manipulating it directly as an array; and
* Documenting the default register values by reference to the
  controlling specification.

Signed-off-by: Lev Kujawski <lkujaw@member.fsf.org>
Message-Id: <20220707031140.158958-1-lkujaw@member.fsf.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2022-09-30 18:43:44 +02:00
Denis V. Lunev 62a6c300f1 block: add missed block_acct_setup with new block device init procedure
Commit 5f76a7aac1 is looking harmless from
the first glance, but it has changed things a lot. 'libvirt' uses it to
detect that it should follow new initialization way and this changes
things considerably. With this procedure followed, blockdev_init() is
not called anymore and thus block_acct_setup() helper is not called.

This means in particular that defaults for block accounting statistics
are changed and account_invalid/account_failed are actually initialized
as false instead of true originally.

This commit changes things to match original world. There are the following
constraints:
* new default value in block_acct_init() is set to true
* block_acct_setup() inside blockdev_init() is called before
  blkconf_apply_backend_options()
* thus newly created option in block device properties has precedence if
  specified

Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
CC: Peter Krempa <pkrempa@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
CC: John Snow <jsnow@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220824095044.166009-3-den@openvz.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2022-09-30 18:42:34 +02:00
Tong Zhang c6cc866c0e mem/cxl_type3: fix GPF DVSEC
The structure is for device dvsec not port dvsec. Change type to fix
this issue.

Signed-off-by: Tong Zhang <t.zhang2@samsung.com>
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220915175853.2902-1-t.zhang2@samsung.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-09-29 21:18:40 +02:00
Bernhard Beschow ad9f958db5 hw/virtio/vhost-shadow-virtqueue: Silence GCC error "maybe-uninitialized"
GCC issues a false positive warning, resulting in build failure with -Werror:

  In file included from /usr/include/glib-2.0/glib.h:114,
                   from src/include/glib-compat.h:32,
                   from src/include/qemu/osdep.h:144,
                   from ../src/hw/virtio/vhost-shadow-virtqueue.c:10:
  In function ‘g_autoptr_cleanup_generic_gfree’,
      inlined from ‘vhost_handle_guest_kick’ at ../src/hw/virtio/vhost-shadow-virtqueue.c:292:42:
  /usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: ‘elem’ may be used uninitialized [-Werror=maybe-uninitialized]
     28 |   g_free (*pp);
        |   ^~~~~~~~~~~~
  ../src/hw/virtio/vhost-shadow-virtqueue.c: In function ‘vhost_handle_guest_kick’:
  ../src/hw/virtio/vhost-shadow-virtqueue.c:292:42: note: ‘elem’ was declared here
    292 |             g_autofree VirtQueueElement *elem;
        |                                          ^~~~
  cc1: all warnings being treated as errors

There is actually no problem since "elem" is initialized in both branches.
Silence the warning by initializig it with "NULL".

$ gcc --version
gcc (GCC) 12.2.0

Fixes: 9c2ab2f1ec ("vhost: stop transfer elem ownership in vhost_handle_guest_kick")
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220910151117.6665-1-shentey@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-09-29 21:07:39 +02:00
Stefan Hajnoczi 539cb0876b chardev related patches
-----BEGIN PGP SIGNATURE-----
 
 iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmM1evIcHG1hcmNhbmRy
 ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5evvD/49HQuMxsHaTvXSLPxi
 Bkv9W8cHSEOuAVsgizrd3Z/AEx8MMsZLprtGttYpQN4041aBbyDG7PR1PirVibe7
 s5uuqq2LB85dCkrPyiTkfGosbnndDy+VH9ZH+vS6CMKHYRSwpRjYUoKt5e75JhtP
 RefwFihkVyr3HbsD6SKjB8lV25yw2tQB6BizTedaNmM6ZSmX/TRtes1JgeK3l5jD
 7hQVqqEAJ6YvZnpg070Om43sae7j0yoW7Dg45DVViQNJeRG/0rwBKAbUZuLzs9lH
 hMjqlUW+It7Q7DvkkoLO6DiBsIceeZneZ3XHnv0/OrXDILS2ZWRnm2+qKJp75fub
 TXFafZX3RIn8ZL6Lw4uz/tsX5CllzuiT/2EO2/CzFIaGESi8Y5eFL3xku7tDWzq8
 EtsAehQeHOvNU/mw8Z1hPEozcPMFUY9eUPF7vPRHPV+g+YI+UlrZCFGcJaZpspeP
 h3rUXInftMHHocr/LvI9DMEzgHjOZrDqjECSavp1nHrGbRLfBl/1QNPql1cZJ+H/
 XDygo1x/QVlEkTaBWqcMFifgqJ7xvHPDQd6rvIbBYwUUWU1B79UKON0i6WOMk7A6
 vjsJz7Sk+cJMOMwc76w+qd0mRauWkcfiS08Y4g+4HksymZev5OeGNuuDfI6zwfFt
 T21TIS/c0zmcNU1sgXB6U2VTiw==
 =pMT6
 -----END PGP SIGNATURE-----

Merge tag 'char-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging

chardev related patches

# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmM1evIcHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5evvD/49HQuMxsHaTvXSLPxi
# Bkv9W8cHSEOuAVsgizrd3Z/AEx8MMsZLprtGttYpQN4041aBbyDG7PR1PirVibe7
# s5uuqq2LB85dCkrPyiTkfGosbnndDy+VH9ZH+vS6CMKHYRSwpRjYUoKt5e75JhtP
# RefwFihkVyr3HbsD6SKjB8lV25yw2tQB6BizTedaNmM6ZSmX/TRtes1JgeK3l5jD
# 7hQVqqEAJ6YvZnpg070Om43sae7j0yoW7Dg45DVViQNJeRG/0rwBKAbUZuLzs9lH
# hMjqlUW+It7Q7DvkkoLO6DiBsIceeZneZ3XHnv0/OrXDILS2ZWRnm2+qKJp75fub
# TXFafZX3RIn8ZL6Lw4uz/tsX5CllzuiT/2EO2/CzFIaGESi8Y5eFL3xku7tDWzq8
# EtsAehQeHOvNU/mw8Z1hPEozcPMFUY9eUPF7vPRHPV+g+YI+UlrZCFGcJaZpspeP
# h3rUXInftMHHocr/LvI9DMEzgHjOZrDqjECSavp1nHrGbRLfBl/1QNPql1cZJ+H/
# XDygo1x/QVlEkTaBWqcMFifgqJ7xvHPDQd6rvIbBYwUUWU1B79UKON0i6WOMk7A6
# vjsJz7Sk+cJMOMwc76w+qd0mRauWkcfiS08Y4g+4HksymZev5OeGNuuDfI6zwfFt
# T21TIS/c0zmcNU1sgXB6U2VTiw==
# =pMT6
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 29 Sep 2022 07:01:06 EDT
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* tag 'char-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
  vhost-user: Call qemu_socketpair() instead of socketpair()
  oslib-posix: Introduce qemu_socketpair()
  chardev: fix segfault in finalize
  serial: Allow unaligned i/o access
  msmouse: Add pnp data
  msmouse: Use fifo8 instead of array
  chardev: src buffer const for write functions
  msmouse: Handle mouse reset

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-29 14:12:01 -04:00
Jean-Philippe Brucker 6ebbf2f9d1 hw/arm/virt: Fix devicetree warning about the SMMU node
The SMMUv3 node isn't expected to have clock properties
(unlike the SMMUv2). Fix the corresponding dt-validate warning:

  smmuv3@9050000: 'clock-names', 'clocks' do not match any of the regexes: 'pinctrl-[0-9]+'
  From schema: linux/Documentation/devicetree/bindings/iommu/arm,smmu-v3.yaml

Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: tweaked commit message as suggested by Eric]
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20220927100347.176606-7-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-09-29 17:55:06 +01:00
Jean-Philippe Brucker 6b2f3ac945 hw/arm/virt: Use "msi-map" devicetree property for PCI
The "msi-parent" property can be used on the PCI node when MSIs do not
contain sideband data (device IDs) [1]. In QEMU, MSI transactions
contain the requester ID, so the PCI node should use the "msi-map"
property instead of "msi-parent". In our case the property describes an
identity map between requester ID and sideband data.

This fixes a warning when passing the DTB generated by QEMU to dtc,
following a recent change to the GICv3 node:

  Warning (msi_parent_property): /pcie@10000000:msi-parent: property size (4) too small for cell size 1

[1] linux/Documentation/devicetree/bindings/pci/pci-msi.txt

Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20220927100347.176606-4-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-09-29 17:55:05 +01:00
Jean-Philippe Brucker a312a53007 hw/arm/virt: Fix devicetree warning about the GIC node
The GICv3 bindings requires a #msi-cells property for the ITS node. Fix
the corresponding dt-validate warning:

  interrupt-controller@8000000: msi-controller@8080000: '#msi-cells' is a required property
  From schema: linux/Documentation/devicetree/bindings/interrupt-controller/arm,gic-v3.yaml

Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20220927100347.176606-3-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-09-29 17:55:04 +01:00
Jean-Philippe Brucker 5f1d731c08 hw/arm/virt: Fix devicetree warning about the root node
The devicetree specification requires a 'model' property in the root
node. Fix the corresponding dt-validate warning:

  /: 'model' is a required property
  From schema: dtschema/schemas/root-node.yaml

Use the same name for model as for compatible. The specification
recommends that 'compatible' follows the format 'manufacturer,model' and
'model' follows the format 'manufacturer,model-number'. Since our
'compatible' doesn't observe this, 'model' doesn't really need to
either.

Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20220927100347.176606-2-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-09-29 17:50:46 +01:00
Francisco Iglesias acc0b8b05a hw/arm/xlnx-zynqmp: Connect ZynqMP's USB controllers
Connect ZynqMP's USB controllers.

Signed-off-by: Francisco Iglesias <francisco.iglesias@amd.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20220920081517.25401-1-frasse.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-09-29 17:40:01 +01:00
Guoyi Tu 9cbda7b354 vhost-user: Call qemu_socketpair() instead of socketpair()
As the close-on-exec flags is not set on the file descriptors returned
by socketpair() at default, the fds will survive across exec' function.

In the case that exec' function get invoked, such as the live-update feature
which is been developing, it will cause fd leaks.

To address this problem, we should call qemu_socketpair() to create an pair of
connected sockets with the close-on-exec flag set.

Signed-off-by: Guoyi Tu <tugy@chinatelecom.cn>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <7002b12a5fb0a30cd878e14e07da61c36da72913.1661240709.git.tugy@chinatelecom.cn>
2022-09-29 14:38:05 +04:00
Arwed Meyer 769a726ccb serial: Allow unaligned i/o access
Unaligned i/o access on serial UART works on real PCs.
This is used for example by FreeDOS CTMouse driver. Without this it
can't reset and detect serial mice.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/77
Signed-off-by: Arwed Meyer <arwed.meyer@gmx.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220911181840.8933-6-arwed.meyer@gmx.de>
2022-09-29 14:38:05 +04:00
Paolo Bonzini 5433af7697 watchdog: remove -watchdog option
This was deprecated in 6.2 and is ready to go.  It removes quite a bit
of code that handled the registration of watchdog models.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-29 11:40:28 +02:00
Stefan Hajnoczi dc6c2342a0 VFIO updates 2022-09-27
* Fix initial values for migration state (Kunkun Jiang)
 
  * Fix a use-after-free error path (Alex Williamson)
 -----BEGIN PGP SIGNATURE-----
 
 iQJPBAABCAA5FiEEQvbATlQL0amee4qQI5ubbjuwiyIFAmMzXKwbHGFsZXgud2ls
 bGlhbXNvbkByZWRoYXQuY29tAAoJECObm247sIsiOv8QAKJstXXq92FxT+wBXt0Q
 wnMJjE1hvCHXki7FfPSRPmVgoMppWD1vhr7TajeOkidtqnX48V863/RGZfxX+oQU
 bEPPT6QaWnYhagslrRjIj4R+5O5N6rY9A2zzpG2vv1x9qv8r9WLicKvwjzinTgAp
 PyU9Ajgu2OUpD6O64iXIeD2MnfblSN3N+bBvZ7alDifFC1D8CfX9D3X76bdERC6X
 LFEenZ/3ZwZh46z1xv4v3opI2aBp9oh1gca9NKc/jUKg11AuswhmmUSmb+lVDDnt
 UBNTqgHtnGBfAMcxQ1cA6AtRvtwwneJkQC4nkUmOEWuMImUEhTQw7vcTpDFFyHzz
 dcYRjioHu15EmuHeP/W+139fnGeCDpr1/XJcJ2avUp/9oNeRDsAi4w/lEHXHv5Rm
 KHuXSIswC/6+dgvdOwRw2OlbzX5KjSVlqXJia+QexEliCxpcs8OYEJ7ZgRdFCO8t
 unWssLs7x1O40J7cngnyT8addLGwbwExrJggpG70suSQB5mMIJzNIVanUpUkzy2g
 9kAwW3fTUXqW7O+2RYbjFUoY0yR1eHO8EExiPHyO3hxCDNjglwpM20C4M7fs3Eo6
 /1zwagtjxblsWTPK9dOsq3y4yoXlhX+0EpM9PYPV8OleayTRyhS7O/FzHmqpJNlt
 G524RusuIU+xNwUTEKgFFHgm
 =5YPM
 -----END PGP SIGNATURE-----

Merge tag 'vfio-updates-20220927.1' of https://gitlab.com/alex.williamson/qemu into staging

VFIO updates 2022-09-27

 * Fix initial values for migration state (Kunkun Jiang)

 * Fix a use-after-free error path (Alex Williamson)

# -----BEGIN PGP SIGNATURE-----
#
# iQJPBAABCAA5FiEEQvbATlQL0amee4qQI5ubbjuwiyIFAmMzXKwbHGFsZXgud2ls
# bGlhbXNvbkByZWRoYXQuY29tAAoJECObm247sIsiOv8QAKJstXXq92FxT+wBXt0Q
# wnMJjE1hvCHXki7FfPSRPmVgoMppWD1vhr7TajeOkidtqnX48V863/RGZfxX+oQU
# bEPPT6QaWnYhagslrRjIj4R+5O5N6rY9A2zzpG2vv1x9qv8r9WLicKvwjzinTgAp
# PyU9Ajgu2OUpD6O64iXIeD2MnfblSN3N+bBvZ7alDifFC1D8CfX9D3X76bdERC6X
# LFEenZ/3ZwZh46z1xv4v3opI2aBp9oh1gca9NKc/jUKg11AuswhmmUSmb+lVDDnt
# UBNTqgHtnGBfAMcxQ1cA6AtRvtwwneJkQC4nkUmOEWuMImUEhTQw7vcTpDFFyHzz
# dcYRjioHu15EmuHeP/W+139fnGeCDpr1/XJcJ2avUp/9oNeRDsAi4w/lEHXHv5Rm
# KHuXSIswC/6+dgvdOwRw2OlbzX5KjSVlqXJia+QexEliCxpcs8OYEJ7ZgRdFCO8t
# unWssLs7x1O40J7cngnyT8addLGwbwExrJggpG70suSQB5mMIJzNIVanUpUkzy2g
# 9kAwW3fTUXqW7O+2RYbjFUoY0yR1eHO8EExiPHyO3hxCDNjglwpM20C4M7fs3Eo6
# /1zwagtjxblsWTPK9dOsq3y4yoXlhX+0EpM9PYPV8OleayTRyhS7O/FzHmqpJNlt
# G524RusuIU+xNwUTEKgFFHgm
# =5YPM
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Sep 2022 16:27:24 EDT
# gpg:                using RSA key 42F6C04E540BD1A99E7B8A90239B9B6E3BB08B22
# gpg:                issuer "alex.williamson@redhat.com"
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" [full]
# gpg:                 aka "Alex Williamson <alex@shazbot.org>" [full]
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>" [full]
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>" [full]
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* tag 'vfio-updates-20220927.1' of https://gitlab.com/alex.williamson/qemu:
  vfio/common: Fix vfio_iommu_type1_info use after free
  vfio/migration: Fix incorrect initialization value for parameters in VFIOMigration

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-28 17:03:40 -04:00
Stefan Hajnoczi 1acf19faed Xen patch
- Xen PCI passthrough fix for Atomic Ops requests
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEE+AwAYwjiLP2KkueYDPVXL9f7Va8FAmMy/BUACgkQDPVXL9f7
 Va/EWwf+OYEesPbMD9IWvMAgtbuqK8Q/u+YwX8bviiWsBHdGT/Egut/AKBcdmVo0
 68erlvsXBlffhT5kw6FtWHPrIMsDA+tos/q4pM7w4IJUsz+RKV/1IYT1pQ92XPP1
 RgxJyMCmVrKadqnDvVE9wAn8NeK3t75Lq5QWhN4cpWDWSSUXta90dlu8QefnrguA
 tTmdgneoDUjBhimpy4LgoWBeBqnAMdN05A0dcGcsTSjptj/GsylwSbbbkGivsaDl
 OH23Lk4I6dBhqGo0bEi/LpuPZ44BsuY6NHUlZixbWZl+PxneePdiEd+6YjEWNAZU
 kx2XEm0hQXYxUZDk+fvHCVZP3Y/b1g==
 =cDzP
 -----END PGP SIGNATURE-----

Merge tag 'pull-xen-20220927' of https://xenbits.xen.org/git-http/people/aperard/qemu-dm into staging

Xen patch

- Xen PCI passthrough fix for Atomic Ops requests

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEE+AwAYwjiLP2KkueYDPVXL9f7Va8FAmMy/BUACgkQDPVXL9f7
# Va/EWwf+OYEesPbMD9IWvMAgtbuqK8Q/u+YwX8bviiWsBHdGT/Egut/AKBcdmVo0
# 68erlvsXBlffhT5kw6FtWHPrIMsDA+tos/q4pM7w4IJUsz+RKV/1IYT1pQ92XPP1
# RgxJyMCmVrKadqnDvVE9wAn8NeK3t75Lq5QWhN4cpWDWSSUXta90dlu8QefnrguA
# tTmdgneoDUjBhimpy4LgoWBeBqnAMdN05A0dcGcsTSjptj/GsylwSbbbkGivsaDl
# OH23Lk4I6dBhqGo0bEi/LpuPZ44BsuY6NHUlZixbWZl+PxneePdiEd+6YjEWNAZU
# kx2XEm0hQXYxUZDk+fvHCVZP3Y/b1g==
# =cDzP
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Sep 2022 09:35:17 EDT
# gpg:                using RSA key F80C006308E22CFD8A92E7980CF5572FD7FB55AF
# gpg: Can't check signature: No public key

* tag 'pull-xen-20220927' of https://xenbits.xen.org/git-http/people/aperard/qemu-dm:
  hw/xen: set pci Atomic Ops requests for passthrough device

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-28 17:03:31 -04:00
Alex Williamson 85b6d2b5fc vfio/common: Fix vfio_iommu_type1_info use after free
On error, vfio_get_iommu_info() frees and clears *info, but
vfio_connect_container() continues to use the pointer regardless
of the return value.  Restructure the code such that a failure
of this function triggers an error and clean up the remainder of
the function, including updating an outdated comment that had
drifted from its relevant line of code and using host page size
for a default for better compatibility on non-4KB systems.

Reported-by: Nicolin Chen <nicolinc@nvidia.com>
Link: https://lore.kernel.org/all/20220910004245.2878-1-nicolinc@nvidia.com/
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
Tested-by: Nicolin Chen <nicolinc@nvidia.com>
Link: https://lore.kernel.org/r/166326219630.3388898.12882473157184946072.stgit@omen
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2022-09-27 14:26:42 -06:00
Kunkun Jiang 429c728006 vfio/migration: Fix incorrect initialization value for parameters in VFIOMigration
The structure VFIOMigration of a VFIODevice is allocated and initialized
in vfio_migration_init(). "device_state" and "vm_running" are initialized
to 0, indicating that VFIO device is_STOP and VM is not-running. The
initialization value is incorrect. According to the agreement, default
state of VFIO device is _RUNNING. And if a VFIO device is hot-plugged
while the VM is running, "vm_running" should be 1. This patch fixes it.

Fixes: 02a7e71b1e ("vfio: Add VM state change handler to know state of VM")
Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
Link: https://lore.kernel.org/r/20220711014651.1327-1-jiangkunkun@huawei.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2022-09-27 14:26:39 -06:00
Stefan Hajnoczi dbc4f48b5a -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJjMqL9AAoJEO8Ells5jWIRUKcH/iNuJpxMXG18pGteBiTu3/ut
 KRR9u1nLZZXA2/02NTOYnrrHcplFQkEBXNHaEintWfctKHIP/llY8LDVriDFM+6N
 4PzwLGLe7R9S7rfgt/xMDY0nFESFph5XyVTCxAAUm3Exhm8vIg1FM8Tep8lW/taW
 pliDa0K/9pQAfIN+eCnMUtH2JUttak8RwvAg5rXBg7XUx48ZTQn1o7aYYTPOAC2v
 RWkX0BKc7FVK5maAhe6Ugrcf6v4R2mDIAvnr+Anvo67SfgFZ5MtCllr0liJ4h3Vd
 +/PlsBDJotvht3QZVva1tn1Jk5rhN8N8lZbVOuMsklU/tX3Xrj99HJNETLXks2k=
 =82t6
 -----END PGP SIGNATURE-----

Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging

# -----BEGIN PGP SIGNATURE-----
# Version: GnuPG v1
#
# iQEcBAABAgAGBQJjMqL9AAoJEO8Ells5jWIRUKcH/iNuJpxMXG18pGteBiTu3/ut
# KRR9u1nLZZXA2/02NTOYnrrHcplFQkEBXNHaEintWfctKHIP/llY8LDVriDFM+6N
# 4PzwLGLe7R9S7rfgt/xMDY0nFESFph5XyVTCxAAUm3Exhm8vIg1FM8Tep8lW/taW
# pliDa0K/9pQAfIN+eCnMUtH2JUttak8RwvAg5rXBg7XUx48ZTQn1o7aYYTPOAC2v
# RWkX0BKc7FVK5maAhe6Ugrcf6v4R2mDIAvnr+Anvo67SfgFZ5MtCllr0liJ4h3Vd
# +/PlsBDJotvht3QZVva1tn1Jk5rhN8N8lZbVOuMsklU/tX3Xrj99HJNETLXks2k=
# =82t6
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Sep 2022 03:15:09 EDT
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [full]
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* tag 'net-pull-request' of https://github.com/jasowang/qemu:
  virtio: del net client if net_init_tap_one failed
  vdpa: Allow MQ feature in SVQ
  virtio-net: Update virtio-net curr_queue_pairs in vdpa backends
  vdpa: validate MQ CVQ commands
  vdpa: Add vhost_vdpa_net_load_mq
  vdpa: extract vhost_vdpa_net_load_mac from vhost_vdpa_net_load
  vdpa: Make VhostVDPAState cvq_cmd_in_buffer control ack type
  e1000e: set RX desc status with DD flag in a separate operation

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-27 11:08:36 -04:00
Stefan Hajnoczi 5c3c21ebd9 M68k pull request 20220927
Align bootinfo tags
 fix move from sr
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmMyl5ESHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748JGIQAK2xK/DCWCphFWIo9ywhRPupOJb4rEXO
 JqhBBmmVx+OZcl/MPsHyQlGuvjustB/K8ZojqII50+ZeVG2ECj9lHn+nBBbU3pXT
 bVkV5FWTFMvbxXpfePbZ9wrWZACVPMchEyswOu8scvsH+N9yP8ZrqNBi/MlNQaYR
 RCLdHfIUJ43U/KvsOgQxNb2O+ag7wlmPbSk2cuRmGi/cYBHsKRD+kbLp6l5vTqYn
 0n/sNVo0HEL6kl3/IOUKNMpgadcIvoAMsJ8TzXarHfBRbN8baCEeO+Evlc1wkgQE
 pB00jx4cyLX0KOlGhM3H7ezqRDdPJkf2nmlFlQ4Of2YE949ZWN9F27CoeptLeyrF
 7UP8MQjumibd6nq8SJSGEN8iMjRLYiTYlRTUeOe18ofoa2JTOeqhfDzWAoVl1XTi
 SA/3VmdAW7k18C4Wkm6VnrZDVs6RU60bWlyjLJ9lyc6798dG9eeDZMzNhRgOaKib
 J/w6+UKo0T4auEG7iOu2rt9uIWD0MJHXIYqoUYoKrRR6pwWbXQ0syljNMz2WT1y7
 kHoyC7moc5a7VTnKY41DGtZwsl0nqwSNsln+BCSwIAj2DjLkUMEZOUV9Lz9BMsEz
 RyKKbdVX7iEPQYzKbztdx02sM4E3jEczh1tHOcHxPxF1wsgc1BTP2xNUzUi7ijac
 MUJ9HMT++X9i
 =u4p1
 -----END PGP SIGNATURE-----

Merge tag 'm68k-for-7.2-pull-request' of https://github.com/vivier/qemu-m68k into staging

M68k pull request 20220927

Align bootinfo tags
fix move from sr

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmMyl5ESHGxhdXJlbnRA
# dml2aWVyLmV1AAoJEPMMOL0/L748JGIQAK2xK/DCWCphFWIo9ywhRPupOJb4rEXO
# JqhBBmmVx+OZcl/MPsHyQlGuvjustB/K8ZojqII50+ZeVG2ECj9lHn+nBBbU3pXT
# bVkV5FWTFMvbxXpfePbZ9wrWZACVPMchEyswOu8scvsH+N9yP8ZrqNBi/MlNQaYR
# RCLdHfIUJ43U/KvsOgQxNb2O+ag7wlmPbSk2cuRmGi/cYBHsKRD+kbLp6l5vTqYn
# 0n/sNVo0HEL6kl3/IOUKNMpgadcIvoAMsJ8TzXarHfBRbN8baCEeO+Evlc1wkgQE
# pB00jx4cyLX0KOlGhM3H7ezqRDdPJkf2nmlFlQ4Of2YE949ZWN9F27CoeptLeyrF
# 7UP8MQjumibd6nq8SJSGEN8iMjRLYiTYlRTUeOe18ofoa2JTOeqhfDzWAoVl1XTi
# SA/3VmdAW7k18C4Wkm6VnrZDVs6RU60bWlyjLJ9lyc6798dG9eeDZMzNhRgOaKib
# J/w6+UKo0T4auEG7iOu2rt9uIWD0MJHXIYqoUYoKrRR6pwWbXQ0syljNMz2WT1y7
# kHoyC7moc5a7VTnKY41DGtZwsl0nqwSNsln+BCSwIAj2DjLkUMEZOUV9Lz9BMsEz
# RyKKbdVX7iEPQYzKbztdx02sM4E3jEczh1tHOcHxPxF1wsgc1BTP2xNUzUi7ijac
# MUJ9HMT++X9i
# =u4p1
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Sep 2022 02:26:25 EDT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* tag 'm68k-for-7.2-pull-request' of https://github.com/vivier/qemu-m68k:
  m68k: align bootinfo strings and data to 4 bytes
  target/m68k: use M68K_FEATURE_MOVEFROMSR_PRIV feature for move_from_sr privilege check
  target/m68k: increase size of m68k CPU features from uint32_t to uint64_t

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-27 11:07:52 -04:00
Stefan Hajnoczi fe65642bba * Fix emulation of the LZRF instruction
* Fix "noexec" TCG test on s390x
 * Implement SHA-512 and random number generator instructions
 * Support for zPCI interpretation on s390x hosts
 * Removal of the "slirp" submodule
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmMx26URHHRodXRoQHJl
 ZGhhdC5jb20ACgkQLtnXdP5wLbUaOw/7Bu1ghYJyzjR8raXSzOP8KmyltKb0s0zd
 rFpagZCeBiNGHAL2IaKHc3vw+oFy/TTWhrFLt+imDo2swDIIAWCb/bY2/snKX4c8
 feF0io7JTdNCWvS/9ng6qL/fGSNM6V2osYyN5fEm46DM7gC3GlAu5vP2TCVoIifw
 AXDANd6XngoCAFBdixGNi0yxAmiLCou/1S+lJ7hCbx1oICPPTrzuGBwyQ+IELJOD
 DUGFb+Dl4z+tv8OYRhdvoSTCz75IhsAXeny2+coffvW70BDSyhzIAtVeo2azVGvT
 aOVRJt+g7H/mJ0vH20M/7pakdwvHs3zciw5oHUJSsEW1HzsqNgl+AEEUzXivipaN
 LYp5//klqjjAu12hFQbzmbhD/vUw2+8mRgbJdKOz7rSrZ/K8f+jqIbbU5r8t1oyy
 BqLo2i0EVBfAomzbHMD/kmrumiSNIlfSDwScAoIKAO6P3oy/Sg2twMhPlFRWAnI0
 46dQS1rLuU0nV4tMCAQoXxRxjQXytCOhaF9G+qe9ogLufHG+Uy+j3IeunyAUl9GR
 EcnRB0GFjWfZKeUsR9qev2pvgOZXeg4u+wpjGM7pmfpZw89nBqCj0UVAthXlSKoz
 ru3HcuBJTBtxwYkSCsPMEDCk/FhJN0D+N205qg+6SY28R57WjTPFLvZPRmhkH03E
 jN8rurLISAM=
 =FeSy
 -----END PGP SIGNATURE-----

Merge tag 'pull-request-2022-09-26' of https://gitlab.com/thuth/qemu into staging

* Fix emulation of the LZRF instruction
* Fix "noexec" TCG test on s390x
* Implement SHA-512 and random number generator instructions
* Support for zPCI interpretation on s390x hosts
* Removal of the "slirp" submodule

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmMx26URHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbUaOw/7Bu1ghYJyzjR8raXSzOP8KmyltKb0s0zd
# rFpagZCeBiNGHAL2IaKHc3vw+oFy/TTWhrFLt+imDo2swDIIAWCb/bY2/snKX4c8
# feF0io7JTdNCWvS/9ng6qL/fGSNM6V2osYyN5fEm46DM7gC3GlAu5vP2TCVoIifw
# AXDANd6XngoCAFBdixGNi0yxAmiLCou/1S+lJ7hCbx1oICPPTrzuGBwyQ+IELJOD
# DUGFb+Dl4z+tv8OYRhdvoSTCz75IhsAXeny2+coffvW70BDSyhzIAtVeo2azVGvT
# aOVRJt+g7H/mJ0vH20M/7pakdwvHs3zciw5oHUJSsEW1HzsqNgl+AEEUzXivipaN
# LYp5//klqjjAu12hFQbzmbhD/vUw2+8mRgbJdKOz7rSrZ/K8f+jqIbbU5r8t1oyy
# BqLo2i0EVBfAomzbHMD/kmrumiSNIlfSDwScAoIKAO6P3oy/Sg2twMhPlFRWAnI0
# 46dQS1rLuU0nV4tMCAQoXxRxjQXytCOhaF9G+qe9ogLufHG+Uy+j3IeunyAUl9GR
# EcnRB0GFjWfZKeUsR9qev2pvgOZXeg4u+wpjGM7pmfpZw89nBqCj0UVAthXlSKoz
# ru3HcuBJTBtxwYkSCsPMEDCk/FhJN0D+N205qg+6SY28R57WjTPFLvZPRmhkH03E
# jN8rurLISAM=
# =FeSy
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 26 Sep 2022 13:04:37 EDT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2022-09-26' of https://gitlab.com/thuth/qemu:
  Remove the slirp submodule (i.e. compile only with an external libslirp)
  s390x/s390-virtio-ccw: add zpcii-disable machine property
  s390x/pci: reflect proper maxstbl for groups of interpreted devices
  s390x/pci: let intercept devices have separate PCI groups
  s390x/pci: enable adapter event notification for interpreted devices
  s390x/pci: don't fence interpreted devices without MSI-X
  s390x/pci: enable for load/store interpretation
  s390x/pci: add routine to get host function handle from CLP info
  Update linux headers to v6.0-rc4
  configure: Add -Wno-gnu-variable-sized-type-not-at-end
  target/s390x: support PRNO_TRNG instruction
  target/s390x: support SHA-512 extensions
  linux-user/host/s390: Add vector instructions to host_signal_write()
  s390x/tcg: Fix opcode for lzrf

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-27 11:06:52 -04:00
Ruili Ji fb36fb9344 hw/xen: set pci Atomic Ops requests for passthrough device
Make guest os access pci device control 2 reg for passthrough device
as struct XenPTRegInfo described in the file hw/xen/xen_pt.h.
/* reg read only field mask (ON:RO/ROS, OFF:other) */
uint32_t ro_mask;
/* reg emulate field mask (ON:emu, OFF:passthrough) */
uint32_t emu_mask;

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1196
Signed-off-by: Aaron Liu <Aaron.Liu@amd.com>
Signed-off-by: Ruili Ji <ruili.ji@amd.com>
Message-ID: <BL1PR12MB599341DC55BA53FE588DE14E9B7E9@BL1PR12MB5993.namprd12.prod.outlook.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2022-09-27 14:23:23 +01:00
Stefan Hajnoczi c48c9c6b33 usb: make usbnet work with xhci.
audio: add sndio backend.
 misc bugfixes for console, xhci, audio, ati-vga and virtio-gpu.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmMyse8ACgkQTLbY7tPo
 cTiLrRAAltoyd++jsmhg2wXuJsfekfec3kOro7T+eSznDWfBRvm7VxJ+gswYBYga
 HbEkHjII0yPbOP9WDMhhHx33g2nYdbhDLPKXHdK8MjHTTPxtYP7XmsWkEVpuuzTx
 WqeYvGSmUri6QOUz7fd07IhiBT1aQvUQ/vWQ6OhyRVPy41bR8kIbGx3iV0JDxWvz
 n3xUZALGLz3QAM0lXRzXPYT9JB/RqdbpMM35HNTpN9/xaZmgFWsyuQXSSm61pTtb
 PS+lILDPjgZeYsfsZRyhZaSZrp2f6WOGm1ZdtSM0rvmRKezOzYnG8fm4fqZQLYSj
 nrAqUs38sKaM71a3QbpXhDjbv4cpj0K3iSNLmlUq4pgvPiMgwPlgSwwCGlkNDaRo
 IA1KON1pMH2A5vvtXEUt5RTkbXxHAAKPdpl5sS6kgbs7dgoKDqzaIPFQELam259Z
 9nbMBqz/d6gm2CFT5ogrY0q511IC5hWtsmbQZkOZeBd5SvhvyJ59DIabFDcw05fG
 ixZVapewXYtzFUde2lb8X5qyneUVeGY5D2OJ2uUykHgR2Qz4d3CjXlhnRkLIkMcd
 Uu6N1LTkjyuuB86BoTSZxk0iz94OvmyDiXpqwmRaCGcdnTOTj0dKrbRrtHdC2vCo
 cBpUAIdyJvDJSm0X8ZWvvv1sMJCAJ7lofFf/P/jUKlacC2ipgXQ=
 =QBLK
 -----END PGP SIGNATURE-----

Merge tag 'kraxel-20220927-pull-request' of https://gitlab.com/kraxel/qemu into staging

usb: make usbnet work with xhci.
audio: add sndio backend.
misc bugfixes for console, xhci, audio, ati-vga and virtio-gpu.

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmMyse8ACgkQTLbY7tPo
# cTiLrRAAltoyd++jsmhg2wXuJsfekfec3kOro7T+eSznDWfBRvm7VxJ+gswYBYga
# HbEkHjII0yPbOP9WDMhhHx33g2nYdbhDLPKXHdK8MjHTTPxtYP7XmsWkEVpuuzTx
# WqeYvGSmUri6QOUz7fd07IhiBT1aQvUQ/vWQ6OhyRVPy41bR8kIbGx3iV0JDxWvz
# n3xUZALGLz3QAM0lXRzXPYT9JB/RqdbpMM35HNTpN9/xaZmgFWsyuQXSSm61pTtb
# PS+lILDPjgZeYsfsZRyhZaSZrp2f6WOGm1ZdtSM0rvmRKezOzYnG8fm4fqZQLYSj
# nrAqUs38sKaM71a3QbpXhDjbv4cpj0K3iSNLmlUq4pgvPiMgwPlgSwwCGlkNDaRo
# IA1KON1pMH2A5vvtXEUt5RTkbXxHAAKPdpl5sS6kgbs7dgoKDqzaIPFQELam259Z
# 9nbMBqz/d6gm2CFT5ogrY0q511IC5hWtsmbQZkOZeBd5SvhvyJ59DIabFDcw05fG
# ixZVapewXYtzFUde2lb8X5qyneUVeGY5D2OJ2uUykHgR2Qz4d3CjXlhnRkLIkMcd
# Uu6N1LTkjyuuB86BoTSZxk0iz94OvmyDiXpqwmRaCGcdnTOTj0dKrbRrtHdC2vCo
# cBpUAIdyJvDJSm0X8ZWvvv1sMJCAJ7lofFf/P/jUKlacC2ipgXQ=
# =QBLK
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Sep 2022 04:18:55 EDT
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* tag 'kraxel-20220927-pull-request' of https://gitlab.com/kraxel/qemu: (24 commits)
  virtio-gpu: update scanout if there is any area covered by the rect
  hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638)
  audio: remove abort() in audio_bug()
  Revert "audio: Log context for audio bug"
  audio: Add sndio backend
  usbnet: Report link-up via interrupt endpoint in CDC-ECM mode
  usbnet: Detect short packets as sent by the xHCI controller
  usbnet: Accept mandatory USB_CDC_SET_ETHERNET_PACKET_FILTER request
  usbnet: Add missing usb_wakeup() call in usbnet_receive()
  hcd-xhci: drop operation with secondary stream arrays enabled
  usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert
  usb/msd: move usb_msd_packet_complete()
  hcd-ohci: Drop ohci_service_iso_td() if ed->head & OHCI_DPTR_MASK is zero
  hw/usb/hcd-xhci: Check whether DMA accesses fail
  ui/console: fix three double frees in png_save()
  ui/vdagent: fix serial reset of guest agent
  ui/clipboard: reset the serial state on reset
  ui/vdagent: always reset the clipboard serial on caps
  ui/clipboard: fix serial priority
  ui: add some vdagent related traces
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-27 07:59:26 -04:00
Jason A. Donenfeld ffe2d2382e x86: re-enable rng seeding via SetupData
This reverts 3824e25db1 ("x86: disable rng seeding via setup_data"), but
for 7.2 rather than 7.1, now that modifying setup_data is safe to do.

Cc: Laurent Vivier <laurent@vivier.eu>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Message-Id: <20220921093134.2936487-4-Jason@zx2c4.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-27 11:30:59 +02:00
Jason A. Donenfeld 763a2828bf x86: reinitialize RNG seed on system reboot
Since this is read from fw_cfg on each boot, the kernel zeroing it out
alone is insufficient to prevent it from being used twice. And indeed on
reboot we always want a new seed, not the old one. So re-fill it in this
circumstance.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Message-Id: <20220921093134.2936487-3-Jason@zx2c4.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-27 11:30:59 +02:00
Jason A. Donenfeld eebb38a563 x86: use typedef for SetupData struct
The preferred style is SetupData as a typedef, not setup_data as a plain
struct.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Message-Id: <20220921093134.2936487-2-Jason@zx2c4.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-27 11:30:59 +02:00
Jason A. Donenfeld e935b73508 x86: return modified setup_data only if read as memory, not as file
If setup_data is being read into a specific memory location, then
generally the setup_data address parameter is read first, so that the
caller knows where to read it into. In that case, we should return
setup_data containing the absolute addresses that are hard coded and
determined a priori. This is the case when kernels are loaded by BIOS,
for example. In contrast, when setup_data is read as a file, then we
shouldn't modify setup_data, since the absolute address will be wrong by
definition. This is the case when OVMF loads the image.

This allows setup_data to be used like normal, without crashing when EFI
tries to use it.

(As a small development note, strangely, fw_cfg_add_file_callback() was
exported but fw_cfg_add_bytes_callback() wasn't, so this makes that
consistent.)

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Laurent Vivier <laurent@vivier.eu>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Message-Id: <20220921093134.2936487-1-Jason@zx2c4.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-27 11:30:59 +02:00
Eugenio Pérez ca8717f931 virtio-net: Update virtio-net curr_queue_pairs in vdpa backends
It was returned as error before. Instead of it, simply update the
corresponding field so qemu can send it in the migration data.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Si-Wei Liu <si-wei.liu@oracle.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-27 15:14:37 +08:00
Ding Hui 8dc2779180 e1000e: set RX desc status with DD flag in a separate operation
Like commit 034d00d485 ("e1000: set RX descriptor status in
a separate operation"), there is also same issue in e1000e, which
would cause lost packets or stop sending packets to VM with DPDK.

Do similar fix in e1000e.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/402
Signed-off-by: Ding Hui <dinghui@sangfor.com.cn>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-27 15:12:08 +08:00
Dongwon Kim 49a99ecb22 virtio-gpu: update scanout if there is any area covered by the rect
The scanout is currently updated only if the whole rect is inside the
scanout space. This is not a correct condition because the scanout should
be updated even a small area in the scanout space is covered by the rect.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220909014052.7297-1-dongwon.kim@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-27 07:32:31 +02:00
Philippe Mathieu-Daudé 205ccfd7a5 hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638)
When building QEMU with DEBUG_ATI defined then running with
'-device ati-vga,romfile="" -d unimp,guest_errors -trace ati\*'
we get:

  ati_mm_write 4 0x16c0 DP_CNTL <- 0x1
  ati_mm_write 4 0x146c DP_GUI_MASTER_CNTL <- 0x2
  ati_mm_write 4 0x16c8 DP_MIX <- 0xff0000
  ati_mm_write 4 0x16c4 DP_DATATYPE <- 0x2
  ati_mm_write 4 0x224 CRTC_OFFSET <- 0x0
  ati_mm_write 4 0x142c DST_PITCH_OFFSET <- 0xfe00000
  ati_mm_write 4 0x1420 DST_Y <- 0x3fff
  ati_mm_write 4 0x1410 DST_HEIGHT <- 0x3fff
  ati_mm_write 4 0x1588 DST_WIDTH_X <- 0x3fff3fff
  ati_2d_blt: vram:0x7fff5fa00000 addr:0 ds:0x7fff61273800 stride:2560 bpp:32 rop:0xff
  ati_2d_blt: 0 0 0, 0 127 0, (0,0) -> (16383,16383) 16383x16383 > ^
  ati_2d_blt: pixman_fill(dst:0x7fff5fa00000, stride:254, bpp:8, x:16383, y:16383, w:16383, h:16383, xor:0xff000000)
  Thread 3 "qemu-system-i38" received signal SIGSEGV, Segmentation fault.
  (gdb) bt
  #0  0x00007ffff7f62ce0 in sse2_fill.lto_priv () at /lib64/libpixman-1.so.0
  #1  0x00007ffff7f09278 in pixman_fill () at /lib64/libpixman-1.so.0
  #2  0x0000555557b5a9af in ati_2d_blt (s=0x631000028800) at hw/display/ati_2d.c:196
  #3  0x0000555557b4b5a2 in ati_mm_write (opaque=0x631000028800, addr=5512, data=1073692671, size=4) at hw/display/ati.c:843
  #4  0x0000555558b90ec4 in memory_region_write_accessor (mr=0x631000039cc0, addr=5512, ..., size=4, ...) at softmmu/memory.c:492

Commit 584acf34cb ("ati-vga: Fix reverse bit blts") introduced
the local dst_x and dst_y which adjust the (x, y) coordinates
depending on the direction in the SRCCOPY ROP3 operation, but
forgot to address the same issue for the PATCOPY, BLACKNESS and
WHITENESS operations, which also call pixman_fill().

Fix that now by using the adjusted coordinates in the pixman_fill
call, and update the related debug printf().

Reported-by: Qiang Liu <qiangliu@zju.edu.cn>
Fixes: 584acf34cb ("ati-vga: Fix reverse bit blts")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Mauro Matteo Cascella <mcascell@redhat.com>
Message-Id: <20210906153103.1661195-1-philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-27 07:32:31 +02:00
Michael Brown f3def4dd42 usbnet: Report link-up via interrupt endpoint in CDC-ECM mode
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-5-mcb30@ipxe.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-27 07:32:31 +02:00
Michael Brown 2423ee2338 usbnet: Detect short packets as sent by the xHCI controller
The xHCI controller will ignore the endpoint MTU and so may deliver
packets of any length.  Detect short packets as being any packet that
has a length of zero or a length that is not a multiple of the MTU.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-4-mcb30@ipxe.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-27 07:32:31 +02:00
Michael Brown 954cbf7bb5 usbnet: Accept mandatory USB_CDC_SET_ETHERNET_PACKET_FILTER request
The USB_CDC_SET_ETHERNET_PACKET_FILTER request is mandatory for
CDC-ECM devices.  Accept this request, ignoring the actual filter
value (to match the existing behaviour for RNDIS).

Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-3-mcb30@ipxe.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-27 07:32:30 +02:00
Michael Brown a89003780d usbnet: Add missing usb_wakeup() call in usbnet_receive()
usbnet_receive() does not currently wake up the USB endpoint, leading
to a dead RX datapath when used with a host controller such as xHCI
that relies on being woken up.

Fix by adding a call to usb_wakeup() at the end of usbnet_receive().

Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-2-mcb30@ipxe.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-27 07:32:30 +02:00
Qiang Liu 145cdaba0f hcd-xhci: drop operation with secondary stream arrays enabled
The abort() in xhci_find_stream() can be triggered via enabling the secondary
stream arrays by setting linear stream array (LSA) bit (in endpoint context) to
0. We may show warnings and drop this operation.

Fixes: 024426acc0 ("usb-xhci: usb3 streams")
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1192
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220904125926.2141607-1-cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-27 07:32:30 +02:00
Gerd Hoffmann 12b69878fc usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert
Add handler for fatal errors.  Moves device into error state where it
stops responding until the guest resets it.

Guest can send illegal requests where scsi command and usb packet
transfer directions are inconsistent.  Use the new usb_msd_fatal_error()
function instead of assert() in that case.

Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220830063827.813053-3-kraxel@redhat.com>
2022-09-27 07:32:30 +02:00
Gerd Hoffmann cea5aa8569 usb/msd: move usb_msd_packet_complete()
Change ordering to avoid adding forward declarations in
following patches.  Fix comment code style while being
at it.  No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20220830063827.813053-2-kraxel@redhat.com>
2022-09-27 07:32:30 +02:00
Jason A. Donenfeld 2cfa963126 m68k: align bootinfo strings and data to 4 bytes
Various tools, such as kexec-tools and m68k-bootinfo, expect each
bootinfo entry to be aligned to 4 bytes, not 2 bytes. So adjust the
padding to fill this out as such.

Also, break apart the padding additions from the other field length
additions, so that it's more clear why these magic numbers are being
added, and comment them too.

Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220926113900.1256630-2-Jason@zx2c4.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-09-26 23:37:22 +02:00
Alistair Francis a06fded82e hw/riscv: opentitan: Expose the resetvec as a SoC property
On the OpenTitan hardware the resetvec is fixed at the start of ROM. In
QEMU we don't run the ROM code and instead just jump to the next stage.
This means we need to be a little more flexible about what the resetvec
is.

This patch allows us to set the resetvec from the command line with
something like this:
    -global driver=riscv.lowrisc.ibex.soc,property=resetvec,value=0x20000400

This way as the next stage changes we can update the resetvec.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220914101108.82571-4-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Alistair Francis d057aaece7 hw/riscv: opentitan: Fixup resetvec
The resetvec for the OpenTitan machine ended up being set to an out of
date value, so let's fix that and bump it to the correct start address
(after the boot ROM)

Fixes: bf8803c64d "hw/riscv: opentitan: bump opentitan version"
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220914101108.82571-3-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Wilfred Mallawa 7a426f83c3 hw/ssi: ibex_spi: update reg addr
Updates the `EVENT_ENABLE` register to offset `0x34` as per
OpenTitan spec [1].

[1] https://docs.opentitan.org/hw/ip/spi_host/doc/#Reg_event_enable

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220823061201.132342-5-wilfred.mallawa@opensource.wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Wilfred Mallawa a44558636a hw/ssi: ibex_spi: fixup typos in ibex_spi_host
This patch fixes up minor typos in ibex_spi_host

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-Id: <20220823061201.132342-2-wilfred.mallawa@opensource.wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Stefan Hajnoczi 99d6b11b5b target-arm queue:
* hw/net/can: fix Xilinx ZynqMP CAN RX FIFO logic
  * Fix alignment for Neon VLD4.32
  * Refactoring of page-table-walk code
  * hw/acpi: Add ospm_status hook implementation for acpi-ged
  * hw/net/lan9118: Signal TSFL_INT flag when TX FIFO reaches specified level
  * chardev/baum: avoid variable-length arrays
  * io/channel-websock: avoid variable-length arrays
  * hw/net/e1000e_core: Use definition to avoid dynamic stack allocation
  * hw/ppc/pnv: Avoid dynamic stack allocation
  * hw/intc/xics: Avoid dynamic stack allocation
  * hw/i386/multiboot: Avoid dynamic stack allocation
  * hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocation
  * ui/curses: Avoid dynamic stack allocation
  * tests/unit/test-vmstate: Avoid dynamic stack allocation
  * configure: fix various shellcheck-spotted issues and nits
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmMsjocZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3s0vEACuUs7nGGX5vd96EPN+sO5s
 HstP16G6/Xnlw2z0BaXi0MMWapQRhSQJ+MIeDJmqIyZKQ3geJGP7pbFTxI3zreYM
 UTKjdI/wWRYMKPYfxlIBZ8TPugj4a4paFJlyqmpHXtkwiWRv6rF70HQ9Yku5id93
 FN9js/dyF74S2AaDppBuTWp31cM1k6kBTg/v5tXSxE8kDUKkO+HZ1VujOqIG/4nJ
 6urNJ7jlHSiFdXya2QiR+CAkyXyy551rLETeO8VJg9tOO7Ys7Olj7lqv6kHJY/X1
 01RbN5A5WXhqCvTLM3UYTvFHmbZtS/C5iUhHRtlZkOoeSv2jS6IRDB8BrBtIbOwF
 XKpaYf1jyFLFwX++hpvySD9Vbcu8KgKId8iKTuDcxjQlEjL3fTbt1ulKo4y+rJ8O
 6G1k4yZc8/nAvttNoKCn7/Jr1dC+HsANa+1s1L+6w+f1gARV0VXs4gqsveNnbe1+
 WzzaHvHt+hCaiWkSZlyisyw3fbEXMrEyKewi+SZu3c8PvJ6DHa+rYjkhem7muBVF
 iR48FRTjFiS+o402KMwXfMdiGjXyZFi09yn5diowlVjkNAaZVZfgu/wUMD5QBhbh
 fNDSw7LpXGUHML/O98MiXznkgGvTEQNxZdp2qIQrTiinUgmV4ZRLR23ZpEibdJPX
 kiOkr46SbWvksCXnRlTf8w==
 =hec8
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20220922' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * hw/net/can: fix Xilinx ZynqMP CAN RX FIFO logic
 * Fix alignment for Neon VLD4.32
 * Refactoring of page-table-walk code
 * hw/acpi: Add ospm_status hook implementation for acpi-ged
 * hw/net/lan9118: Signal TSFL_INT flag when TX FIFO reaches specified level
 * chardev/baum: avoid variable-length arrays
 * io/channel-websock: avoid variable-length arrays
 * hw/net/e1000e_core: Use definition to avoid dynamic stack allocation
 * hw/ppc/pnv: Avoid dynamic stack allocation
 * hw/intc/xics: Avoid dynamic stack allocation
 * hw/i386/multiboot: Avoid dynamic stack allocation
 * hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocation
 * ui/curses: Avoid dynamic stack allocation
 * tests/unit/test-vmstate: Avoid dynamic stack allocation
 * configure: fix various shellcheck-spotted issues and nits

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmMsjocZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3s0vEACuUs7nGGX5vd96EPN+sO5s
# HstP16G6/Xnlw2z0BaXi0MMWapQRhSQJ+MIeDJmqIyZKQ3geJGP7pbFTxI3zreYM
# UTKjdI/wWRYMKPYfxlIBZ8TPugj4a4paFJlyqmpHXtkwiWRv6rF70HQ9Yku5id93
# FN9js/dyF74S2AaDppBuTWp31cM1k6kBTg/v5tXSxE8kDUKkO+HZ1VujOqIG/4nJ
# 6urNJ7jlHSiFdXya2QiR+CAkyXyy551rLETeO8VJg9tOO7Ys7Olj7lqv6kHJY/X1
# 01RbN5A5WXhqCvTLM3UYTvFHmbZtS/C5iUhHRtlZkOoeSv2jS6IRDB8BrBtIbOwF
# XKpaYf1jyFLFwX++hpvySD9Vbcu8KgKId8iKTuDcxjQlEjL3fTbt1ulKo4y+rJ8O
# 6G1k4yZc8/nAvttNoKCn7/Jr1dC+HsANa+1s1L+6w+f1gARV0VXs4gqsveNnbe1+
# WzzaHvHt+hCaiWkSZlyisyw3fbEXMrEyKewi+SZu3c8PvJ6DHa+rYjkhem7muBVF
# iR48FRTjFiS+o402KMwXfMdiGjXyZFi09yn5diowlVjkNAaZVZfgu/wUMD5QBhbh
# fNDSw7LpXGUHML/O98MiXznkgGvTEQNxZdp2qIQrTiinUgmV4ZRLR23ZpEibdJPX
# kiOkr46SbWvksCXnRlTf8w==
# =hec8
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 22 Sep 2022 12:34:15 EDT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20220922' of https://git.linaro.org/people/pmaydell/qemu-arm: (39 commits)
  configure: Avoid use of 'local' as it is non-POSIX
  configure: Check mkdir result directly, not via $?
  configure: Remove use of backtick `...` syntax
  configure: Add './' on front of glob of */config-devices.mak.d
  configure: Add missing quoting for some easy cases
  configure: Remove unused meson_args variable
  configure: Remove unused python_version variable
  tests/unit/test-vmstate: Avoid dynamic stack allocation
  ui/curses: Avoid dynamic stack allocation
  hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocation
  hw/i386/multiboot: Avoid dynamic stack allocation
  hw/intc/xics: Avoid dynamic stack allocation
  hw/ppc/pnv: Avoid dynamic stack allocation
  hw/net/e1000e_core: Use definition to avoid dynamic stack allocation
  io/channel-websock: Replace strlen(const_str) by sizeof(const_str) - 1
  chardev/baum: Avoid dynamic stack allocation
  chardev/baum: Use definitions to avoid dynamic stack allocation
  chardev/baum: Replace magic values by X_MAX / Y_MAX definitions
  hw/net/lan9118: Signal TSFL_INT flag when TX FIFO reaches specified level
  hw/acpi: Add ospm_status hook implementation for acpi-ged
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-26 13:38:26 -04:00
Matthew Rosato 59d1ce4439 s390x/s390-virtio-ccw: add zpcii-disable machine property
The zpcii-disable machine property can be used to force-disable the use
of zPCI interpretation facilities for a VM.  By default, this setting
will be off for machine 7.2 and newer.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Message-Id: <20220902172737.170349-9-mjrosato@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
[thuth: Fix contextual conflict in ccw_machine_7_1_instance_options()]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato 9ee8f7e46a s390x/pci: reflect proper maxstbl for groups of interpreted devices
The maximum supported store block length might be different depending
on whether the instruction is interpretively executed (firmware-reported
maximum) or handled via userspace intercept (host kernel API maximum).
Choose the best available value during group creation.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <20220902172737.170349-8-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato 30dcf4f7fd s390x/pci: let intercept devices have separate PCI groups
Let's use the reserved pool of simulated PCI groups to allow intercept
devices to have separate groups from interpreted devices as some group
values may be different. If we run out of simulated PCI groups, subsequent
intercept devices just get the default group.
Furthermore, if we encounter any PCI groups from hostdevs that are marked
as simulated, let's just assign them to the default group to avoid
conflicts between host simulated groups and our own simulated groups.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <20220902172737.170349-7-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato d0bc7091c2 s390x/pci: enable adapter event notification for interpreted devices
Use the associated kvm ioctl operation to enable adapter event notification
and forwarding for devices when requested.  This feature will be set up
with or without firmware assist based upon the 'forwarding_assist' setting.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Message-Id: <20220902172737.170349-6-mjrosato@linux.ibm.com>
[thuth: Rename "forwarding_assist" property to "forwarding-assist"]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato 15d0e7942d s390x/pci: don't fence interpreted devices without MSI-X
Lack of MSI-X support is not an issue for interpreted passthrough
devices, so let's let these in.  This will allow, for example, ISM
devices to be passed through -- but only when interpretation is
available and being used.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <20220902172737.170349-5-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato dd1d5fd968 s390x/pci: enable for load/store interpretation
If the ZPCI_OP ioctl reports that is is available and usable, then the
underlying KVM host will enable load/store intepretation for any guest
device without a SHM bit in the guest function handle.  For a device that
will be using interpretation support, ensure the guest function handle
matches the host function handle; this value is re-checked every time the
guest issues a SET PCI FN to enable the guest device as it is the only
opportunity to reflect function handle changes.

By default, unless interpret=off is specified, interpretation support will
always be assumed and exploited if the necessary ioctl and features are
available on the host kernel.  When these are unavailable, we will silently
revert to the interception model; this allows existing guest configurations
to work unmodified on hosts with and without zPCI interpretation support,
allowing QEMU to choose the best support model available.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220902172737.170349-4-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato 21fa15298d s390x/pci: add routine to get host function handle from CLP info
In order to interface with the underlying host zPCI device, we need
to know its function handle. Add a routine to grab this from the
vfio CLP capabilities chain.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <20220902172737.170349-3-mjrosato@linux.ibm.com>
[thuth: Replace free(info) with g_free(info)]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Jason A. Donenfeld 9f17bfdab4 target/s390x: support SHA-512 extensions
In order to fully support MSA_EXT_5, we have to support the SHA-512
special instructions. So implement those.

The implementation began as something TweetNacl-like, and then was
adjusted to be useful here. It's not very beautiful, but it is quite
short and compact, which is what we're going for.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[ restructure, add missing exception, add comments, fixup CPU model ]
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20220922153820.221811-1-david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-23 15:18:52 +02:00
Qiang Liu d8c2e6f2f6 hcd-ohci: Drop ohci_service_iso_td() if ed->head & OHCI_DPTR_MASK is zero
An abort happens in ohci_frame_boundary() when ohci->done is 0 [1].

``` c
static void ohci_frame_boundary(void *opaque)
{
    // ...
    if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
        if (!ohci->done)
            abort(); <----------------------------------------- [1]
```

This was reported in https://bugs.launchpad.net/qemu/+bug/1911216/,
https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html, and
https://gitlab.com/qemu-project/qemu/-/issues/545. I can still reproduce it with
the latest QEMU.

This happends due to crafted ED with putting ISO_TD at physical address 0.

Suppose ed->head & OHCI_DPTR_MASK is 0 [2], and we memset 0 to the phyiscal
memory from 0 to sizeof(ohci_iso_td). Then, starting_frame [3] and frame_count
[4] are both 0. As we can control the value of ohci->frame_number (0 to 0x1f,
suppose 1), we then control the value of relative_frame_number to be 1 [6]. The
control flow goes to [7] where ohci->done is 0. Have returned from
ohci_service_iso_td(), ohci_frame_boundary() will abort() [1].

``` c
static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed)
{
    // ...
    addr = ed->head & OHCI_DPTR_MASK; // <--------------------- [2]

    if (ohci_read_iso_td(ohci, addr, &iso_td)) {   // <-------- [3]
        // ...

    starting_frame = OHCI_BM(iso_td.flags, TD_SF); // <-------- [4]
    frame_count = OHCI_BM(iso_td.flags, TD_FC);    // <-------- [5]
    relative_frame_number = USUB(ohci->frame_number, starting_frame);
                                                   // <-------- [6]
    if (relative_frame_number < 0) {
        return 1;
    } else if (relative_frame_number > frame_count) {
        // ...
        ohci->done = addr;                         // <-------- [7]
        // ...
    }
```

As only (afaik) a guest root user can manipulate ED, TD and the physical memory,
this assertion failure is not a security bug.

The idea to fix this issue is to drop ohci_service_iso_td() if ed->head &
OHCI_DPTR_MASK is 0, which is similar to the drop operation for
ohci_service_ed_list() when head is 0. Probably, a similar issue is in
ohci_service_td(). I drop ohci_service_td() if ed->head & OHCI_DPTR_MASK is 0.

Fixes: 7bfe577702 ("OHCI USB isochronous transfers support (Arnon Gilboa)")
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/545
Buglink: https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html
Buglink: https://bugs.launchpad.net/qemu/+bug/1911216
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220826051557.119570-1-cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-23 14:38:27 +02:00
Thomas Huth 0b33bb394d hw/usb/hcd-xhci: Check whether DMA accesses fail
If a guest sets up bad descriptors, it could force QEMU to access
non-existing memory regions. Thus we should check the return value
of dma_memory_read/write() to make sure that these errors don't go
unnoticed.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220817160016.49752-1-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-23 14:38:27 +02:00
Stefan Hajnoczi 6160d8ff81 Xilinx queue
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEErET+3BT38evtv0FRKcWWeA9ryoMFAmMraeQACgkQKcWWeA9r
 yoOUUwgAz/GPBURkdzYcFbOa4VEBrCaJxCu2WvyBdj6kjEgw/ZmdXbDHfeKTr2Rl
 8mo7UWugfj1KTMqo5Tmte6+3EeNcuB9qA/flKj7wfKwLX1S0V6EFNGJn8sdNe+1r
 c6fYm0bUBk9FKauUT4t3U1Zl9SGJ2Pwa8JvztVgBvvZG6G+J0bkVmw2mMXb3jaaV
 skzmBuvDT0G8JkxWnpEXwznrPSHSjivqawVlBfjC5JmCjZ16bz05okju+cckfzTJ
 0VF7/27MWfVCpMtWjRSA6p+3gwLziz7xOhPe9excSVsDyAs4WdcuI+/42/MBBUIn
 rlg7pNIslI9r8eP5Jyk6LcSmBsPDMA==
 =GZsl
 -----END PGP SIGNATURE-----

Merge tag 'edgar/xilinx-next-2022-09-21.for-upstream' of https://github.com/edgarigl/qemu into staging

Xilinx queue

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEErET+3BT38evtv0FRKcWWeA9ryoMFAmMraeQACgkQKcWWeA9r
# yoOUUwgAz/GPBURkdzYcFbOa4VEBrCaJxCu2WvyBdj6kjEgw/ZmdXbDHfeKTr2Rl
# 8mo7UWugfj1KTMqo5Tmte6+3EeNcuB9qA/flKj7wfKwLX1S0V6EFNGJn8sdNe+1r
# c6fYm0bUBk9FKauUT4t3U1Zl9SGJ2Pwa8JvztVgBvvZG6G+J0bkVmw2mMXb3jaaV
# skzmBuvDT0G8JkxWnpEXwznrPSHSjivqawVlBfjC5JmCjZ16bz05okju+cckfzTJ
# 0VF7/27MWfVCpMtWjRSA6p+3gwLziz7xOhPe9excSVsDyAs4WdcuI+/42/MBBUIn
# rlg7pNIslI9r8eP5Jyk6LcSmBsPDMA==
# =GZsl
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 21 Sep 2022 15:45:40 EDT
# gpg:                using RSA key AC44FEDC14F7F1EBEDBF415129C596780F6BCA83
# gpg: Good signature from "Edgar E. Iglesias (Xilinx key) <edgar.iglesias@xilinx.com>" [unknown]
# gpg:                 aka "Edgar E. Iglesias <edgar.iglesias@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: AC44 FEDC 14F7 F1EB EDBF  4151 29C5 9678 0F6B CA83

* tag 'edgar/xilinx-next-2022-09-21.for-upstream' of https://github.com/edgarigl/qemu:
  hw/microblaze: pass random seed to fdt

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-22 13:24:28 -04:00
Philippe Mathieu-Daudé 29d81e429d hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocation
The compiler isn't clever enough to figure 'width' is a constant,
so help it by using a definitions instead.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-10-peter.maydell@linaro.org
2022-09-22 16:38:28 +01:00
Philippe Mathieu-Daudé fa87341dab hw/i386/multiboot: Avoid dynamic stack allocation
Use autofree heap allocation instead of variable-length array on
the stack. Replace the snprintf() call by g_strdup_printf().

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-9-peter.maydell@linaro.org
2022-09-22 16:38:28 +01:00
Philippe Mathieu-Daudé 7650c8fe52 hw/intc/xics: Avoid dynamic stack allocation
Use autofree heap allocation instead of variable-length
array on the stack.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-8-peter.maydell@linaro.org
2022-09-22 16:38:28 +01:00
Philippe Mathieu-Daudé a580fdcd60 hw/ppc/pnv: Avoid dynamic stack allocation
Use autofree heap allocation instead of variable-length
array on the stack.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-id: 20220819153931.3147384-7-peter.maydell@linaro.org
2022-09-22 16:38:28 +01:00
Philippe Mathieu-Daudé c140a69055 hw/net/e1000e_core: Use definition to avoid dynamic stack allocation
The compiler isn't clever enough to figure 'min_buf_size'
is a constant, so help it by using a definitions instead.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-6-peter.maydell@linaro.org
2022-09-22 16:38:28 +01:00
Lucas Dietrich 895a803ce9 hw/net/lan9118: Signal TSFL_INT flag when TX FIFO reaches specified level
The LAN9118 allows the guest to specify a level for both the TX and
RX FIFOs at which an interrupt will be generated.  We implement the
RSFL_INT interrupt for the RX FIFO but are missing the handling of
the equivalent TSFL_INT for the TX FIFO.  Add the missing test to set
the interrupt if the TX FIFO has exceeded the guest-specified level.

This flag is required for Micrium lan911x ethernet driver to work.

Signed-off-by: Lucas Dietrich <ld.adecy@gmail.com>
[PMM: Tweaked commit message and comment]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-09-22 16:38:28 +01:00
Keqian Zhu d4424bebce hw/acpi: Add ospm_status hook implementation for acpi-ged
Setup an ARM virtual machine of machine virt and execute qmp "query-acpi-ospm-status"
causes segmentation fault with following dumpstack:
 #1  0x0000aaaaab64235c in qmp_query_acpi_ospm_status (errp=errp@entry=0xfffffffff030) at ../monitor/qmp-cmds.c:312
 #2  0x0000aaaaabfc4e20 in qmp_marshal_query_acpi_ospm_status (args=<optimized out>, ret=0xffffea4ffe90, errp=0xffffea4ffe88) at qapi/qapi-commands-acpi.c:63
 #3  0x0000aaaaabff8ba0 in do_qmp_dispatch_bh (opaque=0xffffea4ffe98) at ../qapi/qmp-dispatch.c:128
 #4  0x0000aaaaac02e594 in aio_bh_call (bh=0xffffe0004d80) at ../util/async.c:150
 #5  aio_bh_poll (ctx=ctx@entry=0xaaaaad0f6040) at ../util/async.c:178
 #6  0x0000aaaaac00bd40 in aio_dispatch (ctx=ctx@entry=0xaaaaad0f6040) at ../util/aio-posix.c:421
 #7  0x0000aaaaac02e010 in aio_ctx_dispatch (source=0xaaaaad0f6040, callback=<optimized out>, user_data=<optimized out>) at ../util/async.c:320
 #8  0x0000fffff76f6884 in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0
 #9  0x0000aaaaac0452d4 in glib_pollfds_poll () at ../util/main-loop.c:297
 #10 os_host_main_loop_wait (timeout=0) at ../util/main-loop.c:320
 #11 main_loop_wait (nonblocking=nonblocking@entry=0) at ../util/main-loop.c:596
 #12 0x0000aaaaab5c9e50 in qemu_main_loop () at ../softmmu/runstate.c:734
 #13 0x0000aaaaab185370 in qemu_main (argc=argc@entry=47, argv=argv@entry=0xfffffffff518, envp=envp@entry=0x0) at ../softmmu/main.c:38
 #14 0x0000aaaaab16f99c in main (argc=47, argv=0xfffffffff518) at ../softmmu/main.c:47

Fixes: ebb6207502 ("hw/acpi: Add ACPI Generic Event Device Support")
Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20220816094957.31700-1-zhukeqian1@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-09-22 16:38:28 +01:00
Anton Kochkov fb96d131ee hw/net/can: fix Xilinx ZynqMP CAN RX FIFO logic
For consistency, function "update_rx_fifo()" should use the RX FIFO
register field names, not the TX FIFO ones, even if they refer to the
same bit positions in the register.

Signed-off-by: Anton Kochkov <anton.kochkov@proton.me>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: 20220817141754.2105981-1-anton.kochkov@proton.me
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1123
[PMM: tweaked commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-09-22 16:38:26 +01:00
Jason A. Donenfeld b91b6b5a2c hw/microblaze: pass random seed to fdt
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This FDT node is part of the DT specification.

Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
2022-09-21 19:59:56 +02:00
Stefan Hajnoczi 6514f1a522 ppc patch queue for 2022-09-20:
This queue contains a implementation of PowerISA 3.1B hash insns, ppc
 TCG insns cleanups and fixes, and miscellaneus fixes in the spapr and
 pnv_phb models.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYyoWlAAKCRA82cqW3gMx
 ZDYhAP0eQMeA4NS3hiw7WMcAVg0pei3ZJL9oEh1UE3+MfK7MhQEA0q8qExWnQJAA
 a0hfnFH9pLjI+v0f/FbFK6QJBpu/bg8=
 =qT+H
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20220920' of https://gitlab.com/danielhb/qemu into staging

ppc patch queue for 2022-09-20:

This queue contains a implementation of PowerISA 3.1B hash insns, ppc
TCG insns cleanups and fixes, and miscellaneus fixes in the spapr and
pnv_phb models.

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYyoWlAAKCRA82cqW3gMx
# ZDYhAP0eQMeA4NS3hiw7WMcAVg0pei3ZJL9oEh1UE3+MfK7MhQEA0q8qExWnQJAA
# a0hfnFH9pLjI+v0f/FbFK6QJBpu/bg8=
# =qT+H
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Sep 2022 15:37:56 EDT
# gpg:                using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164
# gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 17EB FF99 23D0 1800 AF28  3819 3CD9 CA96 DE03 3164

* tag 'pull-ppc-20220920' of https://gitlab.com/danielhb/qemu:
  hw/ppc/spapr: Fix code style problems reported by checkpatch
  hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure
  hw/ppc: spapr: Use qemu_vfree() to free spapr->htab
  target/ppc: Clear fpstatus flags on helpers missing it
  target/ppc: Zero second doubleword of VSR registers for FPR insns
  target/ppc: Set OV32 when OV is set
  target/ppc: Zero second doubleword for VSX madd instructions
  target/ppc: Set result to QNaN for DENBCD when VXCVI occurs
  target/ppc: Zero second doubleword in DFP instructions
  target/ppc: Remove unused xer_* macros
  target/ppc: Remove extra space from s128 field in ppc_vsr_t
  target/ppc: Merge fsqrt and fsqrts helpers
  target/ppc: Move fsqrts to decodetree
  target/ppc: Move fsqrt to decodetree
  target/ppc: Implement hashstp and hashchkp
  target/ppc: Implement hashst and hashchk
  target/ppc: Add HASHKEYR and HASHPKEYR SPRs

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-21 13:11:57 -04:00
Stefan Hajnoczi 1b3a3383df * add help option for -audio and -audiodev
* another missing memory barrier for dirty pages
 * target/i386: Raise #GP on unaligned m128 accesses
 * coverity fixes + improvements to components
 * add MMX and 3DNow! tests
 * SSE4a fixes
 * target/i386: TCG translation cleanups
 * update qboot submodule
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmMocZcUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroNV7Qf+NEoB8R0ug+ClMRe1Qqt8FXEd0eXE
 nT19q4rOWfmW4/L+wI6gpxhbxrxOuLwoZ8YvD8c6rQAdexMoHoeTvA1PAca4zZTo
 ISmW3bXsoHN2uGLPz4CKhjKBLCANtDkh3EWCwRFkLSRCLSRDhKPrG1Ue3fOgQ6GO
 riROcxbyYzvU/4uefSW+xG/Im9gftNF6occZZ59LrK7Xd8kwlb+E+EdsmzFw5f8O
 Q9irVQ8pX9ZM4BK2KiT16nZ0uSRwJqSJKbLI670nUEsj1jQCIgU3srgZHjAIvoir
 yivDs6oktgS/HkPD5CQoTX+fVDgEDM1TTF6P8r7uJopPXpzz+AHswfSJmg==
 =RVCS
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* add help option for -audio and -audiodev
* another missing memory barrier for dirty pages
* target/i386: Raise #GP on unaligned m128 accesses
* coverity fixes + improvements to components
* add MMX and 3DNow! tests
* SSE4a fixes
* target/i386: TCG translation cleanups
* update qboot submodule

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmMocZcUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNV7Qf+NEoB8R0ug+ClMRe1Qqt8FXEd0eXE
# nT19q4rOWfmW4/L+wI6gpxhbxrxOuLwoZ8YvD8c6rQAdexMoHoeTvA1PAca4zZTo
# ISmW3bXsoHN2uGLPz4CKhjKBLCANtDkh3EWCwRFkLSRCLSRDhKPrG1Ue3fOgQ6GO
# riROcxbyYzvU/4uefSW+xG/Im9gftNF6occZZ59LrK7Xd8kwlb+E+EdsmzFw5f8O
# Q9irVQ8pX9ZM4BK2KiT16nZ0uSRwJqSJKbLI670nUEsj1jQCIgU3srgZHjAIvoir
# yivDs6oktgS/HkPD5CQoTX+fVDgEDM1TTF6P8r7uJopPXpzz+AHswfSJmg==
# =RVCS
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 19 Sep 2022 09:41:43 EDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (21 commits)
  qboot: update to latest submodule
  build: remove extra parentheses causing missing rebuilds
  target/i386: introduce insn_get_addr
  target/i386: REPZ and REPNZ are mutually exclusive
  target/i386: fix INSERTQ implementation
  target/i386: correctly mask SSE4a bit indices in register operands
  audio: add help option for -audio and -audiodev
  tests/tcg: remove old SSE tests
  tests/tcg: refine MMX support in SSE tests
  tests/tcg: i386: add MMX and 3DNow! tests
  tests/tcg: i386: fix typos in 3DNow! instructions
  tests: unit: add NULL-pointer check
  tests: test-qga: close socket on failure to connect
  tests: unit: simplify test-visitor-serialization list tests
  smbios: sanitize type from external type before checking have_fields_bitmap
  coverity: put NUBus under m68k component
  coverity: add new RISC-V component
  spapr_pci: fix leak in spapr_phb_vfio_get_loc_code
  kvm: fix memory leak on failure to read stats descriptors
  target/i386: Raise #GP on unaligned m128 accesses when required.
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-20 16:22:26 -04:00
Xuzhou Cheng 90865af7d9 hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure
pnv_phb3_root_bus_info and pnv_phb4_root_bus_info are missing the
instance_size initialization. This results in accessing out-of-bound
memory when setting 'chip-id' and 'phb-id', and eventually crashes
glib's malloc functionality with the following message:

  "qemu-system-ppc64: GLib: ../glib-2.72.3/glib/gmem.c:131: failed to allocate 3232 bytes"

This issue was noticed only when running qtests with QEMU Windows
32-bit executable. Windows 64-bit, Linux 32/64-bit do not expose
this bug though.

Fixes: 9ae1329ee2 ("ppc/pnv: Add models for POWER8 PHB3 PCIe Host bridge")
Fixes: 4f9924c4d4 ("ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge")
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Xuzhou Cheng <xuzhou.cheng@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Message-Id: <20220920103159.1865256-29-bmeng.cn@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-09-20 12:31:53 -03:00
Xuzhou Cheng cb5b5ab9a5 hw/ppc: spapr: Use qemu_vfree() to free spapr->htab
spapr->htab is allocated by qemu_memalign(), hence we should use
qemu_vfree() to free it.

Fixes: c5f54f3e31 ("pseries: Move hash page table allocation to reset time")
Fixes: b4db54132f ("target/ppc: Implement H_REGISTER_PROCESS_TABLE H_CALL"")
Signed-off-by: Xuzhou Cheng <xuzhou.cheng@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220920103159.1865256-28-bmeng.cn@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-09-20 12:31:53 -03:00
Xiaojuan Yang 1895b96792
hw/loongarch: Improve acpi dsdt table
Cleanup the previous pci information in acpi dsdt table.
And using the common acpi_dsdt_add_gpex function to build
the gpex and pci information.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20220908094623.73051-10-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20 15:44:25 +08:00
Xiaojuan Yang c3da26f314
hw/loongarch: Support memory hotplug
Add hotplug/unplug interface for memory device.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20220908094623.73051-9-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20 15:44:25 +08:00
Xiaojuan Yang 1cd5db2e88
hw/loongarch: Fix acpi ged irq number in dsdt table
In dsdt, acpi ged irq should use gsi number, and the
VIRT_SCI_IRQ means it.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20220908094623.73051-8-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20 15:44:25 +08:00
Xiaojuan Yang f8ab9aa288
hw/loongarch: Add RAMFB to dynamic_sysbus_devices list
Add RAMFB device to dynamic_sysbus_devices list so that it can be
hotpluged to the machine.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20220908094623.73051-7-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20 15:44:25 +08:00
Xiaojuan Yang e27e535768
hw/loongarch: Add hotplug handler for machine
Add hotplug handler for LoongArch virt machine and now only support
the dynamic sysbus device.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20220908094623.73051-6-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20 15:44:24 +08:00
Xiaojuan Yang a1f7d78e56
hw/loongarch: Add platform bus support
Add platform bus support and add the bus information such as address,
size, irq number to FDT table.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20220908094623.73051-5-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20 15:44:24 +08:00
Xiaojuan Yang ee413a52c1
hw/loongarch: Add interrupt information to FDT table
Add interrupt information to FDT table, such as interrupt
controller info, compatiable info, etc.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20220908094623.73051-4-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20 15:44:05 +08:00
Xiaojuan Yang feae45dc42
hw/loongarch: Support fw_cfg dma function
Support fw_cfg dma function for LoongArch virt machine.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20220908094623.73051-3-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-19 20:01:40 +08:00
Xiaojuan Yang 3ff17902c4
hw/loongarch: Remove vga device when loongarch init
Remove the vga device when loongarch machine init and
we will support other display device in the future.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20220908094623.73051-2-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-19 20:01:36 +08:00
Paolo Bonzini 57e3069641 smbios: sanitize type from external type before checking have_fields_bitmap
test_bit uses header->type as an offset; if the file incorrectly specifies a
type greater than 127, smbios_entry_add will read and write garbage.

To fix this, just pass the smbios data through, assuming the user knows what
to do.  Reported by Coverity as CID 1487255.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-18 09:17:40 +02:00
Paolo Bonzini c4ef328bdc spapr_pci: fix leak in spapr_phb_vfio_get_loc_code
Overwriting "path" in the second call to g_strdup_printf() causes a memory leak,
even if the variable itself is g_autofree.

Reported by Coverity as CID 1460454.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-18 09:17:40 +02:00
Stefan Hajnoczi 50eac424c7 Add cortex-a35.
Fix bcm2835 framebuffer for rpi firmware.
 Add FEAT_ETS.
 Add FEAT_PMUv3p5.
 Cleanups to armv7m_load_kernel.
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmMhwAsdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/7Xgf9Ezg+etwsEzY0EWtH
 yoQ7ymJHM1VKqtLkbk9U+Ju18YHEi3fwbYbfLgzkAMFHKDUteKJivKm2w41tsw5g
 lE+5PojQT3k8PffaqeFzKG/JsDPoqKtTa23WjkafbIQAbjRT8JtmF/JmSLaaxyqW
 DozPXJ9jXMS+Q2BxHnoCBuy/Kb3zsqekCr8DOgUIXY5gcAB6q1I8SMX2BrhsIyvV
 vZxNm+hFDCOJtXvkAekMrwGkiIBYoBNpswnv40ldeSvRtD8tnty73JUt+AnWoCwi
 zH4k+CvWICIuZT7oxVecRhlOojtaP5cUTXs0+zhk6GxEx/X6wmXd42heO9ZJL0y1
 6FH0xw==
 =ohPU
 -----END PGP SIGNATURE-----

Merge tag 'pull-arm-20220914' of https://gitlab.com/rth7680/qemu into staging

Add cortex-a35.
Fix bcm2835 framebuffer for rpi firmware.
Add FEAT_ETS.
Add FEAT_PMUv3p5.
Cleanups to armv7m_load_kernel.

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmMhwAsdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/7Xgf9Ezg+etwsEzY0EWtH
# yoQ7ymJHM1VKqtLkbk9U+Ju18YHEi3fwbYbfLgzkAMFHKDUteKJivKm2w41tsw5g
# lE+5PojQT3k8PffaqeFzKG/JsDPoqKtTa23WjkafbIQAbjRT8JtmF/JmSLaaxyqW
# DozPXJ9jXMS+Q2BxHnoCBuy/Kb3zsqekCr8DOgUIXY5gcAB6q1I8SMX2BrhsIyvV
# vZxNm+hFDCOJtXvkAekMrwGkiIBYoBNpswnv40ldeSvRtD8tnty73JUt+AnWoCwi
# zH4k+CvWICIuZT7oxVecRhlOojtaP5cUTXs0+zhk6GxEx/X6wmXd42heO9ZJL0y1
# 6FH0xw==
# =ohPU
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 14 Sep 2022 07:50:35 EDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-arm-20220914' of https://gitlab.com/rth7680/qemu:
  target/arm: Make boards pass base address to armv7m_load_kernel()
  target/arm: Remove useless TARGET_BIG_ENDIAN check in armv7m_load_kernel()
  target/arm: Report FEAT_PMUv3p5 for TCG '-cpu max'
  target/arm: Support 64-bit event counters for FEAT_PMUv3p5
  target/arm: Implement FEAT_PMUv3p5 cycle counter disable bits
  target/arm: Rename pmu_8_n feature test functions
  target/arm: Detect overflow when calculating next PMU interrupt
  target/arm: Honour MDCR_EL2.HPMD in Secure EL2
  target/arm: Ignore PMCR.D when PMCR.LC is set
  target/arm: Don't mishandle count when enabling or disabling PMU counters
  target/arm: Correct value returned by pmu_counter_mask()
  target/arm: Don't corrupt high half of PMOVSR when cycle counter overflows
  target/arm: Add missing space in comment
  target/arm: Advertise FEAT_ETS for '-cpu max'
  target/arm: Implement ID_DFR1
  target/arm: Implement ID_MMFR5
  target/arm: Sort KVM reads of AArch32 ID registers into encoding order
  target/arm: Make cpregs 0, c0, c{3-15}, {0-7} correctly RAZ in v8
  hw/arm/bcm2835_property: Add support for RPI_FIRMWARE_FRAMEBUFFER_GET_NUM_DISPLAYS
  target/arm: Add cortex-a35

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-17 10:29:47 -04:00
Peter Maydell 761c532ab1 target/arm: Make boards pass base address to armv7m_load_kernel()
Currently armv7m_load_kernel() takes the size of the block of memory
where it should load the initial guest image, but assumes that it
should always load it at address 0.  This happens to be true of all
our M-profile boards at the moment, but it isn't guaranteed to always
be so: M-profile CPUs can be configured (via init-svtor and
init-nsvtor, which match equivalent hardware configuration signals)
to have the initial vector table at any address, not just zero.  (For
instance the Teeny board has the boot ROM at address 0x0200_0000.)

Add a base address argument to armv7m_load_kernel(), so that
callers now pass in both base address and size. All the current
callers pass 0, so this is not a behaviour change.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220823160417.3858216-3-peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-09-14 11:19:40 +01:00
Peter Maydell f92bd43480 target/arm: Remove useless TARGET_BIG_ENDIAN check in armv7m_load_kernel()
Arm system emulation targets always have TARGET_BIG_ENDIAN clear, so
there is no need to have handling in armv7m_load_kernel() for the
case when it is defined.  Remove the unnecessary code.

Side notes:
 * our M-profile implementation is always little-endian (that is, it
   makes the IMPDEF choice that the read-only AIRCR.ENDIANNESS is 0)
 * if we did want to handle big-endian ELF files here we should do it
   the way that hw/arm/boot.c:arm_load_elf() does, by looking at the
   ELF header to see what endianness the file itself is

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220823160417.3858216-2-peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-09-14 11:19:40 +01:00
Enrik Berkhan 3b9a030e84 hw/arm/bcm2835_property: Add support for RPI_FIRMWARE_FRAMEBUFFER_GET_NUM_DISPLAYS
In more recent Raspbian OS Linux kernels, the fb driver gives up
immediately if RPI_FIRMWARE_FRAMEBUFFER_GET_NUM_DISPLAYS fails or no
displays are reported.

This change simply always reports one display. It makes bcm2835_fb work
again with these more recent kernels.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Enrik Berkhan <Enrik.Berkhan@inka.de>
Message-Id: <20220812143519.59134-1-Enrik.Berkhan@inka.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-09-14 11:19:39 +01:00
Hao Wu 3b16766b5a target/arm: Add cortex-a35
Add cortex A35 core and enable it for virt board.

Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Joe Komlodi <komlodi@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220819002015.1663247-1-wuhaotsh@google.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-09-14 11:19:39 +01:00
Antonio Abbatangelo 080022833d nv2a: Cache shaders to disk 2022-09-10 12:52:51 -07:00
Ross Lagerwall f0ccce6a95 tpm_crb: Avoid backend startup just before shutdown under Xen
When running under Xen and the guest reboots, it boots into a new domain
with a new QEMU process (and a new swtpm process if using the emulator
backend). The existing reset function is triggered just before the old
QEMU process exists which causes QEMU to startup the TPM backend and
then immediately shut it down. This is probably harmless but when using
the emulated backend, it wastes CPU and IO time reloading state, etc.

Fix this by calling the reset function directly from realize() when
running under Xen. During a reboot, this will be called by the QEMU
process for the new domain.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Message-id: 20220826143841.1515326-1-ross.lagerwall@citrix.com
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2022-09-09 17:55:59 -04:00
Erik Abair f7b2acbb79 nv2a: Ensure SurfaceBinding.size can always fit surface
It is possible to specify a pitch that is smaller than the native size of a
surface (i.e., `pitch < width * bytes_per_pixel`). On hardware this is handled
gracefully, whereas in xemu it will cause buffer overruns when dealing with
swizzling/unswizzling.

Fixes #1152

[Test](https://github.com/abaire/nxdk_pgraph_tests/blob/main/src/tests/surface_pitch_tests.cpp)
[HW Results](https://github.com/abaire/nxdk_pgraph_tests_golden_results/wiki/Results-Surface_pitch)

Note that xemu's swizzling behavior still does not match HW with this change,
it just prevents the test from crashing.
2022-09-09 13:56:53 -07:00
Atish Patra abd9a20665 hw/riscv: virt: Add PMU DT node to the device tree
Qemu virt machine can support few cache events and cycle/instret counters.
It also supports counter overflow for these events.

Add a DT node so that OpenSBI/Linux kernel is aware of the virt machine
capabilities. There are some dummy nodes added for testing as well.

Acked-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-Id: <20220824221701.41932-5-atishp@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07 09:19:15 +02:00
Atish Patra 7cbcc538f4 hw/intc: Move mtimer/mtimecmp to aclint
Historically, The mtime/mtimecmp has been part of the CPU because
they are per hart entities. However, they actually belong to aclint
which is a MMIO device.

Move them to the ACLINT device. This also emulates the real hardware
more closely.

Reviewed-by: Anup Patel <anup@brainfault.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-Id: <20220824221357.41070-2-atishp@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07 09:19:10 +02:00
Anup Patel dc9acc9ce4 target/riscv: Use official extension names for AIA CSRs
The arch review of AIA spec is completed and we now have official
extension names for AIA: Smaia (M-mode AIA CSRs) and Ssaia (S-mode
AIA CSRs).

Refer, section 1.6 of the latest AIA v0.3.1 stable specification at
https://github.com/riscv/riscv-aia/releases/download/0.3.1-draft.32/riscv-interrupts-032.pdf)

Based on above, we update QEMU RISC-V to:
1) Have separate config options for Smaia and Ssaia extensions
   which replace RISCV_FEATURE_AIA in CPU features
2) Not generate AIA INTC compatible string in virt machine

Signed-off-by: Anup Patel <apatel@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20220820042958.377018-1-apatel@ventanamicro.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07 09:18:33 +02:00
Conor Dooley d1af78745c hw/core: fix platform bus node name
"platform" is not a valid name for a bus node in dt-schema, so warnings
can be see in dt-validate on a dump of the riscv virt dtb:

/stuff/qemu/qemu.dtb: platform@4000000: $nodename:0: 'platform@4000000' does not match '^([a-z][a-z0-9\\-]+-bus|bus|soc|axi|ahb|apb)(@[0-9a-f]+)?$'
        From schema: /home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml
"platform-bus" is a valid name, so use that instead.

CC: Rob Herring <robh@kernel.org>
Fixes: 11d306b9df ("hw/arm/sysbus-fdt: helpers for platform bus nodes addition")
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Message-id: 20220810184612.157317-5-mail@conchuod.ie
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07 09:18:33 +02:00
Conor Dooley ae29379998 hw/riscv: virt: fix syscon subnode paths
The reset and poweroff features of the syscon were originally added to
top level, which is a valid path for a syscon subnode. Subsequently a
reorganisation was carried out while implementing NUMA in which the
subnodes were moved into the /soc node. As /soc is a "simple-bus", this
path is invalid, and so dt-validate produces the following warnings:

/stuff/qemu/qemu.dtb: soc: poweroff: {'value': [[21845]], 'offset': [[0]], 'regmap': [[4]], 'compatible': ['syscon-poweroff']} should not be valid under {'type': 'object'}
        From schema: /home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml
/stuff/qemu/qemu.dtb: soc: reboot: {'value': [[30583]], 'offset': [[0]], 'regmap': [[4]], 'compatible': ['syscon-reboot']} should not be valid under {'type': 'object'}
        From schema: /home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml

Move the syscon subnodes back to the top level and silence the warnings.

Reported-by: Rob Herring <robh@kernel.org>
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20220810184612.157317-4-mail@conchuod.ie
Link: https://lore.kernel.org/linux-riscv/20220803170552.GA2250266-robh@kernel.org/
Fixes: 18df0b4695 ("hw/riscv: virt: Allow creating multiple NUMA sockets")
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07 09:18:33 +02:00
Conor Dooley 95e401d378 hw/riscv: virt: fix the plic's address cells
When optional AIA PLIC support was added the to the virt machine, the
address cells property was removed leading the issues with dt-validate
on a dump from the virt machine:
/stuff/qemu/qemu.dtb: plic@c000000: '#address-cells' is a required property
        From schema: /stuff/linux/Documentation/devicetree/bindings/interrupt-controller/sifive,plic-1.0.0.yaml
Add back the property to suppress the warning.

Reported-by: Rob Herring <robh@kernel.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Message-id: 20220810184612.157317-3-mail@conchuod.ie
Link: https://lore.kernel.org/linux-riscv/20220803170552.GA2250266-robh@kernel.org/
Fixes: e6faee6585 ("hw/riscv: virt: Add optional AIA APLIC support to virt machine")
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07 09:18:33 +02:00
Conor Dooley 53c38f7ab1 hw/riscv: virt: fix uart node name
"uart" is not a node name that complies with the dt-schema.
Change the node name to "serial" to ix warnings seen during
dt-validate on a dtbdump of the virt machine such as:
/stuff/qemu/qemu.dtb: uart@10000000: $nodename:0: 'uart@10000000' does not match '^serial(@.*)?$'
        From schema: /stuff/linux/Documentation/devicetree/bindings/serial/8250.yaml

Reported-by: Rob Herring <robh@kernel.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Message-id: 20220810184612.157317-2-mail@conchuod.ie
Link: https://lore.kernel.org/linux-riscv/20220803170552.GA2250266-robh@kernel.org/
Fixes: 04331d0b56 ("RISC-V VirtIO Machine")
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07 09:18:33 +02:00
Conor Dooley 25da6e3113 hw/riscv: microchip_pfsoc: fix kernel panics due to missing peripherals
Booting using "Direct Kernel Boot" for PolarFire SoC & skipping u-boot
entirely is probably not advisable, but it does at least show signs of
life. Recent Linux kernel versions make use of peripherals that are
missing definitions in QEMU and lead to kernel panics. These issues
almost certain rear their head for other methods of booting, but I was
unable to figure out a suitable HSS version that is recent enough to
support these peripherals & works with QEMU.

With these peripherals added, booting a kernel with the following hangs
hangs waiting for the system controller's hwrng, but the kernel no
longer panics. With the Linux driver for hwrng disabled, it boots to
console.

qemu-system-riscv64 -M microchip-icicle-kit \
	-m 2G -smp 5 \
	-kernel $(vmlinux_bin) \
	-dtb  $(dtb)\
	-initrd $(initramfs) \
	-display none -serial null \
	-serial stdio

More peripherals are added than strictly required to fix the panics in
the hopes of avoiding a replication of this problem in the future.
Some of the peripherals which are in the device tree for recent kernels
are implemented in the FPGA fabric. The eMMC/SD mux, which exists as
an unimplemented device is replaced by a wider entry. This updated
entry covers both the mux & the remainder of the FPGA fabric connected
to the MSS using Fabric Interrconnect (FIC) 3.

Link: https://github.com/polarfire-soc/icicle-kit-reference-design#fabric-memory-map
Link: https://ww1.microchip.com/downloads/aemDocuments/documents/FPGA/ProductDocuments/SupportingCollateral/V1_4_Register_Map.zip
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220813135127.2971754-1-mail@conchuod.ie>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07 09:18:33 +02:00
Wilfred Mallawa bf8803c64d hw/riscv: opentitan: bump opentitan version
The following patch updates opentitan to match the new configuration,
as per, lowRISC/opentitan@217a0168ba

Note: with this patch we now skip the usage of the opentitan
`boot_rom`. The Opentitan boot rom contains hw verification
for devies which we are currently not supporting in qemu. As of now,
the `boot_rom` has no major significance, however, would be good to
support in the future.

Tested by running utests from the latest tock [1]
(that supports this version of OT).

[1] https://github.com/tock/tock/pull/3056

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220812005229.358850-1-wilfred.mallawa@opensource.wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07 09:18:33 +02:00
Daniel Henrique Barboza 6934f15b22 hw/riscv: remove 'fdt' param from riscv_setup_rom_reset_vec()
The 'fdt' param is not being used in riscv_setup_rom_reset_vec().
Simplify the API by removing it. While we're at it, remove the redundant
'return' statement at the end of function.

Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Alistair Francis <alistair.francis@wdc.com>
Cc: Bin Meng <bin.meng@windriver.com>
Cc: Vijai Kumar K <vijai@behindbytes.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220728181926.2123771-1-danielhb413@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07 09:18:33 +02:00
Jason A. Donenfeld e4b4f0b71c hw/riscv: virt: pass random seed to fdt
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This is confirmed to successfully initialize the
RNG on Linux 5.19-rc2.

Cc: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220613115810.178210-1-Jason@zx2c4.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07 09:18:32 +02:00
Jason A. Donenfeld c6fe3e6b4c hw/openrisc: virt: pass random seed to fdt
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This is confirmed to successfully initialize the
RNG on Linux 5.19-rc2.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-04 07:02:57 +01:00
Stafford Horne 557e37071d hw/openrisc: Initialize timer time at startup
The last_clk time was initialized at zero, this means when we calculate
the first delta we will calculate 0 vs current time which could cause
unnecessary hops.

This patch moves timer initialization to the cpu reset.  There are two
resets registered here:

 1. Per cpu timer mask (ttmr) reset.
 2. Global cpu timer (last_clk and ttcr) reset, attached to the first
    cpu only.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-04 07:02:57 +01:00
Stafford Horne 40fef82c4e hw/openrisc: Add PCI bus support to virt
This is mostly borrowed from xtensa and riscv as examples.  The
create_pcie_irq_map swizzle function is almost and exact copy
but here we use a single cell interrupt, possibly we can make
this generic.

Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-04 07:02:57 +01:00
Stafford Horne b5fcfe927b hw/openrisc: Add the OpenRISC virtual machine
This patch adds the OpenRISC virtual machine 'virt' for OpenRISC.  This
platform allows for a convenient CI platform for toolchain, software
ports and the OpenRISC linux kernel port.

Much of this has been sourced from the m68k and riscv virt platforms.

The platform provides:
 - OpenRISC SMP with up to 4 cpus
 - A virtio bus with up to 8 devices
 - Standard ns16550a serial
 - Goldfish RTC
 - SiFive TEST device for poweroff and reboot
 - Generated Device Tree to automatically configure the guest kernel

Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-04 07:02:57 +01:00
Stafford Horne 65f5144e17 goldfish_rtc: Add big-endian property
Add a new property "big-endian" to allow configuring the RTC as either
little or big endian, the default is little endian.

Currently overriding the default to big endian is only used by the m68k
virt platform.  New platforms should prefer to use little endian and not
set this.

Cc: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-04 07:02:56 +01:00
Stafford Horne 7025114b1c hw/openrisc: Split re-usable boot time apis out to boot.c
These will be shared with the virt platform.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-04 07:02:56 +01:00
Stefan Hajnoczi 61fd710b8d * SCSI fixes for Mac OS 9
* Fix CPU reset for x86/KVM nested virtualization state
 * remove feature_not_found() from the configure script
 * Meson cleanups from muon
 * improved i386 TCG tests for BMI and SSE
 * SSE bugfixes
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmMQ+IQUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroNofQgArLRlbhua699UyDkTEGGv+gBVRRKg
 qJndTFJp5cvjJo3fNeE1XyZGY0PGLH09ilwHKnGqvn7Bc996ty6zi3sLDC+iT/SO
 cRik6EVgZH/0QseYZijviuz7NklL8so/bgn7sORP9ibRWwiojBzm91emUt4X2l5N
 WOmxLYNIPXR/G8LOSv5Dh4C4WXU3zuaLvTmg/fWPoWTF8P+9LU0gEKUzyk0jMJu4
 hb9lVLXyNbgEcdtK+VewWjsdJcdmF1tMAR94GTmbUdwxbwmATqX8w16jGUbnXPt2
 FZfmjS6CJO90uV7wBA91NnFlrJpWyDn1dKQ+ozpW0ZOAO+wfghpVq7/IRA==
 =VRK4
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* SCSI fixes for Mac OS 9
* Fix CPU reset for x86/KVM nested virtualization state
* remove feature_not_found() from the configure script
* Meson cleanups from muon
* improved i386 TCG tests for BMI and SSE
* SSE bugfixes

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmMQ+IQUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNofQgArLRlbhua699UyDkTEGGv+gBVRRKg
# qJndTFJp5cvjJo3fNeE1XyZGY0PGLH09ilwHKnGqvn7Bc996ty6zi3sLDC+iT/SO
# cRik6EVgZH/0QseYZijviuz7NklL8so/bgn7sORP9ibRWwiojBzm91emUt4X2l5N
# WOmxLYNIPXR/G8LOSv5Dh4C4WXU3zuaLvTmg/fWPoWTF8P+9LU0gEKUzyk0jMJu4
# hb9lVLXyNbgEcdtK+VewWjsdJcdmF1tMAR94GTmbUdwxbwmATqX8w16jGUbnXPt2
# FZfmjS6CJO90uV7wBA91NnFlrJpWyDn1dKQ+ozpW0ZOAO+wfghpVq7/IRA==
# =VRK4
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 01 Sep 2022 14:23:00 EDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (39 commits)
  target/i386: AVX+AES helpers prep
  target/i386: AVX pclmulqdq prep
  target/i386: Rewrite blendv helpers
  target/i386: Misc AVX helper prep
  target/i386: Destructive FP helpers for AVX
  target/i386: Dot product AVX helper prep
  target/i386: reimplement AVX comparison helpers
  target/i386: Floating point arithmetic helper AVX prep
  target/i386: Destructive vector helpers for AVX
  target/i386: Misc integer AVX helper prep
  target/i386: Rewrite simple integer vector helpers
  target/i386: Rewrite vector shift helper
  target/i386: rewrite destructive 3DNow operations
  target/i386: Add CHECK_NO_VEX
  target/i386: do not cast gen_helper_* function pointers
  target/i386: Add size suffix to vector FP helpers
  target/i386: isolate MMX code more
  target/i386: check SSE table flags instead of hardcoding opcodes
  target/i386: Move 3DNOW decoder
  target/i386: Rework sse_op_table6/7
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-02 13:24:28 -04:00
Zheyu Ma 36a894aeb6 net: tulip: Restrict DMA engine to memories
The DMA engine is started by I/O access and then itself accesses the
I/O registers, triggering a reentrancy bug.

The following log can reveal it:
==5637==ERROR: AddressSanitizer: stack-overflow
    #0 0x5595435f6078 in tulip_xmit_list_update qemu/hw/net/tulip.c:673
    #1 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13
    #2 0x559544637f86 in memory_region_write_accessor qemu/softmmu/memory.c:492:5
    #3 0x5595446379fa in access_with_adjusted_size qemu/softmmu/memory.c:554:18
    #4 0x5595446372fa in memory_region_dispatch_write qemu/softmmu/memory.c
    #5 0x55954468b74c in flatview_write_continue qemu/softmmu/physmem.c:2825:23
    #6 0x559544683662 in flatview_write qemu/softmmu/physmem.c:2867:12
    #7 0x5595446833f3 in address_space_write qemu/softmmu/physmem.c:2963:18
    #8 0x5595435fb082 in dma_memory_rw_relaxed qemu/include/sysemu/dma.h:87:12
    #9 0x5595435fb082 in dma_memory_rw qemu/include/sysemu/dma.h:130:12
    #10 0x5595435fb082 in dma_memory_write qemu/include/sysemu/dma.h:171:12
    #11 0x5595435fb082 in stl_le_dma qemu/include/sysemu/dma.h:272:1
    #12 0x5595435fb082 in stl_le_pci_dma qemu/include/hw/pci/pci.h:910:1
    #13 0x5595435fb082 in tulip_desc_write qemu/hw/net/tulip.c:101:9
    #14 0x5595435f7e3d in tulip_xmit_list_update qemu/hw/net/tulip.c:706:9
    #15 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13

Fix this bug by restricting the DMA engine to memories regions.

Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez 0e3fdcffea vdpa: Delete CVQ migration blocker
We can restore the device state in the destination via CVQ now. Remove
the migration blocker.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez 539573c317 vhost_net: add NetClientState->load() callback
It allows per-net client operations right after device's successful
start. In particular, to load the device status.

Vhost-vdpa net will use it to add the CVQ buffers to restore the device
status.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez c5e5269d8a vhost_net: Add NetClientInfo stop callback
Used by the backend to perform actions after the device is stopped.

In particular, vdpa net use it to unmap CVQ buffers to the device,
cleaning the actions performed in prepare().

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez eb92b75380 vhost_net: Add NetClientInfo start callback
This is used by the backend to perform actions before the device is
started.

In particular, vdpa net use it to map CVQ buffers to the device, so it
can send control commands using them.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez d368c0b052 vhost: Do not depend on !NULL VirtQueueElement on vhost_svq_flush
Since QEMU will be able to inject new elements on CVQ to restore the
state, we need not to depend on a VirtQueueElement to know if a new
element has been used by the device or not. Instead of check that, check
if there are new elements only using used idx on vhost_svq_flush.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez 9e193cec5d vhost: Delete useless read memory barrier
As discussed in previous series [1], this memory barrier is useless with
the atomic read of used idx at vhost_svq_more_used. Deleting it.

[1] https://lists.nongnu.org/archive/html/qemu-devel/2022-07/msg02616.html

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez 86f5f2546f vhost: use SVQ element ndescs instead of opaque data for desc validation
Since we're going to allow SVQ to add elements without the guest's
knowledge and without its own VirtQueueElement, it's easier to check if
an element is a valid head checking a different thing than the
VirtQueueElement.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez 9c2ab2f1ec vhost: stop transfer elem ownership in vhost_handle_guest_kick
It was easier to allow vhost_svq_add to handle the memory. Now that we
will allow qemu to add elements to a SVQ without the guest's knowledge,
it's better to handle it in the caller.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez 8b6d6119ad vdpa: Use ring hwaddr at vhost_vdpa_svq_unmap_ring
Reduce code duplication.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez 8b64e48642 vhost: Always store new kick fd on vhost_svq_set_svq_kick_fd
We can unbind twice a file descriptor if we call twice
vhost_svq_set_svq_kick_fd because of this. Since it comes from vhost and
not from SVQ, that file descriptor could be a different thing that
guest's vhost notifier.

Likewise, it can happens the same if a guest start and stop the device
multiple times.

Reported-by: Lei Yang <leiyang@redhat.com>
Fixes: dff4426fa6 ("vhost: Add Shadow VirtQueue kick forwarding capabilities")
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez 5b590f51b9 vdpa: Make SVQ vring unmapping return void
Nothing actually reads the return value, but an error in cleaning some
entries could cause device stop to abort, making a restart impossible.
Better ignore explicitely the return value.

Reported-by: Lei Yang <leiyang@redhat.com>
Fixes: 34e3c94eda ("vdpa: Add custom IOTLB translations to SVQ")
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez b37c12be96 vdpa: Remove SVQ vring from iova_tree at shutdown
Although the device will be reset before usage, the right thing to do is
to clean it.

Reported-by: Lei Yang <leiyang@redhat.com>
Fixes: 34e3c94eda ("vdpa: Add custom IOTLB translations to SVQ")
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez 69292a8e40 util: accept iova_tree_remove_parameter by value
It's convenient to call iova_tree_remove from a map returned from
iova_tree_find or iova_tree_find_iova. With the current code this is not
possible, since we will free it, and then we will try to search for it
again.

Fix it making accepting the map by value, forcing a copy of the
argument. Not applying a fixes tag, since there is no use like that at
the moment.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez 7dab70bec3 vdpa: do not save failed dma maps in SVQ iova tree
If a map fails for whatever reason, it must not be saved in the tree.
Otherwise, qemu will try to unmap it in cleanup, leaving to more errors.

Fixes: 34e3c94eda ("vdpa: Add custom IOTLB translations to SVQ")
Reported-by: Lei Yang <leiyang@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Eugenio Pérez 10dab9f263 vdpa: Skip the maps not in the iova tree
Next patch will skip the registering of dma maps that the vdpa device
rejects in the iova tree. We need to consider that here or we cause a
SIGSEGV accessing result.

Reported-by: Lei Yang <leiyang@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02 10:22:39 +08:00
Stefan Hajnoczi 7dd9d7e0bd ppc patch queue for 2022-08-31:
In the first 7.2 queue we have changes in the powernv pnv-phb handling,
 the start of the QOMification of the ppc405 model, the removal of the
 taihu machine, a new SLOF image and others.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYw/AFgAKCRA82cqW3gMx
 ZI6XAP0d8m6r1JqKXPSfCwVYy+AfrwY7oZWYbeTqdamK6xHcUQD+JyCcFcogY4Vz
 YwvHLd9W2cqvoWiZ4tmkK4Mb0Xt0Xg4=
 =0uL/
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20220831' of https://gitlab.com/danielhb/qemu into staging

ppc patch queue for 2022-08-31:

In the first 7.2 queue we have changes in the powernv pnv-phb handling,
the start of the QOMification of the ppc405 model, the removal of the
taihu machine, a new SLOF image and others.

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYw/AFgAKCRA82cqW3gMx
# ZI6XAP0d8m6r1JqKXPSfCwVYy+AfrwY7oZWYbeTqdamK6xHcUQD+JyCcFcogY4Vz
# YwvHLd9W2cqvoWiZ4tmkK4Mb0Xt0Xg4=
# =0uL/
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 31 Aug 2022 16:09:58 EDT
# gpg:                using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164
# gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 17EB FF99 23D0 1800 AF28  3819 3CD9 CA96 DE03 3164

* tag 'pull-ppc-20220831' of https://gitlab.com/danielhb/qemu: (60 commits)
  ppc4xx: Fix code style problems reported by checkpatch
  ppc/ppc4xx: Fix sdram trace events
  hw/ppc/Kconfig: Move imply before select
  hw/ppc/sam460ex: Remove PPC405 dependency from sam460ex
  ppc405: Move machine specific code to ppc405_boards.c
  ppc/ppc405: QOM'ify FPGA
  ppc/ppc405: Use an explicit I2C object
  hw/intc/ppc-uic: Convert ppc-uic to a PPC4xx DCR device
  ppc/ppc405: Use an embedded PPCUIC model in SoC state
  ppc4xx: Rename ppc405-ebc to ppc4xx-ebc
  ppc4xx: Move EBC model to ppc4xx_devs.c
  ppc4xx: Rename ppc405-plb to ppc4xx-plb
  ppc4xx: Move PLB model to ppc4xx_devs.c
  ppc/ppc405: QOM'ify MAL
  ppc/ppc405: QOM'ify PLB
  ppc/ppc405: QOM'ify POB
  ppc/ppc405: QOM'ify OPBA
  ppc/ppc405: QOM'ify EBC
  ppc/ppc405: QOM'ify DMA
  ppc/ppc405: QOM'ify GPIO
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-01 13:53:20 -04:00
John Millikin 6d1511cea0 scsi: Reject commands if the CDB length exceeds buf_len
In scsi_req_parse_cdb(), if the CDB length implied by the command type
exceeds the initialized portion of the command buffer, reject the request.

Rejected requests are recorded by the `scsi_req_parse_bad` trace event.

On example of a bug detected by this check is SunOS's use of interleaved
DMA and non-DMA commands. This guest behavior currently causes QEMU to
parse uninitialized memory as a SCSI command, with unpredictable
outcomes.

With the new check in place:

  * QEMU consistently creates a trace event and rejects the request.

  * SunOS retries the request(s) and is able to successfully boot from
    disk.

Signed-off-by: John Millikin <john@john-millikin.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1127
Message-Id: <20220817053458.698416-2-john@john-millikin.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-01 07:42:37 +02:00
John Millikin fe9d8927e2 scsi: Add buf_len parameter to scsi_req_new()
When a SCSI command is received from the guest, the CDB length implied
by the first byte might exceed the number of bytes the guest sent. In
this case scsi_req_new() will read uninitialized data, causing
unpredictable behavior.

Adds the buf_len parameter to scsi_req_new() and plumbs it through the
call stack.

Signed-off-by: John Millikin <john@john-millikin.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1127
Message-Id: <20220817053458.698416-1-john@john-millikin.com>
[Fill in correct length for adapters other than ESP. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-01 07:42:37 +02:00
John Millikin c6e51f1bb2 esp: Handle CMD_BUSRESET by resetting the SCSI bus
Per investigation on the linked ticket, SunOS issues a SCSI bus reset
to the ESP as part of its boot sequence. If this ESP command doesn't
cause devices to assert sense flag UNIT ATTENTION, SunOS will consider
the CD-ROM device to be non-compliant with Common Command Set (CCS).
In this condition, the SunOS installer's early userspace doesn't set
the installation source location to sr0 and the miniroot copy fails.

Signed-off-by: John Millikin <john@john-millikin.com>
Suggested-by: Bill Paul <noisetube@gmail.com>
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1127
Message-Id: <20220817053846.699310-1-john@john-millikin.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-01 07:42:36 +02:00
BALATON Zoltan 95e2293287 ppc4xx: Fix code style problems reported by checkpatch
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <62798fbe9c200da3e0c870601ed9162b1c3a50a5.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 17:05:15 -03:00
Cédric Le Goater 1b46bc17f4 ppc/ppc4xx: Fix sdram trace events
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <0a3e454eb7fd5f2b807a9c752c28693f27829f1d.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 17:05:15 -03:00
BALATON Zoltan 56a5b199e4 hw/ppc/Kconfig: Move imply before select
In pegasos2 section move imply before select to match other sections.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <4d46dde64c2e5df6db3f92426fb3ae885939c2b0.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 17:05:15 -03:00
BALATON Zoltan adb566d371 hw/ppc/sam460ex: Remove PPC405 dependency from sam460ex
Now that shared PPC4xx devices are separated from PPC405 ones we can
drop this depencency.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <cf6c1d280f830beeea41128595c8c026d5126d2b.1660762465.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 17:05:10 -03:00
BALATON Zoltan b5aae5f660 ppc405: Move machine specific code to ppc405_boards.c
These are only used by the board code so move out from the shared SoC
model and put it in the boards file.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <2b23bcaaf191f96b217cbd06a6038694024862c3.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater ea9b318695 ppc/ppc405: QOM'ify FPGA
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <ed6ff1705dadb46b456e424aa0f0420f1d18d92c.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 111913fb2d ppc/ppc405: Use an explicit I2C object
Having an explicit I2C model object will help if one day we want to
add I2C devices on the bus from the machine init routine.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: Symplify sysbus device casts for readibility]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <68eb8b5ac408ca8cc981ebf53a3e154c0d34c7f6.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
BALATON Zoltan a55b213646 hw/intc/ppc-uic: Convert ppc-uic to a PPC4xx DCR device
Make ppc-uic a subclass of ppc4xx-dcr-device which will handle the cpu
link and make it uniform with the other PPC4xx devices.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <eb548130cf60aea8a6ea4dba4dee1686b3cabc3d.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater e9d20f3717 ppc/ppc405: Use an embedded PPCUIC model in SoC state
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: Simplify sysbus device casts for readability]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <ac5f010f4eb3ade061c65bc39a049f231f75574a.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
BALATON Zoltan cba58aa762 ppc4xx: Rename ppc405-ebc to ppc4xx-ebc
This device is shared between different 4xx socs.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <63d9b14c8ff5f73e35bffca1036394b5235735ee.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
BALATON Zoltan 127ba8d03e ppc4xx: Move EBC model to ppc4xx_devs.c
The EBC is shared between 405 and 440 so move it to shared file.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <10eae70509ca4bd74858fc2c0a0f0e4eb9330199.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
BALATON Zoltan 052c779b4c ppc4xx: Rename ppc405-plb to ppc4xx-plb
This device is shared between different 4xx socs.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <5b13ebfd12a71a28035bed5a915cbeee81cf21d1.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
BALATON Zoltan 2d54aaf121 ppc4xx: Move PLB model to ppc4xx_devs.c
The PLB is shared between 405 and 440 so move it to the shared file.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <2498384bf3e18959ee8cb984d72fb66b8a6ecadc.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater da116a8aab ppc/ppc405: QOM'ify MAL
The Memory Access Layer (MAL) controller is currently modeled as a DCR
device with 4 IRQs. Also drop the ppc4xx_mal_init() helper and adapt
the sam460ex machine.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: ppc4xx_dcr_register changes, add finalize method]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <d54a243dff94d95ba30dbcc09c27700a90ade932.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 695bce07dc ppc/ppc405: QOM'ify PLB
PLB is currently modeled as a simple DCR device. Also drop the
ppc4xx_plb_init() helper and adapt the sam460ex machine.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: ppc4xx_dcr_register changes]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <c4256d1bffca86fe1d696aa9c56732e5f563e114.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 2841430e6a ppc/ppc405: QOM'ify POB
POB is currently modeled as a simple DCR device.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: ppc4xx_dcr_register changes]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <2bb1a89182523059ecb0e8d20c22a293534dec17.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 72beecc20c ppc/ppc405: QOM'ify OPBA
The OPB arbitrer is currently modeled as a simple SysBus device with a
unique memory region.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: ppc4xx_dcr_register changes]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <38476bc43d2332db2f09dbede9eff5234d6ce217.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 415a6333d4 ppc/ppc405: QOM'ify EBC
EBC is currently modeled as a DCR device. Also drop the ppc405_ebc_init()
helper and adapt the sam460ex machine.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: ppc4xx_dcr_register changes]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <51a0769ab605c5158f4f2f1c896725d5fe7a073b.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 82c86e304a ppc/ppc405: QOM'ify DMA
The DMA controller is currently modeled as a DCR device with a couple
of IRQs.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: ppc4xx_dcr_register changes]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <4738b3c7cf18c328f05aaaddc555a46219431335.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 125277c6a8 ppc/ppc405: QOM'ify GPIO
The GPIO controller is currently modeled as a simple SysBus device
with a unique memory region.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: Simplify sysbus device casts for readability]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <e95d7849f3768e1f9a2846c4b282392750678b3e.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 2847eb4089 ppc/ppc405: QOM'ify OCM
The OCM controller is currently modeled as a simple DCR device with
a couple of memory regions.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: ppc4xx_dcr_register changes]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <ecb93d2d5993bb7a970365744c7d342d4abcb017.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 269fbb5b8a ppc/ppc405: QOM'ify GPT
The GPT controller is currently modeled as a SysBus device with a
unique memory region, a couple of IRQs and a timer.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: ppc4xx_dcr_register changes, add finalize method]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <8950ab26e78173f94ba65bc61bcfd0631de1fe61.1660746880.git.balaton@eik.bme.hu>
[danielhb: check if timer != NULL in ppc405_gpt_finalize()]
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 4a7d2b7e5c ppc/ppc405: QOM'ify CPC
The CPC controller is currently modeled as a DCR device.

Now that all clock settings are handled at the CPC level, change the
SoC "sys-clk" property to be an alias on the same property in the CPC
model.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: ppc4xx_dcr_register changes]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <23393cb91a2c6c560a4461b3e9d1baa48ae28f74.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 629cae6170 ppc/ppc4xx: Introduce a DCR device model
The Device Control Registers (DCR) of on-SoC devices are accessed by
software through the use of the mtdcr and mfdcr instructions. These
are converted in transactions on a side band bus, the DCR bus, which
connects the on-SoC devices to the CPU.

Ideally, we should model these accesses with a DCR namespace and DCR
memory regions but today the DCR handlers are installed in a DCR table
under the CPU. Instead, introduce a little device model wrapper to hold
a CPU link and handle registration of DCR handlers.

The DCR device inherits from SysBus because most of these devices also
have MMIO regions and/or IRQs. Being a SysBusDevice makes things easier
to install the device model in the overall SoC.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[balaton: Explicit opaque parameter for dcr callbacks]
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <9b21bdf55e0a728f093bad299e030d98f302ded0.1660746880.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater b42ad43756 ppc/ppc405: QOM'ify CPU
Drop the use of ppc4xx_init() and duplicate a bit of code related to
clocks in the SoC realize routine. We will clean that up in the
following patches.

ppc_dcr_init() simply allocates default DCR handlers for the CPU. Maybe
this could be done in model initializer of the CPU families needing it.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <20220809153904.485018-8-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 5b0f170a8a ppc/ppc405: Start QOMification of the SoC
This moves all the code previously done in the ppc405ep_init() routine
under ppc405_soc_realize(). We can also adjust the number of banks now
that we have control on ppc4xx_sdram_init().

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <20220809153904.485018-7-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 3b758ca2f0 ppc/ppc405: Introduce a PPC405 SoC
It is an initial model to start QOMification of the PPC405 board.
QOM'ified devices will be reintroduced one by one. Start with the
memory regions, which name prefix is changed to "ppc405".

Also, initialize only one RAM bank. The second bank is a dummy one
(zero size) which is here to match the hard coded number of banks in
ppc405ep_init().

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <20220809153904.485018-6-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater df2372086f ppc/ppc405: Move SRAM under the ref405ep machine
It doesn't belong to the generic machine nor the SoC. Fix a typo in
the name while we are at it.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <20220809153904.485018-5-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 041816c6d5 ppc/ppc405: Move devices under the ref405ep machine
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220809153904.485018-4-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater e67b374d08 ppc/ppc405: Introduce a PPC405 generic machine
We will use this machine as a base to define the ref405ep and possibly
the PPC405 hotfoot board as found in the Linux kernel.

Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220809153904.485018-3-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Cédric Le Goater 1335caf312 ppc/ppc405: Remove taihu machine
It has been deprecated since 7.0.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220809153904.485018-2-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Daniel Henrique Barboza 6a1e1ce2ef ppc/pnv: fix QOM parenting of user creatable root ports
User creatable root ports are being parented by the 'peripheral' or the
'peripheral-anon' container. This happens because this is the regular
QOM schema for sysbus devices that are added via the command line.

Let's make this QOM hierarchy similar to what we have with default root
ports, i.e. the root port must be parented by the pnv-root-bus. To do
that we change the qom and bus parent of the root port during
root_port_realize(). The realize() is shared by the default root port
code path, so we can remove the code inside pnv_phb_attach_root_port()
that was adding the root port as a child of the bus as well.

After all that, remove pnv_phb_attach_root_port() and create the root
port explictly in the 'default_enabled()' case of pnv_phb_realize().

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220819094748.400578-3-danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Daniel Henrique Barboza 3466bb50ec ppc/pnv: consolidate pnv_parent_*_fixup() helpers
We have 2 helpers that amends the QOM and parent bus of a given object,
repectively. These 2 helpers are called together, and not by accident.
Due to QOM internals, doing an object_unparent() will result in the
device being removed from its parent bus. This means that changing the
QOM parent requires reassigning the parent bus again.

Create a single helper called pnv_parent_fixup(), documenting some of
the QOM specifics that we're dealing with the unparenting/parenting
mechanics, and handle both the QOM and the parent bus assignment.

Next patch will make use of this function to handle a case where we need
to change the QOM parent while keeping the same parent bus assigned
beforehand.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220819094748.400578-2-danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Daniel Henrique Barboza f1327fde35 ppc/pnv: user creatable pnv-phb for powernv10
Given that powernv9 and powernv10 uses the same pnv-phb backend, the
logic to allow user created pnv-phbs for powernv10 is already in place.
Let's flip the switch.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220811163950.578927-11-danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Daniel Henrique Barboza 607e9316d3 ppc/pnv: change pnv_phb4_get_pec() to also retrieve chip10->pecs
The function assumes that we're always dealing with a PNV9_CHIP()
object. This is not the case when the pnv-phb device belongs to a
powernv10 machine.

Change pnv_phb4_get_pec() to be able to work with PNV10_CHIP() if
necessary.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220811163950.578927-10-danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Daniel Henrique Barboza d786be3fe7 ppc/pnv: enable user created pnv-phb for powernv9
Enable pnv-phb user created devices for powernv9 now that we have
everything in place.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220811163950.578927-9-danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Daniel Henrique Barboza c147177277 ppc/pnv: add PHB4 helpers for user created pnv-phb
The PHB4 backend relies on a link with the corresponding PEC element.
This is trivial to do during machine_init() time for default devices,
but not so much for user created ones.

pnv_phb4_get_pec() is a small variation of the function that was
reverted by commit 9c10d86fee "ppc/pnv: Remove user-created PHB{3,4,5}
devices". We'll use it to determine the appropriate PEC for a given user
created pnv-phb that uses a PHB4 backend.

This is done during realize() time, in pnv_phb_user_device_init().

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220811163950.578927-8-danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Daniel Henrique Barboza 892c3ad0d5 ppc/pnv: enable user created pnv-phb for powernv8
The bulk of the work was already done by previous patches.

Use defaults_enabled() to determine whether we need to create the
default devices or not.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220811163950.578927-7-danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Daniel Henrique Barboza 0d512c7120 ppc/pnv: turn chip8->phbs[] into a PnvPHB* array
When enabling user created PHBs (a change reverted by commit 9c10d86fee)
we were handling PHBs created by default versus by the user in different
manners. The only difference between these PHBs is that one will have a
valid phb3->chip that is assigned during pnv_chip_power8_realize(),
while the user created needs to search which chip it belongs to.

Aside from that there shouldn't be any difference. Making the default
PHBs behave in line with the user created ones will make it easier to
re-introduce them later on. It will also make the code easier to follow
since we are dealing with them in equal manner.

The first step is to turn chip8->phbs[] into a PnvPHB3 pointer array.
This will allow us to assign user created PHBs into it later on. The way
we initilize the default case is now more in line with that would happen
with the user created case: the object is created, parented by the chip
because pnv_xscom_dt() relies on it, and then assigned to the array.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220811163950.578927-6-danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Daniel Henrique Barboza ba47c3a4f8 ppc/pnv: add helpers for pnv-phb user devices
pnv_parent_qom_fixup() and pnv_parent_bus_fixup() are versions of the
helpers that were reverted by commit 9c10d86fee "ppc/pnv: Remove
user-created PHB{3,4,5} devices". They are needed to amend the QOM and
bus hierarchies of user created pnv-phbs, matching them with default
pnv-phbs.

A new helper pnv_phb_user_device_init() is created to handle
user-created devices setup. We're going to call it inside
pnv_phb_realize() in case we're realizing an user created device. This
will centralize all user device realated in a single spot, leaving the
realize functions of the phb3/phb4 backends untouched.

Another helper called pnv_chip_add_phb() was added to handle the
particularities of each chip version when adding a new PHB.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220811163950.578927-5-danielhb413@gmail.com>
2022-08-31 14:08:06 -03:00
Daniel Henrique Barboza c2f3f78af5 ppc/pnv: set root port chassis and slot using Bus properties
For default root ports we have a way of accessing chassis and slot,
before root_port_realize(), via pnv_phb_attach_root_port(). For the
future user created root ports this won't be the case: we can't use
this helper because we don't have access to the PHB phb-id/chip-id
values.

In earlier patches we've added phb-id and chip-id to pnv-phb-root-bus
objects. We're now able to use the bus to retrieve them. The bus is
reachable for both user created and default devices, so we're changing
all the code paths. This also allow us to validate these changes with
the existing default devices.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220811163950.578927-4-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza b7c1750dc4 ppc/pnv: add phb-id/chip-id PnvPHB4RootBus properties
The same rationale provided in the PHB3 bus case applies here.

Note: we could have merged both buses in a single object, like we did
with the root ports, and spare some boilerplate. The reason we opted to
preserve both buses objects is twofold:

- there's not user side advantage in doing so. Unifying the root ports
presents a clear user QOL change when we enable user created devices back.
The buses objects, aside from having a different QOM name, is transparent
to the user;

- we leave a door opened in case we want to increase the root port limit
for phb4/5 later on without having to deal with phb3 code.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220811163950.578927-3-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza 8ec1e4f1ef ppc/pnv: add phb-id/chip-id PnvPHB3RootBus properties
We rely on the phb-id and chip-id, which are PHB properties, to assign
chassis and slot to the root port. For default devices this is no big
deal: the root port is being created under pnv_phb_realize() and the
values are being passed on via the 'index' and 'chip-id' of the
pnv_phb_attach_root_port() helper.

If we want to implement user created root ports we have a problem. The
user created root port will not be aware of which PHB it belongs to,
unless we're willing to violate QOM best practices and access the PHB
via dev->parent_bus->parent. What we can do is to access the root bus
parent bus.

Since we're already assigning the root port as QOM child of the bus, and
the bus is initiated using PHB properties, let's add phb-id and chip-id
as properties of the bus. This will allow us trivial access to them, for
both user-created and default root ports, without doing anything too
shady with QOM.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220811163950.578927-2-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza e5ea94360e ppc/pnv: move attach_root_port helper to pnv-phb.c
The helper is only used in this file.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220624084921.399219-13-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza cb6a5c2644 ppc/pnv: remove pecc->rp_model
The attribute is unused.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220624084921.399219-11-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza 17c681e92d ppc/pnv: remove root port name from pnv_phb_attach_root_port()
We support only a single root port, PNV_PHB_ROOT_PORT.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220624084921.399219-10-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza c8d14603e9 ppc/pnv: remove pnv-phb4-root-port
The unified pnv-phb-root-port can be used instead. The phb4-root-port
device isn't exposed to the user in any official QEMU release so there's
no ABI breakage in removing it.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220624084921.399219-9-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza 805150619e ppc/pnv: remove pnv-phb3-root-port
The unified pnv-phb-root-port can be used in its place. There is no ABI
breakage in doing so because no official QEMU release introduced user
creatable pnv-phb3-root-port devices.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220624084921.399219-8-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza 5ba76b61a2 ppc/pnv: add pnv-phb-root-port device
We have two very similar root-port devices, pnv-phb3-root-port and
pnv-phb4-root-port. Both consist of a wrapper around the PCIESlot device
that, until now, has no additional attributes.

The main difference between the PHB3 and PHB4 root ports is that
pnv-phb4-root-port has the pnv_phb4_root_port_reset() callback. All
other differences can be merged in a single device without too much
trouble.

This patch introduces the unified pnv-phb-root-port that, in time, will
be used as the default root port for the pnv-phb device.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220624084921.399219-7-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza 210aacb3b9 ppc/pnv: turn PnvPHB4 into a PnvPHB backend
Change the parent type of the PnvPHB4 device to TYPE_PARENT since the
PCI bus is going to be initialized by the PnvPHB parent. Functions that
needs to access the bus via a PnvPHB4 object can do so via the
phb4->phb_base pointer.

pnv_phb4_pec now creates a PnvPHB object.

The powernv9 machine class will create PnvPHB devices with version '4'.
powernv10 will create using version '5'. Both are using global machine
properties in their class_init() to do that.

These changes will benefit us when adding PnvPHB user creatable devices
for powernv9 and powernv10.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220624084921.399219-6-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza fe5bfd4bb8 ppc/pnv: add PHB4 bus init helper
Similar to what we already did for the PnvPHB3 device, let's add a
helper to init the bus when using a PnvPHB4. This helper will be used by
PnvPHb when PnvPHB4 turns into a backend.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220624084921.399219-5-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza 1f5d6b2ad1 ppc/pnv: turn PnvPHB3 into a PnvPHB backend
We need a handful of changes that needs to be done in a single swoop to
turn PnvPHB3 into a PnvPHB backend.

In the PnvPHB3, since the PnvPHB device implements PCIExpressHost and
will hold the PCI bus, change PnvPHB3 parent to TYPE_DEVICE. There are a
couple of instances in pnv_phb3.c that needs to access the PCI bus, so a
phb_base pointer is added to allow access to the parent PnvPHB. The
PnvPHB3 root port will now be connected to a PnvPHB object.

In pnv.c, the powernv8 machine chip8 will now hold an array of PnvPHB
objects.  pnv_get_phb3_child() needs to be adapted to return the PnvPHB3
backend from the PnvPHB child. A global property is added in
pnv_machine_power8_class_init() to ensure that all PnvPHBs are created
with phb->version = 3.

After all these changes we're still able to boot a powernv8 machine with
default settings. The real gain will come with user created PnvPHB
devices, coming up next.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220624084921.399219-4-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza e4e6db5283 ppc/pnv: add PnvPHB base/proxy device
The PnvPHB device is going to be the base device for all other powernv
PHBs. It consists of a device that has the same user API as the other
PHB, namely being a PCIHostBridge and having chip-id and index
properties. It also has a 'backend' pointer that will be initialized
with the PHB implementation that the device is going to use.

The initialization of the PHB backend is done by checking the PHB
version via a 'version' attribute that can be set via a global machine
property.  The 'version' field will be used to make adjustments based on
the running version, e.g. PHB3 uses a 'chip' reference while PHB4 uses
'pec'. To init the PnvPHB bus we'll rely on helpers for each version.
The version 3 helper is already added (pnv_phb3_bus_init), the PHB4
helper will be added later on.

For now let's add the basic logic of the PnvPHB object, which consists
mostly of pnv_phb_realize() doing all the work of checking the
phb->version set, initializing the proper backend, passing through its
attributes to the chosen backend, finalizing the backend realize and
adding a root port in the end.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220624084921.399219-3-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Daniel Henrique Barboza 91bcee7157 ppc/pnv: add PHB3 bus init helper
The PnvPHB3 bus init consists of initializing the pci_io and pci_mmio
regions, registering it via pci_register_root_bus() and then setup the
iommu.

We'll want to init the bus from outside pnv_phb3.c when the bus is
removed from the PnvPHB3 device and put into a new parent PnvPHB device.
The new pnv_phb3_bus_init() helper will be used by the parent to init
the bus when using the PHB3 backend.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220624084921.399219-2-danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Nicholas Piggin 0bf4d77e59 ppc/pnv: Add initial P9/10 SBE model
The SBE (Self Boot Engine) are on-chip microcontrollers that perform
early boot steps, as well as provide some runtime facilities (e.g.,
timer, secure register access, MPIPL). The latter facilities are
accessed mostly via a message system called SBEFIFO.

This driver provides initial emulation for the SBE runtime registers
and a very basic SBEFIFO implementation that provides the timer
command. This covers the basic SBE behaviour expected by skiboot when
booting.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20220811093726.1442343-1-npiggin@gmail.com>
[danielhb: fixed SBE_HOST_RESPONSE_MASK long line]
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-31 14:08:05 -03:00
Nicholas Piggin 21d3a78ed9 target/ppc: Fix host PVR matching for KVM
ppc_cpu_compare_class_pvr_mask() should match the best CPU class in the
family, because it is used by the KVM subsystem to find the host CPU
class. Since commit 03ae4133ab ("target-ppc: Add pvr_match()
callback"), it matches any class in the family (the first one in the
comparison list).

Since commit f30c843ced ("ppc/pnv: Introduce PowerNV machines with
fixed CPU models"), pnv has relied on pnv_match having these new
semantics to check machine compatibility with a CPU family.

Resolve this by adding a parameter to the pvr_match function to select
the best or any match, and restore the old behaviour for the KVM case.

Prior to this fix, e.g., a POWER9 DD2.3 KVM host matches to the
power9_v1.0 class (because that happens to be the first POWER9 family
CPU compared). After the patch, it matches the power9_v2.0 class.

This approach requires pnv_match contain knowledge of the CPU classes
implemented in the same family, which feels ugly. But pushing the 'best'
match down to the class would still require they know about one another
which is not obviously much better. For now this gets things working.

Fixes: 03ae4133ab ("target-ppc: Add pvr_match() callback")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220731013358.170187-1-npiggin@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-30 16:20:29 -03:00
Christian Borntraeger 1d41de5f05 s390x/cpumodel: add stfl197 processor-activity-instrumentation extension 1
Add stfle 197 (processor-activity-instrumentation extension 1) to the
gen16 default model and fence it off for 7.1 and older.

Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20220727135120.12784-1-borntraeger@linux.ibm.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-08-25 21:59:04 +02:00
Cornelia Huck f514e1477f hw: Add compat machines for 7.2
Add 7.2 machine types for arm/i440fx/m68k/q35/s390x/spapr.

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20220727121755.395894-1-cohuck@redhat.com>
[thuth: fixed conflict with pcmc->legacy_no_rng_seed]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-08-25 21:59:04 +02:00
Kevin Wolf 51e15194b0 scsi-generic: Fix emulated block limits VPD page
Commits 01ef8185b8 amd 24b36e9813 updated the way that the maximum
transfer length is calculated for patching block limits VPD page in an
INQUIRY response.

The same updates also need to be made for the case where the host device
does not support the block limits VPD page at all and we emulate the
whole page.

Without this fix, on host block devices a maximum transfer length of
(INT_MAX - sector_size) bytes is advertised to the guest, resulting in
I/O errors when a request that exceeds the host limits is made by the
guest. (Prior to commit 24b36e9813, this code path would use the
max_transfer value from the host instead of INT_MAX, but still miss the
fix from 01ef8185b8 where max_transfer is also capped to max_iov
host pages, so it would be less wrong, but still wrong.)

Cc: qemu-stable@nongnu.org
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2096251
Fixes: 01ef8185b8
Fixes: 24b36e9813
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20220822125320.48257-1-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2022-08-23 16:01:13 +02:00
Michael S. Tsirkin 9afb4177d6 virtio-pci: don't touch pci on virtio reset
virtio level reset should not affect pci express
registers such as PM, error or link.

Fixes: 27ce0f3afc ("hw/virtio: fix Power Management Control Register for PCI Express virtio devices")
Fixes: d584f1b9ca ("hw/virtio: fix Link Control Register for PCI Express virtio devices")
Fixes: c2cabb3422 ("hw/virtio: fix error enabling flags in Device Control register")
Cc: "Marcel Apfelbaum" <marcel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-08-17 13:08:11 -04:00
Jonathan Cameron 4f41b4e445 hw/cxl: Correctly handle variable sized mailbox input payloads.
A placeholder of ~0 is used to indicate variable payload size.
Whilst the checks for output payload correctly took this into
account, those for input payload did not.

This results in failure of the Set LSA command.

Fixes: 464e14ac43 ("hw/cxl/device: Implement basic mailbox (8.2.8.4)")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220817145759.32603-4-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-08-17 13:08:11 -04:00
Jonathan Cameron 66a2356485 hw/cxl: Fix Get LSA input payload size which should be 8 bytes.
Get LSA needs 4 byte offset and 4 byte length arguments.
CXL rev 2.0 Table 178.

Fixes: 3ebe676a34 ("hw/cxl/device: Implement get/set Label Storage Area (LSA)")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220817145759.32603-3-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-08-17 13:08:11 -04:00
Jonathan Cameron 29d1fbc6c6 hw/cxl: Add stub write function for RO MemoryRegionOps entries.
There is no checking on the availability of a write callback.
Hence QEMU crashes if a write does occur to one of these regions.

Discovered whilst chasing a Linux kernel bug that incorrectly
wrote into one of these regions.

Fixes: 6364adacdf ("hw/cxl/device: Implement the CAP array (8.2.8.1-2)")
Reported-by: Bobo WL <lmw.bobo@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220817145759.32603-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-08-17 13:08:11 -04:00
Jonathan Cameron d2289b524e hw/cxl: Fix wrong query of target ports
Two issues were present in this code:
1) Check on which register to look in was inverted.
2) Both branches use the _LO register.

Whilst here moved to extract32() rather than hand rolling
the field extraction as simpler and hopefully less error prone.

Fixes Coverity CID: 1488873

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220808122051.14822-3-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-08-17 13:08:11 -04:00
Jonathan Cameron a99fbb003b hw/cxl: Fix memory leak in error paths
Use g_autofree to free the CXLFixedWindow structure if an
error occurs in configuration before we have added to
the list (via g_steal_pointer())

Fix Coverity CID: 1488872

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220808122051.14822-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-08-17 13:08:11 -04:00
Gerd Hoffmann 3824e25db1 x86: disable rng seeding via setup_data
Causes regressions when doing direct kernel boots with OVMF.

At this point in the release cycle the only sensible action
is to just disable this for 7.1 and sort it properly in the
7.2 devel cycle.

Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Eduardo Habkost <eduardo@habkost.net>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20220817083940.3174933-1-kraxel@redhat.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Eduardo Habkost <eduardo@habkost.net>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-08-17 07:07:37 -04:00
Alex Bennée 643a943554 hw/virtio: fix vhost_user_read tracepoint
As reads happen in the callback we were never seeing them. We only
really care about the header so move the tracepoint to when the header
is complete.

Fixes: 6ca6d8ee9d (hw/virtio: add vhost_user_[read|write] trace points)
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20220728135503.1060062-5-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-08-17 07:07:37 -04:00
Alex Bennée 5a9d5f09b1 hw/virtio: handle un-configured shutdown in virtio-pci
The assert() protecting against leakage is a little aggressive and
causes needless crashes if a device is shutdown without having been
configured. In this case no descriptors are lost because none have
been assigned.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220728135503.1060062-4-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-08-17 07:07:37 -04:00
Alex Bennée f20400ed0d hw/virtio: gracefully handle unset vhost_dev vdev
I've noticed asserts firing because we query the status of vdev after
a vhost connection is closed down. Rather than faulting on the NULL
indirect just quietly reply false.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220728135503.1060062-3-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-08-17 07:07:37 -04:00
Stefan Hajnoczi 9a4b6a63ae virtio-scsi: fix race in virtio_scsi_dataplane_start()
As soon as virtio_scsi_data_plane_start() attaches host notifiers the
IOThread may start virtqueue processing. There is a race between
IOThread virtqueue processing and virtio_scsi_data_plane_start() because
it only assigns s->dataplane_started after attaching host notifiers.

When a virtqueue handler function in the IOThread calls
virtio_scsi_defer_to_dataplane() it may see !s->dataplane_started and
attempt to start dataplane even though we're already in the IOThread:

  #0  0x00007f67b360857c __pthread_kill_implementation (libc.so.6 + 0xa257c)
  #1  0x00007f67b35bbd56 raise (libc.so.6 + 0x55d56)
  #2  0x00007f67b358e833 abort (libc.so.6 + 0x28833)
  #3  0x00007f67b358e75b __assert_fail_base.cold (libc.so.6 + 0x2875b)
  #4  0x00007f67b35b4cd6 __assert_fail (libc.so.6 + 0x4ecd6)
  #5  0x000055ca87fd411b memory_region_transaction_commit (qemu-kvm + 0x67511b)
  #6  0x000055ca87e17811 virtio_pci_ioeventfd_assign (qemu-kvm + 0x4b8811)
  #7  0x000055ca87e14836 virtio_bus_set_host_notifier (qemu-kvm + 0x4b5836)
  #8  0x000055ca87f8e14e virtio_scsi_set_host_notifier (qemu-kvm + 0x62f14e)
  #9  0x000055ca87f8dd62 virtio_scsi_dataplane_start (qemu-kvm + 0x62ed62)
  #10 0x000055ca87e14610 virtio_bus_start_ioeventfd (qemu-kvm + 0x4b5610)
  #11 0x000055ca87f8c29a virtio_scsi_handle_ctrl (qemu-kvm + 0x62d29a)
  #12 0x000055ca87fa5902 virtio_queue_host_notifier_read (qemu-kvm + 0x646902)
  #13 0x000055ca882c099e aio_dispatch_handler (qemu-kvm + 0x96199e)
  #14 0x000055ca882c1761 aio_poll (qemu-kvm + 0x962761)
  #15 0x000055ca880e1052 iothread_run (qemu-kvm + 0x782052)
  #16 0x000055ca882c562a qemu_thread_start (qemu-kvm + 0x96662a)

This patch assigns s->dataplane_started before attaching host notifiers
so that virtqueue handler functions that run in the IOThread before
virtio_scsi_data_plane_start() returns correctly identify that dataplane
does not need to be started. This fix is taken from the virtio-blk
dataplane code and it's worth adding a comment in virtio-blk as well to
explain why it works.

Note that s->dataplane_started does not need the AioContext lock because
it is set before attaching host notifiers and cleared after detaching
host notifiers. In other words, the IOThread always sees the value true
and the main loop thread does not modify it while the IOThread is
active.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2099541
Reported-by: Qing Wang <qinwang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20220808162134.240405-1-stefanha@redhat.com>
Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-08-17 07:07:37 -04:00
Thomas Huth effaf5a240 hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394)
The loop condition in xhci_ring_chain_length() is under control of
the guest, and additionally the code does not check for failed DMA
transfers (e.g. if reaching the end of the RAM), so the loop there
could run for a very long time or even forever. Fix it by checking
the return value of dma_memory_read() and by introducing a maximum
loop length.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/646
Message-Id: <20220804131300.96368-1-thuth@redhat.com>
Reviewed-by: Mauro Matteo Cascella <mcascell@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-08-16 11:37:19 +02:00
Zenghui Yu e1f045780b hw/arm/virt-acpi-build: Present the GICR structure properly for GICv4
With the introduction of the new TCG GICv4, build_madt() is badly broken
as we do not present any GIC Redistributor structure in MADT for GICv4
guests, so that they have no idea about where the Redistributor
register frames are. This fixes a Linux guest crash at boot time with
ACPI enabled and '-machine gic-version=4'.

While at it, let's convert the remaining hard coded gic_version into
enumeration VIRT_GIC_VERSION_2 for consistency.

Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Message-id: 20220812022018.1069-1-yuzenghui@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-08-12 11:25:18 +01:00
Richard Henderson 0342cb34a4 Pull request trivial branch 20220809
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmLykYgSHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L74881MP/1UL3bfp1/tzxeN5wvT0mAdrKcj8obPE
 5BB0QPD48NL8JqWq9HLLhX2vmAi2ibhPptpJkn+kXsqj8OW4Qp1JyWggZgD7O3mz
 S2OjVcpWrClhugoGhRUBm6G6kPsYjIBU0dLAINsyL6ETBZpIdkU/axLUJ6b2Wrm0
 eIQm6xNkGRhFAuya7MOX5ObzNylix2t1+QLxJMbA3XOCwl9PQRh7Wb/0oRhFMWZ9
 xCjraG9Jv1IxG28gGxMbUa2Ic7VTcVs+X+iu98AP7P3HBe/I31aXAmAf47MbMirk
 NJEYI9nDLZJyQmLgmBmyrQ+FIidDVhG7FURzIYeOoREv+xotQt6CTBNLKOcc4ccO
 YRy05JeUNeCJ015r8MZdiTwAwsbY0XPMijgqngqaWCw1BJO/luCdvUX6D4ehC5aZ
 zJPr7jJdqyhIZJjvPawoJSRsvWU495BCtyORtnU1T3uunEEu9vHLQKEy8gWtyitJ
 7R6E/Mj4IzB9T0Kvz2acGBtxmtTshonjXaYgb11QRI5SWEUUhDNN64839opDPAW8
 PSmRZwfwkhIUlb9eRIEPMFScEEbQVgU+dAngSZva9un9ED2adPMreWHQrinMxQM4
 jtGAfG3RMQUh7b3VBlS87y0N+b2FSIrL9x0ujcozwuh0JMeiWxx+9AUq4dH8m2HU
 YZb3LXjm8i/P
 =o5gT
 -----END PGP SIGNATURE-----

Merge tag 'trivial-branch-for-7.1-pull-request' of https://gitlab.com/laurent_vivier/qemu into staging

Pull request trivial branch 20220809

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmLykYgSHGxhdXJlbnRA
# dml2aWVyLmV1AAoJEPMMOL0/L74881MP/1UL3bfp1/tzxeN5wvT0mAdrKcj8obPE
# 5BB0QPD48NL8JqWq9HLLhX2vmAi2ibhPptpJkn+kXsqj8OW4Qp1JyWggZgD7O3mz
# S2OjVcpWrClhugoGhRUBm6G6kPsYjIBU0dLAINsyL6ETBZpIdkU/axLUJ6b2Wrm0
# eIQm6xNkGRhFAuya7MOX5ObzNylix2t1+QLxJMbA3XOCwl9PQRh7Wb/0oRhFMWZ9
# xCjraG9Jv1IxG28gGxMbUa2Ic7VTcVs+X+iu98AP7P3HBe/I31aXAmAf47MbMirk
# NJEYI9nDLZJyQmLgmBmyrQ+FIidDVhG7FURzIYeOoREv+xotQt6CTBNLKOcc4ccO
# YRy05JeUNeCJ015r8MZdiTwAwsbY0XPMijgqngqaWCw1BJO/luCdvUX6D4ehC5aZ
# zJPr7jJdqyhIZJjvPawoJSRsvWU495BCtyORtnU1T3uunEEu9vHLQKEy8gWtyitJ
# 7R6E/Mj4IzB9T0Kvz2acGBtxmtTshonjXaYgb11QRI5SWEUUhDNN64839opDPAW8
# PSmRZwfwkhIUlb9eRIEPMFScEEbQVgU+dAngSZva9un9ED2adPMreWHQrinMxQM4
# jtGAfG3RMQUh7b3VBlS87y0N+b2FSIrL9x0ujcozwuh0JMeiWxx+9AUq4dH8m2HU
# YZb3LXjm8i/P
# =o5gT
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 09 Aug 2022 09:55:36 AM PDT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [undefined]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [undefined]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* tag 'trivial-branch-for-7.1-pull-request' of https://gitlab.com/laurent_vivier/qemu:
  xlnx_dp: drop unsupported AUXCommand in xlnx_dp_aux_set_command
  contrib/vhost-user-blk: Clean up deallocation of VuVirtqElement

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-08-09 12:17:21 -07:00
Peter Maydell 7cf745dd9c hw/net/rocker: Avoid undefined shifts with more than 31 ports
In rocker_port_phys_link_status() and rocker_port_phys_enable_read()
we construct a 64-bit value with one bit per front-panel port.
However we accidentally do the shift as 32-bit arithmetic, which
means that if there are more than 31 front-panel ports this is
undefined behaviour.

Fix the problem by ensuring we use 64-bit arithmetic for the whole
calculation. (We won't ever shift off the 64-bit value because
ROCKER_FP_PORTS_MAX is 62.)

Resolves: Coverity CID 1487121, 1487160
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-08-09 17:02:18 +08:00
Peter Maydell 09d12c81ec hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses
In real hardware, the APB and AHB PNP data tables can be accessed
with byte and halfword reads as well as word reads.  Our
implementation currently only handles word reads.  Add support for
the 8 and 16 bit accesses.  Note that we only need to handle aligned
accesses -- unaligned accesses should continue to trap, as happens on
hardware.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1132
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Frederic Konrad <fkonrad@amd.com>
Message-Id: <20220802131925.3380923-1-peter.maydell@linaro.org>
Tested-by: Tomasz Martyniak <gitlab.com/tom4r>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-08-08 23:43:11 +02:00
Igor Mammedov bd64c210ce hw/mips/malta: turn off x86 specific features of PIIX4_PM
QEMU crashes trying to save VMSTATE when only MIPS target are compiled in
  $ qemu-system-mips -monitor stdio
  (qemu) migrate "exec:gzip -c > STATEFILE.gz"
  Segmentation fault (core dumped)

It happens due to PIIX4_PM trying to parse hotplug vmstate structures
which are valid only for x86 and not for MIPS (as it requires ACPI
tables support which is not existent for ithe later)

Issue was probably exposed by trying to cleanup/compile out unused
ACPI bits from MIPS target (but forgetting about migration bits).

Disable compiled out features using compat properties as the least
risky way to deal with issue.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/995
Reviewed-by: Ani Sinha <ani@anisinha.ca>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20220728115034.1327988-1-imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-08-08 23:23:11 +02:00
Richard Henderson 8a1337e604 * Fix and tests for -readconfig
* Fixes for changeable block size
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLxB6wUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroMbgQgAmj38xh/KurUvjAwlki9OF+jIXem/
 r7eHtc6wG/dGN7CyL+EK08c2GfPIphhii3JGfLT3P/xHvHRVgYow2AELNvYSG85M
 SBQGfDsHLoKvY6Wni3AolECvtGycXkd30RtrzqdTT8iZyIhTTsikEG2hSgE+Z6Yy
 9XGPHN9puTkkD5HYnDV1+T4+yc28F8UTVob3fv9b7LMH7mSYz7UN5Tw4zB7DjOL1
 JNTuYqW9JN1X1vIYKxYw9Y5Jb3qNjnl8y6if8bPuvrLRw94sd0ax23yEQHwtgcUj
 cYGcvZ2/X0SQg4AHTsqGJCuffKNDfHhmmA7w0Xb2DEvBvoveYOaDp3dKZQ==
 =L9FI
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* Fix and tests for -readconfig
* Fixes for changeable block size

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLxB6wUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMbgQgAmj38xh/KurUvjAwlki9OF+jIXem/
# r7eHtc6wG/dGN7CyL+EK08c2GfPIphhii3JGfLT3P/xHvHRVgYow2AELNvYSG85M
# SBQGfDsHLoKvY6Wni3AolECvtGycXkd30RtrzqdTT8iZyIhTTsikEG2hSgE+Z6Yy
# 9XGPHN9puTkkD5HYnDV1+T4+yc28F8UTVob3fv9b7LMH7mSYz7UN5Tw4zB7DjOL1
# JNTuYqW9JN1X1vIYKxYw9Y5Jb3qNjnl8y6if8bPuvrLRw94sd0ax23yEQHwtgcUj
# cYGcvZ2/X0SQg4AHTsqGJCuffKNDfHhmmA7w0Xb2DEvBvoveYOaDp3dKZQ==
# =L9FI
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 08 Aug 2022 05:55:08 AM PDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  tests/qtest: add scenario for -readconfig handling
  vl: remove dead code in parse_memory_options()
  vl: fix [memory] section with -readconfig
  scsi-disk: ensure block size is non-zero and changes limited to bits 8-15
  scsi-disk: fix overflow when block size is not a multiple of BDRV_SECTOR_SIZE

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-08-08 09:57:37 -07:00
Qiang Liu 9390da5ef2 xlnx_dp: drop unsupported AUXCommand in xlnx_dp_aux_set_command
In xlnx_dp_aux_set_command, when the command leads to the default
branch, xlxn-dp will abort and then crash.

This patch removes this abort and drops this operation.

Fixes: 58ac482 ("introduce xlnx-dp")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/411
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Suggested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Frederic Konrad <fkonrad@amd.com>
Message-Id: <20220808080116.2184881-1-cyruscyliu@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-08-08 11:40:06 +02:00
Song Gao 4cbadc40b9 hw/loongarch: remove acpi-build.c unused variable 'aml_len'
Fix a compiler warning on openbsd:
../src/hw/loongarch/acpi-build.c:416:12: warning: variable 'aml_len'
set but not used [-Wunused-but-set-variable]
    size_t aml_len = 0;
           ^

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220721040046.3985609-1-gaosong@loongson.cn>
[rth: Removing aml_len in turn makes fadt set but not used.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-08-05 10:02:07 -07:00
Daniel Henrique Barboza ed021daf2d hw/ppc: sam460ex.c: store all GPIO lines in mal_irqs[]
We're not storing all GPIO lines we're retrieving with
qdev_get_gpio_in() in mal_irqs[]. We're storing just the last one in the
first index:

    for (i = 0; i < ARRAY_SIZE(mal_irqs); i++) {
        mal_irqs[0] = qdev_get_gpio_in(uic[2], 3 + i);
    }
    ppc4xx_mal_init(env, 4, 16, mal_irqs);

mal_irqs is used in ppc4xx_mal_init() to assign the IRQs to MAL:

    for (i = 0; i < 4; i++) {
        mal->irqs[i] = irqs[i];
    }

Since only irqs[0] has been initialized, mal->irqs[1,2,3] are being
zeroed.

This doesn´t seem to trigger any apparent issues at this moment, but
Cedric's QOMification of the MAL device [1] is executing a
sysbus_connect_irq() that will fail if we do not store all GPIO lines
properly.

[1] https://lists.gnu.org/archive/html/qemu-devel/2022-08/msg00497.html

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: BALATON Zoltan <balaton@eik.bme.hu>
Fixes: 706e944206 ("hw/ppc/sam460ex: Drop use of ppcuic_init()")
Acked-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220803233204.2724202-1-danielhb413@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-08-04 15:20:14 -03:00
Lev Kujawski fd8a68ad68 hw/block/hd-geometry: Do not override specified bios-chs-trans
For small disk images (<4 GiB), QEMU and SeaBIOS default to the
LARGE/ECHS disk translation method, but it is not uncommon for other
BIOS software to use LBA in these cases as well.  Some operating
system boot loaders (e.g., NT 4) do not handle LARGE translations
outside of fixed configurations.  See, e.g., Q154052:

"When starting an x86 based computer, Ntdetect.com retrieves and
stores Interrupt 13 information. . . If the disk controller is using a
32 sector/64 head translation scheme, this boundary will be 1 GB. If
the controller uses 63 sector/255 head translation [AUTHOR: i.e.,
LBA], the limit will be 4 GB."

To accommodate these situations, hd_geometry_guess() now follows the
disk translation specified by the user even when the ATA disk geometry
is guessed.

hd_geometry_guess():
* Only set the disk translation when translation is AUTO.
* Show the soon-to-be active translation (*ptrans) in the trace rather
  than what was guessed.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/56
Buglink: https://bugs.launchpad.net/qemu/+bug/1745312

Signed-off-by: Lev Kujawski <lkujaw@member.fsf.org>
Message-Id: <20220707204045.999544-1-lkujaw@member.fsf.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2022-08-02 11:21:56 +02:00
Richard Henderson 60205b7142 aspeed queue:
* Fix ownership of RAM regions on the fby35 machine
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmLn1N8ACgkQUaNDx8/7
 7KHaVA//eh5wIZKeg1Qit8dhVoPXcO7b97KFpBreyCkfdREJpoLjoFe4y+rnKhnL
 tJm6qx1YG5s0UN/ODcy4TyKV9CkpcjsRZ+BHuZ+jjiz3WzuarZUTbZx1jVSJP6z0
 xcXc3CucKe/yyidGV1gKGiWetuXv2F6nYHzfvJ4auei6Rga8rwmiN7Rqf3Qfh6Lw
 Islj/9axfLxGzuMV85uuRZdRrrlmTOjDgnF4mxwVXRrxjtLIaAbzKT6mc1p1FUry
 cuE7bDjbZoT7ftBn5y4gQXV38M3XcWzB1KvzMslldkccU7cTbJg8620KSNiscOkJ
 03xEJiBJoAzy/X1PUmEODNYUV8a19xcsXEyqaRQiyYtO1XMBDcNkSaiaFacOnhFT
 UxabJf3qvzf1QwAmgxGUdbR5usNXsr8Yrnpf1lew7Mvr3SwOYVXqb/JPp+j7uoV3
 CVvvTFZm+hBQghaHC0wHBX+C3aLsTis4Jppn5loulo6fb9KZiosj2kPRwEIetVkt
 ZgkBOLWRWtizdWKM7HImt7F+v/r7ClFlwAIJj8QQV0HTtVZ+gM6MXWj5oczKENJ8
 vPkoP6AUoOWzKFEhBU5XtQ9DdwPSP9m6zAZXl4LD17tVPUPpsuSEDaxhH5hAEnIR
 39Mgx7hoK0uLHhM02RrNodD/NDmrZCPV3PwZ979z0Q/C8dttRkY=
 =hAJg
 -----END PGP SIGNATURE-----

Merge tag 'pull-aspeed-20220801' of https://github.com/legoater/qemu into staging

aspeed queue:

* Fix ownership of RAM regions on the fby35 machine

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmLn1N8ACgkQUaNDx8/7
# 7KHaVA//eh5wIZKeg1Qit8dhVoPXcO7b97KFpBreyCkfdREJpoLjoFe4y+rnKhnL
# tJm6qx1YG5s0UN/ODcy4TyKV9CkpcjsRZ+BHuZ+jjiz3WzuarZUTbZx1jVSJP6z0
# xcXc3CucKe/yyidGV1gKGiWetuXv2F6nYHzfvJ4auei6Rga8rwmiN7Rqf3Qfh6Lw
# Islj/9axfLxGzuMV85uuRZdRrrlmTOjDgnF4mxwVXRrxjtLIaAbzKT6mc1p1FUry
# cuE7bDjbZoT7ftBn5y4gQXV38M3XcWzB1KvzMslldkccU7cTbJg8620KSNiscOkJ
# 03xEJiBJoAzy/X1PUmEODNYUV8a19xcsXEyqaRQiyYtO1XMBDcNkSaiaFacOnhFT
# UxabJf3qvzf1QwAmgxGUdbR5usNXsr8Yrnpf1lew7Mvr3SwOYVXqb/JPp+j7uoV3
# CVvvTFZm+hBQghaHC0wHBX+C3aLsTis4Jppn5loulo6fb9KZiosj2kPRwEIetVkt
# ZgkBOLWRWtizdWKM7HImt7F+v/r7ClFlwAIJj8QQV0HTtVZ+gM6MXWj5oczKENJ8
# vPkoP6AUoOWzKFEhBU5XtQ9DdwPSP9m6zAZXl4LD17tVPUPpsuSEDaxhH5hAEnIR
# 39Mgx7hoK0uLHhM02RrNodD/NDmrZCPV3PwZ979z0Q/C8dttRkY=
# =hAJg
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 01 Aug 2022 06:27:59 AM PDT
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-aspeed-20220801' of https://github.com/legoater/qemu:
  aspeed/fby35: Fix owner of the BMC RAM memory region
  aspeed: Remove unused fields from AspeedMachineState

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-08-01 13:55:11 -07:00
Richard Henderson b15bdb1d83 - Some fixes for various tests
- Improve wordings in some files
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmLn6aYRHHRodXRoQHJl
 ZGhhdC5jb20ACgkQLtnXdP5wLbWekg/+NVIT1jp3tcbfPIE6pB0vI/AhqN3i2hUd
 zfJ4V3rSe5tg54JpmuuSt542mp4BDM9bPfYcY/DYESWEtW0c9wv80iP/5LFdJF0G
 GYtk7Q4pRXvB32kF0v9OxjCEGPUeEqSRrDrsI/Ify5evEIhr55oHPnDjN/US1Bx+
 TIuVfmyz8jhSPHsUvZzfVyFxkHre1+BWDxgM3zxoHFIaWEscIPE1KhwRILbKIxWx
 MHpL8JLAneGFwljQoUAMCl7GzHkVna59RhqkbBJ+8iTaNGipQj9FhHZBo2CulO0J
 SR7scWowYN8Jt2FNMe3tcKM2xQn/2Fg2TEK4sp6q+hCXhJuvFfWFHBiFYTNpagFA
 LGgZmPfDr4uZtMEqY4AdEZdL14YZcoM9E/RpW7GhSvMHy73wOj16O8luH1bU0jtG
 6X1VvAZlw8/Son1Tbq2CC6WejlMfJFXSzF6Fy6M7SflMPW44vJOs5uKdW405MYjE
 Pksbfz1rwoNfK+1qBNQop7SccgDRvPtlLf3lDAU9V/JHWVEITs1KTfyS+46U8jKA
 9SVBzKuTpVd+aXvMgvMAmmqnyvUBPHJ9KcFq4vHNbIETsGaQsXu0Q6waBmpcK8YB
 KUL/g0EsdfhkpVVgKYZ4Bzj7shG6SKTdwc/lUcOt+wQuDrZZzaC+A2cu/6ReQN6T
 BIHtoaxTz8E=
 =K6RW
 -----END PGP SIGNATURE-----

Merge tag 'pull-request-2022-08-01' of https://gitlab.com/thuth/qemu into staging

- Some fixes for various tests
- Improve wordings in some files

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmLn6aYRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbWekg/+NVIT1jp3tcbfPIE6pB0vI/AhqN3i2hUd
# zfJ4V3rSe5tg54JpmuuSt542mp4BDM9bPfYcY/DYESWEtW0c9wv80iP/5LFdJF0G
# GYtk7Q4pRXvB32kF0v9OxjCEGPUeEqSRrDrsI/Ify5evEIhr55oHPnDjN/US1Bx+
# TIuVfmyz8jhSPHsUvZzfVyFxkHre1+BWDxgM3zxoHFIaWEscIPE1KhwRILbKIxWx
# MHpL8JLAneGFwljQoUAMCl7GzHkVna59RhqkbBJ+8iTaNGipQj9FhHZBo2CulO0J
# SR7scWowYN8Jt2FNMe3tcKM2xQn/2Fg2TEK4sp6q+hCXhJuvFfWFHBiFYTNpagFA
# LGgZmPfDr4uZtMEqY4AdEZdL14YZcoM9E/RpW7GhSvMHy73wOj16O8luH1bU0jtG
# 6X1VvAZlw8/Son1Tbq2CC6WejlMfJFXSzF6Fy6M7SflMPW44vJOs5uKdW405MYjE
# Pksbfz1rwoNfK+1qBNQop7SccgDRvPtlLf3lDAU9V/JHWVEITs1KTfyS+46U8jKA
# 9SVBzKuTpVd+aXvMgvMAmmqnyvUBPHJ9KcFq4vHNbIETsGaQsXu0Q6waBmpcK8YB
# KUL/g0EsdfhkpVVgKYZ4Bzj7shG6SKTdwc/lUcOt+wQuDrZZzaC+A2cu/6ReQN6T
# BIHtoaxTz8E=
# =K6RW
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 01 Aug 2022 07:56:38 AM PDT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [undefined]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [undefined]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2022-08-01' of https://gitlab.com/thuth/qemu:
  tests/qtest/migration-test: Run the dirty ring tests only with the x86 target
  trivial: Fix duplicated words
  misc: fix commonly doubled up words
  tests/unit/test-qga: Replace the word 'blacklist' in the guest agent unit test
  migration-test: Allow test to run without uffd
  migration-test: Use migrate_ensure_converge() for auto-converge
  tests/tcg/linux-test: Fix random hangs in test_socket

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-08-01 10:22:00 -07:00
Richard Henderson 6427adc300 Add a change to make Coverity happy.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE/Q1c5nzg9ZpmiCaGYfOMkJGb/4EFAmLn2woACgkQYfOMkJGb
 /4HDxA/9EvFQCSHLrbfp5rR44PQOcLnFOPt5Gq9JUcGZ+6JfsKkEmLMhj004hLlK
 pby6b+dvSPgZr+vzzTeSViQFZqlEv5xK4ItH4Kv9jwigFDxzeiHbygxGdHGjO2so
 eMGhGawCN0/7ElDOMIp7guRdxfy/vv+zK+u6Yod5wbduzQbYz/rVeGF5N6hb7Nkn
 lM8+W+Uz1StatOj83m1K0YNWZSvQ3zKG2Oc0zSJAjvDCZr89ifJRJkp+U+GrM/Hw
 1gFI5Jtm7THPfuzUm5popnOtD5sae6lx0r1JNFSmX+5/IpcTu+7UqJQi0ANLiJeq
 2Fm4SOv6CqmDBtZY6KIfXkdZouKhunlUv/wEfAc2geZHSMNzn7LDAMNcLfjDZG1A
 PFTKyv1Spn1d7BI5aqnLvY39yojYYg8SY6uiRRLPd6xNIivsywg9fZN7XRRY7L6h
 VeIYxo65z4kjfTpx2tdspdUngKGheH/IOARLkkR/Xvx7acV9LC9Af0HEJz/IJxXY
 WYdsmzsDCVtphBRVUIxiWIgR5qk73rnDzYEkjevK8JzZUFf6qoTUlLcL0zpJqP1A
 1J56MoHBzmsVZLuJl+jf6UrBfyDPFAsarERKlfh1H0/DySz1JutqVascPnh2ZPQz
 hx+Ye3xj69cg7a35Vb4cEjAu96ngeYE5a7isamyaYuBQ/ixmYTE=
 =97ZM
 -----END PGP SIGNATURE-----

Merge tag 'for-qemu-2022-08-01' of github.com:cminyard/qemu into staging

Add a change to make Coverity happy.

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEE/Q1c5nzg9ZpmiCaGYfOMkJGb/4EFAmLn2woACgkQYfOMkJGb
# /4HDxA/9EvFQCSHLrbfp5rR44PQOcLnFOPt5Gq9JUcGZ+6JfsKkEmLMhj004hLlK
# pby6b+dvSPgZr+vzzTeSViQFZqlEv5xK4ItH4Kv9jwigFDxzeiHbygxGdHGjO2so
# eMGhGawCN0/7ElDOMIp7guRdxfy/vv+zK+u6Yod5wbduzQbYz/rVeGF5N6hb7Nkn
# lM8+W+Uz1StatOj83m1K0YNWZSvQ3zKG2Oc0zSJAjvDCZr89ifJRJkp+U+GrM/Hw
# 1gFI5Jtm7THPfuzUm5popnOtD5sae6lx0r1JNFSmX+5/IpcTu+7UqJQi0ANLiJeq
# 2Fm4SOv6CqmDBtZY6KIfXkdZouKhunlUv/wEfAc2geZHSMNzn7LDAMNcLfjDZG1A
# PFTKyv1Spn1d7BI5aqnLvY39yojYYg8SY6uiRRLPd6xNIivsywg9fZN7XRRY7L6h
# VeIYxo65z4kjfTpx2tdspdUngKGheH/IOARLkkR/Xvx7acV9LC9Af0HEJz/IJxXY
# WYdsmzsDCVtphBRVUIxiWIgR5qk73rnDzYEkjevK8JzZUFf6qoTUlLcL0zpJqP1A
# 1J56MoHBzmsVZLuJl+jf6UrBfyDPFAsarERKlfh1H0/DySz1JutqVascPnh2ZPQz
# hx+Ye3xj69cg7a35Vb4cEjAu96ngeYE5a7isamyaYuBQ/ixmYTE=
# =97ZM
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 01 Aug 2022 06:54:18 AM PDT
# gpg:                using RSA key FD0D5CE67CE0F59A6688268661F38C90919BFF81
# gpg: Good signature from "Corey Minyard <cminyard@mvista.com>" [unknown]
# gpg:                 aka "Corey Minyard <minyard@acm.org>" [unknown]
# gpg:                 aka "Corey Minyard <corey@minyard.net>" [unknown]
# gpg:                 aka "Corey Minyard <minyard@mvista.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FD0D 5CE6 7CE0 F59A 6688  2686 61F3 8C90 919B FF81

* tag 'for-qemu-2022-08-01' of github.com:cminyard/qemu:
  ipmi:smbus: Add a check around a memcpy

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-08-01 08:50:54 -07:00
Cédric Le Goater 398c01da9c aspeed/fby35: Fix owner of the BMC RAM memory region
A MachineState object is used as a owner of the RAM region and this
asserts in memory_region_init_ram() when QEMU is built with
CONFIG_QOM_CAST_DEBUG :

    /* This will assert if owner is neither NULL nor a DeviceState.
     * We only want the owner here for the purposes of defining a
     * unique name for migration. TODO: Ideally we should implement
     * a naming scheme for Objects which are not DeviceStates, in
     * which case we can relax this restriction.
     */
    owner_dev = DEVICE(owner);

Use the BMC and BIC objects as the owners of their memory regions.

Cc: Peter Delevoryas <peter@pjd.dev>
Fixes: 778e14cc5c ("aspeed: Add AST2600 (BMC) to fby35")
Reviewed-by: Peter Delevoryas <peter@pjd.dev>
Message-Id: <20220727102714.803041-3-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-08-01 15:24:15 +02:00
Cédric Le Goater 3867c1c5fd aspeed: Remove unused fields from AspeedMachineState
Fixes: 346160cbf2 ("aspeed: Set the dram container at the SoC level")
Message-Id: <20220727102714.803041-2-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-08-01 15:24:15 +02:00
Mark Cave-Ayland 55794c904d scsi-disk: ensure block size is non-zero and changes limited to bits 8-15
The existing code assumes that the block size can be generated from p[1] << 8
in multiple places which ignores the top and bottom 8 bits. If the block size
is allowed to be set to an arbitrary value then this causes a mismatch
between the value written by the guest in the block descriptor and the value
subsequently read back using READ CAPACITY causing the guest to generate
requests that can crash QEMU.

For now restrict block size changes to bits 8-15 and also ignore requests to
set the block size to 0 which causes the SCSI emulation to crash in at least
one place with a divide by zero error.

Fixes: 356c4c441e ("scsi-disk: allow MODE SELECT block descriptor to set the block size")
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1112
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220730122656.253448-3-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-08-01 15:22:39 +02:00
Mark Cave-Ayland 54a53a006e scsi-disk: fix overflow when block size is not a multiple of BDRV_SECTOR_SIZE
In scsi_disk_emulate_write_same() the number of host sectors to transfer is
calculated as (s->qdev.blocksize / BDRV_SECTOR_SIZE) which is then used to
copy data in block size chunks to the iov buffer.

Since the loop copying the data to the iov buffer uses a fixed increment of
s->qdev.blocksize then using a block size that isn't a multiple of
BDRV_SECTOR_SIZE introduces a rounding error in the iov buffer size calculation
such that the iov buffer copy overflows the space allocated.

Update the iov buffer copy for() loop so that it will use the smallest of either
the current block size or the remaining transfer count to prevent the overflow.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220730122656.253448-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-08-01 15:22:39 +02:00
Corey Minyard 3fde641e72 ipmi:smbus: Add a check around a memcpy
In one case:

  memcpy(sid->inmsg + sid->inlen, buf, len);

if len == 0 then sid->inmsg + sig->inlen can point to one past the inmsg
array if the array is full.  We have to allow len == 0 due to some
vagueness in the spec, but we don't have to call memcpy.

Found by Coverity.  This is not a problem in practice, but the results
are technically (maybe) undefined.  So make Coverity happy.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2022-08-01 06:40:50 -05:00
Klaus Jensen e2e137f642 hw/nvme: do not enable ioeventfd by default
Do not enable ioeventfd by default. Let the feature mature a bit before
we consider enabling it by default.

Fixes: 2e53b0b450 ("hw/nvme: Use ioeventfd to handle doorbell updates")
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Jinhao Fan <fanjinhao21s@ict.ac.cn>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2022-08-01 12:01:21 +02:00
Klaus Jensen 04e8da8890 hw/nvme: unregister the event notifier handler on the main loop
Make sure the notifier handler is unregistered in the main loop prior to
cleaning it up.

Fixes: 2e53b0b450 ("hw/nvme: Use ioeventfd to handle doorbell updates")
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Jinhao Fan <fanjinhao21s@ict.ac.cn>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2022-08-01 12:01:21 +02:00
Klaus Jensen a2da737729 hw/nvme: skip queue processing if notifier is cleared
While it is safe to process the queues when they are empty, skip it if
the event notifier callback was invoked spuriously.

Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Jinhao Fan <fanjinhao21s@ict.ac.cn>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2022-08-01 12:01:21 +02:00
Thomas Huth a07d9df0fd trivial: Fix duplicated words
Some files wrongly contain the same word twice in a row.
One of them should be removed or replaced.

Message-Id: <20220722145859.1952732-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-08-01 11:58:02 +02:00
Daniel P. Berrangé 7a21bee2aa misc: fix commonly doubled up words
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220707163720.1421716-5-berrange@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-08-01 11:58:02 +02:00
Xiaojuan Yang 74725231d6 hw/loongarch: Change macro name 'LS7A_XXX' to 'VIRT_XXX'
Change macro name 'LS7A_XXX' to 'VIRT_XXX', as the loongarch
virt machinue use the GPEX bridge instead of LS7A bridge. So
the macro name should keep consistency.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220729073018.27037-3-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-29 15:07:55 -07:00
Xiaojuan Yang 587858ed0d hw/loongarch: Rename file 'loongson3.XXX' to 'virt.XXX'
1. Rename 'loongson3.c' to 'virt.c' and change the meson.build file.
2. Rename 'loongson3.rst' to 'virt.rst'.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220729073018.27037-2-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-29 15:07:55 -07:00
Richard Henderson 9fac07bea8 * Misc build system bugfixes
* Fix CGA 2-color graphics
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLj1BYUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroO1nQgAoKoT4oiRrHGRPRav5FVHedeVoLgn
 QXqdiB90xB4uoxeCqqEWWdQ/yuGkCrhrBYqlJynM7BLj0ujqsxw5MHsmcN4MKwVH
 9hQQDegpzRcN8yY9/t4vBqxS66Z6Pj8zVTq58FkyTsE5yusayoT2gXINb/Y6iEnm
 sff46kgnXmx0+QiEVkzfuQk4Q4orih554GquOiUUrT0QfVgkTmZr3EIjU0x6urU9
 9Pnr20GB4iK4IdqcDT1y/7viHhRLwzONO/6+7dmod82cxWVwIR3WZlonqOsWBS/F
 Vw6iVWquC7vMm7eS9mh2bZZSkXkczcdegKVE5O4WgpdqXmad4sJtWBgT5g==
 =q27Q
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* Misc build system bugfixes
* Fix CGA 2-color graphics

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLj1BYUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroO1nQgAoKoT4oiRrHGRPRav5FVHedeVoLgn
# QXqdiB90xB4uoxeCqqEWWdQ/yuGkCrhrBYqlJynM7BLj0ujqsxw5MHsmcN4MKwVH
# 9hQQDegpzRcN8yY9/t4vBqxS66Z6Pj8zVTq58FkyTsE5yusayoT2gXINb/Y6iEnm
# sff46kgnXmx0+QiEVkzfuQk4Q4orih554GquOiUUrT0QfVgkTmZr3EIjU0x6urU9
# 9Pnr20GB4iK4IdqcDT1y/7viHhRLwzONO/6+7dmod82cxWVwIR3WZlonqOsWBS/F
# Vw6iVWquC7vMm7eS9mh2bZZSkXkczcdegKVE5O4WgpdqXmad4sJtWBgT5g==
# =q27Q
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 29 Jul 2022 05:35:34 AM PDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  configure: pass correct cflags to container-based cross compilers
  kvm: don't use perror() without useful errno
  configure: Fix ppc container_cross_cc substitution
  stubs: update replay-tools to match replay.h types
  vga: fix incorrect line height in 640x200x2 mode
  ui: dbus-display requires CONFIG_GBM

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-29 08:38:45 -07:00
Richard Henderson cc42559ab1 ppc patch queue for 2022-07-28:
Short queue with 2 Coverity fixes and one fix of the
 'wait' insns that is causing hangs if the guest kernel uses
 the most up to date wait opcode.
 
 - target/ppc:
   - implement new wait variants to fix guest hang when using the new opcode
 - ppc440_uc: initialize length passed to cpu_physical_memory_map()
 - spapr_nvdimm: check if spapr_drc_index() returns NULL
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYuK8VgAKCRA82cqW3gMx
 ZOc7AQDPMsFY9NHNqJ3O0MiX4Qoy8IGUreZ9dzZSS3zT1nxtEAD+Lwl0/aGO+dk+
 +NiIO80A5Agy/0g8PHie4qR3EqHEnwA=
 =Q4eR
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20220728' of https://gitlab.com/danielhb/qemu into staging

ppc patch queue for 2022-07-28:

Short queue with 2 Coverity fixes and one fix of the
'wait' insns that is causing hangs if the guest kernel uses
the most up to date wait opcode.

- target/ppc:
  - implement new wait variants to fix guest hang when using the new opcode
- ppc440_uc: initialize length passed to cpu_physical_memory_map()
- spapr_nvdimm: check if spapr_drc_index() returns NULL

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYuK8VgAKCRA82cqW3gMx
# ZOc7AQDPMsFY9NHNqJ3O0MiX4Qoy8IGUreZ9dzZSS3zT1nxtEAD+Lwl0/aGO+dk+
# +NiIO80A5Agy/0g8PHie4qR3EqHEnwA=
# =Q4eR
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 28 Jul 2022 09:41:58 AM PDT
# gpg:                using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164
# gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 17EB FF99 23D0 1800 AF28  3819 3CD9 CA96 DE03 3164

* tag 'pull-ppc-20220728' of https://gitlab.com/danielhb/qemu:
  target/ppc: Implement new wait variants
  hw/ppc/ppc440_uc: Initialize length passed to cpu_physical_memory_map()
  hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.c

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-28 15:06:42 -07:00
Paolo Bonzini 37e7b86766 vga: fix incorrect line height in 640x200x2 mode
When in CGA modes, QEMU wants to ignore the maximum scan field (bits 0..4) of
the maximum scan length register in the CRTC.  It is not clear why this is
needed---for example, Bochs ignores bit 7 instead.  The issue is that the
CGA modes are not detected correctly, and in particular mode 6 results in
multi_scan==3 according to how SeaBIOS programs it.  The right way to check
for CGA graphics modes is to check whether bit 13 of the address is special
cased by the CRT controller to achieve line interleaving, i.e. whether bit 0
of the CRTC mode control register is clear.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1020
Reported-by: Korneliusz Osmenda <korneliuszo@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-28 15:36:17 +02:00
Peter Maydell eda3f17bcd hw/ppc/ppc440_uc: Initialize length passed to cpu_physical_memory_map()
In dcr_write_dma(), there is code that uses cpu_physical_memory_map()
to implement a DMA transfer.  That function takes a 'plen' argument,
which points to a hwaddr which is used for both input and output: the
caller must set it to the size of the range it wants to map, and on
return it is updated to the actual length mapped. The dcr_write_dma()
code fails to initialize rlen and wlen, so will end up mapping an
unpredictable amount of memory.

Initialize the length values correctly, and check that we managed to
map the entire range before using the fast-path memmove().

This was spotted by Coverity, which points out that we never
initialized the variables before using them.

Fixes: Coverity CID 1487137, 1487150
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220726182341.1888115-2-peter.maydell@linaro.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-28 10:31:54 -03:00
Daniel Henrique Barboza edccf661e6 hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.c
spapr_nvdimm_flush_completion_cb() and flush_worker_cb() are using the
DRC object returned by spapr_drc_index() without checking it for NULL.
In this case we would be dereferencing a NULL pointer when doing
SPAPR_NVDIMM(drc->dev) and PC_DIMM(drc->dev).

This can happen if, during a scm_flush(), the DRC object is wrongly
freed/released (e.g. a bug in another part of the code).
spapr_drc_index() would then return NULL in the callbacks.

Fixes: Coverity CID 1487108, 1487178
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <20220409200856.283076-2-danielhb413@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-28 10:31:54 -03:00
Atish Patra 54f2183630 hw/intc: sifive_plic: Fix multi-socket plic configuraiton
Since commit 40244040a7, multi-socket configuration with plic is
broken as the hartid for second socket is calculated incorrectly.
The hartid stored in addr_config already includes the offset
for the base hartid for that socket. Adding it again would lead
to segfault while creating the plic device for the virt machine.
qdev_connect_gpio_out was also invoked with incorrect number of gpio
lines.

Fixes: 40244040a7 (hw/intc: sifive_plic: Avoid overflowing the addr_config buffer)

Signed-off-by: Atish Patra <atishp@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220723090335.671105-1-atishp@rivosinc.com>
[ Changes by AF:
 - Change the qdev_connect_gpio_out() numbering
]
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-07-28 09:08:44 +10:00
Richard Henderson e5b6555fb8 pc,virtio: fixes
Several fixes. From now on, regression fixes only.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmLgQr8PHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpGUUIAKtNhrnKopGm4LlRpx8zN3Jc1Jo0nb648gaM
 Oyi+Pl8+hpESUhaWN10XDk38/QuPQfIFeR2ZhfYjFTRlZE+n3X9LVlwL8ejjP8KH
 AcWm78Ff/SLA45aMKMmw74pvEDNsoPYTp7TrfeIej5ub8BIXr8+8pqDdIR9WwtWO
 PbhLNXkTT2yLEs6jCVT4/dyh7zivSkrY7G/RVmtUaFe3PgY8fdW2z3+Txz7UIMgw
 CQoGuAucCO5ToBbs2CbT0V5yxY6G5VO6Qd8g0PzDW4M6GsY/Xr5QCnyJe0jTW0d6
 Dcc7UZFAzGNzyQCxHCic9xwTO+ZcJPJlH5TwknunxOb9xwCx4Qs=
 =zN41
 -----END PGP SIGNATURE-----

Merge tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

pc,virtio: fixes

Several fixes. From now on, regression fixes only.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmLgQr8PHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRpGUUIAKtNhrnKopGm4LlRpx8zN3Jc1Jo0nb648gaM
# Oyi+Pl8+hpESUhaWN10XDk38/QuPQfIFeR2ZhfYjFTRlZE+n3X9LVlwL8ejjP8KH
# AcWm78Ff/SLA45aMKMmw74pvEDNsoPYTp7TrfeIej5ub8BIXr8+8pqDdIR9WwtWO
# PbhLNXkTT2yLEs6jCVT4/dyh7zivSkrY7G/RVmtUaFe3PgY8fdW2z3+Txz7UIMgw
# CQoGuAucCO5ToBbs2CbT0V5yxY6G5VO6Qd8g0PzDW4M6GsY/Xr5QCnyJe0jTW0d6
# Dcc7UZFAzGNzyQCxHCic9xwTO+ZcJPJlH5TwknunxOb9xwCx4Qs=
# =zN41
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 26 Jul 2022 12:38:39 PM PDT
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
  hw/virtio/virtio-iommu: Enforce power-of-two notify for both MAP and UNMAP
  i386/pc: restrict AMD only enforcing of 1Tb hole to new machine type
  i386/pc: relocate 4g start to 1T where applicable
  i386/pc: bounds check phys-bits against max used GPA
  i386/pc: factor out device_memory base/size to helper
  i386/pc: handle unitialized mr in pc_get_cxl_range_end()
  i386/pc: factor out cxl range start to helper
  i386/pc: factor out cxl range end to helper
  i386/pc: factor out above-4g end to an helper
  i386/pc: pass pci_hole64_size to pc_memory_init()
  i386/pc: create pci-host qdev prior to pc_memory_init()
  hw/i386: add 4g boundary start to X86MachineState
  hw/cxl: Fix size of constant in interleave granularity function.
  hw/i386/pc: Always place CXL Memory Regions after device_memory
  hw/machine: Clear out left over CXL related pointer from move of state handling to machines.
  acpi/nvdimm: Define trace events for NVDIMM and substitute nvdimm_debug()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-26 12:57:20 -07:00
Jean-Philippe Brucker 0522be9a0c hw/virtio/virtio-iommu: Enforce power-of-two notify for both MAP and UNMAP
Currently we only enforce power-of-two mappings (required by the QEMU
notifier) for UNMAP requests. A MAP request not aligned on a
power-of-two may be successfully handled by VFIO, and then the
corresponding UNMAP notify will fail because it will attempt to split
that mapping. Ensure MAP and UNMAP notifications are consistent.

Fixes: dde3f08b5c ("virtio-iommu: Handle non power of 2 range invalidations")
Reported-by: Tina Zhang <tina.zhang@intel.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-Id: <20220718135636.338264-1-jean-philippe@linaro.org>
Tested-by: Tina Zhang <tina.zhang@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 15:33:29 -04:00
Joao Martins b3e6982b41 i386/pc: restrict AMD only enforcing of 1Tb hole to new machine type
The added enforcing is only relevant in the case of AMD where the
range right before the 1TB is restricted and cannot be DMA mapped
by the kernel consequently leading to IOMMU INVALID_DEVICE_REQUEST
or possibly other kinds of IOMMU events in the AMD IOMMU.

Although, there's a case where it may make sense to disable the
IOVA relocation/validation when migrating from a
non-amd-1tb-aware qemu to one that supports it.

Relocating RAM regions to after the 1Tb hole has consequences for
guest ABI because we are changing the memory mapping, so make
sure that only new machine enforce but not older ones.

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-12-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins 8504f12945 i386/pc: relocate 4g start to 1T where applicable
It is assumed that the whole GPA space is available to be DMA
addressable, within a given address space limit, except for a
tiny region before the 4G. Since Linux v5.4, VFIO validates
whether the selected GPA is indeed valid i.e. not reserved by
IOMMU on behalf of some specific devices or platform-defined
restrictions, and thus failing the ioctl(VFIO_DMA_MAP) with
 -EINVAL.

AMD systems with an IOMMU are examples of such platforms and
particularly may only have these ranges as allowed:

        0000000000000000 - 00000000fedfffff (0      .. 3.982G)
        00000000fef00000 - 000000fcffffffff (3.983G .. 1011.9G)
        0000010000000000 - ffffffffffffffff (1Tb    .. 16Pb[*])

We already account for the 4G hole, albeit if the guest is big
enough we will fail to allocate a guest with  >1010G due to the
~12G hole at the 1Tb boundary, reserved for HyperTransport (HT).

[*] there is another reserved region unrelated to HT that exists
in the 256T boundary in Fam 17h according to Errata #1286,
documeted also in "Open-Source Register Reference for AMD Family
17h Processors (PUB)"

When creating the region above 4G, take into account that on AMD
platforms the HyperTransport range is reserved and hence it
cannot be used either as GPAs. On those cases rather than
establishing the start of ram-above-4g to be 4G, relocate instead
to 1Tb. See AMD IOMMU spec, section 2.1.2 "IOMMU Logical
Topology", for more information on the underlying restriction of
IOVAs.

After accounting for the 1Tb hole on AMD hosts, mtree should
look like:

0000000000000000-000000007fffffff (prio 0, i/o):
         alias ram-below-4g @pc.ram 0000000000000000-000000007fffffff
0000010000000000-000001ff7fffffff (prio 0, i/o):
        alias ram-above-4g @pc.ram 0000000080000000-000000ffffffffff

If the relocation is done or the address space covers it, we
also add the the reserved HT e820 range as reserved.

Default phys-bits on Qemu is TCG_PHYS_ADDR_BITS (40) which is enough
to address 1Tb (0xff ffff ffff). On AMD platforms, if a
ram-above-4g relocation is attempted and the CPU wasn't configured
with a big enough phys-bits, an error message will be printed
due to the maxphysaddr vs maxusedaddr check previously added.

Suggested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-11-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins 1caab5cf86 i386/pc: bounds check phys-bits against max used GPA
Calculate max *used* GPA against the CPU maximum possible address
and error out if the former surprasses the latter. This ensures
max used GPA is reacheable by configured phys-bits. Default phys-bits
on Qemu is TCG_PHYS_ADDR_BITS (40) which is enough for the CPU to
address 1Tb (0xff ffff ffff) or 1010G (0xfc ffff ffff) in AMD hosts
with IOMMU.

This is preparation for AMD guests with >1010G, where it will want relocate
ram-above-4g to be after 1Tb instead of 4G.

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-10-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins 8288a8286d i386/pc: factor out device_memory base/size to helper
Move obtaining hole64_start from device_memory memory region base/size
into an helper alongside correspondent getters in pc_memory_init() when
the hotplug range is unitialized. While doing that remove the memory
region based logic from this newly added helper.

This is the final step that allows pc_pci_hole64_start() to be callable
at the beginning of pc_memory_init() before any memory regions are
initialized.

Cc: Jonathan Cameron <jonathan.cameron@huawei.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-9-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins 1065b21993 i386/pc: handle unitialized mr in pc_get_cxl_range_end()
Remove pc_get_cxl_range_end() dependency on the CXL memory region,
and replace with one that does not require the CXL host_mr to determine
the start of CXL start.

This in preparation to allow pc_pci_hole64_start() to be called early
in pc_memory_init(), handle CXL memory region end when its underlying
memory region isn't yet initialized.

Cc: Jonathan Cameron <jonathan.cameron@huawei.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Message-Id: <20220719170014.27028-8-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins 42bed07127 i386/pc: factor out cxl range start to helper
Factor out the calculation of the base address of the memory region.
It will be used later on for the cxl range end counterpart calculation
and as well in pc_memory_init() CXL memory region initialization, thus
avoiding duplication.

Cc: Jonathan Cameron <jonathan.cameron@huawei.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-7-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins 55668e409b i386/pc: factor out cxl range end to helper
Move calculation of CXL memory region end to separate helper.

This is in preparation to a future change that removes CXL range
dependency on the CXL memory region, with the goal of allowing
pc_pci_hole64_start() to be called before any memory region are
initialized.

Cc: Jonathan Cameron <jonathan.cameron@huawei.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-6-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins 5ff62e2afe i386/pc: factor out above-4g end to an helper
There's a couple of places that seem to duplicate this calculation
of RAM size above the 4G boundary. Move all those to a helper function.

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-5-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins c48eb7a4e8 i386/pc: pass pci_hole64_size to pc_memory_init()
Use the pre-initialized pci-host qdev and fetch the
pci-hole64-size into pc_memory_init() newly added argument.
Use PCI_HOST_PROP_PCI_HOLE64_SIZE pci-host property for
fetching pci-hole64-size.

This is in preparation to determine that host-phys-bits are
enough and for pci-hole64-size to be considered to relocate
ram-above-4g to be at 1T (on AMD platforms).

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-4-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins 4876778749 i386/pc: create pci-host qdev prior to pc_memory_init()
At the start of pc_memory_init() we usually pass a range of
0..UINT64_MAX as pci_memory, when really its 2G (i440fx) or
32G (q35). To get the real user value, we need to get pci-host
passed property for default pci_hole64_size. Thus to get that,
create the qdev prior to memory init to better make estimations
on max used/phys addr.

This is in preparation to determine that host-phys-bits are
enough and also for pci-hole64-size to be considered to relocate
ram-above-4g to be at 1T (on AMD platforms).

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-3-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins 4ab4c33014 hw/i386: add 4g boundary start to X86MachineState
Rather than hardcoding the 4G boundary everywhere, introduce a
X86MachineState field @above_4g_mem_start and use it
accordingly.

This is in preparation for relocating ram-above-4g to be
dynamically start at 1T on AMD platforms.

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-2-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Jonathan Cameron 4a447a710c hw/i386/pc: Always place CXL Memory Regions after device_memory
Previously broken_reserved_end was taken into account, but Igor Mammedov
identified that this could lead to a clash between potential RAM being
mapped in the region and CXL usage. Hence always add the size of the
device_memory memory region.  This only affects the case where the
broken_reserved_end flag was set.

Fixes: 6e4e3ae936 ("hw/cxl/component: Implement host bridge MMIO (8.2.5, table 142)")
Reported-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220701132300.2264-3-Jonathan.Cameron@huawei.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Robert Hoo e4bcec0c3c acpi/nvdimm: Define trace events for NVDIMM and substitute nvdimm_debug()
Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
Reviewed-by: Jingqi Liu <jingqi.liu@intel.com>
Message-Id: <20220704085852.330005-1-robert.hu@linux.intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:37:46 -04:00
Alan Jian 5865d99fe8 hw/display/bcm2835_fb: Fix framebuffer allocation address
This patch fixes the dedicated framebuffer mailbox interface by
removing an unneeded offset.  This means that we pick the framebuffer
address in the same way that we do if the guest code uses the buffer
allocate mechanism of the bcm2835_property interface (case
0x00040001: /* Allocate buffer */ in bcm2835_property.c).

The documentation of this mailbox interface doesn't say anything
about using parts of the request buffer address to affect the
chosen framebuffer address:
https://github.com/raspberrypi/firmware/wiki/Mailbox-framebuffer-interface

Some baremetal applications like the Screen01/Screen02 examples from
Baking Pi tutorial[1] didn't work before this patch.

[1] https://www.cl.cam.ac.uk/projects/raspberrypi/tutorials/os/screen01.html

Signed-off-by: Alan Jian <alanjian85@outlook.com>
Message-id: 20220725145838.8412-1-alanjian85@outlook.com
[PMM: tweaked commit message]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-26 14:09:44 +01:00
Peter Maydell 0d0275c31f -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJi36ocAAoJEO8Ells5jWIRuOYH/jtaDNGTBs/h8A041gQaCMmw
 jufUXHCdKGgmZMpJ/AoCUWx4USdx8hEGSt/j4kvSmIPX+VLuCfLefHDlTxndiWAv
 fnUr4NB7LAz2b5D3d5QX1Np+zHG5mHx95KfDIaWdcz9N1HUHlEOakxTDc2EvR1hF
 yh8g2n5xdvzK5kWvPcNgJpU/ezDumOFo04JndBb4fIqDmZfW3hvJQ3IKiS3P1J9C
 Kbb/usoXGrdoZ9T1R2cqtn1CxrgfMlF2pKJFWzs3nU+ewD9C6oKS4rDQCZxx+JEx
 ZvfnSTUPgBBlT4zqZTTjyFQMQdtis5qK5iAKDEENkqVC1iULPhnM9DN0qxcIoQs=
 =SpWG
 -----END PGP SIGNATURE-----

Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging

# gpg: Signature made Tue 26 Jul 2022 09:47:24 BST
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* tag 'net-pull-request' of https://github.com/jasowang/qemu:
  vdpa: Fix memory listener deletions of iova tree
  vhost: Get vring base from vq, not svq
  e1000e: Fix possible interrupt loss when using MSI

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-26 10:31:02 +01:00
Eugenio Pérez 75a8ce64f6 vdpa: Fix memory listener deletions of iova tree
vhost_vdpa_listener_region_del is always deleting the first iova entry
of the tree, since it's using the needle iova instead of the result's
one.

This was detected using a vga virtual device in the VM using vdpa SVQ.
It makes some extra memory adding and deleting, so the wrong one was
mapped / unmapped. This was undetected before since all the memory was
mappend and unmapped totally without that device, but other conditions
could trigger it too:

* mem_region was with .iova = 0, .translated_addr = (correct GPA).
* iova_tree_find_iova returned right result, but does not update
  mem_region.
* iova_tree_remove always removed region with .iova = 0. Right iova were
  sent to the device.
* Next map will fill the first region with .iova = 0, causing a mapping
  with the same iova and device complains, if the next action is a map.
* Next unmap will cause to try to unmap again iova = 0, causing the
  device to complain that no region was mapped at iova = 0.

Fixes: 34e3c94eda ("vdpa: Add custom IOTLB translations to SVQ")
Reported-by: Lei Yang <leiyang@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-26 16:24:19 +08:00
Eugenio Pérez 2fdac348fd vhost: Get vring base from vq, not svq
The SVQ vring used idx usually match with the guest visible one, as long
as all the guest buffers (GPA) maps to exactly one buffer within qemu's
VA. However, as we can see in virtqueue_map_desc, a single guest buffer
could map to many buffers in SVQ vring.

Also, its also a mistake to rewind them at the source of migration.
Since VirtQueue is able to migrate the inflight descriptors, its
responsability of the destination to perform the rewind just in case it
cannot report the inflight descriptors to the device.

This makes easier to migrate between backends or to recover them in
vhost devices that support set in flight descriptors.

Fixes: 6d0b222666 ("vdpa: Adapt vhost_vdpa_get_vring_base to SVQ")
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-26 16:23:54 +08:00
Ake Koomsin dd0ef12866 e1000e: Fix possible interrupt loss when using MSI
Commit "e1000e: Prevent MSI/MSI-X storms" introduced msi_causes_pending
to prevent interrupt storms problem. It was tested with MSI-X.

In case of MSI, the guest can rely solely on interrupts to clear ICR.
Upon clearing all pending interrupts, msi_causes_pending gets cleared.
However, when e1000e_itr_should_postpone() in e1000e_send_msi() returns
true, MSI never gets fired by e1000e_intrmgr_on_throttling_timer()
because msi_causes_pending is still set. This results in interrupt loss.

To prevent this, we need to clear msi_causes_pending when MSI is going
to get fired by the throttling timer. The guest can then receive
interrupts eventually.

Signed-off-by: Ake Koomsin <ake@igel.co.jp>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-26 16:23:54 +08:00
Erik Abair c2031108c5 nv2a: Cache texture attributes to avoid resetting unnecessarily 2022-07-25 10:44:38 -07:00
Erik Abair 5f306e749e nv2a: Apply texture parameters when reusing textures
Fixes the edge case where a texture is reusable but has modified usage
parameters (e.g., `GL_TEXTURE_WRAP_S`). Prior to this change, texture
parameters would be cached permanently until the texture was recreated.

Fixes #1034
2022-07-25 10:44:38 -07:00
Erik Abair c83b53e09d nv2a: Handles depth borders in 3D bordered textures
3D textures with texture borders have 4 layers of border on either side of the
content layers in addition to the normal 4 pixel border per layer. This change
handles those extra depth layers in roughly the same way that the per-layer
border texels are handled.

Fixes #1171

[Test](https://github.com/abaire/nxdk_pgraph_tests/blob/main/src/tests/texture_border_tests.cpp)
[HW results](https://github.com/abaire/nxdk_pgraph_tests_golden_results/wiki/Results-Texture_border)
2022-07-25 10:02:15 -07:00
Jason A. Donenfeld 67f7e426e5 hw/i386: pass RNG seed via setup_data entry
Tiny machines optimized for fast boot time generally don't use EFI,
which means a random seed has to be supplied some other way. For this
purpose, Linux (≥5.20) supports passing a seed in the setup_data table
with SETUP_RNG_SEED, specially intended for hypervisors, kexec, and
specialized bootloaders. The linked commit shows the upstream kernel
implementation.

At Paolo's request, we don't pass these to versioned machine types ≤7.0.

Link: https://git.kernel.org/tip/tip/c/68b8e9713c8
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Eduardo Habkost <eduardo@habkost.net>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Message-Id: <20220721125636.446842-1-Jason@zx2c4.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-22 19:26:34 +02:00
Jason A. Donenfeld c287941a4d hw/rx: pass random seed to fdt
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This FDT node is part of the DT specification.

Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Message-Id: <20220719122033.135902-1-Jason@zx2c4.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-22 19:01:44 +02:00
Jason A. Donenfeld 5e19cc68fb hw/mips: boston: pass random seed to fdt
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This FDT node is part of the DT specification.

I'd do the same for other MIPS platforms but boston is the only one that
seems to use FDT.

Cc: Paul Burton <paulburton@kernel.org>
Cc: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Message-Id: <20220719120843.134392-1-Jason@zx2c4.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-22 19:01:44 +02:00
Jason A. Donenfeld 6b23a67916 hw/nios2: virt: pass random seed to fdt
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This FDT node is part of the DT specification.

Cc: Chris Wulff <crwulff@gmail.com>
Cc: Marek Vasut <marex@denx.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Message-Id: <20220719120113.118034-1-Jason@zx2c4.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-22 19:01:44 +02:00
Peter Maydell 8ec4bc3c8c -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJi18PHAAoJEO8Ells5jWIRCEQH+wepXDoT6Q56xmUgxVs+hlAD
 CXGy71/cNV08Yu3PTTXo8SYaw+KXxsA9ECgIr2hsfPXarAdoOpJFpZR0HoqIzaXd
 kpD6bvwN8bEEOlAHxKcb6/VM+VYntZBfkH9m1WLGx3fHILazLblyL8w2Hkp7NK9J
 IBpQQ63uU8Xt0+js96Z/sPOKRjrtbKXFT1bhY2CI8MKZpuqNyED0jZYwbNdnRwZN
 fuKbpsaaT4Wxx+mQMg7H7a0e/xx3DNi2F6cAtGLH98WYzbLFgExSSK8G8jnwEVfM
 EKWfU7N4zmokq7jN99yvGzjIzLrnLX6yn/ifSs+lQOzdtCA9zEbotI+CDCVdPs4=
 =9zus
 -----END PGP SIGNATURE-----

Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging

# gpg: Signature made Wed 20 Jul 2022 09:58:47 BST
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* tag 'net-pull-request' of https://github.com/jasowang/qemu: (25 commits)
  net/colo.c: fix segmentation fault when packet is not parsed correctly
  net/colo.c: No need to track conn_list for filter-rewriter
  net/colo: Fix a "double free" crash to clear the conn_list
  softmmu/runstate.c: add RunStateTransition support form COLO to PRELAUNCH
  vdpa: Add x-svq to NetdevVhostVDPAOptions
  vdpa: Add device migration blocker
  vdpa: Extract get features part from vhost_vdpa_get_max_queue_pairs
  vdpa: Buffer CVQ support on shadow virtqueue
  vdpa: manual forward CVQ buffers
  vhost-net-vdpa: add stubs for when no virtio-net device is present
  vdpa: Export vhost_vdpa_dma_map and unmap calls
  vhost: Add svq avail_handler callback
  vhost: add vhost_svq_poll
  vhost: Expose vhost_svq_add
  vhost: add vhost_svq_push_elem
  vhost: Track number of descs in SVQDescState
  vhost: Add SVQDescState
  vhost: Decouple vhost_svq_add from VirtQueueElement
  vhost: Check for queue full at vhost_svq_add
  vhost: Move vhost_svq_kick call to vhost_svq_add
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-20 16:27:57 +01:00
Eugenio Pérez c156d5bf2b vdpa: Add device migration blocker
Since the vhost-vdpa device is exposing _F_LOG, adding a migration blocker if
it uses CVQ.

However, qemu is able to migrate simple devices with no CVQ as long as
they use SVQ. To allow it, add a placeholder error to vhost_vdpa, and
only add to vhost_dev when used. vhost_dev machinery place the migration
blocker if needed.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez bd907ae4b0 vdpa: manual forward CVQ buffers
Do a simple forwarding of CVQ buffers, the same work SVQ could do but
through callbacks. No functional change intended.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez 463ba1e3b8 vdpa: Export vhost_vdpa_dma_map and unmap calls
Shadow CVQ will copy buffers on qemu VA, so we avoid TOCTOU attacks from
the guest that could set a different state in qemu device model and vdpa
device.

To do so, it needs to be able to map these new buffers to the device.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez e966c0b781 vhost: Add svq avail_handler callback
This allows external handlers to be aware of new buffers that the guest
places in the virtqueue.

When this callback is defined the ownership of the guest's virtqueue
element is transferred to the callback. This means that if the user
wants to forward the descriptor it needs to manually inject it. The
callback is also free to process the command by itself and use the
element with svq_push.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez 3f44d13dda vhost: add vhost_svq_poll
It allows the Shadow Control VirtQueue to wait for the device to use the
available buffers.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez d0291f3f28 vhost: Expose vhost_svq_add
This allows external parts of SVQ to forward custom buffers to the
device.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez 432efd144e vhost: add vhost_svq_push_elem
This function allows external SVQ users to return guest's available
buffers.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez ac4cfdc6f3 vhost: Track number of descs in SVQDescState
A guest's buffer continuos on GPA may need multiple descriptors on
qemu's VA, so SVQ should track its length sepparatedly.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez 9e87868fca vhost: Add SVQDescState
This will allow SVQ to add context to the different queue elements.

This patch only store the actual element, no functional change intended.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez 1f46ae65d8 vhost: Decouple vhost_svq_add from VirtQueueElement
VirtQueueElement comes from the guest, but we're heading SVQ to be able
to modify the element presented to the device without the guest's
knowledge.

To do so, make SVQ accept sg buffers directly, instead of using
VirtQueueElement.

Add vhost_svq_add_element to maintain element convenience.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez f20b70eb5a vhost: Check for queue full at vhost_svq_add
The series need to expose vhost_svq_add with full functionality,
including checking for full queue.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez 98b5adef84 vhost: Move vhost_svq_kick call to vhost_svq_add
The series needs to expose vhost_svq_add with full functionality,
including kick

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez d93a2405ca vhost: Reorder vhost_svq_kick
Future code needs to call it from vhost_svq_add.

No functional change intended.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez c381abc37f vdpa: Avoid compiler to squash reads to used idx
In the next patch we will allow busypolling of this value. The compiler
have a running path where shadow_used_idx, last_used_idx, and vring used
idx are not modified within the same thread busypolling.

This was not an issue before since we always cleared device event
notifier before checking it, and that could act as memory barrier.
However, the busypoll needs something similar to kernel READ_ONCE.

Let's add it here, sepparated from the polling.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez 640b8a1c58 virtio-net: Expose ctrl virtqueue logic
This allows external vhost-net devices to modify the state of the
VirtIO device model once the vhost-vdpa device has acknowledged the
control commands.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez 6758c01f05 virtio-net: Expose MAC_TABLE_ENTRIES
vhost-vdpa control virtqueue needs to know the maximum entries supported
by the virtio-net device, so we know if it is possible to apply the
filter.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Eugenio Pérez 009c2549bb vhost: move descriptor translation to vhost_svq_vring_write_descs
It's done for both in and out descriptors so it's better placed here.

Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-20 16:58:08 +08:00
Peter Maydell 68e26e1e81 LoongArch64 patch queue:
Add dockerfile for loongarch cross compile
 Add reference files for float tests.
 Add simple tests for div, mod, clo, fclass, fcmp, pcadd
 Add bios and kernel boot support.
 Add smbios, acpi, and fdt support.
 Fix pch-pic update-irq.
 Fix some errors identified by coverity.
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmLW6SwdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV88GAf8CzH7+dQD80UUI+IZ
 ydt43SgteEftoJJINQW9QwGOk22gSptFGqkKTARFg19yBlw13P/Qj2qnwJVpEE/1
 SoWKCkAMlnxgHKhqvmPqjH/opLSJ1eDuQq3Ok0taaCjJS0uAZiUoz+3k0H3Lf0Yj
 wEusXNqkiHPXmqgTFlJDhOfrOw0ZNU6fbhoSZJ0Wj6f5X11FjxuNn7+CzO0bkfuv
 u+4vJRNTmhcflJUwYFgbjjjvcZhBJhc15WEp+6u8As0v89oci1LjgRNFUgJuI0gh
 1DZh61b0FiDpTq/KsZ/aPdl4nuMoVRJTOOvyHlaVhjWvK0EGI144eKlqvRaA9cX5
 SoHHqA==
 =3mAr
 -----END PGP SIGNATURE-----

Merge tag 'pull-la-20220719' of https://gitlab.com/rth7680/qemu into staging

LoongArch64 patch queue:

Add dockerfile for loongarch cross compile
Add reference files for float tests.
Add simple tests for div, mod, clo, fclass, fcmp, pcadd
Add bios and kernel boot support.
Add smbios, acpi, and fdt support.
Fix pch-pic update-irq.
Fix some errors identified by coverity.

# gpg: Signature made Tue 19 Jul 2022 18:26:04 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-la-20220719' of https://gitlab.com/rth7680/qemu: (21 commits)
  hw/loongarch: Add fdt support
  hw/loongarch: Add acpi ged support
  hw/loongarch: Add smbios support
  hw/loongarch: Add linux kernel booting support
  hw/loongarch: Add uefi bios loading support
  hw/loongarch: Add fw_cfg table support
  tests/tcg/loongarch64: Add pcadd related instructions test
  tests/tcg/loongarch64: Add fp comparison instructions test
  tests/tcg/loongarch64: Add fclass test
  tests/tcg/loongarch64: Add div and mod related instructions test
  tests/tcg/loongarch64: Add clo related instructions test
  tests/tcg/loongarch64: Add float reference files
  target/loongarch: Fix float_convd/float_convs test failing
  fpu/softfloat: Add LoongArch specializations for pickNaN*
  target/loongarch/cpu: Fix cpucfg default value
  target/loongarch/op_helper: Fix coverity cond_at_most error
  target/loongarch/tlb_helper: Fix coverity integer overflow error
  target/loongarch/cpu: Fix coverity errors about excp_names
  hw/intc/loongarch_pch_pic: Fix bugs for update_irq function
  target/loongarch: Fix loongarch_cpu_class_by_name
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-19 22:54:43 +01:00
Xiaojuan Yang fda3f15b00 hw/loongarch: Add fdt support
Add LoongArch flatted device tree, adding cpu device node, firmware cfg node,
pcie node into it, and create fdt rom memory region. Now fdt info is not
full since only uefi bios uses fdt, linux kernel does not use fdt.
Loongarch Linux kernel uses acpi table which is full in qemu virt
machine.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220712083206.4187715-7-yangxiaojuan@loongson.cn>
[rth: Set TARGET_NEED_FDT, add fdt to meson.build]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-19 22:55:10 +05:30
Xiaojuan Yang 735143f10d hw/loongarch: Add acpi ged support
Loongarch virt machine uses general hardware reduces acpi method, rather
than LS7A acpi device. Now only power management function is used in
acpi ged device, memory hotplug will be added later. Also acpi tables
such as RSDP/RSDT/FADT etc.

The acpi table has submited to acpi spec, and will release soon.

Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220712083206.4187715-6-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-19 22:55:10 +05:30
Xiaojuan Yang 3efa6fa1e6 hw/loongarch: Add smbios support
Add smbios support for loongarch virt machine, and put them into fw_cfg
table so that bios can parse them quickly. The weblink of smbios spec:
https://www.dmtf.org/dsp/DSP0134, the version is 3.6.0.

Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220712083206.4187715-5-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-19 22:55:10 +05:30
Xiaojuan Yang fb1cd3a292 hw/loongarch: Add linux kernel booting support
There are two situations to start system by kernel file. If exists bios
option, system will boot from loaded bios file, else system will boot
from hardcoded auxcode, and jump to kernel elf entry.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220712083206.4187715-4-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-19 22:55:10 +05:30
Xiaojuan Yang 98afb0d4e9 hw/loongarch: Add uefi bios loading support
Add uefi bios loading support, now only uefi bios is porting to
loongarch virt machine.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220712083206.4187715-3-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-19 22:55:10 +05:30
Xiaojuan Yang 27ad7564e7 hw/loongarch: Add fw_cfg table support
Add fw_cfg table for loongarch virt machine, including memmap table.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220712083206.4187715-2-yangxiaojuan@loongson.cn>
[rth: Replace fprintf with assert; drop unused return value;
      initialize reserved slot to zero.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-19 22:55:10 +05:30
Peter Maydell d48125de38 ui: dbus-display fix, new gtk config options.
usb: xhci fix, doc updates.
 microvm: no pcie io reservations.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmLWy+IACgkQTLbY7tPo
 cTif4w//fkEiSYavbqYccVdZjomZWPPjKiSJmxvY6KSYeB5V7oHXPLQJmjAzG8d5
 6FipgLcmxSCJ9dzsfeP678Kd3/7toct8faYcjkktLGzlc/U7/goo94bkorAl4Var
 dMGeo0WK+kdR06E5A2R+MVNdigdUoRiI0udCCvDW/o2mce/jB5eQbZVi6tX2yaxx
 I9q6uAmltRU+tIg3qA6KBkZinKdJ3ElikZq5B4n2w78Zfu9exScUuQVws71bFiJe
 z1CzCGzAnzMxA9sdgO0Tne9ibrpRS6F2NFK68dZUEzs7iDCtuPL044zNZnmxPQXB
 +OC4btkKY13YiNgf/Y4aqDp/3No0dRNxyNTHthdRswBGvGuWuPJYb5/w7rnLu/qy
 0+ZTZn3VRy8elbC+vs5ZkED7wm5vhfu1PlEx0zGaQCe5VYv9aEAUU5+I6lrDnj5K
 aV/2EId0tP2Bg2342tOq5OZ2jkZJyaU/RDNjF5AAIuMeZ84B3VPDHRKv2mtAdxjq
 AtNPT26yiiQNY+TCICwFCW5Faxd4t0H9q0Z701dFN6oCA1ysvnDSaaLYGo+tO8cn
 q4jlY9jgO8xQy2n80wcrcMXFMNc7Uv3J4ZuHIRdgnnRvokZ/vVSVFl4g5nGZbab2
 KSVNdu76XexW7lluJJQrHtrjpuup2825/NiFuAMygYMonwnl2/E=
 =EiWf
 -----END PGP SIGNATURE-----

Merge tag 'kraxel-20220719-pull-request' of https://gitlab.com/kraxel/qemu into staging

ui: dbus-display fix, new gtk config options.
usb: xhci fix, doc updates.
microvm: no pcie io reservations.

# gpg: Signature made Tue 19 Jul 2022 16:21:06 BST
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* tag 'kraxel-20220719-pull-request' of https://gitlab.com/kraxel/qemu:
  gtk: Add show_tabs=on|off command line option.
  usb: document pcap (aka usb traffic capture)
  usb: document guest-reset and guest-reset-all
  usb/hcd-xhci: check slotid in xhci_wakeup_endpoint()
  microvm: turn off io reservations for pcie root ports
  dbus-display: fix test race when initializing p2p connection

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-19 17:40:36 +01:00
Xiaojuan Yang 056dac5384 hw/intc/loongarch_pch_pic: Fix bugs for update_irq function
Fix such errors:
1. We should not use 'unsigned long' type as argument when we use
find_first_bit(), and we use ctz64() to replace find_first_bit()
to fix this bug.
2. It is not standard to use '1ULL << irq' to generate a irq mask.
So, we replace it with 'MAKE_64BIT_MASK(irq, 1)'.

Fix coverity CID: 1489761 1489764 1489765

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220715060740.1500628-3-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-19 21:53:58 +05:30
Mauro Matteo Cascella 84218892f0 usb/hcd-xhci: check slotid in xhci_wakeup_endpoint()
This prevents an OOB read (followed by an assertion failure in
xhci_kick_ep) when slotid > xhci->numslots.

Reported-by: Soul Chen <soulchen8650@gmail.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Message-Id: <20220705174734.2348829-1-mcascell@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-07-19 14:36:38 +02:00
Gerd Hoffmann 3ef1497b46 microvm: turn off io reservations for pcie root ports
The pcie host bridge has no io window on microvm,
so io reservations will not work.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20220701091516.43489-1-kraxel@redhat.com>
2022-07-19 14:35:06 +02:00
Peter Maydell f9d9fff72e qemu-sparc queue
-----BEGIN PGP SIGNATURE-----
 
 iQFSBAABCgA8FiEEzGIauY6CIA2RXMnEW8LFb64PMh8FAmLVpoweHG1hcmsuY2F2
 ZS1heWxhbmRAaWxhbmRlLmNvLnVrAAoJEFvCxW+uDzIfyMcH/AtKRIfDYrRd38OU
 IdcCNaDpBekgDQP5uCJhm2rGC2clOsFe8WNxpKCk6bTLnMIz+GnAXBlwpYje5mE9
 qOXlvCVHMfBHCh/z/QMvmVBOWfmaffsw4N9480wel9ofk+ElfS3aokscg0YEo2Rn
 g7vmy4bs8iM56TaJJ3hRLDI3QzaywC7Q9X4RAHolB9O+8/bnZ880zKyIWPQZpn2Q
 VpHIqnpA+gxsr6NA3D/HLEOd7gfuTeGBLwwKLiEwASBDPoUB4rpUsBcYffsHcMtv
 oQFGq80Buo+z6spS64KQAm1nryjpAYXQkeLj8I8cnH3t6uVdNy4DQ48KhcziAWz7
 4+i+Fv4=
 =aBWi
 -----END PGP SIGNATURE-----

Merge tag 'qemu-sparc-20220718' of https://github.com/mcayland/qemu into staging

qemu-sparc queue

# gpg: Signature made Mon 18 Jul 2022 19:29:32 BST
# gpg:                using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg:                issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* tag 'qemu-sparc-20220718' of https://github.com/mcayland/qemu: (40 commits)
  pckbd: remove legacy i8042_mm_init() function
  ps2: remove unused legacy ps2_mouse_init() function
  pckbd: don't use legacy ps2_mouse_init() function
  ps2: remove unused legacy ps2_kbd_init() function
  pckbd: don't use legacy ps2_kbd_init() function
  pckbd: introduce new vmstate_kbd_mmio VMStateDescription for the I8042_MMIO device
  lasips2: update VMStateDescription for LASIPS2 device
  lasips2: don't use legacy ps2_mouse_init() function
  lasips2: don't use legacy ps2_kbd_init() function
  lasips2: switch register memory region to DEVICE_BIG_ENDIAN
  lasips2: standardise on lp name for LASIPS2Port variables
  lasips2: rename LASIPS2Port parent pointer to lasips2
  lasips2: switch to using port-based IRQs
  lasips2: add named input gpio to handle incoming port IRQs
  lasips2: add named input gpio to port for downstream PS2 device IRQ
  lasips2: introduce LASIPS2PortDeviceClass for the LASIPS2_PORT device
  lasips2: introduce port IRQ and new lasips2_port_init() function
  lasips2: rename LASIPS2Port irq field to birq
  lasips2: introduce lasips2_mouse_port_class_init() and lasips2_mouse_port_realize()
  lasips2: introduce lasips2_kbd_port_class_init() and lasips2_kbd_port_realize()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-19 09:57:13 +01:00
Erik Abair 248fc788c1 nv2a: Ignore pitch check for swizzled textures 2022-07-18 18:03:48 -07:00
Erik Abair 1e221e8da9 nv2a: Fallback to recreating texture on surface size mismatch.
There is no requirement that a surface and texture using the same VRAM address
match with respect to size (in particular pitch). This change prevents
incorrect reuse of a surface binding in the event that the texture size does
not match.

Fixes #1127
2022-07-18 11:33:53 -07:00
Mark Cave-Ayland b704d63d09 pckbd: remove legacy i8042_mm_init() function
This legacy function is only used during the initialisation of the MIPS magnum
machine, so inline its functionality directly into mips_jazz_init() and then
remove it.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-41-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 46e9783fbe ps2: remove unused legacy ps2_mouse_init() function
Now that the legacy ps2_mouse_init() function is no longer used, it can be completely
removed along with its associated trace-event.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-40-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 9d1a425037 pckbd: don't use legacy ps2_mouse_init() function
Instantiate the PS2 mouse device within KBDState using
object_initialize_child() in i8042_initfn() and i8042_mmio_init() and realize
it in i8042_realizefn() and i8042_mmio_realize() accordingly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-39-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 5e8312ab8e ps2: remove unused legacy ps2_kbd_init() function
Now that the legacy ps2_kbd_init() function is no longer used, it can be completely
removed along with its associated trace-event.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-38-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 652fbff420 pckbd: don't use legacy ps2_kbd_init() function
Instantiate the PS2 keyboard device within KBDState using
object_initialize_child() in i8042_initfn() and i8042_mmio_init() and realize
it in i8042_realizefn() and i8042_mmio_realize() accordingly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-37-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland abcacb20f7 pckbd: introduce new vmstate_kbd_mmio VMStateDescription for the I8042_MMIO device
This enables us to register the VMStateDescription using the DeviceClass vmsd
property rather than having to call vmstate_register() from i8042_mmio_realize().

Note that this is a migration break for the MIPS magnum machine which is the only
user of the I8042_MMIO device.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-36-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 1b7bd0abe9 lasips2: update VMStateDescription for LASIPS2 device
Since this series has already introduced a migration break for the HPPA B160L
machine, we can use this opportunity to improve the VMStateDescription for
the LASIPS2 device.

Add the new int_status field to the VMStateDescription and remodel the ports
as separate VMSTATE_STRUCT instances representing each LASIPS2Port. Once this
is done, the migration stream can be updated to include buf and loopback_rbne
for each port (which is necessary since the values are accessed across separate
IO accesses), and drop the port id as this is hardcoded for each port type.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Message-Id: <20220712215251.7944-35-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland d316983c7f lasips2: don't use legacy ps2_mouse_init() function
Instantiate the PS2 mouse device within LASIPS2MousePort using
object_initialize_child() in lasips2_mouse_port_init() and realize it in
lasips2_mouse_port_realize() accordingly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-34-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland e2b50aea03 lasips2: don't use legacy ps2_kbd_init() function
Instantiate the PS2 keyboard device within LASIPS2KbdPort using
object_initialize_child() in lasips2_kbd_port_init() and realize it in
lasips2_kbd_port_realize() accordingly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-33-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 2ee1b52db1 lasips2: switch register memory region to DEVICE_BIG_ENDIAN
The LASI device (and so also the LASIPS2 device) are only used for the HPPA
B160L machine which is a big endian architecture.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-32-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 902691d439 lasips2: standardise on lp name for LASIPS2Port variables
This is shorter to type and keeps the naming convention consistent within the
LASIPS2 device.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-31-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 01f6c54626 lasips2: rename LASIPS2Port parent pointer to lasips2
This makes it clearer that the pointer is a reference to the LASIPS2 container
device rather than an implied part of the QOM hierarchy.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-30-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 212a300303 lasips2: switch to using port-based IRQs
Now we can implement port-based IRQs by wiring the PS2 device IRQs to the
LASI2Port named input gpios rather than directly to the LASIPS2 device, and
generate the LASIPS2 output IRQ from the int_status bitmap representing the
individual port IRQs instead of the birq boolean.

This enables us to remove the separate PS2 keyboard and PS2 mouse named input
gpios from the LASIPS2 device and simplify the register implementation to
drive the port IRQ using qemu_set_irq() rather than accessing the LASIPS2
device IRQs directly. As a consequence the IRQ level logic in lasips2_set_irq()
can also be simplified accordingly.

For now this patch ignores adding the int_status bitmap and simply drops the
birq boolean from the vmstate_lasips2 VMStateDescription. This is because the
migration stream is already missing some required LASIPS2 fields, and as this
series already introduces a migration break for the lasips2 device it is
easiest to fix this in a follow-up patch.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Message-Id: <20220712215251.7944-29-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland ca735a81b2 lasips2: add named input gpio to handle incoming port IRQs
The LASIPS2 device named input gpio is soon to be connected to the port output
IRQs. Add a new int_status field to LASIPS2State which is a bitmap representing
the port input IRQ status which will be enabled in the next patch.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Message-Id: <20220712215251.7944-28-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland d0af5d6a40 lasips2: add named input gpio to port for downstream PS2 device IRQ
The named input gpio is to be connected to the IRQ output of the downstream
PS2 device and used to drive the port IRQ. Initialise the named input gpio
in lasips2_port_init() and add new lasips2_port_class_init() and
lasips2_port_realize() functions to connect the PS2 device output gpio to
the new named input gpio.

Note that the reference to lasips2_port_realize() is stored in
LASIPS2PortDeviceClass but not yet used.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-27-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 62201e4336 lasips2: introduce LASIPS2PortDeviceClass for the LASIPS2_PORT device
This will soon be used to store the reference to the LASIPS2_PORT parent device
for LASIPS2_KBD_PORT and LASIPS2_MOUSE_PORT.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-26-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 8db817be78 lasips2: introduce port IRQ and new lasips2_port_init() function
Introduce a new lasips2_port_init() QOM init function for the LASIPS2_PORT type
and use it to initialise a new gpio for use as a port IRQ. Add a new qemu_irq
representing the gpio as a new irq field within LASIPS2Port.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-25-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland c553d6c054 lasips2: rename LASIPS2Port irq field to birq
The existing boolean irq field in LASIPS2Port will soon be replaced by a proper
qemu_irq, so rename the field to birq to allow the upcoming qemu_irq to use the
irq name.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-24-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 8d490f8d25 lasips2: introduce lasips2_mouse_port_class_init() and lasips2_mouse_port_realize()
Introduce a new lasips2_mouse_port_class_init() function which uses a new
lasips2_mouse_port_realize() function to initialise the PS2 mouse device.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-23-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland b41eee940f lasips2: introduce lasips2_kbd_port_class_init() and lasips2_kbd_port_realize()
Introduce a new lasips2_kbd_port_class_init() function which uses a new
lasips2_kbd_port_realize() function to initialise the PS2 keyboard device.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-22-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland a088ce9b4b lasips2: move mouse port initialisation to new lasips2_mouse_port_init() function
Move the initialisation of the mouse port from lasips2_init() to
a new lasips2_mouse_port_init() function which will be invoked using
object_initialize_child() during the LASIPS2 device init.

Update LASIPS2State so that it now holds the new LASIPS2MousePort child object and
ensure that it is realised in lasips2_realize().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-21-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland b7047733dc lasips2: move keyboard port initialisation to new lasips2_kbd_port_init() function
Move the initialisation of the keyboard port from lasips2_init() to
a new lasips2_kbd_port_init() function which will be invoked using
object_initialize_child() during the LASIPS2 device init.

Update LASIPS2State so that it now holds the new LASIPS2KbdPort child object and
ensure that it is realised in lasips2_realize().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-20-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland cb5827cee3 lasips2: introduce new LASIPS2_MOUSE_PORT QOM type
This will be soon be used to hold the underlying PS2_MOUSE_DEVICE object.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-19-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland ef90a06f99 lasips2: introduce new LASIPS2_KBD_PORT QOM type
This will be soon be used to hold the underlying PS2_KBD_DEVICE object.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-18-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland f8d89a7da4 lasips2: QOMify LASIPS2Port
This becomes an abstract QOM type which will be a parent type for separate
keyboard and mouse port types.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-17-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland f4907cb5cf lasips2: change LASIPS2State dev pointer from void to PS2State
This allows the compiler to enforce that the PS2 device pointer is always of
type PS2State. Update the name of the pointer from dev to ps2dev to emphasise
this type change.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-16-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 92bd278c3b lasips2: remove legacy lasips2_initfn() function
There is only one user of the legacy lasips2_initfn() function which is in
machine_hppa_init(), so inline its functionality into machine_hppa_init() and
then remove it.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-15-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 4040ee5bdd lasips2: remove the qdev base property and the lasips2_properties array
The base property was only needed for use by vmstate_register() in order to
preserve migration compatibility. Now that the lasips2 migration state is
registered through the DeviceClass vmsd field, the base property and also
the lasips2_properties array can be removed completely as they are no longer
required.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-14-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 17b8013acb lasips2: don't use vmstate_register() in lasips2_realize()
Since lasips2 is a qdev device then vmstate_ps2_mouse can be registered using
the DeviceClass vmsd field instead.

Note that due to the use of the base parameter in the original vmstate_register()
function call, this is actually a migration break for the HPPA B160L machine.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-13-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 6f9f245b93 pl050: don't use legacy ps2_mouse_init() function
Instantiate the PS2 mouse device within PL050MouseState using
object_initialize_child() in pl050_mouse_init() and realize it in
pl050_mouse_realize() accordingly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-12-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:46 +01:00
Mark Cave-Ayland 6a05d0b3d1 pl050: don't use legacy ps2_kbd_init() function
Instantiate the PS2 keyboard device within PL050KbdState using
object_initialize_child() in pl050_kbd_init() and realize it in
pl050_kbd_realize() accordingly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-11-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:45 +01:00
Mark Cave-Ayland 5b0138b314 pl050: introduce pl050_mouse_class_init() and pl050_mouse_realize()
Introduce a new pl050_mouse_class_init() function containing a call to
device_class_set_parent_realize() which calls a new pl050_mouse_realize()
function to initialise the PS2 mouse device.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-10-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:45 +01:00
Mark Cave-Ayland 87efd2829b pl050: introduce pl050_kbd_class_init() and pl050_kbd_realize()
Introduce a new pl050_kbd_class_init() function containing a call to
device_class_set_parent_realize() which calls a new pl050_kbd_realize()
function to initialise the PS2 keyboard device.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-9-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:45 +01:00
Mark Cave-Ayland 475a4d463b pl050: introduce PL050DeviceClass for the PL050 device
This will soon be used to store the reference to the PL050 parent device
for PL050_KBD_DEVICE and PL050_MOUSE_DEVICE.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-8-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:45 +01:00
Mark Cave-Ayland 3d5e0995ce pl050: move logic from pl050_realize() to pl050_init()
The logic for initialising the register memory region and the sysbus output IRQ
does not depend upon any device properties and so can be moved from
pl050_realize() to pl050_init().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-7-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:45 +01:00
Mark Cave-Ayland 0a3c1e1bf8 pl050: introduce new PL050_MOUSE_DEVICE QOM type
This will be soon be used to hold the underlying PS2_MOUSE_DEVICE object.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-6-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:45 +01:00
Mark Cave-Ayland 1d59315d97 pl050: introduce new PL050_KBD_DEVICE QOM type
This will be soon be used to hold the underlying PS2_KBD_DEVICE object.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-5-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:45 +01:00
Mark Cave-Ayland 33e0958e7e pl050: change PL050State dev pointer from void to PS2State
This allows the compiler to enforce that the PS2 device pointer is always of
type PS2State. Update the name of the pointer from dev to ps2dev to emphasise
this type change.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-4-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:45 +01:00
Mark Cave-Ayland b6c575d8d6 pl050: rename pl050_keyboard_init() to pl050_kbd_init()
This is for consistency with all of the other devices that use the PS2 keyboard
device.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-3-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:45 +01:00
Mark Cave-Ayland bce0e9c1ec pl050: move PL050State from pl050.c to new pl050.h header file
This allows the QOM types in pl050.c to be used elsewhere by simply including
pl050.h.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220712215251.7944-2-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-07-18 19:28:45 +01:00
Erik Abair ea0a906707 nv2a: Handle value in NV_PVIDEO_STOP writes
Interprets the value written to the `NV_PVIDEO_STOP` register in a manner more
consistent with hardware. Specifically, if the low bit of the value is not set,
the PVIDEO overlay should remain active.

Fixes #1049

[Test](https://github.com/abaire/nxdk_pgraph_tests/blob/main/src/tests/pvideo_tests.cpp)
Note that, as this is testing video behavior, this test is interactive and
the value passed to the final SetPvideoStop call needs to be mutated and the
behavior observed.
2022-07-18 11:14:15 -07:00
Erik Abair f29c2ff42c nv2a: Handle PVIDEO ds_dx and dt_dy registers
ds_dx and dt_dy describe how the PVIDEO content should be scaled to fit the
output area. Each is calculated via `((in - 1) << 20) / (out - 1)`, this
commit calculates the full frame scale (in / out) and applies that when
determining the texture coordinates for the overlay.
2022-07-18 10:59:08 -07:00
Erik Abair 9fd957d950 nv2a: Add hack for NV_PVIDEO_SIZE_IN sentinel 2022-07-18 10:59:08 -07:00
Erik Abair a675666051 nv2a: Handle SIZE_IN > SIZE_OUT case
`NV_PVIDEO_SIZE_IN` is set to 0xFFFFFFFF during initialization and teardown
of the PVIDEO overlay. In some cases this can happen before the overlay is
explicitly stopped, leading to an assert. On hardware SIZE_IN values larger
than SIZE_OUT are capped (content is not scaled).

Fixes #330

[Test](https://github.com/abaire/nxdk_pgraph_tests/blob/main/src/tests/pvideo_tests.cpp)
2022-07-18 10:59:08 -07:00
Leandro Lupori 3c2e80ad2f ppc: Check partition and process table alignment
Check if partition and process tables are properly aligned, in
their size, according to PowerISA 3.1B, Book III 6.7.6 programming
note. Hardware and KVM also raise an exception in these cases.

Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Message-Id: <20220628133959.15131-2-leandro.lupori@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Jason A. Donenfeld c4b075318e hw/ppc: pass random seed to fdt
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This is confirmed to successfully initialize the
RNG on Linux 5.19-rc6. The rng-seed node is part of the DT spec. Set
this on the paravirt platforms, spapr and e500, just as is done on other
architectures with paravirt hardware.

Cc: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220712135114.289855-1-Jason@zx2c4.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Cédric Le Goater 5e66cd0c78 ppc/e500: Allocate IRQ lines with qdev_init_gpio_in()
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220705145814.461723-5-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Cédric Le Goater 0f3e0c6fd3 ppc/6xx: Allocate IRQ lines with qdev_init_gpio_in()
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220705145814.461723-4-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Cédric Le Goater 47b60fc625 ppc/40x: Allocate IRQ lines with qdev_init_gpio_in()
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220705145814.461723-3-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Cédric Le Goater 9fd0122e7d ppc64: Allocate IRQ lines with qdev_init_gpio_in()
This replaces the IRQ array 'irq_inputs' with GPIO lines, the goal
being to remove 'irq_inputs' when all CPUs have been converted.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220705145814.461723-2-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Andrey Makarov 004c8a8bc5 Align Raspberry Pi DMA interrupts with Linux DTS
There is nothing in the specs on DMA engine interrupt lines: it should have
been in the "BCM2835 ARM Peripherals" datasheet but the appropriate
"ARM peripherals interrupt table" (p.113) is nearly empty.

All Raspberry Pi models 1-3 (based on bcm2835) have
Linux device tree (arch/arm/boot/dts/bcm2835-common.dtsi +25):

    /* dma channel 11-14 share one irq */

This information is repeated in the driver code
(drivers/dma/bcm2835-dma.c +1344):

    /*
     * in case of channel >= 11
     * use the 11th interrupt and that is shared
     */

In this patch channels 0--10 and 11--14 are handled separately.

Signed-off-by: Andrey Makarov <andrey.makarov@auriga.com>
Message-id: 20220716113210.349153-1-andrey.makarov@auriga.com
[PMM: fixed checkpatch nits]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 13:25:13 +01:00
Hao Wu 99638ba9d8 hw/adc: Make adci[*] R/W in NPCM7XX ADC
Our sensor test requires both reading and writing from a sensor's
QOM property. So we need to make the input of ADC module R/W instead
of write only for that to work.

Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Titus Rwantare <titusr@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220714182836.89602-5-wuhaotsh@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 13:20:14 +01:00
Hao Wu 4a84e85413 hw/adc: Fix CONV bit in NPCM7XX ADC CON register
The correct bit for the CONV bit in NPCM7XX ADC is bit 13. This patch
fixes that in the module, and also lower the IRQ when the guest
is done handling an interrupt event from the ADC module.

Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Patrick Venture<venture@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220714182836.89602-4-wuhaotsh@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 13:20:14 +01:00
Peter Maydell 9d5a9ae962 hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ that is being held high
In the M-profile Arm ARM, rule R_CVJS defines when an interrupt should
be set to the Pending state:
 A) when the input line is high and the interrupt is not Active
 B) when the input line transitions from low to high and the interrupt
    is Active
(Note that the first of these is an ongoing condition, and the
second is a point-in-time event.)

This can be rephrased as:
 1 when the line goes from low to high, set Pending
 2 when Active goes from 1 to 0, if line is high then set Pending
 3 ignore attempts to clear Pending when the line is high
   and Active is 0

where 1 covers both B and one of the "transition into condition A"
cases, 2 deals with the other "transition into condition A"
possibility, and 3 is "don't drop Pending if we're already in
condition A".  Transitions out of condition A don't affect Pending
state.

We handle case 1 in set_irq_level(). For an interrupt (as opposed
to other kinds of exception) the only place where we clear Active
is in armv7m_nvic_complete_irq(), where we handle case 2 by
checking for whether we need to re-pend the exception. For case 3,
the only places where we clear Pending state on an interrupt are in
armv7m_nvic_acknowledge_irq() (where we are setting Active so it
doesn't count) and for writes to NVIC_ICPRn.

It is the "write to NVIC_ICPRn" case that we missed: we must ignore
this if the input line is high and the interrupt is not Active.
(This required behaviour is differently and perhaps more clearly
stated in the v7M Arm ARM, which has pseudocode in section B3.4.1
that implies it.)

Reported-by: Igor Kotrasiński <i.kotrasinsk@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220628154724.3297442-1-peter.maydell@linaro.org
2022-07-18 13:20:09 +01:00
Peter Maydell 0ebf76aae5 hw/nvme updates
performance improvements by Jinhao
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * shadow doorbells
 * ioeventfd
 
 plus some misc fixes (Darren, Niklas).
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmLRKGwACgkQTeGvMW1P
 Deki7Af9Hg0ltW9RyxzUtYB5hwaMpgrHHcViBoLK8mt7wa5hh5luFb1P3/+yltUG
 LU/cws93mq3jDy30dKnVa5+xugDmuEy470OxjJPCivLEpV6qpONulp+iHFIKim4N
 kPXX8K1R4XVTVvCFFpmub6GUCFZpXRVW9uPAAL96BzaSjEK7K+5H3boJ7HfT5YUY
 Tx9LuPQUcIUHViF/4wNU0Sqx15PoOOjHqSnA3EjCDCscqPkbhaoEoyI5Pk+BMxzf
 tElNh/ffP5x0BSaKOofdtW+iHaxlSgPJ6IA0W9dwXJyRCvoaa9near2iGXDa6PEA
 bRpQpudzIkL3Swfgcm4D+N7NQbCSOg==
 =Wg5B
 -----END PGP SIGNATURE-----

Merge tag 'nvme-next-pull-request' of git://git.infradead.org/qemu-nvme into staging

hw/nvme updates

performance improvements by Jinhao
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* shadow doorbells
* ioeventfd

plus some misc fixes (Darren, Niklas).

# gpg: Signature made Fri 15 Jul 2022 09:42:20 BST
# gpg:                using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9

* tag 'nvme-next-pull-request' of git://git.infradead.org/qemu-nvme:
  hw/nvme: Use ioeventfd to handle doorbell updates
  nvme: Fix misleading macro when mixed with ternary operator
  hw/nvme: force nvme-ns param 'shared' to false if no nvme-subsys node
  hw/nvme: fix example serial in documentation
  hw/nvme: Add trace events for shadow doorbell buffer
  hw/nvme: Implement shadow doorbell buffer support

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-15 15:38:13 +01:00
Peter Maydell 44bfcf628b aspeed queue:
* New ISL69259 device model
 * New fby35 multi-SoC machine (AST1030 BIC + AST2600 BMC)
 * Aspeed GPIO fixes
 * Extension of m25p80 with write protect bits
 * More avocado tests using the Aspeed SDK
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmLQJ/kACgkQUaNDx8/7
 7KFO5BAAkqiSSQ9G3ihI51ET3+inihrw9wmN7FX5eMOxj8csLz1UbKOJ/YtjXvgt
 whfY5/iugVveUW+/X1xZmHbydec24f/umSpqqCtkPkIwCgvN4gjQAriXTK4qqx7g
 pCZoWxYeHsR19r985y//I+wFPB//Dd3Ac/1BgA4m0tdy/bK3MPLV2ocDe8d09Yfe
 wDYAFby4q8raKzMkJMibP7/phIg4hyguNAYtkSUsJChnXjK8/2ymsjlx7Xz+N1Gp
 Fynv9vaFiYOEvmDTPqbs7XMs3Qc+Sjz2RsxgaEdSI4pLk8H8hhgVueYE1ctWlpkI
 7q/g5KjXZsq6eKxNYDqU+ysY+vjdLZmO1tEmolgR+k4C+ladUYSBaI1XiGJjCmpb
 6vkM2ls1sgmb6C24e8vP64Jp/AgT6Qg7OW1Db3VcpBbQirf9SqtkXezgseOrsnXm
 Ni1uQF9NwUiRUWTA/bK4y/pSYNItoQ4KkeoAWPsiEm0d4Pezk2X+EMjJcCTQw9Zx
 BFtDxi/3rWB3imvhizynT93+rtNH7Z74kiI7iZGbZr6L2XhpEUlwoo+EOaeb4XAS
 ZEuR+kBNUMR9k4YhyF0DlvN61SuD703SdXCROsUq3EzCgza24JM4bl2IMSyv9Wdj
 DCL6yYEyf8FsJ9+KtK8A1uXc2yDcV4iGfEqOReTB5+k99ICzgEg=
 =faie
 -----END PGP SIGNATURE-----

Merge tag 'pull-aspeed-20220714' of https://github.com/legoater/qemu into staging

aspeed queue:

* New ISL69259 device model
* New fby35 multi-SoC machine (AST1030 BIC + AST2600 BMC)
* Aspeed GPIO fixes
* Extension of m25p80 with write protect bits
* More avocado tests using the Aspeed SDK

# gpg: Signature made Thu 14 Jul 2022 15:28:09 BST
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-aspeed-20220714' of https://github.com/legoater/qemu:
  aspeed: Add fby35-bmc slot GPIO's
  hw/gpio/aspeed: Don't let guests modify input pins
  qtest/aspeed_gpio: Add input pin modification test
  hw: m25p80: add tests for BP and TB bit write protect
  hw: m25p80: Add Block Protect and Top Bottom bits for write protect
  test/avocado/machine_aspeed.py: Add SDK tests
  docs: aspeed: Minor updates
  docs: aspeed: Add fby35 multi-SoC machine section
  aspeed: Add AST1030 (BIC) to fby35
  aspeed: fby35: Add a bootrom for the BMC
  aspeed: Add AST2600 (BMC) to fby35
  aspeed: Add fby35 skeleton
  aspeed: Make aspeed_board_init_flashes public
  aspeed: Refactor UART init for multi-SoC machines
  aspeed: Create SRAM name from first CPU index
  hw/sensor: Add Renesas ISL69259 device model
  hw/sensor: Add IC_DEVICE_ID to ISL voltage regulators
  hw/i2c/pmbus: Add idle state to return 0xff's
  aspeed: sbc: Allow per-machine settings

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-15 11:33:39 +01:00
Jinhao Fan 2e53b0b450 hw/nvme: Use ioeventfd to handle doorbell updates
Add property "ioeventfd" which is enabled by default. When this is
enabled, updates on the doorbell registers will cause KVM to signal
an event to the QEMU main loop to handle the doorbell updates.
Therefore, instead of letting the vcpu thread run both guest VM and
IO emulation, we now use the main loop thread to do IO emulation and
thus the vcpu thread has more cycles for the guest VM.

Since ioeventfd does not tell us the exact value that is written, it is
only useful when shadow doorbell buffer is enabled, where we check
for the value in the shadow doorbell buffer when we get the doorbell
update event.

IOPS comparison on Linux 5.19-rc2: (Unit: KIOPS)

qd           1   4  16  64
qemu        35 121 176 153
ioeventfd   41 133 258 313

Changes since v3:
 - Do not deregister ioeventfd when it was not enabled on a SQ/CQ

Signed-off-by: Jinhao Fan <fanjinhao21s@ict.ac.cn>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2022-07-15 10:40:33 +02:00
Niklas Cassel dfa82ac201 hw/nvme: force nvme-ns param 'shared' to false if no nvme-subsys node
Since commit 916b0f0b52 ("hw/nvme: change nvme-ns 'shared' default")
the default value of nvme-ns param 'shared' is set to true, regardless
if there is a nvme-subsys node or not.

On a system without a nvme-subsys node, a namespace will never be able
to be attached to more than one controller, so for this configuration,
it is counterintuitive for this parameter to be set by default.

Force the nvme-ns param 'shared' to false for configurations where
there is no nvme-subsys node, as the namespace will never be able to
attach to more than one controller anyway.

Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2022-07-15 10:40:33 +02:00
Jinhao Fan 387350d5f4 hw/nvme: Add trace events for shadow doorbell buffer
When shadow doorbell buffer is enabled, doorbell registers are lazily
updated. The actual queue head and tail pointers are stored in Shadow
Doorbell buffers.

Add trace events for updates on the Shadow Doorbell buffers and EventIdx
buffers. Also add trace event for the Doorbell Buffer Config command.

Signed-off-by: Jinhao Fan <fanjinhao21s@ict.ac.cn>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
[k.jensen: rebased]
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2022-07-15 10:40:33 +02:00
Jinhao Fan 3f7fe8de3d hw/nvme: Implement shadow doorbell buffer support
Implement Doorbel Buffer Config command (Section 5.7 in NVMe Spec 1.3)
and Shadow Doorbel buffer & EventIdx buffer handling logic (Section 7.13
in NVMe Spec 1.3). For queues created before the Doorbell Buffer Config
command, the nvme_dbbuf_config function tries to associate each existing
SQ and CQ with its Shadow Doorbel buffer and EventIdx buffer address.
Queues created after the Doorbell Buffer Config command will have the
doorbell buffers associated with them when they are initialized.

In nvme_process_sq and nvme_post_cqe, proactively check for Shadow
Doorbell buffer changes instead of wait for doorbell register changes.
This reduces the number of MMIOs.

In nvme_process_db(), update the shadow doorbell buffer value with
the doorbell register value if it is the admin queue. This is a hack
since hosts like Linux NVMe driver and SPDK do not use shadow
doorbell buffer for the admin queue. Copying the doorbell register
value to the shadow doorbell buffer allows us to support these hosts
as well as spec-compliant hosts that use shadow doorbell buffer for
the admin queue.

Signed-off-by: Jinhao Fan <fanjinhao21s@ict.ac.cn>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
[k.jensen: rebased]
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2022-07-15 10:40:33 +02:00
Peter Maydell 285f64fcbf * SCSI fuzzing fix (Mauro)
* pre-install data files in the build directory (Akihiko)
 * SCSI fixes for Mac OS (Mark)
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLO3bQUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroNv5AgAgGe8hGOcqJSzmFgeUJ7UEaauap6E
 fF4zau8Xux7R6pnvPe2FeJ70AlvstFAUoU++7G3linQ+eqnFD7E18KQkfp9qX7jY
 xDFPJRf6JNhwDjxQ2Tp0ShOcm5HkDv4Z4cPlx0T+wfKTlUWCzNEkhVrjOhpDYnSe
 OldsdFjY0sUjZ1R/QNiuQ65aWwOr9gJ07KfakJQMX2YCMun6SO3kB/GtmyecTV3C
 uNAUIdqJLsEbR1ckdMVVmixhtzMPW2R7/vjJkxG8RXUAcDmDHkuKPhWKyZ9a7/hh
 CV8iMQMup6mgT8ndb5DWv551Y+C/rA1bH9U1NkaeQ9RP83CE4a6fpSMiiQ==
 =82zT
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* SCSI fuzzing fix (Mauro)
* pre-install data files in the build directory (Akihiko)
* SCSI fixes for Mac OS (Mark)

# gpg: Signature made Wed 13 Jul 2022 15:59:00 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  pc-bios/s390-ccw: add -Wno-array-bounds
  q800: add default vendor and product information for scsi-cd devices
  q800: add default vendor and product information for scsi-hd devices
  scsi-disk: allow MODE SELECT block descriptor to set the block size
  scsi-disk: allow the MODE_PAGE_R_W_ERROR AWRE bit to be changeable for CDROM drives
  q800: implement compat_props to enable quirk_mode_page_truncated for scsi-cd devices
  scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED quirk for Macintosh
  scsi-disk: add FORMAT UNIT command
  q800: implement compat_props to enable quirk_mode_page_vendor_specific_apple for scsi devices
  scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE quirk for Macintosh
  q800: implement compat_props to enable quirk_mode_sense_rom_use_dbd for scsi-cd devices
  scsi-disk: add SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD quirk for Macintosh
  q800: implement compat_props to enable quirk_mode_page_apple_vendor for scsi-cd devices
  scsi-disk: add MODE_PAGE_APPLE_VENDOR quirk for Macintosh
  scsi-disk: add new quirks bitmap to SCSIDiskState
  meson: Prefix each element of firmware path
  module: Use bundle mechanism
  datadir: Use bundle mechanism
  cutils: Introduce bundle mechanism
  scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-14 18:14:12 +01:00
Peter Delevoryas f041855830 aspeed: Add fby35-bmc slot GPIO's
Signed-off-by: Peter Delevoryas <peter@pjd.dev>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220712023219.41065-4-peter@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Peter Delevoryas 1f30db922c hw/gpio/aspeed: Don't let guests modify input pins
Up until now, guests could modify input pins by overwriting the data
value register. The guest OS should only be allowed to modify output pin
values, and the QOM property setter should only be permitted to modify
input pins.

This change also updates the gpio input pin test to match this
expectation.

Andrew suggested this particularly refactoring here:

    https://lore.kernel.org/qemu-devel/23523aa1-ba81-412b-92cc-8174faba3612@www.fastmail.com/

Suggested-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Peter Delevoryas <peter@pjd.dev>
Fixes: 4b7f956862 ("hw/gpio: Add basic Aspeed GPIO model for AST2400 and AST2500")
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220712023219.41065-3-peter@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Iris Chen 2113a12897 hw: m25p80: Add Block Protect and Top Bottom bits for write protect
Signed-off-by: Iris Chen <irischenlj@fb.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-Id: <20220708164552.3462620-1-irischenlj@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Peter Delevoryas d5829a2920 aspeed: Add AST1030 (BIC) to fby35
With the BIC, the easiest way to run everything is to create two pty's
for each SoC and reserve stdin/stdout for the monitor:

    wget https://github.com/facebook/openbmc/releases/download/openbmc-e2294ff5d31d/fby35.mtd
    wget https://github.com/peterdelevoryas/OpenBIC/releases/download/oby35-cl-2022.13.01/Y35BCL.elf
    qemu-system-arm -machine fby35 \
        -drive file=fby35.mtd,format=raw,if=mtd \
        -device loader,file=fby35.mtd,addr=0,cpu-num=0 \
        -serial pty -serial pty -serial mon:stdio -display none -S

    screen /dev/ttys0
    screen /dev/ttys1
    (qemu) c

This commit only adds the the first server board's Bridge IC, but in the
future we'll try to include the other three server board Bridge IC's
too.

Signed-off-by: Peter Delevoryas <peter@pjd.dev>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220705191400.41632-9-peter@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Cédric Le Goater 9cd8c41d7a aspeed: fby35: Add a bootrom for the BMC
The BMC boots from the first flash device by fetching instructions
from the flash contents. Add an alias region on 0x0 for this
purpose. There are currently performance issues with this method (TBs
being flushed too often), so as a faster alternative, install the
flash contents as a ROM in the BMC memory space.

See commit 1a15311a12 ("hw/arm/aspeed: add a 'execute-in-place'
property to boot directly from CE0")

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Peter Delevoryas <peter@pjd.dev>
[ clg: blk_pread() fixes ]
Message-Id: <20220705191400.41632-8-peter@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Peter Delevoryas 778e14cc5c aspeed: Add AST2600 (BMC) to fby35
You can test booting the BMC with both '-device loader' and '-drive
file'. This is necessary because of how the fb-openbmc boot sequence
works (jump to 0x20000000 after U-Boot SPL).

    wget https://github.com/facebook/openbmc/releases/download/openbmc-e2294ff5d31d/fby35.mtd
    qemu-system-arm -machine fby35 -nographic \
        -device loader,file=fby35.mtd,addr=0,cpu-num=0 -drive file=fby35.mtd,format=raw,if=mtd

Signed-off-by: Peter Delevoryas <peter@pjd.dev>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220705191400.41632-7-peter@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Peter Delevoryas c2f58c2fa2 aspeed: Add fby35 skeleton
Signed-off-by: Peter Delevoryas <peter@pjd.dev>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220705191400.41632-6-peter@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Peter Delevoryas 1099ad10b0 aspeed: Make aspeed_board_init_flashes public
Signed-off-by: Peter Delevoryas <peter@pjd.dev>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220705191400.41632-5-peter@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Peter Delevoryas d2b3eaefb4 aspeed: Refactor UART init for multi-SoC machines
This change moves the code that connects the SoC UART's to serial_hd's
to the machine.

It makes each UART a proper child member of the SoC, and then allows the
machine to selectively initialize the chardev for each UART with a
serial_hd.

This should preserve backwards compatibility, but also allow multi-SoC
boards to completely change the wiring of serial devices from the
command line to specific SoC UART's.

This also removes the uart-default property from the SoC, since the SoC
doesn't need to know what UART is the "default" on the machine anymore.

I tested this using the images and commands from the previous
refactoring, and another test image for the ast1030:

    wget https://github.com/facebook/openbmc/releases/download/v2021.49.0/fuji.mtd
    wget https://github.com/facebook/openbmc/releases/download/v2021.49.0/wedge100.mtd
    wget https://github.com/peterdelevoryas/OpenBIC/releases/download/oby35-cl-2022.13.01/Y35BCL.elf

Fuji uses UART1:

    qemu-system-arm -machine fuji-bmc \
        -drive file=fuji.mtd,format=raw,if=mtd \
        -nographic

ast2600-evb uses uart-default=UART5:

    qemu-system-arm -machine ast2600-evb \
        -drive file=fuji.mtd,format=raw,if=mtd \
        -serial null -serial mon:stdio -display none

Wedge100 uses UART3:

    qemu-system-arm -machine palmetto-bmc \
        -drive file=wedge100.mtd,format=raw,if=mtd \
        -serial null -serial null -serial null \
        -serial mon:stdio -display none

AST1030 EVB uses UART5:

    qemu-system-arm -machine ast1030-evb \
        -kernel Y35BCL.elf -nographic

Fixes: 6827ff20b2 ("hw: aspeed: Init all UART's with serial devices")
Signed-off-by: Peter Delevoryas <peter@pjd.dev>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220705191400.41632-4-peter@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Peter Delevoryas 72a7c47393 aspeed: Create SRAM name from first CPU index
To support multiple SoC's running simultaneously, we need a unique name for
each RAM region. DRAM is created by the machine, but SRAM is created by the
SoC, since in hardware it is part of the SoC's internals.

We need a way to uniquely identify each SRAM region though, for VM
migration. Since each of the SoC's CPU's has an index which identifies it
uniquely from other CPU's in the machine, we can use the index of any of the
CPU's in the SoC to uniquely identify differentiate the SRAM name from other
SoC SRAM's. In this change, I just elected to use the index of the first CPU
in each SoC.

Signed-off-by: Peter Delevoryas <peter@pjd.dev>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220705191400.41632-3-peter@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Peter Delevoryas b347dd5ef3 hw/sensor: Add Renesas ISL69259 device model
This adds the ISL69259, using all the same functionality as the existing
ISL69260 but overriding the IC_DEVICE_ID.

Signed-off-by: Peter Delevoryas <pdel@fb.com>
Reviewed-by: Titus Rwantare <titusr@google.com>
Message-Id: <20220701000626.77395-4-me@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Peter Delevoryas e51ae82571 hw/sensor: Add IC_DEVICE_ID to ISL voltage regulators
This commit adds a passthrough for PMBUS_IC_DEVICE_ID to allow Renesas
voltage regulators to return the integrated circuit device ID if they
would like to.

The behavior is very device specific, so it hasn't been added to the
general PMBUS model. Additionally, if the device ID hasn't been set,
then the voltage regulator will respond with the error byte value.  The
guest error message will change slightly for IC_DEVICE_ID with this
commit.

Signed-off-by: Peter Delevoryas <pdel@fb.com>
Reviewed-by: Titus Rwantare <titusr@google.com>
Message-Id: <20220701000626.77395-3-me@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Peter Delevoryas d272d1410c hw/i2c/pmbus: Add idle state to return 0xff's
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Reviewed-by: Titus Rwantare <titusr@google.com>
Message-Id: <20220701000626.77395-2-me@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Joel Stanley 54ee564132 aspeed: sbc: Allow per-machine settings
In order to correctly report secure boot running firmware the values
of certain registers must be set.

We don't yet have documentation from ASPEED on what they mean. The
meaning is inferred from u-boot's use of them.

Introduce properties so the settings can be configured per-machine.

Reviewed-by: Peter Delevoryas <pdel@fb.com>
Tested-by: Peter Delevoryas <pdel@fb.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-Id: <20220628154740.1117349-4-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-07-14 16:24:38 +02:00
Erik Abair 8d274e5f9a nv2a: Match inv_w qualifier to attribute qualifier
Calculates both interpolated and flat shaded inv_w so that the appropriate
value may be used when undoing the perspective divide in the pixel shader.
2022-07-13 16:16:38 -07:00
Erik Abair ae1a140ecb nv2a: Fix missing flat qualifier for inv_w param
`vtx_inv_w` should also be flat, since interpolating it causes incorrect values
for the flat shaded colors.

Fixes #1179

[Test](https://github.com/abaire/nxdk_pgraph_tests/blob/main/src/tests/shade_model_tests.cpp)
[HW results](https://github.com/abaire/nxdk_pgraph_tests_golden_results/wiki/Results-Shade_model)
2022-07-13 16:16:38 -07:00
Erik Abair 4fd15c00f3 mcpx: Print actual error on OpenAudioDevice fail 2022-07-13 13:41:30 -07:00
Mark Cave-Ayland 74518fb615 q800: add default vendor and product information for scsi-cd devices
The MacOS CDROM driver uses a SCSI INQUIRY command to check that any SCSI CDROMs
detected match a whitelist of vendors and products before adding them to the
list of available devices.

Add known-good default vendor and product information using the existing
compat_prop mechanism so the user doesn't have to use long command lines to set
the qdev properties manually.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-15-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland 0fc37adac6 q800: add default vendor and product information for scsi-hd devices
The Apple HD SC Setup program uses a SCSI INQUIRY command to check that any SCSI
hard disks detected match a whitelist of vendors and products before allowing
the "Initialise" button to prepare an empty disk.

Add known-good default vendor and product information using the existing
compat_prop mechanism so the user doesn't have to use long command lines to set
the qdev properties manually.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-14-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland 356c4c441e scsi-disk: allow MODE SELECT block descriptor to set the block size
The MODE SELECT command can contain an optional block descriptor that can be used
to set the device block size. If the block descriptor is present then update the
block size on the SCSI device accordingly.

This allows CDROMs to be used with A/UX which requires a CDROM drive which is
capable of switching from a 2048 byte sector size to a 512 byte sector size.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-13-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland 4536fba00a scsi-disk: allow the MODE_PAGE_R_W_ERROR AWRE bit to be changeable for CDROM drives
A/UX sends a MODE_PAGE_R_W_ERROR command with the AWRE bit set to 0 when enumerating
CDROM drives. Since the bit is currently hardcoded to 1 then indicate that the AWRE
bit can be changed (even though we don't care about the value) so that
the MODE_PAGE_R_W_ERROR page can be set successfully.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-12-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland 2724b90dfb q800: implement compat_props to enable quirk_mode_page_truncated for scsi-cd devices
By default quirk_mode_page_truncated should be enabled for all scsi-cd devices
connected to the q800 machine to allow A/UX to enumerate SCSI CDROM devices
without hanging.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-11-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland 389e18eb9a scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED quirk for Macintosh
When A/UX configures the CDROM device it sends a truncated MODE SELECT request
for page 1 (MODE_PAGE_R_W_ERROR) which is only 6 bytes in length rather than
10. This seems to be due to bug in Apple's code which calculates the CDB message
length incorrectly.

The work at [1] suggests that this truncated request is accepted on real
hardware whereas in QEMU it generates an INVALID_PARAM_LEN sense code which
causes A/UX to get stuck in a loop retrying the command in an attempt to succeed.

Alter the mode page request length check so that truncated requests are allowed
if the SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED quirk is enabled, whilst also adding a
trace event to enable the condition to be detected.

[1] https://68kmla.org/bb/index.php?threads/scsi2sd-project-anyone-interested.29040/page-7#post-316444

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-10-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland 6ab717610f scsi-disk: add FORMAT UNIT command
When initialising a drive ready to install MacOS, Apple HD SC Setup first attempts
to format the drive. Add a simple FORMAT UNIT command which simply returns success
to allow the format to succeed.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220622105314.802852-9-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland d9a107d153 q800: implement compat_props to enable quirk_mode_page_vendor_specific_apple for scsi devices
By default quirk_mode_page_vendor_specific_apple should be enabled for both scsi-hd
and scsi-cd devices to allow MacOS to format SCSI disk devices, and A/UX to
enumerate SCSI CDROM devices succesfully without getting stuck in a loop.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-8-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland 09274de1f7 scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE quirk for Macintosh
Both MacOS and A/UX make use of vendor-specific MODE SELECT commands with PF=0
to identify SCSI devices:

- MacOS sends a MODE SELECT command with PF=0 for the MODE_PAGE_VENDOR_SPECIFIC
  (0x0) mode page containing 2 bytes before initialising a disk

- A/UX (installed on disk) sends a MODE SELECT command with PF=0 during SCSI
  bus enumeration, and gets stuck in an infinite loop if it fails

Add a new SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE quirk to allow both
PF=0 MODE SELECT commands and implement a MODE_PAGE_VENDOR_SPECIFIC (0x0)
mode page which is compatible with MacOS.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-7-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland f7c30a0f41 q800: implement compat_props to enable quirk_mode_sense_rom_use_dbd for scsi-cd devices
By default quirk_mode_sense_rom_use_dbd should be enabled for all scsi-cd devices
connected to the q800 machine to correctly report the CDROM block descriptor back
to A/UX.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-6-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland f43c2b94cd scsi-disk: add SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD quirk for Macintosh
During SCSI bus enumeration A/UX sends a MODE SENSE command to the CDROM with
the DBD bit unset and expects the response to include a block descriptor. As per
the latest SCSI documentation, QEMU currently force-disables the block
descriptor for CDROM devices but the A/UX driver expects the requested block
descriptor to be returned.

If the block descriptor is not returned in the response then A/UX becomes
confused, since the block descriptor returned in the MODE SENSE response is
used to generate a subsequent MODE SELECT command which is then invalid.

Add a new SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD quirk to allow this behaviour
to be enabled as required. Note that an additional workaround is required for
the previous SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR quirk which must never
return a block descriptor even though the DBD bit is left unset.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-5-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Mark Cave-Ayland f358241029 q800: implement compat_props to enable quirk_mode_page_apple_vendor for scsi-cd devices
By default quirk_mode_page_apple_vendor should be enabled for all scsi-cd devices
connected to the q800 machine to enable MacOS to detect and use them.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-4-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Mark Cave-Ayland 09d3786762 scsi-disk: add MODE_PAGE_APPLE_VENDOR quirk for Macintosh
One of the mechanisms MacOS uses to identify CDROM drives compatible with MacOS
is to send a custom MODE SELECT command for page 0x30 to the drive. The
response to this is a hard-coded manufacturer string which must match in order
for the CDROM to be usable within MacOS.

Add an implementation of the MODE SELECT page 0x30 response guarded by a newly
defined SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR quirk bit so that CDROM drives
attached to non-Apple machines function exactly as before.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-3-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Mark Cave-Ayland 3412f9c3b4 scsi-disk: add new quirks bitmap to SCSIDiskState
Since the MacOS SCSI implementation is quite old (and Apple added some firmware
customisations to their drives for m68k Macs) there is need to add a mechanism
to correctly handle Apple-specific quirks.

Add a new quirks bitmap to SCSIDiskState that can be used to enable these
features as required.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Mauro Matteo Cascella 4367a20cc4 scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216)
Set current_req to NULL, not current_req->req, to prevent reusing a free'd
buffer in case of repeated SCSI cancel requests.  Also apply the fix to
CLEAR QUEUE and BUS DEVICE RESET messages as well, since they also cancel
the request.

Thanks to Alexander Bulekov for providing a reproducer.

Fixes: CVE-2022-0216
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20220711123316.421279-1-mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Peter Maydell 824824d122 Block patches:
- Refactoring for non-coroutine variants of bdrv/blk_co_* functions:
   Auto-generate more of them with the block coroutine wrapper generator
   script
 - iotest fixes
 - Both for the storage daemon and the system emulator: Fix PID file
   handling when daemonizing (store the absolute path and delete that on
   exit, which is necessary because daemonizing will change the working
   directory to /)
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEy2LXoO44KeRfAE00ofpA0JgBnN8FAmLNt54SHGhyZWl0ekBy
 ZWRoYXQuY29tAAoJEKH6QNCYAZzfkgwP/RMYolaa+p2w4Gy8KUY95YnvRWu6Ct3e
 COeM6ZXKgvXKg8lEGq6q66Zp3oJIPsljvNejJi/76BJcX4a658U/wvpNXQ4IoesC
 9fFrxgAMrZZ+6ZFFhJaUwFsqisTBqSe28xmmtfKCb8iCU8C9kAiwSTztjSc88LBl
 jyFL6iAhggXjfP1Wul2fZ2jeIlveLyNHSvVqujXN13jMvt0uQpGmSRi9AUQlSl/L
 TZ1qKuFe2AjukyzgigsmAMQIZBZb1gOFEt0VxdEgoS06VAaEURvt39ZFG4J1jD0T
 vnYk/RLFXEsaErwtiDQp8BENpIHglKFTucrGD0oUcc55yaupOIxwV/JUpG1CsPfV
 T+1Jw8PSXNi4V8rRnGeEd5kSK2v/uSLf6ktxC/BNzjx3J66/fQm60yoKymsEIVzO
 Y5ysYzq9VnDGw9+wP4v/BBms/UFOzp8zpZrNt8AeAsN0zfKGXoGCwsX0wNetoLpK
 G9dh48SHVkzF73Gd5AAC2ydR336/WebR9ibN+mYJVjraWYXHY1kbZtDZ1KPPIe0g
 Ld/YRI8xi3YtIEMDwCG8vyBBpHNxqbU6cuid9pBB6b4qH3lAH06Kkh4XD+Ht4GZ6
 DOdsqKx7DpDlFVfH7h0UMarVf5PU36u4xPgPt0xWIJUZku49XrJO+1SWj6mmp7jT
 i1t8cslVWSZ4
 =Z5a+
 -----END PGP SIGNATURE-----

Merge tag 'pull-block-2022-07-12' of https://gitlab.com/hreitz/qemu into staging

Block patches:
- Refactoring for non-coroutine variants of bdrv/blk_co_* functions:
  Auto-generate more of them with the block coroutine wrapper generator
  script
- iotest fixes
- Both for the storage daemon and the system emulator: Fix PID file
  handling when daemonizing (store the absolute path and delete that on
  exit, which is necessary because daemonizing will change the working
  directory to /)

# gpg: Signature made Tue 12 Jul 2022 19:04:14 BST
# gpg:                using RSA key CB62D7A0EE3829E45F004D34A1FA40D098019CDF
# gpg:                issuer "hreitz@redhat.com"
# gpg: Good signature from "Hanna Reitz <hreitz@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: CB62 D7A0 EE38 29E4 5F00  4D34 A1FA 40D0 9801 9CDF

* tag 'pull-block-2022-07-12' of https://gitlab.com/hreitz/qemu: (35 commits)
  vl: Unlink absolute PID file path
  vl: Conditionally register PID file unlink notifier
  qsd: Unlink absolute PID file path
  iotests/297: Have mypy ignore unused ignores
  qsd: Do not use error_report() before monitor_init
  block: Remove remaining unused symbols in coroutines.h
  block: Reorganize some declarations in block-backend-io.h
  block: Add blk_co_truncate()
  block: Add blk_co_ioctl()
  block: Implement blk_flush() using generated_co_wrapper
  block: Implement blk_pdiscard() using generated_co_wrapper
  block: Implement blk_pwrite_zeroes() using generated_co_wrapper
  block: Add blk_co_pwrite_compressed()
  block: Change blk_pwrite_compressed() param order
  block: Export blk_pwritev_part() in block-backend-io.h
  block: Add blk_[co_]preadv_part()
  block: Add blk_{preadv,pwritev}()
  block: Implement blk_{pread,pwrite}() using generated_co_wrapper
  block: Make blk_co_pwrite() take a const buffer
  block: Make 'bytes' param of blk_{pread,pwrite}() an int64_t
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-12 20:31:50 +01:00
Peter Maydell 8e3d85d36b * fuzzing fixes (Alexander)
* fix cross compilation CFLAGS and compiler choice
 * do not specify -bios option for tests/vm
 * miscellaneous fixes
 * preparation for pre-install tree in the build directory (Akihiko)
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLNbVcUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroO1KggArZDxqEOyTCvsu2H1Bf7j2J4Mfx2k
 +8FiDNpdfnmpQIc8KnQHZN7QKodXhaPwShoK6NZPYeAbg62n5/RUlF+fj2DbdCN0
 udBqt9V5dmjF2S+vb2++pWSpEUpqH1yAVYX3t0MvQDkfscADYYqYndHkYqVP34Sy
 sIIkDGdFODQqHCPDmNNFWFHt8X5Zu8t5j53NjPebdryZBDiA4DgFnorTw0sTPV1H
 XeS2M06C1lkGyWrdy7eaF9IL3tmlCsuc6xiA0RAhzJiWgHe1LQZOUPMfR+GKuidI
 E9Cz05iGyOlH+CNYgdukqT8BdJtcjWZwDgYWVxVIswv461h/asoENUIx1g==
 =Nyzq
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* fuzzing fixes (Alexander)
* fix cross compilation CFLAGS and compiler choice
* do not specify -bios option for tests/vm
* miscellaneous fixes
* preparation for pre-install tree in the build directory (Akihiko)

# gpg: Signature made Tue 12 Jul 2022 13:47:19 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  meson: place default firmware path under .../share
  qga: Relocate a path emitted in the help text
  build: Do not depend on pc-bios for config-host.mak
  accel: kvm: Fix memory leak in find_stats_descriptors
  audio/dbus: fix building
  fuzz: only use generic-fuzz targets on oss-fuzz
  build: improve -fsanitize-coverage-allowlist check
  build: try both native and cross compilers
  configure: pass whole target name to probe_target_compiler
  tests/tcg: compile system emulation tests as freestanding
  configure: write EXTRA_CFLAGS for all sub-Makefiles
  configure: allow more host/target combos to use the host compiler
  configure, pc-bios/vof: pass cross CFLAGS correctly
  configure, pc-bios/s390-ccw: pass cross CFLAGS correctly
  configure, pc-bios/optionrom: pass cross CFLAGS correctly
  pc-bios/optionrom: use -m16 unconditionally
  scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)
  tests/vm: do not specify -bios option

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
#	pc-bios/s390-ccw/netboot.mak
2022-07-12 14:12:15 +01:00
Alberto Faria a9262f551e block: Change blk_{pread,pwrite}() param order
Swap 'buf' and 'bytes' around for consistency with
blk_co_{pread,pwrite}(), and in preparation to implement these functions
using generated_co_wrapper.

Callers were updated using this Coccinelle script:

    @@ expression blk, offset, buf, bytes, flags; @@
    - blk_pread(blk, offset, buf, bytes, flags)
    + blk_pread(blk, offset, bytes, buf, flags)

    @@ expression blk, offset, buf, bytes, flags; @@
    - blk_pwrite(blk, offset, buf, bytes, flags)
    + blk_pwrite(blk, offset, bytes, buf, flags)

It had no effect on hw/block/nand.c, presumably due to the #if, so that
file was updated manually.

Overly-long lines were then fixed by hand.

Signed-off-by: Alberto Faria <afaria@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220705161527.1054072-4-afaria@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
2022-07-12 12:14:56 +02:00
Alberto Faria 3b35d4542c block: Add a 'flags' param to blk_pread()
For consistency with other I/O functions, and in preparation to
implement it using generated_co_wrapper.

Callers were updated using this Coccinelle script:

    @@ expression blk, offset, buf, bytes; @@
    - blk_pread(blk, offset, buf, bytes)
    + blk_pread(blk, offset, buf, bytes, 0)

It had no effect on hw/block/nand.c, presumably due to the #if, so that
file was updated manually.

Overly-long lines were then fixed by hand.

Signed-off-by: Alberto Faria <afaria@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220705161527.1054072-3-afaria@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
2022-07-12 12:14:56 +02:00
Alberto Faria bf5b16fa40 block: Make blk_{pread,pwrite}() return 0 on success
They currently return the value of their 'bytes' parameter on success.

Make them return 0 instead, for consistency with other I/O functions and
in preparation to implement them using generated_co_wrapper. This also
makes it clear that short reads/writes are not possible.

Signed-off-by: Alberto Faria <afaria@redhat.com>
Message-Id: <20220705161527.1054072-2-afaria@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
2022-07-12 12:14:56 +02:00
Jason A. Donenfeld 5242876f37 hw/arm/virt: dt: add rng-seed property
In 60592cfed2 ("hw/arm/virt: dt: add kaslr-seed property"), the
kaslr-seed property was added, but the equally as important rng-seed
property was forgotten about, which has identical semantics for a
similar purpose. This commit implements it in exactly the same way as
kaslr-seed. It then changes the name of the disabling option to reflect
that this has more to do with randomness vs determinism, rather than
something particular about kaslr.

Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[PMM: added deprecated.rst section for the deprecation]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-07 11:36:07 +01:00
Richard Henderson 8e9398e3b1 ppc patch queue for 2022-07-06:
This queue consists of improvements and bug fixes in TCG, powernv and
 pSeries, with some fixes in other areas as well.
 
 - tcg and target/ppc: BCDA and mffscdrn implementations, Remove CONFIG_INT128
 conditional code
 - fix '-cpu max' alias
 - remove '-cpu default' alias
 - spapr: fixes in DDW handling, H_WATCHDOG support
 - powernv: cleanups in the pnv-phb3/4 models
 - fix core type of MPC8555 and MPC8560 models
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYsXrpgAKCRA82cqW3gMx
 ZBe9AP4oqMTFw7r9EQPJU4QFMUeAVABl4o0xNb2wLyYov9CtKAD+LoVERSmtLTJ1
 kFpgBrRTWKVylaLEdZQoTdFlJeBwzQg=
 =GPG1
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20220706' of https://gitlab.com/danielhb/qemu into staging

ppc patch queue for 2022-07-06:

This queue consists of improvements and bug fixes in TCG, powernv and
pSeries, with some fixes in other areas as well.

- tcg and target/ppc: BCDA and mffscdrn implementations, Remove CONFIG_INT128
conditional code
- fix '-cpu max' alias
- remove '-cpu default' alias
- spapr: fixes in DDW handling, H_WATCHDOG support
- powernv: cleanups in the pnv-phb3/4 models
- fix core type of MPC8555 and MPC8560 models

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYsXrpgAKCRA82cqW3gMx
# ZBe9AP4oqMTFw7r9EQPJU4QFMUeAVABl4o0xNb2wLyYov9CtKAD+LoVERSmtLTJ1
# kFpgBrRTWKVylaLEdZQoTdFlJeBwzQg=
# =GPG1
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 07 Jul 2022 01:38:06 AM +0530
# gpg:                using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164
# gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 17EB FF99 23D0 1800 AF28  3819 3CD9 CA96 DE03 3164

* tag 'pull-ppc-20220706' of https://gitlab.com/danielhb/qemu: (34 commits)
  target/ppc: Fix MPC8555 and MPC8560 core type to e500v1
  target/ppc/cpu-models: Remove the "default" CPU alias
  target/ppc: Return default CPU for max CPU
  target/ppc: implement cdtbcd
  target/ppc: implement cbcdtd
  target/ppc: implement addg6s
  target/ppc: Add flag for ISA v2.06 BCDA instructions
  tests/tcg/ppc64: Add mffsce test
  target/ppc: Implement mffscdrn[i] instructions
  target/ppc: Move mffs[.] to decodetree
  target/ppc: Move mffsl to decodetree
  target/ppc: Move mffsce to decodetree
  target/ppc: Move mffscrn[i] to decodetree
  target/ppc: Fix insn32.decode style issues
  ppc/spapr: Implement H_WATCHDOG
  ppc: Define SETFIELD for the ppc target
  target/ppc: use int128.h methods in vsubcuq
  target/ppc: use int128.h methods in vsubecuq and vsubeuqm
  target/ppc: use int128.h methods in vsubuqm
  target/ppc: use int128.h methods in vaddcuq
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-07 06:21:05 +05:30
Alexey Kardashevskiy 81b205cecf ppc/spapr: Implement H_WATCHDOG
The new PAPR 2.12 defines a watchdog facility managed via the new
H_WATCHDOG hypercall.

This adds H_WATCHDOG support which a proposed driver for pseries uses:
https://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=303120

This was tested by running QEMU with a debug kernel and command line:
-append \
 "pseries-wdt.timeout=60 pseries-wdt.nowayout=1 pseries-wdt.action=2"

and running "echo V > /dev/watchdog0" inside the VM.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220622051008.1067464-1-aik@ozlabs.ru>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-06 10:22:38 -03:00
Alexey Kardashevskiy 95444afcab ppc: Define SETFIELD for the ppc target
It keeps repeating, move it to the header. This uses __builtin_ffsll() to
allow using the macros in #define.

This is not using the QEMU's FIELD macros as this would require changing
all such macros found in skiboot (the PPC PowerNV firmware).

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220628080544.1509428-1-aik@ozlabs.ru>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-06 10:22:38 -03:00
Alexey Kardashevskiy c0e765dafb spapr/ddw: Implement 64bit query extension
PAPR 2.8 (2018) defines an extension to return 64bit value for
the largest TCE block in "ibm,query-pe-dma-window". Recent Linux kernels
support this already.

This adds the extension and supports the older format.

This advertises a bigger window for the new format as the biggest
window with 2M pages below the start of the 64bit window as it is
the maximum we will see in practice.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220623073136.1380214-1-aik@ozlabs.ru>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-06 10:22:37 -03:00
Alexey Kardashevskiy 31cc81f728 spapr/ddw: Reset DMA when the last non-default window is removed
PAPR+/LoPAPR says:
===
The platform must restore the default DMA window for the PE on a call
to the ibm,remove-pe-dma-window RTAS call when all of the following
are true:
 a. The call removes the last DMA window remaining for the PE.
 b. The DMA window being removed is not the default window

===

This resets DMA as PAPR mandates.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220622052955.1069903-1-aik@ozlabs.ru>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-06 10:22:37 -03:00
Daniel Henrique Barboza 21870aab36 ppc/pnv: remove 'INTERFACE_PCIE_DEVICE' from phb4 root bus
It's unneeded. No other PCIE_BUS implements this interface.

Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Fixes: 4f9924c4d4 ("ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge")
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220621173436.165912-9-danielhb413@gmail.com>
2022-07-06 10:22:37 -03:00
Daniel Henrique Barboza 71cd3e5ecb ppc/pnv: remove 'INTERFACE_PCIE_DEVICE' from phb3 root bus
It's unneeded. No other PCIE_BUS implements this interface.

Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Fixes: 9ae1329ee2 ("ppc/pnv: Add models for POWER8 PHB3 PCIe Host bridge")
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220621173436.165912-8-danielhb413@gmail.com>
2022-07-06 10:22:37 -03:00
Daniel Henrique Barboza 8a69bca77a ppc/pnv: make pnv_chip_power8_pic_print_info() use chip8->phbs[]
It's inneficient to scroll all child objects when we have all PHBs
available in chip8->phbs[].

pnv_chip_power8_pic_print_info_child() ended up folded into
pic_print_info() for simplicity.

Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220621173436.165912-7-danielhb413@gmail.com>
2022-07-06 10:22:37 -03:00
Daniel Henrique Barboza ca45948991 ppc/pnv: make pnv_ics_resend() use chip8->phbs[]
pnv_ics_resend() is scrolling through all the child objects of the chip
to search for the PHBs. It's faster and simpler to just use the phbs[]
array.

pnv_ics_resend_child() was folded into pnv_ics_resend() since it's too
simple to justify its own function.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220621173436.165912-6-danielhb413@gmail.com>
2022-07-06 10:22:37 -03:00
Daniel Henrique Barboza da6be50136 ppc/pnv: make pnv_ics_get() use the chip8->phbs[] array
The function is working today by getting all the child objects of the
chip, interacting with each of them to check whether the child is a PHB,
and then doing what needs to be done.

We have all the chip PHBs in the phbs[] array so interacting with all
child objects is unneeded. Open code pnv_ics_get_phb_ics() into
pnv_ics_get() and remove both pnv_ics_get_phb_ics() and the
ForeachPhb3Args struct.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220621173436.165912-5-danielhb413@gmail.com>
2022-07-06 10:22:37 -03:00
Daniel Henrique Barboza 792e8bb629 ppc/pnv: assign pnv-phb-root-port chassis/slot earlier
It is not advisable to execute an object_dynamic_cast() to poke into
bus->qbus.parent and follow it up with a C cast into the PnvPHB type we
think we got.

In fact this is not needed. There is nothing sophisticated being done
with the PHB object retrieved during root_port_realize() for both PHB3
and PHB4. We're retrieving a PHB reference just to access phb->chip_id
and phb->phb_id and use them to define the chassis/slot of the root
port.

phb->phb_id is already being passed to pnv_phb_attach_root_port() via
the 'index' parameter. Let's also add a 'chip_id' parameter to this
function and assign chassis and slot right there. This will spare us
from the hassle of accessing the PHB object inside realize().

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Message-Id: <20220621173436.165912-4-danielhb413@gmail.com>
2022-07-06 10:22:37 -03:00
Daniel Henrique Barboza 8625164a38 ppc/pnv: attach phb3/phb4 root ports in QOM tree
At this moment we leave the pnv-phb3(4)-root-port unattached in QOM:

  /unattached (container)
(...)
    /device[2] (pnv-phb3-root-port)
      /bus master container[0] (memory-region)
      /bus master[0] (memory-region)
      /pci_bridge_io[0] (memory-region)
      /pci_bridge_io[1] (memory-region)
      /pci_bridge_mem[0] (memory-region)
      /pci_bridge_pci[0] (memory-region)
      /pci_bridge_pref_mem[0] (memory-region)
      /pci_bridge_vga_io_hi[0] (memory-region)
      /pci_bridge_vga_io_lo[0] (memory-region)
      /pci_bridge_vga_mem[0] (memory-region)
      /pcie.0 (PCIE)

Let's make changes in pnv_phb_attach_root_port() to attach the created
root ports to its corresponding PHB.

This is the result afterwards:

    /pnv-phb3[0] (pnv-phb3)
      /lsi (ics)
      /msi (phb3-msi)
      /msi32[0] (memory-region)
      /msi64[0] (memory-region)
      /pbcq (pnv-pbcq)
    (...)
      /phb3_iommu[0] (pnv-phb3-iommu-memory-region)
      /pnv-phb3-root.0 (pnv-phb3-root)
        /pnv-phb3-root-port[0] (pnv-phb3-root-port)
          /bus master container[0] (memory-region)
          /bus master[0] (memory-region)
          /pci_bridge_io[0] (memory-region)
          /pci_bridge_io[1] (memory-region)
          /pci_bridge_mem[0] (memory-region)
          /pci_bridge_pci[0] (memory-region)
          /pci_bridge_pref_mem[0] (memory-region)
          /pci_bridge_vga_io_hi[0] (memory-region)
          /pci_bridge_vga_io_lo[0] (memory-region)
          /pci_bridge_vga_mem[0] (memory-region)
          /pcie.0 (PCIE)

Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220621173436.165912-3-danielhb413@gmail.com>
2022-07-06 10:22:37 -03:00
Daniel Henrique Barboza 1c69cb4e75 ppc/pnv: move root port attach to pnv_phb4_realize()
Creating a root port is something related to the PHB, not the PEC. It
also makes the logic more in line with what pnv-phb3 does.

Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220621173436.165912-2-danielhb413@gmail.com>
2022-07-06 10:22:37 -03:00
Jason A. Donenfeld a988465d0e m68k: virt: pass RNG seed via bootinfo block
This commit wires up bootinfo's RNG seed attribute so that Linux VMs can
have their RNG seeded from the earliest possible time in boot, just like
the "rng-seed" device tree property on those platforms. The link
contains the corresponding Linux patch.

Link: https://lore.kernel.org/lkml/20220626111509.330159-1-Jason@zx2c4.com/
Based-on: <20220625152318.120849-1-Jason@zx2c4.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Message-Id: <20220626111804.330745-1-Jason@zx2c4.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-07-06 12:30:41 +02:00
Jason A. Donenfeld 23f0a6c80d m68k: use correct variable name in boot info string macro
Every time this macro is used, the caller is passing in
"parameters_base", so this bug wasn't spotted. But the actual macro
variable name is "base", so use that instead.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220625152318.120849-1-Jason@zx2c4.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-07-06 12:29:59 +02:00
Mauro Matteo Cascella 6c8fa961da scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)
Set current_req->req to NULL to prevent reusing a free'd buffer in case of
repeated SCSI cancel requests. Thanks to Thomas Huth for suggesting the patch.

Fixes: CVE-2022-0216
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220705200543.2366809-1-mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-06 09:31:15 +02:00
Ding Hui 034d00d485 e1000: set RX descriptor status in a separate operation
The code of setting RX descriptor status field maybe work fine in
previously, however with the update of glibc version, it shows two
issues when guest using dpdk receive packets:

  1. The dpdk has a certain probability getting wrong buffer_addr

     this impact may be not obvious, such as lost a packet once in
     a while

  2. The dpdk may consume a packet twice when scan the RX desc queue
     over again

     this impact will lead a infinite wait in Qemu, since the RDT
     (tail pointer) be inscreased to equal to RDH by unexpected,
     which regard as the RX desc queue is full

Write a whole of RX desc with DD flag on is not quite correct, because
when the underlying implementation of memcpy using XMM registers to
copy e1000_rx_desc (when AVX or something else CPU feature is usable),
the bytes order of desc writing to memory is indeterminacy

We can use full-scale test case to reproduce the issue-2 by
https://github.com/BASM/qemu_dpdk_e1000_test (thanks to Leonid Myravjev)

I also write a POC test case at https://github.com/cdkey/e1000_poc
which can reproduce both of them, and easy to verify the patch effect.

The hw watchpoint also shows that, when Qemu using XMM related instructions
writing 16 bytes e1000_rx_desc, concurrent with DPDK using movb
writing 1 byte status, the final result of writing to memory will be one
of them, if it made by Qemu which DD flag is on, DPDK will consume it
again.

Setting DD status in a separate operation, can prevent the impact of
disorder memory writing by memcpy, also avoid unexpected data when
concurrent writing status by qemu and guest dpdk.

Links: https://lore.kernel.org/qemu-devel/20200102110504.GG121208@stefanha-x1.localdomain/T/

Reported-by: Leonid Myravjev <asm@asm.pp.ru>
Cc: Stefan Hajnoczi <stefanha@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable@nongnu.org
Tested-by: Jing Zhang <zhangjing@sangfor.com.cn>
Reviewed-by: Frank Lee <lifan38153@sangfor.com.cn>
Signed-off-by: Ding Hui <dinghui@sangfor.com.cn>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-07-06 11:39:09 +08:00
Erik Abair 6f878ede01 nv2a: Do not force oFog to 1.0
This code was added ~7 years ago in
[this commit](97be3f5986)

From what I can see from the [HW test results](https://github.com/abaire/nxdk_pgraph_tests_golden_results/wiki/Results-Fog_coord_vec4)
the behavior on nv2a is more subtle than the cited `NV_vertex_program`
documentation.

In practice the register more or less retains its value until it is explicitly
modified.[The test](4cff2b2ebe/src/tests/fog_tests.cpp (L432))
renders something with an explicitly set oFog.x, then renders again with a
shader that does not modify oFog.x but references it in the pixel shader. The
value carries over rather than being forced to 1.0.

Interestingly, this test is apparently not hermetic; running the other
vec4_coord test (that explictly set various components of oFog) lead to unusual
behavior where the fogging effect is not uniform across all vertices, despite
never being set. Even more interestingly, re-running the test once it's in this
state will often produce variations as to which vertices are apparently using
a stale/incorrect fog value.
2022-07-05 19:12:03 -07:00
Chuck Zmudzinski c0e86b7624 xen/pass-through: don't create needless register group
Currently we are creating a register group for the Intel IGD OpRegion
for every device we pass through, but the XEN_PCI_INTEL_OPREGION
register group is only valid for an Intel IGD. Add a check to make
sure the device is an Intel IGD and a check that the administrator has
enabled gfx_passthru in the xl domain configuration. Require both checks
to be true before creating the register group. Use the existing
is_igd_vga_passthrough() function to check for a graphics device from
any vendor and that the administrator enabled gfx_passthru in the xl
domain configuration, but further require that the vendor be Intel,
because only Intel IGD devices have an Intel OpRegion. These are the
same checks hvmloader and libxl do to determine if the Intel OpRegion
needs to be mapped into the guest's memory. Also, move the comment
about trapping 0xfc for the Intel OpRegion where it belongs after
applying this patch.

Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <c76dff6369ccf2256bd9eed5141da1db767293d2.1656480662.git.brchuckz@aol.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2022-07-05 14:19:48 +01:00
Chuck Zmudzinski be9c61da9f xen/pass-through: merge emulated bits correctly
In xen_pt_config_reg_init(), there is an error in the merging of the
emulated data with the host value. With the current Qemu, instead of
merging the emulated bits with the host bits as defined by emu_mask,
the emulated bits are merged with the host bits as defined by the
inverse of emu_mask. In some cases, depending on the data in the
registers on the host, the way the registers are setup, and the
initial values of the emulated bits, the end result will be that
the register is initialized with the wrong value.

To correct this error, use the XEN_PT_MERGE_VALUE macro to help ensure
the merge is done correctly.

This correction is needed to resolve Qemu project issue #1061, which
describes the failure of Xen HVM Linux guests to boot in certain
configurations with passed through PCI devices, that is, when this error
disables instead of enables the PCI_STATUS_CAP_LIST bit of the
PCI_STATUS register of a passed through PCI device, which in turn
disables the MSI-X capability of the device in Linux guests with the end
result being that the Linux guest never completes the boot process.

Fixes: 2e87512ecc ("xen/pt: Sync up the dev.config and data values")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1061
Buglink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988333

Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <e4392535d8e5266063dc5461d0f1d301e3dd5951.1656522217.git.brchuckz@aol.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2022-07-05 14:19:48 +01:00
Xiaojuan Yang bf7ce37f8f hw/intc/loongarch_ipi: Fix mail send and any send function
By the document of ipi mailsend device, byte is written only when the mask bit
is 0. The original code discards mask bit and overwrite the data always, this
patch fixes the issue.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220705064901.2353349-3-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-05 16:25:17 +05:30
Xiaojuan Yang ddf9326184 hw/intc/loongarch_ipi: Fix ipi device access of 64bits
In general loongarch ipi device, 32bit registers is emulated, however for
anysend/mailsend device only 64bit register access is supported. So separate
the ipi memory region into two regions, including 32 bits and 64 bits.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220705064901.2353349-2-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-05 16:25:17 +05:30
Richard Henderson c1ca312a6f hw/rtc/ls7a_rtc: Drop unused inline functions
Remove toy_val_to_time_mon and toy_val_to_time_year as unused,
to avoid a build failure with clang.  Remove all of the other
inline markers too so that this does not creep back in.

Reviewed-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-05 16:17:53 +05:30
Richard Henderson 1437479e5e LoongArch patch queue:
Support linux-user.
   Fixes for CSR BADV.
   Fix ASRT{LE,GT} exception.
   Fixes for LS7A RTC.
   Fix for interrupt vector spacing.
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmLCs4gdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV89IQgAsgGM117dgDlI48wP
 zRVRE9rmK9EE/YR8b4rejh5iFlH0kZTELWAaXmjxWSv9uyXwsApNdnxnthUH1CRD
 RbT8AOIUphH6MBMb2joy+zFyBkGBnJQbSxJWN0jDT/ie67I/O0qOIemXU9tETssn
 OLNCn+GuNFLiS8EytczkZHDmQjjt00PGZLsnCm+ZY+/ejNci0FV0NItBo6iWxDdj
 8MPJU8pDkXyi+djJpExPc0hTxJ2qmH0FZtpjKwWnU8dbLSRD9IfYhFK5Tsh1oxYJ
 9Er9ZS0RI2CqK3o2k7keYsJHMaIZbNZKhcoA3XiGs15T9YHe1Rc9FeYDasrQw4wQ
 60FwkA==
 =i2CR
 -----END PGP SIGNATURE-----

Merge tag 'pull-la-20220704' of https://gitlab.com/rth7680/qemu into staging

LoongArch patch queue:
  Support linux-user.
  Fixes for CSR BADV.
  Fix ASRT{LE,GT} exception.
  Fixes for LS7A RTC.
  Fix for interrupt vector spacing.

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmLCs4gdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV89IQgAsgGM117dgDlI48wP
# zRVRE9rmK9EE/YR8b4rejh5iFlH0kZTELWAaXmjxWSv9uyXwsApNdnxnthUH1CRD
# RbT8AOIUphH6MBMb2joy+zFyBkGBnJQbSxJWN0jDT/ie67I/O0qOIemXU9tETssn
# OLNCn+GuNFLiS8EytczkZHDmQjjt00PGZLsnCm+ZY+/ejNci0FV0NItBo6iWxDdj
# 8MPJU8pDkXyi+djJpExPc0hTxJ2qmH0FZtpjKwWnU8dbLSRD9IfYhFK5Tsh1oxYJ
# 9Er9ZS0RI2CqK3o2k7keYsJHMaIZbNZKhcoA3XiGs15T9YHe1Rc9FeYDasrQw4wQ
# 60FwkA==
# =i2CR
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Jul 2022 03:01:52 PM +0530
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-la-20220704' of https://gitlab.com/rth7680/qemu: (23 commits)
  target/loongarch: Add lock when writing timer clear reg
  target/loongarch: Fix the meaning of ECFG reg's VS field
  hw/rtc/ls7a_rtc: Fix 'calculate' spelling errors
  hw/rtc/ls7a_rtc: Use tm struct pointer as arguments in toy_time_to_val()
  hw/rtc/ls7a_rtc: Fix rtc enable and disable function
  hw/rtc/ls7a_rtc: Add reset function
  hw/rtc/ls7a_rtc: Remove unimplemented device in realized function
  hw/rtc/ls7a_rtc: Fix timer call back function
  hw/rtc/ls7a_rtc: Fix uninitialied bugs and toymatch writing function
  hw/intc/loongarch_pch_msi: Fix msi vector convertion
  target/loongarch: Update README
  default-configs: Add loongarch linux-user support
  target/loongarch: Adjust functions and structure to support user-mode
  target/loongarch: remove unused include hw/loader.h
  target/loongarch: Fix helper_asrtle_d/asrtgt_d raise wrong exception
  target/loongarch: Fix missing update CSR_BADV
  target/loongarch: remove badaddr from CPULoongArch
  scripts: add loongarch64 binfmt config
  linux-user: Add LoongArch cpu_loop support
  linux-user: Add LoongArch syscall support
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-04 16:37:13 +05:30
Richard Henderson dfe2382f06 usb: canokey fixes.
ui: better tab labels, cocoa fix,
 docs: convert fw_cfg to rst.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmLCndwACgkQTLbY7tPo
 cTjNHA/+MT56crVXnjMTdgBRLOuq0cxYnIUptN0JPKx9DTJzdlXEyT+zYD7iIzUt
 W0xbOrTLVzU9hfJVh9/5V2HuFmc1eAhfl0BDTzd1TT0kdH6LyUkz5RWgotzo3nvH
 7tnl/sBy48a7diSyQn6K2s8r35ubrX1GNJiJcCLWdVEqvzKKWDEqebs02PxbN/OJ
 9UG9xtkM/QQ1+h74jq5BGKXf08xOhOZIjO274Sn5zievBC9JU6RVkCOlUXiBdk51
 +vNTfKt3c864cstryXSTknYWyVv7zKzCqr7xR7c+fgbt3cN/HmLkM9LGytDMEDl/
 IC0CtKiRN316GgVHHMDT8v8X2dVHNH9ZEEoXRKIbc5jD/tetJw7IIEO7blJphdpV
 WE4/bRpJwYVW9UHzig9rPRxsHLs3NSZbNCQEbGUvAbZzS2kq9hnDa/BBtFSYaf+X
 RIwR7rY7WhENfSrus1jR5rfWRU7n+q+fcNIFZetUakH1V6Idb0xQir3eM/yM6sBC
 nzQSzzLsd3Mwh2ahbnLZ1HkyybZV692usVylKsFLVwcUhCvk+VHccOF31QfrxO/j
 ogVzTYYtfrGM5kaknueIMg7XAhjQ04Av70+0b886kZawB3ZE5Ccare2TztHq1jcG
 dMdEm7DLaDRm2RXa9NtcbxsIrS0DT2EuFcBnQ1mHMCGql4MidzE=
 =Bhbw
 -----END PGP SIGNATURE-----

Merge tag 'kraxel-20220704-pull-request' of https://gitlab.com/kraxel/qemu into staging

usb: canokey fixes.
ui: better tab labels, cocoa fix,
docs: convert fw_cfg to rst.

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmLCndwACgkQTLbY7tPo
# cTjNHA/+MT56crVXnjMTdgBRLOuq0cxYnIUptN0JPKx9DTJzdlXEyT+zYD7iIzUt
# W0xbOrTLVzU9hfJVh9/5V2HuFmc1eAhfl0BDTzd1TT0kdH6LyUkz5RWgotzo3nvH
# 7tnl/sBy48a7diSyQn6K2s8r35ubrX1GNJiJcCLWdVEqvzKKWDEqebs02PxbN/OJ
# 9UG9xtkM/QQ1+h74jq5BGKXf08xOhOZIjO274Sn5zievBC9JU6RVkCOlUXiBdk51
# +vNTfKt3c864cstryXSTknYWyVv7zKzCqr7xR7c+fgbt3cN/HmLkM9LGytDMEDl/
# IC0CtKiRN316GgVHHMDT8v8X2dVHNH9ZEEoXRKIbc5jD/tetJw7IIEO7blJphdpV
# WE4/bRpJwYVW9UHzig9rPRxsHLs3NSZbNCQEbGUvAbZzS2kq9hnDa/BBtFSYaf+X
# RIwR7rY7WhENfSrus1jR5rfWRU7n+q+fcNIFZetUakH1V6Idb0xQir3eM/yM6sBC
# nzQSzzLsd3Mwh2ahbnLZ1HkyybZV692usVylKsFLVwcUhCvk+VHccOF31QfrxO/j
# ogVzTYYtfrGM5kaknueIMg7XAhjQ04Av70+0b886kZawB3ZE5Ccare2TztHq1jcG
# dMdEm7DLaDRm2RXa9NtcbxsIrS0DT2EuFcBnQ1mHMCGql4MidzE=
# =Bhbw
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Jul 2022 01:29:24 PM +0530
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [undefined]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [undefined]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* tag 'kraxel-20220704-pull-request' of https://gitlab.com/kraxel/qemu:
  hw: canokey: Remove HS support as not compliant to the spec
  docs/system/devices/usb/canokey: remove limitations on qemu-xhci
  hw/usb/canokey: fix compatibility of qemu-xhci
  hw/usb/canokey: Fix CCID ZLP
  ui/cocoa: Fix clipboard text release
  ui/console: allow display device to be labeled with given id
  Convert fw_cfg.rst to reStructuredText syntax
  Rename docs/specs/fw_cfg.txt to .rst

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-04 14:57:21 +05:30
Xiaojuan Yang 59e52dcff7 hw/rtc/ls7a_rtc: Fix 'calculate' spelling errors
Fix 'calculate' spelling errors.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220701093407.2150607-8-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-04 11:08:58 +05:30
Xiaojuan Yang 582788c3fb hw/rtc/ls7a_rtc: Use tm struct pointer as arguments in toy_time_to_val()
Use pointer as arguments in toy_time_to_val() instead of struct tm.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220701093407.2150607-7-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-04 11:08:58 +05:30
Xiaojuan Yang 6935f132e5 hw/rtc/ls7a_rtc: Fix rtc enable and disable function
Fix ls7a rtc enable and disable function. When rtc disabled, it do
not support to read or write, but the real time is still continue,
so we need not neither save the time nor update the rtc offset.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220701093407.2150607-6-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-04 11:08:58 +05:30
Xiaojuan Yang e5c0367e2b hw/rtc/ls7a_rtc: Add reset function
Add ls7a rtc reset function to delete timers and clear regs when rtc reset.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220701093407.2150607-5-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-04 11:08:58 +05:30
Xiaojuan Yang 53a5eb2e7a hw/rtc/ls7a_rtc: Remove unimplemented device in realized function
Remove the unimplemented device when realized ls7a RTC, as it is not uesd.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220701093407.2150607-4-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-04 11:08:58 +05:30
Xiaojuan Yang df11f3ea69 hw/rtc/ls7a_rtc: Fix timer call back function
Replace qemu_irq_pulse with qemu_irq_raise in ls7a_timer_cb function
to keep consistent with hardware behavior when raise irq.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220701093407.2150607-3-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-04 11:08:58 +05:30
Xiaojuan Yang 4f2c65877c hw/rtc/ls7a_rtc: Fix uninitialied bugs and toymatch writing function
1. Initialize the tm struct in toymatch_write() and ls7a_toy_start() to
   fix uninitialized bugs.
2. Fix toymatch_val_to_time function. By the document, when we calculate
   the expiration year, we should first get current year, and replace the
   0-5 bits with toymatch's 26-31 bits.

Fixes: Coverity CID 1489766, 1489763

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220701093407.2150607-2-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-04 11:08:58 +05:30
Mao Bibo 490c03ab11 hw/intc/loongarch_pch_msi: Fix msi vector convertion
Loongarch pch msi intc connects to extioi controller, the range of irq
number is 64-255.  Add a property for irqbase, so that we can compute
the irq offset from the view of pch_msi controller with the method:

  msi vector (from view of upper extioi intc) - irqbase

Signed-off-by: Mao Bibo <maobibo@loongson.cn>
Message-Id: <20220701030740.2469162-1-maobibo@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-04 11:08:58 +05:30
Alistair Francis ec2c62dacc hw/riscv: boot: Reduce FDT address alignment constraints
We previously stored the device tree at a 16MB alignment from the end of
memory (or 3GB). This means we need at least 16MB of memory to be able
to do this. We don't actually need the FDT to be 16MB aligned, so let's
drop it down to 2MB so that we can support systems with less memory,
while also allowing FDT size expansion.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/992
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Atish Patra <atishp@rivosinc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Message-Id: <20220608062015.317894-1-alistair.francis@opensource.wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-07-03 10:03:20 +10:00
Lynne 6a8a967438 nv2a/psh: fix shader compilation errors
dotSTR had an extra bracket at the end, and an incorrect
variable type.
2022-07-02 10:39:44 -07:00
Erik Abair d06a0c22f1 nv2a: Fix incorrect use of bytes for GL_UNPACK_ROW_LENGTH
`GL_UNPACK_ROW_LENGTH` is supposed to set the length in pixels, but the DXT
path is setting it to bytes, causing it to read beyond the end of the texture.
[Reference](https://www.khronos.org/registry/OpenGL-Refpages/gl4/html/glPixelStore.xhtml)

Fixes #1002

[Test](https://github.com/abaire/nxdk_pgraph_tests/blob/main/src/tests/texture_format_dxt_tests.cpp)
[HW Results](https://github.com/abaire/nxdk_pgraph_tests_golden_results/wiki/Results-Texture_DXT)
2022-07-01 13:44:20 -07:00
MkfsSion 927b968d1b hw: canokey: Remove HS support as not compliant to the spec
Canokey core currently using 16 bytes as maximum packet size for
control endpoint, but to run the device in high-speed a 64 bytes
maximum packet size is required according to USB 2.0 specification.
Since we don't acutally need to run the device in high-speed, simply
don't assign high member in USBDesc.

When canokey-qemu is used with xhci, xhci would drive canokey
in high speed mode, since the bcdUSB in canokey-core is 2.1,
yet canokey-core set bMaxPacketSize0 to be 16, this is out
of the spec as the spec said that ``The allowable maximum
control transfer data payload sizes...for high-speed devices,
it is 64 bytes''.

In this case, usb device validation in Windows 10 LTSC 2021
as the guest would fail. It would complain
USB\DEVICE_DESCRIPTOR_VALIDATION_FAILURE.

Note that bcdUSB only identifies the spec version the device
complies, but it has no indication of its speed. So it is
allowed for the device to run in FS but comply the 2.1 spec.

To solve the issue we decided to just drop the high
speed support. This only affects usb-ehci as usb-ehci would
complain speed mismatch when FS device is attached to a HS port.
That's why the .high member was initialized in the first place.
Meanwhile, xhci is not affected as it works well with FS device.
Since everyone is now using xhci, it does no harm to most users.

Suggested-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Signed-off-by: YuanYang Meng <mkfssion@mkfssion.com>
Reviewed-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Message-Id: <20220625142138.19363-1-mkfssion@mkfssion.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-07-01 12:39:51 +02:00
Hongren (Zenithal) Zheng 1042563027 hw/usb/canokey: fix compatibility of qemu-xhci
XHCI wont poll interrupt IN endpoint if NAKed, and needs wakeup

Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Message-Id: <YqcqSHNpI7sXRNpZ@Sun>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-07-01 12:37:36 +02:00
Hongren (Zenithal) Zheng ada270cd18 hw/usb/canokey: Fix CCID ZLP
CCID could send zero-length packet (ZLP)
if we invoke two data_in, two packets would be concated
and we could not distinguish them.

The CANOKEY_EMU_EP_CTAPHID is imported from canokey-qemu.h

Reported-by: MkfsSion <myychina28759@gmail.com>
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Message-Id: <YqcqGz0s3+LE42ms@Sun>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-07-01 12:37:36 +02:00
Peter Delevoryas 55c57023b7 hw/misc/aspeed: Add PECI controller
This introduces a really basic PECI controller that responses to
commands by always setting the response code to success and then raising
an interrupt to indicate the command is done. This helps avoid getting
hit with constant errors if the driver continuously attempts to send a
command and keeps timing out.

The AST2400 and AST2500 only included registers up to 0x5C, not 0xFC.
They supported PECI 1.1, 2.0, and 3.0. The AST2600 and AST1030 support
PECI 4.0, which includes more read/write buffer registers from 0x80 to
0xFC to support 64-byte mode.

This patch doesn't attempt to handle that, or to create a different
version of the controller for the different generations, since it's only
implementing functionality that is common to all generations.

The basic sequence of events is that the firmware will read and write to
various registers and then trigger a command by setting the FIRE bit in
the command register (similar to the I2C controller).

Then the firmware waits for an interrupt from the PECI controller,
expecting the interrupt status register to be filled in with info on
what happened. If the command was transmitted and received successfully,
then response codes from the host CPU will be found in the data buffer
registers.

Signed-off-by: Peter Delevoryas <pdel@fb.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220630045133.32251-12-me@pjd.dev>
[ clg: s/sysbus_mmio_map/aspeed_mmio_map/ ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:14 +02:00
Peter Delevoryas 1c5d909f88 hw/i2c/aspeed: Add new-registers DMA slave mode RX support
This commit adds support for DMA RX in slave mode while using the new
register set in the AST2600 and AST1030. This patch also pretty much
assumes packet mode is enabled, I'm not sure if this will work in DMA
step mode.

This is particularly useful for testing IPMB exchanges between Zephyr
and external devices, which requires multi-master I2C support and DMA in
the new register mode, because the Zephyr drivers from Aspeed use DMA in
the new mode by default. The Zephyr drivers are also using packet mode.

The typical sequence of events for receiving data in DMA slave + packet
mode is that the Zephyr firmware will configure the slave address
register with an address to receive on and configure the bus's function
control register to enable master mode and slave mode simultaneously at
startup, before any transfers are initiated.

RX DMA is enabled in the slave mode command register, and the slave RX
DMA buffer address and slave RX DMA buffer length are set. TX DMA is not
covered in this patch.

When the Aspeed I2C controller receives data from some other I2C master,
it will reset the I2CS_DMA_LEN RX_LEN value to zero, then buffer
incoming data in the RX DMA buffer while incrementing the I2CC_DMA_ADDR
address counter and decrementing the I2CC_DMA_LEN counter. It will also
update the I2CS_DMA_LEN RX_LEN value along the way.

Once all the data has been received, the bus controller will raise an
interrupt indicating a packet command was completed, the slave address
matched, a normal stop condition was seen, and the transfer was an RX
operation.

If the master sent a NACK instead of a normal stop condition, or the
transfer timed out, then a slightly different set of interrupt status
values would be set. Those conditions are not handled in this commit.

The Zephyr firmware then collects data from the RX DMA buffer and clears
the status register by writing the PKT_MODE_EN bit to the status
register. In packet mode, clearing the packet mode interrupt enable bit
also clears most of the other interrupt bits automatically (except for a
few bits above it).

Note: if the master transmit or receive functions were in use
simultaneously with the slave mode receive functionality, then the
master mode functions may have raised the interrupt line for the bus
before the DMA slave transfer is complete. It's important to have the
slave's interrupt status register clear throughout the receive
operation, and if the slave attempts to raise the interrupt before the
master interrupt status is cleared, then it needs to re-raise the
interrupt once the master interrupt status is cleared. (And vice-versa).
That's why in this commit, when the master interrupt status is cleared
and the interrupt line is lowered, we call the slave interrupt _raise_
function, to see if the interrupt was pending. (And again, vice-versa).

Signed-off-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20220630045133.32251-8-me@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:14 +02:00
Klaus Jensen a8d48f59cd hw/i2c/aspeed: add slave device in old register mode
Add slave mode functionality for the Aspeed I2C controller in old
register mode. This is implemented by realizing an I2C slave device
owned by the I2C controller and attached to its own bus.

The I2C slave device only implements asynchronous sends on the bus, so
slaves not supporting that will not be able to communicate with it.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
[ clg: checkpatch fixes ]
Message-Id: <20220601210831.67259-6-its@irrelevant.dk>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220630045133.32251-7-me@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:14 +02:00
Klaus Jensen a78e9839ae hw/i2c: add asynchronous send
Add an asynchronous version of i2c_send() that requires the slave to
explicitly acknowledge on the bus with i2c_ack().

The current master must use the new i2c_start_send_async() to indicate
that it wants to do an asynchronous transfer. This allows the i2c core
to check if the target slave supports this or not. This approach relies
on adding a new enum i2c_event member, which is why a bunch of other
devices needs changes in their event handling switches.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Message-Id: <20220601210831.67259-5-its@irrelevant.dk>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220630045133.32251-6-me@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:14 +02:00
Klaus Jensen 37fa5ca426 hw/i2c: support multiple masters
Allow slaves to master the bus by registering a bottom halve. If the bus
is busy, the bottom half is queued up. When a slave has succesfully
mastered the bus, the bottom half is scheduled.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
[ clg : - fixed typos in commit log ]
Message-Id: <20220601210831.67259-4-its@irrelevant.dk>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220630045133.32251-5-me@pjd.dev>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:14 +02:00
Peter Delevoryas 0c0f1bee6a hw/i2c/aspeed: Fix MASTER_EN missing error message
aspeed_i2c_bus_is_master is checking if master mode is enabled in the I2C
bus controller's function-control register, not that slave mode is enabled
or something.  The error here is that the guest is trying to trigger an I2C
master mode command while master mode is not enabled.

Fixes: ba2cccd64e ("aspeed: i2c: Add new mode support")
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20220630045133.32251-4-me@pjd.dev>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:14 +02:00
Peter Delevoryas b582b7a191 hw/i2c/aspeed: Fix DMA len write-enable bit handling
I noticed i2c rx transfers were getting shortened to "1" on Zephyr. It
seems to be because the Zephyr i2c driver sets the RX DMA len with the
RX field write-enable bit set (bit 31) to avoid a read-modify-write. [1]

/* 0x1C : I2CM Master DMA Transfer Length Register   */

I think we should be checking the write-enable bits on the incoming
value, not checking the register array. I'm not sure we're even writing
the write-enable bits to the register array, actually.

[1] db3dbcc9c5/drivers/i2c/i2c_aspeed.c (L145-L148)

Fixes: ba2cccd64e ("aspeed: i2c: Add new mode support")
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20220630045133.32251-3-me@pjd.dev>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Peter Delevoryas ceb3ff0e80 hw/i2c/aspeed: Fix R_I2CD_FUN_CTRL reference
Very minor, doesn't effect functionality, but this is supposed to be
R_I2CC_FUN_CTRL (new-mode, not old-mode).

Fixes: ba2cccd64e ("aspeed: i2c: Add new mode support")
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20220630045133.32251-2-me@pjd.dev>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Jae Hyun Yoo 2a7a5d5cc4 hw/arm/aspeed: firework: add I2C MUXes for VR channels
Add 2-level cascaded I2C MUXes for SOC VR channels into the Firework
machine.

Signed-off-by: Jae Hyun Yoo <quic_jaehyoo@quicinc.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220627154703.148943-8-quic_jaehyoo@quicinc.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Maheswara Kurapati cfc68f1639 hw/arm/aspeed: firework: Add Thermal Diodes
Add Thermal Diodes for Firework machine.

Signed-off-by: Maheswara Kurapati <quic_mkurapat@quicinc.com>
Signed-off-by: Jae Hyun Yoo <quic_jaehyoo@quicinc.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220627154703.148943-7-quic_jaehyoo@quicinc.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Maheswara Kurapati 2a75e8c390 hw/arm/aspeed: Add MAX31785 Fan controllers
Add MAX31785 fan controllers in machines so that the Linux driver
populates the sysfs interface.

Firework has two MAX31785 Fan controllers at 0x52, and 0x54 on bus 9.
Witherspoon has one at 0x52 on bus 3.
Rainier has one at 0x52 on bus 7.

Signed-off-by: Maheswara Kurapati <quic_mkurapat@quicinc.com>
Signed-off-by: Jae Hyun Yoo <quic_jaehyoo@quicinc.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220627154703.148943-6-quic_jaehyoo@quicinc.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Maheswara Kurapati 6236548284 hw/sensor: add Maxim MAX31785 device
MAX31785 is a PMBus compliant 6-Channel fan controller. It supports 6 fan
channels, 11 temperature sensors, and 6-Channel ADC to measure the remote
voltages. Datasheet can be found here:
https://datasheets.maximintegrated.com/en/ds/MAX31785.pdf

This initial version of the driver has skeleton and support for the
fan channels. Requests for temperature sensors, and ADC Channels the
are serviced with the default values as per the datasheet.  No additional
instrumentation is done. NV Log feature is not supported.

Signed-off-by: Maheswara Kurapati <quic_mkurapat@quicinc.com>
Signed-off-by: Jae Hyun Yoo <quic_jaehyoo@quicinc.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220627154703.148943-5-quic_jaehyoo@quicinc.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Maheswara Kurapati dd0b3271e5 hw/i2c: pmbus: Page #255 is valid page for read requests.
Current implementation of the pmbus core driver treats the read request
for page 255 as invalid request and sets the invalid command bit (bit 7)
in the STATUS_CML register. As per the PMBus specification it is a valid
request.

Refer to the PMBus specification, revision 1.3.1, section 11.10 PAGE,
on the page 58:
  "Setting the PAGE to FFh means that all subsequent comands are to be
   applied to all outputs.

   Some commands, such as READ_TEMPERATURE, may use a common sensor but
   be available on all pages of a device. Such implementations are the
   decision of each device manufacturer or are specified in a PMBus
   Application Profile. Consult the manufacturer's documents or the
   Application Profile Specification as needed."

For e.g.,
The VOUT_MODE is a valid command for page 255 for maxim 31785 device.
refer to Table 1. PMBus Command Codes on page 14 in the datasheet.
https://datasheets.maximintegrated.com/en/ds/MAX31785.pdf

Fixes: 38870253f1 ("hw/i2c: pmbus: fix error returns and guard against out of range accesses")

Signed-off-by: Maheswara Kurapati <quic_mkurapat@quicinc.com>
Signed-off-by: Jae Hyun Yoo <quic_jaehyoo@quicinc.com>
Reviewed-by: Titus Rwantare <titusr@google.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220627154703.148943-4-quic_jaehyoo@quicinc.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Graeme Gregory ece4cccd67 hw/arm/aspeed: add Qualcomm Firework BMC machine
Add base for Qualcomm Firework BMC machine.

Signed-off-by: Graeme Gregory <quic_ggregory@quicinc.com>
Signed-off-by: Jae Hyun Yoo <quic_jaehyoo@quicinc.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220627154703.148943-3-quic_jaehyoo@quicinc.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Jae Hyun Yoo fb6b3c8d90 hw/arm/aspeed: add support for the Qualcomm DC-SCM v1 board
Add qcom-dc-scm-v1 board support.

Signed-off-by: Jae Hyun Yoo <quic_jaehyoo@quicinc.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220627154703.148943-2-quic_jaehyoo@quicinc.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Peter Delevoryas 85f0e0c3a1 aspeed: Remove use of qemu_get_cpu
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220624003701.1363500-6-pdel@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Peter Delevoryas 80beb08567 aspeed: Map unimplemented devices in SoC memory
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220624003701.1363500-5-pdel@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Peter Delevoryas 5bfcbda70d aspeed: Remove usage of sysbus_mmio_map
sysbus_mmio_map maps devices into "get_system_memory()".

With the new SoC memory attribute, we want to make sure that each device is
mapped into the SoC memory.

In single SoC machines, the SoC memory is the same as "get_system_memory()",
but in multi SoC machines it will be different.

Signed-off-by: Peter Delevoryas <pdel@fb.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220624003701.1363500-4-pdel@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Peter Delevoryas 4dd9d55416 aspeed: Add memory property to Aspeed SoC
Multi-SoC machines can use this property to specify a memory container
for each SoC. Single SoC machines will just specify get_system_memory().

Signed-off-by: Peter Delevoryas <pdel@fb.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220624003701.1363500-3-pdel@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Peter Delevoryas e37976d733 aspeed: Set CPU memory property explicitly
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20220624003701.1363500-2-pdel@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Cédric Le Goater 75dbf30be8 aspeed/smc: Fix potential overflow
Coverity warns that "ssi_transfer(s->spi, 0U) << 8 * i" might overflow
because the expression is evaluated using 32-bit arithmetic and then
used in a context expecting a uint64_t.

Fixes: Coverity CID 1487244
Message-Id: <20220628165512.1133590-1-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Joel Stanley 0dbf6dc576 aspeed/hace: Accumulative mode supported
While the HMAC mode is not modelled, the accumulative mode is.

Accumulative mode is enabled by setting one of the bits in the HMAC
engine command mode part of the register, so fix the unimplemented check
to only look at the upper of the two bits.

Fixes: 5cd7d8564a ("aspeed/hace: Support AST2600 HACE")
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220627100816.125956-1-joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Cédric Le Goater 6743af9b10 aspeed/i2c: Change trace event for NORMAL_STOP states
Using a 'stop' string seems more appropriate than 'normal'.

Reviewed-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20220628154740.1117349-3-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Cédric Le Goater 673a6d16ee aspeed/scu: Add trace events for read ops
Reviewed-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20220628154740.1117349-2-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Cédric Le Goater 346160cbf2 aspeed: Set the dram container at the SoC level
Currently, the Aspeed machines allocate a ram container region in
which the machine ram region is mapped. See commit ad1a978218
("aspeed: add a RAM memory region container"). An extra region is
mapped after ram in the ram container to catch invalid access done by
FW. That's how FW determines the size of ram. See commit ebe31c0a8e
("aspeed: add a max_ram_size property to the memory controller").

Let's move all the logic under the SoC where it should be. It will
also ease the work on multi SoC support.

Reviewed-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20220623202123.3972977-1-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Iris Chen 2fa22a0f60 hw: m25p80: add WP# pin and SRWD bit for write protection
Signed-off-by: Iris Chen <irischenlj@gmail.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-Id: <20220621202427.2680413-1-irischenlj@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-06-30 09:21:13 +02:00
Richard Henderson 621745c4f3 trivial patches pull request 20220629
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmK8FmsSHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L7482EkP/19M/AAUkGqIdU9Dj7H46r+LEKtrT7Xu
 jNRDDrkhVQvx42mklSB+fO/ptMKUDgxvLs4mnuZFxM7SrTOb4h5jfZzyYjk73ENQ
 YZ/TLxRtxAfRCcGwso7NGyk85mwt+sBFKZXfW6qsfc9AjDphLUOblfSieeFegz69
 BUtzbMOPSMR7e54y6azJX3gCkxLytSXYgk4otSLTrL233sT7pnwPRdxKGzCTA5vs
 fRxKb4p/R05lWepcjrL2d2lB1TabsV0kqmNkHDvubVWlgyoK3Vt/1dzD1UP7CrvF
 WghlZWmxCHrmLlBb+VSDUa22kpfv5fi/feauuug+dya+s1Mlq8HZTL8VtjUJHwLL
 92xRPeP/RfEJdoQDuMKXP9DWAAYM03HGgR37cE5NMDCyHG0XRKOJ+i2P7DQLVDjW
 QyWX6bX1WV6FovdwwMnZR9OclvKtsZnb1jlfj+G2DdKXpLliDH6DkFm8mPQTM1L7
 w53iMtK88erEc+NP6+fPbbZmySvDVUcLmcTiBceZK6Vjo4oTGNrAWP+VgjBTJaz+
 71ulkJ6vo39ZnEQOUlWrL/yW+8sQNaeO1tO67HZZ8dgTvAnPwyvKq88jSMzGCNpz
 Wpcf4yVAEvU+fP3KkEaqQqmQeK/Vc+H6044O00tcLVICkpCdN/FwRjgfZanX9CIJ
 xQjxW5mkb1Z3
 =fgtJ
 -----END PGP SIGNATURE-----

Merge tag 'trivial-branch-for-7.1-pull-request' of https://gitlab.com/laurent_vivier/qemu into staging

trivial patches pull request 20220629

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmK8FmsSHGxhdXJlbnRA
# dml2aWVyLmV1AAoJEPMMOL0/L7482EkP/19M/AAUkGqIdU9Dj7H46r+LEKtrT7Xu
# jNRDDrkhVQvx42mklSB+fO/ptMKUDgxvLs4mnuZFxM7SrTOb4h5jfZzyYjk73ENQ
# YZ/TLxRtxAfRCcGwso7NGyk85mwt+sBFKZXfW6qsfc9AjDphLUOblfSieeFegz69
# BUtzbMOPSMR7e54y6azJX3gCkxLytSXYgk4otSLTrL233sT7pnwPRdxKGzCTA5vs
# fRxKb4p/R05lWepcjrL2d2lB1TabsV0kqmNkHDvubVWlgyoK3Vt/1dzD1UP7CrvF
# WghlZWmxCHrmLlBb+VSDUa22kpfv5fi/feauuug+dya+s1Mlq8HZTL8VtjUJHwLL
# 92xRPeP/RfEJdoQDuMKXP9DWAAYM03HGgR37cE5NMDCyHG0XRKOJ+i2P7DQLVDjW
# QyWX6bX1WV6FovdwwMnZR9OclvKtsZnb1jlfj+G2DdKXpLliDH6DkFm8mPQTM1L7
# w53iMtK88erEc+NP6+fPbbZmySvDVUcLmcTiBceZK6Vjo4oTGNrAWP+VgjBTJaz+
# 71ulkJ6vo39ZnEQOUlWrL/yW+8sQNaeO1tO67HZZ8dgTvAnPwyvKq88jSMzGCNpz
# Wpcf4yVAEvU+fP3KkEaqQqmQeK/Vc+H6044O00tcLVICkpCdN/FwRjgfZanX9CIJ
# xQjxW5mkb1Z3
# =fgtJ
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 29 Jun 2022 02:37:55 PM +0530
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [undefined]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [undefined]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* tag 'trivial-branch-for-7.1-pull-request' of https://gitlab.com/laurent_vivier/qemu:
  hw/i386/xen/xen-hvm: Inline xen_piix_pci_write_config_client() and remove it
  hw/i386/xen/xen-hvm: Allow for stubbing xen_set_pci_link_route()
  hw/ide/atapi.c: Correct typos (CD-CDROM -> CD-ROM)
  common-user: Only compile the common user code if have_user is set
  hw/pci-host/i440fx: Remove unused parameter from i440fx_init()
  MAINTAINERS: Add softmmu/runstate.c to "Main loop"
  trivial typos: namesapce
  Trivial: 3 char repeat typos
  util: Return void on iova_tree_remove
  qom/object: Remove circular include dependency
  vga: avoid crash if no default vga card

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-30 04:49:40 +05:30
Bernhard Beschow c379bd7551 hw/i386/xen/xen-hvm: Inline xen_piix_pci_write_config_client() and remove it
xen_piix_pci_write_config_client() is implemented in the xen sub tree and
uses PIIX constants internally, thus creating a direct dependency on
PIIX. Now that xen_set_pci_link_route() is stubbable, the logic of
xen_piix_pci_write_config_client() can be moved to PIIX which resolves
the dependency.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <20220626094656.15673-3-shentey@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-06-29 00:24:59 +02:00
Bernhard Beschow 21d87050af hw/i386/xen/xen-hvm: Allow for stubbing xen_set_pci_link_route()
The only user of xen_set_pci_link_route() is
xen_piix_pci_write_config_client() which implements PIIX-specific logic in
the xen namespace. This makes xen-hvm depend on PIIX which could be
avoided if xen_piix_pci_write_config_client() was implemented in PIIX. In
order to do this, xen_set_pci_link_route() needs to be stubbable which
this patch addresses.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <20220626094656.15673-2-shentey@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-06-29 00:24:13 +02:00
Lev Kujawski 99337bd1e3 hw/ide/atapi.c: Correct typos (CD-CDROM -> CD-ROM)
Signed-off-by: Lev Kujawski <lkujaw@member.fsf.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220528204702.167912-1-lkujaw@member.fsf.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-06-28 12:03:25 +02:00
Bernhard Beschow c92331bf04 hw/pci-host/i440fx: Remove unused parameter from i440fx_init()
pi440fx_state is an out-parameter which is never read by the caller.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220612192800.40813-1-shentey@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-06-28 11:10:33 +02:00
Dr. David Alan Gilbert a0984714fb trivial typos: namesapce
'namespace' is misspelled in a bunch of places.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Message-Id: <20220614104045.85728-3-dgilbert@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-06-28 11:06:44 +02:00
Dr. David Alan Gilbert 118d4ed045 Trivial: 3 char repeat typos
Inspired by Julia Lawall's fixing of Linux
kernel comments, I looked at qemu, although I did it manually.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Message-Id: <20220614104045.85728-2-dgilbert@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-06-28 11:06:02 +02:00
Richard Henderson 2a8835cb45 virtio: fixes
fixes all over the place
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmK6NQoPHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRp/sQIAJGiYliUHElJapM/4KSsXKWCFtk9B8wJuUie
 yeMKOdD6QSk9tk/HkYSCnMB7G6Fe+MtoE+sPm/6l5nOFqvqVVJw9vOKteWHSpQ0E
 9CgbR7s7K1MoLG9J613iB2OtAfhPrWEvSOJ6mvTAxGgxhCQw6UzC88cYfBHJ/efn
 GAhVlriSfSCRANmivjY+g4h4JFWWSMTH6m9u4wKBJF8GRkNgN+C50Z+bp8aE7wRT
 KiMoaaYUDOjxzD+8nGYggg/t+UIM7jG2t8M5BMbC0NMP+ovVZeesWK6ZOzoda2tI
 ZONV0dLikLCicyOvfMH6YDqzGtchCDmS0hpfuorhlzsntm42RBM=
 =T+gr
 -----END PGP SIGNATURE-----

Merge tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio: fixes

fixes all over the place

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmK6NQoPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRp/sQIAJGiYliUHElJapM/4KSsXKWCFtk9B8wJuUie
# yeMKOdD6QSk9tk/HkYSCnMB7G6Fe+MtoE+sPm/6l5nOFqvqVVJw9vOKteWHSpQ0E
# 9CgbR7s7K1MoLG9J613iB2OtAfhPrWEvSOJ6mvTAxGgxhCQw6UzC88cYfBHJ/efn
# GAhVlriSfSCRANmivjY+g4h4JFWWSMTH6m9u4wKBJF8GRkNgN+C50Z+bp8aE7wRT
# KiMoaaYUDOjxzD+8nGYggg/t+UIM7jG2t8M5BMbC0NMP+ovVZeesWK6ZOzoda2tI
# ZONV0dLikLCicyOvfMH6YDqzGtchCDmS0hpfuorhlzsntm42RBM=
# =T+gr
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 28 Jun 2022 04:24:02 AM +0530
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
  include/hw/virtio: document vhost_ack_features
  include/hw/virtio: document vhost_get_features
  contrib/vhost-user-blk: fix 32 bit build and enable
  MAINTAINERS: Collect memory device files in "Memory devices"
  libvhost-user: Fix VHOST_USER_ADD_MEM_REG reply
  libvhost-user: Fix VHOST_USER_GET_MAX_MEM_SLOTS reply
  docs/vhost-user: Fix mismerge
  virtio-iommu: Fix migration regression
  vhost: setup error eventfd and dump errors
  vhost: add method vhost_set_vring_err
  msi: fix MSI vector limit check in msi_set_mask()
  virtio-iommu: Fix the partial copy of probe request

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28 11:51:07 +05:30
Zhenzhong Duan d355566bd9 virtio-iommu: Fix migration regression
We also need to switch to the right address space on dest side
after loading the device status. DMA to wrong address space is
destructive.

Fixes: 3facd774962fd ("virtio-iommu: Add bypass mode support to assigned device")
Suggested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Message-Id: <20220624093740.3525267-1-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
2022-06-27 18:53:18 -04:00