From 5ca66278c859bb1ded243755aeead2be6992ce73 Mon Sep 17 00:00:00 2001 From: "Emilio G. Cota" Date: Mon, 13 Nov 2017 13:55:24 +0000 Subject: [PATCH 1/9] arm/translate-a64: mark path as unreachable to eliminate warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes the following warning when compiling with gcc 5.4.0 with -O1 optimizations and --enable-debug: target/arm/translate-a64.c: In function ‘aarch64_tr_translate_insn’: target/arm/translate-a64.c:2361:8: error: ‘post_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized] if (!post_index) { ^ target/arm/translate-a64.c:2307:10: note: ‘post_index’ was declared here bool post_index; ^ target/arm/translate-a64.c:2386:8: error: ‘writeback’ may be used uninitialized in this function [-Werror=maybe-uninitialized] if (writeback) { ^ target/arm/translate-a64.c:2308:10: note: ‘writeback’ was declared here bool writeback; ^ Note that idx comes from selecting 2 bits, and therefore its value can be at most 3. Signed-off-by: Emilio G. Cota Acked-by: Philippe Mathieu-Daudé Message-id: 1510087611-1851-1-git-send-email-cota@braap.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target/arm/translate-a64.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index caca05aa41..625ef2dfd2 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -2351,6 +2351,8 @@ static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn, post_index = false; writeback = true; break; + default: + g_assert_not_reached(); } if (rn == 31) { From c5c752af8cddad3e4e51acef40a46db998638144 Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Mon, 13 Nov 2017 13:55:24 +0000 Subject: [PATCH 2/9] highbank: validate register offset before access An 'offset' parameter sent to highbank register r/w functions could be greater than number(NUM_REGS=0x200) of hb registers, leading to an OOB access issue. Add check to avoid it. Reported-by: Moguofang (Dennis mo) Signed-off-by: Prasad J Pandit Message-id: 20171113062658.9697-1-ppandit@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/highbank.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c index 354c6b25a8..287392bbdc 100644 --- a/hw/arm/highbank.c +++ b/hw/arm/highbank.c @@ -34,6 +34,7 @@ #include "hw/ide/ahci.h" #include "hw/cpu/a9mpcore.h" #include "hw/cpu/a15mpcore.h" +#include "qemu/log.h" #define SMP_BOOT_ADDR 0x100 #define SMP_BOOT_REG 0x40 @@ -117,14 +118,26 @@ static void hb_regs_write(void *opaque, hwaddr offset, } } - regs[offset/4] = value; + if (offset / 4 >= NUM_REGS) { + qemu_log_mask(LOG_GUEST_ERROR, + "highbank: bad write offset 0x%" HWADDR_PRIx "\n", offset); + return; + } + regs[offset / 4] = value; } static uint64_t hb_regs_read(void *opaque, hwaddr offset, unsigned size) { + uint32_t value; uint32_t *regs = opaque; - uint32_t value = regs[offset/4]; + + if (offset / 4 >= NUM_REGS) { + qemu_log_mask(LOG_GUEST_ERROR, + "highbank: bad read offset 0x%" HWADDR_PRIx "\n", offset); + return 0; + } + value = regs[offset / 4]; if ((offset == 0x100) || (offset == 0x108) || (offset == 0x10C)) { value |= 0x30000000; From 670bc4cbdab9a36a3df45667fbaea4d4cebda99f Mon Sep 17 00:00:00 2001 From: Subbaraya Sundeep Date: Mon, 13 Nov 2017 13:55:25 +0000 Subject: [PATCH 3/9] MAINTAINERS: Add entries for Smartfusion2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Voluntarily add myself as maintainer for Smartfusion2 Signed-off-by: Subbaraya Sundeep Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-id: 1510552520-3566-1-git-send-email-sundeep.lkml@gmail.com Signed-off-by: Peter Maydell --- MAINTAINERS | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 0cd4d028aa..ffd77b461c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -564,6 +564,23 @@ M: Alistair Francis S: Maintained F: hw/arm/netduino2.c +SmartFusion2 +M: Subbaraya Sundeep +S: Maintained +F: hw/arm/msf2-soc.c +F: hw/misc/msf2-sysreg.c +F: hw/timer/mss-timer.c +F: hw/ssi/mss-spi.c +F: include/hw/arm/msf2-soc.h +F: include/hw/misc/msf2-sysreg.h +F: include/hw/timer/mss-timer.h +F: include/hw/ssi/mss-spi.h + +Emcraft M2S-FG484 +M: Subbaraya Sundeep +S: Maintained +F: hw/arm/msf2-som.c + CRIS Machines ------------- Axis Dev88 From 2dda635410e95843562e5257a8f173e7115a7a1e Mon Sep 17 00:00:00 2001 From: "Emilio G. Cota" Date: Mon, 13 Nov 2017 13:55:25 +0000 Subject: [PATCH 4/9] qom: move CPUClass.tcg_initialize to a global 55c3cee ("qom: Introduce CPUClass.tcg_initialize", 2017-10-24) introduces a per-CPUClass bool that we check so that the target CPU is initialized for TCG only once. This works well except when we end up creating more than one CPUClass, in which case we end up incorrectly initializing TCG more than once, i.e. once for each CPUClass. This can be replicated with: $ aarch64-softmmu/qemu-system-aarch64 -machine xlnx-zcu102 -smp 6 \ -global driver=xlnx,,zynqmp,property=has_rpu,value=on In this case the class name of the "RPUs" is prefixed by "cortex-r5-", whereas the "regular" CPUs are prefixed by "cortex-a53-". This results in two CPUClass instances being created. Fix it by introducing a static variable, so that only the first target CPU being initialized will initialize the target-dependent part of TCG, regardless of CPUClass instances. Fixes: 55c3ceef61fcf06fc98ddc752b7cce788ce7680b Signed-off-by: Emilio G. Cota Reviewed-by: Eduardo Habkost Reviewed-by: Alistair Francis Reviewed-by: Richard Henderson Tested-by: Alistair Francis Message-id: 1510343626-25861-2-git-send-email-cota@braap.org Signed-off-by: Peter Maydell --- exec.c | 5 +++-- include/qom/cpu.h | 1 - 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/exec.c b/exec.c index 97a24a875e..8b579c0cd9 100644 --- a/exec.c +++ b/exec.c @@ -792,11 +792,12 @@ void cpu_exec_initfn(CPUState *cpu) void cpu_exec_realizefn(CPUState *cpu, Error **errp) { CPUClass *cc = CPU_GET_CLASS(cpu); + static bool tcg_target_initialized; cpu_list_add(cpu); - if (tcg_enabled() && !cc->tcg_initialized) { - cc->tcg_initialized = true; + if (tcg_enabled() && !tcg_target_initialized) { + tcg_target_initialized = true; cc->tcg_initialize(); } diff --git a/include/qom/cpu.h b/include/qom/cpu.h index fa4b0c9dba..c2fa151228 100644 --- a/include/qom/cpu.h +++ b/include/qom/cpu.h @@ -209,7 +209,6 @@ typedef struct CPUClass { /* Keep non-pointer data at the end to minimize holes. */ int gdb_num_core_regs; bool gdb_stop_before_watchpoint; - bool tcg_initialized; } CPUClass; #ifdef HOST_WORDS_BIGENDIAN From 6908ec448b4d5fbf98c99a245b7176e39b460130 Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Mon, 13 Nov 2017 13:55:26 +0000 Subject: [PATCH 5/9] xlnx-zynqmp: Properly support the smp command line option Allow the -smp command line option to control the number of CPUs we create. Signed-off-by: Alistair Francis Reviewed-by: Eduardo Habkost Reviewed-by: Emilio G. Cota Tested-by: Emilio G. Cota Message-id: 1510343626-25861-3-git-send-email-cota@braap.org Signed-off-by: Peter Maydell --- hw/arm/xlnx-zcu102.c | 3 ++- hw/arm/xlnx-zynqmp.c | 26 ++++++++++++++++---------- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c index e2d15a1c9d..7ec03dad42 100644 --- a/hw/arm/xlnx-zcu102.c +++ b/hw/arm/xlnx-zcu102.c @@ -235,7 +235,8 @@ static void xlnx_zcu102_machine_class_init(ObjectClass *oc, void *data) { MachineClass *mc = MACHINE_CLASS(oc); - mc->desc = "Xilinx ZynqMP ZCU102 board"; + mc->desc = "Xilinx ZynqMP ZCU102 board with 4xA53s and 2xR5s based on " \ + "the value of smp"; mc->init = xlnx_zcu102_init; mc->block_default_type = IF_IDE; mc->units_per_default_bus = 1; diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c index d4b6560194..c707c66322 100644 --- a/hw/arm/xlnx-zynqmp.c +++ b/hw/arm/xlnx-zynqmp.c @@ -98,8 +98,9 @@ static void xlnx_zynqmp_create_rpu(XlnxZynqMPState *s, const char *boot_cpu, { Error *err = NULL; int i; + int num_rpus = MIN(smp_cpus - XLNX_ZYNQMP_NUM_APU_CPUS, XLNX_ZYNQMP_NUM_RPU_CPUS); - for (i = 0; i < XLNX_ZYNQMP_NUM_RPU_CPUS; i++) { + for (i = 0; i < num_rpus; i++) { char *name; object_initialize(&s->rpu_cpu[i], sizeof(s->rpu_cpu[i]), @@ -132,8 +133,9 @@ static void xlnx_zynqmp_init(Object *obj) { XlnxZynqMPState *s = XLNX_ZYNQMP(obj); int i; + int num_apus = MIN(smp_cpus, XLNX_ZYNQMP_NUM_APU_CPUS); - for (i = 0; i < XLNX_ZYNQMP_NUM_APU_CPUS; i++) { + for (i = 0; i < num_apus; i++) { object_initialize(&s->apu_cpu[i], sizeof(s->apu_cpu[i]), "cortex-a53-" TYPE_ARM_CPU); object_property_add_child(obj, "apu-cpu[*]", OBJECT(&s->apu_cpu[i]), @@ -182,6 +184,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp) MemoryRegion *system_memory = get_system_memory(); uint8_t i; uint64_t ram_size; + int num_apus = MIN(smp_cpus, XLNX_ZYNQMP_NUM_APU_CPUS); const char *boot_cpu = s->boot_cpu ? s->boot_cpu : "apu-cpu[0]"; ram_addr_t ddr_low_size, ddr_high_size; qemu_irq gic_spi[GIC_NUM_SPI_INTR]; @@ -233,10 +236,10 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp) qdev_prop_set_uint32(DEVICE(&s->gic), "num-irq", GIC_NUM_SPI_INTR + 32); qdev_prop_set_uint32(DEVICE(&s->gic), "revision", 2); - qdev_prop_set_uint32(DEVICE(&s->gic), "num-cpu", XLNX_ZYNQMP_NUM_APU_CPUS); + qdev_prop_set_uint32(DEVICE(&s->gic), "num-cpu", num_apus); /* Realize APUs before realizing the GIC. KVM requires this. */ - for (i = 0; i < XLNX_ZYNQMP_NUM_APU_CPUS; i++) { + for (i = 0; i < num_apus; i++) { char *name; object_property_set_int(OBJECT(&s->apu_cpu[i]), QEMU_PSCI_CONDUIT_SMC, @@ -292,7 +295,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp) } } - for (i = 0; i < XLNX_ZYNQMP_NUM_APU_CPUS; i++) { + for (i = 0; i < num_apus; i++) { qemu_irq irq; sysbus_connect_irq(SYS_BUS_DEVICE(&s->gic), i, @@ -307,11 +310,14 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp) } if (s->has_rpu) { - xlnx_zynqmp_create_rpu(s, boot_cpu, &err); - if (err) { - error_propagate(errp, err); - return; - } + info_report("The 'has_rpu' property is no longer required, to use the " + "RPUs just use -smp 6."); + } + + xlnx_zynqmp_create_rpu(s, boot_cpu, &err); + if (err) { + error_propagate(errp, err); + return; } if (!s->boot_cpu_ptr) { From 83926ad52789bc13d5b4bbd1fd3366e5bace9a3b Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Mon, 13 Nov 2017 13:55:26 +0000 Subject: [PATCH 6/9] xlnx-zcu102: Add an info message deprecating the EP108 The EP108 was an early access development board that is no longer used. Add an info message to convert any users to the ZCU102 instead. On QEMU they are both identical. This patch also updated the qemu-doc.texi file to indicate that the EP108 has been deprecated. Signed-off-by: Alistair Francis Reviewed-by: Emilio G. Cota Message-id: 1510343626-25861-4-git-send-email-cota@braap.org Signed-off-by: Peter Maydell --- hw/arm/xlnx-zcu102.c | 3 +++ qemu-doc.texi | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c index 7ec03dad42..adddd234a1 100644 --- a/hw/arm/xlnx-zcu102.c +++ b/hw/arm/xlnx-zcu102.c @@ -164,6 +164,9 @@ static void xlnx_ep108_init(MachineState *machine) { XlnxZCU102 *s = EP108_MACHINE(machine); + info_report("The Xilinx EP108 machine is deprecated, please use the " + "ZCU102 machine instead. It has the same features supported."); + xlnx_zynqmp_init(s, machine); } diff --git a/qemu-doc.texi b/qemu-doc.texi index 8c10956a66..d383ac44d4 100644 --- a/qemu-doc.texi +++ b/qemu-doc.texi @@ -2537,6 +2537,13 @@ or ``ivshmem-doorbell`` device types. The ``spapr-pci-vfio-host-bridge'' device type is replaced by the ``spapr-pci-host-bridge'' device type. +@section System emulator machines + +@subsection Xilinx EP108 (since 2.11.0) + +The ``xlnx-ep108'' machine has been replaced by the ``xlnx-zcu102'' machine. +The ``xlnx-zcu102'' machine has the same features and capabilites in QEMU. + @node License @appendix License From 1342b0355ed943ca4ad4e67e03390b69476b8a6b Mon Sep 17 00:00:00 2001 From: "Emilio G. Cota" Date: Mon, 13 Nov 2017 13:55:26 +0000 Subject: [PATCH 7/9] xlnx-zcu102: Specify the max number of CPUs for the EP108 Just like the zcu102, the ep108 can instantiate several CPUs. Signed-off-by: Emilio G. Cota Reviewed-by: Alistair Francis Message-id: 1510343626-25861-5-git-send-email-cota@braap.org Signed-off-by: Peter Maydell --- hw/arm/xlnx-zcu102.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c index adddd234a1..190eb697ef 100644 --- a/hw/arm/xlnx-zcu102.c +++ b/hw/arm/xlnx-zcu102.c @@ -188,6 +188,7 @@ static void xlnx_ep108_machine_class_init(ObjectClass *oc, void *data) mc->block_default_type = IF_IDE; mc->units_per_default_bus = 1; mc->ignore_memory_transaction_failures = true; + mc->max_cpus = XLNX_ZYNQMP_NUM_APU_CPUS + XLNX_ZYNQMP_NUM_RPU_CPUS; } static const TypeInfo xlnx_ep108_machine_init_typeinfo = { From 7264961934130df50d151def5eb415efa2e28ec5 Mon Sep 17 00:00:00 2001 From: "Emilio G. Cota" Date: Mon, 13 Nov 2017 13:55:27 +0000 Subject: [PATCH 8/9] hw: add .min_cpus and .default_cpus fields to machine_class max_cpus needs to be an upper bound on the number of vCPUs initialized; otherwise TCG region initialization breaks. Some boards initialize a hard-coded number of vCPUs, which is not captured by the global max_cpus and therefore breaks TCG initialization. Fix it by adding the .min_cpus field to machine_class. This commit also changes some user-facing behaviour: we now die if -smp is below this hard-coded vCPU minimum instead of silently ignoring the passed -smp value (sometimes announcing this by printing a warning). However, the introduction of .default_cpus lessens the likelihood that users will notice this: if -smp isn't set, we now assign the value in .default_cpus to both smp_cpus and max_cpus. IOW, if a user does not set -smp, they always get a correct number of vCPUs. This change fixes 3468b59 ("tcg: enable multiple TCG contexts in softmmu", 2017-10-24), which broke TCG initialization for some ARM boards. Fixes: 3468b59e18b179bc63c7ce934de912dfa9596122 Reported-by: Thomas Huth Reviewed-by: Eduardo Habkost Reviewed-by: Alistair Francis Signed-off-by: Emilio G. Cota Message-id: 1510343626-25861-6-git-send-email-cota@braap.org Suggested-by: Peter Maydell Signed-off-by: Emilio G. Cota Signed-off-by: Peter Maydell --- hw/arm/exynos4_boards.c | 12 ++++-------- hw/arm/raspi.c | 2 ++ hw/arm/xlnx-zcu102.c | 2 ++ include/hw/boards.h | 5 +++++ vl.c | 21 ++++++++++++++++++--- 5 files changed, 31 insertions(+), 11 deletions(-) diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c index f1441ec6cf..750162cc95 100644 --- a/hw/arm/exynos4_boards.c +++ b/hw/arm/exynos4_boards.c @@ -27,7 +27,6 @@ #include "qemu-common.h" #include "cpu.h" #include "sysemu/sysemu.h" -#include "sysemu/qtest.h" #include "hw/sysbus.h" #include "net/net.h" #include "hw/arm/arm.h" @@ -129,13 +128,6 @@ exynos4_boards_init_common(MachineState *machine, Exynos4BoardType board_type) { Exynos4BoardState *s = g_new(Exynos4BoardState, 1); - MachineClass *mc = MACHINE_GET_CLASS(machine); - - if (smp_cpus != EXYNOS4210_NCPUS && !qtest_enabled()) { - error_report("%s board supports only %d CPU cores, ignoring smp_cpus" - " value", - mc->name, EXYNOS4210_NCPUS); - } exynos4_board_binfo.ram_size = exynos4_board_ram_size[board_type]; exynos4_board_binfo.board_id = exynos4_board_id[board_type]; @@ -189,6 +181,8 @@ static void nuri_class_init(ObjectClass *oc, void *data) mc->desc = "Samsung NURI board (Exynos4210)"; mc->init = nuri_init; mc->max_cpus = EXYNOS4210_NCPUS; + mc->min_cpus = EXYNOS4210_NCPUS; + mc->default_cpus = EXYNOS4210_NCPUS; mc->ignore_memory_transaction_failures = true; } @@ -205,6 +199,8 @@ static void smdkc210_class_init(ObjectClass *oc, void *data) mc->desc = "Samsung SMDKC210 board (Exynos4210)"; mc->init = smdkc210_init; mc->max_cpus = EXYNOS4210_NCPUS; + mc->min_cpus = EXYNOS4210_NCPUS; + mc->default_cpus = EXYNOS4210_NCPUS; mc->ignore_memory_transaction_failures = true; } diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index 5941c9f751..cd5fa8c3dc 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -167,6 +167,8 @@ static void raspi2_machine_init(MachineClass *mc) mc->no_floppy = 1; mc->no_cdrom = 1; mc->max_cpus = BCM2836_NCPUS; + mc->min_cpus = BCM2836_NCPUS; + mc->default_cpus = BCM2836_NCPUS; mc->default_ram_size = 1024 * 1024 * 1024; mc->ignore_memory_transaction_failures = true; }; diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c index 190eb697ef..9631a53847 100644 --- a/hw/arm/xlnx-zcu102.c +++ b/hw/arm/xlnx-zcu102.c @@ -189,6 +189,7 @@ static void xlnx_ep108_machine_class_init(ObjectClass *oc, void *data) mc->units_per_default_bus = 1; mc->ignore_memory_transaction_failures = true; mc->max_cpus = XLNX_ZYNQMP_NUM_APU_CPUS + XLNX_ZYNQMP_NUM_RPU_CPUS; + mc->default_cpus = XLNX_ZYNQMP_NUM_APU_CPUS; } static const TypeInfo xlnx_ep108_machine_init_typeinfo = { @@ -246,6 +247,7 @@ static void xlnx_zcu102_machine_class_init(ObjectClass *oc, void *data) mc->units_per_default_bus = 1; mc->ignore_memory_transaction_failures = true; mc->max_cpus = XLNX_ZYNQMP_NUM_APU_CPUS + XLNX_ZYNQMP_NUM_RPU_CPUS; + mc->default_cpus = XLNX_ZYNQMP_NUM_APU_CPUS; } static const TypeInfo xlnx_zcu102_machine_init_typeinfo = { diff --git a/include/hw/boards.h b/include/hw/boards.h index 191a5b3cd8..62f160e0aa 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -102,6 +102,9 @@ typedef struct { /** * MachineClass: + * @max_cpus: maximum number of CPUs supported. Default: 1 + * @min_cpus: minimum number of CPUs supported. Default: 1 + * @default_cpus: number of CPUs instantiated if none are specified. Default: 1 * @get_hotplug_handler: this function is called during bus-less * device hotplug. If defined it returns pointer to an instance * of HotplugHandler object, which handles hotplug operation @@ -167,6 +170,8 @@ struct MachineClass { BlockInterfaceType block_default_type; int units_per_default_bus; int max_cpus; + int min_cpus; + int default_cpus; unsigned int no_serial:1, no_parallel:1, use_virtcon:1, diff --git a/vl.c b/vl.c index ec299099ff..7372424fa7 100644 --- a/vl.c +++ b/vl.c @@ -160,8 +160,8 @@ Chardev *virtcon_hds[MAX_VIRTIO_CONSOLES]; Chardev *sclp_hds[MAX_SCLP_CONSOLES]; int win2k_install_hack = 0; int singlestep = 0; -int smp_cpus = 1; -unsigned int max_cpus = 1; +int smp_cpus; +unsigned int max_cpus; int smp_cores = 1; int smp_threads = 1; int acpi_enabled = 1; @@ -4327,9 +4327,24 @@ int main(int argc, char **argv, char **envp) exit(0); } + /* machine_class: default to UP */ + machine_class->max_cpus = machine_class->max_cpus ?: 1; + machine_class->min_cpus = machine_class->min_cpus ?: 1; + machine_class->default_cpus = machine_class->default_cpus ?: 1; + + /* default to machine_class->default_cpus */ + smp_cpus = machine_class->default_cpus; + max_cpus = machine_class->default_cpus; + smp_parse(qemu_opts_find(qemu_find_opts("smp-opts"), NULL)); - machine_class->max_cpus = machine_class->max_cpus ?: 1; /* Default to UP */ + /* sanity-check smp_cpus and max_cpus against machine_class */ + if (smp_cpus < machine_class->min_cpus) { + error_report("Invalid SMP CPUs %d. The min CPUs " + "supported by machine '%s' is %d", smp_cpus, + machine_class->name, machine_class->min_cpus); + exit(1); + } if (max_cpus > machine_class->max_cpus) { error_report("Invalid SMP CPUs %d. The max CPUs " "supported by machine '%s' is %d", max_cpus, From d25f2a72272b9ffe0d06710d6217d1169bc2cc7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Mon, 13 Nov 2017 13:55:27 +0000 Subject: [PATCH 9/9] accel/tcg/translate-all: expand cpu_restore_state addr check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We are still seeing signals during translation time when we walk over a page protection boundary. This expands the check to ensure the host PC is inside the code generation buffer. The original suggestion was to check versus tcg_ctx.code_gen_ptr but as we now segment the translation buffer we have to settle for just a general check for being inside. I've also fixed up the declaration to make it clear it can deal with invalid addresses. A later patch will fix up the call sites. Signed-off-by: Alex Bennée Reported-by: Peter Maydell Reviewed-by: Laurent Vivier Reviewed-by: Richard Henderson Message-id: 20171108153245.20740-2-alex.bennee@linaro.org Suggested-by: Paolo Bonzini Cc: Richard Henderson Tested-by: Peter Maydell Signed-off-by: Peter Maydell --- accel/tcg/translate-all.c | 50 ++++++++++++++++++++++----------------- include/exec/exec-all.h | 11 +++++++++ 2 files changed, 39 insertions(+), 22 deletions(-) diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c index 34c5e28d07..e7f0329a52 100644 --- a/accel/tcg/translate-all.c +++ b/accel/tcg/translate-all.c @@ -352,36 +352,42 @@ static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb, return 0; } -bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr) +bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc) { TranslationBlock *tb; bool r = false; + uintptr_t check_offset; - /* A retaddr of zero is invalid so we really shouldn't have ended - * up here. The target code has likely forgotten to check retaddr - * != 0 before attempting to restore state. We return early to - * avoid blowing up on a recursive tb_lock(). The target must have - * previously survived a failed cpu_restore_state because - * tb_find_pc(0) would have failed anyway. It still should be - * fixed though. + /* The host_pc has to be in the region of current code buffer. If + * it is not we will not be able to resolve it here. The two cases + * where host_pc will not be correct are: + * + * - fault during translation (instruction fetch) + * - fault from helper (not using GETPC() macro) + * + * Either way we need return early to avoid blowing up on a + * recursive tb_lock() as we can't resolve it here. + * + * We are using unsigned arithmetic so if host_pc < + * tcg_init_ctx.code_gen_buffer check_offset will wrap to way + * above the code_gen_buffer_size */ + check_offset = host_pc - (uintptr_t) tcg_init_ctx.code_gen_buffer; - if (!retaddr) { - return r; - } - - tb_lock(); - tb = tb_find_pc(retaddr); - if (tb) { - cpu_restore_state_from_tb(cpu, tb, retaddr); - if (tb->cflags & CF_NOCACHE) { - /* one-shot translation, invalidate it immediately */ - tb_phys_invalidate(tb, -1); - tb_remove(tb); + if (check_offset < tcg_init_ctx.code_gen_buffer_size) { + tb_lock(); + tb = tb_find_pc(host_pc); + if (tb) { + cpu_restore_state_from_tb(cpu, tb, host_pc); + if (tb->cflags & CF_NOCACHE) { + /* one-shot translation, invalidate it immediately */ + tb_phys_invalidate(tb, -1); + tb_remove(tb); + } + r = true; } - r = true; + tb_unlock(); } - tb_unlock(); return r; } diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h index 923ece3e9b..0f51c92adb 100644 --- a/include/exec/exec-all.h +++ b/include/exec/exec-all.h @@ -45,6 +45,17 @@ void restore_state_to_opc(CPUArchState *env, struct TranslationBlock *tb, target_ulong *data); void cpu_gen_init(void); + +/** + * cpu_restore_state: + * @cpu: the vCPU state is to be restore to + * @searched_pc: the host PC the fault occurred at + * @return: true if state was restored, false otherwise + * + * Attempt to restore the state for a fault occurring in translated + * code. If the searched_pc is not in translated code no state is + * restored and the function returns false. + */ bool cpu_restore_state(CPUState *cpu, uintptr_t searched_pc); void QEMU_NORETURN cpu_loop_exit_noexc(CPUState *cpu);